Python LocalKernelDebugger.get_type_id Examples

Programming Language: Python

Namespace/Package Name: dbginterface

Method/Function: get_type_id

Examples at hotexamples.com: 2

Python LocalKernelDebugger.get_type_id - 2 examples found. These are the top rated real world Python examples of dbginterface.LocalKernelDebugger.get_type_id extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

get_symbol(3)

get_symbol_offset(2)

read_dword(2)

read_byte(2)

write_dword(2)

write_byte(2)

set_output_callbacks(1)

read_word(1)

read_word_p(1)

reload(1)

set_current_processor(1)

LocalKernelDebugger(1)

symbol_match(1)

virtual_to_physical(1)

read_qword(1)

write_byte_p(1)

write_dword_p(1)

write_qword(1)

write_qword_p(1)

write_word(1)

read_qword_p(1)

read_dword_p(1)

read_processor_system_data(1)

get_number_modules(1)

execute(1)

get_field_name(1)

get_field_offset(1)

get_field_type_and_offset(1)

get_module_by_index(1)

get_module_name_by_index(1)

get_type_id(1)

read_msr(1)

get_type_name(1)

get_type_size(1)

map_page_to_userland(1)

quiet(1)

read_bus_data(1)

read_byte_p(1)

alloc_memory(1)

write_word_p(1)

Example #1

Show file

import windows

# This demo works on 32bits kernel only because
# in _KPCR fieldnames are not the same (IDT / IdtBase, ...)
if windows.system.bitness != 32:
    raise ValueError("Test for kernel32 only")

# A lot of IDebugSymbols functions need a type identifier (TypeId) to
# perform operation on said type
# We tried our best to also accept the type name in this case and get
# the type id automatically
# (like the functions that take an address also accept a symbol)

kdbg = LocalKernelDebugger()

type_id = kdbg.get_type_id("nt", "_KPCR")
print('type_id for "nt!_KPCR" is {0}'.format(hex(type_id)))

name = kdbg.get_type_name("nt", type_id)
print("The type name is {0}".format(name))
# proof that you can either use the type_id or the type name in our API
size = kdbg.get_type_size("nt", type_id)
print("The size retrieved using type_id is {0}".format(hex(size)))

size = kdbg.get_type_size("nt", "_KPCR")
print('The size retrieved using "_KPCR" is {0}'.format(hex(size)))

offset = kdbg.get_field_offset("nt", "_KPCR", "IDT")
print('Field "IDT" is at offset {0} in "nt!_KPCR"'.format(hex(offset)))

# Get the type_id and offset of the field PrcbData

Example #2

Show file

File: type_demo.py Project: a1ext/LKD

import windows

# This demo works on 32bits kernel only because
# in _KPCR fieldnames are not the same (IDT / IdtBase, ...)
if windows.system.bitness != 32:
    raise ValueError("Test for kernel32 only")

# A lot of IDebugSymbols functions need a type identifier (TypeId) to
# perform operation on said type
# We tried our best to also accept the type name in this case and get
# the type id automatically
# (like the functions that take an address also accept a symbol)

kdbg = LocalKernelDebugger()

type_id = kdbg.get_type_id("nt", "_KPCR")
print('type_id for "nt!_KPCR" is {0}'.format(hex(type_id)))

name = kdbg.get_type_name("nt", type_id)
print("The type name is {0}".format(name))
# proof that you can either use the type_id or the type name in our API
size = kdbg.get_type_size("nt", type_id)
print("The size retrieved using type_id is {0}".format(hex(size)))

size = kdbg.get_type_size("nt", "_KPCR")
print('The size retrieved using "_KPCR" is {0}'.format(hex(size)))

offset = kdbg.get_field_offset("nt", "_KPCR", "IDT")
print('Field "IDT" is at offset {0} in "nt!_KPCR"'.format(hex(offset)))

# Get the type_id and offset of the field PrcbData