VOID PeInitializeSettings(
VOID
)
{
static PH_STRINGREF settingsSuffix = PH_STRINGREF_INIT(L".peview.xml");
NTSTATUS status;
PPH_STRING appFileName;
PPH_STRING tempFileName;
// There are three possible locations for the settings file:
// 1. A file named peview.exe.peview.xml in the program directory. (This changes
// based on the executable file name.)
// 2. The default location.
// 1. File in program directory
appFileName = PhGetApplicationFileName();
tempFileName = PhConcatStringRef2(&appFileName->sr, &settingsSuffix);
PhDereferenceObject(appFileName);
if (RtlDoesFileExists_U(tempFileName->Buffer))
{
PeSettingsFileName = tempFileName;
}
else
{
PhDereferenceObject(tempFileName);
}
// 2. Default location
if (!PeSettingsFileName)
{
PeSettingsFileName = PhGetKnownLocation(CSIDL_APPDATA, L"\\Process Hacker\\peview.xml");
}
if (PeSettingsFileName)
{
status = PhLoadSettings(PeSettingsFileName->Buffer);
// If we didn't find the file, it will be created. Otherwise,
// there was probably a parsing error and we don't want to
// change anything.
if (status == STATUS_FILE_CORRUPT_ERROR)
{
if (PhShowMessage2(
NULL,
TDCBF_YES_BUTTON | TDCBF_NO_BUTTON,
TD_WARNING_ICON,
L"PE View's settings file is corrupt. Do you want to reset it?",
L"If you select No, the settings system will not function properly."
) == IDYES)
{
HANDLE fileHandle;
IO_STATUS_BLOCK isb;
CHAR data[] = "<settings></settings>";
// This used to delete the file. But it's better to keep the file there
// and overwrite it with some valid XML, especially with case (2) above.
if (NT_SUCCESS(PhCreateFileWin32(
&fileHandle,
PeSettingsFileName->Buffer,
FILE_GENERIC_WRITE,
0,
FILE_SHARE_READ | FILE_SHARE_DELETE,
FILE_OVERWRITE,
FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
)))
{
NtWriteFile(fileHandle, NULL, NULL, NULL, &isb, data, sizeof(data) - 1, NULL, NULL);
NtClose(fileHandle);
}
}
else
{
// Pretend we don't have a settings store so bad things don't happen.
PhDereferenceObject(PeSettingsFileName);
PeSettingsFileName = NULL;
}
}
}
// Apply basic global settings.
PhMaxSizeUnit = PhGetIntegerSetting(L"MaxSizeUnit");
}
NTSTATUS PhpProcessMiniDumpThreadStart(
_In_ PVOID Parameter
)
{
PPROCESS_MINIDUMP_CONTEXT context = Parameter;
MINIDUMP_CALLBACK_INFORMATION callbackInfo;
callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback;
callbackInfo.CallbackParam = context;
#ifdef _WIN64
if (context->IsWow64)
{
if (PhUiConnectToPhSvcEx(NULL, Wow64PhSvcMode, FALSE))
{
NTSTATUS status;
if (NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
context->DumpType
)))
{
context->Succeeded = TRUE;
}
else
{
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_ERROR,
(LPARAM)PhNtStatusToDosError(status)
);
}
PhUiDisconnectFromPhSvc();
goto Completed;
}
else
{
if (PhShowMessage2(
context->WindowHandle,
TDCBF_YES_BUTTON | TDCBF_NO_BUTTON,
TD_WARNING_ICON,
L"The 32-bit version of Process Hacker could not be located.",
L"A 64-bit dump will be created instead. Do you want to continue?"
) == IDNO)
{
PhDeleteFile(context->FileHandle);
goto Completed;
}
}
}
#endif
if (PhWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
context->DumpType,
NULL,
NULL,
&callbackInfo
))
{
context->Succeeded = TRUE;
}
else
{
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_ERROR,
(LPARAM)GetLastError()
);
}
#ifdef _WIN64
Completed:
#endif
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_COMPLETED,
0
);
return STATUS_SUCCESS;
}
