Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module system :: Class Thread
[hide private]
[frames] | no frames]

Class Thread

source code

Interface to a thread in another process.

Nested Classes [hide private]
    Registers
  Flags
Commonly used processor flags
Instance Methods [hide private]
 
__init__(self, dwThreadId, hThread=None, process=None)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature		 source code
 
__get_pid_by_scanning(self)
Internally used by get_pid().		 source code
list of Window
get_windows(self)
Returns: Returns a list of windows handled by this thread.		 source code
int
get_gp(self)
Returns: Value of the GP register.		 source code
 
set_gp(self, gp)
Sets the value of the frame pointer register.		 source code
int
get_rp(self)
Returns: Value of the RP register.		 source code
 
set_rp(self, rp)
Sets the value of the RP register.		 source code
tuple( int... )
peek_stack_qwords(self, count, offset=0)
Tries to read QWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int... )
read_stack_qwords(self, count, offset=0)
Reads QWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

    Properties
Process
get_process(self)
Returns: Parent Process object.		 source code
int
get_pid(self)
Returns: Parent process global ID.		 source code
int
get_tid(self)
Returns: Thread global ID.		 source code
str
get_name(self)
Returns: Thread name, or None if the thread is nameless.		 source code
 
set_name(self, name=None)
Sets the thread's name.		 source code
bool
is_alive(self)
Returns: True if the thread if currently running.		 source code
int
get_exit_code(self)
Returns: Thread exit code, or STILL_ACTIVE if it's still alive.		 source code
TEB
get_teb(self)
Returns a copy of the TEB. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
int
get_teb_address(self)
Returns a remote pointer to the TEB. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
bool
is_wow64(self)
Determines if the thread is running under WOW64. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
    Instrumentation
 
wait(self, dwTimeout=None)
Waits for the thread to finish executing.		 source code
 
kill(self, dwExitCode=0)
Terminates the thread execution.		 source code
int
suspend(self)
Suspends the thread execution.		 source code
int
resume(self)
Resumes the thread execution.		 source code
    Registers
dict( str → int )
get_context(self, ContextFlags=None)
Returns: Dictionary mapping register names to their values.		 source code
 
set_context(self, context)
Sets the values of the registers.		 source code
int
get_register(self, register)
Returns: Value of the requested register.		 source code
int
set_register(self, register, value)
Sets the value of a specific register.		 source code
int
get_pc(self)
Returns: Value of the program counter register.		 source code
 
set_pc(self, pc)
Sets the value of the program counter register.		 source code
int
get_fp(self)
Returns: Value of the frame pointer register.		 source code
 
set_fp(self, fp)
Sets the value of the frame pointer register.		 source code
int
get_sp(self)
Returns: Value of the stack pointer register.		 source code
 
set_sp(self, sp)
Sets the value of the stack pointer register.		 source code
int
get_flags(self, FlagMask=4294967295)
Returns: Flags register contents, optionally masking out some bits.		 source code
 
set_flags(self, eflags, FlagMask=4294967295)
Sets the flags register, optionally masking some bits.		 source code
bool
get_flag_value(self, FlagBit)
Returns: Boolean value of the requested flag.		 source code
 
set_flag_value(self, FlagBit, FlagValue)
Sets a single flag, leaving the others intact.		 source code
bool
get_zf(self)
Returns: Boolean value of the Zero flag.		 source code
bool
get_cf(self)
Returns: Boolean value of the Carry flag.		 source code
bool
get_sf(self)
Returns: Boolean value of the Sign flag.		 source code
bool
get_df(self)
Returns: Boolean value of the Direction flag.		 source code
bool
get_tf(self)
Returns: Boolean value of the Trap flag.		 source code
 
clear_zf(self)
Clears the Zero flag.		 source code
 
clear_cf(self)
Clears the Carry flag.		 source code
 
clear_sf(self)
Clears the Sign flag.		 source code
 
clear_df(self)
Clears the Direction flag.		 source code
 
clear_tf(self)
Clears the Trap flag.		 source code
 
set_zf(self)
Sets the Zero flag.		 source code
 
set_cf(self)
Sets the Carry flag.		 source code
 
set_sf(self)
Sets the Sign flag.		 source code
 
set_df(self)
Sets the Direction flag.		 source code
 
set_tf(self)
Sets the Trap flag.		 source code
    Handle
 
open_handle(self, dwDesiredAccess=2035711)
Opens a new handle to the thread.		 source code
 
close_handle(self)
Closes the handle to the thread.		 source code
ThreadHandle
get_handle(self)
Returns: Handle to the thread.		 source code
    Disassembly
list of tuple( long, int, str, str )
disassemble(self, lpAddress, dwSize)
Disassemble instructions from the address space of the process. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
list of tuple( long, int, str, str )
disassemble_around(self, lpAddress, dwSize=64)
Disassemble around the given address. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
list of tuple( long, int, str, str )
disassemble_around_pc(self, dwSize=64)
Disassemble around the program counter of the given thread. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( long, int, str, str )
disassemble_current(self)
Disassemble the instruction at the program counter of the given thread. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( long, int, str, str )
disassemble_instruction(self, lpAddress)
Disassemble the instruction at the given memory address. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
list of tuple( long, int, str, str )
disassemble_string(self, lpAddress, code)
Disassemble instructions from a block of binary code. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
    Stack
str
get_stack_frame(self, max_size=None)
Reads the contents of the current stack frame. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int, int )
get_stack_frame_range(self)
Returns the starting and ending addresses of the stack frame. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int, int )
get_stack_range(self)
Returns: Stack beginning and end pointers, in memory addresses order. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple of tuple( int, int, str )
get_stack_trace(self, depth=16)
Tries to get a stack trace for the current function. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple of tuple( int, int, str )
get_stack_trace_with_labels(self, depth=16, bMakePretty=True)
Tries to get a stack trace for the current function. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
peek_stack_data(self, size=128, offset=0)
Tries to read the contents of the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int... )
peek_stack_dwords(self, count, offset=0)
Tries to read DWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
read_stack_data(self, size=128, offset=0)
Reads the contents of the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int... )
read_stack_dwords(self, count, offset=0)
Reads DWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
    Miscellaneous
str
get_label_at_pc(self)
Returns: Label that points to the instruction currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
int
get_linear_address(self, segment, address)
Translates segment-relative addresses to linear addresses. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
list of tuple( int, int )
get_seh_chain(self)
Returns: List of structured exception handlers. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple of ( list of win32.WAITCHAIN_NODE_INFO structures, bool)
get_wait_chain(self)
Returns: Wait chain for the thread. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
peek_code_bytes(self, size=128, offset=0)
Tries to read some bytes of the code currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
dict( str → str )
peek_pointers_in_data(self, data, peekSize=16, peekStep=1)
Tries to guess which values in the given data are valid pointers, and reads some data from them. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
dict( str → str )
peek_pointers_in_registers(self, peekSize=16, context=None)
Tries to guess which values in the registers are valid pointers, and reads some data from them. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
read_code_bytes(self, size=128, offset=0)
Tries to read some bytes of the code currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
Instance Variables [hide private]
int dwThreadId
Global thread ID.
ThreadHandle hThread
Handle to the thread.
int pInjectedMemory
If the thread was created by Process.inject_code, this member contains a pointer to the memory buffer for the injected code.
Process process
Parent process object.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, dwThreadId, hThread=None, process=None)
(Constructor)

source code 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Parameters:
  • dwThreadId (int) - Global thread ID.
  • hThread (ThreadHandle) - (Optional) Handle to the thread.
  • process (Process) - (Optional) Parent Process object.
Overrides: object.__init__

get_process(self)

source code 
Returns: Process
Parent Process object.

get_pid(self)

source code 
Returns: int
Parent process global ID.
Raises:
  • WindowsError - An error occured when calling a Win32 API function.
  • RuntimeError - The parent process ID can't be found.

get_tid(self)

source code 
Returns: int
Thread global ID.

get_name(self)

source code 
Returns: str
Thread name, or None if the thread is nameless.

set_name(self, name=None)

source code 

Sets the thread's name.

Parameters:
  • name (str) - Thread name, or None if the thread is nameless.

get_handle(self)

source code 
Returns: ThreadHandle
Handle to the thread.

wait(self, dwTimeout=None)

source code 

Waits for the thread to finish executing.

Parameters:
  • dwTimeout (int) - (Optional) Timeout value in milliseconds. Use INFINITE or None for no timeout.

kill(self, dwExitCode=0)

source code 

Terminates the thread execution.

Parameters:
  • dwExitCode (int) - (Optional) Thread exit code.

Note: If the lpInjectedMemory member contains a valid pointer, the memory is freed.

suspend(self)

source code 

Suspends the thread execution.

Returns: int
Suspend count. If zero, the thread is running.

resume(self)

source code 

Resumes the thread execution.

Returns: int
Suspend count. If zero, the thread is running.

is_alive(self)

source code 
Returns: bool
True if the thread if currently running.

get_exit_code(self)

source code 
Returns: int
Thread exit code, or STILL_ACTIVE if it's still alive.

get_windows(self)

source code 
Returns: list of Window
Returns a list of windows handled by this thread.

get_context(self, ContextFlags=None)

source code 
Parameters:
  • ContextFlags (int) - Optional, specify which registers to retrieve. Defaults to win32.CONTEXT_ALL which retrieves all registes for the current platform.
Returns: dict( str → int )
Dictionary mapping register names to their values.

See Also: set_context

set_context(self, context)

source code 

Sets the values of the registers.

Parameters:
  • context (dict( str → int )) - Dictionary mapping register names to their values.

See Also: get_context

get_register(self, register)

source code 
Parameters:
  • register (str) - Register name.
Returns: int
Value of the requested register.

set_register(self, register, value)

source code 

Sets the value of a specific register.

Parameters:
  • register (str) - Register name.
Returns: int
Register value.

get_pc(self)

source code 
Returns: int
Value of the program counter register.

set_pc(self, pc)

source code 

Sets the value of the program counter register.

Parameters:
  • pc (int) - Value of the program counter register.

get_fp(self)

source code 
Returns: int
Value of the frame pointer register.

set_fp(self, fp)

source code 

Sets the value of the frame pointer register.

Parameters:
  • fp (int) - Value of the frame pointer register.

get_gp(self)

source code 
Returns: int
Value of the GP register.

set_gp(self, gp)

source code 

Sets the value of the frame pointer register.

Parameters:
  • gp (int) - Value of the GP register.

get_sp(self)

source code 
Returns: int
Value of the stack pointer register.

set_sp(self, sp)

source code 

Sets the value of the stack pointer register.

Parameters:
  • sp (int) - Value of the stack pointer register.

get_rp(self)

source code 
Returns: int
Value of the RP register.

set_rp(self, rp)

source code 

Sets the value of the RP register.

Parameters:
  • rp (int) - Value of the RP register.

get_flags(self, FlagMask=4294967295)

source code 
Parameters:
  • FlagMask (int) - (Optional) Bitwise-AND mask.
Returns: int
Flags register contents, optionally masking out some bits.

set_flags(self, eflags, FlagMask=4294967295)

source code 

Sets the flags register, optionally masking some bits.

Parameters:
  • eflags (int) - Flags register contents.
  • FlagMask (int) - (Optional) Bitwise-AND mask.

get_flag_value(self, FlagBit)

source code 
Parameters:
  • FlagBit (int) - One of the Flags.
Returns: bool
Boolean value of the requested flag.

set_flag_value(self, FlagBit, FlagValue)

source code 

Sets a single flag, leaving the others intact.

Parameters:
  • FlagBit (int) - One of the Flags.
  • FlagValue (bool) - Boolean value of the flag.

get_zf(self)

source code 
Returns: bool
Boolean value of the Zero flag.

get_cf(self)

source code 
Returns: bool
Boolean value of the Carry flag.

get_sf(self)

source code 
Returns: bool
Boolean value of the Sign flag.

get_df(self)

source code 
Returns: bool
Boolean value of the Direction flag.

get_tf(self)

source code 
Returns: bool
Boolean value of the Trap flag.

Instance Variable Details [hide private]

dwThreadId

Global thread ID. Use get_tid instead.
Type:
int

hThread

Handle to the thread. Use get_handle instead.
Type:
ThreadHandle

pInjectedMemory

If the thread was created by Process.inject_code, this member contains a pointer to the memory buffer for the injected code. Otherwise it's None.

The kill method uses this member to free the buffer when the injected thread is killed.

Type:
int

process

Parent process object. Use get_process instead.
Type:
Process

   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri Feb 12 19:46:25 2010 http://epydoc.sourceforge.net