📄 objexp.bat
字号:
; -1 - Clear Status Bar
local dwErrorId:DWORD
pushfd
pushad
mov ebx, g_hwndStatusBar
.if pError == NULL
invoke GetLastError
invoke FormatMessage, FORMAT_MESSAGE_FROM_SYSTEM, NULL,\
eax, SUBLANG_DEFAULT SHL 10 + LANG_NEUTRAL, \
offset g_acErrorDescription, sizeof g_acErrorDescription, NULL
.if eax != 0
invoke SendMessage, ebx, SB_SETTEXT, 0, offset g_acErrorDescription
.else
invoke SendMessage, ebx, SB_SETTEXT, 0, $CTA0("Error number not found.")
.endif
.elseif pError == -1
invoke SendMessage, ebx, SB_SETTEXT, 0, NULL
.else
invoke SendMessage, ebx, SB_SETTEXT, 0, pError
.endif
popad
popfd
ret
ErrorToStatusBar endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; LoadHeaderBitmap
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
LoadHeaderBitmap proc
invoke LoadImage, g_hInstance, IDI_DOWN, IMAGE_BITMAP, \
CX_HEADERBITMAP, CY_HEADERBITMAP, LR_LOADMAP3DCOLORS
mov g_hbmpHeaderArrowDown, eax
invoke LoadImage, g_hInstance, IDI_UP, IMAGE_BITMAP, \
CX_HEADERBITMAP, CY_HEADERBITMAP, LR_LOADMAP3DCOLORS
mov g_hbmpHeaderArrowUp, eax
ret
LoadHeaderBitmap endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; DeleteHeaderBitmap
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DeleteHeaderBitmap proc
invoke DeleteObject, g_hbmpHeaderArrowDown
invoke DeleteObject, g_hbmpHeaderArrowUp
ret
DeleteHeaderBitmap endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; ImageToHeaderItem
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ImageToHeaderItem proc uses esi hwndHeader:HWND, uColumn:UINT, hbmp:HBITMAP
; hbmp == NULL: Remove bitmap
local hdi:HD_ITEM
lea esi, hdi
assume esi:ptr HD_ITEM
mov [esi].imask, HDI_FORMAT
Header_GetItem hwndHeader, uColumn, esi
.if hbmp != NULL
mov [esi].imask, HDI_FORMAT + HDI_BITMAP
or [esi].fmt, HDF_BITMAP + HDF_BITMAP_ON_RIGHT
mrm [esi].hbm, hbmp
.else
mov [esi].imask, HDI_FORMAT
and [esi].fmt, not HDF_BITMAP
.endif
Header_SetItem hwndHeader, uColumn, esi
assume esi:nothing
ret
ImageToHeaderItem endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; ltomonth
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
POINTERS SEGMENT
g_apszMonthNames label LPSTR
LPSTR $CTA0("Jan")
LPSTR $CTA0("Feb")
LPSTR $CTA0("Mar")
LPSTR $CTA0("Apr")
LPSTR $CTA0("May")
LPSTR $CTA0("Jun")
LPSTR $CTA0("Jul")
LPSTR $CTA0("Aug")
LPSTR $CTA0("Sep")
LPSTR $CTA0("Oct")
LPSTR $CTA0("Nov")
LPSTR $CTA0("Dec")
g_cbMonthNames equ $-g_apszMonthNames
POINTERS ENDS
.code
ltomonth proc uMonth:UINT, pacMonth:LPSTR
mov eax, uMonth
assume eax:SDWORD
.if ( eax > 0 ) && ( eax <= 12 )
dec eax ; make it zero based
shl eax, 2 ; * sizeof LPSTR
invoke lstrcpy, pacMonth, g_apszMonthNames[eax]
.endif
assume eax:nothing
ret
ltomonth endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; PropertyDialogProc
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
PropertyDialogProc proc uses esi edi ebx hDlg:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
;local as:ANSI_STRING
local buffer[512]:CHAR
local ft:FILETIME
local syst:SYSTEMTIME
local acMonth[8]:CHAR
local oa:OBJECT_ATTRIBUTES
local hSymbolicLink:HANDLE
.if uMsg == WM_INITDIALOG
mov eax, lParam ; -> PROPSHEETPAGE
mov esi, (PROPSHEETPAGE PTR [eax]).lParam ; -> OBJECT_INFORMATION
assume esi:ptr OBJECT_INFORMATION
comment ^
lea edi, as
assume edi:ptr ANSI_STRING
and [edi]._Length, 0
mov [edi].MaximumLength, sizeof buffer
lea eax, buffer
mov [edi].Buffer, eax
invoke RtlUnicodeStringToAnsiString, edi, addr [esi]._Name, FALSE
; invoke SetDlgItemText, ebx, IDC_PROP_OBJ_NAME, [edi].Buffer
^
mov edi, [esi]._Name.Buffer
invoke wcscmp, edi, addr g_uszBackSlash ; is it root directory ?
.if eax != 0
; Scan full object path name and find name
.while TRUE
invoke wcschr, edi, 05Ch ; find L"\"
.break .if eax == NULL
inc eax
inc eax ; skeep L"\"
mov edi, eax
.endw
.endif
mov ebx, hDlg
; edi -> Object Name
invoke SetDlgItemTextW, ebx, IDC_PROP_OBJ_NAME, edi
; invoke SetDlgItemTextW, ebx, IDC_PROP_OBJ_NAME, [esi]._Name.Buffer
invoke SetDlgItemTextW, ebx, IDS_PROP_OBJ_TYPE_NAME, [esi].TypeName.Buffer
lea edi, buffer
and dword ptr [edi], 0
mov ebx, [esi].BasicInformation.Attributes
.if ebx == 0
mov byte ptr [edi], '-'
.else
.if ( ebx & HANDLE_FLAG_INHERIT )
invoke lstrcpy, edi, $CTA0(" Inherited")
.endif
.if ( ebx & HANDLE_FLAG_PROTECT_FROM_CLOSE )
invoke lstrcat, edi, $CTA0(" Protected from close")
.endif
.if ( ebx & PERMANENT )
invoke lstrcat, edi, $CTA0(" Permanent")
.endif
.if ( ebx & EXCLUSIVE )
invoke lstrcat, edi, $CTA0(" Exclusive")
.endif
.endif
mov ebx, hDlg
invoke SetDlgItemText, ebx, IDS_PROP_OBJ_ATTR, edi
invoke wsprintf, edi, addr g_szDecFmt, [esi].BasicInformation.HandleCount
invoke SetDlgItemText, ebx, IDS_PROP_HANDLES, edi
invoke wsprintf, edi, addr g_szDecFmt, [esi].BasicInformation.PointerCount
invoke SetDlgItemText, ebx, IDS_PROP_REFERENCES, edi
invoke wsprintf, edi, addr g_szDecFmt, [esi].BasicInformation.PagedPoolUsage
invoke SetDlgItemText, ebx, IDS_PROP_PAGED_QUOTA, edi
invoke wsprintf, edi, addr g_szDecFmt, [esi].BasicInformation.NonPagedPoolUsage
invoke SetDlgItemText, ebx, IDS_PROP_NONPAGED_QUOTA, edi
; Show specific windows
invoke SendDlgItemMessage, ebx, IDG_PROP_OBJ_SPECIFIC_DETAILS, WM_SHOWWINDOW, TRUE, 0
invoke SendDlgItemMessage, ebx, IDS_PROP_CREATION_TIME_LABEL, WM_SHOWWINDOW, TRUE, 0
invoke SendDlgItemMessage, ebx, IDS_PROP_CREATION_TIME, WM_SHOWWINDOW, TRUE, 0
invoke SendDlgItemMessage, ebx, IDS_PROP_SPECIFIC_INFO1_LABEL, WM_SHOWWINDOW, TRUE, 0
invoke SendDlgItemMessage, ebx, IDS_PROP_SPECIFIC_INFO1, WM_SHOWWINDOW, TRUE, 0
.if [esi].ObjectTypeIndex == IMG_ID_SYMBOLIC_LINK
; Set group box caption
invoke SetDlgItemText, ebx, IDG_PROP_OBJ_SPECIFIC_DETAILS, $CTA0("SymbolicLink Specific Details")
; SymbolicLink creation time
invoke FileTimeToLocalFileTime, addr [esi].BasicInformation.CreateTime, addr ft
invoke FileTimeToSystemTime, addr ft, addr syst
movzx eax, syst.wYear
push eax
movzx ecx, syst.wMonth
invoke ltomonth, ecx, addr acMonth
lea eax, acMonth
push eax
movzx eax, syst.wDay
push eax
movzx eax, syst.wSecond
push eax
movzx eax, syst.wMinute
push eax
movzx eax, syst.wHour
push eax
push $CTA0("%d:%02d:%02d, %d %s %d")
push edi
call wsprintf
add esp, 20h
invoke SetDlgItemText, ebx, IDS_PROP_CREATION_TIME, edi
; SymbolicLink links to
Fix Get link more optimized way
push esi
lea ecx, oa
lea edx, [esi]._Name
InitializeObjectAttributes ecx, edx, OBJ_CASE_INSENSITIVE, NULL, NULL
invoke ZwOpenSymbolicLinkObject, addr hSymbolicLink, SYMBOLIC_LINK_QUERY, addr oa
.if eax == STATUS_SUCCESS
invoke malloc, 1000h
.if eax != NULL
mov esi, eax
assume esi:ptr UNICODE_STRING
and [esi]._Length, 0
mov [esi].MaximumLength, 1000h - sizeof UNICODE_STRING
lea eax, [esi][sizeof UNICODE_STRING]
mov [esi].Buffer, eax
push ecx
invoke ZwQuerySymbolicLinkObject, hSymbolicLink, esi, esp
pop ecx
.if eax == STATUS_SUCCESS
invoke SetDlgItemText, ebx, IDS_PROP_SPECIFIC_INFO1_LABEL, $CTA0("Links to:")
invoke SetDlgItemTextW, ebx, IDS_PROP_SPECIFIC_INFO1, [esi].Buffer
.endif
invoke free, esi
assume esi:nothing
.endif
invoke ZwClose, hSymbolicLink
.endif
pop esi
.else
; No specific info for this object -> Hide specific windows
invoke ShowWindow, $invoke(GetDlgItem, ebx, IDG_PROP_OBJ_SPECIFIC_DETAILS), SW_HIDE
invoke ShowWindow, $invoke(GetDlgItem, ebx, IDS_PROP_CREATION_TIME_LABEL), SW_HIDE
invoke ShowWindow, $invoke(GetDlgItem, ebx, IDS_PROP_CREATION_TIME), SW_HIDE
invoke ShowWindow, $invoke(GetDlgItem, ebx, IDS_PROP_SPECIFIC_INFO1_LABEL), SW_HIDE
invoke ShowWindow, $invoke(GetDlgItem, ebx, IDS_PROP_SPECIFIC_INFO1), SW_HIDE
; invoke SendDlgItemMessage, ebx, IDG_PROP_OBJ_SPECIFIC_DETAILS, WM_SHOWWINDOW, FALSE, 0
; invoke SendDlgItemMessage, ebx, IDS_PROP_CREATION_TIME_LABEL, WM_SHOWWINDOW, FALSE, 0
; invoke SendDlgItemMessage, ebx, IDS_PROP_CREATION_TIME, WM_SHOWWINDOW, FALSE, 0
.endif
assume esi:nothing
.else
xor eax, eax
ret
.endif
xor eax, eax
inc eax
ret
PropertyDialogProc endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; OpenObject
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
OpenObject proc uses esi edi ebx puszObjectPath:LPWSTR, uObjectTypeIndex:UINT
; Returns object handle or NULL on errors
local status:NTSTATUS
local oa:OBJECT_ATTRIBUTES
local us:UNICODE_STRING
local hObject:HANDLE
local awcMessage[512]:WCHAR
local iosb:IO_STATUS_BLOCK
local acFileName[MAX_PATH]:WCHAR
; and hObject, NULL ; assume unsuccess
invoke RtlInitUnicodeString, addr us, puszObjectPath
lea esi, oa
lea edx, us
InitializeObjectAttributes esi, edx, OBJ_CASE_INSENSITIVE, NULL, NULL
lea edi, hObject
mov eax, uObjectTypeIndex
.if eax == IMG_ID_DIRECTORY
invoke ZwOpenDirectoryObject, edi, DIRECTORY_QUERY, esi
.elseif eax == IMG_ID_EVENT
invoke ZwOpenEvent, edi, EVENT_QUERY_STATE, esi ; EVENT_ALL_ACCESS
.elseif eax == IMG_ID_FILE
invoke ZwOpenFile, edi, FILE_READ_ACCESS, esi, addr iosb, FILE_SHARE_READ + FILE_SHARE_WRITE + FILE_SHARE_DELETE, 0
.elseif eax == IMG_ID_KEY
invoke ZwOpenKey, edi, KEY_QUERY_VALUE, esi ; KEY_ALL_ACCESS
.elseif eax == IMG_ID_MUTANT
invoke ZwOpenMutant, edi, MUTANT_QUERY_STATE, esi ; MUTANT_ALL_ACCESS
.elseif eax == IMG_ID_SECTION
invoke ZwOpenSection, edi, SECTION_QUERY, esi ; SECTION_ALL_ACCESS
.elseif eax == IMG_ID_SEMAPHORE
invoke ZwOpenSemaphore, edi, SEMAPHORE_QUERY_STATE, esi ; SEMAPHORE_ALL_ACCESS
.elseif eax == IMG_ID_SYMBOLIC_LINK
invoke ZwOpenSymbolicLinkObject, edi, SYMBOLIC_LINK_QUERY, esi ; SYMBOLIC_LINK_ALL_ACCESS
.elseif eax == IMG_ID_TIMER
invoke ZwOpenTimer, edi, TIMER_QUERY_STATE, esi ; TIMER_ALL_ACCESS
.else
mov eax, STATUS_UNSUCCESSFUL
.endif
.if eax != STATUS_SUCCESS
mov ebx, PFN_ID_MAX
.while ebx
dec ebx
invoke pproto03 ptr g_apfnZwOpenXxx[ebx * sizeof LPVOID], edi, 1, esi ; XXX_QUERY_XXX
.break .if eax == STATUS_SUCCESS
.endw
.if eax != STATUS_SUCCESS
invoke ZwOpenFile, edi, FILE_READ_ACCESS, esi, addr iosb, FILE_SHARE_READ + FILE_SHARE_WRITE + FILE_SHARE_DELETE, 0
.endif
.if eax != STATUS_SUCCESS
Fix \\\\\\\\.\\\\\\
invoke wsprintfW, addr acFileName, $CTW0("\\\\.\\%s"), puszObjectPath
invoke CreateFileW, addr acFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL
.if eax != INVALID_HANDLE_VALUE
mov hObject, eax
xor eax, eax ; STATUS_SUCCESS
.endif
.endif
.endif
.if eax == STATUS_SUCCESS
mov eax, hObject
.else
invoke wsprintfW, addr awcMessage, $CTW0("Could't open %s object"), puszObjectPath
invoke GetFocus
push eax
; invoke wcscpy, addr awcMessage, $CTW0("Couldn't open ")
; invoke wcscat, addr awcMessage, puszObjectPath
; invoke wcscat, addr awcMessage, $CTW0(" object.")
invoke MessageBoxW, g_hWnd, addr awcMessage, NULL, MB_ICONERROR
call SetFocus
xor eax, eax ; Return NULL
.endif
ret
OpenObject endp
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; OpenSelectedObject
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
OpenSelectedObject proc uses esi ebx
; If TreeView has focus fetches object path from associated tree view lParam
; If ListView has focus fetches object path from associated list view lParam
; and calls OpenObject to open it
; Returns object handle or NULL on errors
local tvi:TV_ITEM
local lvi:LV_ITEM
local iSelectedItem:UINT
local buffer[256]:CHAR
invoke GetFocus
.if eax == g_hwndListView
lea esi, lvi
assume esi:ptr LV_ITEM
; Get object type
mov [esi].imask, LVIF_TEXT
ListView_GetNextItem g_hwndListView, -1, LVNI_SELECTED
.if eax != -1
mov iSelectedItem, eax
mov [esi].iItem, eax
mov [esi].iSubItem, 1
lea eax, buffer
mov [esi].pszText, eax
mov [esi].cchTextMax, sizeof buffer
invoke SendMessage, g_hwndListView, LVM_GETITEMW, 0, esi
xor ebx, ebx ; undex
.while TRUE
; Which type ?
; invoke wcscmp, addr buffer, g_apuszObjectTypeNames[ebx]
invoke _wcsicmp, addr buffer, g_apuszObjectTypeNames[ebx]
.if eax == 0
shr ebx, 2 ; / sizeof LPWSTR = object type index
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -