static PPH_STRING PhGetOpaqueXmlNodeText( __in mxml_node_t *xmlNode ) { if (xmlNode && xmlNode->child && xmlNode->child->type == MXML_OPAQUE && xmlNode->child->value.opaque) { return PhCreateStringFromAnsi(xmlNode->child->value.opaque); } return PhReferenceEmptyString(); }
PPH_STRING GetGfxName(VOID) { NvStatus status; NvAPI_ShortString version = {0}; status = NvAPI_GetFullName(physHandle, version); if (NV_SUCCESS(status)) { return PhCreateStringFromAnsi(version); } else { LogEvent(L"gfxinfo: (GetFullName) NvAPI_GetFullName failed (%s)", status); } return NULL; }
VOID LogEvent(__in PWSTR str, __in int status) { switch (GraphicsType) { case NvidiaGraphics: { if (NvAPI_GetErrorMessage != NULL) { PPH_STRING nvPhString = NULL; PPH_STRING statusString = NULL; NvAPI_ShortString nvString = { 0 }; NvAPI_GetErrorMessage((NvStatus)status, nvString); nvPhString = PhCreateStringFromAnsi(nvString); statusString = PhFormatString(str, nvPhString->Buffer); PhLogMessageEntry(PH_LOG_ENTRY_MESSAGE, statusString); PhDereferenceObject(statusString); PhDereferenceObject(nvPhString); } else { PPH_STRING string = PhCreateString(L"gfxinfo: (LogEvent) NvAPI_GetErrorMessage was not initialized."); PhLogMessageEntry(PH_LOG_ENTRY_MESSAGE, string); PhDereferenceObject(string); } } break; case AtiGraphics: { //PPH_STRING string = PhFormatString(str, status); //PhLogMessageEntry(PH_LOG_ENTRY_MESSAGE, string); //PhDereferenceObject(string); } break; } }
BOOLEAN PhGetLineFromAddress( _In_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ ULONG64 Address, _Out_ PPH_STRING *FileName, _Out_opt_ PULONG Displacement, _Out_opt_ PPH_SYMBOL_LINE_INFORMATION Information ) { IMAGEHLP_LINEW64 line; BOOL result; ULONG displacement; PPH_STRING fileName; if (!SymGetLineFromAddrW64_I && !SymGetLineFromAddr64_I) return FALSE; #ifdef PH_SYMBOL_PROVIDER_DELAY_INIT PhpRegisterSymbolProvider(SymbolProvider); #endif line.SizeOfStruct = sizeof(IMAGEHLP_LINEW64); PH_LOCK_SYMBOLS(); if (SymGetLineFromAddrW64_I) { result = SymGetLineFromAddrW64_I( SymbolProvider->ProcessHandle, Address, &displacement, &line ); if (result) fileName = PhCreateString(line.FileName); } else { IMAGEHLP_LINE64 lineA; lineA.SizeOfStruct = sizeof(IMAGEHLP_LINE64); result = SymGetLineFromAddr64_I( SymbolProvider->ProcessHandle, Address, &displacement, &lineA ); if (result) { fileName = PhCreateStringFromAnsi(lineA.FileName); line.LineNumber = lineA.LineNumber; line.Address = lineA.Address; } } PH_UNLOCK_SYMBOLS(); if (!result) return FALSE; *FileName = fileName; if (Displacement) *Displacement = displacement; if (Information) { Information->LineNumber = line.LineNumber; Information->Address = line.Address; } return TRUE; }
INT_PTR CALLBACK PvpLibExportsDlgProc( __in HWND hwndDlg, __in UINT uMsg, __in WPARAM wParam, __in LPARAM lParam ) { switch (uMsg) { case WM_INITDIALOG: { ULONG fallbackColumns[] = { 0, 1, 2, 3 }; HWND lvHandle; PH_MAPPED_ARCHIVE_MEMBER member; PH_MAPPED_ARCHIVE_IMPORT_ENTRY importEntry; PhCenterWindow(GetParent(hwndDlg), NULL); lvHandle = GetDlgItem(hwndDlg, IDC_LIST); PhSetListViewStyle(lvHandle, FALSE, TRUE); PhSetControlTheme(lvHandle, L"explorer"); PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 60, L"DLL"); PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 200, L"Name"); PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 40, L"Ordinal/Hint"); PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 40, L"Type"); PhAddListViewColumn(lvHandle, 4, 4, 4, LVCFMT_LEFT, 60, L"Name Type"); PhSetExtendedListView(lvHandle); ExtendedListView_AddFallbackColumns(lvHandle, 4, fallbackColumns); member = *PvMappedArchive.LastStandardMember; while (NT_SUCCESS(PhGetNextMappedArchiveMember(&member, &member))) { if (NT_SUCCESS(PhGetMappedArchiveImportEntry(&member, &importEntry))) { INT lvItemIndex; PPH_STRING name; WCHAR number[PH_INT32_STR_LEN_1]; PWSTR type; name = PhCreateStringFromAnsi(importEntry.DllName); lvItemIndex = PhAddListViewItem(lvHandle, MAXINT, name->Buffer, NULL); PhDereferenceObject(name); name = PhCreateStringFromAnsi(importEntry.Name); PhSetListViewSubItem(lvHandle, lvItemIndex, 1, name->Buffer); PhDereferenceObject(name); // Ordinal is unioned with NameHint, so this works both ways. PhPrintUInt32(number, importEntry.Ordinal); PhSetListViewSubItem(lvHandle, lvItemIndex, 2, number); switch (importEntry.Type) { case IMPORT_OBJECT_CODE: type = L"Code"; break; case IMPORT_OBJECT_DATA: type = L"Data"; break; case IMPORT_OBJECT_CONST: type = L"Const"; break; default: type = L"Unknown"; break; } PhSetListViewSubItem(lvHandle, lvItemIndex, 3, type); switch (importEntry.NameType) { case IMPORT_OBJECT_ORDINAL: type = L"Ordinal"; break; case IMPORT_OBJECT_NAME: type = L"Name"; break; case IMPORT_OBJECT_NAME_NO_PREFIX: type = L"Name, No Prefix"; break; case IMPORT_OBJECT_NAME_UNDECORATE: type = L"Name, Undecorate"; break; default: type = L"Unknown"; break; } PhSetListViewSubItem(lvHandle, lvItemIndex, 4, type); } } ExtendedListView_SortItems(lvHandle); } break; case WM_NOTIFY: { PvHandleListViewNotifyForCopy(lParam, GetDlgItem(hwndDlg, IDC_LIST)); } break; } return FALSE; }
NTSTATUS PhpThreadProviderLoadSymbols( __in PVOID Parameter ) { PPH_THREAD_PROVIDER threadProvider = (PPH_THREAD_PROVIDER)Parameter; PH_THREAD_SYMBOL_LOAD_CONTEXT loadContext; loadContext.ThreadProvider = threadProvider; loadContext.SymbolProvider = threadProvider->SymbolProvider; PhLoadSymbolProviderOptions(threadProvider->SymbolProvider); if (threadProvider->ProcessId != SYSTEM_IDLE_PROCESS_ID) { if ( threadProvider->SymbolProvider->IsRealHandle || threadProvider->ProcessId == SYSTEM_PROCESS_ID ) { loadContext.ProcessId = threadProvider->ProcessId; PhEnumGenericModules( threadProvider->ProcessId, threadProvider->SymbolProvider->ProcessHandle, 0, LoadSymbolsEnumGenericModulesCallback, &loadContext ); } else { // We can't enumerate the process modules. Load // symbols for ntdll.dll and kernel32.dll. loadContext.ProcessId = NtCurrentProcessId(); PhEnumGenericModules( NtCurrentProcessId(), NtCurrentProcess(), 0, LoadBasicSymbolsEnumGenericModulesCallback, &loadContext ); } // Load kernel module symbols as well. if (threadProvider->ProcessId != SYSTEM_PROCESS_ID) { loadContext.ProcessId = SYSTEM_PROCESS_ID; PhEnumGenericModules( SYSTEM_PROCESS_ID, NULL, 0, LoadSymbolsEnumGenericModulesCallback, &loadContext ); } } else { // System Idle Process has one thread for each CPU, // each having a start address at KiIdleLoop. We // need to load symbols for the kernel. PRTL_PROCESS_MODULES kernelModules; if (NT_SUCCESS(PhEnumKernelModules(&kernelModules))) { if (kernelModules->NumberOfModules > 0) { PPH_STRING fileName; PPH_STRING newFileName; fileName = PhCreateStringFromAnsi(kernelModules->Modules[0].FullPathName); newFileName = PhGetFileName(fileName); PhDereferenceObject(fileName); PhLoadModuleSymbolProvider( threadProvider->SymbolProvider, newFileName->Buffer, (ULONG64)kernelModules->Modules[0].ImageBase, kernelModules->Modules[0].ImageSize ); PhDereferenceObject(newFileName); } PhFree(kernelModules); } } // Check if the process has services - we'll need to know before getting service tag/name // information. if (WINDOWS_HAS_SERVICE_TAGS) { PPH_PROCESS_ITEM processItem; if (processItem = PhReferenceProcessItem(threadProvider->ProcessId)) { threadProvider->HasServices = processItem->ServiceList && processItem->ServiceList->Count != 0; PhDereferenceObject(processItem); } } PhSetEvent(&threadProvider->SymbolsLoadedEvent); PhDereferenceObject(threadProvider); return STATUS_SUCCESS; }
static BOOLEAN NetAdapterSectionCallback( _In_ PPH_SYSINFO_SECTION Section, _In_ PH_SYSINFO_SECTION_MESSAGE Message, _In_opt_ PVOID Parameter1, _In_opt_ PVOID Parameter2 ) { PPH_NETADAPTER_SYSINFO_CONTEXT context = (PPH_NETADAPTER_SYSINFO_CONTEXT)Section->Context; switch (Message) { case SysInfoCreate: { if (PhGetIntegerSetting(SETTING_NAME_ENABLE_NDIS)) { PhCreateFileWin32( &context->DeviceHandle, PhaFormatString(L"\\\\.\\%s", context->AdapterEntry->InterfaceGuid->Buffer)->Buffer, FILE_GENERIC_READ, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT ); if (context->DeviceHandle) { if (!NetworkAdapterQuerySupported(context->DeviceHandle)) { NtClose(context->DeviceHandle); context->DeviceHandle = NULL; } } } if (WindowsVersion > WINDOWS_VISTA) { if ((context->IphlpHandle = LoadLibrary(L"iphlpapi.dll"))) { context->GetIfEntry2_I = (_GetIfEntry2)GetProcAddress(context->IphlpHandle, "GetIfEntry2"); context->GetInterfaceDescriptionFromGuid_I = (_GetInterfaceDescriptionFromGuid)GetProcAddress(context->IphlpHandle, "NhGetInterfaceDescriptionFromGuid"); } } PhInitializeCircularBuffer_ULONG64(&context->InboundBuffer, PhGetIntegerSetting(L"SampleCount")); PhInitializeCircularBuffer_ULONG64(&context->OutboundBuffer, PhGetIntegerSetting(L"SampleCount")); } return TRUE; case SysInfoDestroy: { if (context->AdapterName) PhDereferenceObject(context->AdapterName); PhDeleteCircularBuffer_ULONG64(&context->InboundBuffer); PhDeleteCircularBuffer_ULONG64(&context->OutboundBuffer); if (context->IphlpHandle) FreeLibrary(context->IphlpHandle); if (context->DeviceHandle) NtClose(context->DeviceHandle); PhFree(context); } return TRUE; case SysInfoTick: { ULONG64 networkInboundSpeed = 0; ULONG64 networkOutboundSpeed = 0; ULONG64 networkInOctets = 0; ULONG64 networkOutOctets = 0; ULONG64 xmitLinkSpeed = 0; ULONG64 rcvLinkSpeed = 0; if (context->DeviceHandle) { NDIS_STATISTICS_INFO interfaceStats; NDIS_LINK_STATE interfaceState; if (NT_SUCCESS(NetworkAdapterQueryStatistics(context->DeviceHandle, &interfaceStats))) { networkInboundSpeed = interfaceStats.ifHCInOctets - context->LastInboundValue; networkOutboundSpeed = interfaceStats.ifHCOutOctets - context->LastOutboundValue; networkInOctets = interfaceStats.ifHCInOctets; networkOutOctets = interfaceStats.ifHCOutOctets; } else { ULONG64 inOctets = NetworkAdapterQueryValue(context->DeviceHandle, OID_GEN_BYTES_RCV); ULONG64 outOctets = NetworkAdapterQueryValue(context->DeviceHandle, OID_GEN_BYTES_XMIT); networkInboundSpeed = inOctets - context->LastInboundValue; networkOutboundSpeed = outOctets - context->LastOutboundValue; networkInOctets = inOctets; networkOutOctets = outOctets; } if (NT_SUCCESS(NetworkAdapterQueryLinkState(context, &interfaceState))) { xmitLinkSpeed = interfaceState.XmitLinkSpeed; rcvLinkSpeed = interfaceState.RcvLinkSpeed; } // HACK: Pull the Adapter name from the current query. if (context->SysinfoSection->Name.Length == 0) { if (context->AdapterName = NetworkAdapterQueryName(context)) { context->SysinfoSection->Name = context->AdapterName->sr; } } } else { if (context->GetIfEntry2_I) { MIB_IF_ROW2 interfaceRow; interfaceRow = QueryInterfaceRowVista(context); networkInboundSpeed = interfaceRow.InOctets - context->LastInboundValue; networkOutboundSpeed = interfaceRow.OutOctets - context->LastOutboundValue; networkInOctets = interfaceRow.InOctets; networkOutOctets = interfaceRow.OutOctets; xmitLinkSpeed = interfaceRow.TransmitLinkSpeed; rcvLinkSpeed = interfaceRow.ReceiveLinkSpeed; // HACK: Pull the Adapter name from the current query. if (context->SysinfoSection->Name.Length == 0) { if (context->AdapterName = PhCreateString(interfaceRow.Description)) { context->SysinfoSection->Name = context->AdapterName->sr; } } } else { MIB_IFROW interfaceRow; interfaceRow = QueryInterfaceRowXP(context); networkInboundSpeed = interfaceRow.dwInOctets - context->LastInboundValue; networkOutboundSpeed = interfaceRow.dwOutOctets - context->LastOutboundValue; networkInOctets = interfaceRow.dwInOctets; networkOutOctets = interfaceRow.dwOutOctets; xmitLinkSpeed = interfaceRow.dwSpeed; rcvLinkSpeed = interfaceRow.dwSpeed; // HACK: Pull the Adapter name from the current query. if (context->SysinfoSection->Name.Length == 0) { if (context->AdapterName = PhCreateStringFromAnsi(interfaceRow.bDescr)) { context->SysinfoSection->Name = context->AdapterName->sr; } } } } if (!context->HaveFirstSample) { networkInboundSpeed = 0; networkOutboundSpeed = 0; context->HaveFirstSample = TRUE; } PhAddItemCircularBuffer_ULONG64(&context->InboundBuffer, networkInboundSpeed); PhAddItemCircularBuffer_ULONG64(&context->OutboundBuffer, networkOutboundSpeed); context->InboundValue = networkInboundSpeed; context->OutboundValue = networkOutboundSpeed; context->LastInboundValue = networkInOctets; context->LastOutboundValue = networkOutOctets; context->MaxSendSpeed = xmitLinkSpeed; context->MaxReceiveSpeed = rcvLinkSpeed; } return TRUE; case SysInfoCreateDialog: { PPH_SYSINFO_CREATE_DIALOG createDialog = (PPH_SYSINFO_CREATE_DIALOG)Parameter1; createDialog->Instance = PluginInstance->DllBase; createDialog->Template = MAKEINTRESOURCE(IDD_NETADAPTER_DIALOG); createDialog->DialogProc = NetAdapterDialogProc; createDialog->Parameter = context; } return TRUE; case SysInfoGraphGetDrawInfo: { PPH_GRAPH_DRAW_INFO drawInfo = (PPH_GRAPH_DRAW_INFO)Parameter1; drawInfo->Flags = PH_GRAPH_USE_GRID | PH_GRAPH_USE_LINE_2; Section->Parameters->ColorSetupFunction(drawInfo, PhGetIntegerSetting(L"ColorCpuKernel"), PhGetIntegerSetting(L"ColorCpuUser")); PhGetDrawInfoGraphBuffers(&Section->GraphState.Buffers, drawInfo, context->InboundBuffer.Count); if (!Section->GraphState.Valid) { FLOAT maxGraphHeight1 = 0; FLOAT maxGraphHeight2 = 0; for (ULONG i = 0; i < drawInfo->LineDataCount; i++) { Section->GraphState.Data1[i] = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->InboundBuffer, i); Section->GraphState.Data2[i] = (FLOAT)PhGetItemCircularBuffer_ULONG64(&context->OutboundBuffer, i); if (Section->GraphState.Data1[i] > maxGraphHeight1) maxGraphHeight1 = Section->GraphState.Data1[i]; if (Section->GraphState.Data2[i] > maxGraphHeight2) maxGraphHeight2 = Section->GraphState.Data2[i]; } // Scale the data. PhxfDivideSingle2U( Section->GraphState.Data1, maxGraphHeight1, // (FLOAT)context->MaxReceiveSpeed, drawInfo->LineDataCount ); // Scale the data. PhxfDivideSingle2U( Section->GraphState.Data2, maxGraphHeight2, // (FLOAT)context->MaxSendSpeed, drawInfo->LineDataCount ); Section->GraphState.Valid = TRUE; } } return TRUE; case SysInfoGraphGetTooltipText: { PPH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT getTooltipText = (PPH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT)Parameter1; ULONG64 adapterInboundValue = PhGetItemCircularBuffer_ULONG64( &context->InboundBuffer, getTooltipText->Index ); ULONG64 adapterOutboundValue = PhGetItemCircularBuffer_ULONG64( &context->OutboundBuffer, getTooltipText->Index ); PhSwapReference2(&Section->GraphState.TooltipText, PhFormatString( L"R: %s\nS: %s\n%s", PhaFormatSize(adapterInboundValue, -1)->Buffer, PhaFormatSize(adapterOutboundValue, -1)->Buffer, ((PPH_STRING)PHA_DEREFERENCE(PhGetStatisticsTimeString(NULL, getTooltipText->Index)))->Buffer )); getTooltipText->Text = Section->GraphState.TooltipText->sr; } return TRUE; case SysInfoGraphDrawPanel: { PPH_SYSINFO_DRAW_PANEL drawPanel = (PPH_SYSINFO_DRAW_PANEL)Parameter1; drawPanel->Title = PhCreateString(Section->Name.Buffer); drawPanel->SubTitle = PhFormatString( L"R: %s\nS: %s", PhaFormatSize(context->InboundValue, -1)->Buffer, PhaFormatSize(context->OutboundValue, -1)->Buffer ); } return TRUE; } return FALSE; }