📄 parse.c
字号:
if(WaitForKey()==FALSE)break;
}
}
}
// one arg supplied -> show individual page
else if(pArgs->Count == 1)
{
pPGD = ADDR_TO_PDE((ULONG)pArgs->Value[0]);
DPRINT((0,"ShowPageDirs(): VA = %.8X\n",pArgs->Value[0]));
DPRINT((0,"ShowPageDirs(): pPGD = %.8X\n",(ULONG)pPGD));
if(pPGD && ((*pPGD)&_PAGE_PRESENT))
{
// 4M page
if((*pPGD)&_PAGE_4M)
{
PPAGEDIR pPage = (PPAGEDIR)pPGD;
PutStatusText("Linear Physical Attributes");
PICE_sprintf(tempCmd,"%.8X %.8X %s %s %s (LARGE PAGE PTE @ %.8X)\n",
pArgs->Value[0],
(pPage->PTBase<<12)|(pArgs->Value[0]&0x7FFFFF),
pPage->P?"P ":"NP",
pPage->RW?"RW":"R ",
pPage->US?"U":"S",
(ULONG)pPGD);
}
else
{
pPTE = ADDR_TO_PTE(pArgs->Value[0]);
DPRINT((0,"ShowPageDirs(): pPTE = %.8X\n",(ULONG)pPTE));
if(pPTE)
{
PPAGEDIR pPage = (PPAGEDIR)pPTE;
DPRINT((0,"ShowPageDirs(): pPage->PTBase = %.8X\n",(ULONG)pPage->PTBase));
PutStatusText("Linear Physical Attributes");
PICE_sprintf(tempCmd,"%.8X %.8X %s %s %s (PTE @ %.8X)\n",
pArgs->Value[0],
(pPage->PTBase<<12)|(pArgs->Value[0]&(_PAGE_SIZE-1)),
(pPage->P==1)?"P ":"NP",
pPage->RW?"RW":"R ",
pPage->US?"U":"S",
(ULONG)pPTE);
}
}
Print(OUTPUT_WINDOW,tempCmd);
}
else
{
PICE_sprintf(tempCmd,"page at %.8X not present.\n",pArgs->Value[0]);
Print(OUTPUT_WINDOW,tempCmd);
}
}
}
return TRUE;
}
//*************************************************************************
// ShowProcesses()
//
//*************************************************************************
COMMAND_PROTOTYPE(ShowProcesses)
{
PEPROCESS my_current = IoGetCurrentProcess();
PLIST_ENTRY current_entry;
PEPROCESS currentps;
ENTER_FUNC();
current_entry = pPsProcessListHead->Flink;
if( current_entry ){
PutStatusText("NAME TASK PID");
while( current_entry != pPsProcessListHead ){
currentps = CONTAINING_RECORD(current_entry,
EPROCESS,
ProcessListEntry);
DPRINT((0,"currentps = %x\n",currentps));
//ei would be nice to mark current process!
PICE_sprintf(tempCmd,"%-16.16s %-12x %x\n",currentps->ImageFileName,
(ULONG)currentps,currentps->UniqueProcessId);
Print(OUTPUT_WINDOW,tempCmd);
if(WaitForKey()==FALSE)
break;
current_entry = current_entry->Flink;
}
}
LEAVE_FUNC();
return TRUE;
}
//*************************************************************************
// DisplayMemoryDword()
//
//*************************************************************************
COMMAND_PROTOTYPE(DisplayMemoryDword)
{
ULONG i,j,k;
static ULONG addr=0,addrorg;
static USHORT segment;
char temp[8];
LPSTR pSymbolName;
ENTER_FUNC();
DPRINT((0,"DisplayMemoryDword()\n"));
if(pArgs->Count==2)
{
segment=(USHORT)pArgs->Value[0];
if(!segment)segment=GLOBAL_DATA_SEGMENT;
addr=pArgs->Value[1];
OldSelector = segment;
OldOffset = addr;
addrorg=addr;
addr=GetLinearAddress(segment,addr);
}
else if(pArgs->Count==1)
{
segment=CurrentDS;
addr=pArgs->Value[0];
OldOffset = addr;
addrorg=addr;
addr=GetLinearAddress(segment,addr);
}
else if(pArgs->Count==0)
{
addr += sizeof(ULONG)*4*4;
OldOffset = addr;
}
if(ScanExportsByAddress(&pSymbolName,addr))
{
PICE_sprintf(tempCmd," %s ",pSymbolName);
SetForegroundColor(COLOR_TEXT);
SetBackgroundColor(COLOR_CAPTION);
PutChar(tempCmd,GLOBAL_SCREEN_WIDTH-1-PICE_strlen(tempCmd),wWindow[DATA_WINDOW].y-1);
ResetColor();
}
DisableScroll(DATA_WINDOW);
if(DisplayMemory != DisplayMemoryDword)
{
Clear(DATA_WINDOW);
DisplayMemory = DisplayMemoryDword;
}
else
Home(DATA_WINDOW);
for(k=0;k<wWindow[DATA_WINDOW].cy;k++) // 4 lines
{
PICE_sprintf(tempCmd,"%.4X:%.8X: ",segment,addrorg+k*16);
Print(1,tempCmd);
for(i=0;i<4;i++) // 4 dwords
{
tempCmd[0]=0;
Print(1," ");
for(j=0;j<4;j++) // 1 dword = 4 bytes
{
if(IsAddressValid(addr+i*4+j+k*16))
{
PICE_sprintf(temp,"%.2x",*(PUCHAR)(addr+i*4+j+k*16));
PICE_strrev(temp);
PICE_strcat(tempCmd,temp);
}
else
{
PICE_strcat(tempCmd,"??");
}
}
PICE_strrev(tempCmd);
Print(1,tempCmd);
}
Print(1," ");
tempCmd[0]=0;
for(j=0;j<16;j++) // 1 dword = 4 bytes
{
wWindow[DATA_WINDOW].usCurX = GLOBAL_SCREEN_WIDTH-17;
if(IsAddressValid(addr+j+k*16))
{
PICE_sprintf(temp,"%c",PICE_isprint(*(PUCHAR)(addr+j+k*16))?(*(PUCHAR)(addr+j+k*16)):'.');
PICE_strcat(tempCmd,temp);
}
else
{
PICE_strcat(tempCmd,"?");
}
}
Print(1,tempCmd);
Print(1,"\n");
}
EnableScroll(DATA_WINDOW);
addr+=16*4;
return TRUE;
}
//*************************************************************************
// DisplayMemoryByte()
//
//*************************************************************************
COMMAND_PROTOTYPE(DisplayMemoryByte)
{
ULONG j,k;
static ULONG addr=0,addrorg;
static USHORT segment;
char temp[8];
LPSTR pSymbolName;
if(pArgs->Count==2)
{
segment=(USHORT)pArgs->Value[0];
if(!segment)segment=GLOBAL_DATA_SEGMENT;
addr=pArgs->Value[1];
OldSelector = segment;
OldOffset = addr;
addrorg=addr;
addr=GetLinearAddress(segment,addr);
}
else if(pArgs->Count==1)
{
segment=CurrentDS;
addr=pArgs->Value[0];
OldOffset = addr;
addrorg=addr;
addr=GetLinearAddress(segment,addr);
}
else if(pArgs->Count==0)
{
addr += sizeof(ULONG)*4*4;
OldOffset = addr;
}
if(DisplayMemory != DisplayMemoryByte)
{
Clear(DATA_WINDOW);
DisplayMemory = DisplayMemoryByte;
}
else
Home(DATA_WINDOW);
if(ScanExportsByAddress(&pSymbolName,addr))
{
PICE_sprintf(tempCmd," %s ",pSymbolName);
SetForegroundColor(COLOR_TEXT);
SetBackgroundColor(COLOR_CAPTION);
PutChar(tempCmd,GLOBAL_SCREEN_WIDTH-1-PICE_strlen(tempCmd),wWindow[DATA_WINDOW].y-1);
ResetColor();
}
DisableScroll(DATA_WINDOW);
for(k=0;k<wWindow[DATA_WINDOW].cy;k++) // 4 lines
{
PICE_sprintf(tempCmd,"%.4X:%.8X: ",segment,addrorg+k*16);
Print(1,tempCmd);
tempCmd[0]=0;
Print(1," ");
for(j=0;j<16;j++) // 1 dword = 4 bytes
{
if(IsAddressValid(addr+j+k*16))
{
PICE_sprintf(temp,"%.2x ",*(PUCHAR)(addr+j+k*16));
PICE_strcat(tempCmd,temp);
}
else
{
PICE_strcat(tempCmd,"?? ");
}
}
Print(1,tempCmd);
Print(1," ");
tempCmd[0]=0;
for(j=0;j<16;j++) // 1 dword = 4 bytes
{
wWindow[DATA_WINDOW].usCurX = GLOBAL_SCREEN_WIDTH-17;
if(IsAddressValid(addr+j+k*16))
{
PICE_sprintf(temp,"%c",PICE_isprint(*(PUCHAR)(addr+j+k*16))?(*(PUCHAR)(addr+j+k*16)):'.');
PICE_strcat(tempCmd,temp);
}
else
{
PICE_strcat(tempCmd,"?");
}
}
Print(1,tempCmd);
Print(1,"\n");
}
EnableScroll(DATA_WINDOW);
addr+=16*4;
return TRUE;
}
//*************************************************************************
// DisplayPhysMemDword()
//
//*************************************************************************
COMMAND_PROTOTYPE(DisplayPhysMemDword)
{
ULONG i,j,k;
static ULONG addr=0,addrorg;
static USHORT segment;
char temp[8];
ENTER_FUNC();
DPRINT((0,"DisplayPhysMemDword()\n"));
if(pArgs->Count==1)
{
segment=CurrentDS;
addr=pArgs->Value[0];
OldOffset = addr;
addrorg=addr;
addr=GetLinearAddress(segment,addr);
}
else if(pArgs->Count==0)
{
addr += sizeof(ULONG)*4*4;
OldOffset = addr;
}
DisableScroll(DATA_WINDOW);
if(DisplayMemory != DisplayPhysMemDword)
{
Clear(DATA_WINDOW);
DisplayMemory = DisplayPhysMemDword;
}
else
Home(DATA_WINDOW);
for(k=0;k<wWindow[DATA_WINDOW].cy;k++) // 4 lines
{
PICE_sprintf(tempCmd,"PHYS:%.8X: ",addrorg+k*16);
Print(1,tempCmd);
for(i=0;i<4;i++) // 4 dwords
{
tempCmd[0]=0;
PICE_sprintf(tempCmd," %.8X",ReadPhysMem(addr+i*4+k*16,sizeof(ULONG)));
Print(1,tempCmd);
}
Print(1," ");
tempCmd[0]=0;
for(j=0;j<16;j++) // 1 dword = 4 bytes
{
UCHAR ucData;
wWindow[DATA_WINDOW].usCurX = GLOBAL_SCREEN_WIDTH-17;
ucData = ReadPhysMem(addr+j+k*16,sizeof(UCHAR));
PICE_sprintf(temp,"%c",PICE_isprint(ucData)?ucData:'.');
PICE_strcat(tempCmd,temp);
}
Print(1,tempCmd);
Print(1,"\n");
}
EnableScroll(DATA_WINDOW);
addr+=16*4;
return TRUE;
}
//*************************************************************************
// DisplaySourceFile()
//
//*************************************************************************
void DisplaySourceFile(LPSTR pSrcLine,LPSTR pSrcEnd,ULONG ulLineNumber,ULONG ulLineNumberToInvert)
{
ULONG i;
LPSTR pTemp;
ULONG j = ulLineNumber-1;
DPRINT((0,"DisplaySourceFile(%.8X,%u,%u)\n",pSrcLine,ulLineNumber,ulLineNumberToInvert));
// go to line
while(j--)
{
// goto end of current line
while(*pSrcLine!=0x0a && *pSrcLine!=0x0d)
pSrcLine++;
// skip over the line end
if(*pSrcLine == 0x0d)
pSrcLine++;
if(*pSrcLine == 0x0a)
pSrcLine++;
}
Clear(SOURCE_WINDOW);
DisableScroll(SOURCE_WINDOW);
for(i=0;i<wWindow[SOURCE_WINDOW].cy;i++)
{
pTemp = tempCmd;
if(pSrcLine<pSrcEnd)
{
PICE_sprintf(tempCmd,".%.5u ",ulLineNumber+i);
pTemp = tempCmd + PICE_strlen(tempCmd);
while(pSrcLine<pSrcEnd && *pSrcLine!=0x0a && *pSrcLine!=0x0d)
{
if(*pSrcLine==0x9) // TAB
{
*pTemp++ = 0x20;
*pTemp++ = 0x20;
*pTemp++ = 0x20;
*pTemp++ = 0x20;
pSrcLine++;
}
else
{
*pTemp++ = *pSrcLine++;
}
}
if(pSrcLine<pSrcEnd)
{
// skip over the line end
if(*pSrcLine == 0x0d)
pSrcLine++;
if(*pSrcLine == 0x0a)
pSrcLine++;
}
*pTemp++ = '\n';
*pTemp = 0;
if(PICE_strlen(tempCmd)>GLOBAL_SCREEN_WIDTH-1)
{
tempCmd[GLOBAL_SCREEN_WIDTH-2]='\n';
tempCmd[GLOBAL_SCREEN_WIDTH-1]=0;
}
if( (ulLineNumberToInvert!=-1) &&
((int)(ulLineNumberToInvert-ulLineNumber)>=0) &&
((ulLineNumberToInvert-ulLineNumber)<wWindow[SOURCE_WINDOW].cy) &&
(i==(ulLineNumberToInvert-ulLineNumber)) )
{
SetForegroundColor(COLOR_BACKGROUND);
SetBackgroundColor(COLOR_FOREGROUND);
}
Print(SOURCE_WINDOW,tempCmd);
if( (ulLineNumberToInvert!=-1) &&
((int)(ulLineNumberToInvert-ulLineNumber)>=0) &&
((ulLineNumberToInvert-ulLineNumber)<wWindow[SOURCE_WINDOW].cy) &&
(i==(ulLineNumberToInvert-ulLineNumber)) )
{
ResetColor();
}
}
else
{
Print(SOURCE_WINDOW,"---- End of source file --------------\n");
break;
}
}
EnableScroll(SOURCE_WINDOW);
}
//*************************************************************************
// UnassembleOneLineDown()
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -