VOID PerformNetworkAction(
_In_ PH_NETWORK_ACTION Action,
_In_ PPH_NETWORK_ITEM NetworkItem
)
{
HANDLE dialogThread = INVALID_HANDLE_VALUE;
PNETWORK_OUTPUT_CONTEXT context;
context = (PNETWORK_OUTPUT_CONTEXT)PhAllocate(sizeof(NETWORK_OUTPUT_CONTEXT));
memset(context, 0, sizeof(NETWORK_OUTPUT_CONTEXT));
context->Action = Action;
context->NetworkItem = NetworkItem;
context->IpAddress = NetworkItem->RemoteEndpoint.Address;
if (context->Action == NETWORK_ACTION_PING)
{
if (dialogThread = PhCreateThread(0, PhNetworkPingDialogThreadStart, (PVOID)context))
NtClose(dialogThread);
}
else
{
if (dialogThread = PhCreateThread(0, PhNetworkOutputDialogThreadStart, (PVOID)context))
NtClose(dialogThread);
}
}
NTSTATUS RunAsTrustedInstallerThread(
_In_ PVOID Parameter
)
{
NTSTATUS status;
HANDLE threadHandle;
THREAD_BASIC_INFORMATION basicInfo;
if (threadHandle = PhCreateThread(0, RunAsCreateProcessThread, NULL))
{
NtWaitForSingleObject(threadHandle, FALSE, NULL);
status = PhGetThreadBasicInformation(threadHandle, &basicInfo);
if (NT_SUCCESS(status))
{
status = basicInfo.ExitStatus;
}
if (!NT_SUCCESS(status))
{
PhShowStatus(
PhMainWndHandle,
L"Error creating process with TrustedInstaller privileges",
basicInfo.ExitStatus,
0
);
}
NtClose(threadHandle);
}
return STATUS_SUCCESS;
}
VOID StartInitialCheck(
VOID
)
{
// Queue up our initial update check.
PhCreateThread(0, SilentUpdateCheckThreadStart, NULL);
}
VOID CreateDotNetTraceQueryThread(
_In_ HWND WindowHandle,
_In_ ULONG ClrVersions,
_In_ HANDLE ProcessId
)
{
HANDLE threadHandle;
PASMPAGE_QUERY_CONTEXT context;
context = PhAllocate(sizeof(ASMPAGE_QUERY_CONTEXT));
memset(context, 0, sizeof(ASMPAGE_QUERY_CONTEXT));
context->WindowHandle = WindowHandle;
context->ClrVersions = ClrVersions;
context->ProcessId = ProcessId;
context->NodeList = PhCreateList(64);
context->NodeRootList = PhCreateList(2);
if (threadHandle = PhCreateThread(0, DotNetTraceQueryThreadStart, context))
{
NtClose(threadHandle);
}
else
{
DestroyDotNetTraceQuery(context);
}
}
VOID InitializeVirusTotalProcessMonitor(
VOID
)
{
VirusTotalList = PhCreateList(100);
VirusTotalHandle = PhCreateThread(0, VirusTotalProcessApiThread, NULL);
}
BOOLEAN PhpCreateWorkQueueThread(
_Inout_ PPH_WORK_QUEUE WorkQueue
)
{
HANDLE threadHandle;
// Make sure the structure doesn't get deleted while the thread is running.
if (!PhAcquireRundownProtection(&WorkQueue->RundownProtect))
return FALSE;
threadHandle = PhCreateThread(0, PhpWorkQueueThreadStart, WorkQueue);
if (threadHandle)
{
PHLIB_INC_STATISTIC(WqWorkQueueThreadsCreated);
WorkQueue->CurrentThreads++;
NtClose(threadHandle);
return TRUE;
}
else
{
PHLIB_INC_STATISTIC(WqWorkQueueThreadsCreateFailed);
PhReleaseRundownProtection(&WorkQueue->RundownProtect);
return FALSE;
}
}
VOID ShowRunAsDialog(
_In_opt_ HWND Parent
)
{
HANDLE threadHandle;
if (threadHandle = PhCreateThread(0, RunAsTrustedInstallerThread, NULL))
NtClose(threadHandle);
}
VOID EtEtwMonitorInitialization(
VOID
)
{
if (PhGetOwnTokenAttributes().Elevated && PhGetIntegerSetting(SETTING_NAME_ENABLE_ETW_MONITOR))
{
EtStartEtwSession();
if (EtEtwEnabled)
EtpEtwMonitorThreadHandle = PhCreateThread(0, EtpEtwMonitorThreadStart, NULL);
}
}
ULONG EtStartEtwRundown(
VOID
)
{
ULONG result;
ULONG bufferSize;
bufferSize = sizeof(EVENT_TRACE_PROPERTIES) + EtpRundownLoggerName.Length + sizeof(WCHAR);
if (!EtpRundownTraceProperties)
EtpRundownTraceProperties = PhAllocate(bufferSize);
memset(EtpRundownTraceProperties, 0, sizeof(EVENT_TRACE_PROPERTIES));
EtpRundownTraceProperties->Wnode.BufferSize = bufferSize;
EtpRundownTraceProperties->Wnode.ClientContext = 1;
EtpRundownTraceProperties->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
EtpRundownTraceProperties->MinimumBuffers = 1;
EtpRundownTraceProperties->LogFileMode = EVENT_TRACE_REAL_TIME_MODE;
EtpRundownTraceProperties->FlushTimer = 1;
EtpRundownTraceProperties->LogFileNameOffset = 0;
EtpRundownTraceProperties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
result = StartTrace(&EtpRundownSessionHandle, EtpRundownLoggerName.Buffer, EtpRundownTraceProperties);
if (result == ERROR_ALREADY_EXISTS)
{
EtpStopEtwRundownSession();
// ControlTrace (called from EtpStopEtwRundownSession) screws up the structure.
EtpRundownTraceProperties->Wnode.BufferSize = bufferSize;
EtpRundownTraceProperties->LogFileNameOffset = 0;
EtpRundownTraceProperties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
result = StartTrace(&EtpRundownSessionHandle, EtpRundownLoggerName.Buffer, EtpRundownTraceProperties);
}
if (result != ERROR_SUCCESS)
return result;
result = EnableTraceEx(&KernelRundownGuid_I, NULL, EtpRundownSessionHandle, 1, 0, 0x10, 0, 0, NULL);
if (result != ERROR_SUCCESS)
{
EtpStopEtwRundownSession();
return result;
}
EtpRundownActive = TRUE;
EtpRundownEtwMonitorThreadHandle = PhCreateThread(0, EtpRundownEtwMonitorThreadStart, NULL);
return result;
}
VOID ShowDialog(VOID)
{
if (!GfxWindowHandle)
{
if (!(GfxThreadHandle = PhCreateThread(0, WindowThreadStart, NULL)))
{
PhShowStatus(PhMainWndHandle, L"Unable to create the Graphics information window.", 0, GetLastError());
return;
}
PhWaitForEvent(&InitializedEvent, NULL);
}
SendMessage(GfxWindowHandle, WM_GFX_ACTIVATE, 0, 0);
}
VOID ShowUpdateDialog(
_In_opt_ PPH_UPDATER_CONTEXT Context
)
{
if (!UpdateDialogThreadHandle)
{
if (!(UpdateDialogThreadHandle = PhCreateThread(0, ShowUpdateDialogThread, Context)))
{
PhShowStatus(PhMainWndHandle, L"Unable to create the updater window.", 0, GetLastError());
return;
}
PhWaitForEvent(&InitializedEvent, NULL);
}
PostMessage(UpdateDialogHandle, PH_SHOWDIALOG, 0, 0);
}
BOOL PropSheetPage4_OnNotify(
_In_ HWND hwndDlg,
_In_ INT idCtrl,
_Inout_ LPNMHDR lpNmh
)
{
LPPSHNOTIFY pageNotify = (LPPSHNOTIFY)lpNmh;
switch (pageNotify->hdr.code)
{
case PSN_SETACTIVE:
{
HWND hwPropSheet = pageNotify->hdr.hwndFrom;
// Disable Next/Back buttons
PropSheet_SetWizButtons(hwPropSheet, 0);
_hwndProgress = hwndDlg;
SetTimer(hwndDlg, 1, 100, NULL);
PhCreateThread(0, DownloadThread, hwPropSheet);
}
break;
case PSN_QUERYCANCEL:
{
//if (UpdateResetState == InstallStateResetting || UpdateResetState == InstallStateInstalling)
//PropSheet_CancelToClose(GetParent(hwndDlg));
//EnableMenuItem(GetSystemMenu(GetParent(hwndDlg), FALSE), SC_CLOSE, MF_GRAYED);
//EnableMenuItem(GetSystemMenu(GetParent(hwndDlg), FALSE), SC_CLOSE, MF_ENABLED);
//SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, (LPARAM)TRUE);
//return TRUE;
}
break;
case PSN_KILLACTIVE:
{
KillTimer(hwndDlg, 1);
}
break;
}
return FALSE;
}
VOID ShowUpdateDialog(
VOID
)
{
if (!UpdaterDialogThreadHandle)
{
if (!(UpdaterDialogThreadHandle = PhCreateThread(0, (PUSER_THREAD_START_ROUTINE)ShowUpdateDialogThreadStart, NULL)))
{
PhShowStatus(PhMainWndHandle, L"Unable to create the updater window.", 0, GetLastError());
return;
}
PhWaitForEvent(&InitializedEvent, NULL);
}
SendMessage(UpdateDialogHandle, WM_SHOWDIALOG, 0, 0);
}
ULONG UpdateDotNetTraceInfoWithTimeout(
_In_ PASMPAGE_QUERY_CONTEXT Context,
_In_ BOOLEAN ClrV2,
_In_opt_ PLARGE_INTEGER Timeout
)
{
HANDLE threadHandle;
BOOLEAN timeout = FALSE;
// ProcessDotNetTrace is not guaranteed to complete within any period of time, because
// the target process might terminate before it writes the DCStartComplete_V1 event.
// If the timeout is reached, the trace handle is closed, forcing ProcessTrace to stop
// processing.
Context->TraceClrV2 = ClrV2;
Context->TraceResult = 0;
Context->TraceHandleActive = 0;
Context->TraceHandle = 0;
threadHandle = PhCreateThread(0, UpdateDotNetTraceInfoThreadStart, Context);
if (NtWaitForSingleObject(threadHandle, FALSE, Timeout) != STATUS_WAIT_0)
{
// Timeout has expired. Stop the trace processing if it's still active.
// BUG: This assumes that the thread is in ProcessTrace. It might still be
// setting up though!
if (_InterlockedExchange(&Context->TraceHandleActive, 0) == 1)
{
CloseTrace(Context->TraceHandle);
timeout = TRUE;
}
NtWaitForSingleObject(threadHandle, FALSE, NULL);
}
NtClose(threadHandle);
if (timeout)
return ERROR_TIMEOUT;
return Context->TraceResult;
}
HRESULT CALLBACK TaskDialogProgressCallbackProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam,
_In_ LONG_PTR dwRefData
)
{
PUPLOAD_CONTEXT context = (PUPLOAD_CONTEXT)dwRefData;
switch (uMsg)
{
case TDN_NAVIGATED:
{
SendMessage(hwndDlg, TDM_SET_MARQUEE_PROGRESS_BAR, TRUE, 0);
SendMessage(hwndDlg, TDM_SET_PROGRESS_BAR_MARQUEE, TRUE, 1);
if (context->TaskbarListClass)
ITaskbarList3_SetProgressState(context->TaskbarListClass, PhMainWndHandle, TBPF_INDETERMINATE);
PhReferenceObject(context);
context->UploadThreadHandle = PhCreateThread(0, UploadFileThreadStart, context);
}
break;
case TDN_BUTTON_CLICKED:
{
if ((INT)wParam == IDCANCEL)
{
if (context->UploadThreadHandle)
{
NtClose(context->UploadThreadHandle);
context->UploadThreadHandle = NULL;
}
}
}
break;
}
return S_OK;
}
VOID PhpInitializeServiceNonPoll(
VOID
)
{
// Dynamically import the required functions.
NotifyServiceStatusChangeW_I = PhGetModuleProcAddress(L"advapi32.dll", "NotifyServiceStatusChangeW");
if (!NotifyServiceStatusChangeW_I)
return;
PhpNonPollActive = TRUE;
PhpNonPollGate = 1; // initially the gate should be open since we only just initialized everything
PhpNonPollThreadHandle = PhCreateThread(0, PhpServiceNonPollThreadStart, NULL);
if (!PhpNonPollThreadHandle)
{
PhpNonPollActive = FALSE;
return;
}
}
static INT_PTR CALLBACK RotViewDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PROT_WINDOW_CONTEXT context;
if (uMsg == WM_INITDIALOG)
{
context = (PROT_WINDOW_CONTEXT)PhAllocate(sizeof(ROT_WINDOW_CONTEXT));
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PROT_WINDOW_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
{
PhSaveWindowPlacementToSetting(SETTING_NAME_WINDOW_POSITION, SETTING_NAME_WINDOW_SIZE, hwndDlg);
PhDeleteLayoutManager(&context->LayoutManager);
PhUnregisterDialog(hwndDlg);
RemoveProp(hwndDlg, L"Context");
PhFree(context);
}
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HANDLE threadHandle;
context->ListViewHandle = GetDlgItem(hwndDlg, IDC_LIST1);
PhRegisterDialog(hwndDlg);
PhSetListViewStyle(context->ListViewHandle, FALSE, TRUE);
PhSetControlTheme(context->ListViewHandle, L"explorer");
PhAddListViewColumn(context->ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 420, L"Display Name");
PhSetExtendedListView(context->ListViewHandle);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, context->ListViewHandle, NULL, PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_ROTREFRESH), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_RIGHT);
PhLoadWindowPlacementFromSetting(SETTING_NAME_WINDOW_POSITION, SETTING_NAME_WINDOW_SIZE, hwndDlg);
if (threadHandle = PhCreateThread(0, EnumRunningObjectTable, context->ListViewHandle))
{
NtClose(threadHandle);
}
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&context->LayoutManager);
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_ROTREFRESH:
{
ListView_DeleteAllItems(context->ListViewHandle);
HANDLE threadHandle;
if (threadHandle = PhCreateThread(0, EnumRunningObjectTable, context->ListViewHandle))
{
NtClose(threadHandle);
}
}
break;
case IDCANCEL:
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
}
}
break;
}
return FALSE;
}
NTSTATUS PhSvcApiPortInitialization(
_In_ PUNICODE_STRING PortName
)
{
static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
NTSTATUS status;
OBJECT_ATTRIBUTES objectAttributes;
PSECURITY_DESCRIPTOR securityDescriptor;
ULONG sdAllocationLength;
UCHAR administratorsSidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG) * 2];
PSID administratorsSid;
PACL dacl;
ULONG i;
HANDLE threadHandle;
// Create the API port.
administratorsSid = (PSID)administratorsSidBuffer;
RtlInitializeSid(administratorsSid, &ntAuthority, 2);
*RtlSubAuthoritySid(administratorsSid, 0) = SECURITY_BUILTIN_DOMAIN_RID;
*RtlSubAuthoritySid(administratorsSid, 1) = DOMAIN_ALIAS_RID_ADMINS;
sdAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH +
(ULONG)sizeof(ACL) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(administratorsSid) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(&PhSeEveryoneSid);
securityDescriptor = PhAllocate(sdAllocationLength);
dacl = (PACL)((PCHAR)securityDescriptor + SECURITY_DESCRIPTOR_MIN_LENGTH);
RtlCreateSecurityDescriptor(securityDescriptor, SECURITY_DESCRIPTOR_REVISION);
RtlCreateAcl(dacl, sdAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION);
RtlAddAccessAllowedAce(dacl, ACL_REVISION, PORT_ALL_ACCESS, administratorsSid);
RtlAddAccessAllowedAce(dacl, ACL_REVISION, PORT_CONNECT, &PhSeEveryoneSid);
RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE);
InitializeObjectAttributes(
&objectAttributes,
PortName,
OBJ_CASE_INSENSITIVE,
NULL,
securityDescriptor
);
status = NtCreatePort(
&PhSvcApiPortHandle,
&objectAttributes,
sizeof(PHSVC_API_CONNECTINFO),
PhIsExecutingInWow64() ? sizeof(PHSVC_API_MSG64) : sizeof(PHSVC_API_MSG),
0
);
PhFree(securityDescriptor);
if (!NT_SUCCESS(status))
return status;
// Start the API threads.
PhSvcApiThreadContextTlsIndex = TlsAlloc();
for (i = 0; i < 2; i++)
{
threadHandle = PhCreateThread(0, PhSvcApiRequestThreadStart, NULL);
if (threadHandle)
NtClose(threadHandle);
}
return status;
}
INT_PTR CALLBACK UpdaterWndProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
LOGFONT lHeaderFont = { 0 };
// load the PH main icon using the 'magic' resource id.
HANDLE hPhIcon = LoadImage(
GetModuleHandle(NULL),
MAKEINTRESOURCE(PHAPP_IDI_PROCESSHACKER),
IMAGE_ICON,
GetSystemMetrics(SM_CXICON),
GetSystemMetrics(SM_CYICON),
LR_SHARED
);
// Set our initial state as download
PhUpdaterState = Download;
// Set the window icon.
SendMessage(hwndDlg, WM_SETICON, ICON_BIG, (LPARAM)hPhIcon);
lHeaderFont.lfHeight = -15;
lHeaderFont.lfWeight = FW_MEDIUM;
lHeaderFont.lfQuality = CLEARTYPE_QUALITY | ANTIALIASED_QUALITY;
// We don't check if Segoe exists, CreateFontIndirect does this for us.
wcscpy_s(
lHeaderFont.lfFaceName,
_countof(lHeaderFont.lfFaceName),
L"Segoe UI"
);
// Create the font handle.
FontHandle = CreateFontIndirectW(&lHeaderFont);
// Set the header font.
SendMessage(GetDlgItem(hwndDlg, IDC_MESSAGE), WM_SETFONT, (WPARAM)FontHandle, FALSE);
// Center the update window on PH if visible and not mimimized else center on desktop.
PhCenterWindow(hwndDlg, (IsWindowVisible(GetParent(hwndDlg)) && !IsIconic(GetParent(hwndDlg))) ? GetParent(hwndDlg) : NULL);
// Create our update check thread.
UpdateCheckThreadHandle = PhCreateThread(0, (PUSER_THREAD_START_ROUTINE)CheckUpdateThreadStart, hwndDlg);
}
break;
case WM_SHOWDIALOG:
{
if (IsIconic(hwndDlg))
ShowWindow(hwndDlg, SW_RESTORE);
else
ShowWindow(hwndDlg, SW_SHOW);
SetForegroundWindow(hwndDlg);
}
break;
case WM_CTLCOLORBTN:
case WM_CTLCOLORDLG:
case WM_CTLCOLORSTATIC:
{
HDC hDC = (HDC)wParam;
HWND hwndChild = (HWND)lParam;
// Check for our static label and change the color.
if (GetDlgCtrlID(hwndChild) == IDC_MESSAGE)
{
SetTextColor(hDC, RGB(19, 112, 171));
}
// Set a transparent background for the control backcolor.
SetBkMode(hDC, TRANSPARENT);
// set window background color.
return (INT_PTR)GetSysColorBrush(COLOR_WINDOW);
}
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
{
PostQuitMessage(0);
}
break;
case IDC_DOWNLOAD:
{
switch (PhUpdaterState)
{
case Download:
{
if (PhInstalledUsingSetup())
{
// Start our Downloader thread
DownloadThreadHandle = PhCreateThread(0, (PUSER_THREAD_START_ROUTINE)DownloadUpdateThreadStart, hwndDlg);
}
else
{
// Let the user handle non-setup installation, show the homepage and close this dialog.
PhShellExecute(hwndDlg, L"http://processhacker.sourceforge.net/downloads.php", NULL);
PostQuitMessage(0);
}
}
break;
case Install:
{
SHELLEXECUTEINFO info = { sizeof(SHELLEXECUTEINFO) };
info.lpFile = SetupFilePath->Buffer;
info.lpVerb = L"runas";
info.nShow = SW_SHOW;
info.hwnd = hwndDlg;
ProcessHacker_PrepareForEarlyShutdown(PhMainWndHandle);
if (!ShellExecuteEx(&info))
{
// Install failed, cancel the shutdown.
ProcessHacker_CancelEarlyShutdown(PhMainWndHandle);
// Set button text for next action
Button_SetText(GetDlgItem(hwndDlg, IDC_DOWNLOAD), L"Retry");
}
else
{
ProcessHacker_Destroy(PhMainWndHandle);
}
}
break;
}
}
break;
}
break;
}
break;
case WM_UPDATE:
{
if (IsUpdating)
{
DWORD time_taken;
DWORD download_speed;
//DWORD time_remain = (MulDiv(time_taken, contentLength, bytesDownloaded) - time_taken);
int percent;
PPH_STRING dlRemaningBytes;
PPH_STRING dlLength;
PPH_STRING dlSpeed;
PPH_STRING statusText;
PhAcquireQueuedLockExclusive(&Lock);
time_taken = (GetTickCount() - timeTransferred);
download_speed = (bytesDownloaded / max(time_taken, 1));
percent = MulDiv(100, bytesDownloaded, contentLength);
dlRemaningBytes = PhFormatSize(bytesDownloaded, -1);
dlLength = PhFormatSize(contentLength, -1);
dlSpeed = PhFormatSize(download_speed * 1024, -1);
LastUpdateTime = GetTickCount();
PhReleaseQueuedLockExclusive(&Lock);
statusText = PhFormatString(
L"%s (%d%%) of %s @ %s/s",
dlRemaningBytes->Buffer,
percent,
dlLength->Buffer,
dlSpeed->Buffer
);
SetDlgItemText(hwndDlg, IDC_STATUS, statusText->Buffer);
SendDlgItemMessage(hwndDlg, IDC_PROGRESS, PBM_SETPOS, percent, 0);
PhDereferenceObject(statusText);
PhDereferenceObject(dlSpeed);
PhDereferenceObject(dlLength);
PhDereferenceObject(dlRemaningBytes);
IsUpdating = FALSE;
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK NetworkOutputDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
PNETWORK_OUTPUT_CONTEXT context;
if (uMsg == WM_INITDIALOG)
{
context = (PNETWORK_OUTPUT_CONTEXT)lParam;
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PNETWORK_OUTPUT_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
RemoveProp(hwndDlg, L"Context");
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
WCHAR addressString[65];
HANDLE pipeWriteHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
context->WindowHandle = hwndDlg;
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_TEXT), NULL, PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_RIGHT);
if (context->Address.Type == PH_IPV4_NETWORK_TYPE)
RtlIpv4AddressToString(&context->Address.InAddr, addressString);
else
RtlIpv6AddressToString(&context->Address.In6Addr, addressString);
switch (context->Action)
{
case NETWORK_ACTION_PING:
case NETWORK_ACTION_TRACEROUTE:
if (context->Action == NETWORK_ACTION_PING)
{
SetWindowText(hwndDlg,
PhaFormatString(L"Pinging %s...", addressString)->Buffer);
}
else
{
SetWindowText(hwndDlg,
PhaFormatString(L"Tracing route to %s...", addressString)->Buffer);
}
// Doing this properly would be too complex, so we'll just
// execute ping.exe/traceroute.exe and display its output.
if (CreatePipe(&context->PipeReadHandle, &pipeWriteHandle, NULL, 0))
{
STARTUPINFO startupInfo = { sizeof(startupInfo) };
PPH_STRING command;
OBJECT_HANDLE_FLAG_INFORMATION flagInfo;
startupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
startupInfo.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
startupInfo.hStdOutput = pipeWriteHandle;
startupInfo.hStdError = pipeWriteHandle;
startupInfo.wShowWindow = SW_HIDE;
if (context->Action == NETWORK_ACTION_PING)
{
command = PhaFormatString(
L"%s\\system32\\ping.exe %s",
USER_SHARED_DATA->NtSystemRoot,
addressString
);
}
else
{
command = PhaFormatString(
L"%s\\system32\\tracert.exe %s",
USER_SHARED_DATA->NtSystemRoot,
addressString
);
}
// Allow the write handle to be inherited.
flagInfo.Inherit = TRUE;
flagInfo.ProtectFromClose = FALSE;
NtSetInformationObject(
pipeWriteHandle,
ObjectHandleFlagInformation,
&flagInfo,
sizeof(OBJECT_HANDLE_FLAG_INFORMATION)
);
PhCreateProcessWin32Ex(
NULL,
command->Buffer,
NULL,
NULL,
&startupInfo,
PH_CREATE_PROCESS_INHERIT_HANDLES,
NULL,
NULL,
&context->ProcessHandle,
NULL
);
// Essential; when the process exits, the last instance of the pipe
// will be disconnected and our thread will exit.
NtClose(pipeWriteHandle);
// Create a thread which will wait for output and display it.
context->ThreadHandle = PhCreateThread(0, NetworkWorkerThreadStart, context);
}
break;
}
}
break;
case WM_DESTROY:
{
PhAcquireQueuedLockExclusive(&context->WindowHandleLock);
context->WindowHandle = NULL;
PhReleaseQueuedLockExclusive(&context->WindowHandleLock);
if (context->ProcessHandle)
{
NtTerminateProcess(context->ProcessHandle, STATUS_SUCCESS);
NtClose(context->ProcessHandle);
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
}
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&context->LayoutManager);
break;
case NTM_DONE:
{
PPH_STRING windowText = PhGetWindowText(hwndDlg);
if (windowText)
{
SetWindowText(hwndDlg, PhaFormatString(L"%s Finished.", windowText->Buffer)->Buffer);
PhDereferenceObject(windowText);
}
}
break;
case NTM_RECEIVED:
{
OEM_STRING inputString;
UNICODE_STRING convertedString;
if (wParam != 0)
{
inputString.Buffer = (PCHAR)lParam;
inputString.Length = (USHORT)wParam;
if (NT_SUCCESS(RtlOemStringToUnicodeString(&convertedString, &inputString, TRUE)))
{
PhAppendStringBuilderEx(&context->ReceivedString, convertedString.Buffer, convertedString.Length);
RtlFreeUnicodeString(&convertedString);
// Remove leading newlines.
if (
context->ReceivedString.String->Length >= 2 * 2 &&
context->ReceivedString.String->Buffer[0] == '\r' && context->ReceivedString.String->Buffer[1] == '\n'
)
{
PhRemoveStringBuilder(&context->ReceivedString, 0, 2);
}
SetDlgItemText(hwndDlg, IDC_TEXT, context->ReceivedString.String->Buffer);
SendMessage(
GetDlgItem(hwndDlg, IDC_TEXT),
EM_SETSEL,
context->ReceivedString.String->Length / 2 - 1,
context->ReceivedString.String->Length / 2 - 1
);
SendMessage(GetDlgItem(hwndDlg, IDC_TEXT), WM_VSCROLL, SB_BOTTOM, 0);
}
}
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK NetworkOutputDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PNETWORK_OUTPUT_CONTEXT context;
if (uMsg == WM_INITDIALOG)
{
context = (PNETWORK_OUTPUT_CONTEXT)lParam;
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PNETWORK_OUTPUT_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
{
PhSaveWindowPlacementToSetting(SETTING_NAME_TRACERT_WINDOW_POSITION, SETTING_NAME_TRACERT_WINDOW_SIZE, hwndDlg);
PhDeleteLayoutManager(&context->LayoutManager);
if (context->ProcessHandle)
{
// Terminate the child process.
PhTerminateProcess(context->ProcessHandle, STATUS_SUCCESS);
// Close the child process handle.
NtClose(context->ProcessHandle);
}
// Close the pipe handle.
if (context->PipeReadHandle)
NtClose(context->PipeReadHandle);
RemoveProp(hwndDlg, L"Context");
PhFree(context);
}
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
PH_RECTANGLE windowRectangle;
context->WindowHandle = hwndDlg;
context->OutputHandle = GetDlgItem(hwndDlg, IDC_NETOUTPUTEDIT);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, context->OutputHandle, NULL, PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_MORE_INFO), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL, PH_ANCHOR_BOTTOM | PH_ANCHOR_RIGHT);
windowRectangle.Position = PhGetIntegerPairSetting(SETTING_NAME_TRACERT_WINDOW_POSITION);
windowRectangle.Size = PhGetIntegerPairSetting(SETTING_NAME_TRACERT_WINDOW_SIZE);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 190;
rect.bottom = 120;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
// Check for first-run default position.
if (windowRectangle.Position.X == 0 || windowRectangle.Position.Y == 0)
{
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
}
else
{
PhLoadWindowPlacementFromSetting(SETTING_NAME_TRACERT_WINDOW_POSITION, SETTING_NAME_TRACERT_WINDOW_SIZE, hwndDlg);
}
if (context->IpAddress.Type == PH_IPV4_NETWORK_TYPE)
{
RtlIpv4AddressToString(&context->IpAddress.InAddr, context->IpAddressString);
}
else
{
RtlIpv6AddressToString(&context->IpAddress.In6Addr, context->IpAddressString);
}
switch (context->Action)
{
case NETWORK_ACTION_TRACEROUTE:
{
HANDLE dialogThread = INVALID_HANDLE_VALUE;
Static_SetText(context->WindowHandle,
PhaFormatString(L"Tracing route to %s...", context->IpAddressString)->Buffer
);
if (dialogThread = PhCreateThread(0, NetworkTracertThreadStart, (PVOID)context))
NtClose(dialogThread);
}
break;
case NETWORK_ACTION_WHOIS:
{
HANDLE dialogThread = INVALID_HANDLE_VALUE;
Static_SetText(context->WindowHandle,
PhaFormatString(L"Whois %s...", context->IpAddressString)->Buffer
);
ShowWindow(GetDlgItem(hwndDlg, IDC_MORE_INFO), SW_SHOW);
if (dialogThread = PhCreateThread(0, NetworkWhoisThreadStart, (PVOID)context))
NtClose(dialogThread);
}
break;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
PostQuitMessage(0);
break;
}
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&context->LayoutManager);
break;
case WM_SIZING:
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
break;
case WM_CTLCOLORDLG:
case WM_CTLCOLORSTATIC:
{
HDC hDC = (HDC)wParam;
HWND hwndChild = (HWND)lParam;
// Check if old graph colors are enabled.
if (!PhGetIntegerSetting(L"GraphColorMode"))
break;
// Set a transparent background for the control backcolor.
SetBkMode(hDC, TRANSPARENT);
// Check for our edit control and change the color.
if (hwndChild == context->OutputHandle)
{
// Set text color as the Green PH graph text color.
SetTextColor(hDC, RGB(124, 252, 0));
// Set a black control backcolor.
return (INT_PTR)GetStockBrush(BLACK_BRUSH);
}
}
break;
case WM_NOTIFY:
{
switch (((LPNMHDR)lParam)->code)
{
case NM_CLICK:
case NM_RETURN:
{
PNMLINK syslink = (PNMLINK)lParam;
if (syslink->hdr.idFrom == IDC_MORE_INFO)
{
PhShellExecute(
PhMainWndHandle,
PhaConcatStrings2(L"http://wq.apnic.net/apnic-bin/whois.pl?searchtext=", context->IpAddressString)->Buffer,
NULL
);
}
}
break;
}
}
break;
case NTM_RECEIVEDTRACE:
{
OEM_STRING inputString;
UNICODE_STRING convertedString;
PH_STRING_BUILDER receivedString;
if (wParam != 0)
{
inputString.Buffer = (PCHAR)lParam;
inputString.Length = (USHORT)wParam;
if (NT_SUCCESS(RtlOemStringToUnicodeString(&convertedString, &inputString, TRUE)))
{
PPH_STRING windowText = NULL;
PhInitializeStringBuilder(&receivedString, PAGE_SIZE);
// Get the current output text.
windowText = PhGetWindowText(context->OutputHandle);
// Append the current output text to the New string.
if (!PhIsNullOrEmptyString(windowText))
PhAppendStringBuilder(&receivedString, &windowText->sr);
PhAppendFormatStringBuilder(&receivedString, L"%s", convertedString.Buffer);
// Remove leading newlines.
if (receivedString.String->Length >= 2 * 2 &&
receivedString.String->Buffer[0] == '\r' &&
receivedString.String->Buffer[1] == '\n')
{
PhRemoveStringBuilder(&receivedString, 0, 2);
}
SetWindowText(context->OutputHandle, receivedString.String->Buffer);
SendMessage(
context->OutputHandle,
EM_SETSEL,
receivedString.String->Length / 2 - 1,
receivedString.String->Length / 2 - 1
);
SendMessage(context->OutputHandle, WM_VSCROLL, SB_BOTTOM, 0);
PhDereferenceObject(windowText);
PhDeleteStringBuilder(&receivedString);
RtlFreeUnicodeString(&convertedString);
}
}
}
break;
case NTM_RECEIVEDWHOIS:
{
OEM_STRING inputString;
UNICODE_STRING convertedString;
PH_STRING_BUILDER receivedString;
if (lParam != 0)
{
inputString.Buffer = (PCHAR)lParam;
inputString.Length = (USHORT)wParam;
if (NT_SUCCESS(RtlOemStringToUnicodeString(&convertedString, &inputString, TRUE)))
{
USHORT i;
PhInitializeStringBuilder(&receivedString, PAGE_SIZE);
// Convert carriage returns.
for (i = 0; i < convertedString.Length; i++)
{
if (convertedString.Buffer[i] == '\n')
{
PhAppendStringBuilder2(&receivedString, L"\r\n");
}
else
{
PhAppendCharStringBuilder(&receivedString, convertedString.Buffer[i]);
}
}
// Remove leading newlines.
if (receivedString.String->Length >= 2 * 2 &&
receivedString.String->Buffer[0] == '\r' &&
receivedString.String->Buffer[1] == '\n')
{
PhRemoveStringBuilder(&receivedString, 0, 2);
}
SetWindowText(context->OutputHandle, receivedString.String->Buffer);
SendMessage(
context->OutputHandle,
EM_SETSEL,
receivedString.String->Length / 2 - 1,
receivedString.String->Length / 2 - 1
);
SendMessage(context->OutputHandle, WM_VSCROLL, SB_TOP, 0);
PhDeleteStringBuilder(&receivedString);
RtlFreeUnicodeString(&convertedString);
}
PhFree((PVOID)lParam);
}
}
break;
case NTM_RECEIVEDFINISH:
{
PPH_STRING windowText = PhGetWindowText(context->WindowHandle);
if (windowText)
{
Static_SetText(
context->WindowHandle,
PhaFormatString(L"%s Finished.", windowText->Buffer)->Buffer
);
PhDereferenceObject(windowText);
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpProcessMiniDumpDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PPROCESS_MINIDUMP_CONTEXT context = (PPROCESS_MINIDUMP_CONTEXT)lParam;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
SetDlgItemText(hwndDlg, IDC_PROGRESSTEXT, L"Creating the dump file...");
PhSetWindowStyle(GetDlgItem(hwndDlg, IDC_PROGRESS), PBS_MARQUEE, PBS_MARQUEE);
SendMessage(GetDlgItem(hwndDlg, IDC_PROGRESS), PBM_SETMARQUEE, TRUE, 75);
context->WindowHandle = hwndDlg;
context->ThreadHandle = PhCreateThread(0, PhpProcessMiniDumpThreadStart, context);
if (!context->ThreadHandle)
{
PhShowStatus(hwndDlg, L"Unable to create the minidump thread", 0, GetLastError());
EndDialog(hwndDlg, IDCANCEL);
}
SetTimer(hwndDlg, 1, 500, NULL);
}
break;
case WM_DESTROY:
{
PPROCESS_MINIDUMP_CONTEXT context;
context = (PPROCESS_MINIDUMP_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
NtClose(context->ThreadHandle);
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
{
PPROCESS_MINIDUMP_CONTEXT context =
(PPROCESS_MINIDUMP_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
EnableWindow(GetDlgItem(hwndDlg, IDCANCEL), FALSE);
context->Stop = TRUE;
}
break;
}
}
break;
case WM_TIMER:
{
if (wParam == 1)
{
PPROCESS_MINIDUMP_CONTEXT context =
(PPROCESS_MINIDUMP_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
ULONG currentTickCount;
currentTickCount = GetTickCount();
if (currentTickCount - context->LastTickCount >= 2000)
{
// No status message update for 2 seconds.
SetDlgItemText(hwndDlg, IDC_PROGRESSTEXT,
(PWSTR)L"Creating the dump file...");
InvalidateRect(GetDlgItem(hwndDlg, IDC_PROGRESSTEXT), NULL, FALSE);
context->LastTickCount = currentTickCount;
}
}
}
break;
case WM_PH_MINIDUMP_STATUS_UPDATE:
{
PPROCESS_MINIDUMP_CONTEXT context;
context = (PPROCESS_MINIDUMP_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
switch (wParam)
{
case PH_MINIDUMP_STATUS_UPDATE:
SetDlgItemText(hwndDlg, IDC_PROGRESSTEXT, (PWSTR)lParam);
InvalidateRect(GetDlgItem(hwndDlg, IDC_PROGRESSTEXT), NULL, FALSE);
context->LastTickCount = GetTickCount();
break;
case PH_MINIDUMP_ERROR:
PhShowStatus(hwndDlg, L"Unable to create the minidump", 0, (ULONG)lParam);
break;
case PH_MINIDUMP_COMPLETED:
EndDialog(hwndDlg, IDOK);
break;
}
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpThreadStackProgressDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PTHREAD_STACK_CONTEXT threadStackContext;
HANDLE threadHandle;
threadStackContext = (PTHREAD_STACK_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)threadStackContext);
threadStackContext->ProgressWindowHandle = hwndDlg;
if (threadHandle = PhCreateThread(0, PhpRefreshThreadStackThreadStart, threadStackContext))
{
NtClose(threadHandle);
}
else
{
threadStackContext->WalkStatus = STATUS_UNSUCCESSFUL;
EndDialog(hwndDlg, IDOK);
break;
}
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhSetWindowStyle(GetDlgItem(hwndDlg, IDC_PROGRESS), PBS_MARQUEE, PBS_MARQUEE);
SendMessage(GetDlgItem(hwndDlg, IDC_PROGRESS), PBM_SETMARQUEE, TRUE, 75);
SetWindowText(hwndDlg, L"Loading stack...");
}
break;
case WM_DESTROY:
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
{
PTHREAD_STACK_CONTEXT threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
EnableWindow(GetDlgItem(hwndDlg, IDCANCEL), FALSE);
threadStackContext->StopWalk = TRUE;
}
break;
}
}
break;
case WM_PH_COMPLETED:
{
EndDialog(hwndDlg, IDOK);
}
break;
case WM_PH_STATUS_UPDATE:
{
PTHREAD_STACK_CONTEXT threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
PPH_STRING message;
PhAcquireQueuedLockExclusive(&threadStackContext->StatusLock);
message = threadStackContext->StatusMessage;
PhReferenceObject(message);
PhReleaseQueuedLockExclusive(&threadStackContext->StatusLock);
SetDlgItemText(hwndDlg, IDC_PROGRESSTEXT, message->Buffer);
PhDereferenceObject(message);
}
break;
}
return 0;
}
static INT_PTR CALLBACK PhpFindObjectsDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhFindObjectsListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_FILTER),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, lvHandle,
NULL, PH_ANCHOR_ALL);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 150;
MinimumSize.bottom = 100;
MapDialogRect(hwndDlg, &MinimumSize);
PhRegisterDialog(hwndDlg);
PhLoadWindowPlacementFromSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSetListViewStyle(lvHandle, TRUE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Process");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 100, L"Type");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Handle");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetSortFast(lvHandle, TRUE);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpObjectProcessCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpObjectTypeCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpObjectNameCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpObjectHandleCompareFunction);
PhLoadListViewColumnsFromSetting(L"FindObjListViewColumns", lvHandle);
}
break;
case WM_DESTROY:
{
PhSaveWindowPlacementToSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"FindObjListViewColumns", PhFindObjectsListViewHandle);
}
break;
case WM_SHOWWINDOW:
{
SetFocus(GetDlgItem(hwndDlg, IDC_FILTER));
Edit_SetSel(GetDlgItem(hwndDlg, IDC_FILTER), 0, -1);
}
break;
case WM_CLOSE:
{
ShowWindow(hwndDlg, SW_HIDE);
// IMPORTANT
// Set the result to 0 so the default dialog message
// handler doesn't invoke IDCANCEL, which will send
// WM_CLOSE, creating an infinite loop.
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0);
}
return TRUE;
case WM_SETCURSOR:
{
if (SearchThreadHandle)
{
SetCursor(LoadCursor(NULL, IDC_WAIT));
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, TRUE);
return TRUE;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDOK:
{
// Don't continue if the user requested cancellation.
if (SearchStop)
break;
if (!SearchThreadHandle)
{
ULONG i;
// Cleanup previous results.
ListView_DeleteAllItems(PhFindObjectsListViewHandle);
if (SearchResults)
{
for (i = 0; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
PhDereferenceObject(searchResult->TypeName);
PhDereferenceObject(searchResult->Name);
if (searchResult->ProcessName)
PhDereferenceObject(searchResult->ProcessName);
PhFree(searchResult);
}
PhDereferenceObject(SearchResults);
}
// Start the search.
SearchString = PhGetWindowText(GetDlgItem(hwndDlg, IDC_FILTER));
SearchResults = PhCreateList(128);
SearchResultsAddIndex = 0;
SearchThreadHandle = PhCreateThread(0, PhpFindObjectsThreadStart, NULL);
if (!SearchThreadHandle)
break;
SetDlgItemText(hwndDlg, IDOK, L"Cancel");
SetCursor(LoadCursor(NULL, IDC_WAIT));
}
else
{
SearchStop = TRUE;
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
}
break;
case IDCANCEL:
{
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
}
break;
case ID_OBJECT_CLOSE:
{
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
ULONG i;
PhGetSelectedListViewItemParams(
PhFindObjectsListViewHandle,
&results,
&numberOfResults
);
if (numberOfResults != 0 && PhShowConfirmMessage(
hwndDlg,
L"close",
numberOfResults == 1 ? L"the selected handle" : L"the selected handles",
L"Closing handles may cause system instability and data corruption.",
FALSE
))
{
for (i = 0; i < numberOfResults; i++)
{
NTSTATUS status;
HANDLE processHandle;
if (results[i]->ResultType != HandleSearchResult)
continue;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_DUP_HANDLE,
results[i]->ProcessId
)))
{
if (NT_SUCCESS(status = PhDuplicateObject(
processHandle,
results[i]->Handle,
NULL,
NULL,
0,
0,
DUPLICATE_CLOSE_SOURCE
)))
{
PhRemoveListViewItem(PhFindObjectsListViewHandle,
PhFindListViewItemByParam(PhFindObjectsListViewHandle, 0, results[i]));
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
{
if (!PhShowContinueStatus(hwndDlg,
PhaFormatString(L"Unable to close \"%s\"", results[i]->Name->Buffer)->Buffer,
status,
0
))
break;
}
}
}
PhFree(results);
}
break;
case ID_OBJECT_PROCESSPROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItem(result->ProcessId))
{
ProcessHacker_ShowProcessProperties(PhMainWndHandle, processItem);
PhDereferenceObject(processItem);
}
}
}
break;
case ID_OBJECT_PROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
if (result->ResultType == HandleSearchResult)
{
PPH_HANDLE_ITEM handleItem;
handleItem = PhCreateHandleItem(&result->Info);
handleItem->BestObjectName = handleItem->ObjectName = result->Name;
PhReferenceObjectEx(result->Name, 2);
handleItem->TypeName = result->TypeName;
PhReferenceObject(result->TypeName);
PhShowHandleProperties(
hwndDlg,
result->ProcessId,
handleItem
);
PhDereferenceObject(handleItem);
}
else
{
// DLL or Mapped File. Just show file properties.
PhShellProperties(hwndDlg, result->Name->Buffer);
}
}
}
break;
case ID_OBJECT_COPY:
{
PhCopyListView(PhFindObjectsListViewHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_PROPERTIES, 0);
}
}
break;
case LVN_KEYDOWN:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
LPNMLVKEYDOWN keyDown = (LPNMLVKEYDOWN)header;
switch (keyDown->wVKey)
{
case 'C':
if (GetKeyState(VK_CONTROL) < 0)
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_COPY, 0);
break;
case VK_DELETE:
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_CLOSE, 0);
break;
}
}
}
break;
}
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == PhFindObjectsListViewHandle)
{
POINT point;
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
PhGetSelectedListViewItemParams(PhFindObjectsListViewHandle, &results, &numberOfResults);
if (numberOfResults != 0)
{
HMENU menu;
HMENU subMenu;
menu = LoadMenu(PhInstanceHandle, MAKEINTRESOURCE(IDR_FINDOBJ));
subMenu = GetSubMenu(menu, 0);
SetMenuDefaultItem(subMenu, ID_OBJECT_PROPERTIES, FALSE);
PhpInitializeFindObjMenu(
subMenu,
results,
numberOfResults
);
PhShowContextMenu(
hwndDlg,
PhFindObjectsListViewHandle,
subMenu,
point
);
DestroyMenu(menu);
}
PhFree(results);
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_SEARCH_UPDATE:
{
HWND lvHandle;
ULONG i;
lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
ExtendedListView_SetRedraw(lvHandle, FALSE);
PhAcquireQueuedLockExclusive(&SearchResultsLock);
for (i = SearchResultsAddIndex; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
CLIENT_ID clientId;
PPH_PROCESS_ITEM processItem;
PPH_STRING clientIdName;
INT lvItemIndex;
clientId.UniqueProcess = searchResult->ProcessId;
clientId.UniqueThread = NULL;
processItem = PhReferenceProcessItem(clientId.UniqueProcess);
clientIdName = PhGetClientIdNameEx(&clientId, processItem ? processItem->ProcessName : NULL);
lvItemIndex = PhAddListViewItem(
lvHandle,
MAXINT,
clientIdName->Buffer,
searchResult
);
PhDereferenceObject(clientIdName);
if (processItem)
{
searchResult->ProcessName = processItem->ProcessName;
PhReferenceObject(searchResult->ProcessName);
PhDereferenceObject(processItem);
}
else
{
searchResult->ProcessName = NULL;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, searchResult->TypeName->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, searchResult->Name->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, searchResult->HandleString);
}
SearchResultsAddIndex = i;
PhReleaseQueuedLockExclusive(&SearchResultsLock);
ExtendedListView_SetRedraw(lvHandle, TRUE);
}
break;
case WM_PH_SEARCH_FINISHED:
{
// Add any un-added items.
SendMessage(hwndDlg, WM_PH_SEARCH_UPDATE, 0, 0);
PhDereferenceObject(SearchString);
NtWaitForSingleObject(SearchThreadHandle, FALSE, NULL);
NtClose(SearchThreadHandle);
SearchThreadHandle = NULL;
SearchStop = FALSE;
ExtendedListView_SortItems(GetDlgItem(hwndDlg, IDC_RESULTS));
SetDlgItemText(hwndDlg, IDOK, L"Find");
EnableWindow(GetDlgItem(hwndDlg, IDOK), TRUE);
SetCursor(LoadCursor(NULL, IDC_ARROW));
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpFindObjectsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhFindObjectsListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_FILTER),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_REGEX),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, lvHandle,
NULL, PH_ANCHOR_ALL);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 150;
MinimumSize.bottom = 100;
MapDialogRect(hwndDlg, &MinimumSize);
PhRegisterDialog(hwndDlg);
PhLoadWindowPlacementFromSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSetListViewStyle(lvHandle, TRUE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Process");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 100, L"Type");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Handle");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetSortFast(lvHandle, TRUE);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpObjectProcessCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpObjectTypeCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpObjectNameCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpObjectHandleCompareFunction);
PhLoadListViewColumnsFromSetting(L"FindObjListViewColumns", lvHandle);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_REGEX), PhGetIntegerSetting(L"FindObjRegex") ? BST_CHECKED : BST_UNCHECKED);
}
break;
case WM_DESTROY:
{
PhSetIntegerSetting(L"FindObjRegex", Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED);
PhSaveWindowPlacementToSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"FindObjListViewColumns", PhFindObjectsListViewHandle);
}
break;
case WM_SHOWWINDOW:
{
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_FILTER), TRUE);
Edit_SetSel(GetDlgItem(hwndDlg, IDC_FILTER), 0, -1);
}
break;
case WM_CLOSE:
{
ShowWindow(hwndDlg, SW_HIDE);
// IMPORTANT
// Set the result to 0 so the default dialog message
// handler doesn't invoke IDCANCEL, which will send
// WM_CLOSE, creating an infinite loop.
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0);
}
return TRUE;
case WM_SETCURSOR:
{
if (SearchThreadHandle)
{
SetCursor(LoadCursor(NULL, IDC_WAIT));
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, TRUE);
return TRUE;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDOK:
{
// Don't continue if the user requested cancellation.
if (SearchStop)
break;
if (!SearchThreadHandle)
{
ULONG i;
PhMoveReference(&SearchString, PhGetWindowText(GetDlgItem(hwndDlg, IDC_FILTER)));
if (SearchRegexCompiledExpression)
{
pcre2_code_free(SearchRegexCompiledExpression);
SearchRegexCompiledExpression = NULL;
}
if (SearchRegexMatchData)
{
pcre2_match_data_free(SearchRegexMatchData);
SearchRegexMatchData = NULL;
}
if (Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED)
{
int errorCode;
PCRE2_SIZE errorOffset;
SearchRegexCompiledExpression = pcre2_compile(
SearchString->Buffer,
SearchString->Length / sizeof(WCHAR),
PCRE2_CASELESS | PCRE2_DOTALL,
&errorCode,
&errorOffset,
NULL
);
if (!SearchRegexCompiledExpression)
{
PhShowError(hwndDlg, L"Unable to compile the regular expression: \"%s\" at position %zu.",
PhGetStringOrDefault(PH_AUTO(PhPcre2GetErrorMessage(errorCode)), L"Unknown error"),
errorOffset
);
break;
}
SearchRegexMatchData = pcre2_match_data_create_from_pattern(SearchRegexCompiledExpression, NULL);
}
// Clean up previous results.
ListView_DeleteAllItems(PhFindObjectsListViewHandle);
if (SearchResults)
{
for (i = 0; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
PhDereferenceObject(searchResult->TypeName);
PhDereferenceObject(searchResult->Name);
if (searchResult->ProcessName)
PhDereferenceObject(searchResult->ProcessName);
PhFree(searchResult);
}
PhDereferenceObject(SearchResults);
}
// Start the search.
SearchResults = PhCreateList(128);
SearchResultsAddIndex = 0;
SearchThreadHandle = PhCreateThread(0, PhpFindObjectsThreadStart, NULL);
if (!SearchThreadHandle)
{
PhClearReference(&SearchResults);
break;
}
SetDlgItemText(hwndDlg, IDOK, L"Cancel");
SetCursor(LoadCursor(NULL, IDC_WAIT));
}
else
{
SearchStop = TRUE;
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
}
break;
case IDCANCEL:
{
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
}
break;
case ID_OBJECT_CLOSE:
{
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
ULONG i;
PhGetSelectedListViewItemParams(
PhFindObjectsListViewHandle,
&results,
&numberOfResults
);
if (numberOfResults != 0 && PhShowConfirmMessage(
hwndDlg,
L"close",
numberOfResults == 1 ? L"the selected handle" : L"the selected handles",
L"Closing handles may cause system instability and data corruption.",
FALSE
))
{
for (i = 0; i < numberOfResults; i++)
{
NTSTATUS status;
HANDLE processHandle;
if (results[i]->ResultType != HandleSearchResult)
continue;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_DUP_HANDLE,
results[i]->ProcessId
)))
{
if (NT_SUCCESS(status = PhDuplicateObject(
processHandle,
results[i]->Handle,
NULL,
NULL,
0,
0,
DUPLICATE_CLOSE_SOURCE
)))
{
PhRemoveListViewItem(PhFindObjectsListViewHandle,
PhFindListViewItemByParam(PhFindObjectsListViewHandle, 0, results[i]));
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
{
if (!PhShowContinueStatus(hwndDlg,
PhaFormatString(L"Unable to close \"%s\"", results[i]->Name->Buffer)->Buffer,
status,
0
))
break;
}
}
}
PhFree(results);
}
break;
case ID_HANDLE_OBJECTPROPERTIES1:
case ID_HANDLE_OBJECTPROPERTIES2:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PH_HANDLE_ITEM_INFO info;
info.ProcessId = result->ProcessId;
info.Handle = result->Handle;
info.TypeName = result->TypeName;
info.BestObjectName = result->Name;
if (LOWORD(wParam) == ID_HANDLE_OBJECTPROPERTIES1)
PhShowHandleObjectProperties1(hwndDlg, &info);
else
PhShowHandleObjectProperties2(hwndDlg, &info);
}
}
break;
case ID_OBJECT_GOTOOWNINGPROCESS:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PPH_PROCESS_NODE processNode;
if (processNode = PhFindProcessNode(result->ProcessId))
{
ProcessHacker_SelectTabPage(PhMainWndHandle, 0);
ProcessHacker_SelectProcessNode(PhMainWndHandle, processNode);
ProcessHacker_ToggleVisible(PhMainWndHandle, TRUE);
}
}
}
break;
case ID_OBJECT_PROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
if (result->ResultType == HandleSearchResult)
{
PPH_HANDLE_ITEM handleItem;
handleItem = PhCreateHandleItem(&result->Info);
handleItem->BestObjectName = handleItem->ObjectName = result->Name;
PhReferenceObjectEx(result->Name, 2);
handleItem->TypeName = result->TypeName;
PhReferenceObject(result->TypeName);
PhShowHandleProperties(
hwndDlg,
result->ProcessId,
handleItem
);
PhDereferenceObject(handleItem);
}
else
{
// DLL or Mapped File. Just show file properties.
PhShellProperties(hwndDlg, result->Name->Buffer);
}
}
}
break;
case ID_OBJECT_COPY:
{
PhCopyListView(PhFindObjectsListViewHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_PROPERTIES, 0);
}
}
break;
case LVN_KEYDOWN:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
LPNMLVKEYDOWN keyDown = (LPNMLVKEYDOWN)header;
switch (keyDown->wVKey)
{
case 'C':
if (GetKeyState(VK_CONTROL) < 0)
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_COPY, 0);
break;
case 'A':
if (GetKeyState(VK_CONTROL) < 0)
PhSetStateAllListViewItems(PhFindObjectsListViewHandle, LVIS_SELECTED, LVIS_SELECTED);
break;
case VK_DELETE:
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_CLOSE, 0);
break;
}
}
}
break;
}
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == PhFindObjectsListViewHandle)
{
POINT point;
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
PhGetSelectedListViewItemParams(PhFindObjectsListViewHandle, &results, &numberOfResults);
if (numberOfResults != 0)
{
PPH_EMENU menu;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_FINDOBJ), 0);
PhSetFlagsEMenuItem(menu, ID_OBJECT_PROPERTIES, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT);
PhpInitializeFindObjMenu(menu, results, numberOfResults);
PhShowEMenu(
menu,
hwndDlg,
PH_EMENU_SHOW_SEND_COMMAND | PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
point.x,
point.y
);
PhDestroyEMenu(menu);
}
PhFree(results);
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_SEARCH_UPDATE:
{
HWND lvHandle;
ULONG i;
lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
ExtendedListView_SetRedraw(lvHandle, FALSE);
PhAcquireQueuedLockExclusive(&SearchResultsLock);
for (i = SearchResultsAddIndex; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
CLIENT_ID clientId;
PPH_PROCESS_ITEM processItem;
PPH_STRING clientIdName;
INT lvItemIndex;
clientId.UniqueProcess = searchResult->ProcessId;
clientId.UniqueThread = NULL;
processItem = PhReferenceProcessItem(clientId.UniqueProcess);
clientIdName = PhGetClientIdNameEx(&clientId, processItem ? processItem->ProcessName : NULL);
lvItemIndex = PhAddListViewItem(
lvHandle,
MAXINT,
clientIdName->Buffer,
searchResult
);
PhDereferenceObject(clientIdName);
if (processItem)
{
PhSetReference(&searchResult->ProcessName, processItem->ProcessName);
PhDereferenceObject(processItem);
}
else
{
searchResult->ProcessName = NULL;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, searchResult->TypeName->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, searchResult->Name->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, searchResult->HandleString);
}
SearchResultsAddIndex = i;
PhReleaseQueuedLockExclusive(&SearchResultsLock);
ExtendedListView_SetRedraw(lvHandle, TRUE);
}
break;
case WM_PH_SEARCH_FINISHED:
{
NTSTATUS handleSearchStatus = (NTSTATUS)wParam;
// Add any un-added items.
SendMessage(hwndDlg, WM_PH_SEARCH_UPDATE, 0, 0);
NtWaitForSingleObject(SearchThreadHandle, FALSE, NULL);
NtClose(SearchThreadHandle);
SearchThreadHandle = NULL;
SearchStop = FALSE;
ExtendedListView_SortItems(GetDlgItem(hwndDlg, IDC_RESULTS));
SetDlgItemText(hwndDlg, IDOK, L"Find");
EnableWindow(GetDlgItem(hwndDlg, IDOK), TRUE);
SetCursor(LoadCursor(NULL, IDC_ARROW));
if (handleSearchStatus == STATUS_INSUFFICIENT_RESOURCES)
{
PhShowWarning(
hwndDlg,
L"Unable to search for handles because the total number of handles on the system is too large. "
L"Please check if there are any processes with an extremely large number of handles open."
);
}
}
break;
}
return FALSE;
}
BOOLEAN DbgEventsCreate(
_Inout_ PPH_DBGEVENTS_CONTEXT Context,
_In_ BOOLEAN GlobalEvents
)
{
if (GlobalEvents)
{
if (!(Context->GlobalBufferReadyEvent = CreateEvent(&Context->SecurityAttributes, FALSE, FALSE, L"Global\\" DBWIN_BUFFER_READY)))
{
DbgShowErrorMessage(Context, L"DBWIN_BUFFER_READY");
return FALSE;
}
if (!(Context->GlobalDataReadyEvent = CreateEvent(&Context->SecurityAttributes, FALSE, FALSE, L"Global\\" DBWIN_DATA_READY)))
{
DbgShowErrorMessage(Context, L"DBWIN_DATA_READY");
return FALSE;
}
if (!(Context->GlobalDataBufferHandle = CreateFileMapping(INVALID_HANDLE_VALUE, &Context->SecurityAttributes, PAGE_READWRITE, 0, PAGE_SIZE, L"Global\\" DBWIN_BUFFER)))
{
DbgShowErrorMessage(Context, L"DBWIN_BUFFER");
return FALSE;
}
if (!(Context->GlobalDebugBuffer = MapViewOfFile(Context->GlobalDataBufferHandle, SECTION_MAP_READ, 0, 0, sizeof(DBWIN_PAGE_BUFFER))))
{
DbgShowErrorMessage(Context, L"MapViewOfFile");
return FALSE;
}
else
{
HANDLE threadHandle = NULL;
Context->CaptureGlobalEnabled = TRUE;
if (threadHandle = PhCreateThread(0, DbgEventsGlobalThread, Context))
NtClose(threadHandle);
}
}
else
{
HANDLE threadHandle = NULL;
if (!(Context->LocalBufferReadyEvent = CreateEvent(&Context->SecurityAttributes, FALSE, FALSE, L"Local\\" DBWIN_BUFFER_READY)))
{
DbgShowErrorMessage(Context, L"DBWIN_BUFFER_READY");
return FALSE;
}
if (!(Context->LocalDataReadyEvent = CreateEvent(&Context->SecurityAttributes, FALSE, FALSE, L"Local\\" DBWIN_DATA_READY)))
{
DbgShowErrorMessage(Context, L"DBWIN_DATA_READY");
return FALSE;
}
if (!(Context->LocalDataBufferHandle = CreateFileMapping(INVALID_HANDLE_VALUE, &Context->SecurityAttributes, PAGE_READWRITE, 0, PAGE_SIZE, L"Local\\" DBWIN_BUFFER)))
{
DbgShowErrorMessage(Context, L"DBWIN_BUFFER");
return FALSE;
}
if (!(Context->LocalDebugBuffer = MapViewOfFile(Context->LocalDataBufferHandle, SECTION_MAP_READ, 0, 0, sizeof(DBWIN_PAGE_BUFFER))))
{
DbgShowErrorMessage(Context, L"MapViewOfFile");
return FALSE;
}
else
{
HANDLE threadHandle = NULL;
Context->CaptureLocalEnabled = TRUE;
if (threadHandle = PhCreateThread(0, DbgEventsLocalThread, Context))
NtClose(threadHandle);
}
}
return TRUE;
}
INT_PTR CALLBACK PhpOptionsAdvancedDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PhpPageInit(hwndDlg);
PhpAdvancedPageLoad(hwndDlg);
if (PhStartupParameters.ShowOptions)
{
// Disable all controls except for Replace Task Manager.
EnableWindow(GetDlgItem(hwndDlg, IDC_ENABLEWARNINGS), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_ENABLEKERNELMODEDRIVER), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_HIDEUNNAMEDHANDLES), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_ENABLESTAGE2), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_ENABLENETWORKRESOLVE), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_PROPAGATECPUUSAGE), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_ENABLEINSTANTTOOLTIPS), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_ENABLECYCLECPUUSAGE), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_SAMPLECOUNTLABEL), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_SAMPLECOUNT), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_SAMPLECOUNTAUTOMATIC), FALSE);
}
else
{
if (WindowsVersion < WINDOWS_7)
EnableWindow(GetDlgItem(hwndDlg, IDC_ENABLECYCLECPUUSAGE), FALSE); // cycle-based CPU usage not available before Windows 7
}
}
break;
case WM_DESTROY:
{
PhClearReference(&OldTaskMgrDebugger);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_CHANGE:
{
HANDLE threadHandle;
RECT windowRect;
// Save the options so they don't get "overwritten" when
// WM_PH_CHILD_EXIT gets sent.
PhpAdvancedPageSave(hwndDlg);
GetWindowRect(GetParent(hwndDlg), &windowRect);
WindowHandleForElevate = hwndDlg;
threadHandle = PhCreateThread(0, PhpElevateAdvancedThreadStart, PhFormatString(
L"-showoptions -hwnd %Ix -point %u,%u",
(ULONG_PTR)GetParent(hwndDlg),
windowRect.left + 20,
windowRect.top + 20
));
if (threadHandle)
NtClose(threadHandle);
}
break;
case IDC_SAMPLECOUNTAUTOMATIC:
{
EnableWindow(GetDlgItem(hwndDlg, IDC_SAMPLECOUNT), Button_GetCheck(GetDlgItem(hwndDlg, IDC_SAMPLECOUNTAUTOMATIC)) != BST_CHECKED);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_APPLY:
{
PhpAdvancedPageSave(hwndDlg);
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_NOERROR);
}
return TRUE;
}
}
break;
case WM_PH_CHILD_EXIT:
{
PhpAdvancedPageLoad(hwndDlg);
}
break;
}
return FALSE;
}
