2.0.0

added entirely new handling of object names to support embedded nulls
added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
added CmControlVector viewer
added Copy Name/Copy Name (Binary) commands to the main window popup menus
added program statistics (see Help->Statistics)
added legend window description for process list
added ability to fix image sections for dumped drivers
added RegistryTransaction object view and access rights
moved "Globals" from about box to the View->System Information and rearranged it output
drivers dump operation can now be cancelled
fix display of PUNICODE_STRING dump
fix ALPC Port type objects sometimes unable to open while they can be opened
plugin sdk updated to accommodate new named objects handling
imagescope plugin updated to accomodate plugin sdk changes
elevation required features in "extras" will now request elevation instead of just been disabled
help file updated with drivers and symbols usage
internal rearrange and minor UI changes
(release candidate 1)

Compiled/WHATSNEW_200.md

@@ -0,0 +1,26 @@
+
+## What is new in 2.0.0
+
+ - **CmControlVector viewer**
+
+<img src="https://raw.githubusercontent.com/hfiref0x/WinObjEx64/master/Screenshots/CmControlVector.png" width="600" />
+
+View contents of CmControlVector ntoskrnl parameters array. Can display actual values of variables or dump them when driver support is enabled.
+
+ - **Other**
+   + Added entirely new handling of object names to support embedded nulls
+   + Added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
+   + Added Copy Name/Copy Name (Binary) commands to the main window popup menus
+   + Added program statistics (see Help->Statistics)
+   + Added legend window description for process list
+   + Added ability to fix image sections for dumped drivers
+   + Added RegistryTransaction object view and access rights
+   + Moved "Globals" from about box to the View->System Information and rearranged it output
+   + Drivers dump operation can now be cancelled
+   + Fix display of PUNICODE_STRING dump
+   + Fix ALPC Port type objects sometimes unable to open while they can be opened
+   + Plugin sdk updated to accommodate new named objects handling 
+   + Imagescope plugin updated to accomodate plugin sdk changes
+   + Elevation required features in "extras" will now request elevation instead of just been disabled
+   + Help file updated with drivers and symbols usage
+   + Internal rearrange and minor UI changes

LICENSE.md

@@ -1,4 +1,4 @@
-Copyright (c) 2015 - 2022, WinObjEx64 authors 
+Copyright (c) 2015 - 2022, WinObjEx64 Project 
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:

README.md

@@ -177,9 +177,9 @@ WinObjEx64 works only on the following x64 Windows: Windows 7, Windows 8, Window
 	- Jump to service entry module
 	- Export list to file in CSV format
 
-- CmControlVector viewer<sup>1</sup>
+- CmControlVector viewer
 	- Show dump of Ntoskrnl CmControlVector array
-	- Dump value data from kernel memory to file
+	- Dump value data from kernel memory to file<sup>1</sup>
 	- Export list to file in CSV format
 
 - Most of list/trees allows to copy object address and/or name to the clipboard
@@ -234,7 +234,7 @@ In order to build from source you need Microsoft Visual Studio 2015 and later ve
 
 # What is new
 
-[Whats New in 1.9.0](https://github.com/hfiref0x/WinObjEx64/blob/master/Compiled/WHATSNEW_190.md)
+[Whats New in 2.0.0](https://github.com/hfiref0x/WinObjEx64/blob/master/Compiled/WHATSNEW_200.md)
 
 [Complete changelog](https://github.com/hfiref0x/WinObjEx64/blob/master/Source/CHANGELOG.txt)
 

Source/CHANGELOG.txt

@@ -1,7 +1,21 @@
-v1.9.4
+v2.0.0
+added entirely new handling of object names to support embedded nulls
 added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
 added CmControlVector viewer
-internal rearrange
+added Copy Name/Copy Name (Binary) commands to the main window popup menus
+added program statistics (see Help->Statistics)
+added legend window description for process list
+added ability to fix image sections for dumped drivers
+added RegistryTransaction object view and access rights
+moved "Globals" from about box to the View->System Information and rearranged it output
+drivers dump operation can now be cancelled
+fix display of PUNICODE_STRING dump
+fix ALPC Port type objects sometimes unable to open while they can be opened
+plugin sdk updated to accommodate new named objects handling 
+imagescope plugin updated to accomodate plugin sdk changes
+elevation required features in "extras" will now request elevation instead of just been disabled
+help file updated with drivers and symbols usage
+internal rearrange and minor UI changes
 
 v1.9.3
 updated SeCiCallbacks search for newest Windows versions

Source/FILELIST.txt

@@ -16,11 +16,9 @@ winobjex64\drivers\alice.h
 
 * About dialog routines including window dialog procedure *
 winobjex64\aboutDlg.c
-winobjex64\aboutDlg.h
 
 * System information dialog routines including window dialog procedure *
 winobjex64\sysinfoDlg.c
-winobjex64\sysinfoDlg.h
 
 * Custom access violation exception handler including minidump *
 winobjex64\excepth.c
@@ -29,52 +27,42 @@ winobjex64\excepth.h
 * Extras menu handler *
 winobjex64\extras\extras.c
 winobjex64\extras\extras.h
+winobjex64\extras\extrasHandlers.h
 
 * Windows 7/8/8.1 missing API support *
 winobjex64\extapi.c
 winobjex64\extapi.h
 
 * Windows kernel callbacks list *
 winobjex64\extas\extrasCallbacks.c
-winobjex64\extras\extrasCallbacks.h
 winobjex64\extras\extrasCallbacksPatterns.h
 
 * Drivers list *
 winobjex64\extras\extrasDrivers.c
-winobjex64\extras\extrasDrivers.h
 
 * KiServiceTable/W32pServiceTable list *
 winobjex64\extras\extrasSSDT.c
-winobjex64\extras\extrasSSDT.h
-winobjex64\extras\extrasSSDTsup.h
 
 * Pipes and mailslots dialog *
 winobjex64\extras\extrasIPC.c
-winobjex64\extras\extrasIPC.h
 
 * Windows Private Namespaces dialog *
 winobjex64\extras\extrasPN.c
-winobjex64\extras\extrasPN.h
 
 * Process list dialog *
 winobjex64\extras\extrasPSList.c
-winobjex64\extras\extrasPSList.h
 
 * Software Licensing Cache dialog *
 winobjex64\extras\extrasSL.c
-winobjex64\extras\extrasSL.h
 
 * UserSharedData dialog *
 winobjex64\extras\extrasUSD.c
-winobjex64\extras\extrasUSD.h
 
 * CmControlVector dialog *
 winobjex64\extras\extrasCmOpt.c
-winobjex64\extras\extrasCmOpt.h
 
 * Find Object routines including window dialog procedure *
 winobjex64\findDlg.c
-winobjex64\findDlg.h
 
 * Authenticode hash support *
 winobjex64\hash.c
@@ -122,64 +110,55 @@ winobjex64\symparser.h
 
 * Property sheet for ALPC Port information *
 winobjex64\props\propAlpcPort.c
-winobjex64\props\propAlpcPort.h
 
 * Property sheet "Basic" handlers, including window procedures and consts *
 winobjex64\props\propBasic.c
-winobjex64\props\propBasic.h
 winobjex64\props\propBasicConsts.h
 
 * Property sheet "Desktop" handlers *
 winobjex64\props\propDesktop.c
-winobjex64\props\propDesktop.h
 
 * "Properties" property sheet creation and window procedures, all sheets created here *
 winobjex64\props\propDlg.c
 winobjex64\props\propDlg.h
+winobjex64\props\propCommon.h
+winobjex64\props\props.h
 
-* Dumping and decoding kernel objects for "Object" property sheet *
-winobjex64\props\propDriver.c - property sheet "Driver" handlers, including window procedures
-winobjex64\props\propDriver.h
-winobjex64\props\propObjectDump.c 
-winobjex64\props\propObjectDump.h
+* Property sheet "Driver" handlers *
+winobjex64\props\propDriver.c
 
-* Kernel object string converted constants *
+* Dumping and decoding kernel objects for "Object" property sheet and constants*
+winobjex64\props\propObjectDump.c 
 winobjex64\props\propObjectDumpConsts.h
 
 * Property sheet "Process" handler, window procedure *
 winobjex64\props\propProcess.c
-winobjex64\props\propProcess.h
 
 * Property sheet for Section object dump information *
 winobjex64\props\propSection.c
-winobjex64\props\propSection.h
 
-* "Security" property sheet handler and ISecurityInformation implementation *
+* "Security" property sheet handler and ISecurityInformation implementation and constants *
 winobjex64\props\propSecurity.c
-winobjex64\props\propSecurity.h
-
-* Object type access values, generic mappings here *
 winobjex64\props\propSecurityConsts.h
 
 * Property sheet "Token" handler, window procedure *
 winobjex64\props\propToken.c
-winobjex64\props\propToken.h
 
-* Property sheet "Type" handlers, including window procedure for "Procedures" sheet *
+* Property sheet "Type" handlers, including window procedure for "Procedures" sheet and constants*
 winobjex64\props\propType.c
-winobjex64\props\propType.h
-
-* Known object access rights converted to strings listed here *
 winobjex64\props\propTypeConsts.h
 
 * "View Security Descriptor" dialog routines including window procedure *
 winobjex64\sdviewDlg.c
-winobjex64\sdviewDlg.h
 
 * Support api set and consts *
-winobjex64\sup.c
-winobjex64\sup.h
-winobjex64\supConsts.h
+winobjex64\sup\sup.c
+winobjex64\sup\sup.h
+winobjex64\sup\sync.c
+
+* Wine support header file *
+winobjex64\sup\wine.c
+winobjex64\sup\wine.h
 
 * All objects test code here *
 winobjex64\tests\testunit.c
@@ -189,10 +168,6 @@ winobjex64\tests\testunit.h
 shared\treelist\treelist.c
 shared\treelist\treelist.h
 
-* Wine support header file *
-winobjex64\wine.h
-winobjex64\wine.c
-
 * Global include file *
 winobjex64\global.h
 

Source/Plugins/ApiSetView/ui.h

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2019 - 2021
+*  (C) COPYRIGHT AUTHORS, 2019 - 2022
 *
 *  TITLE:       UI.H
 *
-*  VERSION:     1.12
+*  VERSION:     1.13
 *
-*  DATE:        30 Sep 2021
+*  DATE:        10 Jun 2022
 *
 *  WinObjEx64 ApiSetView UI constants, definitions and includes.
 *
@@ -52,10 +52,11 @@ typedef struct _GUI_CONTEXT {
 } GUI_CONTEXT, *PGUI_CONTEXT;
 
 typedef struct _TL_SUBITEMS_FIXED {
+    ULONG       Count;
     ULONG       ColorFlags;
     COLORREF    BgColor;
     COLORREF    FontColor;
     PVOID       UserParam;
-    ULONG       Count;
+    LPTSTR      CustomTooltip;
     LPTSTR      Text[2];
 } TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;

Source/Plugins/ImageScope/main.c

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2020 - 2021
+*  (C) COPYRIGHT AUTHORS, 2020 - 2022
 *
 *  TITLE:       MAIN.C
 *
-*  VERSION:     1.00
+*  VERSION:     1.10
 *
-*  DATE:        01 Oct 2021
+*  DATE:        11 Jun 2022
 *
 *  WinObjEx64 ImageScope plugin.
 *
@@ -32,49 +32,15 @@ volatile DWORD g_PluginState = PLUGIN_RUNNING;
 WINOBJEX_PLUGIN* g_Plugin = NULL;
 volatile LONG m_RefCount = 0;
 
-VOID PmpCopyObjectData(
+BOOL PmpCopyObjectData(
     _In_ WINOBJEX_PARAM_OBJECT* Source,
     _In_ WINOBJEX_PARAM_OBJECT* Dest
 )
 {
-    SIZE_T Size;
-
-    if (Source->ObjectDirectory) {
-
-        Size = (1 + _strlen(Source->ObjectDirectory)) * sizeof(WCHAR);
-
-        Dest->ObjectDirectory = (LPWSTR)supHeapAlloc(Size);
-        if (Dest->ObjectDirectory) {
-            _strcpy(Dest->ObjectDirectory, Source->ObjectDirectory);
-        }
-        else {
-            return;
-        }
-
-    }
-    else {
-        return;
-    }
-
-    if (Source->ObjectName) {
-
-        Size = (1 + _strlen(Source->ObjectName)) * sizeof(WCHAR);
-
-        Dest->ObjectName = (LPWSTR)supHeapAlloc(Size);
-        if (Dest->ObjectName) {
-            _strcpy(Dest->ObjectName, Source->ObjectName);
-        }
-        else {
-            supHeapFree(Dest->ObjectDirectory);
-            Dest->ObjectDirectory = NULL;
-        }
-
-    }
-    else {
-        supHeapFree(Dest->ObjectDirectory);
-        Dest->ObjectDirectory = NULL;
-    }
-
+    HANDLE HeapHandle = NtCurrentPeb()->ProcessHeap;
+
+    return supDuplicateUnicodeString(HeapHandle, &Dest->Directory, &Source->Directory) &&
+        supDuplicateUnicodeString(HeapHandle, &Dest->Name, &Source->Name);
 }
 
 /*
@@ -94,14 +60,11 @@ VOID PluginFreeGlobalResources(
         Context->SectionAddress = NULL;
     }
 
-    if (Context->ParamBlock.Object.ObjectDirectory) {
-        supHeapFree(Context->ParamBlock.Object.ObjectDirectory);
-        Context->ParamBlock.Object.ObjectDirectory = NULL;
-    }
-    if (Context->ParamBlock.Object.ObjectName) {
-        supHeapFree(Context->ParamBlock.Object.ObjectName);
-        Context->ParamBlock.Object.ObjectName = NULL;
-    }
+    supFreeDuplicatedUnicodeString(NtCurrentPeb()->ProcessHeap, 
+        &Context->ParamBlock.Object.Directory, TRUE);
+
+    supFreeDuplicatedUnicodeString(NtCurrentPeb()->ProcessHeap, 
+        &Context->ParamBlock.Object.Name, TRUE);
 
     if (g_Plugin->StateChangeCallback)
         g_Plugin->StateChangeCallback(g_Plugin, PluginStopped, NULL);
@@ -188,12 +151,9 @@ NTSTATUS CALLBACK StartPlugin(
         &Context->ParamBlock.Object,
         sizeof(WINOBJEX_PARAM_OBJECT));
 
-    PmpCopyObjectData(
+    if (!PmpCopyObjectData(
         &ParamBlock->Object,
-        &Context->ParamBlock.Object);
-
-    if ((Context->ParamBlock.Object.ObjectDirectory == NULL) ||
-        (Context->ParamBlock.Object.ObjectName == NULL))
+        &Context->ParamBlock.Object))
     {
         supHeapFree(Context);
         return STATUS_MEMORY_NOT_ALLOCATED;
@@ -202,8 +162,8 @@ NTSTATUS CALLBACK StartPlugin(
     Status = Context->ParamBlock.OpenNamedObjectByType(
         &SectionHandle,
         ObjectTypeSection,
-        Context->ParamBlock.Object.ObjectDirectory,
-        Context->ParamBlock.Object.ObjectName,
+        &Context->ParamBlock.Object.Directory,
+        &Context->ParamBlock.Object.Name,
         SECTION_QUERY | SECTION_MAP_READ);
 
     if (!NT_SUCCESS(Status)) {
@@ -312,6 +272,7 @@ BOOLEAN CALLBACK PluginInit(
         return FALSE;
 
     __try {
+
         //
         // Set plugin name to be displayed in WinObjEx64 UI.
         //
@@ -349,7 +310,7 @@ BOOLEAN CALLBACK PluginInit(
         PluginData->SupportMultipleInstances = TRUE;
 
         PluginData->MajorVersion = 1;
-        PluginData->MinorVersion = 0;
+        PluginData->MinorVersion = 1;
 
         //
         // Set plugin type.