LONG ThreadTreeNewSortFunction(
_In_ PVOID Node1,
_In_ PVOID Node2,
_In_ ULONG SubId,
_In_ PVOID Context
)
{
PTHREAD_TREE_CONTEXT context = Context;
LONG result;
PPH_THREAD_NODE node1 = Node1;
PPH_THREAD_NODE node2 = Node2;
PDN_THREAD_ITEM dnThread1;
PDN_THREAD_ITEM dnThread2;
dnThread1 = PhPluginGetObjectExtension(PluginInstance, node1->ThreadItem, EmThreadItemType);
dnThread2 = PhPluginGetObjectExtension(PluginInstance, node2->ThreadItem, EmThreadItemType);
result = 0;
switch (SubId)
{
case DNTHTNC_APPDOMAIN:
UpdateThreadClrData(context, dnThread1);
UpdateThreadClrData(context, dnThread2);
result = PhCompareStringWithNull(dnThread1->AppDomainText, dnThread2->AppDomainText, TRUE);
break;
}
return result;
}
LONG NTAPI VirusTotalServiceNodeSortFunction(
_In_ PVOID Node1,
_In_ PVOID Node2,
_In_ ULONG SubId,
_In_ PH_SORT_ORDER SortOrder,
_In_ PVOID Context
)
{
PPH_SERVICE_NODE node1 = Node1;
PPH_SERVICE_NODE node2 = Node2;
PPROCESS_EXTENSION extension1 = PhPluginGetObjectExtension(PluginInstance, node1->ServiceItem, EmServiceItemType);
PPROCESS_EXTENSION extension2 = PhPluginGetObjectExtension(PluginInstance, node2->ServiceItem, EmServiceItemType);
return PhCompareStringWithNullSortOrder(extension1->VirusTotalResult, extension2->VirusTotalResult, SortOrder, TRUE);
}
VOID ThreadTreeNewInitializing(
_In_ PVOID Parameter
)
{
PPH_PLUGIN_TREENEW_INFORMATION info = Parameter;
PPH_THREADS_CONTEXT threadsContext;
PTHREAD_TREE_CONTEXT context;
BOOLEAN isDotNet;
threadsContext = info->SystemContext;
context = PhPluginGetObjectExtension(PluginInstance, threadsContext, EmThreadsContextType);
if (NT_SUCCESS(PhGetProcessIsDotNet(threadsContext->Provider->ProcessId, &isDotNet)) && isDotNet)
{
PCLR_PROCESS_SUPPORT support;
support = CreateClrProcessSupport(threadsContext->Provider->ProcessId);
if (!support)
return;
context->Support = support;
AddTreeNewColumn(info, context, DNTHTNC_APPDOMAIN, TRUE, L"AppDomain", 120, PH_ALIGN_LEFT, 0, FALSE, ThreadTreeNewSortFunction);
}
}
VOID TreeNewMessageCallback(
__in_opt PVOID Parameter,
__in_opt PVOID Context
)
{
PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
switch (message->Message)
{
case TreeNewGetCellText:
{
PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
PPH_PROCESS_NODE node;
node = (PPH_PROCESS_NODE)getCellText->Node;
switch (message->SubId)
{
case PIDHEX_COLUMN_ID:
{
if (!PH_IS_FAKE_PROCESS_ID(node->ProcessId))
{
PPROCESS_EXTENSION extension;
extension = PhPluginGetObjectExtension(PluginInstance, node->ProcessItem, EmProcessItemType);
PhInitializeStringRef(&getCellText->Text, extension->PidHexText);
}
}
break;
}
}
break;
}
}
static VOID NTAPI TreeNewMessageCallback(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
switch (message->Message)
{
case TreeNewGetCellText:
{
if (message->TreeNewHandle == NetworkTreeNewHandle)
{
PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)getCellText->Node;
PNETWORK_DNSCACHE_EXTENSION extension = PhPluginGetObjectExtension(PluginInstance, networkNode->NetworkItem, EmNetworkItemType);
UpdateNetworkItem(message->SubId, networkNode->NetworkItem, extension);
switch (message->SubId)
{
case NETWORK_COLUMN_ID_DNSCACHE_ROOT_QUERY:
{
if (extension->DnsCacheValid)
getCellText->Text = PhGetStringRef(extension->DnsCacheQueryRoot);
}
break;
}
}
}
break;
}
}
VOID ProcessRemovedHandler(
__in_opt PVOID Parameter,
__in_opt PVOID Context
)
{
PPH_PROCESS_ITEM processItem = Parameter;
PPROCESS_EXTENSION extension = PhPluginGetObjectExtension(PluginInstance, processItem, EmProcessItemType);
RemoveEntryList(&extension->ListEntry);
}
VOID ProcessAddedHandler(
__in_opt PVOID Parameter,
__in_opt PVOID Context
)
{
PPH_PROCESS_ITEM processItem = Parameter;
PPROCESS_EXTENSION extension = PhPluginGetObjectExtension(PluginInstance, processItem, EmProcessItemType);
InsertTailList(&ProcessListHead, &extension->ListEntry);
}
VOID NTAPI NetworkItemAddedHandler(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_NETWORK_ITEM NetworkItem = (PPH_NETWORK_ITEM)Parameter;
PNETWORK_DNSCACHE_EXTENSION Extension = PhPluginGetObjectExtension(PluginInstance, NetworkItem, EmNetworkItemType);
Extension->AddressValid = IsAddressValid(NetworkItem->RemoteAddressString);
UpdateNetworkItem(NETWORK_COLUMN_ID_DNSCACHE_ROOT_QUERY, NetworkItem, Extension);
}
static LONG NTAPI NetworkServiceSortFunction(
_In_ PVOID Node1,
_In_ PVOID Node2,
_In_ ULONG SubId,
_In_ PH_SORT_ORDER SortOrder,
_In_ PVOID Context
)
{
PPH_NETWORK_NODE node1 = Node1;
PPH_NETWORK_NODE node2 = Node2;
PNETWORK_DNSCACHE_EXTENSION extension1 = PhPluginGetObjectExtension(PluginInstance, node1->NetworkItem, EmNetworkItemType);
PNETWORK_DNSCACHE_EXTENSION extension2 = PhPluginGetObjectExtension(PluginInstance, node2->NetworkItem, EmNetworkItemType);
switch (SubId)
{
case NETWORK_COLUMN_ID_DNSCACHE_ROOT_QUERY:
return PhCompareStringWithNull(extension1->DnsCacheQueryRoot, extension2->DnsCacheQueryRoot, TRUE);
}
return 0;
}
static VOID ThreadAddedHandler(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_THREAD_ITEM threadItem = Parameter;
PDN_THREAD_ITEM dnThread;
PTHREAD_TREE_CONTEXT context = Context;
dnThread = PhPluginGetObjectExtension(PluginInstance, threadItem, EmThreadItemType);
memset(dnThread, 0, sizeof(DN_THREAD_ITEM));
dnThread->ThreadItem = threadItem;
}
LONG NTAPI AvgCpuSortFunction(
__in PVOID Node1,
__in PVOID Node2,
__in ULONG SubId,
__in PVOID Context
)
{
PPH_PROCESS_NODE node1 = Node1;
PPH_PROCESS_NODE node2 = Node2;
PPROCESS_EXTENSION extension1 = PhPluginGetObjectExtension(PluginInstance, node1->ProcessItem, EmProcessItemType);
PPROCESS_EXTENSION extension2 = PhPluginGetObjectExtension(PluginInstance, node2->ProcessItem, EmProcessItemType);
switch (SubId)
{
case COLUMN_ID_AVGCPU10:
return singlecmp(extension1->Avg10CpuUsage, extension2->Avg10CpuUsage);
case COLUMN_ID_AVGCPU60:
return singlecmp(extension1->Avg60CpuUsage, extension2->Avg60CpuUsage);
}
return 0;
}
VOID ThreadTreeNewMessage(
_In_ PVOID Parameter
)
{
PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
PTHREAD_TREE_CONTEXT context = message->Context;
if (message->Message == TreeNewGetCellText)
{
PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
PPH_THREAD_NODE threadNode = (PPH_THREAD_NODE)getCellText->Node;
PDN_THREAD_ITEM dnThread;
dnThread = PhPluginGetObjectExtension(PluginInstance, threadNode->ThreadItem, EmThreadItemType);
switch (message->SubId)
{
case DNTHTNC_APPDOMAIN:
UpdateThreadClrData(context, dnThread);
getCellText->Text = PhGetStringRef(dnThread->AppDomainText);
break;
}
}
}
VOID NTAPI TreeNewMessageCallback(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
switch (message->Message)
{
case TreeNewGetCellText:
{
PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
switch (message->SubId)
{
case COLUMN_ID_VIUSTOTAL_PROCESS:
{
PPH_PROCESS_NODE processNode = (PPH_PROCESS_NODE)getCellText->Node;
PPROCESS_EXTENSION extension = PhPluginGetObjectExtension(PluginInstance, processNode->ProcessItem, EmProcessItemType);
getCellText->Text = PhGetStringRef(extension->VirusTotalResult);
}
break;
case COLUMN_ID_VIUSTOTAL_MODULE:
{
PPH_MODULE_NODE moduleNode = (PPH_MODULE_NODE)getCellText->Node;
PPROCESS_EXTENSION extension = PhPluginGetObjectExtension(PluginInstance, moduleNode->ModuleItem, EmModuleItemType);
getCellText->Text = PhGetStringRef(extension->VirusTotalResult);
}
break;
case COLUMN_ID_VIUSTOTAL_SERVICE:
{
PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)getCellText->Node;
PPROCESS_EXTENSION extension = PhPluginGetObjectExtension(PluginInstance, serviceNode->ServiceItem, EmServiceItemType);
getCellText->Text = PhGetStringRef(extension->VirusTotalResult);
}
break;
}
}
break;
case TreeNewCustomDraw:
{
PPH_TREENEW_CUSTOM_DRAW customDraw = message->Parameter1;
PPROCESS_EXTENSION extension = NULL;
PH_STRINGREF text;
if (!VirusTotalScanningEnabled)
{
static PH_STRINGREF disabledText = PH_STRINGREF_INIT(L"Scanning disabled");
DrawText(
customDraw->Dc,
disabledText.Buffer,
(ULONG)disabledText.Length / 2,
&customDraw->CellRect,
DT_CENTER | DT_VCENTER | DT_END_ELLIPSIS | DT_SINGLELINE
);
return;
}
switch (message->SubId)
{
case COLUMN_ID_VIUSTOTAL_PROCESS:
{
PPH_PROCESS_NODE processNode = (PPH_PROCESS_NODE)customDraw->Node;
extension = PhPluginGetObjectExtension(PluginInstance, processNode->ProcessItem, EmProcessItemType);
}
break;
case COLUMN_ID_VIUSTOTAL_MODULE:
{
PPH_MODULE_NODE moduleNode = (PPH_MODULE_NODE)customDraw->Node;
extension = PhPluginGetObjectExtension(PluginInstance, moduleNode->ModuleItem, EmModuleItemType);
}
break;
case COLUMN_ID_VIUSTOTAL_SERVICE:
{
PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)customDraw->Node;
extension = PhPluginGetObjectExtension(PluginInstance, serviceNode->ServiceItem, EmServiceItemType);
}
break;
}
if (!extension)
break;
//if (extension->Positives > 0)
// SetTextColor(customDraw->Dc, RGB(0xff, 0x0, 0x0));
text = PhGetStringRef(extension->VirusTotalResult);
DrawText(
customDraw->Dc,
text.Buffer,
(ULONG)text.Length / sizeof(WCHAR),
&customDraw->CellRect,
DT_CENTER | DT_VCENTER | DT_END_ELLIPSIS | DT_SINGLELINE
);
}
break;
}
}
VOID TreeNewMessageCallback(
__in_opt PVOID Parameter,
__in_opt PVOID Context
)
{
PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
switch (message->Message)
{
case TreeNewGetCellText:
{
PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
PPH_PROCESS_NODE node;
PPROCESS_EXTENSION extension;
node = (PPH_PROCESS_NODE)getCellText->Node;
extension = PhPluginGetObjectExtension(PluginInstance, node->ProcessItem, EmProcessItemType);
switch (message->SubId)
{
case COLUMN_ID_AVGCPU10:
case COLUMN_ID_AVGCPU60:
{
FLOAT cpuUsage;
PWCHAR buffer;
if (message->SubId == COLUMN_ID_AVGCPU10)
{
cpuUsage = extension->Avg10CpuUsage * 100;
buffer = extension->Avg10CpuUsageText;
}
else
{
cpuUsage = extension->Avg60CpuUsage * 100;
buffer = extension->Avg60CpuUsageText;
}
if (cpuUsage >= 0.01)
{
PH_FORMAT format;
SIZE_T returnLength;
PhInitFormatF(&format, cpuUsage, 2);
if (PhFormatToBuffer(&format, 1, buffer, PH_INT32_STR_LEN_1 * sizeof(WCHAR), &returnLength))
{
getCellText->Text.Buffer = buffer;
getCellText->Text.Length = (USHORT)(returnLength - sizeof(WCHAR)); // minus null terminator
}
}
else if (cpuUsage != 0 && PhGetIntegerSetting(L"ShowCpuBelow001"))
{
PhInitializeStringRef(&getCellText->Text, L"< 0.01");
}
}
break;
}
}
break;
}
}
PET_NETWORK_BLOCK EtGetNetworkBlock(
__in PPH_NETWORK_ITEM NetworkItem
)
{
return PhPluginGetObjectExtension(PluginInstance, NetworkItem, EmNetworkItemType);
}
PET_PROCESS_BLOCK EtGetProcessBlock(
__in PPH_PROCESS_ITEM ProcessItem
)
{
return PhPluginGetObjectExtension(PluginInstance, ProcessItem, EmProcessItemType);
}
