Stack Overflow
Stack Overflow

Questions tagged [pykd]

PyKD is an extension for [tag:windbg] which provides Python scripting capabilities.

PyKD is an extension for which provides Python scripting capabilities. It can also be used as a Python module in any Python script.

Load the extension with .load pykd.pyd and make sure you use the correct bitness. !pycmd in WinDbg starts an interactive console and !py <script> runs a script.

PyKD works with Pythion 2.6 and 2.7. PyKD's license is Ms-PL.

36 questions
3
votes
1 answer

How to read heap using PYKD

In this question, I wanted to replace DbgCommand("dt ...") by an API call, and the PYKD command typedVar() came to the rescue. As a result, my heap_stat script (extended with m_nSize and m_nCount information) is running three times faster now. For…
Dominique
  • 16,450
  • 15
  • 56
  • 112
3
votes
3 answers

How to avoid the DbgCommand command being written to the logfile

I'm having an annoying issue with Pykd.pyd: I'm using it in a script, launching several DbgCommand functions, like: DbgCommand("dt 0x000000eab8748430 CMap m_nCount") This for getting the size of the CMap object.…
Dominique
  • 16,450
  • 15
  • 56
  • 112
2
votes
3 answers

How to get rid of symbol file related warning/error messages

I'm debugging dumpfiles, using Windbg, and regularly I'm getting warning/error messages, like the following: *** WARNING: Unable to verify checksum for icuuc58.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for…
Dominique
  • 16,450
  • 15
  • 56
  • 112
2
votes
2 answers

How can I get the path of the dumpfile I've opened in Windbg?

I'm opening dumpfile in Windbg, and I'm writing a PYKD related Python script for working with that dumpfile. Now I'd like to create a file in the directory of that dumpfile, and the name of that file should be based on the dumpfile I've just…
Dominique
  • 16,450
  • 15
  • 56
  • 112
2
votes
1 answer

searchMemory function in pykd

I'm trying to understand how to use the searchMemory() function in pykd extension for windbg. The documentation says the following: Function searchMemory searchMemory( (long)arg1, (int)arg2, (list)arg3) -> int : Search in virtual memory C++…
rrrrr
  • 47
  • 5
2
votes
1 answer

Get the executable's module in PyKD

In PyKD I can get the executable's process name like this: 0:017> !py ... >>> getProcessExeName() u'C:\\Windows\\SysWOW64\\rundll32.exe' and I can get module information with >>> print module("rundll32") Module: rundll32 Start: 7f0000 End: 7fe000…
Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
1
vote
0 answers

Is there a way to close a .py file directly after running the script instead of after detaching when using pykd in windbg?

Sorry for all the questions but I think I have narrowed down my issue. In the below code, I call the following script via pykd in windbg. For the most part, it behaves as intended. However, after I call the script a few hundred times (504 times),…
Charles Sheehe
  • 11
  • 4
1
vote
4 answers

How to escape an asterisk in a Python related library?

I'm working with PYKD, a library, used for writing Python scripts for Windbg. One of the functions, typedVar, seems not to work when handling type names who contain an asterisk: (In a Windbg session): .load pykd.pyd // Load PYKD library !py …
Dominique
  • 16,450
  • 15
  • 56
  • 112
1
vote
2 answers

Can "DbgCommand()" also get the hyperlinked results?

In this question, I've tried to get a Windbg script working, but maybe I could solve my issue using PYKD anyway. My problem is the following: I Launch the command ~* k, and I get following response (as in the mentioned question, I like to emphasize…
Dominique
  • 16,450
  • 15
  • 56
  • 112
1
vote
2 answers

Why do I get a "symbol not found" for a found symbol in Pykd?

I'm working on a dump, which I try to investigate, using PYKD technology. The result of the x /2 *!*``vtable' (just one backtick) contains the following result: 745293b8 mfc110u!CPtrList::`vftable' However, when I try to get more…
Dominique
  • 16,450
  • 15
  • 56
  • 112
1
vote
5 answers

WinDBG can't find python interpreter for PyKd

I'm trying to load a python extension to WinDBG, using PyKd. .load pykd succeeds. When I'm running !py, I get this: failed to find python interpreter Things I've tried: Different versions of python Using PyKd's dll and pyd files .reload…
Steve
  • 19
  • 2
1
vote
1 answer

Python Clik Module in WinDbg

I've been using click module for some time now and I think it's awesome. However I have some problems using it in a WinDbg python plugin. I'm using the following script, which works fine in Linux: import click @click.group() def shell(): …
eleanor
  • 1,514
  • 3
  • 19
  • 40
1
vote
2 answers

Using Pykd with SOS

I wanted to do the following in PyKd: execute a command of another extension and process its output. First of all, it seems I have to load SOS in PyKd, not in WinDbg. I did this with >>>…
Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
0
votes
1 answer

Is there a heap_stat equivalent for dump analysis of C# applications?

For a previous employer, while performing dump analysis, I have regularly used heap_stat.py, based on PYKD library for Windbg. I believe heap_stat.py script only works for C/C++ development. Is there an equivalent for C# applications? Thanks in…
Dominique
  • 16,450
  • 15
  • 56
  • 112
0
votes
1 answer

importing numpy via pykd in WinDbg Preview freezes the debugger

When using WinDbg Preview 1.2210.3001.0 along with pykd 0.3.4.15, I am finding that importing numpy freezes the debugger, i.e. the status bar displays *BUSY* for a long time (probably forever). Isolation: using WinDbg 10.0.22621.755 AMD64 (instead…
MickeyRandall4
  • 25
  • 3
1
2 3