VOID PhpUpdateThreadDetails(
_In_ HWND hwndDlg,
_In_ PPH_THREADS_CONTEXT Context,
_In_ BOOLEAN Force
)
{
PPH_THREAD_ITEM *threads;
ULONG numberOfThreads;
PPH_THREAD_ITEM threadItem;
PPH_STRING startModule = NULL;
PPH_STRING started = NULL;
WCHAR kernelTime[PH_TIMESPAN_STR_LEN_1] = L"N/A";
WCHAR userTime[PH_TIMESPAN_STR_LEN_1] = L"N/A";
PPH_STRING contextSwitches = NULL;
PPH_STRING cycles = NULL;
PPH_STRING state = NULL;
WCHAR priority[PH_INT32_STR_LEN_1] = L"N/A";
WCHAR basePriority[PH_INT32_STR_LEN_1] = L"N/A";
PWSTR ioPriority = L"N/A";
PWSTR pagePriority = L"N/A";
WCHAR idealProcessor[PH_INT32_STR_LEN + 1 + PH_INT32_STR_LEN + 1] = L"N/A";
HANDLE threadHandle;
SYSTEMTIME time;
IO_PRIORITY_HINT ioPriorityInteger;
ULONG pagePriorityInteger;
PROCESSOR_NUMBER idealProcessorNumber;
ULONG suspendCount;
PhGetSelectedThreadItems(&Context->ListContext, &threads, &numberOfThreads);
if (numberOfThreads == 1)
threadItem = threads[0];
else
threadItem = NULL;
PhFree(threads);
if (numberOfThreads != 1 && !Force)
return;
if (numberOfThreads == 1)
{
startModule = threadItem->StartAddressFileName;
PhLargeIntegerToLocalSystemTime(&time, &threadItem->CreateTime);
started = PhaFormatDateTime(&time);
PhPrintTimeSpan(kernelTime, threadItem->KernelTime.QuadPart, PH_TIMESPAN_HMSM);
PhPrintTimeSpan(userTime, threadItem->UserTime.QuadPart, PH_TIMESPAN_HMSM);
contextSwitches = PhaFormatUInt64(threadItem->ContextSwitchesDelta.Value, TRUE);
if (WINDOWS_HAS_CYCLE_TIME)
cycles = PhaFormatUInt64(threadItem->CyclesDelta.Value, TRUE);
if (threadItem->State != Waiting)
{
if ((ULONG)threadItem->State < MaximumThreadState)
state = PhaCreateString(PhKThreadStateNames[(ULONG)threadItem->State]);
else
state = PhaCreateString(L"Unknown");
}
else
{
if ((ULONG)threadItem->WaitReason < MaximumWaitReason)
state = PhaConcatStrings2(L"Wait:", PhKWaitReasonNames[(ULONG)threadItem->WaitReason]);
else
state = PhaCreateString(L"Waiting");
}
PhPrintInt32(priority, threadItem->Priority);
PhPrintInt32(basePriority, threadItem->BasePriority);
if (NT_SUCCESS(PhOpenThread(&threadHandle, ThreadQueryAccess, threadItem->ThreadId)))
{
if (NT_SUCCESS(PhGetThreadIoPriority(threadHandle, &ioPriorityInteger)) &&
ioPriorityInteger < MaxIoPriorityTypes)
{
ioPriority = PhIoPriorityHintNames[ioPriorityInteger];
}
if (NT_SUCCESS(PhGetThreadPagePriority(threadHandle, &pagePriorityInteger)) &&
pagePriorityInteger <= MEMORY_PRIORITY_NORMAL)
{
pagePriority = PhPagePriorityNames[pagePriorityInteger];
}
if (NT_SUCCESS(NtQueryInformationThread(threadHandle, ThreadIdealProcessorEx, &idealProcessorNumber, sizeof(PROCESSOR_NUMBER), NULL)))
{
PH_FORMAT format[3];
PhInitFormatU(&format[0], idealProcessorNumber.Group);
PhInitFormatC(&format[1], ':');
PhInitFormatU(&format[2], idealProcessorNumber.Number);
PhFormatToBuffer(format, 3, idealProcessor, sizeof(idealProcessor), NULL);
}
if (threadItem->WaitReason == Suspended && NT_SUCCESS(NtQueryInformationThread(threadHandle, ThreadSuspendCount, &suspendCount, sizeof(ULONG), NULL)))
{
PH_FORMAT format[4];
PhInitFormatSR(&format[0], state->sr);
PhInitFormatS(&format[1], L" (");
PhInitFormatU(&format[2], suspendCount);
PhInitFormatS(&format[3], L")");
state = PH_AUTO(PhFormat(format, 4, 30));
}
NtClose(threadHandle);
}
}
if (Force)
{
// These don't change...
SetDlgItemText(hwndDlg, IDC_STARTMODULE, PhGetStringOrEmpty(startModule));
EnableWindow(GetDlgItem(hwndDlg, IDC_OPENSTARTMODULE), !!startModule);
SetDlgItemText(hwndDlg, IDC_STARTED, PhGetStringOrDefault(started, L"N/A"));
}
SetDlgItemText(hwndDlg, IDC_KERNELTIME, kernelTime);
SetDlgItemText(hwndDlg, IDC_USERTIME, userTime);
SetDlgItemText(hwndDlg, IDC_CONTEXTSWITCHES, PhGetStringOrDefault(contextSwitches, L"N/A"));
SetDlgItemText(hwndDlg, IDC_CYCLES, PhGetStringOrDefault(cycles, L"N/A"));
SetDlgItemText(hwndDlg, IDC_STATE, PhGetStringOrDefault(state, L"N/A"));
SetDlgItemText(hwndDlg, IDC_PRIORITY, priority);
SetDlgItemText(hwndDlg, IDC_BASEPRIORITY, basePriority);
SetDlgItemText(hwndDlg, IDC_IOPRIORITY, ioPriority);
SetDlgItemText(hwndDlg, IDC_PAGEPRIORITY, pagePriority);
SetDlgItemText(hwndDlg, IDC_IDEALPROCESSOR, idealProcessor);
}
VOID TreeNewMessageCallback(
__in_opt PVOID Parameter,
__in_opt PVOID Context
)
{
PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
switch (message->Message)
{
case TreeNewGetCellText:
{
PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
PPH_PROCESS_NODE node;
PPROCESS_EXTENSION extension;
node = (PPH_PROCESS_NODE)getCellText->Node;
extension = PhPluginGetObjectExtension(PluginInstance, node->ProcessItem, EmProcessItemType);
switch (message->SubId)
{
case COLUMN_ID_AVGCPU10:
case COLUMN_ID_AVGCPU60:
{
FLOAT cpuUsage;
PWCHAR buffer;
if (message->SubId == COLUMN_ID_AVGCPU10)
{
cpuUsage = extension->Avg10CpuUsage * 100;
buffer = extension->Avg10CpuUsageText;
}
else
{
cpuUsage = extension->Avg60CpuUsage * 100;
buffer = extension->Avg60CpuUsageText;
}
if (cpuUsage >= 0.01)
{
PH_FORMAT format;
SIZE_T returnLength;
PhInitFormatF(&format, cpuUsage, 2);
if (PhFormatToBuffer(&format, 1, buffer, PH_INT32_STR_LEN_1 * sizeof(WCHAR), &returnLength))
{
getCellText->Text.Buffer = buffer;
getCellText->Text.Length = (USHORT)(returnLength - sizeof(WCHAR)); // minus null terminator
}
}
else if (cpuUsage != 0 && PhGetIntegerSetting(L"ShowCpuBelow001"))
{
PhInitializeStringRef(&getCellText->Text, L"< 0.01");
}
}
break;
}
}
break;
}
}
NTSTATUS KphConnect2Ex(
_In_opt_ PWSTR DeviceName,
_In_ PWSTR FileName,
_In_opt_ PKPH_PARAMETERS Parameters
)
{
NTSTATUS status;
WCHAR fullDeviceName[256];
PH_FORMAT format[2];
SC_HANDLE scmHandle;
SC_HANDLE serviceHandle;
BOOLEAN started = FALSE;
BOOLEAN created = FALSE;
if (!DeviceName)
DeviceName = KPH_DEVICE_SHORT_NAME;
PhInitFormatS(&format[0], L"\\Device\\");
PhInitFormatS(&format[1], DeviceName);
if (!PhFormatToBuffer(format, 2, fullDeviceName, sizeof(fullDeviceName), NULL))
return STATUS_NAME_TOO_LONG;
// Try to open the device.
status = KphConnect(fullDeviceName);
if (NT_SUCCESS(status) || status == STATUS_ADDRESS_ALREADY_EXISTS)
return status;
if (
status != STATUS_NO_SUCH_DEVICE &&
status != STATUS_NO_SUCH_FILE &&
status != STATUS_OBJECT_NAME_NOT_FOUND &&
status != STATUS_OBJECT_PATH_NOT_FOUND
)
return status;
// Load the driver, and try again.
// Try to start the service, if it exists.
scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
if (scmHandle)
{
serviceHandle = OpenService(scmHandle, DeviceName, SERVICE_START);
if (serviceHandle)
{
if (StartService(serviceHandle, 0, NULL))
started = TRUE;
CloseServiceHandle(serviceHandle);
}
CloseServiceHandle(scmHandle);
}
if (!started && RtlDoesFileExists_U(FileName))
{
// Try to create the service.
scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
if (scmHandle)
{
serviceHandle = CreateService(
scmHandle,
DeviceName,
DeviceName,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
FileName,
NULL,
NULL,
NULL,
NULL,
L""
);
if (serviceHandle)
{
created = TRUE;
// Set parameters if the caller supplied them.
// Note that we fail the entire function if this fails,
// because failing to set parameters like SecurityLevel may
// result in security vulnerabilities.
if (Parameters)
{
status = KphSetParameters(DeviceName, Parameters);
if (!NT_SUCCESS(status))
{
// Delete the service and fail.
goto CreateAndConnectEnd;
}
}
if (StartService(serviceHandle, 0, NULL))
started = TRUE;
}
CloseServiceHandle(scmHandle);
}
}
if (started)
{
// Try to open the device again.
status = KphConnect(fullDeviceName);
}
CreateAndConnectEnd:
if (created)
{
// "Delete" the service. Since we (may) have a handle to
// the device, the SCM will delete the service automatically
// when it is stopped (upon reboot). If we don't have a
// handle to the device, the service will get deleted immediately,
// which is a good thing anyway.
DeleteService(serviceHandle);
CloseServiceHandle(serviceHandle);
}
return status;
}
