📄 pwalk.c
字号:
case IDM_OPTPAGES:
{
HWND hList = GetDlgItem (hWnd, IDC_LISTBOX);
bNumbersAsBytes = (LOWORD(wParam) == IDM_OPTBYTES);
InvalidateRect (hList, NULL, TRUE);
}
break;
default:
/* if popup window, bring to front */
ActivateViewWindow (LOWORD (wParam));
lRet = TRUE;
break;
}
}
break;
case WM_CLOSE:
case WM_QUERYENDSESSION:
/* if child process is active, close it first then exit */
if (lpChildProcess != NULL)
CloseChildProcess (lpChildProcess, hChildEvents);
/* destroy this window */
DestroyWindow (hWnd);
break;
case WM_DESTROY:
PostQuitMessage (0);
break;
default:
/* pass all unhandled messages to DefWindowProc */
lRet = DefWindowProc (hWnd, uMsg, wParam, lParam);
break;
}
/* return 1 if handled message, 0 if not */
return lRet;
}
/* initialize all menuitems */
void WINAPI InitMenu (
HWND hWnd)
{
HMENU hMenu = GetMenu (hWnd);
/* if child process exists enable options */
EnableMenuItem (hMenu,
IDM_PROCESSREWALK,
MF_BYCOMMAND | ((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
EnableMenuItem (hMenu,
IDM_PROCESSUNLOAD,
MF_BYCOMMAND | ((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
/* check appropriate sort menuitem */
CheckMenuItem (hMenu, nSortType, MF_CHECKED);
/* check view as bytes/pages menuitems */
CheckMenuItem (hMenu, IDM_OPTBYTES, bNumbersAsBytes ? MF_CHECKED : MF_UNCHECKED);
CheckMenuItem (hMenu, IDM_OPTPAGES, bNumbersAsBytes ? MF_UNCHECKED : MF_CHECKED);
/* enable process and selection stat windows only when child process exists */
EnableMenuItem (hMenu,
IDM_VIEWPROSTAT,
MF_BYCOMMAND | ((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
EnableMenuItem (hMenu,
IDM_VIEWSYSSTAT,
MF_BYCOMMAND | ((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
/* check all appropriate view menuitem */
CheckMenuItem (hMenu,
IDM_VIEWSYSSTAT,
IsWindow (hWndSysStat) ? MF_CHECKED : MF_UNCHECKED);
CheckMenuItem (hMenu,
IDM_VIEWPROSTAT,
IsWindow (hWndProStat) ? MF_CHECKED : MF_UNCHECKED);
/* if child process exists */
if (lpChildProcess != NULL)
{
/* child process is active */
if (lpChildProcess->bActive)
{
EnableMenuItem (hMenu, IDM_PROCESSRESUME, MF_GRAYED);
EnableMenuItem (hMenu, IDM_PROCESSSUSPEND, MF_ENABLED);
}
else
{
EnableMenuItem (hMenu, IDM_PROCESSSUSPEND, MF_GRAYED);
EnableMenuItem (hMenu, IDM_PROCESSRESUME, MF_ENABLED);
}
}
/* diasble both menuitems */
else
{
EnableMenuItem (hMenu, IDM_PROCESSSUSPEND, MF_GRAYED);
EnableMenuItem (hMenu, IDM_PROCESSRESUME, MF_GRAYED);
}
/* sort only when process exists */
EnableMenuItem (hMenu,
IDM_SORTADDRESS,
((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
EnableMenuItem (hMenu,
IDM_SORTSTATE,
((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
EnableMenuItem (hMenu,
IDM_SORTPROTECTION,
((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
EnableMenuItem (hMenu,
IDM_SORTSIZE,
((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
EnableMenuItem (hMenu,
IDM_SORTBASEADDRESS,
((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
/* if child process & selection, and selection is committed memory */
if (lpChildProcess != NULL &&
ViewableMemorySelection (hWnd))
EnableMenuItem (hMenu, IDM_VIEWMEMORY, MF_ENABLED);
else
EnableMenuItem (hMenu, IDM_VIEWMEMORY, MF_GRAYED);
/* View address if child process */
EnableMenuItem (hMenu,
IDM_VIEWADDRESS,
((lpChildProcess != NULL) ? MF_ENABLED : MF_GRAYED));
}
int WINAPI MakeVMQString (
int nItem,
char *lpszMem)
{
char szState[10], szProtection[3];
LPVMOBJECT lpVMObject;
int nLen;
int nBaseAddr;
int nRegionSize;
int nAllocBase;
LPSTR lpszFormat;
/* lookup object offset in array index */
lpVMObject = ((VMOBJECT *)lpWalkerList)+Objects[nItem];
/* determine state of memory object */
if (lpVMObject->mbi.State & MEM_COMMIT)
strcpy (szState, "Commit ");
else if (lpVMObject->mbi.State & MEM_RESERVE)
strcpy (szState, "Reserve");
else
strcpy (szState, "Free ");
/* determine protection of memory */
if (lpVMObject->mbi.Protect & PAGE_READWRITE)
strcpy (szProtection, "RW");
else if (lpVMObject->mbi.Protect & PAGE_READONLY)
strcpy (szProtection, "RO");
else
strcpy (szProtection, "NA");
lpszFormat = szFormat;
nBaseAddr = (int)(lpVMObject->mbi.BaseAddress);
nRegionSize = lpVMObject->mbi.RegionSize;
nAllocBase = (int)(lpVMObject->mbi.AllocationBase);
if (!bNumbersAsBytes)
{
nBaseAddr /= PAGESIZE;
nRegionSize /= PAGESIZE;
nAllocBase /= PAGESIZE;
lpszFormat = szFormatPages;
}
/* create list object */
wsprintf(lpszMem,
lpszFormat,
nBaseAddr,
szState,
szProtection,
nRegionSize,
nAllocBase,
lpVMObject->szObjType,
lpVMObject->szSection,
lpVMObject->szModule);
/* return length of resulting string */
nLen = strlen (lpszMem);
// convert the ~ separators to \0 for the benefit of
// TextOutFields
//
while (*lpszMem)
{
if (*lpszMem == '~') {
*lpszMem = 0;
// CharNext() returns the same pointer, if 'lpszMem' points '\0'.
// So, we must not call CharNext() in this case.
++lpszMem;
} else {
lpszMem = CharNext(lpszMem);
}
}
return nLen;
}
static void TextOutFields (
HDC hDC,
int x,
LPRECT lprc,
LPSTR lpszItems)
{
int eto = ETO_CLIPPED | ETO_OPAQUE;
int ii = 0;
PSTR psz = lpszItems;
int nLen;
// copy fields until we get one of zero size.
//
do {
SetTextAlign (hDC, taColumns[ii]);
ExtTextOut(hDC,
lprc->left + (xColumns[ii] * sChar0.cx) + x,
lprc->top,
eto,
lprc,
psz,
nLen = strlen(psz),
0L);
psz += (nLen + 1);
eto = ETO_CLIPPED;
++ii;
} while (nLen);
}
void WINAPI DrawListItem(
DRAWITEMSTRUCT *lpItem)
{
DWORD dwBkColor=0xffffffff, dwTextColor=0xffffffff;
char szListItem[200];
int nLen;
/* Make sure it is the list box with a valid item ID */
if (lpItem->CtlType != ODT_LISTBOX ||
lpItem->CtlID != IDC_LISTBOX)
return;
if (lpItem->itemAction & (ODA_DRAWENTIRE | ODA_SELECT))
{
/* Alter the bk and text color for selected items */
if (lpItem->itemState & ODS_SELECTED)
{
dwBkColor = SetBkColor (lpItem->hDC, GetSysColor(COLOR_HIGHLIGHT));
dwTextColor = SetTextColor (lpItem->hDC, GetSysColor(COLOR_HIGHLIGHTTEXT));
}
/* change TextColor for new entries too */
else if ((((LPVMOBJECT)lpWalkerList)+Objects[lpItem->itemData])->bNew)
{
dwBkColor = SetBkColor (lpItem->hDC, GetSysColor(COLOR_HIGHLIGHT));
dwTextColor = SetTextColor (lpItem->hDC, GetSysColor(COLOR_HIGHLIGHTTEXT));
}
/* make listbox string from virtual memory object */
nLen = MakeVMQString (lpItem->itemData, szListItem);
TextOutFields (lpItem->hDC, 6, &lpItem->rcItem, szListItem);
/* Restore previous bk and text color if necessary */
if (dwBkColor != 0xffffffff)
SetBkColor(lpItem->hDC, dwBkColor);
if (dwTextColor != 0xffffffff)
SetTextColor(lpItem->hDC, dwTextColor);
if (lpItem->itemState & ODS_FOCUS)
lpItem->itemAction |= ODA_FOCUS;
}
if (lpItem->itemAction & ODA_FOCUS)
DrawFocusRect(lpItem->hDC, &lpItem->rcItem);
}
/* perform bubble sort on indexes to virtual memory objects as stored in
ownerdraw listbox do not actually sort the objects, just the indexes */
void WINAPI SortList (
HWND hList,
int nSort)
{
int nItems = SendMessage (hList, LB_GETCOUNT, 0, 0);
int i, j, t;
LPVMOBJECT lpVMO = (LPVMOBJECT)lpWalkerList;
/* loop through all items in list box */
for (i=0; i<nItems-1; i++)
for (j=i+1; j<nItems; j++)
{
/* compare on sort order */
switch (nSort)
{
case IDM_SORTADDRESS:
if (lpVMO[Objects[i]].mbi.BaseAddress > lpVMO[Objects[j]].mbi.BaseAddress)
{
/* swap */
t = Objects[j];
Objects[j] = Objects[i];
Objects[i] = t;
}
break;
case IDM_SORTSTATE:
if ((lpVMO[Objects[i]].mbi.State > lpVMO[Objects[j]].mbi.State) ||
(lpVMO[Objects[i]].mbi.State == lpVMO[Objects[j]].mbi.State &&
lpVMO[Objects[i]].mbi.BaseAddress > lpVMO[Objects[j]].mbi.BaseAddress))
{
/* swap */
t = Objects[j];
Objects[j] = Objects[i];
Objects[i] = t;
}
break;
case IDM_SORTPROTECTION:
if ((lpVMO[Objects[i]].mbi.Protect > lpVMO[Objects[j]].mbi.Protect) ||
(lpVMO[Objects[i]].mbi.Protect == lpVMO[Objects[j]].mbi.Protect &&
lpVMO[Objects[i]].mbi.BaseAddress > lpVMO[Objects[j]].mbi.BaseAddress))
{
/* swap */
t = Objects[j];
Objects[j] = Objects[i];
Objects[i] = t;
}
break;
case IDM_SORTSIZE:
if ((lpVMO[Objects[i]].mbi.RegionSize > lpVMO[Objects[j]].mbi.RegionSize) ||
(lpVMO[Objects[i]].mbi.RegionSize == lpVMO[Objects[j]].mbi.RegionSize &&
lpVMO[Objects[i]].mbi.BaseAddress > lpVMO[Objects[j]].mbi.BaseAddress))
{
/* swap */
t = Objects[j];
Objects[j] = Objects[i];
Objects[i] = t;
}
break;
case IDM_SORTBASEADDRESS:
if ((lpVMO[Objects[i]].mbi.AllocationBase > lpVMO[Objects[j]].mbi.AllocationBase) ||
(lpVMO[Objects[i]].mbi.AllocationBase == lpVMO[Objects[j]].mbi.AllocationBase &&
lpVMO[Objects[i]].mbi.BaseAddress > lpVMO[Objects[j]].mbi.BaseAddress))
{
/* swap */
t = Objects[j];
Objects[j] = Objects[i];
Objects[i] = t;
}
break;
}
}
}
/* get free disk space on all fixed drives */
BOOL WINAPI GetFreeDiskSpace (
LPDWORD lpdwTotalSpace,
LPDWORD lpdwFreeSpace)
{
DWORD dwBytesPerSector, dwSectorsPerCluster, dwFreeClusters, dwTotalClusters;
DWORD dwDriveMask = GetLogicalDrives();
int i;
char szDir[4];
*lpdwTotalSpace = 0;
*lpdwFreeSpace = 0;
szDir[1] = TEXT(':');
szDir[2] = TEXT('\\');
szDir[3] = 0;
/* enumerate all logical, fixed drives */
for (i = 0; i < MAX_DRIVES; dwDriveMask >>= 1, i++)
{
/* if logical drive exists */
if (dwDriveMask & 0x01)
{
szDir[0] = TEXT('A') + i;
/* if it is a fixed drive */
if (GetDriveType(szDir) == DRIVE_FIXED)
{
/* determine free space and total capacity */
GetDiskFreeSpace (szDir,
&dwSectorsPerCluster,
&dwBytesPerSector,
&dwFreeClusters,
&dwTotalClusters);
*lpdwTotalSpace += dwTotalClusters * dwSectorsPerCluster * dwBytesPerSector;
*lpdwFreeSpace += dwFreeClusters * dwSectorsPerCluster * dwBytesPerSector;
}
}
}
return (*lpdwTotalSpace || *lpdwFreeSpace);
}
/* generic message notification */
int WINAPI NotifyUser (
HWND hWndParent,
int nTitle,
int nError,
char *lpszAppend,
UINT uFlags)
{
char szError[MAX_PATH];
char szTitle[MAX_PATH];
LoadString (GetModuleHandle (NULL), nTitle, szTitle, MAX_PATH);
LoadString (GetModuleHandle (NULL), nError, szError, MAX_PATH);
if (lpszAppend != NULL && *lpszAppend != 0)
strcat (szError, lpszAppend);
if (!uFlags)
uFlags = MB_ICONSTOP | MB_OK | MB_TASKMODAL | MB_SETFOREGROUND;
/* return message box response */
return (MessageBox (hWndParent, szError, szTitle, uFlags));
}
void WINAPI ReportError (
int nIDS_CAPTION)
{
char *lpszError;
char szText[MAX_PATH];
/* get formatted error message from system */
if (!FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
GetLastError (),
MAKELONG (MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), 0),
(LPTSTR)&lpszError,
0,
NULL))
return;
/* if resource string provided, load caption string */
if (nIDS_CAPTION)
LoadString (GetModuleHandle (NULL), nIDS_CAPTION, szText, MAX_PATH);
else
strcpy (szText, "Error");
MessageBox (NULL,
lpszError,
szText,
MB_ICONSTOP | MB_OK | MB_TASKMODAL | MB_SETFOREGROUND);
}
BOOL WINAPI ViewableMemorySelection (
HWND hWnd)
{
HWND hList = GetDlgItem (hWnd, IDC_LISTBOX);
int iCaret = SendMessage (hList, LB_GETCARETINDEX, 0, 0);
int iAnchor = SendMessage (hList, LB_GETANCHORINDEX, 0, 0);
if (iCaret > -1 &&
iAnchor > -1 &&
SendMessage (hList, LB_GETSEL, iCaret, 0) &&
CommittedMemoryRange (iCaret,
iAnchor,
(LPVMOBJECT)lpWalkerList,
Objects))
return TRUE;
else
return FALSE;
}
BOOL WINAPI InitDlgProc (
HWND hDlg,
UINT uMsg,
WPARAM wParam,
LPARAM lParam)
{
switch (uMsg)
{
case WM_INITDIALOG:
*(HANDLE *)lParam = hDlg;
break;
case WM_CLOSE:
case UM_ENDDIALOG:
EndDialog (hDlg, TRUE);
break;
case WM_COMMAND:
if (LOWORD (wParam) == IDCANCEL ||
LOWORD (wParam) == IDOK)
EndDialog (hDlg, TRUE);
break;
default:
return FALSE;
}
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -