📄 straceguiview.cpp
字号:
SymGetModuleInfo(
GetCurrentProcess(),
BaseOfDll,
&ModuleInfo);
if( ModuleInfo.SymType == SymExport || ModuleInfo.SymType == SymNone)
AfxMessageBox(IDS_NOSYMBOLNTOSKRNL);
iterator = CallNum2ServicePtr.GetStartPosition();
for(i = 0; i < CallNum2ServicePtr.GetCount(); i++)
{
CallNum2ServicePtr.GetNextAssoc( iterator,CallNum,FuncPtr);
result = SymGetSymFromAddr(
GetCurrentProcess(),
FuncPtr,
&Displacement,
Symbol);
if(Displacement > sizeof(DWORD)*4) continue;
ServicePtr2ServiceName[(DWORD)FuncPtr] = CString(Symbol->Name);
}
result = SymUnloadModule(
GetCurrentProcess(),
BaseOfDll
);
//for win32k.sys debug information
GetSystemDirectory(file_path,sizeof(file_path));
strcat(file_path,"\\win32k.sys");
BaseOfDll = SymLoadModule(
GetCurrentProcess(),
0,
file_path,
0,
0,
0);
if(! BOOL(BaseOfDll) ) return -1;
SymGetModuleInfo(
GetCurrentProcess(),
BaseOfDll,
&ModuleInfo);
if( ModuleInfo.SymType == SymExport || ModuleInfo.SymType == SymNone)
AfxMessageBox(IDS_NOSYMBOLWIN32K);
iterator = CallNum2ServicePtrWin32k.GetStartPosition();
for(i = 0; i < CallNum2ServicePtrWin32k.GetCount(); i++)
{
CallNum2ServicePtrWin32k.GetNextAssoc( iterator,CallNum,FuncPtr);
result = SymGetSymFromAddr(
GetCurrentProcess(),
FuncPtr,
&Displacement,
Symbol);
if(Displacement > sizeof(DWORD)*4) continue;
ServicePtr2ServiceNameWin32k[(DWORD)FuncPtr] = CString(Symbol->Name);
}
delete Symbol;
result = SymUnloadModule(
GetCurrentProcess(),
BaseOfDll
);
SymCleanup(GetCurrentProcess());
return 0;
}
void CStraceGuiView::OnSpyingStop()
{
PROCESS_FILTER* pfilter = (PROCESS_FILTER* )new WORD[2];
DWORD BytesReturned;
BOOL result;
BeginWaitCursor();
pfilter->EntriesCount = 0;
result = DeviceIoControl(
GetDevice(),
IOCTL_STRACE_STOPSPY,
NULL,
0,
NULL,
0,
&BytesReturned,
0
);
if(!result)
{
CString error;
GetLastErrorText(error);
AfxMessageBox(CString("Can't Stop it : ")+error);
return ;
}
result = DeviceIoControl(
GetDevice(),
IOCTL_STRACE_CLEARBUF,
0,
0,
0,
0,
&BytesReturned,
0
);
if(!result)
{
CString error;
GetLastErrorText(error);
AfxMessageBox(CString("Can't clear system log : ")+error);
return ;
}
delete pfilter;
MSG msg;
SetEvent(StopEvent);
while(WaitForSingleObject(hThread,0) == WAIT_TIMEOUT)
{
if(PeekMessage(&msg, 0, 0, 0, PM_REMOVE))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
RestoreWaitCursor();
}
EndWaitCursor();
}
void CStraceGuiView::OnUpdateSpyingStart(CCmdUI* pCmdUI)
{
DWORD ExitCode;
GetExitCodeThread(hThread,&ExitCode);
if(ExitCode == STILL_ACTIVE)
{
pCmdUI->Enable(FALSE);
}
else
pCmdUI->Enable(TRUE);
}
void CStraceGuiView::OnUpdateSpyingStop(CCmdUI* pCmdUI)
{
// TODO: Add your command update UI handler code here
DWORD ExitCode;
GetExitCodeThread(hThread,&ExitCode);
if(ExitCode == STILL_ACTIVE)
{
pCmdUI->Enable(TRUE);
}
else
pCmdUI->Enable(FALSE);
}
void CStraceGuiView::OnActivateView(BOOL bActivate, CView* pActivateView, CView* pDeactiveView)
{
CListView::OnActivateView(bActivate, pActivateView, pDeactiveView);
}
void CStraceGuiView::OnSetfilter()
{
// TODO: Add your command handler code here
CProcFilterDlg ProcFilterDlg;
ProcFilterDlg.SetSelected(PidSelected);
if( ProcFilterDlg.DoModal() != IDOK)
{
return ;
}
PidSelected.RemoveAll();
ProcFilterDlg.GetResults(Pid2ImageName,PidSelected);
if(PidSelected.GetSize() < 1 )
{
return ;
}
PROCESS_FILTER* pfilter = (PROCESS_FILTER* )new WORD[PidSelected.GetSize()+1];
DWORD BytesReturned;
BOOL result;
pfilter->EntriesCount = PidSelected.GetSize();
PWORD data = PidSelected.GetData();
memcpy(pfilter->ProcessIdArray,data,PidSelected.GetSize()*sizeof(WORD));
result = DeviceIoControl(
GetDevice(),
IOCTL_STRACE_SETPROCESSFILER,
pfilter,
sizeof(WORD)*(PidSelected.GetSize()+1),
0,
0,
&BytesReturned,
0
);
if(!result)
{
CString error;
GetLastErrorText(error);
AfxMessageBox(CString("进程过滤设置错误:")+error);
return ;
}
result = DeviceIoControl(
GetDevice(),
IOCTL_STRACE_CLEARBUF,
0,
0,
0,
0,
&BytesReturned,
0
);
if(!result)
{
CString error;
GetLastErrorText(error);
AfxMessageBox(CString("缓冲区清除失败:")+error);
return ;
}
delete pfilter;
}
void CStraceGuiView::OnClearlog()
{
// TODO: Add your command handler code here
CListCtrl& ListCtrl = GetListCtrl();
DWORD ExitCode;
MSG msg;
GetExitCodeThread(hThread,&ExitCode);
BeginWaitCursor();
if(ExitCode == STILL_ACTIVE)
{
SetEvent(ListClearEvent);
while(WaitForSingleObject(OpCompletedEvent,0) != WAIT_OBJECT_0)
{
if(PeekMessage(&msg, 0, 0, 0, PM_REMOVE))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
RestoreWaitCursor();
}
EndWaitCursor();
return ;
}
ListCtrl.DeleteAllItems();
EndWaitCursor();
}
void CStraceGuiView::OnViewAutoscroll()
{
// TODO: Add your command handler code here
if(bAutoScroll) bAutoScroll = FALSE;
else bAutoScroll = TRUE;
}
void CStraceGuiView::OnUpdateViewAutoscroll(CCmdUI* pCmdUI)
{
// TODO: Add your command update UI handler code here
pCmdUI->SetCheck(bAutoScroll);
}
void CStraceGuiView::OnDestroy()
{
OnSpyingStop();
CListView::OnDestroy();
}
void CStraceGuiView::OnFilter()
{
// TODO: Add your command handler code here
CFilterDlg FilterDlg(this);
FilterDlg.SetStraceFilter((void *)&strace_filter);
if( FilterDlg.DoModal() != IDOK)
{
return ;
}
FilterDlg.GetResults((void *)&strace_filter);
}
BOOL CStraceGuiView::ApplyFuncNameFilter(CString funcname)
{
if(strlen(strace_filter.FuncName1)==0&&strlen(strace_filter.FuncName2)==0&&strlen(strace_filter.FuncName3)==0)
return TRUE;
if(strlen(strace_filter.FuncName1)>0)
if(funcname.Find((LPTSTR)strace_filter.FuncName1)!=-1)
return TRUE;
if(strlen(strace_filter.FuncName2)>0)
if(funcname.Find((LPTSTR)strace_filter.FuncName2)!=-1)
return TRUE;
if(strlen(strace_filter.FuncName3)>0)
if(funcname.Find((LPTSTR)strace_filter.FuncName3)!=-1)
return TRUE;
return FALSE;
}
void CStraceGuiView::OnCapkernel()
{
if(strace_filter.CallFrom==CALLFROMALL)
strace_filter.CallFrom=CALLFROMUSER;
else if(strace_filter.CallFrom==CALLFROMUSER)
strace_filter.CallFrom=CALLFROMALL;
}
void CStraceGuiView::OnUpdateCapkernel(CCmdUI* pCmdUI)
{
pCmdUI->SetCheck(strace_filter.CallFrom==CALLFROMALL||strace_filter.CallFrom==CALLFROMKERNEL);
}
void CStraceGuiView::OnUpdateCapuser(CCmdUI* pCmdUI)
{
pCmdUI->SetCheck(strace_filter.CallFrom==CALLFROMALL||strace_filter.CallFrom==CALLFROMUSER);
}
void CStraceGuiView::OnCapuser()
{
if(strace_filter.CallFrom==CALLFROMALL)
strace_filter.CallFrom=CALLFROMKERNEL;
else if(strace_filter.CallFrom==CALLFROMKERNEL)
strace_filter.CallFrom=CALLFROMALL;
}
void CStraceGuiView::OnVisithomepage()
{
SHELLEXECUTEINFO shex;
shex.cbSize = sizeof SHELLEXECUTEINFO;
shex.fMask = SEE_MASK_NOCLOSEPROCESS;
shex.hwnd = NULL;
shex.lpVerb = _T("Open");
shex.lpFile = WEBCRAZY_WEB_SITE;
shex.lpParameters = NULL;
shex.lpDirectory = NULL;
shex.nShow = SW_NORMAL;
shex.hInstApp = 0;
shex.lpIDList = NULL;
shex.lpClass = NULL;
shex.hkeyClass = 0;
shex.dwHotKey = 0;
shex.hIcon = 0;
shex.hProcess = 0;
ShellExecuteEx(&shex);
}
void CStraceGuiView::OnEditCopy()
{
CListCtrl& list =GetListCtrl();
if(list.GetSelectedCount()>200)
{
AfxMessageBox(IDS_MORECOLUMNS);
return;
}
int currentItem=list.GetNextItem(-1,LVNI_SELECTED);
if(currentItem==-1)
return;
if(!OpenClipboard()) return;
char temp[30];
int i;
HGLOBAL hglbCopy;
LPTSTR lptstrCopy;
hglbCopy = GlobalAlloc( GMEM_DDESHARE|GMEM_MOVEABLE, NUM_COLUMNS*30*list.GetSelectedCount() );
lptstrCopy = (LPTSTR)GlobalLock(hglbCopy);
lptstrCopy[0]='\0';
GlobalUnlock(hglbCopy);
do
{
for(i=0;i<NUM_COLUMNS;i++)
{
list.GetItemText(currentItem,i,temp,30);
lptstrCopy = (LPTSTR)GlobalLock(hglbCopy);
strcat(lptstrCopy,temp);
strcat(lptstrCopy,"\t");
GlobalUnlock(hglbCopy);
}
lptstrCopy = (LPTSTR)GlobalLock(hglbCopy);
strcat(lptstrCopy,"\r\n");
GlobalUnlock(hglbCopy);
}while((currentItem=list.GetNextItem(currentItem,LVNI_SELECTED))!=-1);
EmptyClipboard();
SetClipboardData(CF_TEXT, hglbCopy);
CloseClipboard();
GlobalFree(hglbCopy);
}
void CStraceGuiView::OnCopyprocfilter()
{
CListCtrl& list =GetListCtrl();
int currentItem=list.GetNextItem(-1,LVNI_SELECTED);
if(currentItem==-1||list.GetSelectedCount()>1)
{
AfxMessageBox(IDS_COPYFUNCNAMEFILTER);
return;
}
char temp[50];
list.GetItemText(currentItem,SERVICENAME_COLUMN,temp,50);
if(!strlen(temp)){
AfxMessageBox(IDS_COPYNOFUNCNAME);
return;
}
if(!strcmp(temp,strace_filter.FuncName1)||!strcmp(temp,strace_filter.FuncName2)||!strcmp(temp,strace_filter.FuncName3))
{
AfxMessageBox("筛选条件中已存在对此函数的操作了!");
return;
}
if(strlen(strace_filter.FuncName1)&&strlen(strace_filter.FuncName2)&&strlen(strace_filter.FuncName3)){
if(AfxMessageBox("函数名筛选已达到三个,是否覆盖?",MB_YESNO|MB_ICONQUESTION)==IDNO)
return;
else{
strcpy(strace_filter.FuncName1,strace_filter.FuncName2);
strcpy(strace_filter.FuncName2,strace_filter.FuncName3);
strcpy(strace_filter.FuncName3,temp);
return;
}
}
char *msg=new char[50];
sprintf(msg,"函数%s已被加入筛选条件中!",temp);
if(!strlen(strace_filter.FuncName1)){
AfxMessageBox(msg);
strcpy(strace_filter.FuncName1,temp);
return;
}
if(!strlen(strace_filter.FuncName2)){
AfxMessageBox(msg);
strcpy(strace_filter.FuncName2,temp);
return;
}
if(!strlen(strace_filter.FuncName3)){
AfxMessageBox(msg);
strcpy(strace_filter.FuncName3,temp);
return;
}
}
BOOL CStraceGuiView::ApplyProcNameFilter(CString cstr)
{
if(strlen(strace_filter.ProcName1)==0&&strlen(strace_filter.ProcName2)==0)
return TRUE;
if(strlen(strace_filter.ProcName1)>0)
if(cstr.Find((LPTSTR)strace_filter.ProcName1)!=-1)
return TRUE;
if(strlen(strace_filter.ProcName2)>0)
if(cstr.Find((LPTSTR)strace_filter.ProcName2)!=-1)
return TRUE;
return FALSE;
}
void CStraceGuiView::OnCopyfunc()
{
CListCtrl& list =GetListCtrl();
if(list.GetSelectedCount()>200)
{
AfxMessageBox(IDS_MORECOLUMNS);
return;
}
int currentItem=list.GetNextItem(-1,LVNI_SELECTED);
if(currentItem==-1)
return;
if(!OpenClipboard()) return;
char temp[30];
HGLOBAL hglbCopy;
LPTSTR lptstrCopy;
hglbCopy = GlobalAlloc( GMEM_DDESHARE|GMEM_MOVEABLE, 30*list.GetSelectedCount() );
lptstrCopy = (LPTSTR)GlobalLock(hglbCopy);
lptstrCopy[0]='\0';
GlobalUnlock(hglbCopy);
do
{
list.GetItemText(currentItem,SERVICENAME_COLUMN,temp,30);
lptstrCopy = (LPTSTR)GlobalLock(hglbCopy);
strcat(lptstrCopy,temp);
strcat(lptstrCopy,"\r\n");
GlobalUnlock(hglbCopy);
}while((currentItem=list.GetNextItem(currentItem,LVNI_SELECTED))!=-1);
EmptyClipboard();
SetClipboardData(CF_TEXT, hglbCopy);
CloseClipboard();
GlobalFree(hglbCopy);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -