def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
# This information is cached while the process is suspended, when the process is resumed, this information is
# discarded in cCdbWrapper_fCdbStdInOutThread.
if oCdbWrapper.doModules_by_sCdbId is None:
# Gather start and end address and binary name information for loaded modules.
# See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on; $$ List loaded modules");
if not oCdbWrapper.bCdbRunning: return None;
sHeader = asModules.pop(0);
assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
"Unknown modules header: %s" % repr(sHeader);
doModules_by_sCdbId = {};
for sLine in asModules:
if re.match(r"^\s*(%s)\s*$" % r"|".join([
r"",
r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"
]), sLine):
continue;
oMatch = re.match(r"^\s*%s\s*$" % "\s+".join([
r"([0-9A-f`]+)", # (start_address)
r"([0-9A-f`]+)", # (end_address)
r"(\w+)", # (cdb_module_id)
r"(.*?)", # (binary_name)
]), sLine);
assert oMatch, "Unexpected modules output: %s" % sLine;
sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups();
uStartAddress = long(sStartAddress.replace("`", ""), 16);
uEndAddress = long(sEndAddress.replace("`", ""), 16);
doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName, uStartAddress, uEndAddress);
oCdbWrapper.doModules_by_sCdbId = doModules_by_sCdbId;
return oCdbWrapper.doModules_by_sCdbId;
def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
# This information is cached while the process is suspended, when the process is resumed, this information is
# discarded in cCdbWrapper_fCdbStdInOutThread.
if oCdbWrapper.doModules_by_sCdbId is None:
# Gather start and end address and binary name information for loaded modules.
# See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on");
if not oCdbWrapper.bCdbRunning: return None;
sHeader = asModules.pop(0);
assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
"Unknown modules header: %s" % repr(sHeader);
doModules_by_sCdbId = {};
for sLine in asModules:
if re.match(r"^\s*(%s)\s*$" % r"|".join([
r"",
r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"
]), sLine):
continue;
oMatch = re.match(r"^\s*%s\s*$" % "\s+".join([
r"([0-9A-f`]+)", # (start_address)
r"([0-9A-f`]+)", # (end_address)
r"(\w+)", # (cdb_module_id)
r"(.*?)", # (binary_name)
]), sLine);
assert oMatch, "Unexpected modules output: %s" % sLine;
sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups();
uStartAddress = long(sStartAddress.replace("`", ""), 16);
uEndAddress = long(sEndAddress.replace("`", ""), 16);
doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName, uStartAddress, uEndAddress);
oCdbWrapper.doModules_by_sCdbId = doModules_by_sCdbId;
return oCdbWrapper.doModules_by_sCdbId;
def fdoGetModules_by_sCdbId(oProcess):
if oProcess._doModules_by_sCdbId is None:
oProcess._doModules_by_sCdbId = {}
# Gather start and end address and binary name information for loaded modules.
asModules = oProcess.oCrashInfo._fasSendCommandAndReadOutput("lm on")
if not oProcess.oCrashInfo._bCdbRunning:
return None
sHeader = asModules.pop(0)
assert re.sub(r"\s+", " ", sHeader.strip()) in [
"start end module name"
], "Unknown modules header: %s" % repr(sHeader)
for sLine in asModules:
oMatch = re.match(
r"^\s*%s\s*$"
% "\s+".join(
[
r"([0-9A-F`]+)", # (start_address)
r"([0-9A-F`]+)", # (end_address)
r"(\w+)", # (cdb_module_id)
r"(.*?)", # (binary_name)
]
),
sLine,
re.I,
)
assert oMatch, "Unexpected modules output: %s" % sLine
sStartAddress, sEndAddress, sCdbModuleId, sBinaryName, = oMatch.groups()
uStartAddress = int(sStartAddress.replace("`", ""), 16)
uEndAddress = int(sEndAddress.replace("`", ""), 16)
oProcess._doModules_by_sCdbId[sCdbModuleId] = cModule(
oProcess, sCdbModuleId, sBinaryName, uStartAddress, uEndAddress
)
return oProcess._doModules_by_sCdbId
def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
# Gather start and end address and binary name information for loaded modules.
# See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on")
if not oCdbWrapper.bCdbRunning: return None
sHeader = asModules.pop(0)
assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
"Unknown modules header: %s" % repr(sHeader)
doModules_by_sCdbId = {}
for sLine in asModules:
if re.match(
r"^\s*(%s)\s*$" % r"|".join([
r"",
r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"
]), sLine):
continue
oMatch = re.match(
r"^\s*%s\s*$" % "\s+".join([
r"([0-9A-f`]+)", # (start_address)
r"([0-9A-f`]+)", # (end_address)
r"(\w+)", # (cdb_module_id)
r"(.*?)", # (binary_name)
]),
sLine)
assert oMatch, "Unexpected modules output: %s" % sLine
sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups(
)
uStartAddress = long(sStartAddress.replace("`", ""), 16)
uEndAddress = long(sEndAddress.replace("`", ""), 16)
doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName,
uStartAddress, uEndAddress)
return doModules_by_sCdbId
def cCdbWrapper_fdoGetModulesByCdbIdForCurrentProcess(oCdbWrapper):
# Gather start and end address and binary name information for loaded modules.
# See also cCdbWrapper_fasGetCdbIdsForModuleFileNameInCurrentProcess.py
asModules = oCdbWrapper.fasSendCommandAndReadOutput("lm on")
if not oCdbWrapper.bCdbRunning:
return None
sHeader = asModules.pop(0)
assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], "Unknown modules header: %s" % repr(
sHeader
)
doModules_by_sCdbId = {}
for sLine in asModules:
if re.match(
r"^\s*(%s)\s*$" % r"|".join([r"", r"Unable to enumerate user\-mode unloaded modules, Win32 error 0n\d+"]),
sLine,
):
continue
oMatch = re.match(
r"^\s*%s\s*$"
% "\s+".join(
[
r"([0-9A-f`]+)", # (start_address)
r"([0-9A-f`]+)", # (end_address)
r"(\w+)", # (cdb_module_id)
r"(.*?)", # (binary_name)
]
),
sLine,
)
assert oMatch, "Unexpected modules output: %s" % sLine
sStartAddress, sEndAddress, sModuleCdbId, sBinaryName, = oMatch.groups()
uStartAddress = long(sStartAddress.replace("`", ""), 16)
uEndAddress = long(sEndAddress.replace("`", ""), 16)
doModules_by_sCdbId[sModuleCdbId] = cModule(sModuleCdbId, sBinaryName, uStartAddress, uEndAddress)
return doModules_by_sCdbId
def foCreate(cSelf, oCrashInfo):
# Gather process id and binary name for the current process.
asProcesses = oCrashInfo._fasSendCommandAndReadOutput("|.");
if asProcesses is None: return None;
#we're only interested in the current process, and output should only include that. However, here's a list of some
# of the output you might encounter:
# 0 id: e80 create name: chrome.exe
# 1 id: 14bc child name: chrome.exe
# . 2 id: e44 child name: chrome.exe
# . 1 id: 28c child name: iexplore.exe
for sLine in asProcesses:
oMatch = re.match(r"^\s*%s\s*$" % (
r"\.\s+" # "." whitespace
r"\d+" # cdb_process_number
r"\s+id:\s+" # whitespace "id:" whitespace
r"([0-9A-F]+)" # (pid)
r"\s+\w+\s+name:\s+" # whitespace {"create" || "child"} whitespace "name:" whitespace
r"(.*?)" # (binary_name)
), sLine, re.I);
if oMatch:
sPid, sBinaryNameOrPath = oMatch.groups();
uPid = int(sPid, 16);
sBinaryName = os.path.basename(sBinaryNameOrPath);
break;
else:
raise AssertionError("Unexpected processes output: %s" % repr(asProcesses));
# Gather instruction set architecture for current process.
asEffmach = oCrashInfo._fasSendCommandAndReadOutput(".effmach");
if asEffmach is None: return None;
oEffmachMatch = len(asEffmach) == 1 and re.match(r"^Effective machine: (x\d{2}) .*$", asEffmach[0]);
assert oEffmachMatch, "Unexpected .effmach output: %s" % repr(asEffmach);
sISA = oEffmachMatch.group(1);
# Create a cProcess instance
oSelf = cSelf(uPid, sBinaryName, sISA);
# Gather start and end address and binary name information for loaded modules.
asModules = oCrashInfo._fasSendCommandAndReadOutput("lm on");
if asModules is None: return None;
sHeader = asModules.pop(0);
assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
"Unknown modules header: %s" % repr(sHeader);
for sLine in asModules:
oMatch = re.match(r"^\s*%s\s*$" % "\s+".join([
r"([0-9A-F`]+)", # (start_address)
r"([0-9A-F`]+)", # (end_address)
r"(\w+)", # (cdb_module_id)
r"(.*?)", # (binary_name)
]), sLine, re.I);
assert oMatch, "Unexpected modules output: %s" % sLine;
sStartAddress, sEndAddress, sCdbModuleId, sBinaryName, = oMatch.groups();
uStartAddress = int(sStartAddress.replace("`", ""), 16);
uEndAddress = int(sEndAddress.replace("`", ""), 16);
oSelf._doModules_sCdbId[sCdbModuleId] = cModule(oSelf, sBinaryName, uStartAddress, uEndAddress);
return oSelf;
def foCreate(cSelf, oCrashInfo):
# Gather process id and binary name for the current process.
asProcesses = oCrashInfo._fasSendCommandAndReadOutput("|.")
if asProcesses is None: return None
#we're only interested in the current process, and output should only include that. However, here's a list of some
# of the output you might encounter:
# 0 id: e80 create name: chrome.exe
# 1 id: 14bc child name: chrome.exe
# . 2 id: e44 child name: chrome.exe
# . 1 id: 28c child name: iexplore.exe
for sLine in asProcesses:
oMatch = re.match(
r"^\s*%s\s*$" % (
r"\.\s+" # "." whitespace
r"\d+" # cdb_process_number
r"\s+id:\s+" # whitespace "id:" whitespace
r"([0-9A-F]+)" # (pid)
r"\s+\w+\s+name:\s+" # whitespace {"create" || "child"} whitespace "name:" whitespace
r"(.*?)" # (binary_name)
),
sLine,
re.I)
if oMatch:
sPid, sBinaryNameOrPath = oMatch.groups()
break
else:
raise AssertionError("Unexpected processes output: %s" %
repr(asLines))
oSelf = cSelf(int(sPid, 16), os.path.basename(sBinaryNameOrPath))
# Gather start and end address and binary name information for loaded modules.
asModules = oCrashInfo._fasSendCommandAndReadOutput("lm on")
if asModules is None: return None
sHeader = asModules.pop(0)
assert re.sub(r"\s+", " ", sHeader.strip()) in ["start end module name"], \
"Unknown modules header: %s" % repr(sHeader)
for sLine in asModules:
oMatch = re.match(
r"^\s*%s\s*$" % "\s+".join([
r"([0-9A-F`]+)", # (start_address)
r"([0-9A-F`]+)", # (end_address)
r"(\w+)", # (cdb_module_id)
r"(.*?)", # (binary_name)
]),
sLine,
re.I)
assert oMatch, "Unexpected modules output: %s" % sLine
sStartAddress, sEndAddress, sCdbModuleId, sBinaryName, = oMatch.groups(
)
uStartAddress = int(sStartAddress.replace("`", ""), 16)
uEndAddress = int(sEndAddress.replace("`", ""), 16)
oSelf._doModules_sCdbId[sCdbModuleId] = cModule(
oSelf, sBinaryName, uStartAddress, uEndAddress)
return oSelf
def foGetOrCreateModule(oProcess, uStartAddress, uEndAddress, sCdbId,
sSymbolStatus):
if sCdbId not in oProcess.__doModules_by_sCdbId:
oProcess.__doModules_by_sCdbId[sCdbId] = cModule(
oProcess, uStartAddress, uEndAddress, sCdbId, sSymbolStatus)
return oProcess.__doModules_by_sCdbId[sCdbId]
