public void PyObject_SetAttr(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string vVar = useRegisters ? "((PyObject*)@rcx)" : "v"; ulong tp_setattr = cppEval.EvaluateUInt64(vVar + "->ob_type->tp_setattr"); _owner.OnPotentialRuntimeExit(thread, tp_setattr); ulong tp_setattro = cppEval.EvaluateUInt64(vVar + "->ob_type->tp_setattro"); _owner.OnPotentialRuntimeExit(thread, tp_setattro); }
public void type_call(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string typeVar = useRegisters ? "((PyTypeObject*)@rcx)" : "type"; ulong tp_new = cppEval.EvaluateUInt64(typeVar + "->tp_new"); _owner.OnPotentialRuntimeExit(thread, tp_new); ulong tp_init = cppEval.EvaluateUInt64(typeVar + "->tp_init"); _owner.OnPotentialRuntimeExit(thread, tp_init); }
public void do_richcompare(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string vVar = useRegisters ? "((PyObject*)@rcx)" : "v"; string wVar = useRegisters ? "((PyObject*)@rdx)" : "w"; ulong tp_richcompare1 = cppEval.EvaluateUInt64(vVar + "->ob_type->tp_richcompare"); _owner.OnPotentialRuntimeExit(thread, tp_richcompare1); ulong tp_richcompare2 = cppEval.EvaluateUInt64(wVar + "->ob_type->tp_richcompare"); _owner.OnPotentialRuntimeExit(thread, tp_richcompare2); }
// This step-in gate is not marked [StepInGate] because it doesn't live in pythonXX.dll, and so we register it manually. public void _call_function_pointer(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); ulong pProc = cppEval.EvaluateUInt64(useRegisters ? "@rdx" : "pProc"); _owner.OnPotentialRuntimeExit(thread, pProc); }
public static void PyCode_New(DkmThread thread, ulong frameBase, ulong vframe, ulong returnAddress) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); var filenamePtr = cppEval.EvaluateUInt64("filename"); var filenameObj = PyObject.FromAddress(process, filenamePtr) as IPyBaseStringObject; if (filenameObj == null) { return; } string filename = filenameObj.ToString(); if (process.GetPythonRuntimeInstance().GetModuleInstances().Any(mi => mi.FullName == filename)) { return; } new RemoteComponent.CreateModuleRequest { ModuleId = Guid.NewGuid(), FileName = filename }.SendLower(process); }
public static void PyCode_NewEmpty(DkmThread thread, ulong frameBase, ulong vframe, ulong returnAddress) { var process = thread.Process; CppExpressionEvaluator cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); ulong filenamePtr = cppEval.EvaluateUInt64("filename"); if (filenamePtr == 0) { return; } string filename = new CStringProxy(process, filenamePtr).ReadUnicode(); if (process.GetPythonRuntimeInstance().GetModuleInstances().Any(mi => mi.FullName == filename)) { return; } new RemoteComponent.CreateModuleRequest { ModuleId = Guid.NewGuid(), FileName = filename }.SendLower(process); }
public void builtin_next(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string argsVar = useRegisters ? "((PyTupleObject*)@rdx)" : "((PyTupleObject*)args)"; ulong tp_iternext = cppEval.EvaluateUInt64(argsVar + "->ob_item[0]->ob_type->tp_iternext"); _owner.OnPotentialRuntimeExit(thread, tp_iternext); }
public void PyIter_Next(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string iterVar = useRegisters ? "((PyObject*)@rcx)" : "iter"; ulong tp_iternext = cppEval.EvaluateUInt64(iterVar + "->ob_type->tp_iternext"); _owner.OnPotentialRuntimeExit(thread, tp_iternext); }
public void PyObject_Call(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string funcVar = useRegisters ? "((PyObject*)@rcx)" : "func"; ulong tp_call = cppEval.EvaluateUInt64(funcVar + "->ob_type->tp_call"); _owner.OnPotentialRuntimeExit(thread, tp_call); }
public void getset_set(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string descrVar = useRegisters ? "((PyGetSetDescrObject*)@rcx)" : "descr"; ulong set = cppEval.EvaluateUInt64(descrVar + "->d_getset->set"); _owner.OnPotentialRuntimeExit(thread, set); }
public void PyCFunction_Call(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); ulong ml_meth = cppEval.EvaluateUInt64( "((PyObject*){0})->ob_type == &PyCFunction_Type ? ((PyCFunctionObject*){0})->m_ml->ml_meth : 0", useRegisters ? "@rcx" : "func"); _owner.OnPotentialRuntimeExit(thread, ml_meth); }
public void PyObject_Print(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; CppExpressionEvaluator cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string opVar = useRegisters ? "((PyObject*)@rcx)" : "op"; ulong tp_print = cppEval.EvaluateUInt64(opVar + "->ob_type->tp_print"); _owner.OnPotentialRuntimeExit(thread, tp_print); }
public void PyType_GenericNew(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; CppExpressionEvaluator cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); string typeVar = useRegisters ? "((PyTypeObject*)@rcx)" : "type"; ulong tp_alloc = cppEval.EvaluateUInt64(typeVar + "->tp_alloc"); _owner.OnPotentialRuntimeExit(thread, tp_alloc); }
public void call_function(DkmThread thread, ulong frameBase, ulong vframe, bool useRegisters) { var process = thread.Process; var cppEval = new CppExpressionEvaluator(thread, frameBase, vframe); int oparg = cppEval.EvaluateInt32(useRegisters ? "@rdx" : "oparg"); int na = oparg & 0xff; int nk = (oparg >> 8) & 0xff; int n = na + 2 * nk; ulong func = cppEval.EvaluateUInt64( "*((*(PyObject***){0}) - {1} - 1)", useRegisters ? "@rcx" : "pp_stack", n); var obj = PyObject.FromAddress(process, func); ulong ml_meth = cppEval.EvaluateUInt64( "((PyObject*){0})->ob_type == &PyCFunction_Type ? ((PyCFunctionObject*){0})->m_ml->ml_meth : 0", func); _owner.OnPotentialRuntimeExit(thread, ml_meth); }