zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-17 01:13:24 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
3fab992efd
pykd/samples/um/ldr.py
SND\kernelnet_cp bb9b0ea5f6 [0.3.x] added : ldr.py sample 
git-svn-id: https://pykd.svn.codeplex.com/svn@85130 9b283d60-5439-405e-af05-b73fd8c4d996
2017-11-03 14:36:26 +04:00

59 lines
1.6 KiB
Python
Raw Blame History

from pykd import *
def main():
pass
def listModuleFromLdr64():
dprintln( "<u>64 bit modules:</u>", True )
peb = typedVar( "ntdll!PEB", getProcessOffset(getCurrentProcess()) )
moduleLst = typedVarList( peb.Ldr.deref().InMemoryOrderModuleList, "ntdll!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" )
for mod in moduleLst:
name = typedVar( "ntdll!_UNICODE_STRING", mod.BaseDllName )
dprintln(loadWChars(name.Buffer, name.Length/2))
try:
peb32 = typedVar( "ntdll32!_PEB", getProcessOffset(getCurrentProcess()) - pageSize() )
dprintln( "\n<u>32 bit modules:</u>", True)
moduleLst = typedVarList( peb32.Ldr.deref().InMemoryOrderModuleList, "ntdll32!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" )
for mod in moduleLst:
name = typedVar( "ntdll32!_UNICODE_STRING", mod.BaseDllName )
dprintln(loadWChars(name.Buffer, name.Length/2))
except BaseException:
pass
def listModuleFromLdr():
peb = typedVar( "ntdll!PEB", getProcessOffset(getCurrentProcess()) )
moduleLst = typedVarList( peb.Ldr.deref().InMemoryOrderModuleList, "ntdll!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" )
for mod in moduleLst:
dprintln(loadUnicodeString(mod.BaseDllName))
def run():
while True:
if isKernelDebugging():
dprintln( "not a user debugging" )
break
if is64bitSystem():
listModuleFromLdr64()
else:
listModuleFromLdr()
break
if __name__ == "__main__":
run()
Reference in New Issue View Git Blame Copy Permalink