PVOID PhGetSelectedListViewItemParam(
_In_ HWND hWnd
)
{
INT index;
PVOID param;
index = PhFindListViewItemByFlags(
hWnd,
-1,
LVNI_SELECTED
);
if (index != -1)
{
if (PhGetListViewItemParam(
hWnd,
index,
¶m
))
{
return param;
}
}
return NULL;
}
VOID PhGetSelectedListViewItemParams(
_In_ HWND hWnd,
_Out_ PVOID **Items,
_Out_ PULONG NumberOfItems
)
{
PPH_LIST list;
ULONG index;
PVOID param;
list = PhCreateList(2);
index = -1;
while ((index = PhFindListViewItemByFlags(
hWnd,
index,
LVNI_SELECTED
)) != -1)
{
if (PhGetListViewItemParam(
hWnd,
index,
¶m
))
{
PhAddItemList(list, param);
}
}
*Items = PhAllocateCopy(list->Items, sizeof(PVOID) * list->Count);
*NumberOfItems = list->Count;
PhDereferenceObject(list);
}
VOID FreeListViewDiskDriveEntries(
_In_ PDV_DISK_OPTIONS_CONTEXT Context
)
{
ULONG index = -1;
while ((index = PhFindListViewItemByFlags(
Context->ListViewHandle,
index,
LVNI_ALL
)) != -1)
{
PDV_DISK_ID param;
if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m))
{
DeleteDiskId(param);
PhFree(param);
}
}
}
VOID FreeListViewAdapterEntries(
_In_ PDV_NETADAPTER_CONTEXT Context
)
{
ULONG index = -1;
while ((index = PhFindListViewItemByFlags(
Context->ListViewHandle,
index,
LVNI_ALL
)) != -1)
{
PDV_NETADAPTER_ID param;
if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m))
{
DeleteNetAdapterId(param);
PhFree(param);
}
}
}
static INT_PTR CALLBACK OptionsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PDV_NETADAPTER_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PDV_NETADAPTER_CONTEXT)PhAllocate(sizeof(DV_NETADAPTER_CONTEXT));
memset(context, 0, sizeof(DV_NETADAPTER_CONTEXT));
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PDV_NETADAPTER_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
{
ULONG index = -1;
while ((index = PhFindListViewItemByFlags(
context->ListViewHandle,
index,
LVNI_ALL
)) != -1)
{
PDV_NETADAPTER_ID param;
if (PhGetListViewItemParam(context->ListViewHandle, index, ¶m))
{
if (context->OptionsChanged)
{
BOOLEAN checked;
checked = ListView_GetItemState(context->ListViewHandle, index, LVIS_STATEIMAGEMASK) == ITEM_CHECKED;
if (checked)
{
if (!FindAdapterEntry(param, FALSE))
{
PDV_NETADAPTER_ENTRY entry;
entry = CreateNetAdapterEntry(param);
entry->UserReference = TRUE;
}
}
else
{
FindAdapterEntry(param, TRUE);
}
}
DeleteNetAdapterId(param);
PhFree(param);
}
}
if (context->OptionsChanged)
SaveAdaptersList();
RemoveProp(hwndDlg, L"Context");
PhFree(context);
}
}
if (context == NULL)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
context->ListViewHandle = GetDlgItem(hwndDlg, IDC_NETADAPTERS_LISTVIEW);
PhSetListViewStyle(context->ListViewHandle, FALSE, TRUE);
ListView_SetExtendedListViewStyleEx(context->ListViewHandle, LVS_EX_CHECKBOXES, LVS_EX_CHECKBOXES);
PhSetControlTheme(context->ListViewHandle, L"explorer");
PhAddListViewColumn(context->ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 420, L"Network Adapters");
PhSetExtendedListView(context->ListViewHandle);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_SHOW_HIDDEN_ADAPTERS), PhGetIntegerSetting(SETTING_NAME_ENABLE_HIDDEN_ADAPTERS) ? BST_CHECKED : BST_UNCHECKED);
FindNetworkAdapters(context, !!PhGetIntegerSetting(SETTING_NAME_ENABLE_HIDDEN_ADAPTERS));
context->OptionsChanged = FALSE;
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_SHOW_HIDDEN_ADAPTERS:
{
PhSetIntegerSetting(SETTING_NAME_ENABLE_HIDDEN_ADAPTERS, Button_GetCheck(GetDlgItem(hwndDlg, IDC_SHOW_HIDDEN_ADAPTERS)) == BST_CHECKED);
ListView_DeleteAllItems(context->ListViewHandle);
FindNetworkAdapters(context, !!PhGetIntegerSetting(SETTING_NAME_ENABLE_HIDDEN_ADAPTERS));
}
break;
case IDCANCEL:
context->OptionsChanged = FALSE;
EndDialog(hwndDlg, IDCANCEL);
break;
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
if (header->code == LVN_ITEMCHANGED)
{
LPNM_LISTVIEW listView = (LPNM_LISTVIEW)lParam;
if (listView->uChanged & LVIF_STATE)
{
switch (listView->uNewState & 0x3000)
{
case 0x2000: // checked
case 0x1000: // unchecked
context->OptionsChanged = TRUE;
break;
}
}
}
}
break;
}
return FALSE;
}
VOID FindDiskDrives(
_In_ PDV_DISK_OPTIONS_CONTEXT Context
)
{
PPH_LIST deviceList;
HDEVINFO deviceInfoHandle;
SP_DEVICE_INTERFACE_DATA deviceInterfaceData = { sizeof(SP_DEVICE_INTERFACE_DATA) };
SP_DEVINFO_DATA deviceInfoData = { sizeof(SP_DEVINFO_DATA) };
PSP_DEVICE_INTERFACE_DETAIL_DATA deviceInterfaceDetail;
ULONG deviceInfoLength = 0;
if ((deviceInfoHandle = SetupDiGetClassDevs(
&GUID_DEVINTERFACE_DISK,
NULL,
NULL,
DIGCF_DEVICEINTERFACE
)) == INVALID_HANDLE_VALUE)
{
return;
}
deviceList = PH_AUTO(PhCreateList(1));
for (ULONG i = 0; SetupDiEnumDeviceInterfaces(deviceInfoHandle, NULL, &GUID_DEVINTERFACE_DISK, i, &deviceInterfaceData); i++)
{
if (SetupDiGetDeviceInterfaceDetail(
deviceInfoHandle,
&deviceInterfaceData,
0,
0,
&deviceInfoLength,
&deviceInfoData
) || GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
continue;
}
deviceInterfaceDetail = PhAllocate(deviceInfoLength);
deviceInterfaceDetail->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA);
if (SetupDiGetDeviceInterfaceDetail(
deviceInfoHandle,
&deviceInterfaceData,
deviceInterfaceDetail,
deviceInfoLength,
&deviceInfoLength,
&deviceInfoData
))
{
HANDLE deviceHandle;
PDISK_ENUM_ENTRY diskEntry;
WCHAR diskFriendlyName[MAX_PATH] = L"";
// This crashes on XP with error 0xC06D007F
//SetupDiGetDeviceProperty(
// deviceInfoHandle,
// &deviceInfoData,
// &DEVPKEY_Device_FriendlyName,
// &devicePropertyType,
// (PBYTE)diskFriendlyName,
// ARRAYSIZE(diskFriendlyName),
// NULL,
// 0
// );
if (!SetupDiGetDeviceRegistryProperty(
deviceInfoHandle,
&deviceInfoData,
SPDRP_FRIENDLYNAME,
NULL,
(PBYTE)diskFriendlyName,
ARRAYSIZE(diskFriendlyName),
NULL
))
{
continue;
}
diskEntry = PhAllocate(sizeof(DISK_ENUM_ENTRY));
memset(diskEntry, 0, sizeof(DISK_ENUM_ENTRY));
diskEntry->DeviceIndex = ULONG_MAX; // Note: Do not initialize to zero.
diskEntry->DeviceName = PhCreateString(diskFriendlyName);
diskEntry->DevicePath = PhCreateString(deviceInterfaceDetail->DevicePath);
if (NT_SUCCESS(DiskDriveCreateHandle(
&deviceHandle,
diskEntry->DevicePath
)))
{
ULONG diskIndex = ULONG_MAX; // Note: Do not initialize to zero
if (NT_SUCCESS(DiskDriveQueryDeviceTypeAndNumber(
deviceHandle,
&diskIndex,
NULL
)))
{
PPH_STRING diskMountPoints = PH_AUTO_T(PH_STRING, DiskDriveQueryDosMountPoints(diskIndex));
diskEntry->DeviceIndex = diskIndex;
diskEntry->DevicePresent = TRUE;
if (!PhIsNullOrEmptyString(diskMountPoints))
{
diskEntry->DeviceMountPoints = PhFormatString(
L"Disk %lu (%s) [%s]",
diskIndex,
diskMountPoints->Buffer,
diskFriendlyName
);
}
else
{
diskEntry->DeviceMountPoints = PhFormatString(
L"Disk %lu [%s]",
diskIndex,
diskFriendlyName
);
}
}
NtClose(deviceHandle);
}
PhAddItemList(deviceList, diskEntry);
}
PhFree(deviceInterfaceDetail);
}
SetupDiDestroyDeviceInfoList(deviceInfoHandle);
// Sort the entries
qsort(deviceList->Items, deviceList->Count, sizeof(PVOID), DiskEntryCompareFunction);
Context->EnumeratingDisks = TRUE;
PhAcquireQueuedLockShared(&DiskDrivesListLock);
for (ULONG i = 0; i < deviceList->Count; i++)
{
PDISK_ENUM_ENTRY entry = deviceList->Items[i];
AddDiskDriveToListView(
Context,
entry->DevicePresent,
entry->DevicePath,
entry->DeviceMountPoints ? entry->DeviceMountPoints : entry->DeviceName
);
if (entry->DeviceMountPoints)
PhDereferenceObject(entry->DeviceMountPoints);
if (entry->DeviceName)
PhDereferenceObject(entry->DeviceName);
// Note: DevicePath is disposed by WM_DESTROY.
PhFree(entry);
}
PhReleaseQueuedLockShared(&DiskDrivesListLock);
Context->EnumeratingDisks = FALSE;
// HACK: Show all unknown devices.
Context->EnumeratingDisks = TRUE;
PhAcquireQueuedLockShared(&DiskDrivesListLock);
for (ULONG i = 0; i < DiskDrivesList->Count; i++)
{
ULONG index = -1;
BOOLEAN found = FALSE;
PDV_DISK_ENTRY entry = PhReferenceObjectSafe(DiskDrivesList->Items[i]);
if (!entry)
continue;
while ((index = PhFindListViewItemByFlags(
Context->ListViewHandle,
index,
LVNI_ALL
)) != -1)
{
PDV_DISK_ID param;
if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m))
{
if (EquivalentDiskId(param, &entry->Id))
{
found = TRUE;
}
}
}
if (!found)
{
PPH_STRING description;
if (description = PhCreateString(L"Unknown disk"))
{
AddDiskDriveToListView(
Context,
FALSE,
entry->Id.DevicePath,
description
);
PhDereferenceObject(description);
}
}
PhDereferenceObjectDeferDelete(entry);
}
PhReleaseQueuedLockShared(&DiskDrivesListLock);
Context->EnumeratingDisks = FALSE;
}
INT_PTR CALLBACK PhpProcessMitigationPolicyDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PMITIGATION_POLICY_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PMITIGATION_POLICY_CONTEXT)lParam;
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PMITIGATION_POLICY_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
{
RemoveProp(hwndDlg, L"Context");
}
}
if (context == NULL)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PROCESS_MITIGATION_POLICY policy;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
context->ListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 350, L"Policy");
PhSetExtendedListView(lvHandle);
for (policy = 0; policy < MaxProcessMitigationPolicy; policy++)
{
PMITIGATION_POLICY_ENTRY entry = &context->Entries[policy];
if (!entry->ShortDescription)
continue;
PhAddListViewItem(lvHandle, MAXINT, entry->ShortDescription->Buffer, entry);
}
if (context->SystemDllInitBlock && RTL_CONTAINS_FIELD(context->SystemDllInitBlock, context->SystemDllInitBlock->Size, MitigationOptionsMap))
{
if (context->SystemDllInitBlock->MitigationOptionsMap.Map[0] & PROCESS_CREATION_MITIGATION_POLICY2_LOADER_INTEGRITY_CONTINUITY_ALWAYS_ON)
{
PMITIGATION_POLICY_ENTRY entry;
entry = PhAllocate(sizeof(MITIGATION_POLICY_ENTRY));
entry->NonStandard = TRUE;
entry->ShortDescription = PhCreateString(L"Loader Integrity");
entry->LongDescription = PhCreateString(L"OS signing levels for depenedent module loads are enabled.");
PhAddListViewItem(lvHandle, MAXINT, entry->ShortDescription->Buffer, entry);
}
if (context->SystemDllInitBlock->MitigationOptionsMap.Map[0] & PROCESS_CREATION_MITIGATION_POLICY2_MODULE_TAMPERING_PROTECTION_ALWAYS_ON)
{
PMITIGATION_POLICY_ENTRY entry;
entry = PhAllocate(sizeof(MITIGATION_POLICY_ENTRY));
entry->NonStandard = TRUE;
entry->ShortDescription = PhCreateString(L"Module Tampering");
entry->LongDescription = PhCreateString(L"Module Tampering protection is enabled.");
PhAddListViewItem(lvHandle, MAXINT, entry->ShortDescription->Buffer, entry);
}
}
ExtendedListView_SortItems(lvHandle);
ExtendedListView_SetColumnWidth(lvHandle, 0, ELVSCW_AUTOSIZE_REMAININGSPACE);
ListView_SetItemState(lvHandle, 0, LVIS_FOCUSED | LVIS_SELECTED, LVIS_FOCUSED | LVIS_SELECTED);
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)lvHandle, TRUE);
}
break;
case WM_DESTROY:
{
ULONG index = -1;
while ((index = PhFindListViewItemByFlags(
context->ListViewHandle,
index,
LVNI_ALL
)) != -1)
{
PMITIGATION_POLICY_ENTRY entry;
if (PhGetListViewItemParam(context->ListViewHandle, index, &entry))
{
if (entry->NonStandard)
{
PhClearReference(&entry->ShortDescription);
PhClearReference(&entry->LongDescription);
PhFree(entry);
}
}
}
}
break;
case WM_COMMAND:
{
switch (GET_WM_COMMAND_ID(wParam, lParam))
{
case IDCANCEL:
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
HWND lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
switch (header->code)
{
case LVN_ITEMCHANGED:
{
if (header->hwndFrom == lvHandle)
{
PWSTR description;
if (ListView_GetSelectedCount(lvHandle) == 1)
description = ((PMITIGATION_POLICY_ENTRY)PhGetSelectedListViewItemParam(lvHandle))->LongDescription->Buffer;
else
description = L"";
SetDlgItemText(hwndDlg, IDC_DESCRIPTION, description);
}
}
break;
}
PhHandleListViewNotifyForCopy(lParam, lvHandle);
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpThreadStackDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
NTSTATUS status;
PTHREAD_STACK_CONTEXT threadStackContext;
PPH_STRING title;
HWND lvHandle;
PPH_LAYOUT_MANAGER layoutManager;
threadStackContext = (PTHREAD_STACK_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)threadStackContext);
title = PhFormatString(L"Stack - thread %u", (ULONG)threadStackContext->ThreadId);
SetWindowText(hwndDlg, title->Buffer);
PhDereferenceObject(title);
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 30, L" ");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 300, L"Name");
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhLoadListViewColumnsFromSetting(L"ThreadStackListViewColumns", lvHandle);
threadStackContext->ListViewHandle = lvHandle;
layoutManager = PhAllocate(sizeof(PH_LAYOUT_MANAGER));
PhInitializeLayoutManager(layoutManager, hwndDlg);
SetProp(hwndDlg, L"LayoutManager", (HANDLE)layoutManager);
PhAddLayoutItem(layoutManager, lvHandle, NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_COPY),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDC_REFRESH),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(layoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 190;
rect.bottom = 120;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
PhLoadWindowPlacementFromSetting(NULL, L"ThreadStackWindowSize", hwndDlg);
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackInitializing;
control.UniqueKey = threadStackContext;
control.u.Initializing.ProcessId = threadStackContext->ProcessId;
control.u.Initializing.ThreadId = threadStackContext->ThreadId;
control.u.Initializing.ThreadHandle = threadStackContext->ThreadHandle;
control.u.Initializing.SymbolProvider = threadStackContext->SymbolProvider;
control.u.Initializing.CustomWalk = FALSE;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
threadStackContext->CustomWalk = control.u.Initializing.CustomWalk;
}
status = PhpRefreshThreadStack(hwndDlg, threadStackContext);
if (status == STATUS_ABANDONED)
EndDialog(hwndDlg, IDCANCEL);
else if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to load the stack", status, 0);
}
break;
case WM_DESTROY:
{
PPH_LAYOUT_MANAGER layoutManager;
PTHREAD_STACK_CONTEXT threadStackContext;
ULONG i;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhDeleteLayoutManager(layoutManager);
PhFree(layoutManager);
threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackUninitializing;
control.UniqueKey = threadStackContext;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
}
for (i = 0; i < threadStackContext->List->Count; i++)
PhpFreeThreadStackItem(threadStackContext->List->Items[i]);
PhSaveListViewColumnsToSetting(L"ThreadStackListViewColumns", GetDlgItem(hwndDlg, IDC_LIST));
PhSaveWindowPlacementToSetting(NULL, L"ThreadStackWindowSize", hwndDlg);
RemoveProp(hwndDlg, PhMakeContextAtom());
RemoveProp(hwndDlg, L"LayoutManager");
}
break;
case WM_COMMAND:
{
INT id = LOWORD(wParam);
switch (id)
{
case IDCANCEL: // Esc and X button to close
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
case IDC_REFRESH:
{
NTSTATUS status;
if (!NT_SUCCESS(status = PhpRefreshThreadStack(
hwndDlg,
(PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom())
)))
{
PhShowStatus(hwndDlg, L"Unable to load the stack", status, 0);
}
}
break;
case IDC_COPY:
{
HWND lvHandle;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
if (ListView_GetSelectedCount(lvHandle) == 0)
PhSetStateAllListViewItems(lvHandle, LVIS_SELECTED, LVIS_SELECTED);
PhCopyListView(lvHandle);
SetFocus(lvHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_GETINFOTIP:
{
LPNMLVGETINFOTIP getInfoTip = (LPNMLVGETINFOTIP)header;
HWND lvHandle;
PTHREAD_STACK_CONTEXT threadStackContext;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
threadStackContext = (PTHREAD_STACK_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
if (header->hwndFrom == lvHandle)
{
PTHREAD_STACK_ITEM stackItem;
PPH_THREAD_STACK_FRAME stackFrame;
if (PhGetListViewItemParam(lvHandle, getInfoTip->iItem, &stackItem))
{
PH_STRING_BUILDER stringBuilder;
PPH_STRING fileName;
PH_SYMBOL_LINE_INFORMATION lineInfo;
stackFrame = &stackItem->StackFrame;
PhInitializeStringBuilder(&stringBuilder, 40);
// There are no params for kernel-mode stack traces.
if ((ULONG_PTR)stackFrame->PcAddress <= PhSystemBasicInformation.MaximumUserModeAddress)
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"Parameters: 0x%Ix, 0x%Ix, 0x%Ix, 0x%Ix\n",
stackFrame->Params[0],
stackFrame->Params[1],
stackFrame->Params[2],
stackFrame->Params[3]
);
}
if (PhGetLineFromAddress(
threadStackContext->SymbolProvider,
(ULONG64)stackFrame->PcAddress,
&fileName,
NULL,
&lineInfo
))
{
PhAppendFormatStringBuilder(
&stringBuilder,
L"File: %s: line %u\n",
fileName->Buffer,
lineInfo.LineNumber
);
PhDereferenceObject(fileName);
}
if (stringBuilder.String->Length != 0)
PhRemoveStringBuilder(&stringBuilder, stringBuilder.String->Length / 2 - 1, 1);
if (PhPluginsEnabled)
{
PH_PLUGIN_THREAD_STACK_CONTROL control;
control.Type = PluginThreadStackGetTooltip;
control.UniqueKey = threadStackContext;
control.u.GetTooltip.StackFrame = stackFrame;
control.u.GetTooltip.StringBuilder = &stringBuilder;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control);
}
PhCopyListViewInfoTip(getInfoTip, &stringBuilder.String->sr);
PhDeleteStringBuilder(&stringBuilder);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PPH_LAYOUT_MANAGER layoutManager;
layoutManager = (PPH_LAYOUT_MANAGER)GetProp(hwndDlg, L"LayoutManager");
PhLayoutManagerLayout(layoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
INT_PTR CALLBACK EspServiceOtherDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PSERVICE_OTHER_CONTEXT context;
if (uMsg == WM_INITDIALOG)
{
context = PhAllocate(sizeof(SERVICE_OTHER_CONTEXT));
memset(context, 0, sizeof(SERVICE_OTHER_CONTEXT));
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PSERVICE_OTHER_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_DESTROY)
RemoveProp(hwndDlg, L"Context");
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
NTSTATUS status;
LPPROPSHEETPAGE propSheetPage = (LPPROPSHEETPAGE)lParam;
PPH_SERVICE_ITEM serviceItem = (PPH_SERVICE_ITEM)propSheetPage->lParam;
HWND privilegesLv;
context->ServiceItem = serviceItem;
context->PrivilegesLv = privilegesLv = GetDlgItem(hwndDlg, IDC_PRIVILEGES);
PhSetListViewStyle(privilegesLv, FALSE, TRUE);
PhSetControlTheme(privilegesLv, L"explorer");
PhAddListViewColumn(privilegesLv, 0, 0, 0, LVCFMT_LEFT, 140, L"Name");
PhAddListViewColumn(privilegesLv, 1, 1, 1, LVCFMT_LEFT, 220, L"Display Name");
PhSetExtendedListView(privilegesLv);
context->PrivilegeList = PhCreateList(32);
if (context->ServiceItem->Type == SERVICE_KERNEL_DRIVER || context->ServiceItem->Type == SERVICE_FILE_SYSTEM_DRIVER)
{
// Drivers don't support required privileges.
EnableWindow(GetDlgItem(hwndDlg, IDC_ADD), FALSE);
}
EnableWindow(GetDlgItem(hwndDlg, IDC_REMOVE), FALSE);
PhAddComboBoxStrings(GetDlgItem(hwndDlg, IDC_SIDTYPE),
EspServiceSidTypeStrings, sizeof(EspServiceSidTypeStrings) / sizeof(PWSTR));
PhAddComboBoxStrings(GetDlgItem(hwndDlg, IDC_PROTECTION),
EspServiceLaunchProtectedStrings, sizeof(EspServiceLaunchProtectedStrings) / sizeof(PWSTR));
if (WindowsVersion < WINDOWS_8_1)
EnableWindow(GetDlgItem(hwndDlg, IDC_PROTECTION), FALSE);
SetDlgItemText(hwndDlg, IDC_SERVICESID,
PhGetStringOrDefault(PH_AUTO(EspGetServiceSidString(&serviceItem->Name->sr)), L"N/A"));
status = EspLoadOtherInfo(hwndDlg, context);
if (!NT_SUCCESS(status))
{
PhShowWarning(hwndDlg, L"Unable to query service information: %s",
((PPH_STRING)PH_AUTO(PhGetNtMessage(status)))->Buffer);
}
context->Ready = TRUE;
}
break;
case WM_DESTROY:
{
if (context->PrivilegeList)
{
PhDereferenceObjects(context->PrivilegeList->Items, context->PrivilegeList->Count);
PhDereferenceObject(context->PrivilegeList);
}
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_ADD:
{
NTSTATUS status;
LSA_HANDLE policyHandle;
LSA_ENUMERATION_HANDLE enumContext;
PPOLICY_PRIVILEGE_DEFINITION buffer;
ULONG count;
ULONG i;
PPH_LIST choices;
PPH_STRING selectedChoice = NULL;
choices = PH_AUTO(PhCreateList(100));
if (!NT_SUCCESS(status = PhOpenLsaPolicy(&policyHandle, POLICY_VIEW_LOCAL_INFORMATION, NULL)))
{
PhShowStatus(hwndDlg, L"Unable to open LSA policy", status, 0);
break;
}
enumContext = 0;
while (TRUE)
{
status = LsaEnumeratePrivileges(
policyHandle,
&enumContext,
&buffer,
0x100,
&count
);
if (status == STATUS_NO_MORE_ENTRIES)
break;
if (!NT_SUCCESS(status))
break;
for (i = 0; i < count; i++)
{
PhAddItemList(choices, PhaCreateStringEx(buffer[i].Name.Buffer, buffer[i].Name.Length)->Buffer);
}
LsaFreeMemory(buffer);
}
LsaClose(policyHandle);
qsort(choices->Items, choices->Count, sizeof(PWSTR), PrivilegeNameCompareFunction);
while (PhaChoiceDialog(
hwndDlg,
L"Add privilege",
L"Select a privilege to add:",
(PWSTR *)choices->Items,
choices->Count,
NULL,
PH_CHOICE_DIALOG_CHOICE,
&selectedChoice,
NULL,
NULL
))
{
BOOLEAN found = FALSE;
PPH_STRING privilegeString;
INT lvItemIndex;
PPH_STRING displayName;
// Check for duplicates.
for (i = 0; i < context->PrivilegeList->Count; i++)
{
if (PhEqualString(context->PrivilegeList->Items[i], selectedChoice, FALSE))
{
found = TRUE;
break;
}
}
if (found)
{
if (PhShowMessage(
hwndDlg,
MB_OKCANCEL | MB_ICONERROR,
L"The selected privilege has already been added."
) == IDOK)
{
continue;
}
else
{
break;
}
}
PhSetReference(&privilegeString, selectedChoice);
PhAddItemList(context->PrivilegeList, privilegeString);
lvItemIndex = PhAddListViewItem(context->PrivilegesLv, MAXINT, privilegeString->Buffer, privilegeString);
if (PhLookupPrivilegeDisplayName(&privilegeString->sr, &displayName))
{
PhSetListViewSubItem(context->PrivilegesLv, lvItemIndex, 1, displayName->Buffer);
PhDereferenceObject(displayName);
}
ExtendedListView_SortItems(context->PrivilegesLv);
context->Dirty = TRUE;
context->RequiredPrivilegesValid = TRUE;
break;
}
}
break;
case IDC_REMOVE:
{
INT lvItemIndex;
PPH_STRING privilegeString;
ULONG index;
lvItemIndex = ListView_GetNextItem(context->PrivilegesLv, -1, LVNI_SELECTED);
if (lvItemIndex != -1 && PhGetListViewItemParam(context->PrivilegesLv, lvItemIndex, (PVOID *)&privilegeString))
{
index = PhFindItemList(context->PrivilegeList, privilegeString);
if (index != -1)
{
PhDereferenceObject(privilegeString);
PhRemoveItemList(context->PrivilegeList, index);
PhRemoveListViewItem(context->PrivilegesLv, lvItemIndex);
context->Dirty = TRUE;
context->RequiredPrivilegesValid = TRUE;
}
}
}
break;
}
switch (HIWORD(wParam))
{
case EN_CHANGE:
case CBN_SELCHANGE:
{
if (context->Ready)
{
context->Dirty = TRUE;
switch (LOWORD(wParam))
{
case IDC_PRESHUTDOWNTIMEOUT:
context->PreshutdownTimeoutValid = TRUE;
break;
case IDC_SIDTYPE:
context->SidTypeValid = TRUE;
break;
case IDC_PROTECTION:
context->LaunchProtectedValid = TRUE;
break;
}
}
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_KILLACTIVE:
{
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, FALSE);
}
return TRUE;
case PSN_APPLY:
{
SC_HANDLE serviceHandle = NULL;
ULONG win32Result = 0;
BOOLEAN connectedToPhSvc = FALSE;
PPH_STRING launchProtectedString;
ULONG launchProtected;
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_NOERROR);
launchProtectedString = PH_AUTO(PhGetWindowText(GetDlgItem(hwndDlg, IDC_PROTECTION)));
launchProtected = EspGetServiceLaunchProtectedInteger(launchProtectedString->Buffer);
if (context->LaunchProtectedValid && launchProtected != 0 && launchProtected != context->OriginalLaunchProtected)
{
if (PhShowMessage(
hwndDlg,
MB_ICONWARNING | MB_YESNO | MB_DEFBUTTON2,
L"Setting service protection will prevent the service from being controlled, modified, or deleted. Do you want to continue?"
) == IDNO)
{
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_INVALID);
return TRUE;
}
}
if (context->Dirty)
{
SERVICE_PRESHUTDOWN_INFO preshutdownInfo;
SERVICE_REQUIRED_PRIVILEGES_INFO requiredPrivilegesInfo;
SERVICE_SID_INFO sidInfo;
SERVICE_LAUNCH_PROTECTED_INFO launchProtectedInfo;
if (!(serviceHandle = PhOpenService(context->ServiceItem->Name->Buffer, SERVICE_CHANGE_CONFIG)))
{
win32Result = GetLastError();
if (win32Result == ERROR_ACCESS_DENIED && !PhElevated)
{
// Elevate using phsvc.
if (PhUiConnectToPhSvc(hwndDlg, FALSE))
{
win32Result = 0;
connectedToPhSvc = TRUE;
}
else
{
// User cancelled elevation.
win32Result = ERROR_CANCELLED;
goto Done;
}
}
else
{
goto Done;
}
}
if (context->PreshutdownTimeoutValid)
{
preshutdownInfo.dwPreshutdownTimeout = GetDlgItemInt(hwndDlg, IDC_PRESHUTDOWNTIMEOUT, NULL, FALSE);
if (!EspChangeServiceConfig2(context->ServiceItem->Name->Buffer, serviceHandle,
SERVICE_CONFIG_PRESHUTDOWN_INFO, &preshutdownInfo))
{
win32Result = GetLastError();
}
}
if (context->RequiredPrivilegesValid)
{
PH_STRING_BUILDER sb;
ULONG i;
PhInitializeStringBuilder(&sb, 100);
for (i = 0; i < context->PrivilegeList->Count; i++)
{
PhAppendStringBuilder(&sb, &((PPH_STRING)context->PrivilegeList->Items[i])->sr);
PhAppendCharStringBuilder(&sb, 0);
}
requiredPrivilegesInfo.pmszRequiredPrivileges = sb.String->Buffer;
if (win32Result == 0 && !EspChangeServiceConfig2(context->ServiceItem->Name->Buffer, serviceHandle,
SERVICE_CONFIG_REQUIRED_PRIVILEGES_INFO, &requiredPrivilegesInfo))
{
win32Result = GetLastError();
}
PhDeleteStringBuilder(&sb);
}
if (context->SidTypeValid)
{
PPH_STRING sidTypeString;
sidTypeString = PH_AUTO(PhGetWindowText(GetDlgItem(hwndDlg, IDC_SIDTYPE)));
sidInfo.dwServiceSidType = EspGetServiceSidTypeInteger(sidTypeString->Buffer);
if (win32Result == 0 && !EspChangeServiceConfig2(context->ServiceItem->Name->Buffer, serviceHandle,
SERVICE_CONFIG_SERVICE_SID_INFO, &sidInfo))
{
win32Result = GetLastError();
}
}
if (context->LaunchProtectedValid)
{
launchProtectedInfo.dwLaunchProtected = launchProtected;
if (!EspChangeServiceConfig2(context->ServiceItem->Name->Buffer, serviceHandle,
SERVICE_CONFIG_LAUNCH_PROTECTED, &launchProtectedInfo))
{
// For now, ignore errors here.
// win32Result = GetLastError();
}
}
Done:
if (connectedToPhSvc)
PhUiDisconnectFromPhSvc();
if (serviceHandle)
CloseServiceHandle(serviceHandle);
if (win32Result != 0)
{
if (win32Result == ERROR_CANCELLED || PhShowMessage(
hwndDlg,
MB_ICONERROR | MB_RETRYCANCEL,
L"Unable to change service information: %s",
((PPH_STRING)PH_AUTO(PhGetWin32Message(win32Result)))->Buffer
) == IDRETRY)
{
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, PSNRET_INVALID);
}
}
}
return TRUE;
}
break;
case LVN_ITEMCHANGED:
{
if (header->hwndFrom == context->PrivilegesLv)
{
EnableWindow(GetDlgItem(hwndDlg, IDC_REMOVE), ListView_GetSelectedCount(context->PrivilegesLv) == 1);
}
}
break;
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpProcessHeapsDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
PPROCESS_HEAPS_CONTEXT context = NULL;
if (uMsg != WM_INITDIALOG)
{
context = (PPROCESS_HEAPS_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PPROCESS_HEAPS_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
ULONG i;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
context->ListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Address");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 120, L"Used");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 120, L"Committed");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Entries");
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetContext(lvHandle, context);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpHeapAddressCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpHeapUsedCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpHeapCommittedCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpHeapEntriesCompareFunction);
ExtendedListView_SetItemFontFunction(lvHandle, PhpHeapFontFunction);
for (i = 0; i < context->ProcessHeaps->NumberOfHeaps; i++)
{
PRTL_HEAP_INFORMATION heapInfo = &context->ProcessHeaps->Heaps[i];
WCHAR addressString[PH_PTR_STR_LEN_1];
INT lvItemIndex;
PPH_STRING usedString;
PPH_STRING committedString;
PPH_STRING numberOfEntriesString;
PhPrintPointer(addressString, heapInfo->BaseAddress);
lvItemIndex = PhAddListViewItem(lvHandle, MAXINT, addressString, heapInfo);
usedString = PhFormatSize(heapInfo->BytesAllocated, -1);
committedString = PhFormatSize(heapInfo->BytesCommitted, -1);
numberOfEntriesString = PhFormatUInt64(heapInfo->NumberOfEntries, TRUE);
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, usedString->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, committedString->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, numberOfEntriesString->Buffer);
PhDereferenceObject(usedString);
PhDereferenceObject(committedString);
PhDereferenceObject(numberOfEntriesString);
}
ExtendedListView_SortItems(lvHandle);
}
break;
case WM_DESTROY:
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
case IDC_SIZESINBYTES:
{
BOOLEAN sizesInBytes = Button_GetCheck(GetDlgItem(hwndDlg, IDC_SIZESINBYTES)) == BST_CHECKED;
INT index = -1;
ExtendedListView_SetRedraw(context->ListViewHandle, FALSE);
while ((index = ListView_GetNextItem(context->ListViewHandle, index, LVNI_ALL)) != -1)
{
PRTL_HEAP_INFORMATION heapInfo;
PPH_STRING usedString;
PPH_STRING committedString;
if (PhGetListViewItemParam(context->ListViewHandle, index, &heapInfo))
{
usedString = PhFormatSize(heapInfo->BytesAllocated, sizesInBytes ? 0 : -1);
committedString = PhFormatSize(heapInfo->BytesCommitted, sizesInBytes ? 0 : -1);
PhSetListViewSubItem(context->ListViewHandle, index, 1, usedString->Buffer);
PhSetListViewSubItem(context->ListViewHandle, index, 2, committedString->Buffer);
PhDereferenceObject(usedString);
PhDereferenceObject(committedString);
}
}
ExtendedListView_SetRedraw(context->ListViewHandle, TRUE);
}
break;
}
}
break;
case WM_NOTIFY:
{
PhHandleListViewNotifyForCopy(lParam, context->ListViewHandle);
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == context->ListViewHandle)
{
POINT point;
PRTL_HEAP_INFORMATION heapInfo;
PPH_EMENU menu;
INT selectedCount;
PPH_EMENU_ITEM menuItem;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
selectedCount = ListView_GetSelectedCount(context->ListViewHandle);
heapInfo = PhGetSelectedListViewItemParam(context->ListViewHandle);
if (selectedCount != 0)
{
menu = PhCreateEMenu();
PhInsertEMenuItem(menu, PhCreateEMenuItem(selectedCount != 1 ? PH_EMENU_DISABLED : 0, 1, L"Destroy", NULL, NULL), -1);
PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 2, L"Copy\bCtrl+C", NULL, NULL), -1);
menuItem = PhShowEMenu(menu, context->ListViewHandle, PH_EMENU_SHOW_LEFTRIGHT | PH_EMENU_SHOW_NONOTIFY,
PH_ALIGN_LEFT | PH_ALIGN_TOP, point.x, point.y);
if (menuItem)
{
switch (menuItem->Id)
{
case 1:
if (PhUiDestroyHeap(hwndDlg, context->ProcessItem->ProcessId, heapInfo->BaseAddress))
ListView_DeleteItem(context->ListViewHandle, PhFindListViewItemByParam(context->ListViewHandle, -1, heapInfo));
break;
case 2:
PhCopyListView(context->ListViewHandle);
break;
}
}
PhDestroyEMenu(menu);
}
}
}
break;
}
REFLECT_MESSAGE_DLG(hwndDlg, context->ListViewHandle, uMsg, wParam, lParam);
return FALSE;
}
INT_PTR CALLBACK PhpColumnSetEditorDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PCOLUMNSET_DIALOG_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = PhAllocate(sizeof(COLUMNSET_DIALOG_CONTEXT));
memset(context, 0, sizeof(COLUMNSET_DIALOG_CONTEXT));
context->SettingName = PhCreateString((PWSTR)lParam);
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
else
{
context = (PCOLUMNSET_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
context->DialogHandle = hwndDlg;
context->ListViewHandle = GetDlgItem(hwndDlg, IDC_COLUMNSETLIST);
context->RenameButtonHandle = GetDlgItem(hwndDlg, IDC_RENAME);
context->MoveUpButtonHandle = GetDlgItem(hwndDlg, IDC_MOVEUP);
context->MoveDownButtonHandle = GetDlgItem(hwndDlg, IDC_MOVEDOWN);
context->RemoveButtonHandle = GetDlgItem(hwndDlg, IDC_REMOVE);
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhSetListViewStyle(context->ListViewHandle, FALSE, TRUE);
PhSetControlTheme(context->ListViewHandle, L"explorer");
PhAddListViewColumn(context->ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 250, L"Name");
PhSetExtendedListView(context->ListViewHandle);
context->ColumnSetList = PhInitializeColumnSetList(PhGetString(context->SettingName));
for (ULONG i = 0; i < context->ColumnSetList->Count; i++)
{
PPH_COLUMN_SET_ENTRY entry = context->ColumnSetList->Items[i];
PhAddListViewItem(context->ListViewHandle, MAXINT, entry->Name->Buffer, entry);
}
Button_Enable(context->RenameButtonHandle, FALSE);
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
Button_Enable(context->RemoveButtonHandle, FALSE);
}
break;
case WM_DESTROY:
{
PhDeleteColumnSetList(context->ColumnSetList);
RemoveProp(hwndDlg, PhMakeContextAtom());
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (GET_WM_COMMAND_ID(wParam, lParam))
{
case IDCANCEL:
EndDialog(hwndDlg, IDCANCEL);
break;
case IDOK:
{
if (context->LabelEditActive)
break;
PhSaveSettingsColumnList(PhGetString(context->SettingName), context->ColumnSetList);
EndDialog(hwndDlg, IDOK);
}
break;
case IDC_RENAME:
{
INT lvItemIndex;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1)
{
SetFocus(context->ListViewHandle);
ListView_EditLabel(context->ListViewHandle, lvItemIndex);
}
}
break;
case IDC_MOVEUP:
{
INT lvItemIndex;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
PhpMoveSelectedListViewItemUp(context->ListViewHandle);
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhRemoveItemList(context->ColumnSetList, index);
PhInsertItemList(context->ColumnSetList, lvItemIndex, entry);
}
}
}
break;
case IDC_MOVEDOWN:
{
INT lvItemIndex;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
PhpMoveSelectedListViewItemDown(context->ListViewHandle);
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhRemoveItemList(context->ColumnSetList, index);
PhInsertItemList(context->ColumnSetList, lvItemIndex, entry);
}
}
}
break;
case IDC_REMOVE:
{
INT lvItemIndex;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1 && PhGetListViewItemParam(context->ListViewHandle, lvItemIndex, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhRemoveItemList(context->ColumnSetList, index);
PhRemoveListViewItem(context->ListViewHandle, lvItemIndex);
PhClearReference(&entry->Name);
PhClearReference(&entry->Setting);
PhClearReference(&entry->Sorting);
PhFree(entry);
}
SetFocus(context->ListViewHandle);
ListView_SetItemState(context->ListViewHandle, 0, LVNI_SELECTED, LVNI_SELECTED);
//ListView_EnsureVisible(context->ListViewHandle, 0, FALSE);
}
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
INT lvItemIndex;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
if (lvItemIndex != -1)
{
SetFocus(context->ListViewHandle);
ListView_EditLabel(context->ListViewHandle, lvItemIndex);
}
}
break;
case LVN_ITEMCHANGED:
{
LPNMLISTVIEW listview = (LPNMLISTVIEW)lParam;
INT index;
INT lvItemIndex;
INT count;
index = listview->iItem;
lvItemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
count = ListView_GetItemCount(context->ListViewHandle);
if (count == 0 || index == -1 || lvItemIndex == -1)
{
Button_Enable(context->RenameButtonHandle, FALSE);
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
Button_Enable(context->RemoveButtonHandle, FALSE);
break;
}
if (index != lvItemIndex)
break;
if (index == 0 && count == 1)
{
// First and last item
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
}
else if (index == (count - 1))
{
// Last item
Button_Enable(context->MoveUpButtonHandle, TRUE);
Button_Enable(context->MoveDownButtonHandle, FALSE);
}
else if (index == 0)
{
// First item
Button_Enable(context->MoveUpButtonHandle, FALSE);
Button_Enable(context->MoveDownButtonHandle, TRUE);
}
else
{
Button_Enable(context->MoveUpButtonHandle, TRUE);
Button_Enable(context->MoveDownButtonHandle, TRUE);
}
Button_Enable(context->RenameButtonHandle, TRUE);
Button_Enable(context->RemoveButtonHandle, TRUE);
}
break;
case LVN_BEGINLABELEDIT:
context->LabelEditActive = TRUE;
break;
case LVN_ENDLABELEDIT:
{
LV_DISPINFO* lvinfo = (LV_DISPINFO*)lParam;
if (lvinfo->item.iItem != -1 && lvinfo->item.pszText)
{
BOOLEAN found = FALSE;
PPH_COLUMN_SET_ENTRY entry;
ULONG index;
for (ULONG i = 0; i < context->ColumnSetList->Count; i++)
{
entry = context->ColumnSetList->Items[i];
if (PhEqualStringRef2(&entry->Name->sr, lvinfo->item.pszText, FALSE))
{
found = TRUE;
break;
}
}
if (!found && PhGetListViewItemParam(context->ListViewHandle, lvinfo->item.iItem, (PVOID *)&entry))
{
index = PhFindItemList(context->ColumnSetList, entry);
if (index != -1)
{
PhMoveReference(&entry->Name, PhCreateString(lvinfo->item.pszText));
ListView_SetItemText(context->ListViewHandle, lvinfo->item.iItem, 0, lvinfo->item.pszText);
}
}
}
context->LabelEditActive = FALSE;
}
break;
}
}
break;
}
return FALSE;
}
VOID FindNetworkAdapters(
_In_ PDV_NETADAPTER_CONTEXT Context
)
{
if (Context->UseAlternateMethod)
{
ULONG flags = GAA_FLAG_SKIP_UNICAST | GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_DNS_SERVER | GAA_FLAG_INCLUDE_ALL_INTERFACES;
ULONG bufferLength = 0;
PVOID buffer;
if (GetAdaptersAddresses(AF_UNSPEC, flags, NULL, NULL, &bufferLength) != ERROR_BUFFER_OVERFLOW)
return;
buffer = PhAllocate(bufferLength);
memset(buffer, 0, bufferLength);
if (GetAdaptersAddresses(AF_UNSPEC, flags, NULL, buffer, &bufferLength) == ERROR_SUCCESS)
{
PhAcquireQueuedLockShared(&NetworkAdaptersListLock);
for (PIP_ADAPTER_ADDRESSES i = buffer; i; i = i->Next)
{
PPH_STRING description;
if (description = PhCreateString(i->Description))
{
AddNetworkAdapterToListView(
Context,
TRUE,
i->IfIndex,
i->Luid,
PhConvertMultiByteToUtf16(i->AdapterName),
description
);
PhDereferenceObject(description);
}
}
PhReleaseQueuedLockShared(&NetworkAdaptersListLock);
}
PhFree(buffer);
}
else
{
static PH_STRINGREF devicePathSr = PH_STRINGREF_INIT(L"\\\\.\\");
PPH_LIST deviceList;
PWSTR deviceInterfaceList;
ULONG deviceInterfaceListLength = 0;
PWSTR deviceInterface;
if (CM_Get_Device_Interface_List_Size(
&deviceInterfaceListLength,
(PGUID)&GUID_DEVINTERFACE_NET,
NULL,
CM_GET_DEVICE_INTERFACE_LIST_ALL_DEVICES
) != CR_SUCCESS)
{
return;
}
deviceInterfaceList = PhAllocate(deviceInterfaceListLength * sizeof(WCHAR));
memset(deviceInterfaceList, 0, deviceInterfaceListLength * sizeof(WCHAR));
if (CM_Get_Device_Interface_List(
(PGUID)&GUID_DEVINTERFACE_NET,
NULL,
deviceInterfaceList,
deviceInterfaceListLength,
CM_GET_DEVICE_INTERFACE_LIST_ALL_DEVICES
) != CR_SUCCESS)
{
PhFree(deviceInterfaceList);
return;
}
deviceList = PH_AUTO(PhCreateList(1));
for (deviceInterface = deviceInterfaceList; *deviceInterface; deviceInterface += PhCountStringZ(deviceInterface) + 1)
{
HKEY keyHandle;
DEVINST deviceInstanceHandle;
PPH_STRING deviceDescription = NULL;
if (!QueryNetworkDeviceInterfaceDescription(deviceInterface, &deviceInstanceHandle, &deviceDescription))
continue;
if (CM_Open_DevInst_Key(
deviceInstanceHandle,
KEY_QUERY_VALUE,
0,
RegDisposition_OpenExisting,
&keyHandle,
CM_REGISTRY_SOFTWARE
) == CR_SUCCESS)
{
PNET_ENUM_ENTRY adapterEntry;
HANDLE deviceHandle;
adapterEntry = PhAllocate(sizeof(NET_ENUM_ENTRY));
memset(adapterEntry, 0, sizeof(NET_ENUM_ENTRY));
adapterEntry->DeviceGuid = PhQueryRegistryString(keyHandle, L"NetCfgInstanceId");
adapterEntry->DeviceInterface = PhConcatStringRef2(&devicePathSr, &adapterEntry->DeviceGuid->sr);
adapterEntry->DeviceLuid.Info.IfType = PhQueryRegistryUlong64(keyHandle, L"*IfType");
adapterEntry->DeviceLuid.Info.NetLuidIndex = PhQueryRegistryUlong64(keyHandle, L"NetLuidIndex");
if (NT_SUCCESS(PhCreateFileWin32(
&deviceHandle,
PhGetString(adapterEntry->DeviceInterface),
FILE_GENERIC_READ,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
)))
{
PPH_STRING adapterName;
// Try query the full adapter name
adapterName = NetworkAdapterQueryName(deviceHandle, adapterEntry->DeviceGuid);
if (adapterName)
adapterEntry->DeviceName = adapterName;
adapterEntry->DevicePresent = TRUE;
NtClose(deviceHandle);
}
if (!adapterEntry->DeviceName)
adapterEntry->DeviceName = PhCreateString2(&deviceDescription->sr);
PhAddItemList(deviceList, adapterEntry);
NtClose(keyHandle);
}
PhClearReference(&deviceDescription);
}
// Cleanup.
PhFree(deviceInterfaceList);
// Sort the entries
qsort(deviceList->Items, deviceList->Count, sizeof(PVOID), AdapterEntryCompareFunction);
PhAcquireQueuedLockShared(&NetworkAdaptersListLock);
for (ULONG i = 0; i < deviceList->Count; i++)
{
PNET_ENUM_ENTRY entry = deviceList->Items[i];
AddNetworkAdapterToListView(
Context,
entry->DevicePresent,
0,
entry->DeviceLuid,
entry->DeviceGuid,
entry->DeviceName
);
if (entry->DeviceName)
PhDereferenceObject(entry->DeviceName);
if (entry->DeviceInterface)
PhDereferenceObject(entry->DeviceInterface);
// Note: DeviceGuid is disposed by WM_DESTROY.
PhFree(entry);
}
PhReleaseQueuedLockShared(&NetworkAdaptersListLock);
}
// HACK: Show all unknown devices.
PhAcquireQueuedLockShared(&NetworkAdaptersListLock);
for (ULONG i = 0; i < NetworkAdaptersList->Count; i++)
{
ULONG index = ULONG_MAX;
BOOLEAN found = FALSE;
PDV_NETADAPTER_ENTRY entry = PhReferenceObjectSafe(NetworkAdaptersList->Items[i]);
if (!entry)
continue;
while ((index = PhFindListViewItemByFlags(
Context->ListViewHandle,
index,
LVNI_ALL
)) != ULONG_MAX)
{
PDV_NETADAPTER_ID param;
if (PhGetListViewItemParam(Context->ListViewHandle, index, ¶m))
{
if (EquivalentNetAdapterId(param, &entry->AdapterId))
{
found = TRUE;
}
}
}
if (!found)
{
PPH_STRING description;
MIB_IF_ROW2 interfaceRow;
memset(&interfaceRow, 0, sizeof(MIB_IF_ROW2));
interfaceRow.InterfaceLuid = entry->AdapterId.InterfaceLuid;
interfaceRow.InterfaceIndex = entry->AdapterId.InterfaceIndex;
// HACK: Try query the description from the interface entry (if it exists).
if (GetIfEntry2(&interfaceRow) == NO_ERROR)
description = PhCreateString(interfaceRow.Description);
else
description = PhCreateString(L"Unknown network adapter");
if (description)
{
AddNetworkAdapterToListView(
Context,
FALSE,
entry->AdapterId.InterfaceIndex,
entry->AdapterId.InterfaceLuid,
entry->AdapterId.InterfaceGuid,
description
);
PhDereferenceObject(description);
}
}
PhDereferenceObjectDeferDelete(entry);
}
PhReleaseQueuedLockShared(&NetworkAdaptersListLock);
}
static BOOLEAN PhpRunTerminatorTest(
_In_ HWND WindowHandle,
_In_ INT Index
)
{
NTSTATUS status;
PTEST_ITEM testItem;
PPH_PROCESS_ITEM processItem;
HWND lvHandle;
PVOID processes;
BOOLEAN success = FALSE;
LARGE_INTEGER interval;
processItem = (PPH_PROCESS_ITEM)GetProp(WindowHandle, L"ProcessItem");
lvHandle = GetDlgItem(WindowHandle, IDC_TERMINATOR_LIST);
if (!PhGetListViewItemParam(
lvHandle,
Index,
&testItem
))
return FALSE;
if (WSTR_EQUAL(testItem->Id, L"TT4"))
{
if (!PhShowConfirmMessage(
WindowHandle,
L"run",
L"the TT4 test",
L"The TT4 test may cause the system to crash.",
TRUE
))
return FALSE;
}
status = testItem->TestProc(processItem->ProcessId);
interval.QuadPart = -1000 * PH_TIMEOUT_MS;
NtDelayExecution(FALSE, &interval);
if (status == STATUS_NOT_SUPPORTED)
{
PPH_STRING concat;
concat = PhConcatStrings2(L"(Not available) ", testItem->Description);
PhSetListViewSubItem(lvHandle, Index, 1, concat->Buffer);
PhDereferenceObject(concat);
}
if (!NT_SUCCESS(PhEnumProcesses(&processes)))
return FALSE;
// Check if the process exists.
if (!PhFindProcessInformation(processes, processItem->ProcessId))
{
PhSetListViewItemImageIndex(lvHandle, Index, TICK_INDEX);
SetDlgItemText(WindowHandle, IDC_TERMINATOR_TEXT, L"The process was terminated.");
success = TRUE;
}
else
{
PhSetListViewItemImageIndex(lvHandle, Index, CROSS_INDEX);
}
PhFree(processes);
UpdateWindow(WindowHandle);
return success;
}
static INT_PTR CALLBACK OptionsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PPH_PERFMON_CONTEXT context = NULL;
if (uMsg == WM_INITDIALOG)
{
context = (PPH_PERFMON_CONTEXT)PhAllocate(sizeof(PH_PERFMON_CONTEXT));
memset(context, 0, sizeof(PH_PERFMON_CONTEXT));
SetProp(hwndDlg, L"Context", (HANDLE)context);
}
else
{
context = (PPH_PERFMON_CONTEXT)GetProp(hwndDlg, L"Context");
if (uMsg == WM_NCDESTROY)
{
PPH_STRING string;
ClearCounterList(CountersList);
CopyCounterList(CountersList, context->CountersListEdited);
PhDereferenceObject(context->CountersListEdited);
string = SaveCounterList(CountersList);
PhSetStringSetting2(SETTING_NAME_PERFMON_LIST, &string->sr);
PhDereferenceObject(string);
RemoveProp(hwndDlg, L"Context");
PhFree(context);
}
}
if (context == NULL)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
context->CountersListEdited = PhCreateList(2);
context->ListViewHandle = GetDlgItem(hwndDlg, IDC_PERFCOUNTER_LISTVIEW);
PhSetListViewStyle(context->ListViewHandle, FALSE, TRUE);
PhSetControlTheme(context->ListViewHandle, L"explorer");
PhAddListViewColumn(context->ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 420, L"Counter");
PhSetExtendedListView(context->ListViewHandle);
ClearCounterList(context->CountersListEdited);
CopyCounterList(context->CountersListEdited, CountersList);
LoadCountersToListView(context, context->CountersListEdited);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_ADD_BUTTON:
{
PDH_STATUS counterStatus = 0;
PPH_STRING counterPathString = NULL;
PPH_STRING counterWildCardString = NULL;
PDH_BROWSE_DLG_CONFIG browseConfig = { 0 };
WCHAR counterPathBuffer[PDH_MAX_COUNTER_PATH] = L"";
browseConfig.bIncludeInstanceIndex = FALSE;
browseConfig.bSingleCounterPerAdd = FALSE;// Fix empty CounterPathBuffer
browseConfig.bSingleCounterPerDialog = TRUE;
browseConfig.bLocalCountersOnly = FALSE;
browseConfig.bWildCardInstances = TRUE; // Seems to cause a lot of crashes
browseConfig.bHideDetailBox = TRUE;
browseConfig.bInitializePath = FALSE;
browseConfig.bDisableMachineSelection = FALSE;
browseConfig.bIncludeCostlyObjects = FALSE;
browseConfig.bShowObjectBrowser = FALSE;
browseConfig.hWndOwner = hwndDlg;
browseConfig.szReturnPathBuffer = counterPathBuffer;
browseConfig.cchReturnPathLength = PDH_MAX_COUNTER_PATH;
browseConfig.CallBackStatus = ERROR_SUCCESS;
browseConfig.dwDefaultDetailLevel = PERF_DETAIL_WIZARD;
browseConfig.szDialogBoxCaption = L"Select a counter to monitor.";
__try
{
// Display the counter browser window.
if ((counterStatus = PdhBrowseCounters(&browseConfig)) != ERROR_SUCCESS)
{
if (counterStatus != PDH_DIALOG_CANCELLED)
{
PhShowError(hwndDlg, L"PdhBrowseCounters failed with status 0x%x.", counterStatus);
}
__leave;
}
else if (wcslen(counterPathBuffer) == 0)
{
// This gets called when pressing the X on the BrowseCounters dialog.
__leave;
}
counterPathString = PhCreateString(counterPathBuffer);
// Check if we need to expand any wildcards...
if (PhFindCharInString(counterPathString, 0, '*') != -1)
{
ULONG counterWildCardLength = 0;
// Query WildCard buffer length...
PdhExpandWildCardPath(
NULL,
counterPathString->Buffer,
NULL,
&counterWildCardLength,
0
);
counterWildCardString = PhCreateStringEx(NULL, counterWildCardLength * sizeof(WCHAR));
if ((counterStatus = PdhExpandWildCardPath(
NULL,
counterPathString->Buffer,
counterWildCardString->Buffer,
&counterWildCardLength,
0
)) == ERROR_SUCCESS)
{
PH_STRINGREF part;
PH_STRINGREF remaining = counterWildCardString->sr;
while (remaining.Length != 0)
{
// Split the results
if (!PhSplitStringRefAtChar(&remaining, '\0', &part, &remaining))
break;
if (remaining.Length == 0)
break;
if ((counterStatus = PdhValidatePath(part.Buffer)) != ERROR_SUCCESS)
{
PhShowError(hwndDlg, L"PdhValidatePath failed with status 0x%x.", counterStatus);
__leave;
}
AddCounterToListView(context, part.Buffer);
}
}
else
{
PhShowError(hwndDlg, L"PdhExpandWildCardPath failed with status 0x%x.", counterStatus);
}
}
else
{
if ((counterStatus = PdhValidatePath(counterPathString->Buffer)) != ERROR_SUCCESS)
{
PhShowError(hwndDlg, L"PdhValidatePath failed with status 0x%x.", counterStatus);
__leave;
}
AddCounterToListView(context, counterPathString->Buffer);
}
}
__finally
{
if (counterWildCardString)
PhDereferenceObject(counterWildCardString);
if (counterPathString)
PhDereferenceObject(counterPathString);
}
}
break;
case IDC_REMOVE_BUTTON:
{
INT itemIndex;
// Get the first selected item
itemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
while (itemIndex != -1)
{
PPH_PERFMON_ENTRY entry;
if (PhGetListViewItemParam(context->ListViewHandle, itemIndex, (PPVOID)&entry))
{
ULONG index = PhFindItemList(context->CountersListEdited, entry);
if (index != -1)
{
PhRemoveItemList(context->CountersListEdited, index);
PhRemoveListViewItem(context->ListViewHandle, itemIndex);
FreeCounterEntry(entry);
}
}
// Get the next selected item
itemIndex = ListView_GetNextItem(context->ListViewHandle, -1, LVNI_SELECTED);
}
}
break;
case IDCANCEL:
EndDialog(hwndDlg, IDCANCEL);
break;
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
}
}
break;
}
return FALSE;
}
