LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ IntegerSettingType, SETTING_NAME_AUTO_CHECK, L"1" },
{ StringSettingType, SETTING_NAME_LAST_CHECK, L"0" }
};
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Update Checker";
info->Author = L"dmex";
info->Description = L"Plugin for checking new Process Hacker releases via the Help menu.";
info->Url = L"http://processhacker.sf.net/forums/viewtopic.php?t=1121";
info->HasOptions = TRUE;
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainWindowShowing),
MainWindowShowingCallback,
NULL,
&MainWindowShowingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhAddSettings(settings, ARRAYSIZE(settings));
}
break;
}
return TRUE;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"ProcessHacker.OnlineChecks", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Online Checks";
info->Author = L"wj32";
info->Description = L"Allows files to be checked with online services.";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessMenuInitializing),
ProcessMenuInitializingCallback,
NULL,
&ProcessMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackModuleMenuInitializing),
ModuleMenuInitializingCallback,
NULL,
&ModuleMenuInitializingCallbackRegistration
);
}
break;
}
return TRUE;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
if (Reason == DLL_PROCESS_ATTACH)
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"Wj32.AvgCpuPlugin", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Average CPU plugin";
info->Description = L"Adds a column to display average CPU times.";
info->Author = L"wj32";
PhRegisterCallback(PhGetPluginCallback(PluginInstance, PluginCallbackTreeNewMessage),
TreeNewMessageCallback, NULL, &TreeNewMessageCallbackRegistration);
PhRegisterCallback(PhGetGeneralCallback(GeneralCallbackProcessTreeNewInitializing),
ProcessTreeNewInitializingCallback, NULL, &ProcessTreeNewInitializingCallbackRegistration);
PhRegisterCallback(&PhProcessAddedEvent, ProcessAddedHandler, NULL, &ProcessAddedCallbackRegistration);
PhRegisterCallback(&PhProcessRemovedEvent, ProcessRemovedHandler, NULL, &ProcessRemovedCallbackRegistration);
PhRegisterCallback(&PhProcessesUpdatedEvent, ProcessesUpdatedHandler, NULL, &ProcessesUpdatedCallbackRegistration);
PhPluginSetObjectExtension(PluginInstance, EmProcessItemType, sizeof(PROCESS_EXTENSION),
ProcessItemCreateCallback, NULL);
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ IntegerPairSettingType, SETTING_NAME_WINDOW_POSITION, L"100,100" },
{ ScalableIntegerPairSettingType, SETTING_NAME_WINDOW_SIZE, L"@96|490,340" },
{ StringSettingType, SETTING_NAME_LISTVIEW_COLUMNS, L"" }
};
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Boot Entries Plugin";
info->Author = L"dmex";
info->Description = L"Plugin for viewing native Boot Entries via the Tools menu.";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhAddSettings(settings, ARRAYSIZE(settings));
}
break;
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
if (Reason == DLL_PROCESS_ATTACH)
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"wj32.SetCriticalPlugin", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Set process critical status";
info->Description = L"Adds Miscellaneous > Critical menu item.";
info->Author = L"wj32";
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&MenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessMenuInitializing),
ProcessMenuInitializingCallback,
NULL,
&ProcessMenuInitializingCallbackRegistration
);
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ IntegerPairSettingType, SETTING_NAME_TRACERT_WINDOW_POSITION, L"0,0" },
{ IntegerPairSettingType, SETTING_NAME_TRACERT_WINDOW_SIZE, L"600,365" },
{ IntegerPairSettingType, SETTING_NAME_PING_WINDOW_POSITION, L"0,0" },
{ IntegerPairSettingType, SETTING_NAME_PING_WINDOW_SIZE, L"420,250" },
{ IntegerSettingType, SETTING_NAME_PING_TIMEOUT, L"3e8" } // 1000 timeout.
};
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Network Tools";
info->Author = L"dmex, wj32";
info->Description = L"Provides ping, traceroute and whois for network connections.";
info->Url = L"http://processhacker.sf.net/forums/viewtopic.php?t=1117";
info->HasOptions = TRUE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackNetworkMenuInitializing),
NetworkMenuInitializingCallback,
NULL,
&NetworkMenuInitializingCallbackRegistration
);
PhAddSettings(settings, ARRAYSIZE(settings));
}
break;
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ StringSettingType, SETTING_NAME_PERFMON_LIST, L"" }
};
PluginInstance = PhRegisterPlugin(SETTING_PREFIX, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Performance Monitor Counters";
info->Author = L"dmex";
info->Description = L"Plugin for adding Performance Counters to the System Information window.";
info->HasOptions = TRUE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackSystemInformationInitializing),
SystemInformationInitializingCallback,
NULL,
&SystemInformationInitializingCallbackRegistration
);
PhAddSettings(settings, _countof(settings));
}
break;
}
return TRUE;
}
static BOOLEAN NTAPI PhpWalkThreadStackCallback(
_In_ PPH_THREAD_STACK_FRAME StackFrame,
_In_opt_ PVOID Context
)
{
PTHREAD_STACK_CONTEXT threadStackContext = (PTHREAD_STACK_CONTEXT)Context;
PPH_STRING symbol;
PTHREAD_STACK_ITEM item;
if (threadStackContext->StopWalk)
return FALSE;
PhAcquireQueuedLockExclusive(&threadStackContext->StatusLock);
PhMoveReference(&threadStackContext->StatusMessage,
PhFormatString(L"Processing frame %u...", threadStackContext->NewList->Count));
PhReleaseQueuedLockExclusive(&threadStackContext->StatusLock);
PostMessage(threadStackContext->ProgressWindowHandle, WM_PH_STATUS_UPDATE, 0, 0);
symbol = PhGetSymbolFromAddress(
threadStackContext->SymbolProvider,
(ULONG64)StackFrame->PcAddress,
NULL,
NULL,
NULL,
NULL
);
if (symbol &&
(StackFrame->Flags & PH_THREAD_STACK_FRAME_I386) &&
!(StackFrame->Flags & PH_THREAD_STACK_FRAME_FPO_DATA_PRESENT))
{
PhMoveReference(&symbol, PhConcatStrings2(symbol->Buffer, L" (No unwind info)"));
}
item = PhAllocate(sizeof(THREAD_STACK_ITEM));
item->StackFrame = *StackFrame;
item->Index = threadStackContext->NewList->Count;
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackResolveSymbol;
control.UniqueKey = threadStackContext;
control.u.ResolveSymbol.StackFrame = StackFrame;
control.u.ResolveSymbol.Symbol = symbol;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
symbol = control.u.ResolveSymbol.Symbol;
}
item->Symbol = symbol;
PhAddItemList(threadStackContext->NewList, item);
return TRUE;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"ProcessHacker.UpdateChecker", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Update Checker";
info->Author = L"dmex";
info->Description = L"Plugin for checking new Process Hacker releases via the Help menu.";
info->HasOptions = TRUE;
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainWindowShowing),
MainWindowShowingCallback,
NULL,
&MainWindowShowingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
{
PH_SETTING_CREATE settings[] =
{
{ IntegerSettingType, SETTING_AUTO_CHECK, L"1" },
};
PhAddSettings(settings, _countof(settings));
}
}
break;
}
return TRUE;
}
static NTSTATUS PhpRefreshThreadStackThreadStart(
_In_ PVOID Parameter
)
{
NTSTATUS status;
PTHREAD_STACK_CONTEXT threadStackContext = Parameter;
CLIENT_ID clientId;
BOOLEAN defaultWalk;
clientId.UniqueProcess = threadStackContext->ProcessId;
clientId.UniqueThread = threadStackContext->ThreadId;
defaultWalk = TRUE;
if (threadStackContext->CustomWalk)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackWalkStack;
control.UniqueKey = threadStackContext;
control.u.WalkStack.Status = STATUS_UNSUCCESSFUL;
control.u.WalkStack.ThreadHandle = threadStackContext->ThreadHandle;
control.u.WalkStack.ProcessHandle = threadStackContext->SymbolProvider->ProcessHandle;
control.u.WalkStack.ClientId = &clientId;
control.u.WalkStack.Flags = PH_WALK_I386_STACK | PH_WALK_AMD64_STACK | PH_WALK_KERNEL_STACK;
control.u.WalkStack.Callback = PhpWalkThreadStackCallback;
control.u.WalkStack.CallbackContext = threadStackContext;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
status = control.u.WalkStack.Status;
if (NT_SUCCESS(status))
defaultWalk = FALSE;
}
if (defaultWalk)
{
status = PhWalkThreadStack(
threadStackContext->ThreadHandle,
threadStackContext->SymbolProvider->ProcessHandle,
&clientId,
PH_WALK_I386_STACK | PH_WALK_AMD64_STACK | PH_WALK_KERNEL_STACK,
PhpWalkThreadStackCallback,
threadStackContext
);
}
if (threadStackContext->NewList->Count != 0)
status = STATUS_SUCCESS;
threadStackContext->WalkStatus = status;
PostMessage(threadStackContext->ProgressWindowHandle, WM_PH_COMPLETED, 0, 0);
return STATUS_SUCCESS;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"ProcessHacker.NetworkTools", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Network Tools";
info->Author = L"wj32";
info->Description = L"Provides ping, traceroute and whois for network connections.";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackNetworkMenuInitializing),
NetworkMenuInitializingCallback,
NULL,
&NetworkMenuInitializingCallbackRegistration
);
}
break;
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ IntegerPairSettingType, SETTING_NAME_WINDOW_POSITION, L"350,350" },
{ IntegerPairSettingType, SETTING_NAME_WINDOW_SIZE, L"510,380" },
{ StringSettingType, SETTING_NAME_COLUMNS, L"" },
{ IntegerSettingType, SETTING_NAME_ALWAYSONTOP, L"0" },
{ IntegerSettingType, SETTING_NAME_AUTOSCROLL, L"1" },
{ IntegerSettingType, SETTING_NAME_MAX_ENTRIES, L"2048" }
};
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Debug View";
info->Author = L"dmex";
info->Description = L"Plugin for viewing Win32 debug output via the Tools menu.";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhAddSettings(settings, ARRAYSIZE(settings));
}
break;
}
return TRUE;
}
VOID PhpRefreshProcessMemoryList(
_In_ HWND hwndDlg,
_In_ PPH_PROCESS_PROPPAGECONTEXT PropPageContext
)
{
PPH_MEMORY_CONTEXT memoryContext = PropPageContext->Context;
if (memoryContext->MemoryItemListValid)
{
PhDeleteMemoryItemList(&memoryContext->MemoryItemList);
memoryContext->MemoryItemListValid = FALSE;
}
memoryContext->LastRunStatus = PhQueryMemoryItemList(
memoryContext->ProcessId,
PH_QUERY_MEMORY_REGION_TYPE | PH_QUERY_MEMORY_WS_COUNTERS,
&memoryContext->MemoryItemList
);
if (NT_SUCCESS(memoryContext->LastRunStatus))
{
if (PhPluginsEnabled)
{
PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL control;
control.Type = PluginMemoryItemListInitialized;
control.u.Initialized.List = &memoryContext->MemoryItemList;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackMemoryItemListControl), &control);
}
memoryContext->MemoryItemListValid = TRUE;
TreeNew_SetEmptyText(memoryContext->ListContext.TreeNewHandle, &EmptyMemoryText, 0);
PhReplaceMemoryList(&memoryContext->ListContext, &memoryContext->MemoryItemList);
}
else
{
PPH_STRING message;
message = PhGetStatusMessage(memoryContext->LastRunStatus, 0);
PhMoveReference(&memoryContext->ErrorMessage, PhFormatString(L"Unable to query memory information:\n%s", PhGetStringOrDefault(message, L"Unknown error.")));
PhClearReference(&message);
TreeNew_SetEmptyText(memoryContext->ListContext.TreeNewHandle, &memoryContext->ErrorMessage->sr, 0);
PhReplaceMemoryList(&memoryContext->ListContext, NULL);
}
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"ProcessHacker.SecurityExplorer", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Security Explorer";
info->Author = L"wj32";
info->Description = L"Manages LSA and SAM objects.";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainWindowShowing),
MainWindowShowingCallback,
NULL,
&MainWindowShowingCallbackRegistration
);
}
break;
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
if (Reason == DLL_PROCESS_ATTACH)
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Live Kernel Dump Plugin";
info->Author = L"dmex";
info->Description = L"Create live kernel dumps via the Tools menu > 'Live Kernel Dump' menu.";
info->Url = L"";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&MenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ IntegerSettingType, SETTING_NAME_VIRUSTOTAL_SCAN_ENABLED, L"0" },
{ IntegerSettingType, SETTING_NAME_VIRUSTOTAL_HIGHLIGHT_DETECTIONS, L"0" },
{ IntegerSettingType, SETTING_NAME_VIRUSTOTAL_DEFAULT_ACTION, L"0" }
};
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Online Checks";
info->Author = L"dmex, wj32";
info->Description = L"Allows files to be checked with online services.";
info->Url = L"https://wj32.org/processhacker/forums/viewtopic.php?t=1118";
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackOptionsWindowInitializing),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessMenuInitializing),
ProcessMenuInitializingCallback,
NULL,
&ProcessMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackModuleMenuInitializing),
ModuleMenuInitializingCallback,
NULL,
&ModuleMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackServiceMenuInitializing),
ServiceMenuInitializingCallback,
NULL,
&ServiceMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessesUpdated),
ProcessesUpdatedCallback,
NULL,
&ProcessesUpdatedCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackGetProcessHighlightingColor),
ProcessHighlightingColorCallback,
NULL,
&ProcessHighlightingColorCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessTreeNewInitializing),
ProcessTreeNewInitializingCallback,
NULL,
&ProcessTreeNewInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackModuleTreeNewInitializing),
ModuleTreeNewInitializingCallback,
NULL,
&ModulesTreeNewInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackServiceTreeNewInitializing),
ServiceTreeNewInitializingCallback,
NULL,
&ServiceTreeNewInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackTreeNewMessage),
TreeNewMessageCallback,
NULL,
&TreeNewMessageCallbackRegistration
);
PhPluginSetObjectExtension(
PluginInstance,
EmProcessItemType,
sizeof(PROCESS_EXTENSION),
ProcessItemCreateCallback,
ProcessItemDeleteCallback
);
PhPluginSetObjectExtension(
PluginInstance,
EmModuleItemType,
sizeof(PROCESS_EXTENSION),
ModuleItemCreateCallback,
ModuleItemDeleteCallback
);
PhPluginSetObjectExtension(
PluginInstance,
EmServiceItemType,
sizeof(PROCESS_EXTENSION),
ServiceItemCreateCallback,
ServiceItemDeleteCallback
);
PhAddSettings(settings, ARRAYSIZE(settings));
}
break;
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Extended Notifications";
info->Author = L"wj32";
info->Description = L"Filters notifications.";
info->Url = L"https://wj32.org/processhacker/forums/viewtopic.php?t=1112";
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackOptionsWindowInitializing),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackNotifyEvent),
NotifyEventCallback,
NULL,
&NotifyEventCallbackRegistration
);
{
static PH_SETTING_CREATE settings[] =
{
{ IntegerSettingType, SETTING_NAME_ENABLE_GROWL, L"0" },
{ StringSettingType, SETTING_NAME_LOG_FILENAME, L"" },
{ StringSettingType, SETTING_NAME_PROCESS_LIST, L"\\i*" },
{ StringSettingType, SETTING_NAME_SERVICE_LIST, L"\\i*" }
};
PhAddSettings(settings, sizeof(settings) / sizeof(PH_SETTING_CREATE));
}
ProcessFilterList = PhCreateList(10);
ServiceFilterList = PhCreateList(10);
}
break;
}
return TRUE;
}
INT_PTR CALLBACK PhpProcessMemoryDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
LPPROPSHEETPAGE propSheetPage;
PPH_PROCESS_PROPPAGECONTEXT propPageContext;
PPH_PROCESS_ITEM processItem;
PPH_MEMORY_CONTEXT memoryContext;
HWND tnHandle;
if (PhpPropPageDlgProcHeader(hwndDlg, uMsg, lParam,
&propSheetPage, &propPageContext, &processItem))
{
memoryContext = (PPH_MEMORY_CONTEXT)propPageContext->Context;
if (memoryContext)
tnHandle = memoryContext->ListContext.TreeNewHandle;
}
else
{
return FALSE;
}
switch (uMsg)
{
case WM_INITDIALOG:
{
memoryContext = propPageContext->Context =
PhAllocate(PhEmGetObjectSize(EmMemoryContextType, sizeof(PH_MEMORY_CONTEXT)));
memset(memoryContext, 0, sizeof(PH_MEMORY_CONTEXT));
memoryContext->ProcessId = processItem->ProcessId;
// Initialize the list.
tnHandle = GetDlgItem(hwndDlg, IDC_LIST);
BringWindowToTop(tnHandle);
PhInitializeMemoryList(hwndDlg, tnHandle, &memoryContext->ListContext);
TreeNew_SetEmptyText(tnHandle, &PhpLoadingText, 0);
memoryContext->LastRunStatus = -1;
memoryContext->ErrorMessage = NULL;
PhEmCallObjectOperation(EmMemoryContextType, memoryContext, EmObjectCreate);
if (PhPluginsEnabled)
{
PH_PLUGIN_TREENEW_INFORMATION treeNewInfo;
treeNewInfo.TreeNewHandle = tnHandle;
treeNewInfo.CmData = &memoryContext->ListContext.Cm;
treeNewInfo.SystemContext = memoryContext;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackMemoryTreeNewInitializing), &treeNewInfo);
}
PhLoadSettingsMemoryList(&memoryContext->ListContext);
PhSetOptionsMemoryList(&memoryContext->ListContext, TRUE);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_HIDEFREEREGIONS),
memoryContext->ListContext.HideFreeRegions ? BST_CHECKED : BST_UNCHECKED);
PhpRefreshProcessMemoryList(hwndDlg, propPageContext);
}
break;
case WM_DESTROY:
{
PhEmCallObjectOperation(EmMemoryContextType, memoryContext, EmObjectDelete);
if (PhPluginsEnabled)
{
PH_PLUGIN_TREENEW_INFORMATION treeNewInfo;
treeNewInfo.TreeNewHandle = tnHandle;
treeNewInfo.CmData = &memoryContext->ListContext.Cm;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackMemoryTreeNewUninitializing), &treeNewInfo);
}
PhSaveSettingsMemoryList(&memoryContext->ListContext);
PhDeleteMemoryList(&memoryContext->ListContext);
if (memoryContext->MemoryItemListValid)
PhDeleteMemoryItemList(&memoryContext->MemoryItemList);
PhClearReference(&memoryContext->ErrorMessage);
PhFree(memoryContext);
PhpPropPageDlgProcDestroy(hwndDlg);
}
break;
case WM_SHOWWINDOW:
{
if (!propPageContext->LayoutInitialized)
{
PPH_LAYOUT_ITEM dialogItem;
dialogItem = PhAddPropPageLayoutItem(hwndDlg, hwndDlg,
PH_PROP_PAGE_TAB_CONTROL_PARENT, PH_ANCHOR_ALL);
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, IDC_STRINGS),
dialogItem, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, IDC_REFRESH),
dialogItem, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddPropPageLayoutItem(hwndDlg, memoryContext->ListContext.TreeNewHandle,
dialogItem, PH_ANCHOR_ALL);
PhDoPropPageLayout(hwndDlg);
propPageContext->LayoutInitialized = TRUE;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case ID_SHOWCONTEXTMENU:
{
PhShowMemoryContextMenu(hwndDlg, processItem, memoryContext, (PPH_TREENEW_CONTEXT_MENU)lParam);
}
break;
case ID_MEMORY_READWRITEMEMORY:
{
PPH_MEMORY_NODE memoryNode = PhGetSelectedMemoryNode(&memoryContext->ListContext);
if (memoryNode && !memoryNode->IsAllocationBase)
{
if (memoryNode->MemoryItem->State & MEM_COMMIT)
{
PPH_SHOWMEMORYEDITOR showMemoryEditor = PhAllocate(sizeof(PH_SHOWMEMORYEDITOR));
memset(showMemoryEditor, 0, sizeof(PH_SHOWMEMORYEDITOR));
showMemoryEditor->ProcessId = processItem->ProcessId;
showMemoryEditor->BaseAddress = memoryNode->MemoryItem->BaseAddress;
showMemoryEditor->RegionSize = memoryNode->MemoryItem->RegionSize;
showMemoryEditor->SelectOffset = -1;
showMemoryEditor->SelectLength = 0;
ProcessHacker_ShowMemoryEditor(PhMainWndHandle, showMemoryEditor);
}
else
{
PhShowError(hwndDlg, L"Unable to edit the memory region because it is not committed.");
}
}
}
break;
case ID_MEMORY_SAVE:
{
NTSTATUS status;
HANDLE processHandle;
PPH_MEMORY_NODE *memoryNodes;
ULONG numberOfMemoryNodes;
if (!NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_VM_READ,
processItem->ProcessId
)))
{
PhShowStatus(hwndDlg, L"Unable to open the process", status, 0);
break;
}
PhGetSelectedMemoryNodes(&memoryContext->ListContext, &memoryNodes, &numberOfMemoryNodes);
if (numberOfMemoryNodes != 0)
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Binary files (*.bin)", L"*.bin" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, PhaConcatStrings2(processItem->ProcessName->Buffer, L".bin")->Buffer);
if (PhShowFileDialog(hwndDlg, fileDialog))
{
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
PVOID buffer;
ULONG i;
ULONG_PTR offset;
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
buffer = PhAllocatePage(PAGE_SIZE, NULL);
// Go through each selected memory item and append the region contents
// to the file.
for (i = 0; i < numberOfMemoryNodes; i++)
{
PPH_MEMORY_NODE memoryNode = memoryNodes[i];
PPH_MEMORY_ITEM memoryItem = memoryNode->MemoryItem;
if (!memoryNode->IsAllocationBase && !(memoryItem->State & MEM_COMMIT))
continue;
for (offset = 0; offset < memoryItem->RegionSize; offset += PAGE_SIZE)
{
if (NT_SUCCESS(NtReadVirtualMemory(
processHandle,
PTR_ADD_OFFSET(memoryItem->BaseAddress, offset),
buffer,
PAGE_SIZE,
NULL
)))
{
PhWriteFileStream(fileStream, buffer, PAGE_SIZE);
}
}
}
PhFreePage(buffer);
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
PhFree(memoryNodes);
NtClose(processHandle);
}
break;
case ID_MEMORY_CHANGEPROTECTION:
{
PPH_MEMORY_NODE memoryNode = PhGetSelectedMemoryNode(&memoryContext->ListContext);
if (memoryNode)
{
PhReferenceObject(memoryNode->MemoryItem);
PhShowMemoryProtectDialog(hwndDlg, processItem, memoryNode->MemoryItem);
PhUpdateMemoryNode(&memoryContext->ListContext, memoryNode);
PhDereferenceObject(memoryNode->MemoryItem);
}
}
break;
case ID_MEMORY_FREE:
{
PPH_MEMORY_NODE memoryNode = PhGetSelectedMemoryNode(&memoryContext->ListContext);
if (memoryNode)
{
PhReferenceObject(memoryNode->MemoryItem);
PhUiFreeMemory(hwndDlg, processItem->ProcessId, memoryNode->MemoryItem, TRUE);
PhDereferenceObject(memoryNode->MemoryItem);
// TODO: somehow update the list
}
}
break;
case ID_MEMORY_DECOMMIT:
{
PPH_MEMORY_NODE memoryNode = PhGetSelectedMemoryNode(&memoryContext->ListContext);
if (memoryNode)
{
PhReferenceObject(memoryNode->MemoryItem);
PhUiFreeMemory(hwndDlg, processItem->ProcessId, memoryNode->MemoryItem, FALSE);
PhDereferenceObject(memoryNode->MemoryItem);
}
}
break;
case ID_MEMORY_READWRITEADDRESS:
{
PPH_STRING selectedChoice = NULL;
if (!memoryContext->MemoryItemListValid)
break;
while (PhaChoiceDialog(
hwndDlg,
L"Read/Write Address",
L"Enter an address:",
NULL,
0,
NULL,
PH_CHOICE_DIALOG_USER_CHOICE,
&selectedChoice,
NULL,
L"MemoryReadWriteAddressChoices"
))
{
ULONG64 address64;
PVOID address;
if (selectedChoice->Length == 0)
continue;
if (PhStringToInteger64(&selectedChoice->sr, 0, &address64))
{
PPH_MEMORY_ITEM memoryItem;
address = (PVOID)address64;
memoryItem = PhLookupMemoryItemList(&memoryContext->MemoryItemList, address);
if (memoryItem)
{
PPH_SHOWMEMORYEDITOR showMemoryEditor = PhAllocate(sizeof(PH_SHOWMEMORYEDITOR));
memset(showMemoryEditor, 0, sizeof(PH_SHOWMEMORYEDITOR));
showMemoryEditor->ProcessId = processItem->ProcessId;
showMemoryEditor->BaseAddress = memoryItem->BaseAddress;
showMemoryEditor->RegionSize = memoryItem->RegionSize;
showMemoryEditor->SelectOffset = (ULONG)((ULONG_PTR)address - (ULONG_PTR)memoryItem->BaseAddress);
showMemoryEditor->SelectLength = 0;
ProcessHacker_ShowMemoryEditor(PhMainWndHandle, showMemoryEditor);
break;
}
else
{
PhShowError(hwndDlg, L"Unable to find the memory region for the selected address.");
}
}
}
}
break;
case ID_MEMORY_COPY:
{
PPH_STRING text;
text = PhGetTreeNewText(tnHandle, 0);
PhSetClipboardString(tnHandle, &text->sr);
PhDereferenceObject(text);
}
break;
case IDC_HIDEFREEREGIONS:
{
BOOLEAN hide;
hide = Button_GetCheck(GetDlgItem(hwndDlg, IDC_HIDEFREEREGIONS)) == BST_CHECKED;
PhSetOptionsMemoryList(&memoryContext->ListContext, hide);
}
break;
case IDC_STRINGS:
PhShowMemoryStringDialog(hwndDlg, processItem);
break;
case IDC_REFRESH:
PhpRefreshProcessMemoryList(hwndDlg, propPageContext);
break;
}
}
break;
}
return FALSE;
}
VOID PhShowMemoryContextMenu(
_In_ HWND hwndDlg,
_In_ PPH_PROCESS_ITEM ProcessItem,
_In_ PPH_MEMORY_CONTEXT Context,
_In_ PPH_TREENEW_CONTEXT_MENU ContextMenu
)
{
PPH_MEMORY_NODE *memoryNodes;
ULONG numberOfMemoryNodes;
PhGetSelectedMemoryNodes(&Context->ListContext, &memoryNodes, &numberOfMemoryNodes);
//if (numberOfMemoryNodes != 0)
{
PPH_EMENU menu;
PPH_EMENU_ITEM item;
PH_PLUGIN_MENU_INFORMATION menuInfo;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_MEMORY), 0);
PhSetFlagsEMenuItem(menu, ID_MEMORY_READWRITEMEMORY, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT);
PhpInitializeMemoryMenu(menu, ProcessItem->ProcessId, memoryNodes, numberOfMemoryNodes);
PhInsertCopyCellEMenuItem(menu, ID_MEMORY_COPY, Context->ListContext.TreeNewHandle, ContextMenu->Column);
if (PhPluginsEnabled)
{
PhPluginInitializeMenuInfo(&menuInfo, menu, hwndDlg, 0);
menuInfo.u.Memory.ProcessId = ProcessItem->ProcessId;
menuInfo.u.Memory.MemoryNodes = memoryNodes;
menuInfo.u.Memory.NumberOfMemoryNodes = numberOfMemoryNodes;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackMemoryMenuInitializing), &menuInfo);
}
item = PhShowEMenu(
menu,
hwndDlg,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
ContextMenu->Location.x,
ContextMenu->Location.y
);
if (item)
{
BOOLEAN handled = FALSE;
handled = PhHandleCopyCellEMenuItem(item);
if (!handled && PhPluginsEnabled)
handled = PhPluginTriggerEMenuItem(&menuInfo, item);
if (!handled)
SendMessage(hwndDlg, WM_COMMAND, item->Id, 0);
}
PhDestroyEMenu(menu);
}
PhFree(memoryNodes);
}
INT_PTR CALLBACK PhpProcessThreadsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
LPPROPSHEETPAGE propSheetPage;
PPH_PROCESS_PROPPAGECONTEXT propPageContext;
PPH_PROCESS_ITEM processItem;
PPH_THREADS_CONTEXT threadsContext;
HWND tnHandle;
if (PhpPropPageDlgProcHeader(hwndDlg, uMsg, lParam,
&propSheetPage, &propPageContext, &processItem))
{
threadsContext = (PPH_THREADS_CONTEXT)propPageContext->Context;
if (threadsContext)
tnHandle = threadsContext->ListContext.TreeNewHandle;
}
else
{
return FALSE;
}
switch (uMsg)
{
case WM_INITDIALOG:
{
threadsContext = propPageContext->Context =
PhAllocate(PhEmGetObjectSize(EmThreadsContextType, sizeof(PH_THREADS_CONTEXT)));
// The thread provider has a special registration mechanism.
threadsContext->Provider = PhCreateThreadProvider(
processItem->ProcessId
);
PhRegisterCallback(
&threadsContext->Provider->ThreadAddedEvent,
ThreadAddedHandler,
threadsContext,
&threadsContext->AddedEventRegistration
);
PhRegisterCallback(
&threadsContext->Provider->ThreadModifiedEvent,
ThreadModifiedHandler,
threadsContext,
&threadsContext->ModifiedEventRegistration
);
PhRegisterCallback(
&threadsContext->Provider->ThreadRemovedEvent,
ThreadRemovedHandler,
threadsContext,
&threadsContext->RemovedEventRegistration
);
PhRegisterCallback(
&threadsContext->Provider->UpdatedEvent,
ThreadsUpdatedHandler,
threadsContext,
&threadsContext->UpdatedEventRegistration
);
PhRegisterCallback(
&threadsContext->Provider->LoadingStateChangedEvent,
ThreadsLoadingStateChangedHandler,
threadsContext,
&threadsContext->LoadingStateChangedEventRegistration
);
threadsContext->WindowHandle = hwndDlg;
// Initialize the list.
tnHandle = GetDlgItem(hwndDlg, IDC_LIST);
BringWindowToTop(tnHandle);
PhInitializeThreadList(hwndDlg, tnHandle, &threadsContext->ListContext);
TreeNew_SetEmptyText(tnHandle, &EmptyThreadsText, 0);
PhInitializeProviderEventQueue(&threadsContext->EventQueue, 100);
// Use Cycles instead of Context Switches on Vista and above, but only when we can
// open the process, since cycle time information requires sufficient access to the
// threads.
if (WINDOWS_HAS_CYCLE_TIME)
{
HANDLE processHandle;
PROCESS_EXTENDED_BASIC_INFORMATION extendedBasicInfo;
// We make a distinction between PROCESS_QUERY_INFORMATION and PROCESS_QUERY_LIMITED_INFORMATION since
// the latter can be used when opening audiodg.exe even though we can't access its threads using
// THREAD_QUERY_LIMITED_INFORMATION.
if (processItem->ProcessId == SYSTEM_IDLE_PROCESS_ID)
{
threadsContext->ListContext.UseCycleTime = TRUE;
}
else if (NT_SUCCESS(PhOpenProcess(&processHandle, PROCESS_QUERY_INFORMATION, processItem->ProcessId)))
{
threadsContext->ListContext.UseCycleTime = TRUE;
NtClose(processHandle);
}
else if (NT_SUCCESS(PhOpenProcess(&processHandle, PROCESS_QUERY_LIMITED_INFORMATION, processItem->ProcessId)))
{
threadsContext->ListContext.UseCycleTime = TRUE;
// We can't use cycle time for protected processes (without KProcessHacker).
if (NT_SUCCESS(PhGetProcessExtendedBasicInformation(processHandle, &extendedBasicInfo)) && extendedBasicInfo.IsProtectedProcess)
{
threadsContext->ListContext.UseCycleTime = FALSE;
}
NtClose(processHandle);
}
}
if (processItem->ServiceList && processItem->ServiceList->Count != 0 && WINDOWS_HAS_SERVICE_TAGS)
threadsContext->ListContext.HasServices = TRUE;
PhEmCallObjectOperation(EmThreadsContextType, threadsContext, EmObjectCreate);
if (PhPluginsEnabled)
{
PH_PLUGIN_TREENEW_INFORMATION treeNewInfo;
treeNewInfo.TreeNewHandle = tnHandle;
treeNewInfo.CmData = &threadsContext->ListContext.Cm;
treeNewInfo.SystemContext = threadsContext;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadTreeNewInitializing), &treeNewInfo);
}
PhLoadSettingsThreadList(&threadsContext->ListContext);
PhThreadProviderInitialUpdate(threadsContext->Provider);
PhRegisterThreadProvider(threadsContext->Provider, &threadsContext->ProviderRegistration);
SET_BUTTON_ICON(IDC_OPENSTARTMODULE, PH_LOAD_SHARED_ICON_SMALL(MAKEINTRESOURCE(IDI_FOLDER)));
}
break;
case WM_DESTROY:
{
PhEmCallObjectOperation(EmThreadsContextType, threadsContext, EmObjectDelete);
PhUnregisterCallback(
&threadsContext->Provider->ThreadAddedEvent,
&threadsContext->AddedEventRegistration
);
PhUnregisterCallback(
&threadsContext->Provider->ThreadModifiedEvent,
&threadsContext->ModifiedEventRegistration
);
PhUnregisterCallback(
&threadsContext->Provider->ThreadRemovedEvent,
&threadsContext->RemovedEventRegistration
);
PhUnregisterCallback(
&threadsContext->Provider->UpdatedEvent,
&threadsContext->UpdatedEventRegistration
);
PhUnregisterCallback(
&threadsContext->Provider->LoadingStateChangedEvent,
&threadsContext->LoadingStateChangedEventRegistration
);
PhUnregisterThreadProvider(threadsContext->Provider, &threadsContext->ProviderRegistration);
PhSetTerminatingThreadProvider(threadsContext->Provider);
PhDereferenceObject(threadsContext->Provider);
PhDeleteProviderEventQueue(&threadsContext->EventQueue);
if (PhPluginsEnabled)
{
PH_PLUGIN_TREENEW_INFORMATION treeNewInfo;
treeNewInfo.TreeNewHandle = tnHandle;
treeNewInfo.CmData = &threadsContext->ListContext.Cm;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadTreeNewUninitializing), &treeNewInfo);
}
PhSaveSettingsThreadList(&threadsContext->ListContext);
PhDeleteThreadList(&threadsContext->ListContext);
PhFree(threadsContext);
PhpPropPageDlgProcDestroy(hwndDlg);
}
break;
case WM_SHOWWINDOW:
{
if (!propPageContext->LayoutInitialized)
{
PPH_LAYOUT_ITEM dialogItem;
dialogItem = PhAddPropPageLayoutItem(hwndDlg, hwndDlg,
PH_PROP_PAGE_TAB_CONTROL_PARENT, PH_ANCHOR_ALL);
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, IDC_LIST),
dialogItem, PH_ANCHOR_ALL);
#define ADD_BL_ITEM(Id) \
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, Id), dialogItem, PH_ANCHOR_LEFT | PH_ANCHOR_BOTTOM)
// Thread details area
{
ULONG id;
for (id = IDC_STATICBL1; id <= IDC_STATICBL11; id++)
ADD_BL_ITEM(id);
// Not in sequence
ADD_BL_ITEM(IDC_STATICBL12);
}
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, IDC_STARTMODULE),
dialogItem, PH_ANCHOR_LEFT | PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddPropPageLayoutItem(hwndDlg, GetDlgItem(hwndDlg, IDC_OPENSTARTMODULE),
dialogItem, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
ADD_BL_ITEM(IDC_STARTED);
ADD_BL_ITEM(IDC_KERNELTIME);
ADD_BL_ITEM(IDC_USERTIME);
ADD_BL_ITEM(IDC_CONTEXTSWITCHES);
ADD_BL_ITEM(IDC_CYCLES);
ADD_BL_ITEM(IDC_STATE);
ADD_BL_ITEM(IDC_PRIORITY);
ADD_BL_ITEM(IDC_BASEPRIORITY);
ADD_BL_ITEM(IDC_IOPRIORITY);
ADD_BL_ITEM(IDC_PAGEPRIORITY);
ADD_BL_ITEM(IDC_IDEALPROCESSOR);
PhDoPropPageLayout(hwndDlg);
propPageContext->LayoutInitialized = TRUE;
}
}
break;
case WM_COMMAND:
{
INT id = LOWORD(wParam);
switch (id)
{
case ID_SHOWCONTEXTMENU:
{
PhShowThreadContextMenu(hwndDlg, processItem, threadsContext, (PPH_TREENEW_CONTEXT_MENU)lParam);
}
break;
case ID_THREAD_INSPECT:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
if (threadItem)
{
PhReferenceObject(threadsContext->Provider);
PhShowThreadStackDialog(
hwndDlg,
threadsContext->Provider->ProcessId,
threadItem->ThreadId,
threadsContext->Provider
);
PhDereferenceObject(threadsContext->Provider);
}
}
break;
case ID_THREAD_TERMINATE:
{
PPH_THREAD_ITEM *threads;
ULONG numberOfThreads;
PhGetSelectedThreadItems(&threadsContext->ListContext, &threads, &numberOfThreads);
PhReferenceObjects(threads, numberOfThreads);
if (PhUiTerminateThreads(hwndDlg, threads, numberOfThreads))
PhDeselectAllThreadNodes(&threadsContext->ListContext);
PhDereferenceObjects(threads, numberOfThreads);
PhFree(threads);
}
break;
case ID_THREAD_SUSPEND:
{
PPH_THREAD_ITEM *threads;
ULONG numberOfThreads;
PhGetSelectedThreadItems(&threadsContext->ListContext, &threads, &numberOfThreads);
PhReferenceObjects(threads, numberOfThreads);
PhUiSuspendThreads(hwndDlg, threads, numberOfThreads);
PhDereferenceObjects(threads, numberOfThreads);
PhFree(threads);
}
break;
case ID_THREAD_RESUME:
{
PPH_THREAD_ITEM *threads;
ULONG numberOfThreads;
PhGetSelectedThreadItems(&threadsContext->ListContext, &threads, &numberOfThreads);
PhReferenceObjects(threads, numberOfThreads);
PhUiResumeThreads(hwndDlg, threads, numberOfThreads);
PhDereferenceObjects(threads, numberOfThreads);
PhFree(threads);
}
break;
case ID_THREAD_AFFINITY:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
if (threadItem)
{
PhReferenceObject(threadItem);
PhShowProcessAffinityDialog(hwndDlg, NULL, threadItem);
PhDereferenceObject(threadItem);
}
}
break;
case ID_THREAD_PERMISSIONS:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
PH_STD_OBJECT_SECURITY stdObjectSecurity;
PPH_ACCESS_ENTRY accessEntries;
ULONG numberOfAccessEntries;
if (threadItem)
{
stdObjectSecurity.OpenObject = PhpThreadPermissionsOpenThread;
stdObjectSecurity.ObjectType = L"Thread";
stdObjectSecurity.Context = threadItem->ThreadId;
if (PhGetAccessEntries(L"Thread", &accessEntries, &numberOfAccessEntries))
{
PhEditSecurity(
hwndDlg,
PhaFormatString(L"Thread %u", HandleToUlong(threadItem->ThreadId))->Buffer,
PhStdGetObjectSecurity,
PhStdSetObjectSecurity,
&stdObjectSecurity,
accessEntries,
numberOfAccessEntries
);
PhFree(accessEntries);
}
}
}
break;
case ID_THREAD_TOKEN:
{
NTSTATUS status;
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
HANDLE threadHandle;
if (threadItem)
{
if (NT_SUCCESS(status = PhOpenThread(
&threadHandle,
ThreadQueryAccess,
threadItem->ThreadId
)))
{
PhShowTokenProperties(
hwndDlg,
PhpOpenThreadTokenObject,
(PVOID)threadHandle,
NULL
);
NtClose(threadHandle);
}
else
{
PhShowStatus(hwndDlg, L"Unable to open the thread", status, 0);
}
}
}
break;
case ID_ANALYZE_WAIT:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
if (threadItem)
{
PhReferenceObject(threadsContext->Provider->SymbolProvider);
PhUiAnalyzeWaitThread(
hwndDlg,
processItem->ProcessId,
threadItem->ThreadId,
threadsContext->Provider->SymbolProvider
);
PhDereferenceObject(threadsContext->Provider->SymbolProvider);
}
}
break;
case ID_PRIORITY_TIMECRITICAL:
case ID_PRIORITY_HIGHEST:
case ID_PRIORITY_ABOVENORMAL:
case ID_PRIORITY_NORMAL:
case ID_PRIORITY_BELOWNORMAL:
case ID_PRIORITY_LOWEST:
case ID_PRIORITY_IDLE:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
if (threadItem)
{
ULONG threadPriorityWin32;
switch (id)
{
case ID_PRIORITY_TIMECRITICAL:
threadPriorityWin32 = THREAD_PRIORITY_TIME_CRITICAL;
break;
case ID_PRIORITY_HIGHEST:
threadPriorityWin32 = THREAD_PRIORITY_HIGHEST;
break;
case ID_PRIORITY_ABOVENORMAL:
threadPriorityWin32 = THREAD_PRIORITY_ABOVE_NORMAL;
break;
case ID_PRIORITY_NORMAL:
threadPriorityWin32 = THREAD_PRIORITY_NORMAL;
break;
case ID_PRIORITY_BELOWNORMAL:
threadPriorityWin32 = THREAD_PRIORITY_BELOW_NORMAL;
break;
case ID_PRIORITY_LOWEST:
threadPriorityWin32 = THREAD_PRIORITY_LOWEST;
break;
case ID_PRIORITY_IDLE:
threadPriorityWin32 = THREAD_PRIORITY_IDLE;
break;
}
PhReferenceObject(threadItem);
PhUiSetPriorityThread(hwndDlg, threadItem, threadPriorityWin32);
PhDereferenceObject(threadItem);
}
}
break;
case ID_IOPRIORITY_VERYLOW:
case ID_IOPRIORITY_LOW:
case ID_IOPRIORITY_NORMAL:
case ID_IOPRIORITY_HIGH:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
if (threadItem)
{
IO_PRIORITY_HINT ioPriority;
switch (id)
{
case ID_IOPRIORITY_VERYLOW:
ioPriority = IoPriorityVeryLow;
break;
case ID_IOPRIORITY_LOW:
ioPriority = IoPriorityLow;
break;
case ID_IOPRIORITY_NORMAL:
ioPriority = IoPriorityNormal;
break;
case ID_IOPRIORITY_HIGH:
ioPriority = IoPriorityHigh;
break;
}
PhReferenceObject(threadItem);
PhUiSetIoPriorityThread(hwndDlg, threadItem, ioPriority);
PhDereferenceObject(threadItem);
}
}
break;
case ID_PAGEPRIORITY_VERYLOW:
case ID_PAGEPRIORITY_LOW:
case ID_PAGEPRIORITY_MEDIUM:
case ID_PAGEPRIORITY_BELOWNORMAL:
case ID_PAGEPRIORITY_NORMAL:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
if (threadItem)
{
ULONG pagePriority;
switch (id)
{
case ID_PAGEPRIORITY_VERYLOW:
pagePriority = MEMORY_PRIORITY_VERY_LOW;
break;
case ID_PAGEPRIORITY_LOW:
pagePriority = MEMORY_PRIORITY_LOW;
break;
case ID_PAGEPRIORITY_MEDIUM:
pagePriority = MEMORY_PRIORITY_MEDIUM;
break;
case ID_PAGEPRIORITY_BELOWNORMAL:
pagePriority = MEMORY_PRIORITY_BELOW_NORMAL;
break;
case ID_PAGEPRIORITY_NORMAL:
pagePriority = MEMORY_PRIORITY_NORMAL;
break;
}
PhReferenceObject(threadItem);
PhUiSetPagePriorityThread(hwndDlg, threadItem, pagePriority);
PhDereferenceObject(threadItem);
}
}
break;
case ID_THREAD_COPY:
{
PPH_STRING text;
text = PhGetTreeNewText(tnHandle, 0);
PhSetClipboardString(tnHandle, &text->sr);
PhDereferenceObject(text);
}
break;
case IDC_OPENSTARTMODULE:
{
PPH_THREAD_ITEM threadItem = PhGetSelectedThreadItem(&threadsContext->ListContext);
if (threadItem && threadItem->StartAddressFileName)
{
PhShellExploreFile(hwndDlg, threadItem->StartAddressFileName->Buffer);
}
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_SETACTIVE:
break;
case PSN_KILLACTIVE:
// Can't disable, it screws up the deltas.
break;
}
}
break;
case WM_PH_THREADS_UPDATED:
{
ULONG upToRunId = (ULONG)wParam;
BOOLEAN firstRun = !!lParam;
PPH_PROVIDER_EVENT events;
ULONG count;
ULONG i;
events = PhFlushProviderEventQueue(&threadsContext->EventQueue, upToRunId, &count);
if (events)
{
TreeNew_SetRedraw(tnHandle, FALSE);
for (i = 0; i < count; i++)
{
PH_PROVIDER_EVENT_TYPE type = PH_PROVIDER_EVENT_TYPE(events[i]);
PPH_THREAD_ITEM threadItem = PH_PROVIDER_EVENT_OBJECT(events[i]);
switch (type)
{
case ProviderAddedEvent:
PhAddThreadNode(&threadsContext->ListContext, threadItem, firstRun);
PhDereferenceObject(threadItem);
break;
case ProviderModifiedEvent:
PhUpdateThreadNode(&threadsContext->ListContext, PhFindThreadNode(&threadsContext->ListContext, threadItem->ThreadId));
break;
case ProviderRemovedEvent:
PhRemoveThreadNode(&threadsContext->ListContext, PhFindThreadNode(&threadsContext->ListContext, threadItem->ThreadId));
break;
}
}
PhFree(events);
}
PhTickThreadNodes(&threadsContext->ListContext);
if (count != 0)
TreeNew_SetRedraw(tnHandle, TRUE);
if (propPageContext->PropContext->SelectThreadId)
{
PPH_THREAD_NODE threadNode;
if (threadNode = PhFindThreadNode(&threadsContext->ListContext, propPageContext->PropContext->SelectThreadId))
{
if (threadNode->Node.Visible)
{
TreeNew_SetFocusNode(tnHandle, &threadNode->Node);
TreeNew_SetMarkNode(tnHandle, &threadNode->Node);
TreeNew_SelectRange(tnHandle, threadNode->Node.Index, threadNode->Node.Index);
TreeNew_EnsureVisible(tnHandle, &threadNode->Node);
}
}
propPageContext->PropContext->SelectThreadId = NULL;
}
PhpUpdateThreadDetails(hwndDlg, threadsContext, FALSE);
}
break;
case WM_PH_THREAD_SELECTION_CHANGED:
{
PhpUpdateThreadDetails(hwndDlg, threadsContext, TRUE);
}
break;
}
return FALSE;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
// Register your plugin with a unique name, otherwise it will fail.
PluginInstance = PhRegisterPlugin(L"ProcessHacker.SamplePlugin", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Sample Plugin";
info->Author = L"Someone";
info->Description = L"Description goes here";
info->HasOptions = TRUE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainWindowShowing),
MainWindowShowingCallback,
NULL,
&MainWindowShowingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackGetProcessHighlightingColor),
GetProcessHighlightingColorCallback,
NULL,
&GetProcessHighlightingColorCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackGetProcessTooltipText),
GetProcessTooltipTextCallback,
NULL,
&GetProcessTooltipTextCallbackRegistration
);
// Add some settings. Note that we cannot access these settings
// in DllMain. Settings must be added in DllMain.
{
static PH_SETTING_CREATE settings[] =
{
// You must prepend your plugin name to the setting names.
{ IntegerSettingType, L"ProcessHacker.SamplePlugin.SomeInteger", L"1234" },
{ StringSettingType, L"ProcessHacker.SamplePlugin.SomeString", L"my string" }
};
PhAddSettings(settings, sizeof(settings) / sizeof(PH_SETTING_CREATE));
}
}
break;
}
return TRUE;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
static PH_SETTING_CREATE settings[] =
{
{ IntegerSettingType, SETTING_NAME_GFX_ALWAYS_ON_TOP, L"0" },
{ IntegerPairSettingType, SETTING_NAME_GFX_WINDOW_POSITION, L"400,400" },
{ IntegerPairSettingType, SETTING_NAME_GFX_WINDOW_SIZE, L"500,400" },
};
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"ProcessHacker.GraphicsInfo", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"GPU Information";
info->Author = L"dmex";
info->Description = L"Extended functionality for nVidia and ATI graphics cards.";
info->HasOptions = TRUE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainWindowShowing),
MainWindowShowingCallback,
NULL,
&MainWindowShowingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhAddSettings(settings, sizeof(settings) / sizeof(PH_SETTING_CREATE));
}
break;
}
return TRUE;
}
static INT_PTR CALLBACK PhpThreadStackDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
NTSTATUS status;
PTHREAD_STACK_CONTEXT threadStackContext;
PPH_STRING title;
HWND lvHandle;
PPH_LAYOUT_MANAGER layoutManager;
threadStackContext = (PTHREAD_STACK_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)threadStackContext);
title = PhFormatString(L"Stack - thread %u", (ULONG)threadStackContext->ThreadId);
SetWindowText(hwndDlg, title->Buffer);
PhDereferenceObject(title);
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 30, L" ");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 300, L"Name");
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhLoadListViewColumnsFromSetting(L"ThreadStackListViewColumns", lvHandle);
threadStackContext->ListViewHandle = lvHandle;
layoutManager = PhAllocate(sizeof(PH_LAYOUT_MANAGER));
PhInitializeLayoutManager(layoutManager, hwndDlg);
SetProp(hwndDlg, L"LayoutManager", (HANDLE)layoutManager);
PhAddLayoutItem(layoutManager, lvHandle, NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_COPY),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_REFRESH),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 190;
rect.bottom = 120;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
PhLoadWindowPlacementFromSetting(NULL, L"ThreadStackWindowSize", hwndDlg);
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackInitializing;
control.UniqueKey = threadStackContext;
control.u.Initializing.ProcessId = threadStackContext->ProcessId;
control.u.Initializing.ThreadId = threadStackContext->ThreadId;
control.u.Initializing.ThreadHandle = threadStackContext->ThreadHandle;
control.u.Initializing.SymbolProvider = threadStackContext->SymbolProvider;
control.u.Initializing.CustomWalk = FALSE;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
threadStackContext->CustomWalk = control.u.Initializing.CustomWalk;
}
status = PhpRefreshThreadStack(hwndDlg, threadStackContext);
if (status == STATUS_ABANDONED)
EndDialog(hwndDlg, IDCANCEL);
else if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to load the stack", status, 0);
}
break;
case WM_DESTROY:
{
PPH_LAYOUT_MANAGER layoutManager;
PTHREAD_STACK_CONTEXT threadStackContext;
ULONG i;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhDeleteLayoutManager(layoutManager);
PhFree(layoutManager);
threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackUninitializing;
control.UniqueKey = threadStackContext;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
}
for (i = 0; i < threadStackContext->List->Count; i++)
PhpFreeThreadStackItem(threadStackContext->List->Items[i]);
PhSaveListViewColumnsToSetting(L"ThreadStackListViewColumns", GetDlgItem(hwndDlg, IDC_LIST));
PhSaveWindowPlacementToSetting(NULL, L"ThreadStackWindowSize", hwndDlg);
RemoveProp(hwndDlg, PhMakeContextAtom());
RemoveProp(hwndDlg, L"LayoutManager");
}
break;
case WM_COMMAND:
{
INT id = LOWORD(wParam);
switch (id)
{
case IDCANCEL: // Esc and X button to close
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
case IDC_REFRESH:
{
NTSTATUS status;
if (!NT_SUCCESS(status = PhpRefreshThreadStack(
hwndDlg,
(PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom())
)))
{
PhShowStatus(hwndDlg, L"Unable to load the stack", status, 0);
}
}
break;
case IDC_COPY:
{
HWND lvHandle;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
if (ListView_GetSelectedCount(lvHandle) == 0)
PhSetStateAllListViewItems(lvHandle, LVIS_SELECTED, LVIS_SELECTED);
PhCopyListView(lvHandle);
SetFocus(lvHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_GETINFOTIP:
{
LPNMLVGETINFOTIP getInfoTip = (LPNMLVGETINFOTIP)header;
HWND lvHandle;
PTHREAD_STACK_CONTEXT threadStackContext;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (header->hwndFrom == lvHandle)
{
PTHREAD_STACK_ITEM stackItem;
PPH_THREAD_STACK_FRAME stackFrame;
if (PhGetListViewItemParam(lvHandle, getInfoTip->iItem, &stackItem))
{
PH_STRING_BUILDER stringBuilder;
PPH_STRING fileName;
PH_SYMBOL_LINE_INFORMATION lineInfo;
stackFrame = &stackItem->StackFrame;
PhInitializeStringBuilder(&stringBuilder, 40);
// There are no params for kernel-mode stack traces.
if ((ULONG_PTR)stackFrame->PcAddress <= PhSystemBasicInformation.MaximumUserModeAddress)
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"Parameters: 0x%Ix, 0x%Ix, 0x%Ix, 0x%Ix\n",
stackFrame->Params[0],
stackFrame->Params[1],
stackFrame->Params[2],
stackFrame->Params[3]
);
}
if (PhGetLineFromAddress(
threadStackContext->SymbolProvider,
(ULONG64)stackFrame->PcAddress,
&fileName,
NULL,
&lineInfo
))
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"File: %s: line %u\n",
fileName->Buffer,
lineInfo.LineNumber
);
PhDereferenceObject(fileName);
}
if (stringBuilder.String->Length != 0)
PhRemoveStringBuilder(&stringBuilder, stringBuilder.String->Length / 2 - 1, 1);
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackGetTooltip;
control.UniqueKey = threadStackContext;
control.u.GetTooltip.StackFrame = stackFrame;
control.u.GetTooltip.StringBuilder = &stringBuilder;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
}
PhCopyListViewInfoTip(getInfoTip, &stringBuilder.String->sr);
PhDeleteStringBuilder(&stringBuilder);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PPH_LAYOUT_MANAGER layoutManager;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhLayoutManagerLayout(layoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
INT_PTR CALLBACK EtwDiskNetworkPageDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
LPPROPSHEETPAGE propSheetPage;
PPH_PROCESS_PROPPAGECONTEXT propPageContext;
PPH_PROCESS_ITEM processItem;
PET_DISKNET_CONTEXT context;
if (PhPropPageDlgProcHeader(hwndDlg, uMsg, lParam, &propSheetPage, &propPageContext, &processItem))
{
context = propPageContext->Context;
}
else
{
return FALSE;
}
switch (uMsg)
{
case WM_INITDIALOG:
{
ULONG sampleCount;
// We have already set the group boxes to have WS_EX_TRANSPARENT to fix
// the drawing issue that arises when using WS_CLIPCHILDREN. However
// in removing the flicker from the graphs the group boxes will now flicker.
// It's a good tradeoff since no one stares at the group boxes.
PhSetWindowStyle(hwndDlg, WS_CLIPCHILDREN, WS_CLIPCHILDREN);
sampleCount = PhGetIntegerSetting(L"SampleCount");
context = PhAllocateZero(sizeof(ET_DISKNET_CONTEXT));
context->WindowHandle = hwndDlg;
context->Block = EtGetProcessBlock(processItem);
context->Enabled = TRUE;
context->DiskGroupBox = GetDlgItem(hwndDlg, IDC_GROUPDISK);
context->NetworkGroupBox = GetDlgItem(hwndDlg, IDC_GROUPNETWORK);
propPageContext->Context = context;
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhInitializeGraphState(&context->DiskGraphState);
PhInitializeGraphState(&context->NetworkGraphState);
PhInitializeCircularBuffer_ULONG64(&context->DiskReadHistory, sampleCount);
PhInitializeCircularBuffer_ULONG64(&context->DiskWriteHistory, sampleCount);
PhInitializeCircularBuffer_ULONG64(&context->NetworkSendHistory, sampleCount);
PhInitializeCircularBuffer_ULONG64(&context->NetworkReceiveHistory, sampleCount);
EtwDiskNetworkCreateGraphs(context);
EtwDiskNetworkCreatePanel(context);
EtwDiskNetworkUpdateInfo(context);
EtwDiskNetworkUpdatePanel(context);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessProviderUpdatedEvent),
EtwDiskNetworkUpdateHandler,
context,
&context->ProcessesUpdatedRegistration
);
PhInitializeWindowTheme(hwndDlg, !!PhGetIntegerSetting(L"EnableThemeSupport"));
}
break;
case WM_DESTROY:
{
PhDeleteLayoutManager(&context->LayoutManager);
PhDeleteGraphState(&context->DiskGraphState);
PhDeleteGraphState(&context->NetworkGraphState);
PhDeleteCircularBuffer_ULONG64(&context->DiskReadHistory);
PhDeleteCircularBuffer_ULONG64(&context->DiskWriteHistory);
PhDeleteCircularBuffer_ULONG64(&context->NetworkSendHistory);
PhDeleteCircularBuffer_ULONG64(&context->NetworkReceiveHistory);
if (context->DiskGraphHandle)
DestroyWindow(context->DiskGraphHandle);
if (context->NetworkGraphHandle)
DestroyWindow(context->NetworkGraphHandle);
if (context->PanelHandle)
DestroyWindow(context->PanelHandle);
PhUnregisterCallback(PhGetGeneralCallback(GeneralCallbackProcessProviderUpdatedEvent), &context->ProcessesUpdatedRegistration);
PhFree(context);
}
break;
case WM_SHOWWINDOW:
{
if (PhBeginPropPageLayout(hwndDlg, propPageContext))
PhEndPropPageLayout(hwndDlg, propPageContext);
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_SETACTIVE:
context->Enabled = TRUE;
break;
case PSN_KILLACTIVE:
context->Enabled = FALSE;
break;
case GCN_GETDRAWINFO:
{
PPH_GRAPH_GETDRAWINFO getDrawInfo = (PPH_GRAPH_GETDRAWINFO)header;
PPH_GRAPH_DRAW_INFO drawInfo = getDrawInfo->DrawInfo;
if (header->hwndFrom == context->DiskGraphHandle)
{
if (PhGetIntegerSetting(L"GraphShowText"))
{
HDC hdc;
PhMoveReference(&context->DiskGraphState.Text, PhFormatString(
L"R: %s, W: %s",
PhaFormatSize(context->CurrentDiskRead, ULONG_MAX)->Buffer,
PhaFormatSize(context->CurrentDiskWrite, ULONG_MAX)->Buffer
));
hdc = Graph_GetBufferedContext(context->DiskGraphHandle);
SelectObject(hdc, PhApplicationFont);
PhSetGraphText(hdc, drawInfo, &context->DiskGraphState.Text->sr,
&NormalGraphTextMargin, &NormalGraphTextPadding, PH_ALIGN_TOP | PH_ALIGN_LEFT);
}
else
{
drawInfo->Text.Buffer = NULL;
}
drawInfo->Flags = PH_GRAPH_USE_GRID_X | PH_GRAPH_USE_GRID_Y | PH_GRAPH_LABEL_MAX_Y | PH_GRAPH_USE_LINE_2;
PhSiSetColorsGraphDrawInfo(drawInfo, PhGetIntegerSetting(L"ColorIoReadOther"), PhGetIntegerSetting(L"ColorIoWrite"));
PhGraphStateGetDrawInfo(&context->DiskGraphState, getDrawInfo, context->DiskReadHistory.Count);
if (!context->DiskGraphState.Valid)
{
FLOAT max = 0;
for (ULONG i = 0; i < drawInfo->LineDataCount; i++)
{
FLOAT data1;
FLOAT data2;
context->DiskGraphState.Data1[i] = data1 = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->DiskReadHistory, i);
context->DiskGraphState.Data2[i] = data2 = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->DiskWriteHistory, i);
if (max < data1 + data2)
max = data1 + data2;
}
// Minimum scaling of 1 MB.
//if (max < 1024 * 1024)
// max = 1024 * 1024;
if (max != 0)
{
// Scale the data.
PhDivideSinglesBySingle(
context->DiskGraphState.Data1,
max,
drawInfo->LineDataCount
);
PhDivideSinglesBySingle(
context->DiskGraphState.Data2,
max,
drawInfo->LineDataCount
);
}
drawInfo->LabelYFunction = PhSiSizeLabelYFunction;
drawInfo->LabelYFunctionParameter = max;
context->DiskGraphState.Valid = TRUE;
}
}
else if (header->hwndFrom == context->NetworkGraphHandle)
{
if (PhGetIntegerSetting(L"GraphShowText"))
{
HDC hdc;
PhMoveReference(&context->NetworkGraphState.Text, PhFormatString(
L"R: %s, S: %s",
PhaFormatSize(context->CurrentNetworkReceive, ULONG_MAX)->Buffer,
PhaFormatSize(context->CurrentNetworkSend, ULONG_MAX)->Buffer
));
hdc = Graph_GetBufferedContext(context->NetworkGraphHandle);
SelectObject(hdc, PhApplicationFont);
PhSetGraphText(hdc, drawInfo, &context->NetworkGraphState.Text->sr,
&NormalGraphTextMargin, &NormalGraphTextPadding, PH_ALIGN_TOP | PH_ALIGN_LEFT);
}
else
{
drawInfo->Text.Buffer = NULL;
}
drawInfo->Flags = PH_GRAPH_USE_GRID_X | PH_GRAPH_USE_GRID_Y | PH_GRAPH_LABEL_MAX_Y | PH_GRAPH_USE_LINE_2;
PhSiSetColorsGraphDrawInfo(drawInfo, PhGetIntegerSetting(L"ColorIoReadOther"), PhGetIntegerSetting(L"ColorIoWrite"));
PhGraphStateGetDrawInfo(&context->NetworkGraphState, getDrawInfo, context->NetworkSendHistory.Count);
if (!context->NetworkGraphState.Valid)
{
FLOAT max = 0;
for (ULONG i = 0; i < drawInfo->LineDataCount; i++)
{
FLOAT data1;
FLOAT data2;
context->NetworkGraphState.Data1[i] = data1 = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->NetworkReceiveHistory, i);
context->NetworkGraphState.Data2[i] = data2 = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->NetworkSendHistory, i);
if (max < data1 + data2)
max = data1 + data2;
}
// Minimum scaling of 1 MB.
//if (max < 1024 * 1024)
// max = 1024 * 1024;
if (max != 0)
{
// Scale the data.
PhDivideSinglesBySingle(
context->NetworkGraphState.Data1,
max,
drawInfo->LineDataCount
);
PhDivideSinglesBySingle(
context->NetworkGraphState.Data2,
max,
drawInfo->LineDataCount
);
}
drawInfo->LabelYFunction = PhSiSizeLabelYFunction;
drawInfo->LabelYFunctionParameter = max;
context->NetworkGraphState.Valid = TRUE;
}
}
}
break;
case GCN_GETTOOLTIPTEXT:
{
PPH_GRAPH_GETTOOLTIPTEXT getTooltipText = (PPH_GRAPH_GETTOOLTIPTEXT)lParam;
if (getTooltipText->Index < getTooltipText->TotalCount)
{
if (header->hwndFrom == context->DiskGraphHandle)
{
if (context->DiskGraphState.TooltipIndex != getTooltipText->Index)
{
ULONG64 diskRead = PhGetItemCircularBuffer_ULONG64(
&context->DiskReadHistory,
getTooltipText->Index
);
ULONG64 diskWrite = PhGetItemCircularBuffer_ULONG64(
&context->DiskWriteHistory,
getTooltipText->Index
);
PhMoveReference(&context->DiskGraphState.TooltipText, PhFormatString(
L"R: %s\nW: %s\n%s",
PhaFormatSize(diskRead, ULONG_MAX)->Buffer,
PhaFormatSize(diskWrite, ULONG_MAX)->Buffer,
((PPH_STRING)PH_AUTO(PhGetStatisticsTimeString(NULL, getTooltipText->Index)))->Buffer
));
}
getTooltipText->Text = PhGetStringRef(context->DiskGraphState.TooltipText);
}
else if (header->hwndFrom == context->NetworkGraphHandle)
{
if (context->NetworkGraphState.TooltipIndex != getTooltipText->Index)
{
ULONG64 networkSend = PhGetItemCircularBuffer_ULONG64(
&context->NetworkSendHistory,
getTooltipText->Index
);
ULONG64 networkReceive = PhGetItemCircularBuffer_ULONG64(
&context->NetworkReceiveHistory,
getTooltipText->Index
);
PhMoveReference(&context->NetworkGraphState.TooltipText, PhFormatString(
L"S: %s\nR: %s\n%s",
PhaFormatSize(networkSend, ULONG_MAX)->Buffer,
PhaFormatSize(networkReceive, ULONG_MAX)->Buffer,
((PPH_STRING)PH_AUTO(PhGetStatisticsTimeString(NULL, getTooltipText->Index)))->Buffer
));
}
getTooltipText->Text = PhGetStringRef(context->NetworkGraphState.TooltipText);
}
}
}
break;
}
}
break;
case ET_WM_UPDATE:
{
if (context->Enabled)
{
EtwDiskNetworkUpdateInfo(context);
EtwDiskNetworkUpdateGraphs(context);
EtwDiskNetworkUpdatePanel(context);
}
}
break;
case WM_SIZE:
{
EtwDiskNetworkLayoutGraphs(context);
}
break;
}
return FALSE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ StringSettingType, SETTING_NAME_ASM_TREE_LIST_COLUMNS, L"" },
{ IntegerSettingType, SETTING_NAME_DOT_NET_CATEGORY_INDEX, L"5" },
{ StringSettingType, SETTING_NAME_DOT_NET_COUNTERS_COLUMNS, L"" },
{ IntegerSettingType, SETTING_NAME_DOT_NET_SHOW_BYTE_SIZE, L"1" }
};
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L".NET Tools";
info->Author = L"dmex, wj32";
info->Description = L"Adds .NET performance counters, assembly information, thread stack support, and more.";
info->Url = L"https://wj32.org/processhacker/forums/viewtopic.php?t=1111";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
//PhRegisterCallback(
// PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
// MenuItemCallback,
// NULL,
// &PluginMenuItemCallbackRegistration
// );
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackTreeNewMessage),
TreeNewMessageCallback,
NULL,
&PluginTreeNewMessageCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackPhSvcRequest),
PhSvcRequestCallback,
NULL,
&PluginPhSvcRequestCallbackRegistration
);
//PhRegisterCallback(
// PhGetGeneralCallback(GeneralCallbackMainWindowShowing),
// MainWindowShowingCallback,
// NULL,
// &MainWindowShowingCallbackRegistration
// );
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessPropertiesInitializing),
ProcessPropertiesInitializingCallback,
NULL,
&ProcessPropertiesInitializingCallbackRegistration
);
//PhRegisterCallback(
// PhGetGeneralCallback(GeneralCallbackProcessMenuInitializing),
// ProcessMenuInitializingCallback,
// NULL,
// &ProcessMenuInitializingCallbackRegistration
// );
//PhRegisterCallback(
// PhGetGeneralCallback(GeneralCallbackThreadMenuInitializing),
// ThreadMenuInitializingCallback,
// NULL,
// &ThreadMenuInitializingCallbackRegistration
// );
//PhRegisterCallback(
// PhGetGeneralCallback(GeneralCallbackModuleMenuInitializing),
// ModuleMenuInitializingCallback,
// NULL,
// &ModuleMenuInitializingCallbackRegistration
// );
//PhRegisterCallback(
// PhGetGeneralCallback(GeneralCallbackProcessTreeNewInitializing),
// ProcessTreeNewInitializingCallback,
// NULL,
// &ProcessTreeNewInitializingCallbackRegistration
// );
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackThreadTreeNewInitializing),
ThreadTreeNewInitializingCallback,
NULL,
&ThreadTreeNewInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackThreadTreeNewUninitializing),
ThreadTreeNewUninitializingCallback,
NULL,
&ThreadTreeNewUninitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackThreadStackControl),
ThreadStackControlCallback,
NULL,
&ThreadStackControlCallbackRegistration
);
PhPluginSetObjectExtension(
PluginInstance,
EmThreadItemType,
sizeof(DN_THREAD_ITEM),
ThreadItemCreateCallback,
ThreadItemDeleteCallback
);
InitializeTreeNewObjectExtensions();
PhAddSettings(settings, ARRAYSIZE(settings));
}
break;
}
return TRUE;
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
BOOLEAN isClient;
isClient = FALSE;
if (!GetModuleHandle(L"ProcessHacker.exe") || !WeGetProcedureAddress("PhLibImageBase"))
{
isClient = TRUE;
}
else
{
// WindowExplorer appears to be loading within Process Hacker. However, if there is
// already a server instance, the the hook will be active, and our DllMain routine
// will most likely be called before the plugin system is even initialized. Attempting
// to register a plugin would result in an access violation, so load as a client for now.
if (WeIsServerActive())
isClient = TRUE;
}
if (isClient)
{
// This DLL is being loaded not as a Process Hacker plugin, but as a hook.
IsHookClient = TRUE;
WeHookClientInitialization();
break;
}
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Window Explorer";
info->Author = L"wj32";
info->Description = L"View and manipulate windows.";
info->Url = L"http://processhacker.sf.net/forums/viewtopic.php?t=1116";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
//PhRegisterCallback(
// PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
// ShowOptionsCallback,
// NULL,
// &PluginShowOptionsCallbackRegistration
// );
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
//PhRegisterCallback(
// PhGetGeneralCallback(GeneralCallbackProcessPropertiesInitializing),
// ProcessPropertiesInitializingCallback,
// NULL,
// &ProcessPropertiesInitializingCallbackRegistration
// );
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessMenuInitializing),
ProcessMenuInitializingCallback,
NULL,
&ProcessMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackThreadMenuInitializing),
ThreadMenuInitializingCallback,
NULL,
&ThreadMenuInitializingCallbackRegistration
);
{
static PH_SETTING_CREATE settings[] =
{
{ IntegerSettingType, SETTING_NAME_SHOW_DESKTOP_WINDOWS, L"0" },
{ StringSettingType, SETTING_NAME_WINDOW_TREE_LIST_COLUMNS, L"" },
{ IntegerPairSettingType, SETTING_NAME_WINDOWS_WINDOW_POSITION, L"100,100" },
{ IntegerPairSettingType, SETTING_NAME_WINDOWS_WINDOW_SIZE, L"690,540" }
};
PhAddSettings(settings, sizeof(settings) / sizeof(PH_SETTING_CREATE));
}
}
break;
case DLL_PROCESS_DETACH:
{
if (IsHookClient)
{
WeHookClientUninitialization();
}
}
break;
}
return TRUE;
}
LOGICAL DllMain(
__in HINSTANCE Instance,
__in ULONG Reason,
__reserved PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"ProcessHacker.ExtendedTools", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Extended Tools";
info->Author = L"wj32";
info->Description = L"Extended functionality for Windows Vista and above, including ETW monitoring, GPU monitoring and a Disk tab.";
info->HasOptions = TRUE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackUnload),
UnloadCallback,
NULL,
&PluginUnloadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackShowOptions),
ShowOptionsCallback,
NULL,
&PluginShowOptionsCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackTreeNewMessage),
TreeNewMessageCallback,
NULL,
&PluginTreeNewMessageCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainWindowShowing),
MainWindowShowingCallback,
NULL,
&MainWindowShowingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessPropertiesInitializing),
ProcessPropertiesInitializingCallback,
NULL,
&ProcessPropertiesInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackHandlePropertiesInitializing),
HandlePropertiesInitializingCallback,
NULL,
&HandlePropertiesInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessMenuInitializing),
ProcessMenuInitializingCallback,
NULL,
&ProcessMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackThreadMenuInitializing),
ThreadMenuInitializingCallback,
NULL,
&ThreadMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackModuleMenuInitializing),
ModuleMenuInitializingCallback,
NULL,
&ModuleMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackProcessTreeNewInitializing),
ProcessTreeNewInitializingCallback,
NULL,
&ProcessTreeNewInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackNetworkTreeNewInitializing),
NetworkTreeNewInitializingCallback,
NULL,
&NetworkTreeNewInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackSystemInformationInitializing),
SystemInformationInitializingCallback,
NULL,
&SystemInformationInitializingCallbackRegistration
);
PhRegisterCallback(
&PhProcessesUpdatedEvent,
ProcessesUpdatedCallback,
NULL,
&ProcessesUpdatedCallbackRegistration
);
PhRegisterCallback(
&PhNetworkItemsUpdatedEvent,
NetworkItemsUpdatedCallback,
NULL,
&NetworkItemsUpdatedCallbackRegistration
);
InitializeListHead(&EtProcessBlockListHead);
InitializeListHead(&EtNetworkBlockListHead);
PhPluginSetObjectExtension(
PluginInstance,
EmProcessItemType,
sizeof(ET_PROCESS_BLOCK),
ProcessItemCreateCallback,
ProcessItemDeleteCallback
);
PhPluginSetObjectExtension(
PluginInstance,
EmNetworkItemType,
sizeof(ET_NETWORK_BLOCK),
NetworkItemCreateCallback,
NetworkItemDeleteCallback
);
{
static PH_SETTING_CREATE settings[] =
{
{ StringSettingType, SETTING_NAME_DISK_TREE_LIST_COLUMNS, L"" },
{ IntegerPairSettingType, SETTING_NAME_DISK_TREE_LIST_SORT, L"4,2" }, // 4, DescendingSortOrder
{ IntegerSettingType, SETTING_NAME_ENABLE_ETW_MONITOR, L"1" },
{ IntegerSettingType, SETTING_NAME_ENABLE_GPU_MONITOR, L"1" },
{ StringSettingType, SETTING_NAME_GPU_NODE_BITMAP, L"01000000" }
};
PhAddSettings(settings, sizeof(settings) / sizeof(PH_SETTING_CREATE));
}
}
break;
}
return TRUE;
}
PPH_STRING PhGetProcessTooltipText(
__in PPH_PROCESS_ITEM Process
)
{
PH_STRING_BUILDER stringBuilder;
PPH_STRING tempString;
PhInitializeStringBuilder(&stringBuilder, 200);
// Command line
if (Process->CommandLine)
{
PhAppendStringBuilder(&stringBuilder, Process->CommandLine);
PhAppendCharStringBuilder(&stringBuilder, '\n');
}
// File information
tempString = PhFormatImageVersionInfo(
Process->FileName,
&Process->VersionInfo,
L" ",
0
);
if (!PhIsNullOrEmptyString(tempString))
{
PhAppendStringBuilder2(&stringBuilder, L"File:\n");
PhAppendStringBuilder(&stringBuilder, tempString);
PhAppendCharStringBuilder(&stringBuilder, '\n');
}
if (tempString)
PhDereferenceObject(tempString);
// Known command line information
if (Process->CommandLine && Process->QueryHandle)
{
PH_KNOWN_PROCESS_TYPE knownProcessType;
PH_KNOWN_PROCESS_COMMAND_LINE knownCommandLine;
if (NT_SUCCESS(PhGetProcessKnownType(
Process->QueryHandle,
&knownProcessType
)) && PhaGetProcessKnownCommandLine(
Process->CommandLine,
knownProcessType,
&knownCommandLine
))
{
switch (knownProcessType & KnownProcessTypeMask)
{
case ServiceHostProcessType:
PhAppendStringBuilder2(&stringBuilder, L"Service group name:\n ");
PhAppendStringBuilder(&stringBuilder, knownCommandLine.ServiceHost.GroupName);
PhAppendCharStringBuilder(&stringBuilder, '\n');
break;
case RunDllAsAppProcessType:
{
PH_IMAGE_VERSION_INFO versionInfo;
if (PhInitializeImageVersionInfo(
&versionInfo,
knownCommandLine.RunDllAsApp.FileName->Buffer
))
{
tempString = PhFormatImageVersionInfo(
knownCommandLine.RunDllAsApp.FileName,
&versionInfo,
L" ",
0
);
if (!PhIsNullOrEmptyString(tempString))
{
PhAppendStringBuilder2(&stringBuilder, L"Run DLL target file:\n");
PhAppendStringBuilder(&stringBuilder, tempString);
PhAppendCharStringBuilder(&stringBuilder, '\n');
}
if (tempString)
PhDereferenceObject(tempString);
PhDeleteImageVersionInfo(&versionInfo);
}
}
break;
case ComSurrogateProcessType:
{
PH_IMAGE_VERSION_INFO versionInfo;
PPH_STRING guidString;
PhAppendStringBuilder2(&stringBuilder, L"COM target:\n");
if (knownCommandLine.ComSurrogate.Name)
{
PhAppendStringBuilder2(&stringBuilder, L" ");
PhAppendStringBuilder(&stringBuilder, knownCommandLine.ComSurrogate.Name);
PhAppendCharStringBuilder(&stringBuilder, '\n');
}
if (guidString = PhFormatGuid(&knownCommandLine.ComSurrogate.Guid))
{
PhAppendStringBuilder2(&stringBuilder, L" ");
PhAppendStringBuilder(&stringBuilder, guidString);
PhDereferenceObject(guidString);
PhAppendCharStringBuilder(&stringBuilder, '\n');
}
if (knownCommandLine.ComSurrogate.FileName && PhInitializeImageVersionInfo(
&versionInfo,
knownCommandLine.ComSurrogate.FileName->Buffer
))
{
tempString = PhFormatImageVersionInfo(
knownCommandLine.ComSurrogate.FileName,
&versionInfo,
L" ",
0
);
if (!PhIsNullOrEmptyString(tempString))
{
PhAppendStringBuilder2(&stringBuilder, L"COM target file:\n");
PhAppendStringBuilder(&stringBuilder, tempString);
PhAppendCharStringBuilder(&stringBuilder, '\n');
}
if (tempString)
PhDereferenceObject(tempString);
PhDeleteImageVersionInfo(&versionInfo);
}
}
break;
}
}
}
// Services
if (Process->ServiceList && Process->ServiceList->Count != 0)
{
ULONG enumerationKey = 0;
PPH_SERVICE_ITEM serviceItem;
PPH_LIST serviceList;
ULONG i;
// Copy the service list into our own list so we can sort it.
serviceList = PhCreateList(Process->ServiceList->Count);
PhAcquireQueuedLockShared(&Process->ServiceListLock);
while (PhEnumPointerList(
Process->ServiceList,
&enumerationKey,
&serviceItem
))
{
PhReferenceObject(serviceItem);
PhAddItemList(serviceList, serviceItem);
}
PhReleaseQueuedLockShared(&Process->ServiceListLock);
qsort(serviceList->Items, serviceList->Count, sizeof(PPH_SERVICE_ITEM), ServiceForTooltipCompare);
PhAppendStringBuilder2(&stringBuilder, L"Services:\n");
// Add the services.
for (i = 0; i < serviceList->Count; i++)
{
serviceItem = serviceList->Items[i];
PhAppendStringBuilder2(&stringBuilder, L" ");
PhAppendStringBuilder(&stringBuilder, serviceItem->Name);
PhAppendStringBuilder2(&stringBuilder, L" (");
PhAppendStringBuilder(&stringBuilder, serviceItem->DisplayName);
PhAppendStringBuilder2(&stringBuilder, L")\n");
}
PhDereferenceObjects(serviceList->Items, serviceList->Count);
PhDereferenceObject(serviceList);
}
// Tasks
if (PhEqualString2(Process->ProcessName, L"taskeng.exe", TRUE) ||
PhEqualString2(Process->ProcessName, L"taskhost.exe", TRUE))
{
PH_STRING_BUILDER tasks;
PhInitializeStringBuilder(&tasks, 40);
PhpFillRunningTasks(Process, &tasks);
if (tasks.String->Length != 0)
{
PhAppendStringBuilder2(&stringBuilder, L"Tasks:\n");
PhAppendStringBuilder(&stringBuilder, tasks.String);
}
PhDeleteStringBuilder(&tasks);
}
// Plugin
if (PhPluginsEnabled)
{
PH_PLUGIN_GET_TOOLTIP_TEXT getTooltipText;
getTooltipText.Parameter = Process;
getTooltipText.StringBuilder = &stringBuilder;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackGetProcessTooltipText), &getTooltipText);
}
// Notes
{
PH_STRING_BUILDER notes;
PhInitializeStringBuilder(¬es, 40);
if (Process->FileName)
{
if (Process->VerifyResult == VrTrusted)
{
if (!PhIsNullOrEmptyString(Process->VerifySignerName))
PhAppendFormatStringBuilder(¬es, L" Signer: %s\n", Process->VerifySignerName->Buffer);
else
PhAppendStringBuilder2(¬es, L" Signed.\n");
}
else if (Process->VerifyResult == VrUnknown)
{
// Nothing
}
else if (Process->VerifyResult != VrNoSignature)
{
PhAppendStringBuilder2(¬es, L" Signature invalid.\n");
}
}
if (Process->IsPacked)
{
PhAppendFormatStringBuilder(
¬es,
L" Image is probably packed (%u imports over %u modules).\n",
Process->ImportFunctions,
Process->ImportModules
);
}
if (Process->ConsoleHostProcessId)
{
CLIENT_ID clientId;
PPH_STRING clientIdString;
clientId.UniqueProcess = Process->ConsoleHostProcessId;
clientId.UniqueThread = NULL;
clientIdString = PhGetClientIdName(&clientId);
PhAppendFormatStringBuilder(¬es, L" Console host: %s\n", clientIdString->Buffer);
PhDereferenceObject(clientIdString);
}
if (Process->IsDotNet)
PhAppendStringBuilder2(¬es, L" Process is managed (.NET).\n");
if (Process->IsElevated)
PhAppendStringBuilder2(¬es, L" Process is elevated.\n");
if (Process->IsInJob)
PhAppendStringBuilder2(¬es, L" Process is in a job.\n");
if (Process->IsPosix)
PhAppendStringBuilder2(¬es, L" Process is POSIX.\n");
if (Process->IsWow64)
PhAppendStringBuilder2(¬es, L" Process is 32-bit (WOW64).\n");
if (notes.String->Length != 0)
{
PhAppendStringBuilder2(&stringBuilder, L"Notes:\n");
PhAppendStringBuilder(&stringBuilder, notes.String);
}
PhDeleteStringBuilder(¬es);
}
// Remove the trailing newline.
if (stringBuilder.String->Length != 0)
PhRemoveStringBuilder(&stringBuilder, stringBuilder.String->Length / 2 - 1, 1);
return PhFinalStringBuilderString(&stringBuilder);
}
VOID PhShowServiceProperties(
_In_ HWND ParentWindowHandle,
_In_ PPH_SERVICE_ITEM ServiceItem
)
{
PROPSHEETHEADER propSheetHeader = { sizeof(propSheetHeader) };
PROPSHEETPAGE propSheetPage;
HPROPSHEETPAGE pages[32];
SERVICE_PROPERTIES_CONTEXT context;
PH_STD_OBJECT_SECURITY stdObjectSecurity;
PPH_ACCESS_ENTRY accessEntries;
ULONG numberOfAccessEntries;
propSheetHeader.dwFlags =
PSH_NOAPPLYNOW |
PSH_NOCONTEXTHELP |
PSH_PROPTITLE;
propSheetHeader.hwndParent = ParentWindowHandle;
propSheetHeader.pszCaption = ServiceItem->Name->Buffer;
propSheetHeader.nPages = 0;
propSheetHeader.nStartPage = 0;
propSheetHeader.phpage = pages;
// General
memset(&context, 0, sizeof(SERVICE_PROPERTIES_CONTEXT));
context.ServiceItem = ServiceItem;
context.Ready = FALSE;
context.Dirty = FALSE;
memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE));
propSheetPage.dwSize = sizeof(PROPSHEETPAGE);
propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_SRVGENERAL);
propSheetPage.pfnDlgProc = PhpServiceGeneralDlgProc;
propSheetPage.lParam = (LPARAM)&context;
pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage);
// Security
stdObjectSecurity.OpenObject = PhpOpenService;
stdObjectSecurity.ObjectType = L"Service";
stdObjectSecurity.Context = ServiceItem;
if (PhGetAccessEntries(L"Service", &accessEntries, &numberOfAccessEntries))
{
pages[propSheetHeader.nPages++] = PhCreateSecurityPage(
ServiceItem->Name->Buffer,
PhStdGetObjectSecurity,
PhStdSetObjectSecurity,
&stdObjectSecurity,
accessEntries,
numberOfAccessEntries
);
PhFree(accessEntries);
}
if (PhPluginsEnabled)
{
PH_PLUGIN_OBJECT_PROPERTIES objectProperties;
objectProperties.Parameter = ServiceItem;
objectProperties.NumberOfPages = propSheetHeader.nPages;
objectProperties.MaximumNumberOfPages = sizeof(pages) / sizeof(HPROPSHEETPAGE);
objectProperties.Pages = pages;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackServicePropertiesInitializing), &objectProperties);
propSheetHeader.nPages = objectProperties.NumberOfPages;
}
PropertySheet(&propSheetHeader);
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PH_SETTING_CREATE settings[] =
{
{ IntegerPairSettingType, SETTING_NAME_WINDOW_POSITION, L"350,350" },
{ ScalableIntegerPairSettingType, SETTING_NAME_WINDOW_SIZE, L"@96|510,380" },
{ StringSettingType, SETTING_NAME_COLUMNS, L"" }
};
PluginInstance = PhRegisterPlugin(PLUGIN_NAME, Instance, &info);
PhInitializeFastLock(&CacheListLock);
InitDnsApi();
if (!PluginInstance)
return FALSE;
info->DisplayName = L"DNS Cache Viewer";
info->Author = L"dmex";
info->Description = L"Plugin for viewing the DNS Resolver Cache via the Tools menu and resolve Remote Host Name through dns cache in network list.";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackNetworkTreeNewInitializing),
NetworkTreeNewInitializingCallback,
&NetworkTreeNewHandle,
&NetworkTreeNewInitializingCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackTreeNewMessage),
TreeNewMessageCallback,
NULL,
&TreeNewMessageCallbackRegistration
);
PhPluginSetObjectExtension(
PluginInstance,
EmNetworkItemType,
sizeof(NETWORK_DNSCACHE_EXTENSION),
NetworkItemCreateCallback,
NetworkItemDeleteCallback
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackNetworkProviderAddedEvent),
NetworkItemAddedHandler,
NULL,
&NetworkItemAddedRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackNetworkProviderModifiedEvent),
NetworkItemAddedHandler,
NULL,
&NetworkItemModifiedRegistration
);
PhAddSettings(settings, ARRAYSIZE(settings));
QueueDnsCacheUpdateThread();
}
break;
}
return TRUE;
}
