zoukankan
html css js c++ java
获取系统热键链表windbg脚本 GetHotkeys windbg script
$$ $$ ========================================================= $$ GET_HOTKEYS.TXT $$ $$ Displays all register hotkeys $$ $$ Compatibility: Win32 XP SP3. $$ $$ Example: $$><myscripts\GET_HOTKEYS.TXT $$ $$ ========================================================= $$ !dskheap; .printf "\n" .printf "+--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+\n" .printf "|No|ETHREAD |PWND |HotKey | (hex)ID| (dec)ID|phkNext |EPROCESS|(dec)PID| ImageFileName|\n" r $t0=1 r $t1=dwo( win32k!gphkFirst ) .printf "+--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+\n" .while( @$t1>0 ) { .printf "|%2d",@$t0; .printf "|%08X|",@$t1; $$ ETHREAD .printf "%08X|",dwo( @$t1+0n4 ); $$ PWND r $t2=low( dwo( @$t1+0n8 ) ); $$ Modif .if( @$t2&8 ){.printf "Win."} .else{.printf "...."} .if( @$t2&2 ){.printf "Ctrl."} .else{.printf "....."} .if( @$t2&1 ){.printf "Alt."} .else{.printf "...."} .if( @$t2&4 ){.printf "Shift."} .else{.printf "......"} .if( dwo( @$t1+0n12 )>=0n33 and dwo( @$t1+0n12 )<=0n122 ) {.if(dwo( @$t1+0n12 )==0n46){.printf "Del|"} .else{.printf "%-3c|",dwo( @$t1+0n12 )}} .else{ $$ VK; .if( dwo( @$t1+0n12 )==0n09 ) {.printf "Tab|"} .else{ .if( dwo( @$t1+0n12 )==0n27 ) {.printf "Esc|"} .else{ .if( dwo( @$t1+0n12 )==0n19 ) {.printf "Brk|"} .else{ .if( dwo( @$t1+0n12 )==0n123 ) {.printf "F12|"} .else{ .if( dwo( @$t1+0n12 )>=0n189 ) {.printf " |"} .else{ .if( dwo( @$t1+0n12 )==0n0 ) {.printf " |"} .else{ .printf " %3d|",dwo( @$t1+0n12 )}}}}}}} .printf "%8X|%8d|",dwo ( @$t1+0n16 ),dwo( @$t1+0n16 ); $$ HOTKEY_ID .printf "%08X|",dwo( @$t1+0n20 ); $$ phkNext .printf "%08X|",dwo( dwo( @$t1 ) )+0x220; $$ EPROCESS .printf "%8d|",poi( poi( dwo ( dwo( @$t1 ) )+0x220 )+0x84 ); $$ PID .printf "%16ma|\n",poi( dwo( dwo( @$t1 ) )+0x220 )+0x174; $$ ImageFileName r $t1=dwo( @$t1+0n20 ); r $t0=@$t0+1; } .printf "+--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+\n"
运行结果
lkd> $$><D:\!Prog\winDBG\script\GET_HOTKEYS.txt +--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+ |No|ETHREAD |PWND |HotKey | (hex)ID| (dec)ID|phkNext |EPROCESS|(dec)PID| ImageFileName| +--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+ | 1|E10C7400|BBE68848|....Ctrl.....Shift. | C01A| 49178|E138F188|85A86B50| 976| explorer.exe| | 2|E138F188|BBE68848|....Ctrl.Alt.......J | 3| 3|E147F918|85A86B50| 976| explorer.exe| | 3|E147F918|BBE68848|....Ctrl.Alt....... | 2| 2|E15B1198|85A86B50| 976| explorer.exe| | 4|E15B1198|BBE68848|....Ctrl.Alt.......D | 1| 1|E10BD648|85A86B50| 976| explorer.exe| | 5|E10BD648|BBE68848|....Ctrl.Alt.......I | 0| 0|E2AD95C8|85A86B50| 976| explorer.exe| | 6|E2AD95C8|BBE6A058|....Ctrl...........Esc| F130| 61744|E1A1FEE8|85A7B7C0| 976| explorer.exe| | 7|E1A1FEE8|BBE68848|Win................B | 1FF| 511|E27DC0C8|85A86B50| 976| explorer.exe| | 8|E27DC0C8|BBE68848|Win................D | 1FE| 510|E1165208|85A86B50| 976| explorer.exe| | 9|E1165208|BBE68848|Win................Brk| 1FD| 509|E10A32A0|85A86B50| 976| explorer.exe| |10|E10A32A0|BBE68848|Win..........Shift.Tab| 1FC| 508|E2B9A810|85A86B50| 976| explorer.exe| |11|E2B9A810|BBE68848|Win................Tab| 1FB| 507|E27DC0E8|85A86B50| 976| explorer.exe| |12|E27DC0E8|BBE68848|Win.Ctrl...........F | 1FA| 506|E1165228|85A86B50| 976| explorer.exe| |13|E1165228|BBE68848|Win................F | 1F9| 505|E1CE1698|85A86B50| 976| explorer.exe| |14|E1CE1698|BBE68848|Win................E | 1F8| 504|E10D3850|85A86B50| 976| explorer.exe| |15|E10D3850|BBE68848|Win................p | 1F7| 503|E1A726C8|85A86B50| 976| explorer.exe| |16|E1A726C8|BBE68848|Win..........Shift.M | 1F6| 502|E19D1638|85A86B50| 976| explorer.exe| |17|E19D1638|BBE68848|Win................M | 1F5| 501|E1CE16B8|85A86B50| 976| explorer.exe| |18|E1CE16B8|BBE68848|Win................R | 1F4| 500|E19BFA68|85A86B50| 976| explorer.exe| |19|E19BFA68|BBE326C0|Win................U | 6| 6|E1F483B0|86BF0668| 572| winlogon.exe| |20|E1F483B0|BBE326C0|Win................L | 5| 5|E19D4350|86BF0668| 572| winlogon.exe| |21|E19D4350|BBE326C0|....Ctrl.....Shift.Esc| 4| 4|E198B740|86BF0668| 572| winlogon.exe| |22|E198B740|BBE326C0|....Ctrl.Alt.......Del| 0| 0|E1CDCC18|86BF0668| 572| winlogon.exe| |23|E1CDCC18|00000001|.............Shift.F12|FFFFFFFA| -6|E19C4928|86BBFFC0| 548| csrss.exe| |24|E19C4928|00000001|...................F12|FFFFFFFB| -5|E19CE070|86BBFFC0| 548| csrss.exe| |25|E19CE070|00000001|Win................ |FFFFFFF9| -7|00000000|86BBFFC0| 548| csrss.exe| +--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+
下载脚本
GET_HOTKEYS_SCRIPT.rar
查看全文
相关阅读:
【图论】Tarjan 缩点
【高级数据结构】左偏树
【网络流·最大流】ISAP(Improved Shortest Augumenting Path)详解
linux 压缩和解压文件(.gz.bz2)
Python requests库
jmeter 压测之动态数据关联
Jmeter 之数据库测试
Jmeter 参数未编码异常:java.net.URISyntaxException: Illegal character in query at index 172
Fiddler 过滤地址设置
loadrunner 连接mysql数据库获取数据进行参数化
原文地址:https://www.cnblogs.com/nlsoft/p/3001157.html
最新文章
BZOJ 1528: [POI2005]sam-Toy Cars、BZOJ 1826: [JSOI2010]缓存交换
BZOJ 3531 : [Sdoi2014]旅行
BZOJ 2243: [SDOI2011]染色
BZOJ 1036: [ZJOI2008]树的统计Count
BZOJ 1577: [Usaco2009 Feb]庙会捷运Fair Shuttle
BZOJ 1578: [Usaco2009 Feb]Stock Market 股票市场
BZOJ 1579: [Usaco2009 Feb]Revamping Trails 道路升级
BZOJ 1571: [Usaco2009 Open]滑雪课Ski
BZOJ 1584: [Usaco2009 Mar]Cleaning Up 打扫卫生
BZOJ 1010: [HNOI2008]玩具装箱toy
热门文章
[BZOJ2946] [Poi2000]公共串解题报告|后缀数组
[BZOJ3098]Hash Killer II解题报告
[BZOJ3926] [ZJOI2015]诸神眷顾的幻想乡|后缀自动机
[codevs3160]最长公共子串解题报告|后缀自动机
Codeforces 542C
Codeforces Round #301 解题报告
[BZOJ1982][POJ1740][Spoj 2021]Moving Pebbles|解题报告
[POJ2068]Nim解题报告
[BZOJ3698]XWW的难题解题报告|上下界网络流|有源汇最大流
[ZOJ2341]Reactor Cooling解题报告|带上下界的网络流|无源汇的可行流
Copyright © 2011-2022 走看看