📄 win32wlk.c
字号:
{
lbprintf( HWndDetails, "Environment Database:" );
__try
{
lbprintf(HWndDetails, " pszEnvironment: %08X", pedb->pszEnvironment);
lbprintf(HWndDetails, " pszCmdLine: %s", pedb->pszCmdLine);
}
__except( 1 ){}
lbprintf( HWndDetails, " pszCurrDirectory: %s", pedb->pszCurrDirectory );
lbprintf( HWndDetails, " pStartupInfo: %08X", pedb->pStartupInfo );
lbprintf( HWndDetails, " hStdIn: %08X", pedb->hStdIn );
lbprintf( HWndDetails, " hStdOut: %08X", pedb->hStdOut );
lbprintf( HWndDetails, " hStdErr: %08X", pedb->hStdErr );
lbprintf( HWndDetails, " un2: %08X", pedb->un2 );
lbprintf( HWndDetails, " InheritConsole: %08X", pedb->InheritConsole );
lbprintf( HWndDetails, " BreakType: %08X", pedb->BreakType );
lbprintf( HWndDetails, " BreakSem: %08X", pedb->BreakSem );
lbprintf( HWndDetails, " BreakEvent: %08X", pedb->BreakEvent );
lbprintf( HWndDetails, " BreakThreadID: %08X", pedb->BreakThreadID );
lbprintf( HWndDetails, " BreakHandlers: %08X", pedb->BreakHandlers );
}
__try
{
MBassert( !pedb->un1 );
}
__except( 1 ){}
}
void ShowHandleTableDetails( PHANDLE_TABLE pHndTbl )
{
char szBuffer[384];
unsigned i;
if ( IsBadReadPtr(pHndTbl, sizeof(HANDLE_TABLE)) || !pHndTbl->cEntries )
{
MessageBox( 0, "Not a valid handle table", 0, MB_OK );
return;
}
wsprintf(szBuffer, "Handle Table: %08X", pHndTbl);
SendMessage( HWndDetailsDescription, WM_SETTEXT, 0, (LPARAM)szBuffer );
SendMessage(HWndDetails, LB_RESETCONTENT, 0, 0);
SendMessage( HWndDetails, WM_SETREDRAW, FALSE, 0 ); // Turn off redraws
for ( i=0; i < pHndTbl->cEntries; i++ )
{
if ( !pHndTbl->array[i].pObject )
continue;
lbprintf( HWndDetails, "%02X %08X %s", i, pHndTbl->array[i].pObject,
GetKernel32ObjectType(pHndTbl->array[i].pObject) );
}
SendMessage( HWndDetails, WM_SETREDRAW, TRUE, 0 ); // Turn on redraws
}
DWORD_FLAGS TIBFlagNames[] =
{
{ 0x00000001, "TIBF_WIN32" },
{ 0x00000002, "TIBF_TRAP" },
};
DWORD_FLAGS TDBFlagNames[] =
{
{ 0x00000001, "fCreateThreadEvent" },
{ 0x00000002, "fCancelExceptionAbort" },
{ 0x00000004, "fOnTempStack" },
{ 0x00000008, "fGrowableStack" },
{ 0x00000010, "fDelaySingleStep" },
{ 0x00000020, "fOpenExeAsImmovableFile" },
{ 0x00000040, "fCreateSuspended" },
{ 0x00000080, "fStackOverflow" },
{ 0x00000100, "fNestedCleanAPCs" },
{ 0x00000200, "fWasOemNowAnsi" },
{ 0x00000400, "fOKToSetThreadOem" },
};
void ShowThreadDetails( DWORD tid )
{
char szBuffer[512];
char szBuffer2[20];
PTHREAD_DATABASE ptdb;
unsigned i;
if ( !IsThreadId(tid) )
{
MessageBox( 0, "Not a valid thread", 0, MB_OK );
return;
}
ptdb = TIDToTDB(tid);
GetProcessNameFromHTask( (HTASK)ptdb->W16TDB, szBuffer2 );
wsprintf(szBuffer, "Thread: %08X (%08X) %s", tid, ptdb, szBuffer2 );
SendMessage( HWndDetailsDescription, WM_SETTEXT, 0, (LPARAM)szBuffer );
SendMessage(HWndDetails, LB_RESETCONTENT, 0, 0);
SendMessage( HWndDetails, WM_SETREDRAW, FALSE, 0 ); // Turn off redraws
lbprintf(HWndDetails, "+pProcess: %08X", ptdb->pProcess);
RecordListboxLineTypeAndValue( HWndDetails, LB_ITEM_PROCESS,
(DWORD)PIDToPDB((DWORD)ptdb->pProcess) );
lbprintf(HWndDetails, "+pProcess2: %08X", ptdb->pProcess2);
RecordListboxLineTypeAndValue( HWndDetails, LB_ITEM_PROCESS,
(DWORD)PIDToPDB((DWORD)ptdb->pProcess2) );
lbprintf(HWndDetails, "pCurrentPriority: %08X (%X)",
ptdb->pCurrentPriority, *(ptdb->pCurrentPriority) );
lbprintf(HWndDetails, "DeltaPriority: %08X", ptdb->DeltaPriority);
lbprintf(HWndDetails, "TopOfStack: %08X (size:%X)",
ptdb->TopOfStack,
ptdb->TopOfStack -(ptdb->StackBase ? ptdb->StackBase:ptdb->TopOfStack));
lbprintf(HWndDetails, "StackLow: %08X (used:%X)", ptdb->StackLow,
ptdb->TopOfStack - ptdb->StackLow);
lbprintf(HWndDetails, "StackBase: %08X", ptdb->StackBase);
lbprintf(HWndDetails, "StackSelector16: %04X", ptdb->StackSelector16);
lbprintf(HWndDetails, "ThunkSS16: %04X", ptdb->ThunkSS16);
lbprintf(HWndDetails, "CurrentSS: %08X", ptdb->CurrentSS);
lbprintf(HWndDetails, "NegStackBase: %08X", ptdb->NegStackBase);
lbprintf(HWndDetails, "SSTable: %08X", ptdb->SSTable);
lbprintf(HWndDetails, "+pTIB: %08X", ptdb->pTIB);
RecordListboxLineTypeAndValue( HWndDetails, LB_ITEM_TIB,(DWORD)ptdb->pTIB);
lbprintf(HWndDetails, "TIBSelector: %04X", ptdb->TIBSelector);
wsprintf(szBuffer, "TIBFlags: %08X ", ptdb->TIBFlags );
for ( i=0; i < (sizeof(TIBFlagNames)/sizeof(DWORD_FLAGS)); i++ )
if ( ptdb->TIBFlags & TIBFlagNames[i].value )
wsprintf(szBuffer + lstrlen(szBuffer), "%s ",
TIBFlagNames[i].name);
lbprintf( HWndDetails, szBuffer );
lbprintf(HWndDetails, "W16TDB: %04X", ptdb->W16TDB);
lbprintf(HWndDetails, "MessageQueue: %04X", ptdb->MessageQueue);
lbprintf(HWndDetails, "GetLastErrorCode: %08X", ptdb->GetLastErrorCode);
lbprintf(HWndDetails, "Win16MutexCount: %04X", ptdb->Win16MutexCount);
lbprintf(HWndDetails, "pvExcept: %08X", ptdb->pvExcept);
wsprintf(szBuffer, "Flags: %08X ", ptdb->Flags );
for ( i=0; i < (sizeof(TDBFlagNames)/sizeof(DWORD_FLAGS)); i++ )
if ( ptdb->Flags & TDBFlagNames[i].value )
wsprintf(szBuffer + lstrlen(szBuffer), "%s ",
TDBFlagNames[i].name);
lbprintf( HWndDetails, szBuffer );
lbprintf(HWndDetails, "WaitNodeList: %08X", ptdb->WaitNodeList);
lbprintf(HWndDetails, "Ring0Thread: %08X", ptdb->Ring0Thread);
lbprintf(HWndDetails, "pTDBX: %08X", ptdb->pTDBX);
lbprintf(HWndDetails, "TerminationStatus: %08X", ptdb->TerminationStatus);
lbprintf(HWndDetails, "TerminationStack: %08X", ptdb->TerminationStack);
lbprintf(HWndDetails, "ThreadContext: %08X", ptdb->ThreadContext);
lbprintf(HWndDetails, "DebugContext: %08X", ptdb->DebugContext);
lbprintf(HWndDetails, "DebuggerCB: %08X", ptdb->DebuggerCB);
lbprintf(HWndDetails, "DebuggerThread: %08X", ptdb->DebuggerThread);
// Relatively uninteresting fields
lbprintf(HWndDetails, "Type: %08X", ptdb->Type);
lbprintf(HWndDetails, "cReference: %08X", ptdb->cReference);
lbprintf(HWndDetails, "someEvent: %08X", ptdb->someEvent);
lbprintf(HWndDetails, "pTLSArray: %08X", ptdb->pTLSArray);
MBassert( ((DWORD)ptdb + offsetof(THREAD_DATABASE, TLSArray))
== ptdb->pTLSArray);
lbprintf(HWndDetails, "EmulatorSelector: %04X", ptdb->EmulatorSelector);
lbprintf(HWndDetails, "EmulatorData: %08X", ptdb->EmulatorData);
lbprintf(HWndDetails, "SelmanList: %08X", ptdb->SelmanList);
lbprintf(HWndDetails, "un4: %08X", ptdb->un4);
MBassert( !ptdb->UserPointer );
MBassert( !ptdb->cHandles );
MBassert( !ptdb->Except16List );
MBassert( !ptdb->ThunkConnect );
if ( fDebugVersion )
{
MBassert( !ptdb->un5[0] );
MBassert( !ptdb->un5[1] );
MBassert( !ptdb->un5[2] );
MBassert( !ptdb->un5[3] );
MBassert( !ptdb->un5[4] );
MBassert( !ptdb->un5[5] );
MBassert( !ptdb->un5[6] );
MBassert( !ptdb->pCreateData16 );
lbprintf(HWndDetails, "APISuspendCount: %08X", ptdb->APISuspendCount);
MBassert( !ptdb->un6 );
lbprintf(HWndDetails, "WOWChain: %08X", ptdb->WOWChain);
lbprintf(HWndDetails, "wSSBig: %08X", ptdb->wSSBig);
MBassert( !ptdb->un7 );
MBassert( !ptdb->lp16SwitchRec );
MBassert( !ptdb->un8[0] );
MBassert( !ptdb->un8[1] );
MBassert( !ptdb->un8[2] );
MBassert( !ptdb->un8[3] );
MBassert( !ptdb->un8[4] );
MBassert( !ptdb->un8[5] );
lbprintf(HWndDetails, "pSomeCritSect1: %08X", ptdb->pSomeCritSect1);
lbprintf(HWndDetails, "pWin16Mutex: %08X", ptdb->pWin16Mutex);
lbprintf(HWndDetails, "pWin32Mutex: %08X", ptdb->pWin32Mutex);
lbprintf(HWndDetails, "pSomeCritSect2: %08X", ptdb->pSomeCritSect2);
MBassert( !ptdb->un9 );
lbprintf(HWndDetails, "ripString: %08X", ptdb->ripString);
}
SendMessage( HWndDetails, WM_SETREDRAW, TRUE, 0 ); // Turn on redraws
}
void ShowTIBDetails( PTIB ptib )
{
char szBuffer[384];
#if 0 // Need a validation routine
if (.....
{
MessageBox( 0, "Not a valid TIB", 0, MB_OK );
return;
}
#endif
wsprintf(szBuffer, "TIB: %08X", ptib );
SendMessage( HWndDetailsDescription, WM_SETTEXT, 0, (LPARAM)szBuffer );
SendMessage(HWndDetails, LB_RESETCONTENT, 0, 0);
lbprintf(HWndDetails, "pvExcept: %08X", ptib->pvExcept);
lbprintf(HWndDetails, "pvStackUserTop: %08X", ptib->pvStackUserTop);
lbprintf(HWndDetails, "pvStackUserBase: %08X", ptib->pvStackUserBase);
lbprintf(HWndDetails, "pvTDB: %04X", ptib->pvTDB);
lbprintf(HWndDetails, "pvThunksSS: %04X", ptib->pvThunksSS);
lbprintf(HWndDetails, "SelmanList: %08X", ptib->SelmanList);
lbprintf(HWndDetails, "pvArbitrary: %08X", ptib->pvArbitrary);
lbprintf(HWndDetails, "ptibSelf: %08X", ptib->ptibSelf);
lbprintf(HWndDetails, "TIBFlags: %04X", ptib->TIBFlags);
lbprintf(HWndDetails, "Win16MutexCount: %04X", ptib->Win16MutexCount);
lbprintf(HWndDetails, "DebugContext: %08X", ptib->DebugContext);
lbprintf(HWndDetails, "pCurrentPriority: %08X", ptib->pCurrentPriority);
lbprintf(HWndDetails, "pvQueue: %04X", ptib->pvQueue);
lbprintf(HWndDetails, "pvTLSArray: %08X", ptib->pvTLSArray);
}
void ShowModuleDetails( PIMTE pimte )
{
char szBuffer[384];
if ( !IsModule(pimte) )
{
MessageBox( 0, "Not a valid module", 0, MB_OK );
return;
}
wsprintf(szBuffer, "Module: %08X", pimte);
SendMessage( HWndDetailsDescription, WM_SETTEXT, 0, (LPARAM)szBuffer );
SendMessage(HWndDetails, LB_RESETCONTENT, 0, 0);
lbprintf( HWndDetails, "FileName: (%08X) %s", pimte->pszFileName, pimte->pszFileName );
lbprintf( HWndDetails, "FileName2: (%08X) %s", pimte->pszFileName2, pimte->pszFileName2 );
lbprintf( HWndDetails, "ModName: %s", pimte->pszModName );
lbprintf( HWndDetails, "ModName2: %s", pimte->pszModName2 );
lbprintf( HWndDetails, "cUsage: %04X", pimte->cUsage );
lbprintf( HWndDetails, "baseAddress: %08X", pimte->baseAddress );
lbprintf( HWndDetails, "cSections: %08X", pimte->cSections );
lbprintf( HWndDetails, "IMAGE_NT_HEADER: %08X", pimte->pNTHdr );
ShowPEHeader( pimte->pNTHdr );
lbprintf( HWndDetails, "hModule16: %04X", pimte->hModule16 );
lbprintf( HWndDetails, "un1: %08X", pimte->un1 );
lbprintf( HWndDetails, "un3: %08X", pimte->un3 );
lbprintf( HWndDetails, "un5: %08X", pimte->un5 );
lbprintf( HWndDetails, "un7: %08X", pimte->un7 );
// Uninteresting fields
// lbprintf( HWndDetails, "cbFileName: %04X", pimte->cbFileName );
// lbprintf( HWndDetails, "cbModName: %04X", pimte->cbModName );
// lbprintf( HWndDetails, "cbFileName: %04X", pimte->cbFileName );
MBassert( pimte->un2 == -1 );
}
void ShowPEHeader( PIMAGE_NT_HEADERS pNTHdr )
{
unsigned i;
PIMAGE_SECTION_HEADER pSection;
pSection = IMAGE_FIRST_SECTION( pNTHdr );
for ( i=1; i <= pNTHdr->FileHeader.NumberOfSections; i++ )
{
lbprintf(HWndDetails, " %02X %-8.8s va:%08X size:%08X",
i, pSection->Name,
pSection->VirtualAddress + pNTHdr->OptionalHeader.ImageBase,
pSection->Misc.VirtualSize);
pSection++;
}
}
void ShowMODREFListDetails( PMODREF pModRef )
{
char szBuffer[384];
if ( !IsMODREF(pModRef) )
{
MessageBox( 0, "Not a valid MODREF", 0, MB_OK );
return;
}
InitModuleTableBase(); // In case PModuleTableArray got reallocated
wsprintf( szBuffer, "MODREF list: %08X", pModRef );
SendMessage( HWndDetailsDescription, WM_SETTEXT, 0, (LPARAM)szBuffer );
SendMessage(HWndDetails, LB_RESETCONTENT, 0, 0);
while ( pModRef )
{
GetModuleNameFromIMTEIndex( pModRef->mteIndex, szBuffer );
lbprintf( HWndDetails, "+%s", szBuffer );
RecordListboxLineTypeAndValue( HWndDetails, LB_ITEM_HMODULE,
(DWORD)PModuleTable[pModRef->mteIndex] );
pModRef = pModRef->pNextModRef;
}
}
void lbprintf(HWND hWnd, char * format, ...)
{
char szBuffer[512];
va_list argptr;
va_start(argptr, format);
wvsprintf(szBuffer, format, argptr);
va_end(argptr);
SendMessage( hWnd, LB_ADDSTRING, 0, (LPARAM)szBuffer );
}
typedef struct
{
DWORD type;
DWORD value;
} LBITEMDATA, *PLBITEMDATA;
// Records the type (module, process, etc...) of the line that was just
// added to the specified listbox window, along with the value.
void RecordListboxLineTypeAndValue(HWND hWnd, DWORD type, DWORD value)
{
unsigned lastIndex;
PLBITEMDATA plbdata;
lastIndex = SendMessage( hWnd, LB_GETCOUNT, 0, 0 );
if ( !lastIndex )
return;
lastIndex--; // Index is 0 based
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -