static void fill_process( struct snapshot* snap, ULONG* offset,
SYSTEM_PROCESS_INFORMATION* spi, ULONG num )
{
PROCESSENTRY32W* pcs_entry;
ULONG poff = 0;
SIZE_T l;
snap->process_count = num;
snap->process_pos = 0;
if (!num) return;
snap->process_offset = *offset;
pcs_entry = (PROCESSENTRY32W*)&snap->data[*offset];
do
{
spi = (SYSTEM_PROCESS_INFORMATION*)((char*)spi + poff);
pcs_entry->dwSize = sizeof(PROCESSENTRY32W);
pcs_entry->cntUsage = 0; /* MSDN says no longer used, always 0 */
pcs_entry->th32ProcessID = HandleToUlong(spi->UniqueProcessId);
pcs_entry->th32DefaultHeapID = 0; /* MSDN says no longer used, always 0 */
pcs_entry->th32ModuleID = 0; /* MSDN says no longer used, always 0 */
pcs_entry->cntThreads = spi->dwThreadCount;
pcs_entry->th32ParentProcessID = HandleToUlong(spi->ParentProcessId);
pcs_entry->pcPriClassBase = spi->dwBasePriority;
pcs_entry->dwFlags = 0; /* MSDN says no longer used, always 0 */
l = min(spi->ProcessName.Length, sizeof(pcs_entry->szExeFile) - sizeof(WCHAR));
memcpy(pcs_entry->szExeFile, spi->ProcessName.Buffer, l);
pcs_entry->szExeFile[l / sizeof(WCHAR)] = '\0';
pcs_entry++;
} while ((poff = spi->NextEntryOffset));
*offset += num * sizeof(PROCESSENTRY32W);
}
NTSTATUS
AllocW32Process(IN PEPROCESS Process,
OUT PPROCESSINFO* W32Process)
{
PPROCESSINFO ppiCurrent;
TRACE_CH(UserProcess, "In AllocW32Process(0x%p)\n", Process);
/* Check that we were not called with an already existing Win32 process info */
ppiCurrent = PsGetProcessWin32Process(Process);
if (ppiCurrent) return STATUS_SUCCESS;
/* Allocate a new Win32 process info */
ppiCurrent = ExAllocatePoolWithTag(NonPagedPool,
sizeof(*ppiCurrent),
USERTAG_PROCESSINFO);
if (ppiCurrent == NULL)
{
ERR_CH(UserProcess, "Failed to allocate ppi for PID:0x%lx\n",
HandleToUlong(Process->UniqueProcessId));
return STATUS_NO_MEMORY;
}
TRACE_CH(UserProcess, "Allocated ppi 0x%p for PID:0x%lx\n",
ppiCurrent, HandleToUlong(Process->UniqueProcessId));
RtlZeroMemory(ppiCurrent, sizeof(*ppiCurrent));
PsSetProcessWin32Process(Process, ppiCurrent, NULL);
IntReferenceProcessInfo(ppiCurrent);
*W32Process = ppiCurrent;
return STATUS_SUCCESS;
}
/*
* @implemented
*/
BOOL WINAPI
CloseWindow(HWND hWnd)
{
SendMessageA(hWnd, WM_SYSCOMMAND, SC_CLOSE, 0);
return HandleToUlong(hWnd);
}
static BOOLEAN NTAPI PhpHiddenProcessesCallback(
_In_ PPH_HIDDEN_PROCESS_ENTRY Process,
_In_opt_ PVOID Context
)
{
PPH_HIDDEN_PROCESS_ENTRY entry;
INT lvItemIndex;
WCHAR pidString[PH_INT32_STR_LEN_1];
entry = PhAllocateCopy(Process, sizeof(PH_HIDDEN_PROCESS_ENTRY));
if (entry->FileName)
PhReferenceObject(entry->FileName);
PhAddItemList(ProcessesList, entry);
lvItemIndex = PhAddListViewItem(PhHiddenProcessesListViewHandle, MAXINT,
PhGetStringOrDefault(entry->FileName, L"(unknown)"), entry);
PhPrintUInt32(pidString, HandleToUlong(entry->ProcessId));
PhSetListViewSubItem(PhHiddenProcessesListViewHandle, lvItemIndex, 1, pidString);
if (entry->Type == HiddenProcess)
NumberOfHiddenProcesses++;
else if (entry->Type == TerminatedProcess)
NumberOfTerminatedProcesses++;
return TRUE;
}
/***************************************************************************\
* HMValidateHandleNoSecure
*
* This routine validates a handle manager handle.
*
* 01-22-92 ScottLu Created.
\***************************************************************************/
PVOID FASTCALL HMValidateHandleNoSecure(
HANDLE h,
BYTE bType)
{
KERNEL_PVOID pobj = NULL;
PCLIENTINFO pci;
GET_CURRENT_CLIENTINFO();
#if !defined(_USERK_)
/*
* We don't want 32 bit apps passing 16 bit handles
* we should consider failing this before we get
* stuck supporting it (Some VB apps do this).
*/
if (pci && (h != NULL)
&& (HMUniqFromHandle(h) == 0)
&& !(pci->dwTIFlags & TIF_16BIT)) {
RIPMSG3(RIP_WARNING, "HMValidateHandle: 32bit process [%d] using 16 bit handle [%#p] bType:%#lx",
HandleToUlong(NtCurrentTeb()->ClientId.UniqueProcess), h, (DWORD)bType);
}
#endif
/*
* Object can't be located in shared memory.
*/
UserAssert(bType != TYPE_MONITOR);
/*
* Validation macro.
*/
ValidateHandleMacro(pci, pobj, h, bType);
return pobj;
}
VOID UpdateThreadClrData(
_In_ PTHREAD_TREE_CONTEXT Context,
_Inout_ PDN_THREAD_ITEM DnThread
)
{
if (!DnThread->ClrDataValid)
{
IXCLRDataProcess *process;
IXCLRDataTask *task;
IXCLRDataAppDomain *appDomain;
if (Context->Support)
process = Context->Support->DataProcess;
else
return;
if (SUCCEEDED(IXCLRDataProcess_GetTaskByOSThreadID(process, HandleToUlong(DnThread->ThreadItem->ThreadId), &task)))
{
if (SUCCEEDED(IXCLRDataTask_GetCurrentAppDomain(task, &appDomain)))
{
DnThread->AppDomainText = GetNameXClrDataAppDomain(appDomain);
IXCLRDataAppDomain_Release(appDomain);
}
IXCLRDataTask_Release(task);
}
DnThread->ClrDataValid = TRUE;
}
}
VOID CliGetPreloadKeyboardLayouts(FE_KEYBOARDS* pFeKbds)
{
UINT i;
WCHAR szPreLoadee[4]; // up to 999 preloads
WCHAR lpszName[KL_NAMELENGTH];
UNICODE_STRING UnicodeString;
HKL hkl;
for (i = 1; i < 1000; i++) {
wsprintf(szPreLoadee, L"%d", i);
if ((GetPrivateProfileStringW(
L"Preload",
szPreLoadee,
L"", // default = NULL
lpszName, // output buffer
KL_NAMELENGTH,
L"keyboardlayout.ini") == -1 ) || (*lpszName == L'\0')) {
break;
}
RtlInitUnicodeString(&UnicodeString, lpszName);
RtlUnicodeStringToInteger(&UnicodeString, 16L, (PULONG)&hkl);
RIPMSG2(RIP_VERBOSE, "PreLoaded HKL(%d): %08X\n", i, hkl);
//
// Set language flags. By its definition, LOWORD(hkl) is LANGID
//
SetFeKeyboardFlags(LOWORD(HandleToUlong(hkl)), pFeKbds);
}
}
PPH_STRING PhGetServiceNameFromTag(
_In_ HANDLE ProcessId,
_In_ PVOID ServiceTag
)
{
static PQUERY_TAG_INFORMATION I_QueryTagInformation = NULL;
PPH_STRING serviceName = NULL;
TAG_INFO_NAME_FROM_TAG nameFromTag;
if (!I_QueryTagInformation)
{
I_QueryTagInformation = PhGetModuleProcAddress(L"advapi32.dll", "I_QueryTagInformation");
if (!I_QueryTagInformation)
return NULL;
}
memset(&nameFromTag, 0, sizeof(TAG_INFO_NAME_FROM_TAG));
nameFromTag.InParams.dwPid = HandleToUlong(ProcessId);
nameFromTag.InParams.dwTag = PtrToUlong(ServiceTag);
I_QueryTagInformation(NULL, eTagInfoLevelNameFromTag, &nameFromTag);
if (nameFromTag.OutParams.pszName)
{
serviceName = PhCreateString(nameFromTag.OutParams.pszName);
LocalFree(nameFromTag.OutParams.pszName);
}
return serviceName;
}
PPH_SERVICE_ITEM PhCreateServiceItem(
_In_opt_ LPENUM_SERVICE_STATUS_PROCESS Information
)
{
PPH_SERVICE_ITEM serviceItem;
serviceItem = PhCreateObject(
PhEmGetObjectSize(EmServiceItemType, sizeof(PH_SERVICE_ITEM)),
PhServiceItemType
);
memset(serviceItem, 0, sizeof(PH_SERVICE_ITEM));
if (Information)
{
serviceItem->Name = PhCreateString(Information->lpServiceName);
serviceItem->Key = serviceItem->Name->sr;
serviceItem->DisplayName = PhCreateString(Information->lpDisplayName);
serviceItem->Type = Information->ServiceStatusProcess.dwServiceType;
serviceItem->State = Information->ServiceStatusProcess.dwCurrentState;
serviceItem->ControlsAccepted = Information->ServiceStatusProcess.dwControlsAccepted;
serviceItem->Flags = Information->ServiceStatusProcess.dwServiceFlags;
serviceItem->ProcessId = UlongToHandle(Information->ServiceStatusProcess.dwProcessId);
if (serviceItem->ProcessId)
PhPrintUInt32(serviceItem->ProcessIdString, HandleToUlong(serviceItem->ProcessId));
}
PhEmCallObjectOperation(EmServiceItemType, serviceItem, EmObjectCreate);
return serviceItem;
}
PPH_STRING WepGetWindowTitleForSelector(
_In_ PWE_WINDOW_SELECTOR Selector
)
{
switch (Selector->Type)
{
case WeWindowSelectorAll:
{
return PhCreateString(L"Windows - All");
}
break;
case WeWindowSelectorThread:
{
return PhFormatString(L"Windows - Thread %lu", HandleToUlong(Selector->Thread.ThreadId));
}
break;
case WeWindowSelectorProcess:
{
CLIENT_ID clientId;
clientId.UniqueProcess = Selector->Process.ProcessId;
clientId.UniqueThread = NULL;
return PhConcatStrings2(L"Windows - ", PH_AUTO_T(PH_STRING, PhGetClientIdName(&clientId))->Buffer);
}
break;
case WeWindowSelectorDesktop:
{
return PhFormatString(L"Windows - Desktop \"%s\"", Selector->Desktop.DesktopName->Buffer);
}
break;
default:
return PhCreateString(L"Windows");
}
}
PPH_PROCESS_PROPCONTEXT PhCreateProcessPropContext(
_In_ HWND ParentWindowHandle,
_In_ PPH_PROCESS_ITEM ProcessItem
)
{
static PH_INITONCE initOnce = PH_INITONCE_INIT;
PPH_PROCESS_PROPCONTEXT propContext;
PROPSHEETHEADER propSheetHeader;
if (PhBeginInitOnce(&initOnce))
{
PhpProcessPropContextType = PhCreateObjectType(L"ProcessPropContext", 0, PhpProcessPropContextDeleteProcedure);
PhpProcessPropPageContextType = PhCreateObjectType(L"ProcessPropPageContext", 0, PhpProcessPropPageContextDeleteProcedure);
PhEndInitOnce(&initOnce);
}
propContext = PhCreateObjectZero(sizeof(PH_PROCESS_PROPCONTEXT), PhpProcessPropContextType);
propContext->PropSheetPages = PhAllocateZero(sizeof(HPROPSHEETPAGE) * PH_PROCESS_PROPCONTEXT_MAXPAGES);
if (!PH_IS_FAKE_PROCESS_ID(ProcessItem->ProcessId))
{
propContext->Title = PhFormatString(
L"%s (%u)",
ProcessItem->ProcessName->Buffer,
HandleToUlong(ProcessItem->ProcessId)
);
}
else
{
PhSetReference(&propContext->Title, ProcessItem->ProcessName);
}
memset(&propSheetHeader, 0, sizeof(PROPSHEETHEADER));
propSheetHeader.dwSize = sizeof(PROPSHEETHEADER);
propSheetHeader.dwFlags =
PSH_MODELESS |
PSH_NOAPPLYNOW |
PSH_NOCONTEXTHELP |
PSH_PROPTITLE |
PSH_USECALLBACK |
PSH_USEHICON;
propSheetHeader.hInstance = PhInstanceHandle;
propSheetHeader.hwndParent = ParentWindowHandle;
propSheetHeader.hIcon = ProcessItem->SmallIcon;
propSheetHeader.pszCaption = propContext->Title->Buffer;
propSheetHeader.pfnCallback = PhpPropSheetProc;
propSheetHeader.nPages = 0;
propSheetHeader.nStartPage = 0;
propSheetHeader.phpage = propContext->PropSheetPages;
if (PhCsForceNoParent)
propSheetHeader.hwndParent = NULL;
memcpy(&propContext->PropSheetHeader, &propSheetHeader, sizeof(PROPSHEETHEADER));
PhSetReference(&propContext->ProcessItem, ProcessItem);
return propContext;
}
VOID
NTAPI
BaseSrvDisconnect(PCSR_PROCESS Process)
{
/* Cleanup the VDM console records */
BaseSrvCleanupVdmRecords(HandleToUlong(Process->ClientId.UniqueProcess));
}
ULONG
MPIU_ExGetPortValue(
MPIU_ExSetHandle_t Set
)
{
MPIU_Assert(IsValidSet(Set));
return HandleToUlong(Set);
}
ULONG NTAPI EtpDiskHashtableHashFunction(
_In_ PVOID Entry
)
{
PET_DISK_ITEM diskItem = *(PET_DISK_ITEM *)Entry;
return (HandleToUlong(diskItem->ProcessId) / 4) ^ PhHashStringRef(&diskItem->FileName->sr, TRUE);
}
VOID
NTAPI
DbgLogEvent(PSLIST_HEADER pslh, LOG_EVENT_TYPE nEventType, LPARAM lParam)
{
PLOGENTRY pLogEntry;
/* Log a maximum of 100 events */
if (QueryDepthSList(pslh) >= 1000) return;
/* Allocate a logentry */
pLogEntry = EngAllocMem(0, sizeof(LOGENTRY), 'golG');
if (!pLogEntry) return;
/* Set type */
pLogEntry->nEventType = nEventType;
pLogEntry->ulUnique = InterlockedIncrement((LONG*)&gulLogUnique);
pLogEntry->dwProcessId = HandleToUlong(PsGetCurrentProcessId());
pLogEntry->dwThreadId = HandleToUlong(PsGetCurrentThreadId());
pLogEntry->lParam = lParam;
/* Capture a backtrace */
DbgCaptureStackBackTace(pLogEntry->apvBackTrace, 20);
switch (nEventType)
{
case EVENT_ALLOCATE:
case EVENT_CREATE_HANDLE:
case EVENT_REFERENCE:
case EVENT_DEREFERENCE:
case EVENT_LOCK:
case EVENT_UNLOCK:
case EVENT_DELETE:
case EVENT_FREE:
case EVENT_SET_OWNER:
default:
break;
}
/* Push it on the list */
InterlockedPushEntrySList(pslh, &pLogEntry->sleLink);
}
static NTSTATUS PhpGetThreadCycleTime(
_In_ PPH_THREAD_PROVIDER ThreadProvider,
_In_ PPH_THREAD_ITEM ThreadItem,
_Out_ PULONG64 CycleTime
)
{
if (ThreadProvider->ProcessId != SYSTEM_IDLE_PROCESS_ID)
{
return PhGetThreadCycleTime(ThreadItem->ThreadHandle, CycleTime);
}
else
{
if (HandleToUlong(ThreadItem->ThreadId) < (ULONG)PhSystemBasicInformation.NumberOfProcessors)
{
*CycleTime = PhCpuIdleCycleTime[HandleToUlong(ThreadItem->ThreadId)].QuadPart;
return STATUS_SUCCESS;
}
}
return STATUS_INVALID_PARAMETER;
}
DECL_EXTERN_API(HANDLE, ObjectTranslateHandle, CONST IN HANDLE Handle)
{
PRTL_USER_PROCESS_PARAMETERS Ppb = NtCurrentPeb()->ProcessParameters;
switch (HandleToUlong(Handle))
{
case STD_INPUT_HANDLE: return Ppb->StandardInput;
case STD_OUTPUT_HANDLE: return Ppb->StandardOutput;
case STD_ERROR_HANDLE: return Ppb->StandardError;
}
return Handle;
}
LRESULT
CMainFrame::OnDDETerminate(UINT /*uMsg*/, WPARAM wParam, LPARAM /*lParam*/)
{
HWND hWndSender = HWND(wParam);
ATLTRACE("OnDDETerminate: HWND=%x\n", hWndSender);
ATLVERIFY(
::PostMessage(
hWndSender,
WM_DDE_TERMINATE,
HandleToUlong(m_hWnd),
0));
return TRUE;
}
PVOID FASTCALL HMValidateSharedHandle(
HANDLE h,
BYTE bType)
{
DWORD dwError;
KERNEL_PVOID pobj = NULL;
#if DBG != 0 && !defined(_USERK_)
/*
* We don't want 32 bit apps passing 16 bit handles
* we should consider failing this before we get
* stuck supporting it (Some VB apps do this).
*/
if ((h != NULL)
&& (HMUniqFromHandle(h) == 0)
&& !(GetClientInfo()->dwTIFlags & TIF_16BIT)) {
RIPMSG3(RIP_WARNING, "HMValidateHandle: 32bit process [%d] using 16 bit handle [%#p] bType:%#lx",
HandleToUlong(NtCurrentTeb()->ClientId.UniqueProcess), h, (DWORD)bType);
}
#endif
/*
* Validation macro. Falls through if the handle is invalid.
*/
ValidateSharedHandleMacro(pobj, h, bType);
if (pobj != NULL)
return pobj;
switch (bType) {
case TYPE_MONITOR:
dwError = ERROR_INVALID_MONITOR_HANDLE;
break;
default:
UserAssertMsg0(0, "Logic error in HMValidateSharedHandle");
break;
}
RIPERR2(dwError,
RIP_WARNING,
"HMValidateSharedHandle: Invalid:%#p Type:%#lx",
h, (DWORD)bType);
/*
* If we get here, it's an error.
*/
return NULL;
}
BOOL xxxPaintRect(
PWND pwndBrush,
PWND pwndPaint,
HDC hdc,
HBRUSH hbr,
LPRECT lprc)
{
POINT ptOrg;
CheckLock(pwndBrush);
CheckLock(pwndPaint);
if (pwndBrush == NULL) {
pwndBrush = PtiCurrent()->rpdesk->pDeskInfo->spwnd;
}
if (pwndBrush == PWNDDESKTOP(pwndBrush)) {
GreSetBrushOrg(
hdc,
0,
0,
&ptOrg);
} else {
GreSetBrushOrg(
hdc,
pwndBrush->rcClient.left - pwndPaint->rcClient.left,
pwndBrush->rcClient.top - pwndPaint->rcClient.top,
&ptOrg);
}
/*
* If hbr < CTLCOLOR_MAX, it isn't really a brush but is one of our
* special color values. Translate it to the appropriate WM_CTLCOLOR
* message and send it off to get back a real brush. The translation
* process assumes the CTLCOLOR*** and WM_CTLCOLOR*** values map directly.
*/
if (hbr < (HBRUSH)CTLCOLOR_MAX) {
hbr = xxxGetControlColor(pwndBrush,
pwndPaint,
hdc,
HandleToUlong(hbr) + WM_CTLCOLORMSGBOX);
}
FillRect(hdc, lprc, hbr);
GreSetBrushOrg(hdc, ptOrg.x, ptOrg.y, NULL);
return TRUE;
}
static void fill_thread( struct snapshot* snap, ULONG* offset, LPVOID info, ULONG num )
{
THREADENTRY32* thd_entry;
SYSTEM_PROCESS_INFORMATION* spi;
SYSTEM_THREAD_INFORMATION* sti;
ULONG i, poff = 0;
snap->thread_count = num;
snap->thread_pos = 0;
if (!num) return;
snap->thread_offset = *offset;
thd_entry = (THREADENTRY32*)&snap->data[*offset];
spi = (SYSTEM_PROCESS_INFORMATION*)info;
do
{
spi = (SYSTEM_PROCESS_INFORMATION*)((char*)spi + poff);
sti = &spi->ti[0];
for (i = 0; i < spi->dwThreadCount; i++)
{
thd_entry->dwSize = sizeof(THREADENTRY32);
thd_entry->cntUsage = 0; /* MSDN says no longer used, always 0 */
thd_entry->th32ThreadID = HandleToUlong(sti->ClientId.UniqueThread);
thd_entry->th32OwnerProcessID = HandleToUlong(sti->ClientId.UniqueProcess);
thd_entry->tpBasePri = sti->dwBasePriority;
thd_entry->tpDeltaPri = 0; /* MSDN says no longer used, always 0 */
thd_entry->dwFlags = 0; /* MSDN says no longer used, always 0" */
sti++;
thd_entry++;
}
} while ((poff = spi->NextEntryOffset));
*offset += num * sizeof(THREADENTRY32);
}
/******************************************************************
* fetch_process_info
*
* reads system wide process information, and gather from it the threads information
* for process of id 'pid'
*/
static BOOL fetch_process_info(struct dump_context* dc)
{
ULONG buf_size = 0x1000;
NTSTATUS nts;
void* pcs_buffer = NULL;
if (!(pcs_buffer = HeapAlloc(GetProcessHeap(), 0, buf_size))) return FALSE;
for (;;)
{
nts = NtQuerySystemInformation(SystemProcessInformation,
pcs_buffer, buf_size, NULL);
if (nts != STATUS_INFO_LENGTH_MISMATCH) break;
pcs_buffer = HeapReAlloc(GetProcessHeap(), 0, pcs_buffer, buf_size *= 2);
if (!pcs_buffer) return FALSE;
}
if (nts == STATUS_SUCCESS)
{
SYSTEM_PROCESS_INFORMATION* spi = pcs_buffer;
unsigned i;
for (;;)
{
if (HandleToUlong(spi->UniqueProcessId) == dc->pid)
{
dc->num_threads = spi->dwThreadCount;
dc->threads = HeapAlloc(GetProcessHeap(), 0,
dc->num_threads * sizeof(dc->threads[0]));
if (!dc->threads) goto failed;
for (i = 0; i < dc->num_threads; i++)
{
dc->threads[i].tid = HandleToULong(spi->ti[i].ClientId.UniqueThread);
dc->threads[i].prio_class = spi->ti[i].dwBasePriority; /* FIXME */
dc->threads[i].curr_prio = spi->ti[i].dwCurrentPriority;
}
HeapFree(GetProcessHeap(), 0, pcs_buffer);
return TRUE;
}
if (!spi->NextEntryOffset) break;
spi = (SYSTEM_PROCESS_INFORMATION*)((char*)spi + spi->NextEntryOffset);
}
}
failed:
HeapFree(GetProcessHeap(), 0, pcs_buffer);
return FALSE;
}
PPH_THREAD_ITEM PhCreateThreadItem(
_In_ HANDLE ThreadId
)
{
PPH_THREAD_ITEM threadItem;
threadItem = PhCreateObject(
PhEmGetObjectSize(EmThreadItemType, sizeof(PH_THREAD_ITEM)),
PhThreadItemType
);
memset(threadItem, 0, sizeof(PH_THREAD_ITEM));
threadItem->ThreadId = ThreadId;
PhPrintUInt32(threadItem->ThreadIdString, HandleToUlong(ThreadId));
PhEmCallObjectOperation(EmThreadItemType, threadItem, EmObjectCreate);
return threadItem;
}
PPH_STRING PhSipGetMaxCpuString(
_In_ LONG Index
)
{
PPH_PROCESS_RECORD maxProcessRecord;
#ifdef PH_RECORD_MAX_USAGE
FLOAT maxCpuUsage;
#endif
PPH_STRING maxUsageString = NULL;
if (maxProcessRecord = PhSipReferenceMaxCpuRecord(Index))
{
// We found the process record, so now we construct the max. usage string.
#ifdef PH_RECORD_MAX_USAGE
maxCpuUsage = PhGetItemCircularBuffer_FLOAT(&PhMaxCpuUsageHistory, Index);
// Make sure we don't try to display the PID of DPCs or Interrupts.
if (!PH_IS_FAKE_PROCESS_ID(maxProcessRecord->ProcessId))
{
maxUsageString = PhaFormatString(
L"\n%s (%u): %.2f%%",
maxProcessRecord->ProcessName->Buffer,
HandleToUlong(maxProcessRecord->ProcessId),
maxCpuUsage * 100
);
}
else
{
maxUsageString = PhaFormatString(
L"\n%s: %.2f%%",
maxProcessRecord->ProcessName->Buffer,
maxCpuUsage * 100
);
}
#else
maxUsageString = PhaConcatStrings2(L"\n", maxProcessRecord->ProcessName->Buffer);
#endif
PhDereferenceProcessRecord(maxProcessRecord);
}
return maxUsageString;
}
LRESULT
CMainFrame::OnDDEInitiate(UINT /*uMsg*/, WPARAM wParam, LPARAM lParam)
{
HWND hWndSender = HWND(wParam);
const ATOM atAppName = ::GlobalAddAtom(ndasmgmt::NDASMGMT_ATOM_DDE_APP);
const ATOM atTopic = ::GlobalAddAtom(ndasmgmt::NDASMGMT_ATOM_DDE_DEFAULT_TOPIC);
ATLASSERT(atAppName);
ATLASSERT(atTopic);
UINT_PTR atSenderApp;
UINT_PTR atSenderTopic;
ATLVERIFY(::UnpackDDElParam(WM_DDE_INITIATE, lParam, &atSenderApp, &atSenderTopic));
ATLTRACE("OnDDEInitiate: HWND=%x, atSenderAppName=%x, atSenderTopic=%x"
" atAppName=%x, atTopic=%x\n",
hWndSender, atSenderApp, atSenderTopic,
atAppName, atTopic);
if ((atAppName == atSenderApp || 0 == atSenderApp) &&
(atTopic == atSenderTopic || 0 == atTopic))
{
ATLTRACE("Registered DDE operation\n");
ATLVERIFY(
::SendMessage(
hWndSender,
WM_DDE_ACK,
WPARAM(HandleToUlong(m_hWnd)),
::PackDDElParam(WM_DDE_ACK, atAppName, atTopic)));
}
else
{
ATLTRACE("Non-registered DDE operation\n");
}
::GlobalDeleteAtom(atAppName);
::GlobalDeleteAtom(atTopic);
return TRUE;
}
// copied from ProcessHacker\netlist.c..
static PPH_STRING PhpNetworkTreeGetNetworkItemProcessName(
_In_ PPH_NETWORK_ITEM NetworkItem
)
{
PH_FORMAT format[4];
if (!NetworkItem->ProcessId)
return PhaCreateString(L"Waiting connections");
PhInitFormatS(&format[1], L" (");
PhInitFormatU(&format[2], HandleToUlong(NetworkItem->ProcessId));
PhInitFormatC(&format[3], ')');
if (NetworkItem->ProcessName)
PhInitFormatSR(&format[0], NetworkItem->ProcessName->sr);
else
PhInitFormatS(&format[0], L"Unknown process");
return PH_AUTO(PhFormat(format, 4, 96));
}
static PPH_STRING PhSipGetMaxIoString(
_In_ LONG Index
)
{
PPH_PROCESS_RECORD maxProcessRecord;
ULONG64 maxIoReadOther;
ULONG64 maxIoWrite;
PPH_STRING maxUsageString = NULL;
if (maxProcessRecord = PhSipReferenceMaxIoRecord(Index))
{
// We found the process record, so now we construct the max. usage string.
maxIoReadOther = PhGetItemCircularBuffer_ULONG64(SystemStatistics.MaxIoReadOtherHistory, Index);
maxIoWrite = PhGetItemCircularBuffer_ULONG64(SystemStatistics.MaxIoWriteHistory, Index);
if (!PH_IS_FAKE_PROCESS_ID(maxProcessRecord->ProcessId))
{
maxUsageString = PhaFormatString(
L"\n%s (%u): R+O: %s, W: %s",
maxProcessRecord->ProcessName->Buffer,
HandleToUlong(maxProcessRecord->ProcessId),
PhaFormatSize(maxIoReadOther, -1)->Buffer,
PhaFormatSize(maxIoWrite, -1)->Buffer
);
}
else
{
maxUsageString = PhaFormatString(
L"\n%s: R+O: %s, W: %s",
maxProcessRecord->ProcessName->Buffer,
PhaFormatSize(maxIoReadOther, -1)->Buffer,
PhaFormatSize(maxIoWrite, -1)->Buffer
);
}
PhDereferenceProcessRecord(maxProcessRecord);
}
return maxUsageString;
}
PPH_STRING EtpGetMaxNodeString(
_In_ LONG Index
)
{
PPH_PROCESS_RECORD maxProcessRecord;
FLOAT maxGpuUsage;
PPH_STRING maxUsageString = NULL;
if (maxProcessRecord = EtpReferenceMaxNodeRecord(Index))
{
maxGpuUsage = PhGetItemCircularBuffer_FLOAT(&EtMaxGpuNodeUsageHistory, Index);
maxUsageString = PhaFormatString(
L"\n%s (%lu): %.2f%%",
maxProcessRecord->ProcessName->Buffer,
HandleToUlong(maxProcessRecord->ProcessId),
maxGpuUsage * 100
);
PhDereferenceProcessRecord(maxProcessRecord);
}
return maxUsageString;
}
VOID StatusBarUpdate(
_In_ BOOLEAN ResetMaxWidths
)
{
static ULONG64 lastTickCount = 0;
ULONG count;
ULONG i;
HDC hdc;
BOOLEAN resetMaxWidths = FALSE;
PPH_STRING text[MAX_STATUSBAR_ITEMS];
ULONG widths[MAX_STATUSBAR_ITEMS];
if (ProcessesUpdatedCount < 2)
return;
if (ResetMaxWidths)
resetMaxWidths = TRUE;
if (!StatusBarItemList || StatusBarItemList->Count == 0)
{
// The status bar doesn't cope well with 0 parts.
widths[0] = -1;
SendMessage(StatusBarHandle, SB_SETPARTS, 1, (LPARAM)widths);
SendMessage(StatusBarHandle, SB_SETTEXT, 0, (LPARAM)L"");
return;
}
hdc = GetDC(StatusBarHandle);
SelectObject(hdc, (HFONT)SendMessage(StatusBarHandle, WM_GETFONT, 0, 0));
// Reset max. widths for Max. CPU Process and Max. I/O Process parts once in a while.
{
LARGE_INTEGER tickCount;
PhQuerySystemTime(&tickCount);
if (tickCount.QuadPart - lastTickCount >= 10 * PH_TICKS_PER_SEC)
{
resetMaxWidths = TRUE;
lastTickCount = tickCount.QuadPart;
}
}
count = 0;
for (i = 0; i < StatusBarItemList->Count; i++)
{
SIZE size;
ULONG width;
PSTATUSBAR_ITEM statusItem;
statusItem = StatusBarItemList->Items[i];
switch (statusItem->Id)
{
case ID_STATUS_CPUUSAGE:
{
text[count] = PhFormatString(
L"CPU Usage: %.2f%%",
(SystemStatistics.CpuKernelUsage + SystemStatistics.CpuUserUsage) * 100
);
}
break;
case ID_STATUS_COMMITCHARGE:
{
ULONG commitUsage = SystemStatistics.Performance->CommittedPages;
FLOAT commitFraction = (FLOAT)commitUsage / SystemStatistics.Performance->CommitLimit * 100;
text[count] = PhFormatString(
L"Commit Charge: %s (%.2f%%)",
PhaFormatSize(UInt32x32To64(commitUsage, PAGE_SIZE), -1)->Buffer,
commitFraction
);
}
break;
case ID_STATUS_PHYSICALMEMORY:
{
ULONG physicalUsage = PhSystemBasicInformation.NumberOfPhysicalPages - SystemStatistics.Performance->AvailablePages;
FLOAT physicalFraction = (FLOAT)physicalUsage / PhSystemBasicInformation.NumberOfPhysicalPages * 100;
text[count] = PhFormatString(
L"Physical Memory: %s (%.2f%%)",
PhaFormatSize(UInt32x32To64(physicalUsage, PAGE_SIZE), -1)->Buffer,
physicalFraction
);
}
break;
case ID_STATUS_FREEMEMORY:
{
ULONG physicalFree = SystemStatistics.Performance->AvailablePages;
FLOAT physicalFreeFraction = (FLOAT)physicalFree / PhSystemBasicInformation.NumberOfPhysicalPages * 100;
text[count] = PhFormatString(
L"Free Memory: %s (%.2f%%)",
PhaFormatSize(UInt32x32To64(physicalFree, PAGE_SIZE), -1)->Buffer,
physicalFreeFraction
);
}
break;
case ID_STATUS_NUMBEROFPROCESSES:
{
text[count] = PhConcatStrings2(
L"Processes: ",
PhaFormatUInt64(SystemStatistics.NumberOfProcesses, TRUE)->Buffer
);
}
break;
case ID_STATUS_NUMBEROFTHREADS:
{
text[count] = PhConcatStrings2(
L"Threads: ",
PhaFormatUInt64(SystemStatistics.NumberOfThreads, TRUE)->Buffer
);
}
break;
case ID_STATUS_NUMBEROFHANDLES:
{
text[count] = PhConcatStrings2(
L"Handles: ",
PhaFormatUInt64(SystemStatistics.NumberOfHandles, TRUE)->Buffer
);
}
break;
case ID_STATUS_IO_RO:
{
text[count] = PhConcatStrings2(
L"I/O R+O: ",
PhaFormatSize(SystemStatistics.IoReadDelta.Delta + SystemStatistics.IoOtherDelta.Delta, -1)->Buffer
);
}
break;
case ID_STATUS_IO_W:
{
text[count] = PhConcatStrings2(
L"I/O W: ",
PhaFormatSize(SystemStatistics.IoWriteDelta.Delta, -1)->Buffer
);
}
break;
case ID_STATUS_MAX_CPU_PROCESS:
{
PPH_PROCESS_ITEM processItem;
if (SystemStatistics.MaxCpuProcessId && (processItem = PhReferenceProcessItem(SystemStatistics.MaxCpuProcessId)))
{
if (!PH_IS_FAKE_PROCESS_ID(processItem->ProcessId))
{
text[count] = PhFormatString(
L"%s (%lu): %.2f%%",
processItem->ProcessName->Buffer,
HandleToUlong(processItem->ProcessId),
processItem->CpuUsage * 100
);
}
else
{
text[count] = PhFormatString(
L"%s: %.2f%%",
processItem->ProcessName->Buffer,
processItem->CpuUsage * 100
);
}
PhDereferenceObject(processItem);
}
else
{
text[count] = PhCreateString(L"-");
}
}
break;
case ID_STATUS_MAX_IO_PROCESS:
{
PPH_PROCESS_ITEM processItem;
if (SystemStatistics.MaxIoProcessId && (processItem = PhReferenceProcessItem(SystemStatistics.MaxIoProcessId)))
{
if (!PH_IS_FAKE_PROCESS_ID(processItem->ProcessId))
{
text[count] = PhFormatString(
L"%s (%lu): %s",
processItem->ProcessName->Buffer,
HandleToUlong(processItem->ProcessId),
PhaFormatSize(processItem->IoReadDelta.Delta + processItem->IoWriteDelta.Delta + processItem->IoOtherDelta.Delta, -1)->Buffer
);
}
else
{
text[count] = PhFormatString(
L"%s: %s",
processItem->ProcessName->Buffer,
PhaFormatSize(processItem->IoReadDelta.Delta + processItem->IoWriteDelta.Delta + processItem->IoOtherDelta.Delta, -1)->Buffer
);
}
PhDereferenceObject(processItem);
}
else
{
text[count] = PhCreateString(L"-");
}
}
break;
case ID_STATUS_NUMBEROFVISIBLEITEMS:
{
HWND tnHandle = NULL;
tnHandle = GetCurrentTreeNewHandle();
if (tnHandle)
{
ULONG visibleCount = 0;
visibleCount = TreeNew_GetFlatNodeCount(tnHandle);
text[count] = PhFormatString(
L"Visible: %lu",
visibleCount
);
}
else
{
text[count] = PhCreateString(
L"Visible: N/A"
);
}
}
break;
case ID_STATUS_NUMBEROFSELECTEDITEMS:
{
HWND tnHandle = NULL;
tnHandle = GetCurrentTreeNewHandle();
if (tnHandle)
{
ULONG visibleCount = 0;
ULONG selectedCount = 0;
visibleCount = TreeNew_GetFlatNodeCount(tnHandle);
for (ULONG i = 0; i < visibleCount; i++)
{
if (TreeNew_GetFlatNode(tnHandle, i)->Selected)
selectedCount++;
}
text[count] = PhFormatString(
L"Selected: %lu",
selectedCount
);
}
else
{
text[count] = PhCreateString(
L"Selected: N/A"
);
}
}
break;
case ID_STATUS_INTERVALSTATUS:
{
ULONG interval;
interval = PhGetIntegerSetting(L"UpdateInterval");
if (UpdateAutomatically)
{
switch (interval)
{
case 500:
text[count] = PhCreateString(L"Interval: Fast");
break;
case 1000:
text[count] = PhCreateString(L"Interval: Normal");
break;
case 2000:
text[count] = PhCreateString(L"Interval: Below Normal");
break;
case 5000:
text[count] = PhCreateString(L"Interval: Slow");
break;
case 10000:
text[count] = PhCreateString(L"Interval: Very Slow");
break;
}
}
else
{
text[count] = PhCreateString(L"Interval: Paused");
}
}
break;
}
if (resetMaxWidths)
StatusBarMaxWidths[count] = 0;
if (!GetTextExtentPoint32(hdc, text[count]->Buffer, (ULONG)text[count]->Length / sizeof(WCHAR), &size))
size.cx = 200;
if (count != 0)
widths[count] = widths[count - 1];
else
widths[count] = 0;
width = size.cx + 10;
if (width <= StatusBarMaxWidths[count])
{
width = StatusBarMaxWidths[count];
}
else
{
StatusBarMaxWidths[count] = width;
}
widths[count] += width;
count++;
}
ReleaseDC(StatusBarHandle, hdc);
SendMessage(StatusBarHandle, SB_SETPARTS, count, (LPARAM)widths);
for (i = 0; i < count; i++)
{
SendMessage(StatusBarHandle, SB_SETTEXT, i, (LPARAM)text[i]->Buffer);
PhDereferenceObject(text[i]);
}
}
BOOL
WINAPI
BaseUpdateVDMEntry(IN ULONG UpdateIndex,
IN OUT PHANDLE WaitHandle,
IN ULONG IndexInfo,
IN ULONG BinaryType)
{
#if 0 // Unimplemented in BASESRV
NTSTATUS Status;
BASE_API_MESSAGE ApiMessage;
PBASE_UPDATE_VDM_ENTRY UpdateVdmEntry = &ApiMessage.Data.UpdateVdmEntry;
/* Check what update is being sent */
switch (UpdateIndex)
{
/* VDM is being undone */
case VdmEntryUndo:
{
/* Tell the server how far we had gotten along */
UpdateVdmEntry->iTask = HandleToUlong(*WaitHandle);
UpdateVdmEntry->VDMCreationState = IndexInfo;
break;
}
/* VDM is ready with a new process handle */
case VdmEntryUpdateProcess:
{
/* Send it the process handle */
UpdateVdmEntry->VDMProcessHandle = *WaitHandle;
UpdateVdmEntry->iTask = IndexInfo;
break;
}
}
/* Also check what kind of binary this is for the console handle */
if (BinaryType == BINARY_TYPE_WOW)
{
/* Magic value for 16-bit apps */
UpdateVdmEntry->ConsoleHandle = (HANDLE)-1;
}
else if (UpdateVdmEntry->iTask)
{
/* No handle for true VDM */
UpdateVdmEntry->ConsoleHandle = NULL;
}
else
{
/* Otherwise, use the regular console handle */
UpdateVdmEntry->ConsoleHandle = NtCurrentPeb()->ProcessParameters->ConsoleHandle;
}
/* Finally write the index and binary type */
UpdateVdmEntry->EntryIndex = UpdateIndex;
UpdateVdmEntry->BinaryType = BinaryType;
/* Send the message to CSRSS */
Status = CsrClientCallServer((PCSR_API_MESSAGE)&ApiMessage,
NULL,
CSR_CREATE_API_NUMBER(BASESRV_SERVERDLL_INDEX, BasepUpdateVDMEntry),
sizeof(BASE_UPDATE_VDM_ENTRY));
if (!NT_SUCCESS(Status))
{
/* Handle failure */
BaseSetLastNTError(Status);
return FALSE;
}
/* If this was an update, CSRSS returns a new wait handle */
if (UpdateIndex == VdmEntryUpdateProcess)
{
/* Return it to the caller */
*WaitHandle = UpdateVdmEntry->WaitObjectForParent;
}
#endif
/* We made it */
return TRUE;
}
