VOID LoadEulaText(
_In_ HWND WindowHandle
)
{
HRSRC resourceHandle;
HGLOBAL resourceData;
PVOID resourceBuffer;
resourceHandle = FindResource(PhLibImageBase, MAKEINTRESOURCE(IDR_TXT1), L"TXT");
if (resourceHandle)
{
resourceData = LoadResource(PhLibImageBase, resourceHandle);
if (resourceData)
{
resourceBuffer = LockResource(resourceData);
if (resourceBuffer)
{
PPH_STRING eulaTextString = PhConvertMultiByteToUtf16(resourceBuffer);
SetWindowText(GetDlgItem(WindowHandle, IDC_EDIT1), eulaTextString->Buffer);
PhDereferenceObject(eulaTextString);
}
}
FreeResource(resourceHandle);
}
}
NTSTATUS PhSipLoadMmAddresses(
_In_ PVOID Parameter
)
{
PRTL_PROCESS_MODULES kernelModules;
PPH_SYMBOL_PROVIDER symbolProvider;
PPH_STRING kernelFileName;
PPH_STRING newFileName;
PH_SYMBOL_INFORMATION symbolInfo;
if (NT_SUCCESS(PhEnumKernelModules(&kernelModules)))
{
if (kernelModules->NumberOfModules >= 1)
{
symbolProvider = PhCreateSymbolProvider(NULL);
PhLoadSymbolProviderOptions(symbolProvider);
kernelFileName = PH_AUTO(PhConvertMultiByteToUtf16(kernelModules->Modules[0].FullPathName));
newFileName = PH_AUTO(PhGetFileName(kernelFileName));
PhLoadModuleSymbolProvider(
symbolProvider,
newFileName->Buffer,
(ULONG64)kernelModules->Modules[0].ImageBase,
kernelModules->Modules[0].ImageSize
);
if (PhGetSymbolFromName(
symbolProvider,
L"MmSizeOfPagedPoolInBytes",
&symbolInfo
))
{
MmSizeOfPagedPoolInBytes = (PSIZE_T)symbolInfo.Address;
}
if (PhGetSymbolFromName(
symbolProvider,
L"MmMaximumNonPagedPoolInBytes",
&symbolInfo
))
{
MmMaximumNonPagedPoolInBytes = (PSIZE_T)symbolInfo.Address;
}
PhDereferenceObject(symbolProvider);
}
PhFree(kernelModules);
}
return STATUS_SUCCESS;
}
static VOID AddNetworkAdapterToListView(
_In_ PDV_NETADAPTER_CONTEXT Context,
_In_ PIP_ADAPTER_ADDRESSES Adapter
)
{
DV_NETADAPTER_ID adapterId;
INT lvItemIndex;
BOOLEAN found = FALSE;
PDV_NETADAPTER_ID newId = NULL;
InitializeNetAdapterId(&adapterId, Adapter->IfIndex, Adapter->Luid, NULL);
for (ULONG i = 0; i < NetworkAdaptersList->Count; i++)
{
PDV_NETADAPTER_ENTRY entry = PhReferenceObjectSafe(NetworkAdaptersList->Items[i]);
if (!entry)
continue;
if (EquivalentNetAdapterId(&entry->Id, &adapterId))
{
newId = PhAllocate(sizeof(DV_NETADAPTER_ID));
CopyNetAdapterId(newId, &entry->Id);
found = TRUE;
}
PhDereferenceObjectDeferDelete(entry);
if (newId)
break;
}
if (!newId)
{
newId = PhAllocate(sizeof(DV_NETADAPTER_ID));
CopyNetAdapterId(newId, &adapterId);
PhMoveReference(&newId->InterfaceGuid, PhConvertMultiByteToUtf16(Adapter->AdapterName));
}
lvItemIndex = PhAddListViewItem(
Context->ListViewHandle,
MAXINT,
Adapter->Description,
newId
);
if (found)
ListView_SetItemState(Context->ListViewHandle, lvItemIndex, ITEM_CHECKED, LVIS_STATEIMAGEMASK);
DeleteNetAdapterId(&adapterId);
}
PPH_STRING NvGpuQueryShortName(VOID)
{
if (NvAPI_GPU_GetShortName)
{
NvAPI_ShortString nvShortNameAnsiString = "";
if (NvAPI_GPU_GetShortName(NvGpuPhysicalHandleList->Items[0], nvShortNameAnsiString) == NVAPI_OK)
{
return PhConvertMultiByteToUtf16(nvShortNameAnsiString);
}
}
return PhCreateString(L"N/A");
}
PPH_STRING NvGpuQueryVbiosVersionString(VOID)
{
if (NvAPI_GPU_GetVbiosVersionString)
{
NvAPI_ShortString biosRevision = "";
if (NvAPI_GPU_GetVbiosVersionString(NvGpuPhysicalHandleList->Items[0], biosRevision) == NVAPI_OK)
{
return PhConvertMultiByteToUtf16(biosRevision);
}
}
return PhCreateString(L"N/A");
}
BOOLEAN NvGpuDriverIsWHQL(VOID)
{
BOOLEAN nvGpuDriverIsWHQL = FALSE;
HANDLE keyHandle = NULL;
HANDLE keyServiceHandle = NULL;
PWSTR deviceInterfaceList = NULL;
ULONG deviceInterfaceListLength = 0;
PWSTR deviceInterface;
PPH_STRING keyPath = NULL;
PPH_STRING matchingDeviceIdString;
PPH_STRING keyServicePath;
NvAPI_LongString nvNameAnsiString = "";
if (!NvAPI_GetDisplayDriverRegistryPath)
goto CleanupExit;
if (NvAPI_GetDisplayDriverRegistryPath(NvGpuDisplayHandleList->Items[0], nvNameAnsiString) != NVAPI_OK)
goto CleanupExit;
keyPath = PhConvertMultiByteToUtf16(nvNameAnsiString);
if (!NT_SUCCESS(PhOpenKey(
&keyHandle,
KEY_READ,
PH_KEY_LOCAL_MACHINE,
&keyPath->sr,
0
)))
{
goto CleanupExit;
}
matchingDeviceIdString = PhQueryRegistryString(keyHandle, L"MatchingDeviceId");
//keySettingsPath = PhConcatStrings2(keyPath->Buffer, L"\\VolatileSettings");
//if (NT_SUCCESS(PhOpenKey(
// &keySettingsHandle,
// KEY_READ,
// PH_KEY_LOCAL_MACHINE,
// &keySettingsPath->sr,
// 0
// )))
//{
// GUID settingsKey = GUID_DEVINTERFACE_DISPLAY_ADAPTER;
// PPH_STRING guidString = PhFormatGuid(&settingsKey);
//
// ULONG dwType = REG_BINARY;
// LONG length = DOS_MAX_PATH_LENGTH;
//
// if (RegQueryValueEx(
// keySettingsHandle,
// guidString->Buffer,
// 0,
// &dwType,
// (PBYTE)displayInstancePath,
// &length
// ) != ERROR_SUCCESS)
// {
// //__leave;
// }
//
// NtClose(keySettingsHandle);
// PhDereferenceObject(guidString);
//}
if (CM_Get_Device_Interface_List_Size(
&deviceInterfaceListLength,
(PGUID)&GUID_DEVINTERFACE_DISPLAY_ADAPTER,
NULL,
CM_GET_DEVICE_INTERFACE_LIST_PRESENT
) != CR_SUCCESS)
{
return FALSE;
}
deviceInterfaceList = PhAllocate(deviceInterfaceListLength * sizeof(WCHAR));
memset(deviceInterfaceList, 0, deviceInterfaceListLength * sizeof(WCHAR));
if (CM_Get_Device_Interface_List(
(PGUID)&GUID_DEVINTERFACE_DISPLAY_ADAPTER,
NULL,
deviceInterfaceList,
deviceInterfaceListLength,
CM_GET_DEVICE_INTERFACE_LIST_PRESENT
) != CR_SUCCESS)
{
PhFree(deviceInterfaceList);
return FALSE;
}
for (deviceInterface = deviceInterfaceList; *deviceInterface; deviceInterface += PhCountStringZ(deviceInterface) + 1)
{
CONFIGRET result;
PPH_STRING string;
ULONG bufferSize;
DEVPROPTYPE devicePropertyType;
DEVINST deviceInstanceHandle;
ULONG deviceInstanceIdLength = MAX_DEVICE_ID_LEN;
WCHAR deviceInstanceId[MAX_DEVICE_ID_LEN];
if (CM_Get_Device_Interface_Property(
deviceInterface,
&DEVPKEY_Device_InstanceId,
&devicePropertyType,
(PBYTE)deviceInstanceId,
&deviceInstanceIdLength,
0
) != CR_SUCCESS)
{
continue;
}
if (CM_Locate_DevNode(&deviceInstanceHandle, deviceInstanceId, CM_LOCATE_DEVNODE_NORMAL)!= CR_SUCCESS)
continue;
bufferSize = 0x40;
string = PhCreateStringEx(NULL, bufferSize);
if ((result = CM_Get_DevNode_Property(
deviceInstanceHandle,
&DEVPKEY_Device_MatchingDeviceId,
&devicePropertyType,
(PBYTE)string->Buffer,
&bufferSize,
0
)) != CR_SUCCESS)
{
PhDereferenceObject(string);
string = PhCreateStringEx(NULL, bufferSize);
result = CM_Get_DevNode_Property(
deviceInstanceHandle,
&DEVPKEY_Device_MatchingDeviceId,
&devicePropertyType,
(PBYTE)string->Buffer,
&bufferSize,
0
);
}
if (result != CR_SUCCESS)
{
PhDereferenceObject(string);
continue;
}
PhTrimToNullTerminatorString(string);
if (!PhEqualString(string, matchingDeviceIdString, TRUE))
{
PhDereferenceObject(string);
continue;
}
bufferSize = 0x40;
PhDereferenceObject(string);
string = PhCreateStringEx(NULL, bufferSize);
if ((result = CM_Get_DevNode_Property(
deviceInstanceHandle,
&DEVPKEY_Device_Service,
&devicePropertyType,
(PBYTE)string->Buffer,
&bufferSize,
0
)) != CR_SUCCESS)
{
PhDereferenceObject(string);
string = PhCreateStringEx(NULL, bufferSize);
result = CM_Get_DevNode_Property(
deviceInstanceHandle,
&DEVPKEY_Device_Service,
&devicePropertyType,
(PBYTE)string->Buffer,
&bufferSize,
0
);
}
if (result != CR_SUCCESS)
{
PhDereferenceObject(string);
continue;
}
keyServicePath = PhConcatStrings2(L"System\\CurrentControlSet\\Services\\", string->Buffer);
if (NT_SUCCESS(PhOpenKey(
&keyServiceHandle,
KEY_READ,
PH_KEY_LOCAL_MACHINE,
&keyServicePath->sr,
0
)))
{
PPH_STRING driverNtPathString;
PPH_STRING driverDosPathString = NULL;
if (driverNtPathString = PhQueryRegistryString(keyServiceHandle, L"ImagePath"))
{
driverDosPathString = PhGetFileName(driverNtPathString);
PhDereferenceObject(driverNtPathString);
}
if (driverDosPathString)
{
PPH_STRING fileSignerName = NULL;
//PH_MAPPED_IMAGE fileMappedImage;
//
//if (NT_SUCCESS(PhLoadMappedImage(driverDosPathString->Buffer, NULL, TRUE, &fileMappedImage)))
//{
// LARGE_INTEGER time;
// SYSTEMTIME systemTime;
// PPH_STRING string;
//
// RtlSecondsSince1970ToTime(fileMappedImage.NtHeaders->FileHeader.TimeDateStamp, &time);
// PhLargeIntegerToLocalSystemTime(&systemTime, &time);
//
// string = PhFormatDateTime(&systemTime);
// //SetDlgItemText(hwndDlg, IDC_TIMESTAMP, string->Buffer);
// PhDereferenceObject(string);
//
// PhUnloadMappedImage(&fileMappedImage);
//}
if (PhVerifyFile(driverDosPathString->Buffer, &fileSignerName) == VrTrusted)
{
//if (PhEqualString2(fileSignerName, L"Microsoft Windows Hardware Compatibility Publisher", TRUE))
nvGpuDriverIsWHQL = TRUE;
}
if (fileSignerName)
PhDereferenceObject(fileSignerName);
PhDereferenceObject(driverDosPathString);
}
NtClose(keyServiceHandle);
}
}
CleanupExit:
if (keyHandle)
{
NtClose(keyHandle);
}
if (deviceInterfaceList)
{
PhFree(deviceInterfaceList);
}
if (keyPath)
{
PhDereferenceObject(keyPath);
}
return nvGpuDriverIsWHQL;
}
PPH_STRING NvGpuQueryDriverSettings(VOID)
{
if (NvAPI_GetDisplayDriverRegistryPath)
{
NvAPI_LongString nvKeyPathAnsiString = "";
if (NvAPI_GetDisplayDriverRegistryPath(NvGpuDisplayHandleList->Items[0], nvKeyPathAnsiString) == NVAPI_OK)
{
HANDLE keyHandle;
PPH_STRING keyPath;
keyPath = PhConvertMultiByteToUtf16(nvKeyPathAnsiString);
if (NT_SUCCESS(PhOpenKey(
&keyHandle,
KEY_READ,
PH_KEY_LOCAL_MACHINE,
&keyPath->sr,
0
)))
{
PPH_STRING driverDateString = NULL;// PhQueryRegistryString(keyHandle, L"DriverDate");
PPH_STRING driverVersionString = PhQueryRegistryString(keyHandle, L"DriverVersion");
UNICODE_STRING valueName;
PKEY_VALUE_PARTIAL_INFORMATION buffer = NULL;
ULONG bufferSize;
RtlInitUnicodeString(&valueName, L"DriverDateData");
if (NtQueryValueKey(
keyHandle,
&valueName,
KeyValuePartialInformation,
NULL,
0,
&bufferSize
) == STATUS_BUFFER_TOO_SMALL)
{
buffer = PhAllocate(bufferSize);
if (NT_SUCCESS(NtQueryValueKey(
keyHandle,
&valueName,
KeyValuePartialInformation,
buffer,
bufferSize,
&bufferSize
)))
{
if (buffer->Type == REG_BINARY && buffer->DataLength == sizeof(FILETIME))
{
SYSTEMTIME systemTime;
SYSTEMTIME localTime;
FileTimeToSystemTime((CONST FILETIME*)buffer->Data, &systemTime);
SystemTimeToTzSpecificLocalTime(NULL, &systemTime, &localTime);
driverDateString = PhFormatDate(&localTime, NULL);
}
}
PhFree(buffer);
}
NtClose(keyHandle);
PhDereferenceObject(keyPath);
PhAutoDereferenceObject(driverVersionString);
if (driverDateString)
{
PhAutoDereferenceObject(driverDateString);
return PhFormatString(L"%s [%s]", driverVersionString->Buffer, driverDateString->Buffer);
}
else
{
return PhFormatString(L"%s", driverVersionString->Buffer);
}
}
PhDereferenceObject(keyPath);
}
}
return PhCreateString(L"N/A");
}
BOOLEAN DiskDriveQueryDeviceInformation(
_In_ HANDLE DeviceHandle,
_Out_opt_ PPH_STRING* DiskVendor,
_Out_opt_ PPH_STRING* DiskModel,
_Out_opt_ PPH_STRING* DiskRevision,
_Out_opt_ PPH_STRING* DiskSerial
)
{
static PH_STRINGREF whitespace = PH_STRINGREF_INIT(L" ");
ULONG bufferLength;
IO_STATUS_BLOCK isb;
STORAGE_PROPERTY_QUERY query;
PSTORAGE_DESCRIPTOR_HEADER buffer = NULL;
query.QueryType = PropertyStandardQuery;
query.PropertyId = StorageDeviceProperty;
bufferLength = sizeof(STORAGE_DESCRIPTOR_HEADER);
buffer = PhAllocate(bufferLength);
memset(buffer, 0, bufferLength);
if (!NT_SUCCESS(NtDeviceIoControlFile(
DeviceHandle,
NULL,
NULL,
NULL,
&isb,
IOCTL_STORAGE_QUERY_PROPERTY, // https://msdn.microsoft.com/en-us/library/ff800830.aspx
&query,
sizeof(query),
buffer,
bufferLength
)))
{
PhFree(buffer);
return FALSE;
}
bufferLength = buffer->Size;
buffer = PhReAllocate(buffer, bufferLength);
memset(buffer, 0, bufferLength);
if (!NT_SUCCESS(NtDeviceIoControlFile(
DeviceHandle,
NULL,
NULL,
NULL,
&isb,
IOCTL_STORAGE_QUERY_PROPERTY,
&query,
sizeof(query),
buffer,
bufferLength
)))
{
PhFree(buffer);
return FALSE;
}
PSTORAGE_DEVICE_DESCRIPTOR storageDescriptor = (PSTORAGE_DEVICE_DESCRIPTOR)buffer;
if (DiskVendor && storageDescriptor->VendorIdOffset != 0)
{
PPH_STRING diskVendor;
diskVendor = PhConvertMultiByteToUtf16((PBYTE)storageDescriptor + storageDescriptor->VendorIdOffset);
PhTrimStringRef(&diskVendor->sr, &whitespace, 0);
*DiskVendor = diskVendor;
}
if (DiskModel && storageDescriptor->ProductIdOffset != 0)
{
PPH_STRING diskModel;
diskModel = PhConvertMultiByteToUtf16((PBYTE)storageDescriptor + storageDescriptor->ProductIdOffset);
PhTrimStringRef(&diskModel->sr, &whitespace, 0);
*DiskModel = diskModel;
}
if (DiskRevision && storageDescriptor->ProductRevisionOffset != 0)
{
PPH_STRING diskRevision;
diskRevision = PhConvertMultiByteToUtf16((PBYTE)storageDescriptor + storageDescriptor->ProductRevisionOffset);
PhTrimStringRef(&diskRevision->sr, &whitespace, 0);
*DiskRevision = diskRevision;
}
if (DiskSerial && storageDescriptor->SerialNumberOffset != 0)
{
PPH_STRING diskSerial;
diskSerial = PhConvertMultiByteToUtf16((PBYTE)storageDescriptor + storageDescriptor->SerialNumberOffset);
PhTrimStringRef(&diskSerial->sr, &whitespace, 0);
*DiskSerial = diskSerial;
}
if (buffer)
{
PhFree(buffer);
}
return TRUE;
}
VOID PhLoadSymbolsThreadProvider(
_In_ PPH_THREAD_PROVIDER ThreadProvider
)
{
PH_THREAD_SYMBOL_LOAD_CONTEXT loadContext;
ULONG64 runId;
loadContext.ThreadProvider = ThreadProvider;
loadContext.SymbolProvider = ThreadProvider->SymbolProvider;
PhAcquireQueuedLockExclusive(&ThreadProvider->LoadSymbolsLock);
runId = ThreadProvider->RunId;
PhLoadSymbolProviderOptions(ThreadProvider->SymbolProvider);
if (ThreadProvider->ProcessId != SYSTEM_IDLE_PROCESS_ID)
{
if (ThreadProvider->SymbolProvider->IsRealHandle ||
ThreadProvider->ProcessId == SYSTEM_PROCESS_ID)
{
loadContext.ProcessId = ThreadProvider->ProcessId;
PhEnumGenericModules(
ThreadProvider->ProcessId,
ThreadProvider->SymbolProvider->ProcessHandle,
0,
LoadSymbolsEnumGenericModulesCallback,
&loadContext
);
}
else
{
// We can't enumerate the process modules. Load
// symbols for ntdll.dll and kernel32.dll.
loadContext.ProcessId = NtCurrentProcessId();
PhEnumGenericModules(
NtCurrentProcessId(),
NtCurrentProcess(),
0,
LoadBasicSymbolsEnumGenericModulesCallback,
&loadContext
);
}
// Load kernel module symbols as well.
if (ThreadProvider->ProcessId != SYSTEM_PROCESS_ID)
{
loadContext.ProcessId = SYSTEM_PROCESS_ID;
PhEnumGenericModules(
SYSTEM_PROCESS_ID,
NULL,
0,
LoadSymbolsEnumGenericModulesCallback,
&loadContext
);
}
}
else
{
// System Idle Process has one thread for each CPU,
// each having a start address at KiIdleLoop. We
// need to load symbols for the kernel.
PRTL_PROCESS_MODULES kernelModules;
if (NT_SUCCESS(PhEnumKernelModules(&kernelModules)))
{
if (kernelModules->NumberOfModules > 0)
{
PPH_STRING fileName;
PPH_STRING newFileName;
fileName = PhConvertMultiByteToUtf16(kernelModules->Modules[0].FullPathName);
newFileName = PhGetFileName(fileName);
PhDereferenceObject(fileName);
PhLoadModuleSymbolProvider(
ThreadProvider->SymbolProvider,
newFileName->Buffer,
(ULONG64)kernelModules->Modules[0].ImageBase,
kernelModules->Modules[0].ImageSize
);
PhDereferenceObject(newFileName);
}
PhFree(kernelModules);
}
}
ThreadProvider->SymbolsLoadedRunId = runId;
PhReleaseQueuedLockExclusive(&ThreadProvider->LoadSymbolsLock);
}
VOID FindNetworkAdapters(
_In_ PDV_NETADAPTER_CONTEXT Context
)
{
if (Context->UseAlternateMethod)
{
ULONG flags = GAA_FLAG_SKIP_UNICAST | GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_DNS_SERVER | GAA_FLAG_INCLUDE_ALL_INTERFACES;
ULONG bufferLength = 0;
PVOID buffer;
if (GetAdaptersAddresses(AF_UNSPEC, flags, NULL, NULL, &bufferLength) != ERROR_BUFFER_OVERFLOW)
return;
buffer = PhAllocate(bufferLength);
memset(buffer, 0, bufferLength);
if (GetAdaptersAddresses(AF_UNSPEC, flags, NULL, buffer, &bufferLength) == ERROR_SUCCESS)
{
PhAcquireQueuedLockShared(&NetworkAdaptersListLock);
for (PIP_ADAPTER_ADDRESSES i = buffer; i; i = i->Next)
{
PPH_STRING description;
if (description = PhCreateString(i->Description))
{
AddNetworkAdapterToListView(
Context,
TRUE,
i->IfIndex,
i->Luid,
PhConvertMultiByteToUtf16(i->AdapterName),
description
);
PhDereferenceObject(description);
}
}
PhReleaseQueuedLockShared(&NetworkAdaptersListLock);
}
PhFree(buffer);
}
else
{
static PH_STRINGREF devicePathSr = PH_STRINGREF_INIT(L"\\\\.\\");
PPH_LIST deviceList;
PWSTR deviceInterfaceList;
ULONG deviceInterfaceListLength = 0;
PWSTR deviceInterface;
if (CM_Get_Device_Interface_List_Size(
&deviceInterfaceListLength,
(PGUID)&GUID_DEVINTERFACE_NET,
NULL,
CM_GET_DEVICE_INTERFACE_LIST_ALL_DEVICES
) != CR_SUCCESS)
{
return;
}
deviceInterfaceList = PhAllocate(deviceInterfaceListLength * sizeof(WCHAR));
memset(deviceInterfaceList, 0, deviceInterfaceListLength * sizeof(WCHAR));
if (CM_Get_Device_Interface_List(
(PGUID)&GUID_DEVINTERFACE_NET,
NULL,
deviceInterfaceList,
deviceInterfaceListLength,
CM_GET_DEVICE_INTERFACE_LIST_ALL_DEVICES
) != CR_SUCCESS)
{
PhFree(deviceInterfaceList);
return;
}
deviceList = PH_AUTO(PhCreateList(1));
for (deviceInterface = deviceInterfaceList; *deviceInterface; deviceInterface += PhCountStringZ(deviceInterface) + 1)
{
HKEY keyHandle;
DEVINST deviceInstanceHandle;
PPH_STRING deviceDescription = NULL;
if (!QueryNetworkDeviceInterfaceDescription(deviceInterface, &deviceInstanceHandle, &deviceDescription))
continue;
if (CM_Open_DevInst_Key(
deviceInstanceHandle,
KEY_QUERY_VALUE,
0,
RegDisposition_OpenExisting,
&keyHandle,
CM_REGISTRY_SOFTWARE
) == CR_SUCCESS)
{
PNET_ENUM_ENTRY adapterEntry;
HANDLE deviceHandle;
adapterEntry = PhAllocate(sizeof(NET_ENUM_ENTRY));
memset(adapterEntry, 0, sizeof(NET_ENUM_ENTRY));
adapterEntry->DeviceGuid = PhQueryRegistryString(keyHandle, L"NetCfgInstanceId");
adapterEntry->DeviceInterface = PhConcatStringRef2(&devicePathSr, &adapterEntry->DeviceGuid->sr);
adapterEntry->DeviceLuid.Info.IfType = PhQueryRegistryUlong64(keyHandle, L"*IfType");
adapterEntry->DeviceLuid.Info.NetLuidIndex = PhQueryRegistryUlong64(keyHandle, L"NetLuidIndex");
if (NT_SUCCESS(PhCreateFileWin32(
&deviceHandle,
PhGetString(adapterEntry->DeviceInterface),
FILE_GENERIC_READ,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
)))
{
PPH_STRING adapterName;
// Try query the full adapter name
adapterName = NetworkAdapterQueryName(deviceHandle, adapterEntry->DeviceGuid);
if (adapterName)
adapterEntry->DeviceName = adapterName;
adapterEntry->DevicePresent = TRUE;
NtClose(deviceHandle);
}
if (!adapterEntry->DeviceName)
adapterEntry->DeviceName = PhCreateString2(&deviceDescription->sr);
PhAddItemList(deviceList, adapterEntry);
NtClose(keyHandle);
}
PhClearReference(&deviceDescription);
}
// Cleanup.
PhFree(deviceInterfaceList);
// Sort the entries
qsort(deviceList->Items, deviceList->Count, sizeof(PVOID), AdapterEntryCompareFunction);
PhAcquireQueuedLockShared(&NetworkAdaptersListLock);
for (ULONG i = 0; i < deviceList->Count; i++)
{
PNET_ENUM_ENTRY entry = deviceList->Items[i];
AddNetworkAdapterToListView(
Context,
entry->DevicePresent,
0,
entry->DeviceLuid,
entry->DeviceGuid,
entry->DeviceName
);
if (entry->DeviceName)
PhDereferenceObject(entry->DeviceName);
if (entry->DeviceInterface)
PhDereferenceObject(entry->DeviceInterface);
// Note: DeviceGuid is disposed by WM_DESTROY.
PhFree(entry);
}
PhReleaseQueuedLockShared(&NetworkAdaptersListLock);
}
// HACK: Show all unknown devices.
PhAcquireQueuedLockShared(&NetworkAdaptersListLock);
for (ULONG i = 0; i < NetworkAdaptersList->Count; i++)
{
ULONG index = ULONG_MAX;
BOOLEAN found = FALSE;
PDV_NETADAPTER_ENTRY entry = PhReferenceObjectSafe(NetworkAdaptersList->Items[i]);
if (!entry)
continue;
while ((index = PhFindListViewItemByFlags(
Context->ListViewHandle,
index,
LVNI_ALL
)) != ULONG_MAX)
{
PDV_NETADAPTER_ID param;
if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m))
{
if (EquivalentNetAdapterId(param, &entry->AdapterId))
{
found = TRUE;
}
}
}
if (!found)
{
PPH_STRING description;
MIB_IF_ROW2 interfaceRow;
memset(&interfaceRow, 0, sizeof(MIB_IF_ROW2));
interfaceRow.InterfaceLuid = entry->AdapterId.InterfaceLuid;
interfaceRow.InterfaceIndex = entry->AdapterId.InterfaceIndex;
// HACK: Try query the description from the interface entry (if it exists).
if (GetIfEntry2(&interfaceRow) == NO_ERROR)
description = PhCreateString(interfaceRow.Description);
else
description = PhCreateString(L"Unknown network adapter");
if (description)
{
AddNetworkAdapterToListView(
Context,
FALSE,
entry->AdapterId.InterfaceIndex,
entry->AdapterId.InterfaceLuid,
entry->AdapterId.InterfaceGuid,
description
);
PhDereferenceObject(description);
}
}
PhDereferenceObjectDeferDelete(entry);
}
PhReleaseQueuedLockShared(&NetworkAdaptersListLock);
}
static BOOLEAN NetAdapterSectionCallback(
_In_ PPH_SYSINFO_SECTION Section,
_In_ PH_SYSINFO_SECTION_MESSAGE Message,
_In_opt_ PVOID Parameter1,
_In_opt_ PVOID Parameter2
)
{
PPH_NETADAPTER_SYSINFO_CONTEXT context = (PPH_NETADAPTER_SYSINFO_CONTEXT)Section->Context;
switch (Message)
{
case SysInfoCreate:
{
if (PhGetIntegerSetting(SETTING_NAME_ENABLE_NDIS))
{
// Create the handle to the network device
PhCreateFileWin32(
&context->DeviceHandle,
PhaFormatString(L"\\\\.\\%s", context->AdapterEntry->InterfaceGuid->Buffer)->Buffer,
FILE_GENERIC_READ,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
);
if (context->DeviceHandle)
{
// Check the network adapter supports the OIDs we're going to be using.
if (!NetworkAdapterQuerySupported(context->DeviceHandle))
{
// Device is faulty. Close the handle so we can fallback to GetIfEntry.
NtClose(context->DeviceHandle);
context->DeviceHandle = NULL;
}
}
}
PhInitializeCircularBuffer_ULONG64(&context->InboundBuffer, PhGetIntegerSetting(L"SampleCount"));
PhInitializeCircularBuffer_ULONG64(&context->OutboundBuffer, PhGetIntegerSetting(L"SampleCount"));
}
return TRUE;
case SysInfoDestroy:
{
PhDeleteCircularBuffer_ULONG64(&context->InboundBuffer);
PhDeleteCircularBuffer_ULONG64(&context->OutboundBuffer);
if (context->AdapterName)
PhDereferenceObject(context->AdapterName);
if (context->DeviceHandle)
NtClose(context->DeviceHandle);
PhFree(context);
}
return TRUE;
case SysInfoTick:
{
ULONG64 networkInOctets = 0;
ULONG64 networkOutOctets = 0;
ULONG64 networkRcvSpeed = 0;
ULONG64 networkXmitSpeed = 0;
//ULONG64 networkLinkSpeed = 0;
if (context->DeviceHandle)
{
NDIS_STATISTICS_INFO interfaceStats;
//NDIS_LINK_STATE interfaceState;
if (NT_SUCCESS(NetworkAdapterQueryStatistics(context->DeviceHandle, &interfaceStats)))
{
if (!(interfaceStats.SupportedStatistics & NDIS_STATISTICS_FLAGS_VALID_BYTES_RCV))
networkInOctets = NetworkAdapterQueryValue(context->DeviceHandle, OID_GEN_BYTES_RCV);
else
networkInOctets = interfaceStats.ifHCInOctets;
if (!(interfaceStats.SupportedStatistics & NDIS_STATISTICS_FLAGS_VALID_BYTES_XMIT))
networkOutOctets = NetworkAdapterQueryValue(context->DeviceHandle, OID_GEN_BYTES_XMIT);
else
networkOutOctets = interfaceStats.ifHCOutOctets;
networkRcvSpeed = networkInOctets - context->LastInboundValue;
networkXmitSpeed = networkOutOctets - context->LastOutboundValue;
}
else
{
networkInOctets = NetworkAdapterQueryValue(context->DeviceHandle, OID_GEN_BYTES_RCV);
networkOutOctets = NetworkAdapterQueryValue(context->DeviceHandle, OID_GEN_BYTES_XMIT);
networkRcvSpeed = networkInOctets - context->LastInboundValue;
networkXmitSpeed = networkOutOctets - context->LastOutboundValue;
}
//if (NT_SUCCESS(NetworkAdapterQueryLinkState(context->DeviceHandle, &interfaceState)))
//{
// networkLinkSpeed = interfaceState.XmitLinkSpeed;
//}
//else
//{
// NetworkAdapterQueryLinkSpeed(context->DeviceHandle, &networkLinkSpeed);
//}
// HACK: Pull the Adapter name from the current query.
if (context->SysinfoSection->Name.Length == 0)
{
if (context->AdapterName = NetworkAdapterQueryName(context))
{
context->SysinfoSection->Name = context->AdapterName->sr;
}
}
}
else if (GetIfEntry2_I)
{
MIB_IF_ROW2 interfaceRow;
interfaceRow = QueryInterfaceRowVista(context->AdapterEntry);
networkInOctets = interfaceRow.InOctets;
networkOutOctets = interfaceRow.OutOctets;
networkRcvSpeed = networkInOctets - context->LastInboundValue;
networkXmitSpeed = networkOutOctets - context->LastOutboundValue;
//networkLinkSpeed = interfaceRow.TransmitLinkSpeed; // interfaceRow.ReceiveLinkSpeed
// HACK: Pull the Adapter name from the current query.
if (context->SysinfoSection->Name.Length == 0)
{
if (context->AdapterName = PhCreateString(interfaceRow.Description))
{
context->SysinfoSection->Name = context->AdapterName->sr;
}
}
}
else
{
MIB_IFROW interfaceRow;
interfaceRow = QueryInterfaceRowXP(context->AdapterEntry);
networkInOctets = interfaceRow.dwInOctets;
networkOutOctets = interfaceRow.dwOutOctets;
networkRcvSpeed = networkInOctets - context->LastInboundValue;
networkXmitSpeed = networkOutOctets - context->LastOutboundValue;
//networkLinkSpeed = interfaceRow.dwSpeed;
// HACK: Pull the Adapter name from the current query.
if (context->SysinfoSection->Name.Length == 0)
{
if (context->AdapterName = PhConvertMultiByteToUtf16(interfaceRow.bDescr))
{
context->SysinfoSection->Name = context->AdapterName->sr;
}
}
}
if (!context->HaveFirstSample)
{
networkRcvSpeed = 0;
networkXmitSpeed = 0;
context->HaveFirstSample = TRUE;
}
PhAddItemCircularBuffer_ULONG64(&context->InboundBuffer, networkRcvSpeed);
PhAddItemCircularBuffer_ULONG64(&context->OutboundBuffer, networkXmitSpeed);
//context->LinkSpeed = networkLinkSpeed;
context->InboundValue = networkRcvSpeed;
context->OutboundValue = networkXmitSpeed;
context->LastInboundValue = networkInOctets;
context->LastOutboundValue = networkOutOctets;
}
return TRUE;
case SysInfoCreateDialog:
{
PPH_SYSINFO_CREATE_DIALOG createDialog = (PPH_SYSINFO_CREATE_DIALOG)Parameter1;
createDialog->Instance = PluginInstance->DllBase;
createDialog->Template = MAKEINTRESOURCE(IDD_NETADAPTER_DIALOG);
createDialog->DialogProc = NetAdapterDialogProc;
createDialog->Parameter = context;
}
return TRUE;
case SysInfoGraphGetDrawInfo:
{
PPH_GRAPH_DRAW_INFO drawInfo = (PPH_GRAPH_DRAW_INFO)Parameter1;
drawInfo->Flags = PH_GRAPH_USE_GRID | PH_GRAPH_USE_LINE_2;
Section->Parameters->ColorSetupFunction(drawInfo, PhGetIntegerSetting(L"ColorIoReadOther"), PhGetIntegerSetting(L"ColorIoWrite"));
PhGetDrawInfoGraphBuffers(&Section->GraphState.Buffers, drawInfo, context->InboundBuffer.Count);
if (!Section->GraphState.Valid)
{
FLOAT max = 0;
for (ULONG i = 0; i < drawInfo->LineDataCount; i++)
{
FLOAT data1;
FLOAT data2;
Section->GraphState.Data1[i] = data1 = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->InboundBuffer, i);
Section->GraphState.Data2[i] = data2 = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->OutboundBuffer, i);
if (max < data1 + data2)
max = data1 + data2;
}
// Minimum scaling of 1 MB.
//if (max < 1024 * 1024)
// max = 1024 * 1024;
// Scale the data.
PhDivideSinglesBySingle(
Section->GraphState.Data1,
max,
drawInfo->LineDataCount
);
// Scale the data.
PhDivideSinglesBySingle(
Section->GraphState.Data2,
max,
drawInfo->LineDataCount
);
Section->GraphState.Valid = TRUE;
}
}
return TRUE;
case SysInfoGraphGetTooltipText:
{
PPH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT getTooltipText = (PPH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT)Parameter1;
ULONG64 adapterInboundValue = PhGetItemCircularBuffer_ULONG64(
&context->InboundBuffer,
getTooltipText->Index
);
ULONG64 adapterOutboundValue = PhGetItemCircularBuffer_ULONG64(
&context->OutboundBuffer,
getTooltipText->Index
);
PhMoveReference(&Section->GraphState.TooltipText, PhFormatString(
L"R: %s\nS: %s\n%s",
PhaFormatSize(adapterInboundValue, -1)->Buffer,
PhaFormatSize(adapterOutboundValue, -1)->Buffer,
((PPH_STRING)PhAutoDereferenceObject(PhGetStatisticsTimeString(NULL, getTooltipText->Index)))->Buffer
));
getTooltipText->Text = Section->GraphState.TooltipText->sr;
}
return TRUE;
case SysInfoGraphDrawPanel:
{
PPH_SYSINFO_DRAW_PANEL drawPanel = (PPH_SYSINFO_DRAW_PANEL)Parameter1;
drawPanel->Title = PhCreateString(Section->Name.Buffer);
drawPanel->SubTitle = PhFormatString(
L"R: %s\nS: %s",
PhaFormatSize(context->InboundValue, -1)->Buffer,
PhaFormatSize(context->OutboundValue, -1)->Buffer
);
}
return TRUE;
}
return FALSE;
}
BOOLEAN DiskDriveQueryDeviceInformation(
_In_ HANDLE DeviceHandle,
_Out_opt_ PPH_STRING* DiskVendor,
_Out_opt_ PPH_STRING* DiskModel,
_Out_opt_ PPH_STRING* DiskRevision,
_Out_opt_ PPH_STRING* DiskSerial
)
{
ULONG bufferLength;
IO_STATUS_BLOCK isb;
STORAGE_PROPERTY_QUERY query;
PSTORAGE_DESCRIPTOR_HEADER buffer;
query.QueryType = PropertyStandardQuery;
query.PropertyId = StorageDeviceProperty;
bufferLength = sizeof(STORAGE_DESCRIPTOR_HEADER);
buffer = PhAllocate(bufferLength);
memset(buffer, 0, bufferLength);
if (!NT_SUCCESS(NtDeviceIoControlFile(
DeviceHandle,
NULL,
NULL,
NULL,
&isb,
IOCTL_STORAGE_QUERY_PROPERTY,
&query,
sizeof(query),
buffer,
bufferLength
)))
{
PhFree(buffer);
return FALSE;
}
bufferLength = buffer->Size;
buffer = PhReAllocate(buffer, bufferLength);
memset(buffer, 0, bufferLength);
if (!NT_SUCCESS(NtDeviceIoControlFile(
DeviceHandle,
NULL,
NULL,
NULL,
&isb,
IOCTL_STORAGE_QUERY_PROPERTY,
&query,
sizeof(query),
buffer,
bufferLength
)))
{
PhFree(buffer);
return FALSE;
}
PSTORAGE_DEVICE_DESCRIPTOR deviceDescriptor = (PSTORAGE_DEVICE_DESCRIPTOR)buffer;
// TODO: Use the following fields:
// STORAGE_BUS_TYPE BusType;
// DWORD RawPropertiesLength;
// BYTE RawDeviceProperties[1];
if (DiskVendor && deviceDescriptor->VendorIdOffset != 0)
{
PPH_STRING diskVendor;
diskVendor = PH_AUTO(PhConvertMultiByteToUtf16((PBYTE)deviceDescriptor + deviceDescriptor->VendorIdOffset));
*DiskVendor = TrimString(diskVendor);
}
if (DiskModel && deviceDescriptor->ProductIdOffset != 0)
{
PPH_STRING diskModel;
diskModel = PH_AUTO(PhConvertMultiByteToUtf16((PBYTE)deviceDescriptor + deviceDescriptor->ProductIdOffset));
*DiskModel = TrimString(diskModel);
}
if (DiskRevision && deviceDescriptor->ProductRevisionOffset != 0)
{
PPH_STRING diskRevision;
diskRevision = PH_AUTO(PhConvertMultiByteToUtf16((PBYTE)deviceDescriptor + deviceDescriptor->ProductRevisionOffset));
*DiskRevision = TrimString(diskRevision);
}
if (DiskSerial && deviceDescriptor->SerialNumberOffset != 0)
{
PPH_STRING diskSerial;
diskSerial = PH_AUTO(PhConvertMultiByteToUtf16((PBYTE)deviceDescriptor + deviceDescriptor->SerialNumberOffset));
*DiskSerial = TrimString(diskSerial);
}
if (buffer)
{
PhFree(buffer);
}
return TRUE;
}
static VOID DbgProcessLogMessageEntry(
_Inout_ PPH_DBGEVENTS_CONTEXT Context,
_In_ BOOLEAN GlobalEvents
)
{
NTSTATUS status;
PDBWIN_PAGE_BUFFER debugMessageBuffer;
PDEBUG_LOG_ENTRY entry = NULL;
HANDLE processHandle = NULL;
PPH_STRING fileName = NULL;
HICON icon = NULL;
debugMessageBuffer = GlobalEvents ? Context->GlobalDebugBuffer : Context->LocalDebugBuffer;
entry = PhAllocate(sizeof(DEBUG_LOG_ENTRY));
memset(entry, 0, sizeof(DEBUG_LOG_ENTRY));
PhQuerySystemTime(&entry->Time);
entry->ProcessId = UlongToHandle(debugMessageBuffer->ProcessId);
entry->Message = PhConvertMultiByteToUtf16(debugMessageBuffer->Buffer);
if (WINDOWS_HAS_IMAGE_FILE_NAME_BY_PROCESS_ID)
{
status = PhGetProcessImageFileNameByProcessId(entry->ProcessId, &fileName);
}
else
{
if (NT_SUCCESS(status = PhOpenProcess(&processHandle, ProcessQueryAccess, entry->ProcessId)))
{
status = PhGetProcessImageFileName(processHandle, &fileName);
NtClose(processHandle);
}
}
if (!NT_SUCCESS(status))
fileName = PhGetKernelFileName();
PhSwapReference2(&fileName, PhGetFileName(fileName));
icon = PhGetFileShellIcon(PhGetString(fileName), L".exe", TRUE);
if (icon)
{
entry->ImageIndex = ImageList_AddIcon(Context->ListViewImageList, icon);
DestroyIcon(icon);
}
entry->FilePath = fileName;
entry->ProcessName = PhGetBaseName(fileName);
// Drop event if it matches a filter
for (ULONG i = 0; i < Context->ExcludeList->Count; i++)
{
PDBG_FILTER_TYPE filterEntry = Context->ExcludeList->Items[i];
if (filterEntry->Type == FilterByName)
{
if (PhEqualString(filterEntry->ProcessName, entry->ProcessName, TRUE))
{
DbgFreeLogEntry(entry);
return;
}
}
else if (filterEntry->Type == FilterByPid)
{
if (filterEntry->ProcessId == entry->ProcessId)
{
DbgFreeLogEntry(entry);
return;
}
}
}
DbgAddLogEntry(Context, entry);
}