diff --git a/course/WinDriver/tools/tools-MFC/Resource.h b/course/WinDriver/tools/tools-MFC/Resource.h
index 13fd8912df4d6bdd96fa947e49bd18296b8720a5..42747d85c4581edfbfb5a63a2e606a69f5b6df20 100644
--- a/course/WinDriver/tools/tools-MFC/Resource.h
+++ b/course/WinDriver/tools/tools-MFC/Resource.h
@@ -1,21 +1,25 @@
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ 生成的包含文件。
-// 由 toolsMFC.rc 使用
+// 供 toolsMFC.rc 使用
//
-#define IDR_MAINFRAME 128
-#define IDM_ABOUTBOX 0x0010
-#define IDD_ABOUTBOX 100
-#define IDS_ABOUTBOX 101
-#define IDD_TOOLSMFC_DIALOG 102
+#define IDM_ABOUTBOX 0x0010
+#define IDD_ABOUTBOX 100
+#define IDS_ABOUTBOX 101
+#define IDD_TOOLSMFC_DIALOG 102
+#define IDR_MAINFRAME 128
+#define IDC_EDIT_LENGTH 1000
+#define IDC_EDIT_ADDRESS 1001
+#define IDC_COMBO_PROCESS 1002
+#define IDC_EDIT_MEM_DATA 1003
+#define IDC_BUTTON_READ 1004
-// 新对象的下一组默认值
-//
+// Next default values for new objects
+//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-
-#define _APS_NEXT_RESOURCE_VALUE 129
-#define _APS_NEXT_CONTROL_VALUE 1000
-#define _APS_NEXT_SYMED_VALUE 101
-#define _APS_NEXT_COMMAND_VALUE 32771
+#define _APS_NEXT_RESOURCE_VALUE 130
+#define _APS_NEXT_COMMAND_VALUE 32771
+#define _APS_NEXT_CONTROL_VALUE 1005
+#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj b/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj
index 33f697828e5590b27b49ffd78f99db67a313fcc8..4a6a5656ae8bbc988036a28dc864d6d28dc472be 100644
--- a/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj
+++ b/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj
@@ -29,7 +29,7 @@
Application
true
- v141
+ v141_xp
Unicode
Dynamic
@@ -93,6 +93,8 @@
Disabled
true
WIN32;_WINDOWS;_DEBUG;%(PreprocessorDefinitions)
+ /I"../../../../third/Blackbone/src" %(AdditionalOptions)
+ stdcpplatest
Windows
@@ -115,6 +117,7 @@
Disabled
true
_WINDOWS;_DEBUG;%(PreprocessorDefinitions)
+ /I"../../../../third/Blackbone/src" %(AdditionalOptions)
Windows
diff --git a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp
index 0f3380608ba390f602200e46831258e1e1afb99a..11d98ea2d12c92347278cdfe5371bbea2eec456f 100644
--- a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp
+++ b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp
@@ -11,6 +11,22 @@
#define new DEBUG_NEW
#endif
+//////////////////////////////////////////////////////////////////////////
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+// /I"../../../../third/Blackbone/src"
+#pragma comment(lib, "../../../../third/Blackbone/build/Win32/Debug(XP)/BlackBone.lib")
+//////////////////////////////////////////////////////////////////////////
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
@@ -51,6 +67,8 @@ END_MESSAGE_MAP()
CtoolsMFCDlg::CtoolsMFCDlg(CWnd* pParent /*=nullptr*/)
: CDialogEx(IDD_TOOLSMFC_DIALOG, pParent)
+ , m_mem_data(_T(""))
+ , m_mem_length(0)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
@@ -58,12 +76,18 @@ CtoolsMFCDlg::CtoolsMFCDlg(CWnd* pParent /*=nullptr*/)
void CtoolsMFCDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
+ DDX_Text(pDX, IDC_EDIT_MEM_DATA, m_mem_data);
+ DDX_Text(pDX, IDC_EDIT_LENGTH, m_mem_length);
+ DDX_Control(pDX, IDC_EDIT_ADDRESS, m_mem_address);
+ DDX_Control(pDX, IDC_COMBO_PROCESS, m_combo_process);
}
BEGIN_MESSAGE_MAP(CtoolsMFCDlg, CDialogEx)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
+ ON_BN_CLICKED(IDC_BUTTON_READ, &CtoolsMFCDlg::OnBnClickedButtonRead)
+ ON_CBN_DROPDOWN(IDC_COMBO_PROCESS, &CtoolsMFCDlg::OnCbnDropdownComboProcess)
END_MESSAGE_MAP()
@@ -99,6 +123,11 @@ BOOL CtoolsMFCDlg::OnInitDialog()
SetIcon(m_hIcon, FALSE); // 设置小图标
// TODO: 在此添加额外的初始化代码
+ OnCbnDropdownComboProcess();
+ m_combo_process.SetCurSel(0);
+ m_mem_address.SetWindowText(_T("400000"));
+ m_mem_length = 0x20;
+ UpdateData(FALSE);
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
}
@@ -152,3 +181,117 @@ HCURSOR CtoolsMFCDlg::OnQueryDragIcon()
return static_cast(m_hIcon);
}
+std::string ToHex(PBYTE bytes, DWORD length)
+{
+ if (bytes == NULL || length <= 0)
+ {
+ return "";
+ }
+
+ std::string result;
+ for (DWORD i = 0; i < length; ++i)
+ {
+ char hex_byte[4] = { 0 };
+ sprintf_s(hex_byte, 4, "%02X ", bytes[i]);
+ result += hex_byte;
+ }
+
+ return result;
+}
+
+
+std::string ToHexLines(PBYTE bytes, DWORD length)
+{
+ if (bytes == NULL || length <= 0)
+ {
+ return "";
+ }
+
+ DWORD line = length / 0x10;
+ DWORD left = length % 0x10;
+
+ std::string result;
+ for (DWORD i = 0; i < line; ++i)
+ {
+ result += ToHex(bytes + 0x10 * i, 0x10);
+ result += "\r\n";
+ }
+
+ result += ToHex(bytes + 0x10 * line, left);
+
+ return result;
+}
+
+void CtoolsMFCDlg::OnBnClickedButtonRead()
+{
+ // TODO: 在此添加控件通知处理程序代码
+ UpdateData();
+
+ CString str_address;
+ m_mem_address.GetWindowText(str_address);
+ str_address = _T("0x") + str_address;
+ LONGLONG dw_address = _tcstoull_l(str_address.GetBuffer(), NULL, 16, 0);
+
+ int nIndex = m_combo_process.GetCurSel();
+ DWORD pid = m_combo_process.GetItemData(nIndex);
+
+ blackbone::Process process;
+ process.Attach(pid);
+ if (!process.valid())
+ {
+ AfxMessageBox(_T("打开进程失败。"));
+ return;
+ }
+
+ PBYTE bytes = new BYTE[m_mem_length];
+ if (NULL == bytes)
+ {
+ return;
+ }
+ NTSTATUS status = process.memory().Read(dw_address, m_mem_length, (PVOID)bytes);
+ if (!NT_SUCCESS(status))
+ {
+ AfxMessageBox(_T("读取进程内存失败,请检查内存地址和大小。"));
+ return;
+ }
+// m_mem_data.Format(_T("%02X %02X %02X %02X %02X %02X %02X %02X "), bytes[0], bytes[1], bytes[2], bytes[3]
+// , bytes[4], bytes[5], bytes[6], bytes[7]);
+ std::string str_mem_data = ToHexLines(bytes, m_mem_length);
+ m_mem_data = CStringA(str_mem_data.data());
+ UpdateData(FALSE);
+}
+
+
+void CtoolsMFCDlg::OnCbnDropdownComboProcess()
+{
+ // TODO: 在此添加控件通知处理程序代码
+ m_combo_process.ResetContent();
+ blackbone::Process process;
+
+ std::vector vct_pids = blackbone::Process::EnumByName(L"");
+ for (auto pid : vct_pids)
+ {
+ NTSTATUS status = process.Attach(pid);
+ CString msg;
+
+ if (NT_SUCCESS(status))
+ {
+ if (process.modules().GetMainModule())
+ {
+ CString str_64 = process.core().isWow64() ? _T("x86") : _T("x64");
+ msg.Format(_T("[%05d][%s] %s"), process.pid(), str_64.GetBuffer(), process.modules().GetMainModule()->fullPath.data());
+ }
+ else
+ {
+ msg.Format(_T("[%d] %s"), process.pid(), _T("failed_get_path"));
+ }
+ }
+ else
+ {
+ msg.Format(_T("[%d] %s"), pid, _T("failed_Attach"));
+ }
+ m_combo_process.AddString(msg);
+ int nIndex = m_combo_process.GetCount() - 1;
+ m_combo_process.SetItemData(nIndex, pid);
+ }
+}
diff --git a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h
index 39d30c566d9eea8694aeefcff4f7c2eec62318ef..9efa9909c99baac76b673dfcc8f9d155599cede9 100644
--- a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h
+++ b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h
@@ -31,4 +31,11 @@ protected:
afx_msg void OnPaint();
afx_msg HCURSOR OnQueryDragIcon();
DECLARE_MESSAGE_MAP()
+public:
+ CString m_mem_data;
+ DWORD m_mem_length;
+ CEdit m_mem_address;
+ CComboBox m_combo_process;
+ afx_msg void OnBnClickedButtonRead();
+ afx_msg void OnCbnDropdownComboProcess();
};
diff --git a/course/WinDriver/tools/tools-MFC/toolsMFC.rc b/course/WinDriver/tools/tools-MFC/toolsMFC.rc
index 4ba1449e992b310c2951ba4c38547de5d5d22b30..f20f0e5f0607c88b0c02da0d63b43c6f9ff774b1 100644
Binary files a/course/WinDriver/tools/tools-MFC/toolsMFC.rc and b/course/WinDriver/tools/tools-MFC/toolsMFC.rc differ