I tested
lkd> !pycmd
Python 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
and following method is ok
lkd> !pycmd
Python 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
still can't work properlygetOffset("nt!PsLoadedModuleList")
Traceback (most recent call last):
File "<console>", line 1, in <module>
SymbolException: PsLoadedModuleList is not found
nt = module("nt")
print nt
Module: nt
Start: ffffffff804d8000 End: ffffffff806d0480 Size: 1f8480
Image: ntkrnlpa.exe
Symbols: export symbols
Timestamp: 4802516a
Check Sum: 2050d3
nt.offset( "PsLoadedModuleList")
Traceback (most recent call last):
File "<console>", line 1, in <module>
SymbolException: PsLoadedModuleList is not found
and following method is ok
print expr('nt!PsLoadedModuleList')
2153074624