#
#
#
import sys
from pykd import *
def printBreakLine():
dprintln( "\n=====================================================================================\n" )
def printNdisObj():
ndis=loadModule("ndis")
ndisMajorVersion = ptrByte( ndis.NdisGetVersion + 1 )
ndisMinorVersion = ptrByte( ndis.NdisGetVersion + 3 )
mpList = typedVarList( ndis.ndisMiniportList, "ndis", "_NDIS_MINIPORT_BLOCK", "NextGlobalMiniport" )
printBreakLine()
for m in mpList:
dprintln( "Adapter:", True )
dprintln( "%s\tNDIS_MINIPORT_BLOCK( %x )" % ( loadUnicodeString(m.pAdapterInstanceName), m.getAddress(), m.getAddress() ), True )
if ndisMajorVersion >= 6:
lwf = m.LowestFilter
if lwf != 0:
dprintln( "\nLight-Weight Filters:", True )
while lwf != 0:
filt = typedVar( "ndis", "_NDIS_FILTER_BLOCK", lwf )
dprintln( "%s\tNDIS_FILTER_BLOCK( %x )" % ( loadUnicodeString(filt.FilterFriendlyName), filt.getAddress(), filt.getAddress() ), True )
lwf = filt.HigherFilter
opn = m.OpenQueue
if opn != 0:
dprintln( "\nBound protocols:", True )
while opn != 0:
openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
dprint( "%s \tNDIS_OPEN_BLOCK( %x )" % ( loadUnicodeString( proto.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
dprintln( "\tNDIS_PROTOCOL_BLOCK( %x )" % ( proto.getAddress(), proto.getAddress() ), True )
opn = openBlock.MiniportNextOpen
else:
opn = m.OpenQueue
if opn != 0:
dprintln( "\nBound protocols:", True )
while opn != 0:
openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
dprint( "%s \tNDIS_OPEN_BLOCK( %x )" % ( loadUnicodeString( proto.ProtocolCharacteristics.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
dprintln( "\tNDIS_PROTOCOL_BLOCK( %x )" % ( proto.getAddress(), proto.getAddress() ), True )
opn = openBlock.MiniportNextOpen
printBreakLine()
if __name__ == "__main__":
if not isWindbgExt():
dprintln( "script is launch out of windbg" )
quit(0)
if not isKernelDebugging:
dprintln( "script for kernel mode only" )
quit(0)
printNdisObj()