-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAnalyzeBugcheck.py
More file actions
69 lines (58 loc) · 2.15 KB
/
AnalyzeBugcheck.py
File metadata and controls
69 lines (58 loc) · 2.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import ctypes
import os
DLL_NAME = "ext.dll"
FUNC_OFFSET = 0x9B9B8
class BugcheckData(ctypes.Structure):
_fields_ = [
("BugcheckCode", ctypes.c_uint64),
("param1Value", ctypes.c_uint64),
("param2Value", ctypes.c_uint64),
("param3Value", ctypes.c_uint64),
("param4Value", ctypes.c_uint64),
("BugcheckName", ctypes.c_char_p),
("BugcheckDescription", ctypes.c_char_p),
("param1Description", ctypes.c_char_p),
("param2Description", ctypes.c_char_p),
("param3Description", ctypes.c_char_p),
("param4Description", ctypes.c_char_p),
]
# Returns True if the analysis was successful
ExtAnalyzeBugcheckFunction = ctypes.WINFUNCTYPE(ctypes.c_int, ctypes.POINTER(BugcheckData))
def print_field(name, field):
if field:
print(f"{name}: {field.decode('utf-8')}")
else:
print(f"{name}: (null)")
def call_analysis_function():
try:
dll_path = os.path.abspath(DLL_NAME)
dll = ctypes.WinDLL(dll_path)
print(f"Loaded DLL: {dll_path}")
except OSError as e:
raise Exception(f"Failed to load DLL '{DLL_NAME}': {e}")
# Get base address as uintptr_t
kernel32 = ctypes.windll.kernel32
kernel32.GetModuleHandleW.restype = ctypes.c_void_p
hModule = kernel32.GetModuleHandleW(DLL_NAME)
if not hModule:
raise Exception(f"GetModuleHandle failed for {DLL_NAME}")
func_address = hModule + FUNC_OFFSET
# Cast to function pointer
analyzeBugcheck = ExtAnalyzeBugcheckFunction(func_address)
data = BugcheckData()
data.BugcheckCode = 0x85
data.param1Value = 0x1
data.param2Value = 0x3
result = analyzeBugcheck(ctypes.byref(data))
if result:
print(data.BugcheckCode)
print_field("Name", data.BugcheckName)
print_field("Description", data.BugcheckDescription)
print_field("Param1", data.param1Description)
print_field("Param2", data.param2Description)
print_field("Param3", data.param3Description)
print_field("Param4", data.param4Description)
else:
print("Analyze bugcheck call failed")
if __name__ == "__main__":
call_analysis_function()