From f98b8c60bcb1b47f5cdbbbb84c2bd8b56019ab61 Mon Sep 17 00:00:00 2001 From: "SND\\kernelnet_cp" Date: Mon, 7 Oct 2013 09:49:47 +0000 Subject: [PATCH] [0.3.x] branch : nids.py git-svn-id: https://pykd.svn.codeplex.com/svn@85615 9b283d60-5439-405e-af05-b73fd8c4d996 --- pykd-0.3-2010.sln | 1 + snippets/ndis.py | 96 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 snippets/ndis.py diff --git a/pykd-0.3-2010.sln b/pykd-0.3-2010.sln index da00dc8..77fe0d9 100644 --- a/pykd-0.3-2010.sln +++ b/pykd-0.3-2010.sln @@ -57,6 +57,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "snippets", "snippets", "{AA snippets\gdt.py = snippets\gdt.py snippets\help.py = snippets\help.py snippets\iat.py = snippets\iat.py + snippets\ndis.py = snippets\ndis.py snippets\pytowiki.py = snippets\pytowiki.py EndProjectSection EndProject diff --git a/snippets/ndis.py b/snippets/ndis.py new file mode 100644 index 0000000..77eb5df --- /dev/null +++ b/snippets/ndis.py @@ -0,0 +1,96 @@ +# +# +# + +import sys +from pykd import * + + +def printBreakLine(): + + dprintln( "\n" + "="*80 + "\n" ) + + +def printNdisObj(): + + ndis=module("ndis") + + ndisMajorVersion = ptrByte( ndis.NdisGetVersion + 1 ) + ndisMinorVersion = ptrByte( ndis.NdisGetVersion + 3 ) + + mpList = ndis.typedVarList( ndis.ndisMiniportList, "_NDIS_MINIPORT_BLOCK", "NextGlobalMiniport" ) + + printBreakLine() + + for m in mpList: + + dprintln( "Adapter:", True ) + + dprintln( "%s\tNDIS_MINIPORT_BLOCK( %x )" % ( loadUnicodeString(m.pAdapterInstanceName), m.getAddress(), m.getAddress() ), True ) + + if ndisMajorVersion >= 6: + + lwf = m.LowestFilter + + if lwf != 0: + dprintln( "\nLight-Weight Filters:", True ) + + while lwf != 0: + + filt = typedVar( "ndis!_NDIS_FILTER_BLOCK", lwf ) + + dprintln( "%s\tNDIS_FILTER_BLOCK( %x )" % ( loadUnicodeString(filt.FilterFriendlyName), filt.getAddress(), filt.getAddress() ), True ) + + lwf = filt.HigherFilter + + + opn = m.OpenQueue + + if opn != 0: + dprintln( "\nBound protocols:", True ) + + while opn != 0: + + openBlock = typedVar( "ndis!_NDIS_OPEN_BLOCK", opn ) + + proto = typedVar( "ndis!_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle ) + + dprint( "%s \tNDIS_OPEN_BLOCK( %x )" % ( loadUnicodeString( proto.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True ) + dprintln( "\tNDIS_PROTOCOL_BLOCK( %x )" % ( proto.getAddress(), proto.getAddress() ), True ) + + opn = openBlock.MiniportNextOpen + else: + + opn = m.OpenQueue + + if opn != 0: + dprintln( "\nBound protocols:", True ) + + while opn != 0: + + openBlock = typedVar( "ndis!_NDIS_OPEN_BLOCK", opn ) + + proto = typedVar( "ndis!_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle ) + + dprint( "%s \tNDIS_OPEN_BLOCK( %x )" % ( loadUnicodeString( proto.ProtocolCharacteristics.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True ) + dprintln( "\tNDIS_PROTOCOL_BLOCK( %x )" % ( proto.getAddress(), proto.getAddress() ), True ) + + opn = openBlock.MiniportNextOpen + + + printBreakLine() + +def main(): + if not isWindbgExt(): + dprintln( "script is launch out of windbg" ) + quit(0) + + if not isKernelDebugging(): + dprintln( "script for kernel mode only" ) + quit(0) + + printNdisObj() + +if __name__ == "__main__": + main() +