mirror of
https://github.com/ivellioscolin/pykd.git
synced 2025-04-21 12:53:23 +08:00
60 lines
1.6 KiB
Python
60 lines
1.6 KiB
Python
from pykd import *
|
|
import sys
|
|
|
|
|
|
def getServiceAddrWlh(Start, Offset):
|
|
return Start + (Offset / 16)
|
|
|
|
def getServiceAddr2k3(Start, Offset):
|
|
return Start + (Offset & ~0xf)
|
|
|
|
if (ptrWord(getOffset("nt", "NtBuildNumber")) == 3790):
|
|
getServiceAddr = getServiceAddr2k3
|
|
else:
|
|
getServiceAddr = getServiceAddrWlh
|
|
|
|
|
|
def checkSSDT():
|
|
|
|
nt = loadModule( "nt" )
|
|
|
|
|
|
if is64bitSystem():
|
|
|
|
serviceTableHeader = loadQWords( nt.KeServiceDescriptorTable, 4 )
|
|
serviceTableStart = serviceTableHeader[0]
|
|
serviceCount = serviceTableHeader[2]
|
|
|
|
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
|
|
|
|
serviceTable = loadSignDWords( serviceTableStart, serviceCount )
|
|
|
|
for i in range( 0, serviceCount ):
|
|
|
|
routineAddress = getServiceAddr(serviceTableStart, serviceTable[i]);
|
|
dprintln( "[%u] " % i + findSymbol( routineAddress ) )
|
|
|
|
|
|
else:
|
|
|
|
serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
|
|
serviceTableStart = serviceTableHeader[0]
|
|
serviceCount = serviceTableHeader[2]
|
|
|
|
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
|
|
|
|
serviceTable = loadPtrs( serviceTableStart, serviceCount )
|
|
|
|
for i in range( 0, serviceCount ):
|
|
dprintln( "[%u] " % i + findSymbol( serviceTable[i] ) )
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
if not isSessionStart():
|
|
createSession()
|
|
loadDump( sys.argv[1] )
|
|
|
|
checkSSDT()
|
|
|