Пример #1
0
 def kd(self, line):
     "magic for calling any windbg command"
     try:
         pykd.dprintln(pykd.dbgCommand(line))
     except pykd.BaseException:
         pykd.dprintln("invalid windbg syntax")
     return None
Пример #2
0
 def print_code(self):
     pc = self.context.pc
     for offset in range(-3, 6):  # pc-3 ~ pc+5
         addr = pykd.disasm().findOffset(offset)
         op_str, asm_str = disasm(addr)
         code_str = "{:#x}: {:20s}{}".format(addr, op_str, asm_str)
         if addr == pc:  # current pc, highlight
             pykd.dprintln(color.lime_highlight(code_str), dml=True)
         else:
             pykd.dprintln(code_str)
Пример #3
0
def TWindbg(args):
    """TWindbg: List all the command in TWindbg """
    if len(args) != 0:
        raise CmdExecError("Invalid argument number")
    banner = color.yellow("TWindbg: PEDA-like debugger UI for WinDbg\n")
    banner += color.gray("For latest update, check the project page: ")
    banner += color.white("https://github.com/bruce30262/TWindbg\n")
    banner += color.orange("Use \"[cmd] help\" for further command usage\n")
    pykd.dprintln(banner, dml=True)
    print_all_usage()
Пример #4
0
def printRegs():

    """ print CPU registers values"""

    if CPU == "X86":
        for regName in x86Regs:
             pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) )

    elif CPU == "X64":
        for regName in amd64Regs:
             pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) )
Пример #5
0
def printAllSamples():
    dprintln("<b>Kernel mode</b>", True)
    dprintln(
        "Get process list <link cmd=\"!py samples run km.proclist\">Run</link> <link cmd=\"!py samples source km.proclist\">Source</link>",
        True)
    dprintln(
        "Get kernel service list <link cmd=\"!py samples run km.ssdt\">Run</link> <link cmd=\"!py samples source km.ssdt\">Source</link>",
        True)
    dprintln(
        "Get driver object <link cmd=\"!py samples run km.drvobj\">Run</link> <link cmd=\"!py samples source km.drvobj\">Source</link>",
        True)
    dprintln("")
Пример #6
0
    def print_general_regs(self):
        for reg_name in self.context.regs_name:
            reg_data = self.context.regs[reg_name]
            reg_str = '{:3}: '.format(reg_name.upper())
            reg_color = self.set_reg_color(reg_name,
                                           color_changed=color.red,
                                           color_unchanged=color.lime)
            pykd.dprint(reg_color(reg_str), dml=True)

            if pykd.isValid(reg_data):  # reg_data is a pointer
                self.print_ptrs(reg_data)
            else:
                pykd.dprintln("{:#x}".format(reg_data))
Пример #7
0
 def print_eflags(self):
     eflags = pykd.reg('efl')
     eflags_str = color.green("EFLAGS: {:#x}".format(eflags))
     eflags_str += " ["
     for bit, flag_name in self.context.eflags_tbl.items():
         is_set = eflags & (1 << bit)
         eflags_str += " "
         if is_set:
             eflags_str += color.dark_red(flag_name)
         else:
             eflags_str += color.green(flag_name)
     eflags_str += " ]"
     pykd.dprintln(eflags_str, dml=True)
Пример #8
0
def listFrameDetails():
    print 'Listing frame details...'
    FRAME_NUM = 30
    out = ''
    for j in range(0, FRAME_NUM):
        out = pykd.dbgCommand('.frame ' + str(j))
        if out is None:
            return
        pykd.dprintln(out)
        out = pykd.dbgCommand('dv /i/t/V')
        if out is None:
            return
        pykd.dprintln(out)
Пример #9
0
 def print_ptrs(self, addr):
     ptrs_str = ""
     ptr_values, is_cyclic = self.smart_dereference(addr)
     # print all ptrs except last two
     for ptr in ptr_values[:-2:]:
         ptrs_str += "{:#x} --> ".format(ptr)
     # handle last two's format
     last_ptr, last_val = ptr_values[-2], ptr_values[-1]
     if is_cyclic:
         ptrs_str += "{:#x} --> {:#x}".format(
             last_ptr, last_val) + color.dark_red(" ( cyclic dereference )")
     else:
         ptrs_str += self.enhance_type(last_ptr, last_val)
     pykd.dprintln(ptrs_str, dml=True)
Пример #10
0
    def print_seg_regs(self):
        first_print = True
        for reg_name in self.context.seg_regs_name:
            reg_data = self.context.regs[reg_name]
            reg_str = '{:2}={:#x}'.format(reg_name.upper(), reg_data)
            reg_color = self.set_reg_color(reg_name,
                                           color_changed=color.red,
                                           color_unchanged=color.green)

            if first_print:
                pykd.dprint(reg_color(reg_str), dml=True)
                first_print = False
            else:
                pykd.dprint(" | " + reg_color(reg_str), dml=True)
        pykd.dprintln("")
Пример #11
0
 def print_ptrs(self, addr):
     ptrs_str = ""
     ptr_values, is_cyclic = self.smart_dereference(addr)
     for index, val in enumerate(ptr_values):
         if index == (len(ptr_values) - 2): # last ptr
             last_val = ptr_values[index+1]
             if is_cyclic:
                 ptrs_str += "{:#x} --> {:#x}".format(val, last_val)
                 ptrs_str += color.dark_red(" ( cyclic dereference )")
             else:
                 ptrs_str += self.enhance_type(val, last_val)
             break
         else:
             ptrs_str += "{:#x} --> ".format(val)
     pykd.dprintln(ptrs_str, dml=True)
Пример #12
0
 def print_context(self):
     #pykd.dbgCommand('.cls')
     self.context.update_regs()
     pykd.dprintln(color.yellow("[------ Register --------------------------------------------------------------------------------------------]"), dml=True)
     self.print_regs()
     pykd.dprintln(color.yellow("[------ Code ------------------------------------------------------------------------------------------------]"), dml=True)
     self.print_code()
     pykd.dprintln(color.yellow("[------ Stack -----------------------------------------------------------------------------------------------]"), dml=True)
     self.print_stack()
     pykd.dprintln(color.yellow("[------------------------------------------------------------------------------------------------------------]"), dml=True)
Пример #13
0
def printContent():

    dprintln("\nPYKD API Help\n")

    funcs = getFuncs()

    dprintln("\n<u>FUNCTIONS</u>\n", True)

    for f in funcs:
        dprintln(
            "<link cmd=\"!py help %s\">%s</link>" % (f.__name__, f.__name__),
            True)

    classes = getClasses()

    dprintln("\n<u>CLASSES</u>\n", True)

    for c in classes:
        dprintln(
            "<link cmd=\"!py help %s\">%s</link>" % (c.__name__, c.__name__),
            True)
Пример #14
0
def runSample(sampleName):

    try:
        packageName, moduleName = sampleName.split(".")

        module = __import__(name=sampleName, fromlist=moduleName)

        module.__dict__["run"]()

    except ImportError:
        dprintln("import error")
        pass

    dprintln("")
    dprintln("<link cmd=\"!py samples\">Sample list</link>", True)
    dprintln("")
Пример #15
0
def printSample(sampleName):

    try:
        packageName, moduleName = sampleName.split(".")

        module = __import__(name=sampleName, fromlist=moduleName)

        fileName = os.path.dirname(module.__dict__["__file__"])
        fileName = os.path.join(fileName, moduleName + ".py")

        with open(fileName) as f:
            for line in f:
                dprint(line)

    except ImportError:
        dprintln("import error")
        pass

    dprintln("")
    dprintln("<link cmd=\"!py samples\">Sample list</link>", True)
    dprintln("")
Пример #16
0
def analyze():
    print 'Analyzing dump...'
    s = pykd.dbgCommand('.reload')
    s = pykd.dbgCommand('!analyze -v')
    pykd.dprintln(s)

    ## 打印dump分析的栈回溯
    for i in s.split("\n"):
        if ("STACK_COMMAND" in i):
            index = i.index(':')
            cmd = i[index + 1:]
            print cmd
            s = pykd.dbgCommand(cmd)
            pykd.dprintln(s)
            s = pykd.dbgCommand('kn 20')
            pykd.dprintln(s)
            listFrameDetails()
Пример #17
0
def printUsage():
    dprintln( "!py avl [addr] (type)")
Пример #18
0
if __name__ == "__main__":

    if len( sys.argv ) < 2:
        printUsage()
        quit(0)
   
    showAll = False
    args = sys.argv
    if '-a' in args:
        args.remove('-a')
        showAll = True
        
    items = getAVLTable( addr64( expr( sys.argv[1] ) ) )       
        
    if showAll:
        if len( sys.argv ) == 2:
            dprintln( "\n".join( [ "<link cmd=\"db 0x%x\">db 0x%x</link>" % (  entry, entry ) for entry in items ] ), True )
        else:
            ti = typeInfo(sys.argv[2])
            dprintln( "\n".join( [ "<link cmd=\"dt %s 0x%x\">dt %s</link>\n%s" % ( sys.argv[2], entry, sys.argv[2], typedVar(ti, entry) ) for entry in items ] ), True )  
    
    else:
        if len( sys.argv ) == 2:
            dprintln( "\n".join( [ "<link cmd=\"db 0x%x\">db 0x%x</link>" % (  entry, entry ) for entry in items ] ), True )
        else:
            dprintln( "\n".join( [ "<link cmd=\"dt %s 0x%x\">dt %s</link>" % ( sys.argv[2], entry, sys.argv[2] ) for entry in items ] ), True )
Пример #19
0
def printModuleList():
    pykd.dprintln("\n".join([str(m) for m in moduleList]))
Пример #20
0
 def dbiprintf(self, str):
     f = open(self.logPath, "a")
     f.write(str + "\n")
     f.close()
     pykd.dprintln(str)
Пример #21
0
def print_all_usage():
    global all_commands
    for cmd in all_commands:
        cmd_info = globals()[cmd].__doc__.split("\n")[0].split(":")[1]
        pykd.dprintln("{:15s}{}".format(cmd, cmd_info))
Пример #22
0
 def dbiprintf(self, str):
     f = open(self.logPath, "a")
     f.write(str + "\n")
     f.close()
     if self.bSilent == False:
         pykd.dprintln(str)
Пример #23
0
def printAllSamples():
    dprintln("<b>User mode</b>", True)
    dprintln(
        "Get critical sections list <link cmd=\"!py samples run um.critlist\">Run</link> <link cmd=\"!py samples source um.critlist\">Source</link>",
        True)
    dprintln(
        "Get module list from PEB <link cmd=\"!py samples run um.ldr\">Run</link> <link cmd=\"!py samples source um.ldr\">Source</link>",
        True)
    dprintln("<b>Kernel mode</b>", True)
    dprintln(
        "Get process list <link cmd=\"!py samples run km.proclist\">Run</link> <link cmd=\"!py samples source km.proclist\">Source</link>",
        True)
    dprintln(
        "Get kernel service list <link cmd=\"!py samples run km.ssdt\">Run</link> <link cmd=\"!py samples source km.ssdt\">Source</link>",
        True)
    dprintln(
        "Get driver object <link cmd=\"!py samples run km.drvobj\">Run</link> <link cmd=\"!py samples source km.drvobj\">Source</link>",
        True)
    dprintln("")
Пример #24
0
def print_err(msg):
    pykd.dprintln(color.red(msg), dml=True)
Пример #25
0
def print_usage(doc_str):
    pykd.dprintln(color.blue(doc_str), dml=True)
Пример #26
0
import pykd
import sys
import argparse
import re
parser = argparse.ArgumentParser(description='Search a given generation and output rooted items for a specific type and optionally its size')
parser.add_argument('gen', metavar='generation', type=int, help='GC generation to scan')
parser.add_argument('type', metavar='typename',  help='The typename you are scanning for roots for')
parser.add_argument('--size', help="size of the object we are searching for root on")
parser.add_argument("--verbose", help="increase output verbosity",action="store_true")

args=parser.parse_args()


pykd.dprintln ("Scanning for rooted objects in Gen={0} for type={1}".format(args.gen, args.type))

s = pykd.dbgCommand("!chain")
out = ""
if not("sos.dll" in s):
	pykd.dprintln("sos not found ...... loading sos")
	out = pykd.dbgCommand("!loadby sos clr")
	print out
if not("sosex.dll" in s):
	pykd.dprintln("sosex not found ...... loading sosex please wait")
	out = pykd.dbgCommand("!load sosex")
	print out
	pykd.dprintln("Building heap index this may take a few minutes....")
	out = pykd.dbgCommand("!bhi")
	pykd.dprintln(out)


command = "!dumpgen {0} -type {1}".format(args.gen, args.type)
Пример #27
0
def printDetail(name):

    if name in pykd.__dict__:
        help("pykd.%s" % name)

    dprintln("\n\n<link cmd=\"!py help\">View content</link>", True)
Пример #28
0
</html>
"""

LOGGER_DICT = {
        'adreno' : adreno_worker,
        'always on' :  always_on_worker
    }

_NT_SYMBOL_PATH = '''CACHE*C:\symbols;SRV*\\wpsymbol01\symbol01;
                    SRV*\\wpsymbol01\symbol02;SRV*\\wpsymbol01\symbol03;
                    SRV*\\wpsymbol01\symbol04;SRV*\\wpsymbol01\symbol05;
                    SRV*http://msdl.microsoft.com/download/symbols'''

WINDBG_SESSION_TIME_FORMAT = r'%b  %d %H:%M:%S.%f %Y' 


if __name__ == "__main__":
    try:
        # setup symbol path
        os.environ["_NT_SYMBOL_PATH"] = _NT_SYMBOL_PATH
        lr_args = Log_Reducer_Args()
        lr_args.dbg_args_parser(parser.parse_args())
        if lr_args._dump_path:
            pykd.loadDump(lr_args._dump_path)
        log_output_location = get_sorted_logs(*(lr_args._loggers), file_types=lr_args._file_types, storage_path = lr_args._storage_path)
        if os.path.isdir(log_output_location):
            import subprocess
            subprocess.Popen(r'explorer /select, {0}'.format(log_output_location))
    except Exception, err:
        pykd.dprintln('failure... %s\n' %str(err))
Пример #29
0
import pykd

if __name__ == "__main__":

    if not pykd.isWindbgExt():
        print("Script cannot be launched outside Windbg")
        quit(0)

    if len(sys.argv) < 2:
        print("Expecting process name as argument")
        quit(0)

    targetProcessName = sys.argv[1]
    pykd.dprintln("Target: " + targetProcessName)

    processList = pykd.typedVarList(
        pykd.module("nt").PsActiveProcessHead, "nt!_EPROCESS",
        "ActiveProcessLinks")

    for i, process in enumerate(processList):
        if pykd.loadCStr(process.ImageFileName) == targetProcessName:
            targetProcessList = pykd.module("nt").typedVar(
                "_LIST_ENTRY", process.ActiveProcessLinks)
            print("ActiveProcessLinks: 0x%08x" % process.ActiveProcessLinks)
            print(targetProcessList)
            #prevFlink = module("nt").typedVar("_LIST_ENTRY",targetProcessList.Blink)
            #nextBlink = module("nt").typedVar("_LIST_ENTRY",targetProcessList.Flink)

            print("prevFlink: 0x%08x" % pykd.ptrQWord(targetProcessList.Blink))
            print("nextBlink: 0x%08x" %
                  pykd.ptrQWord(targetProcessList.Flink + 8))