Feel free to post vdb / vtrace scripts directly in here, or as links out to separate pages.
I'll fill in a few more examples here shortly... -visi
Vdb Scripts Edit
These assume you are running them from the vdb command prompt with the command "script <foo.py>" (or Tools->Python from the vdb gui). This means they can assume that a vtrace Trace() object is mapped into the script's namespace (as well as a bunch of other useful stuff...)
Find Executable Stack Pointers Edit
import envi.memory as e_mem sp = trace.getStackCounter() # We could actually use just 'esp' on x86, but this is architecture independent mmap = trace.getMemoryMap(sp) if mmap != None: mapva, mapsize, mapperms, mapfname = mmap # We'll just assume 32 bit for a sec... mapoffset = sp - mapva ptrcnt = (mapsize - mapoffset) / trace.getPointerSize() fmt = '<%dP' % ptrcnt for maybeptr in trace.readMemoryFormat(sp, fmt): submap = trace.getMemoryMap(maybeptr) if submap == None: continue submapva, submapsize, submapperms, submapfname = submap if submapperms & e_mem.MM_EXEC: print 'Executable Pointer: 0x%.8x found in stack...' % maybeptr