Stack Overflow
Stack Overflow

Questions tagged [pykd]

PyKD is an extension for [tag:windbg] which provides Python scripting capabilities.

PyKD is an extension for which provides Python scripting capabilities. It can also be used as a Python module in any Python script.

Load the extension with .load pykd.pyd and make sure you use the correct bitness. !pycmd in WinDbg starts an interactive console and !py <script> runs a script.

PyKD works with Pythion 2.6 and 2.7. PyKD's license is Ms-PL.

36 questions
0
votes
1 answer

pykd can not start thread use threading in python script

when I use threading.Thread to create new thread.it can not start. The code like this import threading import time import sys def worker(): count = 1 while True: if count >= 6: break time.sleep(1) count +=…
sht
  • 3
  • 1
0
votes
2 answers

Can not install pykd using pip

I get an error when I want to install pykd using pip. The error says: ERROR: Could not find a version that satisfies the requirement pykd (from versions: none) ERROR: No matching distribution found for pykd When I try to download the .whl file of…
Dennis
  • 7
  • 3
0
votes
2 answers

How to load an external file in a WinDbg session

I'm trying to load pykd.pyd in order to be able to use Python during Windbg crash dump analysis. This does not work, as you can see here: 0:006> .load C:\Python27\Lib\site-packages\pykd.pyd The call to…
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
3 answers

Getting the process ID from a crash dump file with PyKd

I am analyzing a lot of crash dumps with Pykd and I would like to get the process ID (PID) from the crash dump. In WinDbg, I'd use the command | and use my brain to figure it out. Some time later, I'd come up with a command like .foreach /pS 3 /ps…
Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
0
votes
1 answer

having issues with pykd (pykd.DbgException: Call IDebugClient::GetOutputCallbacks failed HRESULT 0x80010107)

I'm working with pykd and am able to connect it with my debugger (windbg) but for some reason I'm unable to process any command with pykd.dbgCommand not sure what the issue is as I've tried multiple methods to try and resolve the issue: Reinstall…
A-S
  • 1
0
votes
1 answer

Convert address into a number that PyKD can work with / equivalent of the WinDbg ? command

In WinDbg, I have several options to define a number 0:006> ? 17 Evaluate expression: 23 = 00000017 0:006> ? 0x17 Evaluate expression: 23 = 00000017 0:006> ? 0n23 Evaluate expression: 23 = 00000017 0:006> ? ntdll Evaluate expression: 2004549632 =…
Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
0
votes
1 answer

pykd: setBp with callback gives typeerror

I am trying to write a heap tracer using windbg and pykd, but I am getting a TypeError when trying to set the callback. Here is a part of the code: def enter_call_back(bp): print "RtlAllocateHeap called" return False def…
user25470
  • 585
  • 4
  • 17
0
votes
2 answers

try..except in interactive Windbg Python session throws me out of the Python session

I'm working with PYKD, doing dump analysis. The PYKD library is used in the heap_stat script, and I'd like to use PYKD library in a more interactive way, like this: Windbg prompt>!py Input>dbgCommand("x /2 *!CStringArray*vftable*") This is working…
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
1 answer

how to recognise "wrong" pointers

I'm working with heap_stat, a script, based on PYKD library (the script performs Ptrptr() on !heap -h 0 results and continues from there). This heap_stat script sometimes contains wrong results, as you can see from following excerpt: heap_stat…
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
1 answer

Increase PYKD heap_stat performance, disabling RtlValidSecurityDescriptor

While working with heap_stat (a Python script based on PYKD library for running Python scripts in a Windbg environment), I'm getting frustrated by the enormous time this script needs for doing its job. So, I've started a profiling session, using…
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
1 answer

How to find the first field from an object/class?

Good morning, In this post, I was looking for a way to find CString entries within a dump, and I still am :-) It seems possible to find object related entries, based on the first field as mentioned in Windbg's x /2 result. For objects who have…
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
1 answer

How to get variable names out of a dump and a symbol file?

I'm debugging dump files, while I have access to the symbol files. I'm using a script, which combines the results of following windbg commands: x /2 *!* // which types are present in the symbol files? !heap -h 0 // which memory address ranges are…
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
2 answers

parsing WinDbg output in real-time and setting a trigger on a specific line of output

Is there any way to parse the output of WinDbg and set a "trigger" on a specific line of output? I mean - executing a line of WinDbg script / pykd script when a specific line of output appears. I've tried performing this using WinDbg scripting, but…
golosovsky
  • 638
  • 1
  • 6
  • 19
0
votes
0 answers

Avoid "Unknown" in heap_stat.py Windbg dump analysis

I'm using the heap_stat.py Python script for analysing memory dumps, in order to detect memory leaks, but I'm having following issue: regularly the "statistics" part contains following kind of "information": Type name Count Size …
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
1 answer

Windbg pykd memory breakpoint

I'm trying to make automation scripts with memory breakpoint function by using a pykd on windbg and this is my script in short class MemBpHandler(pykd.eventHandler): def setPageGuard(self, addr, size, guard=0x140): # Set PAGE_GUARD …
Vanz
  • 13
  • 4
1
2
3