📄 w2k_mem.c
字号:
if (ReadCpuInfo (hDevice, &sci))
{
_printf (awCpuInfoCaption);
_printf (awCpuInfoUser);
__asm mov wSelector, cs
DisplaySelectorInfo (hDevice, wSelector, awSegmentCS);
__asm mov wSelector, ds
DisplaySelectorInfo (hDevice, wSelector, awSegmentDS);
__asm mov wSelector, es
DisplaySelectorInfo (hDevice, wSelector, awSegmentES);
__asm mov wSelector, fs
DisplaySelectorInfo (hDevice, wSelector, awSegmentFS);
__asm mov wSelector, gs
DisplaySelectorInfo (hDevice, wSelector, awSegmentGS);
__asm mov wSelector, ss
DisplaySelectorInfo (hDevice, wSelector, awSegmentSS);
__asm str wSelector
DisplaySelectorInfo (hDevice, wSelector, awSegmentTSS);
_printf (awCpuInfoKernel);
DisplaySegmentInfo (&sci.cs, awSegmentCS);
DisplaySegmentInfo (&sci.ds, awSegmentDS);
DisplaySegmentInfo (&sci.es, awSegmentES);
DisplaySegmentInfo (&sci.fs, awSegmentFS);
DisplaySegmentInfo (&sci.gs, awSegmentGS);
DisplaySegmentInfo (&sci.ss, awSegmentSS);
DisplaySegmentInfo (&sci.tss, awSegmentTSS);
_printf (awCpuInfoOther,
sci.idt.wLimit, sci.idt.pDescriptors,
sci.gdt.wLimit, sci.gdt.pDescriptors,
sci.ldt.wValue,
sci.cr0, sci.cr2, sci.cr3);
fOk = TRUE;
}
return fOk;
}
// -----------------------------------------------------------------
DWORD WINAPI DisplayGdtInfo (HANDLE hDevice)
{
SPY_CPU_INFO sci;
DWORD dSelector;
DWORD n = 0;
if (ReadCpuInfo (hDevice, &sci))
{
_printf (awGdtInfoCaption);
dSelector = 0;
while (dSelector <= sci.gdt.wLimit)
{
if (DisplaySelectorInfo (hDevice, dSelector, NULL)) n++;
dSelector += (1 << X86_SELECTOR_SHIFT);
}
}
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI DisplayIdtInfo (HANDLE hDevice)
{
SPY_CPU_INFO sci;
DWORD dInterrupt;
DWORD n = 0;
if (ReadCpuInfo (hDevice, &sci))
{
_printf (awIdtInfoCaption);
dInterrupt = 0;
while (dInterrupt << X86_SELECTOR_SHIFT <= sci.idt.wLimit)
{
if (DisplayInterruptInfo (hDevice, dInterrupt++)) n++;
}
}
return n;
}
// =================================================================
// DISPLAY MEMORY INFO
// =================================================================
DWORD WINAPI DisplayMemoryBlocks (HANDLE hDevice)
{
SPY_PAGE_ENTRY spe;
PBYTE pbPage, pbBase;
DWORD dBlock, dPresent, dTotal;
DWORD n = 0;
pbPage = 0;
pbBase = INVALID_ADDRESS;
dBlock = 0;
dPresent = 0;
dTotal = 0;
n += _printf (L"\r\nContiguous memory blocks:"
L"\r\n-------------------------\r\n\r\n");
do {
if (!IoControl (hDevice, SPY_IO_PAGE_ENTRY,
&pbPage, PVOID_,
&spe, SPY_PAGE_ENTRY_))
{
n += _printf (L" !!! Device I/O error !!!\r\n");
break;
}
if (spe.fPresent)
{
dPresent += spe.dSize;
}
if (spe.pe.dValue)
{
dTotal += spe.dSize;
if (pbBase == INVALID_ADDRESS)
{
n += _printf (L"%5lu : 0x%08lX ->",
++dBlock, pbPage);
pbBase = pbPage;
}
}
else
{
if (pbBase != INVALID_ADDRESS)
{
n += _printf (L" 0x%08lX (0x%08lX bytes)\r\n",
pbPage-1, pbPage-pbBase);
pbBase = INVALID_ADDRESS;
}
}
}
while (pbPage += spe.dSize);
if (pbBase != INVALID_ADDRESS)
{
n += _printf (L"0x%08lX\r\n", pbPage-1);
}
n += _printf (L"\r\n"
L" Present bytes: 0x%08lX\r\n"
L" Total bytes: 0x%08lX\r\n",
dPresent, dTotal);
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI DisplayMemoryData (HANDLE hDevice,
PVOID pAddress,
DWORD dBytes,
DWORD dOptions)
{
PSPY_MEMORY_DATA psmd;
DWORD n = 0;
if ((psmd = MemoryRead (hDevice, pAddress, dBytes)) != NULL)
{
n = MemoryDisplay (hDevice, psmd, dOptions);
MemoryRelease (psmd);
}
return n;
}
// =================================================================
// COMMAND PARSER
// =================================================================
BOOL WINAPI CommandNumber (PWORD pwData,
PVOID pData)
{
DWORD dBase, dData, dBackup, i;
WORD wData = 0;
for (dData = i = 0; pwData [i] == '0'; i++);
if (CHAR_LOWER (pwData [i]) == 'x')
{
dBase = 16;
while (pwData [++i] == '0');
}
else
{
dBase = 10;
}
while (wData = CHAR_LOWER (pwData [i++]))
{
dBackup = dData;
if ((wData >= '0') && (wData <= '9'))
{
dData *= dBase;
dData += (wData - '0');
}
else
{
if ((dBase > 10) &&
(wData >= 'a') && (wData <= 'a' + (dBase-10-1)))
{
dData *= dBase;
dData += (wData - 'a' + 10);
}
else
{
break;
}
}
if (dData <= dBackup)
{
dData = dBackup;
break;
}
}
if (pData != NULL) *(PDWORD) pData = dData;
return (!wData);
}
// -----------------------------------------------------------------
BOOL WINAPI CommandOption (WORD wOptionId,
BOOL fOptionStatus,
PDWORD pdOptions)
{
DWORD dMask, dOption;
BOOL fOk = TRUE;
switch (wOptionId)
{
case 'z':
{
dMask = COMMAND_OPTION_ADDRESS;
dOption = COMMAND_OPTION_ZERO;
break;
}
case 'r':
{
dMask = COMMAND_OPTION_ADDRESS;
dOption = COMMAND_OPTION_RAM;
break;
}
case 'w':
{
dMask = COMMAND_OPTION_MODE;
dOption = COMMAND_OPTION_WORD;
break;
}
case 'd':
{
dMask = COMMAND_OPTION_MODE;
dOption = COMMAND_OPTION_DWORD;
break;
}
case 'q':
{
dMask = COMMAND_OPTION_MODE;
dOption = COMMAND_OPTION_QWORD;
break;
}
case 't':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_TEB;
break;
}
case 'f':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_FS;
break;
}
case 'u':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_USER;
break;
}
case 'k':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_KERNEL;
break;
}
case 'h':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_HANDLE;
break;
}
case 'a':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_ADD;
break;
}
case 's':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_SUBTRACT;
break;
}
case 'p':
{
dMask = COMMAND_OPTION_BASE;
dOption = COMMAND_OPTION_POINTER;
break;
}
case 'o':
{
dMask = COMMAND_OPTION_OS;
dOption = COMMAND_OPTION_OS;
break;
}
case 'c':
{
dMask = COMMAND_OPTION_CPU;
dOption = COMMAND_OPTION_CPU;
break;
}
case 'g':
{
dMask = COMMAND_OPTION_GDT;
dOption = COMMAND_OPTION_GDT;
break;
}
case 'i':
{
dMask = COMMAND_OPTION_IDT;
dOption = COMMAND_OPTION_IDT;
break;
}
case 'b':
{
dMask = COMMAND_OPTION_BLOCKS;
dOption = COMMAND_OPTION_BLOCKS;
break;
}
case 'x':
{
dMask = COMMAND_OPTION_EXECUTE;
dOption = COMMAND_OPTION_EXECUTE;
break;
}
default:
{
fOk = FALSE;
break;
}
}
if (fOk)
{
*pdOptions &= ~dMask;
*pdOptions |= (fOptionStatus ? dOption
: COMMAND_OPTION_NONE);
}
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI CommandBase (HANDLE hDevice,
PPVOID ppBase,
DWORD dOffset,
DWORD dOptions)
{
SPY_SEGMENT ss;
SPY_CPU_INFO sci;
SPY_HANDLE_INFO shi;
WORD wSelector;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -