qword In::Read64() { byte data[8]; Read( data, 8 ); return ( qword(data[4] | uint(data[5]) << 8 | dword(data[6]) << 16 | dword(data[7]) << 24) << 32 | dword(data[0] | uint(data[1]) << 8 | dword(data[2]) << 16 | dword(data[3]) << 24) ); }
bool check_matching(std::vector<std::string> words, std::string expression) { QString qexpression(expression.c_str()); QRegExp r(qexpression); if(!r.isValid()) { return false; } for(std::string word : words) { QString qword(word.c_str()); if(!r.exactMatch(qword)) { return false; } } return true; }
bool starting_with(std::vector<std::string> words, std::string expression) { QString qexpression(expression.c_str()); QRegExp r(qexpression); if(!r.isValid()) { return false; } for(std::string word : words) { QString qword(word.c_str()); if(r.isValid()) { if(r.indexIn(qword) < 0) { return false; } } } return true; }
CProcInfo() { KeWaitForSymbol(Sm_InitStage2); m_TickCount = 0; m_KernelTime = 0; m_VisualProgressIndex = 6; m_SurfaceActivated = true; m_X = 20; m_Y = 20; m_Width = 236; m_Height = m_Margin * 4 + (m_VisibleProcCount + 4) * m_FontH; char Digit = '0'; KeRequestCall(ClFont_GetTextWidth, PB(&Digit), 1, PB(&m_DigitW), 4); m_SurfaceID = CreateSurface(m_X, m_Y, m_Width, m_Height); DrawActiveBorder(); DrawRect(m_SurfaceID, 1, 1, m_Width - 2, m_Margin * 3 + m_FontH * 4 - 1, m_BGColor); OutText(m_SurfaceID, m_Margin, m_Margin + m_FontH * 0, 0xFFA020A0, "Page Usage:"); OutText(m_SurfaceID, m_Margin, m_Margin + m_FontH * 1, 0xFFA020A0, "Heap Usage:"); OutText(m_SurfaceID, m_Margin, m_Margin + m_FontH * 2, 0xFFA020A0, "Kernel Time:"); OutText(m_SurfaceID, m_Margin+4, m_Margin*2 + m_FontH * 3, 0xFF2020A0, "ID"); OutText(m_SurfaceID, m_Margin+18, m_Margin*2 + m_FontH * 3, 0xFF20A020, "Mem"); OutText(m_SurfaceID, m_Margin+52, m_Margin*2 + m_FontH * 3, 0xFFA0A020, "Nf"); OutText(m_SurfaceID, m_Margin+74, m_Margin*2 + m_FontH * 3, 0xFF20A0A0, "Usr"); OutText(m_SurfaceID, m_Margin+104, m_Margin*2 + m_FontH * 3, 0xFF20A0A0, "Krn"); OutText(m_SurfaceID, m_Margin+128, m_Margin*2 + m_FontH * 3, 0xFFA02020, "Name"); KeEnableNotification(NfKe_TimerTick); KeEnableNotification(Nf_SurfaceActivated); KeEnableNotification(NfKe_TerminateProcess); CNotification<4> N; for (;;) { KeWaitFor(1); N.Recv(); if (N.GetID() == Nf_SurfaceActivated) { dword activatedSurfaceID = N.GetDword(0); if (activatedSurfaceID == m_SurfaceID) { if (!m_SurfaceActivated) { m_SurfaceActivated = true; DrawActiveBorder(); } } else { if (m_SurfaceActivated) { m_SurfaceActivated = false; DrawActiveBorder(); } } } else if (N.GetID() == NfKe_TimerTick) { if (m_TickCount % 144 == 0) { m_ProcList.Clear(); CProcData PD; char Name[128]; dword PrevPID = 0; for (;;) { dword PID = KeGetNextProcessInfo(PrevPID, PD.m_UsedPageCount, PD.m_NotificationCount, PD.m_UserPerfData, PD.m_KernelPerfData, Name); if (PID == 0xFFFFFFFF) break; PD.m_PID = PID; PD.m_Name = CStringA(Name); m_ProcList.PushBack(PD); PrevPID = PID; } qword UserTotalG = 0; qword KernelTotalG = 0; for (dword i = 0; i < m_ProcList.Size(); i++) { qword UserTotalL = 0; qword KernelTotalL = 0; for (dword j = 0; j < 128; j++) { UserTotalL += m_ProcList[i].m_UserPerfData[j]; KernelTotalL += m_ProcList[i].m_KernelPerfData[j]; } m_ProcList[i].m_UserTotal = UserTotalL; m_ProcList[i].m_KernelTotal = KernelTotalL; UserTotalG += UserTotalL; KernelTotalG += KernelTotalL; } for (dword i = 0; i < m_ProcList.Size(); i++) { m_ProcList[i].m_UserPercent = (m_ProcList[i].m_UserTotal << 16) / UserTotalG; m_ProcList[i].m_KernelPercent = (m_ProcList[i].m_KernelTotal << 16) / KernelTotalG; } m_KernelTime = (KernelTotalG << 16) / (KernelTotalG + UserTotalG); DrawRect(m_SurfaceID, 1, m_Margin * 3 + m_FontH * 4, m_Width - 2, m_Height - (m_Margin * 3 + m_FontH * 4) - 1, m_BGColor); dword VisibleProcCount = m_ProcList.Size(); if (VisibleProcCount > m_VisibleProcCount) VisibleProcCount = m_VisibleProcCount; for (dword i = 0; i < VisibleProcCount; i++) { char CharBuf[5] = {0}; dword XOffset = m_Margin + 14; dword YOffset = m_Margin * 3 + m_FontH * (4 + i); OutDecimal(XOffset, YOffset, m_ProcList[i].m_PID, 0xFF2020A0); XOffset += 24; OutDecimal(XOffset, YOffset, m_ProcList[i].m_UsedPageCount, 0xFF20A020); XOffset += 22; OutDecimal(XOffset, YOffset, m_ProcList[i].m_NotificationCount, 0xFFA0A020); XOffset += 0; OutPercent(XOffset, YOffset, m_ProcList[i].m_UserPercent, 0xFF20A0A0); XOffset += 32; OutPercent(XOffset, YOffset, m_ProcList[i].m_KernelPercent, 0xFF20A0A0); XOffset += 36; OutText(m_SurfaceID, XOffset, YOffset, 0xFFA02020, m_ProcList[i].m_Name._ptr()); } } if (m_TickCount % 24 == 0) { dword HeapUsed; dword HeapTotal; dword PageUsed; dword PageTotal; KeGetMemInfo(HeapUsed, HeapTotal, PageUsed, PageTotal); dword PageUsage = dword((qword(PageUsed) * 0x10000) / PageTotal); dword HeapUsage = dword((qword(HeapUsed) * 0x10000) / HeapTotal); dword KernelTime = 0; dword HeapColor = 0xFF20A0A0; if (HeapUsage > 0x9999) HeapColor = 0xFFF8BF16; if (HeapUsage > 0xB333) HeapColor = 0xFFFA5914; DrawRect(m_SurfaceID, m_Margin + 74, m_Margin, 48, m_FontH * 3, m_BGColor); OutPercent(m_Margin + 74, m_Margin + m_FontH * 0, PageUsage, 0xFF20A0A0, true); OutPercent(m_Margin + 74, m_Margin + m_FontH * 1, HeapUsage, HeapColor, true); OutPercent(m_Margin + 74, m_Margin + m_FontH * 2, m_KernelTime, 0xFF20A0A0, true); dword PrevVP = m_VisualProgressIndex; m_VisualProgressIndex++; if (m_VisualProgressIndex >= 6) m_VisualProgressIndex = 0; dword C1 = 0xFFB0B8FF; dword C2 = 0xFFD0D4FF; if (m_VisualProgressIndex == 0) { C1 = 0xFFFFA393; C2 = 0xFFFFCCC4; } DrawRect(m_SurfaceID, 140 + PrevVP * 12, m_FontH + m_Margin + 4, 8, 8, m_BGColor); DrawRect(m_SurfaceID, 140 + m_VisualProgressIndex * 12, m_FontH + m_Margin + 4, 8, 8, C1); DrawRect(m_SurfaceID, 140 + m_VisualProgressIndex * 12 + 1, m_FontH + m_Margin + 4 + 1, 6, 6, C2); } if (m_TickCount == 0) { ShowSurface(m_SurfaceID); } m_TickCount++; } else if (N.GetID() == NfKe_TerminateProcess) { return; } } }
qword Search::Result::size () const { return ((qword(myData.nFileSizeHigh)<<32)|qword(myData.nFileSizeLow)); }