def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
  # This information is cached while the process is suspended, when the process is resumed, this information is
  # discarded in cCdbWrapper_fCdbStdInOutThread.
  if oCdbWrapper.doModules_by_sCdbId is None:
    # Gather start and end address and binary name information for loaded modules.
    # See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
    asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on; $$ List loaded modules");
    if not oCdbWrapper.bCdbRunning: return None;
    sHeader = asModules.pop(0);
    assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
        "Unknown modules header: %s" % repr(sHeader);
    doModules_by_sCdbId = {};
    for sLine in asModules:
      if re.match(r"^\s*(%s)\s*$" % r"|".join([
        r"",
        r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"
      ]), sLine):
        continue;
      oMatch = re.match(r"^\s*%s\s*$" % "\s+".join([
        r"([0-9A-f`]+)",         # (start_address)
        r"([0-9A-f`]+)",         # (end_address)
        r"(\w+)",               # (cdb_module_id)
        r"(.*?)",               # (binary_name)
      ]), sLine);
      assert oMatch, "Unexpected modules output: %s" % sLine;
      sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups();
      uStartAddress = long(sStartAddress.replace("`", ""), 16);
      uEndAddress = long(sEndAddress.replace("`", ""), 16);
      doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName, uStartAddress, uEndAddress);
    oCdbWrapper.doModules_by_sCdbId = doModules_by_sCdbId;
  return oCdbWrapper.doModules_by_sCdbId;
def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
  # This information is cached while the process is suspended, when the process is resumed, this information is
  # discarded in cCdbWrapper_fCdbStdInOutThread.
  if oCdbWrapper.doModules_by_sCdbId is None:
    # Gather start and end address and binary name information for loaded modules.
    # See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
    asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on");
    if not oCdbWrapper.bCdbRunning: return None;
    sHeader = asModules.pop(0);
    assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
        "Unknown modules header: %s" % repr(sHeader);
    doModules_by_sCdbId = {};
    for sLine in asModules:
      if re.match(r"^\s*(%s)\s*$" % r"|".join([
        r"",
        r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"
      ]), sLine):
        continue;
      oMatch = re.match(r"^\s*%s\s*$" % "\s+".join([
        r"([0-9A-f`]+)",         # (start_address)
        r"([0-9A-f`]+)",         # (end_address)
        r"(\w+)",               # (cdb_module_id)
        r"(.*?)",               # (binary_name)
      ]), sLine);
      assert oMatch, "Unexpected modules output: %s" % sLine;
      sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups();
      uStartAddress = long(sStartAddress.replace("`", ""), 16);
      uEndAddress = long(sEndAddress.replace("`", ""), 16);
      doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName, uStartAddress, uEndAddress);
    oCdbWrapper.doModules_by_sCdbId = doModules_by_sCdbId;
  return oCdbWrapper.doModules_by_sCdbId;
コード例 #3
0
ファイル: cProcess.py プロジェクト: idkwim/CrashInfo
 def fdoGetModules_by_sCdbId(oProcess):
     if oProcess._doModules_by_sCdbId is None:
         oProcess._doModules_by_sCdbId = {}
         # Gather start and end address and binary name information for loaded modules.
         asModules = oProcess.oCrashInfo._fasSendCommandAndReadOutput("lm on")
         if not oProcess.oCrashInfo._bCdbRunning:
             return None
         sHeader = asModules.pop(0)
         assert re.sub(r"\s+", " ", sHeader.strip()) in [
             "start end module name"
         ], "Unknown modules header: %s" % repr(sHeader)
         for sLine in asModules:
             oMatch = re.match(
                 r"^\s*%s\s*$"
                 % "\s+".join(
                     [
                         r"([0-9A-F`]+)",  # (start_address)
                         r"([0-9A-F`]+)",  # (end_address)
                         r"(\w+)",  # (cdb_module_id)
                         r"(.*?)",  # (binary_name)
                     ]
                 ),
                 sLine,
                 re.I,
             )
             assert oMatch, "Unexpected modules output: %s" % sLine
             sStartAddress, sEndAddress, sCdbModuleId, sBinaryName, = oMatch.groups()
             uStartAddress = int(sStartAddress.replace("`", ""), 16)
             uEndAddress = int(sEndAddress.replace("`", ""), 16)
             oProcess._doModules_by_sCdbId[sCdbModuleId] = cModule(
                 oProcess, sCdbModuleId, sBinaryName, uStartAddress, uEndAddress
             )
     return oProcess._doModules_by_sCdbId
コード例 #4
0
def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
    # Gather start and end address and binary name information for loaded modules.
    # See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
    asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on")
    if not oCdbWrapper.bCdbRunning: return None
    sHeader = asModules.pop(0)
    assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
        "Unknown modules header: %s" % repr(sHeader)
    doModules_by_sCdbId = {}
    for sLine in asModules:
        if re.match(
                r"^\s*(%s)\s*$" % r"|".join([
                    r"",
                    r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"
                ]), sLine):
            continue
        oMatch = re.match(
            r"^\s*%s\s*$" % "\s+".join([
                r"([0-9A-f`]+)",  # (start_address)
                r"([0-9A-f`]+)",  # (end_address)
                r"(\w+)",  # (cdb_module_id)
                r"(.*?)",  # (binary_name)
            ]),
            sLine)
        assert oMatch, "Unexpected modules output: %s" % sLine
        sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups(
        )
        uStartAddress = long(sStartAddress.replace("`", ""), 16)
        uEndAddress = long(sEndAddress.replace("`", ""), 16)
        doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName,
                                                    uStartAddress, uEndAddress)
    return doModules_by_sCdbId
コード例 #5
0
def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
    # Gather start and end address and binary name information for loaded modules.
    # See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
    asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on")
    if not oCdbWrapper.bCdbRunning:
        return None
    sHeader = asModules.pop(0)
    assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], "Unknown modules header: %s" % repr(
        sHeader
    )
    doModules_by_sCdbId = {}
    for sLine in asModules:
        if re.match(
            r"^\s*(%s)\s*$" % r"|".join([r"", r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"]),
            sLine,
        ):
            continue
        oMatch = re.match(
            r"^\s*%s\s*$"
            % "\s+".join(
                [
                    r"([0-9A-f`]+)",  # (start_address)
                    r"([0-9A-f`]+)",  # (end_address)
                    r"(\w+)",  # (cdb_module_id)
                    r"(.*?)",  # (binary_name)
                ]
            ),
            sLine,
        )
        assert oMatch, "Unexpected modules output: %s" % sLine
        sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups()
        uStartAddress = long(sStartAddress.replace("`", ""), 16)
        uEndAddress = long(sEndAddress.replace("`", ""), 16)
        doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName, uStartAddress, uEndAddress)
    return doModules_by_sCdbId
コード例 #6
0
ファイル: cProcess.py プロジェクト: huyna/CrashInfo
 def foCreate(cSelf, oCrashInfo):
   # Gather process id and binary name for the current process.
   asProcesses = oCrashInfo._fasSendCommandAndReadOutput("|.");
   if asProcesses is None: return None;
   #we're only interested in the current process, and output should only include that. However, here's a list of some
   # of the output you might encounter:
   #    0    id: e80 create  name: chrome.exe
   #    1    id: 14bc        child   name: chrome.exe
   # .  2    id: e44 child   name: chrome.exe
   # .  1	id: 28c	child	name: iexplore.exe
   for sLine in asProcesses:
     oMatch = re.match(r"^\s*%s\s*$" % (
       r"\.\s+"                # "." whitespace
       r"\d+"                  # cdb_process_number
       r"\s+id:\s+"            # whitespace "id:" whitespace
       r"([0-9A-F]+)"          # (pid)
       r"\s+\w+\s+name:\s+"    # whitespace {"create" || "child"} whitespace "name:" whitespace
       r"(.*?)"                # (binary_name)
     ), sLine, re.I);
     if oMatch:
       sPid, sBinaryNameOrPath = oMatch.groups();
       uPid = int(sPid, 16);
       sBinaryName = os.path.basename(sBinaryNameOrPath);
       break;
   else:
     raise AssertionError("Unexpected processes output: %s" % repr(asProcesses));
   # Gather instruction set architecture for current process.
   asEffmach = oCrashInfo._fasSendCommandAndReadOutput(".effmach");
   if asEffmach is None: return None;
   oEffmachMatch = len(asEffmach) == 1 and re.match(r"^Effective machine: (x\d{2}) .*$", asEffmach[0]);
   assert oEffmachMatch, "Unexpected .effmach output: %s" % repr(asEffmach);
   sISA = oEffmachMatch.group(1);
   # Create a cProcess instance
   oSelf = cSelf(uPid, sBinaryName, sISA);
   # Gather start and end address and binary name information for loaded modules.
   asModules = oCrashInfo._fasSendCommandAndReadOutput("lm on");
   if asModules is None: return None;
   sHeader = asModules.pop(0);
   assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
       "Unknown modules header: %s" % repr(sHeader);
   for sLine in asModules:
     oMatch = re.match(r"^\s*%s\s*$" % "\s+".join([
       r"([0-9A-F`]+)",         # (start_address)
       r"([0-9A-F`]+)",         # (end_address)
       r"(\w+)",               # (cdb_module_id)
       r"(.*?)",               # (binary_name)
     ]), sLine, re.I);
     assert oMatch, "Unexpected modules output: %s" % sLine;
     sStartAddress, sEndAddress, sCdbModuleId, sBinaryName, = oMatch.groups();
     uStartAddress = int(sStartAddress.replace("`", ""), 16);
     uEndAddress = int(sEndAddress.replace("`", ""), 16);
     oSelf._doModules_sCdbId[sCdbModuleId] = cModule(oSelf, sBinaryName, uStartAddress, uEndAddress);
   return oSelf;
コード例 #7
0
ファイル: cProcess.py プロジェクト: NimdaKey/CrashInfo
 def foCreate(cSelf, oCrashInfo):
     # Gather process id and binary name for the current process.
     asProcesses = oCrashInfo._fasSendCommandAndReadOutput("|.")
     if asProcesses is None: return None
     #we're only interested in the current process, and output should only include that. However, here's a list of some
     # of the output you might encounter:
     #    0    id: e80 create  name: chrome.exe
     #    1    id: 14bc        child   name: chrome.exe
     # .  2    id: e44 child   name: chrome.exe
     # .  1	id: 28c	child	name: iexplore.exe
     for sLine in asProcesses:
         oMatch = re.match(
             r"^\s*%s\s*$" % (
                 r"\.\s+"  # "." whitespace
                 r"\d+"  # cdb_process_number
                 r"\s+id:\s+"  # whitespace "id:" whitespace
                 r"([0-9A-F]+)"  # (pid)
                 r"\s+\w+\s+name:\s+"  # whitespace {"create" || "child"} whitespace "name:" whitespace
                 r"(.*?)"  # (binary_name)
             ),
             sLine,
             re.I)
         if oMatch:
             sPid, sBinaryNameOrPath = oMatch.groups()
             break
     else:
         raise AssertionError("Unexpected processes output: %s" %
                              repr(asLines))
     oSelf = cSelf(int(sPid, 16), os.path.basename(sBinaryNameOrPath))
     # Gather start and end address and binary name information for loaded modules.
     asModules = oCrashInfo._fasSendCommandAndReadOutput("lm on")
     if asModules is None: return None
     sHeader = asModules.pop(0)
     assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
         "Unknown modules header: %s" % repr(sHeader)
     for sLine in asModules:
         oMatch = re.match(
             r"^\s*%s\s*$" % "\s+".join([
                 r"([0-9A-F`]+)",  # (start_address)
                 r"([0-9A-F`]+)",  # (end_address)
                 r"(\w+)",  # (cdb_module_id)
                 r"(.*?)",  # (binary_name)
             ]),
             sLine,
             re.I)
         assert oMatch, "Unexpected modules output: %s" % sLine
         sStartAddress, sEndAddress, sCdbModuleId, sBinaryName, = oMatch.groups(
         )
         uStartAddress = int(sStartAddress.replace("`", ""), 16)
         uEndAddress = int(sEndAddress.replace("`", ""), 16)
         oSelf._doModules_sCdbId[sCdbModuleId] = cModule(
             oSelf, sBinaryName, uStartAddress, uEndAddress)
     return oSelf
コード例 #8
0
 def foGetOrCreateModule(oProcess, uStartAddress, uEndAddress, sCdbId,
                         sSymbolStatus):
     if sCdbId not in oProcess.__doModules_by_sCdbId:
         oProcess.__doModules_by_sCdbId[sCdbId] = cModule(
             oProcess, uStartAddress, uEndAddress, sCdbId, sSymbolStatus)
     return oProcess.__doModules_by_sCdbId[sCdbId]