def get_segment(self, segment):
selector = self.get_reg(segment)
output = pykd.dbgCommand("dg %x" % (selector))
line = output.splitlines()[-1]
tokens = line.split()
segment = {}
segment["selector"] = pykd.expr(tokens[0])
segment["base"] = pykd.expr(tokens[1])
segment["limit"] = pykd.expr(tokens[2])
segment["flags"] = pykd.expr(tokens[11])
return segment
def main(argv):
if len(argv) < 3:
return usage(argv)
mode, addr = argv[1], pykd.expr(argv[2])
arch = DEF_ARCH
path = None
if not mode in translate.keys():
return usage(argv)
for i in range(3, len(argv)):
val = argv[i]
if (val == '-a' or val == '--arch') and len(argv) >= i + 1:
arch = argv[i + 1]
elif (val == '-f' or val == '--to-file') and len(argv) >= i + 1:
path = argv[i + 1]
# initialize OpenREIL stuff
reader = kd.Reader(arch)
tr = CodeStorageTranslator(reader)
# translate function and enumerate it's basic blocks
insn_list = translate[mode](tr, addr)
if path is not None:
# save serialized function IR
tr.storage.to_file(path)
print '%d instructions saved to %s' % (len(insn_list), path)
else:
# print translated instructions
print insn_list
def main(argv):
if len(argv) < 3:
return usage(argv)
mode, addr = argv[1], pykd.expr(argv[2])
arch = DEF_ARCH
path = None
if not mode in translate.keys():
return usage(argv)
for i in range(3, len(argv)):
val = argv[i]
if (val == '-a' or val == '--arch') and len(argv) >= i + 1:
arch = argv[i + 1]
elif (val == '-f' or val == '--to-file') and len(argv) >= i + 1:
path = argv[i + 1]
# initialize OpenREIL stuff
reader = kd.Reader(arch)
tr = CodeStorageTranslator(reader)
# translate function and enumerate it's basic blocks
insn_list = translate[mode](tr, addr)
if path is not None:
# save serialized function IR
tr.storage.to_file(path)
print '%d instructions saved to %s' % (len(insn_list), path)
else:
# print translated instructions
print insn_list
def enter_call_back(self):
self.out = 'RtlFreeHeap('
if arch_bits == 32:
esp = pykd.reg(stack_pointer)
self.out += hex(pykd.ptrPtr(esp + 4)) + " , "
self.out += hex(pykd.ptrMWord(esp + 0x8)) + " , "
self.out += hex(pykd.ptrPtr(esp + 0xC)) + ") = "
else:
self.out += hex(pykd.reg("rcx")) + " , "
self.out += hex(pykd.reg("rdx")) + " , "
self.out += hex(pykd.reg("r8")) + ") = "
if self.bp_end == None:
disas = pykd.dbgCommand("uf ntdll!RtlFreeHeap").split('\n')
for i in disas:
if 'ret' in i:
self.ret_addr = i.split()[0]
break
self.bp_end = pykd.setBp(pykd.expr(self.ret_addr),
self.return_call_back)
return False
dprintln( "!py avl [addr] (type)")
if __name__ == "__main__":
if len( sys.argv ) < 2:
printUsage()
quit(0)
showAll = False
args = sys.argv
if '-a' in args:
args.remove('-a')
showAll = True
items = getAVLTable( addr64( expr( sys.argv[1] ) ) )
if showAll:
if len( sys.argv ) == 2:
dprintln( "\n".join( [ "<link cmd=\"db 0x%x\">db 0x%x</link>" % ( entry, entry ) for entry in items ] ), True )
else:
ti = typeInfo(sys.argv[2])
dprintln( "\n".join( [ "<link cmd=\"dt %s 0x%x\">dt %s</link>\n%s" % ( sys.argv[2], entry, sys.argv[2], typedVar(ti, entry) ) for entry in items ] ), True )
else:
if len( sys.argv ) == 2:
dprintln( "\n".join( [ "<link cmd=\"db 0x%x\">db 0x%x</link>" % ( entry, entry ) for entry in items ] ), True )
else:
dprintln( "\n".join( [ "<link cmd=\"dt %s 0x%x\">dt %s</link>" % ( sys.argv[2], entry, sys.argv[2] ) for entry in items ] ), True )
def expr(self, expr):
return pykd.expr(expr)
def get_expr(val):
""" Convert a windbg expression to real value """
try:
return pykd.expr(val)
except:
return None
def testExpr(self):
self.assertEqual(8, pykd.expr("poi(targetapp!g_ulonglongValue)"))