Questions tagged [pykd]

PyKD is an extension for [tag:windbg] which provides Python scripting capabilities.

PyKD is an extension for windbg which provides Python scripting capabilities. It can also be used as a Python module in any Python script.

Load the extension with .load pykd.pyd and make sure you use the correct bitness. !pycmd in WinDbg starts an interactive console and !py <script> runs a script.

PyKD works with Pythion 2.6 and 2.7. PyKD's license is Ms-PL.

36 questions

votes

1 answer

Unexpected error with mona.py on x64

My operating system is Windows 10. I configured Mona with WinDbg according to the documentation on the website. I can use Mona with WinDbg x86. But in WinDbg x64 it says: 0:000> .load pykd.pyd 0:000> !py mona unexpected error Could anyone please…

windbg pykd

asked Jan 09 '16 at 11:18

0xmuhe

votes

1 answer

How to get the original file name of a module in PyKD?

I have a module in PyKD: >>> print module("rundll32") Module: rundll32 Start: 7f0000 End: 7fe000 Size: e000 Image: C:\Windows\SysWOW64\rundll32.exe Symbols: e:\debug\symbols\rundll32.pdb\EFAE0C870C2846EDB63B9A7274CD50422\rundll32.pdb Timestamp:…

python windbg pykd

asked Aug 24 '15 at 22:53

Thomas Weller

55,411
20
125
222

votes

2 answers

Using Windbg PyKD Python Extension to Print/Break at Only Call Instructions

Using WinDBG's python extension I want to print only call instructions in console. [A kind of one step debugging ] My Code: from pykd import * pid = raw_input ('pid >>> ') id=attachProcess(int(pid)) print id while 1: trace() r_o =…

python debugging windbg pykd

asked Jan 22 '15 at 19:42

Dev.K.

2,428
5
35
49

votes

2 answers

How disassembler extract opcode from memory works?

I'm trying to figure out how disassembler works. Specifically, how the content in memory maps to the corresponding assembly language opcode. Below is the content in memory, first column address: 773eed5c 50 ff 15 0c 17 3a 77 90-90 90 90 90 8b ff 55…

assembly pykd

asked Mar 23 '14 at 19:00

yegle

5,795
6
39
61

-1

votes

2 answers

What's the way to get only the property value of an object using Windbg?

I'm doing dump debugging, using PYKD, and therefore I'm using the PYKD dbgCommand() for getting information on objects. The problem is: the dbgCommand() results need to be parsed in order to be used, as you can see in following example: source code…

object properties windbg dump pykd

asked Nov 08 '18 at 14:52

Dominique

16,450
15
56
112

-1

votes

1 answer

Import Error: DLL load failed The specified procedure could not be found (WinDBG on XP)

I am using a package called pykd(https://pykd.codeplex.com/) which is an extension for Windbg. I downloaded this on windows and everything works fine. However, when downloading this on a Windows XP everything is normal. It is installs ok, and…

python windows windbg pykd

asked Dec 17 '17 at 01:31

Rehaan Ahmad

Prev 1 2