static VOID PhpRefreshSectionPageInfo( _In_ HWND hwndDlg, _In_ PCOMMON_PAGE_CONTEXT PageContext ) { HANDLE sectionHandle; SECTION_BASIC_INFORMATION basicInfo; PWSTR sectionType = L"Unknown"; PPH_STRING sectionSize = NULL; PPH_STRING fileName = NULL; if (!NT_SUCCESS(PageContext->OpenObject( §ionHandle, SECTION_QUERY | SECTION_MAP_READ, PageContext->Context ))) { if (!NT_SUCCESS(PageContext->OpenObject( §ionHandle, SECTION_QUERY | SECTION_MAP_READ, PageContext->Context ))) { return; } } if (NT_SUCCESS(PhGetSectionBasicInformation(sectionHandle, &basicInfo))) { if (basicInfo.AllocationAttributes & SEC_COMMIT) sectionType = L"Commit"; else if (basicInfo.AllocationAttributes & SEC_FILE) sectionType = L"File"; else if (basicInfo.AllocationAttributes & SEC_IMAGE) sectionType = L"Image"; else if (basicInfo.AllocationAttributes & SEC_RESERVE) sectionType = L"Reserve"; sectionSize = PhaFormatSize(basicInfo.MaximumSize.QuadPart, -1); } if (NT_SUCCESS(PhGetSectionFileName(sectionHandle, &fileName))) { PPH_STRING newFileName; PH_AUTO(fileName); if (newFileName = PhResolveDevicePrefix(fileName)) fileName = PH_AUTO(newFileName); } SetDlgItemText(hwndDlg, IDC_TYPE, sectionType); SetDlgItemText(hwndDlg, IDC_SIZE_, PhGetStringOrDefault(sectionSize, L"Unknown")); SetDlgItemText(hwndDlg, IDC_FILE, PhGetStringOrDefault(fileName, L"N/A")); NtClose(sectionHandle); }
NTSTATUS PhSipLoadMmAddresses( _In_ PVOID Parameter ) { PRTL_PROCESS_MODULES kernelModules; PPH_SYMBOL_PROVIDER symbolProvider; PPH_STRING kernelFileName; PPH_STRING newFileName; PH_SYMBOL_INFORMATION symbolInfo; if (NT_SUCCESS(PhEnumKernelModules(&kernelModules))) { if (kernelModules->NumberOfModules >= 1) { symbolProvider = PhCreateSymbolProvider(NULL); PhLoadSymbolProviderOptions(symbolProvider); kernelFileName = PH_AUTO(PhConvertMultiByteToUtf16(kernelModules->Modules[0].FullPathName)); newFileName = PH_AUTO(PhGetFileName(kernelFileName)); PhLoadModuleSymbolProvider( symbolProvider, newFileName->Buffer, (ULONG64)kernelModules->Modules[0].ImageBase, kernelModules->Modules[0].ImageSize ); if (PhGetSymbolFromName( symbolProvider, L"MmSizeOfPagedPoolInBytes", &symbolInfo )) { MmSizeOfPagedPoolInBytes = (PSIZE_T)symbolInfo.Address; } if (PhGetSymbolFromName( symbolProvider, L"MmMaximumNonPagedPoolInBytes", &symbolInfo )) { MmMaximumNonPagedPoolInBytes = (PSIZE_T)symbolInfo.Address; } PhDereferenceObject(symbolProvider); } PhFree(kernelModules); } return STATUS_SUCCESS; }
VOID StatusBarSaveSettings( VOID ) { ULONG buttonIndex = 0; PPH_STRING settingsString; PH_STRING_BUILDER stringBuilder; PhInitializeStringBuilder(&stringBuilder, 100); PhAppendFormatStringBuilder( &stringBuilder, L"%lu|", StatusBarItemList->Count ); for (buttonIndex = 0; buttonIndex < StatusBarItemList->Count; buttonIndex++) { PSTATUSBAR_ITEM statusItem = StatusBarItemList->Items[buttonIndex]; PhAppendFormatStringBuilder( &stringBuilder, L"%lu|", statusItem->Id ); } if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder)); PhSetStringSetting2(SETTING_NAME_STATUSBAR_CONFIG, &settingsString->sr); }
static VOID PhpAddJobProcesses( _In_ HWND hwndDlg, _In_ HANDLE JobHandle ) { PJOBOBJECT_BASIC_PROCESS_ID_LIST processIdList; HWND processesLv; processesLv = GetDlgItem(hwndDlg, IDC_PROCESSES); if (NT_SUCCESS(PhGetJobProcessIdList(JobHandle, &processIdList))) { ULONG i; CLIENT_ID clientId; PPH_STRING name; clientId.UniqueThread = NULL; for (i = 0; i < processIdList->NumberOfProcessIdsInList; i++) { clientId.UniqueProcess = (HANDLE)processIdList->ProcessIdList[i]; name = PH_AUTO(PhGetClientIdName(&clientId)); PhAddListViewItem(processesLv, MAXINT, PhGetString(name), NULL); } PhFree(processIdList); } }
static PPH_STRING PhpaGetSendMessageReceiver( _In_ HANDLE ThreadId ) { static HWND (WINAPI *GetSendMessageReceiver_I)( _In_ HANDLE ThreadId ); HWND windowHandle; ULONG threadId; ULONG processId; CLIENT_ID clientId; PPH_STRING clientIdName; WCHAR windowClass[64]; PPH_STRING windowText; // GetSendMessageReceiver is an undocumented function exported by // user32.dll. It retrieves the handle of the window which a thread // is sending a message to. if (!GetSendMessageReceiver_I) GetSendMessageReceiver_I = PhGetDllProcedureAddress(L"user32.dll", "GetSendMessageReceiver", 0); if (!GetSendMessageReceiver_I) return NULL; windowHandle = GetSendMessageReceiver_I(ThreadId); if (!windowHandle) return NULL; threadId = GetWindowThreadProcessId(windowHandle, &processId); clientId.UniqueProcess = UlongToHandle(processId); clientId.UniqueThread = UlongToHandle(threadId); clientIdName = PH_AUTO(PhGetClientIdName(&clientId)); if (!GetClassName(windowHandle, windowClass, sizeof(windowClass) / sizeof(WCHAR))) windowClass[0] = UNICODE_NULL; windowText = PH_AUTO(PhGetWindowText(windowHandle)); return PhaFormatString(L"Window 0x%Ix (%s): %s \"%s\"", windowHandle, clientIdName->Buffer, windowClass, PhGetStringOrEmpty(windowText)); }
static VOID ReadCurrentUserRun( VOID ) { HANDLE keyHandle; PPH_STRING value; CurrentUserRunPresent = FALSE; CurrentUserRunStartHidden = FALSE; if (NT_SUCCESS(PhOpenKey( &keyHandle, KEY_READ, PH_KEY_CURRENT_USER, &CurrentUserRunKeyName, 0 ))) { if (value = PhQueryRegistryString(keyHandle, L"Process Hacker 2")) { PH_STRINGREF fileName; PH_STRINGREF arguments; PPH_STRING fullFileName; PH_AUTO(value); if (PhParseCommandLineFuzzy(&value->sr, &fileName, &arguments, &fullFileName)) { PH_AUTO(fullFileName); if (fullFileName && PhEqualString(fullFileName, PhApplicationFileName, TRUE)) { CurrentUserRunPresent = TRUE; CurrentUserRunStartHidden = PhEqualStringRef2(&arguments, L"-hide", FALSE); } } } NtClose(keyHandle); } }
/** * Adds a menu hook. * * \param MenuInfo The plugin menu information structure. * \param Plugin A plugin instance structure. * \param Context A user-defined value that is later accessible from the callback. * * \remarks The \ref PluginCallbackMenuHook callback is invoked when any menu item * from the menu is chosen. */ BOOLEAN PhPluginAddMenuHook( _Inout_ PPH_PLUGIN_MENU_INFORMATION MenuInfo, _In_ PPH_PLUGIN Plugin, _In_opt_ PVOID Context ) { PPHP_PLUGIN_MENU_HOOK hook; if (MenuInfo->Flags & PH_PLUGIN_MENU_DISALLOW_HOOKS) return FALSE; if (!MenuInfo->PluginHookList) MenuInfo->PluginHookList = PH_AUTO(PhCreateList(2)); hook = PH_AUTO(PhCreateAlloc(sizeof(PHP_PLUGIN_MENU_HOOK))); hook->Plugin = Plugin; hook->Context = Context; PhAddItemList(MenuInfo->PluginHookList, hook); return TRUE; }
VOID ReBarSaveLayoutSettings( VOID ) { UINT index = 0; UINT count = 0; PPH_STRING settingsString; PH_STRING_BUILDER stringBuilder; PhInitializeStringBuilder(&stringBuilder, 100); count = (UINT)SendMessage(RebarHandle, RB_GETBANDCOUNT, 0, 0); for (index = 0; index < count; index++) { REBARBANDINFO rebarBandInfo = { sizeof(REBARBANDINFO), RBBIM_STYLE | RBBIM_SIZE | RBBIM_ID }; SendMessage(RebarHandle, RB_GETBANDINFO, index, (LPARAM)&rebarBandInfo); if (rebarBandInfo.fStyle & RBBS_GRIPPERALWAYS) { rebarBandInfo.fStyle &= ~RBBS_GRIPPERALWAYS; } if (rebarBandInfo.fStyle & RBBS_NOGRIPPER) { rebarBandInfo.fStyle &= ~RBBS_NOGRIPPER; } if (rebarBandInfo.fStyle & RBBS_FIXEDSIZE) { rebarBandInfo.fStyle &= ~RBBS_FIXEDSIZE; } PhAppendFormatStringBuilder( &stringBuilder, L"%u|%u|%u|", rebarBandInfo.wID, rebarBandInfo.cx, rebarBandInfo.fStyle ); } if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder)); PhSetStringSetting2(SETTING_NAME_REBAR_CONFIG, &settingsString->sr); }
static PPH_STRING PhpaGetHandleString( _In_ HANDLE ProcessHandle, _In_ HANDLE Handle ) { PPH_STRING typeName = NULL; PPH_STRING name = NULL; PPH_STRING result; PhGetHandleInformation( ProcessHandle, Handle, -1, NULL, &typeName, NULL, &name ); PH_AUTO(typeName); PH_AUTO(name); if (typeName && name) { result = PhaFormatString( L"Handle 0x%Ix (%s): %s", Handle, typeName->Buffer, !PhIsNullOrEmptyString(name) ? name->Buffer : L"(unnamed object)" ); } else { result = PhaFormatString( L"Handle 0x%Ix: (error querying handle)", Handle ); } return result; }
SC_ACTION_TYPE ComboBoxToServiceAction( _In_ HWND ComboBoxHandle ) { PPH_STRING string; string = PH_AUTO(PhGetComboBoxString(ComboBoxHandle, ComboBox_GetCurSel(ComboBoxHandle))); if (!string) return SC_ACTION_NONE; return EspStringToServiceAction(string->Buffer); }
PPH_STRING PhpaGetAlpcInformation( _In_ HANDLE ThreadId ) { NTSTATUS status; PPH_STRING string = NULL; HANDLE threadHandle; PALPC_SERVER_INFORMATION serverInfo; ULONG bufferLength; if (!NT_SUCCESS(PhOpenThread(&threadHandle, THREAD_QUERY_INFORMATION, ThreadId))) return NULL; bufferLength = 0x110; serverInfo = PhAllocate(bufferLength); serverInfo->In.ThreadHandle = threadHandle; status = NtAlpcQueryInformation(NULL, AlpcServerInformation, serverInfo, bufferLength, &bufferLength); if (status == STATUS_INFO_LENGTH_MISMATCH) { PhFree(serverInfo); serverInfo = PhAllocate(bufferLength); serverInfo->In.ThreadHandle = threadHandle; status = NtAlpcQueryInformation(NULL, AlpcServerInformation, serverInfo, bufferLength, &bufferLength); } if (NT_SUCCESS(status) && serverInfo->Out.ThreadBlocked) { CLIENT_ID clientId; PPH_STRING clientIdName; clientId.UniqueProcess = serverInfo->Out.ConnectedProcessId; clientId.UniqueThread = NULL; clientIdName = PH_AUTO(PhGetClientIdName(&clientId)); string = PhaFormatString(L"ALPC Port: %.*s (%s)", serverInfo->Out.ConnectionPortName.Length / sizeof(WCHAR), serverInfo->Out.ConnectionPortName.Buffer, clientIdName->Buffer); } PhFree(serverInfo); NtClose(threadHandle); return string; }
VOID ToolbarSaveButtonSettings( VOID ) { INT buttonIndex = 0; INT buttonCount = 0; PPH_STRING settingsString; PH_STRING_BUILDER stringBuilder; PhInitializeStringBuilder(&stringBuilder, 100); buttonCount = (INT)SendMessage(ToolBarHandle, TB_BUTTONCOUNT, 0, 0); PhAppendFormatStringBuilder( &stringBuilder, L"%d|", buttonCount ); for (buttonIndex = 0; buttonIndex < buttonCount; buttonIndex++) { TBBUTTONINFO buttonInfo = { sizeof(TBBUTTONINFO), TBIF_BYINDEX | TBIF_IMAGE | TBIF_STYLE | TBIF_COMMAND }; // Get button information. if (SendMessage(ToolBarHandle, TB_GETBUTTONINFO, buttonIndex, (LPARAM)&buttonInfo) == -1) break; PhAppendFormatStringBuilder( &stringBuilder, L"%d|", buttonInfo.idCommand ); } if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder)); PhSetStringSetting2(SETTING_NAME_TOOLBAR_CONFIG, &settingsString->sr); }
// copied from ProcessHacker\netlist.c.. static PPH_STRING PhpNetworkTreeGetNetworkItemProcessName( _In_ PPH_NETWORK_ITEM NetworkItem ) { PH_FORMAT format[4]; if (!NetworkItem->ProcessId) return PhaCreateString(L"Waiting connections"); PhInitFormatS(&format[1], L" ("); PhInitFormatU(&format[2], HandleToUlong(NetworkItem->ProcessId)); PhInitFormatC(&format[3], ')'); if (NetworkItem->ProcessName) PhInitFormatSR(&format[0], NetworkItem->ProcessName->sr); else PhInitFormatS(&format[0], L"Unknown process"); return PH_AUTO(PhFormat(format, 4, 96)); }
static VOID WriteCurrentUserRun( _In_ BOOLEAN Present, _In_ BOOLEAN StartHidden ) { HANDLE keyHandle; if (CurrentUserRunPresent == Present && (!Present || CurrentUserRunStartHidden == StartHidden)) return; if (NT_SUCCESS(PhOpenKey( &keyHandle, KEY_WRITE, PH_KEY_CURRENT_USER, &CurrentUserRunKeyName, 0 ))) { UNICODE_STRING valueName; RtlInitUnicodeString(&valueName, L"Process Hacker 2"); if (Present) { PPH_STRING value; value = PH_AUTO(PhConcatStrings(3, L"\"", PhApplicationFileName->Buffer, L"\"")); if (StartHidden) value = PhaConcatStrings2(value->Buffer, L" -hide"); NtSetValueKey(keyHandle, &valueName, 0, REG_SZ, value->Buffer, (ULONG)value->Length + 2); } else { NtDeleteValueKey(keyHandle, &valueName); } NtClose(keyHandle); } }
VOID NetAdaptersSaveList( VOID ) { PH_STRING_BUILDER stringBuilder; PPH_STRING settingsString; PhInitializeStringBuilder(&stringBuilder, 260); PhAcquireQueuedLockShared(&NetworkAdaptersListLock); for (ULONG i = 0; i < NetworkAdaptersList->Count; i++) { PDV_NETADAPTER_ENTRY entry = PhReferenceObjectSafe(NetworkAdaptersList->Items[i]); if (!entry) continue; if (entry->UserReference) { PhAppendFormatStringBuilder( &stringBuilder, L"%lu,%I64u,%s,", entry->AdapterId.InterfaceIndex, // This value is UNSAFE and will change after reboot. entry->AdapterId.InterfaceLuid.Value, // This value is SAFE and does not change (Vista+). entry->AdapterId.InterfaceGuid->Buffer ); } PhDereferenceObjectDeferDelete(entry); } PhReleaseQueuedLockShared(&NetworkAdaptersListLock); if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder)); PhSetStringSetting2(SETTING_NAME_INTERFACE_LIST, &settingsString->sr); }
VOID DiskDrivesSaveList( VOID ) { PH_STRING_BUILDER stringBuilder; PPH_STRING settingsString; PhInitializeStringBuilder(&stringBuilder, 260); PhAcquireQueuedLockShared(&DiskDrivesListLock); for (ULONG i = 0; i < DiskDrivesList->Count; i++) { PDV_DISK_ENTRY entry = PhReferenceObjectSafe(DiskDrivesList->Items[i]); if (!entry) continue; if (entry->UserReference) { PhAppendFormatStringBuilder( &stringBuilder, L"%s,", entry->Id.DevicePath->Buffer // This value is SAFE and does not change. ); } PhDereferenceObjectDeferDelete(entry); } PhReleaseQueuedLockShared(&DiskDrivesListLock); if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder)); PhSetStringSetting2(SETTING_NAME_DISK_LIST, &settingsString->sr); }
BOOLEAN PhUiCreateDumpFileProcess( _In_ HWND hWnd, _In_ PPH_PROCESS_ITEM Process ) { static PH_FILETYPE_FILTER filters[] = { { L"Dump files (*.dmp)", L"*.dmp" }, { L"All files (*.*)", L"*.*" } }; PVOID fileDialog; PPH_STRING fileName; fileDialog = PhCreateSaveFileDialog(); PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER)); PhSetFileDialogFileName(fileDialog, PhaConcatStrings2(Process->ProcessName->Buffer, L".dmp")->Buffer); if (!PhShowFileDialog(hWnd, fileDialog)) { PhFreeFileDialog(fileDialog); return FALSE; } fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog)); PhFreeFileDialog(fileDialog); return PhpCreateProcessMiniDumpWithProgress( hWnd, Process->ProcessId, fileName->Buffer, // task manager uses these flags MiniDumpWithFullMemory | MiniDumpWithHandleData | MiniDumpWithUnloadedModules | MiniDumpWithFullMemoryInfo | MiniDumpWithThreadInfo ); }
VOID PhSaveSettingsColumnList( _In_ PWSTR SettingName, _In_ PPH_LIST ColumnSetList ) { ULONG index; PPH_STRING settingsString; PH_STRING_BUILDER stringBuilder; PhInitializeStringBuilder(&stringBuilder, 100); PhAppendFormatStringBuilder( &stringBuilder, L"%lu-", ColumnSetList->Count ); for (index = 0; index < ColumnSetList->Count; index++) { PPH_COLUMN_SET_ENTRY entry = ColumnSetList->Items[index]; if (PhIsNullOrEmptyString(entry->Name)) continue; PhAppendFormatStringBuilder( &stringBuilder, L"%s-%s-%s-", entry->Name->Buffer, PhGetStringOrEmpty(entry->Setting), PhGetStringOrEmpty(entry->Sorting) ); } if (stringBuilder.String->Length != 0) PhRemoveEndStringBuilder(&stringBuilder, 1); settingsString = PH_AUTO(PhFinalStringBuilderString(&stringBuilder)); PhSetStringSetting2(SettingName, &settingsString->sr); }
VOID FindDiskDrives( _In_ PDV_DISK_OPTIONS_CONTEXT Context ) { PPH_LIST deviceList; HDEVINFO deviceInfoHandle; SP_DEVICE_INTERFACE_DATA deviceInterfaceData = { sizeof(SP_DEVICE_INTERFACE_DATA) }; SP_DEVINFO_DATA deviceInfoData = { sizeof(SP_DEVINFO_DATA) }; PSP_DEVICE_INTERFACE_DETAIL_DATA deviceInterfaceDetail; ULONG deviceInfoLength = 0; if ((deviceInfoHandle = SetupDiGetClassDevs( &GUID_DEVINTERFACE_DISK, NULL, NULL, DIGCF_DEVICEINTERFACE )) == INVALID_HANDLE_VALUE) { return; } deviceList = PH_AUTO(PhCreateList(1)); for (ULONG i = 0; SetupDiEnumDeviceInterfaces(deviceInfoHandle, NULL, &GUID_DEVINTERFACE_DISK, i, &deviceInterfaceData); i++) { if (SetupDiGetDeviceInterfaceDetail( deviceInfoHandle, &deviceInterfaceData, 0, 0, &deviceInfoLength, &deviceInfoData ) || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { continue; } deviceInterfaceDetail = PhAllocate(deviceInfoLength); deviceInterfaceDetail->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA); if (SetupDiGetDeviceInterfaceDetail( deviceInfoHandle, &deviceInterfaceData, deviceInterfaceDetail, deviceInfoLength, &deviceInfoLength, &deviceInfoData )) { HANDLE deviceHandle; PDISK_ENUM_ENTRY diskEntry; WCHAR diskFriendlyName[MAX_PATH] = L""; // This crashes on XP with error 0xC06D007F //SetupDiGetDeviceProperty( // deviceInfoHandle, // &deviceInfoData, // &DEVPKEY_Device_FriendlyName, // &devicePropertyType, // (PBYTE)diskFriendlyName, // ARRAYSIZE(diskFriendlyName), // NULL, // 0 // ); if (!SetupDiGetDeviceRegistryProperty( deviceInfoHandle, &deviceInfoData, SPDRP_FRIENDLYNAME, NULL, (PBYTE)diskFriendlyName, ARRAYSIZE(diskFriendlyName), NULL )) { continue; } diskEntry = PhAllocate(sizeof(DISK_ENUM_ENTRY)); memset(diskEntry, 0, sizeof(DISK_ENUM_ENTRY)); diskEntry->DeviceIndex = ULONG_MAX; // Note: Do not initialize to zero. diskEntry->DeviceName = PhCreateString(diskFriendlyName); diskEntry->DevicePath = PhCreateString(deviceInterfaceDetail->DevicePath); if (NT_SUCCESS(DiskDriveCreateHandle( &deviceHandle, diskEntry->DevicePath ))) { ULONG diskIndex = ULONG_MAX; // Note: Do not initialize to zero if (NT_SUCCESS(DiskDriveQueryDeviceTypeAndNumber( deviceHandle, &diskIndex, NULL ))) { PPH_STRING diskMountPoints = PH_AUTO_T(PH_STRING, DiskDriveQueryDosMountPoints(diskIndex)); diskEntry->DeviceIndex = diskIndex; diskEntry->DevicePresent = TRUE; if (!PhIsNullOrEmptyString(diskMountPoints)) { diskEntry->DeviceMountPoints = PhFormatString( L"Disk %lu (%s) [%s]", diskIndex, diskMountPoints->Buffer, diskFriendlyName ); } else { diskEntry->DeviceMountPoints = PhFormatString( L"Disk %lu [%s]", diskIndex, diskFriendlyName ); } } NtClose(deviceHandle); } PhAddItemList(deviceList, diskEntry); } PhFree(deviceInterfaceDetail); } SetupDiDestroyDeviceInfoList(deviceInfoHandle); // Sort the entries qsort(deviceList->Items, deviceList->Count, sizeof(PVOID), DiskEntryCompareFunction); Context->EnumeratingDisks = TRUE; PhAcquireQueuedLockShared(&DiskDrivesListLock); for (ULONG i = 0; i < deviceList->Count; i++) { PDISK_ENUM_ENTRY entry = deviceList->Items[i]; AddDiskDriveToListView( Context, entry->DevicePresent, entry->DevicePath, entry->DeviceMountPoints ? entry->DeviceMountPoints : entry->DeviceName ); if (entry->DeviceMountPoints) PhDereferenceObject(entry->DeviceMountPoints); if (entry->DeviceName) PhDereferenceObject(entry->DeviceName); // Note: DevicePath is disposed by WM_DESTROY. PhFree(entry); } PhReleaseQueuedLockShared(&DiskDrivesListLock); Context->EnumeratingDisks = FALSE; // HACK: Show all unknown devices. Context->EnumeratingDisks = TRUE; PhAcquireQueuedLockShared(&DiskDrivesListLock); for (ULONG i = 0; i < DiskDrivesList->Count; i++) { ULONG index = -1; BOOLEAN found = FALSE; PDV_DISK_ENTRY entry = PhReferenceObjectSafe(DiskDrivesList->Items[i]); if (!entry) continue; while ((index = PhFindListViewItemByFlags( Context->ListViewHandle, index, LVNI_ALL )) != -1) { PDV_DISK_ID param; if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m)) { if (EquivalentDiskId(param, &entry->Id)) { found = TRUE; } } } if (!found) { PPH_STRING description; if (description = PhCreateString(L"Unknown disk")) { AddDiskDriveToListView( Context, FALSE, entry->Id.DevicePath, description ); PhDereferenceObject(description); } } PhDereferenceObjectDeferDelete(entry); } PhReleaseQueuedLockShared(&DiskDrivesListLock); Context->EnumeratingDisks = FALSE; }
INT_PTR CALLBACK PhpOptionsSymbolsDlgProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { switch (uMsg) { case WM_INITDIALOG: { PhpPageInit(hwndDlg); SetDlgItemText(hwndDlg, IDC_DBGHELPPATH, PhaGetStringSetting(L"DbgHelpPath")->Buffer); SetDlgItemText(hwndDlg, IDC_DBGHELPSEARCHPATH, PhaGetStringSetting(L"DbgHelpSearchPath")->Buffer); SetDlgItemCheckForSetting(hwndDlg, IDC_UNDECORATESYMBOLS, L"DbgHelpUndecorate"); } break; case WM_COMMAND: { switch (LOWORD(wParam)) { case IDC_BROWSE: { static PH_FILETYPE_FILTER filters[] = { { L"dbghelp.dll", L"dbghelp.dll" }, { L"All files (*.*)", L"*.*" } }; PVOID fileDialog; PPH_STRING fileName; fileDialog = PhCreateOpenFileDialog(); PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER)); fileName = PH_AUTO(PhGetFileName(PhaGetDlgItemText(hwndDlg, IDC_DBGHELPPATH))); PhSetFileDialogFileName(fileDialog, fileName->Buffer); if (PhShowFileDialog(hwndDlg, fileDialog)) { fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog)); SetDlgItemText(hwndDlg, IDC_DBGHELPPATH, fileName->Buffer); } PhFreeFileDialog(fileDialog); } break; } } break; case WM_NOTIFY: { LPNMHDR header = (LPNMHDR)lParam; switch (header->code) { case PSN_APPLY: { PPH_STRING dbgHelpPath = PhaGetDlgItemText(hwndDlg, IDC_DBGHELPPATH); if (!PhEqualString(dbgHelpPath, PhaGetStringSetting(L"DbgHelpPath"), TRUE)) RestartRequired = TRUE; PhSetStringSetting2(L"DbgHelpPath", &dbgHelpPath->sr); PhSetStringSetting2(L"DbgHelpSearchPath", &(PhaGetDlgItemText(hwndDlg, IDC_DBGHELPSEARCHPATH)->sr)); SetSettingForDlgItemCheck(hwndDlg, IDC_UNDECORATESYMBOLS, L"DbgHelpUndecorate"); SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_NOERROR); } return TRUE; } } break; } return FALSE; }
VOID PhpAdvancedPageSave( _In_ HWND hwndDlg ) { ULONG sampleCount; SetSettingForDlgItemCheck(hwndDlg, IDC_ENABLEWARNINGS, L"EnableWarnings"); SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLEKERNELMODEDRIVER, L"EnableKph"); SetSettingForDlgItemCheck(hwndDlg, IDC_HIDEUNNAMEDHANDLES, L"HideUnnamedHandles"); SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLESTAGE2, L"EnableStage2"); SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLENETWORKRESOLVE, L"EnableNetworkResolve"); SetSettingForDlgItemCheck(hwndDlg, IDC_PROPAGATECPUUSAGE, L"PropagateCpuUsage"); SetSettingForDlgItemCheck(hwndDlg, IDC_ENABLEINSTANTTOOLTIPS, L"EnableInstantTooltips"); if (WindowsVersion >= WINDOWS_7) SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_ENABLECYCLECPUUSAGE, L"EnableCycleCpuUsage"); sampleCount = GetDlgItemInt(hwndDlg, IDC_SAMPLECOUNT, NULL, FALSE); SetSettingForDlgItemCheckRestartRequired(hwndDlg, IDC_SAMPLECOUNTAUTOMATIC, L"SampleCountAutomatic"); if (sampleCount == 0) sampleCount = 1; if (sampleCount != PhGetIntegerSetting(L"SampleCount")) RestartRequired = TRUE; PhSetIntegerSetting(L"SampleCount", sampleCount); // Replace Task Manager if (IsWindowEnabled(GetDlgItem(hwndDlg, IDC_REPLACETASKMANAGER))) { NTSTATUS status; HANDLE taskmgrKeyHandle; BOOLEAN replaceTaskMgr; UNICODE_STRING valueName; replaceTaskMgr = Button_GetCheck(GetDlgItem(hwndDlg, IDC_REPLACETASKMANAGER)) == BST_CHECKED; if (OldReplaceTaskMgr != replaceTaskMgr) { // We should have created the key back in PhpAdvancedPageLoad, which is why // we're opening the key here. if (NT_SUCCESS(PhOpenKey( &taskmgrKeyHandle, KEY_WRITE, PH_KEY_LOCAL_MACHINE, &TaskMgrImageOptionsKeyName, 0 ))) { RtlInitUnicodeString(&valueName, L"Debugger"); if (replaceTaskMgr) { PPH_STRING quotedFileName; quotedFileName = PH_AUTO(PhConcatStrings(3, L"\"", PhApplicationFileName->Buffer, L"\"")); status = NtSetValueKey(taskmgrKeyHandle, &valueName, 0, REG_SZ, quotedFileName->Buffer, (ULONG)quotedFileName->Length + 2); } else { status = NtDeleteValueKey(taskmgrKeyHandle, &valueName); } if (!NT_SUCCESS(status)) PhShowStatus(hwndDlg, L"Unable to replace Task Manager", status, 0); NtClose(taskmgrKeyHandle); } } } }
INT_PTR CALLBACK PhpChoiceDlgProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { switch (uMsg) { case WM_INITDIALOG: { PCHOICE_DIALOG_CONTEXT context = (PCHOICE_DIALOG_CONTEXT)lParam; ULONG type; SIZE_T i; HWND comboBoxHandle; HWND checkBoxHandle; RECT checkBoxRect; RECT rect; ULONG diff; SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context); PhCenterWindow(hwndDlg, GetParent(hwndDlg)); SetWindowText(hwndDlg, context->Title); SetWindowText(GetDlgItem(hwndDlg, IDC_MESSAGE), context->Message); type = context->Flags & PH_CHOICE_DIALOG_TYPE_MASK; // Select the control to show, depending on the type. This is // because it is impossible to change the style of the combo box // after it is created. switch (type) { case PH_CHOICE_DIALOG_USER_CHOICE: comboBoxHandle = GetDlgItem(hwndDlg, IDC_CHOICEUSER); ShowWindow(GetDlgItem(hwndDlg, IDC_CHOICEUSER), SW_SHOW); break; case PH_CHOICE_DIALOG_PASSWORD: comboBoxHandle = GetDlgItem(hwndDlg, IDC_CHOICESIMPLE); ShowWindow(GetDlgItem(hwndDlg, IDC_CHOICESIMPLE), SW_SHOW); // Disable combo box features since it isn't a combo box. context->SavedChoicesSettingName = NULL; break; case PH_CHOICE_DIALOG_CHOICE: default: comboBoxHandle = GetDlgItem(hwndDlg, IDC_CHOICE); ShowWindow(GetDlgItem(hwndDlg, IDC_CHOICE), SW_SHOW); break; } context->ComboBoxHandle = comboBoxHandle; checkBoxHandle = GetDlgItem(hwndDlg, IDC_OPTION); if (type == PH_CHOICE_DIALOG_PASSWORD) { // Nothing } else if (type == PH_CHOICE_DIALOG_USER_CHOICE && context->SavedChoicesSettingName) { PPH_STRING savedChoices = PhGetStringSetting(context->SavedChoicesSettingName); ULONG_PTR indexOfDelim; PPH_STRING savedChoice; i = 0; // Split the saved choices using the delimiter. while (i < savedChoices->Length / 2) { // BUG BUG BUG - what if the user saves "\s"? indexOfDelim = PhFindStringInString(savedChoices, i, L"\\s"); if (indexOfDelim == -1) indexOfDelim = savedChoices->Length / 2; savedChoice = PhSubstring(savedChoices, i, indexOfDelim - i); if (savedChoice->Length != 0) { PPH_STRING unescaped; unescaped = PhUnescapeStringForDelimiter(savedChoice, '\\'); ComboBox_InsertString(comboBoxHandle, -1, unescaped->Buffer); PhDereferenceObject(unescaped); } PhDereferenceObject(savedChoice); i = indexOfDelim + 2; } PhDereferenceObject(savedChoices); } else { for (i = 0; i < context->NumberOfChoices; i++) { ComboBox_AddString(comboBoxHandle, context->Choices[i]); } context->SavedChoicesSettingName = NULL; // make sure we don't try to save the choices } if (type == PH_CHOICE_DIALOG_PASSWORD) { if (*context->SelectedChoice) SetWindowText(comboBoxHandle, (*context->SelectedChoice)->Buffer); Edit_SetSel(comboBoxHandle, 0, -1); } else if (type == PH_CHOICE_DIALOG_USER_CHOICE || type == PH_CHOICE_DIALOG_CHOICE) { // If we failed to choose a default choice based on what was specified, // select the first one if possible, or set the text directly. if (!(*context->SelectedChoice) || PhSelectComboBoxString( comboBoxHandle, (*context->SelectedChoice)->Buffer, FALSE) == CB_ERR) { if (type == PH_CHOICE_DIALOG_USER_CHOICE && *context->SelectedChoice) { SetWindowText(comboBoxHandle, (*context->SelectedChoice)->Buffer); } else if (type == PH_CHOICE_DIALOG_CHOICE && context->NumberOfChoices != 0) { ComboBox_SetCurSel(comboBoxHandle, 0); } } if (type == PH_CHOICE_DIALOG_USER_CHOICE) ComboBox_SetEditSel(comboBoxHandle, 0, -1); } if (context->Option) { SetWindowText(checkBoxHandle, context->Option); if (context->SelectedOption) Button_SetCheck(checkBoxHandle, *context->SelectedOption ? BST_CHECKED : BST_UNCHECKED); } else { // Hide the check box and move the buttons up. ShowWindow(checkBoxHandle, SW_HIDE); GetWindowRect(checkBoxHandle, &checkBoxRect); MapWindowPoints(NULL, hwndDlg, (POINT *)&checkBoxRect, 2); GetWindowRect(GetDlgItem(hwndDlg, IDOK), &rect); MapWindowPoints(NULL, hwndDlg, (POINT *)&rect, 2); diff = rect.top - checkBoxRect.top; // OK rect.top -= diff; rect.bottom -= diff; SetWindowPos(GetDlgItem(hwndDlg, IDOK), NULL, rect.left, rect.top, rect.right - rect.left, rect.bottom - rect.top, SWP_NOACTIVATE | SWP_NOZORDER); // Cancel GetWindowRect(GetDlgItem(hwndDlg, IDCANCEL), &rect); MapWindowPoints(NULL, hwndDlg, (POINT *)&rect, 2); rect.top -= diff; rect.bottom -= diff; SetWindowPos(GetDlgItem(hwndDlg, IDCANCEL), NULL, rect.left, rect.top, rect.right - rect.left, rect.bottom - rect.top, SWP_NOACTIVATE | SWP_NOZORDER); // Window GetWindowRect(hwndDlg, &rect); rect.bottom -= diff; SetWindowPos(hwndDlg, NULL, rect.left, rect.top, rect.right - rect.left, rect.bottom - rect.top, SWP_NOACTIVATE | SWP_NOZORDER); } SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)comboBoxHandle, TRUE); } break; case WM_DESTROY: { RemoveProp(hwndDlg, PhMakeContextAtom()); } break; case WM_COMMAND: { switch (LOWORD(wParam)) { case IDCANCEL: EndDialog(hwndDlg, IDCANCEL); break; case IDOK: { PCHOICE_DIALOG_CONTEXT context = (PCHOICE_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom()); PPH_STRING selectedChoice; if ((context->Flags & PH_CHOICE_DIALOG_TYPE_MASK) != PH_CHOICE_DIALOG_PASSWORD) { selectedChoice = PH_AUTO(PhGetWindowText(context->ComboBoxHandle)); *context->SelectedChoice = selectedChoice; } else { // Password values are never auto-dereferenced. selectedChoice = PhGetWindowText(context->ComboBoxHandle); *context->SelectedChoice = selectedChoice; } if (context->Option && context->SelectedOption) *context->SelectedOption = Button_GetCheck(GetDlgItem(hwndDlg, IDC_OPTION)) == BST_CHECKED; if (context->SavedChoicesSettingName) { PH_STRING_BUILDER savedChoices; ULONG i; ULONG choicesToSave = PH_CHOICE_DIALOG_SAVED_CHOICES; PPH_STRING choice; PPH_STRING escaped; PhInitializeStringBuilder(&savedChoices, 100); // Push the selected choice to the top, then save the others. if (selectedChoice->Length != 0) { escaped = PhEscapeStringForDelimiter(selectedChoice, '\\'); PhAppendStringBuilder(&savedChoices, &escaped->sr); PhDereferenceObject(escaped); PhAppendStringBuilder2(&savedChoices, L"\\s"); } for (i = 1; i < choicesToSave; i++) { choice = PhGetComboBoxString(context->ComboBoxHandle, i - 1); if (!choice) break; // Don't save the choice if it's the same as the one // entered by the user (since we already saved it above). if (PhEqualString(choice, selectedChoice, FALSE)) { PhDereferenceObject(choice); choicesToSave++; // useless for now, but may be needed in the future continue; } escaped = PhEscapeStringForDelimiter(choice, '\\'); PhAppendStringBuilder(&savedChoices, &escaped->sr); PhDereferenceObject(escaped); PhDereferenceObject(choice); PhAppendStringBuilder2(&savedChoices, L"\\s"); } if (PhEndsWithString2(savedChoices.String, L"\\s", FALSE)) PhRemoveEndStringBuilder(&savedChoices, 2); PhSetStringSetting2(context->SavedChoicesSettingName, &savedChoices.String->sr); PhDeleteStringBuilder(&savedChoices); } EndDialog(hwndDlg, IDOK); } break; } } break; } return FALSE; }
INT_PTR CALLBACK PhpMemoryResultsDlgProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { PMEMORY_RESULTS_CONTEXT context; if (uMsg != WM_INITDIALOG) { context = GetProp(hwndDlg, PhMakeContextAtom()); } else { context = (PMEMORY_RESULTS_CONTEXT)lParam; SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context); } if (!context) return FALSE; switch (uMsg) { case WM_INITDIALOG: { HWND lvHandle; PhRegisterDialog(hwndDlg); { PPH_PROCESS_ITEM processItem; if (processItem = PhReferenceProcessItem(context->ProcessId)) { SetWindowText(hwndDlg, PhaFormatString(L"Results - %s (%u)", processItem->ProcessName->Buffer, HandleToUlong(processItem->ProcessId))->Buffer); PhDereferenceObject(processItem); } } lvHandle = GetDlgItem(hwndDlg, IDC_LIST); PhSetListViewStyle(lvHandle, FALSE, TRUE); PhSetControlTheme(lvHandle, L"explorer"); PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 120, L"Address"); PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 80, L"Length"); PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Result"); PhLoadListViewColumnsFromSetting(L"MemResultsListViewColumns", lvHandle); PhInitializeLayoutManager(&context->LayoutManager, hwndDlg); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL, PH_ANCHOR_ALL); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_COPY), NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_SAVE), NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM); PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_FILTER), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT); if (MinimumSize.left == -1) { RECT rect; rect.left = 0; rect.top = 0; rect.right = 250; rect.bottom = 180; MapDialogRect(hwndDlg, &rect); MinimumSize = rect; MinimumSize.left = 0; } ListView_SetItemCount(lvHandle, context->Results->Count); SetDlgItemText(hwndDlg, IDC_INTRO, PhaFormatString(L"%s results.", PhaFormatUInt64(context->Results->Count, TRUE)->Buffer)->Buffer); { PH_RECTANGLE windowRectangle; windowRectangle.Position = PhGetIntegerPairSetting(L"MemResultsPosition"); windowRectangle.Size = PhGetIntegerPairSetting(L"MemResultsSize"); PhAdjustRectangleToWorkingArea(hwndDlg, &windowRectangle); MoveWindow(hwndDlg, windowRectangle.Left, windowRectangle.Top, windowRectangle.Width, windowRectangle.Height, FALSE); // Implement cascading by saving an offsetted rectangle. windowRectangle.Left += 20; windowRectangle.Top += 20; PhSetIntegerPairSetting(L"MemResultsPosition", windowRectangle.Position); PhSetIntegerPairSetting(L"MemResultsSize", windowRectangle.Size); } } break; case WM_DESTROY: { PhSaveWindowPlacementToSetting(L"MemResultsPosition", L"MemResultsSize", hwndDlg); PhSaveListViewColumnsToSetting(L"MemResultsListViewColumns", GetDlgItem(hwndDlg, IDC_LIST)); PhDeleteLayoutManager(&context->LayoutManager); PhUnregisterDialog(hwndDlg); RemoveProp(hwndDlg, PhMakeContextAtom()); PhDereferenceMemoryResults((PPH_MEMORY_RESULT *)context->Results->Items, context->Results->Count); PhDereferenceObject(context->Results); PhFree(context); } break; case WM_COMMAND: { switch (LOWORD(wParam)) { case IDCANCEL: case IDOK: DestroyWindow(hwndDlg); break; case IDC_COPY: { HWND lvHandle; PPH_STRING string; ULONG selectedCount; lvHandle = GetDlgItem(hwndDlg, IDC_LIST); selectedCount = ListView_GetSelectedCount(lvHandle); if (selectedCount == 0) { // User didn't select anything, so copy all items. string = PhpGetStringForSelectedResults(lvHandle, context->Results, TRUE); PhSetStateAllListViewItems(lvHandle, LVIS_SELECTED, LVIS_SELECTED); } else { string = PhpGetStringForSelectedResults(lvHandle, context->Results, FALSE); } PhSetClipboardString(hwndDlg, &string->sr); PhDereferenceObject(string); SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)lvHandle, TRUE); } break; case IDC_SAVE: { static PH_FILETYPE_FILTER filters[] = { { L"Text files (*.txt)", L"*.txt" }, { L"All files (*.*)", L"*.*" } }; PVOID fileDialog; fileDialog = PhCreateSaveFileDialog(); PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER)); PhSetFileDialogFileName(fileDialog, L"Search Results.txt"); if (PhShowFileDialog(hwndDlg, fileDialog)) { NTSTATUS status; PPH_STRING fileName; PPH_FILE_STREAM fileStream; PPH_STRING string; fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog)); if (NT_SUCCESS(status = PhCreateFileStream( &fileStream, fileName->Buffer, FILE_GENERIC_WRITE, FILE_SHARE_READ, FILE_OVERWRITE_IF, 0 ))) { PhWriteStringAsUtf8FileStream(fileStream, &PhUnicodeByteOrderMark); PhWritePhTextHeader(fileStream); string = PhpGetStringForSelectedResults(GetDlgItem(hwndDlg, IDC_LIST), context->Results, TRUE); PhWriteStringAsUtf8FileStreamEx(fileStream, string->Buffer, string->Length); PhDereferenceObject(string); PhDereferenceObject(fileStream); } if (!NT_SUCCESS(status)) PhShowStatus(hwndDlg, L"Unable to create the file", status, 0); } PhFreeFileDialog(fileDialog); } break; case IDC_FILTER: { PPH_EMENU menu; RECT buttonRect; POINT point; PPH_EMENU_ITEM selectedItem; ULONG filterType = 0; menu = PhCreateEMenu(); PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_MEMFILTER), 0); GetClientRect(GetDlgItem(hwndDlg, IDC_FILTER), &buttonRect); point.x = 0; point.y = buttonRect.bottom; ClientToScreen(GetDlgItem(hwndDlg, IDC_FILTER), &point); selectedItem = PhShowEMenu(menu, hwndDlg, PH_EMENU_SHOW_LEFTRIGHT, PH_ALIGN_LEFT | PH_ALIGN_TOP, point.x, point.y); if (selectedItem) { switch (selectedItem->Id) { case ID_FILTER_CONTAINS: filterType = FILTER_CONTAINS; break; case ID_FILTER_CONTAINS_CASEINSENSITIVE: filterType = FILTER_CONTAINS_IGNORECASE; break; case ID_FILTER_REGEX: filterType = FILTER_REGEX; break; case ID_FILTER_REGEX_CASEINSENSITIVE: filterType = FILTER_REGEX_IGNORECASE; break; } } if (filterType != 0) FilterResults(hwndDlg, context, filterType); PhDestroyEMenu(menu); } break; } } break; case WM_NOTIFY: { LPNMHDR header = (LPNMHDR)lParam; HWND lvHandle; lvHandle = GetDlgItem(hwndDlg, IDC_LIST); PhHandleListViewNotifyForCopy(lParam, lvHandle); switch (header->code) { case LVN_GETDISPINFO: { NMLVDISPINFO *dispInfo = (NMLVDISPINFO *)header; if (dispInfo->item.mask & LVIF_TEXT) { PPH_MEMORY_RESULT result = context->Results->Items[dispInfo->item.iItem]; switch (dispInfo->item.iSubItem) { case 0: { WCHAR addressString[PH_PTR_STR_LEN_1]; PhPrintPointer(addressString, result->Address); wcsncpy_s( dispInfo->item.pszText, dispInfo->item.cchTextMax, addressString, _TRUNCATE ); } break; case 1: { WCHAR lengthString[PH_INT32_STR_LEN_1]; PhPrintUInt32(lengthString, (ULONG)result->Length); wcsncpy_s( dispInfo->item.pszText, dispInfo->item.cchTextMax, lengthString, _TRUNCATE ); } break; case 2: wcsncpy_s( dispInfo->item.pszText, dispInfo->item.cchTextMax, result->Display.Buffer, _TRUNCATE ); break; } } } break; case NM_DBLCLK: { if (header->hwndFrom == lvHandle) { INT index; if ((index = ListView_GetNextItem( lvHandle, -1, LVNI_SELECTED )) != -1) { NTSTATUS status; PPH_MEMORY_RESULT result = context->Results->Items[index]; HANDLE processHandle; MEMORY_BASIC_INFORMATION basicInfo; PPH_SHOWMEMORYEDITOR showMemoryEditor; if (NT_SUCCESS(status = PhOpenProcess( &processHandle, PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, context->ProcessId ))) { if (NT_SUCCESS(status = NtQueryVirtualMemory( processHandle, result->Address, MemoryBasicInformation, &basicInfo, sizeof(MEMORY_BASIC_INFORMATION), NULL ))) { showMemoryEditor = PhAllocate(sizeof(PH_SHOWMEMORYEDITOR)); memset(showMemoryEditor, 0, sizeof(PH_SHOWMEMORYEDITOR)); showMemoryEditor->ProcessId = context->ProcessId; showMemoryEditor->BaseAddress = basicInfo.BaseAddress; showMemoryEditor->RegionSize = basicInfo.RegionSize; showMemoryEditor->SelectOffset = (ULONG)((ULONG_PTR)result->Address - (ULONG_PTR)basicInfo.BaseAddress); showMemoryEditor->SelectLength = (ULONG)result->Length; ProcessHacker_ShowMemoryEditor(PhMainWndHandle, showMemoryEditor); } NtClose(processHandle); } if (!NT_SUCCESS(status)) PhShowStatus(hwndDlg, L"Unable to edit memory", status, 0); } } } break; } } break; case WM_SIZE: { PhLayoutManagerLayout(&context->LayoutManager); } break; case WM_SIZING: { PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom); } break; } return FALSE; }
VOID PhSvcHandleConnectionRequest( _In_ PPORT_MESSAGE PortMessage ) { NTSTATUS status; PPHSVC_API_MSG message; PPHSVC_API_MSG64 message64; CLIENT_ID clientId; PPHSVC_CLIENT client; HANDLE portHandle; REMOTE_PORT_VIEW clientView; REMOTE_PORT_VIEW64 clientView64; PREMOTE_PORT_VIEW actualClientView; message = (PPHSVC_API_MSG)PortMessage; message64 = (PPHSVC_API_MSG64)PortMessage; if (PhIsExecutingInWow64()) { clientId.UniqueProcess = (HANDLE)message64->h.ClientId.UniqueProcess; clientId.UniqueThread = (HANDLE)message64->h.ClientId.UniqueThread; } else { PPH_STRING referenceFileName; PPH_STRING remoteFileName; clientId = message->h.ClientId; // Make sure that the remote process is Process Hacker itself and not some other program. referenceFileName = NULL; PhGetProcessImageFileNameByProcessId(NtCurrentProcessId(), &referenceFileName); PH_AUTO(referenceFileName); remoteFileName = NULL; PhGetProcessImageFileNameByProcessId(clientId.UniqueProcess, &remoteFileName); PH_AUTO(remoteFileName); if (!referenceFileName || !remoteFileName || !PhEqualString(referenceFileName, remoteFileName, TRUE)) { NtAcceptConnectPort(&portHandle, NULL, PortMessage, FALSE, NULL, NULL); return; } } client = PhSvcCreateClient(&clientId); if (!client) { NtAcceptConnectPort(&portHandle, NULL, PortMessage, FALSE, NULL, NULL); return; } if (PhIsExecutingInWow64()) { message64->p.ConnectInfo.ServerProcessId = HandleToUlong(NtCurrentProcessId()); clientView64.Length = sizeof(REMOTE_PORT_VIEW64); clientView64.ViewSize = 0; clientView64.ViewBase = 0; actualClientView = (PREMOTE_PORT_VIEW)&clientView64; } else { message->p.ConnectInfo.ServerProcessId = HandleToUlong(NtCurrentProcessId()); clientView.Length = sizeof(REMOTE_PORT_VIEW); clientView.ViewSize = 0; clientView.ViewBase = NULL; actualClientView = &clientView; } status = NtAcceptConnectPort( &portHandle, client, PortMessage, TRUE, NULL, actualClientView ); if (!NT_SUCCESS(status)) { PhDereferenceObject(client); return; } // IMPORTANT: Since Vista, NtCompleteConnectPort does not do anything and simply returns STATUS_SUCCESS. // We will call it anyway (for completeness), but we need to use an event to ensure that other threads don't try // to process requests before we have finished setting up the client object. client->PortHandle = portHandle; if (PhIsExecutingInWow64()) { client->ClientViewBase = (PVOID)clientView64.ViewBase; client->ClientViewLimit = PTR_ADD_OFFSET(clientView64.ViewBase, clientView64.ViewSize); } else { client->ClientViewBase = clientView.ViewBase; client->ClientViewLimit = PTR_ADD_OFFSET(clientView.ViewBase, clientView.ViewSize); } NtCompleteConnectPort(portHandle); PhSetEvent(&client->ReadyEvent); if (_InterlockedIncrement(&PhSvcApiNumberOfClients) == 1) { NtSetEvent(PhSvcTimeoutCancelEventHandle, NULL); } }
VOID NotifyGrowl( _In_ PPH_PLUGIN_NOTIFY_EVENT NotifyEvent ) { PSTR notification; PPH_STRING title; PPH_BYTES titleUtf8; PPH_STRING message; PPH_BYTES messageUtf8; PPH_PROCESS_ITEM processItem; PPH_SERVICE_ITEM serviceItem; PPH_PROCESS_ITEM parentProcessItem; if (NotifyEvent->Handled) return; switch (NotifyEvent->Type) { case PH_NOTIFY_PROCESS_CREATE: processItem = NotifyEvent->Parameter; notification = GrowlNotifications[0]; title = processItem->ProcessName; parentProcessItem = PhReferenceProcessItemForParent(processItem); message = PhaFormatString( L"The process %s (%lu) was started by %s.", processItem->ProcessName->Buffer, HandleToUlong(processItem->ProcessId), parentProcessItem ? parentProcessItem->ProcessName->Buffer : L"an unknown process" ); if (parentProcessItem) PhDereferenceObject(parentProcessItem); break; case PH_NOTIFY_PROCESS_DELETE: processItem = NotifyEvent->Parameter; notification = GrowlNotifications[1]; title = processItem->ProcessName; message = PhaFormatString(L"The process %s (%lu) was terminated.", processItem->ProcessName->Buffer, HandleToUlong(processItem->ProcessId) ); break; case PH_NOTIFY_SERVICE_CREATE: serviceItem = NotifyEvent->Parameter; notification = GrowlNotifications[2]; title = serviceItem->DisplayName; message = PhaFormatString(L"The service %s (%s) has been created.", serviceItem->Name->Buffer, serviceItem->DisplayName->Buffer ); break; case PH_NOTIFY_SERVICE_DELETE: serviceItem = NotifyEvent->Parameter; notification = GrowlNotifications[3]; title = serviceItem->DisplayName; message = PhaFormatString(L"The service %s (%s) has been deleted.", serviceItem->Name->Buffer, serviceItem->DisplayName->Buffer ); break; case PH_NOTIFY_SERVICE_START: serviceItem = NotifyEvent->Parameter; notification = GrowlNotifications[4]; title = serviceItem->DisplayName; message = PhaFormatString(L"The service %s (%s) has been started.", serviceItem->Name->Buffer, serviceItem->DisplayName->Buffer ); break; case PH_NOTIFY_SERVICE_STOP: serviceItem = NotifyEvent->Parameter; notification = GrowlNotifications[5]; title = serviceItem->DisplayName; message = PhaFormatString(L"The service %s (%s) has been stopped.", serviceItem->Name->Buffer, serviceItem->DisplayName->Buffer ); break; default: return; } titleUtf8 = PH_AUTO(PhConvertUtf16ToUtf8Ex(title->Buffer, title->Length)); messageUtf8 = PH_AUTO(PhConvertUtf16ToUtf8Ex(message->Buffer, message->Length)); RegisterGrowl(TRUE); if (growl_tcp_notify("127.0.0.1", "Process Hacker", notification, titleUtf8->Buffer, messageUtf8->Buffer, NULL, NULL, NULL) == 0) NotifyEvent->Handled = TRUE; }
static INT_PTR CALLBACK PhpFindObjectsDlgProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { switch (uMsg) { case WM_INITDIALOG: { HWND lvHandle; PhCenterWindow(hwndDlg, GetParent(hwndDlg)); PhFindObjectsListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS); PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg); PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_FILTER), NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT); PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_REGEX), NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT); PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT); PhAddLayoutItem(&WindowLayoutManager, lvHandle, NULL, PH_ANCHOR_ALL); MinimumSize.left = 0; MinimumSize.top = 0; MinimumSize.right = 150; MinimumSize.bottom = 100; MapDialogRect(hwndDlg, &MinimumSize); PhRegisterDialog(hwndDlg); PhLoadWindowPlacementFromSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg); PhSetListViewStyle(lvHandle, TRUE, TRUE); PhSetControlTheme(lvHandle, L"explorer"); PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Process"); PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 100, L"Type"); PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Name"); PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Handle"); PhSetExtendedListView(lvHandle); ExtendedListView_SetSortFast(lvHandle, TRUE); ExtendedListView_SetCompareFunction(lvHandle, 0, PhpObjectProcessCompareFunction); ExtendedListView_SetCompareFunction(lvHandle, 1, PhpObjectTypeCompareFunction); ExtendedListView_SetCompareFunction(lvHandle, 2, PhpObjectNameCompareFunction); ExtendedListView_SetCompareFunction(lvHandle, 3, PhpObjectHandleCompareFunction); PhLoadListViewColumnsFromSetting(L"FindObjListViewColumns", lvHandle); Button_SetCheck(GetDlgItem(hwndDlg, IDC_REGEX), PhGetIntegerSetting(L"FindObjRegex") ? BST_CHECKED : BST_UNCHECKED); } break; case WM_DESTROY: { PhSetIntegerSetting(L"FindObjRegex", Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED); PhSaveWindowPlacementToSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg); PhSaveListViewColumnsToSetting(L"FindObjListViewColumns", PhFindObjectsListViewHandle); } break; case WM_SHOWWINDOW: { SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_FILTER), TRUE); Edit_SetSel(GetDlgItem(hwndDlg, IDC_FILTER), 0, -1); } break; case WM_CLOSE: { ShowWindow(hwndDlg, SW_HIDE); // IMPORTANT // Set the result to 0 so the default dialog message // handler doesn't invoke IDCANCEL, which will send // WM_CLOSE, creating an infinite loop. SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0); } return TRUE; case WM_SETCURSOR: { if (SearchThreadHandle) { SetCursor(LoadCursor(NULL, IDC_WAIT)); SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, TRUE); return TRUE; } } break; case WM_COMMAND: { switch (LOWORD(wParam)) { case IDOK: { // Don't continue if the user requested cancellation. if (SearchStop) break; if (!SearchThreadHandle) { ULONG i; PhMoveReference(&SearchString, PhGetWindowText(GetDlgItem(hwndDlg, IDC_FILTER))); if (SearchRegexCompiledExpression) { pcre2_code_free(SearchRegexCompiledExpression); SearchRegexCompiledExpression = NULL; } if (SearchRegexMatchData) { pcre2_match_data_free(SearchRegexMatchData); SearchRegexMatchData = NULL; } if (Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED) { int errorCode; PCRE2_SIZE errorOffset; SearchRegexCompiledExpression = pcre2_compile( SearchString->Buffer, SearchString->Length / sizeof(WCHAR), PCRE2_CASELESS | PCRE2_DOTALL, &errorCode, &errorOffset, NULL ); if (!SearchRegexCompiledExpression) { PhShowError(hwndDlg, L"Unable to compile the regular expression: \"%s\" at position %zu.", PhGetStringOrDefault(PH_AUTO(PhPcre2GetErrorMessage(errorCode)), L"Unknown error"), errorOffset ); break; } SearchRegexMatchData = pcre2_match_data_create_from_pattern(SearchRegexCompiledExpression, NULL); } // Clean up previous results. ListView_DeleteAllItems(PhFindObjectsListViewHandle); if (SearchResults) { for (i = 0; i < SearchResults->Count; i++) { PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i]; PhDereferenceObject(searchResult->TypeName); PhDereferenceObject(searchResult->Name); if (searchResult->ProcessName) PhDereferenceObject(searchResult->ProcessName); PhFree(searchResult); } PhDereferenceObject(SearchResults); } // Start the search. SearchResults = PhCreateList(128); SearchResultsAddIndex = 0; SearchThreadHandle = PhCreateThread(0, PhpFindObjectsThreadStart, NULL); if (!SearchThreadHandle) { PhClearReference(&SearchResults); break; } SetDlgItemText(hwndDlg, IDOK, L"Cancel"); SetCursor(LoadCursor(NULL, IDC_WAIT)); } else { SearchStop = TRUE; EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE); } } break; case IDCANCEL: { SendMessage(hwndDlg, WM_CLOSE, 0, 0); } break; case ID_OBJECT_CLOSE: { PPHP_OBJECT_SEARCH_RESULT *results; ULONG numberOfResults; ULONG i; PhGetSelectedListViewItemParams( PhFindObjectsListViewHandle, &results, &numberOfResults ); if (numberOfResults != 0 && PhShowConfirmMessage( hwndDlg, L"close", numberOfResults == 1 ? L"the selected handle" : L"the selected handles", L"Closing handles may cause system instability and data corruption.", FALSE )) { for (i = 0; i < numberOfResults; i++) { NTSTATUS status; HANDLE processHandle; if (results[i]->ResultType != HandleSearchResult) continue; if (NT_SUCCESS(status = PhOpenProcess( &processHandle, PROCESS_DUP_HANDLE, results[i]->ProcessId ))) { if (NT_SUCCESS(status = PhDuplicateObject( processHandle, results[i]->Handle, NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE ))) { PhRemoveListViewItem(PhFindObjectsListViewHandle, PhFindListViewItemByParam(PhFindObjectsListViewHandle, 0, results[i])); } NtClose(processHandle); } if (!NT_SUCCESS(status)) { if (!PhShowContinueStatus(hwndDlg, PhaFormatString(L"Unable to close \"%s\"", results[i]->Name->Buffer)->Buffer, status, 0 )) break; } } } PhFree(results); } break; case ID_HANDLE_OBJECTPROPERTIES1: case ID_HANDLE_OBJECTPROPERTIES2: { PPHP_OBJECT_SEARCH_RESULT result = PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle); if (result) { PH_HANDLE_ITEM_INFO info; info.ProcessId = result->ProcessId; info.Handle = result->Handle; info.TypeName = result->TypeName; info.BestObjectName = result->Name; if (LOWORD(wParam) == ID_HANDLE_OBJECTPROPERTIES1) PhShowHandleObjectProperties1(hwndDlg, &info); else PhShowHandleObjectProperties2(hwndDlg, &info); } } break; case ID_OBJECT_GOTOOWNINGPROCESS: { PPHP_OBJECT_SEARCH_RESULT result = PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle); if (result) { PPH_PROCESS_NODE processNode; if (processNode = PhFindProcessNode(result->ProcessId)) { ProcessHacker_SelectTabPage(PhMainWndHandle, 0); ProcessHacker_SelectProcessNode(PhMainWndHandle, processNode); ProcessHacker_ToggleVisible(PhMainWndHandle, TRUE); } } } break; case ID_OBJECT_PROPERTIES: { PPHP_OBJECT_SEARCH_RESULT result = PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle); if (result) { if (result->ResultType == HandleSearchResult) { PPH_HANDLE_ITEM handleItem; handleItem = PhCreateHandleItem(&result->Info); handleItem->BestObjectName = handleItem->ObjectName = result->Name; PhReferenceObjectEx(result->Name, 2); handleItem->TypeName = result->TypeName; PhReferenceObject(result->TypeName); PhShowHandleProperties( hwndDlg, result->ProcessId, handleItem ); PhDereferenceObject(handleItem); } else { // DLL or Mapped File. Just show file properties. PhShellProperties(hwndDlg, result->Name->Buffer); } } } break; case ID_OBJECT_COPY: { PhCopyListView(PhFindObjectsListViewHandle); } break; } } break; case WM_NOTIFY: { LPNMHDR header = (LPNMHDR)lParam; switch (header->code) { case NM_DBLCLK: { if (header->hwndFrom == PhFindObjectsListViewHandle) { SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_PROPERTIES, 0); } } break; case LVN_KEYDOWN: { if (header->hwndFrom == PhFindObjectsListViewHandle) { LPNMLVKEYDOWN keyDown = (LPNMLVKEYDOWN)header; switch (keyDown->wVKey) { case 'C': if (GetKeyState(VK_CONTROL) < 0) SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_COPY, 0); break; case 'A': if (GetKeyState(VK_CONTROL) < 0) PhSetStateAllListViewItems(PhFindObjectsListViewHandle, LVIS_SELECTED, LVIS_SELECTED); break; case VK_DELETE: SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_CLOSE, 0); break; } } } break; } } break; case WM_CONTEXTMENU: { if ((HWND)wParam == PhFindObjectsListViewHandle) { POINT point; PPHP_OBJECT_SEARCH_RESULT *results; ULONG numberOfResults; point.x = (SHORT)LOWORD(lParam); point.y = (SHORT)HIWORD(lParam); if (point.x == -1 && point.y == -1) PhGetListViewContextMenuPoint((HWND)wParam, &point); PhGetSelectedListViewItemParams(PhFindObjectsListViewHandle, &results, &numberOfResults); if (numberOfResults != 0) { PPH_EMENU menu; menu = PhCreateEMenu(); PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_FINDOBJ), 0); PhSetFlagsEMenuItem(menu, ID_OBJECT_PROPERTIES, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT); PhpInitializeFindObjMenu(menu, results, numberOfResults); PhShowEMenu( menu, hwndDlg, PH_EMENU_SHOW_SEND_COMMAND | PH_EMENU_SHOW_LEFTRIGHT, PH_ALIGN_LEFT | PH_ALIGN_TOP, point.x, point.y ); PhDestroyEMenu(menu); } PhFree(results); } } break; case WM_SIZE: { PhLayoutManagerLayout(&WindowLayoutManager); } break; case WM_SIZING: { PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom); } break; case WM_PH_SEARCH_UPDATE: { HWND lvHandle; ULONG i; lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS); ExtendedListView_SetRedraw(lvHandle, FALSE); PhAcquireQueuedLockExclusive(&SearchResultsLock); for (i = SearchResultsAddIndex; i < SearchResults->Count; i++) { PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i]; CLIENT_ID clientId; PPH_PROCESS_ITEM processItem; PPH_STRING clientIdName; INT lvItemIndex; clientId.UniqueProcess = searchResult->ProcessId; clientId.UniqueThread = NULL; processItem = PhReferenceProcessItem(clientId.UniqueProcess); clientIdName = PhGetClientIdNameEx(&clientId, processItem ? processItem->ProcessName : NULL); lvItemIndex = PhAddListViewItem( lvHandle, MAXINT, clientIdName->Buffer, searchResult ); PhDereferenceObject(clientIdName); if (processItem) { PhSetReference(&searchResult->ProcessName, processItem->ProcessName); PhDereferenceObject(processItem); } else { searchResult->ProcessName = NULL; } PhSetListViewSubItem(lvHandle, lvItemIndex, 1, searchResult->TypeName->Buffer); PhSetListViewSubItem(lvHandle, lvItemIndex, 2, searchResult->Name->Buffer); PhSetListViewSubItem(lvHandle, lvItemIndex, 3, searchResult->HandleString); } SearchResultsAddIndex = i; PhReleaseQueuedLockExclusive(&SearchResultsLock); ExtendedListView_SetRedraw(lvHandle, TRUE); } break; case WM_PH_SEARCH_FINISHED: { NTSTATUS handleSearchStatus = (NTSTATUS)wParam; // Add any un-added items. SendMessage(hwndDlg, WM_PH_SEARCH_UPDATE, 0, 0); NtWaitForSingleObject(SearchThreadHandle, FALSE, NULL); NtClose(SearchThreadHandle); SearchThreadHandle = NULL; SearchStop = FALSE; ExtendedListView_SortItems(GetDlgItem(hwndDlg, IDC_RESULTS)); SetDlgItemText(hwndDlg, IDOK, L"Find"); EnableWindow(GetDlgItem(hwndDlg, IDOK), TRUE); SetCursor(LoadCursor(NULL, IDC_ARROW)); if (handleSearchStatus == STATUS_INSUFFICIENT_RESOURCES) { PhShowWarning( hwndDlg, L"Unable to search for handles because the total number of handles on the system is too large. " L"Please check if there are any processes with an extremely large number of handles open." ); } } break; } return FALSE; }
VOID NTAPI MenuItemCallback( _In_opt_ PVOID Parameter, _In_opt_ PVOID Context ) { PPH_PLUGIN_MENU_ITEM menuItem = Parameter; switch (menuItem->Id) { case ENABLE_SERVICE_VIRUSTOTAL: { ULONG scanningEnabled = !VirusTotalScanningEnabled; PhSetIntegerSetting(SETTING_NAME_VIRUSTOTAL_SCAN_ENABLED, scanningEnabled); if (VirusTotalScanningEnabled != scanningEnabled) { INT result = IDOK; TASKDIALOGCONFIG config; memset(&config, 0, sizeof(TASKDIALOGCONFIG)); config.cbSize = sizeof(TASKDIALOGCONFIG); config.dwFlags = TDF_USE_HICON_MAIN | TDF_ALLOW_DIALOG_CANCELLATION; config.dwCommonButtons = TDCBF_YES_BUTTON | TDCBF_NO_BUTTON; config.hwndParent = menuItem->OwnerWindow; config.hMainIcon = PH_LOAD_SHARED_ICON_LARGE(PhInstanceHandle, MAKEINTRESOURCE(PHAPP_IDI_PROCESSHACKER)); config.cxWidth = 180; config.pszWindowTitle = L"Process Hacker - VirusTotal"; config.pszMainInstruction = L"VirusTotal scanning requires a restart of Process Hacker."; config.pszContent = L"Do you want to restart Process Hacker now?"; if (SUCCEEDED(TaskDialogIndirect(&config, &result, NULL, NULL)) && result == IDYES) { ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle); PhShellProcessHacker( PhMainWndHandle, L"-v", SW_SHOW, 0, PH_SHELL_APP_PROPAGATE_PARAMETERS | PH_SHELL_APP_PROPAGATE_PARAMETERS_IGNORE_VISIBILITY, 0, NULL ); ProcessHacker_Destroy(PhMainWndHandle); } DestroyIcon(config.hMainIcon); } } break; case MENUITEM_VIRUSTOTAL_UPLOAD: UploadToOnlineService(menuItem->Context, MENUITEM_VIRUSTOTAL_UPLOAD); break; case MENUITEM_VIRUSTOTAL_UPLOAD_SERVICE: UploadServiceToOnlineService(menuItem->Context, MENUITEM_VIRUSTOTAL_UPLOAD_SERVICE); break; case MENUITEM_JOTTI_UPLOAD: UploadToOnlineService(menuItem->Context, MENUITEM_JOTTI_UPLOAD); break; case MENUITEM_JOTTI_UPLOAD_SERVICE: UploadServiceToOnlineService(menuItem->Context, MENUITEM_JOTTI_UPLOAD_SERVICE); break; case MENUITEM_HYBRIDANALYSIS_UPLOAD: UploadToOnlineService(menuItem->Context, MENUITEM_HYBRIDANALYSIS_UPLOAD); break; case MENUITEM_HYBRIDANALYSIS_UPLOAD_SERVICE: UploadServiceToOnlineService(menuItem->Context, MENUITEM_HYBRIDANALYSIS_UPLOAD_SERVICE); break; case MENUITEM_VIRUSTOTAL_UPLOAD_FILE: case MENUITEM_HYBRIDANALYSIS_UPLOAD_FILE: { static PH_FILETYPE_FILTER filters[] = { { L"All files (*.*)", L"*.*" } }; PVOID fileDialog; PPH_STRING fileName; fileDialog = PhCreateOpenFileDialog(); PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER)); if (PhShowFileDialog(menuItem->Context, fileDialog)) { fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog)); switch (menuItem->Id) { case MENUITEM_VIRUSTOTAL_UPLOAD_FILE: UploadToOnlineService(fileName, MENUITEM_VIRUSTOTAL_UPLOAD); break; case MENUITEM_HYBRIDANALYSIS_UPLOAD_FILE: UploadToOnlineService(fileName, MENUITEM_HYBRIDANALYSIS_UPLOAD); break; } } PhFreeFileDialog(fileDialog); } break; } }
HRESULT CALLBACK FinalTaskDialogCallbackProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam, _In_ LONG_PTR dwRefData ) { PPH_UPDATER_CONTEXT context = (PPH_UPDATER_CONTEXT)dwRefData; switch (uMsg) { case TDN_NAVIGATED: { if (!UpdaterCheckApplicationDirectory()) { SendMessage(hwndDlg, TDM_SET_BUTTON_ELEVATION_REQUIRED_STATE, IDYES, TRUE); } } break; case TDN_BUTTON_CLICKED: { INT buttonId = (INT)wParam; if (buttonId == IDRETRY) { ShowCheckForUpdatesDialog(context); return S_FALSE; } else if (buttonId == IDYES) { SHELLEXECUTEINFO info = { sizeof(SHELLEXECUTEINFO) }; PPH_STRING parameters; if (PhIsNullOrEmptyString(context->SetupFilePath)) break; parameters = PH_AUTO(PhGetApplicationDirectory()); parameters = PH_AUTO(PhBufferToHexString((PUCHAR)parameters->Buffer, (ULONG)parameters->Length)); parameters = PH_AUTO(PhConcatStrings(3, L"-update \"", PhGetStringOrEmpty(parameters), L"\"")); info.lpFile = PhGetStringOrEmpty(context->SetupFilePath); info.lpParameters = PhGetString(parameters); info.lpVerb = UpdaterCheckApplicationDirectory() ? NULL : L"runas"; info.nShow = SW_SHOW; info.hwnd = hwndDlg; info.fMask = SEE_MASK_NOASYNC | SEE_MASK_FLAG_NO_UI | SEE_MASK_NOZONECHECKS; ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle); if (ShellExecuteEx(&info)) { ProcessHacker_Destroy(PhMainWndHandle); } else { ULONG errorCode = GetLastError(); // Install failed, cancel the shutdown. ProcessHacker_CancelEarlyShutdown(PhMainWndHandle); // Show error dialog. if (errorCode != ERROR_CANCELLED) // Ignore UAC decline. { PhShowStatus(hwndDlg, L"Unable to execute the setup.", 0, errorCode); if (context->StartupCheck) ShowAvailableDialog(context); else ShowCheckForUpdatesDialog(context); } return S_FALSE; } } } break; case TDN_HYPERLINK_CLICKED: { TaskDialogLinkClicked(context); return S_FALSE; } break; } return S_OK; }
INT_PTR CALLBACK LoggingDlgProc( _In_ HWND hwndDlg, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam ) { static PH_LAYOUT_MANAGER LayoutManager; switch (uMsg) { case WM_INITDIALOG: { SetDlgItemText(hwndDlg, IDC_LOGFILENAME, PhaGetStringSetting(SETTING_NAME_LOG_FILENAME)->Buffer); PhInitializeLayoutManager(&LayoutManager, hwndDlg); PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_INFO), NULL, PH_ANCHOR_TOP | PH_ANCHOR_LEFT | PH_ANCHOR_RIGHT); PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_LOGFILENAME), NULL, PH_ANCHOR_TOP | PH_ANCHOR_LEFT | PH_ANCHOR_RIGHT); PhAddLayoutItem(&LayoutManager, GetDlgItem(hwndDlg, IDC_BROWSE), NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT); } break; case WM_DESTROY: { PhSetStringSetting2(SETTING_NAME_LOG_FILENAME, &PhaGetDlgItemText(hwndDlg, IDC_LOGFILENAME)->sr); PhDeleteLayoutManager(&LayoutManager); } break; case WM_SIZE: { PhLayoutManagerLayout(&LayoutManager); } break; case WM_COMMAND: { switch (GET_WM_COMMAND_ID(wParam, lParam)) { case IDC_BROWSE: { static PH_FILETYPE_FILTER filters[] = { { L"Log files (*.txt;*.log)", L"*.txt;*.log" }, { L"All files (*.*)", L"*.*" } }; PVOID fileDialog; PPH_STRING fileName; fileDialog = PhCreateSaveFileDialog(); PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER)); fileName = PH_AUTO(PhGetFileName(PhaGetDlgItemText(hwndDlg, IDC_LOGFILENAME))); PhSetFileDialogFileName(fileDialog, fileName->Buffer); if (PhShowFileDialog(hwndDlg, fileDialog)) { fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog)); SetDlgItemText(hwndDlg, IDC_LOGFILENAME, fileName->Buffer); } PhFreeFileDialog(fileDialog); } break; } } break; } return FALSE; }
static VOID FilterResults( _In_ HWND hwndDlg, _In_ PMEMORY_RESULTS_CONTEXT Context, _In_ ULONG Type ) { PPH_STRING selectedChoice = NULL; PPH_LIST results; pcre2_code *compiledExpression; pcre2_match_data *matchData; results = Context->Results; SetCursor(LoadCursor(NULL, IDC_WAIT)); while (PhaChoiceDialog( hwndDlg, L"Filter", L"Enter the filter pattern:", NULL, 0, NULL, PH_CHOICE_DIALOG_USER_CHOICE, &selectedChoice, NULL, L"MemFilterChoices" )) { PPH_LIST newResults = NULL; ULONG i; if (Type == FILTER_CONTAINS || Type == FILTER_CONTAINS_IGNORECASE) { newResults = PhCreateList(1024); if (Type == FILTER_CONTAINS) { for (i = 0; i < results->Count; i++) { PPH_MEMORY_RESULT result = results->Items[i]; if (wcsstr(result->Display.Buffer, selectedChoice->Buffer)) { PhReferenceMemoryResult(result); PhAddItemList(newResults, result); } } } else { PPH_STRING upperChoice; upperChoice = PhaUpperString(selectedChoice); for (i = 0; i < results->Count; i++) { PPH_MEMORY_RESULT result = results->Items[i]; PWSTR upperDisplay; upperDisplay = PhAllocateForMemorySearch(result->Display.Length + sizeof(WCHAR)); // Copy the null terminator as well. memcpy(upperDisplay, result->Display.Buffer, result->Display.Length + sizeof(WCHAR)); _wcsupr(upperDisplay); if (wcsstr(upperDisplay, upperChoice->Buffer)) { PhReferenceMemoryResult(result); PhAddItemList(newResults, result); } PhFreeForMemorySearch(upperDisplay); } } } else if (Type == FILTER_REGEX || Type == FILTER_REGEX_IGNORECASE) { int errorCode; PCRE2_SIZE errorOffset; compiledExpression = pcre2_compile( selectedChoice->Buffer, selectedChoice->Length / sizeof(WCHAR), (Type == FILTER_REGEX_IGNORECASE ? PCRE2_CASELESS : 0) | PCRE2_DOTALL, &errorCode, &errorOffset, NULL ); if (!compiledExpression) { PhShowError(hwndDlg, L"Unable to compile the regular expression: \"%s\" at position %zu.", PhGetStringOrDefault(PH_AUTO(PhPcre2GetErrorMessage(errorCode)), L"Unknown error"), errorOffset ); continue; } matchData = pcre2_match_data_create_from_pattern(compiledExpression, NULL); newResults = PhCreateList(1024); for (i = 0; i < results->Count; i++) { PPH_MEMORY_RESULT result = results->Items[i]; if (pcre2_match( compiledExpression, result->Display.Buffer, result->Display.Length / sizeof(WCHAR), 0, 0, matchData, NULL ) >= 0) { PhReferenceMemoryResult(result); PhAddItemList(newResults, result); } } pcre2_match_data_free(matchData); pcre2_code_free(compiledExpression); } if (newResults) { PhShowMemoryResultsDialog(Context->ProcessId, newResults); PhDereferenceMemoryResults((PPH_MEMORY_RESULT *)newResults->Items, newResults->Count); PhDereferenceObject(newResults); break; } } SetCursor(LoadCursor(NULL, IDC_ARROW)); }