def read_print(cls, addr, lenptr):
print "+++ ReadFile"
try:
count = struct.unpack("<I", cls.read(lenptr, 4))[0]
data = cls.read(addr, min(count, 0x100))
pywindbg.hexdump(data, addr)
except WindowsError:
print " No data"
return pydbgeng.DEBUG_STATUS_GO
def read_print(cls, addr, lenptr):
print "+++ ReadFile"
try:
count = struct.unpack("<I", cls.read(lenptr, 4))[0]
data = cls.read(addr, min(count, 0x100))
pywindbg.hexdump(data, addr)
except WindowsError:
print " No data"
return pydbgeng.DEBUG_STATUS_GO
def wfhandler(bp, cls):
print "+++ WriteFile"
if cls.is64bit():
addr = cls.reg.rdx
data = cls.read(addr, cls.reg.r8)
else:
addr = cls.readptr(w.reg.esp + 8)[0]
dlen = cls.readptr(w.reg.esp + 12)[0]
data = cls.read(addr, dlen)
pywindbg.hexdump(data, addr)
return pydbgeng.DEBUG_STATUS_GO
def wfhandler(bp, cls):
print "+++ WriteFile"
if cls.is64bit():
addr = cls.reg.rdx
data = cls.read(addr, cls.reg.r8)
else:
addr = cls.readptr(w.reg.esp + 8)[0]
dlen = cls.readptr(w.reg.esp + 12)[0]
data = cls.read(addr, dlen)
pywindbg.hexdump(data, addr)
return pydbgeng.DEBUG_STATUS_GO
def wfhandler(bp, cls):
print "+++ WriteFile"
data = cls.read(cls.reg.rdx, cls.reg.r8)
pywindbg.hexdump(data, cls.reg.rdx)
return pydbgeng.DEBUG_STATUS_GO
def wfhandler(bp, cls):
print "+++ WriteFile"
data = cls.read(cls.reg.rdx, cls.reg.r8)
pywindbg.hexdump(data, cls.reg.rdx)
return pydbgeng.DEBUG_STATUS_GO