获取系统热键链表windbg脚本 GetHotkeys windbg script

$$ $$ ========================================================= $$ GET_HOTKEYS.TXT $$ $$ Displays all register hotkeys $$ $$ Compatibility: Win32 XP SP3. $$ $$ Example: $$><myscripts\GET_HOTKEYS.TXT $$ $$ ========================================================= $$ !dskheap; .printf "\n" .printf "+--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+\n" .printf "|No|ETHREAD |PWND |HotKey | (hex)ID| (dec)ID|phkNext |EPROCESS|(dec)PID| ImageFileName|\n" r $t0=1 r $t1=dwo( win32k!gphkFirst ) .printf "+--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+\n" .while( @$t1>0 ) { .printf "|%2d",@$t0; .printf "|%08X|",@$t1; $$ ETHREAD .printf "%08X|",dwo( @$t1+0n4 ); $$ PWND r $t2=low( dwo( @$t1+0n8 ) ); $$ Modif .if( @$t2&8 ){.printf "Win."} .else{.printf "...."} .if( @$t2&2 ){.printf "Ctrl."} .else{.printf "....."} .if( @$t2&1 ){.printf "Alt."} .else{.printf "...."} .if( @$t2&4 ){.printf "Shift."} .else{.printf "......"} .if( dwo( @$t1+0n12 )>=0n33 and dwo( @$t1+0n12 )<=0n122 ) {.if(dwo( @$t1+0n12 )==0n46){.printf "Del|"} .else{.printf "%-3c|",dwo( @$t1+0n12 )}} .else{ $$ VK; .if( dwo( @$t1+0n12 )==0n09 ) {.printf "Tab|"} .else{ .if( dwo( @$t1+0n12 )==0n27 ) {.printf "Esc|"} .else{ .if( dwo( @$t1+0n12 )==0n19 ) {.printf "Brk|"} .else{ .if( dwo( @$t1+0n12 )==0n123 ) {.printf "F12|"} .else{ .if( dwo( @$t1+0n12 )>=0n189 ) {.printf " |"} .else{ .if( dwo( @$t1+0n12 )==0n0 ) {.printf " |"} .else{ .printf " %3d|",dwo( @$t1+0n12 )}}}}}}} .printf "%8X|%8d|",dwo ( @$t1+0n16 ),dwo( @$t1+0n16 ); $$ HOTKEY_ID .printf "%08X|",dwo( @$t1+0n20 ); $$ phkNext .printf "%08X|",dwo( dwo( @$t1 ) )+0x220; $$ EPROCESS .printf "%8d|",poi( poi( dwo ( dwo( @$t1 ) )+0x220 )+0x84 ); $$ PID .printf "%16ma|\n",poi( dwo( dwo( @$t1 ) )+0x220 )+0x174; $$ ImageFileName r $t1=dwo( @$t1+0n20 ); r $t0=@$t0+1; } .printf "+--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+\n" 运行结果 lkd> $$><D:\!Prog\winDBG\script\GET_HOTKEYS.txt +--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+ |No|ETHREAD |PWND |HotKey | (hex)ID| (dec)ID|phkNext |EPROCESS|(dec)PID| ImageFileName| +--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+ | 1|E10C7400|BBE68848|....Ctrl.....Shift. | C01A| 49178|E138F188|85A86B50| 976| explorer.exe| | 2|E138F188|BBE68848|....Ctrl.Alt.......J | 3| 3|E147F918|85A86B50| 976| explorer.exe| | 3|E147F918|BBE68848|....Ctrl.Alt....... | 2| 2|E15B1198|85A86B50| 976| explorer.exe| | 4|E15B1198|BBE68848|....Ctrl.Alt.......D | 1| 1|E10BD648|85A86B50| 976| explorer.exe| | 5|E10BD648|BBE68848|....Ctrl.Alt.......I | 0| 0|E2AD95C8|85A86B50| 976| explorer.exe| | 6|E2AD95C8|BBE6A058|....Ctrl...........Esc| F130| 61744|E1A1FEE8|85A7B7C0| 976| explorer.exe| | 7|E1A1FEE8|BBE68848|Win................B | 1FF| 511|E27DC0C8|85A86B50| 976| explorer.exe| | 8|E27DC0C8|BBE68848|Win................D | 1FE| 510|E1165208|85A86B50| 976| explorer.exe| | 9|E1165208|BBE68848|Win................Brk| 1FD| 509|E10A32A0|85A86B50| 976| explorer.exe| |10|E10A32A0|BBE68848|Win..........Shift.Tab| 1FC| 508|E2B9A810|85A86B50| 976| explorer.exe| |11|E2B9A810|BBE68848|Win................Tab| 1FB| 507|E27DC0E8|85A86B50| 976| explorer.exe| |12|E27DC0E8|BBE68848|Win.Ctrl...........F | 1FA| 506|E1165228|85A86B50| 976| explorer.exe| |13|E1165228|BBE68848|Win................F | 1F9| 505|E1CE1698|85A86B50| 976| explorer.exe| |14|E1CE1698|BBE68848|Win................E | 1F8| 504|E10D3850|85A86B50| 976| explorer.exe| |15|E10D3850|BBE68848|Win................p | 1F7| 503|E1A726C8|85A86B50| 976| explorer.exe| |16|E1A726C8|BBE68848|Win..........Shift.M | 1F6| 502|E19D1638|85A86B50| 976| explorer.exe| |17|E19D1638|BBE68848|Win................M | 1F5| 501|E1CE16B8|85A86B50| 976| explorer.exe| |18|E1CE16B8|BBE68848|Win................R | 1F4| 500|E19BFA68|85A86B50| 976| explorer.exe| |19|E19BFA68|BBE326C0|Win................U | 6| 6|E1F483B0|86BF0668| 572| winlogon.exe| |20|E1F483B0|BBE326C0|Win................L | 5| 5|E19D4350|86BF0668| 572| winlogon.exe| |21|E19D4350|BBE326C0|....Ctrl.....Shift.Esc| 4| 4|E198B740|86BF0668| 572| winlogon.exe| |22|E198B740|BBE326C0|....Ctrl.Alt.......Del| 0| 0|E1CDCC18|86BF0668| 572| winlogon.exe| |23|E1CDCC18|00000001|.............Shift.F12|FFFFFFFA| -6|E19C4928|86BBFFC0| 548| csrss.exe| |24|E19C4928|00000001|...................F12|FFFFFFFB| -5|E19CE070|86BBFFC0| 548| csrss.exe| |25|E19CE070|00000001|Win................ |FFFFFFF9| -7|00000000|86BBFFC0| 548| csrss.exe| +--+--------+--------+----------------------+--------+--------+--------+--------+--------+----------------+
下载脚本   GET_HOTKEYS_SCRIPT.rar