some problems about 32bit process in 64bit system

May 24, 2014 at 3:54 AM
Edited May 24, 2014 at 3:59 AM
Some problems I got

1.
I want to trace 32bit or 64bit process in win7 64bit,
when a exp occurs, how could I know the target process is 32bit or 64bit?

2.
I found following code always gives errors when target process is 32bit and system is 64bit.
class ExceptionHandler(pykd.eventHandler):
      def onException(self, exp):
            try:
                print pykd.getCurrentThread()
            except Exception,err1:
                print err1 #print "Call IDebugRegister::GetNumberRegisters failed"

            try:
                print pykd.getProcessThreads()
            except Exception,err2:
                print err2 #print "Fatal Python error: PyEval_SaveThread: NULL tstate", and process over
            
            try:
                print pykd.getTargetProcesses()
            except Exception,err3:
                print err3 #print "Fatal Python error: PyEval_SaveThread: NULL tstate", and process over
appreciate if anyone could check it, thanks~
Coordinator
May 26, 2014 at 10:05 AM
Edited May 26, 2014 at 10:06 AM
I suppose, You use pykd 0.3 ?

1.
You can use getCPUMode():
if getCPUMode() == CPUType.I386:
    print "current mode x86"
else:
    print "current mode x64"
Or, you can rely on some heuristic:
def isWow64():
   try:
       wow64 = module("wow64")
      return True
   except DbgException:
       return False
2.
getCurrentThread - opened issue: https://pykd.codeplex.com/workitem/13041
getProcessThreads - opened issue: https://pykd.codeplex.com/workitem/13042
getTargetProcesses - opened issue: https://pykd.codeplex.com/workitem/13043

Thank you for your valuable help!!
Coordinator
May 28, 2014 at 8:02 AM
I'v uploaded new build https://pykd.codeplex.com/releases/view/122762 with fixes
May 28, 2014 at 2:24 PM
ok, it works.

btw: pykd API document is somewhat old.
Coordinator
May 28, 2014 at 4:11 PM
I've renewed API reference:
https://pykd.codeplex.com/wikipage?title=PYKD%200.3.%20API%20Reference&referringTitle=Documentation

Or, you can always use help.py for help within windbg.

As for user manual for pykd 0.3, it is a very long and sad story.....