static VOID PhpRefreshSectionPageInfo(
_In_ HWND hwndDlg,
_In_ PCOMMON_PAGE_CONTEXT PageContext
)
{
HANDLE sectionHandle;
SECTION_BASIC_INFORMATION basicInfo;
PWSTR sectionType = L"Unknown";
PPH_STRING sectionSize = NULL;
PPH_STRING fileName = NULL;
if (!NT_SUCCESS(PageContext->OpenObject(
§ionHandle,
SECTION_QUERY | SECTION_MAP_READ,
PageContext->Context
)))
{
if (!NT_SUCCESS(PageContext->OpenObject(
§ionHandle,
SECTION_QUERY | SECTION_MAP_READ,
PageContext->Context
)))
{
return;
}
}
if (NT_SUCCESS(PhGetSectionBasicInformation(sectionHandle, &basicInfo)))
{
if (basicInfo.AllocationAttributes & SEC_COMMIT)
sectionType = L"Commit";
else if (basicInfo.AllocationAttributes & SEC_FILE)
sectionType = L"File";
else if (basicInfo.AllocationAttributes & SEC_IMAGE)
sectionType = L"Image";
else if (basicInfo.AllocationAttributes & SEC_RESERVE)
sectionType = L"Reserve";
sectionSize = PhaFormatSize(basicInfo.MaximumSize.QuadPart, -1);
}
if (NT_SUCCESS(PhGetSectionFileName(sectionHandle, &fileName)))
{
PPH_STRING newFileName;
PH_AUTO(fileName);
if (newFileName = PhResolveDevicePrefix(fileName))
fileName = PH_AUTO(newFileName);
}
SetDlgItemText(hwndDlg, IDC_TYPE, sectionType);
SetDlgItemText(hwndDlg, IDC_SIZE_, PhGetStringOrDefault(sectionSize, L"Unknown"));
SetDlgItemText(hwndDlg, IDC_FILE, PhGetStringOrDefault(fileName, L"N/A"));
NtClose(sectionHandle);
}
NTSTATUS PhSipLoadMmAddresses(
_In_ PVOID Parameter
)
{
PRTL_PROCESS_MODULES kernelModules;
PPH_SYMBOL_PROVIDER symbolProvider;
PPH_STRING kernelFileName;
PPH_STRING newFileName;
PH_SYMBOL_INFORMATION symbolInfo;
if (NT_SUCCESS(PhEnumKernelModules(&kernelModules)))
{
if (kernelModules->NumberOfModules >= 1)
{
symbolProvider = PhCreateSymbolProvider(NULL);
PhLoadSymbolProviderOptions(symbolProvider);
kernelFileName = PH_AUTO(PhConvertMultiByteToUtf16(kernelModules->Modules[0].FullPathName));
newFileName = PH_AUTO(PhGetFileName(kernelFileName));
PhLoadModuleSymbolProvider(
symbolProvider,
newFileName->Buffer,
(ULONG64)kernelModules->Modules[0].ImageBase,
kernelModules->Modules[0].ImageSize
);
if (PhGetSymbolFromName(
symbolProvider,
L"MmSizeOfPagedPoolInBytes",
&symbolInfo
))
{
MmSizeOfPagedPoolInBytes = (PSIZE_T)symbolInfo.Address;
}
if (PhGetSymbolFromName(
symbolProvider,
L"MmMaximumNonPagedPoolInBytes",
&symbolInfo
))
{
MmMaximumNonPagedPoolInBytes = (PSIZE_T)symbolInfo.Address;
}
PhDereferenceObject(symbolProvider);
}
PhFree(kernelModules);
}
return STATUS_SUCCESS;
}
VOID StatusBarSaveSettings(
VOID
)
{
ULONG buttonIndex = 0;
PPH_STRING settingsString;
PH_STRING_BUILDER stringBuilder;
PhInitializeStringBuilder(&stringBuilder, 100);
PhAppendFormatStringBuilder(
&stringBuilder,
L"%lu|",
StatusBarItemList->Count
);
for (buttonIndex = 0; buttonIndex < StatusBarItemList->Count; buttonIndex++)
{
PSTATUSBAR_ITEM statusItem = StatusBarItemList->Items[buttonIndex];
PhAppendFormatStringBuilder(
&stringBuilder,
L"%lu|",
statusItem->Id
);
}
if (stringBuilder.String->Length != 0)
PhRemoveEndStringBuilder(&stringBuilder, 1);
settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetStringSetting2(SETTING_NAME_STATUSBAR_CONFIG, &settingsString->sr);
}
static VOID PhpAddJobProcesses(
_In_ HWND hwndDlg,
_In_ HANDLE JobHandle
)
{
PJOBOBJECT_BASIC_PROCESS_ID_LIST processIdList;
HWND processesLv;
processesLv = GetDlgItem(hwndDlg, IDC_PROCESSES);
if (NT_SUCCESS(PhGetJobProcessIdList(JobHandle, &processIdList)))
{
ULONG i;
CLIENT_ID clientId;
PPH_STRING name;
clientId.UniqueThread = NULL;
for (i = 0; i < processIdList->NumberOfProcessIdsInList; i++)
{
clientId.UniqueProcess = (HANDLE)processIdList->ProcessIdList[i];
name = PH_AUTO(PhGetClientIdName(&clientId));
PhAddListViewItem(processesLv, MAXINT, PhGetString(name), NULL);
}
PhFree(processIdList);
}
}
static PPH_STRING PhpaGetSendMessageReceiver(
_In_ HANDLE ThreadId
)
{
static HWND (WINAPI *GetSendMessageReceiver_I)(
_In_ HANDLE ThreadId
);
HWND windowHandle;
ULONG threadId;
ULONG processId;
CLIENT_ID clientId;
PPH_STRING clientIdName;
WCHAR windowClass[64];
PPH_STRING windowText;
// GetSendMessageReceiver is an undocumented function exported by
// user32.dll. It retrieves the handle of the window which a thread
// is sending a message to.
if (!GetSendMessageReceiver_I)
GetSendMessageReceiver_I = PhGetDllProcedureAddress(L"user32.dll", "GetSendMessageReceiver", 0);
if (!GetSendMessageReceiver_I)
return NULL;
windowHandle = GetSendMessageReceiver_I(ThreadId);
if (!windowHandle)
return NULL;
threadId = GetWindowThreadProcessId(windowHandle, &processId);
clientId.UniqueProcess = UlongToHandle(processId);
clientId.UniqueThread = UlongToHandle(threadId);
clientIdName = PH_AUTO(PhGetClientIdName(&clientId));
if (!GetClassName(windowHandle, windowClass, sizeof(windowClass) / sizeof(WCHAR)))
windowClass[0] = UNICODE_NULL;
windowText = PH_AUTO(PhGetWindowText(windowHandle));
return PhaFormatString(L"Window 0x%Ix (%s): %s \"%s\"", windowHandle, clientIdName->Buffer, windowClass, PhGetStringOrEmpty(windowText));
}
static VOID ReadCurrentUserRun(
VOID
)
{
HANDLE keyHandle;
PPH_STRING value;
CurrentUserRunPresent = FALSE;
CurrentUserRunStartHidden = FALSE;
if (NT_SUCCESS(PhOpenKey(
&keyHandle,
KEY_READ,
PH_KEY_CURRENT_USER,
&CurrentUserRunKeyName,
0
)))
{
if (value = PhQueryRegistryString(keyHandle, L"Process Hacker 2"))
{
PH_STRINGREF fileName;
PH_STRINGREF arguments;
PPH_STRING fullFileName;
PH_AUTO(value);
if (PhParseCommandLineFuzzy(&value->sr, &fileName, &arguments, &fullFileName))
{
PH_AUTO(fullFileName);
if (fullFileName && PhEqualString(fullFileName, PhApplicationFileName, TRUE))
{
CurrentUserRunPresent = TRUE;
CurrentUserRunStartHidden = PhEqualStringRef2(&arguments, L"-hide", FALSE);
}
}
}
NtClose(keyHandle);
}
}
/**
* Adds a menu hook.
*
* \param MenuInfo The plugin menu information structure.
* \param Plugin A plugin instance structure.
* \param Context A user-defined value that is later accessible from the callback.
*
* \remarks The \ref PluginCallbackMenuHook callback is invoked when any menu item
* from the menu is chosen.
*/
BOOLEAN PhPluginAddMenuHook(
_Inout_ PPH_PLUGIN_MENU_INFORMATION MenuInfo,
_In_ PPH_PLUGIN Plugin,
_In_opt_ PVOID Context
)
{
PPHP_PLUGIN_MENU_HOOK hook;
if (MenuInfo->Flags & PH_PLUGIN_MENU_DISALLOW_HOOKS)
return FALSE;
if (!MenuInfo->PluginHookList)
MenuInfo->PluginHookList = PH_AUTO(PhCreateList(2));
hook = PH_AUTO(PhCreateAlloc(sizeof(PHP_PLUGIN_MENU_HOOK)));
hook->Plugin = Plugin;
hook->Context = Context;
PhAddItemList(MenuInfo->PluginHookList, hook);
return TRUE;
}
VOID ReBarSaveLayoutSettings(
VOID
)
{
UINT index = 0;
UINT count = 0;
PPH_STRING settingsString;
PH_STRING_BUILDER stringBuilder;
PhInitializeStringBuilder(&stringBuilder, 100);
count = (UINT)SendMessage(RebarHandle, RB_GETBANDCOUNT, 0, 0);
for (index = 0; index < count; index++)
{
REBARBANDINFO rebarBandInfo =
{
sizeof(REBARBANDINFO),
RBBIM_STYLE | RBBIM_SIZE | RBBIM_ID
};
SendMessage(RebarHandle, RB_GETBANDINFO, index, (LPARAM)&rebarBandInfo);
if (rebarBandInfo.fStyle & RBBS_GRIPPERALWAYS)
{
rebarBandInfo.fStyle &= ~RBBS_GRIPPERALWAYS;
}
if (rebarBandInfo.fStyle & RBBS_NOGRIPPER)
{
rebarBandInfo.fStyle &= ~RBBS_NOGRIPPER;
}
if (rebarBandInfo.fStyle & RBBS_FIXEDSIZE)
{
rebarBandInfo.fStyle &= ~RBBS_FIXEDSIZE;
}
PhAppendFormatStringBuilder(
&stringBuilder,
L"%u|%u|%u|",
rebarBandInfo.wID,
rebarBandInfo.cx,
rebarBandInfo.fStyle
);
}
if (stringBuilder.String->Length != 0)
PhRemoveEndStringBuilder(&stringBuilder, 1);
settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetStringSetting2(SETTING_NAME_REBAR_CONFIG, &settingsString->sr);
}
static PPH_STRING PhpaGetHandleString(
_In_ HANDLE ProcessHandle,
_In_ HANDLE Handle
)
{
PPH_STRING typeName = NULL;
PPH_STRING name = NULL;
PPH_STRING result;
PhGetHandleInformation(
ProcessHandle,
Handle,
-1,
NULL,
&typeName,
NULL,
&name
);
PH_AUTO(typeName);
PH_AUTO(name);
if (typeName && name)
{
result = PhaFormatString(
L"Handle 0x%Ix (%s): %s",
Handle,
typeName->Buffer,
!PhIsNullOrEmptyString(name) ? name->Buffer : L"(unnamed object)"
);
}
else
{
result = PhaFormatString(
L"Handle 0x%Ix: (error querying handle)",
Handle
);
}
return result;
}
SC_ACTION_TYPE ComboBoxToServiceAction(
_In_ HWND ComboBoxHandle
)
{
PPH_STRING string;
string = PH_AUTO(PhGetComboBoxString(ComboBoxHandle, ComboBox_GetCurSel(ComboBoxHandle)));
if (!string)
return SC_ACTION_NONE;
return EspStringToServiceAction(string->Buffer);
}
PPH_STRING PhpaGetAlpcInformation(
_In_ HANDLE ThreadId
)
{
NTSTATUS status;
PPH_STRING string = NULL;
HANDLE threadHandle;
PALPC_SERVER_INFORMATION serverInfo;
ULONG bufferLength;
if (!NT_SUCCESS(PhOpenThread(&threadHandle, THREAD_QUERY_INFORMATION, ThreadId)))
return NULL;
bufferLength = 0x110;
serverInfo = PhAllocate(bufferLength);
serverInfo->In.ThreadHandle = threadHandle;
status = NtAlpcQueryInformation(NULL, AlpcServerInformation, serverInfo, bufferLength, &bufferLength);
if (status == STATUS_INFO_LENGTH_MISMATCH)
{
PhFree(serverInfo);
serverInfo = PhAllocate(bufferLength);
serverInfo->In.ThreadHandle = threadHandle;
status = NtAlpcQueryInformation(NULL, AlpcServerInformation, serverInfo, bufferLength, &bufferLength);
}
if (NT_SUCCESS(status) && serverInfo->Out.ThreadBlocked)
{
CLIENT_ID clientId;
PPH_STRING clientIdName;
clientId.UniqueProcess = serverInfo->Out.ConnectedProcessId;
clientId.UniqueThread = NULL;
clientIdName = PH_AUTO(PhGetClientIdName(&clientId));
string = PhaFormatString(L"ALPC Port: %.*s (%s)", serverInfo->Out.ConnectionPortName.Length / sizeof(WCHAR), serverInfo->Out.ConnectionPortName.Buffer, clientIdName->Buffer);
}
PhFree(serverInfo);
NtClose(threadHandle);
return string;
}
VOID ToolbarSaveButtonSettings(
VOID
)
{
INT buttonIndex = 0;
INT buttonCount = 0;
PPH_STRING settingsString;
PH_STRING_BUILDER stringBuilder;
PhInitializeStringBuilder(&stringBuilder, 100);
buttonCount = (INT)SendMessage(ToolBarHandle, TB_BUTTONCOUNT, 0, 0);
PhAppendFormatStringBuilder(
&stringBuilder,
L"%d|",
buttonCount
);
for (buttonIndex = 0; buttonIndex < buttonCount; buttonIndex++)
{
TBBUTTONINFO buttonInfo =
{
sizeof(TBBUTTONINFO),
TBIF_BYINDEX | TBIF_IMAGE | TBIF_STYLE | TBIF_COMMAND
};
// Get button information.
if (SendMessage(ToolBarHandle, TB_GETBUTTONINFO, buttonIndex, (LPARAM)&buttonInfo) == -1)
break;
PhAppendFormatStringBuilder(
&stringBuilder,
L"%d|",
buttonInfo.idCommand
);
}
if (stringBuilder.String->Length != 0)
PhRemoveEndStringBuilder(&stringBuilder, 1);
settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetStringSetting2(SETTING_NAME_TOOLBAR_CONFIG, &settingsString->sr);
}
// copied from ProcessHacker\netlist.c..
static PPH_STRING PhpNetworkTreeGetNetworkItemProcessName(
_In_ PPH_NETWORK_ITEM NetworkItem
)
{
PH_FORMAT format[4];
if (!NetworkItem->ProcessId)
return PhaCreateString(L"Waiting connections");
PhInitFormatS(&format[1], L" (");
PhInitFormatU(&format[2], HandleToUlong(NetworkItem->ProcessId));
PhInitFormatC(&format[3], ')');
if (NetworkItem->ProcessName)
PhInitFormatSR(&format[0], NetworkItem->ProcessName->sr);
else
PhInitFormatS(&format[0], L"Unknown process");
return PH_AUTO(PhFormat(format, 4, 96));
}
static VOID WriteCurrentUserRun(
_In_ BOOLEAN Present,
_In_ BOOLEAN StartHidden
)
{
HANDLE keyHandle;
if (CurrentUserRunPresent == Present && (!Present || CurrentUserRunStartHidden == StartHidden))
return;
if (NT_SUCCESS(PhOpenKey(
&keyHandle,
KEY_WRITE,
PH_KEY_CURRENT_USER,
&CurrentUserRunKeyName,
0
)))
{
UNICODE_STRING valueName;
RtlInitUnicodeString(&valueName, L"Process Hacker 2");
if (Present)
{
PPH_STRING value;
value = PH_AUTO(PhConcatStrings(3, L"\"", PhApplicationFileName->Buffer, L"\""));
if (StartHidden)
value = PhaConcatStrings2(value->Buffer, L" -hide");
NtSetValueKey(keyHandle, &valueName, 0, REG_SZ, value->Buffer, (ULONG)value->Length + 2);
}
else
{
NtDeleteValueKey(keyHandle, &valueName);
}
NtClose(keyHandle);
}
}
VOID NetAdaptersSaveList(
VOID
)
{
PH_STRING_BUILDER stringBuilder;
PPH_STRING settingsString;
PhInitializeStringBuilder(&stringBuilder, 260);
PhAcquireQueuedLockShared(&NetworkAdaptersListLock);
for (ULONG i = 0; i < NetworkAdaptersList->Count; i++)
{
PDV_NETADAPTER_ENTRY entry = PhReferenceObjectSafe(NetworkAdaptersList->Items[i]);
if (!entry)
continue;
if (entry->UserReference)
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"%lu,%I64u,%s,",
entry->AdapterId.InterfaceIndex, // This value is UNSAFE and will change after reboot.
entry->AdapterId.InterfaceLuid.Value, // This value is SAFE and does not change (Vista+).
entry->AdapterId.InterfaceGuid->Buffer
);
}
PhDereferenceObjectDeferDelete(entry);
}
PhReleaseQueuedLockShared(&NetworkAdaptersListLock);
if (stringBuilder.String->Length != 0)
PhRemoveEndStringBuilder(&stringBuilder, 1);
settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetStringSetting2(SETTING_NAME_INTERFACE_LIST, &settingsString->sr);
}
VOID DiskDrivesSaveList(
VOID
)
{
PH_STRING_BUILDER stringBuilder;
PPH_STRING settingsString;
PhInitializeStringBuilder(&stringBuilder, 260);
PhAcquireQueuedLockShared(&DiskDrivesListLock);
for (ULONG i = 0; i < DiskDrivesList->Count; i++)
{
PDV_DISK_ENTRY entry = PhReferenceObjectSafe(DiskDrivesList->Items[i]);
if (!entry)
continue;
if (entry->UserReference)
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"%s,",
entry->Id.DevicePath->Buffer // This value is SAFE and does not change.
);
}
PhDereferenceObjectDeferDelete(entry);
}
PhReleaseQueuedLockShared(&DiskDrivesListLock);
if (stringBuilder.String->Length != 0)
PhRemoveEndStringBuilder(&stringBuilder, 1);
settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetStringSetting2(SETTING_NAME_DISK_LIST, &settingsString->sr);
}
BOOLEAN PhUiCreateDumpFileProcess(
_In_ HWND hWnd,
_In_ PPH_PROCESS_ITEM Process
)
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Dump files (*.dmp)", L"*.dmp" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
PPH_STRING fileName;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, PhaConcatStrings2(Process->ProcessName->Buffer, L".dmp")->Buffer);
if (!PhShowFileDialog(hWnd, fileDialog))
{
PhFreeFileDialog(fileDialog);
return FALSE;
}
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
PhFreeFileDialog(fileDialog);
return PhpCreateProcessMiniDumpWithProgress(
hWnd,
Process->ProcessId,
fileName->Buffer,
// task manager uses these flags
MiniDumpWithFullMemory |
MiniDumpWithHandleData |
MiniDumpWithUnloadedModules |
MiniDumpWithFullMemoryInfo |
MiniDumpWithThreadInfo
);
}
VOID PhSaveSettingsColumnList(
_In_ PWSTR SettingName,
_In_ PPH_LIST ColumnSetList
)
{
ULONG index;
PPH_STRING settingsString;
PH_STRING_BUILDER stringBuilder;
PhInitializeStringBuilder(&stringBuilder, 100);
PhAppendFormatStringBuilder(
&stringBuilder,
L"%lu-",
ColumnSetList->Count
);
for (index = 0; index < ColumnSetList->Count; index++)
{
PPH_COLUMN_SET_ENTRY entry = ColumnSetList->Items[index];
if (PhIsNullOrEmptyString(entry->Name))
continue;
PhAppendFormatStringBuilder(
&stringBuilder,
L"%s-%s-%s-",
entry->Name->Buffer,
PhGetStringOrEmpty(entry->Setting),
PhGetStringOrEmpty(entry->Sorting)
);
}
if (stringBuilder.String->Length != 0)
PhRemoveEndStringBuilder(&stringBuilder, 1);
settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetStringSetting2(SettingName, &settingsString->sr);
}
VOID FindDiskDrives(
_In_ PDV_DISK_OPTIONS_CONTEXT Context
)
{
PPH_LIST deviceList;
HDEVINFO deviceInfoHandle;
SP_DEVICE_INTERFACE_DATA deviceInterfaceData = { sizeof(SP_DEVICE_INTERFACE_DATA) };
SP_DEVINFO_DATA deviceInfoData = { sizeof(SP_DEVINFO_DATA) };
PSP_DEVICE_INTERFACE_DETAIL_DATA deviceInterfaceDetail;
ULONG deviceInfoLength = 0;
if ((deviceInfoHandle = SetupDiGetClassDevs(
&GUID_DEVINTERFACE_DISK,
NULL,
NULL,
DIGCF_DEVICEINTERFACE
)) == INVALID_HANDLE_VALUE)
{
return;
}
deviceList = PH_AUTO(PhCreateList(1));
for (ULONG i = 0; SetupDiEnumDeviceInterfaces(deviceInfoHandle, NULL, &GUID_DEVINTERFACE_DISK, i, &deviceInterfaceData); i++)
{
if (SetupDiGetDeviceInterfaceDetail(
deviceInfoHandle,
&deviceInterfaceData,
0,
0,
&deviceInfoLength,
&deviceInfoData
) || GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
continue;
}
deviceInterfaceDetail = PhAllocate(deviceInfoLength);
deviceInterfaceDetail->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA);
if (SetupDiGetDeviceInterfaceDetail(
deviceInfoHandle,
&deviceInterfaceData,
deviceInterfaceDetail,
deviceInfoLength,
&deviceInfoLength,
&deviceInfoData
))
{
HANDLE deviceHandle;
PDISK_ENUM_ENTRY diskEntry;
WCHAR diskFriendlyName[MAX_PATH] = L"";
// This crashes on XP with error 0xC06D007F
//SetupDiGetDeviceProperty(
// deviceInfoHandle,
// &deviceInfoData,
// &DEVPKEY_Device_FriendlyName,
// &devicePropertyType,
// (PBYTE)diskFriendlyName,
// ARRAYSIZE(diskFriendlyName),
// NULL,
// 0
// );
if (!SetupDiGetDeviceRegistryProperty(
deviceInfoHandle,
&deviceInfoData,
SPDRP_FRIENDLYNAME,
NULL,
(PBYTE)diskFriendlyName,
ARRAYSIZE(diskFriendlyName),
NULL
))
{
continue;
}
diskEntry = PhAllocate(sizeof(DISK_ENUM_ENTRY));
memset(diskEntry, 0, sizeof(DISK_ENUM_ENTRY));
diskEntry->DeviceIndex = ULONG_MAX; // Note: Do not initialize to zero.
diskEntry->DeviceName = PhCreateString(diskFriendlyName);
diskEntry->DevicePath = PhCreateString(deviceInterfaceDetail->DevicePath);
if (NT_SUCCESS(DiskDriveCreateHandle(
&deviceHandle,
diskEntry->DevicePath
)))
{
ULONG diskIndex = ULONG_MAX; // Note: Do not initialize to zero
if (NT_SUCCESS(DiskDriveQueryDeviceTypeAndNumber(
deviceHandle,
&diskIndex,
NULL
)))
{
PPH_STRING diskMountPoints = PH_AUTO_T(PH_STRING, DiskDriveQueryDosMountPoints(diskIndex));
diskEntry->DeviceIndex = diskIndex;
diskEntry->DevicePresent = TRUE;
if (!PhIsNullOrEmptyString(diskMountPoints))
{
diskEntry->DeviceMountPoints = PhFormatString(
L"Disk %lu (%s) [%s]",
diskIndex,
diskMountPoints->Buffer,
diskFriendlyName
);
}
else
{
diskEntry->DeviceMountPoints = PhFormatString(
L"Disk %lu [%s]",
diskIndex,
diskFriendlyName
);
}
}
NtClose(deviceHandle);
}
PhAddItemList(deviceList, diskEntry);
}
PhFree(deviceInterfaceDetail);
}
SetupDiDestroyDeviceInfoList(deviceInfoHandle);
// Sort the entries
qsort(deviceList->Items, deviceList->Count, sizeof(PVOID), DiskEntryCompareFunction);
Context->EnumeratingDisks = TRUE;
PhAcquireQueuedLockShared(&DiskDrivesListLock);
for (ULONG i = 0; i < deviceList->Count; i++)
{
PDISK_ENUM_ENTRY entry = deviceList->Items[i];
AddDiskDriveToListView(
Context,
entry->DevicePresent,
entry->DevicePath,
entry->DeviceMountPoints ? entry->DeviceMountPoints : entry->DeviceName
);
if (entry->DeviceMountPoints)
PhDereferenceObject(entry->DeviceMountPoints);
if (entry->DeviceName)
PhDereferenceObject(entry->DeviceName);
// Note: DevicePath is disposed by WM_DESTROY.
PhFree(entry);
}
PhReleaseQueuedLockShared(&DiskDrivesListLock);
Context->EnumeratingDisks = FALSE;
// HACK: Show all unknown devices.
Context->EnumeratingDisks = TRUE;
PhAcquireQueuedLockShared(&DiskDrivesListLock);
for (ULONG i = 0; i < DiskDrivesList->Count; i++)
{
ULONG index = -1;
BOOLEAN found = FALSE;
PDV_DISK_ENTRY entry = PhReferenceObjectSafe(DiskDrivesList->Items[i]);
if (!entry)
continue;
while ((index = PhFindListViewItemByFlags(
Context->ListViewHandle,
index,
LVNI_ALL
)) != -1)
{
PDV_DISK_ID param;
if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m))
{
if (EquivalentDiskId(param, &entry->Id))
{
found = TRUE;
}
}
}
if (!found)
{
PPH_STRING description;
if (description = PhCreateString(L"Unknown disk"))
{
AddDiskDriveToListView(
Context,
FALSE,
entry->Id.DevicePath,
description
);
PhDereferenceObject(description);
}
}
PhDereferenceObjectDeferDelete(entry);
}
PhReleaseQueuedLockShared(&DiskDrivesListLock);
Context->EnumeratingDisks = FALSE;
}
INT_PTR CALLBACK PhpOptionsSymbolsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PhpPageInit(hwndDlg);
SetDlgItemText(hwndDlg, IDC_DBGHELPPATH, PhaGetStringSetting(L"DbgHelpPath")->Buffer);
SetDlgItemText(hwndDlg, IDC_DBGHELPSEARCHPATH, PhaGetStringSetting(L"DbgHelpSearchPath")->Buffer);
SetDlgItemCheckForSetting(hwndDlg, IDC_UNDECORATESYMBOLS, L"DbgHelpUndecorate");
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_BROWSE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"dbghelp.dll", L"dbghelp.dll" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
PPH_STRING fileName;
fileDialog = PhCreateOpenFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
fileName = PH_AUTO(PhGetFileName(PhaGetDlgItemText(hwndDlg, IDC_DBGHELPPATH)));
PhSetFileDialogFileName(fileDialog, fileName->Buffer);
if (PhShowFileDialog(hwndDlg, fileDialog))
{
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
SetDlgItemText(hwndDlg, IDC_DBGHELPPATH, fileName->Buffer);
}
PhFreeFileDialog(fileDialog);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_APPLY:
{
PPH_STRING dbgHelpPath = PhaGetDlgItemText(hwndDlg, IDC_DBGHELPPATH);
if (!PhEqualString(dbgHelpPath, PhaGetStringSetting(L"DbgHelpPath"), TRUE))
RestartRequired = TRUE;
PhSetStringSetting2(L"DbgHelpPath", &dbgHelpPath->sr);
PhSetStringSetting2(L"DbgHelpSearchPath", &(PhaGetDlgItemText(hwndDlg, IDC_DBGHELPSEARCHPATH)->sr));
SetSettingForDlgItemCheck(hwndDlg, IDC_UNDECORATESYMBOLS, L"DbgHelpUndecorate");
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_NOERROR);
}
return TRUE;
}
}
break;
}
return FALSE;
}
VOID PhpAdvancedPageSave(
_In_ HWND hwndDlg
)
{
ULONG sampleCount;
SetSettingForDlgItemCheck(hwndDlg, IDC_ENABLEWARNINGS, L"EnableWarnings");
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLEKERNELMODEDRIVER, L"EnableKph");
SetSettingForDlgItemCheck(hwndDlg, IDC_HIDEUNNAMEDHANDLES, L"HideUnnamedHandles");
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLESTAGE2, L"EnableStage2");
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLENETWORKRESOLVE, L"EnableNetworkResolve");
SetSettingForDlgItemCheck(hwndDlg, IDC_PROPAGATECPUUSAGE, L"PropagateCpuUsage");
SetSettingForDlgItemCheck(hwndDlg, IDC_ENABLEINSTANTTOOLTIPS, L"EnableInstantTooltips");
if (WindowsVersion >= WINDOWS_7)
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLECYCLECPUUSAGE, L"EnableCycleCpuUsage");
sampleCount = GetDlgItemInt(hwndDlg, IDC_SAMPLECOUNT, NULL, FALSE);
SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_SAMPLECOUNTAUTOMATIC, L"SampleCountAutomatic");
if (sampleCount == 0)
sampleCount = 1;
if (sampleCount != PhGetIntegerSetting(L"SampleCount"))
RestartRequired = TRUE;
PhSetIntegerSetting(L"SampleCount", sampleCount);
// Replace Task Manager
if (IsWindowEnabled(GetDlgItem(hwndDlg, IDC_REPLACETASKMANAGER)))
{
NTSTATUS status;
HANDLE taskmgrKeyHandle;
BOOLEAN replaceTaskMgr;
UNICODE_STRING valueName;
replaceTaskMgr = Button_GetCheck(GetDlgItem(hwndDlg, IDC_REPLACETASKMANAGER)) == BST_CHECKED;
if (OldReplaceTaskMgr != replaceTaskMgr)
{
// We should have created the key back in PhpAdvancedPageLoad, which is why
// we're opening the key here.
if (NT_SUCCESS(PhOpenKey(
&taskmgrKeyHandle,
KEY_WRITE,
PH_KEY_LOCAL_MACHINE,
&TaskMgrImageOptionsKeyName,
0
)))
{
RtlInitUnicodeString(&valueName, L"Debugger");
if (replaceTaskMgr)
{
PPH_STRING quotedFileName;
quotedFileName = PH_AUTO(PhConcatStrings(3, L"\"", PhApplicationFileName->Buffer, L"\""));
status = NtSetValueKey(taskmgrKeyHandle, &valueName, 0, REG_SZ, quotedFileName->Buffer, (ULONG)quotedFileName->Length + 2);
}
else
{
status = NtDeleteValueKey(taskmgrKeyHandle, &valueName);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to replace Task Manager", status, 0);
NtClose(taskmgrKeyHandle);
}
}
}
}
INT_PTR CALLBACK PhpChoiceDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PCHOICE_DIALOG_CONTEXT context = (PCHOICE_DIALOG_CONTEXT)lParam;
ULONG type;
SIZE_T i;
HWND comboBoxHandle;
HWND checkBoxHandle;
RECT checkBoxRect;
RECT rect;
ULONG diff;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
SetWindowText(hwndDlg, context->Title);
SetWindowText(GetDlgItem(hwndDlg, IDC_MESSAGE), context->Message);
type = context->Flags & PH_CHOICE_DIALOG_TYPE_MASK;
// Select the control to show, depending on the type. This is
// because it is impossible to change the style of the combo box
// after it is created.
switch (type)
{
case PH_CHOICE_DIALOG_USER_CHOICE:
comboBoxHandle = GetDlgItem(hwndDlg, IDC_CHOICEUSER);
ShowWindow(GetDlgItem(hwndDlg, IDC_CHOICEUSER), SW_SHOW);
break;
case PH_CHOICE_DIALOG_PASSWORD:
comboBoxHandle = GetDlgItem(hwndDlg, IDC_CHOICESIMPLE);
ShowWindow(GetDlgItem(hwndDlg, IDC_CHOICESIMPLE), SW_SHOW);
// Disable combo box features since it isn't a combo box.
context->SavedChoicesSettingName = NULL;
break;
case PH_CHOICE_DIALOG_CHOICE:
default:
comboBoxHandle = GetDlgItem(hwndDlg, IDC_CHOICE);
ShowWindow(GetDlgItem(hwndDlg, IDC_CHOICE), SW_SHOW);
break;
}
context->ComboBoxHandle = comboBoxHandle;
checkBoxHandle = GetDlgItem(hwndDlg, IDC_OPTION);
if (type == PH_CHOICE_DIALOG_PASSWORD)
{
// Nothing
}
else if (type == PH_CHOICE_DIALOG_USER_CHOICE && context->SavedChoicesSettingName)
{
PPH_STRING savedChoices = PhGetStringSetting(context->SavedChoicesSettingName);
ULONG_PTR indexOfDelim;
PPH_STRING savedChoice;
i = 0;
// Split the saved choices using the delimiter.
while (i < savedChoices->Length / 2)
{
// BUG BUG BUG - what if the user saves "\s"?
indexOfDelim = PhFindStringInString(savedChoices, i, L"\\s");
if (indexOfDelim == -1)
indexOfDelim = savedChoices->Length / 2;
savedChoice = PhSubstring(savedChoices, i, indexOfDelim - i);
if (savedChoice->Length != 0)
{
PPH_STRING unescaped;
unescaped = PhUnescapeStringForDelimiter(savedChoice, '\\');
ComboBox_InsertString(comboBoxHandle, -1, unescaped->Buffer);
PhDereferenceObject(unescaped);
}
PhDereferenceObject(savedChoice);
i = indexOfDelim + 2;
}
PhDereferenceObject(savedChoices);
}
else
{
for (i = 0; i < context->NumberOfChoices; i++)
{
ComboBox_AddString(comboBoxHandle, context->Choices[i]);
}
context->SavedChoicesSettingName = NULL; // make sure we don't try to save the choices
}
if (type == PH_CHOICE_DIALOG_PASSWORD)
{
if (*context->SelectedChoice)
SetWindowText(comboBoxHandle, (*context->SelectedChoice)->Buffer);
Edit_SetSel(comboBoxHandle, 0, -1);
}
else if (type == PH_CHOICE_DIALOG_USER_CHOICE || type == PH_CHOICE_DIALOG_CHOICE)
{
// If we failed to choose a default choice based on what was specified,
// select the first one if possible, or set the text directly.
if (!(*context->SelectedChoice) || PhSelectComboBoxString(
comboBoxHandle, (*context->SelectedChoice)->Buffer, FALSE) == CB_ERR)
{
if (type == PH_CHOICE_DIALOG_USER_CHOICE && *context->SelectedChoice)
{
SetWindowText(comboBoxHandle, (*context->SelectedChoice)->Buffer);
}
else if (type == PH_CHOICE_DIALOG_CHOICE && context->NumberOfChoices != 0)
{
ComboBox_SetCurSel(comboBoxHandle, 0);
}
}
if (type == PH_CHOICE_DIALOG_USER_CHOICE)
ComboBox_SetEditSel(comboBoxHandle, 0, -1);
}
if (context->Option)
{
SetWindowText(checkBoxHandle, context->Option);
if (context->SelectedOption)
Button_SetCheck(checkBoxHandle, *context->SelectedOption ? BST_CHECKED : BST_UNCHECKED);
}
else
{
// Hide the check box and move the buttons up.
ShowWindow(checkBoxHandle, SW_HIDE);
GetWindowRect(checkBoxHandle, &checkBoxRect);
MapWindowPoints(NULL, hwndDlg, (POINT *)&checkBoxRect, 2);
GetWindowRect(GetDlgItem(hwndDlg, IDOK), &rect);
MapWindowPoints(NULL, hwndDlg, (POINT *)&rect, 2);
diff = rect.top - checkBoxRect.top;
// OK
rect.top -= diff;
rect.bottom -= diff;
SetWindowPos(GetDlgItem(hwndDlg, IDOK), NULL, rect.left, rect.top,
rect.right - rect.left, rect.bottom - rect.top,
SWP_NOACTIVATE | SWP_NOZORDER);
// Cancel
GetWindowRect(GetDlgItem(hwndDlg, IDCANCEL), &rect);
MapWindowPoints(NULL, hwndDlg, (POINT *)&rect, 2);
rect.top -= diff;
rect.bottom -= diff;
SetWindowPos(GetDlgItem(hwndDlg, IDCANCEL), NULL, rect.left, rect.top,
rect.right - rect.left, rect.bottom - rect.top,
SWP_NOACTIVATE | SWP_NOZORDER);
// Window
GetWindowRect(hwndDlg, &rect);
rect.bottom -= diff;
SetWindowPos(hwndDlg, NULL, rect.left, rect.top,
rect.right - rect.left, rect.bottom - rect.top,
SWP_NOACTIVATE | SWP_NOZORDER);
}
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)comboBoxHandle, TRUE);
}
break;
case WM_DESTROY:
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
EndDialog(hwndDlg, IDCANCEL);
break;
case IDOK:
{
PCHOICE_DIALOG_CONTEXT context = (PCHOICE_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
PPH_STRING selectedChoice;
if ((context->Flags & PH_CHOICE_DIALOG_TYPE_MASK) != PH_CHOICE_DIALOG_PASSWORD)
{
selectedChoice = PH_AUTO(PhGetWindowText(context->ComboBoxHandle));
*context->SelectedChoice = selectedChoice;
}
else
{
// Password values are never auto-dereferenced.
selectedChoice = PhGetWindowText(context->ComboBoxHandle);
*context->SelectedChoice = selectedChoice;
}
if (context->Option && context->SelectedOption)
*context->SelectedOption = Button_GetCheck(GetDlgItem(hwndDlg, IDC_OPTION)) == BST_CHECKED;
if (context->SavedChoicesSettingName)
{
PH_STRING_BUILDER savedChoices;
ULONG i;
ULONG choicesToSave = PH_CHOICE_DIALOG_SAVED_CHOICES;
PPH_STRING choice;
PPH_STRING escaped;
PhInitializeStringBuilder(&savedChoices, 100);
// Push the selected choice to the top, then save the others.
if (selectedChoice->Length != 0)
{
escaped = PhEscapeStringForDelimiter(selectedChoice, '\\');
PhAppendStringBuilder(&savedChoices, &escaped->sr);
PhDereferenceObject(escaped);
PhAppendStringBuilder2(&savedChoices, L"\\s");
}
for (i = 1; i < choicesToSave; i++)
{
choice = PhGetComboBoxString(context->ComboBoxHandle, i - 1);
if (!choice)
break;
// Don't save the choice if it's the same as the one
// entered by the user (since we already saved it above).
if (PhEqualString(choice, selectedChoice, FALSE))
{
PhDereferenceObject(choice);
choicesToSave++; // useless for now, but may be needed in the future
continue;
}
escaped = PhEscapeStringForDelimiter(choice, '\\');
PhAppendStringBuilder(&savedChoices, &escaped->sr);
PhDereferenceObject(escaped);
PhDereferenceObject(choice);
PhAppendStringBuilder2(&savedChoices, L"\\s");
}
if (PhEndsWithString2(savedChoices.String, L"\\s", FALSE))
PhRemoveEndStringBuilder(&savedChoices, 2);
PhSetStringSetting2(context->SavedChoicesSettingName, &savedChoices.String->sr);
PhDeleteStringBuilder(&savedChoices);
}
EndDialog(hwndDlg, IDOK);
}
break;
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpMemoryResultsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PMEMORY_RESULTS_CONTEXT context;
if (uMsg != WM_INITDIALOG)
{
context = GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PMEMORY_RESULTS_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhRegisterDialog(hwndDlg);
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItem(context->ProcessId))
{
SetWindowText(hwndDlg, PhaFormatString(L"Results - %s (%u)",
processItem->ProcessName->Buffer, HandleToUlong(processItem->ProcessId))->Buffer);
PhDereferenceObject(processItem);
}
}
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 120, L"Address");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 80, L"Length");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Result");
PhLoadListViewColumnsFromSetting(L"MemResultsListViewColumns", lvHandle);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_COPY), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_SAVE), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_FILTER), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 250;
rect.bottom = 180;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
ListView_SetItemCount(lvHandle, context->Results->Count);
SetDlgItemText(hwndDlg, IDC_INTRO, PhaFormatString(L"%s results.",
PhaFormatUInt64(context->Results->Count, TRUE)->Buffer)->Buffer);
{
PH_RECTANGLE windowRectangle;
windowRectangle.Position = PhGetIntegerPairSetting(L"MemResultsPosition");
windowRectangle.Size = PhGetIntegerPairSetting(L"MemResultsSize");
PhAdjustRectangleToWorkingArea(hwndDlg, &windowRectangle);
MoveWindow(hwndDlg, windowRectangle.Left, windowRectangle.Top,
windowRectangle.Width, windowRectangle.Height, FALSE);
// Implement cascading by saving an offsetted rectangle.
windowRectangle.Left += 20;
windowRectangle.Top += 20;
PhSetIntegerPairSetting(L"MemResultsPosition", windowRectangle.Position);
PhSetIntegerPairSetting(L"MemResultsSize", windowRectangle.Size);
}
}
break;
case WM_DESTROY:
{
PhSaveWindowPlacementToSetting(L"MemResultsPosition", L"MemResultsSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"MemResultsListViewColumns", GetDlgItem(hwndDlg, IDC_LIST));
PhDeleteLayoutManager(&context->LayoutManager);
PhUnregisterDialog(hwndDlg);
RemoveProp(hwndDlg, PhMakeContextAtom());
PhDereferenceMemoryResults((PPH_MEMORY_RESULT *)context->Results->Items, context->Results->Count);
PhDereferenceObject(context->Results);
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_COPY:
{
HWND lvHandle;
PPH_STRING string;
ULONG selectedCount;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
selectedCount = ListView_GetSelectedCount(lvHandle);
if (selectedCount == 0)
{
// User didn't select anything, so copy all items.
string = PhpGetStringForSelectedResults(lvHandle, context->Results, TRUE);
PhSetStateAllListViewItems(lvHandle, LVIS_SELECTED, LVIS_SELECTED);
}
else
{
string = PhpGetStringForSelectedResults(lvHandle, context->Results, FALSE);
}
PhSetClipboardString(hwndDlg, &string->sr);
PhDereferenceObject(string);
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)lvHandle, TRUE);
}
break;
case IDC_SAVE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Text files (*.txt)", L"*.txt" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, L"Search Results.txt");
if (PhShowFileDialog(hwndDlg, fileDialog))
{
NTSTATUS status;
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
PPH_STRING string;
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
PhWriteStringAsUtf8FileStream(fileStream, &PhUnicodeByteOrderMark);
PhWritePhTextHeader(fileStream);
string = PhpGetStringForSelectedResults(GetDlgItem(hwndDlg, IDC_LIST), context->Results, TRUE);
PhWriteStringAsUtf8FileStreamEx(fileStream, string->Buffer, string->Length);
PhDereferenceObject(string);
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
break;
case IDC_FILTER:
{
PPH_EMENU menu;
RECT buttonRect;
POINT point;
PPH_EMENU_ITEM selectedItem;
ULONG filterType = 0;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_MEMFILTER), 0);
GetClientRect(GetDlgItem(hwndDlg, IDC_FILTER), &buttonRect);
point.x = 0;
point.y = buttonRect.bottom;
ClientToScreen(GetDlgItem(hwndDlg, IDC_FILTER), &point);
selectedItem = PhShowEMenu(menu, hwndDlg, PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP, point.x, point.y);
if (selectedItem)
{
switch (selectedItem->Id)
{
case ID_FILTER_CONTAINS:
filterType = FILTER_CONTAINS;
break;
case ID_FILTER_CONTAINS_CASEINSENSITIVE:
filterType = FILTER_CONTAINS_IGNORECASE;
break;
case ID_FILTER_REGEX:
filterType = FILTER_REGEX;
break;
case ID_FILTER_REGEX_CASEINSENSITIVE:
filterType = FILTER_REGEX_IGNORECASE;
break;
}
}
if (filterType != 0)
FilterResults(hwndDlg, context, filterType);
PhDestroyEMenu(menu);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
HWND lvHandle;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhHandleListViewNotifyForCopy(lParam, lvHandle);
switch (header->code)
{
case LVN_GETDISPINFO:
{
NMLVDISPINFO *dispInfo = (NMLVDISPINFO *)header;
if (dispInfo->item.mask & LVIF_TEXT)
{
PPH_MEMORY_RESULT result = context->Results->Items[dispInfo->item.iItem];
switch (dispInfo->item.iSubItem)
{
case 0:
{
WCHAR addressString[PH_PTR_STR_LEN_1];
PhPrintPointer(addressString, result->Address);
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
addressString,
_TRUNCATE
);
}
break;
case 1:
{
WCHAR lengthString[PH_INT32_STR_LEN_1];
PhPrintUInt32(lengthString, (ULONG)result->Length);
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
lengthString,
_TRUNCATE
);
}
break;
case 2:
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
result->Display.Buffer,
_TRUNCATE
);
break;
}
}
}
break;
case NM_DBLCLK:
{
if (header->hwndFrom == lvHandle)
{
INT index;
if ((index = ListView_GetNextItem(
lvHandle,
-1,
LVNI_SELECTED
)) != -1)
{
NTSTATUS status;
PPH_MEMORY_RESULT result = context->Results->Items[index];
HANDLE processHandle;
MEMORY_BASIC_INFORMATION basicInfo;
PPH_SHOWMEMORYEDITOR showMemoryEditor;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
context->ProcessId
)))
{
if (NT_SUCCESS(status = NtQueryVirtualMemory(
processHandle,
result->Address,
MemoryBasicInformation,
&basicInfo,
sizeof(MEMORY_BASIC_INFORMATION),
NULL
)))
{
showMemoryEditor = PhAllocate(sizeof(PH_SHOWMEMORYEDITOR));
memset(showMemoryEditor, 0, sizeof(PH_SHOWMEMORYEDITOR));
showMemoryEditor->ProcessId = context->ProcessId;
showMemoryEditor->BaseAddress = basicInfo.BaseAddress;
showMemoryEditor->RegionSize = basicInfo.RegionSize;
showMemoryEditor->SelectOffset = (ULONG)((ULONG_PTR)result->Address - (ULONG_PTR)basicInfo.BaseAddress);
showMemoryEditor->SelectLength = (ULONG)result->Length;
ProcessHacker_ShowMemoryEditor(PhMainWndHandle, showMemoryEditor);
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to edit memory", status, 0);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&context->LayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
VOID PhSvcHandleConnectionRequest(
_In_ PPORT_MESSAGE PortMessage
)
{
NTSTATUS status;
PPHSVC_API_MSG message;
PPHSVC_API_MSG64 message64;
CLIENT_ID clientId;
PPHSVC_CLIENT client;
HANDLE portHandle;
REMOTE_PORT_VIEW clientView;
REMOTE_PORT_VIEW64 clientView64;
PREMOTE_PORT_VIEW actualClientView;
message = (PPHSVC_API_MSG)PortMessage;
message64 = (PPHSVC_API_MSG64)PortMessage;
if (PhIsExecutingInWow64())
{
clientId.UniqueProcess = (HANDLE)message64->h.ClientId.UniqueProcess;
clientId.UniqueThread = (HANDLE)message64->h.ClientId.UniqueThread;
}
else
{
PPH_STRING referenceFileName;
PPH_STRING remoteFileName;
clientId = message->h.ClientId;
// Make sure that the remote process is Process Hacker itself and not some other program.
referenceFileName = NULL;
PhGetProcessImageFileNameByProcessId(NtCurrentProcessId(), &referenceFileName);
PH_AUTO(referenceFileName);
remoteFileName = NULL;
PhGetProcessImageFileNameByProcessId(clientId.UniqueProcess, &remoteFileName);
PH_AUTO(remoteFileName);
if (!referenceFileName || !remoteFileName || !PhEqualString(referenceFileName, remoteFileName, TRUE))
{
NtAcceptConnectPort(&portHandle, NULL, PortMessage, FALSE, NULL, NULL);
return;
}
}
client = PhSvcCreateClient(&clientId);
if (!client)
{
NtAcceptConnectPort(&portHandle, NULL, PortMessage, FALSE, NULL, NULL);
return;
}
if (PhIsExecutingInWow64())
{
message64->p.ConnectInfo.ServerProcessId = HandleToUlong(NtCurrentProcessId());
clientView64.Length = sizeof(REMOTE_PORT_VIEW64);
clientView64.ViewSize = 0;
clientView64.ViewBase = 0;
actualClientView = (PREMOTE_PORT_VIEW)&clientView64;
}
else
{
message->p.ConnectInfo.ServerProcessId = HandleToUlong(NtCurrentProcessId());
clientView.Length = sizeof(REMOTE_PORT_VIEW);
clientView.ViewSize = 0;
clientView.ViewBase = NULL;
actualClientView = &clientView;
}
status = NtAcceptConnectPort(
&portHandle,
client,
PortMessage,
TRUE,
NULL,
actualClientView
);
if (!NT_SUCCESS(status))
{
PhDereferenceObject(client);
return;
}
// IMPORTANT: Since Vista, NtCompleteConnectPort does not do anything and simply returns STATUS_SUCCESS.
// We will call it anyway (for completeness), but we need to use an event to ensure that other threads don't try
// to process requests before we have finished setting up the client object.
client->PortHandle = portHandle;
if (PhIsExecutingInWow64())
{
client->ClientViewBase = (PVOID)clientView64.ViewBase;
client->ClientViewLimit = PTR_ADD_OFFSET(clientView64.ViewBase, clientView64.ViewSize);
}
else
{
client->ClientViewBase = clientView.ViewBase;
client->ClientViewLimit = PTR_ADD_OFFSET(clientView.ViewBase, clientView.ViewSize);
}
NtCompleteConnectPort(portHandle);
PhSetEvent(&client->ReadyEvent);
if (_InterlockedIncrement(&PhSvcApiNumberOfClients) == 1)
{
NtSetEvent(PhSvcTimeoutCancelEventHandle, NULL);
}
}
VOID NotifyGrowl(
_In_ PPH_PLUGIN_NOTIFY_EVENT NotifyEvent
)
{
PSTR notification;
PPH_STRING title;
PPH_BYTES titleUtf8;
PPH_STRING message;
PPH_BYTES messageUtf8;
PPH_PROCESS_ITEM processItem;
PPH_SERVICE_ITEM serviceItem;
PPH_PROCESS_ITEM parentProcessItem;
if (NotifyEvent->Handled)
return;
switch (NotifyEvent->Type)
{
case PH_NOTIFY_PROCESS_CREATE:
processItem = NotifyEvent->Parameter;
notification = GrowlNotifications[0];
title = processItem->ProcessName;
parentProcessItem = PhReferenceProcessItemForParent(processItem);
message = PhaFormatString(
L"The process %s (%lu) was started by %s.",
processItem->ProcessName->Buffer,
HandleToUlong(processItem->ProcessId),
parentProcessItem ? parentProcessItem->ProcessName->Buffer : L"an unknown process"
);
if (parentProcessItem)
PhDereferenceObject(parentProcessItem);
break;
case PH_NOTIFY_PROCESS_DELETE:
processItem = NotifyEvent->Parameter;
notification = GrowlNotifications[1];
title = processItem->ProcessName;
message = PhaFormatString(L"The process %s (%lu) was terminated.",
processItem->ProcessName->Buffer,
HandleToUlong(processItem->ProcessId)
);
break;
case PH_NOTIFY_SERVICE_CREATE:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[2];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been created.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
case PH_NOTIFY_SERVICE_DELETE:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[3];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been deleted.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
case PH_NOTIFY_SERVICE_START:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[4];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been started.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
case PH_NOTIFY_SERVICE_STOP:
serviceItem = NotifyEvent->Parameter;
notification = GrowlNotifications[5];
title = serviceItem->DisplayName;
message = PhaFormatString(L"The service %s (%s) has been stopped.",
serviceItem->Name->Buffer,
serviceItem->DisplayName->Buffer
);
break;
default:
return;
}
titleUtf8 = PH_AUTO(PhConvertUtf16ToUtf8Ex(title->Buffer, title->Length));
messageUtf8 = PH_AUTO(PhConvertUtf16ToUtf8Ex(message->Buffer, message->Length));
RegisterGrowl(TRUE);
if (growl_tcp_notify("127.0.0.1", "Process Hacker", notification, titleUtf8->Buffer, messageUtf8->Buffer, NULL, NULL, NULL) == 0)
NotifyEvent->Handled = TRUE;
}
static INT_PTR CALLBACK PhpFindObjectsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhFindObjectsListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_FILTER),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_REGEX),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, lvHandle,
NULL, PH_ANCHOR_ALL);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 150;
MinimumSize.bottom = 100;
MapDialogRect(hwndDlg, &MinimumSize);
PhRegisterDialog(hwndDlg);
PhLoadWindowPlacementFromSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSetListViewStyle(lvHandle, TRUE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Process");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 100, L"Type");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Handle");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetSortFast(lvHandle, TRUE);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpObjectProcessCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpObjectTypeCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpObjectNameCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpObjectHandleCompareFunction);
PhLoadListViewColumnsFromSetting(L"FindObjListViewColumns", lvHandle);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_REGEX), PhGetIntegerSetting(L"FindObjRegex") ? BST_CHECKED : BST_UNCHECKED);
}
break;
case WM_DESTROY:
{
PhSetIntegerSetting(L"FindObjRegex", Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED);
PhSaveWindowPlacementToSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"FindObjListViewColumns", PhFindObjectsListViewHandle);
}
break;
case WM_SHOWWINDOW:
{
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_FILTER), TRUE);
Edit_SetSel(GetDlgItem(hwndDlg, IDC_FILTER), 0, -1);
}
break;
case WM_CLOSE:
{
ShowWindow(hwndDlg, SW_HIDE);
// IMPORTANT
// Set the result to 0 so the default dialog message
// handler doesn't invoke IDCANCEL, which will send
// WM_CLOSE, creating an infinite loop.
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0);
}
return TRUE;
case WM_SETCURSOR:
{
if (SearchThreadHandle)
{
SetCursor(LoadCursor(NULL, IDC_WAIT));
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, TRUE);
return TRUE;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDOK:
{
// Don't continue if the user requested cancellation.
if (SearchStop)
break;
if (!SearchThreadHandle)
{
ULONG i;
PhMoveReference(&SearchString, PhGetWindowText(GetDlgItem(hwndDlg, IDC_FILTER)));
if (SearchRegexCompiledExpression)
{
pcre2_code_free(SearchRegexCompiledExpression);
SearchRegexCompiledExpression = NULL;
}
if (SearchRegexMatchData)
{
pcre2_match_data_free(SearchRegexMatchData);
SearchRegexMatchData = NULL;
}
if (Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED)
{
int errorCode;
PCRE2_SIZE errorOffset;
SearchRegexCompiledExpression = pcre2_compile(
SearchString->Buffer,
SearchString->Length / sizeof(WCHAR),
PCRE2_CASELESS | PCRE2_DOTALL,
&errorCode,
&errorOffset,
NULL
);
if (!SearchRegexCompiledExpression)
{
PhShowError(hwndDlg, L"Unable to compile the regular expression: \"%s\" at position %zu.",
PhGetStringOrDefault(PH_AUTO(PhPcre2GetErrorMessage(errorCode)), L"Unknown error"),
errorOffset
);
break;
}
SearchRegexMatchData = pcre2_match_data_create_from_pattern(SearchRegexCompiledExpression, NULL);
}
// Clean up previous results.
ListView_DeleteAllItems(PhFindObjectsListViewHandle);
if (SearchResults)
{
for (i = 0; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
PhDereferenceObject(searchResult->TypeName);
PhDereferenceObject(searchResult->Name);
if (searchResult->ProcessName)
PhDereferenceObject(searchResult->ProcessName);
PhFree(searchResult);
}
PhDereferenceObject(SearchResults);
}
// Start the search.
SearchResults = PhCreateList(128);
SearchResultsAddIndex = 0;
SearchThreadHandle = PhCreateThread(0, PhpFindObjectsThreadStart, NULL);
if (!SearchThreadHandle)
{
PhClearReference(&SearchResults);
break;
}
SetDlgItemText(hwndDlg, IDOK, L"Cancel");
SetCursor(LoadCursor(NULL, IDC_WAIT));
}
else
{
SearchStop = TRUE;
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
}
break;
case IDCANCEL:
{
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
}
break;
case ID_OBJECT_CLOSE:
{
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
ULONG i;
PhGetSelectedListViewItemParams(
PhFindObjectsListViewHandle,
&results,
&numberOfResults
);
if (numberOfResults != 0 && PhShowConfirmMessage(
hwndDlg,
L"close",
numberOfResults == 1 ? L"the selected handle" : L"the selected handles",
L"Closing handles may cause system instability and data corruption.",
FALSE
))
{
for (i = 0; i < numberOfResults; i++)
{
NTSTATUS status;
HANDLE processHandle;
if (results[i]->ResultType != HandleSearchResult)
continue;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_DUP_HANDLE,
results[i]->ProcessId
)))
{
if (NT_SUCCESS(status = PhDuplicateObject(
processHandle,
results[i]->Handle,
NULL,
NULL,
0,
0,
DUPLICATE_CLOSE_SOURCE
)))
{
PhRemoveListViewItem(PhFindObjectsListViewHandle,
PhFindListViewItemByParam(PhFindObjectsListViewHandle, 0, results[i]));
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
{
if (!PhShowContinueStatus(hwndDlg,
PhaFormatString(L"Unable to close \"%s\"", results[i]->Name->Buffer)->Buffer,
status,
0
))
break;
}
}
}
PhFree(results);
}
break;
case ID_HANDLE_OBJECTPROPERTIES1:
case ID_HANDLE_OBJECTPROPERTIES2:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PH_HANDLE_ITEM_INFO info;
info.ProcessId = result->ProcessId;
info.Handle = result->Handle;
info.TypeName = result->TypeName;
info.BestObjectName = result->Name;
if (LOWORD(wParam) == ID_HANDLE_OBJECTPROPERTIES1)
PhShowHandleObjectProperties1(hwndDlg, &info);
else
PhShowHandleObjectProperties2(hwndDlg, &info);
}
}
break;
case ID_OBJECT_GOTOOWNINGPROCESS:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PPH_PROCESS_NODE processNode;
if (processNode = PhFindProcessNode(result->ProcessId))
{
ProcessHacker_SelectTabPage(PhMainWndHandle, 0);
ProcessHacker_SelectProcessNode(PhMainWndHandle, processNode);
ProcessHacker_ToggleVisible(PhMainWndHandle, TRUE);
}
}
}
break;
case ID_OBJECT_PROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
if (result->ResultType == HandleSearchResult)
{
PPH_HANDLE_ITEM handleItem;
handleItem = PhCreateHandleItem(&result->Info);
handleItem->BestObjectName = handleItem->ObjectName = result->Name;
PhReferenceObjectEx(result->Name, 2);
handleItem->TypeName = result->TypeName;
PhReferenceObject(result->TypeName);
PhShowHandleProperties(
hwndDlg,
result->ProcessId,
handleItem
);
PhDereferenceObject(handleItem);
}
else
{
// DLL or Mapped File. Just show file properties.
PhShellProperties(hwndDlg, result->Name->Buffer);
}
}
}
break;
case ID_OBJECT_COPY:
{
PhCopyListView(PhFindObjectsListViewHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_PROPERTIES, 0);
}
}
break;
case LVN_KEYDOWN:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
LPNMLVKEYDOWN keyDown = (LPNMLVKEYDOWN)header;
switch (keyDown->wVKey)
{
case 'C':
if (GetKeyState(VK_CONTROL) < 0)
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_COPY, 0);
break;
case 'A':
if (GetKeyState(VK_CONTROL) < 0)
PhSetStateAllListViewItems(PhFindObjectsListViewHandle, LVIS_SELECTED, LVIS_SELECTED);
break;
case VK_DELETE:
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_CLOSE, 0);
break;
}
}
}
break;
}
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == PhFindObjectsListViewHandle)
{
POINT point;
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
PhGetSelectedListViewItemParams(PhFindObjectsListViewHandle, &results, &numberOfResults);
if (numberOfResults != 0)
{
PPH_EMENU menu;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_FINDOBJ), 0);
PhSetFlagsEMenuItem(menu, ID_OBJECT_PROPERTIES, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT);
PhpInitializeFindObjMenu(menu, results, numberOfResults);
PhShowEMenu(
menu,
hwndDlg,
PH_EMENU_SHOW_SEND_COMMAND | PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
point.x,
point.y
);
PhDestroyEMenu(menu);
}
PhFree(results);
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_SEARCH_UPDATE:
{
HWND lvHandle;
ULONG i;
lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
ExtendedListView_SetRedraw(lvHandle, FALSE);
PhAcquireQueuedLockExclusive(&SearchResultsLock);
for (i = SearchResultsAddIndex; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
CLIENT_ID clientId;
PPH_PROCESS_ITEM processItem;
PPH_STRING clientIdName;
INT lvItemIndex;
clientId.UniqueProcess = searchResult->ProcessId;
clientId.UniqueThread = NULL;
processItem = PhReferenceProcessItem(clientId.UniqueProcess);
clientIdName = PhGetClientIdNameEx(&clientId, processItem ? processItem->ProcessName : NULL);
lvItemIndex = PhAddListViewItem(
lvHandle,
MAXINT,
clientIdName->Buffer,
searchResult
);
PhDereferenceObject(clientIdName);
if (processItem)
{
PhSetReference(&searchResult->ProcessName, processItem->ProcessName);
PhDereferenceObject(processItem);
}
else
{
searchResult->ProcessName = NULL;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, searchResult->TypeName->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, searchResult->Name->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, searchResult->HandleString);
}
SearchResultsAddIndex = i;
PhReleaseQueuedLockExclusive(&SearchResultsLock);
ExtendedListView_SetRedraw(lvHandle, TRUE);
}
break;
case WM_PH_SEARCH_FINISHED:
{
NTSTATUS handleSearchStatus = (NTSTATUS)wParam;
// Add any un-added items.
SendMessage(hwndDlg, WM_PH_SEARCH_UPDATE, 0, 0);
NtWaitForSingleObject(SearchThreadHandle, FALSE, NULL);
NtClose(SearchThreadHandle);
SearchThreadHandle = NULL;
SearchStop = FALSE;
ExtendedListView_SortItems(GetDlgItem(hwndDlg, IDC_RESULTS));
SetDlgItemText(hwndDlg, IDOK, L"Find");
EnableWindow(GetDlgItem(hwndDlg, IDOK), TRUE);
SetCursor(LoadCursor(NULL, IDC_ARROW));
if (handleSearchStatus == STATUS_INSUFFICIENT_RESOURCES)
{
PhShowWarning(
hwndDlg,
L"Unable to search for handles because the total number of handles on the system is too large. "
L"Please check if there are any processes with an extremely large number of handles open."
);
}
}
break;
}
return FALSE;
}
VOID NTAPI MenuItemCallback(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_PLUGIN_MENU_ITEM menuItem = Parameter;
switch (menuItem->Id)
{
case ENABLE_SERVICE_VIRUSTOTAL:
{
ULONG scanningEnabled = !VirusTotalScanningEnabled;
PhSetIntegerSetting(SETTING_NAME_VIRUSTOTAL_SCAN_ENABLED, scanningEnabled);
if (VirusTotalScanningEnabled != scanningEnabled)
{
INT result = IDOK;
TASKDIALOGCONFIG config;
memset(&config, 0, sizeof(TASKDIALOGCONFIG));
config.cbSize = sizeof(TASKDIALOGCONFIG);
config.dwFlags = TDF_USE_HICON_MAIN | TDF_ALLOW_DIALOG_CANCELLATION;
config.dwCommonButtons = TDCBF_YES_BUTTON | TDCBF_NO_BUTTON;
config.hwndParent = menuItem->OwnerWindow;
config.hMainIcon = PH_LOAD_SHARED_ICON_LARGE(PhInstanceHandle, MAKEINTRESOURCE(PHAPP_IDI_PROCESSHACKER));
config.cxWidth = 180;
config.pszWindowTitle = L"Process Hacker - VirusTotal";
config.pszMainInstruction = L"VirusTotal scanning requires a restart of Process Hacker.";
config.pszContent = L"Do you want to restart Process Hacker now?";
if (SUCCEEDED(TaskDialogIndirect(&config, &result, NULL, NULL)) && result == IDYES)
{
ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle);
PhShellProcessHacker(
PhMainWndHandle,
L"-v",
SW_SHOW,
0,
PH_SHELL_APP_PROPAGATE_PARAMETERS | PH_SHELL_APP_PROPAGATE_PARAMETERS_IGNORE_VISIBILITY,
0,
NULL
);
ProcessHacker_Destroy(PhMainWndHandle);
}
DestroyIcon(config.hMainIcon);
}
}
break;
case MENUITEM_VIRUSTOTAL_UPLOAD:
UploadToOnlineService(menuItem->Context, MENUITEM_VIRUSTOTAL_UPLOAD);
break;
case MENUITEM_VIRUSTOTAL_UPLOAD_SERVICE:
UploadServiceToOnlineService(menuItem->Context, MENUITEM_VIRUSTOTAL_UPLOAD_SERVICE);
break;
case MENUITEM_JOTTI_UPLOAD:
UploadToOnlineService(menuItem->Context, MENUITEM_JOTTI_UPLOAD);
break;
case MENUITEM_JOTTI_UPLOAD_SERVICE:
UploadServiceToOnlineService(menuItem->Context, MENUITEM_JOTTI_UPLOAD_SERVICE);
break;
case MENUITEM_HYBRIDANALYSIS_UPLOAD:
UploadToOnlineService(menuItem->Context, MENUITEM_HYBRIDANALYSIS_UPLOAD);
break;
case MENUITEM_HYBRIDANALYSIS_UPLOAD_SERVICE:
UploadServiceToOnlineService(menuItem->Context, MENUITEM_HYBRIDANALYSIS_UPLOAD_SERVICE);
break;
case MENUITEM_VIRUSTOTAL_UPLOAD_FILE:
case MENUITEM_HYBRIDANALYSIS_UPLOAD_FILE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
PPH_STRING fileName;
fileDialog = PhCreateOpenFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
if (PhShowFileDialog(menuItem->Context, fileDialog))
{
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
switch (menuItem->Id)
{
case MENUITEM_VIRUSTOTAL_UPLOAD_FILE:
UploadToOnlineService(fileName, MENUITEM_VIRUSTOTAL_UPLOAD);
break;
case MENUITEM_HYBRIDANALYSIS_UPLOAD_FILE:
UploadToOnlineService(fileName, MENUITEM_HYBRIDANALYSIS_UPLOAD);
break;
}
}
PhFreeFileDialog(fileDialog);
}
break;
}
}
HRESULT CALLBACK FinalTaskDialogCallbackProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam,
_In_ LONG_PTR dwRefData
)
{
PPH_UPDATER_CONTEXT context = (PPH_UPDATER_CONTEXT)dwRefData;
switch (uMsg)
{
case TDN_NAVIGATED:
{
if (!UpdaterCheckApplicationDirectory())
{
SendMessage(hwndDlg, TDM_SET_BUTTON_ELEVATION_REQUIRED_STATE, IDYES, TRUE);
}
}
break;
case TDN_BUTTON_CLICKED:
{
INT buttonId = (INT)wParam;
if (buttonId == IDRETRY)
{
ShowCheckForUpdatesDialog(context);
return S_FALSE;
}
else if (buttonId == IDYES)
{
SHELLEXECUTEINFO info = { sizeof(SHELLEXECUTEINFO) };
PPH_STRING parameters;
if (PhIsNullOrEmptyString(context->SetupFilePath))
break;
parameters = PH_AUTO(PhGetApplicationDirectory());
parameters = PH_AUTO(PhBufferToHexString((PUCHAR)parameters->Buffer, (ULONG)parameters->Length));
parameters = PH_AUTO(PhConcatStrings(3, L"-update \"", PhGetStringOrEmpty(parameters), L"\""));
info.lpFile = PhGetStringOrEmpty(context->SetupFilePath);
info.lpParameters = PhGetString(parameters);
info.lpVerb = UpdaterCheckApplicationDirectory() ? NULL : L"runas";
info.nShow = SW_SHOW;
info.hwnd = hwndDlg;
info.fMask = SEE_MASK_NOASYNC | SEE_MASK_FLAG_NO_UI | SEE_MASK_NOZONECHECKS;
ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle);
if (ShellExecuteEx(&info))
{
ProcessHacker_Destroy(PhMainWndHandle);
}
else
{
ULONG errorCode = GetLastError();
// Install failed, cancel the shutdown.
ProcessHacker_CancelEarlyShutdown(PhMainWndHandle);
// Show error dialog.
if (errorCode != ERROR_CANCELLED) // Ignore UAC decline.
{
PhShowStatus(hwndDlg, L"Unable to execute the setup.", 0, errorCode);
if (context->StartupCheck)
ShowAvailableDialog(context);
else
ShowCheckForUpdatesDialog(context);
}
return S_FALSE;
}
}
}
break;
case TDN_HYPERLINK_CLICKED:
{
TaskDialogLinkClicked(context);
return S_FALSE;
}
break;
}
return S_OK;
}
INT_PTR CALLBACK LoggingDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
static PH_LAYOUT_MANAGER LayoutManager;
switch (uMsg)
{
case WM_INITDIALOG:
{
SetDlgItemText(hwndDlg, IDC_LOGFILENAME, PhaGetStringSetting(SETTING_NAME_LOG_FILENAME)->Buffer);
PhInitializeLayoutManager(&LayoutManager, hwndDlg);
PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_INFO), NULL, PH_ANCHOR_TOP | PH_ANCHOR_LEFT | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_LOGFILENAME), NULL, PH_ANCHOR_TOP | PH_ANCHOR_LEFT | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_BROWSE), NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
}
break;
case WM_DESTROY:
{
PhSetStringSetting2(SETTING_NAME_LOG_FILENAME, &PhaGetDlgItemText(hwndDlg, IDC_LOGFILENAME)->sr);
PhDeleteLayoutManager(&LayoutManager);
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&LayoutManager);
}
break;
case WM_COMMAND:
{
switch (GET_WM_COMMAND_ID(wParam, lParam))
{
case IDC_BROWSE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Log files (*.txt;*.log)", L"*.txt;*.log" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
PPH_STRING fileName;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
fileName = PH_AUTO(PhGetFileName(PhaGetDlgItemText(hwndDlg, IDC_LOGFILENAME)));
PhSetFileDialogFileName(fileDialog, fileName->Buffer);
if (PhShowFileDialog(hwndDlg, fileDialog))
{
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
SetDlgItemText(hwndDlg, IDC_LOGFILENAME, fileName->Buffer);
}
PhFreeFileDialog(fileDialog);
}
break;
}
}
break;
}
return FALSE;
}
static VOID FilterResults(
_In_ HWND hwndDlg,
_In_ PMEMORY_RESULTS_CONTEXT Context,
_In_ ULONG Type
)
{
PPH_STRING selectedChoice = NULL;
PPH_LIST results;
pcre2_code *compiledExpression;
pcre2_match_data *matchData;
results = Context->Results;
SetCursor(LoadCursor(NULL, IDC_WAIT));
while (PhaChoiceDialog(
hwndDlg,
L"Filter",
L"Enter the filter pattern:",
NULL,
0,
NULL,
PH_CHOICE_DIALOG_USER_CHOICE,
&selectedChoice,
NULL,
L"MemFilterChoices"
))
{
PPH_LIST newResults = NULL;
ULONG i;
if (Type == FILTER_CONTAINS || Type == FILTER_CONTAINS_IGNORECASE)
{
newResults = PhCreateList(1024);
if (Type == FILTER_CONTAINS)
{
for (i = 0; i < results->Count; i++)
{
PPH_MEMORY_RESULT result = results->Items[i];
if (wcsstr(result->Display.Buffer, selectedChoice->Buffer))
{
PhReferenceMemoryResult(result);
PhAddItemList(newResults, result);
}
}
}
else
{
PPH_STRING upperChoice;
upperChoice = PhaUpperString(selectedChoice);
for (i = 0; i < results->Count; i++)
{
PPH_MEMORY_RESULT result = results->Items[i];
PWSTR upperDisplay;
upperDisplay = PhAllocateForMemorySearch(result->Display.Length + sizeof(WCHAR));
// Copy the null terminator as well.
memcpy(upperDisplay, result->Display.Buffer, result->Display.Length + sizeof(WCHAR));
_wcsupr(upperDisplay);
if (wcsstr(upperDisplay, upperChoice->Buffer))
{
PhReferenceMemoryResult(result);
PhAddItemList(newResults, result);
}
PhFreeForMemorySearch(upperDisplay);
}
}
}
else if (Type == FILTER_REGEX || Type == FILTER_REGEX_IGNORECASE)
{
int errorCode;
PCRE2_SIZE errorOffset;
compiledExpression = pcre2_compile(
selectedChoice->Buffer,
selectedChoice->Length / sizeof(WCHAR),
(Type == FILTER_REGEX_IGNORECASE ? PCRE2_CASELESS : 0) | PCRE2_DOTALL,
&errorCode,
&errorOffset,
NULL
);
if (!compiledExpression)
{
PhShowError(hwndDlg, L"Unable to compile the regular expression: \"%s\" at position %zu.",
PhGetStringOrDefault(PH_AUTO(PhPcre2GetErrorMessage(errorCode)), L"Unknown error"),
errorOffset
);
continue;
}
matchData = pcre2_match_data_create_from_pattern(compiledExpression, NULL);
newResults = PhCreateList(1024);
for (i = 0; i < results->Count; i++)
{
PPH_MEMORY_RESULT result = results->Items[i];
if (pcre2_match(
compiledExpression,
result->Display.Buffer,
result->Display.Length / sizeof(WCHAR),
0,
0,
matchData,
NULL
) >= 0)
{
PhReferenceMemoryResult(result);
PhAddItemList(newResults, result);
}
}
pcre2_match_data_free(matchData);
pcre2_code_free(compiledExpression);
}
if (newResults)
{
PhShowMemoryResultsDialog(Context->ProcessId, newResults);
PhDereferenceMemoryResults((PPH_MEMORY_RESULT *)newResults->Items, newResults->Count);
PhDereferenceObject(newResults);
break;
}
}
SetCursor(LoadCursor(NULL, IDC_ARROW));
}
