VOID NotifyGrowl(
_In_ PPH_PLUGIN_NOTIFY_EVENT NotifyEvent
)
{
PSTR notification;
PPH_STRING title;
PPH_BYTES titleUtf8;
PPH_STRING message;
PPH_BYTES messageUtf8;
PPH_PROCESS_ITEM processItem;
PPH_SERVICE_ITEM serviceItem;
PPH_PROCESS_ITEM parentProcessItem;
if (NotifyEvent->Handled)
return;
switch (NotifyEvent->Type)
{
case PH_NOTIFY_PROCESS_CREATE:
processItem = NotifyEvent->Parameter;
notification = GrowlNotifications[0];
title = processItem->ProcessName;
parentProcessItem = PhReferenceProcessItemForParent(processItem);
message = PhaFormatString(
L"The process %s (%lu) was started by %s.",
processItem->ProcessName->Buffer,
HandleToUlong(processItem->ProcessId),
parentProcessItem ? parentProcessItem->ProcessName->Buffer : L"an unknown process"
);
if (parentProcessItem)
PhDereferenceObject(parentProcessItem);
break;
case PH_NOTIFY_PROCESS_DELETE:
processItem = NotifyEvent->Parameter;
notification = GrowlNotifications[1];
title = processItem->ProcessName;
message = PhaFormatString(L"The process %s (%lu) was terminated.",
processItem->ProcessName->Buffer,
HandleToUlong(processItem->ProcessId)
);
break;
case PH_NOTIFY_SERVICE_CREATE:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[2];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been created.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
case PH_NOTIFY_SERVICE_DELETE:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[3];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been deleted.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
case PH_NOTIFY_SERVICE_START:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[4];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been started.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
case PH_NOTIFY_SERVICE_STOP:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[5];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been stopped.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
default:
return;
}
titleUtf8 = PH_AUTO(PhConvertUtf16ToUtf8Ex(title->Buffer, title->Length));
messageUtf8 = PH_AUTO(PhConvertUtf16ToUtf8Ex(message->Buffer, message->Length));
RegisterGrowl(TRUE);
if (growl_tcp_notify("127.0.0.1", "Process Hacker", notification, titleUtf8->Buffer, messageUtf8->Buffer, NULL, NULL, NULL) == 0)
NotifyEvent->Handled = TRUE;
}
INT_PTR CALLBACK PhpProcessRecordDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
PPROCESS_RECORD_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PPROCESS_RECORD_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
else
{
context = (PPROCESS_RECORD_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (uMsg == WM_DESTROY)
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
PH_IMAGE_VERSION_INFO versionInfo;
BOOLEAN versionInfoInitialized;
PPH_STRING processNameString;
PPH_PROCESS_ITEM processItem;
if (!PH_IS_FAKE_PROCESS_ID(context->Record->ProcessId))
{
processNameString = PhaFormatString(L"%s (%u)",
context->Record->ProcessName->Buffer, (ULONG)context->Record->ProcessId);
}
else
{
processNameString = context->Record->ProcessName;
}
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
SetWindowText(hwndDlg, processNameString->Buffer);
SetDlgItemText(hwndDlg, IDC_PROCESSNAME, processNameString->Buffer);
if (processItem = PhReferenceProcessItemForRecord(context->Record))
{
PPH_PROCESS_ITEM parentProcess;
if (parentProcess = PhReferenceProcessItemForParent(
processItem->ParentProcessId,
processItem->ProcessId,
&processItem->CreateTime
))
{
CLIENT_ID clientId;
clientId.UniqueProcess = parentProcess->ProcessId;
clientId.UniqueThread = NULL;
SetDlgItemText(hwndDlg, IDC_PARENT,
((PPH_STRING)PHA_DEREFERENCE(PhGetClientIdNameEx(&clientId, parentProcess->ProcessName)))->Buffer);
PhDereferenceObject(parentProcess);
}
else
{
SetDlgItemText(hwndDlg, IDC_PARENT, PhaFormatString(L"Non-existent process (%u)",
(ULONG)context->Record->ParentProcessId)->Buffer);
}
PhDereferenceObject(processItem);
}
else
{
SetDlgItemText(hwndDlg, IDC_PARENT, PhaFormatString(L"Unknown process (%u)",
(ULONG)context->Record->ParentProcessId)->Buffer);
EnableWindow(GetDlgItem(hwndDlg, IDC_PROPERTIES), FALSE);
}
memset(&versionInfo, 0, sizeof(PH_IMAGE_VERSION_INFO));
versionInfoInitialized = FALSE;
if (context->Record->FileName)
{
if (PhInitializeImageVersionInfo(&versionInfo, context->Record->FileName->Buffer))
versionInfoInitialized = TRUE;
}
context->FileIcon = PhGetFileShellIcon(PhGetString(context->Record->FileName), L".exe", TRUE);
SendMessage(GetDlgItem(hwndDlg, IDC_OPENFILENAME), BM_SETIMAGE, IMAGE_BITMAP,
(LPARAM)PH_LOAD_SHARED_IMAGE(MAKEINTRESOURCE(IDB_FOLDER), IMAGE_BITMAP));
SendMessage(GetDlgItem(hwndDlg, IDC_FILEICON), STM_SETICON,
(WPARAM)context->FileIcon, 0);
SetDlgItemText(hwndDlg, IDC_NAME, PhpGetStringOrNa(versionInfo.FileDescription));
SetDlgItemText(hwndDlg, IDC_COMPANYNAME, PhpGetStringOrNa(versionInfo.CompanyName));
SetDlgItemText(hwndDlg, IDC_VERSION, PhpGetStringOrNa(versionInfo.FileVersion));
SetDlgItemText(hwndDlg, IDC_FILENAME, PhpGetStringOrNa(context->Record->FileName));
if (versionInfoInitialized)
PhDeleteImageVersionInfo(&versionInfo);
if (!context->Record->FileName)
EnableWindow(GetDlgItem(hwndDlg, IDC_OPENFILENAME), FALSE);
SetDlgItemText(hwndDlg, IDC_CMDLINE, PhpGetStringOrNa(context->Record->CommandLine));
if (context->Record->CreateTime.QuadPart != 0)
SetDlgItemText(hwndDlg, IDC_STARTED, PhapGetRelativeTimeString(&context->Record->CreateTime)->Buffer);
else
SetDlgItemText(hwndDlg, IDC_STARTED, L"N/A");
if (context->Record->ExitTime.QuadPart != 0)
SetDlgItemText(hwndDlg, IDC_TERMINATED, PhapGetRelativeTimeString(&context->Record->ExitTime)->Buffer);
else
SetDlgItemText(hwndDlg, IDC_TERMINATED, L"N/A");
SetDlgItemInt(hwndDlg, IDC_SESSIONID, context->Record->SessionId, FALSE);
}
break;
case WM_DESTROY:
{
if (context->FileIcon)
DestroyIcon(context->FileIcon);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
{
EndDialog(hwndDlg, IDOK);
}
break;
case IDC_OPENFILENAME:
{
if (context->Record->FileName)
PhShellExploreFile(hwndDlg, context->Record->FileName->Buffer);
}
break;
case IDC_PROPERTIES:
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItemForRecord(context->Record))
{
ProcessHacker_ShowProcessProperties(PhMainWndHandle, processItem);
PhDereferenceObject(processItem);
}
else
{
PhShowError(hwndDlg, L"The process has already terminated; only the process record is available.");
}
}
break;
}
}
break;
}
return FALSE;
}
