PREBAR_OBJECT RebarCreateObject( __in HWND hWndParent, __in UINT Id ) { HWND hWndRebar; LRESULT Result; PREBAR_OBJECT Object; hWndRebar = CreateWindowEx(0, REBARCLASSNAME, NULL, WS_VISIBLE | WS_CHILD | WS_CLIPCHILDREN | RBS_VARHEIGHT | RBS_FIXEDORDER | WS_CLIPSIBLINGS | CCS_TOP | CCS_NODIVIDER | RBS_AUTOSIZE| WS_GROUP, 0, 0, 0, 0, hWndParent, UlongToHandle(Id), SdkInstance, NULL); if (!hWndRebar) { return NULL; } Object = (PREBAR_OBJECT)SdkMalloc(sizeof(REBAR_OBJECT)); ZeroMemory(Object, sizeof(REBAR_OBJECT)); Object->hWndRebar = hWndRebar; Object->RebarInfo.cbSize = sizeof(REBARINFO); Result = SendMessage(hWndRebar, RB_SETBARINFO, 0, (LPARAM)&Object->RebarInfo); if (!Result) { SdkFree(Object); return NULL; } SendMessage(hWndRebar, RB_SETUNICODEFORMAT, (WPARAM)TRUE, (LPARAM)0); InitializeListHead(&Object->BandList); return Object; }
PVOID TreeListRemoveData( IN PTREELIST_HASH_TABLE Table, IN HTREEITEM hTreeItem, IN BOOLEAN Free ) { PTREELIST_DATA_ENTRY Current; PVOID Value; Current = TreeListLookupData(Table, hTreeItem); if (!Current) { return NULL; } RemoveEntryList(&Current->ListEntry); if (Free) { TreeListFreeData(Table, Current); return NULL; } Value = Current->Value; SdkFree(Current); return Value; }
VOID FilterFreeCommand( IN struct _MSP_USER_COMMAND *Command ) { PBTR_USER_COMMAND BtrCommand; PLIST_ENTRY ListEntry; ASSERT(Command != NULL); while (IsListEmpty(&Command->CommandList) != TRUE) { ListEntry = RemoveHeadList(&Command->CommandList); BtrCommand = CONTAINING_RECORD(ListEntry, BTR_USER_COMMAND, ListEntry); SdkFree(BtrCommand); } SdkFree(Command); }
VOID ConditionFree( IN PCONDITION_OBJECT Object ) { PLIST_ENTRY ListEntry; PCONDITION_ENTRY Entry; if (!Object) { return; } while (IsListEmpty(&Object->ConditionListHead) != TRUE) { ListEntry = RemoveHeadList(&Object->ConditionListHead); Entry = CONTAINING_RECORD(ListEntry, CONDITION_ENTRY, ListEntry); SdkFree(Entry); } SdkFree(Object); }
LRESULT MmHeapOnTreeListSelChanged( __in HWND hWnd, __in UINT uMsg, __in WPARAM wp, __in LPARAM lp ) { LPNMTREEVIEW lpnmtv = (LPNMTREEVIEW)lp; MmHeapInsertBackTraceEx(hWnd, lpnmtv->hdr.hwndFrom, lpnmtv->itemNew.hItem); SdkFree(lpnmtv); return 0; }
VOID TreeListFreeData( IN PTREELIST_HASH_TABLE Table, IN PTREELIST_DATA_ENTRY Data ) { if (!Data->Value) { return; } __try { (*Table->FreeCallback)(Data->Value); } __except(EXCEPTION_EXECUTE_HANDLER) { } SdkFree(Data); }
VOID FilterCleanUp( IN HWND hWnd ) { PDIALOG_OBJECT Object; PFILTER_CONTEXT Context; Object = (PDIALOG_OBJECT)SdkGetObject(hWnd); Context = SdkGetContext(Object, FILTER_CONTEXT); MspFreeFilterList(&Context->FilterList); if (Context->hBoldFont) { DeleteFont(Context->hBoldFont); } if (Context->ListObject) { SdkFree(Context->ListObject); } }
VOID FullStackCleanUp( __in PDIALOG_OBJECT Object ) { PFULLSTACK_CONTEXT Context; PTREELIST_OBJECT TreeList; HWND hWndTree; HTREEITEM hItem, hChildItem; TVITEM tvi = {0}; Context = SdkGetContext(Object, FULLSTACK_CONTEXT); TreeList = Context->Base.TreeList; ASSERT(TreeList != NULL); hWndTree = TreeList->hWndTree; hItem = TreeView_GetChild(TreeList->hWndTree, TVI_ROOT); while (hItem != NULL) { hChildItem = TreeView_GetChild(TreeList->hWndTree, hItem); while (hChildItem) { tvi.mask = TVIF_PARAM; tvi.hItem = hChildItem; TreeView_GetItem(TreeList->hWndTree, &tvi); if (tvi.lParam) { SdkFree((PVOID)tvi.lParam); } hChildItem = TreeView_GetNextSibling(TreeList->hWndTree, hChildItem); } hItem = TreeView_GetNextSibling(TreeList->hWndTree, hItem); } }
LRESULT FilterOnWmItemChanged( IN HWND hWnd, IN UINT uMsg, IN WPARAM wp, IN LPARAM lp ) { PSDK_TV_STATE State; HWND hWndTree; TVITEMEX Item = {0}; State = (PSDK_TV_STATE)lp; hWndTree = GetDlgItem(hWnd, IDC_TREE_FILTER); // // Get the current state of treeview item // Item.mask = TVIF_STATE | TVIF_PARAM; Item.stateMask = TVIS_STATEIMAGEMASK ; Item.hItem = State->hItem; TreeView_GetItem(hWndTree, &Item); State->NewState = Item.state; State->lParam = Item.lParam; // // Delegate to FastOnItemChanged() // FilterOnItemChanged(hWnd, hWndTree, State->hItem, State->NewState, State->OldState, State->lParam); SdkFree(State); return 0L; }
BOOLEAN RebarInsertBands( __in PREBAR_OBJECT Object ) { HWND hWndCombo; HWND hWndBar; HWND hWndRebar; PREBAR_BAND Band; HIMAGELIST Normal; HIMAGELIST Grayed; LRESULT Result; SIZE Size; hWndRebar = Object->hWndRebar; hWndBar = RebarCreateBar(Object); if (!hWndBar) { return FALSE; } RebarSetBarImage(hWndBar, 0, &Normal, &Grayed); SendMessage(hWndBar, TB_AUTOSIZE, 0, 0); SendMessage(hWndBar, TB_GETMAXSIZE, 0, (LPARAM)&Size); // // Create combobox to help switch views // hWndCombo = RebarCreateCombo(Object); if (!hWndCombo) { return FALSE; } // // Create combo band // Band = (PREBAR_BAND)SdkMalloc(sizeof(REBAR_BAND)); ZeroMemory(Band, sizeof(REBAR_BAND)); Band->hWndBand = hWndCombo; Band->BandId = REBAR_BAND_SWITCH; Band->BandInfo.cbSize = sizeof(REBARBANDINFO); Band->BandInfo.fMask = RBBIM_SIZE | RBBIM_CHILD | RBBIM_CHILDSIZE | RBBIM_ID | RBBIM_TEXT | RBBIM_COLORS | RBBIM_STYLE; Band->BandInfo.cxMinChild = 240; Band->BandInfo.cyMinChild = Size.cy; ; Band->BandInfo.cx = 240; Band->BandInfo.cyMaxChild = 240; Band->BandInfo.cyIntegral = 0; Band->BandInfo.lpText = L"Current View"; Band->BandInfo.clrFore = GetSysColor(COLOR_BTNTEXT); Band->BandInfo.clrBack = GetSysColor(COLOR_BTNFACE); Band->BandInfo.fStyle = RBBS_NOGRIPPER | RBBS_TOPALIGN | RBBS_FIXEDSIZE; Band->BandInfo.wID = REBAR_BAND_SWITCH; Band->BandInfo.hwndChild = hWndCombo; Result = SendMessage(hWndRebar, RB_INSERTBAND, (WPARAM)-1, (LPARAM)&Band->BandInfo); if (!Result) { SdkFree(Band); return FALSE; } SendMessage(hWndCombo, WM_SETFONT, (WPARAM)GetStockObject(DEFAULT_GUI_FONT), MAKELPARAM(TRUE, 0)); InsertTailList(&Object->BandList, &Band->ListEntry); Object->NumberOfBands += 1; /* // // Create find band // hWndEdit = RebarCreateFindEdit(Object); if (!hWndEdit) { return FALSE; } Band = (PREBAR_BAND)SdkMalloc(sizeof(REBAR_BAND)); ZeroMemory(Band, sizeof(REBAR_BAND)); Band->hWndBand = hWndEdit; Band->BandId = REBAR_BAND_FIND; Band->BandInfo.cbSize = sizeof(REBARBANDINFO); Band->BandInfo.fMask = RBBIM_SIZE | RBBIM_CHILD | RBBIM_CHILDSIZE | RBBIM_ID | RBBIM_STYLE | RBBIM_HEADERSIZE; Band->BandInfo.cxMinChild = 55; Band->BandInfo.cyMinChild = Size.cy - 1; Band->BandInfo.cx = 160; Band->BandInfo.cxHeader = 8; Band->BandInfo.fStyle = RBBS_NOGRIPPER; Band->BandInfo.wID = REBAR_BAND_FIND; Band->BandInfo.hwndChild = hWndEdit; Result = SendMessage(hWndRebar, RB_INSERTBAND, (WPARAM)-1, (LPARAM)&Band->BandInfo); if (!Result) { SdkFree(Band); return FALSE; } SendMessage(hWndEdit, WM_SETFONT, (WPARAM)GetStockObject(DEFAULT_GUI_FONT), MAKELPARAM(TRUE, 0)); InsertTailList(&Object->BandList, &Band->ListEntry); Object->NumberOfBands += 1; */ // // Create command band // Band = (PREBAR_BAND)SdkMalloc(sizeof(REBAR_BAND)); ZeroMemory(Band, sizeof(REBAR_BAND)); Band->hWndBand = hWndBar; Band->BandId = REBAR_BAND_COMMAND; Band->himlNormal = Normal; Band->himlGrayed = Grayed; Band->BandInfo.cbSize = sizeof(REBARBANDINFO); Band->BandInfo.fMask = RBBIM_SIZE | RBBIM_CHILD | RBBIM_CHILDSIZE | RBBIM_ID | RBBIM_STYLE | RBBIM_HEADERSIZE; Band->BandInfo.cxMinChild = RebarCommandCount * 22; Band->BandInfo.cyMinChild = Size.cy; Band->BandInfo.cx = Band->BandInfo.cxMinChild + 22; Band->BandInfo.cxHeader = 8; Band->BandInfo.fStyle = RBBS_NOGRIPPER| RBBS_TOPALIGN; Band->BandInfo.wID = REBAR_BAND_COMMAND; Band->BandInfo.hwndChild = hWndBar; Result = SendMessage(hWndRebar, RB_INSERTBAND, (WPARAM)-1, (LPARAM)&Band->BandInfo); if (!Result) { SdkFree(Band); return FALSE; } InsertTailList(&Object->BandList, &Band->ListEntry); Object->NumberOfBands += 1; return TRUE; }
ULONG FilterImportProbe( IN PWSTR Path, OUT struct _MSP_USER_COMMAND **Command ) { HANDLE FileHandle; HANDLE MapObject; PVOID MapAddress; CSP_FILE_HEADER Head; PCSP_FILTER Filter; PBTR_FILTER BtrFilter; PBTR_USER_COMMAND BtrCommand; PMSP_USER_COMMAND MspCommand; BTR_BITMAP Bitmap; ULONG Length; ULONG Number; ULONG BitNumber; ULONG Status; ULONG Complete; ULONG i; FileHandle = CreateFile(Path, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,NULL); if (FileHandle == INVALID_HANDLE_VALUE) { return GetLastError(); } ReadFile(FileHandle, &Head, sizeof(Head), &Complete, NULL); // // Check dpc file signature, dllcount, and its file size // if (Head.Signature != CSP_FILE_SIGNATURE || !Head.DllCount || Head.Size < sizeof(Head)) { MessageBox(NULL, L"Invalid dpc file!", L"D Probe", MB_OK|MB_ICONERROR); CloseHandle(FileHandle); return ERROR_INVALID_PARAMETER; } // // Map the entire dpc file as memory mapped // MapObject = CreateFileMapping(FileHandle, NULL, PAGE_READONLY, 0, 0, NULL); if (!MapObject) { Status = GetLastError(); CloseHandle(FileHandle); return Status; } MapAddress = (PVOID)MapViewOfFile(MapObject, FILE_MAP_READ, 0, 0, 0); if (!MapAddress) { Status = GetLastError(); CloseHandle(MapObject); CloseHandle(FileHandle); return Status; } Filter = (PCSP_FILTER)((PUCHAR)MapAddress + sizeof(CSP_FILE_HEADER)); MspCommand = (PMSP_USER_COMMAND)SdkMalloc(sizeof(MSP_USER_COMMAND)); RtlZeroMemory(MspCommand, sizeof(MSP_USER_COMMAND)); MspCommand->CommandType = CommandProbe; MspCommand->Type = PROBE_FILTER; InitializeListHead(&MspCommand->CommandList); InitializeListHead(&MspCommand->FailureList); for(Number = 0; Number < Head.DllCount; Number += 1) { Length = FIELD_OFFSET(BTR_USER_COMMAND, Probe[Filter->Count]); BtrCommand = (PBTR_USER_COMMAND)SdkMalloc(Length); BtrCommand->Length = Length; BtrCommand->Type = PROBE_FILTER; BtrCommand->Status = 0; BtrCommand->FailureCount = 0; BtrCommand->Count = Filter->Count; // // N.B. DllName is a base name, this is ok for btr to work as expected, // because dpc file can be imported from another machine which has different // dll path, so we decide to use base name to avoid this issue. // BtrFilter = MspQueryDecodeFilterByGuid(&Filter->FilterGuid); if (!BtrFilter) { SdkFree(BtrCommand); FilterFreeCommand(MspCommand); UnmapViewOfFile(MapAddress); CloseHandle(MapObject); CloseHandle(FileHandle); return ERROR_INVALID_PARAMETER; } // // N.B. Here we must fill a valid filter path, not CSP_FILTER.FilterName // StringCchCopy(BtrCommand->DllName, MAX_PATH, BtrFilter->FilterFullPath); BitNumber = 0; BtrInitializeBitMap(&Bitmap, Filter->Bits, BtrFilter->ProbesCount); for(i = 0; i < Filter->Count; i++) { RtlZeroMemory(&BtrCommand->Probe[i], sizeof(BTR_USER_PROBE)); BitNumber = BtrFindFirstSetBit(&Bitmap, BitNumber); ASSERT(BitNumber != -1); BtrCommand->Probe[i].Activate = TRUE; BtrCommand->Probe[i].Number = BitNumber; BitNumber += 1; } InsertTailList(&MspCommand->CommandList, &BtrCommand->ListEntry); MspCommand->CommandCount += 1; MspCommand->CommandLength += Length; Filter += 1; } *Command = MspCommand; UnmapViewOfFile(MapAddress); CloseHandle(MapObject); CloseHandle(FileHandle); return ERROR_SUCCESS; }
ULONG FilterExportProbe( IN PDIALOG_OBJECT Object, IN PWSTR Path ) { LIST_ENTRY ListHead; PCSP_FILTER Filter; PLIST_ENTRY ListEntry; CSP_FILE_HEADER Head; HANDLE FileHandle; ULONG Count; ULONG Size; ULONG Complete; InitializeListHead(&ListHead); Count = FilterScanSelection(Object, &ListHead); if (!Count) { MessageBox(Object->hWnd, L"No probes are selected!", L"D Probe", MB_OK); return 0; } DeleteFile(Path); FileHandle = CreateFile(Path, GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL); if (FileHandle == INVALID_HANDLE_VALUE) { return GetLastError(); } // // Adjust the file pointer to skip header and point to data area // Size = 0; SetFilePointer(FileHandle, sizeof(CSP_FILE_HEADER), NULL, FILE_BEGIN); while (IsListEmpty(&ListHead) != TRUE) { ListEntry = RemoveHeadList(&ListHead); Filter = CONTAINING_RECORD(ListEntry, CSP_FILTER, ListEntry); WriteFile(FileHandle, Filter, sizeof(CSP_FILTER), &Complete, NULL); Size += sizeof(CSP_FILTER); SdkFree(Filter); } // // Finally write the dpc file header // SetFilePointer(FileHandle, 0, NULL, FILE_BEGIN); Head.Signature = CSP_FILE_SIGNATURE; Head.Flag = 0; Head.Size = Size + sizeof(CSP_FILE_HEADER); Head.MajorVersion = 1; Head.MinorVersion = 0; Head.Type = PROBE_FILTER; Head.DllCount = Count; WriteFile(FileHandle, &Head, sizeof(CSP_FILE_HEADER), &Complete, NULL); CloseHandle(FileHandle); return 0; }
VOID FilterBuildCommand( IN PDIALOG_OBJECT Object ) { HWND hWndTree; HTREEITEM DllItem; HTREEITEM ApiItem; TVITEMEX Item = {0}; ULONG Unchecked, Checked; ULONG ApiNumber; struct _MSP_USER_COMMAND* Command; struct _BTR_USER_COMMAND* BtrCommand; ULONG Length; PLIST_ENTRY ListEntry; ULONG Number; PFILTER_CONTEXT Context; PFILTER_NODE Node; PBTR_FILTER Filter; LIST_ENTRY FilterList; ULONG BitNumber; Context = SdkGetContext(Object, FILTER_CONTEXT); hWndTree = GetDlgItem(Object->hWnd, IDC_TREE_FILTER); DllItem = TreeView_GetChild(hWndTree, TVI_ROOT); Checked = INDEXTOSTATEIMAGEMASK(CHECKED); Unchecked = INDEXTOSTATEIMAGEMASK(UNCHECKED); InitializeListHead(&FilterList); while (DllItem != NULL) { RtlZeroMemory(&Item, sizeof(Item)); Item.mask = TVIF_PARAM; Item.hItem = DllItem; TreeView_GetItem(hWndTree, &Item); Node = (PFILTER_NODE)Item.lParam; Filter = Node->Filter; // // Get first child of DllItem // ApiItem = TreeView_GetChild(hWndTree, DllItem); ApiNumber = 0; while (ApiItem != NULL) { ULONG IsChecked; RtlZeroMemory(&Item, sizeof(Item)); Item.mask = TVIF_PARAM; Item.hItem = ApiItem; TreeView_GetItem(hWndTree, &Item); IsChecked = TreeView_GetCheckState(hWndTree, ApiItem); if ((IsChecked == 0 && Item.lParam != 0) || (IsChecked == 1 && Item.lParam == 0)) { BtrSetBit(&Node->BitMap, ApiNumber); Node->Count += 1; } ApiNumber += 1; ApiItem = TreeView_GetNextSibling(hWndTree, ApiItem); } if (Node->Count != 0) { InsertTailList(&FilterList, &Node->ListEntry); } else { SdkFree(Node); } DllItem = TreeView_GetNextSibling(hWndTree, DllItem); } // // Copy scanned result into MSP_USER_COMMAND's command list // Command = NULL; if (IsListEmpty(&FilterList) != TRUE) { Command = (PMSP_USER_COMMAND)SdkMalloc(sizeof(MSP_USER_COMMAND)); RtlZeroMemory(Command, sizeof(MSP_USER_COMMAND)); Command->CommandType = CommandProbe; Command->ProcessId = Context->Process->ProcessId; Command->Type = PROBE_FILTER; Command->Status = 0; Command->CommandCount = 0; Command->CommandLength = 0; Command->FailureCount = 0; InitializeListHead(&Command->CommandList); InitializeListHead(&Command->FailureList); Command->Callback = NULL; Command->CallbackContext = NULL; } while (IsListEmpty(&FilterList) != TRUE) { ListEntry = RemoveHeadList(&FilterList); Node = CONTAINING_RECORD(ListEntry, FILTER_NODE, ListEntry); Length = FIELD_OFFSET(BTR_USER_COMMAND, Probe[Node->Count]); BtrCommand = (PBTR_USER_COMMAND)SdkMalloc(Length); BtrCommand->Length = Length; BtrCommand->Type = PROBE_FILTER; BtrCommand->Count = Node->Count; Filter = Node->Filter; StringCchCopyW(BtrCommand->DllName, MAX_PATH, Filter->FilterFullPath); BitNumber = 0; for(Number = 0; Number < Node->Count; Number += 1) { BOOLEAN Activate; BitNumber = BtrFindFirstSetBit(&Node->BitMap, BitNumber); Activate = BtrTestBit(&Filter->BitMap, BitNumber); BtrCommand->Probe[Number].Activate = !Activate; BtrCommand->Probe[Number].Number = BitNumber; BitNumber += 1; } InsertTailList(&Command->CommandList, &BtrCommand->ListEntry); Command->CommandCount += 1; Command->CommandLength += BtrCommand->Length; SdkFree(Node); } Context->Command = Command; }