📄 memorybrowserformunit.pas.svn-base
字号:
unit MemoryBrowserFormUnit;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,tlhelp32,
StdCtrls, Spin, ExtCtrls,CEFuncProc,symbolhandler,Clipbrd, Menus,{$ifndef net}plugin,debugger,debugger2,{$endif}assemblerunit,disassembler,addressparser,
Buttons,imagehlp, Contnrs, peinfofunctions {$ifndef net},dissectcodethread{$endif}
{$ifdef netclient}
,NetAPIs
{$else}
,NewKernelHandler, ComCtrls
{$endif}
;
type
TEdit2= class( TEdit)
private
public
procedure wmMouseWheel (var Msg : TWMMouseWheel); message wm_MouseWheel;
end;
TEdit3= class( TEdit)
private
public
procedure wmMouseWheel (var Msg : TWMMouseWheel); message wm_MouseWheel;
end;
TMemoryBrowser = class(TForm)
memorypopup: TPopupMenu;
Goto1: TMenuItem;
Timer1: TTimer;
debuggerpopup: TPopupMenu;
Timer2: TTimer;
Panel1: TPanel;
Panel4: TPanel;
MBCanvas: TPaintBox;
Replacewithnops1: TMenuItem;
Gotoaddress1: TMenuItem;
Protectlabel: TLabel;
Search1: TMenuItem;
Change1: TMenuItem;
Addthisaddresstothelist1: TMenuItem;
Addthisopcodetothecodelist1: TMenuItem;
N1: TMenuItem;
N2: TMenuItem;
Splitter1: TSplitter;
Panel5: TPanel;
Panel6: TPanel;
DisCanvas: TPaintBox;
ScrollBar2: TScrollBar;
RegisterView: TPanel;
Splitter2: TSplitter;
MainMenu1: TMainMenu;
File1: TMenuItem;
Loadsymbolfile1: TMenuItem;
Debug1: TMenuItem;
Step1: TMenuItem;
StepOver1: TMenuItem;
Runtill1: TMenuItem;
Setbreakpoint1: TMenuItem;
View1: TMenuItem;
Stacktrace1: TMenuItem;
ScrollBox1: TScrollBox;
EAXLabel: TLabel;
EBXlabel: TLabel;
ECXlabel: TLabel;
EDXlabel: TLabel;
ESIlabel: TLabel;
EDIlabel: TLabel;
EBPlabel: TLabel;
ESPlabel: TLabel;
EIPlabel: TLabel;
CSLabel: TLabel;
DSLabel: TLabel;
SSlabel: TLabel;
ESlabel: TLabel;
FSlabel: TLabel;
GSlabel: TLabel;
cflabel: TLabel;
pflabel: TLabel;
aflabel: TLabel;
zflabel: TLabel;
sflabel: TLabel;
oflabel: TLabel;
Label14: TLabel;
Shape1: TShape;
Label15: TLabel;
Shape2: TShape;
Label16: TLabel;
Shape3: TShape;
Run1: TMenuItem;
Threadlist1: TMenuItem;
Assemble1: TMenuItem;
HexEdit: TEdit;
N3: TMenuItem;
Break1: TMenuItem;
Extra1: TMenuItem;
Reservememory1: TMenuItem;
Savedisassemledoutput1: TMenuItem;
Savememoryregion1: TMenuItem;
Loadmemolryregion1: TMenuItem;
N4: TMenuItem;
OpenMemory: TOpenDialog;
Debugstrings1: TMenuItem;
TextEdit: TEdit;
CreateThread1: TMenuItem;
MemoryRegions1: TMenuItem;
FillMemory1: TMenuItem;
Disectwindow1: TMenuItem;
SaveDialog1: TSaveDialog;
Heaps1: TMenuItem;
N5: TMenuItem;
N6: TMenuItem;
EnumeratedllsandSymbols1: TMenuItem;
InjectDLL1: TMenuItem;
OpenDllDialog: TOpenDialog;
AutoInject1: TMenuItem;
Dissectcode1: TMenuItem;
Createjumptocodecave1: TMenuItem;
N7: TMenuItem;
N8: TMenuItem;
Findstaticpointers1: TMenuItem;
Scanforcodecaves1: TMenuItem;
Changestateofregisteratthislocation1: TMenuItem;
ogglebreakpoint1: TMenuItem;
N9: TMenuItem;
Breakpointlist1: TMenuItem;
Makepagewritable1: TMenuItem;
Dissectdata1: TMenuItem;
N10: TMenuItem;
Showsymbols1: TMenuItem;
Dissectdata2: TMenuItem;
N11: TMenuItem;
N12: TMenuItem;
Showmoduleaddresses1: TMenuItem;
Symbolhandler1: TMenuItem;
Kerneltools1: TMenuItem;
Allocatenonpagedmemory1: TMenuItem;
Getaddress1: TMenuItem;
Search2: TMenuItem;
Assemblycode1: TMenuItem;
Findmemory1: TMenuItem;
Driverlist1: TMenuItem;
Plugins1: TMenuItem;
Sericedescriptortable1: TMenuItem;
N13: TMenuItem;
Cut1: TMenuItem;
Pastefromclipboard1: TMenuItem;
N14: TMenuItem;
Setsymbolsearchpath1: TMenuItem;
Kernelmodesymbols1: TMenuItem;
Breakandtraceinstructions1: TMenuItem;
GDTlist1: TMenuItem;
IDTlist1: TMenuItem;
ScriptEngine1: TMenuItem;
Newwindow1: TMenuItem;
Follow1: TMenuItem;
dflabel: TLabel;
Copytoclipboard1: TMenuItem;
copyBytes: TMenuItem;
copyOpcodes: TMenuItem;
CopyBytesAndOpcodes: TMenuItem;
DissectPEheaders1: TMenuItem;
Back1: TMenuItem;
Showvaluesofstaticaddresses1: TMenuItem;
disassemblerheader: THeaderControl;
disassemblerscrollbox: TScrollBox;
Panel2: TPanel;
Label1: TLabel;
ScrollBar1: TScrollBar;
procedure Button4Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Splitter1Moved(Sender: TObject);
procedure FormShow(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure Goto1Click(Sender: TObject);
procedure FormResize(Sender: TObject);
procedure MemoryLabelClick(Sender: TObject);
procedure MBCanvasPaint(Sender: TObject);
procedure Timer2Timer(Sender: TObject);
procedure MBCanvasMouseUp(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure MBCanvasMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure MBCanvasDblClick(Sender: TObject);
procedure Panel2Resize(Sender: TObject);
procedure DisCanvasPaint(Sender: TObject);
procedure DisCanvasMouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure ScrollBar1Change(Sender: TObject);
procedure ScrollBar1Scroll(Sender: TObject; ScrollCode: TScrollCode;
var ScrollPos: Integer);
procedure ScrollBar1KeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure ScrollBar1Enter(Sender: TObject);
procedure memorypopupPopup(Sender: TObject);
procedure Replacewithnops1Click(Sender: TObject);
procedure Panel4Enter(Sender: TObject);
procedure Panel4MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure FControl2KeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure FControl2KeyPress(Sender: TObject; var Key: Char);
procedure FControl2Enter(Sender: TObject);
procedure FControl2Exit(Sender: TObject);
procedure FControl1Enter(Sender: TObject);
procedure FControl1Exit(Sender: TObject);
procedure Panel2MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Button4MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Button6MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Button7MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Panel5MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure FControl1KeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure FControl1KeyPress(Sender: TObject; var Key: Char);
procedure Panel5Resize(Sender: TObject);
procedure Gotoaddress1Click(Sender: TObject);
procedure Search1Click(Sender: TObject);
procedure Change1Click(Sender: TObject);
procedure Addthisaddresstothelist1Click(Sender: TObject);
procedure Addthisopcodetothecodelist1Click(Sender: TObject);
procedure Splitter1CanResize(Sender: TObject; var NewSize: Integer;
var Accept: Boolean);
procedure Panel4Resize(Sender: TObject);
procedure ScrollBar2Scroll(Sender: TObject; ScrollCode: TScrollCode;
var ScrollPos: Integer);
procedure Setbreakpoint1Click(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Run1Click(Sender: TObject);
procedure Step1Click(Sender: TObject);
procedure StepOver1Click(Sender: TObject);
procedure Runtill1Click(Sender: TObject);
procedure Stacktrace1Click(Sender: TObject);
procedure Threadlist1Click(Sender: TObject);
procedure Assemble1Click(Sender: TObject);
procedure DisCanvasDblClick(Sender: TObject);
procedure HexEditKeyPress(Sender: TObject; var Key: Char);
procedure HexEditExit(Sender: TObject);
procedure HexEditKeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure EAXLabelDblClick(Sender: TObject);
procedure Break1Click(Sender: TObject);
procedure Reservememory1Click(Sender: TObject);
procedure Savememoryregion1Click(Sender: TObject);
procedure Loadmemolryregion1Click(Sender: TObject);
procedure HexEditDblClick(Sender: TObject);
procedure Debugstrings1Click(Sender: TObject);
procedure TextEditExit(Sender: TObject);
procedure TextEditKeyDown(Sender: TObject; var Key: Word;
Shift: TShiftState);
procedure CreateThread1Click(Sender: TObject);
procedure MemoryRegions1Click(Sender: TObject);
procedure TextEditKeyPress(Sender: TObject; var Key: Char);
procedure FillMemory1Click(Sender: TObject);
procedure Disectwindow1Click(Sender: TObject);
procedure Savedisassemledoutput1Click(Sender: TObject);
procedure Heaps1Click(Sender: TObject);
procedure EnumeratedllsandSymbols1Click(Sender: TObject);
procedure InjectDLL1Click(Sender: TObject);
procedure AutoInject1Click(Sender: TObject);
procedure Dissectcode1Click(Sender: TObject);
procedure Createjumptocodecave1Click(Sender: TObject);
procedure Findstaticpointers1Click(Sender: TObject);
procedure Scanforcodecaves1Click(Sender: TObject);
procedure Changestateofregisteratthislocation1Click(Sender: TObject);
procedure ogglebreakpoint1Click(Sender: TObject);
procedure Breakpointlist1Click(Sender: TObject);
procedure Makepagewritable1Click(Sender: TObject);
procedure Dissectdata1Click(Sender: TObject);
procedure Showsymbols1Click(Sender: TObject);
procedure Dissectdata2Click(Sender: TObject);
procedure Showmoduleaddresses1Click(Sender: TObject);
procedure Symbolhandler1Click(Sender: TObject);
procedure Allocatenonpagedmemory1Click(Sender: TObject);
procedure Getaddress1Click(Sender: TObject);
procedure Findmemory1Click(Sender: TObject);
procedure Assemblycode1Click(Sender: TObject);
procedure Driverlist1Click(Sender: TObject);
procedure Sericedescriptortable1Click(Sender: TObject);
procedure MBCanvasMouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure Cut1Click(Sender: TObject);
procedure Pastefromclipboard1Click(Sender: TObject);
procedure Setsymbolsearchpath1Click(Sender: TObject);
procedure Kernelmodesymbols1Click(Sender: TObject);
procedure Breakandtraceinstructions1Click(Sender: TObject);
procedure debuggerpopupPopup(Sender: TObject);
procedure GDTlist1Click(Sender: TObject);
procedure IDTlist1Click(Sender: TObject);
procedure ScriptEngine1Click(Sender: TObject);
procedure DisCanvasMouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure FormDestroy(Sender: TObject);
procedure Newwindow1Click(Sender: TObject);
procedure Follow1Click(Sender: TObject);
procedure CopyBytesAndOpcodesClick(Sender: TObject);
procedure DissectPEheaders1Click(Sender: TObject);
procedure Back1Click(Sender: TObject);
procedure Showvaluesofstaticaddresses1Click(Sender: TObject);
procedure disassemblerheaderSectionResize(
HeaderControl: THeaderControl; Section: THeaderSection);
private
{ Private declarations }
editing: boolean;
editing2: boolean;
srow,scolumn: integer;
bytestoshow: integer;
bytelength: integer;
chrlength: integer;
MBImage: TBitmap;
DisImage: TBitmap;
memorylabelcount: integer;
addresslabelcount: integer;
addresslabel: array of TLabel;
memorylabel: array of TLabel; //hex
memoryLabelA: array of TLabel; //ascii
MemoryLabelVerticalLines: integer; //number of rows
MemoryLabelHorizontalLines: Integer; //the number of lines
addressestext: array of string[8];
memorytext: array of string[2];
memorystring: array of string;
lengthof8bytes: Integer;
textheight: integer;
lines: integer;
oldlines: integer;
Highlightcolor: Tcolor;
numberofaddresses: integer;
disassemblerlines : array of record
address: dword;
disassembled: string;
description: string;
addresspart: string;
bytespart: string;
opcodepart: string;
specialpart: string;
end;
part: integer;
{$ifndef net}
dissectcode: TDissectCodeThread;
{$endif}
lastmodulelistupdate: integer;
disassemblerHistory: TStringList;
memorybrowserHistory: TStringList;
assemblerHistory: TStringList;
backlist: TStack;
lastspecialwidth: integer;
FShowValues: boolean;
procedure UpdateRWAddress(disasm: string);
procedure WMGetMinMaxInfo(var Message: TMessage); message WM_GETMINMAXINFO;
function getShowValues: boolean;
procedure setShowValues(newstate: boolean);
public
{ Public declarations }
FSymbolsLoaded: Boolean;
Disassembleraddress: dword;
memoryaddress: dword;
thhandle: Thandle;
EAXv: dword;
EBXv: dword;
ECXv: dword;
EDXv: dword;
ESIv: dword;
EDIv: dword;
EBPv: dword;
ESPv: dword;
EIPv: dword;
FControl1: TEdit3;
FControl2:Tedit2;
rows8: integer;
disassembler: boolean;
selecting,selectionmade: boolean;
selected,selected2: dword;
dselected,dselected2: dword;
cancelsearch: boolean;
ischild: boolean; //determines if it's the main memorybrowser or a child
procedure UpdateBPlist;
procedure UpdateRegisterview;
procedure RefreshMB;
procedure updatedisassemblerview;
procedure AssemblePopup(x: string);
procedure plugintype2click(sender:tobject);
function isjumporcall(address: dword; var addresstojumpto: dword): boolean;
procedure setcodeanddatabase;
property showvalues: boolean read getShowValues write setShowValues;
end;
var
MemoryBrowser: TMemoryBrowser;
implementation
uses Valuechange,
{$ifdef net}
unit2,
addformunit,
{$else}
Mainunit,
{$endif}
{$ifndef net}
AddAddress,
findwindowunit,
frmstacktraceunit,
frmBreakThreadUnit,
FormDebugStringsUnit,
frmDissectWindowUnit,
frmEnumerateDLLsUnit,
frmThreadlistunit,
formmemoryregionsunit,
frmHeapsUnit,
frmFindstaticsUnit,
frmModifyRegistersUnit,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -