a hex memory dump to screen PBWin

Chris Holbrook replied

6 Jul 2008, 03:48 PM

The JOY of HEX

The hexdump function is now in an INCLUDE file, and can be called either with an address, or with a register name to use that register to point to the data. So ESP will be found useful for examining the stack including local variables, and EBX, global and static storage.

Code:

'
' hexdump.inc
' dump data to screen in hex and character
'   in 256-byte chuncks
'   starting at a given address, or via a register (ESP or EBX, add more as required)
'
' Chris Holbrook 6 Jul 2008
'
'display first 256 from a memory address as a block of hex digits with a character map on the right
' param 1 is byte ptr to memory to view,
' param 2 is max number of bytes to view
' param 3 is a register name. If param 1 is zero then
' the register will be used to point to the data to be dumped to the screen.
' example of calling: 1) hexdump (byval varptr(x), 1024) 2) hexdump ( 0, 256, "ESP")
' return handle to dialog
'---------------------------------------------------------------------------
%idc_base_lab = 1004
%idc_ofs_lab  = 1005
%idc_cur_lab  = 1006
%idc_data_lab = 1001
%idc_prev_bn  = 1002
%idc_next_bn  = 1003
'---------------------------------------------------------------------------
CALLBACK FUNCTION hexdumpCB AS LONG
    LOCAL s AS STRING
    LOCAL count, i, j AS LONG
    STATIC ppage, pbase, q AS BYTE PTR
    STATIC startofchunk, maxlength AS LONG

    SELECT CASE CBMSG
        CASE %WM_INITDIALOG
            DIALOG GET USER CBHNDL, 0 TO pbase
            ppage = pbase
            DIALOG GET USER CBHNDL, 1 TO maxlength
            GOSUB display
        CASE %WM_COMMAND
            SELECT CASE CBCTL
                CASE %idc_prev_bn  ' prev
                    ppage = ppage - 256
                    GOSUB display
                CASE 1003  ' next
                    ppage = ppage + 256
                    GOSUB display
            END SELECT
    END SELECT
    EXIT FUNCTION

display:
    s = STRING$(80 * 16, $SPC)
    FOR i = 0 TO 15
        FOR j = 0 TO 15
            'IF (i * 16) + j + startofchunk > maxlength THEN ITERATE
            q = ppage + (i*16) + j
            MID$(s, (i * 80) + (j*3)+3, 2) = HEX$(@q,2)
            IF INSTR ( "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"" £$%^&*()_+{}[]:@~;'#,./<>?`¬",CHR$(@q)) <> 0 THEN
                MID$(s, (i * 80) + 52 + j, 1) = CHR$(@q)
            ELSE
                MID$(s, (i * 80) + 52 + j, 1) = "."
            END IF
        NEXT
        MID$(s, ((i) * 80)+1, 1) = HEX$(i)
        MID$(s, ((i+1) * 80) - 2, 2) = $CRLF
    NEXT
    s = "    0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F" + _
        $CRLF + STRING$(51,"-") + " " + STRING$(16,"-") + $CRLF + " " + s
    CONTROL SET TEXT CBHNDL, %idc_data_lab,  s
    IF ppage <= pbase THEN
        CONTROL DISABLE CBHNDL, %idc_prev_bn
    ELSE
        CONTROL ENABLE CBHNDL, %idc_prev_bn
    END IF
    IF ppage + 256 >= pbase + maxlength THEN
        CONTROL DISABLE CBHNDL, 1003
    ELSE
        CONTROL ENABLE CBHNDL, 1003
    END IF
    CONTROL SET TEXT CBHNDL, %idc_base_lab, "BASE ADDRESS: " + HEX$(pbase) + "(" + STR$(pbase) + ")"
    CONTROL SET TEXT CBHNDL, %idc_ofs_lab,  "MAX BYTES: " + HEX$(maxlength) + "(" + STR$(maxlength) + ")"
    CONTROL SET TEXT CBHNDL, %idc_cur_lab,  "PAGE OFFSET: " + HEX$(ppage - pbase) + "(" + STR$(ppage- pbase) + ")"
    RETURN

END FUNCTION
'-------------------------------------------------------------------------------
FUNCTION hexdump ( BYVAL pb AS BYTE PTR, n AS LONG, OPT reg AS STRING) AS DWORD
    LOCAL hdlg AS DWORD
    LOCAL hfont AS LONG

    DIALOG NEW 0, "hex memory dump", 0, 0, 390, 230, %WS_POPUP OR %WS_BORDER OR _
        %WS_DLGFRAME OR %WS_SYSMENU OR %WS_CLIPSIBLINGS OR %WS_VISIBLE OR %DS_MODALFRAME OR %DS_3DLOOK OR %DS_NOFAILCREATE OR _
        %DS_SETFONT, %WS_EX_CONTROLPARENT OR %WS_EX_LEFT OR %WS_EX_LTRREADING OR %WS_EX_RIGHTSCROLLBAR, TO hDlg
    CONTROL ADD LABEL, hdlg, %idc_data_lab, "",0, 20, 390, 180, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD LABEL, hdlg, %idc_base_lab, "Base:",5,5, 130, 15, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD LABEL, hdlg, %idc_ofs_lab, "Max Length:",145,5, 100,15, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD LABEL, hdlg, %idc_cur_lab, "Curent ofs:",255,5, 100,15, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD BUTTON, hdlg, %idc_prev_bn, "<", 5, 210, 10, 15, _
            %WS_CHILD OR %WS_VISIBLE OR %BS_PUSHBUTTON OR %BS_TEXT OR %BS_CENTER OR %BS_VCENTER
    CONTROL ADD BUTTON, hdlg, %idc_next_bn, ">", 25, 210, 10, 15, _
            %WS_CHILD OR %WS_VISIBLE OR %BS_PUSHBUTTON OR %BS_TEXT OR %BS_CENTER OR %BS_VCENTER
    IF pb = 0 THEN
        SELECT CASE reg
        CASE "EBX"
            !mov  pb, ebx
        CASE "ESP"
            !mov pb, esp
        END SELECT
    END IF
    DIALOG SET USER hdlg, 0, pb
    DIALOG SET USER hdlg, 1, n
    hfont = makefont ( "Courier New", 10)
    CONTROL SEND hDlg, 1001, %WM_SETFONT, hFont, 0
    DIALOG SHOW MODAL hdlg CALL hexdumpCB
    DeleteObject hFont
END FUNCTION

Just a minimal demo program from which you can extract the necessary functions. The function hexdumpcv takes 2 parameters, and address and a data length. Up pops a window with a hex dump and you can scroll next/prev. Crude but strangely compelling.

Code:

#COMPILE EXE
#DIM ALL
#INCLUDE "WIN32API.INC"
'------------------------------------------------------------------------------------
FUNCTION MakeFont(BYVAL fName AS STRING, BYVAL ptSize AS LONG, _
                  OPT BYVAL attr AS STRING) AS DWORD
   '--------------------------------------------------------------------
   ' Create a desired font and return its handle.
   ' attr = "biu" for bold, italic, and underlined (any order)
   '--------------------------------------------------------------------
   LOCAL hDC AS DWORD, CharSet AS LONG, CyPixels AS LONG
   LOCAL bold, italic, uLine AS LONG
   IF LEN(attr) THEN
      IF INSTR(LCASE$(attr), "b") THEN bold = %FW_BOLD
      IF INSTR(LCASE$(attr), "i") THEN italic = 1
      IF INSTR(LCASE$(attr), "u") THEN uLine = 1
   END IF
   hDC = GetDC(%HWND_DESKTOP)
   CyPixels  = GetDeviceCaps(hDC, %LOGPIXELSY)
   ReleaseDC %HWND_DESKTOP, hDC
   PtSize = 0 - (ptSize * CyPixels) \ 72
   FUNCTION = CreateFont(ptSize, 0, 0, 0, bold, italic, uLine, _
             %FALSE, CharSet, %OUT_TT_PRECIS, _
             %CLIP_DEFAULT_PRECIS, %DEFAULT_QUALITY, _
             %FF_DONTCARE , BYCOPY fName)
END FUNCTION

'-------------------------------------------------------------------------------
%idc_base_lab = 1004
%idc_ofs_lab  = 1005
%idc_cur_lab  = 1006
%idc_data_lab = 1001
%idc_prev_bn  = 1002
%idc_next_bn  = 1003
CALLBACK FUNCTION hexdumpCB AS LONG
    LOCAL s AS STRING
    LOCAL count, i, j AS LONG
    STATIC ppage, pbase, q AS BYTE PTR
    STATIC startofchunk, maxlength AS LONG

    SELECT CASE CBMSG
        CASE %WM_INITDIALOG
            DIALOG GET USER CBHNDL, 0 TO pbase
            ppage = pbase
            DIALOG GET USER CBHNDL, 1 TO maxlength
            GOSUB display
        CASE %WM_COMMAND
            SELECT CASE CBCTL
                CASE %idc_prev_bn  ' prev
                    ppage = ppage - 256
                    GOSUB display
                CASE 1003  ' next
                    ppage = ppage + 256
                    GOSUB display
            END SELECT
    END SELECT
    EXIT FUNCTION

display:
    s = STRING$(80 * 16, $SPC)
    FOR i = 0 TO 15
        FOR j = 0 TO 15
            'IF (i * 16) + j + startofchunk > maxlength THEN ITERATE
            q = ppage + (i*16) + j
            MID$(s, (i * 80) + (j*3)+3, 2) = HEX$(@q,2)
            IF INSTR ( "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!""£$%^&*()_+{}[]:@~;'#,./<>?`¬",CHR$(@q)) <> 0 THEN
                MID$(s, (i * 80) + 52 + j, 1) = CHR$(@q)
            ELSE
                MID$(s, (i * 80) + 52 + j, 1) = "."
            END IF
        NEXT
        MID$(s, ((i) * 80)+1, 1) = HEX$(i)
        MID$(s, ((i+1) * 80) - 2, 2) = $CRLF
    NEXT
    s = "    0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F" + _
        $CRLF + STRING$(51,"-") + " " + STRING$(16,"-") + $CRLF + " " + s
    CONTROL SET TEXT CBHNDL, %idc_data_lab,  s
    IF ppage <= pbase THEN
        CONTROL DISABLE CBHNDL, %idc_prev_bn
    ELSE
        CONTROL ENABLE CBHNDL, %idc_prev_bn
    END IF
    IF ppage + 256 >= pbase + maxlength THEN
        CONTROL DISABLE CBHNDL, 1003
    ELSE
        CONTROL ENABLE CBHNDL, 1003
    END IF
    CONTROL SET TEXT CBHNDL, %idc_base_lab, "BASE ADDRESS: " + HEX$(pbase) + "(" + STR$(pbase) + ")"
    CONTROL SET TEXT CBHNDL, %idc_ofs_lab,  "MAX BYTES: " + HEX$(maxlength) + "(" + STR$(maxlength) + ")"
    CONTROL SET TEXT CBHNDL, %idc_cur_lab,  "PAGE OFFSET: " + HEX$(ppage - pbase) + "(" + STR$(ppage- pbase) + ")"
    RETURN

END FUNCTION
'-------------------------------------------------------------------------------
'display first 255 from a memory address as a block of hex digits with a character map on the right
' param 1 is byte ptr to memory to view,
' param 2 is max number of bytes to view
' return handle to dialog
FUNCTION hexdump ( BYVAL pb AS BYTE PTR, n AS LONG) AS DWORD
    LOCAL hdlg AS DWORD
    LOCAL hfont AS LONG

    DIALOG NEW 0, "hex memory dump", 0, 0, 390, 230, %WS_POPUP OR %WS_BORDER OR _
        %WS_DLGFRAME OR %WS_SYSMENU OR %WS_CLIPSIBLINGS OR %WS_VISIBLE OR %DS_MODALFRAME OR %DS_3DLOOK OR %DS_NOFAILCREATE OR _
        %DS_SETFONT, %WS_EX_CONTROLPARENT OR %WS_EX_LEFT OR %WS_EX_LTRREADING OR %WS_EX_RIGHTSCROLLBAR, TO hDlg
    CONTROL ADD LABEL, hdlg, %idc_data_lab, "",0, 20, 390, 180, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD LABEL, hdlg, %idc_base_lab, "Base:",5,5, 130, 15, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD LABEL, hdlg, %idc_ofs_lab, "Max Length:",145,5, 100,15, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD LABEL, hdlg, %idc_cur_lab, "Curent ofs:",255,5, 100,15, %WS_CHILD OR %WS_VISIBLE OR %SS_NOWORDWRAP
    CONTROL ADD BUTTON, hdlg, %idc_prev_bn, "<", 5, 210, 10, 15, _
            %WS_CHILD OR %WS_VISIBLE OR %BS_PUSHBUTTON OR %BS_TEXT OR %BS_CENTER OR %BS_VCENTER
    CONTROL ADD BUTTON, hdlg, %idc_next_bn, ">", 25, 210, 10, 15, _
            %WS_CHILD OR %WS_VISIBLE OR %BS_PUSHBUTTON OR %BS_TEXT OR %BS_CENTER OR %BS_VCENTER
    DIALOG SET USER hdlg, 0, pb
    DIALOG SET USER hdlg, 1, n
    hfont = makefont ( "Courier New", 10)
    CONTROL SEND hDlg, 1001, %WM_SETFONT, hFont, 0
    DIALOG SHOW MODAL hdlg CALL hexdumpCB
    DeleteObject hFont
END FUNCTION

'---------------------------------------------------------------
FUNCTION PBMAIN()
    LOCAL s AS STRING
    LOCAL i AS LONG

    s = STRING$(1024,$SPC)
    FOR i = 1 TO 1024
        MID$(s,i,1) = CHR$(RND(0,255))
    NEXT
    hexdump( BYVAL STRPTR(s), LEN(s))
END FUNCTION

Tags: None

Previous template Next

Announcement

Forum Guidelines

a hex memory dump to screen PBWin

Leave a comment:

Leave a comment:

a hex memory dump to screen PBWin