def testSetValue(self):
pykd.setByte(target.module.ullValuePlace,
pykd.ptrByte(target.module.bigValue))
self.assertEqual(pykd.ptrByte(target.module.bigValue),
pykd.ptrByte(target.module.ullValuePlace))
pykd.setWord(target.module.ullValuePlace,
pykd.ptrWord(target.module.bigValue))
self.assertEqual(pykd.ptrWord(target.module.bigValue),
pykd.ptrWord(target.module.ullValuePlace))
pykd.setDWord(target.module.ullValuePlace,
pykd.ptrDWord(target.module.bigValue))
self.assertEqual(pykd.ptrDWord(target.module.bigValue),
pykd.ptrDWord(target.module.ullValuePlace))
pykd.setQWord(target.module.ullValuePlace,
pykd.ptrQWord(target.module.bigValue))
self.assertEqual(pykd.ptrQWord(target.module.bigValue),
pykd.ptrQWord(target.module.ullValuePlace))
pykd.setSignByte(target.module.ullValuePlace, -128)
self.assertEqual(-128, pykd.ptrSignByte(target.module.ullValuePlace))
pykd.setSignWord(target.module.ullValuePlace,
pykd.ptrSignWord(target.module.bigValue))
self.assertEqual(pykd.ptrSignWord(target.module.bigValue),
pykd.ptrSignWord(target.module.ullValuePlace))
pykd.setSignDWord(target.module.ullValuePlace,
pykd.ptrSignDWord(target.module.bigValue))
self.assertEqual(pykd.ptrSignDWord(target.module.bigValue),
pykd.ptrSignDWord(target.module.ullValuePlace))
pykd.setSignQWord(target.module.ullValuePlace,
pykd.ptrSignQWord(target.module.bigValue))
self.assertEqual(pykd.ptrSignQWord(target.module.bigValue),
pykd.ptrSignQWord(target.module.ullValuePlace))
pykd.setFloat(target.module.floatValuePlace,
pykd.ptrFloat(target.module.floatValue))
self.assertEqual(pykd.ptrFloat(target.module.floatValue),
pykd.ptrFloat(target.module.floatValuePlace))
pykd.setDouble(target.module.doubleValuePlace,
pykd.ptrDouble(target.module.doubleValue))
self.assertEqual(pykd.ptrDouble(target.module.doubleValue),
pykd.ptrDouble(target.module.doubleValuePlace))
def testPtrRead( self ):
self.assertEqual( 0x80, pykd.ptrByte( target.module.g_bigValue ) )
self.assertEqual( 0x8080, pykd.ptrWord( target.module.g_bigValue ) )
self.assertEqual( 0x80808080, pykd.ptrDWord( target.module.g_bigValue ) )
self.assertEqual( 0x8080808080808080, pykd.ptrQWord( target.module.g_bigValue ) )
self.assertEqual( -128, pykd.ptrSignByte( target.module.g_bigValue ) )
self.assertEqual( -32640, pykd.ptrSignWord( target.module.g_bigValue ) )
self.assertEqual( -2139062144, pykd.ptrSignDWord( target.module.g_bigValue ) )
self.assertEqual( -9187201950435737472, pykd.ptrSignQWord( target.module.g_bigValue ) )
def _find_context_base_address():
tls_slot_int = _get_tls_slot_int(0x1a) or _get_tls_slot_int(0x21)
return ptrQWord(tls_slot_int + 96)
def _find_context_base_address():
tls_slot_hex = dbgCommand('!tls 1a').split()[-1]
tls_slot_int = int(tls_slot_hex, 16) + 96
return ptrQWord(tls_slot_int)
def read_qword(self, address):
return pykd.ptrQWord(address)
def get_uint64(pos):
return pykd.ptrQWord(pos)
pykd.dprintln("Target: " + targetProcessName)
processList = pykd.typedVarList(
pykd.module("nt").PsActiveProcessHead, "nt!_EPROCESS",
"ActiveProcessLinks")
for i, process in enumerate(processList):
if pykd.loadCStr(process.ImageFileName) == targetProcessName:
targetProcessList = pykd.module("nt").typedVar(
"_LIST_ENTRY", process.ActiveProcessLinks)
print("ActiveProcessLinks: 0x%08x" % process.ActiveProcessLinks)
print(targetProcessList)
#prevFlink = module("nt").typedVar("_LIST_ENTRY",targetProcessList.Blink)
#nextBlink = module("nt").typedVar("_LIST_ENTRY",targetProcessList.Flink)
print("prevFlink: 0x%08x" % pykd.ptrQWord(targetProcessList.Blink))
print("nextBlink: 0x%08x" %
pykd.ptrQWord(targetProcessList.Flink + 8))
targetProcessBlink = targetProcessList.Blink
pykd.writeQWords(targetProcessList.Blink,
[targetProcessList.Flink])
pykd.writeQWords(targetProcessList.Flink, [targetProcessBlink])
pykd.writeQWords(process.ActiveProcessLinks,
[process.ActiveProcessLinks + 8])
pykd.writeQWords(process.ActiveProcessLinks + 8,
[process.ActiveProcessLinks])
print("ActiveProcessLinks: 0x%08x" % process.ActiveProcessLinks)
print(targetProcessList)
print("prevFlink: 0x%08x" % pykd.ptrQWord(targetProcessList.Blink))
print("nextBlink: 0x%08x" %
pykd.ptrQWord(targetProcessList.Flink + 8))
