问题
In WinDbg, I have several options to define a number
0:006> ? 17
Evaluate expression: 23 = 00000017
0:006> ? 0x17
Evaluate expression: 23 = 00000017
0:006> ? 0n23
Evaluate expression: 23 = 00000017
0:006> ? ntdll
Evaluate expression: 2004549632 = 777b0000
0:006> ? ntdll+100
Evaluate expression: 2004549888 = 777b0100
0:006> ? ntdll!NtCreateThreadEx
Evaluate expression: 2005018944 = 77822940
0:006> ? 0t755
Evaluate expression: 493 = 000001ed
0:006> ? 0y1111
Evaluate expression: 15 = 0000000f
I am looking for the PyKD equivalent to use all these possibilities as an input for my script.
That is: I get a string in sys.argv[1] which could be in any of the above mentioned formats and I need to convert it into an address that PyKD can understand.
I have tried:
from pykd import *
address = addr64(sys.argv[1])
回答1:
The PyKd command is expr().
expr( (str)expression [, (bool)cplusplus]) -> object :
Evaluate windbg expression
The command will even consider the number base that has been set in WinDbg using the n command.
To simulate WinDbg's ? behavior, you can use
print("Evaluate expression:", expr(sys.argv[1]), "=", hex(expr(sys.argv[1])), sep=" ")
来源:https://stackoverflow.com/questions/60996915/convert-address-into-a-number-that-pykd-can-work-with-equivalent-of-the-windbg