Python LocalKernelDebugger.get_field_name示例

编程语言: Python

命名空间/包名称: dbginterface

方法/功能: get_field_name

hotexamples.com的示例: 2

Python LocalKernelDebugger.get_field_name - 已找到2个示例。这些是从开源项目中提取的最受好评的dbginterface.LocalKernelDebugger.get_field_name现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

get_symbol(3)

get_symbol_offset(2)

read_dword(2)

read_byte(2)

write_dword(2)

write_byte(2)

set_output_callbacks(1)

read_word(1)

read_word_p(1)

reload(1)

set_current_processor(1)

LocalKernelDebugger(1)

symbol_match(1)

virtual_to_physical(1)

read_qword(1)

write_byte_p(1)

write_dword_p(1)

write_qword(1)

write_qword_p(1)

write_word(1)

read_qword_p(1)

read_dword_p(1)

read_processor_system_data(1)

get_number_modules(1)

execute(1)

get_field_name(1)

get_field_offset(1)

get_field_type_and_offset(1)

get_module_by_index(1)

get_module_name_by_index(1)

get_type_id(1)

read_msr(1)

get_type_name(1)

get_type_size(1)

map_page_to_userland(1)

quiet(1)

read_bus_data(1)

read_byte_p(1)

alloc_memory(1)

write_word_p(1)

示例#1

显示文件

print("The size retrieved using type_id is {0}".format(hex(size)))

size = kdbg.get_type_size("nt", "_KPCR")
print('The size retrieved using "_KPCR" is {0}'.format(hex(size)))

offset = kdbg.get_field_offset("nt", "_KPCR", "IDT")
print('Field "IDT" is at offset {0} in "nt!_KPCR"'.format(hex(offset)))

# Get the type_id and offset of the field PrcbData
prcbdata_type_id, offset = kdbg.get_field_type_and_offset(
    "nt", "_KPCR", "PrcbData")
# Get the name of the type of PrcbData
prcbdata_type_name = kdbg.get_type_name("nt", prcbdata_type_id)
# Get the size of the type of PrcbData
prcbdata_size = kdbg.get_type_size("nt", prcbdata_type_id)
print(
    'PrcbData is a field of type "{0}" (size {1}) at offset {2} in "nt!_KPCR"'.
    format(prcbdata_type_name, hex(prcbdata_size), hex(offset)))

print("")
print("Listing the 5 firsts fields of {0}".format(prcbdata_type_name))
print("{0}:".format(prcbdata_type_name))
for i in range(5):
    # I don't know a better way of getting the type and offset if field number X than
    # getting the name if field number X
    # getting the type and offset of the field with this name
    name = kdbg.get_field_name("nt", prcbdata_type_id, i)
    type, offset = kdbg.get_field_type_and_offset("nt", prcbdata_type_id, name)
    type_name = kdbg.get_type_name("nt", type)
    print("    +{0} {1:20} {2}".format(hex(offset), name, type_name))

示例#2

显示文件

文件： type_demo.py 项目： a1ext/LKD

size = kdbg.get_type_size("nt", "_KPCR")
print('The size retrieved using "_KPCR" is {0}'.format(hex(size)))

offset = kdbg.get_field_offset("nt", "_KPCR", "IDT")
print('Field "IDT" is at offset {0} in "nt!_KPCR"'.format(hex(offset)))

# Get the type_id and offset of the field PrcbData
prcbdata_type_id, offset = kdbg.get_field_type_and_offset("nt", "_KPCR", "PrcbData")
# Get the name of the type of PrcbData
prcbdata_type_name = kdbg.get_type_name("nt", prcbdata_type_id)
# Get the size of the type of PrcbData
prcbdata_size = kdbg.get_type_size("nt", prcbdata_type_id)
print('PrcbData is a field of type "{0}" (size {1}) at offset {2} in "nt!_KPCR"'.format(prcbdata_type_name, hex(prcbdata_size), hex(offset)))

print("")
print("Listing the 5 firsts fields of {0}".format(prcbdata_type_name))
print("{0}:".format(prcbdata_type_name))
for i in range(5):
    # I don't know a better way of getting the type and offset if field number X than
    # getting the name if field number X
    # getting the type and offset of the field with this name
    name = kdbg.get_field_name("nt", prcbdata_type_id, i)
    type, offset = kdbg.get_field_type_and_offset("nt", prcbdata_type_id, name)
    type_name = kdbg.get_type_name("nt", type)
    print("    +{0} {1:20} {2}".format(hex(offset), name, type_name))