![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pwalk.h CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / mstools / samples / sdktools / walker|
Return to pwalk.h CVS log | Up to [WindowsNT SDKs] / mstools / samples / sdktools / walker |
1.1 root 1: #include <windows.h>
2: #include <stdlib.h>
3: #include <stdio.h>
4: #include "pefile.h"
5:
6:
7: #define IDR_MAINICON 20
8: #define IDR_SYSSTATICON 21
9: #define IDR_PROSTATICON 22
10: #define IDR_WALKERMENU 30
11:
12: #define IDS_WALKERCLASS 11000
13: #define IDS_SYSSTATCLASS 11001
14: #define IDS_PROSTATCLASS 11002
15: #define IDS_STATUSCLASS 11004
16: #define IDS_MEMVIEWCLASS 11005
17: #define IDS_SYSSTATTITLE 11010
18: #define IDS_PROSTATTITLE 11011
19: #define IDS_MEMVIEWTITLE 11013
20: #define IDS_CAPTION 11020
21: #define IDS_UNAVAILABLE 11021
22: #define IDS_LISTBOX 11022
23: #define IDS_EXEFILEEXT 11023
24: #define IDS_FILEOPENTITLE 11024
25: #define IDS_SELF 11025
26: #define IDS_ERROR 11030
27: #define IDS_NOTENOUGHMEM 11031
28: #define IDS_HEAPCREATEFAILED 11032
29: #define IDS_DBGEVNTACTIVE 11042
30: #define IDS_DBGEVNTCLOSE 11043
31: #define IDS_DBGEVNTSTOP 11044
32: #define IDS_DBGEVNTSTART 11045
33: #define IDS_DBGEVNTREAD 11046
34: #define IDS_DBGEVNTWRITE 11047
35: #define IDS_DBGEVNTACK 11048
36: #define IDS_EXCEPTION 11050
37: #define IDS_APPEXCEPTION 11051
38: #define IDS_CHILDAPPEXCEPTION 11052
39: #define IDS_ERRDUPLICATEHANDLE 11060
40: #define IDS_ERRGETTHREADCONTEXT 11061
41: #define IDS_ERRCREATEPROCESS 11062
42: #define IDS_ERROPENPROCESS 11063
43: #define IDS_ERRCREATEFILEMAPPING 11064
44: #define IDS_ERRHEAPALLOC 11065
45: #define IDS_ERRREADPROCESSMEMORY 11066
46: #define IDS_ERRCREATEWINDOW 11067
47: #define IDS_ERRVIRTUALFREE 11068
48: #define IDS_ERRVIRTUALALLOC 11069
49: #define IDS_STATUSREADY 11070
50: #define IDS_NOTCOMMITTEDMEMORY 11071
51: #define IDS_ERRWRITEPROCESSMEMORY 11072
52: #define IDS_COULDNOTREADPROCESS 11073
53: #define IDS_ERRSETTHREADCONTEXT 11074
54: #define IDS_EXITPROCESS 12000
55: #define IDS_EXITTHREAD 12001
56: #define IDS_CREATEPROCESS 12002
57: #define IDS_CREATETHREAD 12003
58: #define IDS_LOADDLL 12004
59: #define IDS_UNLOADDLL 12005
60: #define IDS_OUTPUTDEBUGSTRING 12006
61: #define IDS_RIPEVENT 12007
62: #define IDS_BREAKPOINTEXCEPTION 12008
63: #define IDS_ACCESSVIOLATIONEXCEPTION 12009
64: #define IDS_UNHANDLEDEXCEPTION 12010
65: #define IDS_PROCESSSUSPENDED 12011
66: #define IDS_PROCESSRESUMED 12012
67: #define IDS_PROCESSINIT 12013
68: #define IDS_MAPFILENAME 12014
69: #define IDS_INITPROCESSFAILURE 12015
70: #define IDS_INITPROBE 12016
71: #define IDS_HOOKPROCESS 12017
72:
73: #define IDC_LISTBOX 100
74: #define IDC_STATUSWND 101
75: #define IDC_REFRESH 200
76: #define IDC_CANCEL 201
77: #define IDC_REWALK 202
78:
79: #define IDM_POPUPMENUS 1000
80: #define IDM_POPUPPROCESS 1000
81: #define IDM_POPUPSORT 1001
82: #define IDM_POPUPVIEW 1002
83: #define IDM_POPUPOPTIONS 1003
84: #define MENUPOPUPS 4
85:
86: #define IDM_PROCESSREWALK 2000
87: #define IDM_PROCESSLOAD 2001
88: #define IDM_PROCESSUNLOAD 2002
89: #define IDM_PROCESSSUSPEND 2003
90: #define IDM_PROCESSRESUME 2004
91: #define IDM_EXIT 2010
92: #define IDM_SORTADDRESS 2020
93: #define IDM_SORTSTATE 2021
94: #define IDM_SORTPROTECTION 2022
95: #define IDM_SORTSIZE 2023
96: #define IDM_SORTBASEADDRESS 2024
97: #define IDM_VIEWSYSSTAT 2030
98: #define IDM_VIEWPROSTAT 2031
99: #define IDM_VIEWMEMORY 2033
100: #define IDM_VIEWADDRESS 2034
101: #define IDM_OPTBYTES 2040
102: #define IDM_OPTPAGES 2041
103:
104: #define IDD_ADDR 3000
105: #define IDC_ADDR 3001
106: #define IDC_HEX 3002
107:
108: #define IDD_INITIALIZING 4000
109: #define UM_ENDDIALOG WM_USER+2
110:
111: #define TOTALVMRESERVE 0x00100000
112: #define PAGESIZE 0x1000
113: #define IDM_REMOVEVIEWWND WM_USER+0
114:
115: #define IDT_STATUS 3000
116: #define UM_UPDATE WM_USER+1
117: #define UM_STARTINITDIALOG WM_USER+3
118:
119: #define STATUSWXB 12
120: #define WXB_HPENHILITE 0
121: #define WXB_HPENSHADOW 4
122: #define WXB_LPWINDOWTEXT 8
123:
124: #define VIEWWXB 8
125: #define WXB_LPMEMVIEW 0
126: #define WXB_LPOLDMEMVIEW 4
127:
128: /* define event handle array indeces */
129: #define CLOSEDEBUGGER 0
130: #define SUSPENDDEBUGGER 1
131: #define RESUMEDEBUGGER 2
132: #define READMEMORY 3
133: #define WRITEMEMORY 4
134: #define DEBUGACTIVE 5
135: #define ACKNOWLEDGE 6
136: #define nDEBUGEVENTS 7
137:
138:
139: typedef struct DBGTHREAD *LPDBGTHREAD;
140: typedef struct tagDbgThread
141: {
142: HANDLE hThread;
143: DWORD dwThreadID;
144: LPTHREAD_START_ROUTINE lpStartAddress;
145: int nPriority;
146: LPDBGTHREAD Next;
147: }DBGTHREAD;
148:
149: typedef struct DBGDLL *LPDBGDLL;
150: typedef struct tagDbgDll
151: {
152: HANDLE hFile;
153: LPVOID lpBaseOfDll;
154: DWORD dwDebugInfoFileOffset;
155: DWORD nDebugInfoSize;
156: char szImageName[MAX_PATH];
157: WORD fUnicode;
158: LPDBGDLL Next;
159: SECTIONINFO *lpSection; /* from PEFILE.H */
160: }DBGDLL;
161:
162: typedef struct DBGEXCEPTREC *LPDBGEXCEPTREC;
163: typedef struct tagDbgExcept
164: {
165: EXCEPTION_RECORD ExceptRecord;
166: CONTEXT Context;
167: DWORD dwThreadId;
168: DWORD dwFirstChance;
169: LPDBGEXCEPTREC Next;
170: }DBGEXCEPTREC;
171:
172: typedef struct tagDbgProcess
173: {
174: HANDLE hDbgHeap;
175: DWORD dwProcessID;
176: HANDLE hProcess;
177: HANDLE hFile;
178: LPVOID lpImage;
179: DWORD dwDbgInfoOffset;
180: DWORD nDbgInfoSize;
181: DBGTHREAD *lpThreads;
182: DBGDLL *lpDlls;
183: SECTIONINFO *lpSection;
184: HWND hWnd;
185: DWORD dwPriority;
186: BOOL bActive;
187: char szModule[MAX_PATH];
188: DBGEXCEPTREC *lpERs;
189: }DBGPROCESS;
190:
191: typedef struct tagVMObject
192: {
193: MEMORY_BASIC_INFORMATION mbi;
194: char szObjType[12];
195: char szModule[MAX_PATH];
196: char szSection[IMAGE_SIZEOF_SHORT_NAME];
197: BOOL bNew;
198: }VMOBJECT, * LPVMOBJECT;
199:
200:
201: /* struct for memory view window */
202: typedef struct tagMemView
203: {
204: LPVOID lpMem;
205: int nBase;
206: int nSize;
207: int xWin, yWin;
208: int PosV, RangeV;
209: long nLines;
210: int nExtraBytes;
211: } MEMVIEW, * LPMEMVIEW;
212:
213:
214: /* struct for process probe dll */
215: typedef struct tagProbe
216: {
217: HANDLE hProcess;
218: HANDLE hDefHeap;
219: }PROBE, * LPPROBE;
220:
221:
222: /* struct representing process state */
223: typedef struct tagProcessState
224: {
225: CONTEXT Context;
226: LPVOID Esp;
227: LPVOID pStackPage;
228: BYTE Stack[PAGESIZE];
229: LPVOID Eip;
230: LPVOID pCodePage;
231: BYTE Code[PAGESIZE];
232: }PROCESS_STATE, * LPPROCESS_STATE;
233:
234:
235: /* prototypes for functions in pwalk.c */
236: LONG WINAPI WalkerWndProc (HWND, UINT, WPARAM, LPARAM);
237: int WINAPI NotifyUser (HWND, int, int, char *, UINT);
238: void WINAPI ReportError (int);
239: BOOL WINAPI GetFreeDiskSpace (LPDWORD, LPDWORD);
240: BOOL WINAPI InitDlgProc (HWND, UINT, WPARAM, LPARAM);
241:
242: /* prototypes for functions in pwalkio.c */
243: BOOL WINAPI GetFileName (HWND, char *, char *);
244: void WINAPI GetFileFromPath (char *, char *);
245: BOOL WINAPI GetCmdLine (char *, char *, BOOL *);
246: BOOL WINAPI IsValidFile (char *);
247:
248: /* prototypes for functions in pstat.c */
249: LONG WINAPI SysStatWndProc (HWND, UINT, WPARAM, LPARAM);
250: LONG WINAPI ProStatWndProc (HWND, UINT, WPARAM, LPARAM);
251: LONG WINAPI StatusWndProc (HWND, UINT, WPARAM, LPARAM);
252: void WINAPI SetStatusText (HWND, int, COLORREF);
253:
254: /* prototypes for functions in pview.c */
255: HWND WINAPI ViewMemory (HWND, char *, LPVOID, int, int);
256: LONG WINAPI MemWndProc (HWND, UINT, WPARAM, LPARAM);
257: void WINAPI ActivateViewWindow (ATOM);
258: HWND WINAPI EnumViewWindows (HWND, HWND);
259: BOOL WINAPI AddrDlgProc (HWND, UINT, WPARAM, LPARAM);
260:
261: /* prototypes for functions in pdebug.c */
262: DBGPROCESS* WINAPI StartChildProcess (HWND, char *, LPHANDLE);
263: void WINAPI CloseChildProcess (DBGPROCESS *, LPHANDLE);
264: int WINAPI WhereIsStack (HANDLE);
265: int WINAPI WalkProcess (HANDLE, LPVOID *, LPINT *);
266: void WINAPI AnalyzeProcess (DBGPROCESS *, LPVMOBJECT, int);
267: void WINAPI IdentifyNewObjects (LPVMOBJECT, int, LPVMOBJECT, int);
268: BOOL WINAPI CommittedMemoryRange (int, int, LPVMOBJECT, int *);
269: BOOL WINAPI AccessProcessMemory (HANDLE, HANDLE, LPVOID, LPVOID, DWORD *);
270:
271: /* prototypes for functions in probe.c, a DLL */
272: void WINAPI ResetProbe ();
273: LPPROBE WINAPI RetrieveProbeData ();
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.