static VOID ReadCurrentUserRun(
VOID
)
{
HANDLE keyHandle;
PPH_STRING value;
CurrentUserRunPresent = FALSE;
CurrentUserRunStartHidden = FALSE;
if (NT_SUCCESS(PhOpenKey(
&keyHandle,
KEY_READ,
PH_KEY_CURRENT_USER,
&CurrentUserRunKeyName,
0
)))
{
if (value = PhQueryRegistryString(keyHandle, L"Process Hacker 2"))
{
PH_STRINGREF fileName;
PH_STRINGREF arguments;
PPH_STRING fullFileName;
PH_AUTO(value);
if (PhParseCommandLineFuzzy(&value->sr, &fileName, &arguments, &fullFileName))
{
PH_AUTO(fullFileName);
if (fullFileName && PhEqualString(fullFileName, PhApplicationFileName, TRUE))
{
CurrentUserRunPresent = TRUE;
CurrentUserRunStartHidden = PhEqualStringRef2(&arguments, L"-hide", FALSE);
}
}
}
NtClose(keyHandle);
}
}
/**
* Determines the type of a process based on its image file name.
*
* \param ProcessHandle A handle to a process.
* \param KnownProcessType A variable which receives the process
* type.
*/
NTSTATUS PhGetProcessKnownType(
__in HANDLE ProcessHandle,
__out PH_KNOWN_PROCESS_TYPE *KnownProcessType
)
{
NTSTATUS status;
PH_KNOWN_PROCESS_TYPE knownProcessType;
PROCESS_BASIC_INFORMATION basicInfo;
PH_STRINGREF systemRootPrefix;
PPH_STRING fileName;
PPH_STRING newFileName;
PH_STRINGREF name;
#ifdef _M_X64
BOOLEAN isWow64 = FALSE;
#endif
if (!NT_SUCCESS(status = PhGetProcessBasicInformation(
ProcessHandle,
&basicInfo
)))
return status;
if (basicInfo.UniqueProcessId == SYSTEM_PROCESS_ID)
{
*KnownProcessType = SystemProcessType;
return STATUS_SUCCESS;
}
PhGetSystemRoot(&systemRootPrefix);
if (!NT_SUCCESS(status = PhGetProcessImageFileName(
ProcessHandle,
&fileName
)))
{
return status;
}
newFileName = PhGetFileName(fileName);
PhDereferenceObject(fileName);
name = newFileName->sr;
knownProcessType = UnknownProcessType;
if (PhStartsWithStringRef(&name, &systemRootPrefix, TRUE))
{
// Skip the system root, and we now have three cases:
// 1. \\xyz.exe - Windows executable.
// 2. \\System32\\xyz.exe - system32 executable.
// 3. \\SysWow64\\xyz.exe - system32 executable + WOW64.
name.Buffer += systemRootPrefix.Length / 2;
name.Length -= systemRootPrefix.Length;
if (PhEqualStringRef2(&name, L"\\explorer.exe", TRUE))
{
knownProcessType = ExplorerProcessType;
}
else if (
PhStartsWithStringRef2(&name, L"\\System32", TRUE)
#ifdef _M_X64
|| (PhStartsWithStringRef2(&name, L"\\SysWow64", TRUE) && (isWow64 = TRUE, TRUE)) // ugly but necessary
#endif
)
{
// SysTem32 and SysWow64 are both 8 characters long.
name.Buffer += 9;
name.Length -= 9 * 2;
if (FALSE)
; // Dummy
else if (PhEqualStringRef2(&name, L"\\smss.exe", TRUE))
knownProcessType = SessionManagerProcessType;
else if (PhEqualStringRef2(&name, L"\\csrss.exe", TRUE))
knownProcessType = WindowsSubsystemProcessType;
else if (PhEqualStringRef2(&name, L"\\wininit.exe", TRUE))
knownProcessType = WindowsStartupProcessType;
else if (PhEqualStringRef2(&name, L"\\services.exe", TRUE))
knownProcessType = ServiceControlManagerProcessType;
else if (PhEqualStringRef2(&name, L"\\lsass.exe", TRUE))
knownProcessType = LocalSecurityAuthorityProcessType;
else if (PhEqualStringRef2(&name, L"\\lsm.exe", TRUE))
knownProcessType = LocalSessionManagerProcessType;
else if (PhEqualStringRef2(&name, L"\\winlogon.exe", TRUE))
knownProcessType = WindowsLogonProcessType;
else if (PhEqualStringRef2(&name, L"\\svchost.exe", TRUE))
knownProcessType = ServiceHostProcessType;
else if (PhEqualStringRef2(&name, L"\\rundll32.exe", TRUE))
knownProcessType = RunDllAsAppProcessType;
else if (PhEqualStringRef2(&name, L"\\dllhost.exe", TRUE))
knownProcessType = ComSurrogateProcessType;
else if (PhEqualStringRef2(&name, L"\\taskeng.exe", TRUE))
knownProcessType = TaskHostProcessType;
else if (PhEqualStringRef2(&name, L"\\taskhost.exe", TRUE))
knownProcessType = TaskHostProcessType;
}
}
PhDereferenceObject(newFileName);
#ifdef _M_X64
if (isWow64)
knownProcessType |= KnownProcessWow64;
#endif
*KnownProcessType = knownProcessType;
return status;
}
INT_PTR CALLBACK PhpColumnSetEditorDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PCOLUMNSET_DIALOG_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = PhAllocate(sizeof(COLUMNSET_DIALOG_CONTEXT));
memset(context, 0, sizeof(COLUMNSET_DIALOG_CONTEXT));
context->SettingName = PhCreateString((PWSTR)lParam);
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
else
{
context = (PCOLUMNSET_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
context->DialogHandle = hwndDlg;
context->ListViewHandle = GetDlgItem(hwndDlg, IDC_COLUMNSETLIST);
context->RenameButtonHandle = GetDlgItem(hwndDlg, IDC_RENAME);
context->MoveUpButtonHandle = GetDlgItem(hwndDlg, IDC_MOVEUP);
context->MoveDownButtonHandle = GetDlgItem(hwndDlg, IDC_MOVEDOWN);
context->RemoveButtonHandle = GetDlgItem(hwndDlg, IDC_REMOVE);
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhSetListViewStyle(context->ListViewHandle, FALSE, TRUE);
PhSetControlTheme(context->ListViewHandle, L"explorer");
PhAddListViewColumn(context->ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 250, L"Name");
PhSetExtendedListView(context->ListViewHandle);
context->ColumnSetList = PhInitializeColumnSetList(PhGetString(context->SettingName));
for (ULONG i = 0; i < context->ColumnSetList->Count; i++)
{
PPH_COLUMN_SET_ENTRY entry = context->ColumnSetList->Items[i];
PhAddListViewItem(context->ListViewHandle, MAXINT, entry->Name->Buffer, entry);
}
Button_Enable(context->RenameButtonHandle, FALSE);
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
Button_Enable(context->RemoveButtonHandle, FALSE);
}
break;
case WM_DESTROY:
{
PhDeleteColumnSetList(context->ColumnSetList);
RemoveProp(hwndDlg, PhMakeContextAtom());
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (GET_WM_COMMAND_ID(wParam, lParam))
{
case IDCANCEL:
EndDialog(hwndDlg, IDCANCEL);
break;
case IDOK:
{
if (context->LabelEditActive)
break;
PhSaveSettingsColumnList(PhGetString(context->SettingName), context->ColumnSetList);
EndDialog(hwndDlg, IDOK);
}
break;
case IDC_RENAME:
{
INT lvItemIndex;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1)
{
SetFocus(context->ListViewHandle);
ListView_EditLabel(context->ListViewHandle, lvItemIndex);
}
}
break;
case IDC_MOVEUP:
{
INT lvItemIndex;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
PhpMoveSelectedListViewItemUp(context->ListViewHandle);
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhRemoveItemList(context->ColumnSetList, index);
PhInsertItemList(context->ColumnSetList, lvItemIndex, entry);
}
}
}
break;
case IDC_MOVEDOWN:
{
INT lvItemIndex;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
PhpMoveSelectedListViewItemDown(context->ListViewHandle);
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhRemoveItemList(context->ColumnSetList, index);
PhInsertItemList(context->ColumnSetList, lvItemIndex, entry);
}
}
}
break;
case IDC_REMOVE:
{
INT lvItemIndex;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhRemoveItemList(context->ColumnSetList, index);
PhRemoveListViewItem(context->ListViewHandle, lvItemIndex);
PhClearReference(&entry->Name);
PhClearReference(&entry->Setting);
PhClearReference(&entry->Sorting);
PhFree(entry);
}
SetFocus(context->ListViewHandle);
ListView_SetItemState(context->ListViewHandle, 0, LVNI_SELECTED, LVNI_SELECTED);
//ListView_EnsureVisible(context->ListViewHandle, 0, FALSE);
}
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
INT lvItemIndex;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1)
{
SetFocus(context->ListViewHandle);
ListView_EditLabel(context->ListViewHandle, lvItemIndex);
}
}
break;
case LVN_ITEMCHANGED:
{
LPNMLISTVIEW listview = (LPNMLISTVIEW)lParam;
INT index;
INT lvItemIndex;
INT count;
index = listview->iItem;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
count = ListView_GetItemCount(context->ListViewHandle);
if (count == 0 || index == -1 || lvItemIndex == -1)
{
Button_Enable(context->RenameButtonHandle, FALSE);
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
Button_Enable(context->RemoveButtonHandle, FALSE);
break;
}
if (index != lvItemIndex)
break;
if (index == 0 && count == 1)
{
// First and last item
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
}
else if (index == (count - 1))
{
// Last item
Button_Enable(context->MoveUpButtonHandle, TRUE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
}
else if (index == 0)
{
// First item
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, TRUE);
}
else
{
Button_Enable(context->MoveUpButtonHandle, TRUE);
Button_Enable(context->MoveDownButtonHandle, TRUE);
}
Button_Enable(context->RenameButtonHandle, TRUE);
Button_Enable(context->RemoveButtonHandle, TRUE);
}
break;
case LVN_BEGINLABELEDIT:
context->LabelEditActive = TRUE;
break;
case LVN_ENDLABELEDIT:
{
LV_DISPINFO* lvinfo = (LV_DISPINFO*)lParam;
if (lvinfo->item.iItem != -1 && lvinfo->item.pszText)
{
BOOLEAN found = FALSE;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
for (ULONG i = 0; i < context->ColumnSetList->Count; i++)
{
entry = context->ColumnSetList->Items[i];
if (PhEqualStringRef2(&entry->Name->sr, lvinfo->item.pszText, FALSE))
{
found = TRUE;
break;
}
}
if (!found && PhGetListViewItemParam(context->ListViewHandle, lvinfo->item.iItem, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhMoveReference(&entry->Name, PhCreateString(lvinfo->item.pszText));
ListView_SetItemText(context->ListViewHandle, lvinfo->item.iItem, 0, lvinfo->item.pszText);
}
}
}
context->LabelEditActive = FALSE;
}
break;
}
}
break;
}
return FALSE;
}
