PPH_STRING PhGetOpaqueXmlNodeText(
_In_ mxml_node_t *xmlNode
)
{
if (xmlNode && xmlNode->child && xmlNode->child->type == MXML_OPAQUE && xmlNode->child->value.opaque)
{
return PhConvertUtf8ToUtf16(xmlNode->child->value.opaque);
}
return PhReferenceEmptyString();
}
INT_PTR CALLBACK GrowlDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
SetDlgItemText(hwndDlg, IDC_LICENSE, PH_AUTO_T(PH_STRING, PhConvertUtf8ToUtf16(gntp_send_license_text))->Buffer);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_ENABLEGROWL), PhGetIntegerSetting(SETTING_NAME_ENABLE_GROWL) ? BST_CHECKED : BST_UNCHECKED);
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_QUERYINITIALFOCUS:
{
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, (LONG_PTR)GetDlgItem(hwndDlg, IDC_ENABLEGROWL));
}
return TRUE;
case PSN_APPLY:
{
PhSetIntegerSetting(SETTING_NAME_ENABLE_GROWL, Button_GetCheck(GetDlgItem(hwndDlg, IDC_ENABLEGROWL)) == BST_CHECKED);
if (PhGetIntegerSetting(SETTING_NAME_ENABLE_GROWL))
RegisterGrowl(FALSE);
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_NOERROR);
}
return TRUE;
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK GrowlDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
static PH_LAYOUT_MANAGER LayoutManager;
switch (uMsg)
{
case WM_INITDIALOG:
{
SetDlgItemText(hwndDlg, IDC_LICENSE, PH_AUTO_T(PH_STRING, PhConvertUtf8ToUtf16(gntp_send_license_text))->Buffer);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_ENABLEGROWL), PhGetIntegerSetting(SETTING_NAME_ENABLE_GROWL) ? BST_CHECKED : BST_UNCHECKED);
PhInitializeLayoutManager(&LayoutManager, hwndDlg);
PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_LICENSE), NULL, PH_ANCHOR_ALL);
}
break;
case WM_DESTROY:
{
PhSetIntegerSetting(SETTING_NAME_ENABLE_GROWL, Button_GetCheck(GetDlgItem(hwndDlg, IDC_ENABLEGROWL)) == BST_CHECKED);
if (PhGetIntegerSetting(SETTING_NAME_ENABLE_GROWL))
RegisterGrowl(FALSE);
PhDeleteLayoutManager(&LayoutManager);
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&LayoutManager);
}
break;
}
return FALSE;
}
PVIRUSTOTAL_FILE_REPORT VirusTotalRequestFileReport(
_In_ PPH_STRING FileHash
)
{
PVIRUSTOTAL_FILE_REPORT result = NULL;
PPH_BYTES jsonString = NULL;
PPH_HTTP_CONTEXT httpContext = NULL;
PPH_STRING versionString = NULL;
PPH_STRING userAgentString = NULL;
PPH_STRING urlPathString = NULL;
PVOID jsonRootObject = NULL;
PVOID jsonScanObject;
versionString = PhGetPhVersion();
userAgentString = PhConcatStrings2(L"ProcessHacker_", versionString->Buffer);
if (!PhHttpSocketCreate(
&httpContext,
PhGetString(userAgentString)
))
{
goto CleanupExit;
}
if (!PhHttpSocketConnect(
httpContext,
L"www.virustotal.com",
PH_HTTP_DEFAULT_HTTPS_PORT
))
{
goto CleanupExit;
}
{
PPH_BYTES resourceString = VirusTotalGetCachedDbHash();
urlPathString = PhFormatString(
L"%s%s%s%s%s%S%s%s",
L"/vtapi",
L"/v2",
L"/file",
L"/report",
L"?\x0061\x0070\x0069\x006B\x0065\x0079=",
resourceString->Buffer,
L"&resource=",
FileHash->Buffer
);
PhClearReference(&resourceString);
}
if (!PhHttpSocketBeginRequest(
httpContext,
L"POST",
PhGetString(urlPathString),
PH_HTTP_FLAG_REFRESH | PH_HTTP_FLAG_SECURE
))
{
goto CleanupExit;
}
if (!PhHttpSocketAddRequestHeaders(httpContext, L"Content-Type: application/json", 0))
goto CleanupExit;
if (!PhHttpSocketSendRequest(httpContext, NULL, 0))
goto CleanupExit;
if (!PhHttpSocketEndRequest(httpContext))
goto CleanupExit;
if (!(jsonString = PhHttpSocketDownloadString(httpContext, FALSE)))
goto CleanupExit;
if (!(jsonRootObject = PhCreateJsonParser(jsonString->Buffer)))
goto CleanupExit;
result = PhAllocate(sizeof(VIRUSTOTAL_FILE_REPORT));
memset(result, 0, sizeof(VIRUSTOTAL_FILE_REPORT));
result->ResponseCode = PhGetJsonValueAsLong64(jsonRootObject, "response_code");
result->StatusMessage = PhGetJsonValueAsString(jsonRootObject, "verbose_msg");
result->PermaLink = PhGetJsonValueAsString(jsonRootObject, "permalink");
result->ScanDate = PhGetJsonValueAsString(jsonRootObject, "scan_date");
result->ScanId = PhGetJsonValueAsString(jsonRootObject, "scan_id");
result->Total = PhFormatUInt64(PhGetJsonValueAsLong64(jsonRootObject, "total"), FALSE);
result->Positives = PhFormatUInt64(PhGetJsonValueAsLong64(jsonRootObject, "positives"), FALSE);
//result->Md5 = PhGetJsonValueAsString(jsonRootObject, "md5");
//result->Sha1 = PhGetJsonValueAsString(jsonRootObject, "sha1");
//result->Sha256 = PhGetJsonValueAsString(jsonRootObject, "sha256");
if (jsonScanObject = PhGetJsonObject(jsonRootObject, "scans"))
{
PPH_LIST jsonArrayList;
if (jsonArrayList = PhGetJsonObjectAsArrayList(jsonScanObject))
{
result->ScanResults = PhCreateList(jsonArrayList->Count);
for (ULONG i = 0; i < jsonArrayList->Count; i++)
{
PVIRUSTOTAL_FILE_REPORT_RESULT entry;
PJSON_ARRAY_LIST_OBJECT object = jsonArrayList->Items[i];
entry = PhAllocate(sizeof(VIRUSTOTAL_FILE_REPORT_RESULT));
memset(entry, 0, sizeof(VIRUSTOTAL_FILE_REPORT_RESULT));
entry->Vendor = PhConvertUtf8ToUtf16(object->Key);
entry->Detected = PhGetJsonObjectBool(object->Entry, "detected");
entry->EngineVersion = PhGetJsonValueAsString(object->Entry, "version");
entry->DetectionName = PhGetJsonValueAsString(object->Entry, "result");
entry->DatabaseDate = PhGetJsonValueAsString(object->Entry, "update");
PhAddItemList(result->ScanResults, entry);
PhFree(object);
}
PhDereferenceObject(jsonArrayList);
}
}
CleanupExit:
if (httpContext)
PhHttpSocketDestroy(httpContext);
if (jsonRootObject)
PhFreeJsonParser(jsonRootObject);
PhClearReference(&jsonString);
PhClearReference(&versionString);
PhClearReference(&userAgentString);
return result;
}
NTSTATUS PhLoadSettings(
_In_ PWSTR FileName
)
{
NTSTATUS status;
HANDLE fileHandle;
LARGE_INTEGER fileSize;
mxml_node_t *topNode;
mxml_node_t *currentNode;
PhpClearIgnoredSettings();
status = PhCreateFileWin32(
&fileHandle,
FileName,
FILE_GENERIC_READ,
0,
FILE_SHARE_READ | FILE_SHARE_DELETE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
);
if (!NT_SUCCESS(status))
return status;
if (NT_SUCCESS(PhGetFileSize(fileHandle, &fileSize)) && fileSize.QuadPart == 0)
{
// A blank file is OK. There are no settings to load.
NtClose(fileHandle);
return status;
}
topNode = mxmlLoadFd(NULL, fileHandle, MXML_OPAQUE_CALLBACK);
NtClose(fileHandle);
if (!topNode)
return STATUS_FILE_CORRUPT_ERROR;
if (topNode->type != MXML_ELEMENT)
{
mxmlDelete(topNode);
return STATUS_FILE_CORRUPT_ERROR;
}
currentNode = topNode->child;
while (currentNode)
{
PPH_STRING settingName = NULL;
if (
currentNode->type == MXML_ELEMENT &&
currentNode->value.element.num_attrs >= 1 &&
_stricmp(currentNode->value.element.attrs[0].name, "name") == 0
)
{
settingName = PhConvertUtf8ToUtf16(currentNode->value.element.attrs[0].value);
}
if (settingName)
{
PPH_STRING settingValue = 0;
settingValue = PhpGetOpaqueXmlNodeText(currentNode);
PhAcquireQueuedLockExclusive(&PhSettingsLock);
{
PPH_SETTING setting;
setting = PhpLookupSetting(&settingName->sr);
if (setting)
{
PhpFreeSettingValue(setting->Type, setting);
if (!PhpSettingFromString(
setting->Type,
&settingValue->sr,
settingValue,
setting
))
{
PhpSettingFromString(
setting->Type,
&setting->DefaultValue,
NULL,
setting
);
}
}
else
{
setting = PhAllocate(sizeof(PH_SETTING));
setting->Name.Buffer = PhAllocateCopy(settingName->Buffer, settingName->Length + sizeof(WCHAR));
setting->Name.Length = settingName->Length;
PhReferenceObject(settingValue);
setting->u.Pointer = settingValue;
PhAddItemList(PhIgnoredSettings, setting);
}
}
PhReleaseQueuedLockExclusive(&PhSettingsLock);
PhDereferenceObject(settingValue);
PhDereferenceObject(settingName);
}
currentNode = currentNode->next;
}
mxmlDelete(topNode);
PhUpdateCachedSettings();
return STATUS_SUCCESS;
}
NTSTATUS LoadDb(
VOID
)
{
NTSTATUS status;
HANDLE fileHandle;
LARGE_INTEGER fileSize;
mxml_node_t *topNode;
mxml_node_t *currentNode;
status = PhCreateFileWin32(
&fileHandle,
ObjectDbPath->Buffer,
FILE_GENERIC_READ,
0,
FILE_SHARE_READ | FILE_SHARE_DELETE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
);
if (!NT_SUCCESS(status))
return status;
if (NT_SUCCESS(PhGetFileSize(fileHandle, &fileSize)) && fileSize.QuadPart == 0)
{
// A blank file is OK. There are no objects to load.
NtClose(fileHandle);
return status;
}
topNode = mxmlLoadFd(NULL, fileHandle, MXML_OPAQUE_CALLBACK);
NtClose(fileHandle);
if (!topNode)
return STATUS_FILE_CORRUPT_ERROR;
if (topNode->type != MXML_ELEMENT)
{
mxmlDelete(topNode);
return STATUS_FILE_CORRUPT_ERROR;
}
LockDb();
for (currentNode = topNode->child; currentNode; currentNode = currentNode->next)
{
PDB_OBJECT object = NULL;
PPH_STRING tag = NULL;
PPH_STRING name = NULL;
PPH_STRING priorityClass = NULL;
PPH_STRING ioPriorityPlusOne = NULL;
PPH_STRING comment = NULL;
PPH_STRING backColor = NULL;
PPH_STRING collapse = NULL;
PPH_STRING affinityMask = NULL;
if (currentNode->type == MXML_ELEMENT &&
currentNode->value.element.num_attrs >= 2)
{
for (INT i = 0; i < currentNode->value.element.num_attrs; i++)
{
if (_stricmp(currentNode->value.element.attrs[i].name, "tag") == 0)
PhMoveReference(&tag, PhConvertUtf8ToUtf16(currentNode->value.element.attrs[i].value));
else if (_stricmp(currentNode->value.element.attrs[i].name, "name") == 0)
PhMoveReference(&name, PhConvertUtf8ToUtf16(currentNode->value.element.attrs[i].value));
else if (_stricmp(currentNode->value.element.attrs[i].name, "priorityclass") == 0)
PhMoveReference(&priorityClass, PhConvertUtf8ToUtf16(currentNode->value.element.attrs[i].value));
else if (_stricmp(currentNode->value.element.attrs[i].name, "iopriorityplusone") == 0)
PhMoveReference(&ioPriorityPlusOne, PhConvertUtf8ToUtf16(currentNode->value.element.attrs[i].value));
else if (_stricmp(currentNode->value.element.attrs[i].name, "backcolor") == 0)
PhMoveReference(&backColor, PhConvertUtf8ToUtf16(currentNode->value.element.attrs[i].value));
else if (_stricmp(currentNode->value.element.attrs[i].name, "collapse") == 0)
PhMoveReference(&collapse, PhConvertUtf8ToUtf16(currentNode->value.element.attrs[i].value));
else if (_stricmp(currentNode->value.element.attrs[i].name, "affinity") == 0)
PhMoveReference(&affinityMask, PhConvertUtf8ToUtf16(currentNode->value.element.attrs[i].value));
}
}
comment = GetOpaqueXmlNodeText(currentNode);
if (tag && name && comment)
{
ULONG64 tagInteger;
ULONG64 priorityClassInteger = 0;
ULONG64 ioPriorityPlusOneInteger = 0;
PhStringToInteger64(&tag->sr, 10, &tagInteger);
if (priorityClass)
PhStringToInteger64(&priorityClass->sr, 10, &priorityClassInteger);
if (ioPriorityPlusOne)
PhStringToInteger64(&ioPriorityPlusOne->sr, 10, &ioPriorityPlusOneInteger);
object = CreateDbObject((ULONG)tagInteger, &name->sr, comment);
object->PriorityClass = (ULONG)priorityClassInteger;
object->IoPriorityPlusOne = (ULONG)ioPriorityPlusOneInteger;
}
// NOTE: These items are handled separately to maintain compatibility with previous versions of the database.
if (object && backColor)
{
ULONG64 backColorInteger = ULONG_MAX;
PhStringToInteger64(&backColor->sr, 10, &backColorInteger);
object->BackColor = (COLORREF)backColorInteger;
}
if (object && collapse)
{
ULONG64 collapseInteger = 0;
PhStringToInteger64(&collapse->sr, 10, &collapseInteger);
object->Collapse = !!collapseInteger;
}
if (object && affinityMask)
{
ULONG64 affinityInteger = 0;
PhStringToInteger64(&affinityMask->sr, 10, &affinityInteger);
object->AffinityMask = (ULONG)affinityInteger;
}
PhClearReference(&tag);
PhClearReference(&name);
PhClearReference(&priorityClass);
PhClearReference(&ioPriorityPlusOne);
PhClearReference(&comment);
PhClearReference(&backColor);
PhClearReference(&collapse);
PhClearReference(&affinityMask);
}
UnlockDb();
mxmlDelete(topNode);
return STATUS_SUCCESS;
}
