/// Do 'sync' instruction.
///
/// Return AGENT_RET_SUCCESS if succeed, or AGENT_RET_FAIL if fail
static MBA_AGENT_RETURN sync_cmd( void )
{
// file buffer flush
int sysinfo = 4,
retVal;
HANDLE hVol;
hVol = CreateFile( "\\\\.\\C:",
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,
NULL );
if ( hVol == INVALID_HANDLE_VALUE ){
write_agent_log("expolog_cmd - [COMMAND ERROR] Flush Openfile Error", TRUE);
send_ecm_msg( FALSE );
return AGENT_RET_FAIL;
}
retVal = FlushFileBuffers( hVol );
if( retVal == 0 ){
write_agent_log("expolog_cmd - [COMMAND ERROR] Flush Openfile Error", TRUE);
send_ecm_msg( FALSE );
return AGENT_RET_FAIL;
}
send_ecm_msg( TRUE );
CloseHandle( hVol );
NtSetSystemInformation( 80, &sysinfo, sizeof(sysinfo)) ;
return AGENT_RET_SUCCESS;
}
/*
* @implemented
*/
BOOL
WINAPI
SetTimeZoneInformation(CONST TIME_ZONE_INFORMATION *lpTimeZoneInformation)
{
NTSTATUS Status;
DPRINT("SetTimeZoneInformation()\n");
Status = RtlSetTimeZoneInformation((LPTIME_ZONE_INFORMATION)lpTimeZoneInformation);
if (!NT_SUCCESS(Status))
{
DPRINT1("RtlSetTimeZoneInformation() failed (Status %lx)\n", Status);
BaseSetLastNTError(Status);
return FALSE;
}
Status = NtSetSystemInformation(SystemCurrentTimeZoneInformation,
(PVOID)lpTimeZoneInformation,
sizeof(TIME_ZONE_INFORMATION));
if (!NT_SUCCESS(Status))
{
DPRINT1("NtSetSystemInformation() failed (Status %lx)\n", Status);
BaseSetLastNTError(Status);
return FALSE;
}
return TRUE;
}
/*
* @implemented
*/
BOOL
WINAPI
SetTimeZoneInformation(CONST TIME_ZONE_INFORMATION *lpTimeZoneInformation)
{
RTL_TIME_ZONE_INFORMATION TimeZoneInformation;
NTSTATUS Status;
DPRINT("SetTimeZoneInformation()\n");
TimeZoneInformation.Bias = lpTimeZoneInformation->Bias;
wcsncpy(TimeZoneInformation.StandardName,
lpTimeZoneInformation->StandardName,
ARRAYSIZE(TimeZoneInformation.StandardName));
TimeZoneInformation.StandardDate.Year = lpTimeZoneInformation->StandardDate.wYear;
TimeZoneInformation.StandardDate.Month = lpTimeZoneInformation->StandardDate.wMonth;
TimeZoneInformation.StandardDate.Day = lpTimeZoneInformation->StandardDate.wDay;
TimeZoneInformation.StandardDate.Hour = lpTimeZoneInformation->StandardDate.wHour;
TimeZoneInformation.StandardDate.Minute = lpTimeZoneInformation->StandardDate.wMinute;
TimeZoneInformation.StandardDate.Second = lpTimeZoneInformation->StandardDate.wSecond;
TimeZoneInformation.StandardDate.Milliseconds = lpTimeZoneInformation->StandardDate.wMilliseconds;
TimeZoneInformation.StandardDate.Weekday = lpTimeZoneInformation->StandardDate.wDayOfWeek;
TimeZoneInformation.StandardBias = lpTimeZoneInformation->StandardBias;
wcsncpy(TimeZoneInformation.DaylightName,
lpTimeZoneInformation->DaylightName,
ARRAYSIZE(TimeZoneInformation.DaylightName));
TimeZoneInformation.DaylightDate.Year = lpTimeZoneInformation->DaylightDate.wYear;
TimeZoneInformation.DaylightDate.Month = lpTimeZoneInformation->DaylightDate.wMonth;
TimeZoneInformation.DaylightDate.Day = lpTimeZoneInformation->DaylightDate.wDay;
TimeZoneInformation.DaylightDate.Hour = lpTimeZoneInformation->DaylightDate.wHour;
TimeZoneInformation.DaylightDate.Minute = lpTimeZoneInformation->DaylightDate.wMinute;
TimeZoneInformation.DaylightDate.Second = lpTimeZoneInformation->DaylightDate.wSecond;
TimeZoneInformation.DaylightDate.Milliseconds = lpTimeZoneInformation->DaylightDate.wMilliseconds;
TimeZoneInformation.DaylightDate.Weekday = lpTimeZoneInformation->DaylightDate.wDayOfWeek;
TimeZoneInformation.DaylightBias = lpTimeZoneInformation->DaylightBias;
Status = RtlSetTimeZoneInformation(&TimeZoneInformation);
if (!NT_SUCCESS(Status))
{
DPRINT1("RtlSetTimeZoneInformation() failed (Status %lx)\n", Status);
BaseSetLastNTError(Status);
return FALSE;
}
Status = NtSetSystemInformation(SystemCurrentTimeZoneInformation,
(PVOID)&TimeZoneInformation,
sizeof(RTL_TIME_ZONE_INFORMATION));
if (!NT_SUCCESS(Status))
{
DPRINT1("NtSetSystemInformation() failed (Status %lx)\n", Status);
BaseSetLastNTError(Status);
return FALSE;
}
return TRUE;
}
int main(void) {
elevate_privileges();
int system_info = ClearStandbyPageList;
NTSTATUS ret = NtSetSystemInformation(SystemMemoryListInformation, &system_info, sizeof(system_info));
printf("NtSetSystemInformation() result: %#x (%u)\n", ret, ret);
return 0;
}
static int cmd_dropcaches(void)
{
HANDLE hProcess = GetCurrentProcess();
HANDLE hToken;
HMODULE ntdll;
DWORD(WINAPI *NtSetSystemInformation)(INT, PVOID, ULONG);
SYSTEM_MEMORY_LIST_COMMAND command;
int status;
if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
return error("Can't open current process token");
if (!GetPrivilege(hToken, "SeProfileSingleProcessPrivilege", 1))
return error("Can't get SeProfileSingleProcessPrivilege");
CloseHandle(hToken);
ntdll = LoadLibrary("ntdll.dll");
if (!ntdll)
return error("Can't load ntdll.dll, wrong Windows version?");
NtSetSystemInformation =
(DWORD(WINAPI *)(INT, PVOID, ULONG))GetProcAddress(ntdll, "NtSetSystemInformation");
if (!NtSetSystemInformation)
return error("Can't get function addresses, wrong Windows version?");
command = MemoryPurgeStandbyList;
status = NtSetSystemInformation(
SystemMemoryListInformation,
&command,
sizeof(SYSTEM_MEMORY_LIST_COMMAND)
);
if (status == STATUS_PRIVILEGE_NOT_HELD)
error("Insufficient privileges to purge the standby list, need admin access");
else if (status != STATUS_SUCCESS)
error("Unable to execute the memory list command %d", status);
FreeLibrary(ntdll);
return status;
}
NTSTATUS
_main(IN INT argc,
IN PCHAR argv[],
IN PCHAR envp[],
IN ULONG DebugFlag)
{
NTSTATUS Status;
KPRIORITY SetBasePriority;
ULONG_PTR Parameters[4];
HANDLE Handles[2];
PVOID State;
ULONG Flags;
PROCESS_BASIC_INFORMATION ProcessInfo;
UNICODE_STRING DbgString, InitialCommand;
/* Make us critical */
RtlSetProcessIsCritical(TRUE, NULL, FALSE);
RtlSetThreadIsCritical(TRUE, NULL, FALSE);
/* Raise our priority */
SetBasePriority = 11;
Status = NtSetInformationProcess(NtCurrentProcess(),
ProcessBasePriority,
(PVOID)&SetBasePriority,
sizeof(SetBasePriority));
ASSERT(NT_SUCCESS(Status));
/* Save the debug flag if it was passed */
if (DebugFlag) SmpDebug = DebugFlag != 0;
/* Build the hard error parameters */
Parameters[0] = (ULONG_PTR)&DbgString;
Parameters[1] = Parameters[2] = Parameters[3] = 0;
/* Enter SEH so we can terminate correctly if anything goes wrong */
_SEH2_TRY
{
/* Initialize SMSS */
Status = SmpInit(&InitialCommand, Handles);
if (!NT_SUCCESS(Status))
{
DPRINT1("SMSS: SmpInit return failure - Status == %x\n", Status);
RtlInitUnicodeString(&DbgString, L"Session Manager Initialization");
Parameters[1] = Status;
_SEH2_LEAVE;
}
/* Get the global flags */
Status = NtQuerySystemInformation(SystemFlagsInformation,
&Flags,
sizeof(Flags),
NULL);
ASSERT(NT_SUCCESS(Status));
/* Before executing the initial command check if the debug flag is on */
if (Flags & (FLG_DEBUG_INITIAL_COMMAND | FLG_DEBUG_INITIAL_COMMAND_EX))
{
/* SMSS should launch ntsd with a few parameters at this point */
DPRINT1("Global Flags Set to SMSS Debugging: Not yet supported\n");
}
/* Execute the initial command (Winlogon.exe) */
Status = SmpExecuteInitialCommand(0, &InitialCommand, &Handles[1], NULL);
if (!NT_SUCCESS(Status))
{
/* Fail and raise a hard error */
DPRINT1("SMSS: Execute Initial Command failed\n");
RtlInitUnicodeString(&DbgString,
L"Session Manager ExecuteInitialCommand");
Parameters[1] = Status;
_SEH2_LEAVE;
}
/* Check if we're already attached to a session */
Status = SmpAcquirePrivilege(SE_LOAD_DRIVER_PRIVILEGE, &State);
if (AttachedSessionId != -1)
{
/* Detach from it, we should be in no session right now */
Status = NtSetSystemInformation(SystemSessionDetach,
&AttachedSessionId,
sizeof(AttachedSessionId));
ASSERT(NT_SUCCESS(Status));
AttachedSessionId = -1;
}
SmpReleasePrivilege(State);
/* Wait on either CSRSS or Winlogon to die */
Status = NtWaitForMultipleObjects(RTL_NUMBER_OF(Handles),
Handles,
WaitAny,
FALSE,
NULL);
if (Status == STATUS_WAIT_0)
{
/* CSRSS is dead, get exit code and prepare for the hard error */
RtlInitUnicodeString(&DbgString, L"Windows SubSystem");
Status = NtQueryInformationProcess(Handles[0],
ProcessBasicInformation,
&ProcessInfo,
sizeof(ProcessInfo),
NULL);
DPRINT1("SMSS: Windows subsystem terminated when it wasn't supposed to.\n");
}
else
{
/* The initial command is dead or we have another failure */
RtlInitUnicodeString(&DbgString, L"Windows Logon Process");
if (Status == STATUS_WAIT_1)
{
/* Winlogon.exe got terminated, get its exit code */
Status = NtQueryInformationProcess(Handles[1],
ProcessBasicInformation,
&ProcessInfo,
sizeof(ProcessInfo),
NULL);
}
else
{
/* Something else satisfied our wait, so set the wait status */
ProcessInfo.ExitStatus = Status;
Status = STATUS_SUCCESS;
}
DPRINT1("SMSS: Initial command '%wZ' terminated when it wasn't supposed to.\n",
&InitialCommand);
}
/* Check if NtQueryInformationProcess was successful */
if (NT_SUCCESS(Status))
{
/* Then we must have a valid exit status in the structure, use it */
Parameters[1] = ProcessInfo.ExitStatus;
}
else
{
/* We really don't know what happened, so set a generic error */
Parameters[1] = STATUS_UNSUCCESSFUL;
}
}
_SEH2_EXCEPT(SmpUnhandledExceptionFilter(_SEH2_GetExceptionInformation()))
{
/* The filter should never return here */
ASSERT(FALSE);
}
_SEH2_END;
/* Something in the init loop failed, terminate SMSS */
return SmpTerminate(Parameters, 1, RTL_NUMBER_OF(Parameters));
}
//----------------------------------------------------------------------
//
// WinMain
//
// Registers a class. The reason I did this is because the application
// doesn't get cleaned up properly upon exit if winmain just calls
// dialogbox. This was manifested by all the system icons disappearing
// after the program exited. See Petzold's hexcalc example for the base
// of this.
//
//----------------------------------------------------------------------
int CALLBACK WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance,
LPSTR lpCmdLine, int nCmdShow )
{
static TCHAR szAppName [] = TEXT("CACHESET") ;
MSG msg ;
WNDCLASSEX wndclass ;
HWND hDummyWnd;
int NTVersion;
int len = 256;
HANDLE hToken;
SYSTEM_CACHE_INFORMATION newCacheSize;
ULONG minSize, maxSize;
// save instance
hInst = hInstance;
// init common controls
InitCommonControls();
// get NT version
NTVersion = GetVersion();
if( NTVersion >= 0x80000000 ) {
Abort( NULL, TEXT("Not running on Windows NT"));
return TRUE;
}
// Enable increase quota privilege
if(!OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken )) {
printf("You do not have the necessary privilege to run this program\n");
return -1;
}
// Enable SeDebugPrivilege
if(!SetPrivilege(hToken, SE_INCREASE_QUOTA_NAME, TRUE))
{
Abort(NULL, TEXT("You must have the INCREASE_QUOTA privilege to run CacheSet"));
CloseHandle(hToken);
return -1;
}
CloseHandle( hToken );
// locate the calls we need in NTDLL
LocateNTDLLCalls();
// If there are command line arguments, set the cache size
if( lpCmdLine && (sscanf( lpCmdLine," %d %d", &minSize, &maxSize ) == 2) ) {
// set the cache size
newCacheSize.MinimumWorkingSet = minSize * 1024;
newCacheSize.MaximumWorkingSet = maxSize * 1024;
NtSetSystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof(newCacheSize) );
return 0;
}
// create a dummy class and window that will hide the task tray icon for us
wndclass.cbSize = sizeof( WNDCLASSEX );
wndclass.style = 0 ;
wndclass.lpfnWndProc = (WNDPROC) DummyProc ;
wndclass.cbClsExtra = 0 ;
wndclass.cbWndExtra = 0 ;
wndclass.hInstance = hInstance ;
wndclass.hIcon = LoadIcon (hInstance, "APPICON") ;
wndclass.hIconSm = LoadIcon (hInstance, "APPICON");
wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) (COLOR_BTNFACE+1);
wndclass.lpszMenuName = NULL ;
wndclass.lpszClassName = "Dummy" ;
RegisterClassEx (&wndclass) ;
hDummyWnd = CreateWindowEx( WS_EX_TOOLWINDOW, "Dummy", "",
0, -1, -1, 0, 0, 0, 0, hInstance, 0 );
// create the main window class
wndclass.cbSize = sizeof( WNDCLASSEX );
wndclass.style = CS_HREDRAW | CS_VREDRAW ;
wndclass.lpfnWndProc = (WNDPROC) MainDialog ;
wndclass.cbClsExtra = 0 ;
wndclass.cbWndExtra = DLGWINDOWEXTRA ;
wndclass.hInstance = hInstance ;
wndclass.hIcon = LoadIcon (hInstance, "APPICON") ;
wndclass.hIconSm = LoadIcon (hInstance, "APPICON");
wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) (COLOR_BTNFACE+1);
wndclass.lpszMenuName = NULL ;
wndclass.lpszClassName = szAppName ;
RegisterClassEx (&wndclass) ;
// create the dialog
hMainDlg = CreateDialog( hInstance, "CACHESET", hDummyWnd, (DLGPROC)MainDialog) ;
ShowWindow( hMainDlg, nCmdShow) ;
while (GetMessage (&msg, NULL, 0, 0)) {
if( !IsDialogMessage( hMainDlg, &msg )) {
TranslateMessage (&msg) ;
DispatchMessage (&msg) ;
}
}
return msg.wParam ;
}
//----------------------------------------------------------------------
//
// MainDialog
//
// This is the main window.
//
//----------------------------------------------------------------------
LONG APIENTRY MainDialog( HWND hDlg, UINT message, UINT wParam,
LONG lParam ) {
TCHAR text[16];
SYSTEM_CACHE_INFORMATION newCacheSize;
ULONG returnLength;
switch (message) {
case WM_INITDIALOG :
// center the window
CenterWindow( hDlg );
// get the current settings from the driver
if( NtQuerySystemInformation( SYSTEMCACHEINFORMATION,
&ResetCache, sizeof(ResetCache),
&returnLength ) ) {
MessageBox( hDlg, TEXT("Could not obtain cache settings"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
wsprintf( text, TEXT("%d"), ResetCache.MinimumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MINIMUM, text );
wsprintf( text, TEXT("%d"), ResetCache.MaximumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MAXIMUM, text );
wsprintf( text, TEXT("%d KB"), ResetCache.CurrentSize / 1024);
SetDlgItemText( hDlg, IDC_CURRENT, text );
wsprintf( text, TEXT("%d KB"), ResetCache.PeakSize / 1024 );
SetDlgItemText( hDlg, IDC_PEAK, text );
// Start up timer to periodically update screen
SetTimer( hDlg, 1, 500/*ms*/, NULL );
return 0;
case WM_COMMAND:
switch (LOWORD( wParam )) {
case IDDEFAULT:
newCacheSize.MinimumWorkingSet = 4* ResetCache.MinimumWorkingSet * 1024;
newCacheSize.MaximumWorkingSet = 4* ResetCache.MaximumWorkingSet * 1024;
if( NtSetSystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof( newCacheSize)) ) {
MessageBox( hDlg, TEXT("Default settings were out of valid ranges"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
// get the current settings from the driver
if( NtQuerySystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof(newCacheSize),
&returnLength ) ) {
MessageBox( hDlg, TEXT("Could not obtain cache settings"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
wsprintf( text, TEXT("%d"), newCacheSize.MinimumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MINIMUM, text );
wsprintf( text, TEXT("%d"), newCacheSize.MaximumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MAXIMUM, text );
wsprintf( text, TEXT("%d KB"), newCacheSize.CurrentSize / 1024);
SetDlgItemText( hDlg, IDC_CURRENT, text );
wsprintf( text, TEXT("%d KB"), newCacheSize.PeakSize / 1024 );
SetDlgItemText( hDlg, IDC_PEAK, text );
MessageBox( hDlg, TEXT("Previous cache settings applied"), "Cacheset", MB_ICONINFORMATION|MB_OK );
break;
case IDCLEAR:
// clear the cache working set
newCacheSize.MinimumWorkingSet = (ULONG) -1;
newCacheSize.MaximumWorkingSet = (ULONG) -1;
if( NtSetSystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof( newCacheSize)) ) {
MessageBox( hDlg, TEXT("Cache clear settings were out of valid ranges"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
// get the current settings from the driver
if( NtQuerySystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof(newCacheSize),
&returnLength ) ) {
MessageBox( hDlg, TEXT("Could not obtain cache settings"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
wsprintf( text, TEXT("%d"), newCacheSize.MinimumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MINIMUM, text );
wsprintf( text, TEXT("%d"), newCacheSize.MaximumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MAXIMUM, text );
wsprintf( text, TEXT("%d KB"), newCacheSize.CurrentSize / 1024);
SetDlgItemText( hDlg, IDC_CURRENT, text );
wsprintf( text, TEXT("%d KB"), newCacheSize.PeakSize / 1024 );
SetDlgItemText( hDlg, IDC_PEAK, text );
MessageBox( hDlg, TEXT("Cache working set cleared"), "Cacheset", MB_ICONINFORMATION|MB_OK );
break;
case IDAPPLY:
GetDlgItemText( hDlg, IDC_MINIMUM, text, 16 );
newCacheSize.MinimumWorkingSet = atoi( text ) * 1024;
GetDlgItemText( hDlg, IDC_MAXIMUM, text, 16 );
newCacheSize.MaximumWorkingSet = atoi( text ) * 1024;
if( NtSetSystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof( newCacheSize)) ) {
MessageBox( hDlg, TEXT("New settings were out of valid ranges"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
// get the current settings from the driver
if( NtQuerySystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof(newCacheSize),
&returnLength ) ) {
MessageBox( hDlg, TEXT("Could not obtain cache settings"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
wsprintf( text, TEXT("%d"), newCacheSize.MinimumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MINIMUM, text );
wsprintf( text, TEXT("%d"), newCacheSize.MaximumWorkingSet *4 );
SetDlgItemText( hDlg, IDC_MAXIMUM, text );
wsprintf( text, TEXT("%d KB"), newCacheSize.CurrentSize / 1024);
SetDlgItemText( hDlg, IDC_CURRENT, text );
wsprintf( text, TEXT("%d KB"), newCacheSize.PeakSize / 1024 );
SetDlgItemText( hDlg, IDC_PEAK, text );
MessageBox( hDlg, TEXT("New cache settings applied"), "Cacheset", MB_ICONINFORMATION|MB_OK );
break;
case IDCANCEL:
EndDialog (hDlg, 0) ;
PostQuitMessage (0) ;
break ;
}
break;
case WM_TIMER:
// get the current settings
if( NtQuerySystemInformation( SYSTEMCACHEINFORMATION,
&newCacheSize, sizeof(newCacheSize),
&returnLength ) ) {
MessageBox( hDlg, TEXT("Could not obtain cache settings"), "Cacheset", MB_ICONWARNING|MB_OK );
return 0;
}
wsprintf( text, TEXT("%d KB"), newCacheSize.CurrentSize / 1024);
SetDlgItemText( hDlg, IDC_CURRENT, text );
wsprintf( text, TEXT("%d KB"), newCacheSize.PeakSize / 1024 );
SetDlgItemText( hDlg, IDC_PEAK, text );
break;
case WM_CLOSE:
EndDialog (hDlg, 0);
PostQuitMessage( 0 );
break;
}
return DefWindowProc ( hDlg, message, wParam, lParam);
}
INT_PTR CALLBACK PhpMemoryListsDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PhRegisterCallback(&PhProcessesUpdatedEvent, ProcessesUpdatedCallback, NULL, &ProcessesUpdatedRegistration);
PhpUpdateMemoryListInfo(hwndDlg);
PhLoadWindowPlacementFromSetting(L"MemoryListsWindowPosition", NULL, hwndDlg);
PhRegisterDialog(hwndDlg);
}
break;
case WM_DESTROY:
{
PhUnregisterDialog(hwndDlg);
PhSaveWindowPlacementToSetting(L"MemoryListsWindowPosition", NULL, hwndDlg);
PhUnregisterCallback(&PhProcessesUpdatedEvent, &ProcessesUpdatedRegistration);
UnregisterDialogFunction(hwndDlg);
PhMemoryListsWindowHandle = NULL;
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_EMPTY:
{
HMENU menu;
HMENU subMenu;
RECT buttonRect;
POINT point;
UINT selectedItem;
SYSTEM_MEMORY_LIST_COMMAND command = -1;
menu = LoadMenu(PhInstanceHandle, MAKEINTRESOURCE(IDR_EMPTYMEMLISTS));
subMenu = GetSubMenu(menu, 0);
GetClientRect(GetDlgItem(hwndDlg, IDC_EMPTY), &buttonRect);
point.x = 0;
point.y = buttonRect.bottom;
ClientToScreen(GetDlgItem(hwndDlg, IDC_EMPTY), &point);
selectedItem = PhShowContextMenu2(
hwndDlg,
GetDlgItem(hwndDlg, IDC_EMPTY),
subMenu,
point
);
switch (selectedItem)
{
case ID_EMPTY_EMPTYWORKINGSETS:
command = MemoryEmptyWorkingSets;
break;
case ID_EMPTY_EMPTYMODIFIEDPAGELIST:
command = MemoryFlushModifiedList;
break;
case ID_EMPTY_EMPTYSTANDBYLIST:
command = MemoryPurgeStandbyList;
break;
case ID_EMPTY_EMPTYPRIORITY0STANDBYLIST:
command = MemoryPurgeLowPriorityStandbyList;
break;
}
if (command != -1)
{
NTSTATUS status;
SetCursor(LoadCursor(NULL, IDC_WAIT));
status = NtSetSystemInformation(
SystemMemoryListInformation,
&command,
sizeof(SYSTEM_MEMORY_LIST_COMMAND)
);
SetCursor(LoadCursor(NULL, IDC_ARROW));
if (status == STATUS_PRIVILEGE_NOT_HELD)
{
if (!PhElevated)
{
if (PhUiConnectToPhSvc(hwndDlg, FALSE))
{
SetCursor(LoadCursor(NULL, IDC_WAIT));
status = PhSvcCallIssueMemoryListCommand(command);
SetCursor(LoadCursor(NULL, IDC_ARROW));
PhUiDisconnectFromPhSvc();
}
else
{
// User cancelled eleavtion.
status = STATUS_SUCCESS;
}
}
}
if (!NT_SUCCESS(status))
{
PhShowStatus(hwndDlg, L"Unable to execute the memory list command", status, 0);
}
}
DestroyMenu(menu);
}
break;
}
}
break;
case MSG_UPDATE:
{
PhpUpdateMemoryListInfo(hwndDlg);
}
break;
}
return FALSE;
}
BOOL
ApplyGlobalFlagChanges(
BOOL fInit,
HWND hDlg
)
{
BOOLEAN Enabled;
NTSTATUS Status;
SYSTEM_FLAGS_INFORMATION SystemInformation;
int iBit;
if (fInit) {
Status = NtQuerySystemInformation(SystemFlagsInformation,
&SystemInformation,
sizeof(SystemInformation),
NULL);
if (!NT_SUCCESS(Status)) {
CHAR Buffer[128];
sprintf(Buffer,
"NtQuerySystemInformation failed (%08lx)\n",
Status);
MessageBox(NULL,Buffer,TEXT("Horrible Disaster"),MB_OK);
ExitProcess(0);
} else {
for (iBit = 0; iBit < 32; iBit++) {
CheckDlgButton(hDlg,
GLOBAL_FLAG_ID + iBit,
(SystemInformation.Flags & (1 << iBit)));
}
}
} else {
SystemInformation.Flags = 0;
for (iBit = 0; iBit < 32; iBit++) {
if (IsDlgButtonChecked(hDlg, GLOBAL_FLAG_ID + iBit)) {
SystemInformation.Flags |= (1 << iBit);
}
}
//
// Attempt to enable the load driver privilege to
// allow setting the DPC behavior.
//
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE,
TRUE,
FALSE,
&Enabled);
Status = NtSetSystemInformation(SystemFlagsInformation,
&SystemInformation,
sizeof(SystemInformation));
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE,
Enabled,
FALSE,
&Enabled);
if (!NT_SUCCESS(Status)) {
CHAR Buffer[128];
sprintf(Buffer,
"SetSystemInformationFailed (%08lx)\nYou probably do not have debug privileges",
Status);
MessageBox(NULL,Buffer,TEXT("Oops"),MB_OK);
}
if (GlobalFlagUpdateRegistry.NewValue) {
HKEY Key;
LONG Result;
DWORD Disposition;
//
// Update the Value in the registry
//
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
TEXT("SYSTEM\\CurrentControlSet\\Control\\Session Manager"),
0L,
NULL,
0L,
KEY_SET_VALUE,
NULL,
&Key,
&Disposition) != ERROR_SUCCESS) {
CHAR Buffer[128];
sprintf(Buffer,
"RegCreateKey for NtGlobalFlag failed (%d)\nYou probably are Not Authorized.",
GetLastError());
MessageBox(NULL,Buffer,TEXT("Oops"),MB_OK);
return(TRUE);
}
RegSetValueEx(Key,
"GlobalFlag",
0,
REG_DWORD,
(LPBYTE)&SystemInformation.Flags,
sizeof(SystemInformation.Flags));
SendMessage(GetParent(hDlg),
PSM_REBOOTSYSTEM,
0,
0);
}
}
return(TRUE);
}
BOOL
ApplyDpcChanges(
BOOL fInit,
HWND hDlg
)
{
SYSTEM_DPC_BEHAVIOR_INFORMATION DpcBehavior;
BOOLEAN Enabled;
NTSTATUS Status;
if (fInit) {
Status = NtQuerySystemInformation(SystemDpcBehaviorInformation,
&DpcBehavior,
sizeof(DpcBehavior),
NULL);
if (!NT_SUCCESS(Status)) {
CHAR Buffer[128];
sprintf(Buffer,
"NtQuerySystemInformation failed (%08lx)\n"
"You probably need a newer build.\n"
"Use information from the registry?",
Status);
if (MessageBox(NULL,Buffer,TEXT("Horrible Disaster"),MB_YESNO) == IDYES) {
return(FALSE);
} else {
ExitProcess(0);
}
} else {
MaximumDpcQueueDepth.CurrentValue = DpcBehavior.DpcQueueDepth;
MinimumDpcRate.CurrentValue = DpcBehavior.MinimumDpcRate;
AdjustDpcThreshold.CurrentValue = DpcBehavior.AdjustDpcThreshold;
IdealDpcRate.CurrentValue = DpcBehavior.IdealDpcRate;
}
} else {
DpcBehavior.DpcQueueDepth = MaximumDpcQueueDepth.NewValue;
DpcBehavior.MinimumDpcRate = MinimumDpcRate.NewValue;
DpcBehavior.AdjustDpcThreshold = AdjustDpcThreshold.NewValue;
DpcBehavior.IdealDpcRate = IdealDpcRate.NewValue;
//
// Attempt to enable the load driver privilege to
// allow setting the DPC behavior.
//
RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
TRUE,
FALSE,
&Enabled);
Status = NtSetSystemInformation(SystemDpcBehaviorInformation,
&DpcBehavior,
sizeof(DpcBehavior));
RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
Enabled,
FALSE,
&Enabled);
if (!NT_SUCCESS(Status)) {
CHAR Buffer[128];
sprintf(Buffer,
"NtSetSystemInformation failed, status %08lx",
Status);
MessageBox(NULL,Buffer,TEXT("Oops"),MB_OK);
return(FALSE);
}
if (DpcUpdateRegistry.NewValue) {
//
// Let the common routine update the values in the registry
//
return(FALSE);
}
}
return(TRUE);
}