BOOLEAN RemoveDirectoryPath(_In_ PWSTR DirPath)
{
HANDLE findHandle;
PPH_STRING findPath;
WIN32_FIND_DATA data = { 0 };
findPath = PhConcatStrings2(DirPath, L"\\*");
if ((findHandle = FindFirstFile(findPath->Buffer, &data)) == INVALID_HANDLE_VALUE)
{
if (GetLastError() == ERROR_FILE_NOT_FOUND)
{
PhDereferenceObject(findPath);
return TRUE;
}
PhDereferenceObject(findPath);
return FALSE;
}
do
{
if (PhEqualStringZ(data.cFileName, L".", TRUE) || PhEqualStringZ(data.cFileName, L"..", TRUE))
continue;
if (data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
PPH_STRING dirPath = PhConcatStrings(3, DirPath, L"\\", data.cFileName);
RemoveDirectoryPath(dirPath->Buffer);
PhDereferenceObject(dirPath);
}
else
{
PPH_STRING filePath = PhConcatStrings(3, DirPath, L"\\", data.cFileName);
if (data.dwFileAttributes & FILE_ATTRIBUTE_READONLY)
{
_wchmod(filePath->Buffer, _S_IWRITE);
}
SetupDeleteDirectoryFile(filePath->Buffer);
PhDereferenceObject(filePath);
}
} while (FindNextFile(findHandle, &data));
FindClose(findHandle);
// Delete the parent directory
RemoveDirectory(DirPath);
PhDereferenceObject(findPath);
return TRUE;
}
BOOLEAN UpdaterCheckApplicationDirectory(
VOID
)
{
HANDLE fileHandle;
PPH_STRING directory;
PPH_STRING file;
if (UpdaterCheckKphInstallState())
return FALSE;
directory = PhGetApplicationDirectory();
file = PhConcatStrings(2, PhGetStringOrEmpty(directory), L"\\processhacker.update");
if (NT_SUCCESS(PhCreateFileWin32(
&fileHandle,
PhGetString(file),
FILE_GENERIC_WRITE | DELETE,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_DELETE,
FILE_OPEN_IF,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT | FILE_DELETE_ON_CLOSE
)))
{
PhDereferenceObject(file);
PhDereferenceObject(directory);
NtClose(fileHandle);
return TRUE;
}
PhDereferenceObject(file);
PhDereferenceObject(directory);
return FALSE;
}
BOOLEAN CreateDirectoryPath(_In_ PWSTR DirPath)
{
BOOLEAN success = FALSE;
PPH_STRING dirPathString = NULL;
PWSTR dirPathDup = NULL;
if (RtlDoesFileExists_U(DirPath))
return TRUE;
if ((dirPathDup = PhDuplicateStringZ(DirPath)) == NULL)
goto CleanupExit;
for (PWSTR path = _wcstok(dirPathDup, L"\\"); path; path = _wcstok(NULL, L"\\"))
{
if (!dirPathString)
dirPathString = PhCreateString(path);
else
{
PPH_STRING tempPathString;
tempPathString = PhConcatStrings(
3,
dirPathString->Buffer,
L"\\",
path
);
if (!RtlDoesFileExists_U(PhGetString(tempPathString)))
{
if (!CreateDirectory(PhGetString(tempPathString), NULL))
{
PhDereferenceObject(tempPathString);
goto CleanupExit;
}
}
PhSwapReference(&dirPathString, tempPathString);
PhDereferenceObject(tempPathString);
}
}
success = TRUE;
CleanupExit:
if (dirPathString)
{
PhDereferenceObject(dirPathString);
}
if (dirPathDup)
{
PhFree(dirPathDup);
}
return success;
}
static BOOL CALLBACK EnumDesktopsCallback(
_In_ PWSTR DesktopName,
_In_ LPARAM Context
)
{
PRUNAS_DIALOG_CONTEXT context = (PRUNAS_DIALOG_CONTEXT)Context;
PhAddItemList(context->DesktopList, PhConcatStrings(
3,
context->CurrentWinStaName->Buffer,
L"\\",
DesktopName
));
return TRUE;
}
/**
* Loads plugins from the default plugins directory.
*/
VOID PhLoadPlugins(
VOID
)
{
HANDLE pluginsDirectoryHandle;
PPH_STRING pluginsDirectory;
pluginsDirectory = PhGetStringSetting(L"PluginsDirectory");
if (RtlDetermineDosPathNameType_U(pluginsDirectory->Buffer) == RtlPathTypeRelative)
{
// Not absolute. Make sure it is.
PluginsDirectory = PhConcatStrings(4, PhApplicationDirectory->Buffer, L"\\", pluginsDirectory->Buffer, L"\\");
PhDereferenceObject(pluginsDirectory);
}
else
{
PluginsDirectory = pluginsDirectory;
}
if (NT_SUCCESS(PhCreateFileWin32(
&pluginsDirectoryHandle,
PluginsDirectory->Buffer,
FILE_GENERIC_READ,
0,
FILE_SHARE_READ,
FILE_OPEN,
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
)))
{
UNICODE_STRING pattern = RTL_CONSTANT_STRING(L"*.dll");
PhEnumDirectoryFile(pluginsDirectoryHandle, &pattern, EnumPluginsDirectoryCallback, NULL);
NtClose(pluginsDirectoryHandle);
}
// When we loaded settings before, we didn't know about plugin settings, so they
// went into the ignored settings list. Now that they've had a chance to add
// settings, we should scan the ignored settings list and move the settings to
// the right places.
if (PhSettingsFileName)
PhConvertIgnoredSettings();
PhpExecuteCallbackForAllPlugins(PluginCallbackLoad);
}
static VOID WriteCurrentUserRun(
_In_ BOOLEAN Present,
_In_ BOOLEAN StartHidden
)
{
HANDLE keyHandle;
if (CurrentUserRunPresent == Present && (!Present || CurrentUserRunStartHidden == StartHidden))
return;
if (NT_SUCCESS(PhOpenKey(
&keyHandle,
KEY_WRITE,
PH_KEY_CURRENT_USER,
&CurrentUserRunKeyName,
0
)))
{
UNICODE_STRING valueName;
RtlInitUnicodeString(&valueName, L"Process Hacker 2");
if (Present)
{
PPH_STRING value;
value = PH_AUTO(PhConcatStrings(3, L"\"", PhApplicationFileName->Buffer, L"\""));
if (StartHidden)
value = PhaConcatStrings2(value->Buffer, L" -hide");
NtSetValueKey(keyHandle, &valueName, 0, REG_SZ, value->Buffer, (ULONG)value->Length + 2);
}
else
{
NtDeleteValueKey(keyHandle, &valueName);
}
NtClose(keyHandle);
}
}
INT_PTR CALLBACK PhpServiceGeneralDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
LPPROPSHEETPAGE propSheetPage = (LPPROPSHEETPAGE)lParam;
PSERVICE_PROPERTIES_CONTEXT context = (PSERVICE_PROPERTIES_CONTEXT)propSheetPage->lParam;
PPH_SERVICE_ITEM serviceItem = context->ServiceItem;
SC_HANDLE serviceHandle;
ULONG startType;
ULONG errorControl;
// HACK
PhCenterWindow(GetParent(hwndDlg), GetParent(GetParent(hwndDlg)));
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
PhAddComboBoxStrings(GetDlgItem(hwndDlg, IDC_TYPE), PhServiceTypeStrings,
sizeof(PhServiceTypeStrings) / sizeof(WCHAR *));
PhAddComboBoxStrings(GetDlgItem(hwndDlg, IDC_STARTTYPE), PhServiceStartTypeStrings,
sizeof(PhServiceStartTypeStrings) / sizeof(WCHAR *));
PhAddComboBoxStrings(GetDlgItem(hwndDlg, IDC_ERRORCONTROL), PhServiceErrorControlStrings,
sizeof(PhServiceErrorControlStrings) / sizeof(WCHAR *));
SetDlgItemText(hwndDlg, IDC_DESCRIPTION, serviceItem->DisplayName->Buffer);
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_TYPE),
PhGetServiceTypeString(serviceItem->Type), FALSE);
startType = serviceItem->StartType;
errorControl = serviceItem->ErrorControl;
serviceHandle = PhOpenService(serviceItem->Name->Buffer, SERVICE_QUERY_CONFIG);
if (serviceHandle)
{
LPQUERY_SERVICE_CONFIG config;
PPH_STRING description;
BOOLEAN delayedStart;
if (config = PhGetServiceConfig(serviceHandle))
{
SetDlgItemText(hwndDlg, IDC_GROUP, config->lpLoadOrderGroup);
SetDlgItemText(hwndDlg, IDC_BINARYPATH, config->lpBinaryPathName);
SetDlgItemText(hwndDlg, IDC_USERACCOUNT, config->lpServiceStartName);
if (startType != config->dwStartType || errorControl != config->dwErrorControl)
{
startType = config->dwStartType;
errorControl = config->dwErrorControl;
PhMarkNeedsConfigUpdateServiceItem(serviceItem);
}
PhFree(config);
}
if (description = PhGetServiceDescription(serviceHandle))
{
SetDlgItemText(hwndDlg, IDC_DESCRIPTION, description->Buffer);
PhDereferenceObject(description);
}
if (
WindowsVersion >= WINDOWS_VISTA &&
PhGetServiceDelayedAutoStart(serviceHandle, &delayedStart)
)
{
context->OldDelayedStart = delayedStart;
if (delayedStart)
Button_SetCheck(GetDlgItem(hwndDlg, IDC_DELAYEDSTART), BST_CHECKED);
}
CloseServiceHandle(serviceHandle);
}
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_STARTTYPE),
PhGetServiceStartTypeString(startType), FALSE);
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_ERRORCONTROL),
PhGetServiceErrorControlString(errorControl), FALSE);
SetDlgItemText(hwndDlg, IDC_PASSWORD, L"password");
Button_SetCheck(GetDlgItem(hwndDlg, IDC_PASSWORDCHECK), BST_UNCHECKED);
SetDlgItemText(hwndDlg, IDC_SERVICEDLL, L"N/A");
{
HANDLE keyHandle;
PPH_STRING keyName;
keyName = PhConcatStrings(
3,
L"System\\CurrentControlSet\\Services\\",
serviceItem->Name->Buffer,
L"\\Parameters"
);
if (NT_SUCCESS(PhOpenKey(
&keyHandle,
KEY_READ,
PH_KEY_LOCAL_MACHINE,
&keyName->sr,
0
)))
{
PPH_STRING serviceDllString;
if (serviceDllString = PhQueryRegistryString(keyHandle, L"ServiceDll"))
{
PPH_STRING expandedString;
if (expandedString = PhExpandEnvironmentStrings(&serviceDllString->sr))
{
SetDlgItemText(hwndDlg, IDC_SERVICEDLL, expandedString->Buffer);
PhDereferenceObject(expandedString);
}
PhDereferenceObject(serviceDllString);
}
NtClose(keyHandle);
}
PhDereferenceObject(keyName);
}
PhpRefreshControls(hwndDlg);
context->Ready = TRUE;
}
break;
case WM_DESTROY:
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
PSERVICE_PROPERTIES_CONTEXT context =
(PSERVICE_PROPERTIES_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
switch (LOWORD(wParam))
{
case IDCANCEL:
{
// Workaround for property sheet + multiline edit: http://support.microsoft.com/kb/130765
SendMessage(GetParent(hwndDlg), uMsg, wParam, lParam);
}
break;
case IDC_PASSWORD:
{
if (HIWORD(wParam) == EN_CHANGE)
{
Button_SetCheck(GetDlgItem(hwndDlg, IDC_PASSWORDCHECK), BST_CHECKED);
}
}
break;
case IDC_DELAYEDSTART:
{
context->Dirty = TRUE;
}
break;
case IDC_BROWSE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Executable files (*.exe;*.sys)", L"*.exe;*.sys" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
PPH_STRING fileName;
fileDialog = PhCreateOpenFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
fileName = PhGetFileName(PHA_GET_DLGITEM_TEXT(hwndDlg, IDC_BINARYPATH));
PhSetFileDialogFileName(fileDialog, fileName->Buffer);
PhDereferenceObject(fileName);
if (PhShowFileDialog(hwndDlg, fileDialog))
{
fileName = PhGetFileDialogFileName(fileDialog);
SetDlgItemText(hwndDlg, IDC_BINARYPATH, fileName->Buffer);
PhDereferenceObject(fileName);
}
PhFreeFileDialog(fileDialog);
}
break;
}
switch (HIWORD(wParam))
{
case EN_CHANGE:
case CBN_SELCHANGE:
{
PhpRefreshControls(hwndDlg);
if (context->Ready)
context->Dirty = TRUE;
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_QUERYINITIALFOCUS:
{
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, (LONG_PTR)GetDlgItem(hwndDlg, IDC_STARTTYPE));
}
return TRUE;
case PSN_KILLACTIVE:
{
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, FALSE);
}
return TRUE;
case PSN_APPLY:
{
NTSTATUS status;
PSERVICE_PROPERTIES_CONTEXT context =
(PSERVICE_PROPERTIES_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
PPH_SERVICE_ITEM serviceItem = context->ServiceItem;
SC_HANDLE serviceHandle;
PPH_STRING newServiceTypeString;
PPH_STRING newServiceStartTypeString;
PPH_STRING newServiceErrorControlString;
ULONG newServiceType;
ULONG newServiceStartType;
ULONG newServiceErrorControl;
PPH_STRING newServiceGroup;
PPH_STRING newServiceBinaryPath;
PPH_STRING newServiceUserAccount;
PPH_STRING newServicePassword;
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_NOERROR);
if (!context->Dirty)
{
return TRUE;
}
newServiceTypeString = PHA_DEREFERENCE(PhGetWindowText(GetDlgItem(hwndDlg, IDC_TYPE)));
newServiceStartTypeString = PHA_DEREFERENCE(PhGetWindowText(GetDlgItem(hwndDlg, IDC_STARTTYPE)));
newServiceErrorControlString = PHA_DEREFERENCE(PhGetWindowText(GetDlgItem(hwndDlg, IDC_ERRORCONTROL)));
newServiceType = PhGetServiceTypeInteger(newServiceTypeString->Buffer);
newServiceStartType = PhGetServiceStartTypeInteger(newServiceStartTypeString->Buffer);
newServiceErrorControl = PhGetServiceErrorControlInteger(newServiceErrorControlString->Buffer);
newServiceGroup = PHA_DEREFERENCE(PhGetWindowText(GetDlgItem(hwndDlg, IDC_GROUP)));
newServiceBinaryPath = PHA_DEREFERENCE(PhGetWindowText(GetDlgItem(hwndDlg, IDC_BINARYPATH)));
newServiceUserAccount = PHA_DEREFERENCE(PhGetWindowText(GetDlgItem(hwndDlg, IDC_USERACCOUNT)));
if (Button_GetCheck(GetDlgItem(hwndDlg, IDC_PASSWORDCHECK)) == BST_CHECKED)
{
newServicePassword = PhGetWindowText(GetDlgItem(hwndDlg, IDC_PASSWORD));
}
else
{
newServicePassword = NULL;
}
if (newServiceType == SERVICE_KERNEL_DRIVER && newServiceUserAccount->Length == 0)
{
newServiceUserAccount = NULL;
}
serviceHandle = PhOpenService(serviceItem->Name->Buffer, SERVICE_CHANGE_CONFIG);
if (serviceHandle)
{
if (ChangeServiceConfig(
serviceHandle,
newServiceType,
newServiceStartType,
newServiceErrorControl,
newServiceBinaryPath->Buffer,
newServiceGroup->Buffer,
NULL,
NULL,
PhGetString(newServiceUserAccount),
PhGetString(newServicePassword),
NULL
))
{
if (WindowsVersion >= WINDOWS_VISTA)
{
BOOLEAN newDelayedStart;
newDelayedStart = Button_GetCheck(GetDlgItem(hwndDlg, IDC_DELAYEDSTART)) == BST_CHECKED;
if (newDelayedStart != context->OldDelayedStart)
{
PhSetServiceDelayedAutoStart(serviceHandle, newDelayedStart);
}
}
PhMarkNeedsConfigUpdateServiceItem(serviceItem);
CloseServiceHandle(serviceHandle);
}
else
{
CloseServiceHandle(serviceHandle);
goto ErrorCase;
}
}
else
{
if (GetLastError() == ERROR_ACCESS_DENIED && !PhElevated)
{
// Elevate using phsvc.
if (PhUiConnectToPhSvc(hwndDlg, FALSE))
{
if (NT_SUCCESS(status = PhSvcCallChangeServiceConfig(
serviceItem->Name->Buffer,
newServiceType,
newServiceStartType,
newServiceErrorControl,
newServiceBinaryPath->Buffer,
newServiceGroup->Buffer,
NULL,
NULL,
PhGetString(newServiceUserAccount),
PhGetString(newServicePassword),
NULL
)))
{
if (WindowsVersion >= WINDOWS_VISTA)
{
BOOLEAN newDelayedStart;
newDelayedStart = Button_GetCheck(GetDlgItem(hwndDlg, IDC_DELAYEDSTART)) == BST_CHECKED;
if (newDelayedStart != context->OldDelayedStart)
{
SERVICE_DELAYED_AUTO_START_INFO info;
info.fDelayedAutostart = newDelayedStart;
PhSvcCallChangeServiceConfig2(
serviceItem->Name->Buffer,
SERVICE_CONFIG_DELAYED_AUTO_START_INFO,
&info
);
}
}
PhMarkNeedsConfigUpdateServiceItem(serviceItem);
}
PhUiDisconnectFromPhSvc();
if (!NT_SUCCESS(status))
{
SetLastError(PhNtStatusToDosError(status));
goto ErrorCase;
}
}
else
{
// User cancelled elevation.
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_INVALID);
}
}
else
{
goto ErrorCase;
}
}
goto Cleanup;
ErrorCase:
if (PhShowMessage(
hwndDlg,
MB_ICONERROR | MB_RETRYCANCEL,
L"Unable to change service configuration: %s",
((PPH_STRING)PHA_DEREFERENCE(PhGetWin32Message(GetLastError())))->Buffer
) == IDRETRY)
{
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_INVALID);
}
Cleanup:
if (newServicePassword)
{
RtlSecureZeroMemory(newServicePassword->Buffer, newServicePassword->Length);
PhDereferenceObject(newServicePassword);
}
}
return TRUE;
}
}
break;
}
return FALSE;
}
VOID NTAPI DotNetEventCallback(
_In_ PEVENT_RECORD EventRecord
)
{
PASMPAGE_QUERY_CONTEXT context = EventRecord->UserContext;
PEVENT_HEADER eventHeader = &EventRecord->EventHeader;
PEVENT_DESCRIPTOR eventDescriptor = &eventHeader->EventDescriptor;
if (UlongToHandle(eventHeader->ProcessId) == context->ProcessId)
{
// .NET 4.0+
switch (eventDescriptor->Id)
{
case RuntimeInformationDCStart:
{
PRuntimeInformationRundown data = EventRecord->UserData;
PDNA_NODE node;
PPH_STRING startupFlagsString;
PPH_STRING startupModeString;
// Check for duplicates.
if (FindClrNode(context, data->ClrInstanceID))
break;
node = AddNode(context);
node->Type = DNA_TYPE_CLR;
node->u.Clr.ClrInstanceID = data->ClrInstanceID;
node->u.Clr.DisplayName = PhFormatString(L"CLR v%u.%u.%u.%u", data->VMMajorVersion, data->VMMinorVersion, data->VMBuildNumber, data->VMQfeNumber);
node->StructureText = node->u.Clr.DisplayName->sr;
node->IdText = PhFormatString(L"%u", data->ClrInstanceID);
startupFlagsString = FlagsToString(data->StartupFlags, StartupFlagsMap, sizeof(StartupFlagsMap));
startupModeString = FlagsToString(data->StartupMode, StartupModeMap, sizeof(StartupModeMap));
if (startupFlagsString->Length != 0 && startupModeString->Length != 0)
{
node->FlagsText = PhConcatStrings(3, startupFlagsString->Buffer, L", ", startupModeString->Buffer);
PhDereferenceObject(startupFlagsString);
PhDereferenceObject(startupModeString);
}
else if (startupFlagsString->Length != 0)
{
node->FlagsText = startupFlagsString;
PhDereferenceObject(startupModeString);
}
else if (startupModeString->Length != 0)
{
node->FlagsText = startupModeString;
PhDereferenceObject(startupFlagsString);
}
if (data->CommandLine[0])
node->PathText = PhCreateString(data->CommandLine);
PhAddItemList(context->NodeRootList, node);
}
break;
case AppDomainDCStart_V1:
{
PAppDomainLoadUnloadRundown_V1 data = EventRecord->UserData;
SIZE_T appDomainNameLength;
USHORT clrInstanceID;
PDNA_NODE parentNode;
PDNA_NODE node;
appDomainNameLength = PhCountStringZ(data->AppDomainName) * sizeof(WCHAR);
clrInstanceID = *(PUSHORT)((PCHAR)data + FIELD_OFFSET(AppDomainLoadUnloadRundown_V1, AppDomainName) + appDomainNameLength + sizeof(WCHAR) + sizeof(ULONG));
// Find the CLR node to add the AppDomain node to.
parentNode = FindClrNode(context, clrInstanceID);
if (parentNode)
{
// Check for duplicates.
if (FindAppDomainNode(parentNode, data->AppDomainID))
break;
node = AddNode(context);
node->Type = DNA_TYPE_APPDOMAIN;
node->u.AppDomain.AppDomainID = data->AppDomainID;
node->u.AppDomain.DisplayName = PhConcatStrings2(L"AppDomain: ", data->AppDomainName);
node->StructureText = node->u.AppDomain.DisplayName->sr;
node->IdText = PhFormatString(L"%I64u", data->AppDomainID);
node->FlagsText = FlagsToString(data->AppDomainFlags, AppDomainFlagsMap, sizeof(AppDomainFlagsMap));
PhAddItemList(parentNode->Children, node);
}
}
break;
case AssemblyDCStart_V1:
{
PAssemblyLoadUnloadRundown_V1 data = EventRecord->UserData;
SIZE_T fullyQualifiedAssemblyNameLength;
USHORT clrInstanceID;
PDNA_NODE parentNode;
PDNA_NODE node;
PH_STRINGREF remainingPart;
fullyQualifiedAssemblyNameLength = PhCountStringZ(data->FullyQualifiedAssemblyName) * sizeof(WCHAR);
clrInstanceID = *(PUSHORT)((PCHAR)data + FIELD_OFFSET(AssemblyLoadUnloadRundown_V1, FullyQualifiedAssemblyName) + fullyQualifiedAssemblyNameLength + sizeof(WCHAR));
// Find the AppDomain node to add the Assembly node to.
parentNode = FindClrNode(context, clrInstanceID);
if (parentNode)
parentNode = FindAppDomainNode(parentNode, data->AppDomainID);
if (parentNode)
{
// Check for duplicates.
if (FindAssemblyNode(parentNode, data->AssemblyID))
break;
node = AddNode(context);
node->Type = DNA_TYPE_ASSEMBLY;
node->u.Assembly.AssemblyID = data->AssemblyID;
node->u.Assembly.FullyQualifiedAssemblyName = PhCreateStringEx(data->FullyQualifiedAssemblyName, fullyQualifiedAssemblyNameLength);
// Display only the assembly name, not the whole fully qualified name.
if (!PhSplitStringRefAtChar(&node->u.Assembly.FullyQualifiedAssemblyName->sr, ',', &node->StructureText, &remainingPart))
node->StructureText = node->u.Assembly.FullyQualifiedAssemblyName->sr;
node->IdText = PhFormatString(L"%I64u", data->AssemblyID);
node->FlagsText = FlagsToString(data->AssemblyFlags, AssemblyFlagsMap, sizeof(AssemblyFlagsMap));
PhAddItemList(parentNode->Children, node);
}
}
break;
case ModuleDCStart_V1:
{
PModuleLoadUnloadRundown_V1 data = EventRecord->UserData;
PWSTR moduleILPath;
SIZE_T moduleILPathLength;
PWSTR moduleNativePath;
SIZE_T moduleNativePathLength;
USHORT clrInstanceID;
PDNA_NODE node;
moduleILPath = data->ModuleILPath;
moduleILPathLength = PhCountStringZ(moduleILPath) * sizeof(WCHAR);
moduleNativePath = (PWSTR)((PCHAR)moduleILPath + moduleILPathLength + sizeof(WCHAR));
moduleNativePathLength = PhCountStringZ(moduleNativePath) * sizeof(WCHAR);
clrInstanceID = *(PUSHORT)((PCHAR)moduleNativePath + moduleNativePathLength + sizeof(WCHAR));
// Find the Assembly node to set the path on.
node = FindClrNode(context, clrInstanceID);
if (node)
node = FindAssemblyNode2(node, data->AssemblyID);
if (node)
{
PhMoveReference(&node->PathText, PhCreateStringEx(moduleILPath, moduleILPathLength));
if (moduleNativePathLength != 0)
PhMoveReference(&node->NativePathText, PhCreateStringEx(moduleNativePath, moduleNativePathLength));
}
}
break;
case DCStartComplete_V1:
{
if (_InterlockedExchange(&context->TraceHandleActive, 0) == 1)
{
CloseTrace(context->TraceHandle);
}
}
break;
}
// .NET 2.0
if (eventDescriptor->Id == 0)
{
switch (eventDescriptor->Opcode)
{
case CLR_MODULEDCSTART_OPCODE:
{
PModuleLoadUnloadRundown_V1 data = EventRecord->UserData;
PWSTR moduleILPath;
SIZE_T moduleILPathLength;
PWSTR moduleNativePath;
SIZE_T moduleNativePathLength;
PDNA_NODE node;
ULONG_PTR indexOfBackslash;
ULONG_PTR indexOfLastDot;
moduleILPath = data->ModuleILPath;
moduleILPathLength = PhCountStringZ(moduleILPath) * sizeof(WCHAR);
moduleNativePath = (PWSTR)((PCHAR)moduleILPath + moduleILPathLength + sizeof(WCHAR));
moduleNativePathLength = PhCountStringZ(moduleNativePath) * sizeof(WCHAR);
if (context->ClrV2Node && (moduleILPathLength != 0 || moduleNativePathLength != 0))
{
node = AddNode(context);
node->Type = DNA_TYPE_ASSEMBLY;
node->FlagsText = FlagsToString(data->ModuleFlags, ModuleFlagsMap, sizeof(ModuleFlagsMap));
node->PathText = PhCreateStringEx(moduleILPath, moduleILPathLength);
if (moduleNativePathLength != 0)
node->NativePathText = PhCreateStringEx(moduleNativePath, moduleNativePathLength);
// Use the name between the last backslash and the last dot for the structure column text.
// (E.g. C:\...\AcmeSoft.BigLib.dll -> AcmeSoft.BigLib)
indexOfBackslash = PhFindLastCharInString(node->PathText, 0, '\\');
indexOfLastDot = PhFindLastCharInString(node->PathText, 0, '.');
if (indexOfBackslash != -1)
{
node->StructureText.Buffer = node->PathText->Buffer + indexOfBackslash + 1;
if (indexOfLastDot != -1 && indexOfLastDot > indexOfBackslash)
{
node->StructureText.Length = (indexOfLastDot - indexOfBackslash - 1) * sizeof(WCHAR);
}
else
{
node->StructureText.Length = node->PathText->Length - indexOfBackslash * sizeof(WCHAR) - sizeof(WCHAR);
}
}
else
{
node->StructureText = node->PathText->sr;
}
PhAddItemList(context->ClrV2Node->Children, node);
}
}
break;
case CLR_METHODDC_DCSTARTCOMPLETE_OPCODE:
{
if (_InterlockedExchange(&context->TraceHandleActive, 0) == 1)
{
CloseTrace(context->TraceHandle);
}
}
break;
}
}
}
}
VOID PhpAdvancedPageSave(
_In_ HWND hwndDlg
)
{
ULONG sampleCount;
SetSettingForDlgItemCheck(hwndDlg, IDC_ENABLEWARNINGS, L"EnableWarnings");
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLEKERNELMODEDRIVER, L"EnableKph");
SetSettingForDlgItemCheck(hwndDlg, IDC_HIDEUNNAMEDHANDLES, L"HideUnnamedHandles");
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLESTAGE2, L"EnableStage2");
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLENETWORKRESOLVE, L"EnableNetworkResolve");
SetSettingForDlgItemCheck(hwndDlg, IDC_PROPAGATECPUUSAGE, L"PropagateCpuUsage");
SetSettingForDlgItemCheck(hwndDlg, IDC_ENABLEINSTANTTOOLTIPS, L"EnableInstantTooltips");
if (WindowsVersion >= WINDOWS_7)
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLECYCLECPUUSAGE, L"EnableCycleCpuUsage");
sampleCount = GetDlgItemInt(hwndDlg, IDC_SAMPLECOUNT, NULL, FALSE);
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_SAMPLECOUNTAUTOMATIC, L"SampleCountAutomatic");
if (sampleCount == 0)
sampleCount = 1;
if (sampleCount != PhGetIntegerSetting(L"SampleCount"))
RestartRequired = TRUE;
PhSetIntegerSetting(L"SampleCount", sampleCount);
// Replace Task Manager
if (IsWindowEnabled(GetDlgItem(hwndDlg, IDC_REPLACETASKMANAGER)))
{
NTSTATUS status;
HANDLE taskmgrKeyHandle;
BOOLEAN replaceTaskMgr;
UNICODE_STRING valueName;
replaceTaskMgr = Button_GetCheck(GetDlgItem(hwndDlg, IDC_REPLACETASKMANAGER)) == BST_CHECKED;
if (OldReplaceTaskMgr != replaceTaskMgr)
{
// We should have created the key back in PhpAdvancedPageLoad, which is why
// we're opening the key here.
if (NT_SUCCESS(PhOpenKey(
&taskmgrKeyHandle,
KEY_WRITE,
PH_KEY_LOCAL_MACHINE,
&TaskMgrImageOptionsKeyName,
0
)))
{
RtlInitUnicodeString(&valueName, L"Debugger");
if (replaceTaskMgr)
{
PPH_STRING quotedFileName;
quotedFileName = PH_AUTO(PhConcatStrings(3, L"\"", PhApplicationFileName->Buffer, L"\""));
status = NtSetValueKey(taskmgrKeyHandle, &valueName, 0, REG_SZ, quotedFileName->Buffer, (ULONG)quotedFileName->Length + 2);
}
else
{
status = NtDeleteValueKey(taskmgrKeyHandle, &valueName);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to replace Task Manager", status, 0);
NtClose(taskmgrKeyHandle);
}
}
}
}
HRESULT CALLBACK FinalTaskDialogCallbackProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam,
_In_ LONG_PTR dwRefData
)
{
PPH_UPDATER_CONTEXT context = (PPH_UPDATER_CONTEXT)dwRefData;
switch (uMsg)
{
case TDN_NAVIGATED:
{
if (!UpdaterCheckApplicationDirectory())
{
SendMessage(hwndDlg, TDM_SET_BUTTON_ELEVATION_REQUIRED_STATE, IDYES, TRUE);
}
}
break;
case TDN_BUTTON_CLICKED:
{
INT buttonId = (INT)wParam;
if (buttonId == IDRETRY)
{
ShowCheckForUpdatesDialog(context);
return S_FALSE;
}
else if (buttonId == IDYES)
{
SHELLEXECUTEINFO info = { sizeof(SHELLEXECUTEINFO) };
PPH_STRING parameters;
if (PhIsNullOrEmptyString(context->SetupFilePath))
break;
parameters = PH_AUTO(PhGetApplicationDirectory());
parameters = PH_AUTO(PhBufferToHexString((PUCHAR)parameters->Buffer, (ULONG)parameters->Length));
parameters = PH_AUTO(PhConcatStrings(3, L"-update \"", PhGetStringOrEmpty(parameters), L"\""));
info.lpFile = PhGetStringOrEmpty(context->SetupFilePath);
info.lpParameters = PhGetString(parameters);
info.lpVerb = UpdaterCheckApplicationDirectory() ? NULL : L"runas";
info.nShow = SW_SHOW;
info.hwnd = hwndDlg;
info.fMask = SEE_MASK_NOASYNC | SEE_MASK_FLAG_NO_UI | SEE_MASK_NOZONECHECKS;
ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle);
if (ShellExecuteEx(&info))
{
ProcessHacker_Destroy(PhMainWndHandle);
}
else
{
ULONG errorCode = GetLastError();
// Install failed, cancel the shutdown.
ProcessHacker_CancelEarlyShutdown(PhMainWndHandle);
// Show error dialog.
if (errorCode != ERROR_CANCELLED) // Ignore UAC decline.
{
PhShowStatus(hwndDlg, L"Unable to execute the setup.", 0, errorCode);
if (context->StartupCheck)
ShowAvailableDialog(context);
else
ShowCheckForUpdatesDialog(context);
}
return S_FALSE;
}
}
}
break;
case TDN_HYPERLINK_CLICKED:
{
TaskDialogLinkClicked(context);
return S_FALSE;
}
break;
}
return S_OK;
}
/**
* Loads plugins from the default plugins directory.
*/
VOID PhLoadPlugins(
VOID
)
{
HANDLE pluginsDirectoryHandle;
PPH_STRING pluginsDirectory;
pluginsDirectory = PhGetStringSetting(L"PluginsDirectory");
if (RtlDetermineDosPathNameType_U(pluginsDirectory->Buffer) == RtlPathTypeRelative)
{
// Not absolute. Make sure it is.
PluginsDirectory = PhConcatStrings(4, PhApplicationDirectory->Buffer, L"\\", pluginsDirectory->Buffer, L"\\");
PhDereferenceObject(pluginsDirectory);
}
else
{
PluginsDirectory = pluginsDirectory;
}
if (NT_SUCCESS(PhCreateFileWin32(
&pluginsDirectoryHandle,
PluginsDirectory->Buffer,
FILE_GENERIC_READ,
0,
FILE_SHARE_READ,
FILE_OPEN,
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
)))
{
UNICODE_STRING pattern = RTL_CONSTANT_STRING(L"*.dll");
PhEnumDirectoryFile(pluginsDirectoryHandle, &pattern, EnumPluginsDirectoryCallback, NULL);
NtClose(pluginsDirectoryHandle);
}
// Handle load errors.
// In certain startup modes we want to ignore all plugin load errors.
if (LoadErrors && LoadErrors->Count != 0 && !PhStartupParameters.PhSvc)
{
PH_STRING_BUILDER sb;
ULONG i;
PPHP_PLUGIN_LOAD_ERROR loadError;
PPH_STRING baseName;
PhInitializeStringBuilder(&sb, 100);
PhAppendStringBuilder2(&sb, L"Unable to load the following plugin(s):\n\n");
for (i = 0; i < LoadErrors->Count; i++)
{
loadError = LoadErrors->Items[i];
baseName = PhGetBaseName(loadError->FileName);
PhAppendFormatStringBuilder(&sb, L"%s: %s\n",
baseName->Buffer, PhGetStringOrDefault(loadError->ErrorMessage, L"An unknown error occurred."));
PhDereferenceObject(baseName);
}
PhAppendStringBuilder2(&sb, L"\nDo you want to disable the above plugin(s)?");
if (PhShowMessage(
NULL,
MB_ICONERROR | MB_YESNO,
sb.String->Buffer
) == IDYES)
{
ULONG i;
for (i = 0; i < LoadErrors->Count; i++)
{
loadError = LoadErrors->Items[i];
baseName = PhGetBaseName(loadError->FileName);
PhSetPluginDisabled(&baseName->sr, TRUE);
PhDereferenceObject(baseName);
}
}
PhDeleteStringBuilder(&sb);
}
// When we loaded settings before, we didn't know about plugin settings, so they
// went into the ignored settings list. Now that they've had a chance to add
// settings, we should scan the ignored settings list and move the settings to
// the right places.
if (PhSettingsFileName)
PhConvertIgnoredSettings();
PhpExecuteCallbackForAllPlugins(PluginCallbackLoad, TRUE);
}
NTSTATUS KphSetParameters(
_In_opt_ PWSTR DeviceName,
_In_ PKPH_PARAMETERS Parameters
)
{
NTSTATUS status;
HANDLE parametersKeyHandle = NULL;
PPH_STRING parametersKeyName;
ULONG disposition;
UNICODE_STRING valueName;
if (!DeviceName)
DeviceName = KPH_DEVICE_SHORT_NAME;
parametersKeyName = PhConcatStrings(
3,
L"System\\CurrentControlSet\\Services\\",
DeviceName,
L"\\Parameters"
);
status = PhCreateKey(
¶metersKeyHandle,
KEY_WRITE | DELETE,
PH_KEY_LOCAL_MACHINE,
¶metersKeyName->sr,
0,
0,
&disposition
);
PhDereferenceObject(parametersKeyName);
if (!NT_SUCCESS(status))
return status;
RtlInitUnicodeString(&valueName, L"SecurityLevel");
status = NtSetValueKey(parametersKeyHandle, &valueName, 0, REG_DWORD, &Parameters->SecurityLevel, sizeof(ULONG));
if (!NT_SUCCESS(status))
goto SetValuesEnd;
if (Parameters->CreateDynamicConfiguration)
{
KPH_DYN_CONFIGURATION configuration;
RtlInitUnicodeString(&valueName, L"DynamicConfiguration");
configuration.Version = KPH_DYN_CONFIGURATION_VERSION;
configuration.NumberOfPackages = 1;
if (NT_SUCCESS(KphInitializeDynamicPackage(&configuration.Packages[0])))
{
status = NtSetValueKey(parametersKeyHandle, &valueName, 0, REG_BINARY, &configuration, sizeof(KPH_DYN_CONFIGURATION));
if (!NT_SUCCESS(status))
goto SetValuesEnd;
}
}
// Put more parameters here...
SetValuesEnd:
if (!NT_SUCCESS(status))
{
// Delete the key if we created it.
if (disposition == REG_CREATED_NEW_KEY)
NtDeleteKey(parametersKeyHandle);
}
NtClose(parametersKeyHandle);
return status;
}
