BOOLEAN NetworkTreeFilterCallback(
_In_ PPH_TREENEW_NODE Node,
_In_opt_ PVOID Context
)
{
PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node;
PPH_STRING processNameText;
if (PhIsNullOrEmptyString(SearchboxText))
return TRUE;
// TODO: We need export the PPH_NETWORK_NODE->ProcessNameText field to search
// waiting/unknown network connections... For now just replicate the data here.
processNameText = PhpNetworkTreeGetNetworkItemProcessName(networkNode->NetworkItem);
if (!PhIsNullOrEmptyString(processNameText))
{
if (WordMatchStringRef(&processNameText->sr))
return TRUE;
}
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->ProcessName))
{
if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr))
return TRUE;
}
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->OwnerName))
{
if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr))
return TRUE;
}
if (networkNode->NetworkItem->LocalAddressString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString))
return TRUE;
}
if (networkNode->NetworkItem->LocalPortString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString))
return TRUE;
}
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->LocalHostString))
{
if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr))
return TRUE;
}
if (networkNode->NetworkItem->RemoteAddressString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString))
return TRUE;
}
if (networkNode->NetworkItem->RemotePortString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString))
return TRUE;
}
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->RemoteHostString))
{
if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr))
return TRUE;
}
if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType)))
return TRUE;
if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) &&
WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State)))
return TRUE;
if (networkNode->NetworkItem->ProcessId)
{
PPH_PROCESS_NODE processNode;
WCHAR processIdString[PH_INT32_STR_LEN_1];
PhPrintUInt32(processIdString, HandleToUlong(networkNode->NetworkItem->ProcessId));
if (WordMatchStringZ(processIdString))
return TRUE;
// Search the process node
if (processNode = PhFindProcessNode(networkNode->NetworkItem->ProcessId))
{
if (ProcessTreeFilterCallback(&processNode->Node, NULL))
return TRUE;
}
}
return FALSE;
}
BOOLEAN NetworkTreeFilterCallback(
_In_ PPH_TREENEW_NODE Node,
_In_opt_ PVOID Context
)
{
PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node;
if (PhIsNullOrEmptyString(SearchboxText))
return TRUE;
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->ProcessName))
{
if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr))
return TRUE;
}
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->OwnerName))
{
if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr))
return TRUE;
}
if (networkNode->NetworkItem->LocalAddressString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString))
return TRUE;
}
if (networkNode->NetworkItem->LocalPortString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString))
return TRUE;
}
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->LocalHostString))
{
if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr))
return TRUE;
}
if (networkNode->NetworkItem->RemoteAddressString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString))
return TRUE;
}
if (networkNode->NetworkItem->RemotePortString[0])
{
if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString))
return TRUE;
}
if (!PhIsNullOrEmptyString(networkNode->NetworkItem->RemoteHostString))
{
if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr))
return TRUE;
}
if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType)))
return TRUE;
if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) &&
WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State)))
return TRUE;
if (networkNode->NetworkItem->ProcessId)
{
PPH_PROCESS_NODE processNode;
WCHAR processIdString[PH_INT32_STR_LEN_1];
PhPrintUInt32(processIdString, HandleToUlong(networkNode->NetworkItem->ProcessId));
if (WordMatchStringZ(processIdString))
return TRUE;
// Search the process node
if (processNode = PhFindProcessNode(networkNode->NetworkItem->ProcessId))
{
if (ProcessTreeFilterCallback(&processNode->Node, NULL))
return TRUE;
}
}
return FALSE;
}
BOOLEAN ServiceTreeFilterCallback(
_In_ PPH_TREENEW_NODE Node,
_In_opt_ PVOID Context
)
{
PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node;
PPH_STRING serviceFileName = NULL;
PPH_STRING serviceBinaryPath = NULL;
if (PhIsNullOrEmptyString(SearchboxText))
return TRUE;
if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type)))
return TRUE;
if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State)))
return TRUE;
if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType)))
return TRUE;
if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl)))
return TRUE;
if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->Name))
{
if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr))
return TRUE;
}
if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->DisplayName))
{
if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr))
return TRUE;
}
if (serviceNode->ServiceItem->ProcessId)
{
PPH_PROCESS_NODE processNode;
if (WordMatchStringZ(serviceNode->ServiceItem->ProcessIdString))
return TRUE;
// Search the process node
if (processNode = PhFindProcessNode(serviceNode->ServiceItem->ProcessId))
{
if (ProcessTreeFilterCallback(&processNode->Node, NULL))
return TRUE;
}
}
if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->VerifySignerName))
{
if (WordMatchStringRef(&serviceNode->ServiceItem->VerifySignerName->sr))
return TRUE;
}
if (serviceNode->ServiceItem->VerifyResult != VrUnknown)
{
switch (serviceNode->ServiceItem->VerifyResult)
{
case VrNoSignature:
if (WordMatchStringZ(L"NoSignature"))
return TRUE;
break;
case VrTrusted:
if (WordMatchStringZ(L"Trusted"))
return TRUE;
break;
case VrExpired:
if (WordMatchStringZ(L"Expired"))
return TRUE;
break;
case VrRevoked:
if (WordMatchStringZ(L"Revoked"))
return TRUE;
break;
case VrDistrust:
if (WordMatchStringZ(L"Distrust"))
return TRUE;
break;
case VrSecuritySettings:
if (WordMatchStringZ(L"SecuritySettings"))
return TRUE;
break;
case VrBadSignature:
if (WordMatchStringZ(L"BadSignature"))
return TRUE;
break;
default:
if (WordMatchStringZ(L"Unknown"))
return TRUE;
break;
}
}
if (NT_SUCCESS(QueryServiceFileName(
&serviceNode->ServiceItem->Name->sr,
&serviceFileName,
&serviceBinaryPath
)))
{
BOOLEAN matched = FALSE;
if (serviceFileName)
{
if (WordMatchStringRef(&serviceFileName->sr))
{
matched = TRUE;
}
PhDereferenceObject(serviceFileName);
}
if (serviceBinaryPath)
{
if (WordMatchStringRef(&serviceBinaryPath->sr))
{
matched = TRUE;
}
PhDereferenceObject(serviceBinaryPath);
}
if (matched)
return TRUE;
}
return FALSE;
}
BOOLEAN ServiceTreeFilterCallback(
_In_ PPH_TREENEW_NODE Node,
_In_opt_ PVOID Context
)
{
PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node;
PPH_STRING serviceFileName = NULL;
PPH_STRING serviceBinaryPath = NULL;
if (PhIsNullOrEmptyString(SearchboxText))
return TRUE;
if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type)))
return TRUE;
if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State)))
return TRUE;
if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType)))
return TRUE;
if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl)))
return TRUE;
if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->Name))
{
if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr))
return TRUE;
}
if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->DisplayName))
{
if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr))
return TRUE;
}
if (serviceNode->ServiceItem->ProcessId)
{
PPH_PROCESS_NODE processNode;
WCHAR processIdString[PH_INT32_STR_LEN_1];
PhPrintUInt32(processIdString, HandleToUlong(serviceNode->ServiceItem->ProcessId));
if (WordMatchStringZ(processIdString))
return TRUE;
// Search the process node
if (processNode = PhFindProcessNode(serviceNode->ServiceItem->ProcessId))
{
if (ProcessTreeFilterCallback(&processNode->Node, NULL))
return TRUE;
}
}
if (NT_SUCCESS(QueryServiceFileName(
&serviceNode->ServiceItem->Name->sr,
&serviceFileName,
&serviceBinaryPath
)))
{
BOOLEAN matched = FALSE;
if (serviceFileName)
{
if (WordMatchStringRef(&serviceFileName->sr))
{
matched = TRUE;
}
PhDereferenceObject(serviceFileName);
}
if (serviceBinaryPath)
{
if (WordMatchStringRef(&serviceBinaryPath->sr))
{
matched = TRUE;
}
PhDereferenceObject(serviceBinaryPath);
}
if (matched)
return TRUE;
}
return FALSE;
}
