static VOID ReadCurrentUserRun( VOID ) { HANDLE keyHandle; PPH_STRING value; CurrentUserRunPresent = FALSE; CurrentUserRunStartHidden = FALSE; if (NT_SUCCESS(PhOpenKey( &keyHandle, KEY_READ, PH_KEY_CURRENT_USER, &CurrentUserRunKeyName, 0 ))) { if (value = PhQueryRegistryString(keyHandle, L"Process Hacker 2")) { PH_STRINGREF fileName; PH_STRINGREF arguments; PPH_STRING fullFileName; PH_AUTO(value); if (PhParseCommandLineFuzzy(&value->sr, &fileName, &arguments, &fullFileName)) { PH_AUTO(fullFileName); if (fullFileName && PhEqualString(fullFileName, PhApplicationFileName, TRUE)) { CurrentUserRunPresent = TRUE; CurrentUserRunStartHidden = PhEqualStringRef2(&arguments, L"-hide", FALSE); } } } NtClose(keyHandle); } }
/** * Determines the type of a process based on its image file name. * * \param ProcessHandle A handle to a process. * \param KnownProcessType A variable which receives the process * type. */ NTSTATUS PhGetProcessKnownType( __in HANDLE ProcessHandle, __out PH_KNOWN_PROCESS_TYPE *KnownProcessType ) { NTSTATUS status; PH_KNOWN_PROCESS_TYPE knownProcessType; PROCESS_BASIC_INFORMATION basicInfo; PH_STRINGREF systemRootPrefix; PPH_STRING fileName; PPH_STRING newFileName; PH_STRINGREF name; #ifdef _M_X64 BOOLEAN isWow64 = FALSE; #endif if (!NT_SUCCESS(status = PhGetProcessBasicInformation( ProcessHandle, &basicInfo ))) return status; if (basicInfo.UniqueProcessId == SYSTEM_PROCESS_ID) { *KnownProcessType = SystemProcessType; return STATUS_SUCCESS; } PhGetSystemRoot(&systemRootPrefix); if (!NT_SUCCESS(status = PhGetProcessImageFileName( ProcessHandle, &fileName ))) { return status; } newFileName = PhGetFileName(fileName); PhDereferenceObject(fileName); name = newFileName->sr; knownProcessType = UnknownProcessType; if (PhStartsWithStringRef(&name, &systemRootPrefix, TRUE)) { // Skip the system root, and we now have three cases: // 1. \\xyz.exe - Windows executable. // 2. \\System32\\xyz.exe - system32 executable. // 3. \\SysWow64\\xyz.exe - system32 executable + WOW64. name.Buffer += systemRootPrefix.Length / 2; name.Length -= systemRootPrefix.Length; if (PhEqualStringRef2(&name, L"\\explorer.exe", TRUE)) { knownProcessType = ExplorerProcessType; } else if ( PhStartsWithStringRef2(&name, L"\\System32", TRUE) #ifdef _M_X64 || (PhStartsWithStringRef2(&name, L"\\SysWow64", TRUE) && (isWow64 = TRUE, TRUE)) // ugly but necessary #endif ) { // SysTem32 and SysWow64 are both 8 characters long. name.Buffer += 9; name.Length -= 9 * 2; if (FALSE) ; // Dummy else if (PhEqualStringRef2(&name, L"\\smss.exe", TRUE)) knownProcessType = SessionManagerProcessType; else if (PhEqualStringRef2(&name, L"\\csrss.exe", TRUE)) knownProcessType = WindowsSubsystemProcessType; else if (PhEqualStringRef2(&name, L"\\wininit.exe", TRUE)) knownProcessType = WindowsStartupProcessType; else if (PhEqualStringRef2(&name, L"\\services.exe", TRUE)) knownProcessType = ServiceControlManagerProcessType; else if (PhEqualStringRef2(&name, L"\\lsass.exe", TRUE)) knownProcessType = LocalSecurityAuthorityProcessType; else if (PhEqualStringRef2(&name, L"\\lsm.exe", TRUE)) knownProcessType = LocalSessionManagerProcessType; else if (PhEqualStringRef2(&name, L"\\winlogon.exe", TRUE)) knownProcessType = WindowsLogonProcessType; else if (PhEqualStringRef2(&name, L"\\svchost.exe", TRUE)) knownProcessType = ServiceHostProcessType; else if (PhEqualStringRef2(&name, L"\\rundll32.exe", TRUE)) knownProcessType = RunDllAsAppProcessType; else if (PhEqualStringRef2(&name, L"\\dllhost.exe", TRUE)) knownProcessType = ComSurrogateProcessType; else if (PhEqualStringRef2(&name, L"\\taskeng.exe", TRUE)) knownProcessType = TaskHostProcessType; else if (PhEqualStringRef2(&name, L"\\taskhost.exe", TRUE)) knownProcessType = TaskHostProcessType; } } PhDereferenceObject(newFileName); #ifdef _M_X64 if (isWow64) knownProcessType |= KnownProcessWow64; #endif *KnownProcessType = knownProcessType; return status; }
INT_PTR CALLBACK PhpColumnSetEditorDlgProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { PCOLUMNSET_DIALOG_CONTEXT context = NULL; if (uMsg == WM_INITDIALOG) { context = PhAllocate(sizeof(COLUMNSET_DIALOG_CONTEXT)); memset(context, 0, sizeof(COLUMNSET_DIALOG_CONTEXT)); context->SettingName = PhCreateString((PWSTR)lParam); SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context); } else { context = (PCOLUMNSET_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom()); } if (!context) return FALSE; switch (uMsg) { case WM_INITDIALOG: { context->DialogHandle = hwndDlg; context->ListViewHandle = GetDlgItem(hwndDlg, IDC_COLUMNSETLIST); context->RenameButtonHandle = GetDlgItem(hwndDlg, IDC_RENAME); context->MoveUpButtonHandle = GetDlgItem(hwndDlg, IDC_MOVEUP); context->MoveDownButtonHandle = GetDlgItem(hwndDlg, IDC_MOVEDOWN); context->RemoveButtonHandle = GetDlgItem(hwndDlg, IDC_REMOVE); PhCenterWindow(hwndDlg, GetParent(hwndDlg)); PhSetListViewStyle(context->ListViewHandle, FALSE, TRUE); PhSetControlTheme(context->ListViewHandle, L"explorer"); PhAddListViewColumn(context->ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 250, L"Name"); PhSetExtendedListView(context->ListViewHandle); context->ColumnSetList = PhInitializeColumnSetList(PhGetString(context->SettingName)); for (ULONG i = 0; i < context->ColumnSetList->Count; i++) { PPH_COLUMN_SET_ENTRY entry = context->ColumnSetList->Items[i]; PhAddListViewItem(context->ListViewHandle, MAXINT, entry->Name->Buffer, entry); } Button_Enable(context->RenameButtonHandle, FALSE); Button_Enable(context->MoveUpButtonHandle, FALSE); Button_Enable(context->MoveDownButtonHandle, FALSE); Button_Enable(context->RemoveButtonHandle, FALSE); } break; case WM_DESTROY: { PhDeleteColumnSetList(context->ColumnSetList); RemoveProp(hwndDlg, PhMakeContextAtom()); PhFree(context); } break; case WM_COMMAND: { switch (GET_WM_COMMAND_ID(wParam, lParam)) { case IDCANCEL: EndDialog(hwndDlg, IDCANCEL); break; case IDOK: { if (context->LabelEditActive) break; PhSaveSettingsColumnList(PhGetString(context->SettingName), context->ColumnSetList); EndDialog(hwndDlg, IDOK); } break; case IDC_RENAME: { INT lvItemIndex; lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED); if (lvItemIndex != -1) { SetFocus(context->ListViewHandle); ListView_EditLabel(context->ListViewHandle, lvItemIndex); } } break; case IDC_MOVEUP: { INT lvItemIndex; PPH_COLUMN_SET_ENTRY entry; ULONG index; PhpMoveSelectedListViewItemUp(context->ListViewHandle); lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED); if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry)) { index = PhFindItemList(context->ColumnSetList, entry); if (index != -1) { PhRemoveItemList(context->ColumnSetList, index); PhInsertItemList(context->ColumnSetList, lvItemIndex, entry); } } } break; case IDC_MOVEDOWN: { INT lvItemIndex; PPH_COLUMN_SET_ENTRY entry; ULONG index; PhpMoveSelectedListViewItemDown(context->ListViewHandle); lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED); if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry)) { index = PhFindItemList(context->ColumnSetList, entry); if (index != -1) { PhRemoveItemList(context->ColumnSetList, index); PhInsertItemList(context->ColumnSetList, lvItemIndex, entry); } } } break; case IDC_REMOVE: { INT lvItemIndex; PPH_COLUMN_SET_ENTRY entry; ULONG index; lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED); if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry)) { index = PhFindItemList(context->ColumnSetList, entry); if (index != -1) { PhRemoveItemList(context->ColumnSetList, index); PhRemoveListViewItem(context->ListViewHandle, lvItemIndex); PhClearReference(&entry->Name); PhClearReference(&entry->Setting); PhClearReference(&entry->Sorting); PhFree(entry); } SetFocus(context->ListViewHandle); ListView_SetItemState(context->ListViewHandle, 0, LVNI_SELECTED, LVNI_SELECTED); //ListView_EnsureVisible(context->ListViewHandle, 0, FALSE); } } break; } } break; case WM_NOTIFY: { LPNMHDR header = (LPNMHDR)lParam; switch (header->code) { case NM_DBLCLK: { INT lvItemIndex; lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED); if (lvItemIndex != -1) { SetFocus(context->ListViewHandle); ListView_EditLabel(context->ListViewHandle, lvItemIndex); } } break; case LVN_ITEMCHANGED: { LPNMLISTVIEW listview = (LPNMLISTVIEW)lParam; INT index; INT lvItemIndex; INT count; index = listview->iItem; lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED); count = ListView_GetItemCount(context->ListViewHandle); if (count == 0 || index == -1 || lvItemIndex == -1) { Button_Enable(context->RenameButtonHandle, FALSE); Button_Enable(context->MoveUpButtonHandle, FALSE); Button_Enable(context->MoveDownButtonHandle, FALSE); Button_Enable(context->RemoveButtonHandle, FALSE); break; } if (index != lvItemIndex) break; if (index == 0 && count == 1) { // First and last item Button_Enable(context->MoveUpButtonHandle, FALSE); Button_Enable(context->MoveDownButtonHandle, FALSE); } else if (index == (count - 1)) { // Last item Button_Enable(context->MoveUpButtonHandle, TRUE); Button_Enable(context->MoveDownButtonHandle, FALSE); } else if (index == 0) { // First item Button_Enable(context->MoveUpButtonHandle, FALSE); Button_Enable(context->MoveDownButtonHandle, TRUE); } else { Button_Enable(context->MoveUpButtonHandle, TRUE); Button_Enable(context->MoveDownButtonHandle, TRUE); } Button_Enable(context->RenameButtonHandle, TRUE); Button_Enable(context->RemoveButtonHandle, TRUE); } break; case LVN_BEGINLABELEDIT: context->LabelEditActive = TRUE; break; case LVN_ENDLABELEDIT: { LV_DISPINFO* lvinfo = (LV_DISPINFO*)lParam; if (lvinfo->item.iItem != -1 && lvinfo->item.pszText) { BOOLEAN found = FALSE; PPH_COLUMN_SET_ENTRY entry; ULONG index; for (ULONG i = 0; i < context->ColumnSetList->Count; i++) { entry = context->ColumnSetList->Items[i]; if (PhEqualStringRef2(&entry->Name->sr, lvinfo->item.pszText, FALSE)) { found = TRUE; break; } } if (!found && PhGetListViewItemParam(context->ListViewHandle, lvinfo->item.iItem, (PVOID *)&entry)) { index = PhFindItemList(context->ColumnSetList, entry); if (index != -1) { PhMoveReference(&entry->Name, PhCreateString(lvinfo->item.pszText)); ListView_SetItemText(context->ListViewHandle, lvinfo->item.iItem, 0, lvinfo->item.pszText); } } } context->LabelEditActive = FALSE; } break; } } break; } return FALSE; }