From 451eb954690db3311fe51104631e20c27b023c30 Mon Sep 17 00:00:00 2001 From: dmex Date: Fri, 13 Dec 2024 12:27:15 +1100 Subject: [PATCH] Update to latest SDK, Update status messages --- SystemInformer/SystemInformer.def | 1 + SystemInformer/actions.c | 27 ++++++--- SystemInformer/findobj.c | 2 +- SystemInformer/hidnproc.c | 2 +- SystemInformer/include/phplug.h | 16 ++++- SystemInformer/include/procprpp.h | 4 ++ SystemInformer/itemtips.c | 8 +-- SystemInformer/memedit.c | 6 +- SystemInformer/memlists.c | 2 +- SystemInformer/memsrch.c | 2 +- SystemInformer/memsrcht.c | 7 ++- SystemInformer/procprv.c | 2 +- SystemInformer/procrec.c | 7 ++- SystemInformer/prpgenv.c | 10 +--- SystemInformer/prpggen.c | 1 + SystemInformer/prpgvdm.c | 2 +- SystemInformer/prpgwmi.c | 8 +-- SystemInformer/runas.c | 54 +---------------- SystemInformer/sessshad.c | 2 +- SystemInformer/settings.c | 2 +- SystemInformer/sysinfo.c | 2 +- SystemInformer/thrdstks.c | 2 +- phlib/appresolver.c | 12 ++-- phlib/basesup.c | 15 +++-- phlib/guisup.c | 22 +++++++ phlib/include/guisup.h | 8 +++ phlib/include/phnative.h | 42 +++++++++++++- phlib/native.c | 48 +++++++-------- plugins/ExtendedNotifications/main.c | 9 ++- plugins/Plugins.props | 2 +- plugins/Updater/updater.c | 15 ++--- tools/fixlib_bcd/make_bcd_lib.cmd | 15 ++++- tools/peview/exlfprp.c | 4 +- tools/peview/expprp.c | 2 + tools/peview/impprp.c | 1 + tools/peview/include/peview.h | 4 +- tools/peview/layout.c | 4 +- tools/peview/pdb.c | 87 +++++++++++++++------------- tools/peview/pdbprp.c | 32 +++++++--- tools/peview/pedirprp.c | 2 +- tools/peview/peprp.c | 2 +- tools/peview/pesectionprp.c | 2 +- tools/peview/secprp.c | 2 +- tools/peview/strings.c | 53 ++++++++++++----- tools/thirdparty/thirdparty.sln | 4 +- 45 files changed, 330 insertions(+), 226 deletions(-) diff --git a/SystemInformer/SystemInformer.def b/SystemInformer/SystemInformer.def index 9b2bff6a06a7..fd30201d5611 100644 --- a/SystemInformer/SystemInformer.def +++ b/SystemInformer/SystemInformer.def @@ -622,6 +622,7 @@ EXPORTS PhQuerySymbolicLinkObject PhQueryTokenVariableSize PhQueryValueKey + PhQueueUserWorkItem PhReadFile PhResolveDevicePrefix PhRevertImpersonationToken diff --git a/SystemInformer/actions.c b/SystemInformer/actions.c index f9f81c8043b8..8e772bffa932 100644 --- a/SystemInformer/actions.c +++ b/SystemInformer/actions.c @@ -2314,16 +2314,21 @@ BOOLEAN PhUiRestartProcess( { if (Process->ProcessId == shellClientId.UniqueProcess) { - status = PhOpenProcess( + if (NT_SUCCESS(PhOpenProcess( &processHandle, PROCESS_TERMINATE, Process->ProcessId - ); - - if (NT_SUCCESS(status)) + ))) { - PhTerminateProcess(processHandle, STATUS_SUCCESS); + status = PhTerminateProcess( + processHandle, + STATUS_SUCCESS + ); + NtClose(processHandle); + + if (NT_SUCCESS(status)) + goto CleanupExit; } } } @@ -2361,7 +2366,7 @@ BOOLEAN PhUiRestartProcess( if (!NT_SUCCESS(status = PhGetProcessEnvironment( processHandle, - Process->IsWow64Process ? PH_GET_PROCESS_ENVIRONMENT_WOW64 : 0, + !!Process->IsWow64Process, &environmentBuffer, &environmentLength ))) @@ -5112,18 +5117,22 @@ BOOLEAN PhUiCloseConnections( _In_ ULONG NumberOfConnections ) { - ULONG (WINAPI* SetTcpEntry_I)(_In_ PMIB_TCPROW pTcpRow) = NULL; + static ULONG (WINAPI* SetTcpEntry_I)(_In_ PMIB_TCPROW pTcpRow) = NULL; BOOLEAN success = TRUE; BOOLEAN cancelled = FALSE; ULONG result; ULONG i; MIB_TCPROW tcpRow; - SetTcpEntry_I = PhGetDllProcedureAddress(L"iphlpapi.dll", "SetTcpEntry", 0); + if (!SetTcpEntry_I) + { + SetTcpEntry_I = PhGetDllProcedureAddress(L"iphlpapi.dll", "SetTcpEntry", 0); + } if (!SetTcpEntry_I) { PhShowError2(WindowHandle, L"This feature is not supported by your operating system.", L"%s", L""); + PhShowStatus(WindowHandle, L"Unable to close the TCP connection", STATUS_NOT_SUPPORTED, 0); return FALSE; } @@ -5807,7 +5816,7 @@ BOOLEAN PhUiUnloadModule( if (status == STATUS_DLL_NOT_FOUND) { - PhShowError2(WindowHandle, L"Unable to find the module to unload.", L"%s", L""); + PhShowStatus(WindowHandle, L"Unable to unload the module", 0, ERROR_MOD_NOT_FOUND); return FALSE; } diff --git a/SystemInformer/findobj.c b/SystemInformer/findobj.c index 6783c635c589..456da6794a32 100644 --- a/SystemInformer/findobj.c +++ b/SystemInformer/findobj.c @@ -1777,7 +1777,7 @@ VOID PhShowFindObjectsDialog( { if (!NT_SUCCESS(PhCreateThreadEx(&PhFindObjectsThreadHandle, PhpFindObjectsDialogThreadStart, NULL))) { - PhShowError2(PhMainWndHandle, L"Unable to create the window.", L"%s", L""); + PhShowStatus(PhMainWndHandle, L"Unable to create the window.", 0, ERROR_OUTOFMEMORY); return; } diff --git a/SystemInformer/hidnproc.c b/SystemInformer/hidnproc.c index 5700de5b8e92..bd276c7090e5 100644 --- a/SystemInformer/hidnproc.c +++ b/SystemInformer/hidnproc.c @@ -230,7 +230,7 @@ INT_PTR CALLBACK PhpZombieProcessesDlgProc( if (NT_SUCCESS(status)) { PhSetDialogItemText(hwndDlg, IDC_DESCRIPTION, - PhaFormatString(L"%u Zombie process(es), %u terminated process(es).", + PhaFormatString(L"%u zombie process(es), %u terminated process(es).", NumberOfZombieProcesses, NumberOfTerminatedProcesses)->Buffer ); InvalidateRect(GetDlgItem(hwndDlg, IDC_DESCRIPTION), NULL, TRUE); diff --git a/SystemInformer/include/phplug.h b/SystemInformer/include/phplug.h index 3eb07e9b40b3..b501b250bdac 100644 --- a/SystemInformer/include/phplug.h +++ b/SystemInformer/include/phplug.h @@ -63,7 +63,7 @@ typedef enum _PH_GENERAL_CALLBACK GeneralCallbackProcessProviderAddedEvent, // [process provider thread] GeneralCallbackProcessProviderModifiedEvent, // [process provider thread] GeneralCallbackProcessProviderRemovedEvent, // [process provider thread] - GeneralCallbackProcessProviderUpdatedEvent, // [process provider thread] + GeneralCallbackProcessProviderUpdatedEvent, // PPH_PROCESS_PROVIDER_UPDATED_EVENT [process provider thread] GeneralCallbackServiceProviderAddedEvent, // [service provider thread] GeneralCallbackServiceProviderModifiedEvent, // [service provider thread] GeneralCallbackServiceProviderRemovedEvent, // [service provider thread] @@ -78,6 +78,8 @@ typedef enum _PH_GENERAL_CALLBACK GeneralCallbackDeviceNotificationEvent, // [device provider thread] GeneralCallbackTrayIconsInitializing, // [work queue thread] + GeneralCallbackTrayIconsUpdatedEvent, + GeneralCallbackWindowNotifyEvent, GeneralCallbackProcessStatsNotifyEvent, GeneralCallbackSettingsUpdated, @@ -99,6 +101,18 @@ typedef enum _PH_PLUGIN_CALLBACK PluginCallbackMaximum } PH_PLUGIN_CALLBACK, *PPH_PLUGIN_CALLBACK; +// Provider events + +typedef struct _PH_PROCESS_PROVIDER_UPDATED_EVENT +{ + ULONG RunCount; +} PH_PROCESS_PROVIDER_UPDATED_EVENT, *PPH_PROCESS_PROVIDER_UPDATED_EVENT; + +#define PH_PROCESS_PROVIDER_UPDATED_EVENT_PTR(RunCount) \ + &(PH_PROCESS_PROVIDER_UPDATED_EVENT){ (RunCount) } + +// Plugin events + typedef struct _PH_PLUGIN_GET_HIGHLIGHTING_COLOR { // Parameter is: diff --git a/SystemInformer/include/procprpp.h b/SystemInformer/include/procprpp.h index c29fc6337279..2d352bead91a 100644 --- a/SystemInformer/include/procprpp.h +++ b/SystemInformer/include/procprpp.h @@ -428,6 +428,10 @@ typedef struct _PH_STATISTICS_CONTEXT ULONG64 IoOtherCountDelta; ULONG64 IoOtherCountDeltaMin; ULONG64 IoOtherCountDeltaMax; ULONG64 IoOtherCountDeltaDiff; ULONG64 OtherTransferCount; ULONG64 OtherTransferCountMin; ULONG64 OtherTransferCountMax; ULONG64 OtherTransferCountDiff; ULONG64 IoOtherDelta; ULONG64 IoOtherDeltaMin; ULONG64 IoOtherDeltaMax; ULONG64 IoOtherDeltaDiff; + + ULONG64 IoTotal; ULONG64 IoTotalMin; ULONG64 IoTotalMax; ULONG64 IoTotalDiff; + ULONG64 IoTotalDelta; ULONG64 IoTotalDeltaMin; ULONG64 IoTotalDeltaMax; ULONG64 IoTotalDeltaDiff; + } PH_STATISTICS_CONTEXT, *PPH_STATISTICS_CONTEXT; #define WM_PH_PERFORMANCE_UPDATE (WM_APP + 241) diff --git a/SystemInformer/itemtips.c b/SystemInformer/itemtips.c index 1b7a88b18574..6c405f053204 100644 --- a/SystemInformer/itemtips.c +++ b/SystemInformer/itemtips.c @@ -518,15 +518,9 @@ VOID PhpFillUmdfDrivers( ))) return; -#ifdef _WIN64 - // Just in case. - if (Process->IsWow64Process) - flags |= PH_GET_PROCESS_ENVIRONMENT_WOW64; -#endif - if (NT_SUCCESS(PhGetProcessEnvironment( processHandle, - flags, + !!Process->IsWow64Process, &environment, &environmentLength ))) diff --git a/SystemInformer/memedit.c b/SystemInformer/memedit.c index 5d868aae3a0e..7d09b909d920 100644 --- a/SystemInformer/memedit.c +++ b/SystemInformer/memedit.c @@ -195,7 +195,7 @@ INT_PTR CALLBACK PhpMemoryEditorDlgProc( if (context->RegionSize > 1024 * 1024 * 1024) // 1 GB { - PhShowError2(context->OwnerHandle, L"Unable to edit the memory region because it is too large.", L"%s", L""); + PhShowStatus(context->OwnerHandle, L"Unable to edit the memory region.", 0, MEM_E_INVALID_SIZE); return TRUE; } @@ -203,7 +203,7 @@ INT_PTR CALLBACK PhpMemoryEditorDlgProc( if (!context->Buffer) { - PhShowError2(context->OwnerHandle, L"Unable to allocate memory for the buffer.", L"%s", L""); + PhShowStatus(context->OwnerHandle, L"Unable to edit the memory region.", 0, ERROR_OUTOFMEMORY); return TRUE; } @@ -442,7 +442,7 @@ INT_PTR CALLBACK PhpMemoryEditorDlgProc( { if (offset >= context->RegionSize) { - PhShowError2(hwndDlg, L"The offset is too large.", L"%s", L""); + PhShowStatus(hwndDlg, L"Unable to edit the memory region.", 0, MEM_E_INVALID_SIZE); continue; } diff --git a/SystemInformer/memlists.c b/SystemInformer/memlists.c index a757356e7edb..bba3a964cb85 100644 --- a/SystemInformer/memlists.c +++ b/SystemInformer/memlists.c @@ -569,7 +569,7 @@ VOID PhShowMemoryListCommand( } else if (!PhGetOwnTokenAttributes().Elevated) { - PhShowError2(ParentWindow, L"Memory Command", L"System Informer must run elevated to empty all."); + PhShowStatus(ParentWindow, L"Unable to empty the memory list.", 0, ERROR_ELEVATION_REQUIRED); } else { diff --git a/SystemInformer/memsrch.c b/SystemInformer/memsrch.c index a31be06ae220..7af7c4c5a7dd 100644 --- a/SystemInformer/memsrch.c +++ b/SystemInformer/memsrch.c @@ -447,7 +447,7 @@ INT_PTR CALLBACK PhpMemoryStringDlgProc( if (minimumLength < 4) { - PhShowError2(hwndDlg, L"The minimum length must be at least 4.", L"%s", L""); + PhShowError2(hwndDlg, L"Unable to search for strings.", L"%s", L"The minimum length must be at least 4."); break; } diff --git a/SystemInformer/memsrcht.c b/SystemInformer/memsrcht.c index 7f054e20a9ac..f7e03a62a652 100644 --- a/SystemInformer/memsrcht.c +++ b/SystemInformer/memsrcht.c @@ -977,7 +977,7 @@ INT_PTR CALLBACK PhpMemoryStringsMinimumLengthDlgProc( if (!minimumLength || minimumLength > MAXULONG32) { - PhShowError2(hwndDlg, L"Invalid minimum length.", L"%s", L""); + PhShowError2(hwndDlg, L"Unable to update the length.", L"%s", L"The minimum length is invalid."); break; } @@ -1579,12 +1579,13 @@ BOOLEAN PhpShowMemoryStringTreeDialog( context->UseClone = UseClone; context->PrevNodeList = PrevNodeList; - if (!NT_SUCCESS(PhCreateThread2(PhpShowMemoryStringDialogThreadStart, context))) + if (!NT_SUCCESS(status = PhCreateThread2(PhpShowMemoryStringDialogThreadStart, context))) { - PhShowError2(ParentWindowHandle, L"Unable to create the window.", L"%s", L""); PhDereferenceObject(context->ProcessItem); NtClose(context->ProcessHandle); PhFree(context); + + PhShowStatus(ParentWindowHandle, L"Unable to create the window.", status, 0); return FALSE; } diff --git a/SystemInformer/procprv.c b/SystemInformer/procprv.c index 56f1d8c728b6..e9ec8772df96 100644 --- a/SystemInformer/procprv.c +++ b/SystemInformer/procprv.c @@ -3225,7 +3225,7 @@ VOID PhProcessProviderUpdate( } } - PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackProcessProviderUpdatedEvent), UlongToPtr(runCount)); + PhInvokeCallback(PhGetGeneralCallback(GeneralCallbackProcessProviderUpdatedEvent), PH_PROCESS_PROVIDER_UPDATED_EVENT_PTR(runCount)); runCount++; } diff --git a/SystemInformer/procrec.c b/SystemInformer/procrec.c index 3bccdbfc7134..19c80a840b6c 100644 --- a/SystemInformer/procrec.c +++ b/SystemInformer/procrec.c @@ -253,7 +253,12 @@ INT_PTR CALLBACK PhpProcessRecordDlgProc( } else { - PhShowError2(hwndDlg, L"The process has already terminated; only the process record is available.", L"%s", L""); + PhShowError2( + hwndDlg, + L"Unable to show the process properties.", + L"%s", + L"The process has already terminated; only the process record is available." + ); } } break; diff --git a/SystemInformer/prpgenv.c b/SystemInformer/prpgenv.c index 0d926c43ffc5..232362cde3f1 100644 --- a/SystemInformer/prpgenv.c +++ b/SystemInformer/prpgenv.c @@ -230,7 +230,6 @@ VOID PhpRefreshEnvironmentList( if (NT_SUCCESS(status)) { HANDLE tokenHandle; - ULONG flags = 0; PhCreateEnvironmentBlock(&systemDefaultEnvironment, NULL, FALSE); @@ -244,14 +243,9 @@ VOID PhpRefreshEnvironmentList( NtClose(tokenHandle); } -#ifdef _WIN64 - if (ProcessItem->IsWow64Process) - flags |= PH_GET_PROCESS_ENVIRONMENT_WOW64; -#endif - status = PhGetProcessEnvironment( processHandle, - flags, + !!ProcessItem->IsWow64Process, &environment, &environmentLength ); @@ -360,7 +354,6 @@ VOID PhpRefreshEnvironmentList( } } - PhApplyTreeNewFilters(&Context->TreeFilterSupport); TreeNew_NodesStructured(Context->TreeNewHandle); if (systemDefaultEnvironment) @@ -1452,6 +1445,7 @@ INT_PTR CALLBACK PhpProcessEnvironmentDlgProc( PhLoadSettingsEnvironmentList(context); PhpRefreshEnvironmentList(context, processItem); + PhApplyTreeNewFilters(&context->TreeFilterSupport); PhInitializeWindowTheme(hwndDlg, PhEnableThemeSupport); } diff --git a/SystemInformer/prpggen.c b/SystemInformer/prpggen.c index 07c6e0c2a2f1..45f71598106a 100644 --- a/SystemInformer/prpggen.c +++ b/SystemInformer/prpggen.c @@ -718,6 +718,7 @@ INT_PTR CALLBACK PhpProcessGeneralDlgProc( else { PhShowError2(hwndDlg, L"The process does not exist.", L"%s", L""); + PhShowStatus(hwndDlg, L"The process does not exist.", STATUS_NOT_FOUND, 0); } } break; diff --git a/SystemInformer/prpgvdm.c b/SystemInformer/prpgvdm.c index be4a06e1eb21..b5b3bdd44a50 100644 --- a/SystemInformer/prpgvdm.c +++ b/SystemInformer/prpgvdm.c @@ -393,7 +393,7 @@ INT_PTR CALLBACK PhpProcessVdmHostProcessDlgProc( { if (!PhpTerminateVdmTask(processItem, entry->Task16)) { - PhShowError2(hwndDlg, L"Unable to terminate the task.", L"%s", L""); + PhShowStats(hwndDlg, L"Unable to terminate the task.", 0, PhGetLastError()); } } break; diff --git a/SystemInformer/prpgwmi.c b/SystemInformer/prpgwmi.c index d05572f8dbde..7af958e85745 100644 --- a/SystemInformer/prpgwmi.c +++ b/SystemInformer/prpgwmi.c @@ -1027,11 +1027,11 @@ VOID PhpShowWmiProviderStatus( { if (Message) { - PhShowError2(hWnd, Message, L"%s", statusMessage->Buffer); + PhShowError2(hWnd, Message, L"%s", PhGetString(statusMessage)); } else { - PhShowError2(hWnd, statusMessage->Buffer, L"%s", L""); + PhShowError2(hWnd, L"Unable to perform the operation.", L"%s", PhGetString(statusMessage)); } PhDereferenceObject(statusMessage); @@ -1040,11 +1040,11 @@ VOID PhpShowWmiProviderStatus( { if (Message) { - PhShowError2(hWnd, Message, L"%s", L""); + PhShowError2(hWnd, L"Unable to perform the operation.", L"%s", Message); } else { - PhShowError2(hWnd, L"Unable to perform the operation.", L"%s", L""); + PhShowStatus(hWnd, L"Unable to perform the operation.", STATUS_UNSUCCESSFUL, 0); } } } diff --git a/SystemInformer/runas.c b/SystemInformer/runas.c index 6fbf7cfde6bb..883a4659cf5c 100644 --- a/SystemInformer/runas.c +++ b/SystemInformer/runas.c @@ -67,6 +67,7 @@ typedef struct _RUNAS_DIALOG_CONTEXT { + HWND WindowHandle; HWND ProgramComboBoxWindowHandle; HWND UserComboBoxWindowHandle; HWND TypeComboBoxWindowHandle; @@ -299,55 +300,6 @@ PPH_STRING PhpGetCurrentDesktopInfo( return desktopInfo; } -static VOID PhpFreeRecentProgramsComboBox( - _In_ HWND ComboBoxHandle - ) -{ - INT total; - - if ((total = ComboBox_GetCount(ComboBoxHandle)) == CB_ERR) - return; - - for (INT i = 0; i < total; i++) - { - ComboBox_DeleteString(ComboBoxHandle, i); - } - - ComboBox_ResetContent(ComboBoxHandle); -} - -static VOID PhpFreeProgramsComboBox( - _In_ HWND ComboBoxHandle - ) -{ - INT total; - - if ((total = ComboBox_GetCount(ComboBoxHandle)) == CB_ERR) - return; - - for (INT i = 0; i < total; i++) - { - ComboBox_DeleteString(ComboBoxHandle, i); - } -} - -static VOID PhpFreeAccountsComboBox( - _In_ HWND ComboBoxHandle - ) -{ - INT total; - - if ((total = ComboBox_GetCount(ComboBoxHandle)) == CB_ERR) - return; - - for (INT i = 0; i < total; i++) - { - ComboBox_DeleteString(ComboBoxHandle, i); - } - - ComboBox_ResetContent(ComboBoxHandle); -} - BOOLEAN PhpEnumerateRecentProgramsToComboBox( _In_ PPH_STRINGREF Command, _In_ PVOID Context @@ -370,7 +322,7 @@ static VOID PhpAddProgramsToComboBox( _In_ HWND ComboBoxHandle ) { - PhpFreeRecentProgramsComboBox(ComboBoxHandle); + PhDeleteComboBoxStrings(ComboBoxHandle, TRUE); PhEnumerateRecentList(PhpEnumerateRecentProgramsToComboBox, ComboBoxHandle); } @@ -379,7 +331,7 @@ static VOID PhpAddAccountsToComboBox( _In_ HWND ComboBoxHandle ) { - PhpFreeAccountsComboBox(ComboBoxHandle); + PhDeleteComboBoxStrings(ComboBoxHandle, TRUE); ComboBox_AddString(ComboBoxHandle, PH_AUTO_T(PH_STRING, PhGetSidFullName((PSID)&PhSeLocalSystemSid, TRUE, NULL))->Buffer); ComboBox_AddString(ComboBoxHandle, PH_AUTO_T(PH_STRING, PhGetSidFullName((PSID)&PhSeLocalServiceSid, TRUE, NULL))->Buffer); diff --git a/SystemInformer/sessshad.c b/SystemInformer/sessshad.c index b76118ef601d..e9eae1acdeb9 100644 --- a/SystemInformer/sessshad.c +++ b/SystemInformer/sessshad.c @@ -220,7 +220,7 @@ INT_PTR CALLBACK PhpSessionShadowDlgProc( } else { - PhShowError2(hwndDlg, L"The computer name is too long.", L"%s", L""); + PhShowStatus(hwndDlg, L"Unable to remote control the session", 0, ERROR_DS_NAME_TOO_LONG); } } break; diff --git a/SystemInformer/settings.c b/SystemInformer/settings.c index 24ee358ef33a..be3d0b8b516e 100644 --- a/SystemInformer/settings.c +++ b/SystemInformer/settings.c @@ -262,7 +262,7 @@ VOID PhAddDefaultSettings( PhpAddIntegerSetting(L"ThinRows", L"0"); PhpAddStringSetting(L"ThreadTreeListColumns", L""); PhpAddStringSetting(L"ThreadTreeListSort", L"1,2"); // 1, DescendingSortOrder - PhpAddIntegerSetting(L"ThreadTreeListFlags", L"0"); + PhpAddIntegerSetting(L"ThreadTreeListFlags", L"60"); PhpAddStringSetting(L"ThreadStackTreeListColumns", L""); PhpAddScalableIntegerPairSetting(L"ThreadStackWindowSize", L"@96|420,400"); PhpAddIntegerPairSetting(L"TokenWindowPosition", L"0,0"); diff --git a/SystemInformer/sysinfo.c b/SystemInformer/sysinfo.c index b2892c6a20bf..bbb4ea87af8d 100644 --- a/SystemInformer/sysinfo.c +++ b/SystemInformer/sysinfo.c @@ -78,7 +78,7 @@ VOID PhShowSystemInformationDialog( { if (!NT_SUCCESS(PhCreateThreadEx(&PhSipThread, PhSipSysInfoThreadStart, NULL))) { - PhShowError2(PhMainWndHandle, L"Unable to create the window.", L"%s", L""); + PhShowStatus(PhMainWndHandle, L"Unable to create the window.", 0, ERROR_OUTOFMEMORY); return; } diff --git a/SystemInformer/thrdstks.c b/SystemInformer/thrdstks.c index 1a844ff7d2b8..563fdd1e2ecb 100644 --- a/SystemInformer/thrdstks.c +++ b/SystemInformer/thrdstks.c @@ -1861,7 +1861,7 @@ VOID PhShowThreadStacksDialog( if (!NT_SUCCESS(PhCreateThread2(PhpThreadStacksDialogThreadStart, context))) { - PhShowError2(ParentWindowHandle, L"Unable to create the window.", L"%s", L""); + PhShowStatus(ParentWindowHandle, L"Unable to create the window.", 0, ERROR_OUTOFMEMORY); PhDereferenceObject(context); } } diff --git a/phlib/appresolver.c b/phlib/appresolver.c index 93b6bdafe9e9..a0b7c038e57e 100644 --- a/phlib/appresolver.c +++ b/phlib/appresolver.c @@ -1052,7 +1052,7 @@ static BOOLEAN PhParseStartMenuAppShellItem( if (HR_FAILED(IShellItem2_GetProperty(ShellItem, &PKEY_AppUserModel_HostEnvironment, &packageHostEnvironment))) return FALSE; - if (!(V_VT(&packageHostEnvironment) == VT_UI4 && V_UI4(&packageHostEnvironment))) + if (packageHostEnvironment.vt != VT_UI4 && packageHostEnvironment.ulVal) return FALSE; IShellItem2_GetString(ShellItem, &PKEY_AppUserModel_ID, &packageAppUserModelID); @@ -1281,7 +1281,7 @@ BOOLEAN PhAppResolverGetPackageIcon( goto CleanupExit; if (HR_FAILED(IPropertyStore_GetValue(propertyStore, &PKEY_Tile_Background, &propertyColorValue))) goto CleanupExit; - if (HR_FAILED(PhAppResolverGetPackageResourceFilePath(PhGetString(PackageFullName), V_BSTR(&propertyPathValue), &imagePath))) + if (HR_FAILED(PhAppResolverGetPackageResourceFilePath(PhGetString(PackageFullName), propertyPathValue.bstrVal, &imagePath))) goto CleanupExit; if (IconLarge) @@ -1295,7 +1295,7 @@ BOOLEAN PhAppResolverGetPackageIcon( if (bitmap = PhLoadImageFromFile(imagePath, width, height)) { - iconLarge = PhGdiplusConvertBitmapToIcon(bitmap, width, height, V_UI4(&propertyColorValue)); + iconLarge = PhGdiplusConvertBitmapToIcon(bitmap, width, height, propertyColorValue.ulVal); DeleteBitmap(bitmap); } } @@ -1311,7 +1311,7 @@ BOOLEAN PhAppResolverGetPackageIcon( if (bitmap = PhLoadImageFromFile(imagePath, width, height)) { - iconSmall = PhGdiplusConvertBitmapToIcon(bitmap, width, height, V_UI4(&propertyColorValue)); + iconSmall = PhGdiplusConvertBitmapToIcon(bitmap, width, height, propertyColorValue.ulVal); DeleteBitmap(bitmap); } } @@ -1319,8 +1319,8 @@ BOOLEAN PhAppResolverGetPackageIcon( CleanupExit: if (imagePath) CoTaskMemFree(imagePath); - if (V_BSTR(&propertyPathValue)) - CoTaskMemFree(V_BSTR(&propertyPathValue)); + if (propertyPathValue.bstrVal) + CoTaskMemFree(propertyPathValue.bstrVal); if (propertyStore) IPropertyStore_Release(propertyStore); diff --git a/phlib/basesup.c b/phlib/basesup.c index 293b4f21074c..5b01c9f96058 100644 --- a/phlib/basesup.c +++ b/phlib/basesup.c @@ -495,7 +495,12 @@ ULONGLONG PhReadTimeStampCounter( ULONG64 value; value = ReadTimeStampCounter(); + +#if !defined(NTDDI_WIN11_GE) || (NTDDI_VERSION < NTDDI_WIN11_GE) + MemoryBarrier(); +#else SpeculationFence(); +#endif #else ULONG64 value; @@ -988,20 +993,22 @@ PVOID PhAllocatePage( ) { PVOID baseAddress; + SIZE_T regionSize; baseAddress = NULL; + regionSize = Size; if (NT_SUCCESS(NtAllocateVirtualMemory( NtCurrentProcess(), &baseAddress, 0, - &Size, + ®ionSize, MEM_COMMIT, PAGE_READWRITE ))) { if (NewSize) - *NewSize = Size; + *NewSize = regionSize; return baseAddress; } @@ -7043,7 +7050,7 @@ BOOLEAN PhPrintTimeSpanToBuffer( { PH_FORMAT format[7]; - // %I64u:%02I64u:%02I64u:%02I64u + // %llu:%02I64u:%02I64u:%02I64u PhInitFormatI64U(&format[0], PH_TICKS_PARTIAL_DAYS(Ticks)); PhInitFormatC(&format[1], L':'); PhInitFormatI64UWithWidth(&format[2], PH_TICKS_PARTIAL_HOURS(Ticks), 2); @@ -7059,7 +7066,7 @@ BOOLEAN PhPrintTimeSpanToBuffer( { PH_FORMAT format[9]; - // %I64u:%02I64u:%02I64u:%02I64u + // %llu:%02I64u:%02I64u:%02I64u PhInitFormatI64U(&format[0], PH_TICKS_PARTIAL_DAYS(Ticks)); PhInitFormatC(&format[1], L':'); PhInitFormatI64UWithWidth(&format[2], PH_TICKS_PARTIAL_HOURS(Ticks), 2); diff --git a/phlib/guisup.c b/phlib/guisup.c index eea3c740cf7a..12145126476a 100644 --- a/phlib/guisup.c +++ b/phlib/guisup.c @@ -1003,6 +1003,28 @@ LONG PhSelectComboBoxString( } } +VOID PhDeleteComboBoxStrings( + _In_ HWND ComboBoxHandle, + _In_ BOOLEAN ResetContent + ) +{ + LONG total; + + if ((total = ComboBox_GetCount(ComboBoxHandle)) == CB_ERR) + return; + + for (LONG i = 0; i < total; i++) + { + ComboBox_DeleteString(ComboBoxHandle, i); + } + + if (ResetContent) + { + ComboBox_ResetContent(ComboBoxHandle); + } +} + + PPH_STRING PhGetListBoxString( _In_ HWND WindowHandle, _In_ LONG Index diff --git a/phlib/include/guisup.h b/phlib/include/guisup.h index 6991c17c1f6f..cc0800b397fa 100644 --- a/phlib/include/guisup.h +++ b/phlib/include/guisup.h @@ -849,6 +849,14 @@ PhSelectComboBoxString( _In_ BOOLEAN Partial ); +PHLIBAPI +VOID +NTAPI +PhDeleteComboBoxStrings( + _In_ HWND ComboBoxHandle, + _In_ BOOLEAN ResetContent + ); + PHLIBAPI PPH_STRING NTAPI diff --git a/phlib/include/phnative.h b/phlib/include/phnative.h index 7fe4e3bc2e24..e97e0dfc338a 100644 --- a/phlib/include/phnative.h +++ b/phlib/include/phnative.h @@ -108,6 +108,44 @@ PhOpenProcess( _In_ HANDLE ProcessId ); +FORCEINLINE +NTSTATUS +NTAPI +PhOpenProcessWithQueryAccess( + _Out_ PHANDLE ProcessHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ HANDLE ProcessId + ) +{ + NTSTATUS status; + + status = PhOpenProcess( + ProcessHandle, + PROCESS_QUERY_INFORMATION | DesiredAccess, + ProcessId + ); + + if (!NT_SUCCESS(status)) + { + status = PhOpenProcess( + ProcessHandle, + PROCESS_QUERY_LIMITED_INFORMATION | DesiredAccess, + ProcessId + ); + + if (!NT_SUCCESS(status)) + { + status = PhOpenProcess( + ProcessHandle, + PROCESS_QUERY_LIMITED_INFORMATION, + ProcessId + ); + } + } + + return status; +} + PHLIBAPI NTSTATUS NTAPI @@ -370,14 +408,12 @@ PhGetProcessDepStatus( _Out_ PULONG DepStatus ); -#define PH_GET_PROCESS_ENVIRONMENT_WOW64 0x1 // retrieve the WOW64 environment - PHLIBAPI NTSTATUS NTAPI PhGetProcessEnvironment( _In_ HANDLE ProcessHandle, - _In_ ULONG Flags, + _In_ BOOLEAN IsWow64Process, _Out_ PVOID *Environment, _Out_ PULONG EnvironmentLength ); diff --git a/phlib/native.c b/phlib/native.c index 3af91240db36..86db02d9b655 100644 --- a/phlib/native.c +++ b/phlib/native.c @@ -1210,7 +1210,7 @@ NTSTATUS PhGetProcessDepStatus( * * \param ProcessHandle A handle to a process. The handle must have PROCESS_QUERY_INFORMATION and * PROCESS_VM_READ access. - * \param Flags A combination of flags. + * \param IsWow64Process A variable which receives a boolean indicating whether the process is 32-bit. * \li \c PH_GET_PROCESS_ENVIRONMENT_WOW64 Retrieve the environment block from the WOW64 PEB. * \param Environment A variable which will receive a pointer to the environment block copied from * the process. You must free the block using PhFreePage() when you no longer need it. @@ -1219,7 +1219,7 @@ NTSTATUS PhGetProcessDepStatus( */ NTSTATUS PhGetProcessEnvironment( _In_ HANDLE ProcessHandle, - _In_ ULONG Flags, + _In_ BOOLEAN IsWow64Process, _Out_ PVOID *Environment, _Out_ PULONG EnvironmentLength ) @@ -1230,64 +1230,64 @@ NTSTATUS PhGetProcessEnvironment( PVOID environment; SIZE_T environmentLength; - if (!(Flags & PH_GET_PROCESS_ENVIRONMENT_WOW64)) + if (IsWow64Process) { - PVOID pebBaseAddress; - PVOID processParameters; + PVOID pebBaseAddress32; + ULONG processParameters32; + ULONG environmentRemote32; - status = PhGetProcessPeb(ProcessHandle, &pebBaseAddress); + status = PhGetProcessPeb32(ProcessHandle, &pebBaseAddress32); if (!NT_SUCCESS(status)) return status; if (!NT_SUCCESS(status = NtReadVirtualMemory( ProcessHandle, - PTR_ADD_OFFSET(pebBaseAddress, UFIELD_OFFSET(PEB, ProcessParameters)), - &processParameters, - sizeof(PVOID), + PTR_ADD_OFFSET(pebBaseAddress32, UFIELD_OFFSET(PEB32, ProcessParameters)), + &processParameters32, + sizeof(ULONG), NULL ))) return status; if (!NT_SUCCESS(status = NtReadVirtualMemory( ProcessHandle, - PTR_ADD_OFFSET(processParameters, UFIELD_OFFSET(RTL_USER_PROCESS_PARAMETERS, Environment)), - &environmentRemote, - sizeof(PVOID), + PTR_ADD_OFFSET(processParameters32, UFIELD_OFFSET(RTL_USER_PROCESS_PARAMETERS32, Environment)), + &environmentRemote32, + sizeof(ULONG), NULL ))) return status; + + environmentRemote = UlongToPtr(environmentRemote32); } else { - PVOID pebBaseAddress32; - ULONG processParameters32; - ULONG environmentRemote32; + PVOID pebBaseAddress; + PVOID processParameters; - status = PhGetProcessPeb32(ProcessHandle, &pebBaseAddress32); + status = PhGetProcessPeb(ProcessHandle, &pebBaseAddress); if (!NT_SUCCESS(status)) return status; if (!NT_SUCCESS(status = NtReadVirtualMemory( ProcessHandle, - PTR_ADD_OFFSET(pebBaseAddress32, UFIELD_OFFSET(PEB32, ProcessParameters)), - &processParameters32, - sizeof(ULONG), + PTR_ADD_OFFSET(pebBaseAddress, UFIELD_OFFSET(PEB, ProcessParameters)), + &processParameters, + sizeof(PVOID), NULL ))) return status; if (!NT_SUCCESS(status = NtReadVirtualMemory( ProcessHandle, - PTR_ADD_OFFSET(processParameters32, UFIELD_OFFSET(RTL_USER_PROCESS_PARAMETERS32, Environment)), - &environmentRemote32, - sizeof(ULONG), + PTR_ADD_OFFSET(processParameters, UFIELD_OFFSET(RTL_USER_PROCESS_PARAMETERS, Environment)), + &environmentRemote, + sizeof(PVOID), NULL ))) return status; - - environmentRemote = UlongToPtr(environmentRemote32); } if (!NT_SUCCESS(status = NtQueryVirtualMemory( diff --git a/plugins/ExtendedNotifications/main.c b/plugins/ExtendedNotifications/main.c index 245f95ab8a62..4f8654252f7c 100644 --- a/plugins/ExtendedNotifications/main.c +++ b/plugins/ExtendedNotifications/main.c @@ -86,7 +86,6 @@ LOGICAL DllMain( return FALSE; info->DisplayName = L"Extended Notifications"; - info->Author = L"wj32"; info->Description = L"Filters notifications."; PhRegisterCallback( @@ -365,7 +364,7 @@ BOOLEAN MatchFilterList( { PFILTER_ENTRY entry = FilterList->Items[i]; - if (isFileName && PhFindCharInString(entry->Filter, 0, L'\\') == SIZE_MAX) + if (isFileName && PhFindCharInString(entry->Filter, 0, OBJ_NAME_PATH_SEPARATOR) == SIZE_MAX) continue; // ignore filters without backslashes if we're matching a file name if (entry->Filter->Length == 2 && entry->Filter->Buffer[0] == L'*') // shortcut @@ -479,8 +478,8 @@ LRESULT CALLBACK TextBoxSubclassProc( { case WM_NCDESTROY: { - SetWindowLongPtr(hWnd, GWLP_WNDPROC, (LONG_PTR)oldWndProc); PhRemoveWindowContext(hWnd, UCHAR_MAX); + PhSetWindowProcedure(hWnd, oldWndProc); } break; case WM_GETDLGCODE: @@ -536,9 +535,9 @@ INT_PTR HandleCommonMessages( WNDPROC oldWndProc; textBoxHandle = GetDlgItem(hwndDlg, IDC_TEXT); - oldWndProc = (WNDPROC)GetWindowLongPtr(textBoxHandle, GWLP_WNDPROC); + oldWndProc = PhGetWindowProcedure(textBoxHandle); PhSetWindowContext(textBoxHandle, UCHAR_MAX, oldWndProc); - SetWindowLongPtr(textBoxHandle, GWLP_WNDPROC, (LONG_PTR)TextBoxSubclassProc); + PhSetWindowProcedure(textBoxHandle, TextBoxSubclassProc); Button_SetCheck(GetDlgItem(hwndDlg, IDC_INCLUDE), BST_CHECKED); diff --git a/plugins/Plugins.props b/plugins/Plugins.props index 8802f9a36dcb..cac3b77dd806 100644 --- a/plugins/Plugins.props +++ b/plugins/Plugins.props @@ -1,5 +1,5 @@ - + diff --git a/plugins/Updater/updater.c b/plugins/Updater/updater.c index 749d4207c59b..68cce2d54269 100644 --- a/plugins/Updater/updater.c +++ b/plugins/Updater/updater.c @@ -301,6 +301,7 @@ NTSTATUS UpdatePlatformSupportInformation( LARGE_INTEGER fileSize; PH_HASH_CONTEXT hashContext; ULONG64 bytesRemaining; + ULONG numberOfBytesRead; BYTE buffer[PAGE_SIZE]; BYTE hash[256 / 8]; @@ -324,25 +325,19 @@ NTSTATUS UpdatePlatformSupportInformation( while (bytesRemaining) { - IO_STATUS_BLOCK iosb; - - status = NtReadFile( + status = PhReadFile( fileHandle, - NULL, - NULL, - NULL, - &iosb, buffer, sizeof(buffer), NULL, - NULL + &numberOfBytesRead ); if (!NT_SUCCESS(status)) break; - PhUpdateHash(&hashContext, buffer, (ULONG)iosb.Information); - bytesRemaining -= (ULONG)iosb.Information; + PhUpdateHash(&hashContext, buffer, numberOfBytesRead); + bytesRemaining -= numberOfBytesRead; } if (NT_SUCCESS(status = PhLoadMappedImageHeaderPageSize(NULL, fileHandle, &mappedImage))) diff --git a/tools/fixlib_bcd/make_bcd_lib.cmd b/tools/fixlib_bcd/make_bcd_lib.cmd index 4d7eaf05b471..95c61d6dcd0d 100644 --- a/tools/fixlib_bcd/make_bcd_lib.cmd +++ b/tools/fixlib_bcd/make_bcd_lib.cmd @@ -1,7 +1,20 @@ @echo off @setlocal enableextensions -call "%ProgramFiles%\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvarsall.bat" amd64_arm64 +for /f "usebackq tokens=*" %%a in (`call "%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe" -latest -prerelease -products * -requires Microsoft.Component.MSBuild -property installationPath`) do ( + set "VSINSTALLPATH=%%a" +) + +if not defined VSINSTALLPATH ( + echo No Visual Studio installation detected. + goto end +) + +if exist "%VSINSTALLPATH%\VC\Auxiliary\Build\vcvarsall.bat" ( + call "%VSINSTALLPATH%\VC\Auxiliary\Build\vcvarsall.bat" amd64_arm64 +) else ( + goto end +) lib /machine:x86 /def:lib32/bcd.def /out:lib32/bcd.lib "../fixlib/bin/Release/fixlib.exe" lib32/bcd.lib diff --git a/tools/peview/exlfprp.c b/tools/peview/exlfprp.c index b929dd9b02e7..7f6551a04e67 100644 --- a/tools/peview/exlfprp.c +++ b/tools/peview/exlfprp.c @@ -269,7 +269,7 @@ VOID PvpSetWslImageBase( } else if (PvMappedImage.Header->e_ident[EI_CLASS] == ELFCLASS64) { - string = PhFormatString(L"0x%I64x", PhGetMappedWslImageBaseAddress(&PvMappedImage)); + string = PhFormatString(L"0x%llx", PhGetMappedWslImageBaseAddress(&PvMappedImage)); PhSetDialogItemText(hwndDlg, IDC_IMAGEBASE, string->Buffer); PhDereferenceObject(string); } @@ -289,7 +289,7 @@ VOID PvpSetWslEntrypoint( } else if (PvMappedImage.Header->e_ident[EI_CLASS] == ELFCLASS64) { - string = PhFormatString(L"0x%I64x", PvMappedImage.Headers64->e_entry); + string = PhFormatString(L"0x%llx", PvMappedImage.Headers64->e_entry); PhSetDialogItemText(hwndDlg, IDC_ENTRYPOINT, string->Buffer); PhDereferenceObject(string); } diff --git a/tools/peview/expprp.c b/tools/peview/expprp.c index fd1b77fb54f6..ecaaa45689dc 100644 --- a/tools/peview/expprp.c +++ b/tools/peview/expprp.c @@ -1058,6 +1058,8 @@ VOID PvInitializeExportTree( PhAddTreeNewColumnEx2(TreeNewHandle, PV_EXPORT_TREE_COLUMN_ITEM_UNDECORATED, TRUE, L"Undecorated name", 150, PH_ALIGN_LEFT, PV_EXPORT_TREE_COLUMN_ITEM_UNDECORATED, 0, 0); PhAddTreeNewColumnEx2(TreeNewHandle, PV_EXPORT_TREE_COLUMN_ITEM_SUPRESSION, TRUE, L"CFG export suppression", 80, PH_ALIGN_LEFT, PV_EXPORT_TREE_COLUMN_ITEM_SUPRESSION, 0, 0); + TreeNew_SetRowHeight(Context->TreeNewHandle, PhGetDpi(22, PhGetWindowDpi(Context->WindowHandle))); + TreeNew_SetSort(TreeNewHandle, PV_EXPORT_TREE_COLUMN_ITEM_INDEX, AscendingSortOrder); TreeNew_SetRedraw(TreeNewHandle, TRUE); diff --git a/tools/peview/impprp.c b/tools/peview/impprp.c index 35fcc7f91c35..7e0447e39df3 100644 --- a/tools/peview/impprp.c +++ b/tools/peview/impprp.c @@ -465,6 +465,7 @@ INT_PTR CALLBACK PvPeImportsDlgProc( PvConfigTreeBorders(context->TreeNewHandle); TreeNew_SetEmptyText(context->TreeNewHandle, &LoadingImportsText, 0); + TreeNew_SetRowHeight(context->TreeNewHandle, PhGetDpi(22, PhGetWindowDpi(hwndDlg))); PhInitializeLayoutManager(&context->LayoutManager, hwndDlg); PhAddLayoutItem(&context->LayoutManager, context->SearchHandle, NULL, PH_ANCHOR_TOP | PH_ANCHOR_RIGHT); diff --git a/tools/peview/include/peview.h b/tools/peview/include/peview.h index e0d13dc4918d..bb3694dbd3cc 100644 --- a/tools/peview/include/peview.h +++ b/tools/peview/include/peview.h @@ -327,6 +327,7 @@ typedef enum PV_SYMBOL_TREE_MENU_ITEM PV_SYMBOL_TREE_MENU_ITEM_HIDE_EXECUTE, PV_SYMBOL_TREE_MENU_ITEM_HIDE_CODE, PV_SYMBOL_TREE_MENU_ITEM_HIDE_READ, + PV_SYMBOL_TREE_MENU_ITEM_FILTER_WRITE, PV_SYMBOL_TREE_MENU_ITEM_HIGHLIGHT_WRITE, PV_SYMBOL_TREE_MENU_ITEM_HIGHLIGHT_EXECUTE, PV_SYMBOL_TREE_MENU_ITEM_HIGHLIGHT_CODE, @@ -473,7 +474,8 @@ typedef struct _PDB_SYMBOL_CONTEXT ULONG HighlightExecuteSection : 1; ULONG HighlightCodeSection : 1; ULONG HighlightReadSection : 1; - ULONG Spare : 24; + ULONG FilterNonWriteSections : 1; + ULONG Spare : 23; }; }; } PDB_SYMBOL_CONTEXT, *PPDB_SYMBOL_CONTEXT; diff --git a/tools/peview/layout.c b/tools/peview/layout.c index f072045852e4..33b0bc8cf6e6 100644 --- a/tools/peview/layout.c +++ b/tools/peview/layout.c @@ -1096,7 +1096,7 @@ NTSTATUS PvLayoutEnumerateFileLayouts( fileLayoutSteamEntry = PTR_ADD_OFFSET(fileLayoutEntry, fileLayoutEntry->FirstStreamOffset); fileLayoutInfoEntry = PTR_ADD_OFFSET(fileLayoutEntry, fileLayoutEntry->ExtraInfoOffset); - PvAddChildLayoutNode(Context, NULL, L"File reference number", PhFormatString(L"%I64u (0x%I64x)", fileLayoutEntry->FileReferenceNumber, fileLayoutEntry->FileReferenceNumber)); + PvAddChildLayoutNode(Context, NULL, L"File reference number", PhFormatString(L"%llu (0x%llx)", fileLayoutEntry->FileReferenceNumber, fileLayoutEntry->FileReferenceNumber)); PvAddChildLayoutNode(Context, NULL, L"File attributes", PhFormatUInt64(fileLayoutEntry->FileAttributes, FALSE)); PvAddChildLayoutNode(Context, NULL, L"File entry flags", PhFormatUInt64(fileLayoutEntry->Flags, FALSE)); PvAddChildLayoutNode(Context, NULL, L"Creation time", PvLayoutGetRelativeTimeString(&fileLayoutInfoEntry->BasicInformation.CreationTime.QuadPart)); @@ -1131,7 +1131,7 @@ NTSTATUS PvLayoutEnumerateFileLayouts( parentNode = PvAddChildLayoutNode(Context, NULL, L"Filename", NULL); PvAddChildLayoutNode(Context, parentNode, PvLayoutNameFlagsToString(fileLayoutNameEntry->Flags), layoutFileName); //PvAddChildLayoutNode(Context, parentNode, L"Parent Name", PvLayoutGetParentIdName(fileHandle, fileLayoutNameEntry->ParentFileReferenceNumber)); - PvAddChildLayoutNode(Context, parentNode, L"Parent ID", PhFormatString(L"%I64u (0x%I64x)", fileLayoutNameEntry->ParentFileReferenceNumber, fileLayoutNameEntry->ParentFileReferenceNumber)); + PvAddChildLayoutNode(Context, parentNode, L"Parent ID", PhFormatString(L"%llu (0x%llx)", fileLayoutNameEntry->ParentFileReferenceNumber, fileLayoutNameEntry->ParentFileReferenceNumber)); if (fileLayoutNameEntry->NextNameOffset == 0) break; diff --git a/tools/peview/pdb.c b/tools/peview/pdb.c index d6bcb9c02e83..c6e42a25527f 100644 --- a/tools/peview/pdb.c +++ b/tools/peview/pdb.c @@ -108,42 +108,42 @@ PPH_STRINGREF rgTags[] = SREF(L"Inlinee"), // SymTagInlinee }; -PWSTR rgLocationTypeString[] = +PPH_STRINGREF rgLocationTypeString[] = { - L"NULL", - L"static", - L"TLS", - L"RegRel", - L"ThisRel", - L"Enregistered", - L"BitField", - L"Slot", - L"IL Relative", - L"In MetaData", - L"Constant", - L"RegRelAliasIndir" + SREF(L"NULL"), + SREF(L"static"), + SREF(L"TLS"), + SREF(L"RegRel"), + SREF(L"ThisRel"), + SREF(L"Enregistered"), + SREF(L"BitField"), + SREF(L"Slot"), + SREF(L"IL Relative"), + SREF(L"In MetaData"), + SREF(L"Constant"), + SREF(L"RegRelAliasIndir") }; -PWSTR rgUdtKind[] = +PPH_STRINGREF rgUdtKind[] = { - L"struct", - L"class", - L"union", - L"interface", + SREF(L"struct"), + SREF(L"class"), + SREF(L"union"), + SREF(L"interface"), }; -PWSTR rgDataKind[] = +PPH_STRINGREF rgDataKind[] = { - L"Unknown", - L"Local", - L"Static Local", - L"Param", - L"Object Ptr", - L"File Static", - L"Global", - L"Member", - L"Static Member", - L"Constant", + SREF(L"Unknown"), + SREF(L"Local"), + SREF(L"Static Local"), + SREF(L"Param"), + SREF(L"Object Ptr"), + SREF(L"File Static"), + SREF(L"Global"), + SREF(L"Member"), + SREF(L"Static Member"), + SREF(L"Constant"), }; VOID PrintSymbolType( @@ -157,7 +157,7 @@ VOID PrintSymTag( ) { PhAppendStringBuilder(StringBuilder, rgTags[SymbolTag]); - PhAppendFormatStringBuilder(StringBuilder, L": "); + PhAppendStringBuilder2(StringBuilder, L": "); } VOID PrintVariant( @@ -224,7 +224,8 @@ VOID PrintLocation( (IDiaSymbol_get_addressSection(IDiaSymbol, &dwSect) == S_OK) && (IDiaSymbol_get_addressOffset(IDiaSymbol, &dwOff) == S_OK)) { - PhAppendFormatStringBuilder(StringBuilder, L"%s, [%08X][%04X:%08X]", rgLocationTypeString[dwLocType], dwRVA, dwSect, dwOff); + PhAppendStringBuilder(StringBuilder,rgLocationTypeString[dwLocType]); + PhAppendFormatStringBuilder(StringBuilder, L", [%08X][%04X:%08X]", dwRVA, dwSect, dwOff); } break; @@ -235,7 +236,8 @@ VOID PrintLocation( (IDiaSymbol_get_addressSection(IDiaSymbol, &dwSect) == S_OK) && (IDiaSymbol_get_addressOffset(IDiaSymbol, &dwOff) == S_OK)) { - PhAppendFormatStringBuilder(StringBuilder, L"%s, [%08X][%04X:%08X]", rgLocationTypeString[dwLocType], dwRVA, dwSect, dwOff); + PhAppendStringBuilder(StringBuilder, rgLocationTypeString[dwLocType]); + PhAppendFormatStringBuilder(StringBuilder, L", [%08X][%04X:%08X]", dwRVA, dwSect, dwOff); } break; @@ -273,7 +275,8 @@ VOID PrintLocation( { if (IDiaSymbol_get_slot(IDiaSymbol, &dwSlot) == S_OK) { - PhAppendFormatStringBuilder(StringBuilder, L"%s, [%08X]", rgLocationTypeString[dwLocType], dwSlot); + PhAppendStringBuilder(StringBuilder, rgLocationTypeString[dwLocType]); + PhAppendFormatStringBuilder(StringBuilder, L", [%08X]", dwSlot); } } break; @@ -315,18 +318,19 @@ VOID PrintName( { if (wcscmp(bstrName, bstrUndName) == 0) { - PhAppendFormatStringBuilder(StringBuilder, L"%s", bstrName); + PhAppendStringBuilder2(StringBuilder, bstrName); } else { - PhAppendFormatStringBuilder(StringBuilder, L"%s(%s)", bstrUndName, bstrName); + PhAppendStringBuilder2(StringBuilder, bstrUndName); + PhAppendFormatStringBuilder(StringBuilder, L"(%s)", bstrName); } PhSymbolProviderFreeDiaString(bstrUndName); } else { - PhAppendFormatStringBuilder(StringBuilder, L"%s", bstrName); + PhAppendStringBuilder2(StringBuilder, bstrName); } PhSymbolProviderFreeDiaString(bstrName); @@ -347,13 +351,13 @@ VOID PrintData( return; } - PhAppendFormatStringBuilder(StringBuilder, L"%s", rgDataKind[dwDataKind]); + PhAppendStringBuilder(StringBuilder, rgDataKind[dwDataKind]); PrintSymbolType(StringBuilder, IDiaSymbol); - PhAppendFormatStringBuilder(StringBuilder, L", "); + PhAppendStringBuilder2(StringBuilder, L", "); PrintName(StringBuilder, IDiaSymbol); - PhAppendFormatStringBuilder(StringBuilder, L" = "); + PhAppendStringBuilder2(StringBuilder, L" = "); PrintLocation(StringBuilder, IDiaSymbol); } @@ -366,7 +370,8 @@ VOID PrintUdtKind( if (IDiaSymbol_get_udtKind(pSymbol, &dwKind) == S_OK) { - PhAppendFormatStringBuilder(StringBuilder, L"%s ", rgUdtKind[dwKind]); + PhAppendStringBuilder(StringBuilder, rgUdtKind[dwKind]); + PhAppendStringBuilder2(StringBuilder, L" "); } } @@ -1353,7 +1358,7 @@ NTSTATUS PeDumpFileSymbols( IDiaSymbol_Release(idiaSymbol); } - IDiaSession_Release(idiaSession); + //IDiaSession_Release(idiaSession); PostMessage(Context->WindowHandle, WM_PV_SEARCH_FINISHED, 0, 0); return STATUS_SUCCESS; diff --git a/tools/peview/pdbprp.c b/tools/peview/pdbprp.c index d1d9219c558e..210e62223333 100644 --- a/tools/peview/pdbprp.c +++ b/tools/peview/pdbprp.c @@ -184,6 +184,9 @@ VOID PvSetOptionsSymbolsList( case PV_SYMBOL_TREE_MENU_ITEM_HIDE_READ: Context->HideReadSection = !Context->HideReadSection; break; + case PV_SYMBOL_TREE_MENU_ITEM_FILTER_WRITE: + Context->FilterNonWriteSections = !Context->FilterNonWriteSections; + break; case PV_SYMBOL_TREE_MENU_ITEM_HIGHLIGHT_WRITE: Context->HighlightWriteSection = !Context->HighlightWriteSection; break; @@ -649,14 +652,22 @@ BOOLEAN PvSymbolTreeFilterCallback( //if (node->Address == 0) // return TRUE; - if (context->HideWriteSection && node->Characteristics & IMAGE_SCN_MEM_WRITE) - return FALSE; - if (context->HideExecuteSection && node->Characteristics & IMAGE_SCN_MEM_EXECUTE) - return FALSE; - if (context->HideCodeSection && node->Characteristics & IMAGE_SCN_CNT_CODE) - return FALSE; - if (context->HideReadSection && node->Characteristics & IMAGE_SCN_MEM_READ) - return FALSE; + if (context->FilterNonWriteSections) + { + if (!FlagOn(node->Characteristics, IMAGE_SCN_MEM_WRITE)) + return FALSE; + } + else + { + if (context->HideWriteSection && FlagOn(node->Characteristics, IMAGE_SCN_MEM_WRITE)) + return FALSE; + if (context->HideExecuteSection && node->Characteristics & IMAGE_SCN_MEM_EXECUTE) + return FALSE; + if (context->HideCodeSection && node->Characteristics & IMAGE_SCN_CNT_CODE) + return FALSE; + if (context->HideReadSection && node->Characteristics & IMAGE_SCN_MEM_READ) + return FALSE; + } if (!context->SearchMatchHandle) return TRUE; @@ -927,6 +938,7 @@ INT_PTR CALLBACK PvpSymbolsDlgProc( PPH_EMENU_ITEM executableMenuItem; PPH_EMENU_ITEM codeMenuItem; PPH_EMENU_ITEM readMenuItem; + PPH_EMENU_ITEM filterWriteMenuItem; PPH_EMENU_ITEM highlightWriteMenuItem; PPH_EMENU_ITEM highlightExecuteMenuItem; PPH_EMENU_ITEM highlightCodeMenuItem; @@ -939,6 +951,7 @@ INT_PTR CALLBACK PvpSymbolsDlgProc( executableMenuItem = PhCreateEMenuItem(0, PV_SYMBOL_TREE_MENU_ITEM_HIDE_EXECUTE, L"Hide executable", NULL, NULL); codeMenuItem = PhCreateEMenuItem(0, PV_SYMBOL_TREE_MENU_ITEM_HIDE_CODE, L"Hide code", NULL, NULL); readMenuItem = PhCreateEMenuItem(0, PV_SYMBOL_TREE_MENU_ITEM_HIDE_READ, L"Hide readable", NULL, NULL); + filterWriteMenuItem = PhCreateEMenuItem(0, PV_SYMBOL_TREE_MENU_ITEM_FILTER_WRITE, L"Filter non-writable", NULL, NULL); highlightWriteMenuItem = PhCreateEMenuItem(0, PV_SYMBOL_TREE_MENU_ITEM_HIGHLIGHT_WRITE, L"Highlight writable", NULL, NULL); highlightExecuteMenuItem = PhCreateEMenuItem(0, PV_SYMBOL_TREE_MENU_ITEM_HIGHLIGHT_EXECUTE, L"Highlight executable", NULL, NULL); highlightCodeMenuItem = PhCreateEMenuItem(0, PV_SYMBOL_TREE_MENU_ITEM_HIGHLIGHT_CODE, L"Highlight code", NULL, NULL); @@ -949,6 +962,7 @@ INT_PTR CALLBACK PvpSymbolsDlgProc( PhInsertEMenuItem(menu, executableMenuItem, ULONG_MAX); PhInsertEMenuItem(menu, codeMenuItem, ULONG_MAX); PhInsertEMenuItem(menu, readMenuItem, ULONG_MAX); + PhInsertEMenuItem(menu, filterWriteMenuItem, ULONG_MAX); PhInsertEMenuItem(menu, PhCreateEMenuSeparator(), ULONG_MAX); PhInsertEMenuItem(menu, highlightWriteMenuItem, ULONG_MAX); PhInsertEMenuItem(menu, highlightExecuteMenuItem, ULONG_MAX); @@ -963,6 +977,8 @@ INT_PTR CALLBACK PvpSymbolsDlgProc( codeMenuItem->Flags |= PH_EMENU_CHECKED; if (context->HideReadSection) readMenuItem->Flags |= PH_EMENU_CHECKED; + if (context->FilterNonWriteSections) + filterWriteMenuItem->Flags |= PH_EMENU_CHECKED; if (context->HighlightWriteSection) highlightWriteMenuItem->Flags |= PH_EMENU_CHECKED; if (context->HighlightExecuteSection) diff --git a/tools/peview/pedirprp.c b/tools/peview/pedirprp.c index 890156a59116..dba750186c26 100644 --- a/tools/peview/pedirprp.c +++ b/tools/peview/pedirprp.c @@ -1102,7 +1102,7 @@ VOID PvInitializeDirectoryTree( PhAddTreeNewColumnEx2(TreeNewHandle, PV_DIRECTORY_TREE_COLUMN_ITEM_SSDEEP, TRUE, L"SSDEEP", 80, PH_ALIGN_LEFT, PV_DIRECTORY_TREE_COLUMN_ITEM_SSDEEP, 0, 0); PhAddTreeNewColumnEx2(TreeNewHandle, PV_DIRECTORY_TREE_COLUMN_ITEM_TLSH, TRUE, L"TLSH", 80, PH_ALIGN_LEFT, PV_DIRECTORY_TREE_COLUMN_ITEM_TLSH, 0, 0); - TreeNew_SetRowHeight(TreeNewHandle, 22); + TreeNew_SetRowHeight(Context->TreeNewHandle, PhGetDpi(22, PhGetWindowDpi(ParentWindowHandle))); TreeNew_SetRedraw(TreeNewHandle, TRUE); TreeNew_SetSort(TreeNewHandle, PV_DIRECTORY_TREE_COLUMN_ITEM_INDEX, AscendingSortOrder); diff --git a/tools/peview/peprp.c b/tools/peview/peprp.c index c2fe89227dbd..e8e6f2847431 100644 --- a/tools/peview/peprp.c +++ b/tools/peview/peprp.c @@ -994,7 +994,7 @@ VOID PvpSetPeImageBaseAddress( else imagebase = PvMappedImage.NtHeaders->OptionalHeader.ImageBase; - string = PhFormatString(L"0x%I64x", imagebase); + string = PhFormatString(L"0x%llx", imagebase); PhSetListViewSubItem(ListViewHandle, PVP_IMAGE_GENERAL_INDEX_IMAGEBASE, 1, string->Buffer); PhDereferenceObject(string); } diff --git a/tools/peview/pesectionprp.c b/tools/peview/pesectionprp.c index 1f4cf2970048..a4379ab46369 100644 --- a/tools/peview/pesectionprp.c +++ b/tools/peview/pesectionprp.c @@ -1285,7 +1285,7 @@ VOID PvInitializeSectionTree( PhAddTreeNewColumnEx2(TreeNewHandle, PV_SECTION_TREE_COLUMN_ITEM_SSDEEP, TRUE, L"SSDEEP", 80, PH_ALIGN_LEFT, PV_SECTION_TREE_COLUMN_ITEM_SSDEEP, 0, 0); PhAddTreeNewColumnEx2(TreeNewHandle, PV_SECTION_TREE_COLUMN_ITEM_TLSH, TRUE, L"TLSH", 80, PH_ALIGN_LEFT, PV_SECTION_TREE_COLUMN_ITEM_TLSH, 0, 0); - TreeNew_SetRowHeight(TreeNewHandle, 22); + TreeNew_SetRowHeight(TreeNewHandle, PhGetDpi(22, PhGetWindowDpi(ParentWindowHandle))); TreeNew_SetRedraw(TreeNewHandle, TRUE); TreeNew_SetSort(TreeNewHandle, PV_SECTION_TREE_COLUMN_ITEM_INDEX, AscendingSortOrder); diff --git a/tools/peview/secprp.c b/tools/peview/secprp.c index ec4a240a7ee8..bb792599d653 100644 --- a/tools/peview/secprp.c +++ b/tools/peview/secprp.c @@ -189,7 +189,7 @@ VOID PvInitializeCertificateTree( TreeNew_SetRedraw(Context->TreeNewHandle, TRUE); TreeNew_SetTriState(Context->TreeNewHandle, TRUE); TreeNew_SetSort(Context->TreeNewHandle, PV_CERTIFICATE_TREE_COLUMN_NAME_INDEX, NoSortOrder); - TreeNew_SetRowHeight(Context->TreeNewHandle, 22); + TreeNew_SetRowHeight(Context->TreeNewHandle, PhGetDpi(22, PhGetWindowDpi(Context->WindowHandle))); settings = PhGetStringSetting(L"ImageSecurityTreeColumns"); PhCmLoadSettings(Context->TreeNewHandle, &settings->sr); diff --git a/tools/peview/strings.c b/tools/peview/strings.c index f666cf3df9e0..443adc675099 100644 --- a/tools/peview/strings.c +++ b/tools/peview/strings.c @@ -26,7 +26,8 @@ typedef struct _PV_STRINGS_SETTINGS ULONG Ansi : 1; ULONG Unicode : 1; ULONG ExtendedCharSet : 1; - ULONG Spare : 29; + ULONG SkipTextSection : 1; + ULONG Spare : 28; }; ULONG Flags; @@ -115,17 +116,25 @@ NTSTATUS NTAPI PvpStringSearchNextBuffer( _Function_class_(PH_STRING_SEARCH_CALLBACK) BOOLEAN NTAPI PvpStringSearchCallback( _In_ PPH_STRING_SEARCH_RESULT Result, - _In_opt_ PVOID Context + _In_ PPV_STRINGS_CONTEXT Context ) { - PPV_STRINGS_CONTEXT context = Context; PPV_STRINGS_NODE node; PIMAGE_SECTION_HEADER section; - assert(Context); + section = PhMappedImageRvaToSection(&PvMappedImage, (ULONG)(ULONG_PTR)PTR_SUB_OFFSET(Result->Address, PvMappedImage.ViewBase)); + + if ( + Context->Settings.SkipTextSection && section && + FlagOn(section->Characteristics, IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ) + ) + { + if (PhEqualBytesZ((PCSTR)section->Name, ".text", FALSE)) + return FALSE; + } node = PhAllocateZero(sizeof(PV_STRINGS_NODE)); - node->Index = ++context->StringsCount; + node->Index = ++Context->StringsCount; node->Rva = (ULONG_PTR)PTR_SUB_OFFSET(Result->Address, PvMappedImage.ViewBase); node->Unicode = Result->Unicode; node->String = PhReferenceObject(Result->String); @@ -136,19 +145,22 @@ BOOLEAN NTAPI PvpStringSearchCallback( PhInitializeStringRefLongHint(&node->IndexStringRef, node->IndexString); - PhAcquireQueuedLockExclusive(&context->SearchResultsLock); - PhAddItemList(context->SearchResults, node); - PhReleaseQueuedLockExclusive(&context->SearchResultsLock); - - if (section = PhMappedImageRvaToSection(&PvMappedImage, (ULONG)node->Rva)) + if (section) { - for (ULONG i = 0; i < IMAGE_SIZEOF_SHORT_NAME; i++) - { - node->SectionName[i] = section->Name[i]; - } + PhCopyStringZFromUtf8( + (PCSTR)section->Name, + SIZE_MAX, + node->SectionName, + RTL_NUMBER_OF(node->SectionName), + NULL + ); } - return !!context->StopSearch; + PhAcquireQueuedLockExclusive(&Context->SearchResultsLock); + PhAddItemList(Context->SearchResults, node); + PhReleaseQueuedLockExclusive(&Context->SearchResultsLock); + + return !!Context->StopSearch; } NTSTATUS PvpSearchStringsThread( @@ -877,6 +889,7 @@ INT_PTR CALLBACK PvStringsDlgProc( PPH_EMENU_ITEM unicode; PPH_EMENU_ITEM extendedUnicode; PPH_EMENU_ITEM minimumLength; + PPH_EMENU_ITEM skipExecutableSection; PPH_EMENU_ITEM refresh; GetWindowRect(GetDlgItem(hwndDlg, IDC_SETTINGS), &rect); @@ -884,6 +897,7 @@ INT_PTR CALLBACK PvStringsDlgProc( ansi = PhCreateEMenuItem(0, 1, L"ANSI", NULL, NULL); unicode = PhCreateEMenuItem(0, 2, L"Unicode", NULL, NULL); extendedUnicode = PhCreateEMenuItem(0, 3, L"Extended character set", NULL, NULL); + skipExecutableSection = PhCreateEMenuItem(0, 4, L"Skip .text secton", NULL, NULL); minimumLength = PhCreateEMenuItem(0, 4, L"Minimum length...", NULL, NULL); refresh = PhCreateEMenuItem(0, 5, L"Refresh", NULL, NULL); @@ -891,6 +905,7 @@ INT_PTR CALLBACK PvStringsDlgProc( PhInsertEMenuItem(menu, ansi, ULONG_MAX); PhInsertEMenuItem(menu, unicode, ULONG_MAX); PhInsertEMenuItem(menu, extendedUnicode, ULONG_MAX); + PhInsertEMenuItem(menu, skipExecutableSection, ULONG_MAX); PhInsertEMenuItem(menu, PhCreateEMenuSeparator(), ULONG_MAX); PhInsertEMenuItem(menu, minimumLength, ULONG_MAX); PhInsertEMenuItem(menu, PhCreateEMenuSeparator(), ULONG_MAX); @@ -902,6 +917,8 @@ INT_PTR CALLBACK PvStringsDlgProc( unicode->Flags |= PH_EMENU_CHECKED; if (context->Settings.ExtendedCharSet) extendedUnicode->Flags |= PH_EMENU_CHECKED; + if (context->Settings.SkipTextSection) + skipExecutableSection->Flags |= PH_EMENU_CHECKED; selectedItem = PhShowEMenu( menu, @@ -932,6 +949,12 @@ INT_PTR CALLBACK PvStringsDlgProc( PvpSaveSettingsStrings(context); PvpSearchStrings(context); } + else if (selectedItem == skipExecutableSection) + { + context->Settings.SkipTextSection = !context->Settings.SkipTextSection; + PvpSaveSettingsStrings(context); + PvpSearchStrings(context); + } else if (selectedItem == minimumLength) { ULONG length = PvpStringsMinimumLengthDialog(hwndDlg, context->Settings.MinimumLength); diff --git a/tools/thirdparty/thirdparty.sln b/tools/thirdparty/thirdparty.sln index cff2a086fc7b..06f36a9290c8 100644 --- a/tools/thirdparty/thirdparty.sln +++ b/tools/thirdparty/thirdparty.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.30524.135 +# Visual Studio Version 17 +VisualStudioVersion = 17.7.34024.191 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "thirdparty", "thirdparty.vcxproj", "{477D0215-F252-41A1-874B-F27E3EA1ED17}" EndProject