zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-21 12:53:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
ee971fa0e9
pykd/samples/ssdt.py
SND\kernelnet_cp 4547274ef0 [+] routines for loading array with sign extending( loadSignBytes, loadSignWords ... ) added 
git-svn-id: https://pykd.svn.codeplex.com/svn@53055 9b283d60-5439-405e-af05-b73fd8c4d996
2010-07-27 11:36:17 +00:00

48 lines
1.3 KiB
Python
Raw Blame History

from pykd import *
import sys
def checkSSDT():
nt = loadModule( "nt" )
nt.KeServiceDescriptorTable = getOffset( "nt", "KeServiceDescriptorTable" )
if is64bitSystem():
serviceTableHeader = loadQWords( nt.KeServiceDescriptorTable, 4 )
serviceTableStart = serviceTableHeader[0]
serviceCount = serviceTableHeader[2]
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
serviceTable = loadSignDWords( serviceTableStart, serviceCount )
for i in range( 0, serviceCount ):
routineAddress = serviceTableStart + ( serviceTable[i] / 16 );
dprintln( findSymbol( routineAddress ) )
else:
serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
serviceTableStart = serviceTableHeader[0]
serviceCount = serviceTableHeader[2]
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
serviceTable = loadPtrs( serviceTableStart, serviceCount )
for i in range( 0, serviceCount ):
dprintln( findSymbol( serviceTable[i] ) )
if __name__ == "__main__":
if not isSessionStart():
createSession()
loadDump( sys.argv[1] )
checkSSDT()
Reference in New Issue View Git Blame Copy Permalink