VOID DotNetAsmShowContextMenu( _In_ PASMPAGE_CONTEXT Context, _In_ POINT Location ) { PDNA_NODE node; PPH_EMENU menu; PPH_EMENU_ITEM selectedItem; if (!(node = DotNetAsmGetSelectedEntry(Context))) return; menu = PhCreateEMenu(); PhLoadResourceEMenuItem(menu, PluginInstance->DllBase, MAKEINTRESOURCE(IDR_ASSEMBLY_MENU), 0); if (PhIsNullOrEmptyString(node->PathText) || !RtlDoesFileExists_U(node->PathText->Buffer)) { PhSetFlagsEMenuItem(menu, ID_CLR_OPENFILELOCATION, PH_EMENU_DISABLED, PH_EMENU_DISABLED); } selectedItem = PhShowEMenu( menu, Context->WindowHandle, PH_EMENU_SHOW_LEFTRIGHT, PH_ALIGN_LEFT | PH_ALIGN_TOP, Location.x, Location.y ); if (selectedItem && selectedItem->Id != -1) { switch (selectedItem->Id) { case ID_CLR_OPENFILELOCATION: { if (!PhIsNullOrEmptyString(node->PathText) && RtlDoesFileExists_U(node->PathText->Buffer)) { PhShellExploreFile(Context->WindowHandle, node->PathText->Buffer); } } break; case ID_CLR_COPY: { PPH_STRING text; text = PhGetTreeNewText(Context->TnHandle, 0); PhSetClipboardString(Context->TnHandle, &text->sr); PhDereferenceObject(text); } break; } } PhDestroyEMenu(menu); }
HRESULT CALLBACK TaskDialogResultFoundProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam, _In_ LONG_PTR dwRefData ) { PUPLOAD_CONTEXT context = (PUPLOAD_CONTEXT)dwRefData; switch (uMsg) { case TDN_NAVIGATED: { if (context->TaskbarListClass) { ITaskbarList3_SetProgressState(context->TaskbarListClass, PhMainWndHandle, TBPF_NOPROGRESS); } } break; case TDN_BUTTON_CLICKED: { INT buttonID = (INT)wParam; if (buttonID == IDOK) { ShowVirusTotalProgressDialog(context); return S_FALSE; } else if (buttonID == IDRETRY) { if (!PhIsNullOrEmptyString(context->ReAnalyseUrl)) PhShellExecute(hwndDlg, PhGetString(context->ReAnalyseUrl), NULL); } else if (buttonID == IDYES) { if (!PhIsNullOrEmptyString(context->LaunchCommand)) { PhShellExecute(hwndDlg, PhGetString(context->LaunchCommand), NULL); } } } break; case TDN_VERIFICATION_CLICKED: { BOOL verification = (BOOL)wParam; } break; } return S_OK; }
PVIRUSTOTAL_FILE_HASH_ENTRY VirusTotalGetCachedResultFromHash( _In_ PPH_STRING FileHash ) { ULONG i; BOOLEAN found = FALSE; PhAcquireQueuedLockExclusive(&ProcessListLock); for (i = 0; i < VirusTotalList->Count; i++) { PVIRUSTOTAL_FILE_HASH_ENTRY extension = VirusTotalList->Items[i]; if (PhIsNullOrEmptyString(extension->FileHash)) continue; if (PhEqualString(extension->FileHash, FileHash, TRUE)) { PhReleaseQueuedLockExclusive(&ProcessListLock); return extension; } } PhReleaseQueuedLockExclusive(&ProcessListLock); return NULL; }
VOID TaskDialogLinkClicked( _In_ PPH_UPDATER_CONTEXT Context ) { if (!PhIsNullOrEmptyString(Context->BuildMessage)) { DialogBoxParam( PluginInstance->DllBase, MAKEINTRESOURCE(IDD_TEXT), Context->DialogHandle, TextDlgProc, (LPARAM)Context ); } }
BOOLEAN CheckProcessHackerInstalled(VOID) { BOOLEAN installed = FALSE; PPH_STRING installPath; installPath = GetProcessHackerInstallPath(); if (!PhIsNullOrEmptyString(installPath) && PhEndsWithString2(installPath, L"ProcessHacker.exe", TRUE)) { // Check if the value has a valid file path. installed = GetFileAttributes(installPath->Buffer) != INVALID_FILE_ATTRIBUTES; } PhClearReference(&installPath); return installed; }
VOID PhShowHandleObjectProperties2( _In_ HWND hWnd, _In_ PPH_HANDLE_ITEM_INFO Info ) { if (PhIsNullOrEmptyString(Info->TypeName)) return; if (PhEqualString2(Info->TypeName, L"File", TRUE) || PhEqualString2(Info->TypeName, L"DLL", TRUE) || PhEqualString2(Info->TypeName, L"Mapped file", TRUE) || PhEqualString2(Info->TypeName, L"Mapped image", TRUE)) { if (Info->BestObjectName) PhShellProperties(hWnd, Info->BestObjectName->Buffer); else PhShowError(hWnd, L"Unable to open file properties because the object is unnamed."); } }
BOOLEAN ServiceTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type))) return TRUE; if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State))) return TRUE; if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType))) return TRUE; if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl))) return TRUE; if (serviceNode->ServiceItem->Name) { if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr)) return TRUE; } if (serviceNode->ServiceItem->DisplayName) { if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr)) return TRUE; } if (serviceNode->ServiceItem->ProcessIdString[0] != 0) { if (WordMatchStringZ(serviceNode->ServiceItem->ProcessIdString)) return TRUE; } return FALSE; }
VOID PhInsertHandleObjectPropertiesEMenuItems( _In_ struct _PH_EMENU_ITEM *Menu, _In_ ULONG InsertBeforeId, _In_ BOOLEAN EnableShortcut, _In_ PPH_HANDLE_ITEM_INFO Info ) { PPH_EMENU_ITEM parentItem; ULONG indexInParent; if (!PhFindEMenuItemEx(Menu, 0, NULL, InsertBeforeId, &parentItem, &indexInParent)) return; if (PhIsNullOrEmptyString(Info->TypeName)) return; if (PhEqualString2(Info->TypeName, L"File", TRUE) || PhEqualString2(Info->TypeName, L"DLL", TRUE) || PhEqualString2(Info->TypeName, L"Mapped file", TRUE) || PhEqualString2(Info->TypeName, L"Mapped image", TRUE)) { if (PhEqualString2(Info->TypeName, L"File", TRUE)) PhInsertEMenuItem(parentItem, PhCreateEMenuItem(0, ID_HANDLE_OBJECTPROPERTIES2, L"File propert&ies", NULL, NULL), indexInParent); PhInsertEMenuItem(parentItem, PhCreateEMenuItem(0, ID_HANDLE_OBJECTPROPERTIES1, PhaAppendCtrlEnter(L"Open &file location", EnableShortcut), NULL, NULL), indexInParent); } else if (PhEqualString2(Info->TypeName, L"Key", TRUE)) { PhInsertEMenuItem(parentItem, PhCreateEMenuItem(0, ID_HANDLE_OBJECTPROPERTIES1, PhaAppendCtrlEnter(L"Open &key", EnableShortcut), NULL, NULL), indexInParent); } else if (PhEqualString2(Info->TypeName, L"Process", TRUE)) { PhInsertEMenuItem(parentItem, PhCreateEMenuItem(0, ID_HANDLE_OBJECTPROPERTIES1, PhaAppendCtrlEnter(L"Process propert&ies", EnableShortcut), NULL, NULL), indexInParent); } else if (PhEqualString2(Info->TypeName, L"Section", TRUE)) { PhInsertEMenuItem(parentItem, PhCreateEMenuItem(0, ID_HANDLE_OBJECTPROPERTIES1, PhaAppendCtrlEnter(L"Read/Write &memory", EnableShortcut), NULL, NULL), indexInParent); } else if (PhEqualString2(Info->TypeName, L"Thread", TRUE)) { PhInsertEMenuItem(parentItem, PhCreateEMenuItem(0, ID_HANDLE_OBJECTPROPERTIES1, PhaAppendCtrlEnter(L"Go to t&hread", EnableShortcut), NULL, NULL), indexInParent); } }
static PPH_STRING PhpaGetHandleString( _In_ HANDLE ProcessHandle, _In_ HANDLE Handle ) { PPH_STRING typeName = NULL; PPH_STRING name = NULL; PPH_STRING result; PhGetHandleInformation( ProcessHandle, Handle, -1, NULL, &typeName, NULL, &name ); PH_AUTO(typeName); PH_AUTO(name); if (typeName && name) { result = PhaFormatString( L"Handle 0x%Ix (%s): %s", Handle, typeName->Buffer, !PhIsNullOrEmptyString(name) ? name->Buffer : L"(unnamed object)" ); } else { result = PhaFormatString( L"Handle 0x%Ix: (error querying handle)", Handle ); } return result; }
VOID PhSaveSettingsColumnList( _In_ PWSTR SettingName, _In_ PPH_LIST ColumnSetList ) { ULONG index; PPH_STRING settingsString; PH_STRING_BUILDER stringBuilder; PhInitializeStringBuilder(&stringBuilder, 100); PhAppendFormatStringBuilder( &stringBuilder, L"%lu-", ColumnSetList->Count ); for (index = 0; index < ColumnSetList->Count; index++) { PPH_COLUMN_SET_ENTRY entry = ColumnSetList->Items[index]; if (PhIsNullOrEmptyString(entry->Name)) continue; PhAppendFormatStringBuilder( &stringBuilder, L"%s-%s-%s-", entry->Name->Buffer, PhGetStringOrEmpty(entry->Setting), PhGetStringOrEmpty(entry->Sorting) ); } if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder)); PhSetStringSetting2(SettingName, &settingsString->sr); }
PPH_STRING EtpGetGpuNameString( VOID ) { ULONG i; ULONG count; PH_STRING_BUILDER sb; count = EtGetGpuAdapterCount(); PhInitializeStringBuilder(&sb, 100); for (i = 0; i < count; i++) { PPH_STRING description; description = EtGetGpuAdapterDescription(i); if (!PhIsNullOrEmptyString(description)) { // Ignore "Microsoft Basic Render Driver" unless we don't have any other adapters. // This does not take into account localization. if (count == 1 || !PhEqualString2(description, L"Microsoft Basic Render Driver", TRUE)) { PhAppendStringBuilder(&sb, &description->sr); PhAppendStringBuilder2(&sb, L", "); } } if (description) PhDereferenceObject(description); } if (sb.String->Length != 0) PhRemoveEndStringBuilder(&sb, 2); return PhFinalStringBuilderString(&sb); }
BOOLEAN NTAPI MainPropSheetCommandLineCallback( _In_opt_ PPH_COMMAND_LINE_OPTION Option, _In_opt_ PPH_STRING Value, _In_opt_ PVOID Context ) { if (Option) SetupMode = Option->Id; else { // HACK: PhParseCommandLine requires the - symbol for commandline parameters // and we already support the -silent parameter however we need to maintain // compatibility with the legacy Inno Setup. if (!PhIsNullOrEmptyString(Value)) { if (PhEqualString2(Value, L"/silent", TRUE)) { SetupMode = SETUP_COMMAND_SILENTINSTALL; } } } return TRUE; }
BOOLEAN NTAPI DotNetAsmTreeNewCallback( _In_ HWND hwnd, _In_ PH_TREENEW_MESSAGE Message, _In_opt_ PVOID Parameter1, _In_opt_ PVOID Parameter2, _In_opt_ PVOID Context ) { PASMPAGE_CONTEXT context; PDNA_NODE node; context = Context; switch (Message) { case TreeNewGetChildren: { PPH_TREENEW_GET_CHILDREN getChildren = Parameter1; node = (PDNA_NODE)getChildren->Node; if (!node) { getChildren->Children = (PPH_TREENEW_NODE *)context->NodeRootList->Items; getChildren->NumberOfChildren = context->NodeRootList->Count; } else { if (node->Type == DNA_TYPE_APPDOMAIN || node == context->ClrV2Node) { // Sort the assemblies. qsort(node->Children->Items, node->Children->Count, sizeof(PVOID), AssemblyNodeNameCompareFunction); } getChildren->Children = (PPH_TREENEW_NODE *)node->Children->Items; getChildren->NumberOfChildren = node->Children->Count; } } return TRUE; case TreeNewIsLeaf: { PPH_TREENEW_IS_LEAF isLeaf = Parameter1; node = (PDNA_NODE)isLeaf->Node; isLeaf->IsLeaf = node->Children->Count == 0; } return TRUE; case TreeNewGetCellText: { PPH_TREENEW_GET_CELL_TEXT getCellText = Parameter1; node = (PDNA_NODE)getCellText->Node; switch (getCellText->Id) { case DNATNC_STRUCTURE: getCellText->Text = node->StructureText; break; case DNATNC_ID: getCellText->Text = PhGetStringRef(node->IdText); break; case DNATNC_FLAGS: getCellText->Text = PhGetStringRef(node->FlagsText); break; case DNATNC_PATH: getCellText->Text = PhGetStringRef(node->PathText); break; case DNATNC_NATIVEPATH: getCellText->Text = PhGetStringRef(node->NativePathText); break; default: return FALSE; } getCellText->Flags = TN_CACHE; } return TRUE; case TreeNewGetCellTooltip: { PPH_TREENEW_GET_CELL_TOOLTIP getCellTooltip = Parameter1; node = (PDNA_NODE)getCellTooltip->Node; if (getCellTooltip->Column->Id != 0 || node->Type != DNA_TYPE_ASSEMBLY) return FALSE; if (!PhIsNullOrEmptyString(node->u.Assembly.FullyQualifiedAssemblyName)) { getCellTooltip->Text = node->u.Assembly.FullyQualifiedAssemblyName->sr; getCellTooltip->Unfolding = FALSE; } else { return FALSE; } } return TRUE; case TreeNewKeyDown: { PPH_TREENEW_KEY_EVENT keyEvent = Parameter1; switch (keyEvent->VirtualKey) { case 'C': if (GetKeyState(VK_CONTROL) < 0) SendMessage(context->WindowHandle, WM_COMMAND, ID_COPY, 0); break; } } return TRUE; case TreeNewContextMenu: { PPH_TREENEW_MOUSE_EVENT mouseEvent = Parameter1; DotNetAsmShowContextMenu(context, mouseEvent->Location); } return TRUE; } return FALSE; }
static INT_PTR CALLBACK NetworkOutputDlgProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { PNETWORK_OUTPUT_CONTEXT context; if (uMsg == WM_INITDIALOG) { context = (PNETWORK_OUTPUT_CONTEXT)lParam; SetProp(hwndDlg, L"Context", (HANDLE)context); } else { context = (PNETWORK_OUTPUT_CONTEXT)GetProp(hwndDlg, L"Context"); if (uMsg == WM_DESTROY) { PhSaveWindowPlacementToSetting(SETTING_NAME_TRACERT_WINDOW_POSITION, SETTING_NAME_TRACERT_WINDOW_SIZE, hwndDlg); PhDeleteLayoutManager(&context->LayoutManager); if (context->ProcessHandle) { // Terminate the child process. PhTerminateProcess(context->ProcessHandle, STATUS_SUCCESS); // Close the child process handle. NtClose(context->ProcessHandle); } // Close the pipe handle. if (context->PipeReadHandle) NtClose(context->PipeReadHandle); RemoveProp(hwndDlg, L"Context"); PhFree(context); } } if (!context) return FALSE; switch (uMsg) { case WM_INITDIALOG: { PH_RECTANGLE windowRectangle; context->WindowHandle = hwndDlg; context->OutputHandle = GetDlgItem(hwndDlg, IDC_NETOUTPUTEDIT); PhInitializeLayoutManager(&context->LayoutManager, hwndDlg); PhAddLayoutItem(&context->LayoutManager, context->OutputHandle, NULL, PH_ANCHOR_ALL); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_MORE_INFO), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_RIGHT); windowRectangle.Position = PhGetIntegerPairSetting(SETTING_NAME_TRACERT_WINDOW_POSITION); windowRectangle.Size = PhGetIntegerPairSetting(SETTING_NAME_TRACERT_WINDOW_SIZE); if (MinimumSize.left == -1) { RECT rect; rect.left = 0; rect.top = 0; rect.right = 190; rect.bottom = 120; MapDialogRect(hwndDlg, &rect); MinimumSize = rect; MinimumSize.left = 0; } // Check for first-run default position. if (windowRectangle.Position.X == 0 || windowRectangle.Position.Y == 0) { PhCenterWindow(hwndDlg, GetParent(hwndDlg)); } else { PhLoadWindowPlacementFromSetting(SETTING_NAME_TRACERT_WINDOW_POSITION, SETTING_NAME_TRACERT_WINDOW_SIZE, hwndDlg); } if (context->IpAddress.Type == PH_IPV4_NETWORK_TYPE) { RtlIpv4AddressToString(&context->IpAddress.InAddr, context->IpAddressString); } else { RtlIpv6AddressToString(&context->IpAddress.In6Addr, context->IpAddressString); } switch (context->Action) { case NETWORK_ACTION_TRACEROUTE: { HANDLE dialogThread = INVALID_HANDLE_VALUE; Static_SetText(context->WindowHandle, PhaFormatString(L"Tracing route to %s...", context->IpAddressString)->Buffer ); if (dialogThread = PhCreateThread(0, NetworkTracertThreadStart, (PVOID)context)) NtClose(dialogThread); } break; case NETWORK_ACTION_WHOIS: { HANDLE dialogThread = INVALID_HANDLE_VALUE; Static_SetText(context->WindowHandle, PhaFormatString(L"Whois %s...", context->IpAddressString)->Buffer ); ShowWindow(GetDlgItem(hwndDlg, IDC_MORE_INFO), SW_SHOW); if (dialogThread = PhCreateThread(0, NetworkWhoisThreadStart, (PVOID)context)) NtClose(dialogThread); } break; } } break; case WM_COMMAND: { switch (LOWORD(wParam)) { case IDCANCEL: case IDOK: PostQuitMessage(0); break; } } break; case WM_SIZE: PhLayoutManagerLayout(&context->LayoutManager); break; case WM_SIZING: PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom); break; case WM_CTLCOLORDLG: case WM_CTLCOLORSTATIC: { HDC hDC = (HDC)wParam; HWND hwndChild = (HWND)lParam; // Check if old graph colors are enabled. if (!PhGetIntegerSetting(L"GraphColorMode")) break; // Set a transparent background for the control backcolor. SetBkMode(hDC, TRANSPARENT); // Check for our edit control and change the color. if (hwndChild == context->OutputHandle) { // Set text color as the Green PH graph text color. SetTextColor(hDC, RGB(124, 252, 0)); // Set a black control backcolor. return (INT_PTR)GetStockBrush(BLACK_BRUSH); } } break; case WM_NOTIFY: { switch (((LPNMHDR)lParam)->code) { case NM_CLICK: case NM_RETURN: { PNMLINK syslink = (PNMLINK)lParam; if (syslink->hdr.idFrom == IDC_MORE_INFO) { PhShellExecute( PhMainWndHandle, PhaConcatStrings2(L"http://wq.apnic.net/apnic-bin/whois.pl?searchtext=", context->IpAddressString)->Buffer, NULL ); } } break; } } break; case NTM_RECEIVEDTRACE: { OEM_STRING inputString; UNICODE_STRING convertedString; PH_STRING_BUILDER receivedString; if (wParam != 0) { inputString.Buffer = (PCHAR)lParam; inputString.Length = (USHORT)wParam; if (NT_SUCCESS(RtlOemStringToUnicodeString(&convertedString, &inputString, TRUE))) { PPH_STRING windowText = NULL; PhInitializeStringBuilder(&receivedString, PAGE_SIZE); // Get the current output text. windowText = PhGetWindowText(context->OutputHandle); // Append the current output text to the New string. if (!PhIsNullOrEmptyString(windowText)) PhAppendStringBuilder(&receivedString, &windowText->sr); PhAppendFormatStringBuilder(&receivedString, L"%s", convertedString.Buffer); // Remove leading newlines. if (receivedString.String->Length >= 2 * 2 && receivedString.String->Buffer[0] == '\r' && receivedString.String->Buffer[1] == '\n') { PhRemoveStringBuilder(&receivedString, 0, 2); } SetWindowText(context->OutputHandle, receivedString.String->Buffer); SendMessage( context->OutputHandle, EM_SETSEL, receivedString.String->Length / 2 - 1, receivedString.String->Length / 2 - 1 ); SendMessage(context->OutputHandle, WM_VSCROLL, SB_BOTTOM, 0); PhDereferenceObject(windowText); PhDeleteStringBuilder(&receivedString); RtlFreeUnicodeString(&convertedString); } } } break; case NTM_RECEIVEDWHOIS: { OEM_STRING inputString; UNICODE_STRING convertedString; PH_STRING_BUILDER receivedString; if (lParam != 0) { inputString.Buffer = (PCHAR)lParam; inputString.Length = (USHORT)wParam; if (NT_SUCCESS(RtlOemStringToUnicodeString(&convertedString, &inputString, TRUE))) { USHORT i; PhInitializeStringBuilder(&receivedString, PAGE_SIZE); // Convert carriage returns. for (i = 0; i < convertedString.Length; i++) { if (convertedString.Buffer[i] == '\n') { PhAppendStringBuilder2(&receivedString, L"\r\n"); } else { PhAppendCharStringBuilder(&receivedString, convertedString.Buffer[i]); } } // Remove leading newlines. if (receivedString.String->Length >= 2 * 2 && receivedString.String->Buffer[0] == '\r' && receivedString.String->Buffer[1] == '\n') { PhRemoveStringBuilder(&receivedString, 0, 2); } SetWindowText(context->OutputHandle, receivedString.String->Buffer); SendMessage( context->OutputHandle, EM_SETSEL, receivedString.String->Length / 2 - 1, receivedString.String->Length / 2 - 1 ); SendMessage(context->OutputHandle, WM_VSCROLL, SB_TOP, 0); PhDeleteStringBuilder(&receivedString); RtlFreeUnicodeString(&convertedString); } PhFree((PVOID)lParam); } } break; case NTM_RECEIVEDFINISH: { PPH_STRING windowText = PhGetWindowText(context->WindowHandle); if (windowText) { Static_SetText( context->WindowHandle, PhaFormatString(L"%s Finished.", windowText->Buffer)->Buffer ); PhDereferenceObject(windowText); } } break; } return FALSE; }
BOOLEAN NetworkTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (networkNode->NetworkItem->ProcessName) { if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr)) return TRUE; } if (networkNode->NetworkItem->OwnerName) { if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr)) return TRUE; } if (networkNode->NetworkItem->LocalAddressString[0] != 0) { if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString)) return TRUE; } if (networkNode->NetworkItem->LocalPortString[0] != 0) { if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString)) return TRUE; } if (networkNode->NetworkItem->LocalHostString) { if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr)) return TRUE; } if (networkNode->NetworkItem->RemoteAddressString[0] != 0) { if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString)) return TRUE; } if (networkNode->NetworkItem->RemotePortString[0] != 0) { if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString)) return TRUE; } if (networkNode->NetworkItem->RemoteHostString) { if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr)) return TRUE; } if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType))) return TRUE; if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) && WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State))) return TRUE; { WCHAR pidString[32]; PhPrintUInt32(pidString, HandleToUlong(networkNode->NetworkItem->ProcessId)); if (WordMatchStringZ(pidString)) return TRUE; } return FALSE; }
VOID FindDiskDrives( _In_ PDV_DISK_OPTIONS_CONTEXT Context ) { PPH_LIST deviceList; HDEVINFO deviceInfoHandle; SP_DEVICE_INTERFACE_DATA deviceInterfaceData = { sizeof(SP_DEVICE_INTERFACE_DATA) }; SP_DEVINFO_DATA deviceInfoData = { sizeof(SP_DEVINFO_DATA) }; PSP_DEVICE_INTERFACE_DETAIL_DATA deviceInterfaceDetail; ULONG deviceInfoLength = 0; if ((deviceInfoHandle = SetupDiGetClassDevs( &GUID_DEVINTERFACE_DISK, NULL, NULL, DIGCF_DEVICEINTERFACE )) == INVALID_HANDLE_VALUE) { return; } deviceList = PH_AUTO(PhCreateList(1)); for (ULONG i = 0; SetupDiEnumDeviceInterfaces(deviceInfoHandle, NULL, &GUID_DEVINTERFACE_DISK, i, &deviceInterfaceData); i++) { if (SetupDiGetDeviceInterfaceDetail( deviceInfoHandle, &deviceInterfaceData, 0, 0, &deviceInfoLength, &deviceInfoData ) || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { continue; } deviceInterfaceDetail = PhAllocate(deviceInfoLength); deviceInterfaceDetail->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA); if (SetupDiGetDeviceInterfaceDetail( deviceInfoHandle, &deviceInterfaceData, deviceInterfaceDetail, deviceInfoLength, &deviceInfoLength, &deviceInfoData )) { HANDLE deviceHandle; PDISK_ENUM_ENTRY diskEntry; WCHAR diskFriendlyName[MAX_PATH] = L""; // This crashes on XP with error 0xC06D007F //SetupDiGetDeviceProperty( // deviceInfoHandle, // &deviceInfoData, // &DEVPKEY_Device_FriendlyName, // &devicePropertyType, // (PBYTE)diskFriendlyName, // ARRAYSIZE(diskFriendlyName), // NULL, // 0 // ); if (!SetupDiGetDeviceRegistryProperty( deviceInfoHandle, &deviceInfoData, SPDRP_FRIENDLYNAME, NULL, (PBYTE)diskFriendlyName, ARRAYSIZE(diskFriendlyName), NULL )) { continue; } diskEntry = PhAllocate(sizeof(DISK_ENUM_ENTRY)); memset(diskEntry, 0, sizeof(DISK_ENUM_ENTRY)); diskEntry->DeviceIndex = ULONG_MAX; // Note: Do not initialize to zero. diskEntry->DeviceName = PhCreateString(diskFriendlyName); diskEntry->DevicePath = PhCreateString(deviceInterfaceDetail->DevicePath); if (NT_SUCCESS(DiskDriveCreateHandle( &deviceHandle, diskEntry->DevicePath ))) { ULONG diskIndex = ULONG_MAX; // Note: Do not initialize to zero if (NT_SUCCESS(DiskDriveQueryDeviceTypeAndNumber( deviceHandle, &diskIndex, NULL ))) { PPH_STRING diskMountPoints = PH_AUTO_T(PH_STRING, DiskDriveQueryDosMountPoints(diskIndex)); diskEntry->DeviceIndex = diskIndex; diskEntry->DevicePresent = TRUE; if (!PhIsNullOrEmptyString(diskMountPoints)) { diskEntry->DeviceMountPoints = PhFormatString( L"Disk %lu (%s) [%s]", diskIndex, diskMountPoints->Buffer, diskFriendlyName ); } else { diskEntry->DeviceMountPoints = PhFormatString( L"Disk %lu [%s]", diskIndex, diskFriendlyName ); } } NtClose(deviceHandle); } PhAddItemList(deviceList, diskEntry); } PhFree(deviceInterfaceDetail); } SetupDiDestroyDeviceInfoList(deviceInfoHandle); // Sort the entries qsort(deviceList->Items, deviceList->Count, sizeof(PVOID), DiskEntryCompareFunction); Context->EnumeratingDisks = TRUE; PhAcquireQueuedLockShared(&DiskDrivesListLock); for (ULONG i = 0; i < deviceList->Count; i++) { PDISK_ENUM_ENTRY entry = deviceList->Items[i]; AddDiskDriveToListView( Context, entry->DevicePresent, entry->DevicePath, entry->DeviceMountPoints ? entry->DeviceMountPoints : entry->DeviceName ); if (entry->DeviceMountPoints) PhDereferenceObject(entry->DeviceMountPoints); if (entry->DeviceName) PhDereferenceObject(entry->DeviceName); // Note: DevicePath is disposed by WM_DESTROY. PhFree(entry); } PhReleaseQueuedLockShared(&DiskDrivesListLock); Context->EnumeratingDisks = FALSE; // HACK: Show all unknown devices. Context->EnumeratingDisks = TRUE; PhAcquireQueuedLockShared(&DiskDrivesListLock); for (ULONG i = 0; i < DiskDrivesList->Count; i++) { ULONG index = -1; BOOLEAN found = FALSE; PDV_DISK_ENTRY entry = PhReferenceObjectSafe(DiskDrivesList->Items[i]); if (!entry) continue; while ((index = PhFindListViewItemByFlags( Context->ListViewHandle, index, LVNI_ALL )) != -1) { PDV_DISK_ID param; if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m)) { if (EquivalentDiskId(param, &entry->Id)) { found = TRUE; } } } if (!found) { PPH_STRING description; if (description = PhCreateString(L"Unknown disk")) { AddDiskDriveToListView( Context, FALSE, entry->Id.DevicePath, description ); PhDereferenceObject(description); } } PhDereferenceObjectDeferDelete(entry); } PhReleaseQueuedLockShared(&DiskDrivesListLock); Context->EnumeratingDisks = FALSE; }
VOID ProcessesUpdatedCallback( _In_opt_ PVOID Parameter, _In_opt_ PVOID Context ) { static ULONG ProcessesUpdatedCount = 0; PLIST_ENTRY listEntry; if (!VirusTotalScanningEnabled) return; if (ProcessesUpdatedCount < 2) { ProcessesUpdatedCount++; return; } listEntry = ProcessListHead.Flink; while (listEntry != &ProcessListHead) { PPROCESS_EXTENSION extension; PPH_STRING filePath = NULL; extension = CONTAINING_RECORD(listEntry, PROCESS_EXTENSION, ListEntry); if (extension->ProcessItem) { filePath = extension->ProcessItem->FileName; } else if (extension->ModuleItem) { filePath = extension->ModuleItem->FileName; } else if (extension->ServiceItem) { if (extension->FilePath) { filePath = extension->FilePath; } else { PPH_STRING serviceFileName = NULL; PPH_STRING serviceBinaryPath = NULL; if (NT_SUCCESS(QueryServiceFileName( &extension->ServiceItem->Name->sr, &serviceFileName, &serviceBinaryPath ))) { PhMoveReference(&extension->FilePath, serviceFileName); if (serviceBinaryPath) PhDereferenceObject(serviceBinaryPath); } filePath = extension->FilePath; } } if (!PhIsNullOrEmptyString(filePath)) { if (!extension->ResultValid) { PPROCESS_DB_OBJECT object; if (object = FindProcessDbObject(&filePath->sr)) { extension->Stage1 = TRUE; extension->ResultValid = TRUE; extension->Positives = object->Positives; PhSwapReference(&extension->VirusTotalResult, object->Result); } } if (!extension->Stage1) { if (!VirusTotalGetCachedResult(filePath)) { VirusTotalAddCacheResult(filePath, extension); } extension->Stage1 = TRUE; } } listEntry = listEntry->Flink; } }
BOOLEAN ServiceTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node; PPH_STRING serviceFileName = NULL; PPH_STRING serviceBinaryPath = NULL; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type))) return TRUE; if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State))) return TRUE; if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType))) return TRUE; if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl))) return TRUE; if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->Name)) { if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr)) return TRUE; } if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->DisplayName)) { if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr)) return TRUE; } if (serviceNode->ServiceItem->ProcessId) { PPH_PROCESS_NODE processNode; WCHAR processIdString[PH_INT32_STR_LEN_1]; PhPrintUInt32(processIdString, HandleToUlong(serviceNode->ServiceItem->ProcessId)); if (WordMatchStringZ(processIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(serviceNode->ServiceItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } if (NT_SUCCESS(QueryServiceFileName( &serviceNode->ServiceItem->Name->sr, &serviceFileName, &serviceBinaryPath ))) { BOOLEAN matched = FALSE; if (serviceFileName) { if (WordMatchStringRef(&serviceFileName->sr)) { matched = TRUE; } PhDereferenceObject(serviceFileName); } if (serviceBinaryPath) { if (WordMatchStringRef(&serviceBinaryPath->sr)) { matched = TRUE; } PhDereferenceObject(serviceBinaryPath); } if (matched) return TRUE; } return FALSE; }
HRESULT CALLBACK FinalTaskDialogCallbackProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam, _In_ LONG_PTR dwRefData ) { PPH_UPDATER_CONTEXT context = (PPH_UPDATER_CONTEXT)dwRefData; switch (uMsg) { case TDN_NAVIGATED: { if (!UpdaterCheckApplicationDirectory()) { SendMessage(hwndDlg, TDM_SET_BUTTON_ELEVATION_REQUIRED_STATE, IDYES, TRUE); } } break; case TDN_BUTTON_CLICKED: { INT buttonId = (INT)wParam; if (buttonId == IDRETRY) { ShowCheckForUpdatesDialog(context); return S_FALSE; } else if (buttonId == IDYES) { SHELLEXECUTEINFO info = { sizeof(SHELLEXECUTEINFO) }; PPH_STRING parameters; if (PhIsNullOrEmptyString(context->SetupFilePath)) break; parameters = PH_AUTO(PhGetApplicationDirectory()); parameters = PH_AUTO(PhBufferToHexString((PUCHAR)parameters->Buffer, (ULONG)parameters->Length)); parameters = PH_AUTO(PhConcatStrings(3, L"-update \"", PhGetStringOrEmpty(parameters), L"\"")); info.lpFile = PhGetStringOrEmpty(context->SetupFilePath); info.lpParameters = PhGetString(parameters); info.lpVerb = UpdaterCheckApplicationDirectory() ? NULL : L"runas"; info.nShow = SW_SHOW; info.hwnd = hwndDlg; info.fMask = SEE_MASK_NOASYNC | SEE_MASK_FLAG_NO_UI | SEE_MASK_NOZONECHECKS; ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle); if (ShellExecuteEx(&info)) { ProcessHacker_Destroy(PhMainWndHandle); } else { ULONG errorCode = GetLastError(); // Install failed, cancel the shutdown. ProcessHacker_CancelEarlyShutdown(PhMainWndHandle); // Show error dialog. if (errorCode != ERROR_CANCELLED) // Ignore UAC decline. { PhShowStatus(hwndDlg, L"Unable to execute the setup.", 0, errorCode); if (context->StartupCheck) ShowAvailableDialog(context); else ShowCheckForUpdatesDialog(context); } return S_FALSE; } } } break; case TDN_HYPERLINK_CLICKED: { TaskDialogLinkClicked(context); return S_FALSE; } break; } return S_OK; }
BOOLEAN ServiceTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node; PPH_STRING serviceFileName = NULL; PPH_STRING serviceBinaryPath = NULL; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type))) return TRUE; if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State))) return TRUE; if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType))) return TRUE; if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl))) return TRUE; if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->Name)) { if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr)) return TRUE; } if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->DisplayName)) { if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr)) return TRUE; } if (serviceNode->ServiceItem->ProcessId) { PPH_PROCESS_NODE processNode; if (WordMatchStringZ(serviceNode->ServiceItem->ProcessIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(serviceNode->ServiceItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->VerifySignerName)) { if (WordMatchStringRef(&serviceNode->ServiceItem->VerifySignerName->sr)) return TRUE; } if (serviceNode->ServiceItem->VerifyResult != VrUnknown) { switch (serviceNode->ServiceItem->VerifyResult) { case VrNoSignature: if (WordMatchStringZ(L"NoSignature")) return TRUE; break; case VrTrusted: if (WordMatchStringZ(L"Trusted")) return TRUE; break; case VrExpired: if (WordMatchStringZ(L"Expired")) return TRUE; break; case VrRevoked: if (WordMatchStringZ(L"Revoked")) return TRUE; break; case VrDistrust: if (WordMatchStringZ(L"Distrust")) return TRUE; break; case VrSecuritySettings: if (WordMatchStringZ(L"SecuritySettings")) return TRUE; break; case VrBadSignature: if (WordMatchStringZ(L"BadSignature")) return TRUE; break; default: if (WordMatchStringZ(L"Unknown")) return TRUE; break; } } if (NT_SUCCESS(QueryServiceFileName( &serviceNode->ServiceItem->Name->sr, &serviceFileName, &serviceBinaryPath ))) { BOOLEAN matched = FALSE; if (serviceFileName) { if (WordMatchStringRef(&serviceFileName->sr)) { matched = TRUE; } PhDereferenceObject(serviceFileName); } if (serviceBinaryPath) { if (WordMatchStringRef(&serviceBinaryPath->sr)) { matched = TRUE; } PhDereferenceObject(serviceBinaryPath); } if (matched) return TRUE; } return FALSE; }
BOOLEAN NetworkTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node; PPH_STRING processNameText; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; // TODO: We need export the PPH_NETWORK_NODE->ProcessNameText field to search // waiting/unknown network connections... For now just replicate the data here. processNameText = PhpNetworkTreeGetNetworkItemProcessName(networkNode->NetworkItem); if (!PhIsNullOrEmptyString(processNameText)) { if (WordMatchStringRef(&processNameText->sr)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->ProcessName)) { if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->OwnerName)) { if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr)) return TRUE; } if (networkNode->NetworkItem->LocalAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString)) return TRUE; } if (networkNode->NetworkItem->LocalPortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->LocalHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr)) return TRUE; } if (networkNode->NetworkItem->RemoteAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString)) return TRUE; } if (networkNode->NetworkItem->RemotePortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->RemoteHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr)) return TRUE; } if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType))) return TRUE; if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) && WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State))) return TRUE; if (networkNode->NetworkItem->ProcessId) { PPH_PROCESS_NODE processNode; WCHAR processIdString[PH_INT32_STR_LEN_1]; PhPrintUInt32(processIdString, HandleToUlong(networkNode->NetworkItem->ProcessId)); if (WordMatchStringZ(processIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(networkNode->NetworkItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } return FALSE; }
HRESULT CALLBACK FinalTaskDialogCallbackProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam, _In_ LONG_PTR dwRefData ) { PPH_UPDATER_CONTEXT context = (PPH_UPDATER_CONTEXT)dwRefData; switch (uMsg) { case TDN_NAVIGATED: { if (!PhGetOwnTokenAttributes().Elevated) { SendMessage(hwndDlg, TDM_SET_BUTTON_ELEVATION_REQUIRED_STATE, IDYES, TRUE); } } break; case TDN_BUTTON_CLICKED: { if ((INT)wParam == IDRETRY) { ShowCheckingForUpdatesDialog(context); return S_FALSE; } if ((INT)wParam == IDYES) { SHELLEXECUTEINFO info = { sizeof(SHELLEXECUTEINFO) }; if (PhIsNullOrEmptyString(context->SetupFilePath)) break; info.lpFile = context->SetupFilePath->Buffer; info.lpVerb = PhGetOwnTokenAttributes().Elevated ? NULL : L"runas"; info.nShow = SW_SHOW; info.hwnd = hwndDlg; ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle); if (!ShellExecuteEx(&info)) { // Install failed, cancel the shutdown. ProcessHacker_CancelEarlyShutdown(PhMainWndHandle); // Set button text for next action //Button_SetText(GetDlgItem(hwndDlg, IDOK), L"Retry"); return S_FALSE; } else { ProcessHacker_Destroy(PhMainWndHandle); } } } break; case TDN_HYPERLINK_CLICKED: { TaskDialogLinkClicked(context); } break; } return S_OK; }
PPH_STRING PhGetServiceTooltipText( _In_ PPH_SERVICE_ITEM Service ) { PH_STRING_BUILDER stringBuilder; SC_HANDLE serviceHandle; PhInitializeStringBuilder(&stringBuilder, 200); if (serviceHandle = PhOpenService(Service->Name->Buffer, SERVICE_QUERY_CONFIG)) { PPH_STRING fileName; PPH_STRING description; // File information if (fileName = PhGetServiceRelevantFileName(&Service->Name->sr, serviceHandle)) { PH_IMAGE_VERSION_INFO versionInfo; PPH_STRING versionInfoText; if (PhInitializeImageVersionInfo( &versionInfo, fileName->Buffer )) { versionInfoText = PhFormatImageVersionInfo( fileName, &versionInfo, &StandardIndent, 0 ); if (!PhIsNullOrEmptyString(versionInfoText)) { PhAppendStringBuilder2(&stringBuilder, L"File:\n"); PhAppendStringBuilder(&stringBuilder, &versionInfoText->sr); PhAppendCharStringBuilder(&stringBuilder, '\n'); } PhClearReference(&versionInfoText); PhDeleteImageVersionInfo(&versionInfo); } PhDereferenceObject(fileName); } // Description if (description = PhGetServiceDescription(serviceHandle)) { PhAppendStringBuilder2(&stringBuilder, L"Description:\n "); PhAppendStringBuilder(&stringBuilder, &description->sr); PhAppendCharStringBuilder(&stringBuilder, '\n'); PhDereferenceObject(description); } CloseServiceHandle(serviceHandle); } // Remove the trailing newline. if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); return PhFinalStringBuilderString(&stringBuilder); }
PPH_STRING PhGetProcessTooltipText( __in PPH_PROCESS_ITEM Process ) { PH_STRING_BUILDER stringBuilder; PPH_STRING tempString; PhInitializeStringBuilder(&stringBuilder, 200); // Command line if (Process->CommandLine) { PhAppendStringBuilder(&stringBuilder, Process->CommandLine); PhAppendCharStringBuilder(&stringBuilder, '\n'); } // File information tempString = PhFormatImageVersionInfo( Process->FileName, &Process->VersionInfo, L" ", 0 ); if (!PhIsNullOrEmptyString(tempString)) { PhAppendStringBuilder2(&stringBuilder, L"File:\n"); PhAppendStringBuilder(&stringBuilder, tempString); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (tempString) PhDereferenceObject(tempString); // Known command line information if (Process->CommandLine && Process->QueryHandle) { PH_KNOWN_PROCESS_TYPE knownProcessType; PH_KNOWN_PROCESS_COMMAND_LINE knownCommandLine; if (NT_SUCCESS(PhGetProcessKnownType( Process->QueryHandle, &knownProcessType )) && PhaGetProcessKnownCommandLine( Process->CommandLine, knownProcessType, &knownCommandLine )) { switch (knownProcessType & KnownProcessTypeMask) { case ServiceHostProcessType: PhAppendStringBuilder2(&stringBuilder, L"Service group name:\n "); PhAppendStringBuilder(&stringBuilder, knownCommandLine.ServiceHost.GroupName); PhAppendCharStringBuilder(&stringBuilder, '\n'); break; case RunDllAsAppProcessType: { PH_IMAGE_VERSION_INFO versionInfo; if (PhInitializeImageVersionInfo( &versionInfo, knownCommandLine.RunDllAsApp.FileName->Buffer )) { tempString = PhFormatImageVersionInfo( knownCommandLine.RunDllAsApp.FileName, &versionInfo, L" ", 0 ); if (!PhIsNullOrEmptyString(tempString)) { PhAppendStringBuilder2(&stringBuilder, L"Run DLL target file:\n"); PhAppendStringBuilder(&stringBuilder, tempString); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (tempString) PhDereferenceObject(tempString); PhDeleteImageVersionInfo(&versionInfo); } } break; case ComSurrogateProcessType: { PH_IMAGE_VERSION_INFO versionInfo; PPH_STRING guidString; PhAppendStringBuilder2(&stringBuilder, L"COM target:\n"); if (knownCommandLine.ComSurrogate.Name) { PhAppendStringBuilder2(&stringBuilder, L" "); PhAppendStringBuilder(&stringBuilder, knownCommandLine.ComSurrogate.Name); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (guidString = PhFormatGuid(&knownCommandLine.ComSurrogate.Guid)) { PhAppendStringBuilder2(&stringBuilder, L" "); PhAppendStringBuilder(&stringBuilder, guidString); PhDereferenceObject(guidString); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (knownCommandLine.ComSurrogate.FileName && PhInitializeImageVersionInfo( &versionInfo, knownCommandLine.ComSurrogate.FileName->Buffer )) { tempString = PhFormatImageVersionInfo( knownCommandLine.ComSurrogate.FileName, &versionInfo, L" ", 0 ); if (!PhIsNullOrEmptyString(tempString)) { PhAppendStringBuilder2(&stringBuilder, L"COM target file:\n"); PhAppendStringBuilder(&stringBuilder, tempString); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (tempString) PhDereferenceObject(tempString); PhDeleteImageVersionInfo(&versionInfo); } } break; } } } // Services if (Process->ServiceList && Process->ServiceList->Count != 0) { ULONG enumerationKey = 0; PPH_SERVICE_ITEM serviceItem; PPH_LIST serviceList; ULONG i; // Copy the service list into our own list so we can sort it. serviceList = PhCreateList(Process->ServiceList->Count); PhAcquireQueuedLockShared(&Process->ServiceListLock); while (PhEnumPointerList( Process->ServiceList, &enumerationKey, &serviceItem )) { PhReferenceObject(serviceItem); PhAddItemList(serviceList, serviceItem); } PhReleaseQueuedLockShared(&Process->ServiceListLock); qsort(serviceList->Items, serviceList->Count, sizeof(PPH_SERVICE_ITEM), ServiceForTooltipCompare); PhAppendStringBuilder2(&stringBuilder, L"Services:\n"); // Add the services. for (i = 0; i < serviceList->Count; i++) { serviceItem = serviceList->Items[i]; PhAppendStringBuilder2(&stringBuilder, L" "); PhAppendStringBuilder(&stringBuilder, serviceItem->Name); PhAppendStringBuilder2(&stringBuilder, L" ("); PhAppendStringBuilder(&stringBuilder, serviceItem->DisplayName); PhAppendStringBuilder2(&stringBuilder, L")\n"); } PhDereferenceObjects(serviceList->Items, serviceList->Count); PhDereferenceObject(serviceList); } // Tasks if (PhEqualString2(Process->ProcessName, L"taskeng.exe", TRUE) || PhEqualString2(Process->ProcessName, L"taskhost.exe", TRUE)) { PH_STRING_BUILDER tasks; PhInitializeStringBuilder(&tasks, 40); PhpFillRunningTasks(Process, &tasks); if (tasks.String->Length != 0) { PhAppendStringBuilder2(&stringBuilder, L"Tasks:\n"); PhAppendStringBuilder(&stringBuilder, tasks.String); } PhDeleteStringBuilder(&tasks); } // Plugin if (PhPluginsEnabled) { PH_PLUGIN_GET_TOOLTIP_TEXT getTooltipText; getTooltipText.Parameter = Process; getTooltipText.StringBuilder = &stringBuilder; PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackGetProcessTooltipText), &getTooltipText); } // Notes { PH_STRING_BUILDER notes; PhInitializeStringBuilder(¬es, 40); if (Process->FileName) { if (Process->VerifyResult == VrTrusted) { if (!PhIsNullOrEmptyString(Process->VerifySignerName)) PhAppendFormatStringBuilder(¬es, L" Signer: %s\n", Process->VerifySignerName->Buffer); else PhAppendStringBuilder2(¬es, L" Signed.\n"); } else if (Process->VerifyResult == VrUnknown) { // Nothing } else if (Process->VerifyResult != VrNoSignature) { PhAppendStringBuilder2(¬es, L" Signature invalid.\n"); } } if (Process->IsPacked) { PhAppendFormatStringBuilder( ¬es, L" Image is probably packed (%u imports over %u modules).\n", Process->ImportFunctions, Process->ImportModules ); } if (Process->ConsoleHostProcessId) { CLIENT_ID clientId; PPH_STRING clientIdString; clientId.UniqueProcess = Process->ConsoleHostProcessId; clientId.UniqueThread = NULL; clientIdString = PhGetClientIdName(&clientId); PhAppendFormatStringBuilder(¬es, L" Console host: %s\n", clientIdString->Buffer); PhDereferenceObject(clientIdString); } if (Process->IsDotNet) PhAppendStringBuilder2(¬es, L" Process is managed (.NET).\n"); if (Process->IsElevated) PhAppendStringBuilder2(¬es, L" Process is elevated.\n"); if (Process->IsInJob) PhAppendStringBuilder2(¬es, L" Process is in a job.\n"); if (Process->IsPosix) PhAppendStringBuilder2(¬es, L" Process is POSIX.\n"); if (Process->IsWow64) PhAppendStringBuilder2(¬es, L" Process is 32-bit (WOW64).\n"); if (notes.String->Length != 0) { PhAppendStringBuilder2(&stringBuilder, L"Notes:\n"); PhAppendStringBuilder(&stringBuilder, notes.String); } PhDeleteStringBuilder(¬es); } // Remove the trailing newline. if (stringBuilder.String->Length != 0) PhRemoveStringBuilder(&stringBuilder, stringBuilder.String->Length / 2 - 1, 1); return PhFinalStringBuilderString(&stringBuilder); }
PPH_STRING PhGetProcessTooltipText( _In_ PPH_PROCESS_ITEM Process, _Out_opt_ PULONG ValidToTickCount ) { PH_STRING_BUILDER stringBuilder; ULONG validForMs = 60 * 60 * 1000; // 1 hour PPH_STRING tempString; PH_KNOWN_PROCESS_TYPE knownProcessType = UnknownProcessType; PhInitializeStringBuilder(&stringBuilder, 200); // Command line if (Process->CommandLine) { tempString = PhEllipsisString(Process->CommandLine, 100 * 10); // This is necessary because the tooltip control seems to use some kind of O(n^9999) word-wrapping // algorithm. PhpAppendStringWithLineBreaks(&stringBuilder, &tempString->sr, 100, NULL); PhAppendCharStringBuilder(&stringBuilder, '\n'); PhDereferenceObject(tempString); } // File information tempString = PhFormatImageVersionInfo( Process->FileName, &Process->VersionInfo, &StandardIndent, 0 ); if (!PhIsNullOrEmptyString(tempString)) { PhAppendStringBuilder2(&stringBuilder, L"File:\n"); PhAppendStringBuilder(&stringBuilder, &tempString->sr); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (tempString) PhDereferenceObject(tempString); // Known command line information if (Process->QueryHandle) PhGetProcessKnownType(Process->QueryHandle, &knownProcessType); if (Process->CommandLine && Process->QueryHandle) { PH_KNOWN_PROCESS_COMMAND_LINE knownCommandLine; if (knownProcessType != UnknownProcessType && PhaGetProcessKnownCommandLine( Process->CommandLine, knownProcessType, &knownCommandLine )) { switch (knownProcessType & KnownProcessTypeMask) { case ServiceHostProcessType: PhAppendStringBuilder2(&stringBuilder, L"Service group name:\n "); PhAppendStringBuilder(&stringBuilder, &knownCommandLine.ServiceHost.GroupName->sr); PhAppendCharStringBuilder(&stringBuilder, '\n'); break; case RunDllAsAppProcessType: { PH_IMAGE_VERSION_INFO versionInfo; if (PhInitializeImageVersionInfo( &versionInfo, knownCommandLine.RunDllAsApp.FileName->Buffer )) { tempString = PhFormatImageVersionInfo( knownCommandLine.RunDllAsApp.FileName, &versionInfo, &StandardIndent, 0 ); if (!PhIsNullOrEmptyString(tempString)) { PhAppendStringBuilder2(&stringBuilder, L"Run DLL target file:\n"); PhAppendStringBuilder(&stringBuilder, &tempString->sr); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (tempString) PhDereferenceObject(tempString); PhDeleteImageVersionInfo(&versionInfo); } } break; case ComSurrogateProcessType: { PH_IMAGE_VERSION_INFO versionInfo; PPH_STRING guidString; PhAppendStringBuilder2(&stringBuilder, L"COM target:\n"); if (knownCommandLine.ComSurrogate.Name) { PhAppendStringBuilder(&stringBuilder, &StandardIndent); PhAppendStringBuilder(&stringBuilder, &knownCommandLine.ComSurrogate.Name->sr); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (guidString = PhFormatGuid(&knownCommandLine.ComSurrogate.Guid)) { PhAppendStringBuilder(&stringBuilder, &StandardIndent); PhAppendStringBuilder(&stringBuilder, &guidString->sr); PhDereferenceObject(guidString); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (knownCommandLine.ComSurrogate.FileName && PhInitializeImageVersionInfo( &versionInfo, knownCommandLine.ComSurrogate.FileName->Buffer )) { tempString = PhFormatImageVersionInfo( knownCommandLine.ComSurrogate.FileName, &versionInfo, &StandardIndent, 0 ); if (!PhIsNullOrEmptyString(tempString)) { PhAppendStringBuilder2(&stringBuilder, L"COM target file:\n"); PhAppendStringBuilder(&stringBuilder, &tempString->sr); PhAppendCharStringBuilder(&stringBuilder, '\n'); } if (tempString) PhDereferenceObject(tempString); PhDeleteImageVersionInfo(&versionInfo); } } break; } } } // Services if (Process->ServiceList && Process->ServiceList->Count != 0) { ULONG enumerationKey = 0; PPH_SERVICE_ITEM serviceItem; PPH_LIST serviceList; ULONG i; // Copy the service list into our own list so we can sort it. serviceList = PhCreateList(Process->ServiceList->Count); PhAcquireQueuedLockShared(&Process->ServiceListLock); while (PhEnumPointerList( Process->ServiceList, &enumerationKey, &serviceItem )) { PhReferenceObject(serviceItem); PhAddItemList(serviceList, serviceItem); } PhReleaseQueuedLockShared(&Process->ServiceListLock); qsort(serviceList->Items, serviceList->Count, sizeof(PPH_SERVICE_ITEM), ServiceForTooltipCompare); PhAppendStringBuilder2(&stringBuilder, L"Services:\n"); // Add the services. for (i = 0; i < serviceList->Count; i++) { serviceItem = serviceList->Items[i]; PhAppendStringBuilder(&stringBuilder, &StandardIndent); PhAppendStringBuilder(&stringBuilder, &serviceItem->Name->sr); PhAppendStringBuilder2(&stringBuilder, L" ("); PhAppendStringBuilder(&stringBuilder, &serviceItem->DisplayName->sr); PhAppendStringBuilder2(&stringBuilder, L")\n"); } PhDereferenceObjects(serviceList->Items, serviceList->Count); PhDereferenceObject(serviceList); } // Tasks, Drivers switch (knownProcessType & KnownProcessTypeMask) { case TaskHostProcessType: { PH_STRING_BUILDER tasks; PhInitializeStringBuilder(&tasks, 40); PhpFillRunningTasks(Process, &tasks); if (tasks.String->Length != 0) { PhAppendStringBuilder2(&stringBuilder, L"Tasks:\n"); PhAppendStringBuilder(&stringBuilder, &tasks.String->sr); } PhDeleteStringBuilder(&tasks); } break; case UmdfHostProcessType: { PH_STRING_BUILDER drivers; PhInitializeStringBuilder(&drivers, 40); PhpFillUmdfDrivers(Process, &drivers); if (drivers.String->Length != 0) { PhAppendStringBuilder2(&stringBuilder, L"Drivers:\n"); PhAppendStringBuilder(&stringBuilder, &drivers.String->sr); } PhDeleteStringBuilder(&drivers); validForMs = 10 * 1000; // 10 seconds } break; } // Plugin if (PhPluginsEnabled) { PH_PLUGIN_GET_TOOLTIP_TEXT getTooltipText; getTooltipText.Parameter = Process; getTooltipText.StringBuilder = &stringBuilder; getTooltipText.ValidForMs = validForMs; PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackGetProcessTooltipText), &getTooltipText); validForMs = getTooltipText.ValidForMs; } // Notes { PH_STRING_BUILDER notes; PhInitializeStringBuilder(¬es, 40); if (Process->FileName) { if (Process->VerifyResult == VrTrusted) { if (!PhIsNullOrEmptyString(Process->VerifySignerName)) PhAppendFormatStringBuilder(¬es, L" Signer: %s\n", Process->VerifySignerName->Buffer); else PhAppendStringBuilder2(¬es, L" Signed.\n"); } else if (Process->VerifyResult == VrUnknown) { // Nothing } else if (Process->VerifyResult != VrNoSignature) { PhAppendStringBuilder2(¬es, L" Signature invalid.\n"); } } if (Process->IsPacked) { PhAppendFormatStringBuilder( ¬es, L" Image is probably packed (%u imports over %u modules).\n", Process->ImportFunctions, Process->ImportModules ); } if ((ULONG_PTR)Process->ConsoleHostProcessId & ~3) { CLIENT_ID clientId; PWSTR description = L"Console host"; PPH_STRING clientIdString; clientId.UniqueProcess = (HANDLE)((ULONG_PTR)Process->ConsoleHostProcessId & ~3); clientId.UniqueThread = NULL; if ((ULONG_PTR)Process->ConsoleHostProcessId & 2) description = L"Console application"; clientIdString = PhGetClientIdName(&clientId); PhAppendFormatStringBuilder(¬es, L" %s: %s\n", description, clientIdString->Buffer); PhDereferenceObject(clientIdString); } if (Process->PackageFullName) { PhAppendFormatStringBuilder(¬es, L" Package name: %s\n", Process->PackageFullName->Buffer); } if (Process->IsDotNet) PhAppendStringBuilder2(¬es, L" Process is managed (.NET).\n"); if (Process->IsElevated) PhAppendStringBuilder2(¬es, L" Process is elevated.\n"); if (Process->IsImmersive) PhAppendStringBuilder2(¬es, L" Process is a Modern UI app.\n"); if (Process->IsInJob) PhAppendStringBuilder2(¬es, L" Process is in a job.\n"); if (Process->IsPosix) PhAppendStringBuilder2(¬es, L" Process is POSIX.\n"); if (Process->IsWow64) PhAppendStringBuilder2(¬es, L" Process is 32-bit (WOW64).\n"); if (notes.String->Length != 0) { PhAppendStringBuilder2(&stringBuilder, L"Notes:\n"); PhAppendStringBuilder(&stringBuilder, ¬es.String->sr); } PhDeleteStringBuilder(¬es); } if (ValidToTickCount) *ValidToTickCount = GetTickCount() + validForMs; // Remove the trailing newline. if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); return PhFinalStringBuilderString(&stringBuilder); }
BOOLEAN NetworkTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (!PhIsNullOrEmptyString(networkNode->NetworkItem->ProcessName)) { if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->OwnerName)) { if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr)) return TRUE; } if (networkNode->NetworkItem->LocalAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString)) return TRUE; } if (networkNode->NetworkItem->LocalPortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->LocalHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr)) return TRUE; } if (networkNode->NetworkItem->RemoteAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString)) return TRUE; } if (networkNode->NetworkItem->RemotePortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->RemoteHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr)) return TRUE; } if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType))) return TRUE; if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) && WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State))) return TRUE; if (networkNode->NetworkItem->ProcessId) { PPH_PROCESS_NODE processNode; WCHAR processIdString[PH_INT32_STR_LEN_1]; PhPrintUInt32(processIdString, HandleToUlong(networkNode->NetworkItem->ProcessId)); if (WordMatchStringZ(processIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(networkNode->NetworkItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } return FALSE; }
static BOOL QueryXmlData( VOID ) { PCHAR data = NULL; BOOL isSuccess = FALSE; HINTERNET netInitialize = NULL, netConnection = NULL, netRequest = NULL; mxml_node_t *xmlDoc = NULL, *xmlNodeVer = NULL, *xmlNodeRelDate = NULL, *xmlNodeSize = NULL, *xmlNodeHash = NULL; // Create a user agent string. PPH_STRING phVersion = PhGetPhVersion(); PPH_STRING userAgent = PhConcatStrings2(L"PH Updater v", phVersion->Buffer); __try { // Initialize the wininet library. if (!(netInitialize = InternetOpen( userAgent->Buffer, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0 ))) { LogEvent(NULL, PhFormatString(L"Updater: (InitializeConnection) InternetOpen failed (%d)", GetLastError())); __leave; } // Connect to the server. if (!(netConnection = InternetConnect( netInitialize, UPDATE_URL, INTERNET_DEFAULT_HTTP_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0 ))) { LogEvent(NULL, PhFormatString(L"Updater: (InitializeConnection) InternetConnect failed (%d)", GetLastError())); __leave; } // Open the HTTP request. if (!(netRequest = HttpOpenRequest( netConnection, L"GET", UPDATE_FILE, NULL, NULL, NULL, // wj32: do NOT cache --------------------------- Old - "Always cache the update xml, it can be cleared by deleting IE history, we configured the file to cache locally for two days." INTERNET_FLAG_RELOAD, 0 ))) { LogEvent(NULL, PhFormatString(L"Updater: (InitializeConnection) HttpOpenRequest failed (%d)", GetLastError())); __leave; } // Send the HTTP request. if (!HttpSendRequest(netRequest, NULL, 0, NULL, 0)) { LogEvent(NULL, PhFormatString(L"HttpSendRequest failed (%d)", GetLastError())); __leave; } // Read the resulting xml into our buffer. if (!ReadRequestString(netRequest, &data, NULL)) { // We don't need to log this. __leave; } // Load our XML. xmlDoc = mxmlLoadString(NULL, data, QueryXmlDataCallback); // Check our XML. if (xmlDoc == NULL || xmlDoc->type != MXML_ELEMENT) { LogEvent(NULL, PhCreateString(L"Updater: (WorkerThreadStart) mxmlLoadString failed.")); __leave; } // Find the ver node. xmlNodeVer = mxmlFindElement(xmlDoc, xmlDoc, "ver", NULL, NULL, MXML_DESCEND); // Find the reldate node. xmlNodeRelDate = mxmlFindElement(xmlDoc, xmlDoc, "reldate", NULL, NULL, MXML_DESCEND); // Find the size node. xmlNodeSize = mxmlFindElement(xmlDoc, xmlDoc, "size", NULL, NULL, MXML_DESCEND); // Find the hash node. xmlNodeHash = mxmlFindElement(xmlDoc, xmlDoc, "sha1", NULL, NULL, MXML_DESCEND); // Format strings into unicode PPH_STRING's UpdateData.Version = PhGetOpaqueXmlNodeText(xmlNodeVer); UpdateData.RelDate = PhGetOpaqueXmlNodeText(xmlNodeRelDate); UpdateData.Size = PhGetOpaqueXmlNodeText(xmlNodeSize); UpdateData.Hash = PhGetOpaqueXmlNodeText(xmlNodeHash); // parse and check string //if (!ParseVersionString(XmlData->Version->Buffer, &XmlData->MajorVersion, &XmlData->MinorVersion)) // __leave; if (!PhIsNullOrEmptyString(UpdateData.Version)) { PH_STRINGREF sr, majorPart, minorPart; ULONG64 majorInteger = 0, minorInteger = 0; PhInitializeStringRef(&sr, UpdateData.Version->Buffer); if (PhSplitStringRefAtChar(&sr, '.', &majorPart, &minorPart)) { PhStringToInteger64(&majorPart, 10, &majorInteger); PhStringToInteger64(&minorPart, 10, &minorInteger); UpdateData.MajorVersion = (ULONG)majorInteger; UpdateData.MinorVersion = (ULONG)minorInteger; isSuccess = TRUE; } } } __finally { if (xmlDoc) { mxmlDelete(xmlDoc); xmlDoc = NULL; } if (netInitialize) { InternetCloseHandle(netInitialize); netInitialize = NULL; } if (netConnection) { InternetCloseHandle(netConnection); netConnection = NULL; } if (netRequest) { InternetCloseHandle(netRequest); netRequest = NULL; } if (userAgent) { PhDereferenceObject(userAgent); userAgent = NULL; } if (phVersion) { PhDereferenceObject(phVersion); phVersion = NULL; } } return isSuccess; }
BOOLEAN ProcessTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_PROCESS_NODE processNode = (PPH_PROCESS_NODE)Node; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (!PhIsNullOrEmptyString(processNode->ProcessItem->ProcessName)) { if (WordMatchStringRef(&processNode->ProcessItem->ProcessName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->FileName)) { if (WordMatchStringRef(&processNode->ProcessItem->FileName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->CommandLine)) { if (WordMatchStringRef(&processNode->ProcessItem->CommandLine->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.CompanyName)) { if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.CompanyName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.FileDescription)) { if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.FileDescription->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.FileVersion)) { if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.FileVersion->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.ProductName)) { if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.ProductName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->UserName)) { if (WordMatchStringRef(&processNode->ProcessItem->UserName->sr)) return TRUE; } if (processNode->ProcessItem->IntegrityString) { if (WordMatchStringZ(processNode->ProcessItem->IntegrityString)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->JobName)) { if (WordMatchStringRef(&processNode->ProcessItem->JobName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->VerifySignerName)) { if (WordMatchStringRef(&processNode->ProcessItem->VerifySignerName->sr)) return TRUE; } if (processNode->ProcessItem->ProcessIdString[0]) { if (WordMatchStringZ(processNode->ProcessItem->ProcessIdString)) return TRUE; } if (processNode->ProcessItem->ParentProcessIdString[0]) { if (WordMatchStringZ(processNode->ProcessItem->ParentProcessIdString)) return TRUE; } if (processNode->ProcessItem->SessionIdString[0]) { if (WordMatchStringZ(processNode->ProcessItem->SessionIdString)) return TRUE; } if (!PhIsNullOrEmptyString(processNode->ProcessItem->PackageFullName)) { if (WordMatchStringRef(&processNode->ProcessItem->PackageFullName->sr)) return TRUE; } if (WordMatchStringZ(PhGetProcessPriorityClassString(processNode->ProcessItem->PriorityClass))) { return TRUE; } if (processNode->ProcessItem->VerifyResult != VrUnknown) { switch (processNode->ProcessItem->VerifyResult) { case VrNoSignature: if (WordMatchStringZ(L"NoSignature")) return TRUE; break; case VrTrusted: if (WordMatchStringZ(L"Trusted")) return TRUE; break; case VrExpired: if (WordMatchStringZ(L"Expired")) return TRUE; break; case VrRevoked: if (WordMatchStringZ(L"Revoked")) return TRUE; break; case VrDistrust: if (WordMatchStringZ(L"Distrust")) return TRUE; break; case VrSecuritySettings: if (WordMatchStringZ(L"SecuritySettings")) return TRUE; break; case VrBadSignature: if (WordMatchStringZ(L"BadSignature")) return TRUE; break; default: if (WordMatchStringZ(L"Unknown")) return TRUE; break; } } if (processNode->ProcessItem->ElevationType != TokenElevationTypeDefault) { switch (processNode->ProcessItem->ElevationType) { case TokenElevationTypeLimited: if (WordMatchStringZ(L"Limited")) return TRUE; break; case TokenElevationTypeFull: if (WordMatchStringZ(L"Full")) return TRUE; break; default: if (WordMatchStringZ(L"Unknown")) return TRUE; break; } } if (WordMatchStringZ(L"IsBeingDebugged") && processNode->ProcessItem->IsBeingDebugged) { return TRUE; } if (WordMatchStringZ(L"IsDotNet") && processNode->ProcessItem->IsDotNet) { return TRUE; } if (WordMatchStringZ(L"IsElevated") && processNode->ProcessItem->IsElevated) { return TRUE; } if (WordMatchStringZ(L"IsInJob") && processNode->ProcessItem->IsInJob) { return TRUE; } if (WordMatchStringZ(L"IsInSignificantJob") && processNode->ProcessItem->IsInSignificantJob) { return TRUE; } if (WordMatchStringZ(L"IsPacked") && processNode->ProcessItem->IsPacked) { return TRUE; } if (WordMatchStringZ(L"IsSuspended") && processNode->ProcessItem->IsSuspended) { return TRUE; } if (WordMatchStringZ(L"IsWow64") && processNode->ProcessItem->IsWow64) { return TRUE; } if (WordMatchStringZ(L"IsImmersive") && processNode->ProcessItem->IsImmersive) { return TRUE; } if (WordMatchStringZ(L"IsProtectedProcess") && processNode->ProcessItem->IsProtectedProcess) { return TRUE; } if (WordMatchStringZ(L"IsSecureProcess") && processNode->ProcessItem->IsSecureProcess) { return TRUE; } if (WordMatchStringZ(L"IsPicoProcess") && processNode->ProcessItem->IsSubsystemProcess) { return TRUE; } if (processNode->ProcessItem->ServiceList && processNode->ProcessItem->ServiceList->Count) { ULONG enumerationKey = 0; PPH_SERVICE_ITEM serviceItem; PPH_LIST serviceList; ULONG i; BOOLEAN matched = FALSE; // Copy the service list so we can search it. serviceList = PhCreateList(processNode->ProcessItem->ServiceList->Count); PhAcquireQueuedLockShared(&processNode->ProcessItem->ServiceListLock); while (PhEnumPointerList( processNode->ProcessItem->ServiceList, &enumerationKey, &serviceItem )) { PhReferenceObject(serviceItem); PhAddItemList(serviceList, serviceItem); } PhReleaseQueuedLockShared(&processNode->ProcessItem->ServiceListLock); for (i = 0; i < serviceList->Count; i++) { PPH_STRING serviceFileName = NULL; PPH_STRING serviceBinaryPath = NULL; serviceItem = serviceList->Items[i]; if (!PhIsNullOrEmptyString(serviceItem->Name)) { if (WordMatchStringRef(&serviceItem->Name->sr)) { matched = TRUE; break; } } if (!PhIsNullOrEmptyString(serviceItem->DisplayName)) { if (WordMatchStringRef(&serviceItem->DisplayName->sr)) { matched = TRUE; break; } } if (serviceItem->ProcessId) { if (WordMatchStringZ(serviceItem->ProcessIdString)) { matched = TRUE; break; } } if (NT_SUCCESS(QueryServiceFileName( &serviceItem->Name->sr, &serviceFileName, &serviceBinaryPath ))) { if (serviceFileName) { if (WordMatchStringRef(&serviceFileName->sr)) { matched = TRUE; } PhDereferenceObject(serviceFileName); } if (serviceBinaryPath) { if (WordMatchStringRef(&serviceBinaryPath->sr)) { matched = TRUE; } PhDereferenceObject(serviceBinaryPath); } if (matched) break; } } PhDereferenceObjects(serviceList->Items, serviceList->Count); PhDereferenceObject(serviceList); if (matched) return TRUE; } return FALSE; }
INT_PTR CALLBACK WepWindowsPageProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { PWINDOWS_CONTEXT context; LPPROPSHEETPAGE propSheetPage; PPH_PROCESS_PROPPAGECONTEXT propPageContext; PPH_PROCESS_ITEM processItem; if (PhPropPageDlgProcHeader(hwndDlg, uMsg, lParam, &propSheetPage, &propPageContext, &processItem)) { context = propPageContext->Context; } else { return FALSE; } switch (uMsg) { case WM_INITDIALOG: { context->TreeNewHandle = GetDlgItem(hwndDlg, IDC_LIST); context->SearchBoxHandle = GetDlgItem(hwndDlg, IDC_SEARCHEDIT); PhCreateSearchControl(hwndDlg, context->SearchBoxHandle, L"Search Windows (Ctrl+K)"); WeInitializeWindowTree(hwndDlg, context->TreeNewHandle, &context->TreeContext); PhRegisterDialog(hwndDlg); PhInitializeLayoutManager(&context->LayoutManager, hwndDlg); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_SEARCHEDIT), NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL, PH_ANCHOR_ALL); WepRefreshWindows(context); } break; case WM_SHOWWINDOW: { if (PhBeginPropPageLayout(hwndDlg, propPageContext)) PhEndPropPageLayout(hwndDlg, propPageContext); } break; case WM_DESTROY: { PhDeleteLayoutManager(&context->LayoutManager); PhUnregisterDialog(hwndDlg); WeDeleteWindowTree(&context->TreeContext); WepDeleteWindowSelector(&context->Selector); PhFree(context); } break; case WM_COMMAND: { switch (GET_WM_COMMAND_CMD(wParam, lParam)) { case EN_CHANGE: { PPH_STRING newSearchboxText; if (GET_WM_COMMAND_HWND(wParam, lParam) != context->SearchBoxHandle) break; newSearchboxText = PH_AUTO(PhGetWindowText(context->SearchBoxHandle)); if (!PhEqualString(context->TreeContext.SearchboxText, newSearchboxText, FALSE)) { PhSwapReference(&context->TreeContext.SearchboxText, newSearchboxText); if (!PhIsNullOrEmptyString(context->TreeContext.SearchboxText)) WeExpandAllWindowNodes(&context->TreeContext, TRUE); PhApplyTreeNewFilters(&context->TreeContext.FilterSupport); TreeNew_NodesStructured(context->TreeNewHandle); // PhInvokeCallback(&SearchChangedEvent, SearchboxText); } } break; } switch (GET_WM_COMMAND_ID(wParam, lParam)) { case IDC_REFRESH: WepRefreshWindows(context); break; case ID_SHOWCONTEXTMENU: { PPH_TREENEW_CONTEXT_MENU contextMenuEvent = (PPH_TREENEW_CONTEXT_MENU)lParam; PWE_WINDOW_NODE *windows; ULONG numberOfWindows; PPH_EMENU menu; PPH_EMENU selectedItem; WeGetSelectedWindowNodes( &context->TreeContext, &windows, &numberOfWindows ); if (numberOfWindows != 0) { menu = PhCreateEMenu(); PhLoadResourceEMenuItem(menu, PluginInstance->DllBase, MAKEINTRESOURCE(IDR_WINDOW), 0); PhInsertCopyCellEMenuItem(menu, ID_WINDOW_COPY, context->TreeNewHandle, contextMenuEvent->Column); PhSetFlagsEMenuItem(menu, ID_WINDOW_PROPERTIES, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT); if (numberOfWindows == 1) { WINDOWPLACEMENT placement = { sizeof(placement) }; BYTE alpha; ULONG flags; ULONG i; ULONG id; // State GetWindowPlacement(windows[0]->WindowHandle, &placement); if (placement.showCmd == SW_MINIMIZE) PhSetFlagsEMenuItem(menu, ID_WINDOW_MINIMIZE, PH_EMENU_DISABLED, PH_EMENU_DISABLED); else if (placement.showCmd == SW_MAXIMIZE) PhSetFlagsEMenuItem(menu, ID_WINDOW_MAXIMIZE, PH_EMENU_DISABLED, PH_EMENU_DISABLED); else if (placement.showCmd == SW_NORMAL) PhSetFlagsEMenuItem(menu, ID_WINDOW_RESTORE, PH_EMENU_DISABLED, PH_EMENU_DISABLED); // Visible PhSetFlagsEMenuItem(menu, ID_WINDOW_VISIBLE, PH_EMENU_CHECKED, (GetWindowLong(windows[0]->WindowHandle, GWL_STYLE) & WS_VISIBLE) ? PH_EMENU_CHECKED : 0); // Enabled PhSetFlagsEMenuItem(menu, ID_WINDOW_ENABLED, PH_EMENU_CHECKED, !(GetWindowLong(windows[0]->WindowHandle, GWL_STYLE) & WS_DISABLED) ? PH_EMENU_CHECKED : 0); // Always on Top PhSetFlagsEMenuItem(menu, ID_WINDOW_ALWAYSONTOP, PH_EMENU_CHECKED, (GetWindowLong(windows[0]->WindowHandle, GWL_EXSTYLE) & WS_EX_TOPMOST) ? PH_EMENU_CHECKED : 0); // Opacity if (GetLayeredWindowAttributes(windows[0]->WindowHandle, NULL, &alpha, &flags)) { if (!(flags & LWA_ALPHA)) alpha = 255; } else { alpha = 255; } if (alpha == 255) { id = ID_OPACITY_OPAQUE; } else { id = 0; // Due to integer division, we cannot use simple arithmetic to calculate which menu item to check. for (i = 0; i < 10; i++) { if (alpha == (BYTE)(255 * (i + 1) / 10)) { id = ID_OPACITY_10 + i; break; } } } if (id != 0) { PhSetFlagsEMenuItem(menu, id, PH_EMENU_CHECKED | PH_EMENU_RADIOCHECK, PH_EMENU_CHECKED | PH_EMENU_RADIOCHECK); } } else { PhSetFlagsAllEMenuItems(menu, PH_EMENU_DISABLED, PH_EMENU_DISABLED); PhSetFlagsEMenuItem(menu, ID_WINDOW_COPY, PH_EMENU_DISABLED, 0); } selectedItem = PhShowEMenu( menu, hwndDlg, PH_EMENU_SHOW_SEND_COMMAND | PH_EMENU_SHOW_LEFTRIGHT, PH_ALIGN_LEFT | PH_ALIGN_TOP, contextMenuEvent->Location.x, contextMenuEvent->Location.y ); if (selectedItem && selectedItem->Id != -1) { BOOLEAN handled = FALSE; handled = PhHandleCopyCellEMenuItem(selectedItem); } PhDestroyEMenu(menu); } } break; case ID_WINDOW_BRINGTOFRONT: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { WINDOWPLACEMENT placement = { sizeof(placement) }; GetWindowPlacement(selectedNode->WindowHandle, &placement); if (placement.showCmd == SW_MINIMIZE) ShowWindowAsync(selectedNode->WindowHandle, SW_RESTORE); else SetForegroundWindow(selectedNode->WindowHandle); } } break; case ID_WINDOW_RESTORE: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { ShowWindowAsync(selectedNode->WindowHandle, SW_RESTORE); } } break; case ID_WINDOW_MINIMIZE: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { ShowWindowAsync(selectedNode->WindowHandle, SW_MINIMIZE); } } break; case ID_WINDOW_MAXIMIZE: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { ShowWindowAsync(selectedNode->WindowHandle, SW_MAXIMIZE); } } break; case ID_WINDOW_CLOSE: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { PostMessage(selectedNode->WindowHandle, WM_CLOSE, 0, 0); } } break; case ID_WINDOW_VISIBLE: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { if (IsWindowVisible(selectedNode->WindowHandle)) { selectedNode->WindowVisible = FALSE; ShowWindowAsync(selectedNode->WindowHandle, SW_HIDE); } else { selectedNode->WindowVisible = TRUE; ShowWindowAsync(selectedNode->WindowHandle, SW_SHOW); } PhInvalidateTreeNewNode(&selectedNode->Node, TN_CACHE_COLOR); TreeNew_InvalidateNode(context->TreeNewHandle, &selectedNode->Node); } } break; case ID_WINDOW_ENABLED: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { EnableWindow(selectedNode->WindowHandle, !IsWindowEnabled(selectedNode->WindowHandle)); } } break; case ID_WINDOW_ALWAYSONTOP: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { LOGICAL topMost; topMost = GetWindowLong(selectedNode->WindowHandle, GWL_EXSTYLE) & WS_EX_TOPMOST; SetWindowPos(selectedNode->WindowHandle, topMost ? HWND_NOTOPMOST : HWND_TOPMOST, 0, 0, 0, 0, SWP_NOACTIVATE | SWP_NOMOVE | SWP_NOSIZE); } } break; case ID_OPACITY_10: case ID_OPACITY_20: case ID_OPACITY_30: case ID_OPACITY_40: case ID_OPACITY_50: case ID_OPACITY_60: case ID_OPACITY_70: case ID_OPACITY_80: case ID_OPACITY_90: case ID_OPACITY_OPAQUE: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { ULONG opacity; opacity = ((ULONG)LOWORD(wParam) - ID_OPACITY_10) + 1; if (opacity == 10) { // Remove the WS_EX_LAYERED bit since it is not needed. PhSetWindowExStyle(selectedNode->WindowHandle, WS_EX_LAYERED, 0); RedrawWindow(selectedNode->WindowHandle, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_FRAME | RDW_ALLCHILDREN); } else { // Add the WS_EX_LAYERED bit so opacity will work. PhSetWindowExStyle(selectedNode->WindowHandle, WS_EX_LAYERED, WS_EX_LAYERED); SetLayeredWindowAttributes(selectedNode->WindowHandle, 0, (BYTE)(255 * opacity / 10), LWA_ALPHA); } } } break; case ID_WINDOW_HIGHLIGHT: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { if (context->HighlightingWindow) { if (context->HighlightingWindowCount & 1) WeInvertWindowBorder(context->HighlightingWindow); } context->HighlightingWindow = selectedNode->WindowHandle; context->HighlightingWindowCount = 10; SetTimer(hwndDlg, 9, 100, NULL); } } break; case ID_WINDOW_GOTOTHREAD: { PWE_WINDOW_NODE selectedNode; PPH_PROCESS_ITEM processItem; PPH_PROCESS_PROPCONTEXT propContext; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) { if (processItem = PhReferenceProcessItem(selectedNode->ClientId.UniqueProcess)) { if (propContext = PhCreateProcessPropContext(WE_PhMainWndHandle, processItem)) { PhSetSelectThreadIdProcessPropContext(propContext, selectedNode->ClientId.UniqueThread); PhShowProcessProperties(propContext); PhDereferenceObject(propContext); } PhDereferenceObject(processItem); } else { PhShowError(hwndDlg, L"The process does not exist."); } } } break; case ID_WINDOW_PROPERTIES: { PWE_WINDOW_NODE selectedNode; if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext)) WeShowWindowProperties(hwndDlg, selectedNode->WindowHandle); } break; case ID_WINDOW_COPY: { PPH_STRING text; text = PhGetTreeNewText(context->TreeNewHandle, 0); PhSetClipboardString(hwndDlg, &text->sr); PhDereferenceObject(text); } break; } } break; case WM_TIMER: { switch (wParam) { case 9: { WeInvertWindowBorder(context->HighlightingWindow); if (--context->HighlightingWindowCount == 0) KillTimer(hwndDlg, 9); } break; } } break; case WM_SIZE: PhLayoutManagerLayout(&context->LayoutManager); break; case WM_NOTIFY: { LPNMHDR header = (LPNMHDR)lParam; switch (header->code) { case PSN_QUERYINITIALFOCUS: SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, (LPARAM)GetDlgItem(hwndDlg, IDC_REFRESH)); return TRUE; } } break; } return FALSE; }
BOOLEAN PhLoadSettingsColumnSet( _In_ PWSTR SettingName, _In_ PPH_STRING ColumnSetName, _Out_ PPH_STRING *TreeListSettings, _Out_ PPH_STRING *TreeSortSettings ) { PPH_STRING treeSettings = NULL; PPH_STRING sortSettings = NULL; PPH_STRING settingsString; ULONG64 count; ULONG64 index; PH_STRINGREF remaining; PH_STRINGREF part; settingsString = PhaGetStringSetting(SettingName); remaining = settingsString->sr; if (remaining.Length == 0) return FALSE; if (!PhSplitStringRefAtChar(&remaining, '-', &part, &remaining)) return FALSE; if (!PhStringToInteger64(&part, 10, &count)) return FALSE; for (index = 0; index < count; index++) { PH_STRINGREF columnSetNamePart; PH_STRINGREF columnSetSettingPart; PH_STRINGREF columnSetSortPart; if (remaining.Length == 0) break; PhSplitStringRefAtChar(&remaining, '-', &columnSetNamePart, &remaining); PhSplitStringRefAtChar(&remaining, '-', &columnSetSettingPart, &remaining); PhSplitStringRefAtChar(&remaining, '-', &columnSetSortPart, &remaining); if (PhEqualStringRef(&columnSetNamePart, &ColumnSetName->sr, FALSE)) { treeSettings = PhCreateString2(&columnSetSettingPart); sortSettings = PhCreateString2(&columnSetSortPart); break; } } if (!PhIsNullOrEmptyString(treeSettings) && !PhIsNullOrEmptyString(sortSettings)) { *TreeListSettings = treeSettings; *TreeSortSettings = sortSettings; return TRUE; } else { if (treeSettings) PhDereferenceObject(treeSettings); if (sortSettings) PhDereferenceObject(sortSettings); return FALSE; } }