INT_PTR CALLBACK PhpProcessRecordDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
PPROCESS_RECORD_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PPROCESS_RECORD_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
else
{
context = (PPROCESS_RECORD_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (uMsg == WM_DESTROY)
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
PH_IMAGE_VERSION_INFO versionInfo;
BOOLEAN versionInfoInitialized;
PPH_STRING processNameString;
PPH_PROCESS_ITEM processItem;
if (!PH_IS_FAKE_PROCESS_ID(context->Record->ProcessId))
{
processNameString = PhaFormatString(L"%s (%u)",
context->Record->ProcessName->Buffer, (ULONG)context->Record->ProcessId);
}
else
{
processNameString = context->Record->ProcessName;
}
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
SetWindowText(hwndDlg, processNameString->Buffer);
SetDlgItemText(hwndDlg, IDC_PROCESSNAME, processNameString->Buffer);
if (processItem = PhReferenceProcessItemForRecord(context->Record))
{
PPH_PROCESS_ITEM parentProcess;
if (parentProcess = PhReferenceProcessItemForParent(
processItem->ParentProcessId,
processItem->ProcessId,
&processItem->CreateTime
))
{
CLIENT_ID clientId;
clientId.UniqueProcess = parentProcess->ProcessId;
clientId.UniqueThread = NULL;
SetDlgItemText(hwndDlg, IDC_PARENT,
((PPH_STRING)PHA_DEREFERENCE(PhGetClientIdNameEx(&clientId, parentProcess->ProcessName)))->Buffer);
PhDereferenceObject(parentProcess);
}
else
{
SetDlgItemText(hwndDlg, IDC_PARENT, PhaFormatString(L"Non-existent process (%u)",
(ULONG)context->Record->ParentProcessId)->Buffer);
}
PhDereferenceObject(processItem);
}
else
{
SetDlgItemText(hwndDlg, IDC_PARENT, PhaFormatString(L"Unknown process (%u)",
(ULONG)context->Record->ParentProcessId)->Buffer);
EnableWindow(GetDlgItem(hwndDlg, IDC_PROPERTIES), FALSE);
}
memset(&versionInfo, 0, sizeof(PH_IMAGE_VERSION_INFO));
versionInfoInitialized = FALSE;
if (context->Record->FileName)
{
if (PhInitializeImageVersionInfo(&versionInfo, context->Record->FileName->Buffer))
versionInfoInitialized = TRUE;
}
context->FileIcon = PhGetFileShellIcon(PhGetString(context->Record->FileName), L".exe", TRUE);
SendMessage(GetDlgItem(hwndDlg, IDC_OPENFILENAME), BM_SETIMAGE, IMAGE_BITMAP,
(LPARAM)PH_LOAD_SHARED_IMAGE(MAKEINTRESOURCE(IDB_FOLDER), IMAGE_BITMAP));
SendMessage(GetDlgItem(hwndDlg, IDC_FILEICON), STM_SETICON,
(WPARAM)context->FileIcon, 0);
SetDlgItemText(hwndDlg, IDC_NAME, PhpGetStringOrNa(versionInfo.FileDescription));
SetDlgItemText(hwndDlg, IDC_COMPANYNAME, PhpGetStringOrNa(versionInfo.CompanyName));
SetDlgItemText(hwndDlg, IDC_VERSION, PhpGetStringOrNa(versionInfo.FileVersion));
SetDlgItemText(hwndDlg, IDC_FILENAME, PhpGetStringOrNa(context->Record->FileName));
if (versionInfoInitialized)
PhDeleteImageVersionInfo(&versionInfo);
if (!context->Record->FileName)
EnableWindow(GetDlgItem(hwndDlg, IDC_OPENFILENAME), FALSE);
SetDlgItemText(hwndDlg, IDC_CMDLINE, PhpGetStringOrNa(context->Record->CommandLine));
if (context->Record->CreateTime.QuadPart != 0)
SetDlgItemText(hwndDlg, IDC_STARTED, PhapGetRelativeTimeString(&context->Record->CreateTime)->Buffer);
else
SetDlgItemText(hwndDlg, IDC_STARTED, L"N/A");
if (context->Record->ExitTime.QuadPart != 0)
SetDlgItemText(hwndDlg, IDC_TERMINATED, PhapGetRelativeTimeString(&context->Record->ExitTime)->Buffer);
else
SetDlgItemText(hwndDlg, IDC_TERMINATED, L"N/A");
SetDlgItemInt(hwndDlg, IDC_SESSIONID, context->Record->SessionId, FALSE);
}
break;
case WM_DESTROY:
{
if (context->FileIcon)
DestroyIcon(context->FileIcon);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
{
EndDialog(hwndDlg, IDOK);
}
break;
case IDC_OPENFILENAME:
{
if (context->Record->FileName)
PhShellExploreFile(hwndDlg, context->Record->FileName->Buffer);
}
break;
case IDC_PROPERTIES:
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItemForRecord(context->Record))
{
ProcessHacker_ShowProcessProperties(PhMainWndHandle, processItem);
PhDereferenceObject(processItem);
}
else
{
PhShowError(hwndDlg, L"The process has already terminated; only the process record is available.");
}
}
break;
}
}
break;
}
return FALSE;
}
static VOID PhpRefreshProcessList(
_In_ HWND hwndDlg,
_In_ PCHOOSE_PROCESS_DIALOG_CONTEXT Context
)
{
NTSTATUS status;
HWND lvHandle;
PVOID processes;
PSYSTEM_PROCESS_INFORMATION process;
lvHandle = Context->ListViewHandle;
ListView_DeleteAllItems(lvHandle);
ImageList_RemoveAll(Context->ImageList);
if (!NT_SUCCESS(status = PhEnumProcesses(&processes)))
{
PhShowStatus(hwndDlg, L"Unable to enumerate processes", status, 0);
return;
}
ExtendedListView_SetRedraw(lvHandle, FALSE);
process = PH_FIRST_PROCESS(processes);
do
{
INT lvItemIndex;
PPH_STRING name;
HANDLE processHandle;
PPH_STRING fileName = NULL;
HICON icon = NULL;
WCHAR processIdString[PH_INT32_STR_LEN_1];
PPH_STRING userName = NULL;
INT imageIndex;
if (process->UniqueProcessId != SYSTEM_IDLE_PROCESS_ID)
name = PhCreateStringFromUnicodeString(&process->ImageName);
else
name = PhCreateString(SYSTEM_IDLE_PROCESS_NAME);
lvItemIndex = PhAddListViewItem(lvHandle, MAXINT, name->Buffer, process->UniqueProcessId);
PhDereferenceObject(name);
if (NT_SUCCESS(PhOpenProcess(&processHandle, ProcessQueryAccess, process->UniqueProcessId)))
{
HANDLE tokenHandle;
PTOKEN_USER user;
if (!WINDOWS_HAS_IMAGE_FILE_NAME_BY_PROCESS_ID && process->UniqueProcessId != SYSTEM_PROCESS_ID)
PhGetProcessImageFileName(processHandle, &fileName);
if (NT_SUCCESS(PhOpenProcessToken(&tokenHandle, TOKEN_QUERY, processHandle)))
{
if (NT_SUCCESS(PhGetTokenUser(tokenHandle, &user)))
{
userName = PhGetSidFullName(user->User.Sid, TRUE, NULL);
PhFree(user);
}
NtClose(tokenHandle);
}
NtClose(processHandle);
}
if (process->UniqueProcessId == SYSTEM_IDLE_PROCESS_ID && !userName && PhLocalSystemName)
PhSetReference(&userName, PhLocalSystemName);
if (WINDOWS_HAS_IMAGE_FILE_NAME_BY_PROCESS_ID && process->UniqueProcessId != SYSTEM_PROCESS_ID)
PhGetProcessImageFileNameByProcessId(process->UniqueProcessId, &fileName);
if (process->UniqueProcessId == SYSTEM_PROCESS_ID)
fileName = PhGetKernelFileName();
if (fileName)
PhMoveReference(&fileName, PhGetFileName(fileName));
icon = PhGetFileShellIcon(PhGetString(fileName), L".exe", FALSE);
// Icon
if (icon)
{
imageIndex = ImageList_AddIcon(Context->ImageList, icon);
PhSetListViewItemImageIndex(Context->ListViewHandle, lvItemIndex, imageIndex);
DestroyIcon(icon);
}
// PID
PhPrintUInt32(processIdString, HandleToUlong(process->UniqueProcessId));
PhSetListViewSubItem(Context->ListViewHandle, lvItemIndex, 1, processIdString);
// User Name
PhSetListViewSubItem(Context->ListViewHandle, lvItemIndex, 2, PhGetString(userName));
if (userName) PhDereferenceObject(userName);
if (fileName) PhDereferenceObject(fileName);
} while (process = PH_NEXT_PROCESS(process));
PhFree(processes);
ExtendedListView_SortItems(lvHandle);
ExtendedListView_SetRedraw(lvHandle, TRUE);
}
static VOID DbgProcessLogMessageEntry(
_Inout_ PPH_DBGEVENTS_CONTEXT Context,
_In_ BOOLEAN GlobalEvents
)
{
NTSTATUS status;
PDBWIN_PAGE_BUFFER debugMessageBuffer;
PDEBUG_LOG_ENTRY entry = NULL;
HANDLE processHandle = NULL;
PPH_STRING fileName = NULL;
HICON icon = NULL;
debugMessageBuffer = GlobalEvents ? Context->GlobalDebugBuffer : Context->LocalDebugBuffer;
entry = PhAllocate(sizeof(DEBUG_LOG_ENTRY));
memset(entry, 0, sizeof(DEBUG_LOG_ENTRY));
PhQuerySystemTime(&entry->Time);
entry->ProcessId = UlongToHandle(debugMessageBuffer->ProcessId);
entry->Message = PhConvertMultiByteToUtf16(debugMessageBuffer->Buffer);
if (WINDOWS_HAS_IMAGE_FILE_NAME_BY_PROCESS_ID)
{
status = PhGetProcessImageFileNameByProcessId(entry->ProcessId, &fileName);
}
else
{
if (NT_SUCCESS(status = PhOpenProcess(&processHandle, ProcessQueryAccess, entry->ProcessId)))
{
status = PhGetProcessImageFileName(processHandle, &fileName);
NtClose(processHandle);
}
}
if (!NT_SUCCESS(status))
fileName = PhGetKernelFileName();
PhSwapReference2(&fileName, PhGetFileName(fileName));
icon = PhGetFileShellIcon(PhGetString(fileName), L".exe", TRUE);
if (icon)
{
entry->ImageIndex = ImageList_AddIcon(Context->ListViewImageList, icon);
DestroyIcon(icon);
}
entry->FilePath = fileName;
entry->ProcessName = PhGetBaseName(fileName);
// Drop event if it matches a filter
for (ULONG i = 0; i < Context->ExcludeList->Count; i++)
{
PDBG_FILTER_TYPE filterEntry = Context->ExcludeList->Items[i];
if (filterEntry->Type == FilterByName)
{
if (PhEqualString(filterEntry->ProcessName, entry->ProcessName, TRUE))
{
DbgFreeLogEntry(entry);
return;
}
}
else if (filterEntry->Type == FilterByPid)
{
if (filterEntry->ProcessId == entry->ProcessId)
{
DbgFreeLogEntry(entry);
return;
}
}
}
DbgAddLogEntry(Context, entry);
}
