can I debug python script?

May 9, 2014 at 6:00 PM
Hi,

I'm new to PYKD as well as Python. I wanted to check if I can debug my python script in windbg?
Like pdb

Any help would be appreciated.

Thanks,
Vahid
Coordinator
May 12, 2014 at 9:11 AM
Edited May 12, 2014 at 9:11 AM
Of course you can.

1) You can use pdb with windbg:
kd> !py pdb C:\\temp\\sample.py "hello"
> c:\temp\sample.py(1)<module>()
-> import sys
(Pdb) s
> c:\temp\sample.py(3)<module>()
-> a = sys.argv[0]
(Pdb) s
> c:\temp\sample.py(5)<module>()
-> print s
(Pdb) pp a
'C:\\\\temp\\\\sample.py'
(Pdb) c
Traceback (most recent call last):
  File "C:\Python26\x64\Lib\pdb.py", line 1296, in main
    pdb._runscript(mainpyfile)
  File "C:\Python26\x64\Lib\pdb.py", line 1215, in _runscript
    self.run(statement)
  File "C:\Python26\x64\Lib\bdb.py", line 372, in run
    exec cmd in globals, locals
  File "<string>", line 1, in <module>
  File "C:\temp\sample.py", line 5, in <module>
    print s
NameError: name 's' is not defined
Uncaught exception. Entering post mortem debugging
Running 'cont' or 'step' will restart the program
> c:\temp\sample.py(5)<module>()
-> print s
(Pdb) 
Here is sample or pdb using inside windbg.
Note:
I use full path to script with escape symbols: C:\temp\sample.py
If you has installed readyline or pyreadyline it can follow to error.
2) You can use interactive console ( !pycmd for 0.2.x version and !py without args for 0.3.x version ) for checking your idea and then copy/paste commands for a stand alone script.
3) You can use any python debugger ( for example VisualStudio + PyTools ).
First of all create memory dump from your live debug session:
.dump /f  dumpname.dmp
Then add one string to begin of your python program:
loadDump(r"dumpname.dmp")
Now you can debug it with any python debugger.

I hope It helps
May 16, 2014 at 8:48 PM
Thanks for help. It really helped to debug the commands.

I wanted to check you on one more thing.
here is scenario:

I have my driver, and I know specific structure in the driver. e.g.

Driver is ABC.SYS and structure is XYZ

generally I can get all the info and values from windbg in following way:
dt ABC!XYZ -r
and this will dump all the values recursively.
I want to do same thing using py script, which API's I need to use for the same.

Thanks,
Vahid
Coordinator
May 19, 2014 at 5:59 AM
Working with typed information - it is main powerful feature of the pykd. There is a special class - 'typedVar' which exposes working with typed variable in "C style".

For example:

let MY_TYPE is structure with declaration:
struct MY_TYPE {
   int       a;
   char*   b;
   long    arr[10];
};
This is a representation by pykd:
var = typedVar( "MY_TYPE", address )

#you can work with field as in C code
print var.a + 10
print var.arr[0] + var.arr[2] + var.arr[3]
print loadCStr( var.b )
If you has installed full version, you can look through samples for working with typedVar. Simply type in the windbg '!py samples'
May 20, 2014 at 11:29 PM
Thanks again.

I have one feature request. Can you add support for reading registry either on live target machine or from the dumps.
the way we do on dumps in windbg is:

!reg q \REGISTRY\MACHINE\SYSTEM\Platform

so if we can get API to registry it would be great.

or If I need to implemented it can I get pointers?

Thanks,
Vahid
Coordinator
May 21, 2014 at 6:03 AM
It is not a subject for pykd. But we can write a script using pykd for reading registry. But it is not so easy and I have no time now for this task. But If you will develop such script I can include it to pykd snippet's set.

The simple way:
queryResult = pykd.dbgCommand( r"!reg q \REGISTRY\MACHINE\SYSTEM\Platform" )  # get output from !reg command
callParseProc( queryResult ) #parse output and get values from text
The hard way is reproduce functionality of the "!reg" command in python. It is possible ( for example we can reverse code by hexray )

Good luck!