📄 w2k_mem.c
字号:
}
// -----------------------------------------------------------------
BOOL WINAPI MemoryPointer (HANDLE hDevice,
PVOID pAddress,
PPVOID ppData)
{
PSPY_MEMORY_DATA psmd;
DWORD i, j;
PBYTE pbData = 0;
BOOL fOk = FALSE;
if ((psmd = MemoryRead (hDevice, pAddress, PVOID_)) != NULL)
{
for (i = j = 0; i < psmd->smb.dBytes; i++, j += 8)
{
if (!(psmd->awData [i] & SPY_MEMORY_DATA_VALID)) break;
pbData += (psmd->awData [i] & SPY_MEMORY_DATA_BYTE) <<j;
}
if (i == psmd->smb.dBytes)
{
*ppData = pbData;
fOk = TRUE;
}
MemoryRelease (psmd);
}
return fOk;
}
// -----------------------------------------------------------------
DWORD WINAPI MemoryDisplay (HANDLE hDevice,
PSPY_MEMORY_DATA psmd,
DWORD dOptions)
{
PBYTE pbDisplay;
PHYSICAL_ADDRESS pa;
DATA_ROW dr;
PWORD pwTableData, pwTableBar;
DWORD dData, dGroup, i, j, k;
DWORD n = 0;
switch (dOptions & COMMAND_OPTION_ADDRESS)
{
default:
{
pbDisplay = psmd->smb.pAddress;
break;
}
case COMMAND_OPTION_ZERO:
{
pbDisplay = 0;
break;
}
case COMMAND_OPTION_RAM:
{
pbDisplay = psmd->smb.pAddress;
if (ReadPhysical (hDevice, pbDisplay, &pa))
{
pbDisplay = (PBYTE) pa.LowPart;
}
break;
}
}
dr.pArguments = &dr.pwAddress;
dr.pwAddress = dr.awAddress;
for (j = 0; j < 16; j++)
{
dr.apwHex [j] = dr.awHex + (j * (2+1));
dr.apwText [j] = dr.awText + (j * (1+1));
}
if (!psmd->smb.dBytes)
{
_printf (awTableNoData, psmd->smb.pAddress);
}
else
{
switch (dOptions & COMMAND_OPTION_MODE)
{
default:
{
pwTableData = awTableDataByte;
pwTableBar = awTableBarByte;
dGroup = BYTE_;
break;
}
case COMMAND_OPTION_WORD:
{
pwTableData = awTableDataWord;
pwTableBar = awTableBarWord;
dGroup = WORD_;
break;
}
case COMMAND_OPTION_DWORD:
{
pwTableData = awTableDataDword;
pwTableBar = awTableBarDword;
dGroup = DWORD_;
break;
}
case COMMAND_OPTION_QWORD:
{
pwTableData = awTableDataQword;
pwTableBar = awTableBarQword;
dGroup = QWORD_;
break;
}
}
for (i = 0; i < psmd->smb.dBytes; i++)
{
if (psmd->awData [i] & SPY_MEMORY_DATA_VALID) n++;
}
_printf (awTableCaption,
psmd->smb.pbAddress,
psmd->smb.pbAddress + psmd->smb.dBytes - 1,
n, (n == 1 ? awByte : awBytes));
lstrcpy (dr.pwAddress, awTableAddress);
for (j = 0; j < 16; j++)
{
k = (((j / dGroup) + 1) * dGroup) - ((j % dGroup) + 1);
dData = (k % dGroup == 0
? ((DWORD) pbDisplay & 0x0F) + k
: 0);
_sprintf (dr.apwHex [j], awTableHex2, dData);
dData = (k % dGroup == 0
? ((DWORD) pbDisplay + k) & 0x0F
: (k % dGroup == 1
? (((DWORD) pbDisplay & 0x0F) + k - 1) >> 4
: 0));
_sprintf (dr.apwText [j], awTableHex1, dData);
}
_vsprintf (dr.awBuffer, pwTableData, dr.pArguments);
_printf (dr.awBuffer);
_printf (pwTableBar);
}
for (i = 0; i < psmd->smb.dBytes; i += j)
{
_sprintf (dr.pwAddress, awTableHex8, pbDisplay + i);
for (j = 0; j < 16; j++)
{
k = (((j / dGroup) + 1) * dGroup) - ((j % dGroup) + 1);
if ((i+k < psmd->smb.dBytes) &&
(psmd->awData [i+k] & SPY_MEMORY_DATA_VALID))
{
dData = psmd->awData [i+k] & SPY_MEMORY_DATA_BYTE;
_sprintf (dr.apwHex [j], awTableHex2, dData);
if ((dData < 0x20) || (dData == 0x7F)) dData = '.';
dr.apwText [j] [0] = (WORD) dData;
dr.apwText [j] [1] = 0;
}
else
{
lstrcpy (dr.apwHex [j], awTableSpace2);
lstrcpy (dr.apwText [j], awTableSpace1);
}
}
_vsprintf (dr.awBuffer, pwTableData, dr.pArguments);
_printf (awString, dr.awBuffer);
if ((dOptions & COMMAND_OPTION_RAM)
&&
(((DWORD) (psmd->smb.pbAddress+i ) & X86_PAGE_MASK) !=
((DWORD) (psmd->smb.pbAddress+i+j) & X86_PAGE_MASK)))
{
if (ReadPhysical (hDevice, psmd->smb.pbAddress+i+j,
&pa))
{
pbDisplay = (PBYTE) pa.LowPart - (i+j);
}
else
{
pbDisplay = psmd->smb.pAddress;
}
}
}
if (psmd->smb.dBytes) _printf (awNewLine);
return n;
}
// =================================================================
// DISPLAY OS INFO
// =================================================================
BOOL WINAPI DisplayOsInfo (HANDLE hDevice)
{
SPY_OS_INFO soi;
PWORD pwProductType;
BOOL fOk = FALSE;
if (ReadBinary (hDevice, SPY_IO_OS_INFO,
&soi, SPY_OS_INFO_))
{
switch (soi.dProductType)
{
case NtProductInvalid:
{
pwProductType = L"<invalid>";
break;
}
case NtProductWinNt:
{
pwProductType = L"Windows NT Workstation";
break;
}
case NtProductLanManNt:
{
pwProductType = L"Windows NT Domain Controller";
break;
}
case NtProductServer:
{
pwProductType = L"Windows NT Server";
break;
}
default:
{
pwProductType = L"<unknown>";
break;
}
}
_printf (L"%s\r\n"
L"Memory page size : %lu bytes\r\n"
L"Memory page shift : %lu bits\r\n"
L"Memory PTI shift : %lu bits\r\n"
L"Memory PDI shift : %lu bits\r\n"
L"Memory page mask : 0x%08lX\r\n"
L"Memory PTI mask : 0x%08lX\r\n"
L"Memory PDI mask : 0x%08lX\r\n"
L"Memory PTE array : 0x%08lX\r\n"
L"Memory PDE array : 0x%08lX\r\n"
L"\r\n"
L"Lowest user address : 0x%08lX\r\n"
L"Thread environment block : 0x%08lX\r\n"
L"Highest user address : 0x%08lX\r\n"
L"User probe address : 0x%08lX\r\n"
L"System range start : 0x%08lX\r\n"
L"Lowest system address : 0x%08lX\r\n"
L"Shared user data : 0x%08lX\r\n"
L"Processor control region : 0x%08lX\r\n"
L"Processor control block : 0x%08lX\r\n"
L"\r\n"
L"Global flag : 0x%08lX\r\n"
L"i386 machine type : %lu\r\n"
L"Number of processors : %lu\r\n"
L"Product type : %s (%lu)\r\n"
L"Version & Build number : %lu.%02lu.%lu\r\n"
L"System root : \"%s\"\r\n",
awOsInfoCaption,
soi.dPageSize,
soi.dPageShift, soi.dPtiShift, soi.dPdiShift,
soi.dPageMask, soi.dPtiMask, soi.dPdiMask,
soi.PteArray, soi.PdeArray,
soi.pLowestUserAddress,
soi.pThreadEnvironmentBlock,
soi.pHighestUserAddress,
soi.pUserProbeAddress,
soi.pSystemRangeStart,
soi.pLowestSystemAddress,
soi.pSharedUserData,
soi.pProcessorControlRegion,
soi.pProcessorControlBlock,
soi.dGlobalFlag,
soi.dI386MachineType,
soi.dNumberProcessors,
pwProductType, soi.dProductType,
soi.dNtMajorVersion, soi.dNtMinorVersion,
soi.dBuildNumber,
soi.awNtSystemRoot);
fOk = TRUE;
}
return fOk;
}
// =================================================================
// DISPLAY CPU INFO
// =================================================================
BOOL WINAPI DisplaySegmentInfo (PSPY_SEGMENT pss,
PWORD pwSegment)
{
PWORD pwType;
BOOL fOk = FALSE;
if (pss->fOk && pss->Descriptor.P
&&
((pwType = (pss->Descriptor.S
? apwTypeApplication [pss->Descriptor.Type]
: apwTypeSystem [pss->Descriptor.Type]))
!= NULL))
{
_printf (awGdtInfoSegment, pwSegment,
pss->Selector.wValue,
pss->pBase, pss->dLimit,
pss->Descriptor.DPL,
(pwType != NULL ? pwType : awUndefined));
fOk = TRUE;
}
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI DisplaySelectorInfo (HANDLE hDevice,
DWORD dSelector,
PWORD pwSegment)
{
SPY_SEGMENT ss;
WORD awId [N_SEGMENT];
BOOL fOk = FALSE;
if (ReadSegment (hDevice, dSelector, &ss))
{
if (pwSegment != NULL)
{
lstrcpyn (awId, pwSegment, N_SEGMENT);
}
else
{
_sprintf (awId, awSegment,
dSelector >> X86_SELECTOR_SHIFT);
}
fOk = DisplaySegmentInfo (&ss, awId);
}
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI DisplayInterruptInfo (HANDLE hDevice,
DWORD dInterrupt)
{
SPY_INTERRUPT si;
PWORD pwType;
BOOL fOk = FALSE;
if (IoControl (hDevice, SPY_IO_INTERRUPT,
&dInterrupt, DWORD_,
&si, SPY_INTERRUPT_)
&&
si.fOk && si.Gate.P && (!si.Gate.S)
&&
((pwType = apwTypeSystem [si.Gate.Type]) != NULL))
{
if (si.Gate.Type == X86_DESCRIPTOR_SYS_TASK)
{
_printf (awIdtInfoSegment, dInterrupt,
si.Segment.Selector.wValue,
si.Segment.pBase, si.Segment.dLimit,
pwType);
}
else
{
_printf (awIdtInfoPointer, dInterrupt,
si.Segment.Selector.wValue, si.pOffset,
si.Segment.pBase, si.Segment.dLimit,
pwType);
}
fOk = TRUE;
}
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI DisplayCpuInfo (HANDLE hDevice)
{
SPY_CPU_INFO sci;
WORD wSelector;
BOOL fOk = FALSE;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -