Added Symbol related sample output

hakril · hakril · commit aec35a46d5b8 · 2020-05-18T22:49:32.000+02:00
diff --git a/docs/source/samples_output/debug_symbol_debugger.txt b/docs/source/samples_output/debug_symbol_debugger.txt
@@ -0,0 +1,15 @@
+(cmd) python debug\symbol_debugger.py
+Namespace(dbghelp=None)
+Breakpoint triggered at: ntdll!LdrpInitializeProcess
+<SymbolInfoA name="LdrpInitializeProcess" start=0x77c676c0 tag=SymTagPublicSymbol>
+
+Breakpoint triggered at: KERNELBASE!CreateFileInternal+0x2
+<SymbolInfoA name="CreateFileInternal" start=0x75be2120 displacement=0x2 tag=SymTagFunction>
+
+Breakpoint triggered at: KERNELBASE!CreateFileInternal+0x2
+<SymbolInfoA name="CreateFileInternal" start=0x75be2120 displacement=0x2 tag=SymTagFunction>
+
+Breakpoint triggered at: KERNELBASE!CreateFileInternal+0x2
+<SymbolInfoA name="CreateFileInternal" start=0x75be2120 displacement=0x2 tag=SymTagFunction>
+Quitting
+
diff --git a/docs/source/samples_output/debug_symbol_processsymdemo.txt b/docs/source/samples_output/debug_symbol_processsymdemo.txt
@@ -0,0 +1,16 @@
+(cmd) python debug\symbols\processsymdemo.py
+Namespace(dbghelp=None)
+Target is <WinProcess "notepad.exe" pid 14280 at 0x4e177b0>
+Some loaded modules are:
+ * <SymbolModule name="notepad" type=SymDeferred pdb="" addr=0xc10000>
+ * <SymbolModule name="ntdll" type=SymDeferred pdb="" addr=0x77bc0000>
+ * <SymbolModule name="KERNEL32" type=SymDeferred pdb="" addr=0x77480000>
+
+Resolving function <advapi32!CreateServiceEx>
+Symbol found !
+  * __repr__: <SymbolInfoA name="CreateServiceEx" start=0x764647b0 tag=SymTagPublicSymbol>
+  * __str__: advapi32!CreateServiceEx
+  * addr: 0x764647b0
+  * name: CreateServiceEx
+  * fullname: advapi32!CreateServiceEx
+  * module: <SymbolModule name="advapi32" type=SymPdb pdb="advapi32.pdb" addr=0x76440000>
diff --git a/docs/source/samples_output/debug_symbol_symsearch.txt b/docs/source/samples_output/debug_symbol_symsearch.txt
@@ -0,0 +1,34 @@
+$ python64  debug\symbols\symsearch.py "CreateFile*" c:\windows\system32\kernelbase.dll
+Namespace(addr=0, dbghelp=None, file='c:\\windows\\system32\\kernelbase.dll', pattern='CreateFile*', tag=0)
+16 symbols found:
+ * <SymbolInfoA name="CreateFileInternal" start=0x180024250 tag=SymTagFunction>
+ * <SymbolInfoA name="CreateFileMappingFromApp" start=0x1800809d0 tag=SymTagFunction>
+ * <SymbolInfoA name="CreateFileMoniker" start=0x180087e40 tag=SymTagFunction>
+ * <SymbolInfoA name="CreateFile2" start=0x180074550 tag=SymTagFunction>
+ * <SymbolInfoA name="CreateFileA" start=0x1800240d0 tag=SymTagFunction>
+ * <SymbolInfoA name="CreateFileMappingNumaW" start=0x18002ca40 tag=SymTagFunction>
+ * <SymbolInfoA name="CreateFileMapping2" start=0x1800fb6d0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileInternal" start=0x180024250 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileMappingW" start=0x18002cd00 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileDowngrade_Win7" start=0x180082ff0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileDowngrade_Vista" start=0x18007eba0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileMappingFromApp" start=0x1800809d0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFile2" start=0x180074550 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileW" start=0x1800241d0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileA" start=0x1800240d0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="CreateFileMappingNumaW" start=0x18002ca40 tag=SymTagPublicSymbol>
+
+
+$ python64 debug\symbols\symsearch.py "NtCreate*" c:\windows\system32\ntdll.dll --addr 0x42000000
+Namespace(addr=1107296256, dbghelp=None, file='c:\\windows\\system32\\ntdll.dll', pattern='NtCreate*', tag=0)
+47 symbols found:
+ * <SymbolInfoA name="NtCreateProcessEx" start=0x4209ca00 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreateIRTimer" start=0x4209d530 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreateRegistryTransaction" start=0x4209d750 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreateTimer" start=0x4209d810 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreateKeyedEvent" start=0x4209d5d0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreateFile" start=0x4209cb00 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreateSymbolicLinkObject" start=0x4209d7d0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreatePrivateNamespace" start=0x4209d6d0 tag=SymTagPublicSymbol>
+ * <SymbolInfoA name="NtCreateKey" start=0x4209c400 tag=SymTagPublicSymbol>
+ ...
diff --git a/docs/source/samples_output/debug_symbol_virtsymdemo.txt b/docs/source/samples_output/debug_symbol_virtsymdemo.txt
@@ -0,0 +1,30 @@
+(cmd) python debug\symbols\virtsymdemo.py
+Namespace(dbghelp=None)
+Ntdll module is: <SymbolModule name="ntdll" type=SymPdb pdb="wntdll.pdb" addr=0x420000>
+  * name = ntdll
+  * addr = 0x420000
+  * path = c:\windows\system32\ntdll.dll
+  * type = <SYM_TYPE SymPdb(0x3L)>
+  * pdb = d:\symbols\wntdll.pdb\3D038F31BBBF51C701937460DBAB1F531\wntdll.pdb
+
+Resolving function <LdrLoadDll>
+Symbol found !
+  * __repr__: <SymbolInfoA name="LdrLoadDll" start=0x464d30 tag=SymTagFunction>
+  * __str__: ntdll!LdrLoadDll
+  * addr: 0x464d30
+  * name: LdrLoadDll
+  * fullname: ntdll!LdrLoadDll
+  * module: <SymbolModule name="ntdll" type=SymPdb pdb="wntdll.pdb" addr=0x420000>
+
+Loading kernelbase
+Loaded modules are: [<SymbolModule name="ntdll" type=SymPdb pdb="wntdll.pdb" addr=0x420000>, <SymbolModule name="kernelbase" type=SymPdb pdb="wkernelbase.pdb" addr=0x1230000>]
+Looking up address: 0x1231242
+Symbol resolved !
+  * __repr__: <SymbolInfoA name="__load_config_used" start=0x1231230 displacement=0x12 tag=SymTagPublicSymbol>
+  * __str__: kernelbase!__load_config_used+0x12
+  * start: 0x1231230
+  * addr: 0x1231242
+  * displacement: 0x12
+  * name: __load_config_used
+  * fullname: kernelbase!__load_config_used+0x12
+  * module: <SymbolModule name="kernelbase" type=SymPdb pdb="wkernelbase.pdb" addr=0x1230000>
