pykd

Convert address into a number that PyKD can work with / equivalent of the WinDbg ? command

こ雲淡風輕ζ 提交于 2021-01-29 21:30:32
问题 In WinDbg, I have several options to define a number 0:006> ? 17 Evaluate expression: 23 = 00000017 0:006> ? 0x17 Evaluate expression: 23 = 00000017 0:006> ? 0n23 Evaluate expression: 23 = 00000017 0:006> ? ntdll Evaluate expression: 2004549632 = 777b0000 0:006> ? ntdll+100 Evaluate expression: 2004549888 = 777b0100 0:006> ? ntdll!NtCreateThreadEx Evaluate expression: 2005018944 = 77822940 0:006> ? 0t755 Evaluate expression: 493 = 000001ed 0:006> ? 0y1111 Evaluate expression: 15 = 0000000f I

Why do I get a “symbol not found” for a found symbol in Pykd?

帅比萌擦擦* 提交于 2019-12-09 03:46:40
问题 I'm working on a dump, which I try to investigate, using PYKD technology. The result of the x /2 *!*``vtable' (just one backtick) contains the following result: 745293b8 mfc110u!CPtrList::`vftable' However, when I try to get more information about this class, I get a "symbol not found" exception: Python source code: dprintln("name=[%s]" % type_stats.name) if not type_stats.name in typesize_by_type: try: type_info = typeInfo(type_stats.name) except Exception, e: dprintln("text=[%s]" % (str(e))

How to avoid the DbgCommand command being written to the logfile

≯℡__Kan透↙ 提交于 2019-12-01 21:59:12
问题 I'm having an annoying issue with Pykd.pyd : I'm using it in a script, launching several DbgCommand functions, like: DbgCommand("dt 0x000000eab8748430 CMap<int,int,CUIntArray *,CUIntArray *> m_nCount") This for getting the size of the CMap object. As this is done in a script, using lots and lots of objects, I am using logfiles in Windbg (menu edit , Open/Close Log File ), and here's the catch: When looking at this in Windbg window, I only see the results of the DbgCommand calls, but in the

How to avoid the DbgCommand command being written to the logfile

孤者浪人 提交于 2019-12-01 20:38:32
I'm having an annoying issue with Pykd.pyd : I'm using it in a script, launching several DbgCommand functions, like: DbgCommand("dt 0x000000eab8748430 CMap<int,int,CUIntArray *,CUIntArray *> m_nCount") This for getting the size of the CMap object. As this is done in a script, using lots and lots of objects, I am using logfiles in Windbg (menu edit , Open/Close Log File ), and here's the catch: When looking at this in Windbg window, I only see the results of the DbgCommand calls, but in the logfile I see the command itself too: Windbg window: 000000eab87488f0 CMap<int,int,CUIntArray *
订阅 pykd