📄 memorybrowserformunit.pas
字号:
unit MemoryBrowserFormUnit;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,tlhelp32,
StdCtrls, Spin, ExtCtrls,CEFuncProc,symbolhandler, Menus,{$ifndef net}debugger,debugger2,{$endif}assemblerunit,disassembler,addressparser,
Buttons,imagehlp{$ifndef net},dissectcodethread{$endif}
{$ifdef netclient}
,NetAPIs
{$else}
,NewKernelHandler
{$endif}
;
type TEdit2= class( TEdit)
private
public
procedure wmMouseWheel (var Msg : TWMMouseWheel); message wm_MouseWheel;
end;
type TEdit3= class( TEdit)
private
public
procedure wmMouseWheel (var Msg : TWMMouseWheel); message wm_MouseWheel;
end;
type
TMemoryBrowser = class(TForm)
memorypopup: TPopupMenu;
Goto1: TMenuItem;
Timer1: TTimer;
debuggerpopup: TPopupMenu;
Timer2: TTimer;
Panel1: TPanel;
Panel4: TPanel;
MBCanvas: TPaintBox;
Replacewithnops1: TMenuItem;
Gotoaddress1: TMenuItem;
Protectlabel: TLabel;
Search1: TMenuItem;
Change1: TMenuItem;
Addthisaddresstothelist1: TMenuItem;
Addthisopcodetothecodelist1: TMenuItem;
N1: TMenuItem;
N2: TMenuItem;
Splitter1: TSplitter;
Panel5: TPanel;
ScrollBar1: TScrollBar;
Panel6: TPanel;
DisCanvas: TPaintBox;
Panel2: TPanel;
Label1: TLabel;
ScrollBar2: TScrollBar;
RegisterView: TPanel;
Splitter2: TSplitter;
MainMenu1: TMainMenu;
File1: TMenuItem;
Loadsymbolfile1: TMenuItem;
Debug1: TMenuItem;
Step1: TMenuItem;
StepOver1: TMenuItem;
Runtill1: TMenuItem;
Setbreakpoint1: TMenuItem;
View1: TMenuItem;
Stacktrace1: TMenuItem;
ScrollBox1: TScrollBox;
EAXLabel: TLabel;
EBXlabel: TLabel;
ECXlabel: TLabel;
EDXlabel: TLabel;
ESIlabel: TLabel;
EDIlabel: TLabel;
EBPlabel: TLabel;
ESPlabel: TLabel;
EIPlabel: TLabel;
CSLabel: TLabel;
DSLabel: TLabel;
SSlabel: TLabel;
ESlabel: TLabel;
FSlabel: TLabel;
GSlabel: TLabel;
cflabel: TLabel;
pflabel: TLabel;
aflabel: TLabel;
zflabel: TLabel;
sflabel: TLabel;
oflabel: TLabel;
Label14: TLabel;
Shape1: TShape;
Label15: TLabel;
Shape2: TShape;
Label16: TLabel;
Shape3: TShape;
Run1: TMenuItem;
Threadlist1: TMenuItem;
Assemble1: TMenuItem;
HexEdit: TEdit;
N3: TMenuItem;
Break1: TMenuItem;
Extra1: TMenuItem;
Reservememory1: TMenuItem;
Savedisassemledoutput1: TMenuItem;
Savememoryregion1: TMenuItem;
Loadmemolryregion1: TMenuItem;
N4: TMenuItem;
OpenMemory: TOpenDialog;
Debugstrings1: TMenuItem;
TextEdit: TEdit;
CreateThread1: TMenuItem;
MemoryRegions1: TMenuItem;
FillMemory1: TMenuItem;
Disectwindow1: TMenuItem;
SaveDialog1: TSaveDialog;
Heaps1: TMenuItem;
N5: TMenuItem;
N6: TMenuItem;
EnumeratedllsandSymbols1: TMenuItem;
InjectDLL1: TMenuItem;
OpenDllDialog: TOpenDialog;
AutoInject1: TMenuItem;
Dissectcode1: TMenuItem;
Createjumptocodecave1: TMenuItem;
N7: TMenuItem;
N8: TMenuItem;
Findstaticpointers1: TMenuItem;
Scanforcodecaves1: TMenuItem;
Changestateofregisteratthislocation1: TMenuItem;
ogglebreakpoint1: TMenuItem;
N9: TMenuItem;
Breakpointlist1: TMenuItem;
Makepagewritable1: TMenuItem;
Dissectdata1: TMenuItem;
N10: TMenuItem;
Showsymbols1: TMenuItem;
Dissectdata2: TMenuItem;
N11: TMenuItem;
N12: TMenuItem;
Showmoduleaddresses1: TMenuItem;
Symbolhandler1: TMenuItem;
Kerneltools1: TMenuItem;
Allocatenonpagedmemory1: TMenuItem;
Getaddress1: TMenuItem;
procedure Button4Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Splitter1Moved(Sender: TObject);
procedure FormShow(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure Goto1Click(Sender: TObject);
procedure FormResize(Sender: TObject);
procedure MemoryLabelClick(Sender: TObject);
procedure MBCanvasPaint(Sender: TObject);
procedure Timer2Timer(Sender: TObject);
procedure MBCanvasMouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure MBCanvasMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure MBCanvasDblClick(Sender: TObject);
procedure Panel2Resize(Sender: TObject);
procedure DisCanvasPaint(Sender: TObject);
procedure DisCanvasMouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure ScrollBar1Change(Sender: TObject);
procedure ScrollBar1Scroll(Sender: TObject; ScrollCode: TScrollCode;
var ScrollPos: Integer);
procedure ScrollBar1KeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure ScrollBar1Enter(Sender: TObject);
procedure memorypopupPopup(Sender: TObject);
procedure Replacewithnops1Click(Sender: TObject);
procedure Panel4Enter(Sender: TObject);
procedure Panel4MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure FControl2KeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure FControl2KeyPress(Sender: TObject; var Key: Char);
procedure FControl2Enter(Sender: TObject);
procedure FControl2Exit(Sender: TObject);
procedure FControl1Enter(Sender: TObject);
procedure FControl1Exit(Sender: TObject);
procedure Panel2MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Button4MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Button6MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Button7MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Panel5MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure FControl1KeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure FControl1KeyPress(Sender: TObject; var Key: Char);
procedure Panel5Resize(Sender: TObject);
procedure Gotoaddress1Click(Sender: TObject);
procedure Search1Click(Sender: TObject);
procedure Change1Click(Sender: TObject);
procedure Addthisaddresstothelist1Click(Sender: TObject);
procedure Addthisopcodetothecodelist1Click(Sender: TObject);
procedure Splitter1CanResize(Sender: TObject; var NewSize: Integer;
var Accept: Boolean);
procedure Panel4Resize(Sender: TObject);
procedure ScrollBar2Scroll(Sender: TObject; ScrollCode: TScrollCode;
var ScrollPos: Integer);
procedure Setbreakpoint1Click(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Run1Click(Sender: TObject);
procedure Step1Click(Sender: TObject);
procedure StepOver1Click(Sender: TObject);
procedure Runtill1Click(Sender: TObject);
procedure Stacktrace1Click(Sender: TObject);
procedure Threadlist1Click(Sender: TObject);
procedure Assemble1Click(Sender: TObject);
procedure DisCanvasDblClick(Sender: TObject);
procedure HexEditKeyPress(Sender: TObject; var Key: Char);
procedure HexEditExit(Sender: TObject);
procedure HexEditKeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure EAXLabelDblClick(Sender: TObject);
procedure Break1Click(Sender: TObject);
procedure Reservememory1Click(Sender: TObject);
procedure Savememoryregion1Click(Sender: TObject);
procedure Loadmemolryregion1Click(Sender: TObject);
procedure HexEditDblClick(Sender: TObject);
procedure Debugstrings1Click(Sender: TObject);
procedure TextEditExit(Sender: TObject);
procedure TextEditKeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure CreateThread1Click(Sender: TObject);
procedure MemoryRegions1Click(Sender: TObject);
procedure TextEditKeyPress(Sender: TObject; var Key: Char);
procedure FillMemory1Click(Sender: TObject);
procedure Disectwindow1Click(Sender: TObject);
procedure Savedisassemledoutput1Click(Sender: TObject);
procedure Heaps1Click(Sender: TObject);
procedure EnumeratedllsandSymbols1Click(Sender: TObject);
procedure InjectDLL1Click(Sender: TObject);
procedure AutoInject1Click(Sender: TObject);
procedure Dissectcode1Click(Sender: TObject);
procedure Createjumptocodecave1Click(Sender: TObject);
procedure Findstaticpointers1Click(Sender: TObject);
procedure Scanforcodecaves1Click(Sender: TObject);
procedure Changestateofregisteratthislocation1Click(Sender: TObject);
procedure ogglebreakpoint1Click(Sender: TObject);
procedure Breakpointlist1Click(Sender: TObject);
procedure Makepagewritable1Click(Sender: TObject);
procedure Dissectdata1Click(Sender: TObject);
procedure Showsymbols1Click(Sender: TObject);
procedure Dissectdata2Click(Sender: TObject);
procedure Showmoduleaddresses1Click(Sender: TObject);
procedure Symbolhandler1Click(Sender: TObject);
procedure Allocatenonpagedmemory1Click(Sender: TObject);
procedure Getaddress1Click(Sender: TObject);
private
{ Private declarations }
editing: boolean;
editing2: boolean;
srow,scolumn: integer;
bytestoshow: integer;
bytelength: integer;
MBImage: TBitmap;
DisImage: TBitmap;
memorylabelcount: integer;
addresslabelcount: integer;
addresslabel: array of TLabel;
memorylabel: array of TLabel; //hex
memoryLabelA: array of TLabel; //ascii
MemoryLabelVerticalLines: integer; //number of rows
MemoryLabelHorizontalLines: Integer; //the number of lines
addressestext: array of string[8];
memorytext: array of string[2];
memorystring: array of string;
lengthof8bytes: Integer;
textheight: integer;
lines: integer;
oldlines: integer;
Highlightcolor: Tcolor;
numberofaddresses: integer;
disassemblerlines : array of record
address: dword;
disassembled: string;
description: string;
end;
part: integer;
{$ifndef net}
dissectcode: TDissectCodeThread;
{$endif}
lastmodulelistupdate: integer;
procedure UpdateRWAddress(disasm: string);
procedure WMGetMinMaxInfo(var Message: TMessage); message WM_GETMINMAXINFO;
public
{ Public declarations }
FSymbolsLoaded: Boolean;
Disassembleraddress: dword;
memoryaddress: dword;
thhandle: Thandle;
EAXv: dword;
EBXv: dword;
ECXv: dword;
EDXv: dword;
ESIv: dword;
EDIv: dword;
EBPv: dword;
ESPv: dword;
EIPv: dword;
FControl1: TEdit3;
FControl2:Tedit2;
rows8: integer;
disassembler: boolean;
selected,selected2: dword;
dselected,dselected2: dword;
procedure UpdateBPlist;
procedure UpdateRegisterview;
procedure RefreshMB;
procedure updatedisassemblerview;
procedure AssemblePopup(x: string);
end;
var
MemoryBrowser: TMemoryBrowser;
implementation
uses Valuechange,
{$ifdef net}
unit2,
addformunit,
{$else}
Mainunit,
{$endif}
{$ifndef net}
AddAddress,
findwindowunit,
frmstacktraceunit,
frmBreakThreadUnit,
FormDebugStringsUnit,
frmDissectWindowUnit,
frmEnumerateDLLsUnit,
frmThreadlistunit,
formmemoryregionsunit,
frmHeapsUnit,
frmFindstaticsUnit,
frmModifyRegistersUnit,
frmBreakpointlistunit,
savedisassemblyfrm,
{$endif}
advancedoptionsunit,
frmautoinjectunit,
formsettingsunit,
frmSaveMemoryRegionUnit,
frmLoadMemoryunit,
inputboxtopunit,
formAddToCodeList,
frmFillMemoryUnit, frmCodecaveScannerUnit{$ifndef net},symbolconfigunit,Structuresfrm,dissectcodeunit,pointerscannerfrm{$endif}
, FoundCodeUnit;
{$R *.DFM}
procedure TEdit2.wmMouseWheel (var Msg : TWMMouseWheel);
begin
with MemoryBrowser do
begin
if msg.WheelDelta>0 then
MemoryBrowser.memoryaddress:=MemoryBrowser.memoryaddress-(8*rows8*4)
else
MemoryBrowser.memoryaddress:=MemoryBrowser.memoryaddress+(8*rows8*4);
MemoryBrowser.refreshMB;
end;
end;
procedure TEdit3.wmMouseWheel (var Msg : TWMMouseWheel);
begin
with MemoryBrowser do
begin
if msg.WheelDelta>0 then
disassembleraddress:=previousopcode(disassembleraddress) //up
else
disassemble(disassembleraddress); //down
MemoryBrowser.updatedisassemblerview;
end;
end;
procedure TMemoryBrowser.WMGetMinMaxInfo(var Message: TMessage);
var MMInfo: ^MINMAXINFO;
begin
if panel1.visible then
begin
MMInfo:=ptr(message.LParam);
MMInfo.ptMinTrackSize:=point(340,panel1.Height+100);
end
else
begin
MMInfo:=ptr(message.LParam);
MMInfo.ptMinTrackSize:=point(340,100);
end;
end;
procedure TMemoryBrowser.UpdateBPlist;
begin
{$ifndef net}
if frmBreakpointlist<>nil then
frmBreakpointlist.updatebplist;
{$endif}
end;
procedure TMemoryBrowser.UpdateRegisterview;
begin
//removed till 3.3
end;
procedure TMemoryBrowser.UpdateRWAddress(disasm: string);
var seperator: integer;
fb: integer;
nb: integer;
address: string;
offset:dword;
begin
//find out if it is a read or write
//label1.Caption:='';
seperator:=pos(',',disasm);
if seperator>0 then
begin
fb:=pos('[',disasm);
nb:=pos(']',disasm);
if nb>fb then
begin
//if fb<seperator then label1.Font.Color:=clRed //write
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -