All,
When I run the code attached at the bottom of this
email, and terminate the window (via the Done button,
the red X button, or Exit()) I get the following
error:
C:\Perl\memory>perl -w memparse.pl
(in cleanup) Can't call method "DELETE" on an
undefined value at C:/Perl
/site/lib/Win32/GUI.pm line 3451 during global
destruction.
Thoughts?
Thanks,
Harlan
-----------------------------------------------------
#! c:\perl\bin\perl.exe
#---------------------------------------------------------------------
# memparse.pl
#
#---------------------------------------------------------------------
use strict;
use Win32;
use Win32::GUI qw(WS_CHILD WS_VISIBLE BS_DEFPUSHBUTTON
WS_SYSMENU WS_MINIMIZEBOX WS_THICKFRAME);
#---------------------------------------------------------------------
# Define some global variables
#---------------------------------------------------------------------
my $VERSION = "0\.01_20061108";
my $dumpfile = "";
my $saveprofile = "";
my $loadprofile = "";
my $menu = new Win32::GUI::Menu(
"&File" => "File",
" > &Open Dump File..." => "Open",
" > -" => 0,
" > &Load Profile..." => "Load",
" > &Save Profile..." => "Save",
" > -" => 0,
" > E&xit" => "Exit",
# " " => "",
"&Tools" => "Tools",
" > &Get OS" => "OS",
" > -" => 0,
" > View Process &Details" => "Details",
" > Dump Process &Memory" => "Memory",
" > Extract Process &Image" => "Image",
"&Help" => "Help",
" > &About" => "About",
);
my $mw = Win32::GUI::Window->new(
-text => "Memory Dump Parser",
-name => "MW",
# [ width, height]
-size => [ 600, 340 ],
-maxsize => [ 600, 340 ],
-pos => [ 200, 200 ],
-menu => $menu,
);
my $lv = $mw->AddListView(
-pos => [ 30, 20 ],
-size => [ 520, 200 ],
-pushstyle => WS_CHILD | WS_VISIBLE | 1,
-fullrowselect => 1,
-gridlines => 1,
-showselalways => 1,
-name => "ListView",
);
$lv->InsertColumn( -index => 0, -text => "PPID",
-width => 50);
$lv->InsertColumn( -index => 1, -subitem => 1, -text
=> "PID", -width => 50);
$lv->InsertColumn( -index => 2, -subitem => 1, -text
=> "Name", -width => 100);
$lv->InsertColumn( -index => 3, -subitem => 1, -text
=> "Exited", -width => 50);
$lv->InsertColumn( -index => 4, -subitem => 1, -text
=> "Offset", -width => 100);
$lv->InsertColumn( -index => 5, -subitem => 1, -text
=> "Creation Date", -width => 300);
my $btn = $mw->AddButton(
-text => "GO",
-name => "GO",
-addstyle => BS_DEFPUSHBUTTON,
-tabstop => 1,
-left => 410,
-top => 230,
-width => 50,
-height => 20,
);
my $btn2 = $mw->AddButton(
-text => "DONE",
-name => "DONE",
-addstyle => BS_DEFPUSHBUTTON,
-tabstop => 1,
-left => 490,
-top => 230,
-width => 50,
-height => 20,
);
my $status = $mw->AddStatusBar(
-name => "Status",
-text => "Memory Dump Parser: Ready",
);
$mw->Show;
Win32::GUI::Dialog();
exit(0);
sub GO_Click {
if ($dumpfile eq "") {
$status->Text("No dumpfile has been selected.");
}
elsif (! -e $dumpfile) {
$status->Text("The dumpfile could not be found.");
}
else {
# No more excuses, time to work
}
}
sub Open_Click {
my $ret = Win32::GUI::GetOpenFileName(
-title => "Open Dump File",
-file => "\0" . " " x 256,
-filter => [
"DMP Files (*.dmp)" => "*.dmp",
"VMEM Files (*.vmem)" => "*.vmem",
"DD Files (*.dd)" => "*.dd",
"IMG Files (*.img)" => "*.img",
"All files", "*.*",
],
);
if ($ret) {
$dumpfile = $ret;
$status->Text("Dump file = ".$dumpfile);
}
else {
$status->Text("No dump file selected.");
}
}
sub Load_Click {
my $ret = Win32::GUI::GetOpenFileName(
-title => "Load Profile",
-file => "\0" . " " x 256,
-filter => [
"PRF Files (*.prf)" => "*.prf",
"All files", "*.*",
],
);
$loadprofile = $ret;
$status->Text("Profile to load: $loadprofile");
}
sub Save_Click {
my $file = "";
my $file_spec = "*.prf\0" . " " x 256;
$file = Win32::GUI::GetOpenFileName(
-owner => $mw,
-directory => Win32::GetCwd(),
-title => "Save Profile...",
-file => $file_spec,
) || "";
if ($file eq undef || $file eq "") {
$status->Text("No file selected.");
}
else {
$saveprofile = $file."\.prf";
$status->Text("Saving profile to $saveprofile...");
}
}
sub Exit_Click {exit(-1);}
sub MW_Terminate{exit(-1);}
sub DONE_Click {exit(-1);}
sub Image_Click {
}
sub Memory_Click {
}
sub About_Click {
my $str = "Memory Dump Parser version $VERSION\n".
"by Harlan Carvey, [EMAIL PROTECTED]".
"\n".
"copyright 2006 H. Carvey\n";
my $ret = Win32::MsgBox($str,48+1,"About...");
}
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
