VOID PhpQueueThreadWorkQueueItem(
__in PTHREAD_START_ROUTINE Function,
__in_opt PVOID Context
)
{
if (PhBeginInitOnce(&PhThreadProviderWorkQueueInitOnce))
{
PhInitializeWorkQueue(&PhThreadProviderWorkQueue, 0, 1, 1000);
PhEndInitOnce(&PhThreadProviderWorkQueueInitOnce);
}
PhQueueItemWorkQueue(&PhThreadProviderWorkQueue, Function, Context);
}
static VOID QueueDnsCacheUpdateThread(
VOID
)
{
if (PhBeginInitOnce(&DnsUpdateQueueInitOnce))
{
PhInitializeWorkQueue(&DnsUpdateQueue, 0, 1, 500);
PhEndInitOnce(&DnsUpdateQueueInitOnce);
}
if (DnsUpdateQueue.BusyCount < 1) // One update at a time
PhQueueItemWorkQueue(&DnsUpdateQueue, DnsCacheUpdateThread, 0);
}
/**
* Queues a work item to the global work queue.
*
* \param Function A function to execute.
* \param Context A user-defined value to pass to the function.
*/
VOID PhQueueItemGlobalWorkQueue(
_In_ PUSER_THREAD_START_ROUTINE Function,
_In_opt_ PVOID Context
)
{
if (PhBeginInitOnce(&PhGlobalWorkQueueInitOnce))
{
PhInitializeWorkQueue(
&PhGlobalWorkQueue,
0,
3,
1000
);
PhEndInitOnce(&PhGlobalWorkQueueInitOnce);
}
PhQueueItemWorkQueue(
&PhGlobalWorkQueue,
Function,
Context
);
}
static NTSTATUS PhpFindObjectsThreadStart(
_In_ PVOID Parameter
)
{
NTSTATUS status = STATUS_SUCCESS;
PSYSTEM_HANDLE_INFORMATION_EX handles;
PPH_HASHTABLE processHandleHashtable;
PVOID processes;
PSYSTEM_PROCESS_INFORMATION process;
ULONG i;
// Refuse to search with no filter.
if (SearchString->Length == 0)
goto Exit;
// Try to get a search pointer from the search string.
UseSearchPointer = PhStringToInteger64(&SearchString->sr, 0, &SearchPointer);
_wcsupr(SearchString->Buffer);
if (NT_SUCCESS(status = PhEnumHandlesEx(&handles)))
{
static PH_INITONCE initOnce = PH_INITONCE_INIT;
static ULONG fileObjectTypeIndex = -1;
BOOLEAN useWorkQueue = FALSE;
PH_WORK_QUEUE workQueue;
processHandleHashtable = PhCreateSimpleHashtable(8);
if (!KphIsConnected() && WindowsVersion >= WINDOWS_VISTA)
{
useWorkQueue = TRUE;
PhInitializeWorkQueue(&workQueue, 1, 20, 1000);
if (PhBeginInitOnce(&initOnce))
{
UNICODE_STRING fileTypeName;
RtlInitUnicodeString(&fileTypeName, L"File");
fileObjectTypeIndex = PhGetObjectTypeNumber(&fileTypeName);
PhEndInitOnce(&initOnce);
}
}
for (i = 0; i < handles->NumberOfHandles; i++)
{
PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo = &handles->Handles[i];
PVOID *processHandlePtr;
HANDLE processHandle;
if (SearchStop)
break;
// Open a handle to the process if we don't already have one.
processHandlePtr = PhFindItemSimpleHashtable(
processHandleHashtable,
(PVOID)handleInfo->UniqueProcessId
);
if (processHandlePtr)
{
processHandle = (HANDLE)*processHandlePtr;
}
else
{
if (NT_SUCCESS(PhOpenProcess(
&processHandle,
PROCESS_DUP_HANDLE,
(HANDLE)handleInfo->UniqueProcessId
)))
{
PhAddItemSimpleHashtable(
processHandleHashtable,
(PVOID)handleInfo->UniqueProcessId,
processHandle
);
}
else
{
continue;
}
}
if (useWorkQueue && handleInfo->ObjectTypeIndex == (USHORT)fileObjectTypeIndex)
{
PSEARCH_HANDLE_CONTEXT searchHandleContext;
searchHandleContext = PhAllocate(sizeof(SEARCH_HANDLE_CONTEXT));
searchHandleContext->NeedToFree = TRUE;
searchHandleContext->HandleInfo = handleInfo;
searchHandleContext->ProcessHandle = processHandle;
PhQueueItemWorkQueue(&workQueue, SearchHandleFunction, searchHandleContext);
}
else
{
SEARCH_HANDLE_CONTEXT searchHandleContext;
searchHandleContext.NeedToFree = FALSE;
searchHandleContext.HandleInfo = handleInfo;
searchHandleContext.ProcessHandle = processHandle;
SearchHandleFunction(&searchHandleContext);
}
}
if (useWorkQueue)
{
PhWaitForWorkQueue(&workQueue);
PhDeleteWorkQueue(&workQueue);
}
{
PPH_KEY_VALUE_PAIR entry;
i = 0;
while (PhEnumHashtable(processHandleHashtable, &entry, &i))
NtClose((HANDLE)entry->Value);
}
PhDereferenceObject(processHandleHashtable);
PhFree(handles);
}
if (NT_SUCCESS(PhEnumProcesses(&processes)))
{
process = PH_FIRST_PROCESS(processes);
do
{
PhEnumGenericModules(
process->UniqueProcessId,
NULL,
PH_ENUM_GENERIC_MAPPED_FILES | PH_ENUM_GENERIC_MAPPED_IMAGES,
EnumModulesCallback,
(PVOID)process->UniqueProcessId
);
} while (process = PH_NEXT_PROCESS(process));
PhFree(processes);
}
Exit:
PostMessage(PhFindObjectsWindowHandle, WM_PH_SEARCH_FINISHED, status, 0);
return STATUS_SUCCESS;
}
static INT_PTR CALLBACK NetworkPingWndProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PNETWORK_OUTPUT_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PNETWORK_OUTPUT_CONTEXT)lParam;
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PNETWORK_OUTPUT_CONTEXT)GetProp(hwndDlg, L"Context");
}
if (context == NULL)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
PH_RECTANGLE windowRectangle;
PPH_LAYOUT_ITEM panelItem;
// We have already set the group boxes to have WS_EX_TRANSPARENT to fix
// the drawing issue that arises when using WS_CLIPCHILDREN. However
// in removing the flicker from the graphs the group boxes will now flicker.
// It's a good tradeoff since no one stares at the group boxes.
PhSetWindowStyle(hwndDlg, WS_CLIPCHILDREN, WS_CLIPCHILDREN);
context->WindowHandle = hwndDlg;
context->ParentHandle = GetParent(hwndDlg);
context->StatusHandle = GetDlgItem(hwndDlg, IDC_MAINTEXT);
context->MaxPingTimeout = PhGetIntegerSetting(SETTING_NAME_PING_TIMEOUT);
windowRectangle.Position = PhGetIntegerPairSetting(SETTING_NAME_PING_WINDOW_POSITION);
windowRectangle.Size = PhGetIntegerPairSetting(SETTING_NAME_PING_WINDOW_SIZE);
// Create the font handle.
context->FontHandle = InitializeFont(context->StatusHandle);
// Create the graph control.
context->PingGraphHandle = CreateWindow(
PH_GRAPH_CLASSNAME,
NULL,
WS_VISIBLE | WS_CHILD | WS_BORDER,
0,
0,
3,
3,
hwndDlg,
NULL,
NULL,
NULL
);
Graph_SetTooltip(context->PingGraphHandle, TRUE);
// Load the Process Hacker icon.
context->IconHandle = (HICON)LoadImage(
NtCurrentPeb()->ImageBaseAddress,
MAKEINTRESOURCE(PHAPP_IDI_PROCESSHACKER),
IMAGE_ICON,
GetSystemMetrics(SM_CXICON),
GetSystemMetrics(SM_CYICON),
LR_SHARED
);
// Set window icon.
if (context->IconHandle)
SendMessage(hwndDlg, WM_SETICON, ICON_SMALL, (LPARAM)context->IconHandle);
// Initialize the WorkQueue with a maximum of 20 threads (fix pinging slow-links with a high interval update).
PhInitializeWorkQueue(&context->PingWorkQueue, 0, 20, 5000);
PhInitializeGraphState(&context->PingGraphState);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhInitializeCircularBuffer_ULONG(&context->PingHistory, PhGetIntegerSetting(L"SampleCount"));
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_PANEL), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_AVG), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_MIN), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_MAX), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_PINGS_SENT), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_PINGS_LOST), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_BAD_HASH), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ANON_ADDR), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_RIGHT);
panelItem = PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_PING_LAYOUT), NULL, PH_ANCHOR_ALL);
PhAddLayoutItemEx(&context->LayoutManager, context->PingGraphHandle, NULL, PH_ANCHOR_ALL, panelItem->Margin);
// Load window settings.
if (windowRectangle.Position.X == 0 || windowRectangle.Position.Y == 0)
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
else
{
PhLoadWindowPlacementFromSetting(SETTING_NAME_PING_WINDOW_POSITION, SETTING_NAME_PING_WINDOW_SIZE, hwndDlg);
}
// Initialize window layout.
PhLayoutManagerLayout(&context->LayoutManager);
// Convert IP Address to string format.
if (context->IpAddress.Type == PH_IPV4_NETWORK_TYPE)
{
RtlIpv4AddressToString(&context->IpAddress.InAddr, context->IpAddressString);
}
else
{
RtlIpv6AddressToString(&context->IpAddress.In6Addr, context->IpAddressString);
}
SetWindowText(hwndDlg, PhaFormatString(L"Ping %s", context->IpAddressString)->Buffer);
SetWindowText(context->StatusHandle, PhaFormatString(L"Pinging %s with 32 bytes of data:", context->IpAddressString)->Buffer);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessesUpdated),
NetworkPingUpdateHandler,
context,
&context->ProcessesUpdatedRegistration
);
}
return TRUE;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
PostQuitMessage(0);
break;
}
}
break;
case WM_DESTROY:
{
PhUnregisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessesUpdated),
&context->ProcessesUpdatedRegistration
);
PhSaveWindowPlacementToSetting(
SETTING_NAME_PING_WINDOW_POSITION,
SETTING_NAME_PING_WINDOW_SIZE,
hwndDlg
);
if (context->PingGraphHandle)
DestroyWindow(context->PingGraphHandle);
if (context->IconHandle)
DestroyIcon(context->IconHandle);
if (context->FontHandle)
DeleteObject(context->FontHandle);
PhDeleteWorkQueue(&context->PingWorkQueue);
PhDeleteGraphState(&context->PingGraphState);
PhDeleteLayoutManager(&context->LayoutManager);
RemoveProp(hwndDlg, L"Context");
PhFree(context);
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&context->LayoutManager);
break;
case WM_SIZING:
PhResizingMinimumSize((PRECT)lParam, wParam, 420, 250);
break;
case WM_CTLCOLORBTN:
case WM_CTLCOLORDLG:
case WM_CTLCOLORSTATIC:
{
HDC hDC = (HDC)wParam;
HWND hwndChild = (HWND)lParam;
// Check for our static label and change the color.
if (GetDlgCtrlID(hwndChild) == IDC_MAINTEXT)
{
SetTextColor(hDC, RGB(19, 112, 171));
}
// Set a transparent background for the control backcolor.
SetBkMode(hDC, TRANSPARENT);
// set window background color.
return (INT_PTR)GetSysColorBrush(COLOR_WINDOW);
}
break;
case WM_PING_UPDATE:
{
ULONG i = 0;
ULONG maxGraphHeight = 0;
ULONG pingAvgValue = 0;
PhNetworkPingUpdateGraph(context);
for (i = 0; i < context->PingHistory.Count; i++)
{
maxGraphHeight = maxGraphHeight + PhGetItemCircularBuffer_ULONG(&context->PingHistory, i);
pingAvgValue = maxGraphHeight / context->PingHistory.Count;
}
SetDlgItemText(hwndDlg, IDC_ICMP_AVG, PhaFormatString(
L"Average: %lums", pingAvgValue)->Buffer);
SetDlgItemText(hwndDlg, IDC_ICMP_MIN, PhaFormatString(
L"Minimum: %lums", context->PingMinMs)->Buffer);
SetDlgItemText(hwndDlg, IDC_ICMP_MAX, PhaFormatString(
L"Maximum: %lums", context->PingMaxMs)->Buffer);
SetDlgItemText(hwndDlg, IDC_PINGS_SENT, PhaFormatString(
L"Pings Sent: %lu", context->PingSentCount)->Buffer);
SetDlgItemText(hwndDlg, IDC_PINGS_LOST, PhaFormatString(
L"Pings Lost: %lu (%.0f%%)", context->PingLossCount,
((FLOAT)context->PingLossCount / context->PingSentCount * 100)
)->Buffer);
SetDlgItemText(hwndDlg, IDC_BAD_HASH, PhaFormatString(
L"Bad Hashes: %lu", context->HashFailCount)->Buffer);
SetDlgItemText(hwndDlg, IDC_ANON_ADDR, PhaFormatString(
L"Anon Replies: %lu", context->UnknownAddrCount)->Buffer);
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case GCN_GETDRAWINFO:
{
PPH_GRAPH_GETDRAWINFO getDrawInfo = (PPH_GRAPH_GETDRAWINFO)header;
PPH_GRAPH_DRAW_INFO drawInfo = getDrawInfo->DrawInfo;
PhSiSetColorsGraphDrawInfo(drawInfo, PhGetIntegerSetting(L"ColorCpuKernel"), PhGetIntegerSetting(L"ColorCpuUser"));
if (header->hwndFrom == context->PingGraphHandle)
{
if (PhGetIntegerSetting(L"GraphShowText"))
{
HDC hdc = Graph_GetBufferedContext(context->PingGraphHandle);
PhMoveReference(&context->PingGraphState.Text,
PhFormatString(L"Ping: %lums", context->CurrentPingMs)
);
SelectObject(hdc, PhApplicationFont);
PhSetGraphText(hdc, drawInfo, &context->PingGraphState.Text->sr,
&NormalGraphTextMargin, &NormalGraphTextPadding, PH_ALIGN_TOP | PH_ALIGN_LEFT);
}
else
{
drawInfo->Text.Buffer = NULL;
}
PhGraphStateGetDrawInfo(
&context->PingGraphState,
getDrawInfo,
context->PingHistory.Count
);
if (!context->PingGraphState.Valid)
{
ULONG i;
FLOAT max = 0;
for (i = 0; i < drawInfo->LineDataCount; i++)
{
FLOAT data1;
context->PingGraphState.Data1[i] = data1 = (FLOAT)PhGetItemCircularBuffer_ULONG(&context->PingHistory, i);
if (max < data1)
max = data1;
}
// Minimum scaling of timeout (1000ms default).
if (max < (FLOAT)context->MaxPingTimeout)
max = (FLOAT)context->MaxPingTimeout;
// Scale the data.
PhxfDivideSingle2U(
context->PingGraphState.Data1,
max,
drawInfo->LineDataCount
);
context->PingGraphState.Valid = TRUE;
}
}
}
break;
case GCN_GETTOOLTIPTEXT:
{
PPH_GRAPH_GETTOOLTIPTEXT getTooltipText = (PPH_GRAPH_GETTOOLTIPTEXT)lParam;
if (getTooltipText->Index < getTooltipText->TotalCount)
{
if (header->hwndFrom == context->PingGraphHandle)
{
if (context->PingGraphState.TooltipIndex != getTooltipText->Index)
{
ULONG pingMs = PhGetItemCircularBuffer_ULONG(&context->PingHistory, getTooltipText->Index);
PhMoveReference(&context->PingGraphState.TooltipText,
PhFormatString(L"Ping: %lums", pingMs)
);
}
getTooltipText->Text = context->PingGraphState.TooltipText->sr;
}
}
}
break;
}
}
break;
}
return FALSE;
}
