我正在使用PYKD(一个库,用于为Windbg编写Python脚本)。
处理包含星号的类型名称时,其中一个功能typedVar似乎不起作用:
(在Windbg会话中):
.load pykd.pyd // Load PYKD library
!py // enter an interactive Python session
>>> print typedVar('CMap<unsigned long,unsigned long,int,int>', 0x02d729dc).m_nCount
Int4B at 0x2d729e8 Value: 0x4 (4)
=> ok!
>>> print typedVar('CMap<int,int,ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > > >', 0x02ca2568).m_nCount
Int4B at 0x2ca2574 Value: 0x7 (7)
=> ok!
>>> print typedVar('CMap<int,int,void *,void *>', 0x0054ac10).m_nCount
Traceback (most recent call last):
File "<console>", line 1, in <module>
TypeException: CMap<int,int,void *,void *> : invalid type name
=> NOK (most probably because of the asterisk)
我认为这是由星号引起的,被解释为通配符,因此我想使用转义字符,以便将星号用作“正常”字符,但这似乎并不那么简单:
使用反斜杠:
>>> print typedVar('CMap<int,int,void \*,void \*>', 0x0054ac10).m_nCount
Traceback (most recent call last):
File "<console>", line 1, in <module>
TypeException: CMap<int,int,void \*,void \*> : invalid type name
加倍星号:
>>> print typedVar('CMap<int,int,void **,void **>', 0x0054ac10).m_nCount
Traceback (most recent call last):
File "<console>", line 1, in <module>
TypeException: CMap<int,int,void **,void **> : invalid type name
有人知道Python中正则表达式的转义字符吗(如果它不是反斜杠或双倍字符)?
预先感谢
哦,在我忘记之前:所提到的类型出现在应用程序的符号中,如您在此处看到的:
for tp in app.enumTypes("*CMap<*"):
print tp
...
CMap<int,int,void *,void *>
...
在第一个评论后编辑并回复
这些是我使用的命令(r和u):
>>> print typedVar(r'CMap<int,int,void *,void *>', 0x0054ac10).m_nCount
>>> print typedVar(u'CMap<int,int,void *,void *>', 0x0054ac10).m_nCount
>>> print typedVar(rr'CMap<int,int,void *,void *>', 0x0054ac10).m_nCount
>>> print typedVar(r'''CMap<int,int,void *,void *>''', 0x0054ac10).m_nCount
>>> print typedVar(r''CMap<int,int,void *,void *>'', 0x0054ac10).m_nCount
>>> print typedVar(ru'CMap<int,int,void *,void *>', 0x0054ac10).m_nCount
>>> print typedVar(ru'CMap<int,int,void *,void *>', 0x0054ac10).m_nCount
在进一步使用最新的PYKD库后进行编辑
不幸的是,仍然存在问题,如您从以下摘录中看到的:
0:000> .load pykd.pyd
0:000> .chain
Extension DLL search Path:
...
Extension DLL chain:
pykd.pyd: image 0.3.4.2, API 1.0.0, built Sat Nov 17 13:06:54 2018
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext\pykd.pyd]
...
0:000> !py
>>> dprintln("%d" % typedVar('Application!CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>', 0x064ad440).m_nCount)
2
=> An asterisk in the type name can sometimes be handled
>>> dprintln("%d" % typedVar('Application!CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *>', 0x064ad328).m_nCount)
Traceback (most recent call last):
File "<console>", line 1, in <module>
AttributeError: typed var has no field 'm_nCount'
=> But sometimes there still are issues.
The error message clearly shows that the typename is known.
这里可能是什么问题?我可以做些什么来添加更详细的调试信息吗?
根据ussrhero的新提案进行编辑
typeInfo似乎为空:
>>> print(typeInfo('Application!CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *>'))
class/struct : CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *> Size: 0x0 (0)
出于参考原因,这里还有另一个与CMap相关的typeInfo:
>>> print(typeInfo('Application!CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>'))
class/struct : CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int> Size: 0x1c (28)
+0000 __VFN_table : VTable*
=0000000000 classCObject : CRuntimeClass
+0004 m_pHashTable : CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>::CAssoc**
+0008 m_nHashTableSize : UInt4B
+000c m_nCount : Int4B
+0010 m_pFreeList : CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>::CAssoc*
+0014 m_pBlocks : CPlex*
+0018 m_nBlockSize : Int4B
这里是不存在的类的typeInfo(也出于参考原因):
>>> print(typeInfo('Application!NonExisting_Class'))
Traceback (most recent call last):
File "<console>", line 1, in <module>
SymbolException: 'NonExisting_Class' - symbol not found
=>因此,给出问题的类是已知的,但显然无法处理。
在ussrhero的最新更新后进行编辑:
dt和dx似乎提到其他CMap一切正常:
0:000> dt 0x064ad440 CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>
Application!CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>
+0x000 __VFN_table : 0x01503444
+0x004 m_pHashTable : 0x06ab9ad0 -> (null)
+0x008 m_nHashTableSize : 0x186ab
+0x00c m_nCount : 0n2
+0x010 m_pFreeList : 0x063c953c CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>::CAssoc
+0x014 m_pBlocks : 0x063c9518 CPlex
+0x018 m_nBlockSize : 0n10
0:000> dt 0x064ad440 CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int> m_nCount
Application!CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>
+0x00c m_nCount : 0n2
0:000> dx (CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>*) 0x064ad440
(CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>*) 0x064ad440 : 0x64ad440 [Type: CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int> *]
[+0x004] m_pHashTable : 0x6ab9ad0 [Type: CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>::CAssoc * *]
[+0x008] m_nHashTableSize : 0x186ab [Type: unsigned int]
[+0x00c] m_nCount : 2 [Type: int]
[+0x010] m_pFreeList : 0x63c953c [Type: CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>::CAssoc *]
[+0x014] m_pBlocks : 0x63c9518 [Type: CPlex *]
[+0x018] m_nBlockSize : 10 [Type: int]
dt和dx似乎提到该特定CMap存在问题:
0:000> dt 0x064ad328 CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *>
Application!CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *>
0:000> dt 0x064ad328 CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *> m_nCount
Application!CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *>
0:000> dx (CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *>*) 0x064ad328
Error: Unable to find type 'CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *> *' for cast.
但是,这些符号似乎没有问题:
0:000> x /2 Application!CMap<*vftable*
...
0152e944 Application!CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION *,_RTL_CRITICAL_SECTION *>::`vftable'
...
01503444 Application!CMap<ATL::CStringT<wchar_t,StrTraitMFC_DLL<wchar_t,ATL::ChTraitsCRT<wchar_t> > >,wchar_t const *,unsigned int,unsigned int>::`vftable'
显然,我们在这里处理Windbg问题。我们如何找出这是已知的Windbg问题还是新的问题?这些问题在哪里收集? (有关您的信息,我正在使用Windows 10版本1803(操作系统内部版本17134.345)的Windbg 10.0.16299.15 X86,但Windbg Preview似乎也有此错误。
答案 0 :(得分:1)
这是一个pykd错误: https://githomelab.ru/pykd/pykd/issues/33
它将在下一个版本中修复
答案 1 :(得分:1)
尝试打印出类型信息:
>>>print( typeInfo('Application!CMap<unsigned int,unsigned int,_RTL_CRITICAL_SECTION,_RTL_CRITICAL_SECTION *>') )
答案 2 :(得分:0)
无法发表评论,但您可以尝试在此处说明的“字符串”
What exactly do "u" and "r" string flags do, and what are raw string literals?
或者,如果可以的话,将指针交换为任何无符号的64位数据类型。
答案 3 :(得分:0)
typedVar不会干扰类型名称。您必须使用与符号信息中包含的相同的类型名称。
尝试使用dt命令找到它:
dt CMap*
或使用pykd:
print( "\n".join( module('ModuleName').enumTypes('CMap*') )
我相信它将看起来像'CMap