BOOLEAN NetworkTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node; PPH_STRING processNameText; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; // TODO: We need export the PPH_NETWORK_NODE->ProcessNameText field to search // waiting/unknown network connections... For now just replicate the data here. processNameText = PhpNetworkTreeGetNetworkItemProcessName(networkNode->NetworkItem); if (!PhIsNullOrEmptyString(processNameText)) { if (WordMatchStringRef(&processNameText->sr)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->ProcessName)) { if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->OwnerName)) { if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr)) return TRUE; } if (networkNode->NetworkItem->LocalAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString)) return TRUE; } if (networkNode->NetworkItem->LocalPortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->LocalHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr)) return TRUE; } if (networkNode->NetworkItem->RemoteAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString)) return TRUE; } if (networkNode->NetworkItem->RemotePortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->RemoteHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr)) return TRUE; } if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType))) return TRUE; if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) && WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State))) return TRUE; if (networkNode->NetworkItem->ProcessId) { PPH_PROCESS_NODE processNode; WCHAR processIdString[PH_INT32_STR_LEN_1]; PhPrintUInt32(processIdString, HandleToUlong(networkNode->NetworkItem->ProcessId)); if (WordMatchStringZ(processIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(networkNode->NetworkItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } return FALSE; }
BOOLEAN NetworkTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (!PhIsNullOrEmptyString(networkNode->NetworkItem->ProcessName)) { if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->OwnerName)) { if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr)) return TRUE; } if (networkNode->NetworkItem->LocalAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString)) return TRUE; } if (networkNode->NetworkItem->LocalPortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->LocalHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr)) return TRUE; } if (networkNode->NetworkItem->RemoteAddressString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString)) return TRUE; } if (networkNode->NetworkItem->RemotePortString[0]) { if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString)) return TRUE; } if (!PhIsNullOrEmptyString(networkNode->NetworkItem->RemoteHostString)) { if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr)) return TRUE; } if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType))) return TRUE; if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) && WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State))) return TRUE; if (networkNode->NetworkItem->ProcessId) { PPH_PROCESS_NODE processNode; WCHAR processIdString[PH_INT32_STR_LEN_1]; PhPrintUInt32(processIdString, HandleToUlong(networkNode->NetworkItem->ProcessId)); if (WordMatchStringZ(processIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(networkNode->NetworkItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } return FALSE; }
BOOLEAN ServiceTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node; PPH_STRING serviceFileName = NULL; PPH_STRING serviceBinaryPath = NULL; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type))) return TRUE; if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State))) return TRUE; if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType))) return TRUE; if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl))) return TRUE; if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->Name)) { if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr)) return TRUE; } if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->DisplayName)) { if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr)) return TRUE; } if (serviceNode->ServiceItem->ProcessId) { PPH_PROCESS_NODE processNode; if (WordMatchStringZ(serviceNode->ServiceItem->ProcessIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(serviceNode->ServiceItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->VerifySignerName)) { if (WordMatchStringRef(&serviceNode->ServiceItem->VerifySignerName->sr)) return TRUE; } if (serviceNode->ServiceItem->VerifyResult != VrUnknown) { switch (serviceNode->ServiceItem->VerifyResult) { case VrNoSignature: if (WordMatchStringZ(L"NoSignature")) return TRUE; break; case VrTrusted: if (WordMatchStringZ(L"Trusted")) return TRUE; break; case VrExpired: if (WordMatchStringZ(L"Expired")) return TRUE; break; case VrRevoked: if (WordMatchStringZ(L"Revoked")) return TRUE; break; case VrDistrust: if (WordMatchStringZ(L"Distrust")) return TRUE; break; case VrSecuritySettings: if (WordMatchStringZ(L"SecuritySettings")) return TRUE; break; case VrBadSignature: if (WordMatchStringZ(L"BadSignature")) return TRUE; break; default: if (WordMatchStringZ(L"Unknown")) return TRUE; break; } } if (NT_SUCCESS(QueryServiceFileName( &serviceNode->ServiceItem->Name->sr, &serviceFileName, &serviceBinaryPath ))) { BOOLEAN matched = FALSE; if (serviceFileName) { if (WordMatchStringRef(&serviceFileName->sr)) { matched = TRUE; } PhDereferenceObject(serviceFileName); } if (serviceBinaryPath) { if (WordMatchStringRef(&serviceBinaryPath->sr)) { matched = TRUE; } PhDereferenceObject(serviceBinaryPath); } if (matched) return TRUE; } return FALSE; }
BOOLEAN ServiceTreeFilterCallback( _In_ PPH_TREENEW_NODE Node, _In_opt_ PVOID Context ) { PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node; PPH_STRING serviceFileName = NULL; PPH_STRING serviceBinaryPath = NULL; if (PhIsNullOrEmptyString(SearchboxText)) return TRUE; if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type))) return TRUE; if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State))) return TRUE; if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType))) return TRUE; if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl))) return TRUE; if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->Name)) { if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr)) return TRUE; } if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->DisplayName)) { if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr)) return TRUE; } if (serviceNode->ServiceItem->ProcessId) { PPH_PROCESS_NODE processNode; WCHAR processIdString[PH_INT32_STR_LEN_1]; PhPrintUInt32(processIdString, HandleToUlong(serviceNode->ServiceItem->ProcessId)); if (WordMatchStringZ(processIdString)) return TRUE; // Search the process node if (processNode = PhFindProcessNode(serviceNode->ServiceItem->ProcessId)) { if (ProcessTreeFilterCallback(&processNode->Node, NULL)) return TRUE; } } if (NT_SUCCESS(QueryServiceFileName( &serviceNode->ServiceItem->Name->sr, &serviceFileName, &serviceBinaryPath ))) { BOOLEAN matched = FALSE; if (serviceFileName) { if (WordMatchStringRef(&serviceFileName->sr)) { matched = TRUE; } PhDereferenceObject(serviceFileName); } if (serviceBinaryPath) { if (WordMatchStringRef(&serviceBinaryPath->sr)) { matched = TRUE; } PhDereferenceObject(serviceBinaryPath); } if (matched) return TRUE; } return FALSE; }