PVIRUSTOTAL_FILE_HASH_ENTRY VirusTotalGetCachedResultFromHash( _In_ PPH_STRING FileHash ) { ULONG i; BOOLEAN found = FALSE; PhAcquireQueuedLockExclusive(&ProcessListLock); for (i = 0; i < VirusTotalList->Count; i++) { PVIRUSTOTAL_FILE_HASH_ENTRY extension = VirusTotalList->Items[i]; if (PhIsNullOrEmptyString(extension->FileHash)) continue; if (PhEqualString(extension->FileHash, FileHash, TRUE)) { PhReleaseQueuedLockExclusive(&ProcessListLock); return extension; } } PhReleaseQueuedLockExclusive(&ProcessListLock); return NULL; }
/** * Queues a work item to a work queue. * * \param WorkQueue A work queue object. * \param Function A function to execute. * \param Context A user-defined value to pass to the function. * \param DeleteFunction A callback function that is executed when the work queue item is about to be freed. */ VOID PhQueueItemWorkQueueEx( _Inout_ PPH_WORK_QUEUE WorkQueue, _In_ PUSER_THREAD_START_ROUTINE Function, _In_opt_ PVOID Context, _In_opt_ PPH_WORK_QUEUE_ITEM_DELETE_FUNCTION DeleteFunction ) { PPH_WORK_QUEUE_ITEM workQueueItem; workQueueItem = PhpCreateWorkQueueItem(Function, Context, DeleteFunction); // Enqueue the work item. PhAcquireQueuedLockExclusive(&WorkQueue->QueueLock); InsertTailList(&WorkQueue->QueueListHead, &workQueueItem->ListEntry); _InterlockedIncrement(&WorkQueue->BusyCount); PhReleaseQueuedLockExclusive(&WorkQueue->QueueLock); // Signal the semaphore once to let a worker thread continue. NtReleaseSemaphore(PhpGetSemaphoreWorkQueue(WorkQueue), 1, NULL); PHLIB_INC_STATISTIC(WqWorkItemsQueued); // Check if all worker threads are currently busy, and if we can create more threads. if (WorkQueue->BusyCount >= WorkQueue->CurrentThreads && WorkQueue->CurrentThreads < WorkQueue->MaximumThreads) { // Lock and re-check. PhAcquireQueuedLockExclusive(&WorkQueue->StateLock); if (WorkQueue->CurrentThreads < WorkQueue->MaximumThreads) PhpCreateWorkQueueThread(WorkQueue); PhReleaseQueuedLockExclusive(&WorkQueue->StateLock); } }
BOOLEAN PhpHeadQueryObjectHack( VOID ) { PhAcquireQueuedLockExclusive(&PhQueryObjectMutex); // Create a query thread if we don't have one. if (!PhQueryObjectThreadHandle) { PhQueryObjectThreadHandle = CreateThread(NULL, 0, PhpQueryObjectThreadStart, NULL, 0, NULL); if (!PhQueryObjectThreadHandle) { PhReleaseQueuedLockExclusive(&PhQueryObjectMutex); return FALSE; } } // Create the events if they don't exist. if (!PhQueryObjectStartEvent) { if (!NT_SUCCESS(NtCreateEvent( &PhQueryObjectStartEvent, EVENT_ALL_ACCESS, NULL, SynchronizationEvent, FALSE ))) { PhReleaseQueuedLockExclusive(&PhQueryObjectMutex); return FALSE; } } if (!PhQueryObjectCompletedEvent) { if (!NT_SUCCESS(NtCreateEvent( &PhQueryObjectCompletedEvent, EVENT_ALL_ACCESS, NULL, SynchronizationEvent, FALSE ))) { PhReleaseQueuedLockExclusive(&PhQueryObjectMutex); return FALSE; } } return TRUE; }
NTSTATUS PhpTailQueryObjectHack( __out_opt PULONG ReturnLength ) { NTSTATUS status; LARGE_INTEGER timeout; PhQueryObjectContext.Initialized = TRUE; // Allow the worker thread to start. NtSetEvent(PhQueryObjectStartEvent, NULL); // Wait for the work to complete, with a timeout of 1 second. timeout.QuadPart = -1000 * PH_TIMEOUT_MS; status = NtWaitForSingleObject(PhQueryObjectCompletedEvent, FALSE, &timeout); PhQueryObjectContext.Initialized = FALSE; // Return normally if the work was completed. if (status == STATUS_WAIT_0) { ULONG returnLength; status = PhQueryObjectContext.Status; returnLength = PhQueryObjectContext.ReturnLength; PhReleaseQueuedLockExclusive(&PhQueryObjectMutex); if (ReturnLength) *ReturnLength = returnLength; return status; } // Kill the worker thread if it took too long. // else if (status == STATUS_TIMEOUT) else { // Kill the thread. if (NT_SUCCESS(NtTerminateThread(PhQueryObjectThreadHandle, STATUS_TIMEOUT))) { PhQueryObjectThreadHandle = NULL; // Delete the fiber (and free the thread stack). DeleteFiber(PhQueryObjectFiber); PhQueryObjectFiber = NULL; } PhReleaseQueuedLockExclusive(&PhQueryObjectMutex); return STATUS_UNSUCCESSFUL; } }
static VOID EtpProcessSymbolLookupResults( _In_ HWND hwndDlg, _In_ PWS_WATCH_CONTEXT Context ) { PSINGLE_LIST_ENTRY listEntry; // Remove all results. PhAcquireQueuedLockExclusive(&Context->ResultListLock); listEntry = Context->ResultListHead.Next; Context->ResultListHead.Next = NULL; PhReleaseQueuedLockExclusive(&Context->ResultListLock); // Update the list view with the results. while (listEntry) { PSYMBOL_LOOKUP_RESULT result; result = CONTAINING_RECORD(listEntry, SYMBOL_LOOKUP_RESULT, ListEntry); listEntry = listEntry->Next; PhSetListViewSubItem( Context->ListViewHandle, PhFindListViewItemByParam(Context->ListViewHandle, -1, result->Address), 0, result->Symbol->Buffer ); PhDereferenceObject(result->Symbol); PhFree(result); } }
VOID PkUpdateArchiveExtractCallback::Run() { HRESULT result; IInArchive *currentArchive; PhAcquireQueuedLockExclusive(&Lock); while (!ThreadStopping) { if (!InArchive) { PhWaitForCondition(&Condition, &Lock, NULL); continue; } currentArchive = InArchive; currentArchive->AddRef(); result = currentArchive->Extract(NULL, -1, FALSE, this); currentArchive->Release(); if (result != E_ABORT && !SUCCEEDED(result)) Result = result; } PhReleaseQueuedLockExclusive(&Lock); }
VOID PkUpdateArchiveExtractCallback::SetNewJob(IInArchive *NewInArchive, ULONG NewItemIndex, IOutStream *NewOutStream) { PhAcquireQueuedLockExclusive(&Lock); // Wait for the current job to finish. while (!ThreadStopping && ItemIndex != -1) PhWaitForCondition(&Condition, &Lock, NULL); if (ThreadStopping) return; if (NewInArchive) NewInArchive->AddRef(); if (InArchive) InArchive->Release(); InArchive = NewInArchive; ItemIndex = NewItemIndex; if (NewOutStream) NewOutStream->AddRef(); if (OutStream) OutStream->Release(); OutStream = NewOutStream; PhPulseCondition(&Condition); PhReleaseQueuedLockExclusive(&Lock); }
static VOID EtpDereferenceWsWatchContext( _Inout_ PWS_WATCH_CONTEXT Context ) { if (_InterlockedDecrement(&Context->RefCount) == 0) { PSINGLE_LIST_ENTRY listEntry; if (Context->SymbolProvider) PhDereferenceObject(Context->SymbolProvider); // Free all unused results. PhAcquireQueuedLockExclusive(&Context->ResultListLock); listEntry = Context->ResultListHead.Next; while (listEntry) { PSYMBOL_LOOKUP_RESULT result; result = CONTAINING_RECORD(listEntry, SYMBOL_LOOKUP_RESULT, ListEntry); listEntry = listEntry->Next; PhDereferenceObject(result->Symbol); PhFree(result); } PhReleaseQueuedLockExclusive(&Context->ResultListLock); PhFree(Context); } }
/** * Frees resources used by a work queue. * * \param WorkQueue A work queue object. */ VOID PhDeleteWorkQueue( __inout PPH_WORK_QUEUE WorkQueue ) { PLIST_ENTRY listEntry; PPH_WORK_QUEUE_ITEM workQueueItem; #ifdef DEBUG PhAcquireQueuedLockExclusive(&PhDbgWorkQueueListLock); RemoveEntryList(&WorkQueue->DbgListEntry); PhReleaseQueuedLockExclusive(&PhDbgWorkQueueListLock); #endif // Wait for all worker threads to exit. WorkQueue->Terminating = TRUE; NtReleaseSemaphore(WorkQueue->SemaphoreHandle, WorkQueue->CurrentThreads, NULL); PhWaitForRundownProtection(&WorkQueue->RundownProtect); // Free all un-executed work items. listEntry = WorkQueue->QueueListHead.Flink; while (listEntry != &WorkQueue->QueueListHead) { workQueueItem = CONTAINING_RECORD(listEntry, PH_WORK_QUEUE_ITEM, ListEntry); listEntry = listEntry->Flink; PhFreeToFreeList(&PhWorkQueueItemFreeList, workQueueItem); } NtClose(WorkQueue->SemaphoreHandle); }
_May_raise_ VOID PhSetStringSetting2( _In_ PWSTR Name, _In_ PPH_STRINGREF Value ) { PPH_SETTING setting; PH_STRINGREF name; PhInitializeStringRef(&name, Name); PhAcquireQueuedLockExclusive(&PhSettingsLock); setting = PhpLookupSetting(&name); if (setting && setting->Type == StringSettingType) { PhpFreeSettingValue(StringSettingType, setting); setting->u.Pointer = PhCreateString2(Value); } PhReleaseQueuedLockExclusive(&PhSettingsLock); if (!setting) PhRaiseStatus(STATUS_NOT_FOUND); }
static VOID NTAPI ProcessesUpdatedCallback( __in_opt PVOID Parameter, __in_opt PVOID Context ) { PLIST_ENTRY listEntry; // Note: no lock is needed because we only ever modify the list on this same thread. listEntry = EtProcessBlockListHead.Flink; while (listEntry != &EtProcessBlockListHead) { PET_PROCESS_BLOCK block; block = CONTAINING_RECORD(listEntry, ET_PROCESS_BLOCK, ListEntry); PhUpdateDelta(&block->HardFaultsDelta, block->ProcessItem->HardFaultCount); // Invalidate all text. PhAcquireQueuedLockExclusive(&block->TextCacheLock); memset(block->TextCacheValid, 0, sizeof(block->TextCacheValid)); PhReleaseQueuedLockExclusive(&block->TextCacheLock); listEntry = listEntry->Flink; } }
static VOID NTAPI NetworkItemsUpdatedCallback( __in_opt PVOID Parameter, __in_opt PVOID Context ) { PLIST_ENTRY listEntry; // Note: no lock is needed because we only ever modify the list on this same thread. listEntry = EtNetworkBlockListHead.Flink; while (listEntry != &EtNetworkBlockListHead) { PET_NETWORK_BLOCK block; block = CONTAINING_RECORD(listEntry, ET_NETWORK_BLOCK, ListEntry); // Invalidate all text. PhAcquireQueuedLockExclusive(&block->TextCacheLock); memset(block->TextCacheValid, 0, sizeof(block->TextCacheValid)); PhReleaseQueuedLockExclusive(&block->TextCacheLock); listEntry = listEntry->Flink; } }
/** * Initializes a work queue. * * \param WorkQueue A work queue object. * \param MinimumThreads The suggested minimum number of threads to keep alive, even * when there is no work to be performed. * \param MaximumThreads The suggested maximum number of threads to create. * \param NoWorkTimeout The number of milliseconds after which threads without work * will terminate. */ VOID PhInitializeWorkQueue( __out PPH_WORK_QUEUE WorkQueue, __in ULONG MinimumThreads, __in ULONG MaximumThreads, __in ULONG NoWorkTimeout ) { PhInitializeRundownProtection(&WorkQueue->RundownProtect); WorkQueue->Terminating = FALSE; InitializeListHead(&WorkQueue->QueueListHead); PhInitializeQueuedLock(&WorkQueue->QueueLock); WorkQueue->MinimumThreads = MinimumThreads; WorkQueue->MaximumThreads = MaximumThreads; WorkQueue->NoWorkTimeout = NoWorkTimeout; PhInitializeQueuedLock(&WorkQueue->StateLock); NtCreateSemaphore(&WorkQueue->SemaphoreHandle, SEMAPHORE_ALL_ACCESS, NULL, 0, MAXLONG); WorkQueue->CurrentThreads = 0; WorkQueue->BusyThreads = 0; #ifdef DEBUG PhAcquireQueuedLockExclusive(&PhDbgWorkQueueListLock); InsertTailList(&PhDbgWorkQueueListHead, &WorkQueue->DbgListEntry); PhReleaseQueuedLockExclusive(&PhDbgWorkQueueListLock); #endif }
VOID VirusTotalRemoveCacheResult( _In_ PPROCESS_EXTENSION Extension ) { PhAcquireQueuedLockExclusive(&ProcessListLock); for (ULONG i = 0; i < VirusTotalList->Count; i++) { PVIRUSTOTAL_FILE_HASH_ENTRY extension = VirusTotalList->Items[i]; PhRemoveItemList(VirusTotalList, i); PhClearReference(&extension->FileName); PhClearReference(&extension->FileHash); PhClearReference(&extension->FileNameAnsi); PhClearReference(&extension->FileHashAnsi); PhClearReference(&extension->CreationTime); PhFree(extension); } //PhClearList(VirusTotalList); //PhDereferenceObject(VirusTotalList); PhReleaseQueuedLockExclusive(&ProcessListLock); }
_May_raise_ VOID PhSetScalableIntegerPairSetting( _In_ PWSTR Name, _In_ PH_SCALABLE_INTEGER_PAIR Value ) { PPH_SETTING setting; PH_STRINGREF name; PhInitializeStringRef(&name, Name); PhAcquireQueuedLockExclusive(&PhSettingsLock); setting = PhpLookupSetting(&name); if (setting && setting->Type == ScalableIntegerPairSettingType) { PhpFreeSettingValue(ScalableIntegerPairSettingType, setting); setting->u.Pointer = PhAllocateCopy(&Value, sizeof(PH_SCALABLE_INTEGER_PAIR)); } PhReleaseQueuedLockExclusive(&PhSettingsLock); if (!setting) PhRaiseStatus(STATUS_NOT_FOUND); }
/** * Initializes a work queue. * * \param WorkQueue A work queue object. * \param MinimumThreads The suggested minimum number of threads to keep alive, even * when there is no work to be performed. * \param MaximumThreads The suggested maximum number of threads to create. * \param NoWorkTimeout The number of milliseconds after which threads without work * will terminate. */ VOID PhInitializeWorkQueue( _Out_ PPH_WORK_QUEUE WorkQueue, _In_ ULONG MinimumThreads, _In_ ULONG MaximumThreads, _In_ ULONG NoWorkTimeout ) { PhInitializeRundownProtection(&WorkQueue->RundownProtect); WorkQueue->Terminating = FALSE; InitializeListHead(&WorkQueue->QueueListHead); PhInitializeQueuedLock(&WorkQueue->QueueLock); PhInitializeQueuedLock(&WorkQueue->QueueEmptyCondition); WorkQueue->MinimumThreads = MinimumThreads; WorkQueue->MaximumThreads = MaximumThreads; WorkQueue->NoWorkTimeout = NoWorkTimeout; PhInitializeQueuedLock(&WorkQueue->StateLock); WorkQueue->SemaphoreHandle = NULL; WorkQueue->CurrentThreads = 0; WorkQueue->BusyCount = 0; #ifdef DEBUG PhAcquireQueuedLockExclusive(&PhDbgWorkQueueListLock); PhAddItemList(PhDbgWorkQueueList, WorkQueue); PhReleaseQueuedLockExclusive(&PhDbgWorkQueueListLock); #endif }
static NTSTATUS NetworkWorkerThreadStart( __in PVOID Parameter ) { NTSTATUS status; PNETWORK_OUTPUT_CONTEXT context = Parameter; IO_STATUS_BLOCK isb; UCHAR buffer[4096]; while (TRUE) { status = NtReadFile( context->PipeReadHandle, NULL, NULL, NULL, &isb, buffer, sizeof(buffer), NULL, NULL ); PhAcquireQueuedLockExclusive(&context->WindowHandleLock); if (!context->WindowHandle) { PhReleaseQueuedLockExclusive(&context->WindowHandleLock); goto ExitCleanup; } if (!NT_SUCCESS(status)) { SendMessage(context->WindowHandle, NTM_DONE, 0, 0); PhReleaseQueuedLockExclusive(&context->WindowHandleLock); goto ExitCleanup; } SendMessage(context->WindowHandle, NTM_RECEIVED, (WPARAM)isb.Information, (LPARAM)buffer); PhReleaseQueuedLockExclusive(&context->WindowHandleLock); } ExitCleanup: NtClose(context->PipeReadHandle); return STATUS_SUCCESS; }
VOID PkUpdateArchiveExtractCallback::WaitForJob() { PhAcquireQueuedLockExclusive(&Lock); while (InArchive && ItemIndex != -1) PhWaitForCondition(&Condition, &Lock, NULL); PhReleaseQueuedLockExclusive(&Lock); }
VOID PkUpdateArchiveExtractCallback::StopThread() { SetNewJob(NULL, -1, NULL); PhAcquireQueuedLockExclusive(&Lock); ThreadStopping = TRUE; PhPulseCondition(&Condition); PhReleaseQueuedLockExclusive(&Lock); }
static BOOLEAN NTAPI EnumModulesCallback( __in PPH_MODULE_INFO Module, __in_opt PVOID Context ) { PPH_STRING upperFileName; upperFileName = PhDuplicateString(Module->FileName); PhUpperString(upperFileName); if ( PhFindStringInString(upperFileName, 0, SearchString->Buffer) != -1 || (UseSearchPointer && Module->BaseAddress == (PVOID)SearchPointer) ) { PPHP_OBJECT_SEARCH_RESULT searchResult; PWSTR typeName; switch (Module->Type) { case PH_MODULE_TYPE_MAPPED_FILE: typeName = L"Mapped File"; break; case PH_MODULE_TYPE_MAPPED_IMAGE: typeName = L"Mapped Image"; break; default: typeName = L"DLL"; break; } searchResult = PhAllocate(sizeof(PHP_OBJECT_SEARCH_RESULT)); searchResult->ProcessId = (HANDLE)Context; searchResult->ResultType = (Module->Type == PH_MODULE_TYPE_MAPPED_FILE || Module->Type == PH_MODULE_TYPE_MAPPED_IMAGE) ? MappedFileSearchResult : ModuleSearchResult; searchResult->Handle = (HANDLE)Module->BaseAddress; searchResult->TypeName = PhCreateString(typeName); PhReferenceObject(Module->FileName); searchResult->Name = Module->FileName; PhPrintPointer(searchResult->HandleString, Module->BaseAddress); memset(&searchResult->Info, 0, sizeof(SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)); PhAcquireQueuedLockExclusive(&SearchResultsLock); PhAddItemList(SearchResults, searchResult); // Update the search results in batches of 40. if (SearchResults->Count % 40 == 0) PostMessage(PhFindObjectsWindowHandle, WM_PH_SEARCH_UPDATE, 0, 0); PhReleaseQueuedLockExclusive(&SearchResultsLock); } PhDereferenceObject(upperFileName); return TRUE; }
static BOOLEAN NTAPI PhpWalkThreadStackCallback( _In_ PPH_THREAD_STACK_FRAME StackFrame, _In_opt_ PVOID Context ) { PTHREAD_STACK_CONTEXT threadStackContext = (PTHREAD_STACK_CONTEXT)Context; PPH_STRING symbol; PTHREAD_STACK_ITEM item; if (threadStackContext->StopWalk) return FALSE; PhAcquireQueuedLockExclusive(&threadStackContext->StatusLock); PhMoveReference(&threadStackContext->StatusMessage, PhFormatString(L"Processing frame %u...", threadStackContext->NewList->Count)); PhReleaseQueuedLockExclusive(&threadStackContext->StatusLock); PostMessage(threadStackContext->ProgressWindowHandle, WM_PH_STATUS_UPDATE, 0, 0); symbol = PhGetSymbolFromAddress( threadStackContext->SymbolProvider, (ULONG64)StackFrame->PcAddress, NULL, NULL, NULL, NULL ); if (symbol && (StackFrame->Flags & PH_THREAD_STACK_FRAME_I386) && !(StackFrame->Flags & PH_THREAD_STACK_FRAME_FPO_DATA_PRESENT)) { PhMoveReference(&symbol, PhConcatStrings2(symbol->Buffer, L" (No unwind info)")); } item = PhAllocate(sizeof(THREAD_STACK_ITEM)); item->StackFrame = *StackFrame; item->Index = threadStackContext->NewList->Count; if (PhPluginsEnabled) { PH_PLUGIN_THREAD_STACK_CONTROL control; control.Type = PluginThreadStackResolveSymbol; control.UniqueKey = threadStackContext; control.u.ResolveSymbol.StackFrame = StackFrame; control.u.ResolveSymbol.Symbol = symbol; PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackThreadStackControl), &control); symbol = control.u.ResolveSymbol.Symbol; } item->Symbol = symbol; PhAddItemList(threadStackContext->NewList, item); return TRUE; }
/** * Waits for all queued work items to be executed. * * \param WorkQueue A work queue object. */ VOID PhWaitForWorkQueue( _Inout_ PPH_WORK_QUEUE WorkQueue ) { PhAcquireQueuedLockExclusive(&WorkQueue->QueueLock); while (!IsListEmpty(&WorkQueue->QueueListHead)) PhWaitForCondition(&WorkQueue->QueueEmptyCondition, &WorkQueue->QueueLock, NULL); PhReleaseQueuedLockExclusive(&WorkQueue->QueueLock); }
VOID EtDiskProcessFileEvent( __in PET_ETW_FILE_EVENT Event ) { PH_KEY_VALUE_PAIR pair; PPH_KEY_VALUE_PAIR realPair; if (!EtDiskEnabled) return; if (Event->Type == EtEtwFileCreateType || Event->Type == EtEtwFileRundownType) { pair.Key = Event->FileObject; pair.Value = NULL; PhAcquireQueuedLockExclusive(&EtFileNameHashtableLock); realPair = PhAddEntryHashtableEx(EtFileNameHashtable, &pair, NULL); PhSwapReference2(&realPair->Value, PhCreateStringEx(Event->FileName.Buffer, Event->FileName.Length)); PhReleaseQueuedLockExclusive(&EtFileNameHashtableLock); } else if (Event->Type == EtEtwFileDeleteType) { pair.Key = Event->FileObject; PhAcquireQueuedLockExclusive(&EtFileNameHashtableLock); realPair = PhFindEntryHashtable(EtFileNameHashtable, &pair); if (realPair) { PhDereferenceObject(realPair->Value); PhRemoveEntryHashtable(EtFileNameHashtable, &pair); } PhReleaseQueuedLockExclusive(&EtFileNameHashtableLock); } }
/** * Queues a work item to a work queue. * * \param WorkQueue A work queue object. * \param Function A function to execute. * \param Context A user-defined value to pass to the function. */ VOID PhQueueItemWorkQueue( __inout PPH_WORK_QUEUE WorkQueue, __in PTHREAD_START_ROUTINE Function, __in_opt PVOID Context ) { PPH_WORK_QUEUE_ITEM workQueueItem; workQueueItem = PhAllocateFromFreeList(&PhWorkQueueItemFreeList); PhpInitializeWorkQueueItem(workQueueItem, Function, Context); // Enqueue the work item. PhAcquireQueuedLockExclusive(&WorkQueue->QueueLock); InsertTailList(&WorkQueue->QueueListHead, &workQueueItem->ListEntry); PhReleaseQueuedLockExclusive(&WorkQueue->QueueLock); // Signal the semaphore once to let a worker thread continue. NtReleaseSemaphore(WorkQueue->SemaphoreHandle, 1, NULL); PHLIB_INC_STATISTIC(WqWorkItemsQueued); // Check if all worker threads are currently busy, // and if we can create more threads. if ( WorkQueue->BusyThreads == WorkQueue->CurrentThreads && WorkQueue->CurrentThreads < WorkQueue->MaximumThreads ) { // Lock and re-check. PhAcquireQueuedLockExclusive(&WorkQueue->StateLock); if (WorkQueue->CurrentThreads < WorkQueue->MaximumThreads) { PhpCreateWorkQueueThread(WorkQueue); } PhReleaseQueuedLockExclusive(&WorkQueue->StateLock); } }
VOID NTAPI ServiceItemDeleteCallback( _In_ PVOID Object, _In_ PH_EM_OBJECT_TYPE ObjectType, _In_ PVOID Extension ) { PPH_SERVICE_ITEM serviceItem = Object; PPROCESS_EXTENSION extension = Extension; PhClearReference(&extension->VirusTotalResult); PhAcquireQueuedLockExclusive(&ProcessesListLock); RemoveEntryList(&extension->ListEntry); PhReleaseQueuedLockExclusive(&ProcessesListLock); }
VOID EtUpdateProcessInformation( VOID ) { PhAcquireQueuedLockExclusive(&EtpProcessInformationLock); if (EtpProcessInformation) { PhFree(EtpProcessInformation); EtpProcessInformation = NULL; } PhEnumProcesses(&EtpProcessInformation); PhReleaseQueuedLockExclusive(&EtpProcessInformationLock); }
VOID AdapterEntryDeleteProcedure( _In_ PVOID Object, _In_ ULONG Flags ) { PDV_NETADAPTER_ENTRY entry = Object; PhAcquireQueuedLockExclusive(&NetworkAdaptersListLock); PhRemoveItemList(NetworkAdaptersList, PhFindItemList(NetworkAdaptersList, entry)); PhReleaseQueuedLockExclusive(&NetworkAdaptersListLock); DeleteNetAdapterId(&entry->Id); PhClearReference(&entry->AdapterName); PhDeleteCircularBuffer_ULONG64(&entry->InboundBuffer); PhDeleteCircularBuffer_ULONG64(&entry->OutboundBuffer); }
VOID PhpClearIgnoredSettings( VOID ) { ULONG i; PhAcquireQueuedLockExclusive(&PhSettingsLock); for (i = 0; i < PhIgnoredSettings->Count; i++) { PhpFreeIgnoredSetting(PhIgnoredSettings->Items[i]); } PhClearList(PhIgnoredSettings); PhReleaseQueuedLockExclusive(&PhSettingsLock); }
static VOID DiskEntryDeleteProcedure( _In_ PVOID Object, _In_ ULONG Flags ) { PDV_DISK_ENTRY entry = Object; PhAcquireQueuedLockExclusive(&DiskDrivesListLock); PhRemoveItemList(DiskDrivesList, PhFindItemList(DiskDrivesList, entry)); PhReleaseQueuedLockExclusive(&DiskDrivesListLock); DeleteDiskId(&entry->Id); PhClearReference(&entry->DiskName); PhDeleteCircularBuffer_ULONG64(&entry->ReadBuffer); PhDeleteCircularBuffer_ULONG64(&entry->WriteBuffer); }
VOID NTAPI ServiceItemCreateCallback( _In_ PVOID Object, _In_ PH_EM_OBJECT_TYPE ObjectType, _In_ PVOID Extension ) { PPH_SERVICE_ITEM serviceItem = Object; PPROCESS_EXTENSION extension = Extension; memset(extension, 0, sizeof(PROCESS_EXTENSION)); extension->ServiceItem = serviceItem; PhAcquireQueuedLockExclusive(&ProcessesListLock); InsertTailList(&ProcessListHead, &extension->ListEntry); PhReleaseQueuedLockExclusive(&ProcessesListLock); }