NTSTATUS DotNetTraceQueryThreadStart(
_In_ PVOID Parameter
)
{
LARGE_INTEGER timeout;
PASMPAGE_QUERY_CONTEXT context = Parameter;
BOOLEAN timeoutReached = FALSE;
BOOLEAN nonClrNode = FALSE;
ULONG i;
ULONG result = 0;
if (context->ClrVersions & PH_CLR_VERSION_1_0)
{
AddFakeClrNode(context, L"CLR v1.0.3705"); // what PE displays
}
if (context->ClrVersions & PH_CLR_VERSION_1_1)
{
AddFakeClrNode(context, L"CLR v1.1.4322");
}
timeout.QuadPart = -10 * PH_TIMEOUT_SEC;
if (context->ClrVersions & PH_CLR_VERSION_2_0)
{
context->ClrV2Node = AddFakeClrNode(context, L"CLR v2.0.50727");
result = UpdateDotNetTraceInfoWithTimeout(context, TRUE, &timeout);
if (result == ERROR_TIMEOUT)
{
timeoutReached = TRUE;
result = ERROR_SUCCESS;
}
}
if (context->ClrVersions & PH_CLR_VERSION_4_ABOVE)
{
result = UpdateDotNetTraceInfoWithTimeout(context, FALSE, &timeout);
if (result == ERROR_TIMEOUT)
{
timeoutReached = TRUE;
result = ERROR_SUCCESS;
}
}
// If we reached the timeout, check whether we got any data back.
if (timeoutReached)
{
for (i = 0; i < context->NodeList->Count; i++)
{
PDNA_NODE node = context->NodeList->Items[i];
if (node->Type != DNA_TYPE_CLR)
{
nonClrNode = TRUE;
break;
}
}
if (!nonClrNode)
result = ERROR_TIMEOUT;
}
// If the process properties window has been closed, bail and cleanup.
// IsWindow should be safe from being called on this thread:
// https://blogs.msdn.microsoft.com/oldnewthing/20070717-00/?p=25983
if (IsWindow(context->WindowHandle))
{
PostMessage(context->WindowHandle, UPDATE_MSG, result, (LPARAM)context);
}
else
{
DestroyDotNetTraceQuery(context);
}
return STATUS_SUCCESS;
}
INT_PTR CALLBACK DotNetAsmPageDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
LPPROPSHEETPAGE propSheetPage;
PPH_PROCESS_PROPPAGECONTEXT propPageContext;
PPH_PROCESS_ITEM processItem;
PASMPAGE_CONTEXT context;
if (PhPropPageDlgProcHeader(hwndDlg, uMsg, lParam, &propSheetPage, &propPageContext, &processItem))
{
context = propPageContext->Context;
}
else
{
return FALSE;
}
switch (uMsg)
{
case WM_INITDIALOG:
{
ULONG result = 0;
PPH_STRING settings;
LARGE_INTEGER timeout;
HWND tnHandle;
context = PhAllocate(sizeof(ASMPAGE_CONTEXT));
memset(context, 0, sizeof(ASMPAGE_CONTEXT));
propPageContext->Context = context;
context->WindowHandle = hwndDlg;
context->ProcessItem = processItem;
context->ClrVersions = GetProcessDotNetVersions(processItem->ProcessId);
context->NodeList = PhCreateList(64);
context->NodeRootList = PhCreateList(2);
tnHandle = GetDlgItem(hwndDlg, IDC_LIST);
context->TnHandle = tnHandle;
TreeNew_SetRedraw(tnHandle, FALSE);
TreeNew_SetCallback(tnHandle, DotNetAsmTreeNewCallback, context);
TreeNew_SetExtendedFlags(tnHandle, TN_FLAG_ITEM_DRAG_SELECT, TN_FLAG_ITEM_DRAG_SELECT);
PhSetControlTheme(tnHandle, L"explorer");
SendMessage(TreeNew_GetTooltips(tnHandle), TTM_SETMAXTIPWIDTH, 0, MAXSHORT);
PhAddTreeNewColumn(tnHandle, DNATNC_STRUCTURE, TRUE, L"Structure", 240, PH_ALIGN_LEFT, -2, 0);
PhAddTreeNewColumn(tnHandle, DNATNC_ID, TRUE, L"ID", 50, PH_ALIGN_RIGHT, 0, DT_RIGHT);
PhAddTreeNewColumn(tnHandle, DNATNC_FLAGS, TRUE, L"Flags", 120, PH_ALIGN_LEFT, 1, 0);
PhAddTreeNewColumn(tnHandle, DNATNC_PATH, TRUE, L"Path", 600, PH_ALIGN_LEFT, 2, 0); // don't use path ellipsis - the user already has the base file name
PhAddTreeNewColumn(tnHandle, DNATNC_NATIVEPATH, TRUE, L"Native Image Path", 600, PH_ALIGN_LEFT, 3, 0);
settings = PhGetStringSetting(SETTING_NAME_ASM_TREE_LIST_COLUMNS);
PhCmLoadSettings(tnHandle, &settings->sr);
PhDereferenceObject(settings);
SetCursor(LoadCursor(NULL, IDC_WAIT));
if (context->ClrVersions & CLR_VERSION_1_0)
{
AddFakeClrNode(context, L"CLR v1.0.3705"); // what PE displays
}
if (context->ClrVersions & CLR_VERSION_1_1)
{
AddFakeClrNode(context, L"CLR v1.1.4322");
}
timeout.QuadPart = -10 * PH_TIMEOUT_SEC;
if (context->ClrVersions & CLR_VERSION_2_0)
{
context->ClrV2Node = AddFakeClrNode(context, L"CLR v2.0.50727");
result = UpdateDotNetTraceInfoWithTimeout(context, TRUE, &timeout);
}
if (context->ClrVersions & CLR_VERSION_4_ABOVE)
{
result = UpdateDotNetTraceInfoWithTimeout(context, FALSE, &timeout);
}
TreeNew_NodesStructured(tnHandle);
TreeNew_SetRedraw(tnHandle, TRUE);
SetCursor(LoadCursor(NULL, IDC_ARROW));
if (result != 0)
{
ShowWindow(tnHandle, SW_HIDE);
ShowWindow(GetDlgItem(hwndDlg, IDC_ERROR), SW_SHOW);
if (result == ERROR_ACCESS_DENIED)
{
SetDlgItemText(hwndDlg, IDC_ERROR, L"Unable to start the event tracing session. Make sure Process Hacker is running with administrative privileges.");
}
else
{
SetDlgItemText(hwndDlg, IDC_ERROR,
PhaConcatStrings2(L"Unable to start the event tracing session: %s", PhGetStringOrDefault(PhGetWin32Message(result), L"Unknown error"))->Buffer);
}
}
}
break;
case WM_DESTROY:
{
PPH_STRING settings;
ULONG i;
settings = PhCmSaveSettings(context->TnHandle);
PhSetStringSetting2(SETTING_NAME_ASM_TREE_LIST_COLUMNS, &settings->sr);
PhDereferenceObject(settings);
for (i = 0; i < context->NodeList->Count; i++)
DestroyNode(context->NodeList->Items[i]);
PhDereferenceObject(context->NodeList);
PhDereferenceObject(context->NodeRootList);
PhFree(context);
PhPropPageDlgProcDestroy(hwndDlg);
}
break;
case WM_SHOWWINDOW:
{
PPH_LAYOUT_ITEM dialogItem;
if (dialogItem = PhBeginPropPageLayout(hwndDlg, propPageContext))
{
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, IDC_LIST), dialogItem, PH_ANCHOR_ALL);
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, IDC_ERROR), dialogItem, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT | PH_LAYOUT_FORCE_INVALIDATE);
PhEndPropPageLayout(hwndDlg, propPageContext);
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case ID_COPY:
{
PPH_STRING text;
text = PhGetTreeNewText(context->TnHandle, DNATNC_MAXIMUM);
PhSetClipboardStringEx(context->TnHandle, text->Buffer, text->Length);
PhDereferenceObject(text);
}
break;
}
}
break;
}
return FALSE;
}
