Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Module system :: Class Thread
[hide private]
[frames] | no frames]

Class Thread

source code

           object --+    
                    |    
ThreadDebugOperations --+
                        |
                       Thread

Interface to a thread in another process.

Nested Classes [hide private]
    Registers
  Flags
Commonly used processor flags
Instance Methods [hide private]
 
__init__(self, dwThreadId, hThread=None, process=None)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature		 source code
 
__get_pid_by_scanning(self)
Internally used by get_pid().		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

    Properties
Process
get_process(self)
Returns: Parent Process object.		 source code
 
set_process(self, process=None)
Manually set the parent Process object.		 source code
int
get_pid(self)
Returns: Parent process global ID.		 source code
int
get_tid(self)
Returns: Thread global ID.		 source code
str
get_name(self)
Returns: Thread name, or None if the thread is nameless.		 source code
 
set_name(self, name=None)
Sets the thread's name.		 source code
bool
is_alive(self)
Returns: True if the thread if currently running.		 source code
int
get_exit_code(self)
Returns: Thread exit code, or STILL_ACTIVE if it's still alive.		 source code
list of Window
get_windows(self)
Returns: Returns a list of windows handled by this thread.		 source code
TEB
get_teb(self)
Returns a copy of the TEB. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
int
get_teb_address(self)
Returns a remote pointer to the TEB. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
bool
is_wow64(self)
Determines if the thread is running under WOW64. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
    Instrumentation
 
wait(self, dwTimeout=None)
Waits for the thread to finish executing.		 source code
 
kill(self, dwExitCode=0)
Terminates the thread execution.		 source code
int
suspend(self)
Suspends the thread execution.		 source code
int
resume(self)
Resumes the thread execution.		 source code
    Registers
dict( str → int )
get_context(self, ContextFlags=None)
Returns: Dictionary mapping register names to their values.		 source code
 
set_context(self, context)
Sets the values of the registers.		 source code
int
get_register(self, register)
Returns: Value of the requested register.		 source code
int
set_register(self, register, value)
Sets the value of a specific register.		 source code
int
get_pc(self)
Returns: Value of the program counter register.		 source code
 
set_pc(self, pc)
Sets the value of the program counter register.		 source code
int
get_fp(self)
Returns: Value of the frame pointer register.		 source code
 
set_fp(self, fp)
Sets the value of the frame pointer register.		 source code
int
get_gp(self)
Returns: Value of the GP register.		 source code
 
set_gp(self, gp)
Sets the value of the frame pointer register.		 source code
int
get_sp(self)
Returns: Value of the stack pointer register.		 source code
 
set_sp(self, sp)
Sets the value of the stack pointer register.		 source code
int
get_rp(self)
Returns: Value of the RP register.		 source code
 
set_rp(self, rp)
Sets the value of the RP register.		 source code
int
get_flags(self, FlagMask=4294967295)
Returns: Flags register contents, optionally masking out some bits.		 source code
 
set_flags(self, eflags, FlagMask=4294967295)
Sets the flags register, optionally masking some bits.		 source code
bool
get_flag_value(self, FlagBit)
Returns: Boolean value of the requested flag.		 source code
 
set_flag_value(self, FlagBit, FlagValue)
Sets a single flag, leaving the others intact.		 source code
bool
get_zf(self)
Returns: Boolean value of the Zero flag.		 source code
bool
get_cf(self)
Returns: Boolean value of the Carry flag.		 source code
bool
get_sf(self)
Returns: Boolean value of the Sign flag.		 source code
bool
get_df(self)
Returns: Boolean value of the Direction flag.		 source code
bool
get_tf(self)
Returns: Boolean value of the Trap flag.		 source code
 
clear_zf(self)
Clears the Zero flag.		 source code
 
clear_cf(self)
Clears the Carry flag.		 source code
 
clear_sf(self)
Clears the Sign flag.		 source code
 
clear_df(self)
Clears the Direction flag.		 source code
 
clear_tf(self)
Clears the Trap flag.		 source code
 
set_zf(self)
Sets the Zero flag.		 source code
 
set_cf(self)
Sets the Carry flag.		 source code
 
set_sf(self)
Sets the Sign flag.		 source code
 
set_df(self)
Sets the Direction flag.		 source code
 
set_tf(self)
Sets the Trap flag.		 source code
    Handle
 
open_handle(self, dwDesiredAccess=2035711)
Opens a new handle to the thread.		 source code
 
close_handle(self)
Closes the handle to the thread.		 source code
ThreadHandle
get_handle(self)
Returns: Handle to the thread.		 source code
    Debugging
list of tuple( int, int )
get_seh_chain(self)
Returns: List of structured exception handlers. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
int
get_seh_chain_pointer(self)
Get the pointer to the first structured exception handler block. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple of ( list of win32.WAITCHAIN_NODE_INFO structures, bool)
get_wait_chain(self)
Returns: Wait chain for the thread. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
 
set_seh_chain_pointer(self, value)
Change the pointer to the first structured exception handler block. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
    Disassembly
list of tuple( long, int, str, str )
disassemble(self, lpAddress, dwSize)
Disassemble instructions from the address space of the process. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
list of tuple( long, int, str, str )
disassemble_around(self, lpAddress, dwSize=64)
Disassemble around the given address. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
list of tuple( long, int, str, str )
disassemble_around_pc(self, dwSize=64)
Disassemble around the program counter of the given thread. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( long, int, str, str )
disassemble_current(self)
Disassemble the instruction at the program counter of the given thread. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( long, int, str, str )
disassemble_instruction(self, lpAddress)
Disassemble the instruction at the given memory address. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
list of tuple( long, int, str, str )
disassemble_string(self, lpAddress, code)
Disassemble instructions from a block of binary code. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
    Stack
str
get_stack_frame(self, max_size=None)
Reads the contents of the current stack frame. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int, int )
get_stack_frame_range(self)
Returns the starting and ending addresses of the stack frame. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int, int )
get_stack_range(self)
Returns: Stack beginning and end pointers, in memory addresses order. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple of tuple( int, int, str )
get_stack_trace(self, depth=16)
Tries to get a stack trace for the current function. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple of tuple( int, int, str )
get_stack_trace_with_labels(self, depth=16, bMakePretty=True)
Tries to get a stack trace for the current function. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
peek_stack_data(self, size=128, offset=0)
Tries to read the contents of the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int... )
peek_stack_dwords(self, count, offset=0)
Tries to read DWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int... )
peek_stack_qwords(self, count, offset=0)
Tries to read QWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
read_stack_data(self, size=128, offset=0)
Reads the contents of the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int... )
read_stack_dwords(self, count, offset=0)
Reads DWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
tuple( int... )
read_stack_qwords(self, count, offset=0)
Reads QWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
    Miscellaneous
str
get_label_at_pc(self)
Returns: Label that points to the instruction currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
int
get_linear_address(self, segment, address)
Translates segment-relative addresses to linear addresses. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
peek_code_bytes(self, size=128, offset=0)
Tries to read some bytes of the code currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
dict( str → str )
peek_pointers_in_data(self, data, peekSize=16, peekStep=1)
Tries to guess which values in the given data are valid pointers, and reads some data from them. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
dict( str → str )
peek_pointers_in_registers(self, peekSize=16, context=None)
Tries to guess which values in the registers are valid pointers, and reads some data from them. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
str
read_code_bytes(self, size=128, offset=0)
Tries to read some bytes of the code currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)		 source code
Instance Variables [hide private]
Process process
Parent process object.
int dwThreadId
Global thread ID.
ThreadHandle hThread
Handle to the thread.
int pInjectedMemory
If the thread was created by Process.inject_code, this member contains a pointer to the memory buffer for the injected code.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, dwThreadId, hThread=None, process=None)
(Constructor)

source code 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Parameters:
  • dwThreadId (int) - Global thread ID.
  • hThread (ThreadHandle) - (Optional) Handle to the thread.
  • process (Process) - (Optional) Parent Process object.
Overrides: object.__init__

get_process(self)

source code 
Returns: Process
Parent Process object. Returns None if unknown.

set_process(self, process=None)

source code 

Manually set the parent Process object. Use with care!

Parameters:
  • process (Process) - (Optional) Process object. Use None for no process.

get_pid(self)

source code 
Returns: int
Parent process global ID.
Raises:
  • WindowsError - An error occured when calling a Win32 API function.
  • RuntimeError - The parent process ID can't be found.

get_tid(self)

source code 
Returns: int
Thread global ID.

get_name(self)

source code 
Returns: str
Thread name, or None if the thread is nameless.

set_name(self, name=None)

source code 

Sets the thread's name.

Parameters:
  • name (str) - Thread name, or None if the thread is nameless.

open_handle(self, dwDesiredAccess=2035711)

source code 

Opens a new handle to the thread.

The new handle is stored in the hThread property.

close_handle(self)

source code 

Closes the handle to the thread.

Note: Normally you don't need to call this method. All handles created by WinAppDbg are automatically closed when the garbage collector claims them. So unless you've been tinkering with it, setting hThread to None should be enough.

get_handle(self)

source code 
Returns: ThreadHandle
Handle to the thread.

wait(self, dwTimeout=None)

source code 

Waits for the thread to finish executing.

Parameters:
  • dwTimeout (int) - (Optional) Timeout value in milliseconds. Use INFINITE or None for no timeout.

kill(self, dwExitCode=0)

source code 

Terminates the thread execution.

Parameters:
  • dwExitCode (int) - (Optional) Thread exit code.

Note: If the lpInjectedMemory member contains a valid pointer, the memory is freed.

suspend(self)

source code 

Suspends the thread execution.

Returns: int
Suspend count. If zero, the thread is running.

resume(self)

source code 

Resumes the thread execution.

Returns: int
Suspend count. If zero, the thread is running.

is_alive(self)

source code 
Returns: bool
True if the thread if currently running.

get_exit_code(self)

source code 
Returns: int
Thread exit code, or STILL_ACTIVE if it's still alive.

get_windows(self)

source code 
Returns: list of Window
Returns a list of windows handled by this thread.

get_context(self, ContextFlags=None)

source code 
Parameters:
  • ContextFlags (int) - Optional, specify which registers to retrieve. Defaults to win32.CONTEXT_ALL which retrieves all registes for the current platform.
Returns: dict( str → int )
Dictionary mapping register names to their values.

See Also: set_context

set_context(self, context)

source code 

Sets the values of the registers.

Parameters:
  • context (dict( str → int )) - Dictionary mapping register names to their values.

See Also: get_context

get_register(self, register)

source code 
Parameters:
  • register (str) - Register name.
Returns: int
Value of the requested register.

set_register(self, register, value)

source code 

Sets the value of a specific register.

Parameters:
  • register (str) - Register name.
Returns: int
Register value.

get_pc(self)

source code 
Returns: int
Value of the program counter register.

set_pc(self, pc)

source code 

Sets the value of the program counter register.

Parameters:
  • pc (int) - Value of the program counter register.

get_fp(self)

source code 
Returns: int
Value of the frame pointer register.

set_fp(self, fp)

source code 

Sets the value of the frame pointer register.

Parameters:
  • fp (int) - Value of the frame pointer register.

get_gp(self)

source code 
Returns: int
Value of the GP register.

set_gp(self, gp)

source code 

Sets the value of the frame pointer register.

Parameters:
  • gp (int) - Value of the GP register.

get_sp(self)

source code 
Returns: int
Value of the stack pointer register.

set_sp(self, sp)

source code 

Sets the value of the stack pointer register.

Parameters:
  • sp (int) - Value of the stack pointer register.

get_rp(self)

source code 
Returns: int
Value of the RP register.

set_rp(self, rp)

source code 

Sets the value of the RP register.

Parameters:
  • rp (int) - Value of the RP register.

get_flags(self, FlagMask=4294967295)

source code 
Parameters:
  • FlagMask (int) - (Optional) Bitwise-AND mask.
Returns: int
Flags register contents, optionally masking out some bits.

set_flags(self, eflags, FlagMask=4294967295)

source code 

Sets the flags register, optionally masking some bits.

Parameters:
  • eflags (int) - Flags register contents.
  • FlagMask (int) - (Optional) Bitwise-AND mask.

get_flag_value(self, FlagBit)

source code 
Parameters:
  • FlagBit (int) - One of the Flags.
Returns: bool
Boolean value of the requested flag.

set_flag_value(self, FlagBit, FlagValue)

source code 

Sets a single flag, leaving the others intact.

Parameters:
  • FlagBit (int) - One of the Flags.
  • FlagValue (bool) - Boolean value of the flag.

get_zf(self)

source code 
Returns: bool
Boolean value of the Zero flag.

get_cf(self)

source code 
Returns: bool
Boolean value of the Carry flag.

get_sf(self)

source code 
Returns: bool
Boolean value of the Sign flag.

get_df(self)

source code 
Returns: bool
Boolean value of the Direction flag.

get_tf(self)

source code 
Returns: bool
Boolean value of the Trap flag.

Instance Variable Details [hide private]

process

Parent process object. Use get_process instead.
Get Method:
get_process(self) - Returns: Parent Process object.
Set Method:
set_process(self, process=None) - Manually set the parent Process object.

dwThreadId

Global thread ID. Use get_tid instead.
Type:
int

hThread

Handle to the thread. Use get_handle instead.
Type:
ThreadHandle

pInjectedMemory

If the thread was created by Process.inject_code, this member contains a pointer to the memory buffer for the injected code. Otherwise it's None.

The kill method uses this member to free the buffer when the injected thread is killed.

Type:
int

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Tue Jul 20 14:32:16 2010 http://epydoc.sourceforge.net