zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-22 13:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
c6800333c3
pykd/snippets/findhandle.py
SND\kernelnet_cp 6ecf53e19d [0.3.x] branch : snippets/ntobj.py 
git-svn-id: https://pykd.svn.codeplex.com/svn@86278 9b283d60-5439-405e-af05-b73fd8c4d996
2017-11-03 14:36:26 +04:00

49 lines
1.2 KiB
Python
Raw Blame History

from pykd import *
import ntobj
import sys
nt = module("nt")
def findHanle(objaddr):
processList = typedVarList( nt.PsActiveProcessHead, "nt!_EPROCESS", "ActiveProcessLinks" )
for process in processList:
dprintln( "search in process %x " % process.UniqueProcessId + "".join( [chr(i) for i in process.ImageFileName if i != 0] ) )
if process.ObjectTable == 0:
continue
objects = ntobj.getListByHandleTable( process.ObjectTable )
for obj in objects:
if obj[0] == objaddr:
dprintln("\tHandle: %x" % ( obj[1],) )
def usage():
dprintln("!py findhandle object_address")
def main():
if not isKernelDebugging():
dprintln("This script for kernel debugging only")
return
if len(sys.argv) < 2:
usage();
return;
objaddr = expr(sys.argv[1])
objectType = ntobj.getType(objaddr)
dprintln("Object Type: " + ntobj.getObjectName(objectType) )
dprintln("Object Name: "+ ntobj.getObjectName(objaddr) )
dprintln("")
findHanle( objaddr )
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink