static INT_PTR CALLBACK PhpFindObjectsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhFindObjectsListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_FILTER),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_REGEX),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, lvHandle,
NULL, PH_ANCHOR_ALL);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 150;
MinimumSize.bottom = 100;
MapDialogRect(hwndDlg, &MinimumSize);
PhRegisterDialog(hwndDlg);
PhLoadWindowPlacementFromSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSetListViewStyle(lvHandle, TRUE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Process");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 100, L"Type");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Handle");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetSortFast(lvHandle, TRUE);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpObjectProcessCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpObjectTypeCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpObjectNameCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpObjectHandleCompareFunction);
PhLoadListViewColumnsFromSetting(L"FindObjListViewColumns", lvHandle);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_REGEX), PhGetIntegerSetting(L"FindObjRegex") ? BST_CHECKED : BST_UNCHECKED);
}
break;
case WM_DESTROY:
{
PhSetIntegerSetting(L"FindObjRegex", Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED);
PhSaveWindowPlacementToSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"FindObjListViewColumns", PhFindObjectsListViewHandle);
}
break;
case WM_SHOWWINDOW:
{
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_FILTER), TRUE);
Edit_SetSel(GetDlgItem(hwndDlg, IDC_FILTER), 0, -1);
}
break;
case WM_CLOSE:
{
ShowWindow(hwndDlg, SW_HIDE);
// IMPORTANT
// Set the result to 0 so the default dialog message
// handler doesn't invoke IDCANCEL, which will send
// WM_CLOSE, creating an infinite loop.
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0);
}
return TRUE;
case WM_SETCURSOR:
{
if (SearchThreadHandle)
{
SetCursor(LoadCursor(NULL, IDC_WAIT));
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, TRUE);
return TRUE;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDOK:
{
// Don't continue if the user requested cancellation.
if (SearchStop)
break;
if (!SearchThreadHandle)
{
ULONG i;
PhMoveReference(&SearchString, PhGetWindowText(GetDlgItem(hwndDlg, IDC_FILTER)));
if (SearchRegexCompiledExpression)
{
pcre2_code_free(SearchRegexCompiledExpression);
SearchRegexCompiledExpression = NULL;
}
if (SearchRegexMatchData)
{
pcre2_match_data_free(SearchRegexMatchData);
SearchRegexMatchData = NULL;
}
if (Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED)
{
int errorCode;
PCRE2_SIZE errorOffset;
SearchRegexCompiledExpression = pcre2_compile(
SearchString->Buffer,
SearchString->Length / sizeof(WCHAR),
PCRE2_CASELESS | PCRE2_DOTALL,
&errorCode,
&errorOffset,
NULL
);
if (!SearchRegexCompiledExpression)
{
PhShowError(hwndDlg, L"Unable to compile the regular expression: \"%s\" at position %zu.",
PhGetStringOrDefault(PH_AUTO(PhPcre2GetErrorMessage(errorCode)), L"Unknown error"),
errorOffset
);
break;
}
SearchRegexMatchData = pcre2_match_data_create_from_pattern(SearchRegexCompiledExpression, NULL);
}
// Clean up previous results.
ListView_DeleteAllItems(PhFindObjectsListViewHandle);
if (SearchResults)
{
for (i = 0; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
PhDereferenceObject(searchResult->TypeName);
PhDereferenceObject(searchResult->Name);
if (searchResult->ProcessName)
PhDereferenceObject(searchResult->ProcessName);
PhFree(searchResult);
}
PhDereferenceObject(SearchResults);
}
// Start the search.
SearchResults = PhCreateList(128);
SearchResultsAddIndex = 0;
SearchThreadHandle = PhCreateThread(0, PhpFindObjectsThreadStart, NULL);
if (!SearchThreadHandle)
{
PhClearReference(&SearchResults);
break;
}
SetDlgItemText(hwndDlg, IDOK, L"Cancel");
SetCursor(LoadCursor(NULL, IDC_WAIT));
}
else
{
SearchStop = TRUE;
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
}
break;
case IDCANCEL:
{
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
}
break;
case ID_OBJECT_CLOSE:
{
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
ULONG i;
PhGetSelectedListViewItemParams(
PhFindObjectsListViewHandle,
&results,
&numberOfResults
);
if (numberOfResults != 0 && PhShowConfirmMessage(
hwndDlg,
L"close",
numberOfResults == 1 ? L"the selected handle" : L"the selected handles",
L"Closing handles may cause system instability and data corruption.",
FALSE
))
{
for (i = 0; i < numberOfResults; i++)
{
NTSTATUS status;
HANDLE processHandle;
if (results[i]->ResultType != HandleSearchResult)
continue;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_DUP_HANDLE,
results[i]->ProcessId
)))
{
if (NT_SUCCESS(status = NtDuplicateObject(
processHandle,
results[i]->Handle,
NULL,
NULL,
0,
0,
DUPLICATE_CLOSE_SOURCE
)))
{
PhRemoveListViewItem(PhFindObjectsListViewHandle,
PhFindListViewItemByParam(PhFindObjectsListViewHandle, 0, results[i]));
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
{
if (!PhShowContinueStatus(hwndDlg,
PhaFormatString(L"Unable to close \"%s\"", results[i]->Name->Buffer)->Buffer,
status,
0
))
break;
}
}
}
PhFree(results);
}
break;
case ID_HANDLE_OBJECTPROPERTIES1:
case ID_HANDLE_OBJECTPROPERTIES2:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PH_HANDLE_ITEM_INFO info;
info.ProcessId = result->ProcessId;
info.Handle = result->Handle;
info.TypeName = result->TypeName;
info.BestObjectName = result->Name;
if (LOWORD(wParam) == ID_HANDLE_OBJECTPROPERTIES1)
PhShowHandleObjectProperties1(hwndDlg, &info);
else
PhShowHandleObjectProperties2(hwndDlg, &info);
}
}
break;
case ID_OBJECT_GOTOOWNINGPROCESS:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PPH_PROCESS_NODE processNode;
if (processNode = PhFindProcessNode(result->ProcessId))
{
ProcessHacker_SelectTabPage(PhMainWndHandle, 0);
ProcessHacker_SelectProcessNode(PhMainWndHandle, processNode);
ProcessHacker_ToggleVisible(PhMainWndHandle, TRUE);
}
}
}
break;
case ID_OBJECT_PROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
if (result->ResultType == HandleSearchResult)
{
PPH_HANDLE_ITEM handleItem;
handleItem = PhCreateHandleItem(&result->Info);
handleItem->BestObjectName = handleItem->ObjectName = result->Name;
PhReferenceObjectEx(result->Name, 2);
handleItem->TypeName = result->TypeName;
PhReferenceObject(result->TypeName);
PhShowHandleProperties(
hwndDlg,
result->ProcessId,
handleItem
);
PhDereferenceObject(handleItem);
}
else
{
// DLL or Mapped File. Just show file properties.
PhShellProperties(hwndDlg, result->Name->Buffer);
}
}
}
break;
case ID_OBJECT_COPY:
{
PhCopyListView(PhFindObjectsListViewHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_PROPERTIES, 0);
}
}
break;
case LVN_KEYDOWN:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
LPNMLVKEYDOWN keyDown = (LPNMLVKEYDOWN)header;
switch (keyDown->wVKey)
{
case 'C':
if (GetKeyState(VK_CONTROL) < 0)
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_COPY, 0);
break;
case 'A':
if (GetKeyState(VK_CONTROL) < 0)
PhSetStateAllListViewItems(PhFindObjectsListViewHandle, LVIS_SELECTED, LVIS_SELECTED);
break;
case VK_DELETE:
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_CLOSE, 0);
break;
}
}
}
break;
}
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == PhFindObjectsListViewHandle)
{
POINT point;
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
PhGetSelectedListViewItemParams(PhFindObjectsListViewHandle, &results, &numberOfResults);
if (numberOfResults != 0)
{
PPH_EMENU menu;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_FINDOBJ), 0);
PhSetFlagsEMenuItem(menu, ID_OBJECT_PROPERTIES, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT);
PhpInitializeFindObjMenu(menu, results, numberOfResults);
PhShowEMenu(
menu,
hwndDlg,
PH_EMENU_SHOW_SEND_COMMAND | PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
point.x,
point.y
);
PhDestroyEMenu(menu);
}
PhFree(results);
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_SEARCH_UPDATE:
{
HWND lvHandle;
ULONG i;
lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
ExtendedListView_SetRedraw(lvHandle, FALSE);
PhAcquireQueuedLockExclusive(&SearchResultsLock);
for (i = SearchResultsAddIndex; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
CLIENT_ID clientId;
PPH_PROCESS_ITEM processItem;
PPH_STRING clientIdName;
INT lvItemIndex;
clientId.UniqueProcess = searchResult->ProcessId;
clientId.UniqueThread = NULL;
processItem = PhReferenceProcessItem(clientId.UniqueProcess);
clientIdName = PhGetClientIdNameEx(&clientId, processItem ? processItem->ProcessName : NULL);
lvItemIndex = PhAddListViewItem(
lvHandle,
MAXINT,
clientIdName->Buffer,
searchResult
);
PhDereferenceObject(clientIdName);
if (processItem)
{
PhSetReference(&searchResult->ProcessName, processItem->ProcessName);
PhDereferenceObject(processItem);
}
else
{
searchResult->ProcessName = NULL;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, searchResult->TypeName->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, searchResult->Name->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, searchResult->HandleString);
}
SearchResultsAddIndex = i;
PhReleaseQueuedLockExclusive(&SearchResultsLock);
ExtendedListView_SetRedraw(lvHandle, TRUE);
}
break;
case WM_PH_SEARCH_FINISHED:
{
NTSTATUS handleSearchStatus = (NTSTATUS)wParam;
// Add any un-added items.
SendMessage(hwndDlg, WM_PH_SEARCH_UPDATE, 0, 0);
NtWaitForSingleObject(SearchThreadHandle, FALSE, NULL);
NtClose(SearchThreadHandle);
SearchThreadHandle = NULL;
SearchStop = FALSE;
ExtendedListView_SortItems(GetDlgItem(hwndDlg, IDC_RESULTS));
SetDlgItemText(hwndDlg, IDOK, L"Find");
EnableWindow(GetDlgItem(hwndDlg, IDOK), TRUE);
SetCursor(LoadCursor(NULL, IDC_ARROW));
if (handleSearchStatus == STATUS_INSUFFICIENT_RESOURCES)
{
PhShowWarning(
hwndDlg,
L"Unable to search for handles because the total number of handles on the system is too large. "
L"Please check if there are any processes with an extremely large number of handles open."
);
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpLogDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
ListViewHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhSetListViewStyle(ListViewHandle, FALSE, TRUE);
PhSetControlTheme(ListViewHandle, L"explorer");
PhAddListViewColumn(ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 140, L"Time");
PhAddListViewColumn(ListViewHandle, 1, 1, 1, LVCFMT_LEFT, 260, L"Message");
PhLoadListViewColumnsFromSetting(L"LogListViewColumns", ListViewHandle);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_COPY), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_SAVE), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_AUTOSCROLL), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_CLEAR), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 290;
MinimumSize.bottom = 150;
MapDialogRect(hwndDlg, &MinimumSize);
PhLoadWindowPlacementFromSetting(L"LogWindowPosition", L"LogWindowSize", hwndDlg);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_AUTOSCROLL), BST_CHECKED);
PhRegisterCallback(&PhLoggedCallback, LoggedCallback, NULL, &LoggedRegistration);
PhpUpdateLogList();
ListView_EnsureVisible(ListViewHandle, ListViewCount - 1, FALSE);
}
break;
case WM_DESTROY:
{
PhSaveListViewColumnsToSetting(L"LogListViewColumns", ListViewHandle);
PhSaveWindowPlacementToSetting(L"LogWindowPosition", L"LogWindowSize", hwndDlg);
PhDeleteLayoutManager(&WindowLayoutManager);
PhUnregisterCallback(&PhLoggedCallback, &LoggedRegistration);
PhUnregisterDialog(PhLogWindowHandle);
PhLogWindowHandle = NULL;
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_CLEAR:
{
PhClearLogEntries();
PhpUpdateLogList();
}
break;
case IDC_COPY:
{
PPH_STRING string;
ULONG selectedCount;
selectedCount = ListView_GetSelectedCount(ListViewHandle);
if (selectedCount == 0)
{
// User didn't select anything, so copy all items.
string = PhpGetStringForSelectedLogEntries(TRUE);
PhSetStateAllListViewItems(ListViewHandle, LVIS_SELECTED, LVIS_SELECTED);
}
else
{
string = PhpGetStringForSelectedLogEntries(FALSE);
}
PhSetClipboardStringEx(hwndDlg, string->Buffer, string->Length);
PhDereferenceObject(string);
SetFocus(ListViewHandle);
}
break;
case IDC_SAVE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Text files (*.txt)", L"*.txt" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, L"Process Hacker Log.txt");
if (PhShowFileDialog(hwndDlg, fileDialog))
{
NTSTATUS status;
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
PPH_STRING string;
fileName = PhGetFileDialogFileName(fileDialog);
PhaDereferenceObject(fileName);
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
PhWritePhTextHeader(fileStream);
string = PhpGetStringForSelectedLogEntries(TRUE);
PhWriteStringAsAnsiFileStreamEx(fileStream, string->Buffer, string->Length);
PhDereferenceObject(string);
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_GETDISPINFO:
{
NMLVDISPINFO *dispInfo = (NMLVDISPINFO *)header;
PPH_LOG_ENTRY entry;
entry = PhGetItemCircularBuffer_PVOID(&PhLogBuffer, ListViewCount - dispInfo->item.iItem - 1);
if (dispInfo->item.iSubItem == 0)
{
if (dispInfo->item.mask & LVIF_TEXT)
{
SYSTEMTIME systemTime;
PPH_STRING dateTime;
PhLargeIntegerToLocalSystemTime(&systemTime, &entry->Time);
dateTime = PhFormatDateTime(&systemTime);
wcsncpy_s(dispInfo->item.pszText, dispInfo->item.cchTextMax, dateTime->Buffer, _TRUNCATE);
PhDereferenceObject(dateTime);
}
}
else if (dispInfo->item.iSubItem == 1)
{
if (dispInfo->item.mask & LVIF_TEXT)
{
PPH_STRING string;
string = PhFormatLogEntry(entry);
wcsncpy_s(dispInfo->item.pszText, dispInfo->item.cchTextMax, string->Buffer, _TRUNCATE);
PhDereferenceObject(string);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_LOG_UPDATED:
{
PhpUpdateLogList();
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpMemoryResultsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PMEMORY_RESULTS_CONTEXT context;
if (uMsg != WM_INITDIALOG)
{
context = GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PMEMORY_RESULTS_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhRegisterDialog(hwndDlg);
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItem(context->ProcessId))
{
SetWindowText(hwndDlg, PhaFormatString(L"Results - %s (%u)",
processItem->ProcessName->Buffer, HandleToUlong(processItem->ProcessId))->Buffer);
PhDereferenceObject(processItem);
}
}
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 120, L"Address");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 80, L"Length");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Result");
PhLoadListViewColumnsFromSetting(L"MemResultsListViewColumns", lvHandle);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_COPY), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_SAVE), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_FILTER), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 250;
rect.bottom = 180;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
ListView_SetItemCount(lvHandle, context->Results->Count);
SetDlgItemText(hwndDlg, IDC_INTRO, PhaFormatString(L"%s results.",
PhaFormatUInt64(context->Results->Count, TRUE)->Buffer)->Buffer);
{
PH_RECTANGLE windowRectangle;
windowRectangle.Position = PhGetIntegerPairSetting(L"MemResultsPosition");
windowRectangle.Size = PhGetIntegerPairSetting(L"MemResultsSize");
PhAdjustRectangleToWorkingArea(hwndDlg, &windowRectangle);
MoveWindow(hwndDlg, windowRectangle.Left, windowRectangle.Top,
windowRectangle.Width, windowRectangle.Height, FALSE);
// Implement cascading by saving an offsetted rectangle.
windowRectangle.Left += 20;
windowRectangle.Top += 20;
PhSetIntegerPairSetting(L"MemResultsPosition", windowRectangle.Position);
PhSetIntegerPairSetting(L"MemResultsSize", windowRectangle.Size);
}
}
break;
case WM_DESTROY:
{
PhSaveWindowPlacementToSetting(L"MemResultsPosition", L"MemResultsSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"MemResultsListViewColumns", GetDlgItem(hwndDlg, IDC_LIST));
PhDeleteLayoutManager(&context->LayoutManager);
PhUnregisterDialog(hwndDlg);
RemoveProp(hwndDlg, PhMakeContextAtom());
PhDereferenceMemoryResults((PPH_MEMORY_RESULT *)context->Results->Items, context->Results->Count);
PhDereferenceObject(context->Results);
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_COPY:
{
HWND lvHandle;
PPH_STRING string;
ULONG selectedCount;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
selectedCount = ListView_GetSelectedCount(lvHandle);
if (selectedCount == 0)
{
// User didn't select anything, so copy all items.
string = PhpGetStringForSelectedResults(lvHandle, context->Results, TRUE);
PhSetStateAllListViewItems(lvHandle, LVIS_SELECTED, LVIS_SELECTED);
}
else
{
string = PhpGetStringForSelectedResults(lvHandle, context->Results, FALSE);
}
PhSetClipboardString(hwndDlg, &string->sr);
PhDereferenceObject(string);
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)lvHandle, TRUE);
}
break;
case IDC_SAVE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Text files (*.txt)", L"*.txt" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, L"Search Results.txt");
if (PhShowFileDialog(hwndDlg, fileDialog))
{
NTSTATUS status;
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
PPH_STRING string;
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
PhWriteStringAsUtf8FileStream(fileStream, &PhUnicodeByteOrderMark);
PhWritePhTextHeader(fileStream);
string = PhpGetStringForSelectedResults(GetDlgItem(hwndDlg, IDC_LIST), context->Results, TRUE);
PhWriteStringAsUtf8FileStreamEx(fileStream, string->Buffer, string->Length);
PhDereferenceObject(string);
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
break;
case IDC_FILTER:
{
PPH_EMENU menu;
RECT buttonRect;
POINT point;
PPH_EMENU_ITEM selectedItem;
ULONG filterType = 0;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_MEMFILTER), 0);
GetClientRect(GetDlgItem(hwndDlg, IDC_FILTER), &buttonRect);
point.x = 0;
point.y = buttonRect.bottom;
ClientToScreen(GetDlgItem(hwndDlg, IDC_FILTER), &point);
selectedItem = PhShowEMenu(menu, hwndDlg, PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP, point.x, point.y);
if (selectedItem)
{
switch (selectedItem->Id)
{
case ID_FILTER_CONTAINS:
filterType = FILTER_CONTAINS;
break;
case ID_FILTER_CONTAINS_CASEINSENSITIVE:
filterType = FILTER_CONTAINS_IGNORECASE;
break;
case ID_FILTER_REGEX:
filterType = FILTER_REGEX;
break;
case ID_FILTER_REGEX_CASEINSENSITIVE:
filterType = FILTER_REGEX_IGNORECASE;
break;
}
}
if (filterType != 0)
FilterResults(hwndDlg, context, filterType);
PhDestroyEMenu(menu);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
HWND lvHandle;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhHandleListViewNotifyForCopy(lParam, lvHandle);
switch (header->code)
{
case LVN_GETDISPINFO:
{
NMLVDISPINFO *dispInfo = (NMLVDISPINFO *)header;
if (dispInfo->item.mask & LVIF_TEXT)
{
PPH_MEMORY_RESULT result = context->Results->Items[dispInfo->item.iItem];
switch (dispInfo->item.iSubItem)
{
case 0:
{
WCHAR addressString[PH_PTR_STR_LEN_1];
PhPrintPointer(addressString, result->Address);
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
addressString,
_TRUNCATE
);
}
break;
case 1:
{
WCHAR lengthString[PH_INT32_STR_LEN_1];
PhPrintUInt32(lengthString, (ULONG)result->Length);
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
lengthString,
_TRUNCATE
);
}
break;
case 2:
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
result->Display.Buffer,
_TRUNCATE
);
break;
}
}
}
break;
case NM_DBLCLK:
{
if (header->hwndFrom == lvHandle)
{
INT index;
if ((index = ListView_GetNextItem(
lvHandle,
-1,
LVNI_SELECTED
)) != -1)
{
NTSTATUS status;
PPH_MEMORY_RESULT result = context->Results->Items[index];
HANDLE processHandle;
MEMORY_BASIC_INFORMATION basicInfo;
PPH_SHOWMEMORYEDITOR showMemoryEditor;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
context->ProcessId
)))
{
if (NT_SUCCESS(status = NtQueryVirtualMemory(
processHandle,
result->Address,
MemoryBasicInformation,
&basicInfo,
sizeof(MEMORY_BASIC_INFORMATION),
NULL
)))
{
showMemoryEditor = PhAllocate(sizeof(PH_SHOWMEMORYEDITOR));
memset(showMemoryEditor, 0, sizeof(PH_SHOWMEMORYEDITOR));
showMemoryEditor->ProcessId = context->ProcessId;
showMemoryEditor->BaseAddress = basicInfo.BaseAddress;
showMemoryEditor->RegionSize = basicInfo.RegionSize;
showMemoryEditor->SelectOffset = (ULONG)((ULONG_PTR)result->Address - (ULONG_PTR)basicInfo.BaseAddress);
showMemoryEditor->SelectLength = (ULONG)result->Length;
ProcessHacker_ShowMemoryEditor(PhMainWndHandle, showMemoryEditor);
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to edit memory", status, 0);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&context->LayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpMemoryEditorDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PMEMORY_EDITOR_CONTEXT context;
if (uMsg != WM_INITDIALOG)
{
context = GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PMEMORY_EDITOR_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
NTSTATUS status;
if (context->Title)
{
SetWindowText(hwndDlg, context->Title->Buffer);
}
else
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItem(context->ProcessId))
{
SetWindowText(hwndDlg, PhaFormatString(L"%s (%u) (0x%Ix - 0x%Ix)",
processItem->ProcessName->Buffer, HandleToUlong(context->ProcessId),
context->BaseAddress, (ULONG_PTR)context->BaseAddress + context->RegionSize)->Buffer);
PhDereferenceObject(processItem);
}
}
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
if (context->RegionSize > 1024 * 1024 * 1024) // 1 GB
{
PhShowError(NULL, L"Unable to edit the memory region because it is too large.");
return TRUE;
}
if (!NT_SUCCESS(status = PhOpenProcess(
&context->ProcessHandle,
PROCESS_VM_READ,
context->ProcessId
)))
{
PhShowStatus(NULL, L"Unable to open the process", status, 0);
return TRUE;
}
context->Buffer = PhAllocatePage(context->RegionSize, NULL);
if (!context->Buffer)
{
PhShowError(NULL, L"Unable to allocate memory for the buffer.");
return TRUE;
}
if (!NT_SUCCESS(status = PhReadVirtualMemory(
context->ProcessHandle,
context->BaseAddress,
context->Buffer,
context->RegionSize,
NULL
)))
{
PhShowStatus(PhMainWndHandle, L"Unable to read memory", status, 0);
return TRUE;
}
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_SAVE), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_BYTESPERROW), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_GOTO), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_WRITE), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_REREAD), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 290;
rect.bottom = 140;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
context->HexEditHandle = GetDlgItem(hwndDlg, IDC_MEMORY);
PhAddLayoutItem(&context->LayoutManager, context->HexEditHandle, NULL, PH_ANCHOR_ALL);
HexEdit_SetBuffer(context->HexEditHandle, context->Buffer, (ULONG)context->RegionSize);
{
PH_RECTANGLE windowRectangle;
windowRectangle.Position = PhGetIntegerPairSetting(L"MemEditPosition");
windowRectangle.Size = PhGetScalableIntegerPairSetting(L"MemEditSize", TRUE).Pair;
PhAdjustRectangleToWorkingArea(NULL, &windowRectangle);
MoveWindow(hwndDlg, windowRectangle.Left, windowRectangle.Top,
windowRectangle.Width, windowRectangle.Height, FALSE);
// Implement cascading by saving an offsetted rectangle.
windowRectangle.Left += 20;
windowRectangle.Top += 20;
PhSetIntegerPairSetting(L"MemEditPosition", windowRectangle.Position);
PhSetScalableIntegerPairSetting2(L"MemEditSize", windowRectangle.Size);
}
{
PWSTR bytesPerRowStrings[7];
ULONG i;
ULONG bytesPerRow;
for (i = 0; i < sizeof(bytesPerRowStrings) / sizeof(PWSTR); i++)
bytesPerRowStrings[i] = PhaFormatString(L"%u bytes per row", 1 << (2 + i))->Buffer;
PhAddComboBoxStrings(GetDlgItem(hwndDlg, IDC_BYTESPERROW),
bytesPerRowStrings, sizeof(bytesPerRowStrings) / sizeof(PWSTR));
bytesPerRow = PhGetIntegerSetting(L"MemEditBytesPerRow");
if (bytesPerRow >= 4)
{
HexEdit_SetBytesPerRow(context->HexEditHandle, bytesPerRow);
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_BYTESPERROW),
PhaFormatString(L"%u bytes per row", bytesPerRow)->Buffer, FALSE);
}
}
context->LoadCompleted = TRUE;
}
break;
case WM_DESTROY:
{
if (context->LoadCompleted)
{
PhSaveWindowPlacementToSetting(L"MemEditPosition", L"MemEditSize", hwndDlg);
PhRemoveElementAvlTree(&PhMemoryEditorSet, &context->Links);
PhUnregisterDialog(hwndDlg);
}
RemoveProp(hwndDlg, PhMakeContextAtom());
PhDeleteLayoutManager(&context->LayoutManager);
if (context->Buffer) PhFreePage(context->Buffer);
if (context->ProcessHandle) NtClose(context->ProcessHandle);
PhClearReference(&context->Title);
if ((context->Flags & PH_MEMORY_EDITOR_UNMAP_VIEW_OF_SECTION) && context->ProcessId == NtCurrentProcessId())
NtUnmapViewOfSection(NtCurrentProcess(), context->BaseAddress);
PhFree(context);
}
break;
case WM_SHOWWINDOW:
{
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)context->HexEditHandle, TRUE);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_SAVE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Binary files (*.bin)", L"*.bin" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
PPH_PROCESS_ITEM processItem;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
if (!context->Title && (processItem = PhReferenceProcessItem(context->ProcessId)))
{
PhSetFileDialogFileName(fileDialog,
PhaFormatString(L"%s_0x%Ix-0x%Ix.bin", processItem->ProcessName->Buffer,
context->BaseAddress, context->RegionSize)->Buffer);
PhDereferenceObject(processItem);
}
else
{
PhSetFileDialogFileName(fileDialog, L"Memory.bin");
}
if (PhShowFileDialog(hwndDlg, fileDialog))
{
NTSTATUS status;
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
status = PhWriteFileStream(fileStream, context->Buffer, (ULONG)context->RegionSize);
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
break;
case IDC_GOTO:
{
PPH_STRING selectedChoice = NULL;
while (PhaChoiceDialog(
hwndDlg,
L"Go to Offset",
L"Enter an offset:",
NULL,
0,
NULL,
PH_CHOICE_DIALOG_USER_CHOICE,
&selectedChoice,
NULL,
L"MemEditGotoChoices"
))
{
ULONG64 offset;
if (selectedChoice->Length == 0)
continue;
if (PhStringToInteger64(&selectedChoice->sr, 0, &offset))
{
if (offset >= context->RegionSize)
{
PhShowError(hwndDlg, L"The offset is too large.");
continue;
}
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)context->HexEditHandle, TRUE);
HexEdit_SetSel(context->HexEditHandle, (LONG)offset, (LONG)offset);
break;
}
}
}
break;
case IDC_WRITE:
{
NTSTATUS status;
if (!context->WriteAccess)
{
HANDLE processHandle;
if (!NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_VM_READ | PROCESS_VM_WRITE,
context->ProcessId
)))
{
PhShowStatus(hwndDlg, L"Unable to open the process", status, 0);
break;
}
if (context->ProcessHandle) NtClose(context->ProcessHandle);
context->ProcessHandle = processHandle;
context->WriteAccess = TRUE;
}
if (!NT_SUCCESS(status = PhWriteVirtualMemory(
context->ProcessHandle,
context->BaseAddress,
context->Buffer,
context->RegionSize,
NULL
)))
{
PhShowStatus(hwndDlg, L"Unable to write memory", status, 0);
}
}
break;
case IDC_REREAD:
{
NTSTATUS status;
if (!NT_SUCCESS(status = PhReadVirtualMemory(
context->ProcessHandle,
context->BaseAddress,
context->Buffer,
context->RegionSize,
NULL
)))
{
PhShowStatus(hwndDlg, L"Unable to read memory", status, 0);
}
InvalidateRect(context->HexEditHandle, NULL, TRUE);
}
break;
case IDC_BYTESPERROW:
if (HIWORD(wParam) == CBN_SELCHANGE)
{
PPH_STRING bytesPerRowString = PhaGetDlgItemText(hwndDlg, IDC_BYTESPERROW);
PH_STRINGREF firstPart;
PH_STRINGREF secondPart;
ULONG64 bytesPerRow64;
if (PhSplitStringRefAtChar(&bytesPerRowString->sr, ' ', &firstPart, &secondPart))
{
if (PhStringToInteger64(&firstPart, 10, &bytesPerRow64))
{
PhSetIntegerSetting(L"MemEditBytesPerRow", (ULONG)bytesPerRow64);
HexEdit_SetBytesPerRow(context->HexEditHandle, (ULONG)bytesPerRow64);
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)context->HexEditHandle, TRUE);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&context->LayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_SELECT_OFFSET:
{
HexEdit_SetEditMode(context->HexEditHandle, EDIT_ASCII);
HexEdit_SetSel(context->HexEditHandle, (ULONG)wParam, (ULONG)wParam + (ULONG)lParam);
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpInformationDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PWSTR string = (PWSTR)lParam;
PPH_LAYOUT_MANAGER layoutManager;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
SetDlgItemText(hwndDlg, IDC_TEXT, string);
layoutManager = PhAllocate(sizeof(PH_LAYOUT_MANAGER));
PhInitializeLayoutManager(layoutManager, hwndDlg);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_TEXT), NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDOK), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_COPY), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_SAVE), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 200;
rect.bottom = 140;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
SetProp(hwndDlg, L"LayoutManager", (HANDLE)layoutManager);
SetProp(hwndDlg, L"String", (HANDLE)string);
}
break;
case WM_DESTROY:
{
PPH_LAYOUT_MANAGER layoutManager;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhDeleteLayoutManager(layoutManager);
PhFree(layoutManager);
RemoveProp(hwndDlg, L"String");
RemoveProp(hwndDlg, L"LayoutManager");
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
case IDC_COPY:
{
HWND editControl;
LONG selStart;
LONG selEnd;
PWSTR buffer;
PH_STRINGREF string;
editControl = GetDlgItem(hwndDlg, IDC_TEXT);
SendMessage(editControl, EM_GETSEL, (WPARAM)&selStart, (LPARAM)&selEnd);
buffer = (PWSTR)GetProp(hwndDlg, L"String");
if (selStart == selEnd)
{
// Select and copy the entire string.
PhInitializeStringRefLongHint(&string, buffer);
Edit_SetSel(editControl, 0, -1);
}
else
{
string.Buffer = buffer + selStart;
string.Length = (selEnd - selStart) * 2;
}
PhSetClipboardString(hwndDlg, &string);
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)editControl, TRUE);
}
break;
case IDC_SAVE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Text files (*.txt)", L"*.txt" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, L"Information.txt");
if (PhShowFileDialog(hwndDlg, fileDialog))
{
NTSTATUS status;
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
fileName = PhGetFileDialogFileName(fileDialog);
PhAutoDereferenceObject(fileName);
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
PH_STRINGREF string;
PhWriteStringAsUtf8FileStream(fileStream, &PhUnicodeByteOrderMark);
PhInitializeStringRef(&string, (PWSTR)GetProp(hwndDlg, L"String"));
PhWriteStringAsUtf8FileStream(fileStream, &string);
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
break;
}
}
break;
case WM_SIZE:
{
PPH_LAYOUT_MANAGER layoutManager;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhLayoutManagerLayout(layoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpFindObjectsDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhFindObjectsListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_FILTER),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, lvHandle,
NULL, PH_ANCHOR_ALL);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 150;
MinimumSize.bottom = 100;
MapDialogRect(hwndDlg, &MinimumSize);
PhRegisterDialog(hwndDlg);
PhLoadWindowPlacementFromSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSetListViewStyle(lvHandle, TRUE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Process");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 100, L"Type");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Handle");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetSortFast(lvHandle, TRUE);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpObjectProcessCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpObjectTypeCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpObjectNameCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpObjectHandleCompareFunction);
PhLoadListViewColumnsFromSetting(L"FindObjListViewColumns", lvHandle);
}
break;
case WM_DESTROY:
{
PhSaveWindowPlacementToSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"FindObjListViewColumns", PhFindObjectsListViewHandle);
}
break;
case WM_SHOWWINDOW:
{
SetFocus(GetDlgItem(hwndDlg, IDC_FILTER));
Edit_SetSel(GetDlgItem(hwndDlg, IDC_FILTER), 0, -1);
}
break;
case WM_CLOSE:
{
ShowWindow(hwndDlg, SW_HIDE);
// IMPORTANT
// Set the result to 0 so the default dialog message
// handler doesn't invoke IDCANCEL, which will send
// WM_CLOSE, creating an infinite loop.
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0);
}
return TRUE;
case WM_SETCURSOR:
{
if (SearchThreadHandle)
{
SetCursor(LoadCursor(NULL, IDC_WAIT));
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, TRUE);
return TRUE;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDOK:
{
// Don't continue if the user requested cancellation.
if (SearchStop)
break;
if (!SearchThreadHandle)
{
ULONG i;
// Cleanup previous results.
ListView_DeleteAllItems(PhFindObjectsListViewHandle);
if (SearchResults)
{
for (i = 0; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
PhDereferenceObject(searchResult->TypeName);
PhDereferenceObject(searchResult->Name);
if (searchResult->ProcessName)
PhDereferenceObject(searchResult->ProcessName);
PhFree(searchResult);
}
PhDereferenceObject(SearchResults);
}
// Start the search.
SearchString = PhGetWindowText(GetDlgItem(hwndDlg, IDC_FILTER));
SearchResults = PhCreateList(128);
SearchResultsAddIndex = 0;
SearchThreadHandle = PhCreateThread(0, PhpFindObjectsThreadStart, NULL);
if (!SearchThreadHandle)
break;
SetDlgItemText(hwndDlg, IDOK, L"Cancel");
SetCursor(LoadCursor(NULL, IDC_WAIT));
}
else
{
SearchStop = TRUE;
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
}
break;
case IDCANCEL:
{
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
}
break;
case ID_OBJECT_CLOSE:
{
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
ULONG i;
PhGetSelectedListViewItemParams(
PhFindObjectsListViewHandle,
&results,
&numberOfResults
);
if (numberOfResults != 0 && PhShowConfirmMessage(
hwndDlg,
L"close",
numberOfResults == 1 ? L"the selected handle" : L"the selected handles",
L"Closing handles may cause system instability and data corruption.",
FALSE
))
{
for (i = 0; i < numberOfResults; i++)
{
NTSTATUS status;
HANDLE processHandle;
if (results[i]->ResultType != HandleSearchResult)
continue;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_DUP_HANDLE,
results[i]->ProcessId
)))
{
if (NT_SUCCESS(status = PhDuplicateObject(
processHandle,
results[i]->Handle,
NULL,
NULL,
0,
0,
DUPLICATE_CLOSE_SOURCE
)))
{
PhRemoveListViewItem(PhFindObjectsListViewHandle,
PhFindListViewItemByParam(PhFindObjectsListViewHandle, 0, results[i]));
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
{
if (!PhShowContinueStatus(hwndDlg,
PhaFormatString(L"Unable to close \"%s\"", results[i]->Name->Buffer)->Buffer,
status,
0
))
break;
}
}
}
PhFree(results);
}
break;
case ID_OBJECT_PROCESSPROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItem(result->ProcessId))
{
ProcessHacker_ShowProcessProperties(PhMainWndHandle, processItem);
PhDereferenceObject(processItem);
}
}
}
break;
case ID_OBJECT_PROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
if (result->ResultType == HandleSearchResult)
{
PPH_HANDLE_ITEM handleItem;
handleItem = PhCreateHandleItem(&result->Info);
handleItem->BestObjectName = handleItem->ObjectName = result->Name;
PhReferenceObjectEx(result->Name, 2);
handleItem->TypeName = result->TypeName;
PhReferenceObject(result->TypeName);
PhShowHandleProperties(
hwndDlg,
result->ProcessId,
handleItem
);
PhDereferenceObject(handleItem);
}
else
{
// DLL or Mapped File. Just show file properties.
PhShellProperties(hwndDlg, result->Name->Buffer);
}
}
}
break;
case ID_OBJECT_COPY:
{
PhCopyListView(PhFindObjectsListViewHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_PROPERTIES, 0);
}
}
break;
case LVN_KEYDOWN:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
LPNMLVKEYDOWN keyDown = (LPNMLVKEYDOWN)header;
switch (keyDown->wVKey)
{
case 'C':
if (GetKeyState(VK_CONTROL) < 0)
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_COPY, 0);
break;
case VK_DELETE:
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_CLOSE, 0);
break;
}
}
}
break;
}
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == PhFindObjectsListViewHandle)
{
POINT point;
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
PhGetSelectedListViewItemParams(PhFindObjectsListViewHandle, &results, &numberOfResults);
if (numberOfResults != 0)
{
HMENU menu;
HMENU subMenu;
menu = LoadMenu(PhInstanceHandle, MAKEINTRESOURCE(IDR_FINDOBJ));
subMenu = GetSubMenu(menu, 0);
SetMenuDefaultItem(subMenu, ID_OBJECT_PROPERTIES, FALSE);
PhpInitializeFindObjMenu(
subMenu,
results,
numberOfResults
);
PhShowContextMenu(
hwndDlg,
PhFindObjectsListViewHandle,
subMenu,
point
);
DestroyMenu(menu);
}
PhFree(results);
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_SEARCH_UPDATE:
{
HWND lvHandle;
ULONG i;
lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
ExtendedListView_SetRedraw(lvHandle, FALSE);
PhAcquireQueuedLockExclusive(&SearchResultsLock);
for (i = SearchResultsAddIndex; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
CLIENT_ID clientId;
PPH_PROCESS_ITEM processItem;
PPH_STRING clientIdName;
INT lvItemIndex;
clientId.UniqueProcess = searchResult->ProcessId;
clientId.UniqueThread = NULL;
processItem = PhReferenceProcessItem(clientId.UniqueProcess);
clientIdName = PhGetClientIdNameEx(&clientId, processItem ? processItem->ProcessName : NULL);
lvItemIndex = PhAddListViewItem(
lvHandle,
MAXINT,
clientIdName->Buffer,
searchResult
);
PhDereferenceObject(clientIdName);
if (processItem)
{
searchResult->ProcessName = processItem->ProcessName;
PhReferenceObject(searchResult->ProcessName);
PhDereferenceObject(processItem);
}
else
{
searchResult->ProcessName = NULL;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, searchResult->TypeName->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, searchResult->Name->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, searchResult->HandleString);
}
SearchResultsAddIndex = i;
PhReleaseQueuedLockExclusive(&SearchResultsLock);
ExtendedListView_SetRedraw(lvHandle, TRUE);
}
break;
case WM_PH_SEARCH_FINISHED:
{
// Add any un-added items.
SendMessage(hwndDlg, WM_PH_SEARCH_UPDATE, 0, 0);
PhDereferenceObject(SearchString);
NtWaitForSingleObject(SearchThreadHandle, FALSE, NULL);
NtClose(SearchThreadHandle);
SearchThreadHandle = NULL;
SearchStop = FALSE;
ExtendedListView_SortItems(GetDlgItem(hwndDlg, IDC_RESULTS));
SetDlgItemText(hwndDlg, IDOK, L"Find");
EnableWindow(GetDlgItem(hwndDlg, IDOK), TRUE);
SetCursor(LoadCursor(NULL, IDC_ARROW));
}
break;
}
return FALSE;
}
INT_PTR CALLBACK WepWindowsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PWINDOWS_CONTEXT context;
if (uMsg == WM_INITDIALOG)
{
context = (PWINDOWS_CONTEXT)lParam;
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PWINDOWS_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
RemoveProp(hwndDlg, L"Context");
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
PPH_STRING windowTitle;
PH_RECTANGLE windowRectangle;
context->TreeNewHandle = GetDlgItem(hwndDlg, IDC_LIST);
WeInitializeWindowTree(hwndDlg, context->TreeNewHandle, &context->TreeContext);
PhRegisterDialog(hwndDlg);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL, PH_ANCHOR_ALL);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 160;
rect.bottom = 100;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
// Set up the window position and size.
windowRectangle.Position = PhGetIntegerPairSetting(SETTING_NAME_WINDOWS_WINDOW_POSITION);
windowRectangle.Size = PhGetIntegerPairSetting(SETTING_NAME_WINDOWS_WINDOW_SIZE);
PhAdjustRectangleToWorkingArea(hwndDlg, &windowRectangle);
MoveWindow(hwndDlg, windowRectangle.Left, windowRectangle.Top,
windowRectangle.Width, windowRectangle.Height, FALSE);
// Implement cascading by saving an offsetted rectangle.
windowRectangle.Left += 20;
windowRectangle.Top += 20;
PhSetIntegerPairSetting(SETTING_NAME_WINDOWS_WINDOW_POSITION, windowRectangle.Position);
windowTitle = WepGetWindowTitleForSelector(&context->Selector);
SetWindowText(hwndDlg, windowTitle->Buffer);
PhDereferenceObject(windowTitle);
WepRefreshWindows(context);
}
break;
case WM_DESTROY:
{
PhSaveWindowPlacementToSetting(SETTING_NAME_WINDOWS_WINDOW_POSITION, SETTING_NAME_WINDOWS_WINDOW_SIZE, hwndDlg);
PhDeleteLayoutManager(&context->LayoutManager);
PhUnregisterDialog(hwndDlg);
WeDeleteWindowTree(&context->TreeContext);
WepDeleteWindowSelector(&context->Selector);
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
//case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_REFRESH:
WepRefreshWindows(context);
break;
case ID_SHOWCONTEXTMENU:
{
POINT point;
PWE_WINDOW_NODE *windows;
ULONG numberOfWindows;
HMENU menu;
HMENU subMenu;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
WeGetSelectedWindowNodes(
&context->TreeContext,
&windows,
&numberOfWindows
);
if (numberOfWindows != 0)
{
menu = LoadMenu(PluginInstance->DllBase, MAKEINTRESOURCE(IDR_WINDOW));
subMenu = GetSubMenu(menu, 0);
SetMenuDefaultItem(subMenu, ID_WINDOW_PROPERTIES, FALSE);
if (numberOfWindows == 1)
{
WINDOWPLACEMENT placement = { sizeof(placement) };
BYTE alpha;
ULONG flags;
ULONG i;
ULONG id;
// State
GetWindowPlacement(windows[0]->WindowHandle, &placement);
if (placement.showCmd == SW_MINIMIZE)
PhEnableMenuItem(subMenu, ID_WINDOW_MINIMIZE, FALSE);
else if (placement.showCmd == SW_MAXIMIZE)
PhEnableMenuItem(subMenu, ID_WINDOW_MAXIMIZE, FALSE);
else if (placement.showCmd == SW_NORMAL)
PhEnableMenuItem(subMenu, ID_WINDOW_RESTORE, FALSE);
// Visible
CheckMenuItem(subMenu, ID_WINDOW_VISIBLE,
(GetWindowLong(windows[0]->WindowHandle, GWL_STYLE) & WS_VISIBLE) ? MF_CHECKED : MF_UNCHECKED);
// Enabled
CheckMenuItem(subMenu, ID_WINDOW_ENABLED,
!(GetWindowLong(windows[0]->WindowHandle, GWL_STYLE) & WS_DISABLED) ? MF_CHECKED : MF_UNCHECKED);
// Always on Top
CheckMenuItem(subMenu, ID_WINDOW_ALWAYSONTOP,
(GetWindowLong(windows[0]->WindowHandle, GWL_EXSTYLE) & WS_EX_TOPMOST) ? MF_CHECKED : MF_UNCHECKED);
// Opacity
if (GetLayeredWindowAttributes(windows[0]->WindowHandle, NULL, &alpha, &flags))
{
if (!(flags & LWA_ALPHA))
alpha = 255;
}
else
{
alpha = 255;
}
if (alpha == 255)
{
id = ID_OPACITY_OPAQUE;
}
else
{
id = 0;
// Due to integer division, we cannot use simple arithmetic to calculate which menu item to check.
for (i = 0; i < 10; i++)
{
if (alpha == (BYTE)(255 * (i + 1) / 10))
{
id = ID_OPACITY_10 + i;
break;
}
}
}
if (id != 0)
{
CheckMenuRadioItem(subMenu, ID_OPACITY_10, ID_OPACITY_OPAQUE, id, MF_BYCOMMAND);
}
}
else
{
PhEnableAllMenuItems(subMenu, FALSE);
PhEnableMenuItem(subMenu, ID_WINDOW_COPY, TRUE);
}
TrackPopupMenu(
subMenu,
TPM_LEFTALIGN | TPM_TOPALIGN | TPM_RIGHTBUTTON,
point.x,
point.y,
0,
hwndDlg,
NULL
);
DestroyMenu(menu);
}
}
break;
case ID_WINDOW_BRINGTOFRONT:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
WINDOWPLACEMENT placement = { sizeof(placement) };
GetWindowPlacement(selectedNode->WindowHandle, &placement);
if (placement.showCmd == SW_MINIMIZE)
ShowWindowAsync(selectedNode->WindowHandle, SW_RESTORE);
else
SetForegroundWindow(selectedNode->WindowHandle);
}
}
break;
case ID_WINDOW_RESTORE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ShowWindowAsync(selectedNode->WindowHandle, SW_RESTORE);
}
}
break;
case ID_WINDOW_MINIMIZE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ShowWindowAsync(selectedNode->WindowHandle, SW_MINIMIZE);
}
}
break;
case ID_WINDOW_MAXIMIZE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ShowWindowAsync(selectedNode->WindowHandle, SW_MAXIMIZE);
}
}
break;
case ID_WINDOW_CLOSE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
PostMessage(selectedNode->WindowHandle, WM_CLOSE, 0, 0);
}
}
break;
case ID_WINDOW_VISIBLE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
if (IsWindowVisible(selectedNode->WindowHandle))
{
selectedNode->WindowVisible = FALSE;
ShowWindowAsync(selectedNode->WindowHandle, SW_HIDE);
}
else
{
selectedNode->WindowVisible = TRUE;
ShowWindowAsync(selectedNode->WindowHandle, SW_SHOW);
}
PhInvalidateTreeNewNode(&selectedNode->Node, TN_CACHE_COLOR);
TreeNew_InvalidateNode(context->TreeNewHandle, &selectedNode->Node);
}
}
break;
case ID_WINDOW_ENABLED:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
EnableWindow(selectedNode->WindowHandle, !IsWindowEnabled(selectedNode->WindowHandle));
}
}
break;
case ID_WINDOW_ALWAYSONTOP:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
LOGICAL topMost;
topMost = GetWindowLong(selectedNode->WindowHandle, GWL_EXSTYLE) & WS_EX_TOPMOST;
SetWindowPos(selectedNode->WindowHandle, topMost ? HWND_NOTOPMOST : HWND_TOPMOST,
0, 0, 0, 0, SWP_NOACTIVATE | SWP_NOMOVE | SWP_NOSIZE);
}
}
break;
case ID_OPACITY_10:
case ID_OPACITY_20:
case ID_OPACITY_30:
case ID_OPACITY_40:
case ID_OPACITY_50:
case ID_OPACITY_60:
case ID_OPACITY_70:
case ID_OPACITY_80:
case ID_OPACITY_90:
case ID_OPACITY_OPAQUE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ULONG opacity;
opacity = ((ULONG)LOWORD(wParam) - ID_OPACITY_10) + 1;
if (opacity == 10)
{
// Remove the WS_EX_LAYERED bit since it is not needed.
PhSetWindowExStyle(selectedNode->WindowHandle, WS_EX_LAYERED, 0);
RedrawWindow(selectedNode->WindowHandle, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_FRAME | RDW_ALLCHILDREN);
}
else
{
// Add the WS_EX_LAYERED bit so opacity will work.
PhSetWindowExStyle(selectedNode->WindowHandle, WS_EX_LAYERED, WS_EX_LAYERED);
SetLayeredWindowAttributes(selectedNode->WindowHandle, 0, (BYTE)(255 * opacity / 10), LWA_ALPHA);
}
}
}
break;
case ID_WINDOW_HIGHLIGHT:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
if (context->HighlightingWindow)
{
if (context->HighlightingWindowCount & 1)
WeInvertWindowBorder(context->HighlightingWindow);
}
context->HighlightingWindow = selectedNode->WindowHandle;
context->HighlightingWindowCount = 10;
SetTimer(hwndDlg, 9, 100, NULL);
}
}
break;
case ID_WINDOW_GOTOTHREAD:
{
PWE_WINDOW_NODE selectedNode;
PPH_PROCESS_ITEM processItem;
PPH_PROCESS_PROPCONTEXT propContext;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
if (processItem = PhReferenceProcessItem(selectedNode->ClientId.UniqueProcess))
{
if (propContext = PhCreateProcessPropContext(WE_PhMainWndHandle, processItem))
{
PhSetSelectThreadIdProcessPropContext(propContext, selectedNode->ClientId.UniqueThread);
PhShowProcessProperties(propContext);
PhDereferenceObject(propContext);
}
PhDereferenceObject(processItem);
}
else
{
PhShowError(hwndDlg, L"The process does not exist.");
}
}
}
break;
case ID_WINDOW_PROPERTIES:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
WeShowWindowProperties(WE_PhMainWndHandle, selectedNode->WindowHandle);
}
break;
case ID_WINDOW_COPY:
{
PPH_STRING text;
text = PhGetTreeNewText(context->TreeNewHandle, 0);
PhSetClipboardStringEx(hwndDlg, text->Buffer, text->Length);
PhDereferenceObject(text);
}
break;
}
}
break;
case WM_TIMER:
{
switch (wParam)
{
case 9:
{
WeInvertWindowBorder(context->HighlightingWindow);
if (--context->HighlightingWindowCount == 0)
KillTimer(hwndDlg, 9);
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&context->LayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_WE_PLUSMINUS:
{
PWE_WINDOW_NODE node = (PWE_WINDOW_NODE)lParam;
if (!node->Opened)
{
TreeNew_SetRedraw(context->TreeNewHandle, FALSE);
WepAddChildWindows(context, node, node->WindowHandle, NULL, NULL);
node->Opened = TRUE;
TreeNew_SetRedraw(context->TreeNewHandle, TRUE);
}
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpNetworkStackDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PNETWORK_STACK_CONTEXT networkStackContext;
HWND lvHandle;
PPH_LAYOUT_MANAGER layoutManager;
PVOID address;
ULONG i;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
networkStackContext = (PNETWORK_STACK_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)networkStackContext);
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 350, L"Name");
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
networkStackContext->ListViewHandle = lvHandle;
layoutManager = PhAllocate(sizeof(PH_LAYOUT_MANAGER));
PhInitializeLayoutManager(layoutManager, hwndDlg);
SetProp(hwndDlg, L"LayoutManager", (HANDLE)layoutManager);
PhAddLayoutItem(layoutManager, lvHandle, NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 190;
rect.bottom = 120;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
for (i = 0; i < PH_NETWORK_OWNER_INFO_SIZE; i++)
{
PPH_STRING name;
address = *(PVOID *)&networkStackContext->NetworkItem->OwnerInfo[i];
if ((ULONG_PTR)address < PAGE_SIZE) // stop at an invalid address
break;
name = PhGetSymbolFromAddress(
networkStackContext->SymbolProvider,
(ULONG64)address,
NULL,
NULL,
NULL,
NULL
);
PhAddListViewItem(lvHandle, MAXINT, name->Buffer, NULL);
PhDereferenceObject(name);
}
}
break;
case WM_DESTROY:
{
PPH_LAYOUT_MANAGER layoutManager;
PNETWORK_STACK_CONTEXT networkStackContext;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhDeleteLayoutManager(layoutManager);
PhFree(layoutManager);
networkStackContext = (PNETWORK_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
RemoveProp(hwndDlg, PhMakeContextAtom());
RemoveProp(hwndDlg, L"LayoutManager");
}
break;
case WM_COMMAND:
{
INT id = LOWORD(wParam);
switch (id)
{
case IDCANCEL: // Esc and X button to close
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
}
}
break;
case WM_SIZE:
{
PPH_LAYOUT_MANAGER layoutManager;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhLayoutManagerLayout(layoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpThreadStackDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
NTSTATUS status;
PTHREAD_STACK_CONTEXT threadStackContext;
PPH_STRING title;
HWND lvHandle;
PPH_LAYOUT_MANAGER layoutManager;
threadStackContext = (PTHREAD_STACK_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)threadStackContext);
title = PhFormatString(L"Stack - thread %u", (ULONG)threadStackContext->ThreadId);
SetWindowText(hwndDlg, title->Buffer);
PhDereferenceObject(title);
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 30, L" ");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 300, L"Name");
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhLoadListViewColumnsFromSetting(L"ThreadStackListViewColumns", lvHandle);
threadStackContext->ListViewHandle = lvHandle;
layoutManager = PhAllocate(sizeof(PH_LAYOUT_MANAGER));
PhInitializeLayoutManager(layoutManager, hwndDlg);
SetProp(hwndDlg, L"LayoutManager", (HANDLE)layoutManager);
PhAddLayoutItem(layoutManager, lvHandle, NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_COPY),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_REFRESH),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 190;
rect.bottom = 120;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
PhLoadWindowPlacementFromSetting(NULL, L"ThreadStackWindowSize", hwndDlg);
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackInitializing;
control.UniqueKey = threadStackContext;
control.u.Initializing.ProcessId = threadStackContext->ProcessId;
control.u.Initializing.ThreadId = threadStackContext->ThreadId;
control.u.Initializing.ThreadHandle = threadStackContext->ThreadHandle;
control.u.Initializing.SymbolProvider = threadStackContext->SymbolProvider;
control.u.Initializing.CustomWalk = FALSE;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
threadStackContext->CustomWalk = control.u.Initializing.CustomWalk;
}
status = PhpRefreshThreadStack(hwndDlg, threadStackContext);
if (status == STATUS_ABANDONED)
EndDialog(hwndDlg, IDCANCEL);
else if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to load the stack", status, 0);
}
break;
case WM_DESTROY:
{
PPH_LAYOUT_MANAGER layoutManager;
PTHREAD_STACK_CONTEXT threadStackContext;
ULONG i;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhDeleteLayoutManager(layoutManager);
PhFree(layoutManager);
threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackUninitializing;
control.UniqueKey = threadStackContext;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
}
for (i = 0; i < threadStackContext->List->Count; i++)
PhpFreeThreadStackItem(threadStackContext->List->Items[i]);
PhSaveListViewColumnsToSetting(L"ThreadStackListViewColumns", GetDlgItem(hwndDlg, IDC_LIST));
PhSaveWindowPlacementToSetting(NULL, L"ThreadStackWindowSize", hwndDlg);
RemoveProp(hwndDlg, PhMakeContextAtom());
RemoveProp(hwndDlg, L"LayoutManager");
}
break;
case WM_COMMAND:
{
INT id = LOWORD(wParam);
switch (id)
{
case IDCANCEL: // Esc and X button to close
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
case IDC_REFRESH:
{
NTSTATUS status;
if (!NT_SUCCESS(status = PhpRefreshThreadStack(
hwndDlg,
(PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom())
)))
{
PhShowStatus(hwndDlg, L"Unable to load the stack", status, 0);
}
}
break;
case IDC_COPY:
{
HWND lvHandle;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
if (ListView_GetSelectedCount(lvHandle) == 0)
PhSetStateAllListViewItems(lvHandle, LVIS_SELECTED, LVIS_SELECTED);
PhCopyListView(lvHandle);
SetFocus(lvHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_GETINFOTIP:
{
LPNMLVGETINFOTIP getInfoTip = (LPNMLVGETINFOTIP)header;
HWND lvHandle;
PTHREAD_STACK_CONTEXT threadStackContext;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (header->hwndFrom == lvHandle)
{
PTHREAD_STACK_ITEM stackItem;
PPH_THREAD_STACK_FRAME stackFrame;
if (PhGetListViewItemParam(lvHandle, getInfoTip->iItem, &stackItem))
{
PH_STRING_BUILDER stringBuilder;
PPH_STRING fileName;
PH_SYMBOL_LINE_INFORMATION lineInfo;
stackFrame = &stackItem->StackFrame;
PhInitializeStringBuilder(&stringBuilder, 40);
// There are no params for kernel-mode stack traces.
if ((ULONG_PTR)stackFrame->PcAddress <= PhSystemBasicInformation.MaximumUserModeAddress)
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"Parameters: 0x%Ix, 0x%Ix, 0x%Ix, 0x%Ix\n",
stackFrame->Params[0],
stackFrame->Params[1],
stackFrame->Params[2],
stackFrame->Params[3]
);
}
if (PhGetLineFromAddress(
threadStackContext->SymbolProvider,
(ULONG64)stackFrame->PcAddress,
&fileName,
NULL,
&lineInfo
))
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"File: %s: line %u\n",
fileName->Buffer,
lineInfo.LineNumber
);
PhDereferenceObject(fileName);
}
if (stringBuilder.String->Length != 0)
PhRemoveStringBuilder(&stringBuilder, stringBuilder.String->Length / 2 - 1, 1);
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackGetTooltip;
control.UniqueKey = threadStackContext;
control.u.GetTooltip.StackFrame = stackFrame;
control.u.GetTooltip.StringBuilder = &stringBuilder;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
}
PhCopyListViewInfoTip(getInfoTip, &stringBuilder.String->sr);
PhDeleteStringBuilder(&stringBuilder);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PPH_LAYOUT_MANAGER layoutManager;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhLayoutManagerLayout(layoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpChooseProcessDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PCHOOSE_PROCESS_DIALOG_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PCHOOSE_PROCESS_DIALOG_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
else
{
context = (PCHOOSE_PROCESS_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (uMsg == WM_DESTROY)
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
SetDlgItemText(hwndDlg, IDC_MESSAGE, context->Message);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_MESSAGE), NULL,
PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT | PH_LAYOUT_FORCE_INVALIDATE);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDCANCEL), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_REFRESH), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhLayoutManagerLayout(&context->LayoutManager);
context->MinimumSize.left = 0;
context->MinimumSize.top = 0;
context->MinimumSize.right = 280;
context->MinimumSize.bottom = 170;
MapDialogRect(hwndDlg, &context->MinimumSize);
context->ListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
context->ImageList = ImageList_Create(PhSmallIconSize.X, PhSmallIconSize.Y, ILC_COLOR32 | ILC_MASK, 0, 40);
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 180, L"Name");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 60, L"PID");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 160, L"User Name");
PhSetExtendedListView(lvHandle);
ListView_SetImageList(lvHandle, context->ImageList, LVSIL_SMALL);
PhpRefreshProcessList(hwndDlg, context);
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
break;
case WM_DESTROY:
{
ImageList_Destroy(context->ImageList);
PhDeleteLayoutManager(&context->LayoutManager);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
{
EndDialog(hwndDlg, IDCANCEL);
}
break;
case IDOK:
{
if (ListView_GetSelectedCount(context->ListViewHandle) == 1)
{
context->ProcessId = (HANDLE)PhGetSelectedListViewItemParam(context->ListViewHandle);
EndDialog(hwndDlg, IDOK);
}
}
break;
case IDC_REFRESH:
{
PhpRefreshProcessList(hwndDlg, context);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_ITEMCHANGED:
{
EnableWindow(GetDlgItem(hwndDlg, IDOK), ListView_GetSelectedCount(context->ListViewHandle) == 1);
}
break;
case NM_DBLCLK:
{
SendMessage(hwndDlg, WM_COMMAND, IDOK, 0);
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&context->LayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, context->MinimumSize.right, context->MinimumSize.bottom);
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK NetworkOutputDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PNETWORK_OUTPUT_CONTEXT context;
if (uMsg == WM_INITDIALOG)
{
context = (PNETWORK_OUTPUT_CONTEXT)lParam;
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PNETWORK_OUTPUT_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
{
PhSaveWindowPlacementToSetting(SETTING_NAME_TRACERT_WINDOW_POSITION, SETTING_NAME_TRACERT_WINDOW_SIZE, hwndDlg);
PhDeleteLayoutManager(&context->LayoutManager);
if (context->ProcessHandle)
{
// Terminate the child process.
PhTerminateProcess(context->ProcessHandle, STATUS_SUCCESS);
// Close the child process handle.
NtClose(context->ProcessHandle);
}
// Close the pipe handle.
if (context->PipeReadHandle)
NtClose(context->PipeReadHandle);
RemoveProp(hwndDlg, L"Context");
PhFree(context);
}
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
PH_RECTANGLE windowRectangle;
context->WindowHandle = hwndDlg;
context->OutputHandle = GetDlgItem(hwndDlg, IDC_NETOUTPUTEDIT);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, context->OutputHandle, NULL, PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_MORE_INFO), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_RIGHT);
windowRectangle.Position = PhGetIntegerPairSetting(SETTING_NAME_TRACERT_WINDOW_POSITION);
windowRectangle.Size = PhGetIntegerPairSetting(SETTING_NAME_TRACERT_WINDOW_SIZE);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 190;
rect.bottom = 120;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
// Check for first-run default position.
if (windowRectangle.Position.X == 0 || windowRectangle.Position.Y == 0)
{
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
}
else
{
PhLoadWindowPlacementFromSetting(SETTING_NAME_TRACERT_WINDOW_POSITION, SETTING_NAME_TRACERT_WINDOW_SIZE, hwndDlg);
}
if (context->IpAddress.Type == PH_IPV4_NETWORK_TYPE)
{
RtlIpv4AddressToString(&context->IpAddress.InAddr, context->IpAddressString);
}
else
{
RtlIpv6AddressToString(&context->IpAddress.In6Addr, context->IpAddressString);
}
switch (context->Action)
{
case NETWORK_ACTION_TRACEROUTE:
{
HANDLE dialogThread = INVALID_HANDLE_VALUE;
Static_SetText(context->WindowHandle,
PhaFormatString(L"Tracing route to %s...", context->IpAddressString)->Buffer
);
if (dialogThread = PhCreateThread(0, NetworkTracertThreadStart, (PVOID)context))
NtClose(dialogThread);
}
break;
case NETWORK_ACTION_WHOIS:
{
HANDLE dialogThread = INVALID_HANDLE_VALUE;
Static_SetText(context->WindowHandle,
PhaFormatString(L"Whois %s...", context->IpAddressString)->Buffer
);
ShowWindow(GetDlgItem(hwndDlg, IDC_MORE_INFO), SW_SHOW);
if (dialogThread = PhCreateThread(0, NetworkWhoisThreadStart, (PVOID)context))
NtClose(dialogThread);
}
break;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
PostQuitMessage(0);
break;
}
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&context->LayoutManager);
break;
case WM_SIZING:
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
break;
case WM_CTLCOLORDLG:
case WM_CTLCOLORSTATIC:
{
HDC hDC = (HDC)wParam;
HWND hwndChild = (HWND)lParam;
// Check if old graph colors are enabled.
if (!PhGetIntegerSetting(L"GraphColorMode"))
break;
// Set a transparent background for the control backcolor.
SetBkMode(hDC, TRANSPARENT);
// Check for our edit control and change the color.
if (hwndChild == context->OutputHandle)
{
// Set text color as the Green PH graph text color.
SetTextColor(hDC, RGB(124, 252, 0));
// Set a black control backcolor.
return (INT_PTR)GetStockBrush(BLACK_BRUSH);
}
}
break;
case WM_NOTIFY:
{
switch (((LPNMHDR)lParam)->code)
{
case NM_CLICK:
case NM_RETURN:
{
PNMLINK syslink = (PNMLINK)lParam;
if (syslink->hdr.idFrom == IDC_MORE_INFO)
{
PhShellExecute(
PhMainWndHandle,
PhaConcatStrings2(L"http://wq.apnic.net/apnic-bin/whois.pl?searchtext=", context->IpAddressString)->Buffer,
NULL
);
}
}
break;
}
}
break;
case NTM_RECEIVEDTRACE:
{
OEM_STRING inputString;
UNICODE_STRING convertedString;
PH_STRING_BUILDER receivedString;
if (wParam != 0)
{
inputString.Buffer = (PCHAR)lParam;
inputString.Length = (USHORT)wParam;
if (NT_SUCCESS(RtlOemStringToUnicodeString(&convertedString, &inputString, TRUE)))
{
PPH_STRING windowText = NULL;
PhInitializeStringBuilder(&receivedString, PAGE_SIZE);
// Get the current output text.
windowText = PhGetWindowText(context->OutputHandle);
// Append the current output text to the New string.
if (!PhIsNullOrEmptyString(windowText))
PhAppendStringBuilder(&receivedString, windowText);
PhAppendFormatStringBuilder(&receivedString, L"%s", convertedString.Buffer);
// Remove leading newlines.
if (receivedString.String->Length >= 2 * 2 &&
receivedString.String->Buffer[0] == '\r' &&
receivedString.String->Buffer[1] == '\n')
{
PhRemoveStringBuilder(&receivedString, 0, 2);
}
SetWindowText(context->OutputHandle, receivedString.String->Buffer);
SendMessage(
context->OutputHandle,
EM_SETSEL,
receivedString.String->Length / 2 - 1,
receivedString.String->Length / 2 - 1
);
SendMessage(context->OutputHandle, WM_VSCROLL, SB_BOTTOM, 0);
PhDereferenceObject(windowText);
PhDeleteStringBuilder(&receivedString);
RtlFreeUnicodeString(&convertedString);
}
}
}
break;
case NTM_RECEIVEDWHOIS:
{
OEM_STRING inputString;
UNICODE_STRING convertedString;
PH_STRING_BUILDER receivedString;
if (lParam != 0)
{
inputString.Buffer = (PCHAR)lParam;
inputString.Length = (USHORT)wParam;
if (NT_SUCCESS(RtlOemStringToUnicodeString(&convertedString, &inputString, TRUE)))
{
USHORT i;
PhInitializeStringBuilder(&receivedString, PAGE_SIZE);
// Convert carriage returns.
for (i = 0; i < convertedString.Length; i++)
{
if (convertedString.Buffer[i] == '\n')
{
PhAppendStringBuilder(&receivedString, PhaCreateString(L"\r\n"));
}
else
{
PhAppendCharStringBuilder(&receivedString, convertedString.Buffer[i]);
}
}
// Remove leading newlines.
if (receivedString.String->Length >= 2 * 2 &&
receivedString.String->Buffer[0] == '\r' &&
receivedString.String->Buffer[1] == '\n')
{
PhRemoveStringBuilder(&receivedString, 0, 2);
}
SetWindowText(context->OutputHandle, receivedString.String->Buffer);
SendMessage(
context->OutputHandle,
EM_SETSEL,
receivedString.String->Length / 2 - 1,
receivedString.String->Length / 2 - 1
);
SendMessage(context->OutputHandle, WM_VSCROLL, SB_TOP, 0);
PhDeleteStringBuilder(&receivedString);
RtlFreeUnicodeString(&convertedString);
}
PhFree((PVOID)lParam);
}
}
break;
case NTM_RECEIVEDFINISH:
{
PPH_STRING windowText = PhGetWindowText(context->WindowHandle);
if (windowText)
{
Static_SetText(
context->WindowHandle,
PhaFormatString(L"%s Finished.", windowText->Buffer)->Buffer
);
PhDereferenceObject(windowText);
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK EtpGpuNodesDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
ULONG i;
HFONT font;
PPH_STRING nodeString;
RECT labelRect;
RECT tempRect;
ULONG numberOfRows;
ULONG numberOfColumns;
WindowHandle = hwndDlg;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhInitializeLayoutManager(&LayoutManager, hwndDlg);
PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
LayoutMargin = PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_LAYOUT), NULL, PH_ANCHOR_ALL)->Margin;
PhRegisterCallback(&PhProcessesUpdatedEvent, ProcessesUpdatedCallback, NULL, &ProcessesUpdatedCallbackRegistration);
GraphHandle = PhAllocate(sizeof(HWND) * EtGpuTotalNodeCount);
CheckBoxHandle = PhAllocate(sizeof(HWND) * EtGpuTotalNodeCount);
GraphState = PhAllocate(sizeof(PH_GRAPH_STATE) * EtGpuTotalNodeCount);
font = (HFONT)SendMessage(hwndDlg, WM_GETFONT, 0, 0);
for (i = 0; i < EtGpuTotalNodeCount; i++)
{
nodeString = PhFormatString(L"Node %lu", i);
GraphHandle[i] = CreateWindow(
PH_GRAPH_CLASSNAME,
NULL,
WS_VISIBLE | WS_CHILD | WS_BORDER,
0,
0,
3,
3,
hwndDlg,
NULL,
NULL,
NULL
);
Graph_SetTooltip(GraphHandle[i], TRUE);
CheckBoxHandle[i] = CreateWindow(
WC_BUTTON,
nodeString->Buffer,
WS_VISIBLE | WS_CHILD | BS_AUTOCHECKBOX,
0,
0,
3,
3,
hwndDlg,
NULL,
NULL,
NULL
);
SendMessage(CheckBoxHandle[i], WM_SETFONT, (WPARAM)font, FALSE);
PhInitializeGraphState(&GraphState[i]);
PhDereferenceObject(nodeString);
}
// Calculate the minimum size.
numberOfRows = (ULONG)sqrt(EtGpuTotalNodeCount);
numberOfColumns = (EtGpuTotalNodeCount + numberOfRows - 1) / numberOfRows;
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 45;
MinimumSize.bottom = 60;
MapDialogRect(hwndDlg, &MinimumSize);
MinimumSize.right += (MinimumSize.right + GRAPH_PADDING) * numberOfColumns;
MinimumSize.bottom += (MinimumSize.bottom + GRAPH_PADDING) * numberOfRows;
GetWindowRect(GetDlgItem(hwndDlg, IDC_INSTRUCTION), &labelRect);
MapWindowPoints(NULL, hwndDlg, (POINT *)&labelRect, 2);
labelRect.right += GetSystemMetrics(SM_CXFRAME) * 2;
tempRect.left = 0;
tempRect.top = 0;
tempRect.right = 7;
tempRect.bottom = 0;
MapDialogRect(hwndDlg, &tempRect);
labelRect.right += tempRect.right;
if (MinimumSize.right < labelRect.right)
MinimumSize.right = labelRect.right;
SetWindowPos(hwndDlg, NULL, 0, 0, MinimumSize.right, MinimumSize.bottom, SWP_NOACTIVATE | SWP_NOMOVE | SWP_NOZORDER);
EtpLoadNodeBitMap();
}
break;
case WM_DESTROY:
{
ULONG i;
EtpSaveNodeBitMap();
PhUnregisterCallback(&PhProcessesUpdatedEvent, &ProcessesUpdatedCallbackRegistration);
for (i = 0; i < EtGpuTotalNodeCount; i++)
{
PhDeleteGraphState(&GraphState[i]);
}
PhFree(GraphHandle);
PhFree(CheckBoxHandle);
PhFree(GraphState);
PhDeleteLayoutManager(&LayoutManager);
}
break;
case WM_SIZE:
{
HDWP deferHandle;
RECT clientRect;
RECT checkBoxRect;
ULONG numberOfRows = (ULONG)sqrt(EtGpuTotalNodeCount);
ULONG numberOfColumns = (EtGpuTotalNodeCount + numberOfRows - 1) / numberOfRows;
ULONG numberOfYPaddings = numberOfRows - 1;
ULONG numberOfXPaddings = numberOfColumns - 1;
ULONG cellHeight;
ULONG y;
ULONG cellWidth;
ULONG x;
ULONG i;
PhLayoutManagerLayout(&LayoutManager);
deferHandle = BeginDeferWindowPos(EtGpuTotalNodeCount * 2);
GetClientRect(hwndDlg, &clientRect);
GetClientRect(GetDlgItem(hwndDlg, IDC_EXAMPLE), &checkBoxRect);
cellHeight = (clientRect.bottom - LayoutMargin.top - LayoutMargin.bottom - GRAPH_PADDING * numberOfYPaddings) / numberOfRows;
y = LayoutMargin.top;
i = 0;
for (ULONG row = 0; row < numberOfRows; ++row)
{
// Give the last row the remaining space; the height we calculated might be off by a few
// pixels due to integer division.
if (row == numberOfRows - 1)
cellHeight = clientRect.bottom - LayoutMargin.bottom - y;
cellWidth = (clientRect.right - LayoutMargin.left - LayoutMargin.right - GRAPH_PADDING * numberOfXPaddings) / numberOfColumns;
x = LayoutMargin.left;
for (ULONG column = 0; column < numberOfColumns; column++)
{
// Give the last cell the remaining space; the width we calculated might be off by a few
// pixels due to integer division.
if (column == numberOfColumns - 1)
cellWidth = clientRect.right - LayoutMargin.right - x;
if (i < EtGpuTotalNodeCount)
{
deferHandle = DeferWindowPos(
deferHandle,
GraphHandle[i],
NULL,
x,
y,
cellWidth,
cellHeight - checkBoxRect.bottom - CHECKBOX_PADDING,
SWP_NOACTIVATE | SWP_NOZORDER
);
deferHandle = DeferWindowPos(
deferHandle,
CheckBoxHandle[i],
NULL,
x,
y + cellHeight - checkBoxRect.bottom,
cellWidth,
checkBoxRect.bottom,
SWP_NOACTIVATE | SWP_NOZORDER
);
i++;
}
x += cellWidth + GRAPH_PADDING;
}
y += cellHeight + GRAPH_PADDING;
}
EndDeferWindowPos(deferHandle);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
{
EndDialog(hwndDlg, IDOK);
}
break;
}
}
break;
case WM_NOTIFY:
{
NMHDR *header = (NMHDR *)lParam;
ULONG i;
switch (header->code)
{
case GCN_GETDRAWINFO:
{
PPH_GRAPH_GETDRAWINFO getDrawInfo = (PPH_GRAPH_GETDRAWINFO)header;
PPH_GRAPH_DRAW_INFO drawInfo = getDrawInfo->DrawInfo;
drawInfo->Flags = PH_GRAPH_USE_GRID;
SysInfoParameters->ColorSetupFunction(drawInfo, PhGetIntegerSetting(L"ColorCpuKernel"), 0);
for (i = 0; i < EtGpuTotalNodeCount; i++)
{
if (header->hwndFrom == GraphHandle[i])
{
PhGraphStateGetDrawInfo(
&GraphState[i],
getDrawInfo,
EtGpuNodesHistory[i].Count
);
if (!GraphState[i].Valid)
{
PhCopyCircularBuffer_FLOAT(&EtGpuNodesHistory[i], GraphState[i].Data1, drawInfo->LineDataCount);
GraphState[i].Valid = TRUE;
}
break;
}
}
}
break;
case GCN_GETTOOLTIPTEXT:
{
PPH_GRAPH_GETTOOLTIPTEXT getTooltipText = (PPH_GRAPH_GETTOOLTIPTEXT)header;
if (getTooltipText->Index < getTooltipText->TotalCount)
{
for (i = 0; i < EtGpuTotalNodeCount; i++)
{
if (header->hwndFrom == GraphHandle[i])
{
if (GraphState[i].TooltipIndex != getTooltipText->Index)
{
FLOAT gpu;
ULONG adapterIndex;
PPH_STRING adapterDescription;
gpu = PhGetItemCircularBuffer_FLOAT(&EtGpuNodesHistory[i], getTooltipText->Index);
adapterIndex = EtGetGpuAdapterIndexFromNodeIndex(i);
if (adapterIndex != -1)
{
adapterDescription = EtGetGpuAdapterDescription(adapterIndex);
if (adapterDescription && adapterDescription->Length == 0)
PhClearReference(&adapterDescription);
if (!adapterDescription)
adapterDescription = PhFormatString(L"Adapter %lu", adapterIndex);
}
else
{
adapterDescription = PhCreateString(L"Unknown Adapter");
}
PhMoveReference(&GraphState[i].TooltipText, PhFormatString(
L"Node %lu on %s\n%.2f%%\n%s",
i,
adapterDescription->Buffer,
gpu * 100,
((PPH_STRING)PhAutoDereferenceObject(PhGetStatisticsTimeString(NULL, getTooltipText->Index)))->Buffer
));
PhDereferenceObject(adapterDescription);
}
getTooltipText->Text = GraphState[i].TooltipText->sr;
break;
}
}
}
}
break;
}
}
break;
case UPDATE_MSG:
{
ULONG i;
for (i = 0; i < EtGpuTotalNodeCount; i++)
{
GraphState[i].Valid = FALSE;
GraphState[i].TooltipIndex = -1;
Graph_MoveGrid(GraphHandle[i], 1);
Graph_Draw(GraphHandle[i]);
Graph_UpdateTooltip(GraphHandle[i]);
InvalidateRect(GraphHandle[i], NULL, FALSE);
}
}
break;
}
return FALSE;
}
LRESULT CALLBACK PhpPropSheetWndProc(
_In_ HWND hwnd,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PPH_PROCESS_PROPSHEETCONTEXT propSheetContext;
WNDPROC oldWndProc;
propSheetContext = PhGetWindowContext(hwnd, 0xF);
if (!propSheetContext)
return 0;
oldWndProc = propSheetContext->PropSheetWindowHookProc;
switch (uMsg)
{
case WM_DESTROY:
{
HWND tabControl;
TCITEM tabItem;
WCHAR text[128];
// Save the window position and size.
PhSaveWindowPlacementToSetting(L"ProcPropPosition", L"ProcPropSize", hwnd);
// Save the selected tab.
tabControl = PropSheet_GetTabControl(hwnd);
tabItem.mask = TCIF_TEXT;
tabItem.pszText = text;
tabItem.cchTextMax = RTL_NUMBER_OF(text) - 1;
if (TabCtrl_GetItem(tabControl, TabCtrl_GetCurSel(tabControl), &tabItem))
{
PhSetStringSetting(L"ProcPropPage", text);
}
}
break;
case WM_NCDESTROY:
{
PhUnregisterWindowCallback(hwnd);
SetWindowLongPtr(hwnd, GWLP_WNDPROC, (LONG_PTR)oldWndProc);
PhRemoveWindowContext(hwnd, 0xF);
PhDeleteLayoutManager(&propSheetContext->LayoutManager);
PhFree(propSheetContext);
}
break;
case WM_SYSCOMMAND:
{
// Note: Clicking the X on the taskbar window thumbnail preview doens't close modeless property sheets
// when there are more than 1 window and the window doesn't have focus... The MFC, ATL and WTL libraries
// check if the propsheet is modeless and SendMessage WM_CLOSE and so we'll implement the same solution. (dmex)
switch (wParam & 0xFFF0)
{
case SC_CLOSE:
{
PostMessage(hwnd, WM_CLOSE, 0, 0);
//SetWindowLongPtr(hwnd, DWLP_MSGRESULT, TRUE);
//return TRUE;
}
break;
}
}
break;
case WM_COMMAND:
{
switch (GET_WM_COMMAND_ID(wParam, lParam))
{
case IDOK:
// Prevent the OK button from working (even though
// it's already hidden). This prevents the Enter
// key from closing the dialog box.
return 0;
}
}
break;
case WM_SIZE:
{
if (!IsMinimized(hwnd))
{
PhLayoutManagerLayout(&propSheetContext->LayoutManager);
}
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return CallWindowProc(oldWndProc, hwnd, uMsg, wParam, lParam);
}
static INT_PTR CALLBACK NetworkPingWndProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PNETWORK_OUTPUT_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PNETWORK_OUTPUT_CONTEXT)lParam;
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PNETWORK_OUTPUT_CONTEXT)GetProp(hwndDlg, L"Context");
}
if (context == NULL)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
PH_RECTANGLE windowRectangle;
PPH_LAYOUT_ITEM panelItem;
// We have already set the group boxes to have WS_EX_TRANSPARENT to fix
// the drawing issue that arises when using WS_CLIPCHILDREN. However
// in removing the flicker from the graphs the group boxes will now flicker.
// It's a good tradeoff since no one stares at the group boxes.
PhSetWindowStyle(hwndDlg, WS_CLIPCHILDREN, WS_CLIPCHILDREN);
context->WindowHandle = hwndDlg;
context->ParentHandle = GetParent(hwndDlg);
context->StatusHandle = GetDlgItem(hwndDlg, IDC_MAINTEXT);
context->MaxPingTimeout = PhGetIntegerSetting(SETTING_NAME_PING_TIMEOUT);
windowRectangle.Position = PhGetIntegerPairSetting(SETTING_NAME_PING_WINDOW_POSITION);
windowRectangle.Size = PhGetIntegerPairSetting(SETTING_NAME_PING_WINDOW_SIZE);
// Create the font handle.
context->FontHandle = InitializeFont(context->StatusHandle);
// Create the graph control.
context->PingGraphHandle = CreateWindow(
PH_GRAPH_CLASSNAME,
NULL,
WS_VISIBLE | WS_CHILD | WS_BORDER,
0,
0,
3,
3,
hwndDlg,
NULL,
NULL,
NULL
);
Graph_SetTooltip(context->PingGraphHandle, TRUE);
// Load the Process Hacker icon.
context->IconHandle = (HICON)LoadImage(
NtCurrentPeb()->ImageBaseAddress,
MAKEINTRESOURCE(PHAPP_IDI_PROCESSHACKER),
IMAGE_ICON,
GetSystemMetrics(SM_CXICON),
GetSystemMetrics(SM_CYICON),
LR_SHARED
);
// Set window icon.
if (context->IconHandle)
SendMessage(hwndDlg, WM_SETICON, ICON_SMALL, (LPARAM)context->IconHandle);
// Initialize the WorkQueue with a maximum of 20 threads (fix pinging slow-links with a high interval update).
PhInitializeWorkQueue(&context->PingWorkQueue, 0, 20, 5000);
PhInitializeGraphState(&context->PingGraphState);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhInitializeCircularBuffer_ULONG(&context->PingHistory, PhGetIntegerSetting(L"SampleCount"));
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_PANEL), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_AVG), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_MIN), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ICMP_MAX), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_PINGS_SENT), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_PINGS_LOST), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_BAD_HASH), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ANON_ADDR), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_RIGHT);
panelItem = PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_PING_LAYOUT), NULL, PH_ANCHOR_ALL);
PhAddLayoutItemEx(&context->LayoutManager, context->PingGraphHandle, NULL, PH_ANCHOR_ALL, panelItem->Margin);
// Load window settings.
if (windowRectangle.Position.X == 0 || windowRectangle.Position.Y == 0)
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
else
{
PhLoadWindowPlacementFromSetting(SETTING_NAME_PING_WINDOW_POSITION, SETTING_NAME_PING_WINDOW_SIZE, hwndDlg);
}
// Initialize window layout.
PhLayoutManagerLayout(&context->LayoutManager);
// Convert IP Address to string format.
if (context->IpAddress.Type == PH_IPV4_NETWORK_TYPE)
{
RtlIpv4AddressToString(&context->IpAddress.InAddr, context->IpAddressString);
}
else
{
RtlIpv6AddressToString(&context->IpAddress.In6Addr, context->IpAddressString);
}
SetWindowText(hwndDlg, PhaFormatString(L"Ping %s", context->IpAddressString)->Buffer);
SetWindowText(context->StatusHandle, PhaFormatString(L"Pinging %s with 32 bytes of data:", context->IpAddressString)->Buffer);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessesUpdated),
NetworkPingUpdateHandler,
context,
&context->ProcessesUpdatedRegistration
);
}
return TRUE;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
PostQuitMessage(0);
break;
}
}
break;
case WM_DESTROY:
{
PhUnregisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessesUpdated),
&context->ProcessesUpdatedRegistration
);
PhSaveWindowPlacementToSetting(
SETTING_NAME_PING_WINDOW_POSITION,
SETTING_NAME_PING_WINDOW_SIZE,
hwndDlg
);
if (context->PingGraphHandle)
DestroyWindow(context->PingGraphHandle);
if (context->IconHandle)
DestroyIcon(context->IconHandle);
if (context->FontHandle)
DeleteObject(context->FontHandle);
PhDeleteWorkQueue(&context->PingWorkQueue);
PhDeleteGraphState(&context->PingGraphState);
PhDeleteLayoutManager(&context->LayoutManager);
RemoveProp(hwndDlg, L"Context");
PhFree(context);
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&context->LayoutManager);
break;
case WM_SIZING:
PhResizingMinimumSize((PRECT)lParam, wParam, 420, 250);
break;
case WM_CTLCOLORBTN:
case WM_CTLCOLORDLG:
case WM_CTLCOLORSTATIC:
{
HDC hDC = (HDC)wParam;
HWND hwndChild = (HWND)lParam;
// Check for our static label and change the color.
if (GetDlgCtrlID(hwndChild) == IDC_MAINTEXT)
{
SetTextColor(hDC, RGB(19, 112, 171));
}
// Set a transparent background for the control backcolor.
SetBkMode(hDC, TRANSPARENT);
// set window background color.
return (INT_PTR)GetSysColorBrush(COLOR_WINDOW);
}
break;
case WM_PING_UPDATE:
{
ULONG i = 0;
ULONG maxGraphHeight = 0;
ULONG pingAvgValue = 0;
PhNetworkPingUpdateGraph(context);
for (i = 0; i < context->PingHistory.Count; i++)
{
maxGraphHeight = maxGraphHeight + PhGetItemCircularBuffer_ULONG(&context->PingHistory, i);
pingAvgValue = maxGraphHeight / context->PingHistory.Count;
}
SetDlgItemText(hwndDlg, IDC_ICMP_AVG, PhaFormatString(
L"Average: %lums", pingAvgValue)->Buffer);
SetDlgItemText(hwndDlg, IDC_ICMP_MIN, PhaFormatString(
L"Minimum: %lums", context->PingMinMs)->Buffer);
SetDlgItemText(hwndDlg, IDC_ICMP_MAX, PhaFormatString(
L"Maximum: %lums", context->PingMaxMs)->Buffer);
SetDlgItemText(hwndDlg, IDC_PINGS_SENT, PhaFormatString(
L"Pings Sent: %lu", context->PingSentCount)->Buffer);
SetDlgItemText(hwndDlg, IDC_PINGS_LOST, PhaFormatString(
L"Pings Lost: %lu (%.0f%%)", context->PingLossCount,
((FLOAT)context->PingLossCount / context->PingSentCount * 100)
)->Buffer);
SetDlgItemText(hwndDlg, IDC_BAD_HASH, PhaFormatString(
L"Bad Hashes: %lu", context->HashFailCount)->Buffer);
SetDlgItemText(hwndDlg, IDC_ANON_ADDR, PhaFormatString(
L"Anon Replies: %lu", context->UnknownAddrCount)->Buffer);
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case GCN_GETDRAWINFO:
{
PPH_GRAPH_GETDRAWINFO getDrawInfo = (PPH_GRAPH_GETDRAWINFO)header;
PPH_GRAPH_DRAW_INFO drawInfo = getDrawInfo->DrawInfo;
PhSiSetColorsGraphDrawInfo(drawInfo, PhGetIntegerSetting(L"ColorCpuKernel"), PhGetIntegerSetting(L"ColorCpuUser"));
if (header->hwndFrom == context->PingGraphHandle)
{
if (PhGetIntegerSetting(L"GraphShowText"))
{
HDC hdc = Graph_GetBufferedContext(context->PingGraphHandle);
PhMoveReference(&context->PingGraphState.Text,
PhFormatString(L"Ping: %lums", context->CurrentPingMs)
);
SelectObject(hdc, PhApplicationFont);
PhSetGraphText(hdc, drawInfo, &context->PingGraphState.Text->sr,
&NormalGraphTextMargin, &NormalGraphTextPadding, PH_ALIGN_TOP | PH_ALIGN_LEFT);
}
else
{
drawInfo->Text.Buffer = NULL;
}
PhGraphStateGetDrawInfo(
&context->PingGraphState,
getDrawInfo,
context->PingHistory.Count
);
if (!context->PingGraphState.Valid)
{
ULONG i;
FLOAT max = 0;
for (i = 0; i < drawInfo->LineDataCount; i++)
{
FLOAT data1;
context->PingGraphState.Data1[i] = data1 = (FLOAT)PhGetItemCircularBuffer_ULONG(&context->PingHistory, i);
if (max < data1)
max = data1;
}
// Minimum scaling of timeout (1000ms default).
if (max < (FLOAT)context->MaxPingTimeout)
max = (FLOAT)context->MaxPingTimeout;
// Scale the data.
PhxfDivideSingle2U(
context->PingGraphState.Data1,
max,
drawInfo->LineDataCount
);
context->PingGraphState.Valid = TRUE;
}
}
}
break;
case GCN_GETTOOLTIPTEXT:
{
PPH_GRAPH_GETTOOLTIPTEXT getTooltipText = (PPH_GRAPH_GETTOOLTIPTEXT)lParam;
if (getTooltipText->Index < getTooltipText->TotalCount)
{
if (header->hwndFrom == context->PingGraphHandle)
{
if (context->PingGraphState.TooltipIndex != getTooltipText->Index)
{
ULONG pingMs = PhGetItemCircularBuffer_ULONG(&context->PingHistory, getTooltipText->Index);
PhMoveReference(&context->PingGraphState.TooltipText,
PhFormatString(L"Ping: %lums", pingMs)
);
}
getTooltipText->Text = context->PingGraphState.TooltipText->sr;
}
}
}
break;
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK MainWndProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
// Add the Graphics card name to the Window Title.
//PPH_STRING gpuname = GetDriverName();
//PPH_STRING title = PhFormatString(L"Graphics Information (%s)", gpuname->Buffer);
//SetWindowText(hwndDlg, title->Buffer);
//PhDereferenceObject(gpuname);
//PhDereferenceObject(title);
// We have already set the group boxes to have WS_EX_TRANSPARENT to fix
// the drawing issue that arises when using WS_CLIPCHILDREN. However
// in removing the flicker from the graphs the group boxes will now flicker.
// It's a good tradeoff since no one stares at the group boxes.
PhSetWindowStyle(hwndDlg, WS_CLIPCHILDREN, WS_CLIPCHILDREN);
PhCenterWindow(hwndDlg, PhMainWndHandle);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_ALWAYSONTOP), NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhLoadWindowPlacementFromSetting(SETTING_NAME_GFX_WINDOW_POSITION, SETTING_NAME_GFX_WINDOW_SIZE, hwndDlg);
PhInitializeGraphState(&GpuGraphState);
PhInitializeGraphState(&CoreGraphState);
PhInitializeGraphState(&MemGraphState);
// TEMP
if (GpuHistory.Count == 0)
{
PhInitializeCircularBuffer_FLOAT(&GpuHistory, PhGetIntegerSetting(L"SampleCount"));
PhInitializeCircularBuffer_FLOAT(&CoreHistory, PhGetIntegerSetting(L"SampleCount"));
PhInitializeCircularBuffer_ULONG(&MemHistory, PhGetIntegerSetting(L"SampleCount"));
}
GpuGraphHandle = CreateWindow(
PH_GRAPH_CLASSNAME,
NULL,
WS_CHILD | WS_CLIPSIBLINGS | WS_VISIBLE,
0,
0,
3,
3,
hwndDlg,
(HMENU)110,
PluginInstance->DllBase,
NULL
);
Graph_SetTooltip(GpuGraphHandle, TRUE);
BringWindowToTop(GpuGraphHandle);
CoreGraphHandle = CreateWindow(
PH_GRAPH_CLASSNAME,
NULL,
WS_CHILD | WS_CLIPSIBLINGS | WS_VISIBLE,
0,
0,
3,
3,
hwndDlg,
(HMENU)111,
PluginInstance->DllBase,
NULL
);
Graph_SetTooltip(CoreGraphHandle, TRUE);
BringWindowToTop(CoreGraphHandle);
MemGraphHandle = CreateWindow(
PH_GRAPH_CLASSNAME,
NULL,
WS_CHILD | WS_CLIPSIBLINGS | WS_VISIBLE,
0,
0,
3,
3,
hwndDlg,
(HMENU)109,
PluginInstance->DllBase,
NULL
);
Graph_SetTooltip(MemGraphHandle, TRUE);
BringWindowToTop(MemGraphHandle);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessesUpdated),
GfxUpdateHandler,
NULL,
&ProcessesUpdatedRegistration
);
}
break;
case WM_DESTROY:
{
// Unregister our callbacks.
PhUnregisterCallback(&PhProcessesUpdatedEvent, &ProcessesUpdatedRegistration);
// Save our settings.
PhSetIntegerSetting(SETTING_NAME_GFX_ALWAYS_ON_TOP, AlwaysOnTop);
PhSaveWindowPlacementToSetting(SETTING_NAME_GFX_WINDOW_POSITION, SETTING_NAME_GFX_WINDOW_SIZE, hwndDlg);
// Reset our Window Management.
PhDeleteLayoutManager(&WindowLayoutManager);
// TEMP commented out.
// Clear our buffers.
//PhDeleteCircularBuffer_FLOAT(&GpuHistory);
//PhDeleteCircularBuffer_ULONG(&MemHistory);
// Clear our state.
PhDeleteGraphState(&GpuGraphState);
PhDeleteGraphState(&MemGraphState);
// Quit.
PostQuitMessage(0);
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case GCN_GETDRAWINFO:
{
PPH_GRAPH_GETDRAWINFO getDrawInfo = (PPH_GRAPH_GETDRAWINFO)header;
PPH_GRAPH_DRAW_INFO drawInfo = getDrawInfo->DrawInfo;
if (header->hwndFrom == GpuGraphHandle)
{
if (PhGetIntegerSetting(L"GraphShowText"))
{
HDC hdc;
PhSwapReference2(
&GpuGraphState.TooltipText,
PhFormatString(
L"%.0f%%",
CurrentGpuUsage * 100
));
hdc = Graph_GetBufferedContext(GpuGraphHandle);
SelectObject(hdc, PhApplicationFont);
PhSetGraphText(hdc, drawInfo, &GpuGraphState.TooltipText->sr,
&NormalGraphTextMargin, &NormalGraphTextPadding, PH_ALIGN_TOP | PH_ALIGN_LEFT);
}
else
{
drawInfo->Text.Buffer = NULL;
}
drawInfo->Flags = PH_GRAPH_USE_GRID;
drawInfo->LineColor1 = PhGetIntegerSetting(L"ColorCpuKernel");
//drawInfo->LineColor2 = PhGetIntegerSetting(L"ColorCpuUser");
drawInfo->LineBackColor1 = PhHalveColorBrightness(drawInfo->LineColor1);
//drawInfo->LineBackColor2 = PhHalveColorBrightness(drawInfo->LineColor2);
PhGraphStateGetDrawInfo(
&GpuGraphState,
getDrawInfo,
GpuHistory.Count
);
if (!GpuGraphState.Valid)
{
PhCopyCircularBuffer_FLOAT(
&GpuHistory,
getDrawInfo->DrawInfo->LineData1,
getDrawInfo->DrawInfo->LineDataCount
);
GpuGraphState.Valid = TRUE;
}
}
else if (header->hwndFrom == MemGraphHandle)
{
if (PhGetIntegerSetting(L"GraphShowText"))
{
HDC hdc;
PhSwapReference2(&MemGraphState.TooltipText,
PhFormatString(
L"%s / %s (%.2f%%)",
PhaFormatSize(UInt32x32To64(CurrentMemUsage, 1024), -1)->Buffer,
PhaFormatSize(UInt32x32To64(MaxMemUsage, 1024), -1)->Buffer,
(FLOAT)CurrentMemUsage / MaxMemUsage * 100
));
hdc = Graph_GetBufferedContext(MemGraphHandle);
SelectObject(hdc, PhApplicationFont);
PhSetGraphText(
hdc,
drawInfo,
&MemGraphState.TooltipText->sr,
&NormalGraphTextMargin,
&NormalGraphTextPadding,
PH_ALIGN_TOP | PH_ALIGN_LEFT
);
}
else
{
drawInfo->Text.Buffer = NULL;
}
drawInfo->Flags = PH_GRAPH_USE_GRID;
drawInfo->LineColor1 = PhGetIntegerSetting(L"ColorCpuKernel");
//drawInfo->LineColor2 = PhGetIntegerSetting(L"ColorCpuUser");
drawInfo->LineBackColor1 = PhHalveColorBrightness(drawInfo->LineColor1);
//drawInfo->LineBackColor2 = PhHalveColorBrightness(drawInfo->LineColor2);
PhGraphStateGetDrawInfo(
&MemGraphState,
getDrawInfo,
MemHistory.Count
);
if (!MemGraphState.Valid)
{
ULONG i = 0;
for (i = 0; i < drawInfo->LineDataCount; i++)
{
MemGraphState.Data1[i] =
(FLOAT)PhGetItemCircularBuffer_ULONG(&MemHistory, i);
}
// Scale the data.
PhxfDivideSingle2U(
MemGraphState.Data1,
(FLOAT)MaxMemUsage,
drawInfo->LineDataCount
);
MemGraphState.Valid = TRUE;
}
}
else if (header->hwndFrom == CoreGraphHandle)
{
if (PhGetIntegerSetting(L"GraphShowText"))
{
HDC hdc;
PhSwapReference2(
&CoreGraphState.TooltipText,
PhFormatString(
L"%.0f%%",
CurrentCoreUsage * 100
));
hdc = Graph_GetBufferedContext(CoreGraphHandle);
SelectObject(hdc, PhApplicationFont);
PhSetGraphText(hdc, drawInfo, &CoreGraphState.TooltipText->sr,
&NormalGraphTextMargin, &NormalGraphTextPadding, PH_ALIGN_TOP | PH_ALIGN_LEFT);
}
else
{
drawInfo->Text.Buffer = NULL;
}
drawInfo->Flags = PH_GRAPH_USE_GRID;
drawInfo->LineColor1 = PhGetIntegerSetting(L"ColorCpuKernel");
//drawInfo->LineColor2 = PhGetIntegerSetting(L"ColorCpuUser");
drawInfo->LineBackColor1 = PhHalveColorBrightness(drawInfo->LineColor1);
//drawInfo->LineBackColor2 = PhHalveColorBrightness(drawInfo->LineColor2);
PhGraphStateGetDrawInfo(
&CoreGraphState,
getDrawInfo,
CoreHistory.Count
);
if (!CoreGraphState.Valid)
{
PhCopyCircularBuffer_FLOAT(
&CoreHistory,
getDrawInfo->DrawInfo->LineData1,
getDrawInfo->DrawInfo->LineDataCount
);
CoreGraphState.Valid = TRUE;
}
}
}
break;
case GCN_GETTOOLTIPTEXT:
{
PPH_GRAPH_GETTOOLTIPTEXT getTooltipText = (PPH_GRAPH_GETTOOLTIPTEXT)lParam;
if (getTooltipText->Index < getTooltipText->TotalCount)
{
if (header->hwndFrom == GpuGraphHandle)
{
if (GpuGraphState.TooltipIndex != getTooltipText->Index)
{
FLOAT usage;
usage = PhGetItemCircularBuffer_FLOAT(&GpuHistory, getTooltipText->Index);
PhSwapReference2(&GpuGraphState.TooltipText, PhFormatString(
L"%.0f%%",
usage * 100
));
}
getTooltipText->Text = GpuGraphState.TooltipText->sr;
}
else if (header->hwndFrom == MemGraphHandle)
{
if (MemGraphState.TooltipIndex != getTooltipText->Index)
{
ULONG usage;
usage = PhGetItemCircularBuffer_ULONG(&MemHistory, getTooltipText->Index);
PhSwapReference2(&MemGraphState.TooltipText,
PhFormatString(
L"%s / %s (%.2f%%)",
PhaFormatSize(UInt32x32To64(usage, 1024), -1)->Buffer,
PhaFormatSize(UInt32x32To64(MaxMemUsage, 1024), -1)->Buffer,
(FLOAT)usage / MaxMemUsage * 100
));
}
getTooltipText->Text = MemGraphState.TooltipText->sr;
}
else if (header->hwndFrom == CoreGraphHandle)
{
if (CoreGraphState.TooltipIndex != getTooltipText->Index)
{
FLOAT usage;
usage = PhGetItemCircularBuffer_FLOAT(&CoreHistory, getTooltipText->Index);
PhSwapReference2(&CoreGraphState.TooltipText,
PhFormatString(
L"%.0f%%",
usage * 100
));
}
getTooltipText->Text = CoreGraphState.TooltipText->sr;
}
}
}
break;
case GCN_MOUSEEVENT:
{
PPH_GRAPH_MOUSEEVENT mouseEvent = (PPH_GRAPH_MOUSEEVENT)lParam;
if (mouseEvent->Message == WM_LBUTTONDBLCLK)
{
if (header->hwndFrom == GpuGraphHandle)
{
PhShowInformation(hwndDlg, L"Double clicked!");
}
}
}
break;
}
}
break;
case WM_SHOWWINDOW:
{
RECT margin;
GfxPanelWindowHandle = CreateDialog(
PluginInstance->DllBase,
MAKEINTRESOURCE(IDD_SYSGFX_PANEL),
hwndDlg,
MainPanelDlgProc
);
SetWindowPos(
GfxPanelWindowHandle,
NULL,
10, 0, 0, 0,
SWP_NOACTIVATE | SWP_NOREDRAW | SWP_NOSIZE | SWP_NOZORDER
);
ShowWindow(GfxPanelWindowHandle, SW_SHOW);
AlwaysOnTop = (BOOLEAN)PhGetIntegerSetting(SETTING_NAME_GFX_ALWAYS_ON_TOP);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_ALWAYSONTOP), AlwaysOnTop ? BST_CHECKED : BST_UNCHECKED);
GfxSetAlwaysOnTop();
margin.left = 0;
margin.top = 0;
margin.right = 0;
margin.bottom = 25;
MapDialogRect(hwndDlg, &margin);
PhAddLayoutItemEx(
&WindowLayoutManager,
GfxPanelWindowHandle,
NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT,
margin
);
SendMessage(hwndDlg, WM_SIZE, 0, 0);
SendMessage(hwndDlg, WM_GFX_UPDATE, 0, 0);
}
break;
case WM_SIZE:
{
HDWP deferHandle;
HWND cpuGroupBox = GetDlgItem(hwndDlg, IDC_GROUPCONTROLLER);
HWND diskGroupBox = GetDlgItem(hwndDlg, IDC_GROUPGPU);
HWND networkGroupBox = GetDlgItem(hwndDlg, IDC_GROUPMEM);
RECT clientRect;
RECT panelRect;
RECT margin = { 13, 13, 13, 13 };
RECT innerMargin = { 10, 20, 10, 10 };
LONG between = 3;
LONG width;
LONG height;
PhLayoutManagerLayout(&WindowLayoutManager);
GpuGraphState.Valid = FALSE;
MemGraphState.Valid = FALSE;
GetClientRect(hwndDlg, &clientRect);
// Limit the rectangle bottom to the top of the panel.
GetWindowRect(GfxPanelWindowHandle, &panelRect);
MapWindowPoints(NULL, hwndDlg, (POINT *)&panelRect, 2);
clientRect.bottom = panelRect.top;
width = clientRect.right - margin.left - margin.right;
height = (clientRect.bottom - margin.top - margin.bottom - between * 2) / 3;
deferHandle = BeginDeferWindowPos(6);
deferHandle = DeferWindowPos(deferHandle, diskGroupBox, NULL, margin.left, margin.top, width, height, SWP_NOACTIVATE | SWP_NOZORDER);
deferHandle = DeferWindowPos(
deferHandle,
GpuGraphHandle,
NULL,
margin.left + innerMargin.left,
margin.top + innerMargin.top,
width - innerMargin.left - innerMargin.right,
height - innerMargin.top - innerMargin.bottom,
SWP_NOACTIVATE | SWP_NOZORDER
);
deferHandle = DeferWindowPos(deferHandle, networkGroupBox, NULL, margin.left, margin.top + height + between, width, height, SWP_NOACTIVATE | SWP_NOZORDER);
deferHandle = DeferWindowPos(
deferHandle,
MemGraphHandle,
NULL,
margin.left + innerMargin.left,
margin.top + height + between + innerMargin.top,
width - innerMargin.left - innerMargin.right,
height - innerMargin.top - innerMargin.bottom,
SWP_NOACTIVATE | SWP_NOZORDER
);
deferHandle = DeferWindowPos(deferHandle, cpuGroupBox, NULL, margin.left, margin.top + (height + between) * 2, width, height, SWP_NOACTIVATE | SWP_NOZORDER);
deferHandle = DeferWindowPos(
deferHandle,
CoreGraphHandle,
NULL,
margin.left + innerMargin.left,
margin.top + (height + between) * 2 + innerMargin.top,
width - innerMargin.left - innerMargin.right,
height - innerMargin.top - innerMargin.bottom,
SWP_NOACTIVATE | SWP_NOZORDER
);
EndDeferWindowPos(deferHandle);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, 500, 400);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_ALWAYSONTOP:
{
AlwaysOnTop = Button_GetCheck(GetDlgItem(hwndDlg, IDC_ALWAYSONTOP)) == BST_CHECKED;
GfxSetAlwaysOnTop();
}
break;
}
}
break;
case WM_GFX_ACTIVATE:
{
if (IsIconic(hwndDlg))
ShowWindow(hwndDlg, SW_RESTORE);
else
ShowWindow(hwndDlg, SW_SHOW);
SetForegroundWindow(hwndDlg);
}
break;
case WM_GFX_UPDATE:
{
GetGfxUsages();
GetGfxTemp();
GetGfxClockSpeeds();
GpuGraphState.Valid = FALSE;
GpuGraphState.TooltipIndex = -1;
Graph_MoveGrid(GpuGraphHandle, 1);
Graph_Draw(GpuGraphHandle);
Graph_UpdateTooltip(GpuGraphHandle);
InvalidateRect(GpuGraphHandle, NULL, FALSE);
CoreGraphState.Valid = FALSE;
CoreGraphState.TooltipIndex = -1;
Graph_MoveGrid(CoreGraphHandle, 1);
Graph_Draw(CoreGraphHandle);
Graph_UpdateTooltip(CoreGraphHandle);
InvalidateRect(CoreGraphHandle, NULL, FALSE);
MemGraphState.Valid = FALSE;
MemGraphState.TooltipIndex = -1;
Graph_MoveGrid(MemGraphHandle, 1);
Graph_Draw(MemGraphHandle);
Graph_UpdateTooltip(MemGraphHandle);
InvalidateRect(MemGraphHandle, NULL, FALSE);
SendMessage(GfxPanelWindowHandle, WM_GFX_PANEL_UPDATE, 0, 0);
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpHiddenProcessesDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhHiddenProcessesListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_PROCESSES);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_INTRO),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT | PH_LAYOUT_FORCE_INVALIDATE);
PhAddLayoutItem(&WindowLayoutManager, lvHandle,
NULL, PH_ANCHOR_ALL);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_DESCRIPTION),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM | PH_LAYOUT_FORCE_INVALIDATE);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_METHOD),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_TERMINATE),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_SAVE),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_SCAN),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 330;
MinimumSize.bottom = 140;
MapDialogRect(hwndDlg, &MinimumSize);
PhRegisterDialog(hwndDlg);
PhLoadWindowPlacementFromSetting(L"HiddenProcessesWindowPosition", L"HiddenProcessesWindowSize", hwndDlg);
PhSetListViewStyle(lvHandle, TRUE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 320, L"Process");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 60, L"PID");
PhSetExtendedListView(lvHandle);
PhLoadListViewColumnsFromSetting(L"HiddenProcessesListViewColumns", lvHandle);
ExtendedListView_AddFallbackColumn(lvHandle, 0);
ExtendedListView_AddFallbackColumn(lvHandle, 1);
ExtendedListView_SetItemColorFunction(lvHandle, PhpHiddenProcessesColorFunction);
ComboBox_AddString(GetDlgItem(hwndDlg, IDC_METHOD), L"Brute Force");
ComboBox_AddString(GetDlgItem(hwndDlg, IDC_METHOD), L"CSR Handles");
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_METHOD), L"CSR Handles", FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_TERMINATE), FALSE);
}
break;
case WM_DESTROY:
{
PhSaveWindowPlacementToSetting(L"HiddenProcessesWindowPosition", L"HiddenProcessesWindowSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"HiddenProcessesListViewColumns", PhHiddenProcessesListViewHandle);
}
break;
case WM_CLOSE:
{
// Hide, don't close.
ShowWindow(hwndDlg, SW_HIDE);
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0);
}
return TRUE;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
{
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
}
break;
case IDC_SCAN:
{
NTSTATUS status;
PPH_STRING method;
method = PhGetWindowText(GetDlgItem(hwndDlg, IDC_METHOD));
PhAutoDereferenceObject(method);
if (ProcessesList)
{
ULONG i;
for (i = 0; i < ProcessesList->Count; i++)
{
PPH_HIDDEN_PROCESS_ENTRY entry = ProcessesList->Items[i];
if (entry->FileName)
PhDereferenceObject(entry->FileName);
PhFree(entry);
}
PhDereferenceObject(ProcessesList);
}
ListView_DeleteAllItems(PhHiddenProcessesListViewHandle);
ProcessesList = PhCreateList(40);
ProcessesMethod =
PhEqualString2(method, L"Brute Force", TRUE) ?
BruteForceScanMethod :
CsrHandlesScanMethod;
NumberOfHiddenProcesses = 0;
NumberOfTerminatedProcesses = 0;
ExtendedListView_SetRedraw(PhHiddenProcessesListViewHandle, FALSE);
status = PhEnumHiddenProcesses(
ProcessesMethod,
PhpHiddenProcessesCallback,
NULL
);
ExtendedListView_SortItems(PhHiddenProcessesListViewHandle);
ExtendedListView_SetRedraw(PhHiddenProcessesListViewHandle, TRUE);
if (NT_SUCCESS(status))
{
SetDlgItemText(hwndDlg, IDC_DESCRIPTION,
PhaFormatString(L"%u hidden process(es), %u terminated process(es).",
NumberOfHiddenProcesses, NumberOfTerminatedProcesses)->Buffer
);
InvalidateRect(GetDlgItem(hwndDlg, IDC_DESCRIPTION), NULL, TRUE);
}
else
{
PhShowStatus(hwndDlg, L"Unable to perform the scan", status, 0);
}
}
break;
case IDC_TERMINATE:
{
PPH_HIDDEN_PROCESS_ENTRY *entries;
ULONG numberOfEntries;
ULONG i;
PhGetSelectedListViewItemParams(PhHiddenProcessesListViewHandle, &entries, &numberOfEntries);
if (numberOfEntries != 0)
{
if (!PhGetIntegerSetting(L"EnableWarnings") ||
PhShowConfirmMessage(
hwndDlg,
L"terminate",
L"the selected process(es)",
L"Terminating a hidden process may cause the system to become unstable "
L"or crash.",
TRUE
))
{
NTSTATUS status;
HANDLE processHandle;
BOOLEAN refresh;
refresh = FALSE;
for (i = 0; i < numberOfEntries; i++)
{
if (ProcessesMethod == BruteForceScanMethod)
{
status = PhOpenProcess(
&processHandle,
PROCESS_TERMINATE,
entries[i]->ProcessId
);
}
else
{
status = PhOpenProcessByCsrHandles(
&processHandle,
PROCESS_TERMINATE,
entries[i]->ProcessId
);
}
if (NT_SUCCESS(status))
{
status = PhTerminateProcess(processHandle, STATUS_SUCCESS);
NtClose(processHandle);
if (NT_SUCCESS(status))
refresh = TRUE;
}
else
{
PhShowStatus(hwndDlg, L"Unable to terminate the process", status, 0);
}
}
if (refresh)
{
LARGE_INTEGER interval;
// Sleep for a bit before continuing. It seems to help avoid
// BSODs.
interval.QuadPart = -250 * PH_TIMEOUT_MS;
NtDelayExecution(FALSE, &interval);
SendMessage(hwndDlg, WM_COMMAND, IDC_SCAN, 0);
}
}
}
PhFree(entries);
}
break;
case IDC_SAVE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Text files (*.txt)", L"*.txt" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, L"Hidden Processes.txt");
if (PhShowFileDialog(hwndDlg, fileDialog))
{
NTSTATUS status;
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
fileName = PhGetFileDialogFileName(fileDialog);
PhAutoDereferenceObject(fileName);
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
PhWriteStringAsUtf8FileStream(fileStream, &PhUnicodeByteOrderMark);
PhWritePhTextHeader(fileStream);
PhWriteStringAsUtf8FileStream2(fileStream, L"Method: ");
PhWriteStringAsUtf8FileStream2(fileStream,
ProcessesMethod == BruteForceScanMethod ? L"Brute Force\r\n" : L"CSR Handles\r\n");
PhWriteStringFormatAsUtf8FileStream(
fileStream,
L"Hidden: %u\r\nTerminated: %u\r\n\r\n",
NumberOfHiddenProcesses,
NumberOfTerminatedProcesses
);
if (ProcessesList)
{
ULONG i;
for (i = 0; i < ProcessesList->Count; i++)
{
PPH_HIDDEN_PROCESS_ENTRY entry = ProcessesList->Items[i];
if (entry->Type == HiddenProcess)
PhWriteStringAsUtf8FileStream2(fileStream, L"[HIDDEN] ");
else if (entry->Type == TerminatedProcess)
PhWriteStringAsUtf8FileStream2(fileStream, L"[Terminated] ");
else if (entry->Type != NormalProcess)
continue;
PhWriteStringFormatAsUtf8FileStream(
fileStream,
L"%s (%u)\r\n",
entry->FileName->Buffer,
HandleToUlong(entry->ProcessId)
);
}
}
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
PhHandleListViewNotifyBehaviors(lParam, PhHiddenProcessesListViewHandle, PH_LIST_VIEW_DEFAULT_1_BEHAVIORS);
switch (header->code)
{
case LVN_ITEMCHANGED:
{
if (header->hwndFrom == PhHiddenProcessesListViewHandle)
{
EnableWindow(
GetDlgItem(hwndDlg, IDC_TERMINATE),
ListView_GetSelectedCount(PhHiddenProcessesListViewHandle) > 0
);
}
}
break;
case NM_DBLCLK:
{
if (header->hwndFrom == PhHiddenProcessesListViewHandle)
{
PPH_HIDDEN_PROCESS_ENTRY entry;
entry = PhGetSelectedListViewItemParam(PhHiddenProcessesListViewHandle);
if (entry)
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhpCreateProcessItemForHiddenProcess(entry))
{
ProcessHacker_ShowProcessProperties(PhMainWndHandle, processItem);
PhDereferenceObject(processItem);
}
else
{
PhShowError(hwndDlg, L"Unable to create a process structure for the selected process.");
}
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_CTLCOLORSTATIC:
{
if ((HWND)lParam == GetDlgItem(hwndDlg, IDC_DESCRIPTION))
{
if (NumberOfHiddenProcesses != 0)
{
SetTextColor((HDC)wParam, RGB(0xff, 0x00, 0x00));
}
SetBkColor((HDC)wParam, GetSysColor(COLOR_3DFACE));
return (INT_PTR)GetSysColorBrush(COLOR_3DFACE);
}
}
break;
}
REFLECT_MESSAGE_DLG(hwndDlg, PhHiddenProcessesListViewHandle, uMsg, wParam, lParam);
return FALSE;
}