Python LocalKernelDebugger.get_module_by_index示例

编程语言: Python

命名空间/包名称: dbginterface

方法/功能: get_module_by_index

hotexamples.com的示例: 1

Python LocalKernelDebugger.get_module_by_index - 已找到1个示例。这些是从开源项目中提取的最受好评的dbginterface.LocalKernelDebugger.get_module_by_index现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

get_symbol(3)

get_symbol_offset(2)

read_dword(2)

read_byte(2)

write_dword(2)

write_byte(2)

set_output_callbacks(1)

read_word(1)

read_word_p(1)

reload(1)

set_current_processor(1)

LocalKernelDebugger(1)

symbol_match(1)

virtual_to_physical(1)

read_qword(1)

write_byte_p(1)

write_dword_p(1)

write_qword(1)

write_qword_p(1)

write_word(1)

read_qword_p(1)

read_dword_p(1)

read_processor_system_data(1)

get_number_modules(1)

execute(1)

get_field_name(1)

get_field_offset(1)

get_field_type_and_offset(1)

get_module_by_index(1)

get_module_name_by_index(1)

get_type_id(1)

read_msr(1)

get_type_name(1)

get_type_size(1)

map_page_to_userland(1)

quiet(1)

read_bus_data(1)

read_byte_p(1)

alloc_memory(1)

write_word_p(1)

示例#1

显示文件

class IDebugSymbolsTestCase(unittest.TestCase):

    def setUp(self):
        pass
        
    @classmethod
    def setUpClass(self):
        windows.winproxy.SetThreadAffinityMask(dwThreadAffinityMask=(1 << 0))
        self.kdbg = LocalKernelDebugger()
        modules = windows.utils.get_kernel_modules()
        self.modules = modules
        self.ntkernelbase = modules[0].Base
        self.kernelpath = modules[0].ImageName[:]
        self.kernelpath = os.path.expandvars(self.kernelpath.replace("\SystemRoot", "%SystemRoot%"))
        self.kernelmod = winproxy.LoadLibraryA(self.kernelpath)
        pe = windows.pe_parse.PEFile(self.kernelmod)
        self.NtCreateFileVA = pe.exports['NtCreateFile'] - self.kernelmod + self.ntkernelbase

    def tearDown(self):
        #self.kdbg.detach()
        self.kdbg = None

    def test_get_symbol_offset(self):
        # IDebugSymbols::GetOffsetByName
        x = self.kdbg.get_symbol_offset("nt")
        self.assertEqual(x, self.ntkernelbase)

    @RequireSymbol("ntdll!NtCreateFile")
    def test_get_symbol_offset_user(self):
        # IDebugSymbols::GetOffsetByName
        x = windows.utils.get_func_addr("ntdll", "NtCreateFile")
        y = self.kdbg.get_symbol_offset("ntdll!NtCreateFile")
        self.assertEqual(x, y)
        
    @RequireSymbol("nt!NtCreateFile")
    def test_get_symbol(self):
        # IDebugSymbols::GetNameByOffset
        x = self.kdbg.get_symbol(self.NtCreateFileVA)
        self.assertEqual(x[0], 'nt!NtCreateFile')
        self.assertEqual(x[1], 0x00)
        
    @RequireSymbol("ntdll!NtCreateFile")
    def test_get_symbol_user(self):
        # IDebugSymbols::GetNameByOffset
        x = windows.utils.get_func_addr("ntdll", "NtCreateFile")
        y = self.kdbg.get_symbol(x)
        self.assertIn(y[0], ["ntdll!NtCreateFile", "ntdll!ZwCreateFile"])

    def test_get_number_modules(self):
        # IDebugSymbols::GetNumberModules
        loaded, unloaded = self.kdbg.get_number_modules()

    def test_get_module_by_index(self):
        # IDebugSymbols::GetModuleByIndex
        for i in range(self.kdbg.get_number_modules()[0]):
            x = self.kdbg.get_module_by_index(i)
            if x == self.ntkernelbase:
                return
        raise AssertionError("ntoskrnl not found")

    def test_get_module_name_by_index(self):
        # IDebugSymbols::GetModuleNames
        for i in range(self.kdbg.get_number_modules()[0]):
            x = self.kdbg.get_module_name_by_index(i)
            if x[1] == "nt":
                return
        raise AssertionError("ntoskrnl not found")

    def test_symbol_match(self):
        # IDebugSymbols::StartSymbolMatch | IDebugSymbols::GetNextSymbolMatch | IDebugSymbols::EndSymbolMatch
        x = list(self.kdbg.symbol_match("nt!NtCreateF*"))
        self.assertEqual(x[0][0], 'nt!NtCreateFile')
        self.assertEqual(x[0][1], self.NtCreateFileVA)