VOID PeInitializeSettings( VOID ) { static PH_STRINGREF settingsSuffix = PH_STRINGREF_INIT(L".peview.xml"); NTSTATUS status; PPH_STRING appFileName; PPH_STRING tempFileName; // There are three possible locations for the settings file: // 1. A file named peview.exe.peview.xml in the program directory. (This changes // based on the executable file name.) // 2. The default location. // 1. File in program directory appFileName = PhGetApplicationFileName(); tempFileName = PhConcatStringRef2(&appFileName->sr, &settingsSuffix); PhDereferenceObject(appFileName); if (RtlDoesFileExists_U(tempFileName->Buffer)) { PeSettingsFileName = tempFileName; } else { PhDereferenceObject(tempFileName); } // 2. Default location if (!PeSettingsFileName) { PeSettingsFileName = PhGetKnownLocation(CSIDL_APPDATA, L"\\Process Hacker\\peview.xml"); } if (PeSettingsFileName) { status = PhLoadSettings(PeSettingsFileName->Buffer); // If we didn't find the file, it will be created. Otherwise, // there was probably a parsing error and we don't want to // change anything. if (status == STATUS_FILE_CORRUPT_ERROR) { if (PhShowMessage2( NULL, TDCBF_YES_BUTTON | TDCBF_NO_BUTTON, TD_WARNING_ICON, L"PE View's settings file is corrupt. Do you want to reset it?", L"If you select No, the settings system will not function properly." ) == IDYES) { HANDLE fileHandle; IO_STATUS_BLOCK isb; CHAR data[] = "<settings></settings>"; // This used to delete the file. But it's better to keep the file there // and overwrite it with some valid XML, especially with case (2) above. if (NT_SUCCESS(PhCreateFileWin32( &fileHandle, PeSettingsFileName->Buffer, FILE_GENERIC_WRITE, 0, FILE_SHARE_READ | FILE_SHARE_DELETE, FILE_OVERWRITE, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT ))) { NtWriteFile(fileHandle, NULL, NULL, NULL, &isb, data, sizeof(data) - 1, NULL, NULL); NtClose(fileHandle); } } else { // Pretend we don't have a settings store so bad things don't happen. PhDereferenceObject(PeSettingsFileName); PeSettingsFileName = NULL; } } } // Apply basic global settings. PhMaxSizeUnit = PhGetIntegerSetting(L"MaxSizeUnit"); }
NTSTATUS PhpProcessMiniDumpThreadStart( _In_ PVOID Parameter ) { PPROCESS_MINIDUMP_CONTEXT context = Parameter; MINIDUMP_CALLBACK_INFORMATION callbackInfo; callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback; callbackInfo.CallbackParam = context; #ifdef _WIN64 if (context->IsWow64) { if (PhUiConnectToPhSvcEx(NULL, Wow64PhSvcMode, FALSE)) { NTSTATUS status; if (NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, context->DumpType ))) { context->Succeeded = TRUE; } else { SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_ERROR, (LPARAM)PhNtStatusToDosError(status) ); } PhUiDisconnectFromPhSvc(); goto Completed; } else { if (PhShowMessage2( context->WindowHandle, TDCBF_YES_BUTTON | TDCBF_NO_BUTTON, TD_WARNING_ICON, L"The 32-bit version of Process Hacker could not be located.", L"A 64-bit dump will be created instead. Do you want to continue?" ) == IDNO) { PhDeleteFile(context->FileHandle); goto Completed; } } } #endif if (PhWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, context->DumpType, NULL, NULL, &callbackInfo )) { context->Succeeded = TRUE; } else { SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_ERROR, (LPARAM)GetLastError() ); } #ifdef _WIN64 Completed: #endif SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_COMPLETED, 0 ); return STATUS_SUCCESS; }