VOID StatusBarShowMenu(
_In_ PPOINT Point
)
{
PPH_EMENU menu;
PPH_EMENU_ITEM selectedItem;
menu = PhCreateEMenu();
PhInsertEMenuItem(menu, PhCreateEMenuItem(0, COMMAND_ID_ENABLE_SEARCHBOX, L"Customize...", NULL, NULL), -1);
selectedItem = PhShowEMenu(
menu,
PhMainWndHandle,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_BOTTOM,
Point->x,
Point->y
);
if (selectedItem && selectedItem->Id != -1)
{
StatusBarShowCustomizeDialog();
StatusBarUpdate(TRUE);
}
PhDestroyEMenu(menu);
}
VOID DotNetAsmShowContextMenu(
_In_ PASMPAGE_CONTEXT Context,
_In_ POINT Location
)
{
PDNA_NODE node;
PPH_EMENU menu;
PPH_EMENU_ITEM selectedItem;
if (!(node = DotNetAsmGetSelectedEntry(Context)))
return;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PluginInstance->DllBase, MAKEINTRESOURCE(IDR_ASSEMBLY_MENU), 0);
if (PhIsNullOrEmptyString(node->PathText) || !RtlDoesFileExists_U(node->PathText->Buffer))
{
PhSetFlagsEMenuItem(menu, ID_CLR_OPENFILELOCATION, PH_EMENU_DISABLED, PH_EMENU_DISABLED);
}
selectedItem = PhShowEMenu(
menu,
Context->WindowHandle,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
Location.x,
Location.y
);
if (selectedItem && selectedItem->Id != -1)
{
switch (selectedItem->Id)
{
case ID_CLR_OPENFILELOCATION:
{
if (!PhIsNullOrEmptyString(node->PathText) && RtlDoesFileExists_U(node->PathText->Buffer))
{
PhShellExploreFile(Context->WindowHandle, node->PathText->Buffer);
}
}
break;
case ID_CLR_COPY:
{
PPH_STRING text;
text = PhGetTreeNewText(Context->TnHandle, 0);
PhSetClipboardString(Context->TnHandle, &text->sr);
PhDereferenceObject(text);
}
break;
}
}
PhDestroyEMenu(menu);
}
INT_PTR CALLBACK PhpMemoryResultsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PMEMORY_RESULTS_CONTEXT context;
if (uMsg != WM_INITDIALOG)
{
context = GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PMEMORY_RESULTS_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhRegisterDialog(hwndDlg);
{
PPH_PROCESS_ITEM processItem;
if (processItem = PhReferenceProcessItem(context->ProcessId))
{
SetWindowText(hwndDlg, PhaFormatString(L"Results - %s (%u)",
processItem->ProcessName->Buffer, HandleToUlong(processItem->ProcessId))->Buffer);
PhDereferenceObject(processItem);
}
}
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 120, L"Address");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 80, L"Length");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Result");
PhLoadListViewColumnsFromSetting(L"MemResultsListViewColumns", lvHandle);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL,
PH_ANCHOR_ALL);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDOK), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_COPY), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_SAVE), NULL,
PH_ANCHOR_RIGHT | PH_ANCHOR_BOTTOM);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_FILTER), NULL,
PH_ANCHOR_BOTTOM | PH_ANCHOR_LEFT);
if (MinimumSize.left == -1)
{
RECT rect;
rect.left = 0;
rect.top = 0;
rect.right = 250;
rect.bottom = 180;
MapDialogRect(hwndDlg, &rect);
MinimumSize = rect;
MinimumSize.left = 0;
}
ListView_SetItemCount(lvHandle, context->Results->Count);
SetDlgItemText(hwndDlg, IDC_INTRO, PhaFormatString(L"%s results.",
PhaFormatUInt64(context->Results->Count, TRUE)->Buffer)->Buffer);
{
PH_RECTANGLE windowRectangle;
windowRectangle.Position = PhGetIntegerPairSetting(L"MemResultsPosition");
windowRectangle.Size = PhGetIntegerPairSetting(L"MemResultsSize");
PhAdjustRectangleToWorkingArea(hwndDlg, &windowRectangle);
MoveWindow(hwndDlg, windowRectangle.Left, windowRectangle.Top,
windowRectangle.Width, windowRectangle.Height, FALSE);
// Implement cascading by saving an offsetted rectangle.
windowRectangle.Left += 20;
windowRectangle.Top += 20;
PhSetIntegerPairSetting(L"MemResultsPosition", windowRectangle.Position);
PhSetIntegerPairSetting(L"MemResultsSize", windowRectangle.Size);
}
}
break;
case WM_DESTROY:
{
PhSaveWindowPlacementToSetting(L"MemResultsPosition", L"MemResultsSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"MemResultsListViewColumns", GetDlgItem(hwndDlg, IDC_LIST));
PhDeleteLayoutManager(&context->LayoutManager);
PhUnregisterDialog(hwndDlg);
RemoveProp(hwndDlg, PhMakeContextAtom());
PhDereferenceMemoryResults((PPH_MEMORY_RESULT *)context->Results->Items, context->Results->Count);
PhDereferenceObject(context->Results);
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
DestroyWindow(hwndDlg);
break;
case IDC_COPY:
{
HWND lvHandle;
PPH_STRING string;
ULONG selectedCount;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
selectedCount = ListView_GetSelectedCount(lvHandle);
if (selectedCount == 0)
{
// User didn't select anything, so copy all items.
string = PhpGetStringForSelectedResults(lvHandle, context->Results, TRUE);
PhSetStateAllListViewItems(lvHandle, LVIS_SELECTED, LVIS_SELECTED);
}
else
{
string = PhpGetStringForSelectedResults(lvHandle, context->Results, FALSE);
}
PhSetClipboardString(hwndDlg, &string->sr);
PhDereferenceObject(string);
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)lvHandle, TRUE);
}
break;
case IDC_SAVE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Text files (*.txt)", L"*.txt" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateSaveFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, L"Search Results.txt");
if (PhShowFileDialog(hwndDlg, fileDialog))
{
NTSTATUS status;
PPH_STRING fileName;
PPH_FILE_STREAM fileStream;
PPH_STRING string;
fileName = PH_AUTO(PhGetFileDialogFileName(fileDialog));
if (NT_SUCCESS(status = PhCreateFileStream(
&fileStream,
fileName->Buffer,
FILE_GENERIC_WRITE,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
0
)))
{
PhWriteStringAsUtf8FileStream(fileStream, &PhUnicodeByteOrderMark);
PhWritePhTextHeader(fileStream);
string = PhpGetStringForSelectedResults(GetDlgItem(hwndDlg, IDC_LIST), context->Results, TRUE);
PhWriteStringAsUtf8FileStreamEx(fileStream, string->Buffer, string->Length);
PhDereferenceObject(string);
PhDereferenceObject(fileStream);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to create the file", status, 0);
}
PhFreeFileDialog(fileDialog);
}
break;
case IDC_FILTER:
{
PPH_EMENU menu;
RECT buttonRect;
POINT point;
PPH_EMENU_ITEM selectedItem;
ULONG filterType = 0;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_MEMFILTER), 0);
GetClientRect(GetDlgItem(hwndDlg, IDC_FILTER), &buttonRect);
point.x = 0;
point.y = buttonRect.bottom;
ClientToScreen(GetDlgItem(hwndDlg, IDC_FILTER), &point);
selectedItem = PhShowEMenu(menu, hwndDlg, PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP, point.x, point.y);
if (selectedItem)
{
switch (selectedItem->Id)
{
case ID_FILTER_CONTAINS:
filterType = FILTER_CONTAINS;
break;
case ID_FILTER_CONTAINS_CASEINSENSITIVE:
filterType = FILTER_CONTAINS_IGNORECASE;
break;
case ID_FILTER_REGEX:
filterType = FILTER_REGEX;
break;
case ID_FILTER_REGEX_CASEINSENSITIVE:
filterType = FILTER_REGEX_IGNORECASE;
break;
}
}
if (filterType != 0)
FilterResults(hwndDlg, context, filterType);
PhDestroyEMenu(menu);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
HWND lvHandle;
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhHandleListViewNotifyForCopy(lParam, lvHandle);
switch (header->code)
{
case LVN_GETDISPINFO:
{
NMLVDISPINFO *dispInfo = (NMLVDISPINFO *)header;
if (dispInfo->item.mask & LVIF_TEXT)
{
PPH_MEMORY_RESULT result = context->Results->Items[dispInfo->item.iItem];
switch (dispInfo->item.iSubItem)
{
case 0:
{
WCHAR addressString[PH_PTR_STR_LEN_1];
PhPrintPointer(addressString, result->Address);
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
addressString,
_TRUNCATE
);
}
break;
case 1:
{
WCHAR lengthString[PH_INT32_STR_LEN_1];
PhPrintUInt32(lengthString, (ULONG)result->Length);
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
lengthString,
_TRUNCATE
);
}
break;
case 2:
wcsncpy_s(
dispInfo->item.pszText,
dispInfo->item.cchTextMax,
result->Display.Buffer,
_TRUNCATE
);
break;
}
}
}
break;
case NM_DBLCLK:
{
if (header->hwndFrom == lvHandle)
{
INT index;
if ((index = ListView_GetNextItem(
lvHandle,
-1,
LVNI_SELECTED
)) != -1)
{
NTSTATUS status;
PPH_MEMORY_RESULT result = context->Results->Items[index];
HANDLE processHandle;
MEMORY_BASIC_INFORMATION basicInfo;
PPH_SHOWMEMORYEDITOR showMemoryEditor;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
context->ProcessId
)))
{
if (NT_SUCCESS(status = NtQueryVirtualMemory(
processHandle,
result->Address,
MemoryBasicInformation,
&basicInfo,
sizeof(MEMORY_BASIC_INFORMATION),
NULL
)))
{
showMemoryEditor = PhAllocate(sizeof(PH_SHOWMEMORYEDITOR));
memset(showMemoryEditor, 0, sizeof(PH_SHOWMEMORYEDITOR));
showMemoryEditor->ProcessId = context->ProcessId;
showMemoryEditor->BaseAddress = basicInfo.BaseAddress;
showMemoryEditor->RegionSize = basicInfo.RegionSize;
showMemoryEditor->SelectOffset = (ULONG)((ULONG_PTR)result->Address - (ULONG_PTR)basicInfo.BaseAddress);
showMemoryEditor->SelectLength = (ULONG)result->Length;
ProcessHacker_ShowMemoryEditor(PhMainWndHandle, showMemoryEditor);
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
PhShowStatus(hwndDlg, L"Unable to edit memory", status, 0);
}
}
}
break;
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&context->LayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
}
return FALSE;
}
static INT_PTR CALLBACK PhpFindObjectsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
PhFindObjectsListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_FILTER),
NULL, PH_ANCHOR_LEFT | PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDC_REGEX),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, GetDlgItem(hwndDlg, IDOK),
NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&WindowLayoutManager, lvHandle,
NULL, PH_ANCHOR_ALL);
MinimumSize.left = 0;
MinimumSize.top = 0;
MinimumSize.right = 150;
MinimumSize.bottom = 100;
MapDialogRect(hwndDlg, &MinimumSize);
PhRegisterDialog(hwndDlg);
PhLoadWindowPlacementFromSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSetListViewStyle(lvHandle, TRUE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Process");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 100, L"Type");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Handle");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetSortFast(lvHandle, TRUE);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpObjectProcessCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpObjectTypeCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpObjectNameCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpObjectHandleCompareFunction);
PhLoadListViewColumnsFromSetting(L"FindObjListViewColumns", lvHandle);
Button_SetCheck(GetDlgItem(hwndDlg, IDC_REGEX), PhGetIntegerSetting(L"FindObjRegex") ? BST_CHECKED : BST_UNCHECKED);
}
break;
case WM_DESTROY:
{
PhSetIntegerSetting(L"FindObjRegex", Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED);
PhSaveWindowPlacementToSetting(L"FindObjWindowPosition", L"FindObjWindowSize", hwndDlg);
PhSaveListViewColumnsToSetting(L"FindObjListViewColumns", PhFindObjectsListViewHandle);
}
break;
case WM_SHOWWINDOW:
{
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_FILTER), TRUE);
Edit_SetSel(GetDlgItem(hwndDlg, IDC_FILTER), 0, -1);
}
break;
case WM_CLOSE:
{
ShowWindow(hwndDlg, SW_HIDE);
// IMPORTANT
// Set the result to 0 so the default dialog message
// handler doesn't invoke IDCANCEL, which will send
// WM_CLOSE, creating an infinite loop.
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, 0);
}
return TRUE;
case WM_SETCURSOR:
{
if (SearchThreadHandle)
{
SetCursor(LoadCursor(NULL, IDC_WAIT));
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, TRUE);
return TRUE;
}
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDOK:
{
// Don't continue if the user requested cancellation.
if (SearchStop)
break;
if (!SearchThreadHandle)
{
ULONG i;
PhMoveReference(&SearchString, PhGetWindowText(GetDlgItem(hwndDlg, IDC_FILTER)));
if (SearchRegexCompiledExpression)
{
pcre2_code_free(SearchRegexCompiledExpression);
SearchRegexCompiledExpression = NULL;
}
if (SearchRegexMatchData)
{
pcre2_match_data_free(SearchRegexMatchData);
SearchRegexMatchData = NULL;
}
if (Button_GetCheck(GetDlgItem(hwndDlg, IDC_REGEX)) == BST_CHECKED)
{
int errorCode;
PCRE2_SIZE errorOffset;
SearchRegexCompiledExpression = pcre2_compile(
SearchString->Buffer,
SearchString->Length / sizeof(WCHAR),
PCRE2_CASELESS | PCRE2_DOTALL,
&errorCode,
&errorOffset,
NULL
);
if (!SearchRegexCompiledExpression)
{
PhShowError(hwndDlg, L"Unable to compile the regular expression: \"%s\" at position %zu.",
PhGetStringOrDefault(PH_AUTO(PhPcre2GetErrorMessage(errorCode)), L"Unknown error"),
errorOffset
);
break;
}
SearchRegexMatchData = pcre2_match_data_create_from_pattern(SearchRegexCompiledExpression, NULL);
}
// Clean up previous results.
ListView_DeleteAllItems(PhFindObjectsListViewHandle);
if (SearchResults)
{
for (i = 0; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
PhDereferenceObject(searchResult->TypeName);
PhDereferenceObject(searchResult->Name);
if (searchResult->ProcessName)
PhDereferenceObject(searchResult->ProcessName);
PhFree(searchResult);
}
PhDereferenceObject(SearchResults);
}
// Start the search.
SearchResults = PhCreateList(128);
SearchResultsAddIndex = 0;
SearchThreadHandle = PhCreateThread(0, PhpFindObjectsThreadStart, NULL);
if (!SearchThreadHandle)
{
PhClearReference(&SearchResults);
break;
}
SetDlgItemText(hwndDlg, IDOK, L"Cancel");
SetCursor(LoadCursor(NULL, IDC_WAIT));
}
else
{
SearchStop = TRUE;
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
}
break;
case IDCANCEL:
{
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
}
break;
case ID_OBJECT_CLOSE:
{
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
ULONG i;
PhGetSelectedListViewItemParams(
PhFindObjectsListViewHandle,
&results,
&numberOfResults
);
if (numberOfResults != 0 && PhShowConfirmMessage(
hwndDlg,
L"close",
numberOfResults == 1 ? L"the selected handle" : L"the selected handles",
L"Closing handles may cause system instability and data corruption.",
FALSE
))
{
for (i = 0; i < numberOfResults; i++)
{
NTSTATUS status;
HANDLE processHandle;
if (results[i]->ResultType != HandleSearchResult)
continue;
if (NT_SUCCESS(status = PhOpenProcess(
&processHandle,
PROCESS_DUP_HANDLE,
results[i]->ProcessId
)))
{
if (NT_SUCCESS(status = PhDuplicateObject(
processHandle,
results[i]->Handle,
NULL,
NULL,
0,
0,
DUPLICATE_CLOSE_SOURCE
)))
{
PhRemoveListViewItem(PhFindObjectsListViewHandle,
PhFindListViewItemByParam(PhFindObjectsListViewHandle, 0, results[i]));
}
NtClose(processHandle);
}
if (!NT_SUCCESS(status))
{
if (!PhShowContinueStatus(hwndDlg,
PhaFormatString(L"Unable to close \"%s\"", results[i]->Name->Buffer)->Buffer,
status,
0
))
break;
}
}
}
PhFree(results);
}
break;
case ID_HANDLE_OBJECTPROPERTIES1:
case ID_HANDLE_OBJECTPROPERTIES2:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PH_HANDLE_ITEM_INFO info;
info.ProcessId = result->ProcessId;
info.Handle = result->Handle;
info.TypeName = result->TypeName;
info.BestObjectName = result->Name;
if (LOWORD(wParam) == ID_HANDLE_OBJECTPROPERTIES1)
PhShowHandleObjectProperties1(hwndDlg, &info);
else
PhShowHandleObjectProperties2(hwndDlg, &info);
}
}
break;
case ID_OBJECT_GOTOOWNINGPROCESS:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
PPH_PROCESS_NODE processNode;
if (processNode = PhFindProcessNode(result->ProcessId))
{
ProcessHacker_SelectTabPage(PhMainWndHandle, 0);
ProcessHacker_SelectProcessNode(PhMainWndHandle, processNode);
ProcessHacker_ToggleVisible(PhMainWndHandle, TRUE);
}
}
}
break;
case ID_OBJECT_PROPERTIES:
{
PPHP_OBJECT_SEARCH_RESULT result =
PhGetSelectedListViewItemParam(PhFindObjectsListViewHandle);
if (result)
{
if (result->ResultType == HandleSearchResult)
{
PPH_HANDLE_ITEM handleItem;
handleItem = PhCreateHandleItem(&result->Info);
handleItem->BestObjectName = handleItem->ObjectName = result->Name;
PhReferenceObjectEx(result->Name, 2);
handleItem->TypeName = result->TypeName;
PhReferenceObject(result->TypeName);
PhShowHandleProperties(
hwndDlg,
result->ProcessId,
handleItem
);
PhDereferenceObject(handleItem);
}
else
{
// DLL or Mapped File. Just show file properties.
PhShellProperties(hwndDlg, result->Name->Buffer);
}
}
}
break;
case ID_OBJECT_COPY:
{
PhCopyListView(PhFindObjectsListViewHandle);
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case NM_DBLCLK:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_PROPERTIES, 0);
}
}
break;
case LVN_KEYDOWN:
{
if (header->hwndFrom == PhFindObjectsListViewHandle)
{
LPNMLVKEYDOWN keyDown = (LPNMLVKEYDOWN)header;
switch (keyDown->wVKey)
{
case 'C':
if (GetKeyState(VK_CONTROL) < 0)
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_COPY, 0);
break;
case 'A':
if (GetKeyState(VK_CONTROL) < 0)
PhSetStateAllListViewItems(PhFindObjectsListViewHandle, LVIS_SELECTED, LVIS_SELECTED);
break;
case VK_DELETE:
SendMessage(hwndDlg, WM_COMMAND, ID_OBJECT_CLOSE, 0);
break;
}
}
}
break;
}
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == PhFindObjectsListViewHandle)
{
POINT point;
PPHP_OBJECT_SEARCH_RESULT *results;
ULONG numberOfResults;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
PhGetSelectedListViewItemParams(PhFindObjectsListViewHandle, &results, &numberOfResults);
if (numberOfResults != 0)
{
PPH_EMENU menu;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_FINDOBJ), 0);
PhSetFlagsEMenuItem(menu, ID_OBJECT_PROPERTIES, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT);
PhpInitializeFindObjMenu(menu, results, numberOfResults);
PhShowEMenu(
menu,
hwndDlg,
PH_EMENU_SHOW_SEND_COMMAND | PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
point.x,
point.y
);
PhDestroyEMenu(menu);
}
PhFree(results);
}
}
break;
case WM_SIZE:
{
PhLayoutManagerLayout(&WindowLayoutManager);
}
break;
case WM_SIZING:
{
PhResizingMinimumSize((PRECT)lParam, wParam, MinimumSize.right, MinimumSize.bottom);
}
break;
case WM_PH_SEARCH_UPDATE:
{
HWND lvHandle;
ULONG i;
lvHandle = GetDlgItem(hwndDlg, IDC_RESULTS);
ExtendedListView_SetRedraw(lvHandle, FALSE);
PhAcquireQueuedLockExclusive(&SearchResultsLock);
for (i = SearchResultsAddIndex; i < SearchResults->Count; i++)
{
PPHP_OBJECT_SEARCH_RESULT searchResult = SearchResults->Items[i];
CLIENT_ID clientId;
PPH_PROCESS_ITEM processItem;
PPH_STRING clientIdName;
INT lvItemIndex;
clientId.UniqueProcess = searchResult->ProcessId;
clientId.UniqueThread = NULL;
processItem = PhReferenceProcessItem(clientId.UniqueProcess);
clientIdName = PhGetClientIdNameEx(&clientId, processItem ? processItem->ProcessName : NULL);
lvItemIndex = PhAddListViewItem(
lvHandle,
MAXINT,
clientIdName->Buffer,
searchResult
);
PhDereferenceObject(clientIdName);
if (processItem)
{
PhSetReference(&searchResult->ProcessName, processItem->ProcessName);
PhDereferenceObject(processItem);
}
else
{
searchResult->ProcessName = NULL;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, searchResult->TypeName->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, searchResult->Name->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, searchResult->HandleString);
}
SearchResultsAddIndex = i;
PhReleaseQueuedLockExclusive(&SearchResultsLock);
ExtendedListView_SetRedraw(lvHandle, TRUE);
}
break;
case WM_PH_SEARCH_FINISHED:
{
NTSTATUS handleSearchStatus = (NTSTATUS)wParam;
// Add any un-added items.
SendMessage(hwndDlg, WM_PH_SEARCH_UPDATE, 0, 0);
NtWaitForSingleObject(SearchThreadHandle, FALSE, NULL);
NtClose(SearchThreadHandle);
SearchThreadHandle = NULL;
SearchStop = FALSE;
ExtendedListView_SortItems(GetDlgItem(hwndDlg, IDC_RESULTS));
SetDlgItemText(hwndDlg, IDOK, L"Find");
EnableWindow(GetDlgItem(hwndDlg, IDOK), TRUE);
SetCursor(LoadCursor(NULL, IDC_ARROW));
if (handleSearchStatus == STATUS_INSUFFICIENT_RESOURCES)
{
PhShowWarning(
hwndDlg,
L"Unable to search for handles because the total number of handles on the system is too large. "
L"Please check if there are any processes with an extremely large number of handles open."
);
}
}
break;
}
return FALSE;
}
VOID PhShowMemoryContextMenu(
_In_ HWND hwndDlg,
_In_ PPH_PROCESS_ITEM ProcessItem,
_In_ PPH_MEMORY_CONTEXT Context,
_In_ PPH_TREENEW_CONTEXT_MENU ContextMenu
)
{
PPH_MEMORY_NODE *memoryNodes;
ULONG numberOfMemoryNodes;
PhGetSelectedMemoryNodes(&Context->ListContext, &memoryNodes, &numberOfMemoryNodes);
//if (numberOfMemoryNodes != 0)
{
PPH_EMENU menu;
PPH_EMENU_ITEM item;
PH_PLUGIN_MENU_INFORMATION menuInfo;
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PhInstanceHandle, MAKEINTRESOURCE(IDR_MEMORY), 0);
PhSetFlagsEMenuItem(menu, ID_MEMORY_READWRITEMEMORY, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT);
PhpInitializeMemoryMenu(menu, ProcessItem->ProcessId, memoryNodes, numberOfMemoryNodes);
PhInsertCopyCellEMenuItem(menu, ID_MEMORY_COPY, Context->ListContext.TreeNewHandle, ContextMenu->Column);
if (PhPluginsEnabled)
{
PhPluginInitializeMenuInfo(&menuInfo, menu, hwndDlg, 0);
menuInfo.u.Memory.ProcessId = ProcessItem->ProcessId;
menuInfo.u.Memory.MemoryNodes = memoryNodes;
menuInfo.u.Memory.NumberOfMemoryNodes = numberOfMemoryNodes;
PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackMemoryMenuInitializing), &menuInfo);
}
item = PhShowEMenu(
menu,
hwndDlg,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
ContextMenu->Location.x,
ContextMenu->Location.y
);
if (item)
{
BOOLEAN handled = FALSE;
handled = PhHandleCopyCellEMenuItem(item);
if (!handled && PhPluginsEnabled)
handled = PhPluginTriggerEMenuItem(&menuInfo, item);
if (!handled)
SendMessage(hwndDlg, WM_COMMAND, item->Id, 0);
}
PhDestroyEMenu(menu);
}
PhFree(memoryNodes);
}
INT_PTR CALLBACK PhpRunAsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PRUNAS_DIALOG_CONTEXT context;
if (uMsg != WM_INITDIALOG)
{
context = (PRUNAS_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PRUNAS_DIALOG_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND typeComboBoxHandle = GetDlgItem(hwndDlg, IDC_TYPE);
HWND userNameComboBoxHandle = GetDlgItem(hwndDlg, IDC_USERNAME);
ULONG sessionId;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
if (SHAutoComplete_I)
{
SHAutoComplete_I(
GetDlgItem(hwndDlg, IDC_PROGRAM),
SHACF_AUTOAPPEND_FORCE_ON | SHACF_AUTOSUGGEST_FORCE_ON | SHACF_FILESYS_ONLY
);
}
ComboBox_AddString(typeComboBoxHandle, L"Batch");
ComboBox_AddString(typeComboBoxHandle, L"Interactive");
ComboBox_AddString(typeComboBoxHandle, L"Network");
ComboBox_AddString(typeComboBoxHandle, L"New credentials");
ComboBox_AddString(typeComboBoxHandle, L"Service");
PhSelectComboBoxString(typeComboBoxHandle, L"Interactive", FALSE);
ComboBox_AddString(userNameComboBoxHandle, L"NT AUTHORITY\\SYSTEM");
ComboBox_AddString(userNameComboBoxHandle, L"NT AUTHORITY\\LOCAL SERVICE");
ComboBox_AddString(userNameComboBoxHandle, L"NT AUTHORITY\\NETWORK SERVICE");
PhpAddAccountsToComboBox(userNameComboBoxHandle);
if (NT_SUCCESS(PhGetProcessSessionId(NtCurrentProcess(), &sessionId)))
SetDlgItemInt(hwndDlg, IDC_SESSIONID, sessionId, FALSE);
SetDlgItemText(hwndDlg, IDC_DESKTOP, L"WinSta0\\Default");
SetDlgItemText(hwndDlg, IDC_PROGRAM, PhaGetStringSetting(L"RunAsProgram")->Buffer);
if (!context->ProcessId)
{
SetDlgItemText(hwndDlg, IDC_USERNAME,
PH_AUTO_T(PH_STRING, PhGetStringSetting(L"RunAsUserName"))->Buffer);
// Fire the user name changed event so we can fix the logon type.
SendMessage(hwndDlg, WM_COMMAND, MAKEWPARAM(IDC_USERNAME, CBN_EDITCHANGE), 0);
}
else
{
HANDLE processHandle;
HANDLE tokenHandle;
PTOKEN_USER user;
PPH_STRING userName;
if (NT_SUCCESS(PhOpenProcess(
&processHandle,
ProcessQueryAccess,
context->ProcessId
)))
{
if (NT_SUCCESS(PhOpenProcessToken(
processHandle,
TOKEN_QUERY,
&tokenHandle
)))
{
if (NT_SUCCESS(PhGetTokenUser(tokenHandle, &user)))
{
if (userName = PhGetSidFullName(user->User.Sid, TRUE, NULL))
{
SetDlgItemText(hwndDlg, IDC_USERNAME, userName->Buffer);
PhDereferenceObject(userName);
}
PhFree(user);
}
NtClose(tokenHandle);
}
NtClose(processHandle);
}
EnableWindow(GetDlgItem(hwndDlg, IDC_USERNAME), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_TYPE), FALSE);
}
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_PROGRAM), TRUE);
Edit_SetSel(GetDlgItem(hwndDlg, IDC_PROGRAM), 0, -1);
//if (!PhGetOwnTokenAttributes().Elevated)
// SendMessage(GetDlgItem(hwndDlg, IDOK), BCM_SETSHIELD, 0, TRUE);
if (!WINDOWS_HAS_UAC)
ShowWindow(GetDlgItem(hwndDlg, IDC_TOGGLEELEVATION), SW_HIDE);
}
break;
case WM_DESTROY:
{
if (context->DesktopList)
PhDereferenceObject(context->DesktopList);
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
EndDialog(hwndDlg, IDCANCEL);
break;
case IDOK:
{
NTSTATUS status;
PPH_STRING program;
PPH_STRING userName;
PPH_STRING password;
PPH_STRING logonTypeString;
ULONG logonType;
ULONG sessionId;
PPH_STRING desktopName;
BOOLEAN useLinkedToken;
program = PhaGetDlgItemText(hwndDlg, IDC_PROGRAM);
userName = PhaGetDlgItemText(hwndDlg, IDC_USERNAME);
logonTypeString = PhaGetDlgItemText(hwndDlg, IDC_TYPE);
// Fix up the user name if it doesn't have a domain.
if (PhFindCharInString(userName, 0, '\\') == -1)
{
PSID sid;
PPH_STRING newUserName;
if (NT_SUCCESS(PhLookupName(&userName->sr, &sid, NULL, NULL)))
{
if (newUserName = PH_AUTO(PhGetSidFullName(sid, TRUE, NULL)))
userName = newUserName;
PhFree(sid);
}
}
if (!IsServiceAccount(userName))
password = PhGetWindowText(GetDlgItem(hwndDlg, IDC_PASSWORD));
else
password = NULL;
sessionId = GetDlgItemInt(hwndDlg, IDC_SESSIONID, NULL, FALSE);
desktopName = PhaGetDlgItemText(hwndDlg, IDC_DESKTOP);
if (WINDOWS_HAS_UAC)
useLinkedToken = Button_GetCheck(GetDlgItem(hwndDlg, IDC_TOGGLEELEVATION)) == BST_CHECKED;
else
useLinkedToken = FALSE;
if (PhFindIntegerSiKeyValuePairs(
PhpLogonTypePairs,
sizeof(PhpLogonTypePairs),
logonTypeString->Buffer,
&logonType
))
{
if (
logonType == LOGON32_LOGON_INTERACTIVE &&
!context->ProcessId &&
sessionId == NtCurrentPeb()->SessionId &&
!useLinkedToken
)
{
// We are eligible to load the user profile.
// This must be done here, not in the service, because
// we need to be in the target session.
PH_CREATE_PROCESS_AS_USER_INFO createInfo;
PPH_STRING domainPart;
PPH_STRING userPart;
PhpSplitUserName(userName->Buffer, &domainPart, &userPart);
memset(&createInfo, 0, sizeof(PH_CREATE_PROCESS_AS_USER_INFO));
createInfo.CommandLine = program->Buffer;
createInfo.UserName = userPart->Buffer;
createInfo.DomainName = domainPart->Buffer;
createInfo.Password = PhGetStringOrEmpty(password);
// Whenever we can, try not to set the desktop name; it breaks a lot of things.
// Note that on XP we must set it, otherwise the program doesn't display correctly.
if (WindowsVersion < WINDOWS_VISTA || (desktopName->Length != 0 && !PhEqualString2(desktopName, L"WinSta0\\Default", TRUE)))
createInfo.DesktopName = desktopName->Buffer;
PhSetDesktopWinStaAccess();
status = PhCreateProcessAsUser(
&createInfo,
PH_CREATE_PROCESS_WITH_PROFILE,
NULL,
NULL,
NULL
);
if (domainPart) PhDereferenceObject(domainPart);
if (userPart) PhDereferenceObject(userPart);
}
else
{
status = PhExecuteRunAsCommand2(
hwndDlg,
program->Buffer,
userName->Buffer,
PhGetStringOrEmpty(password),
logonType,
context->ProcessId,
sessionId,
desktopName->Buffer,
useLinkedToken
);
}
}
else
{
status = STATUS_INVALID_PARAMETER;
}
if (password)
{
RtlSecureZeroMemory(password->Buffer, password->Length);
PhDereferenceObject(password);
}
if (!NT_SUCCESS(status))
{
if (status != STATUS_CANCELLED)
PhShowStatus(hwndDlg, L"Unable to start the program", status, 0);
}
else if (status != STATUS_TIMEOUT)
{
PhSetStringSetting2(L"RunAsProgram", &program->sr);
PhSetStringSetting2(L"RunAsUserName", &userName->sr);
EndDialog(hwndDlg, IDOK);
}
}
break;
case IDC_BROWSE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Programs (*.exe;*.pif;*.com;*.bat)", L"*.exe;*.pif;*.com;*.bat" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateOpenFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, PhaGetDlgItemText(hwndDlg, IDC_PROGRAM)->Buffer);
if (PhShowFileDialog(hwndDlg, fileDialog))
{
PPH_STRING fileName;
fileName = PhGetFileDialogFileName(fileDialog);
SetDlgItemText(hwndDlg, IDC_PROGRAM, fileName->Buffer);
PhDereferenceObject(fileName);
}
PhFreeFileDialog(fileDialog);
}
break;
case IDC_USERNAME:
{
PPH_STRING userName = NULL;
if (!context->ProcessId && HIWORD(wParam) == CBN_SELCHANGE)
{
userName = PH_AUTO(PhGetComboBoxString(GetDlgItem(hwndDlg, IDC_USERNAME), -1));
}
else if (!context->ProcessId && (
HIWORD(wParam) == CBN_EDITCHANGE ||
HIWORD(wParam) == CBN_CLOSEUP
))
{
userName = PhaGetDlgItemText(hwndDlg, IDC_USERNAME);
}
if (userName)
{
if (IsServiceAccount(userName))
{
EnableWindow(GetDlgItem(hwndDlg, IDC_PASSWORD), FALSE);
// Hack for Windows XP
if (
PhEqualString2(userName, L"NT AUTHORITY\\SYSTEM", TRUE) &&
WindowsVersion <= WINDOWS_XP
)
{
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_TYPE), L"New credentials", FALSE);
}
else
{
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_TYPE), L"Service", FALSE);
}
}
else
{
EnableWindow(GetDlgItem(hwndDlg, IDC_PASSWORD), TRUE);
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_TYPE), L"Interactive", FALSE);
}
}
}
break;
case IDC_SESSIONS:
{
PPH_EMENU sessionsMenu;
PSESSIONIDW sessions;
ULONG numberOfSessions;
ULONG i;
RECT buttonRect;
PPH_EMENU_ITEM selectedItem;
sessionsMenu = PhCreateEMenu();
if (WinStationEnumerateW(NULL, &sessions, &numberOfSessions))
{
for (i = 0; i < numberOfSessions; i++)
{
PPH_STRING menuString;
WINSTATIONINFORMATION winStationInfo;
ULONG returnLength;
if (!WinStationQueryInformationW(
NULL,
sessions[i].SessionId,
WinStationInformation,
&winStationInfo,
sizeof(WINSTATIONINFORMATION),
&returnLength
))
{
winStationInfo.Domain[0] = 0;
winStationInfo.UserName[0] = 0;
}
if (
winStationInfo.UserName[0] != 0 &&
sessions[i].WinStationName[0] != 0
)
{
menuString = PhaFormatString(
L"%u: %s (%s\\%s)",
sessions[i].SessionId,
sessions[i].WinStationName,
winStationInfo.Domain,
winStationInfo.UserName
);
}
else if (winStationInfo.UserName[0] != 0)
{
menuString = PhaFormatString(
L"%u: %s\\%s",
sessions[i].SessionId,
winStationInfo.Domain,
winStationInfo.UserName
);
}
else if (sessions[i].WinStationName[0] != 0)
{
menuString = PhaFormatString(
L"%u: %s",
sessions[i].SessionId,
sessions[i].WinStationName
);
}
else
{
menuString = PhaFormatString(L"%u", sessions[i].SessionId);
}
PhInsertEMenuItem(sessionsMenu,
PhCreateEMenuItem(0, 0, menuString->Buffer, NULL, UlongToPtr(sessions[i].SessionId)), -1);
}
WinStationFreeMemory(sessions);
GetWindowRect(GetDlgItem(hwndDlg, IDC_SESSIONS), &buttonRect);
selectedItem = PhShowEMenu(
sessionsMenu,
hwndDlg,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
buttonRect.right,
buttonRect.top
);
if (selectedItem)
{
SetDlgItemInt(
hwndDlg,
IDC_SESSIONID,
PtrToUlong(selectedItem->Context),
FALSE
);
}
PhDestroyEMenu(sessionsMenu);
}
}
break;
case IDC_DESKTOPS:
{
PPH_EMENU desktopsMenu;
ULONG i;
RECT buttonRect;
PPH_EMENU_ITEM selectedItem;
desktopsMenu = PhCreateEMenu();
if (!context->DesktopList)
context->DesktopList = PhCreateList(10);
context->CurrentWinStaName = GetCurrentWinStaName();
EnumDesktops(GetProcessWindowStation(), EnumDesktopsCallback, (LPARAM)context);
for (i = 0; i < context->DesktopList->Count; i++)
{
PhInsertEMenuItem(
desktopsMenu,
PhCreateEMenuItem(0, 0, ((PPH_STRING)context->DesktopList->Items[i])->Buffer, NULL, NULL),
-1
);
}
GetWindowRect(GetDlgItem(hwndDlg, IDC_DESKTOPS), &buttonRect);
selectedItem = PhShowEMenu(
desktopsMenu,
hwndDlg,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
buttonRect.right,
buttonRect.top
);
if (selectedItem)
{
SetDlgItemText(
hwndDlg,
IDC_DESKTOP,
selectedItem->Text
);
}
for (i = 0; i < context->DesktopList->Count; i++)
PhDereferenceObject(context->DesktopList->Items[i]);
PhClearList(context->DesktopList);
PhDereferenceObject(context->CurrentWinStaName);
PhDestroyEMenu(desktopsMenu);
}
break;
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK WepWindowsPageProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PWINDOWS_CONTEXT context;
LPPROPSHEETPAGE propSheetPage;
PPH_PROCESS_PROPPAGECONTEXT propPageContext;
PPH_PROCESS_ITEM processItem;
if (PhPropPageDlgProcHeader(hwndDlg, uMsg, lParam, &propSheetPage, &propPageContext, &processItem))
{
context = propPageContext->Context;
}
else
{
return FALSE;
}
switch (uMsg)
{
case WM_INITDIALOG:
{
context->TreeNewHandle = GetDlgItem(hwndDlg, IDC_LIST);
context->SearchBoxHandle = GetDlgItem(hwndDlg, IDC_SEARCHEDIT);
PhCreateSearchControl(hwndDlg, context->SearchBoxHandle, L"Search Windows (Ctrl+K)");
WeInitializeWindowTree(hwndDlg, context->TreeNewHandle, &context->TreeContext);
PhRegisterDialog(hwndDlg);
PhInitializeLayoutManager(&context->LayoutManager, hwndDlg);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_SEARCHEDIT), NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT);
PhAddLayoutItem(&context->LayoutManager, GetDlgItem(hwndDlg, IDC_LIST), NULL, PH_ANCHOR_ALL);
WepRefreshWindows(context);
}
break;
case WM_SHOWWINDOW:
{
if (PhBeginPropPageLayout(hwndDlg, propPageContext))
PhEndPropPageLayout(hwndDlg, propPageContext);
}
break;
case WM_DESTROY:
{
PhDeleteLayoutManager(&context->LayoutManager);
PhUnregisterDialog(hwndDlg);
WeDeleteWindowTree(&context->TreeContext);
WepDeleteWindowSelector(&context->Selector);
PhFree(context);
}
break;
case WM_COMMAND:
{
switch (GET_WM_COMMAND_CMD(wParam, lParam))
{
case EN_CHANGE:
{
PPH_STRING newSearchboxText;
if (GET_WM_COMMAND_HWND(wParam, lParam) != context->SearchBoxHandle)
break;
newSearchboxText = PH_AUTO(PhGetWindowText(context->SearchBoxHandle));
if (!PhEqualString(context->TreeContext.SearchboxText, newSearchboxText, FALSE))
{
PhSwapReference(&context->TreeContext.SearchboxText, newSearchboxText);
if (!PhIsNullOrEmptyString(context->TreeContext.SearchboxText))
WeExpandAllWindowNodes(&context->TreeContext, TRUE);
PhApplyTreeNewFilters(&context->TreeContext.FilterSupport);
TreeNew_NodesStructured(context->TreeNewHandle);
// PhInvokeCallback(&SearchChangedEvent, SearchboxText);
}
}
break;
}
switch (GET_WM_COMMAND_ID(wParam, lParam))
{
case IDC_REFRESH:
WepRefreshWindows(context);
break;
case ID_SHOWCONTEXTMENU:
{
PPH_TREENEW_CONTEXT_MENU contextMenuEvent = (PPH_TREENEW_CONTEXT_MENU)lParam;
PWE_WINDOW_NODE *windows;
ULONG numberOfWindows;
PPH_EMENU menu;
PPH_EMENU selectedItem;
WeGetSelectedWindowNodes(
&context->TreeContext,
&windows,
&numberOfWindows
);
if (numberOfWindows != 0)
{
menu = PhCreateEMenu();
PhLoadResourceEMenuItem(menu, PluginInstance->DllBase, MAKEINTRESOURCE(IDR_WINDOW), 0);
PhInsertCopyCellEMenuItem(menu, ID_WINDOW_COPY, context->TreeNewHandle, contextMenuEvent->Column);
PhSetFlagsEMenuItem(menu, ID_WINDOW_PROPERTIES, PH_EMENU_DEFAULT, PH_EMENU_DEFAULT);
if (numberOfWindows == 1)
{
WINDOWPLACEMENT placement = { sizeof(placement) };
BYTE alpha;
ULONG flags;
ULONG i;
ULONG id;
// State
GetWindowPlacement(windows[0]->WindowHandle, &placement);
if (placement.showCmd == SW_MINIMIZE)
PhSetFlagsEMenuItem(menu, ID_WINDOW_MINIMIZE, PH_EMENU_DISABLED, PH_EMENU_DISABLED);
else if (placement.showCmd == SW_MAXIMIZE)
PhSetFlagsEMenuItem(menu, ID_WINDOW_MAXIMIZE, PH_EMENU_DISABLED, PH_EMENU_DISABLED);
else if (placement.showCmd == SW_NORMAL)
PhSetFlagsEMenuItem(menu, ID_WINDOW_RESTORE, PH_EMENU_DISABLED, PH_EMENU_DISABLED);
// Visible
PhSetFlagsEMenuItem(menu, ID_WINDOW_VISIBLE, PH_EMENU_CHECKED,
(GetWindowLong(windows[0]->WindowHandle, GWL_STYLE) & WS_VISIBLE) ? PH_EMENU_CHECKED : 0);
// Enabled
PhSetFlagsEMenuItem(menu, ID_WINDOW_ENABLED, PH_EMENU_CHECKED,
!(GetWindowLong(windows[0]->WindowHandle, GWL_STYLE) & WS_DISABLED) ? PH_EMENU_CHECKED : 0);
// Always on Top
PhSetFlagsEMenuItem(menu, ID_WINDOW_ALWAYSONTOP, PH_EMENU_CHECKED,
(GetWindowLong(windows[0]->WindowHandle, GWL_EXSTYLE) & WS_EX_TOPMOST) ? PH_EMENU_CHECKED : 0);
// Opacity
if (GetLayeredWindowAttributes(windows[0]->WindowHandle, NULL, &alpha, &flags))
{
if (!(flags & LWA_ALPHA))
alpha = 255;
}
else
{
alpha = 255;
}
if (alpha == 255)
{
id = ID_OPACITY_OPAQUE;
}
else
{
id = 0;
// Due to integer division, we cannot use simple arithmetic to calculate which menu item to check.
for (i = 0; i < 10; i++)
{
if (alpha == (BYTE)(255 * (i + 1) / 10))
{
id = ID_OPACITY_10 + i;
break;
}
}
}
if (id != 0)
{
PhSetFlagsEMenuItem(menu, id, PH_EMENU_CHECKED | PH_EMENU_RADIOCHECK,
PH_EMENU_CHECKED | PH_EMENU_RADIOCHECK);
}
}
else
{
PhSetFlagsAllEMenuItems(menu, PH_EMENU_DISABLED, PH_EMENU_DISABLED);
PhSetFlagsEMenuItem(menu, ID_WINDOW_COPY, PH_EMENU_DISABLED, 0);
}
selectedItem = PhShowEMenu(
menu,
hwndDlg,
PH_EMENU_SHOW_SEND_COMMAND | PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
contextMenuEvent->Location.x,
contextMenuEvent->Location.y
);
if (selectedItem && selectedItem->Id != -1)
{
BOOLEAN handled = FALSE;
handled = PhHandleCopyCellEMenuItem(selectedItem);
}
PhDestroyEMenu(menu);
}
}
break;
case ID_WINDOW_BRINGTOFRONT:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
WINDOWPLACEMENT placement = { sizeof(placement) };
GetWindowPlacement(selectedNode->WindowHandle, &placement);
if (placement.showCmd == SW_MINIMIZE)
ShowWindowAsync(selectedNode->WindowHandle, SW_RESTORE);
else
SetForegroundWindow(selectedNode->WindowHandle);
}
}
break;
case ID_WINDOW_RESTORE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ShowWindowAsync(selectedNode->WindowHandle, SW_RESTORE);
}
}
break;
case ID_WINDOW_MINIMIZE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ShowWindowAsync(selectedNode->WindowHandle, SW_MINIMIZE);
}
}
break;
case ID_WINDOW_MAXIMIZE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ShowWindowAsync(selectedNode->WindowHandle, SW_MAXIMIZE);
}
}
break;
case ID_WINDOW_CLOSE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
PostMessage(selectedNode->WindowHandle, WM_CLOSE, 0, 0);
}
}
break;
case ID_WINDOW_VISIBLE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
if (IsWindowVisible(selectedNode->WindowHandle))
{
selectedNode->WindowVisible = FALSE;
ShowWindowAsync(selectedNode->WindowHandle, SW_HIDE);
}
else
{
selectedNode->WindowVisible = TRUE;
ShowWindowAsync(selectedNode->WindowHandle, SW_SHOW);
}
PhInvalidateTreeNewNode(&selectedNode->Node, TN_CACHE_COLOR);
TreeNew_InvalidateNode(context->TreeNewHandle, &selectedNode->Node);
}
}
break;
case ID_WINDOW_ENABLED:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
EnableWindow(selectedNode->WindowHandle, !IsWindowEnabled(selectedNode->WindowHandle));
}
}
break;
case ID_WINDOW_ALWAYSONTOP:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
LOGICAL topMost;
topMost = GetWindowLong(selectedNode->WindowHandle, GWL_EXSTYLE) & WS_EX_TOPMOST;
SetWindowPos(selectedNode->WindowHandle, topMost ? HWND_NOTOPMOST : HWND_TOPMOST,
0, 0, 0, 0, SWP_NOACTIVATE | SWP_NOMOVE | SWP_NOSIZE);
}
}
break;
case ID_OPACITY_10:
case ID_OPACITY_20:
case ID_OPACITY_30:
case ID_OPACITY_40:
case ID_OPACITY_50:
case ID_OPACITY_60:
case ID_OPACITY_70:
case ID_OPACITY_80:
case ID_OPACITY_90:
case ID_OPACITY_OPAQUE:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
ULONG opacity;
opacity = ((ULONG)LOWORD(wParam) - ID_OPACITY_10) + 1;
if (opacity == 10)
{
// Remove the WS_EX_LAYERED bit since it is not needed.
PhSetWindowExStyle(selectedNode->WindowHandle, WS_EX_LAYERED, 0);
RedrawWindow(selectedNode->WindowHandle, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_FRAME | RDW_ALLCHILDREN);
}
else
{
// Add the WS_EX_LAYERED bit so opacity will work.
PhSetWindowExStyle(selectedNode->WindowHandle, WS_EX_LAYERED, WS_EX_LAYERED);
SetLayeredWindowAttributes(selectedNode->WindowHandle, 0, (BYTE)(255 * opacity / 10), LWA_ALPHA);
}
}
}
break;
case ID_WINDOW_HIGHLIGHT:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
if (context->HighlightingWindow)
{
if (context->HighlightingWindowCount & 1)
WeInvertWindowBorder(context->HighlightingWindow);
}
context->HighlightingWindow = selectedNode->WindowHandle;
context->HighlightingWindowCount = 10;
SetTimer(hwndDlg, 9, 100, NULL);
}
}
break;
case ID_WINDOW_GOTOTHREAD:
{
PWE_WINDOW_NODE selectedNode;
PPH_PROCESS_ITEM processItem;
PPH_PROCESS_PROPCONTEXT propContext;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
{
if (processItem = PhReferenceProcessItem(selectedNode->ClientId.UniqueProcess))
{
if (propContext = PhCreateProcessPropContext(WE_PhMainWndHandle, processItem))
{
PhSetSelectThreadIdProcessPropContext(propContext, selectedNode->ClientId.UniqueThread);
PhShowProcessProperties(propContext);
PhDereferenceObject(propContext);
}
PhDereferenceObject(processItem);
}
else
{
PhShowError(hwndDlg, L"The process does not exist.");
}
}
}
break;
case ID_WINDOW_PROPERTIES:
{
PWE_WINDOW_NODE selectedNode;
if (selectedNode = WeGetSelectedWindowNode(&context->TreeContext))
WeShowWindowProperties(hwndDlg, selectedNode->WindowHandle);
}
break;
case ID_WINDOW_COPY:
{
PPH_STRING text;
text = PhGetTreeNewText(context->TreeNewHandle, 0);
PhSetClipboardString(hwndDlg, &text->sr);
PhDereferenceObject(text);
}
break;
}
}
break;
case WM_TIMER:
{
switch (wParam)
{
case 9:
{
WeInvertWindowBorder(context->HighlightingWindow);
if (--context->HighlightingWindowCount == 0)
KillTimer(hwndDlg, 9);
}
break;
}
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&context->LayoutManager);
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case PSN_QUERYINITIALFOCUS:
SetWindowLongPtr(hwndDlg, DWLP_MSGRESULT, (LPARAM)GetDlgItem(hwndDlg, IDC_REFRESH));
return TRUE;
}
}
break;
}
return FALSE;
}
INT_PTR CALLBACK PhpProcessHeapsDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
PPROCESS_HEAPS_CONTEXT context = NULL;
if (uMsg != WM_INITDIALOG)
{
context = (PPROCESS_HEAPS_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PPROCESS_HEAPS_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND lvHandle;
ULONG i;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
context->ListViewHandle = lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 100, L"Address");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 120, L"Used");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 120, L"Committed");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 80, L"Entries");
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhSetExtendedListView(lvHandle);
ExtendedListView_SetContext(lvHandle, context);
ExtendedListView_SetCompareFunction(lvHandle, 0, PhpHeapAddressCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 1, PhpHeapUsedCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 2, PhpHeapCommittedCompareFunction);
ExtendedListView_SetCompareFunction(lvHandle, 3, PhpHeapEntriesCompareFunction);
ExtendedListView_SetItemFontFunction(lvHandle, PhpHeapFontFunction);
for (i = 0; i < context->ProcessHeaps->NumberOfHeaps; i++)
{
PRTL_HEAP_INFORMATION heapInfo = &context->ProcessHeaps->Heaps[i];
WCHAR addressString[PH_PTR_STR_LEN_1];
INT lvItemIndex;
PPH_STRING usedString;
PPH_STRING committedString;
PPH_STRING numberOfEntriesString;
PhPrintPointer(addressString, heapInfo->BaseAddress);
lvItemIndex = PhAddListViewItem(lvHandle, MAXINT, addressString, heapInfo);
usedString = PhFormatSize(heapInfo->BytesAllocated, -1);
committedString = PhFormatSize(heapInfo->BytesCommitted, -1);
numberOfEntriesString = PhFormatUInt64(heapInfo->NumberOfEntries, TRUE);
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, usedString->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, committedString->Buffer);
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, numberOfEntriesString->Buffer);
PhDereferenceObject(usedString);
PhDereferenceObject(committedString);
PhDereferenceObject(numberOfEntriesString);
}
ExtendedListView_SortItems(lvHandle);
}
break;
case WM_DESTROY:
{
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
case IDOK:
EndDialog(hwndDlg, IDOK);
break;
case IDC_SIZESINBYTES:
{
BOOLEAN sizesInBytes = Button_GetCheck(GetDlgItem(hwndDlg, IDC_SIZESINBYTES)) == BST_CHECKED;
INT index = -1;
ExtendedListView_SetRedraw(context->ListViewHandle, FALSE);
while ((index = ListView_GetNextItem(context->ListViewHandle, index, LVNI_ALL)) != -1)
{
PRTL_HEAP_INFORMATION heapInfo;
PPH_STRING usedString;
PPH_STRING committedString;
if (PhGetListViewItemParam(context->ListViewHandle, index, &heapInfo))
{
usedString = PhFormatSize(heapInfo->BytesAllocated, sizesInBytes ? 0 : -1);
committedString = PhFormatSize(heapInfo->BytesCommitted, sizesInBytes ? 0 : -1);
PhSetListViewSubItem(context->ListViewHandle, index, 1, usedString->Buffer);
PhSetListViewSubItem(context->ListViewHandle, index, 2, committedString->Buffer);
PhDereferenceObject(usedString);
PhDereferenceObject(committedString);
}
}
ExtendedListView_SetRedraw(context->ListViewHandle, TRUE);
}
break;
}
}
break;
case WM_NOTIFY:
{
PhHandleListViewNotifyForCopy(lParam, context->ListViewHandle);
}
break;
case WM_CONTEXTMENU:
{
if ((HWND)wParam == context->ListViewHandle)
{
POINT point;
PRTL_HEAP_INFORMATION heapInfo;
PPH_EMENU menu;
INT selectedCount;
PPH_EMENU_ITEM menuItem;
point.x = (SHORT)LOWORD(lParam);
point.y = (SHORT)HIWORD(lParam);
if (point.x == -1 && point.y == -1)
PhGetListViewContextMenuPoint((HWND)wParam, &point);
selectedCount = ListView_GetSelectedCount(context->ListViewHandle);
heapInfo = PhGetSelectedListViewItemParam(context->ListViewHandle);
if (selectedCount != 0)
{
menu = PhCreateEMenu();
PhInsertEMenuItem(menu, PhCreateEMenuItem(selectedCount != 1 ? PH_EMENU_DISABLED : 0, 1, L"Destroy", NULL, NULL), -1);
PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 2, L"Copy\bCtrl+C", NULL, NULL), -1);
menuItem = PhShowEMenu(menu, context->ListViewHandle, PH_EMENU_SHOW_LEFTRIGHT | PH_EMENU_SHOW_NONOTIFY,
PH_ALIGN_LEFT | PH_ALIGN_TOP, point.x, point.y);
if (menuItem)
{
switch (menuItem->Id)
{
case 1:
if (PhUiDestroyHeap(hwndDlg, context->ProcessItem->ProcessId, heapInfo->BaseAddress))
ListView_DeleteItem(context->ListViewHandle, PhFindListViewItemByParam(context->ListViewHandle, -1, heapInfo));
break;
case 2:
PhCopyListView(context->ListViewHandle);
break;
}
}
PhDestroyEMenu(menu);
}
}
}
break;
}
REFLECT_MESSAGE_DLG(hwndDlg, context->ListViewHandle, uMsg, wParam, lParam);
return FALSE;
}
VOID ShowStatusMenu(
_In_ HWND hwndDlg
)
{
PPH_STRING cacheEntryName;
cacheEntryName = PhGetSelectedListViewItemText(ListViewWndHandle);
if (cacheEntryName)
{
POINT cursorPos;
PPH_EMENU menu;
PPH_EMENU_ITEM selectedItem;
GetCursorPos(&cursorPos);
menu = PhCreateEMenu();
PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 1, L"Remove", NULL, NULL), -1);
PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 2, L"Copy Host Name", NULL, NULL), -1);
selectedItem = PhShowEMenu(
menu,
PhMainWndHandle,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
cursorPos.x,
cursorPos.y
);
if (selectedItem && selectedItem->Id != -1)
{
switch (selectedItem->Id)
{
case 1:
{
INT lvItemIndex = PhFindListViewItemByFlags(
ListViewWndHandle,
-1,
LVNI_SELECTED
);
if (lvItemIndex != -1)
{
if (!PhGetIntegerSetting(L"EnableWarnings") || PhShowConfirmMessage(
hwndDlg,
L"remove",
cacheEntryName->Buffer,
NULL,
FALSE
))
{
if (DnsFlushResolverCacheEntry_I(cacheEntryName->Buffer))
{
ExtendedListView_SetRedraw(ListViewWndHandle, FALSE);
ListView_DeleteAllItems(ListViewWndHandle);
EnumDnsCacheTable(ListViewWndHandle);
ExtendedListView_SetRedraw(ListViewWndHandle, TRUE);
}
}
}
}
break;
case 2:
PhSetClipboardString(hwndDlg, &cacheEntryName->sr);
break;
}
}
PhDestroyEMenu(menu);
PhDereferenceObject(cacheEntryName);
}
}
VOID ShowDeviceMenu(
_In_ HWND ParentWindow,
_In_ PPH_STRING DeviceInstance
)
{
POINT cursorPos;
PPH_EMENU menu;
PPH_EMENU_ITEM selectedItem;
GetCursorPos(&cursorPos);
menu = PhCreateEMenu();
//PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 0, L"Enable", NULL, NULL), -1);
//PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 1, L"Disable", NULL, NULL), -1);
//PhInsertEMenuItem(menu, PhCreateEMenuItem(PH_EMENU_SEPARATOR, 0, NULL, NULL, NULL), -1);
PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 1, L"Properties", NULL, NULL), -1);
selectedItem = PhShowEMenu(
menu,
PhMainWndHandle,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
cursorPos.x,
cursorPos.y
);
if (selectedItem && selectedItem->Id != -1)
{
switch (selectedItem->Id)
{
case 1:
{
HMODULE devMgrHandle;
// https://msdn.microsoft.com/en-us/library/ff548181.aspx
VOID (WINAPI *DeviceProperties_RunDLL_I)(
_In_ HWND hwndStub,
_In_ HINSTANCE hAppInstance,
_In_ PWSTR lpCmdLine,
_In_ INT nCmdShow
);
if (devMgrHandle = LoadLibrary(L"devmgr.dll"))
{
if (DeviceProperties_RunDLL_I = PhGetProcedureAddress(devMgrHandle, "DeviceProperties_RunDLLW", 0))
{
// This will sometimes re-throw an RPC error during debugging and can be safely ignored.
DeviceProperties_RunDLL_I(
GetParent(ParentWindow),
NULL,
PhaFormatString(L"/DeviceID %s", DeviceInstance->Buffer)->Buffer,
0
);
}
FreeLibrary(devMgrHandle);
}
}
break;
}
}
PhDestroyEMenu(menu);
}
static VOID ShowStatusMenu(
_In_ HWND hwndDlg
)
{
PPH_STRING cacheEntryName;
cacheEntryName = PhGetSelectedListViewItemText(ListViewWndHandle);
if (cacheEntryName)
{
POINT cursorPos;
PPH_EMENU menu;
PPH_EMENU_ITEM selectedItem;
GetCursorPos(&cursorPos);
menu = PhCreateEMenu();
PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 1, L"Remove", NULL, NULL), -1);
selectedItem = PhShowEMenu(
menu,
ListViewWndHandle,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
cursorPos.x,
cursorPos.y
);
if (selectedItem && selectedItem->Id != -1)
{
switch (selectedItem->Id)
{
case 1:
{
INT lvItemIndex = PhFindListViewItemByFlags(
ListViewWndHandle,
-1,
LVNI_SELECTED
);
if (lvItemIndex != -1)
{
if (!PhGetIntegerSetting(L"EnableWarnings") || PhShowConfirmMessage(
hwndDlg,
L"remove",
cacheEntryName->Buffer,
NULL,
FALSE
))
{
PATOM_TABLE_INFORMATION atomTable = NULL;
if (!NT_SUCCESS(PhEnumAtomTable(&atomTable)))
return;
for (ULONG i = 0; i < atomTable->NumberOfAtoms; i++)
{
PATOM_BASIC_INFORMATION atomInfo = NULL;
if (!NT_SUCCESS(PhQueryAtomTableEntry(atomTable->Atoms[i], &atomInfo)))
continue;
if (!PhEqualStringZ(atomInfo->Name, cacheEntryName->Buffer, TRUE))
continue;
do
{
if (!NT_SUCCESS(NtDeleteAtom(atomTable->Atoms[i])))
{
break;
}
PhFree(atomInfo);
atomInfo = NULL;
if (!NT_SUCCESS(PhQueryAtomTableEntry(atomTable->Atoms[i], &atomInfo)))
break;
} while (atomInfo->UsageCount >= 1);
ListView_DeleteItem(ListViewWndHandle, lvItemIndex);
if (atomInfo)
{
PhFree(atomInfo);
}
}
PhFree(atomTable);
}
}
}
break;
}
}
PhDestroyEMenu(menu);
PhDereferenceObject(cacheEntryName);
}
}