#PDB浏览器相关更新

Medusa/DLLInject.h

@@ -6,7 +6,6 @@
 #include <TlHelp32.h>
 #include <Psapi.h>
 
-#include "Wow64Ext/wow64ext.h"
 
 
 class DLLInject

Medusa/Medusa.cpp

@@ -58,6 +58,8 @@ void Medusa::Set_SLOTS()
 	connect(&_TableView_Menu_HookCheck, SIGNAL(triggered(QAction*)), SLOT(ProcessRightMenu(QAction*)));//序殻報炎嘔囚暇汽
 	connect(&_TableView_Menu_Modules, SIGNAL(triggered(QAction*)), SLOT(ProcessRightMenu(QAction*)));//序殻報炎嘔囚暇汽
 	connect(&_TableView_Menu_Threads, SIGNAL(triggered(QAction*)), SLOT(ProcessRightMenu(QAction*)));//序殻報炎嘔囚暇汽
+	connect(&_TableView_Menu_KillProcess, SIGNAL(triggered(QAction*)), SLOT(ProcessRightMenu(QAction*)));//序殻報炎嘔囚暇汽
+	connect(&_TableView_Action_HideProcess, SIGNAL(triggered(bool)), SLOT(HideProcess(bool)));//序殻報炎嘔囚暇汽
 
 
 	connect(&_TableView_Menu_DriverClear, SIGNAL(triggered(QAction*)), SLOT(DriverRightMenu(QAction*)));
@@ -148,6 +150,8 @@ void Medusa::PdbMenu(QAction* action)
 		}
 		ui.progressBar->setValue(100);
 		ui.label->setText("downlode pdb susscess");
+		std::string pe_file_path = std::string(std::getenv("systemroot")) + "\\System32\\ntoskrnl.exe";
+		_PDBView.setWindowTitle(pe_file_path.data());
 		return;
 	}
 	if (action->text() == "Down&Load file")
@@ -399,6 +403,7 @@ void Medusa::DriverLoad(QAction* action)
 
 void Medusa::ProcessRightMenu(QAction* action)
 {
+	ULONG64 PID = ui.tableView->model()->index(ui.tableView->currentIndex().row(), 1).data().toULongLong();
 	if (action->text() == "R3CreateRemoteThread+LoadLibraryA" ||
 		action->text() == "R3APCInject" ||
 		action->text() == "R3MapInject" || 
@@ -408,37 +413,44 @@ void Medusa::ProcessRightMenu(QAction* action)
 		RightMenuDLLInject(action);
 		return;
 	}
-	if (action->text() == "QuickCheckALLProcess" || 
+	else if (action->text() == "QuickCheckALLProcess" || 
 		action->text() == "HookScanner" || 
 		action->text() == "HookScannerQuick" ||
 		action->text() == "HookScannerSimple(Y/N)")
 	{
 		RightMenuHookScanner(action);
 		return;
 	}
-	ULONG64 PID = ui.tableView->model()->index(ui.tableView->currentIndex().row(), 1).data().toULongLong();
-	if (action->text() == "R3ModulesView")
+	else if (action->text() == "R3ModulesView")
 	{
 		RightMenuR3ModulesView(PID);
 	}
-	if (action->text() == "R0ModulesView(second check)")
+	else if (action->text() == "R0ModulesView(second check)")
 	{
 		RightMenuR0ModulesView(PID);
 	}
-	if (action->text() == "R3ModuleScanner")
+	else if (action->text() == "R3ModuleScanner")
 	{
 		RightMenuR3ModuleScanner(PID);
 	}
-	if (action->text() == "R3ThreadView")
+	else if (action->text() == "R3ThreadView")
 	{
 		RightMenuR3ThreadsView(PID);
 	}
-	if (action->text() == "R0ThreadView(second check)")
+	else if (action->text() == "R3KillProcess")
+	{
+		HANDLE handle = OpenProcess(PROCESS_TERMINATE, FALSE, PID);
+		TerminateProcess(handle, 0);
+	}
+	else if (action->text() == "R0KillProcess")
 	{
-		RightMenuR0ThreadsView(PID);
 	}
 }
 
+void Medusa::HideProcess(bool)
+{
+}
+
 void Medusa::DriverRightMenu(QAction* action)
 {
 }

Medusa/Medusa.h

@@ -43,6 +43,7 @@ public slots:
 	void HypervisorMenu(QAction*);
 	void PdbMenu(QAction*);
 	void ProcessRightMenu(QAction*);
+	void HideProcess(bool);
 	void DriverRightMenu(QAction*);
 	void DriverRightMenuDumpToFILE(bool);
 	void DriverRightMenuDumpToMemory(bool);
@@ -100,6 +101,9 @@ public slots:
 
 	QAction _TableView_Action_HideProcess;
 
+	QMenu _TableView_Menu_KillProcess;
+	QAction _TableView_Action_KillProcess;
+
 	QAction _TableView_Action_HideDriver;
 
 	QMenu _TableView_Menu_DriverClear;
@@ -239,13 +243,19 @@ public slots:
 		_TableView_Menu_Threads.addAction("R3ThreadView");
 		_TableView_Menu_Threads.addAction("R0ThreadView(second check)");
 
+		_TableView_Action_KillProcess.setMenu(&_TableView_Menu_KillProcess);
+		_TableView_Menu_KillProcess.setTitle("KillProcess");
+		_TableView_Menu_KillProcess.addAction("R3KillProcess");
+		_TableView_Menu_KillProcess.addAction("R0KillProcess");
+
 		_TableView_Action_HideProcess.setText("HideProcess");
 
 		ui.tableView->addAction(&_TableView_Action_Inject);
 		ui.tableView->addAction(&_TableView_Action_HookCheck);
 		ui.tableView->addAction(&_TableView_Action_Modules);
 		ui.tableView->addAction(&_TableView_Action_Threads);
 		ui.tableView->addAction(&_TableView_Action_HideProcess);
+		ui.tableView->addAction(&_TableView_Action_KillProcess);
 	}
 	void DriverRightMenuUI()
 	{

Medusa/Medusa.vcxproj

@@ -159,6 +159,7 @@
     <ClCompile Include="PDBView.cc" />
     <ClCompile Include="Process.cc" />
     <ClCompile Include="StackWalk.cc" />
+    <ClCompile Include="SymParser.cpp" />
     <ClCompile Include="Threads.cc" />
     <QtRcc Include="Medusa.qrc" />
     <QtUic Include="HookScanner.ui" />
@@ -179,6 +180,7 @@
     <ClInclude Include="Driver_Load.h" />
     <ClInclude Include="EzPdb\EzPdb.h" />
     <ClInclude Include="FileCheck.h" />
+    <ClInclude Include="SymParser.h" />
     <QtMoc Include="StackWalk.h" />
     <QtMoc Include="Threads.h" />
     <QtMoc Include="HookScanner.h" />

Medusa/Medusa.vcxproj.filters

@@ -30,6 +30,9 @@
     <Filter Include="Header Files\EzPdb">
       <UniqueIdentifier>{d4e90fcb-fc70-4376-ae7e-85d9b11cc21b}</UniqueIdentifier>
     </Filter>
+    <Filter Include="Header Files\SymParser">
+      <UniqueIdentifier>{5b67ab99-f96e-4aab-8a2a-7991f6ccccb9}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <QtRcc Include="Medusa.qrc">
@@ -181,6 +184,9 @@
     <ClCompile Include="KernelCallBackScanner.cc">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="SymParser.cpp">
+      <Filter>Header Files\SymParser</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="Process.h">
@@ -228,6 +234,9 @@
     <ClInclude Include="KernelCallBackScanner.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="SymParser.h">
+      <Filter>Header Files\SymParser</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <None Include="SysCall.asm">