pykd

Форк
0
/
wfp.py 
173 строки · 7.1 Кб
1

2
import sys
3
import re
4

5
from pykd import *
6

7
fwpsLayer = dict( [ (long(val), key) for key, val in typeInfo( "FWPS_BUILTIN_LAYERS_" ).fields() ] )
8
fwpsDataType = dict( [ (long(val), key)  for key, val in typeInfo( "FWP_DATA_TYPE_" ).fields() ] )
9
fwpDirection = dict( [ (long(val), key) for key, val in typeInfo( "FWP_DIRECTION_" ).fields() ] )
10

11
def printBlob( blob ):
12
    bb = loadBytes( blob.data, blob.size )
13
    str = "\n"
14

15
    i = 0
16
    for b in bb:
17
        str += " %02x" % b  
18
        i = ( i + 1 ) % 16
19
        if i == 0: str += "\n"
20
    str += "\n"
21

22
    str += "As string: " + loadWStr(blob.data )
23
    str += "\n"  
24

25
    return str
26

27
def printArray16( array16 ):
28
    return " ".join( [ "%02x"%v for v in array16.byteArray16 ] )
29

30
def printFwpsValue( value ):
31
    return { 
32
        "FWP_UINT8"  : lambda : "%#x" % value.uint8,
33
        "FWP_UINT16" : lambda : "%#x" % value.uint16,
34
        "FWP_UINT32" : lambda : "%#x" % value.uint32,
35
        "FWP_UINT64" : lambda : "%#x" % value.uint64.deref(),
36
        "FWP_INT8"   : lambda : "%#x" % value.int8,
37
        "FWP_INT16"  : lambda : "%#x" % value.int16,
38
        "FWP_INT32"  : lambda : "%#x" % value.int32,
39
        "FWP_INT64"  : lambda : "%#x" % value.int64.deref(),
40
        "FWP_BYTE_BLOB_TYPE" : lambda : printBlob( value.byteBlob.deref() ),
41
        "FWP_BYTE_ARRAY16_TYPE" : lambda : printArray16( value.byteArray16.deref() )
42

43
    }.get( fwpsDataType[ value.field("type") ], lambda : "---" )()
44

45
def wfpFixedValues( addr ):
46
  
47
    dprintln( "FWPS_INCOMING_VALUES0:" )
48

49
    inFixedValue = typedVar( "FWPS_INCOMING_VALUES0_", addr )
50
    
51
    dprintln( " Layer: " + fwpsLayer[ inFixedValue.layerId ] )
52
    dprintln( " Value: %d" % inFixedValue.valueCount )
53

54
    values = [ x.value for x in typedVarArray( int(inFixedValue.incomingValue), "FWPS_INCOMING_VALUE0_", inFixedValue.valueCount ) ]
55

56
    layerName = fwpsLayer[ inFixedValue.layerId ]
57

58
    discardRe = re.compile( '_DISCARD' )
59
    layerName = discardRe.sub( '', layerName, 1 )
60

61
    layerRe = re.compile( 'LAYER' )
62
    fwpsFields = typeInfo( layerRe.sub( 'FIELDS', layerName, 1 ) + '_' ).fields()
63

64
    for i in xrange( min(len(fwpsFields),len(values)) ):
65
        dprintln( "    " + fwpsFields[i][0] )
66
        dprintln( "      Type: " + fwpsDataType[ values[i].field("type") ] )
67
        dprintln( "      Value: " +  printFwpsValue( values[i] )  )
68

69
def printDiscardReason( discardReason ):
70
    return ""
71

72
def printBlobAsStr( blob ):
73
    return loadWChars( blob.data, blob.size )
74

75
def printFwpsMetaValue( valueIndex, inMetaValues ):
76

77
   return {
78
        0x00000001 : lambda x: printDiscardReason( x.discardMetadata ),
79
        0x00000002 : lambda x: "%#x" % inMetaValues.flowHandle,
80
        0x00000004 : lambda x: "%#x" % inMetaValues.ipHeaderSize,
81
        0x00000008 : lambda x: printBlobAsStr( x.processPath.deref() ),
82
        0x00000010 : lambda x: "%#lx" % inMetaValues.token,
83
        0x00000020 : lambda x: "%#lx" % inMetaValues.processId,
84
        0x00000040 : lambda x: "%#x" % inMetaValues.flags,
85
        0x00000080 : lambda x: "%#lx" % inMetaValues.reserved,
86
        0x00000100 : lambda x: "%#x" % inMetaValues.sourceInterfaceIndex,
87
        0x00000200 : lambda x: "%#x" % inMetaValues.destinationInterfaceIndex,
88
        0x00000400 : lambda x: "%#x" % inMetaValues.transportHeaderSize,
89
        0x00000800 : lambda x: "%#x" % inMetaValues.compartmentId,
90
        0x00001000 : lambda x: "id: %x  offset: %x  length: %x" % ( x.fragmentMetadata.fragmentIdentification, x.fragmentMetadata.fragmentOffset, x.fragmentMetadata.fragmentLength ),
91
        0x00002000 : lambda x: "%#x" % x.pathMtu,
92
        0x00004000 : lambda x: "%#lx" % x.completionHandle,
93
        0x00008000 : lambda x: "%#lx" % x.transportEndpointHandle,
94
        0x00010000 : lambda x: "Data: %#lx, Length: %#x" % ( x.controlData, x.controlDataLength ),
95
        0x00020000 : lambda x: "Zone: %d Level: %d" % ( x.remoteScopeId.Zone, x.remoteScopeId.Level ),
96
        0x00040000 : lambda x: fwpDirection[ x.packetDirection ],
97
    }.get( valueIndex, lambda x: "" )( inMetaValues )
98

99

100
def wfpMetaValues( addr ):
101

102
    dprintln( "FWPS_INCOMING_METADATA_VALUES0:" )
103

104
    fwpsMetadataFields = {
105
        0x00000001 : "FWPS_METADATA_FIELD_DISCARD_REASON",
106
        0x00000002 : "FWPS_METADATA_FIELD_FLOW_HANDLE",
107
        0x00000004 : "FWPS_METADATA_FIELD_IP_HEADER_SIZE",
108
        0x00000008 : "FWPS_METADATA_FIELD_PROCESS_PATH",
109
        0x00000010 : "FWPS_METADATA_FIELD_TOKEN",
110
        0x00000020 : "FWPS_METADATA_FIELD_PROCESS_ID",
111
        0x00000040 : "FWPS_METADATA_FIELD_SYSTEM_FLAGS",
112
        0x00000080 : "FWPS_METADATA_FIELD_RESERVED",
113
        0x00000100 : "FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX",
114
        0x00000200 : "FWPS_METADATA_FIELD_DESTINATION_INTERFACE_INDEX",
115
        0x00000400 : "FWPS_METADATA_FIELD_TRANSPORT_HEADER_SIZE",
116
        0x00000800 : "FWPS_METADATA_FIELD_COMPARTMENT_ID",
117
        0x00001000 : "FWPS_METADATA_FIELD_FRAGMENT_DATA",
118
        0x00002000 : "FWPS_METADATA_FIELD_PATH_MTU",
119
        0x00004000 : "FWPS_METADATA_FIELD_COMPLETION_HANDLE",
120
        0x00008000 : "FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE",
121
        0x00010000 : "FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA",
122
        0x00020000 : "FWPS_METADATA_FIELD_REMOTE_SCOPE_ID",
123
        0x00040000 : "FWPS_METADATA_FIELD_PACKET_DIRECTION",
124
        0x00080000 : "FWPS_METADATA_FIELD_PACKET_SYSTEM_CRITICAL",
125
        0x00100000 : "FWPS_METADATA_FIELD_FORWARD_LAYER_OUTBOUND_PASS_THRU",
126
        0x00200000 : "FWPS_METADATA_FIELD_FORWARD_LAYER_INBOUND_PASS_THRU",
127
        0x00400000 : "FWPS_METADATA_FIELD_ALE_CLASSIFY_REQUIRED",
128
        0x00800000 : "FWPS_METADATA_FIELD_TRANSPORT_HEADER_INCLUDE_HEADER",
129
        0x01000000 : "FWPS_METADATA_FIELD_DESTINATION_PREFIX",
130
        0x02000000 : "FWPS_METADATA_FIELD_ETHER_FRAME_LENGTH",
131
        0x04000000 : "FWPS_METADATA_FIELD_PARENT_ENDPOINT_HANDLE",
132
        0x08000000 : "FWPS_METADATA_FIELD_ICMP_ID_AND_SEQUENCE",
133
        0x10000000 : "FWPS_METADATA_FIELD_LOCAL_REDIRECT_TARGET_PID",
134
        0x20000000 : "FWPS_METADATA_FIELD_ORIGINAL_DESTINATION",
135
        0x40000000 : "FWPS_METADATA_FIELD_REDIRECT_RECORD_HANDLE",
136
        0x80000000 : "FWPS_METADATA_FIELD_SUB_PROCESS_TAG"
137
    }
138

139
    inMetaValues = typedVar( "FWPS_INCOMING_METADATA_VALUES0_", addr )
140

141
    for i in ( 1 << i for i in range( 0, 32) ):
142
        if inMetaValues.currentMetadataValues & i:
143
            dprint( "    " )
144
            dprint( fwpsMetadataFields.get( i, "Unknown filed %#010x" % i ) + ": " )
145
            dprint( printFwpsMetaValue( i, inMetaValues ) )
146
            dprintln("")
147
  
148

149
def usage():
150
    dprintln( "Usage:" )
151
    dprintln( "!py wfp /fixed addr")
152
    dprintln( "!py wfp /meta addr" )
153

154
def main():
155

156
    if not isKernelDebugging():
157
        dprintln( "This script is for kernel debugging only" )
158

159
    if len(sys.argv) < 2:
160
        usage()
161
        return 
162

163
    if sys.argv[1]=="/fixed":
164
        wfpFixedValues( expr(sys.argv[2]) )
165
        return
166

167
    if sys.argv[1]=="/meta":
168
        wfpMetaValues( expr(sys.argv[2]) )
169
        return
170

171
    usage()    
172
              
173
if __name__ == "__main__":
174
    main()

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.