📄 pwalk.c
字号:
break;
case WM_SIZE:
/* size listbox and status bar */
if ((wParam == SIZE_RESTORED) || (wParam == SIZE_MAXIMIZED))
{
int yBorder = GetSystemMetrics (SM_CYBORDER);
int xBorder = GetSystemMetrics (SM_CXBORDER);
int yStatus = yChar + 10*yBorder;
/* size listbox */
MoveWindow(GetDlgItem (hWnd, IDC_LISTBOX),
0,
sChar0.cy,
LOWORD(lParam),
HIWORD(lParam)-(sChar0.cy + yStatus - yBorder),
TRUE);
/* size status bar */
MoveWindow(GetDlgItem (hWnd, IDC_STATUSWND),
0-xBorder,
HIWORD(lParam)-yStatus+yBorder,
LOWORD(lParam) + 2*xBorder,
yStatus,
TRUE);
}
break;
case WM_COMMAND:
{
switch (LOWORD (wParam))
{
case IDM_EXIT:
SendMessage (hWnd, WM_CLOSE, 0, 0);
break;
case IDM_PROCESSUNLOAD:
{
char szFilename[MAX_PATH];
char szTitle[MAX_PATH];
HWND hViewWnd = NULL;
/* close child process */
CloseChildProcess (lpChildProcess, hChildEvents);
lpChildProcess = NULL;
SendMessage (GetDlgItem (hWnd, IDC_LISTBOX), LB_RESETCONTENT, 0, 0);
SendMessage (GetDlgItem (hWnd, IDC_STATUSWND),
UM_UPDATE,
0,
0);
/* reset caption */
LoadString (GetModuleHandle (NULL),
IDS_CAPTION,
szTitle,
MAX_PATH);
LoadString (GetModuleHandle (NULL),
IDS_SELF,
szFilename,
MAX_PATH);
strcat (szTitle, szFilename);
SetWindowText (hWnd, szTitle);
if (IsWindow (hWndSysStat))
{
InvalidateRect (hWndSysStat, NULL, TRUE);
UpdateWindow (hWndSysStat);
}
if (IsWindow (hWndProStat))
DestroyWindow (hWndProStat);
while ((hViewWnd = EnumViewWindows (hWnd, hViewWnd)) != NULL)
DestroyWindow (hViewWnd);
}
break;
case IDM_PROCESSLOAD:
{
char szTitle[MAX_PATH];
char szFilePath[MAX_PATH];
HWND hViewWnd = NULL;
/* detaching from old process, okay?? */
if (lpChildProcess != NULL)
{
strcpy (szTitle, "Detach from process ");
strcat (szTitle, lpChildProcess->szModule);
strcat (szTitle, "?");
LoadString (GetModuleHandle (NULL),
IDS_WALKERCLASS,
szFilePath,
MAX_PATH);
if (IDYES != MessageBox (hWnd,
szTitle,
szFilePath,
MB_YESNO | MB_ICONQUESTION))
break;
}
/* call open file dialog to get filename of exe, and validate */
*szFilePath = 0;
if (GetFileName (hWnd, szFilePath, NULL))
{
if (IsValidFile (szFilePath))
{
if (lpChildProcess != NULL)
{
/* close any open view windows for this process */
while ((hViewWnd = EnumViewWindows (hWnd, hViewWnd)) != NULL)
DestroyWindow (hViewWnd);
CloseChildProcess (lpChildProcess, hChildEvents);
SendMessage (GetDlgItem (hWnd, IDC_LISTBOX),
LB_RESETCONTENT,
0,
0);
SendMessage (GetDlgItem (hWnd, IDC_STATUSWND),
UM_UPDATE,
0,
0);
}
if ((lpChildProcess =
StartChildProcess (hWnd, szFilePath, hChildEvents)) != NULL)
{
/* force rewalk of process */
PostMessage (hWnd, UM_STARTINITDIALOG, 0, 0);
SendMessage (GetDlgItem (hWnd, IDC_STATUSWND),
UM_UPDATE,
(WPARAM)lpChildProcess,
0);
/* load new window caption */
LoadString (GetModuleHandle (NULL),
IDS_CAPTION,
szTitle,
MAX_PATH);
GetFileFromPath (szFilePath, szFilename);
strcat (szTitle, szFilename);
SetWindowText (hWnd, szTitle);
}
}
}
}
break;
case IDM_PROCESSREWALK:
{
HWND hList = GetDlgItem (hWnd, IDC_LISTBOX);
int nCnt, nNewCnt, i;
LPVOID lpNewList=NULL, lpTempList=NULL;
HWND hViewWnd = NULL;
/* clear listbox of current contents, but first find out how many exist */
nCnt = SendMessage (hList, LB_GETCOUNT, 0, 0);
SendMessage (hList, WM_SETREDRAW, 0, 0);
SendMessage (hList, LB_RESETCONTENT, 0, 0);
/* walk process address space */
if (lpChildProcess != NULL)
{
nNewCnt = WalkProcess (lpChildProcess->hProcess, &lpNewList, &Objects);
AnalyzeProcess (lpChildProcess, (LPVMOBJECT)lpNewList, nNewCnt);
/* indentify which objects are new */
if (nCnt)
IdentifyNewObjects (lpWalkerList, nCnt, lpNewList, nNewCnt);
/* free old list and update cnt */
lpTempList = lpWalkerList;
lpWalkerList = lpNewList;
VirtualFree (lpTempList, TOTALVMRESERVE, MEM_DECOMMIT);
VirtualFree (lpTempList, 0, MEM_RELEASE);
nCnt = nNewCnt;
}
for (i=0; i<nCnt; i++)
SendMessage (hList, LB_ADDSTRING, 0, i);
/* sort if other than by address is selected */
if (nSortType != IDM_SORTADDRESS)
SortList (hList, nSortType);
/* reenable redraw of listbox */
SendMessage (hList, WM_SETREDRAW, 1, 0);
InvalidateRect (hList, NULL, TRUE);
UpdateWindow (hList);
/* if any memory view windows, send update message */
while ((hViewWnd = EnumViewWindows (hWnd, hViewWnd)) != NULL)
{
LPMEMVIEW pmv, pmvOld;
int nAddress, nSize;
MEMORY_BASIC_INFORMATION mbi;
char *szCaption;
/* retrieve view memory range */
szCaption = HeapAlloc (GetProcessHeap (), HEAP_ZERO_MEMORY, MAX_PATH);
GetWindowText (hViewWnd, szCaption, MAX_PATH);
/* validate range */
sscanf (strtok (szCaption, "-"), "%8x", &nAddress);
sscanf (strtok (NULL, " \0"), "%8x", &nSize);
nSize -= nAddress;
VirtualQueryEx (lpChildProcess->hProcess,
(LPVOID)nAddress,
&mbi,
sizeof (MEMORY_BASIC_INFORMATION));
if (mbi.State != MEM_COMMIT)
{
NotifyUser (hWnd, IDS_ERROR, IDS_NOTCOMMITTEDMEMORY, NULL, 0);
DestroyWindow (hViewWnd);
goto NOT;
}
/* if size of committed region changed, update caption */
if (mbi.RegionSize != (DWORD)nSize)
{
wsprintf (szCaption,
"%4lx-%-4lx",
(DWORD)mbi.BaseAddress,
(DWORD)mbi.BaseAddress+mbi.RegionSize);
SetWindowText (hViewWnd, szCaption);
}
/* free default heap memory */
HeapFree (GetProcessHeap (), 0, szCaption);
/* if an old view structure existed, release virtual memory */
if ((pmvOld = (LPMEMVIEW)GetWindowLong (hViewWnd, WXB_LPOLDMEMVIEW)) != NULL)
VirtualFree (pmvOld->lpMem, 0, MEM_RELEASE);
pmvOld = (LPMEMVIEW)GetWindowLong (hViewWnd, WXB_LPMEMVIEW);
/* save past pmv for update comparison */
SetWindowLong (hViewWnd,
WXB_LPOLDMEMVIEW,
(LONG)pmvOld);
/* allocate memory structure for view memory object */
pmv = (LPMEMVIEW)LocalAlloc (LPTR, sizeof (MEMVIEW));
/* copy old mem view to new mem view */
for (i=0; i<sizeof (MEMVIEW); i++)
((LPBYTE)pmv)[i] = ((LPBYTE)pmvOld)[i];
/* update structure for new mem structure */
pmv->nBase = (int)mbi.BaseAddress;
pmv->nSize = (int)mbi.RegionSize;
if ((pmv->lpMem = VirtualAlloc (NULL, pmv->nSize, MEM_COMMIT, PAGE_READWRITE)) == NULL)
{
ReportError (IDS_ERRVIRTUALALLOC);
DestroyWindow (hViewWnd);
}
else if (AccessProcessMemory (hChildEvents[READMEMORY],
hChildEvents[ACKNOWLEDGE],
(LPVOID)nAddress,
pmv->lpMem,
&(pmv->nSize)) && pmv->nSize)
{
pmv->nLines = (pmv->nSize+15)/16;
pmv->nExtraBytes = (pmv->nSize & 0x0000000F);
SetWindowLong (hViewWnd, WXB_LPMEMVIEW, (LONG)pmv);
/* post message to view window to update */
PostMessage (hViewWnd, UM_UPDATE, 0, 0);
}
else
{
NotifyUser (hWnd, IDS_ERROR, IDS_COULDNOTREADPROCESS, NULL, 0);
DestroyWindow (hViewWnd);
}
}
NOT:
/* if initialization dialog, send notification to remove */
if (IsWindow (hInitDlg))
PostMessage (hInitDlg, UM_ENDDIALOG, 0, 0);
}
break;
case IDM_PROCESSSUSPEND:
SetEvent (hChildEvents[SUSPENDDEBUGGER]);
break;
case IDM_PROCESSRESUME:
SetEvent (hChildEvents[RESUMEDEBUGGER]);
break;
case IDM_VIEWSYSSTAT:
/* if window exists, destroy it */
if (IsWindow (hWndSysStat))
{
DestroyWindow (hWndSysStat);
CheckMenuItem (GetMenu (hWnd), wParam, MF_UNCHECKED);
}
else
{
char szClass[100];
char szTitle[100];
RECT rc;
GetWindowRect (hWnd, &rc);
LoadString (GetModuleHandle (NULL), IDS_SYSSTATCLASS, szClass, 100);
LoadString (GetModuleHandle (NULL), IDS_SYSSTATTITLE, szTitle, 100);
hWndSysStat = CreateWindow (szClass,
szTitle,
WS_POPUP | WS_CAPTION | WS_MINIMIZEBOX |
WS_SYSMENU | WS_DLGFRAME | WS_VISIBLE,
rc.left+50, rc.top+50, 500, 270,
hWnd,
NULL,
GetModuleHandle (NULL),
NULL);
UpdateWindow (hWndSysStat);
ShowWindow (hWndSysStat, SW_SHOWNORMAL);
CheckMenuItem (GetMenu (hWnd), wParam, MF_CHECKED);
}
break;
case IDM_VIEWPROSTAT:
/* if window exists, destroy it */
if (IsWindow (hWndProStat))
{
DestroyWindow (hWndProStat);
CheckMenuItem (GetMenu (hWnd), wParam, MF_UNCHECKED);
}
else
{
char szClass[100];
char szTitle[100];
RECT rc;
GetWindowRect (hWnd, &rc);
LoadString (GetModuleHandle (NULL), IDS_PROSTATCLASS, szClass, 100);
LoadString (GetModuleHandle (NULL), IDS_PROSTATTITLE, szTitle, 100);
hWndProStat = CreateWindow (szClass,
szTitle,
WS_POPUP | WS_CAPTION | WS_MINIMIZEBOX |
WS_SYSMENU | WS_DLGFRAME | WS_VISIBLE,
rc.left+75, rc.top+75, 355, 120,
hWnd,
NULL,
GetModuleHandle (NULL),
NULL);
UpdateWindow (hWndProStat);
ShowWindow (hWndProStat, SW_SHOWNORMAL);
CheckMenuItem (GetMenu (hWnd), wParam, MF_CHECKED);
}
break;
/* accept bouble click messages from listbox only */
case IDC_LISTBOX:
if (HIWORD (wParam) != LBN_DBLCLK)
break;
case IDM_VIEWMEMORY:
if (ViewableMemorySelection (hWnd))
{
char szBuff[50];
HWND hList = GetDlgItem (hWnd, IDC_LISTBOX);
int iCaret = SendMessage (hList, LB_GETCARETINDEX, 0, 0);
DWORD nAddress =
(DWORD)((LPVMOBJECT)lpWalkerList)[Objects[iCaret]].mbi.BaseAddress;
int nSize = ((LPVMOBJECT)lpWalkerList)[Objects[iCaret]].mbi.RegionSize;
LPVOID lpMem;
HCURSOR hOldCursor;
if ((lpMem = VirtualAlloc (NULL, nSize, MEM_COMMIT, PAGE_READWRITE)) == NULL)
{
ReportError (IDS_ERRVIRTUALALLOC);
break;
}
/* put wait cursor up */
hOldCursor = (HCURSOR)SetClassLong (hWnd, GCL_HCURSOR, 0);
SetCursor (LoadCursor (0, IDC_WAIT));
/* signal debugger thread to read process memory */
if (AccessProcessMemory (hChildEvents[READMEMORY],
hChildEvents[ACKNOWLEDGE],
(LPVOID)nAddress,
lpMem,
&nSize) && nSize)
{
wsprintf (szBuff, "%4lx-%-4lx", nAddress, nAddress+nSize);
ViewMemory (hWnd, szBuff, lpMem, nSize, nAddress);
/* if first view window, add separator */
if (GetMenuItemCount (GetSubMenu (GetMenu (hWnd), 2)) == 5)
AppendMenu (GetSubMenu (GetMenu (hWnd), 2),
MF_SEPARATOR,
0,
NULL);
AppendMenu (GetSubMenu (GetMenu (hWnd), 2),
MF_STRING | MF_CHECKED,
AddAtom (szBuff),
szBuff);
}
else
NotifyUser (hWnd, IDS_ERROR, IDS_COULDNOTREADPROCESS, NULL, 0);
/* replace wait cursor with old cursor */
SetClassLong (hWnd, GCL_HCURSOR, (LONG)hOldCursor);
SetCursor (hOldCursor);
}
else
{
NotifyUser (hWnd, IDS_ERROR, IDS_NOTCOMMITTEDMEMORY, NULL, 0);
break;
}
break;
case IDM_VIEWADDRESS:
{
int nAddress;
MEMORY_BASIC_INFORMATION mbi;
LPVOID lpMem;
char szBuff[MAX_PATH];
int nLine;
HWND hViewWnd;
if (nAddress = DialogBox (GetModuleHandle (NULL), (char *)IDD_ADDR, hWnd, AddrDlgProc))
{
VirtualQueryEx (lpChildProcess->hProcess,
(LPVOID)nAddress,
&mbi,
sizeof (MEMORY_BASIC_INFORMATION));
if (mbi.State != MEM_COMMIT)
{
NotifyUser (hWnd, IDS_ERROR, IDS_NOTCOMMITTEDMEMORY, NULL, 0);
break;
}
if ((lpMem = VirtualAlloc (NULL, mbi.RegionSize, MEM_COMMIT, PAGE_READWRITE)) == NULL)
{
ReportError (IDS_ERRVIRTUALALLOC);
break;
}
/* signal debugger thread to read process memory */
if (AccessProcessMemory (hChildEvents[READMEMORY],
hChildEvents[ACKNOWLEDGE],
(LPVOID)mbi.BaseAddress,
lpMem,
&(mbi.RegionSize)) && mbi.RegionSize)
{
wsprintf (szBuff,
"%4lx-%-4lx",
(int)mbi.BaseAddress,
(int)mbi.BaseAddress+mbi.RegionSize);
hViewWnd = ViewMemory (hWnd, szBuff, lpMem, mbi.RegionSize, (int)mbi.BaseAddress);
/* if first view window, add separator */
if (GetMenuItemCount (GetSubMenu (GetMenu (hWnd), 2)) == 4)
AppendMenu (GetSubMenu (GetMenu (hWnd), 2),
MF_SEPARATOR,
0,
NULL);
AppendMenu (GetSubMenu (GetMenu (hWnd), 2),
MF_STRING | MF_CHECKED,
AddAtom (szBuff),
szBuff);
/* send WM_VSCROLL message to scroll address into view */
nLine = (nAddress - (int)mbi.BaseAddress)/16 - 5;
PostMessage (hViewWnd, WM_VSCROLL, MAKELONG (SB_THUMBPOSITION, nLine), 0);
}
else
NotifyUser (hWnd, IDS_ERROR, IDS_COULDNOTREADPROCESS, NULL, 0);
}
}
break;
case IDM_REMOVEVIEWWND:
{
ATOM aCaption = FindAtom ((char *)lParam);
HMENU hMenu = GetMenu (hWnd);
HMENU hViewMenu = GetSubMenu (hMenu, 2);
RemoveMenu (hMenu, (UINT)aCaption, MF_BYCOMMAND);
DeleteAtom (aCaption);
/* there are 4 menuitems in the view menu without view windows open */
if (GetMenuItemCount (hViewMenu) == 6)
RemoveMenu (hViewMenu, 5, MF_BYPOSITION);
}
break;
case IDM_SORTADDRESS:
case IDM_SORTSTATE:
case IDM_SORTPROTECTION:
case IDM_SORTSIZE:
case IDM_SORTBASEADDRESS:
{
HWND hList = GetDlgItem (hWnd, IDC_LISTBOX);
HCURSOR hOldCursor;
if (nSortType != (int)LOWORD (wParam))
{
/* put wait cursor up */
hOldCursor = (HCURSOR)SetClassLong (hWnd, GCL_HCURSOR, 0);
SetCursor (LoadCursor (0, IDC_WAIT));
/* reset menuitems to indicate which sort method is being used */
CheckMenuItem (GetMenu (hWnd), nSortType, MF_UNCHECKED);
CheckMenuItem (GetMenu (hWnd), wParam, MF_CHECKED);
/* save new sort type and resort */
SortList (hList, nSortType = wParam);
/* repaint after sorting */
InvalidateRect (hList, NULL, TRUE);
UpdateWindow (hList);
/* replace wait cursor with old cursor */
SetClassLong (hWnd, GCL_HCURSOR, (LONG)hOldCursor);
SetCursor (hOldCursor);
}
}
break;
case IDM_OPTBYTES:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -