Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module textio :: Class CrashDump
[hide private]
[frames] | no frames]

Class CrashDump

Static functions for crash dumps.

Instance Methods [hide private]

Inherited from object: __delattr__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __str__

Class Methods [hide private]
str
dump_registers(cls, registers)
Dump the x86 processor register values.
Static Methods [hide private]
str
dump_flags(efl)
Dump the x86 processor flags.
str
dump_registers_peek(registers, data, separator=' ', width=16)
Dump data pointed to by the given registers, if any.
str
dump_data_peek(data, base=0, separator=' ', width=16)
Dump data from pointers guessed within the given binary data.
str
dump_stack_peek(data, separator=' ', width=16)
Dump data from pointers guessed within the given stack dump.
str
dump_stack_trace(stack_trace)
Dump a stack trace, as returned by Thread.get_stack_trace with the bUseLabels parameter set to False.
str
dump_stack_trace_with_labels(stack_trace)
Dump a stack trace, as returned by Thread.get_stack_trace with the bUseLabels parameter set to True.
str
dump_code(disassembly, pc=None, bLowercase=True)
Dump a disassembly.
str
dump_code_line(disassembly_line, bShowAddress=True, bLowercase=True)
Dump a single line of code.
str
dump_memory_map(memoryMap)
Dump the memory map of a process.
Class Variables [hide private]
str reg_template = 'eax=%(Eax).8x ebx=%(Ebx).8x ecx=%(Ecx).8x edx=...
Template for the dump_registers method.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

dump_flags(efl)
Static Method

 

Dump the x86 processor flags. The output mimics that of the WinDBG debugger.

Parameters:
  • efl (int) - Value of the eFlags register.
Returns: str
Text suitable for logging.

dump_registers(cls, registers)
Class Method

 

Dump the x86 processor register values. The output mimics that of the WinDBG debugger.

Parameters:
  • registers (dict( str → int )) - Dictionary mapping register names to their values.
Returns: str
Text suitable for logging.

dump_registers_peek(registers, data, separator=' ', width=16)
Static Method

 

Dump data pointed to by the given registers, if any.

Parameters:
  • registers (dict( str → int )) - Dictionary mapping register names to their values.
  • data (dict( str → str )) - Dictionary mapping register names to the data they point to.
Returns: str
Text suitable for logging.

dump_data_peek(data, base=0, separator=' ', width=16)
Static Method

 

Dump data from pointers guessed within the given binary data.

Parameters:
  • data (str) - Dictionary mapping offsets to the data they point to.
  • base (int) - Base offset.
Returns: str
Text suitable for logging.

dump_stack_peek(data, separator=' ', width=16)
Static Method

 

Dump data from pointers guessed within the given stack dump.

Parameters:
  • data (str) - Dictionary mapping stack offsets to the data they point to.
Returns: str
Text suitable for logging.

dump_stack_trace(stack_trace)
Static Method

 

Dump a stack trace, as returned by Thread.get_stack_trace with the bUseLabels parameter set to False.

Parameters:
  • stack_trace (list( int, int, str )) - Stack trace as a list of tuples of ( return address, frame pointer, module filename )
Returns: str
Text suitable for logging.

dump_stack_trace_with_labels(stack_trace)
Static Method

 

Dump a stack trace, as returned by Thread.get_stack_trace with the bUseLabels parameter set to True.

Parameters:
  • stack_trace (list( int, int, str )) - Stack trace as a list of tuples of ( return address, frame pointer, module filename )
Returns: str
Text suitable for logging.

dump_code(disassembly, pc=None, bLowercase=True)
Static Method

 

Dump a disassembly. Optionally mark where the program counter is.

Parameters:
  • disassembly (list of tuple( int, int, str, str )) - Disassembly dump as returned by Process.disassemble or Thread.disassemble_around_pc.
  • pc (int) - (Optional) Program counter.
  • bLowercase (bool) - (Optional) If True convert the code to lowercase.
Returns: str
Text suitable for logging.

dump_code_line(disassembly_line, bShowAddress=True, bLowercase=True)
Static Method

 

Dump a single line of code. To dump a block of code use dump_code.

Parameters:
  • disassembly_line (tuple( int, int, str, str )) - Single item of the list returned by Process.disassemble or Thread.disassemble_around_pc.
  • bShowAddress (int) - (Optional) If True show the memory address.
  • bLowercase (bool) - (Optional) If True convert the code to lowercase.
Returns: str
Text suitable for logging.

dump_memory_map(memoryMap)
Static Method

 

Dump the memory map of a process.

Parameters:
Returns: str
Text suitable for logging.

Class Variable Details [hide private]

reg_template

Template for the dump_registers method.
Type:
str
Value:
'''eax=%(Eax).8x ebx=%(Ebx).8x ecx=%(Ecx).8x edx=%(Edx).8x esi=%(Esi).\
8x edi=%(Edi).8x
eip=%(Eip).8x esp=%(Esp).8x ebp=%(Ebp).8x %(efl_dump)s
cs=%(SegCs).4x  ss=%(SegSs).4x  ds=%(SegDs).4x  es=%(SegEs).4x  fs=%(S\
egFs).4x  gs=%(SegGs).4x             efl=%(EFlags).8x
'''

   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri May 15 21:56:41 2009 http://epydoc.sourceforge.net