-
Notifications
You must be signed in to change notification settings - Fork 285
Expand file tree
/
Copy pathdbgview.py
More file actions
50 lines (32 loc) · 1.27 KB
/
dbgview.py
File metadata and controls
50 lines (32 loc) · 1.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import argparse
import speakeasy
class DbgView(speakeasy.Speakeasy):
"""
Print debug port prints to the console
"""
def __init__(self, debug=False):
super().__init__(debug=debug)
def debug_print_hook(self, emu, api_name, func, params):
# Call the DbgPrint* function and print the formatted string to the console
rv = func(params)
formatted_str = params[0]
print(formatted_str)
return rv
def debug_printex_hook(self, emu, api_name, func, params):
# Call the DbgPrintEx function and print the formatted string to the console
rv = func(params)
formatted_str = params[2]
print(formatted_str)
return rv
def main(args):
dbg = DbgView()
module = dbg.load_module(args.file)
dbg.add_api_hook(dbg.debug_print_hook, "ntoskrnl", "DbgPrint")
dbg.add_api_hook(dbg.debug_printex_hook, "ntoskrnl", "DbgPrintEx")
# Emulate the module
dbg.run_module(module, all_entrypoints=True)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Print debug port prints to the console")
parser.add_argument("-f", "--file", action="store", dest="file", required=True, help="Path of driver to emulate")
args = parser.parse_args()
main(args)