📄 physmembrowser.bat
字号:
.if dwFmt == IDR_WORD
push offset szFmt2
.elseif dwFmt == IDR_DWORD
push offset szFmt4
.else
push offset szFmt1
.endif
push edi ; current pointer to text buffer
call wsprintf
.if dwFmt == IDR_WORD
add esp, 02Ch
.elseif dwFmt == IDR_DWORD
add esp, 01Ch
.else
add esp, 04Ch
.endif
add edi, eax ; shift current pointer to next free place
xor ecx, ecx
.while ecx < 16
mov al, [esi][ecx]
.if al < ' '
mov al, '.'
.endif
stosb
inc ecx
.endw
; New line
mov al, 0Dh
stosb
mov al, 0Ah
stosb
add esi, 16 ; next 16 bytes
add dwPhysAddressCurrent, 16 ; next 16 bytes
dec ebx ; next line
.endw
invoke fstrcpy, edi, $CTA0("----------------------------------------------------------------------------\n", szBreakLine)
add edi, sizeof szBreakLine - 1 ; shift current pointer to next free place
; New line
mov al, 0Dh
stosb
mov al, 0Ah
stosb
; Buffer is ready to be printed, but is it enough place in the edit control?
.while TRUE
invoke SendMessage, g_hwndEditDump, EM_GETLIMITTEXT, 0, 0
push eax
invoke SendMessage, g_hwndEditDump, WM_GETTEXTLENGTH, 0, 0
add eax, edi
sub eax, g_pTextBuffer ; eax = sizeof(text in edit control) + sizeof(text in buffer)
pop ecx ; edit control text limit
sub ecx, eax
.if SIGN?
push edi
xor edi, edi ; number of chars to remove
xor ebx, ebx
.while ebx < 100 ; remove first 100 lines
; we have to do some clean up
; Get first line text
mov word ptr acBuffer, sizeof acBuffer
invoke SendMessage, g_hwndEditDump, EM_GETLINE, ebx, addr acBuffer
inc eax ; cr
inc eax ; lf
add edi, eax
inc ebx
.endw
invoke SendMessage, g_hwndEditDump, EM_GETHANDLE, 0, 0
invoke SendMessage, g_hwndEditDump, EM_SETSEL, 0, edi
mov byte ptr acBuffer, 0
invoke SendMessage, g_hwndEditDump, EM_REPLACESEL, FALSE, addr acBuffer
invoke SendMessage, g_hwndEditDump, WM_GETTEXTLENGTH, 0, 0
invoke SendMessage, g_hwndEditDump, EM_SETSEL, eax, eax
pop edi
.else
.break ; now we have enough free place in the edit control
.endif
.endw
invoke SendMessage, g_hwndEditDump, WM_GETTEXTLENGTH, 0, 0
invoke SendMessage, g_hwndEditDump, EM_SETSEL, eax, eax
invoke SendMessage, g_hwndEditDump, EM_REPLACESEL, FALSE, g_pTextBuffer
.endif
_finally
ret
PrintHexDump endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; DumpMemory
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DumpMemory proc
local dwBaseAddress:DWORD
local acAddress[16]:CHAR
local dwAddress:DWORD
local dwRoundedAddress:DWORD
local dwSize:DWORD
local dwMappedSize:DWORD
local acBuffer[512]:CHAR
invoke ErrorToStatusBar, -1, 0
invoke GetWindowText, g_hwndEditAddress, addr acAddress, sizeof acAddress
.if eax != 0
invoke htodw, addr acAddress
mov dwAddress, eax
mov dwRoundedAddress, eax ; after MapPhysicalMemory is rounded down to the next allocation granularity size boundary
invoke SendMessage, g_hwndComboSize, CB_GETCURSEL, 0, 0
invoke SendMessage, g_hwndComboSize, CB_GETITEMDATA, eax, 0
; if we cross page boundary ask to map one page more
mov dwSize, eax
mov ecx, dwAddress
and ecx, 0FFFh
add ecx, eax
mov dwMappedSize, ecx ; will receive the actual size, in bytes, of the view.
invoke MapPhysicalMemory, g_hPhysMem, addr dwRoundedAddress, addr dwMappedSize, addr dwBaseAddress
.if eax == STATUS_SUCCESS
mov eax, dwAddress
sub eax, dwRoundedAddress ; bias
mov ecx, dwBaseAddress
add ecx, eax
invoke PrintHexDump, ecx, dwAddress, dwSize
; Unmap the view
invoke UnmapPhysicalMemory, dwBaseAddress
.if eax != STATUS_SUCCESS
invoke wsprintf, addr acBuffer, $CTA0("Couldn't unmap view of %08X: "), dwAddress
invoke ErrorToStatusBar, addr acBuffer, eax
.endif
.else
invoke wsprintf, addr acBuffer, $CTA0("Couldn't map view of %08X: "), dwAddress
invoke ErrorToStatusBar, addr acBuffer, eax
.endif
.endif
ret
DumpMemory endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; MeasurePhysicalMemory
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MeasurePhysicalMemory proc
local sbi:SYSTEM_BASIC_INFORMATION
local buffer[256]:CHAR
invoke ZwQuerySystemInformation, SystemBasicInformation, addr sbi, sizeof sbi, NULL
.if eax == STATUS_SUCCESS
mov eax, sbi.NumberOfPhysicalPages
mov ecx, sbi.PhysicalPageSize
xor edx, edx
mul ecx
invoke wsprintf, addr buffer, $CTA0("Total physical memory: %08Xh"), eax
invoke SetDlgItemText, g_hDlg, IDC_TOTAL_PHYS_PAGES, addr buffer
mov eax, sbi.LowestPhysicalPage
dec eax
mov ecx, sbi.PhysicalPageSize
xor edx, edx
mul ecx
invoke wsprintf, addr buffer, $CTA0("Lowest phys addr: %08Xh"), eax
invoke SetDlgItemText, g_hDlg, IDC_LOWEST_PHYS_ADDRESS, addr buffer
mov eax, sbi.HighestPhysicalPage
inc eax
mov ecx, sbi.PhysicalPageSize
xor edx, edx
mul ecx
dec eax
invoke wsprintf, addr buffer, $CTA0("Highest phys addr: %08Xh"), eax
invoke SetDlgItemText, g_hDlg, IDC_HIGHEST_PHYS_ADDRESS, addr buffer
.endif
comment ^
PhysicalPageSize
NumberOfPhysicalPages
LowestPhysicalPage
HighestPhysicalPage
^
ret
MeasurePhysicalMemory endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; D I A L O G P R O C E D U R E
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DlgProc proc uses esi edi hDlg:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
local rect:RECT
local lf:LOGFONT
;LOCAL ps:PAINTSTRUCT
;LOCAL bm:BITMAP
;LOCAL p:POINT
mov eax, uMsg
.if eax == WM_COMMAND
mov eax, $LOWORD(wParam)
.if eax == IDCANCEL
invoke EndDialog, hDlg, 0
.elseif eax == IDCB_SIZE
mov eax, $HIWORD(wParam)
.elseif eax == IDB_CLEAR
invoke ErrorToStatusBar, -1, 0
invoke SendMessage, g_hwndEditDump, WM_SETTEXT, 0, 0
.elseif eax == IDB_DUMP
invoke DumpMemory
.endif
.elseif eax == WM_SIZE
mov esi, $HIWORD(lParam)
invoke MoveWindow, g_hwndStatusBar, 0, esi, $LOWORD(lParam), esi, TRUE
invoke GetClientRect, g_hwndStatusBar, addr rect
sub esi, TOP_INDENT
sub esi, rect.bottom
invoke MoveWindow, g_hwndEditDump, 0, TOP_INDENT, $LOWORD(lParam), esi, TRUE
invoke GetDlgItem, hDlg, IDC_LINE
mov ecx, lParam
and ecx, 0FFFFh ; width of dialog client area
sub ecx, 6
invoke MoveWindow, eax, 3, 23, ecx, 2, TRUE
.elseif eax == WM_INITDIALOG
; Initialize global variables
mrm g_hDlg, hDlg
invoke SetWindowText, hDlg, $CTA0("Physical Memory Browser")
; Set Dialog Icon
invoke LoadIcon, g_hInstance, IDI_ICON
invoke SendMessage, hDlg, WM_SETICON, ICON_BIG, eax
mov g_hwndEditAddress, $invoke(GetDlgItem, hDlg, IDE_ADDRESS)
; Thnx to James Brown for idea
invoke MaskEditControl, g_hwndEditAddress, $CTA0("0123456789abcdefABCDEF"), TRUE
invoke SendMessage, g_hwndEditAddress, EM_LIMITTEXT, 8, 0
invoke SendMessage, g_hwndEditAddress, WM_SETTEXT, 0, $CTA0("0")
mov g_hwndComboSize, $invoke(GetDlgItem, hDlg, IDCB_SIZE)
invoke SetFocus, g_hwndComboSize
invoke FillComboBox
mov g_hwndEditDump, $invoke(GetDlgItem, hDlg, IDE_DUMP)
invoke SendMessage, g_hwndEditDump, EM_SETLIMITTEXT, 65535, 0
mov g_hFontOld, $invoke(SendMessage, g_hwndEditDump, WM_GETFONT, 0, 0)
invoke GetObject, g_hFontOld, sizeof LOGFONT, addr lf
lea ecx, lf.lfFaceName
invoke lstrcpy, ecx, $CTA0("Courier New")
invoke CreateFontIndirect, addr lf
mov g_hFontNew, eax
invoke SendMessage, g_hwndEditDump, WM_SETFONT, g_hFontNew, FALSE
; Create status bar
mov g_hwndStatusBar, $invoke(CreateStatusWindow, WS_CHILD + WS_VISIBLE + SBS_SIZEGRIP, NULL, hDlg, 200)
invoke CheckRadioButton, hDlg, IDR_BYTE, IDR_DWORD, IDR_BYTE
; Add about menu
push ebx
invoke GetSystemMenu, hDlg, FALSE
mov ebx, eax
invoke InsertMenu, ebx, -1, MF_BYPOSITION + MF_SEPARATOR, 0, 0
invoke InsertMenu, ebx, -1, MF_BYPOSITION + MF_STRING, IDM_ABOUT, offset szAbout
pop ebx
; Tell the user how much physical memory he/she has
invoke MeasurePhysicalMemory
.elseif uMsg == WM_GETMINMAXINFO
mov ecx, lParam
mov (MINMAXINFO PTR [ecx]).ptMinTrackSize.x, 380
mov (MINMAXINFO PTR [ecx]).ptMinTrackSize.y, 150
.elseif uMsg == WM_DESTROY
invoke SendMessage, g_hwndEditDump, WM_SETFONT, g_hFontOld, FALSE
invoke DeleteObject, g_hFontNew
.elseif eax == WM_SYSCOMMAND
.if wParam == IDM_ABOUT
invoke MessageBox, hDlg, addr szWrittenBy, addr szAbout, MB_OK + MB_ICONINFORMATION
.endif
xor eax, eax
ret
.else
xor eax, eax
ret
.endif
xor eax, eax
inc eax
ret
DlgProc endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; start
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
start:
; Open physical memory device
invoke OpenPhysicalMemory
.if eax != NULL
mov g_hPhysMem, eax
invoke malloc, TEXT_BUFFER_SIZE
.if eax != NULL
mov g_pTextBuffer, eax
mov g_hInstance, $invoke(GetModuleHandle, NULL)
invoke DialogBoxParam, g_hInstance, IDD_MAIN, NULL, addr DlgProc, 0
.else
invoke MessageBox, NULL, $CTA0("Couldn't allocate memory buffer."), NULL, MB_OK + MB_ICONERROR
.endif
; Close physical memory device
invoke CloseHandle, g_hPhysMem
.else
invoke MessageBox, NULL, $CTA0("Couldn't open PhysicalMemory device."), NULL, MB_OK + MB_ICONERROR
.endif
invoke ExitProcess, 0
end start
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:make
set exe=PhysMemBrowser
set mod=PhysMemWorks
if exist %exe%.exe del %exe%.exe
if exist %exe%.obj del %exe%.obj
if exist %mod%.obj del %mod%.obj
\masm32\bin\ml /nologo /c /coff %mod%.asm
if errorlevel 0 goto makerc
echo.
pause
exit
:makerc
if exist rsrc.obj goto final
\masm32\bin\rc /v rsrc.rc
\masm32\bin\cvtres /machine:ix86 rsrc.res
if errorlevel 0 goto final
echo.
pause
exit
:final
if exist rsrc.res del rsrc.res
\masm32\bin\ml /nologo /c /coff %exe%.bat
\masm32\bin\link /nologo /subsystem:windows %exe%.obj %mod%.obj rsrc.obj
del %mod%.obj
del %exe%.obj
echo.
pause
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -