📄 memorybrowserformunit.pas
字号:
// else label1.font.color:=clGreen; //read
address:=copy(disasm,fb+1,nb-fb-1);
try
offset:=getaddress(address);
except
end;
//label1.Caption:=IntToHex(offset,8);
end;
end;
end;
procedure TMemoryBrowser.Button4Click(Sender: TObject);
begin
{$ifndef net}
debuggerthread.howtocontinue:=1;
debuggerthread.stepping:=false;
memorybrowser.Caption:='Advanced - Debug:Stepping';
{$endif}
end;
procedure TMemoryBrowser.Button2Click(Sender: TObject);
begin
{$ifndef net}
debuggerthread.howtocontinue:=0;
debuggerthread.stepping:=false;
memorybrowser.Caption:='Advanced - Debug:Running';
{$endif}
end;
procedure TMemoryBrowser.Splitter1Moved(Sender: TObject);
begin
// updatememoryview;
updatedisassemblerview;
end;
procedure TMemoryBrowser.FormShow(Sender: TObject);
begin
updatedisassemblerview;
mbimage.Width:=0; //clear the image
mbimage.Width:=clientwidth;
RefreshMB;
{$ifdef net}
registerview.Visible:=false;
stacktrace1.Visible:=false;
breakpointlist1.Visible:=false;
threadlist1.Visible:=false;
debugstrings1.Visible:=false;
n5.Visible:=false;
memoryregions1.Visible:=false;
heaps1.Visible:=false;
n6.Visible:=false;
enumeratedllsandsymbols1.Visible:=false;
n10.visible:=false;
showsymbols1.Visible:=false;
showmoduleaddresses1.Visible:=false;
symbolhandler1.Visible:=false;
debug1.Visible:=false;
view1.Visible:=false;
scanforcodecaves1.Visible:=false;
reservememory1.Visible:=false;
fillmemory1.Visible:=false;
createthread1.Visible:=false;
n8.visible:=false;
injectdll1.visible:=false;
search1.Visible:=false;
Changestateofregisteratthislocation1.Visible:=false;
ogglebreakpoint1.Visible:=false;
n9.Visible:=false;
dissectcode1.Visible:=false;
dissectdata2.visible:=false;
disectwindow1.visible:=false;
n12.visible:=false;
dissectdata1.Visible:=false;
findstaticpointers1.Visible:=false;
n11.Visible:=true;
injectdll1.Visible:=false;
autoinject1.Visible:=true;
{$endif}
end;
procedure TMemoryBrowser.FormCreate(Sender: TObject);
begin
disassembler:=true;
fcontrol1:=tedit3.create(self);
fcontrol1.width:=0;
fcontrol1.Height:=0;
fcontrol1.parent:=self;
fcontrol1.OnEnter:=FControl1Enter;
fcontrol1.onexit:=FControl1Exit;
fcontrol1.onKeydown:=FControl1keydown;
fcontrol1.onkeypress:=FControl1keypress;
fcontrol1.PopupMenu:=mainform.emptypopup;
fcontrol1.sendtoback;
fcontrol2:=tedit2.create(self);
fcontrol2.Width:=0;
fcontrol2.Height:=0;
fcontrol2.parent:=self;
fcontrol2.OnEnter:=FControl2Enter;
fcontrol2.onexit:=FControl2Exit;
fcontrol2.onKeydown:=FControl2keydown;
fcontrol2.onkeypress:=FControl2keypress;
fcontrol2.PopupMenu:=mainform.emptypopup;
fcontrol2.SendToBack;
bytestoshow:=3;
disassembleraddress:=$00400000; //debug
MBImage:=TBitmap.Create;
MBImage.Canvas.Brush.Color:=clBtnFace;
MBImage.Width:=mbcanvas.Width*3;
MBImage.Height:=MBCanvas.Height*3;
MBImage.Canvas.Font.Name:='Courier';
textheight:=MBImage.Canvas.TextHeight('||||');
bytelength:=MBImage.Canvas.TextWidth(' ');
DisImage:=TBitmap.create;
DisImage.Canvas.Brush.Color:=clBtnFace;
DisImage.Width:=1024; //there's no way that the text ever goes over this
DisImage.Height:=MBCanvas.Height+textheight+10;
DisImage.Canvas.Font.Name:='Courier';
memoryaddress:=$00400000;
memorylabelcount:=0;
Highlightcolor:=clHighlight;
end;
procedure TMemoryBrowser.Goto1Click(Sender: TObject);
var newaddress: string;
begin
newaddress:=inputbox('Goto Address','Fill in the address you want to go to',IntTohex(memoryaddress,8));
memoryaddress:=getaddress(newaddress);
RefreshMB;
end;
procedure TMemoryBrowser.FormResize(Sender: TObject);
begin
mbimage.Width:=0;
mbimage.height:=0;
mbimage.Width:=mbcanvas.Width;
mbimage.Height:=mbcanvas.Height;
refreshmb;
updatedisassemblerview;
end;
procedure TMemoryBrowser.MemoryLabelClick(Sender: TObject);
var address: dword;
begin
address:=memoryaddress+(sender as TLabel).Tag;
showmessage(inttohex(address,8));
end;
procedure TMemoryBrowser.MBCanvasPaint(Sender: TObject);
var cr: Trect;
begin
cr:=mbcanvas.Canvas.ClipRect;
mbcanvas.Canvas.CopyRect(cr,mbimage.Canvas,cr);
end;
procedure TMemoryBrowser.Timer2Timer(Sender: TObject);
begin
if memorybrowser.Visible then
begin
refreshMB;
updatedisassemblerview;
//refresh the modulelist
lastmodulelistupdate:=(lastmodulelistupdate+1) mod 10;
if lastmodulelistupdate=0 then
symhandler.loadmodulelist;
end;
end;
procedure TMemoryBrowser.RefreshMB;
var i: integer;
j,k: integer;
currentaddress: string[8];
bts: string[2];
start: integer;
stop: integer;
needed: integer;
available: integer;
rowsof8: integer;
teststr: string;
p: pchar;
a: int64;
range1ok: boolean;
range1start: dword;
range1length: dword;
range2ok: boolean;
range2start: dword;
range2length: dword;
buffer: array of byte;
bt: byte;
bytesread: dword;
rct: Trect;
mbi : _MEMORY_BASIC_INFORMATION;
range1module: tmoduleinfo;
range2module: tmoduleinfo;
module1ok,module2ok: boolean;
s: string;
begin
//find the address in the module list
k:=0;
MBCanvas.Canvas.Font:=MBImage.Canvas.Font;
if length(addressestext)<((mbcanvas.Height-5) div (TextHeight))+2 then //resync
begin
setlength(addressestext,0);
setlength(addressestext,((mbcanvas.Height-5) div (TextHeight))+2);
setlength(memorystring,0);
setlength(memorystring,((mbcanvas.Height-5) div (TextHeight))+2);
end;
start:=20+mbimage.Canvas.TextWidth('00400000');
rowsof8:=0;
needed:=0;
available:=mbcanvas.Width-(start+20*rowsof8)-mbimage.Canvas.TextWidth('??');
while available>(needed) do
begin
inc(rowsof8);
teststr:='';
for i:=1 to rowsof8 do teststr:=teststr+'????????';
needed:=10+mbcanvas.Canvas.TextWidth(teststr);
available:=mbcanvas.Width-(start+20*((8*rowsof8)-1))-mbcanvas.Canvas.TextWidth('??');
end;
dec(rowsof8);
rows8:=rowsof8;
if length(memorytext)<8*rowsof8 then
begin
setlength(memorytext,0);
setlength(memorytext,8*rowsof8+1);
end;
//fill local array
setlength(buffer,(((mbcanvas.Height-5) div (TextHeight))+1)*(8*rowsof8)+257);
range1start:=memoryaddress;
range1length:=2048-(range1start mod 2048);
if range1length>((((mbcanvas.Height-5) div (TextHeight))+1)*(8*rowsof8)) then range1length:=((((mbcanvas.Height-5) div (TextHeight))+1)*(8*rowsof8));
// range1length:=(range1start+(((mbcanvas.Height-5) div (TextHeight))+1)*(8*rowsof8));// mod 2048;
range2start:=range1start+range1length;
range2length:=((((mbcanvas.Height-5) div (TextHeight))+1)*(8*rowsof8))-range1length;
//get the modules (if they have any)
module1ok:=symhandler.getmodulebyaddress(range1start,range1module);
module2ok:=symhandler.getmodulebyaddress(range2start,range2module);
zeromemory(@buffer[0],length(buffer));
range1ok:=readprocessmemory(processhandle,pointer(range1start),@buffer[0],range1length,bytesread);
if range2length>0 then range2ok:=readprocessmemory(processhandle,pointer(range2start),@buffer[range1length],range2length,bytesread) else range2ok:=false;
for i:=0 to ((mbcanvas.Height-5) div (TextHeight))+1 do
begin
//addresses
mbcanvas.Canvas.font.Color:=clwindowtext;
mbimage.Canvas.font.Color:=clwindowtext;
currentaddress:=IntToHex(dword(memoryaddress+i*8*rowsof8),8);
mbcanvas.Canvas.TextOut(10,5+i*TextHeight+2,currentaddress);
mbimage.Canvas.TextOut(10,5+i*TextHeight+2,currentaddress);
if addressestext[i]<>currentaddress then
begin
addressestext[i]:=currentaddress;
end;
//bytes
teststr:='';
p:=pointer(memoryaddress+i*8*rowsof8);
a:=memoryaddress+i*8*rowsof8;
for j:=0 to (8*rowsof8)-1 do
begin
if a<int64(int64(range1start)+int64(range1length)) then
begin
if range1ok then
begin
//readable
if (module1ok) then
begin
mbcanvas.Canvas.font.Color:=clgreen;
mbimage.Canvas.font.Color:=clgreen;
end
else
begin
mbcanvas.Canvas.font.Color:=clwindowtext;
mbimage.Canvas.font.Color:=clwindowtext;
end;
bts:=IntToHex(buffer[j+(i*8*rowsof8)],2);
mbcanvas.Canvas.TextOut(start+20*j,5+i*textHeight+2,bts);
mbimage.Canvas.TextOut(start+20*j,5+i*textHeight+2,bts);
if buffer[j+(i*8*rowsof8)]<$20 then teststr:=teststr+' ' else
teststr:=teststr+chr(buffer[j+(i*8*rowsof8)]);
end
else
begin
//unreadable
mbcanvas.Canvas.font.Color:=clwindowtext;
mbimage.Canvas.font.Color:=clwindowtext;
mbcanvas.Canvas.TextOut(start+20*j,5+i*textHeight+2,'??');
mbimage.Canvas.TextOut(start+20*j,5+i*textHeight+2,'??');
teststr:=teststr+'?';
end;
end
else
begin
//range 2
if range2ok then
begin
if (module2ok) then
begin
mbcanvas.Canvas.font.Color:=clgreen;
mbimage.Canvas.font.Color:=clgreen;
end
else
begin
mbcanvas.Canvas.font.Color:=clwindowtext;
mbimage.Canvas.font.Color:=clwindowtext;
end;
//readable
bts:=IntToHex(buffer[j+i*8*rowsof8],2);
mbcanvas.Canvas.TextOut(start+20*j,5+i*textHeight+2,bts);
mbimage.Canvas.TextOut(start+20*j,5+i*textHeight+2,bts);
if buffer[j+(i*8*rowsof8)]<$20 then teststr:=teststr+' ' else
teststr:=teststr+chr(buffer[j+(i*8*rowsof8)]);
end
else
begin
//unreadable
mbcanvas.Canvas.font.Color:=clwindowtext;
mbimage.Canvas.font.Color:=clwindowtext;
mbcanvas.Canvas.TextOut(start+20*j,5+i*textHeight+2,'??');
mbimage.Canvas.TextOut(start+20*j,5+i*textHeight+2,'??');
teststr:=teststr+'?';
end;
end;
inc(a);
end;
mbcanvas.Canvas.TextOut(start+20+20*((8*rowsof8)-1),5+i*textheight+2,teststr);
mbimage.Canvas.TextOut(start+20+20*((8*rowsof8)-1),5+i*textheight+2,teststr);
end;
{$ifdef net}
//no virtualquery, so no protectlabel
protectlabel.Caption:='';
{$else}
//set the protectionlabel
zeromemory(@mbi,sizeof(mbi));
Virtualqueryex(processhandle,pointer(memoryaddress),mbi,sizeof(mbi));
teststr:='AllocationProtect=';
if (mbi.AllocationProtect and PAGE_NOACCESS)>0 then teststr:=teststr+'No Access ';
if (mbi.AllocationProtect and PAGE_READONLY)>0 then teststr:=teststr+'Read Only ';
if (mbi.AllocationProtect and PAGE_READWRITE)>0 then teststr:=teststr+'Read/Write ';
if (mbi.AllocationProtect and PAGE_WRITECOPY)>0 then teststr:=teststr+'Write Copy ';
if (mbi.AllocationProtect and PAGE_EXECUTE)>0 then teststr:=teststr+'Execute ';
if (mbi.AllocationProtect and PAGE_EXECUTE_READ)>0 then teststr:=teststr+'Execute/Read only ';
if (mbi.AllocationProtect and PAGE_EXECUTE_READWRITE)>0 then teststr:=teststr+'Execute/Read/Write ';
if (mbi.AllocationProtect and PAGE_EXECUTE_WRITECOPY)>0 then teststr:=teststr+'Execute/Write Copy ';
if (mbi.AllocationProtect and PAGE_GUARD)>0 then teststr:=teststr+'Guarded ';
if (mbi.AllocationProtect and PAGE_NOCACHE)>0 then teststr:=teststr+'Not Cached';
if (formsettings<>nil) and formsettings.cbKernelOpenProcess.checked and GetPhysicalAddress(processhandle,pointer(memoryaddress),a) then
s:=teststr+' AllocationBase='+IntToHex(dword(mbi.AllocationBase),8)+' RegionSize='+IntTohex(mbi.RegionSize,1)+' Physical Address='+IntToHex(a,8)
else
s:=teststr+' AllocationBase='+IntToHex(dword(mbi.AllocationBase),8)+' RegionSize='+IntTohex(mbi.RegionSize,1);
if module1ok then
s:=s+' Module='+range1module.modulename;
protectlabel.caption:=s;
protectlabel.repaint;
{$endif}
end;
procedure TMemoryBrowser.MBCanvasMouseDown(Sender: TObject;
Button: TMouseButton; Shift: TShiftState; X, Y: Integer);
var a: integer;
i,j: integer;
acr: dword;
bt:byte;
temp:string;
begin
fcontrol2.SetFocus;
hexedit.Visible:=false;
textedit.Visible:=false;
//find out if the user clicked on a byte, and if so which one
a:=20+mbimage.Canvas.TextWidth('00400000');
part:=0; //address
if x>a then
begin //didnt klick on the address
part:=2; //textfield ad the left side
if x<(a+20*8*rows8) then //byteclick
begin
part:=1; //a byte
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -