Hey Adam, Addresses of GUI objects are only valid in their "session space" which is part of kernel memory. Try passing winsta.obj_vm or desktop.obj_vm as the "space" parameter to dt() or db() instead of using the address space of the System process.
MHL
On 2/14/17 5:37 PM, Bridgey theGeek wrote:
> Hi all,
>
> I feel like I'm missing something obvious. Consider the following from
> volshell.
> Profile is Win10x64 in case it matters; I'd already imported
> messagehooks (mh).
>
>>>> sc()
> Current context: System @ 0xffffe00012a61840, pid=4, ppid=0 DTB=0x1aa000
>>>> for winsta, atom_tables in mh.calculate():
> ... for desktop in winsta.desktops():
> ... for wnd, _level in desktop.windows(desktop.DeskInfo.spwnd):
> ... if wnd.cbwndExtra == 8:
> ... break
>>>> wnd
> [tagWND spwndNext] @ 0xFFFFF90140A04AD0
>>>> dt(wnd)
> [tagWND spwndNext] @ 0xFFFFF90140A04AD0
> 0x0 : head 18446736382507371216
> 0x28 : bActiveFrame 0
> 0x28 : bAnsiCreator 0
> --SNIP--
> 0x120 : bLinked 1
> 0x120 : bRedirectedForPrint 0
> 0x120 : bVerticallyMaximizedLeft 0
> 0x120 : bVerticallyMaximizedRight 0
>>>> dt('tagWND', wnd.v())
> ERROR: could not instantiate object
>
> Reason: Invalid Address 0xFFFFF90140A04AD0, instantiating tagWND
>>>> hex(wnd.v())
> '0xfffff90140a04ad0L'
>>>> db(wnd.v())
> Memory unreadable at fffff90140a04ad0
>
> Why is the memory address unreadable? Is my error in assuming that
> object 'wnd' is made up of bytes located at 0xFFFFF90140A04AD0?
>
> Given the address is in Kernel space, I should be able to access it right?
>
> Any pointers appreciated! (Pardon the pun.)
>
> Adam
>
>
> _______________________________________________
> Vol-users mailing list
> [email protected]
> http://lists.volatilesystems.com/mailman/listinfo/vol-users
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Vol-users mailing list [email protected] http://lists.volatilesystems.com/mailman/listinfo/vol-users
