def testSetValue(self):
pykd.setByte(target.module.ullValuePlace,
pykd.ptrByte(target.module.bigValue))
self.assertEqual(pykd.ptrByte(target.module.bigValue),
pykd.ptrByte(target.module.ullValuePlace))
pykd.setWord(target.module.ullValuePlace,
pykd.ptrWord(target.module.bigValue))
self.assertEqual(pykd.ptrWord(target.module.bigValue),
pykd.ptrWord(target.module.ullValuePlace))
pykd.setDWord(target.module.ullValuePlace,
pykd.ptrDWord(target.module.bigValue))
self.assertEqual(pykd.ptrDWord(target.module.bigValue),
pykd.ptrDWord(target.module.ullValuePlace))
pykd.setQWord(target.module.ullValuePlace,
pykd.ptrQWord(target.module.bigValue))
self.assertEqual(pykd.ptrQWord(target.module.bigValue),
pykd.ptrQWord(target.module.ullValuePlace))
pykd.setSignByte(target.module.ullValuePlace, -128)
self.assertEqual(-128, pykd.ptrSignByte(target.module.ullValuePlace))
pykd.setSignWord(target.module.ullValuePlace,
pykd.ptrSignWord(target.module.bigValue))
self.assertEqual(pykd.ptrSignWord(target.module.bigValue),
pykd.ptrSignWord(target.module.ullValuePlace))
pykd.setSignDWord(target.module.ullValuePlace,
pykd.ptrSignDWord(target.module.bigValue))
self.assertEqual(pykd.ptrSignDWord(target.module.bigValue),
pykd.ptrSignDWord(target.module.ullValuePlace))
pykd.setSignQWord(target.module.ullValuePlace,
pykd.ptrSignQWord(target.module.bigValue))
self.assertEqual(pykd.ptrSignQWord(target.module.bigValue),
pykd.ptrSignQWord(target.module.ullValuePlace))
pykd.setFloat(target.module.floatValuePlace,
pykd.ptrFloat(target.module.floatValue))
self.assertEqual(pykd.ptrFloat(target.module.floatValue),
pykd.ptrFloat(target.module.floatValuePlace))
pykd.setDouble(target.module.doubleValuePlace,
pykd.ptrDouble(target.module.doubleValue))
self.assertEqual(pykd.ptrDouble(target.module.doubleValue),
pykd.ptrDouble(target.module.doubleValuePlace))
def testPtrRead( self ):
self.assertEqual( 0x80, pykd.ptrByte( target.module.g_bigValue ) )
self.assertEqual( 0x8080, pykd.ptrWord( target.module.g_bigValue ) )
self.assertEqual( 0x80808080, pykd.ptrDWord( target.module.g_bigValue ) )
self.assertEqual( 0x8080808080808080, pykd.ptrQWord( target.module.g_bigValue ) )
self.assertEqual( -128, pykd.ptrSignByte( target.module.g_bigValue ) )
self.assertEqual( -32640, pykd.ptrSignWord( target.module.g_bigValue ) )
self.assertEqual( -2139062144, pykd.ptrSignDWord( target.module.g_bigValue ) )
self.assertEqual( -9187201950435737472, pykd.ptrSignQWord( target.module.g_bigValue ) )
def _meta_object_id_of_frame(frame):
id_addr = _meta_object_addr_of_frame(frame) + 24
if isValid(id_addr):
return ptrWord(id_addr)
else:
return 0
def get_uint16(pos):
return pykd.ptrWord(pos)
def _element_id_of_raw_frame(frame):
return ptrWord(frame.stackOffset + 32)
def get_int16(pos):
return struct.unpack("h", struct.pack("H", pykd.ptrWord(pos)))[0]
def listSocket():
try:
r = pykd.dbgCommand('.reload tcpip.sys')
if is_2000():
print 'no support'
elif is_xp() or is_2003():
AddrObjTable = pykd.getOffset('tcpip!AddrObjTable')
AddrObjTable = pykd.ptrPtr(AddrObjTable)
AddrObjTableSize = pykd.getOffset('tcpip!AddrObjTableSize')
AddrObjTableSize = pykd.ptrPtr(AddrObjTableSize)
print '=' * 20
print 'AddrObjTable:%x AddrObjTableSize:%d' % (AddrObjTable,
AddrObjTableSize)
if pykd.is64bitSystem():
Next_offset = 0
localIP_offset = 0x58 #4bytes
LocalPort_offset = 0x5c #2bytes
Protocol_offset = 0x5e #2bytes
pid_offset = 0x238 #4bytes
else:
if is_xp():
Next_offset = 0
localIP_offset = 0x2c #4bytes
LocalPort_offset = 0x30 #2bytes
Protocol_offset = 0x32 #2bytes
pid_offset = 0x148 #4bytes
elif is_2003():
Next_offset = 0
localIP_offset = 0x30 #4bytes
LocalPort_offset = 0x34 #2bytes
Protocol_offset = 0x36 #2bytes
pid_offset = 0x14c #4bytes
print 'local remote protocol pid'
for i in xrange(AddrObjTableSize):
obj = pykd.ptrPtr(AddrObjTable + i * g_mwordsize)
while obj != 0:
LocalIP = pykd.ptrMWord(obj + localIP_offset)
LocalPort = pykd.ptrWord(obj + LocalPort_offset)
LocalPort = socket.htons(LocalPort)
Protocol = pykd.ptrWord(obj + Protocol_offset)
pid = pykd.ptrMWord(obj + pid_offset)
Protocol = g_protocols.get(Protocol)
print '%16s:%5d *.* %10s %d' % (socket.inet_ntoa(
struct.pack('I', LocalIP)), LocalPort, Protocol, pid)
obj = pykd.ptrPtr(obj + Next_offset)
print '=' * 20
TCBTable = pykd.getOffset('tcpip!TCBTable')
TCBTable = pykd.ptrPtr(TCBTable)
MaxHashTableSize = pykd.getOffset('tcpip!MaxHashTableSize')
MaxHashTableSize = pykd.ptrPtr(MaxHashTableSize)
print 'TCBTable:%x MaxHashTableSize:%d' % (TCBTable,
MaxHashTableSize)
Next_offset = 0
RemoteIP_offset = 0x0c #4bytes
LocalIP_offset = 0x10 #4bytes
RemotePort_offset = 0x14 #2bytes
LocalPort_offset = 0x16 #2bytes
pid_offset = 0x18 #4bytes
print 'local remote protocol pid'
for i in xrange(MaxHashTableSize):
obj = pykd.ptrPtr(TCBTable + i * g_mwordsize)
while obj != 0:
RemoteIP = pykd.ptrMWord(obj + RemoteIP_offset)
LocalIP = pykd.ptrMWord(obj + LocalIP_offset)
RemotePort = pykd.ptrWord(obj + RemotePort_offset)
RemotePort = socket.htons(RemotePort)
LocalPort = pykd.ptrWord(obj + LocalPort_offset)
LocalPort = socket.htons(LocalPort)
pid = pykd.ptrMWord(obj + pid_offset)
print '%16s:%5d %16s:%5d TCP %d' % (
socket.inet_ntoa(struct.pack('I', LocalIP)), LocalPort,
socket.inet_ntoa(struct.pack(
'I', RemoteIP)), RemotePort, pid)
obj = pykd.ptrPtr(obj + Next_offset)
else:
print 'no support'
except Exception, err:
print err
def _meta_object_id_of_frame(frame):
id_addr = _meta_object_addr_of_frame(frame) + 24
if isValid(id_addr):
return ptrWord(id_addr)
else:
return 0
def _element_id_of_raw_frame(frame):
return ptrWord(frame.stackOffset + 32)
def listSocket():
try:
r=pykd.dbgCommand('.reload tcpip.sys')
if is_2000():
print 'no support'
elif is_xp() or is_2003():
AddrObjTable=pykd.getOffset('tcpip!AddrObjTable')
AddrObjTable=pykd.ptrPtr(AddrObjTable)
AddrObjTableSize=pykd.getOffset('tcpip!AddrObjTableSize')
AddrObjTableSize=pykd.ptrPtr(AddrObjTableSize)
print '='*20
print 'AddrObjTable:%x AddrObjTableSize:%d' % (AddrObjTable, AddrObjTableSize)
if pykd.is64bitSystem():
Next_offset=0
localIP_offset=0x58 #4bytes
LocalPort_offset=0x5c#2bytes
Protocol_offset=0x5e #2bytes
pid_offset=0x238 #4bytes
else:
if is_xp():
Next_offset=0
localIP_offset=0x2c #4bytes
LocalPort_offset=0x30#2bytes
Protocol_offset=0x32 #2bytes
pid_offset=0x148 #4bytes
elif is_2003():
Next_offset=0
localIP_offset=0x30 #4bytes
LocalPort_offset=0x34#2bytes
Protocol_offset=0x36 #2bytes
pid_offset=0x14c #4bytes
print 'local remote protocol pid'
for i in xrange(AddrObjTableSize):
obj=pykd.ptrPtr(AddrObjTable+i*g_mwordsize)
while obj!=0:
LocalIP=pykd.ptrMWord(obj+localIP_offset)
LocalPort=pykd.ptrWord(obj+LocalPort_offset)
LocalPort=socket.htons(LocalPort)
Protocol=pykd.ptrWord(obj+Protocol_offset)
pid=pykd.ptrMWord(obj+pid_offset)
Protocol=g_protocols.get(Protocol)
print '%16s:%5d *.* %10s %d' % (socket.inet_ntoa(struct.pack('I', LocalIP)), LocalPort, Protocol, pid)
obj=pykd.ptrPtr(obj+Next_offset)
print '='*20
TCBTable=pykd.getOffset('tcpip!TCBTable')
TCBTable=pykd.ptrPtr(TCBTable)
MaxHashTableSize=pykd.getOffset('tcpip!MaxHashTableSize')
MaxHashTableSize=pykd.ptrPtr(MaxHashTableSize)
print 'TCBTable:%x MaxHashTableSize:%d' % (TCBTable, MaxHashTableSize)
Next_offset=0
RemoteIP_offset=0x0c#4bytes
LocalIP_offset=0x10#4bytes
RemotePort_offset=0x14#2bytes
LocalPort_offset=0x16 #2bytes
pid_offset=0x18 #4bytes
print 'local remote protocol pid'
for i in xrange(MaxHashTableSize):
obj=pykd.ptrPtr(TCBTable+i*g_mwordsize)
while obj!=0:
RemoteIP=pykd.ptrMWord(obj+RemoteIP_offset)
LocalIP=pykd.ptrMWord(obj+LocalIP_offset)
RemotePort=pykd.ptrWord(obj+RemotePort_offset)
RemotePort=socket.htons(RemotePort)
LocalPort=pykd.ptrWord(obj+LocalPort_offset)
LocalPort=socket.htons(LocalPort)
pid=pykd.ptrMWord(obj+pid_offset)
print '%16s:%5d %16s:%5d TCP %d' % (socket.inet_ntoa(struct.pack('I', LocalIP)), LocalPort, socket.inet_ntoa(struct.pack('I', RemoteIP)), RemotePort, pid)
obj=pykd.ptrPtr(obj+Next_offset)
else:
print 'no support'
except Exception, err:
print err