def kd(self, line): "magic for calling any windbg command" try: pykd.dprintln(pykd.dbgCommand(line)) except pykd.BaseException: pykd.dprintln("invalid windbg syntax") return None
def print_code(self): pc = self.context.pc for offset in range(-3, 6): # pc-3 ~ pc+5 addr = pykd.disasm().findOffset(offset) op_str, asm_str = disasm(addr) code_str = "{:#x}: {:20s}{}".format(addr, op_str, asm_str) if addr == pc: # current pc, highlight pykd.dprintln(color.lime_highlight(code_str), dml=True) else: pykd.dprintln(code_str)
def TWindbg(args): """TWindbg: List all the command in TWindbg """ if len(args) != 0: raise CmdExecError("Invalid argument number") banner = color.yellow("TWindbg: PEDA-like debugger UI for WinDbg\n") banner += color.gray("For latest update, check the project page: ") banner += color.white("https://github.com/bruce30262/TWindbg\n") banner += color.orange("Use \"[cmd] help\" for further command usage\n") pykd.dprintln(banner, dml=True) print_all_usage()
def printRegs(): """ print CPU registers values""" if CPU == "X86": for regName in x86Regs: pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) ) elif CPU == "X64": for regName in amd64Regs: pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) )
def printAllSamples(): dprintln("<b>Kernel mode</b>", True) dprintln( "Get process list <link cmd=\"!py samples run km.proclist\">Run</link> <link cmd=\"!py samples source km.proclist\">Source</link>", True) dprintln( "Get kernel service list <link cmd=\"!py samples run km.ssdt\">Run</link> <link cmd=\"!py samples source km.ssdt\">Source</link>", True) dprintln( "Get driver object <link cmd=\"!py samples run km.drvobj\">Run</link> <link cmd=\"!py samples source km.drvobj\">Source</link>", True) dprintln("")
def print_general_regs(self): for reg_name in self.context.regs_name: reg_data = self.context.regs[reg_name] reg_str = '{:3}: '.format(reg_name.upper()) reg_color = self.set_reg_color(reg_name, color_changed=color.red, color_unchanged=color.lime) pykd.dprint(reg_color(reg_str), dml=True) if pykd.isValid(reg_data): # reg_data is a pointer self.print_ptrs(reg_data) else: pykd.dprintln("{:#x}".format(reg_data))
def print_eflags(self): eflags = pykd.reg('efl') eflags_str = color.green("EFLAGS: {:#x}".format(eflags)) eflags_str += " [" for bit, flag_name in self.context.eflags_tbl.items(): is_set = eflags & (1 << bit) eflags_str += " " if is_set: eflags_str += color.dark_red(flag_name) else: eflags_str += color.green(flag_name) eflags_str += " ]" pykd.dprintln(eflags_str, dml=True)
def listFrameDetails(): print 'Listing frame details...' FRAME_NUM = 30 out = '' for j in range(0, FRAME_NUM): out = pykd.dbgCommand('.frame ' + str(j)) if out is None: return pykd.dprintln(out) out = pykd.dbgCommand('dv /i/t/V') if out is None: return pykd.dprintln(out)
def print_ptrs(self, addr): ptrs_str = "" ptr_values, is_cyclic = self.smart_dereference(addr) # print all ptrs except last two for ptr in ptr_values[:-2:]: ptrs_str += "{:#x} --> ".format(ptr) # handle last two's format last_ptr, last_val = ptr_values[-2], ptr_values[-1] if is_cyclic: ptrs_str += "{:#x} --> {:#x}".format( last_ptr, last_val) + color.dark_red(" ( cyclic dereference )") else: ptrs_str += self.enhance_type(last_ptr, last_val) pykd.dprintln(ptrs_str, dml=True)
def print_seg_regs(self): first_print = True for reg_name in self.context.seg_regs_name: reg_data = self.context.regs[reg_name] reg_str = '{:2}={:#x}'.format(reg_name.upper(), reg_data) reg_color = self.set_reg_color(reg_name, color_changed=color.red, color_unchanged=color.green) if first_print: pykd.dprint(reg_color(reg_str), dml=True) first_print = False else: pykd.dprint(" | " + reg_color(reg_str), dml=True) pykd.dprintln("")
def print_ptrs(self, addr): ptrs_str = "" ptr_values, is_cyclic = self.smart_dereference(addr) for index, val in enumerate(ptr_values): if index == (len(ptr_values) - 2): # last ptr last_val = ptr_values[index+1] if is_cyclic: ptrs_str += "{:#x} --> {:#x}".format(val, last_val) ptrs_str += color.dark_red(" ( cyclic dereference )") else: ptrs_str += self.enhance_type(val, last_val) break else: ptrs_str += "{:#x} --> ".format(val) pykd.dprintln(ptrs_str, dml=True)
def print_context(self): #pykd.dbgCommand('.cls') self.context.update_regs() pykd.dprintln(color.yellow("[------ Register --------------------------------------------------------------------------------------------]"), dml=True) self.print_regs() pykd.dprintln(color.yellow("[------ Code ------------------------------------------------------------------------------------------------]"), dml=True) self.print_code() pykd.dprintln(color.yellow("[------ Stack -----------------------------------------------------------------------------------------------]"), dml=True) self.print_stack() pykd.dprintln(color.yellow("[------------------------------------------------------------------------------------------------------------]"), dml=True)
def printContent(): dprintln("\nPYKD API Help\n") funcs = getFuncs() dprintln("\n<u>FUNCTIONS</u>\n", True) for f in funcs: dprintln( "<link cmd=\"!py help %s\">%s</link>" % (f.__name__, f.__name__), True) classes = getClasses() dprintln("\n<u>CLASSES</u>\n", True) for c in classes: dprintln( "<link cmd=\"!py help %s\">%s</link>" % (c.__name__, c.__name__), True)
def runSample(sampleName): try: packageName, moduleName = sampleName.split(".") module = __import__(name=sampleName, fromlist=moduleName) module.__dict__["run"]() except ImportError: dprintln("import error") pass dprintln("") dprintln("<link cmd=\"!py samples\">Sample list</link>", True) dprintln("")
def printSample(sampleName): try: packageName, moduleName = sampleName.split(".") module = __import__(name=sampleName, fromlist=moduleName) fileName = os.path.dirname(module.__dict__["__file__"]) fileName = os.path.join(fileName, moduleName + ".py") with open(fileName) as f: for line in f: dprint(line) except ImportError: dprintln("import error") pass dprintln("") dprintln("<link cmd=\"!py samples\">Sample list</link>", True) dprintln("")
def analyze(): print 'Analyzing dump...' s = pykd.dbgCommand('.reload') s = pykd.dbgCommand('!analyze -v') pykd.dprintln(s) ## 打印dump分析的栈回溯 for i in s.split("\n"): if ("STACK_COMMAND" in i): index = i.index(':') cmd = i[index + 1:] print cmd s = pykd.dbgCommand(cmd) pykd.dprintln(s) s = pykd.dbgCommand('kn 20') pykd.dprintln(s) listFrameDetails()
def printUsage(): dprintln( "!py avl [addr] (type)")
if __name__ == "__main__": if len( sys.argv ) < 2: printUsage() quit(0) showAll = False args = sys.argv if '-a' in args: args.remove('-a') showAll = True items = getAVLTable( addr64( expr( sys.argv[1] ) ) ) if showAll: if len( sys.argv ) == 2: dprintln( "\n".join( [ "<link cmd=\"db 0x%x\">db 0x%x</link>" % ( entry, entry ) for entry in items ] ), True ) else: ti = typeInfo(sys.argv[2]) dprintln( "\n".join( [ "<link cmd=\"dt %s 0x%x\">dt %s</link>\n%s" % ( sys.argv[2], entry, sys.argv[2], typedVar(ti, entry) ) for entry in items ] ), True ) else: if len( sys.argv ) == 2: dprintln( "\n".join( [ "<link cmd=\"db 0x%x\">db 0x%x</link>" % ( entry, entry ) for entry in items ] ), True ) else: dprintln( "\n".join( [ "<link cmd=\"dt %s 0x%x\">dt %s</link>" % ( sys.argv[2], entry, sys.argv[2] ) for entry in items ] ), True )
def printModuleList(): pykd.dprintln("\n".join([str(m) for m in moduleList]))
def dbiprintf(self, str): f = open(self.logPath, "a") f.write(str + "\n") f.close() pykd.dprintln(str)
def print_all_usage(): global all_commands for cmd in all_commands: cmd_info = globals()[cmd].__doc__.split("\n")[0].split(":")[1] pykd.dprintln("{:15s}{}".format(cmd, cmd_info))
def dbiprintf(self, str): f = open(self.logPath, "a") f.write(str + "\n") f.close() if self.bSilent == False: pykd.dprintln(str)
def printAllSamples(): dprintln("<b>User mode</b>", True) dprintln( "Get critical sections list <link cmd=\"!py samples run um.critlist\">Run</link> <link cmd=\"!py samples source um.critlist\">Source</link>", True) dprintln( "Get module list from PEB <link cmd=\"!py samples run um.ldr\">Run</link> <link cmd=\"!py samples source um.ldr\">Source</link>", True) dprintln("<b>Kernel mode</b>", True) dprintln( "Get process list <link cmd=\"!py samples run km.proclist\">Run</link> <link cmd=\"!py samples source km.proclist\">Source</link>", True) dprintln( "Get kernel service list <link cmd=\"!py samples run km.ssdt\">Run</link> <link cmd=\"!py samples source km.ssdt\">Source</link>", True) dprintln( "Get driver object <link cmd=\"!py samples run km.drvobj\">Run</link> <link cmd=\"!py samples source km.drvobj\">Source</link>", True) dprintln("")
def print_err(msg): pykd.dprintln(color.red(msg), dml=True)
def print_usage(doc_str): pykd.dprintln(color.blue(doc_str), dml=True)
import pykd import sys import argparse import re parser = argparse.ArgumentParser(description='Search a given generation and output rooted items for a specific type and optionally its size') parser.add_argument('gen', metavar='generation', type=int, help='GC generation to scan') parser.add_argument('type', metavar='typename', help='The typename you are scanning for roots for') parser.add_argument('--size', help="size of the object we are searching for root on") parser.add_argument("--verbose", help="increase output verbosity",action="store_true") args=parser.parse_args() pykd.dprintln ("Scanning for rooted objects in Gen={0} for type={1}".format(args.gen, args.type)) s = pykd.dbgCommand("!chain") out = "" if not("sos.dll" in s): pykd.dprintln("sos not found ...... loading sos") out = pykd.dbgCommand("!loadby sos clr") print out if not("sosex.dll" in s): pykd.dprintln("sosex not found ...... loading sosex please wait") out = pykd.dbgCommand("!load sosex") print out pykd.dprintln("Building heap index this may take a few minutes....") out = pykd.dbgCommand("!bhi") pykd.dprintln(out) command = "!dumpgen {0} -type {1}".format(args.gen, args.type)
def printDetail(name): if name in pykd.__dict__: help("pykd.%s" % name) dprintln("\n\n<link cmd=\"!py help\">View content</link>", True)
</html> """ LOGGER_DICT = { 'adreno' : adreno_worker, 'always on' : always_on_worker } _NT_SYMBOL_PATH = '''CACHE*C:\symbols;SRV*\\wpsymbol01\symbol01; SRV*\\wpsymbol01\symbol02;SRV*\\wpsymbol01\symbol03; SRV*\\wpsymbol01\symbol04;SRV*\\wpsymbol01\symbol05; SRV*http://msdl.microsoft.com/download/symbols''' WINDBG_SESSION_TIME_FORMAT = r'%b %d %H:%M:%S.%f %Y' if __name__ == "__main__": try: # setup symbol path os.environ["_NT_SYMBOL_PATH"] = _NT_SYMBOL_PATH lr_args = Log_Reducer_Args() lr_args.dbg_args_parser(parser.parse_args()) if lr_args._dump_path: pykd.loadDump(lr_args._dump_path) log_output_location = get_sorted_logs(*(lr_args._loggers), file_types=lr_args._file_types, storage_path = lr_args._storage_path) if os.path.isdir(log_output_location): import subprocess subprocess.Popen(r'explorer /select, {0}'.format(log_output_location)) except Exception, err: pykd.dprintln('failure... %s\n' %str(err))
import pykd if __name__ == "__main__": if not pykd.isWindbgExt(): print("Script cannot be launched outside Windbg") quit(0) if len(sys.argv) < 2: print("Expecting process name as argument") quit(0) targetProcessName = sys.argv[1] pykd.dprintln("Target: " + targetProcessName) processList = pykd.typedVarList( pykd.module("nt").PsActiveProcessHead, "nt!_EPROCESS", "ActiveProcessLinks") for i, process in enumerate(processList): if pykd.loadCStr(process.ImageFileName) == targetProcessName: targetProcessList = pykd.module("nt").typedVar( "_LIST_ENTRY", process.ActiveProcessLinks) print("ActiveProcessLinks: 0x%08x" % process.ActiveProcessLinks) print(targetProcessList) #prevFlink = module("nt").typedVar("_LIST_ENTRY",targetProcessList.Blink) #nextBlink = module("nt").typedVar("_LIST_ENTRY",targetProcessList.Flink) print("prevFlink: 0x%08x" % pykd.ptrQWord(targetProcessList.Blink)) print("nextBlink: 0x%08x" % pykd.ptrQWord(targetProcessList.Flink + 8))