Updated Release: PYKD 0.3.3.0 (окт 04, 2017)

Supported Python Version

• Python 2.7 x86/x64
• Python 3.5 x86/x64
• Python 3.6 x86/x64

Installation as a WinDBG extension with pykd bootstrapper

If you are going to run pykd in the windbg it is easiest way. Follow this link pykd bootstrapper 2.0 to install pykd bootstrapper and get started.

Python 3.0 support

Pykd bootstrapper 2.0 fully supports python 3.x. You can use 2.x and 3.x python both inside the same windbg session. You can install pykd from PyPi for python 3.5 and 3.6. For another 3.x pythons you need to build pykd manually.

Installation as a Python package with pip:

You can install pykd as a common python package with pip:

pip install pykd

Or upgrade existing version:

pip install pykd --upgrade

Pip documentation: https://pip.pypa.io
Pykd page on the PyPI: https://pypi.python.org/pypi/pykd

If pip can not install pykd from PyPI

Sometimes pip can not install packages from PyPi, for example due proxy with NTLM authorization. In this situation you can download a python wheel ( file with wlh extension ) and install it with pip locally:

pip install pykd-0.3.1.1-cp27-none-win32.whl

Manual Installation guide:

0. choose x86 or x64 and download it
1. unpack archive to any catalog
2. run windbg and load pykd:
.load path-to-pykd
3. to use pykd within python program add a path to pykd to the PYTHONPATH or via registry ( \SOFTWARE\Python\PythonCore\version\PythonPath )

Attention!!! Do not attempt to copy pykd.pyd of the 0.3.x version over 0.2.x . It will not work properly!

What's new

Enumerating .Net heap

#get heap object
heap = targetProcess.getCurrent().getManagedHeap()

#print all heap's entries
for entry in heap.entries():
    print entry

#print all heap's entries matching type name mask:
for entry in heap.entries(typeName="System.String"):
    print entry

#print all heap entries with size in range:
for entry in heap.entries(minSize=200, maxSize=200):
    print entry

Getting .Net heap object

process  = targetProcess.getCurrent()
heap = process.getManagedHeap()
objAddr, _, _ = heap.entries("managedapp.TestClass")[0]
var = process.getManagedVar(objAddr)
print var
print var.intArray[2]

Output:

Managed class: managedapp.TestClass at 2a400002ca8
   +0008 longField               :   0xaabbccdd (2864434397)
   +0010 intField                :   0x0 (0)
   +0038 charField               :   0x61 (97)
   +003a shortField              :   0xd80 (3456)
   +0018 intArray                :   Array
   +0020 floatArray              :   Array
   +0028 strField                :   "Hello"
   +0014 daysField               :   Enum
   +0030 class1Field             :   Class

Int4B at cached data Value: 0x80 (128)

Getting struct fields as dict's elements:

var = typedVar(VarType, varAddr)
print var.field #get field as attribute
print var["field"] # get field by key

You can use it for example as scope for eval function:

print eval(  "field == 100", {}, var ) # field is a local varibale getting from locals

Bug fixed:

• issue #14135 ( memory leak in typeInfo )