STDMETHODIMP CDebugLog::GetBindLog(DWORD dwDetailLevel, LPWSTR pwzDebugLog, DWORD *pcbDebugLog) { HRESULT hr = S_OK; LISTNODE pos = NULL; DWORD dwCharsReqd; CDebugLogElement *pLogElem = NULL; if (!pcbDebugLog) { hr = E_INVALIDARG; goto Exit; } pos = _listDbgMsg.GetHeadPosition(); if (!pos) { // No entries in debug log! hr = S_FALSE; goto Exit; } // Calculate total size (entries + new line chars + NULL) dwCharsReqd = 0; while (pos) { pLogElem = _listDbgMsg.GetNext(pos); ASSERT(pLogElem); if (pLogElem->_dwDetailLvl <= dwDetailLevel) { dwCharsReqd += lstrlenW(pLogElem->_pszMsg) * sizeof(WCHAR); dwCharsReqd += sizeof(L"\r\n"); } } dwCharsReqd += 1; // NULL char if (!pwzDebugLog || *pcbDebugLog < dwCharsReqd) { *pcbDebugLog = dwCharsReqd; hr = HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER); goto Exit; } *pwzDebugLog = L'\0'; pos = _listDbgMsg.GetHeadPosition(); while (pos) { pLogElem = _listDbgMsg.GetNext(pos); ASSERT(pLogElem); if (pLogElem->_dwDetailLvl <= dwDetailLevel) { StrCatW(pwzDebugLog, pLogElem->_pszMsg); StrCatW(pwzDebugLog, L"\r\n"); } } ASSERT((DWORD)lstrlenW(pwzDebugLog) * sizeof(WCHAR) < dwCharsReqd); Exit: return hr; }
VOID QuerySSDTHook(HWND m_hWnd,ULONG ID,int IntType,CMyList *m_list) { DWORD dwReadByte; int i=0; SHFILEINFO shfileinfo; SSDTImg.Create(16,16, ILC_COLOR32, 2, 100); HIMAGELIST hImageList = NULL; CMyAProtectApp *imgApp=(CMyAProtectApp*)AfxGetApp(); SetDlgItemTextW(m_hWnd,IDC_DebugStatus,L"正在扫描SSDT,请稍后..."); if (bIsPhysicalCheck){ SaveToFile("\r\n\r\n[---SSDT---]\r\n",PhysicalFile); } SSDTInfo = (PSSDTINFO)VirtualAlloc(0, sizeof(SSDTINFO)*810,MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); if (SSDTInfo) { memset(SSDTInfo,0,sizeof(SSDTINFO)*810); if (IntType == 0) { ReadFile((HANDLE)LIST_SSDT,SSDTInfo,sizeof(SSDTINFO)*810,&dwReadByte,0); }else ReadFile((HANDLE)LIST_SSDT_ALL,SSDTInfo,sizeof(SSDTINFO)*810,&dwReadByte,0); for ( i=0;i< (int)SSDTInfo->ulCount;i++) { WCHAR lpwzTextOut[100]; memset(lpwzTextOut,0,sizeof(lpwzTextOut)); wsprintfW(lpwzTextOut,L"共有 %d 个数据,正在扫描第 %d 个,请稍后...",SSDTInfo->ulCount,i); SetDlgItemTextW(m_hWnd,ID,lpwzTextOut); WCHAR lpwzNumber[256] = {0}; WCHAR lpwzHookType[256] = {0}; WCHAR lpwzFunction[256] = {0}; WCHAR lpwzHookModuleImage[256] = {0}; WCHAR lpwzMemoryFunctionBase[256] = {0}; WCHAR lpwzRealFunctionBase[256] = {0}; WCHAR lpwzHookModuleBase[256] = {0}; WCHAR lpwzHookModuleSize[256] = {0}; memset(lpwzNumber,0,sizeof(lpwzNumber)); memset(lpwzHookType,0,sizeof(lpwzHookType)); memset(lpwzFunction,0,sizeof(lpwzFunction)); memset(lpwzHookModuleImage,0,sizeof(lpwzHookModuleImage)); memset(lpwzMemoryFunctionBase,0,sizeof(lpwzMemoryFunctionBase)); memset(lpwzRealFunctionBase,0,sizeof(lpwzRealFunctionBase)); memset(lpwzHookModuleBase,0,sizeof(lpwzHookModuleBase)); memset(lpwzHookModuleSize,0,sizeof(lpwzHookModuleSize)); if (SSDTInfo->SSDT[i].ulNumber == 0xffffffff) { StrCatW(lpwzNumber,L"*"); } else wsprintfW(lpwzNumber,L"%d",SSDTInfo->SSDT[i].ulNumber); MultiByteToWideChar( CP_ACP, 0, SSDTInfo->SSDT[i].lpszFunction, -1, lpwzFunction, strlen(SSDTInfo->SSDT[i].lpszFunction) ); MultiByteToWideChar( CP_ACP, 0, SSDTInfo->SSDT[i].lpszHookModuleImage, -1, lpwzHookModuleImage, strlen(SSDTInfo->SSDT[i].lpszHookModuleImage) ); wsprintfW(lpwzMemoryFunctionBase,L"0x%08X",SSDTInfo->SSDT[i].ulMemoryFunctionBase); wsprintfW(lpwzRealFunctionBase,L"0x%08X",SSDTInfo->SSDT[i].ulRealFunctionBase); wsprintfW(lpwzHookModuleBase,L"0x%08X",SSDTInfo->SSDT[i].ulHookModuleBase); wsprintfW(lpwzHookModuleSize,L"%d KB",SSDTInfo->SSDT[i].ulHookModuleSize/1024); switch (SSDTInfo->SSDT[i].IntHookType) { case 0: StrCatW(lpwzHookType,L"-"); break; case 1: StrCatW(lpwzHookType,L"SSDT hook"); break; case 2: StrCatW(lpwzHookType,L"SSDT Inline hook"); break; case 3: StrCatW(lpwzHookType,L"Inline hook"); break; } WCHAR lpwzDosFullPath[256]; WCHAR lpwzWinDir[256]; WCHAR lpwzSysDisk[256]; memset(lpwzWinDir,0,sizeof(lpwzWinDir)); memset(lpwzSysDisk,0,sizeof(lpwzSysDisk)); memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); GetWindowsDirectoryW(lpwzWinDir,sizeof(lpwzWinDir)); memcpy(lpwzSysDisk,lpwzWinDir,4); if (wcsstr(lpwzHookModuleImage,L"\\??\\")) { //开始这种路径的处理 memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); wcsncpy(lpwzDosFullPath,lpwzHookModuleImage+wcslen(L"\\??\\"),wcslen(lpwzHookModuleImage)-wcslen(L"\\??\\")); goto Next; } if (wcsstr(lpwzHookModuleImage,L"\\WINDOWS\\system32\\")) { memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); wcscat(lpwzDosFullPath,lpwzSysDisk); wcscat(lpwzDosFullPath,lpwzHookModuleImage); //MessageBoxW(lpwzDosFullPath,lpwzFullSysName,0); goto Next; } if (wcsstr(lpwzHookModuleImage,L"\\SystemRoot\\")) { WCHAR lpwzTemp[256]; memset(lpwzTemp,0,sizeof(lpwzTemp)); memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); wcscat(lpwzTemp,lpwzSysDisk); wcscat(lpwzTemp,L"\\WINDOWS\\"); wcscat(lpwzDosFullPath,lpwzTemp); wcsncpy(lpwzDosFullPath+wcslen(lpwzTemp),lpwzHookModuleImage+wcslen(L"\\SystemRoot\\"),wcslen(lpwzHookModuleImage) - wcslen(L"\\SystemRoot\\")); goto Next; } Next: //这里是一键体检的数据,不需要插入界面了 if (bIsPhysicalCheck){ //如果没有hook,就返回 if (SSDTInfo->SSDT[i].IntHookType == 0){ continue; } WCHAR lpwzSaveBuffer[1024] ={0}; CHAR lpszSaveBuffer[2024] ={0}; memset(lpwzSaveBuffer,0,sizeof(lpwzSaveBuffer)); memset(lpszSaveBuffer,0,sizeof(lpszSaveBuffer)); wsprintfW(lpwzSaveBuffer,L" --> 发现Hook:ID:%ws | 当前地址:%ws | 原始地址:%ws | 函数名:%ws | 内核模块:%ws | Hook类型:%ws\r\n", lpwzNumber,lpwzMemoryFunctionBase,lpwzRealFunctionBase,lpwzFunction,lpwzDosFullPath,lpwzHookType); m_list->InsertItem(0,L"SSDT",RGB(77,77,77)); m_list->SetItemText(0,1,lpwzSaveBuffer); WideCharToMultiByte( CP_ACP, 0, lpwzSaveBuffer, -1, lpszSaveBuffer, wcslen(lpwzSaveBuffer)*2, NULL, NULL ); SaveToFile(lpszSaveBuffer,PhysicalFile); continue; } if (SSDTInfo->SSDT[i].IntHookType == 0) { m_list->InsertItem(i,lpwzNumber,RGB(77,77,77)); }else { m_list->InsertItem(i,lpwzNumber,RGB(255,20,147)); } m_list->SetItemText(i,1,lpwzMemoryFunctionBase); m_list->SetItemText(i,2,lpwzRealFunctionBase); m_list->SetItemText(i,3,lpwzFunction); m_list->SetItemText(i,4,lpwzDosFullPath); m_list->SetItemText(i,5,lpwzHookModuleBase); m_list->SetItemText(i,6,lpwzHookModuleSize); m_list->SetItemText(i,7,lpwzHookType); if(GetFileAttributes(lpwzDosFullPath)!=INVALID_FILE_ATTRIBUTES) { hImageList=(HIMAGELIST)::SHGetFileInfo(lpwzDosFullPath,0,&shfileinfo,sizeof(shfileinfo),SHGFI_ICON); SSDTImg.Add(shfileinfo.hIcon); }else SSDTImg.Add(imgApp->LoadIconW(IDI_WHITE)); m_list->SetImageList(&SSDTImg); m_list->SetItemImageId(i,i); DestroyIcon(shfileinfo.hIcon); } VirtualFree(SSDTInfo,sizeof(SSDTINFO)*810,MEM_RESERVE | MEM_COMMIT); } WCHAR lpwzTextOut[100]; memset(lpwzTextOut,0,sizeof(lpwzTextOut)); wsprintfW(lpwzTextOut,L"SSDT扫描完毕,共有 %d 个数据",i); SetDlgItemTextW(m_hWnd,ID,lpwzTextOut); }
VOID QueryProcessHandle(HWND m_hWnd,ULONG ID,CMyList *m_list) { /*argv[1]=L"QQ"; argv[2]=NULL;*/ setlocale(LC_ALL,"chs"); TCHAR privilege[17]=SE_DEBUG_NAME; HANDLE hprocess,hThread; hprocess=GetCurrentProcess(); if(!UpPrivilege(hprocess,privilege)) printf("%s","UpPrivilege failed \r\n"); PSYSTEM_HANDLE_INFORMATION pinfo={0}; GET_HANDLE_FILENAME pfn={0}; //TCHAR FileName[MAX_PATH]; ULONG ulSize,NumOfHandle; LPVOID tmp=NULL; int i = 0; char lpszNum[20] = {0}; WideCharToMultiByte (CP_OEMCP,NULL,lpwzNum,-1,lpszNum,wcslen(lpwzNum)*2,NULL,FALSE); ulPID = atoi(lpszNum); SetDlgItemTextW(m_hWnd,ID,L"正在扫描进程打开文件句柄,请稍后..."); if(LocateNtdllEntry()) { HANDLE hFile = CreateFile(_T("NUL"), GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, 0); pinfo=(PSYSTEM_HANDLE_INFORMATION)((ULONG)GetSystemHandleInformation(&NumOfHandle,&ulSize)+4); UCHAR TypeNumber=GetFileHandleType(hFile,pinfo,NumOfHandle); for (ULONG r = 0; r < NumOfHandle; r++,pinfo++) { WCHAR lpwzTextOut[100]; memset(lpwzTextOut,0,sizeof(lpwzTextOut)); wsprintfW(lpwzTextOut,L"共有 %d 个数据,正在扫描第 %d 个,请稍后...",NumOfHandle,r); SetDlgItemTextW(m_hWnd,ID,lpwzTextOut); if(pinfo->ObjectTypeNumber==TypeNumber) { pfn.FileHandle=DupHandle(pinfo->ProcessId,(HANDLE)pinfo->Handle); HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)GetHandleFileName, &pfn, 0, NULL); if (WaitForSingleObject(hThread, 100) == WAIT_TIMEOUT) TerminateThread(hThread, 0); else { DWORD pthread; GetExitCodeThread(hThread,&pthread); // if(wcsstr(pfn.FileName,argv[1])>0 && pthread) // // WCHAR lpwzDebug[260]; // wsprintfW(lpwzDebug,L"STR KEY: %d PID: %d OPEN PATH: %s OPEN HANDLE: 0x%X OBJECT:0x%08X\r\n",ulPID,pinfo->ProcessId,pfn.FileName,pinfo->Handle,pinfo->Object); // MessageBoxW(0,lpwzDebug,0,0); if (ulPID == pinfo->ProcessId) { WCHAR lpwzNumber[260] = {0}; WCHAR lpwzType[260] = {0}; WCHAR lpwzPath[260] = {0}; WCHAR lpwzHandle[260] = {0}; WCHAR lpwzObject[260] = {0}; memset(lpwzNumber,0,260); memset(lpwzType,0,260); memset(lpwzPath,0,260); memset(lpwzHandle,0,260); memset(lpwzObject,0,260); wsprintfW(lpwzNumber,L"%d",pinfo->ObjectTypeNumber); switch (pinfo->ObjectTypeNumber) { case 28: StrCatW(lpwzType,L"File"); break; } //wsprintfW(lpwzPath,L"%ws",pinfo->ObjectTypeNumber); // char lpszFile[260] = {0}; // // memset(lpszFile,0,sizeof(lpszFile)); // wsprintfA(lpszFile,"File --> %s",pfn.FileName); // WideCharToMultiByte (CP_OEMCP,NULL,lpwzPath,-1,lpszFile,wcslen(lpwzPath)*2,NULL,FALSE); // // OutputDebugStringW(pfn.FileName); // OutputDebugStringA(lpszFile); // OutputDebugStringW(lpwzPath); //pfn.FileName i++; wsprintfW(lpwzHandle,L"0x%08X",pinfo->Handle); wsprintfW(lpwzObject,L"0x%08X",pinfo->Object); m_list->InsertItem(0,lpwzNumber,RGB(77,77,77)); m_list->SetItemText(0,1,lpwzType); m_list->SetItemText(0,2,pfn.FileName); m_list->SetItemText(0,3,lpwzHandle); m_list->SetItemText(0,4,lpwzObject); } CloseHandle(hThread); } } } WCHAR lpwzTextOut[100]; memset(lpwzTextOut,0,sizeof(lpwzTextOut)); wsprintfW(lpwzTextOut,L"进程所打开文件句柄扫描完毕,共有 %d 个数据",i); SetDlgItemTextW(m_hWnd,ID,lpwzTextOut); } return; }
void QueryNsipHook(HWND m_hWnd,ULONG ID,CMyList *m_list) { DWORD dwReadByte; int ItemNum = m_list->GetItemCount(); int i=0; if (!IsWindows7()) { SetDlgItemTextW(m_hWnd,ID,L"不支持当前系统Nsiproxy的枚举..."); return; } SHFILEINFO shfileinfo; NsiproxyImg.Create(16,16, ILC_COLOR32, 2, 100); HIMAGELIST hImageList = NULL; SetDlgItemTextW(m_hWnd,ID,L"正在扫描Nsiproxy/Dispatch,请稍后..."); if (bIsPhysicalCheck){ SaveToFile("\r\n\r\n[---NSIPROXY.SYS---]\r\n",PhysicalFile); } if (NsiproxyDispatchBakUp) { VirtualFree(NsiproxyDispatchBakUp,sizeof(NSIPROXYDISPATCHBAKUP)*IRP_MJ_MAXIMUM_FUNCTION*2,MEM_RESERVE | MEM_COMMIT); NsiproxyDispatchBakUp = 0; } NsiproxyDispatchBakUp = (PNSIPROXYDISPATCHBAKUP)VirtualAlloc(0,sizeof(NSIPROXYDISPATCHBAKUP)*IRP_MJ_MAXIMUM_FUNCTION*2,MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); if (NsiproxyDispatchBakUp) { memset(NsiproxyDispatchBakUp,0,sizeof(NSIPROXYDISPATCHBAKUP)*IRP_MJ_MAXIMUM_FUNCTION*2); ReadFile((HANDLE)LIST_NSIPROXY_HOOK,NsiproxyDispatchBakUp,sizeof(NSIPROXYDISPATCHBAKUP)*IRP_MJ_MAXIMUM_FUNCTION*2,&dwReadByte,0); for (i=0;i< (int)NsiproxyDispatchBakUp->ulCount;i++) { WCHAR lpwzTextOut[100]; memset(lpwzTextOut,0,sizeof(lpwzTextOut)); wsprintfW(lpwzTextOut,L"共有 %d 个数据,正在扫描第 %d 个,请稍后...",NsiproxyDispatchBakUp->ulCount,i); SetDlgItemTextW(m_hWnd,ID,lpwzTextOut); WCHAR lpwzNumber[256] = {0}; WCHAR lpwzHookType[256] = {0}; WCHAR lpwzFunction[256] = {0}; WCHAR lpwzHookModuleImage[256] = {0}; WCHAR lpwzCurrentNtfsDispatch[256] = {0}; WCHAR lpwsNtfsDispatch[256] = {0}; WCHAR lpwzHookModuleBase[256] = {0}; WCHAR lpwzHookModuleSize[256] = {0}; memset(lpwzNumber,0,sizeof(lpwzNumber)); memset(lpwzHookType,0,sizeof(lpwzHookType)); memset(lpwzFunction,0,sizeof(lpwzFunction)); memset(lpwzHookModuleImage,0,sizeof(lpwzHookModuleImage)); memset(lpwzCurrentNtfsDispatch,0,sizeof(lpwzCurrentNtfsDispatch)); memset(lpwsNtfsDispatch,0,sizeof(lpwsNtfsDispatch)); memset(lpwzHookModuleBase,0,sizeof(lpwzHookModuleBase)); memset(lpwzHookModuleSize,0,sizeof(lpwzHookModuleSize)); switch (NsiproxyDispatchBakUp->NsiproxyDispatch[i].Hooked) { case 0: StrCatW(lpwzHookType,L"-"); break; case 1: StrCatW(lpwzHookType,L"nsiprroxy hook"); break; case 2: StrCatW(lpwzHookType,L"nsiprroxy Inline hook"); break; } wsprintfW(lpwzNumber,L"%d",NsiproxyDispatchBakUp->NsiproxyDispatch[i].ulNumber); //wsprintfW(lpwzHookModuleImage,L"%ws",NtfsDispatchBakUp->NtfsDispatch[i].lpszBaseModule); MultiByteToWideChar( CP_ACP, 0, NsiproxyDispatchBakUp->NsiproxyDispatch[i].lpszBaseModule, -1, lpwzHookModuleImage, strlen(NsiproxyDispatchBakUp->NsiproxyDispatch[i].lpszBaseModule) ); wsprintfW(lpwzFunction,L"%ws",NsiproxyDispatchBakUp->NsiproxyDispatch[i].lpwzNsiproxyDispatchName); wsprintfW(lpwzCurrentNtfsDispatch,L"0x%08X",NsiproxyDispatchBakUp->NsiproxyDispatch[i].ulCurrentNsiproxyDispatch); wsprintfW(lpwsNtfsDispatch,L"0x%08X",NsiproxyDispatchBakUp->NsiproxyDispatch[i].ulNsiproxyDispatch); wsprintfW(lpwzHookModuleBase,L"0x%X",NsiproxyDispatchBakUp->NsiproxyDispatch[i].ulModuleBase); wsprintfW(lpwzHookModuleSize,L"0x%X",NsiproxyDispatchBakUp->NsiproxyDispatch[i].ulModuleSize); WCHAR lpwzDosFullPath[256]; WCHAR lpwzWinDir[256]; WCHAR lpwzSysDisk[256]; memset(lpwzWinDir,0,sizeof(lpwzWinDir)); memset(lpwzSysDisk,0,sizeof(lpwzSysDisk)); memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); GetWindowsDirectoryW(lpwzWinDir,sizeof(lpwzWinDir)); memcpy(lpwzSysDisk,lpwzWinDir,4); if (wcsstr(lpwzHookModuleImage,L"\\??\\")) { //开始这种路径的处理 memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); wcsncpy(lpwzDosFullPath,lpwzHookModuleImage+wcslen(L"\\??\\"),wcslen(lpwzHookModuleImage)-wcslen(L"\\??\\")); goto Next; } if (wcsstr(lpwzHookModuleImage,L"\\WINDOWS\\system32\\")) { memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); wcscat(lpwzDosFullPath,lpwzSysDisk); wcscat(lpwzDosFullPath,lpwzHookModuleImage); //MessageBoxW(lpwzDosFullPath,lpwzFullSysName,0); goto Next; } if (wcsstr(lpwzHookModuleImage,L"\\SystemRoot\\")) { WCHAR lpwzTemp[256]; memset(lpwzTemp,0,sizeof(lpwzTemp)); memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); wcscat(lpwzTemp,lpwzSysDisk); wcscat(lpwzTemp,L"\\WINDOWS\\"); wcscat(lpwzDosFullPath,lpwzTemp); wcsncpy(lpwzDosFullPath+wcslen(lpwzTemp),lpwzHookModuleImage+wcslen(L"\\SystemRoot\\"),wcslen(lpwzHookModuleImage) - wcslen(L"\\SystemRoot\\")); goto Next; } //if (wcslen(lpwzHookModuleImage) == wcslen(lpwzHookModuleImage)) //{ memset(lpwzDosFullPath,0,sizeof(lpwzDosFullPath)); wcscat(lpwzDosFullPath,lpwzSysDisk); wcscat(lpwzDosFullPath,L"\\WINDOWS\\system32\\drivers\\"); wcscat(lpwzDosFullPath,lpwzHookModuleImage); goto Next; //} Next: //这里是一键体检的数据,不需要插入界面了 if (bIsPhysicalCheck){ //如果没有hook,就返回 if (NsiproxyDispatchBakUp->NsiproxyDispatch[i].Hooked == 0){ continue; } WCHAR lpwzSaveBuffer[1024] ={0}; CHAR lpszSaveBuffer[2024] ={0}; memset(lpwzSaveBuffer,0,sizeof(lpwzSaveBuffer)); memset(lpszSaveBuffer,0,sizeof(lpszSaveBuffer)); wsprintfW(lpwzSaveBuffer,L" --> 发现Hook:ID:%ws | 当前地址:%ws | 原始地址:%ws | 函数名:%ws | 内核模块:%ws | Hook类型:%ws\r\n", lpwzNumber,lpwzCurrentNtfsDispatch,lpwsNtfsDispatch,lpwzFunction,lpwzDosFullPath,lpwzHookType); m_list->InsertItem(0,L"NSIPROXY.SYS",RGB(77,77,77)); m_list->SetItemText(0,1,lpwzSaveBuffer); WideCharToMultiByte( CP_ACP, 0, lpwzSaveBuffer, -1, lpszSaveBuffer, wcslen(lpwzSaveBuffer)*2, NULL, NULL ); SaveToFile(lpszSaveBuffer,PhysicalFile); continue; } if (NsiproxyDispatchBakUp->NsiproxyDispatch[i].Hooked == 0) { m_list->InsertItem(i,lpwzNumber,RGB(77,77,77)); }else { m_list->InsertItem(i,lpwzNumber,RGB(255,20,147)); } m_list->SetItemText(i,1,lpwzFunction); m_list->SetItemText(i,2,lpwzCurrentNtfsDispatch); m_list->SetItemText(i,3,lpwsNtfsDispatch); m_list->SetItemText(i,4,lpwzDosFullPath); m_list->SetItemText(i,5,lpwzHookModuleBase); m_list->SetItemText(i,6,lpwzHookModuleSize); m_list->SetItemText(i,7,lpwzHookType); hImageList=(HIMAGELIST)::SHGetFileInfo(lpwzDosFullPath,0,&shfileinfo,sizeof(shfileinfo),SHGFI_ICON); NsiproxyImg.Add(shfileinfo.hIcon); m_list->SetImageList(&NsiproxyImg); m_list->SetItemImageId(i,i); DestroyIcon(shfileinfo.hIcon); } } WCHAR lpwzTextOut[100]; memset(lpwzTextOut,0,sizeof(lpwzTextOut)); wsprintfW(lpwzTextOut,L"Nsiproxy/Dispatch 扫描完毕,共有 %d 个数据",i); SetDlgItemTextW(m_hWnd,ID,lpwzTextOut); }