public void PyObject_SetAttr(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string vVar = useRegisters ? "((PyObject*)@rcx)" : "v";
ulong tp_setattr = cppEval.EvaluateUInt64(vVar + "->ob_type->tp_setattr");
_owner.OnPotentialRuntimeExit(thread, tp_setattr);
ulong tp_setattro = cppEval.EvaluateUInt64(vVar + "->ob_type->tp_setattro");
_owner.OnPotentialRuntimeExit(thread, tp_setattro);
}
public void type_call(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string typeVar = useRegisters ? "((PyTypeObject*)@rcx)" : "type";
ulong tp_new = cppEval.EvaluateUInt64(typeVar + "->tp_new");
_owner.OnPotentialRuntimeExit(thread, tp_new);
ulong tp_init = cppEval.EvaluateUInt64(typeVar + "->tp_init");
_owner.OnPotentialRuntimeExit(thread, tp_init);
}
public void do_richcompare(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string vVar = useRegisters ? "((PyObject*)@rcx)" : "v";
string wVar = useRegisters ? "((PyObject*)@rdx)" : "w";
ulong tp_richcompare1 = cppEval.EvaluateUInt64(vVar + "->ob_type->tp_richcompare");
_owner.OnPotentialRuntimeExit(thread, tp_richcompare1);
ulong tp_richcompare2 = cppEval.EvaluateUInt64(wVar + "->ob_type->tp_richcompare");
_owner.OnPotentialRuntimeExit(thread, tp_richcompare2);
}
// This step-in gate is not marked [StepInGate] because it doesn't live in pythonXX.dll, and so we register it manually.
public void _call_function_pointer(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
ulong pProc = cppEval.EvaluateUInt64(useRegisters ? "@rdx" : "pProc");
_owner.OnPotentialRuntimeExit(thread, pProc);
}
public static void PyCode_New(DkmThread thread, ulong frameBase, ulong vframe, ulong returnAddress)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
var filenamePtr = cppEval.EvaluateUInt64("filename");
var filenameObj = PyObject.FromAddress(process, filenamePtr) as IPyBaseStringObject;
if (filenameObj == null)
{
return;
}
string filename = filenameObj.ToString();
if (process.GetPythonRuntimeInstance().GetModuleInstances().Any(mi => mi.FullName == filename))
{
return;
}
new RemoteComponent.CreateModuleRequest {
ModuleId = Guid.NewGuid(),
FileName = filename
}.SendLower(process);
}
public static void PyCode_NewEmpty(DkmThread thread, ulong frameBase, ulong vframe, ulong returnAddress)
{
var process = thread.Process;
CppExpressionEvaluator cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
ulong filenamePtr = cppEval.EvaluateUInt64("filename");
if (filenamePtr == 0)
{
return;
}
string filename = new CStringProxy(process, filenamePtr).ReadUnicode();
if (process.GetPythonRuntimeInstance().GetModuleInstances().Any(mi => mi.FullName == filename))
{
return;
}
new RemoteComponent.CreateModuleRequest
{
ModuleId = Guid.NewGuid(),
FileName = filename
}.SendLower(process);
}
public void builtin_next(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string argsVar = useRegisters ? "((PyTupleObject*)@rdx)" : "((PyTupleObject*)args)";
ulong tp_iternext = cppEval.EvaluateUInt64(argsVar + "->ob_item[0]->ob_type->tp_iternext");
_owner.OnPotentialRuntimeExit(thread, tp_iternext);
}
public void PyIter_Next(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string iterVar = useRegisters ? "((PyObject*)@rcx)" : "iter";
ulong tp_iternext = cppEval.EvaluateUInt64(iterVar + "->ob_type->tp_iternext");
_owner.OnPotentialRuntimeExit(thread, tp_iternext);
}
public void PyObject_Call(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string funcVar = useRegisters ? "((PyObject*)@rcx)" : "func";
ulong tp_call = cppEval.EvaluateUInt64(funcVar + "->ob_type->tp_call");
_owner.OnPotentialRuntimeExit(thread, tp_call);
}
public void getset_set(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string descrVar = useRegisters ? "((PyGetSetDescrObject*)@rcx)" : "descr";
ulong set = cppEval.EvaluateUInt64(descrVar + "->d_getset->set");
_owner.OnPotentialRuntimeExit(thread, set);
}
public void PyCFunction_Call(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
ulong ml_meth = cppEval.EvaluateUInt64(
"((PyObject*){0})->ob_type == &PyCFunction_Type ? ((PyCFunctionObject*){0})->m_ml->ml_meth : 0",
useRegisters ? "@rcx" : "func");
_owner.OnPotentialRuntimeExit(thread, ml_meth);
}
public void PyObject_Print(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
CppExpressionEvaluator cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string opVar = useRegisters ? "((PyObject*)@rcx)" : "op";
ulong tp_print = cppEval.EvaluateUInt64(opVar + "->ob_type->tp_print");
_owner.OnPotentialRuntimeExit(thread, tp_print);
}
public void PyType_GenericNew(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
CppExpressionEvaluator cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
string typeVar = useRegisters ? "((PyTypeObject*)@rcx)" : "type";
ulong tp_alloc = cppEval.EvaluateUInt64(typeVar + "->tp_alloc");
_owner.OnPotentialRuntimeExit(thread, tp_alloc);
}
public void call_function(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters)
{
var process = thread.Process;
var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe);
int oparg = cppEval.EvaluateInt32(useRegisters ? "@rdx" : "oparg");
int na = oparg & 0xff;
int nk = (oparg >> 8) & 0xff;
int n = na + 2 * nk;
ulong func = cppEval.EvaluateUInt64(
"*((*(PyObject***){0}) - {1} - 1)",
useRegisters ? "@rcx" : "pp_stack",
n);
var obj = PyObject.FromAddress(process, func);
ulong ml_meth = cppEval.EvaluateUInt64(
"((PyObject*){0})->ob_type == &PyCFunction_Type ? ((PyCFunctionObject*){0})->m_ml->ml_meth : 0",
func);
_owner.OnPotentialRuntimeExit(thread, ml_meth);
}
