10
def getServiceAddrWlh(Start, Offset):
11
return Start + (Offset >> 4)
13
def getServiceAddr2k3(Start, Offset):
14
return Start + (Offset & ~0xf)
16
if (ptrWord(nt.NtBuildNumber) == 3790):
17
getServiceAddr = getServiceAddr2k3
19
getServiceAddr = getServiceAddrWlh
21
serviceTableHeader = loadQWords( nt.KeServiceDescriptorTable, 4 )
22
serviceTableStart = serviceTableHeader[0]
23
serviceCount = serviceTableHeader[2]
25
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
27
serviceTable = loadSignDWords( serviceTableStart, serviceCount )
29
for i in range( serviceCount ):
30
routineAddress = getServiceAddr(serviceTableStart, serviceTable[i]);
31
dprintln( "[%u] %s (%x)" % (i, findSymbol( routineAddress ), routineAddress) )
35
serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
36
serviceTableStart = serviceTableHeader[0]
37
serviceCount = serviceTableHeader[2]
39
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
41
serviceTable = loadPtrs( serviceTableStart, serviceCount )
43
for i in range( 0, serviceCount ):
44
dprintln( "[%u] " % i + findSymbol( serviceTable[i] ) )
51
if not loadDump( sys.argv[1] ):
52
dprintln( sys.argv[1] + " - load failed" )
55
if not isKernelDebugging():
56
dprintln( "not a kernel debugging" )
65
if __name__ == "__main__":