some problems about 32bit process in 64bit system

May 24, 2014 at 3:54 AM
Edited May 24, 2014 at 3:59 AM
Some problems I got

I want to trace 32bit or 64bit process in win7 64bit,
when a exp occurs, how could I know the target process is 32bit or 64bit?

I found following code always gives errors when target process is 32bit and system is 64bit.
class ExceptionHandler(pykd.eventHandler):
      def onException(self, exp):
                print pykd.getCurrentThread()
            except Exception,err1:
                print err1 #print "Call IDebugRegister::GetNumberRegisters failed"

                print pykd.getProcessThreads()
            except Exception,err2:
                print err2 #print "Fatal Python error: PyEval_SaveThread: NULL tstate", and process over
                print pykd.getTargetProcesses()
            except Exception,err3:
                print err3 #print "Fatal Python error: PyEval_SaveThread: NULL tstate", and process over
appreciate if anyone could check it, thanks~
May 26, 2014 at 10:05 AM
Edited May 26, 2014 at 10:06 AM
I suppose, You use pykd 0.3 ?

You can use getCPUMode():
if getCPUMode() == CPUType.I386:
    print "current mode x86"
    print "current mode x64"
Or, you can rely on some heuristic:
def isWow64():
       wow64 = module("wow64")
      return True
   except DbgException:
       return False
getCurrentThread - opened issue:
getProcessThreads - opened issue:
getTargetProcesses - opened issue:

Thank you for your valuable help!!
May 28, 2014 at 8:02 AM
I'v uploaded new build with fixes
May 28, 2014 at 2:24 PM
ok, it works.

btw: pykd API document is somewhat old.
May 28, 2014 at 4:11 PM
I've renewed API reference:

Or, you can always use for help within windbg.

As for user manual for pykd 0.3, it is a very long and sad story.....