📄 w2k_mem.c
字号:
HANDLE hObject;
PBYTE pbData = *ppBase;
BOOL fOk = FALSE;
switch (dOptions & COMMAND_OPTION_BASE)
{
case COMMAND_OPTION_TEB:
{
__asm mov wSelector, fs
if (ReadSegment (hDevice, wSelector, &ss))
{
pbData = (PBYTE) ss.pBase + dOffset;
fOk = TRUE;
}
break;
}
case COMMAND_OPTION_FS:
{
if (ReadCpuInfo (hDevice, &sci) &&
ReadSegment (hDevice, sci.fs.Selector.wValue, &ss))
{
pbData = (PBYTE) ss.pBase + dOffset;
fOk = TRUE;
}
break;
}
case COMMAND_OPTION_USER:
{
__asm mov wSelector, fs
if (ReadSegment (hDevice, wSelector, &ss))
{
fOk = MemoryPointer (hDevice,
(PBYTE) ss.pBase + dOffset,
&pbData);
}
break;
}
case COMMAND_OPTION_KERNEL:
{
if (ReadCpuInfo (hDevice, &sci) &&
ReadSegment (hDevice, sci.fs.Selector.wValue, &ss))
{
fOk = MemoryPointer (hDevice,
(PBYTE) ss.pBase + dOffset,
&pbData);
}
break;
}
case COMMAND_OPTION_HANDLE:
{
hObject = (HANDLE) dOffset;
if (IoControl (hDevice, SPY_IO_HANDLE_INFO,
&hObject, HANDLE_,
&shi, SPY_HANDLE_INFO_))
{
pbData = shi.pObjectBody;
fOk = TRUE;
}
break;
}
case COMMAND_OPTION_ADD:
{
pbData += dOffset;
fOk = TRUE;
break;
}
case COMMAND_OPTION_SUBTRACT:
{
pbData -= dOffset;
fOk = TRUE;
break;
}
case COMMAND_OPTION_POINTER:
{
fOk = MemoryPointer (hDevice,
pbData + dOffset,
&pbData);
break;
}
default:
{
pbData = (PBYTE) dOffset;
fOk = TRUE;
break;
}
}
*ppBase = pbData;
return fOk;
}
// -----------------------------------------------------------------
DWORD WINAPI CommandExecute (HANDLE hDevice,
PPVOID ppBase,
DWORD dOffset,
DWORD dOptions,
DWORD dBytes)
{
DWORD n = 0;
if (dOptions & COMMAND_OPTION_OS) // +o
DisplayOsInfo (hDevice);
if (dOptions & COMMAND_OPTION_CPU) // +c
DisplayCpuInfo (hDevice);
if (dOptions & COMMAND_OPTION_GDT) // +g
DisplayGdtInfo (hDevice);
if (dOptions & COMMAND_OPTION_IDT) // +i
DisplayIdtInfo (hDevice);
if (dOptions & COMMAND_OPTION_BLOCKS) // +b
DisplayMemoryBlocks (hDevice);
if (CommandBase (hDevice, ppBase, dOffset, dOptions) && dBytes)
{
n = DisplayMemoryData (hDevice, *ppBase, dBytes, dOptions);
}
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI CommandParse (HANDLE hDevice,
PPWORD ppwItems,
DWORD dItems,
BOOL fTest,
PDWORD pdOptions)
{
BOOL fDump, fOptionOn, fOptionOff, fOptionStatus;
PWORD pwPrefix;
PVOID pBase;
HMODULE hm;
DWORD dOffset, dData, dBackup, i, j;
DWORD n = 0;
fDump = FALSE;
pwPrefix = awNewLine;
pBase = NULL;
dOffset = 0;
dData = DISPLAY_SIZE_DEFAULT;
for (i = 0; i < dItems; i++)
{
fOptionOn = FALSE;
fOptionOff = FALSE;
switch (ppwItems [i] [0])
{
case COMMAND_OPTION_ON:
{
fOptionOn = TRUE;
fOptionStatus = TRUE;
break;
}
case COMMAND_OPTION_OFF:
{
fOptionOff = TRUE;
fOptionStatus = FALSE;
break;
}
case COMMAND_OPTION_NUMBER:
{
dBackup = dData;
if (!CommandNumber (ppwItems [i] + 1, &dData))
{
if (fTest)
{
_printf (awInvalidArgument,
pwPrefix,
ppwItems [i]);
pwPrefix = awNull;
}
dData = dBackup;
}
break;
}
case COMMAND_OPTION_LOAD:
{
hm = LoadLibraryEx
(ppwItems [i] + 1, NULL,
(*pdOptions & COMMAND_OPTION_EXECUTE
? 0 : DONT_RESOLVE_DLL_REFERENCES));
if (fTest)
{
if (hm == NULL)
{
_printf (awInvalidModule,
pwPrefix,
GetLastError (),
ppwItems [i] + 1);
}
else
{
FreeLibrary (hm);
}
}
else
{
if (hm != NULL)
{
_printf (awLoadLibrary,
ppwItems [i] + 1, hm);
}
}
break;
}
default:
{
if (!CommandNumber (ppwItems [i], &dOffset))
{
if (fTest)
{
_printf (awInvalidArgument,
pwPrefix,
ppwItems [i]);
pwPrefix = awNull;
}
}
else
{
if (fTest)
{
n += dData;
}
else
{
n += CommandExecute (hDevice, &pBase,
dOffset, *pdOptions,
dData);
fDump = TRUE;
}
}
break;
}
}
if (fOptionOn || fOptionOff)
{
for (j = 1; ppwItems [i] [j]; j++)
{
if (!CommandOption
(CHAR_LOWER (ppwItems [i] [j]),
fOptionStatus, pdOptions))
{
if (fTest)
{
_printf (awInvalidOption,
pwPrefix,
ppwItems [i] [0],
ppwItems [i] [j]);
pwPrefix = awNull;
}
}
}
}
}
if (fTest)
{
if (!((*pdOptions & COMMAND_OPTION_INFO) || n))
{
_printf (awInvalidCommand, pwPrefix);
}
}
else
{
if ((*pdOptions & COMMAND_OPTION_INFO) && (!fDump))
{
n += CommandExecute (hDevice, &pBase, 0, *pdOptions, 0);
}
}
return n;
}
// =================================================================
// SPY DEVICE MANAGEMENT
// =================================================================
void WINAPI Execute (PPWORD ppwArguments,
DWORD dArguments)
{
SPY_VERSION_INFO svi;
DWORD dOptions, dRequest, dReceive;
WORD awPath [MAX_PATH] = L"?";
SC_HANDLE hControl = NULL;
HANDLE hDevice = INVALID_HANDLE_VALUE;
_printf (L"\r\nLoading \"%s\" (%s) ...\r\n",
awSpyDisplay, awSpyDevice);
if (w2kFilePath (NULL, awSpyFile, awPath, MAX_PATH))
{
_printf (L"Driver: \"%s\"\r\n",
awPath);
hControl = w2kServiceLoad (awSpyDevice, awSpyDisplay,
awPath, TRUE);
}
if (hControl != NULL)
{
_printf (L"Opening \"%s\" ...\r\n",
awSpyPath);
hDevice = CreateFile (awSpyPath, GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL);
}
else
{
_printf (L"Unable to load the spy device driver.\r\n");
}
if (hDevice != INVALID_HANDLE_VALUE)
{
if (ReadBinary (hDevice, SPY_IO_VERSION_INFO,
&svi, SPY_VERSION_INFO_))
{
_printf (L"\r\n%s V%lu.%02lu ready\r\n",
svi.awName,
svi.dVersion / 100, svi.dVersion % 100);
}
dOptions = COMMAND_OPTION_NONE;
dRequest = CommandParse (hDevice, ppwArguments, dArguments,
TRUE, &dOptions);
dOptions = COMMAND_OPTION_NONE;
dReceive = CommandParse (hDevice, ppwArguments, dArguments,
FALSE, &dOptions);
if (dRequest)
{
_printf (awSummary,
dRequest, (dRequest == 1 ? awByte : awBytes),
dReceive, (dReceive == 1 ? awByte : awBytes));
}
_printf (L"\r\nClosing the spy device ...\r\n");
CloseHandle (hDevice);
}
else
{
_printf (L"Unable to open the spy device.\r\n");
}
if ((hControl != NULL) && gfSpyUnload)
{
_printf (L"Unloading the spy device ...\r\n");
w2kServiceUnload (awSpyDevice, hControl);
}
return;
}
// =================================================================
// MAIN PROGRAM
// =================================================================
DWORD Main (DWORD argc, PWORD *argv, PWORD *argp)
{
_printf (atAbout);
if (argc < 2)
{
_printf (atUsage, awArguments);
_printf (awMoreInfo, DISPLAY_SIZE_DEFAULT);
_printf (awOptions);
_printf (awExamples);
}
else
{
Execute (argv+1, argc-1);
}
return 0;
}
// =================================================================
// END OF PROGRAM
// =================================================================
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -