Functions

Classes

addSynSymbol

addSynSymbol( (long)arg1, (int)arg2, (str)arg3) -> bool :
Add new synthetic symbol for virtual address

C++ signature :
bool addSynSymbol(unsigned __int64,unsigned long,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

addr64

addr64( (long)arg1) -> int :
Extend address to 64 bits formats ( for x86 )

C++ signature :
unsigned __int64 addr64(unsigned __int64)

attachKernel

attachKernel( (unicode)arg1) -> None :
Attach debugger to a kernel target

C++ signature :
void attachKernel(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >)

attachProcess

attachProcess( (int)arg1) -> None :
Attach debugger to a exsisting process

C++ signature :
void attachProcess(unsigned long)

breakin

breakin() -> None :
Break into debugger

C++ signature :
void breakin()

compareMemory

compareMemory( (long)addr1, (long)addr2, (int)length [, (int)phyAddr]) -> bool :
Compare two memory buffers by virtual or physical addresses

C++ signature :
bool compareMemory(unsigned __int64,unsigned __int64,unsigned long [,unsigned char])

containingRecord

containingRecord( (long)arg1, (str)arg2, (str)arg3, (str)arg4) -> object :
Return instance of the typedVarClass. It's value are loaded from the target memory.The start address is calculated by the same method as standard macro CONTAINING_RECORD

C++ signature :
class boost::python::api::object containingRecord(unsigned __int64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

dbgCommand

dbgCommand( (unicode)arg1) -> str :
Execute debugger command. For example: dbgCommand( "lmvm nt" )

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > dbgCommand(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >)

debuggerPath

debuggerPath() -> str :
Return full path to the process image that uses pykd

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > debuggerPath()

delAllSynSymbols

delAllSynSymbols() -> None :
Delete all synthetic symbol for all modules

C++ signature :
void delAllSynSymbols()

delSynSymbol

delSynSymbol( (long)arg1) -> int :
Delete synthetic symbols by virtual address

C++ signature :
unsigned long delSynSymbol(unsigned __int64)

delSynSymbolsMask

delSynSymbolsMask( (str)arg1, (str)arg2) -> int :
Delete synthetic symbols by mask of module and symbol name

C++ signature :
unsigned long delSynSymbolsMask(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

dprint

dprint( (object)str [, (bool)dml]) -> None :
Print out string. If dml = True string is printed with dml highlighting ( only for windbg )

C++ signature :
void dprint(class boost::python::api::object [,bool])

dprintln

dprintln( (object)str [, (bool)dml]) -> None :
Print out string and insert end of line symbol. If dml = True string is printed with dml highlighting ( only for windbg )

C++ signature :
void dprintln(class boost::python::api::object [,bool])

expr

expr( (str)arg1) -> int :
Evaluate windbg expression

C++ signature :
unsigned __int64 expr(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

findModule

findModule( (long)arg1) -> object :
Return instance of the dbgModuleClass which posseses specified address

C++ signature :
class boost::python::api::object findModule(unsigned __int64)

findSymbol

findSymbol( (long)arg1) -> object :
Return symbol for specified target address if it exists

C++ signature :
class boost::python::api::object findSymbol(unsigned __int64)

getCurrentProcess

getCurrentProcess() -> int :
Return current process (numeric address)

C++ signature :
unsigned __int64 getCurrentProcess()

getCurrentStack

getCurrentStack() -> object :
Return list of dbgStackFrameClass for current stack

C++ signature :
class boost::python::api::object getCurrentStack()

getImplicitThread

getImplicitThread() -> int :
Return implicit thread for current process

C++ signature :
unsigned __int64 getImplicitThread()

getOffset

getOffset( (str)arg1, (str)arg2) -> int :
Return target address for specified symbol

C++ signature :
unsigned __int64 getOffset(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

getPdbFile

getPdbFile( (long)arg1) -> str :
Return full path to PDB (Program DataBase, debug information) file

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > getPdbFile(unsigned __int64)

getProcessorMode

getProcessorMode() -> str :
Return current processor mode as string: X86, ARM, IA64 or X64

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > getProcessorMode()

getProcessorType

getProcessorType() -> str :
Return type of physical processor: X86, ARM, IA64 or X64

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > getProcessorType()

getThreadList

getThreadList() -> object :
Return list of threads (each item is numeric address of thread)

C++ signature :
class boost::python::api::object getThreadList()

go

go() -> None :
Change debugger status to DEBUG_STATUS_GO

C++ signature :
void go()

is64bitSystem

is64bitSystem() -> bool :
Check if target system has 64 address space

C++ signature :
bool is64bitSystem()

isDumpAnalyzing

isDumpAnalyzing() -> bool :
Check if it is a dump analyzing ( not living debuggee )

C++ signature :
bool isDumpAnalyzing()

isKernelDebugging

isKernelDebugging() -> bool :
Check if kernel dubugging is running

C++ signature :
bool isKernelDebugging()

isValid

isValid( (long)arg1) -> bool :
Check if virtual address is valid

C++ signature :
bool isValid(unsigned __int64)

isWindbgExt

isWindbgExt() -> bool :
Check if script works in windbg context

C++ signature :
bool isWindbgExt()

loadAnsiString

loadAnsiString( (long)arg1) -> object :
Return string represention of windows ANSU_STRING type

C++ signature :
class boost::python::api::object loadAnsiString(unsigned __int64)

loadBytes

loadBytes( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of unsigned bytes

C++ signature :
class boost::python::api::object loadBytes(unsigned __int64,unsigned long [,unsigned char])

loadCStr

loadCStr( (long)arg1) -> object :
Load string from the target buffer containing 0-terminated ansi-string

C++ signature :
class boost::python::api::object loadCStr(unsigned __int64)

loadChars

loadChars( (long)address, (int)number [, (int)phyAddr]) -> object :
Load string from the target buffer

C++ signature :
class boost::python::api::object loadChars(unsigned __int64,unsigned long [,unsigned char])

loadDWords

loadDWords( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of unsigned dwords (4-bytes)

C++ signature :
class boost::python::api::object loadDWords(unsigned __int64,unsigned long [,unsigned char])

loadDump

loadDump( (unicode)arg1) -> None :
Load crash dump (only for console)

C++ signature :
void loadDump(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >)

loadLinkedList

loadLinkedList( (long)arg1) -> object :
Return list of instances of the typedVarClass loaded from linked list in the target memory

C++ signature :
class boost::python::api::object loadLinkedList(unsigned __int64)

loadModule

loadModule( (str)arg1) -> object :
Return instance of the dbgModuleClass

C++ signature :
class boost::python::api::object loadModule(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

loadPtrs

loadPtrs( (long)arg1, (int)arg2) -> object :
Return list of pointers

C++ signature :
class boost::python::api::object loadPtrs(unsigned __int64,unsigned long)

loadQWords

loadQWords( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of unsigned qwords (8-butes)

C++ signature :
class boost::python::api::object loadQWords(unsigned __int64,unsigned long [,unsigned char])

loadSignBytes

loadSignBytes( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of signed bytes

C++ signature :
class boost::python::api::object loadSignBytes(unsigned __int64,unsigned long [,unsigned char])

loadSignDWords

loadSignDWords( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of signed dwords (4-bytes)

C++ signature :
class boost::python::api::object loadSignDWords(unsigned __int64,unsigned long [,unsigned char])

loadSignQWords

loadSignQWords( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of signed qwords (8-bytes)

C++ signature :
class boost::python::api::object loadSignQWords(unsigned __int64,unsigned long [,unsigned char])

loadSignWords

loadSignWords( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of signed words (2-bytes)

C++ signature :
class boost::python::api::object loadSignWords(unsigned __int64,unsigned long [,unsigned char])

loadUnicodeString

loadUnicodeString( (long)arg1) -> object :
Return string represention of windows UNICODE_STRING type

C++ signature :
class boost::python::api::object loadUnicodeString(unsigned __int64)

loadWChars

loadWChars( (long)address, (int)number [, (int)phyAddr]) -> object :
Load unicode string from the target buffer

C++ signature :
class boost::python::api::object loadWChars(unsigned __int64,unsigned long [,unsigned char])

loadWStr

loadWStr( (long)arg1) -> object :
Load string from the target buffer containing 0-terminated unicode-string

C++ signature :
class boost::python::api::object loadWStr(unsigned __int64)

loadWords

loadWords( (long)address, (int)number [, (int)phyAddr]) -> object :
Return list of unsigned words (2-bytes )

C++ signature :
class boost::python::api::object loadWords(unsigned __int64,unsigned long [,unsigned char])

locals

locals() -> object :
Return dict of locals variables (each item is typedVarClass)

C++ signature :
class boost::python::api::object locals()

ptrByte

ptrByte( (long)arg1) -> object :
Return 1-byte unsigned value loaded by pointer

C++ signature :
class boost::python::api::object ptrByte(unsigned __int64)

ptrDWord

ptrDWord( (long)arg1) -> object :
Return 4-byte unsigned value loaded by pointer

C++ signature :
class boost::python::api::object ptrDWord(unsigned __int64)

ptrMWord

ptrMWord( (long)arg1) -> int :
Return unsigned machine word ( 4-bytes for x86 and 8-bytes for x64 ) loaded by pointer

C++ signature :
unsigned __int64 ptrMWord(unsigned __int64)

ptrPtr

ptrPtr( (long)arg1) -> int :
Return pointer value loaded by pointer

C++ signature :
unsigned __int64 ptrPtr(unsigned __int64)

ptrQWord

ptrQWord( (long)arg1) -> object :
Return 8-byte unsigned value loaded by pointer

C++ signature :
class boost::python::api::object ptrQWord(unsigned __int64)

ptrSignByte

ptrSignByte( (long)arg1) -> object :
Return 1-byte signed value loaded by pointer

C++ signature :
class boost::python::api::object ptrSignByte(unsigned __int64)

ptrSignDWord

ptrSignDWord( (long)arg1) -> object :
Return 4-byte signed value loaded by pointer

C++ signature :
class boost::python::api::object ptrSignDWord(unsigned __int64)

ptrSignMWord

ptrSignMWord( (long)arg1) -> int :
Return signed machine word ( 4-bytes for x86 and 8-bytes for x64 ) loaded by pointer

C++ signature :
__int64 ptrSignMWord(unsigned __int64)

ptrSignQWord

ptrSignQWord( (long)arg1) -> object :
Return 8-byte signed value loaded by pointer

C++ signature :
class boost::python::api::object ptrSignQWord(unsigned __int64)

ptrSignWord

ptrSignWord( (long)arg1) -> object :
Return 2-byte signed value loaded by pointer

C++ signature :
class boost::python::api::object ptrSignWord(unsigned __int64)

ptrSize

ptrSize() -> int :
Return pointer size ( in bytes )

C++ signature :
int ptrSize()

ptrWord

ptrWord( (long)arg1) -> object :
Return 2-byte unsigned value loaded by pointer

C++ signature :
class boost::python::api::object ptrWord(unsigned __int64)

rdmsr

rdmsr( (int)arg1) -> int :
Return MSR value

C++ signature :
unsigned __int64 rdmsr(unsigned long)

reg

reg( (str)arg1) -> object :
Return CPU's register value

C++ signature :
class boost::python::api::object reg(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

reloadModule

reloadModule( (str)arg1) -> None :
Reload symbols by module name

C++ signature :
void reloadModule(char const * __ptr64)

setCurrentProcess

setCurrentProcess( (long)arg1) -> None :
Set current process by address

C++ signature :
void setCurrentProcess(unsigned __int64)

setImplicitThread

setImplicitThread( (long)arg1) -> None :
Set implicit thread for current process

C++ signature :
void setImplicitThread(unsigned __int64)

setProcessorMode

setProcessorMode( (str)arg1) -> None :
Set current processor mode by string (X86, ARM, IA64 or X64)

C++ signature :
void setProcessorMode(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

sizeof

sizeof( (str)arg1, (str)arg2) -> int :
Return size of type

C++ signature :
unsigned long sizeof(class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

startProcess

startProcess( (unicode)arg1) -> None :
Start process for debugging (only for console)

C++ signature :
void startProcess(class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> >)

step

step() -> None :
Change debugger status to DEBUG_STATUS_STEP_OVER

C++ signature :
void step()

symbolsPath

symbolsPath() -> str :
Return symbol path

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > symbolsPath()

trace

trace() -> None :
Change debugger status to DEBUG_STATUS_STEP_INTO

C++ signature :
void trace()

typedVarArray

typedVarArray( (long)arg1, (str)arg2, (str)arg3, (int)arg4) -> object :
Return list of typedVarClass instances. Each item represents one item of the counted array the target memory

C++ signature :
class boost::python::api::object typedVarArray(unsigned __int64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,long)

typedVarList

typedVarList( (long)arg1, (str)arg2, (str)arg3, (str)arg4) -> object :
Return list of typedVarClass instances. Each item represents one item of the linked list in the target memory

C++ signature :
class boost::python::api::object typedVarList(unsigned __int64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

wrmsr

wrmsr( (int)arg1, (long)arg2) -> None :
Set MSR value

C++ signature :
void wrmsr(unsigned long,unsigned __int64)

BaseException

Pykd base exception class
  • __init__
  • desc

__init__

__init__( (object)arg1, (str)desc) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

desc

desc( (BaseException)arg1) -> str :
Get exception description

C++ signature :
char const * __ptr64 desc(class DbgException {lvalue})

MemoryException

Memory exception class
  • __init__
  • getAddress

__init__

__init__( (object)arg1, (long)targetAddress) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,unsigned __int64)

getAddress

getAddress( (MemoryException)arg1) -> int :
Return target address

C++ signature :
unsigned __int64 getAddress(class MemoryException {lvalue})

TypeException

Type exception class

WaitEventException

Type exception class

bp

Class representing breakpoint
  • __init__
  • __str__
  • remove
  • set

__init__

__init__( (object)arg1, (long)offset, (object)callback) -> None :
Break point: user callback

C++ signature :
void __init__(struct _object * __ptr64,unsigned __int64,class boost::python::api::object {lvalue})

__init__( (object)arg1, (long)offset) -> None :
Break point constructor: always break

C++ signature :
void __init__(struct _object * __ptr64,unsigned __int64)

__str__

__str__( (bp)arg1) -> str :
Return a nice string represention of the breakpoint class

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __str__(class dbgBreakpointClass {lvalue})

remove

remove( (bp)arg1) -> None :
Remove a breakpoint set before

C++ signature :
void remove(class dbgBreakpointClass {lvalue})

set

set( (bp)arg1) -> bool :
Set a breakpoint at the specified address

C++ signature :
bool set(class dbgBreakpointClass {lvalue})

cpuReg

CPU regsiter class
  • __init__
  • beLive
  • index
  • name

__init__

__init__( (object)arg1, (str)name) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

__init__( (object)arg1, (int)index) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,unsigned long)

beLive

beLive( (cpuReg)arg1) -> None :
Turn the object to live: its value will be following the target register value

C++ signature :
void beLive(class cpuReg {lvalue})

index

index( (cpuReg)arg1) -> int :
The index of thr register

C++ signature :
unsigned long index(class cpuReg {lvalue})

name

name( (cpuReg)arg1) -> str :
The name of the regsiter

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > name(class cpuReg {lvalue})

dbgModuleClass

Class representing module in the target memory
  • __getattr__
  • __init__
  • __str__
  • addSynSymbol
  • begin
  • checksum
  • contain
  • delAllSynSymbols
  • delSynSymbol
  • delSynSymbolsMask
  • end
  • image
  • name
  • pdb
  • size
  • timestamp

__getattr__

__getattr__( (dbgModuleClass)arg1, (str)arg2) -> int :
Return address of the symbol

C++ signature :
unsigned __int64 __getattr__(class dbgModuleClass {lvalue},class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

__str__

__str__( (dbgModuleClass)arg1) -> str :
Return a nice string represention of the dbgModuleClass

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __str__(class dbgModuleClass {lvalue})

addSynSymbol

addSynSymbol( (dbgModuleClass)arg1, (long)arg2, (int)arg3, (str)arg4) -> bool :
Add synthetic symbol for the module

C++ signature :
bool addSynSymbol(class dbgModuleClass {lvalue},unsigned __int64,unsigned long,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

begin

begin( (dbgModuleClass)arg1) -> int :
Return start address of the module

C++ signature :
unsigned __int64 begin(class dbgModuleClass {lvalue})

checksum

checksum( (dbgModuleClass)arg1) -> int :
Return checksum of the module ( from PE header )

C++ signature :
unsigned long checksum(class dbgModuleClass {lvalue})

contain

contain( (dbgModuleClass)arg1, (long)arg2) -> bool :
Check if the address belongs to the module

C++ signature :
bool contain(class dbgModuleClass {lvalue},unsigned __int64)

delAllSynSymbols

delAllSynSymbols( (dbgModuleClass)arg1) -> None :
Remove all synthetic symbols for the module

C++ signature :
void delAllSynSymbols(class dbgModuleClass {lvalue})

delSynSymbol

delSynSymbol( (dbgModuleClass)arg1, (long)arg2) -> int :
Remove specified synthetic symbol for the module

C++ signature :
unsigned long delSynSymbol(class dbgModuleClass {lvalue},unsigned __int64)

delSynSymbolsMask

delSynSymbolsMask( (dbgModuleClass)arg1, (str)arg2) -> int :

C++ signature :
unsigned long delSynSymbolsMask(class dbgModuleClass {lvalue},class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

end

end( (dbgModuleClass)arg1) -> int :
Return end address of the module

C++ signature :
unsigned __int64 end(class dbgModuleClass {lvalue})

image

image( (dbgModuleClass)arg1) -> unicode :
Return the full path to the module's image file

C++ signature :
class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > image(class dbgModuleClass {lvalue})

name

name( (dbgModuleClass)arg1) -> str :
Return name of the module

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > name(class dbgModuleClass {lvalue})

pdb

pdb( (dbgModuleClass)arg1) -> unicode :
Return the full path to the module's pdb file ( symbol information )

C++ signature :
class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > pdb(class dbgModuleClass {lvalue})

size

size( (dbgModuleClass)arg1) -> int :
Return size of the module

C++ signature :
unsigned long size(class dbgModuleClass {lvalue})

timestamp

timestamp( (dbgModuleClass)arg1) -> int :
Return timestamp of the module ( from PE header )

C++ signature :
unsigned long timestamp(class dbgModuleClass {lvalue})

dbgStackFrameClass

Class representing a frame of the call satck
  • __init__
  • __str__

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

__str__

__str__( (dbgStackFrameClass)arg1) -> str :
Return a nice string represention of the dbgStackFrameClass

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __str__(class dbgStackFrameClass {lvalue})

debugEvent

Base class for debug events handlers
  • __init__
  • onBreakpoint
  • onException
  • onLoadModule
  • onUnloadModule

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

onBreakpoint

onBreakpoint( (debugEvent)arg1, (dict)arg2) -> int :
Triggered breakpoint event. Parameter is dict:
{"Id":int, "BreakType":int, "ProcType":int, "Flags":int, "Offset":int, "Size":int, "AccessType":int, "PassCount":int, "CurrentPassCount":int, "MatchThreadId":int, "Command":str, "OffsetExpression":str}
Detailed information: http://msdn.microsoft.com/en-us/library/ff539284(VS.85).aspx
For ignore event method must return DEBUG_STATUS_NO_CHANGE value

C++ signature :
unsigned long onBreakpoint(class debugEventWrap {lvalue},class boost::python::dict {lvalue})

onException

onException( (debugEvent)arg1, (dict)arg2) -> int :
Exception event. Parameter is dict:
{"Code":int, "Flags":int, "Record":int, "Address":int, "Parameters":[int], "FirstChance":bool}
Detailed information: http://msdn.microsoft.com/en-us/library/aa363082(VS.85).aspx
For ignore event method must return DEBUG_STATUS_NO_CHANGE value

C++ signature :
unsigned long onException(class debugEventWrap {lvalue},class boost::python::dict {lvalue})

onLoadModule

onLoadModule( (debugEvent)arg1, (dbgModuleClass)arg2) -> int :
Load module event. Parameter is instance of dbgModuleClass.
For ignore event method must return DEBUG_STATUS_NO_CHANGE value

C++ signature :
unsigned long onLoadModule(class debugEventWrap {lvalue},class dbgModuleClass)

onUnloadModule

onUnloadModule( (debugEvent)arg1, (dbgModuleClass)arg2) -> int :
Unload module event. Parameter is instance of dbgModuleClass.
For ignore event method must return DEBUG_STATUS_NO_CHANGE value

C++ signature :
unsigned long onUnloadModule(class debugEventWrap {lvalue},class dbgModuleClass)

disasm

Class disassemble a processor instructions
  • __init__
  • asm
  • begin
  • current
  • disasm
  • ea
  • instruction
  • length
  • reset

__init__

__init__( (object)arg1) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64)

__init__( (object)arg1, (long)offset) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,unsigned __int64)

asm

asm( (disasm)arg1, (str)arg2) -> str :
Insert assemblied instuction to current offset

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > asm(class disasm {lvalue},class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

begin

begin( (disasm)arg1) -> int :
Return begin offset

C++ signature :
unsigned __int64 begin(class disasm {lvalue})

current

current( (disasm)arg1) -> int :
Return current offset

C++ signature :
unsigned __int64 current(class disasm {lvalue})

disasm

disasm( (disasm)arg1) -> str :
Disassemble next instruction

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > disasm(class disasm {lvalue})

ea

ea( (disasm)arg1) -> int :
Return effective address for last disassembled instruction or 0

C++ signature :
unsigned __int64 ea(class disasm {lvalue})

instruction

instruction( (disasm)arg1) -> str :
Returm current disassembled instruction

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > instruction(class disasm {lvalue})

length

length( (disasm)arg1) -> int :
Return current instruction length

C++ signature :
unsigned long length(class disasm {lvalue})

reset

reset( (disasm)arg1) -> str :
Reset current offset to begin

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > reset(class disasm {lvalue})

ext

windbg extension wrapper
  • __init__
  • __str__
  • call

__init__

__init__( (object)arg1, (str)path) -> None :
__init__ dbgExtensionClass

C++ signature :
void __init__(struct _object * __ptr64,char const * __ptr64)

__str__

__str__( (ext)arg1) -> str :
Return a nice string represention of the dbgExtensionClass

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __str__(class dbgExtensionClass {lvalue})

call

call( (ext)arg1, (str)arg2, (str)arg3) -> str :
Call extension command

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > call(class dbgExtensionClass {lvalue},class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

intBase

intBase
  • __add__
  • __and__
  • __div__
  • __eq__
  • __ge__
  • __gt__
  • __hex__
  • __iadd__
  • __iand__
  • __idiv__
  • __ilshift__
  • __imod__
  • __imul__
  • __init__
  • __int__
  • __invert__
  • __ior__
  • __irshift__
  • __isub__
  • __ixor__
  • __le__
  • __lshift__
  • __lt__
  • __mod__
  • __mul__
  • __ne__
  • __nonzero__
  • __or__
  • __radd__
  • __rand__
  • __rdiv__
  • __rmod__
  • __rmul__
  • __ror__
  • __rshift__
  • __rsub__
  • __rxor__
  • __str__
  • __sub__
  • __xor__
  • value

__add__

__add__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __add__(class intBase {lvalue},long)

__add__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __add__(class intBase {lvalue},class intBase)

__and__

__and__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __and__(class intBase {lvalue},long)

__and__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __and__(class intBase {lvalue},class intBase)

__div__

__div__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __div__(class intBase {lvalue},long)

__div__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __div__(class intBase {lvalue},class intBase)

__eq__

__eq__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __eq__(class intBase {lvalue},long)

__eq__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __eq__(class intBase {lvalue},class intBase)

__ge__

__ge__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ge__(class intBase {lvalue},long)

__ge__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ge__(class intBase {lvalue},class intBase)

__gt__

__gt__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __gt__(class intBase {lvalue},long)

__gt__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __gt__(class intBase {lvalue},class intBase)

__hex__

__hex__( (intBase)arg1) -> str :

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __hex__(class intBase {lvalue})

__iadd__

__iadd__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __iadd__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__iadd__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __iadd__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__iand__

__iand__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __iand__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__iand__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __iand__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__idiv__

__idiv__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __idiv__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__idiv__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __idiv__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__ilshift__

__ilshift__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ilshift__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__imod__

__imod__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __imod__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__imod__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __imod__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__imul__

__imul__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __imul__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__imul__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __imul__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

__init__( (object)arg1, (long)value) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,unsigned __int64)

__int__

__int__( (intBase)arg1) -> object :

C++ signature :
struct _object * __ptr64 __int__(class intBase {lvalue})

__invert__

__invert__( (intBase)arg1) -> object :

C++ signature :
struct _object * __ptr64 __invert__(class intBase {lvalue})

__ior__

__ior__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ior__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__ior__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ior__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__irshift__

__irshift__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __irshift__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__isub__

__isub__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __isub__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__isub__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __isub__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__ixor__

__ixor__( (object)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ixor__(struct boost::python::back_reference<class intBase & __ptr64>,long)

__ixor__( (object)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ixor__(struct boost::python::back_reference<class intBase & __ptr64>,class intBase)

__le__

__le__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __le__(class intBase {lvalue},long)

__le__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __le__(class intBase {lvalue},class intBase)

__lshift__

__lshift__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __lshift__(class intBase {lvalue},long)

__lt__

__lt__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __lt__(class intBase {lvalue},long)

__lt__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __lt__(class intBase {lvalue},class intBase)

__mod__

__mod__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __mod__(class intBase {lvalue},long)

__mod__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __mod__(class intBase {lvalue},class intBase)

__mul__

__mul__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __mul__(class intBase {lvalue},long)

__mul__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __mul__(class intBase {lvalue},class intBase)

__ne__

__ne__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ne__(class intBase {lvalue},long)

__ne__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ne__(class intBase {lvalue},class intBase)

__nonzero__

__nonzero__( (intBase)arg1) -> object :

C++ signature :
struct _object * __ptr64 __nonzero__(class intBase {lvalue})

__or__

__or__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __or__(class intBase {lvalue},long)

__or__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __or__(class intBase {lvalue},class intBase)

__radd__

__radd__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __radd__(class intBase {lvalue},long)

__rand__

__rand__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __rand__(class intBase {lvalue},long)

__rdiv__

__rdiv__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __rdiv__(class intBase {lvalue},long)

__rmod__

__rmod__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __rmod__(class intBase {lvalue},long)

__rmul__

__rmul__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __rmul__(class intBase {lvalue},long)

__ror__

__ror__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __ror__(class intBase {lvalue},long)

__rshift__

__rshift__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __rshift__(class intBase {lvalue},long)

__rsub__

__rsub__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __rsub__(class intBase {lvalue},long)

__rxor__

__rxor__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __rxor__(class intBase {lvalue},long)

__str__

__str__( (intBase)arg1) -> str :

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __str__(class intBase {lvalue})

__sub__

__sub__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __sub__(class intBase {lvalue},long)

__sub__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __sub__(class intBase {lvalue},class intBase)

__xor__

__xor__( (intBase)arg1, (int)arg2) -> object :

C++ signature :
struct _object * __ptr64 __xor__(class intBase {lvalue},long)

__xor__( (intBase)arg1, (intBase)arg2) -> object :

C++ signature :
struct _object * __ptr64 __xor__(class intBase {lvalue},class intBase)

value

value( (intBase)arg1) -> int :

C++ signature :
unsigned __int64 value(class intBase {lvalue})

typeInfo

Class representing non-primitive type info: structure, union, etc. attributes is a fields of non-primitive type
  • __getattr__
  • __getitem__
  • __init__
  • __len__
  • __str__
  • append
  • load
  • name
  • offset
  • setAlignReq
  • size

__getattr__

__getattr__( (typeInfo)arg1, (str)arg2) -> typeInfo :

C++ signature :
class TypeInfo __getattr__(class TypeInfo {lvalue},class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

__getitem__

__getitem__( (typeInfo)arg1, (object)arg2) -> object :

C++ signature :
class boost::python::api::object __getitem__(class TypeInfo {lvalue},class boost::python::api::object {lvalue})

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

__init__( (object)arg1, (str)module, (str)type) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

__init__( (object)arg1, (str)typeName) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

__init__( (object)arg1, (str)typeName, (int)align) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,unsigned long)

__len__

__len__( (typeInfo)arg1) -> int :

C++ signature :
unsigned __int64 __len__(class TypeInfo {lvalue})

__str__

__str__( (typeInfo)arg1) -> str :
Return a nice string represention: print names and offsets of fields

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __str__(class TypeInfo {lvalue})

append

append( (typeInfo)arg1, (typeInfo)type, (str)fieldName [, (int)count]) -> None :
add new field for typeInfo

C++ signature :
void append(class TypeInfo {lvalue},class TypeInfo,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > [,unsigned long])

load

load( (typeInfo)arg1, (long)offset [, (int)count]) -> object :
Create instance of the typedVar class with this typeInfo

C++ signature :
class boost::python::api::object load(class TypeInfo {lvalue},unsigned __int64 [,unsigned long])

name

name( (typeInfo)arg1) -> str :
Return type's name

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > name(class TypeInfo {lvalue})

offset

offset( (typeInfo)arg1) -> int :
Return offset while type is part of the more complex type

C++ signature :
unsigned long offset(class TypeInfo {lvalue})

setAlignReq

setAlignReq( (typeInfo)arg1, (int)arg2) -> None :
Set alignment requirement

C++ signature :
void setAlignReq(class TypeInfo {lvalue},unsigned long)

size

size( (typeInfo)arg1) -> int :
Return full size of non-primitive type

C++ signature :
unsigned long size(class TypeInfo {lvalue})

typedVar

Class of non-primitive type object, child class of typeClass. Data from target is copied into object instance
  • __getattr__
  • __init__
  • __str__
  • data
  • getAddress
  • sizeof

__getattr__

__getattr__( (object)arg1, (str)arg2) -> object :
Return field of structure as an object attribute

C++ signature :
class boost::python::api::object __getattr__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

__init__( (object)arg1, (typeInfo)typeInfo, (long)address) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class TypeInfo,unsigned __int64)

__init__( (object)arg1, (str)moduleName, (str)typeName, (long)address) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,unsigned __int64)

__init__( (object)arg1, (long)address) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,unsigned __int64)

__init__( (object)arg1, (str)symbolName) -> None :
constructor

C++ signature :
void __init__(struct _object * __ptr64,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)

__str__

__str__( (typedVar)arg1) -> str :
Return a nice string represention: print names and offsets of fields

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __str__(class TypedVar {lvalue})

data

data( (typedVar)arg1) -> str :
Return raw string object with data stream

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > data(class TypedVar {lvalue})

getAddress

getAddress( (typedVar)arg1) -> int :
Return virtual address

C++ signature :
unsigned __int64 getAddress(class TypedVar {lvalue})

sizeof

sizeof( (typedVar)arg1) -> int :
Return size of a variable in the target memory

C++ signature :
unsigned long sizeof(class TypedVar {lvalue})

windbgIn

windbgIn
  • __init__
  • readline

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

readline

readline( (windbgIn)arg1) -> str :

C++ signature :
class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > readline(class dbgIn {lvalue})

windbgOut

windbgOut
  • __init__
  • write

__init__

__init__( (object)arg1) -> None :

C++ signature :
void __init__(struct _object * __ptr64)

write

write( (windbgOut)arg1, (object)arg2) -> None :

C++ signature :
void write(class dbgOut {lvalue},class boost::python::api::object)

Last edited Oct 10, 2011 at 6:47 AM by kernelnet, version 7

Comments

No comments yet.