diff --git a/Compiled/WHATSNEW_200.md b/Compiled/WHATSNEW_200.md
new file mode 100644
index 00000000..3b1e47fc
--- /dev/null
+++ b/Compiled/WHATSNEW_200.md
@@ -0,0 +1,26 @@
+
+## What is new in 2.0.0
+
+ - **CmControlVector viewer**
+
+
+
+View contents of CmControlVector ntoskrnl parameters array. Can display actual values of variables or dump them when driver support is enabled.
+
+ - **Other**
+ + Added entirely new handling of object names to support embedded nulls
+ + Added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
+ + Added Copy Name/Copy Name (Binary) commands to the main window popup menus
+ + Added program statistics (see Help->Statistics)
+ + Added legend window description for process list
+ + Added ability to fix image sections for dumped drivers
+ + Added RegistryTransaction object view and access rights
+ + Moved "Globals" from about box to the View->System Information and rearranged it output
+ + Drivers dump operation can now be cancelled
+ + Fix display of PUNICODE_STRING dump
+ + Fix ALPC Port type objects sometimes unable to open while they can be opened
+ + Plugin sdk updated to accommodate new named objects handling
+ + Imagescope plugin updated to accomodate plugin sdk changes
+ + Elevation required features in "extras" will now request elevation instead of just been disabled
+ + Help file updated with drivers and symbols usage
+ + Internal rearrange and minor UI changes
diff --git a/Compiled/WinObjEx64.exe b/Compiled/WinObjEx64.exe
index 1eb008f2..991d5d4c 100644
Binary files a/Compiled/WinObjEx64.exe and b/Compiled/WinObjEx64.exe differ
diff --git a/Compiled/plugins/ApiSetView.dll b/Compiled/plugins/ApiSetView.dll
index 459e1e3b..08312b33 100644
Binary files a/Compiled/plugins/ApiSetView.dll and b/Compiled/plugins/ApiSetView.dll differ
diff --git a/Compiled/plugins/ExamplePlugin.dll b/Compiled/plugins/ExamplePlugin.dll
index bb9d92fc..270adc5f 100644
Binary files a/Compiled/plugins/ExamplePlugin.dll and b/Compiled/plugins/ExamplePlugin.dll differ
diff --git a/Compiled/plugins/ImageScope.dll b/Compiled/plugins/ImageScope.dll
index 4893e58c..bef20196 100644
Binary files a/Compiled/plugins/ImageScope.dll and b/Compiled/plugins/ImageScope.dll differ
diff --git a/Compiled/plugins/Sonar.dll b/Compiled/plugins/Sonar.dll
index 28e4d3bf..816db16f 100644
Binary files a/Compiled/plugins/Sonar.dll and b/Compiled/plugins/Sonar.dll differ
diff --git a/LICENSE.md b/LICENSE.md
index ce28fc41..b25f53a4 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,4 +1,4 @@
-Copyright (c) 2015 - 2022, WinObjEx64 authors
+Copyright (c) 2015 - 2022, WinObjEx64 Project
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/README.md b/README.md
index cf431101..2ae49beb 100644
--- a/README.md
+++ b/README.md
@@ -177,9 +177,9 @@ WinObjEx64 works only on the following x64 Windows: Windows 7, Windows 8, Window
- Jump to service entry module
- Export list to file in CSV format
-- CmControlVector viewer1
+- CmControlVector viewer
- Show dump of Ntoskrnl CmControlVector array
- - Dump value data from kernel memory to file
+ - Dump value data from kernel memory to file1
- Export list to file in CSV format
- Most of list/trees allows to copy object address and/or name to the clipboard
@@ -234,7 +234,7 @@ In order to build from source you need Microsoft Visual Studio 2015 and later ve
# What is new
-[Whats New in 1.9.0](https://github.com/hfiref0x/WinObjEx64/blob/master/Compiled/WHATSNEW_190.md)
+[Whats New in 2.0.0](https://github.com/hfiref0x/WinObjEx64/blob/master/Compiled/WHATSNEW_200.md)
[Complete changelog](https://github.com/hfiref0x/WinObjEx64/blob/master/Source/CHANGELOG.txt)
diff --git a/Screenshots/CmControlVector.png b/Screenshots/CmControlVector.png
new file mode 100644
index 00000000..41120e90
Binary files /dev/null and b/Screenshots/CmControlVector.png differ
diff --git a/Source/CHANGELOG.txt b/Source/CHANGELOG.txt
index 64185eb5..84f5f824 100644
--- a/Source/CHANGELOG.txt
+++ b/Source/CHANGELOG.txt
@@ -1,7 +1,21 @@
-v1.9.4
+v2.0.0
+added entirely new handling of object names to support embedded nulls
added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
added CmControlVector viewer
-internal rearrange
+added Copy Name/Copy Name (Binary) commands to the main window popup menus
+added program statistics (see Help->Statistics)
+added legend window description for process list
+added ability to fix image sections for dumped drivers
+added RegistryTransaction object view and access rights
+moved "Globals" from about box to the View->System Information and rearranged it output
+drivers dump operation can now be cancelled
+fix display of PUNICODE_STRING dump
+fix ALPC Port type objects sometimes unable to open while they can be opened
+plugin sdk updated to accommodate new named objects handling
+imagescope plugin updated to accomodate plugin sdk changes
+elevation required features in "extras" will now request elevation instead of just been disabled
+help file updated with drivers and symbols usage
+internal rearrange and minor UI changes
v1.9.3
updated SeCiCallbacks search for newest Windows versions
diff --git a/Source/FILELIST.txt b/Source/FILELIST.txt
index 388f2dcc..77acda99 100644
--- a/Source/FILELIST.txt
+++ b/Source/FILELIST.txt
@@ -16,11 +16,9 @@ winobjex64\drivers\alice.h
* About dialog routines including window dialog procedure *
winobjex64\aboutDlg.c
-winobjex64\aboutDlg.h
* System information dialog routines including window dialog procedure *
winobjex64\sysinfoDlg.c
-winobjex64\sysinfoDlg.h
* Custom access violation exception handler including minidump *
winobjex64\excepth.c
@@ -29,6 +27,7 @@ winobjex64\excepth.h
* Extras menu handler *
winobjex64\extras\extras.c
winobjex64\extras\extras.h
+winobjex64\extras\extrasHandlers.h
* Windows 7/8/8.1 missing API support *
winobjex64\extapi.c
@@ -36,45 +35,34 @@ winobjex64\extapi.h
* Windows kernel callbacks list *
winobjex64\extas\extrasCallbacks.c
-winobjex64\extras\extrasCallbacks.h
winobjex64\extras\extrasCallbacksPatterns.h
* Drivers list *
winobjex64\extras\extrasDrivers.c
-winobjex64\extras\extrasDrivers.h
* KiServiceTable/W32pServiceTable list *
winobjex64\extras\extrasSSDT.c
-winobjex64\extras\extrasSSDT.h
-winobjex64\extras\extrasSSDTsup.h
* Pipes and mailslots dialog *
winobjex64\extras\extrasIPC.c
-winobjex64\extras\extrasIPC.h
* Windows Private Namespaces dialog *
winobjex64\extras\extrasPN.c
-winobjex64\extras\extrasPN.h
* Process list dialog *
winobjex64\extras\extrasPSList.c
-winobjex64\extras\extrasPSList.h
* Software Licensing Cache dialog *
winobjex64\extras\extrasSL.c
-winobjex64\extras\extrasSL.h
* UserSharedData dialog *
winobjex64\extras\extrasUSD.c
-winobjex64\extras\extrasUSD.h
* CmControlVector dialog *
winobjex64\extras\extrasCmOpt.c
-winobjex64\extras\extrasCmOpt.h
* Find Object routines including window dialog procedure *
winobjex64\findDlg.c
-winobjex64\findDlg.h
* Authenticode hash support *
winobjex64\hash.c
@@ -122,64 +110,55 @@ winobjex64\symparser.h
* Property sheet for ALPC Port information *
winobjex64\props\propAlpcPort.c
-winobjex64\props\propAlpcPort.h
* Property sheet "Basic" handlers, including window procedures and consts *
winobjex64\props\propBasic.c
-winobjex64\props\propBasic.h
winobjex64\props\propBasicConsts.h
* Property sheet "Desktop" handlers *
winobjex64\props\propDesktop.c
-winobjex64\props\propDesktop.h
* "Properties" property sheet creation and window procedures, all sheets created here *
winobjex64\props\propDlg.c
winobjex64\props\propDlg.h
+winobjex64\props\propCommon.h
+winobjex64\props\props.h
-* Dumping and decoding kernel objects for "Object" property sheet *
-winobjex64\props\propDriver.c - property sheet "Driver" handlers, including window procedures
-winobjex64\props\propDriver.h
-winobjex64\props\propObjectDump.c
-winobjex64\props\propObjectDump.h
+* Property sheet "Driver" handlers *
+winobjex64\props\propDriver.c
-* Kernel object string converted constants *
+* Dumping and decoding kernel objects for "Object" property sheet and constants*
+winobjex64\props\propObjectDump.c
winobjex64\props\propObjectDumpConsts.h
* Property sheet "Process" handler, window procedure *
winobjex64\props\propProcess.c
-winobjex64\props\propProcess.h
* Property sheet for Section object dump information *
winobjex64\props\propSection.c
-winobjex64\props\propSection.h
-* "Security" property sheet handler and ISecurityInformation implementation *
+* "Security" property sheet handler and ISecurityInformation implementation and constants *
winobjex64\props\propSecurity.c
-winobjex64\props\propSecurity.h
-
-* Object type access values, generic mappings here *
winobjex64\props\propSecurityConsts.h
* Property sheet "Token" handler, window procedure *
winobjex64\props\propToken.c
-winobjex64\props\propToken.h
-* Property sheet "Type" handlers, including window procedure for "Procedures" sheet *
+* Property sheet "Type" handlers, including window procedure for "Procedures" sheet and constants*
winobjex64\props\propType.c
-winobjex64\props\propType.h
-
-* Known object access rights converted to strings listed here *
winobjex64\props\propTypeConsts.h
* "View Security Descriptor" dialog routines including window procedure *
winobjex64\sdviewDlg.c
-winobjex64\sdviewDlg.h
* Support api set and consts *
-winobjex64\sup.c
-winobjex64\sup.h
-winobjex64\supConsts.h
+winobjex64\sup\sup.c
+winobjex64\sup\sup.h
+winobjex64\sup\sync.c
+
+* Wine support header file *
+winobjex64\sup\wine.c
+winobjex64\sup\wine.h
* All objects test code here *
winobjex64\tests\testunit.c
@@ -189,10 +168,6 @@ winobjex64\tests\testunit.h
shared\treelist\treelist.c
shared\treelist\treelist.h
-* Wine support header file *
-winobjex64\wine.h
-winobjex64\wine.c
-
* Global include file *
winobjex64\global.h
diff --git a/Source/Plugins/ApiSetView/ui.h b/Source/Plugins/ApiSetView/ui.h
index 669dc169..27e1d084 100644
--- a/Source/Plugins/ApiSetView/ui.h
+++ b/Source/Plugins/ApiSetView/ui.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2019 - 2021
+* (C) COPYRIGHT AUTHORS, 2019 - 2022
*
* TITLE: UI.H
*
-* VERSION: 1.12
+* VERSION: 1.13
*
-* DATE: 30 Sep 2021
+* DATE: 10 Jun 2022
*
* WinObjEx64 ApiSetView UI constants, definitions and includes.
*
@@ -52,10 +52,11 @@ typedef struct _GUI_CONTEXT {
} GUI_CONTEXT, *PGUI_CONTEXT;
typedef struct _TL_SUBITEMS_FIXED {
+ ULONG Count;
ULONG ColorFlags;
COLORREF BgColor;
COLORREF FontColor;
PVOID UserParam;
- ULONG Count;
+ LPTSTR CustomTooltip;
LPTSTR Text[2];
} TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;
diff --git a/Source/Plugins/ImageScope/Resource.rc b/Source/Plugins/ImageScope/Resource.rc
index 413fd058..351da58e 100644
Binary files a/Source/Plugins/ImageScope/Resource.rc and b/Source/Plugins/ImageScope/Resource.rc differ
diff --git a/Source/Plugins/ImageScope/main.c b/Source/Plugins/ImageScope/main.c
index bd8c21c9..2df88607 100644
--- a/Source/Plugins/ImageScope/main.c
+++ b/Source/Plugins/ImageScope/main.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020 - 2021
+* (C) COPYRIGHT AUTHORS, 2020 - 2022
*
* TITLE: MAIN.C
*
-* VERSION: 1.00
+* VERSION: 1.10
*
-* DATE: 01 Oct 2021
+* DATE: 11 Jun 2022
*
* WinObjEx64 ImageScope plugin.
*
@@ -32,49 +32,15 @@ volatile DWORD g_PluginState = PLUGIN_RUNNING;
WINOBJEX_PLUGIN* g_Plugin = NULL;
volatile LONG m_RefCount = 0;
-VOID PmpCopyObjectData(
+BOOL PmpCopyObjectData(
_In_ WINOBJEX_PARAM_OBJECT* Source,
_In_ WINOBJEX_PARAM_OBJECT* Dest
)
{
- SIZE_T Size;
-
- if (Source->ObjectDirectory) {
-
- Size = (1 + _strlen(Source->ObjectDirectory)) * sizeof(WCHAR);
-
- Dest->ObjectDirectory = (LPWSTR)supHeapAlloc(Size);
- if (Dest->ObjectDirectory) {
- _strcpy(Dest->ObjectDirectory, Source->ObjectDirectory);
- }
- else {
- return;
- }
-
- }
- else {
- return;
- }
-
- if (Source->ObjectName) {
-
- Size = (1 + _strlen(Source->ObjectName)) * sizeof(WCHAR);
-
- Dest->ObjectName = (LPWSTR)supHeapAlloc(Size);
- if (Dest->ObjectName) {
- _strcpy(Dest->ObjectName, Source->ObjectName);
- }
- else {
- supHeapFree(Dest->ObjectDirectory);
- Dest->ObjectDirectory = NULL;
- }
-
- }
- else {
- supHeapFree(Dest->ObjectDirectory);
- Dest->ObjectDirectory = NULL;
- }
-
+ HANDLE HeapHandle = NtCurrentPeb()->ProcessHeap;
+
+ return supDuplicateUnicodeString(HeapHandle, &Dest->Directory, &Source->Directory) &&
+ supDuplicateUnicodeString(HeapHandle, &Dest->Name, &Source->Name);
}
/*
@@ -94,14 +60,11 @@ VOID PluginFreeGlobalResources(
Context->SectionAddress = NULL;
}
- if (Context->ParamBlock.Object.ObjectDirectory) {
- supHeapFree(Context->ParamBlock.Object.ObjectDirectory);
- Context->ParamBlock.Object.ObjectDirectory = NULL;
- }
- if (Context->ParamBlock.Object.ObjectName) {
- supHeapFree(Context->ParamBlock.Object.ObjectName);
- Context->ParamBlock.Object.ObjectName = NULL;
- }
+ supFreeDuplicatedUnicodeString(NtCurrentPeb()->ProcessHeap,
+ &Context->ParamBlock.Object.Directory, TRUE);
+
+ supFreeDuplicatedUnicodeString(NtCurrentPeb()->ProcessHeap,
+ &Context->ParamBlock.Object.Name, TRUE);
if (g_Plugin->StateChangeCallback)
g_Plugin->StateChangeCallback(g_Plugin, PluginStopped, NULL);
@@ -188,12 +151,9 @@ NTSTATUS CALLBACK StartPlugin(
&Context->ParamBlock.Object,
sizeof(WINOBJEX_PARAM_OBJECT));
- PmpCopyObjectData(
+ if (!PmpCopyObjectData(
&ParamBlock->Object,
- &Context->ParamBlock.Object);
-
- if ((Context->ParamBlock.Object.ObjectDirectory == NULL) ||
- (Context->ParamBlock.Object.ObjectName == NULL))
+ &Context->ParamBlock.Object))
{
supHeapFree(Context);
return STATUS_MEMORY_NOT_ALLOCATED;
@@ -202,8 +162,8 @@ NTSTATUS CALLBACK StartPlugin(
Status = Context->ParamBlock.OpenNamedObjectByType(
&SectionHandle,
ObjectTypeSection,
- Context->ParamBlock.Object.ObjectDirectory,
- Context->ParamBlock.Object.ObjectName,
+ &Context->ParamBlock.Object.Directory,
+ &Context->ParamBlock.Object.Name,
SECTION_QUERY | SECTION_MAP_READ);
if (!NT_SUCCESS(Status)) {
@@ -312,6 +272,7 @@ BOOLEAN CALLBACK PluginInit(
return FALSE;
__try {
+
//
// Set plugin name to be displayed in WinObjEx64 UI.
//
@@ -349,7 +310,7 @@ BOOLEAN CALLBACK PluginInit(
PluginData->SupportMultipleInstances = TRUE;
PluginData->MajorVersion = 1;
- PluginData->MinorVersion = 0;
+ PluginData->MinorVersion = 1;
//
// Set plugin type.
diff --git a/Source/Plugins/ImageScope/sup.c b/Source/Plugins/ImageScope/sup.c
index 10cb1786..b081b713 100644
--- a/Source/Plugins/ImageScope/sup.c
+++ b/Source/Plugins/ImageScope/sup.c
@@ -4,9 +4,9 @@
*
* TITLE: SUP.C
*
-* VERSION: 1.02
+* VERSION: 1.10
*
-* DATE: 11 May 2022
+* DATE: 15 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -623,3 +623,63 @@ BOOL supListViewCopyItemValueToClipboard(
return FALSE;
}
+
+/*
+* supFreeDuplicatedUnicodeString
+*
+* Purpose:
+*
+* Release memory allocated for duplicated string.
+*
+*/
+_Success_(return)
+BOOL supFreeDuplicatedUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Inout_ PUNICODE_STRING DuplicatedString,
+ _In_ BOOL DoZeroMemory
+)
+{
+ BOOL bResult = FALSE;
+ if (DuplicatedString->Buffer) {
+ bResult = RtlFreeHeap(HeapHandle, 0, DuplicatedString->Buffer);
+ if (DoZeroMemory) {
+ DuplicatedString->Buffer = NULL;
+ DuplicatedString->Length = DuplicatedString->MaximumLength = 0;
+ }
+ }
+ return bResult;
+}
+
+/*
+* supDuplicateUnicodeString
+*
+* Purpose:
+*
+* Duplicate existing UNICODE_STRING to another without RtlDuplicateUnicodeString.
+*
+* Note: Use supFreeDuplicatedUnicodeString to release allocated memory.
+*
+*/
+_Success_(return)
+BOOL supDuplicateUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Out_ PUNICODE_STRING DestinationString,
+ _In_ PUNICODE_STRING SourceString
+)
+{
+ USHORT maxLength = SourceString->MaximumLength;
+ PWCHAR strBuffer;
+
+ if (maxLength == 0 || maxLength < SourceString->Length)
+ return FALSE;
+
+ strBuffer = (PWCHAR)RtlAllocateHeap(HeapHandle, HEAP_ZERO_MEMORY, (SIZE_T)maxLength);
+ if (strBuffer) {
+ DestinationString->Buffer = strBuffer;
+ DestinationString->MaximumLength = maxLength;
+ RtlCopyUnicodeString(DestinationString, SourceString);
+ return TRUE;
+ }
+
+ return FALSE;
+}
diff --git a/Source/Plugins/ImageScope/sup.h b/Source/Plugins/ImageScope/sup.h
index 34d507aa..d4873952 100644
--- a/Source/Plugins/ImageScope/sup.h
+++ b/Source/Plugins/ImageScope/sup.h
@@ -4,9 +4,9 @@
*
* TITLE: SUP.H
*
-* VERSION: 1.02
+* VERSION: 1.10
*
-* DATE: 11 May 2022
+* DATE: 15 Jun 2022
*
* Common header file for the plugin support routines.
*
@@ -97,3 +97,17 @@ BOOL supListViewCopyItemValueToClipboard(
_In_ HWND hwndListView,
_In_ INT iItem,
_In_ INT iSubItem);
+
+_Success_(return)
+BOOL supFreeDuplicatedUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Inout_ PUNICODE_STRING DuplicatedString,
+ _In_ BOOL DoZeroMemory);
+
+_Success_(return)
+BOOL supDuplicateUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Out_ PUNICODE_STRING DestinationString,
+ _In_ PUNICODE_STRING SourceString);
+
+
diff --git a/Source/Plugins/ImageScope/ui.c b/Source/Plugins/ImageScope/ui.c
index 6b02d847..b5fa2c26 100644
--- a/Source/Plugins/ImageScope/ui.c
+++ b/Source/Plugins/ImageScope/ui.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020 - 2021
+* (C) COPYRIGHT AUTHORS, 2020 - 2022
*
* TITLE: UI.C
*
-* VERSION: 1.01
+* VERSION: 1.10
*
-* DATE: 01 Oct 2021
+* DATE: 11 Jun 2021
*
* WinObjEx64 ImageScope UI.
*
@@ -393,8 +393,8 @@ VOID SectionDumpStructs(
ntStatus = Context->ParamBlock.OpenNamedObjectByType(
§ionHandle,
ObjectTypeSection,
- Context->ParamBlock.Object.ObjectDirectory,
- Context->ParamBlock.Object.ObjectName,
+ &Context->ParamBlock.Object.Directory,
+ &Context->ParamBlock.Object.Name,
SECTION_QUERY);
if (!NT_SUCCESS(ntStatus))
@@ -1466,9 +1466,8 @@ BOOL RunUI(
INT i;
INITCOMMONCONTROLSEX icex;
- BOOL rv, mAlloc = FALSE;
+ BOOL rv;
MSG msg1;
- SIZE_T sz;
LPWSTR lpTitle;
WCHAR szClassName[100];
@@ -1494,23 +1493,7 @@ BOOL RunUI(
TEXT("%wsWndClass"),
g_Plugin->Name);
- sz = (MAX_PATH +
- _strlen(Context->ParamBlock.Object.ObjectDirectory) +
- _strlen(Context->ParamBlock.Object.ObjectName)) * sizeof(WCHAR);
-
- lpTitle = supHeapAlloc(sz);
- if (lpTitle) {
-
- StringCchPrintf(lpTitle,
- sz / sizeof(WCHAR),
- TEXT("Viewing :: %ws\\%ws"),
- Context->ParamBlock.Object.ObjectDirectory,
- Context->ParamBlock.Object.ObjectName);
-
- mAlloc = TRUE;
- }
- else
- lpTitle = IMAGESCOPE_WNDTITLE;
+ lpTitle = IMAGESCOPE_WNDTITLE;
//
// Create main window.
@@ -1529,9 +1512,6 @@ BOOL RunUI(
g_ThisDLL,
NULL);
- if (mAlloc)
- supHeapFree(lpTitle);
-
if (Context->MainWindow == 0) {
kdDebugPrint("Could not create main window, err = %lu\r\n", GetLastError());
return FALSE;
diff --git a/Source/Plugins/ImageScope/ui.h b/Source/Plugins/ImageScope/ui.h
index cacbbcb1..26bc402b 100644
--- a/Source/Plugins/ImageScope/ui.h
+++ b/Source/Plugins/ImageScope/ui.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2020 - 2021
+* (C) COPYRIGHT AUTHORS, 2020 - 2022
*
* TITLE: UI.H
*
-* VERSION: 1.01
+* VERSION: 1.02
*
-* DATE: 08 Jan 2021
+* DATE: 08 Jun 2022
*
* WinObjEx64 ImageScope UI constants, definitions and includes.
*
@@ -77,11 +77,12 @@ typedef struct _IMS_TAB {
} IMS_TAB;
typedef struct _TL_SUBITEMS_FIXED {
+ ULONG Count;
ULONG ColorFlags;
COLORREF BgColor;
COLORREF FontColor;
PVOID UserParam;
- ULONG Count;
+ LPTSTR CustomTooltip;
LPTSTR Text[2];
} TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;
diff --git a/Source/Plugins/Sonar/ui.h b/Source/Plugins/Sonar/ui.h
index 0288897c..d2924090 100644
--- a/Source/Plugins/Sonar/ui.h
+++ b/Source/Plugins/Sonar/ui.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2019 - 2021
+* (C) COPYRIGHT AUTHORS, 2019 - 2022
*
* TITLE: UI.H
*
-* VERSION: 1.14
+* VERSION: 1.15
*
-* DATE: 30 Sep 2021
+* DATE: 10 Jun 2022
*
* WinObjEx64 Sonar UI constants, definitions and includes.
*
@@ -41,11 +41,12 @@
#define SCALE_DPI_VALUE(Value, CurrentDPI) MulDiv(Value, CurrentDPI, DefaultSystemDpi)
typedef struct _TL_SUBITEMS_FIXED {
+ ULONG Count;
ULONG ColorFlags;
COLORREF BgColor;
COLORREF FontColor;
PVOID UserParam;
- ULONG Count;
+ LPTSTR CustomTooltip;
LPTSTR Text[2];
} TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;
diff --git a/Source/Plugins/plugin_def.h b/Source/Plugins/plugin_def.h
index e8c0cede..89b0be42 100644
--- a/Source/Plugins/plugin_def.h
+++ b/Source/Plugins/plugin_def.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2019 - 2021
+* (C) COPYRIGHT AUTHORS, 2019 - 2022
*
* TITLE: PLUGIN_DEF.H
*
-* VERSION: 1.10
+* VERSION: 1.11
*
-* DATE: 01 Oct 2021
+* DATE: 19 Jun 2022
*
* Common header file for the plugin subsystem definitions.
*
@@ -19,7 +19,7 @@
#pragma once
-#define WOBJ_PLUGIN_SYSTEM_VERSION 18712
+#define WOBJ_PLUGIN_SYSTEM_VERSION 20006
//
// Plugin text consts, must include terminating 0.
@@ -49,14 +49,13 @@ typedef UCHAR(CALLBACK* pfnGetInstructionLength)(
typedef NTSTATUS(*pfnOpenNamedObjectByType)(
_Out_ HANDLE* ObjectHandle,
_In_ ULONG TypeIndex,
- _In_ LPWSTR ObjectDirectory,
- _In_opt_ LPWSTR ObjectName,
+ _In_ PUNICODE_STRING ObjectDirectory,
+ _In_ PUNICODE_STRING ObjectName,
_In_ ACCESS_MASK DesiredAccess);
typedef struct _WINOBJEX_PARAM_OBJECT {
- LPWSTR ObjectName;
- LPWSTR ObjectDirectory;
- PVOID Reserved;
+ UNICODE_STRING Name;
+ UNICODE_STRING Directory;
} WINOBJEX_PARAM_OBJECT, * PWINOBJEX_PARAM_OBJECT;
typedef struct _WINOBJEX_PARAM_BLOCK {
diff --git a/Source/Shared/ntos/ntos.h b/Source/Shared/ntos/ntos.h
index 908a91c6..6626931d 100644
--- a/Source/Shared/ntos/ntos.h
+++ b/Source/Shared/ntos/ntos.h
@@ -5,9 +5,9 @@
*
* TITLE: NTOS.H
*
-* VERSION: 1.197
+* VERSION: 1.198
*
-* DATE: 05 Jun 2022
+* DATE: 12 Jun 2022
*
* Common header file for the ntos API functions and definitions.
*
@@ -12989,7 +12989,7 @@ NtCreateResourceManager(
_In_ HANDLE TmHandle,
_In_opt_ LPGUID ResourceManagerGuid,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_opt_ ULONG CreateOptions,
+ _In_ ULONG CreateOptions,
_In_opt_ PUNICODE_STRING Description);
NTSYSAPI
@@ -13035,8 +13035,8 @@ NtCreateTransactionManager(
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PUNICODE_STRING LogFileName,
- _In_opt_ ULONG CreateOptions,
- _In_opt_ ULONG CommitStrength);
+ _In_ ULONG CreateOptions,
+ _In_ ULONG CommitStrength);
NTSYSAPI
NTSTATUS
@@ -13047,7 +13047,7 @@ NtOpenTransactionManager(
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PUNICODE_STRING LogFileName,
_In_opt_ LPGUID TmIdentity,
- _In_opt_ ULONG OpenOptions);
+ _In_ ULONG OpenOptions);
/************************************************************************************
*
@@ -13556,6 +13556,9 @@ NtProtectVirtualMemory(
_In_ ULONG NewProtect,
_Out_ PULONG OldProtect);
+#define MAP_PROCESS 1L
+#define MAP_SYSTEM 2L
+
NTSYSAPI
NTSTATUS
NTAPI
diff --git a/Source/Shared/ntos/ntsup.c b/Source/Shared/ntos/ntsup.c
index cfb0aed4..a17a4735 100644
--- a/Source/Shared/ntos/ntsup.c
+++ b/Source/Shared/ntos/ntsup.c
@@ -6,7 +6,7 @@
*
* VERSION: 2.13
*
-* DATE: 05 Jun 2022
+* DATE: 15 Jun 2022
*
* Native API support functions.
*
@@ -103,6 +103,44 @@ PVOID ntsupVirtualAlloc(
return ntsupVirtualAllocEx(Size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
}
+/*
+* ntsupVirtualLock
+*
+* Purpose:
+*
+* Wrapper for NtLockVirtualMemory.
+*
+*/
+BOOL ntsupVirtualLock(
+ _In_ LPVOID lpAddress,
+ _In_ SIZE_T dwSize
+)
+{
+ return (NT_SUCCESS(NtLockVirtualMemory(NtCurrentProcess(),
+ &lpAddress,
+ &dwSize,
+ MAP_PROCESS)));
+}
+
+/*
+* ntsupVirtualUnlock
+*
+* Purpose:
+*
+* Wrapper for NtUnlockVirtualMemory.
+*
+*/
+BOOL ntsupVirtualUnlock(
+ _In_ LPVOID lpAddress,
+ _In_ SIZE_T dwSize
+)
+{
+ return (NT_SUCCESS(NtUnlockVirtualMemory(NtCurrentProcess(),
+ &lpAddress,
+ &dwSize,
+ MAP_PROCESS)));
+}
+
/*
* NtSupVirtualFree
*
@@ -929,42 +967,58 @@ BOOL ntsupQueryThreadWin32StartAddress(
}
/*
-* ntsupOpenDirectory
+* ntsupOpenDirectoryEx
*
* Purpose:
*
* Open directory handle with DIRECTORY_QUERY access, with root directory support.
*
*/
-NTSTATUS ntsupOpenDirectory(
+_Success_(return)
+NTSTATUS ntsupOpenDirectoryEx(
_Out_ PHANDLE DirectoryHandle,
_In_opt_ HANDLE RootDirectoryHandle,
- _In_ LPCWSTR DirectoryName,
+ _In_ PUNICODE_STRING DirectoryName,
_In_ ACCESS_MASK DesiredAccess
)
{
NTSTATUS ntStatus;
HANDLE directoryHandle = NULL;
- UNICODE_STRING usDirectory;
OBJECT_ATTRIBUTES objectAttrbutes;
- *DirectoryHandle = NULL;
-
- RtlInitUnicodeString(&usDirectory, DirectoryName);
InitializeObjectAttributes(&objectAttrbutes,
- &usDirectory, OBJ_CASE_INSENSITIVE, RootDirectoryHandle, NULL);
+ DirectoryName, OBJ_CASE_INSENSITIVE, RootDirectoryHandle, NULL);
ntStatus = NtOpenDirectoryObject(&directoryHandle,
DesiredAccess,
&objectAttrbutes);
- if (NT_SUCCESS(ntStatus)) {
- *DirectoryHandle = directoryHandle;
- }
+ *DirectoryHandle = directoryHandle;
return ntStatus;
}
+/*
+* ntsupOpenDirectory
+*
+* Purpose:
+*
+* Open directory handle with DIRECTORY_QUERY access, with root directory support.
+*
+*/
+NTSTATUS ntsupOpenDirectory(
+ _Out_ PHANDLE DirectoryHandle,
+ _In_opt_ HANDLE RootDirectoryHandle,
+ _In_ LPCWSTR DirectoryName,
+ _In_ ACCESS_MASK DesiredAccess
+)
+{
+ UNICODE_STRING usName;
+
+ RtlInitUnicodeString(&usName, DirectoryName);
+ return ntsupOpenDirectoryEx(DirectoryHandle, RootDirectoryHandle, &usName, DesiredAccess);
+}
+
/*
* ntsupQueryProcessName
*
@@ -1850,112 +1904,6 @@ NTSTATUS ntsupIsProcessElevated(
return ntStatus;
}
-/*
-* ntsupGetMappedFileName
-*
-* Purpose:
-*
-* Checks whether the specified address is within a memory-mapped file.
-* If so, the function returns the name of the memory-mapped file.
-*
-*/
-ULONG ntsupGetMappedFileName(
- _In_ PVOID BaseAddress,
- _Inout_ LPWSTR FileName,
- _In_ ULONG cchFileName,
- _Out_ PSIZE_T cbNeeded
-)
-{
- OBJECT_NAME_INFORMATION* objectNameInfo;
- NTSTATUS ntStatus;
- SIZE_T returnedLength = 0;
- ULONG errorCode, copyLength = 0;
- HANDLE processHeap = NtCurrentPeb()->ProcessHeap;
-
- *cbNeeded = 0;
-
- if (cchFileName == 0) {
- RtlSetLastWin32Error(ERROR_INSUFFICIENT_BUFFER);
- return 0;
- }
-
- //
- // Don't be like MS authors and ask actual size.
- //
- ntStatus = NtQueryVirtualMemory(
- NtCurrentProcess(),
- BaseAddress,
- MemoryMappedFilenameInformation,
- NULL,
- 0,
- &returnedLength);
-
- if (ntStatus != STATUS_INFO_LENGTH_MISMATCH) {
- RtlSetLastWin32Error(RtlNtStatusToDosError(ntStatus));
- return 0;
- }
-
- //
- // Allocate required buffer.
- //
- objectNameInfo = (OBJECT_NAME_INFORMATION*)RtlAllocateHeap(
- processHeap,
- HEAP_ZERO_MEMORY,
- returnedLength);
-
- if (objectNameInfo == NULL) {
- RtlSetLastWin32Error(ERROR_NOT_ENOUGH_MEMORY);
- return 0;
- }
-
- //
- // Query information.
- //
- ntStatus = NtQueryVirtualMemory(
- NtCurrentProcess(),
- BaseAddress,
- MemoryMappedFilenameInformation,
- objectNameInfo,
- returnedLength,
- &returnedLength);
-
- if (NT_SUCCESS(ntStatus)) {
-
- //
- // Copy filename.
- //
- copyLength = objectNameInfo->Name.Length >> 1;
- if (cchFileName > copyLength + 1) {
- errorCode = ERROR_SUCCESS;
- }
- else {
- *cbNeeded = ((SIZE_T)copyLength + 1) * sizeof(WCHAR);
- copyLength = cchFileName - 1;
- errorCode = ERROR_INSUFFICIENT_BUFFER;
- }
-
- RtlSetLastWin32Error(errorCode);
-
- if (copyLength) {
-
- RtlCopyMemory(
- FileName,
- objectNameInfo->Name.Buffer,
- copyLength * sizeof(WCHAR));
-
- FileName[copyLength] = 0;
-
- }
-
- }
- else {
- RtlSetLastWin32Error(RtlNtStatusToDosError(ntStatus));
- }
-
- RtlFreeHeap(processHeap, 0, objectNameInfo);
- return copyLength;
-}
-
/*
* ntsupPurgeSystemCache
*
diff --git a/Source/Shared/ntos/ntsup.h b/Source/Shared/ntos/ntsup.h
index 98cae5b9..916ae3da 100644
--- a/Source/Shared/ntos/ntsup.h
+++ b/Source/Shared/ntos/ntsup.h
@@ -6,7 +6,7 @@
*
* VERSION: 2.13
*
-* DATE: 04 Jun 2022
+* DATE: 15 Jun 2022
*
* Common header file for the NT API support functions and definitions.
*
@@ -100,6 +100,14 @@ PVOID ntsupVirtualAlloc(
BOOL ntsupVirtualFree(
_In_ PVOID Memory);
+BOOL ntsupVirtualLock(
+ _In_ LPVOID lpAddress,
+ _In_ SIZE_T dwSize);
+
+BOOL ntsupVirtualUnlock(
+ _In_ LPVOID lpAddress,
+ _In_ SIZE_T dwSize);
+
SIZE_T ntsupWriteBufferToFile(
_In_ PWSTR lpFileName,
_In_ PVOID Buffer,
@@ -179,6 +187,13 @@ BOOL ntsupQueryThreadWin32StartAddress(
_In_ HANDLE ThreadHandle,
_Out_ PULONG_PTR Win32StartAddress);
+_Success_(return)
+NTSTATUS ntsupOpenDirectoryEx(
+ _Out_ PHANDLE DirectoryHandle,
+ _In_opt_ HANDLE RootDirectoryHandle,
+ _In_ PUNICODE_STRING DirectoryName,
+ _In_ ACCESS_MASK DesiredAccess);
+
NTSTATUS ntsupOpenDirectory(
_Out_ PHANDLE DirectoryHandle,
_In_opt_ HANDLE RootDirectoryHandle,
@@ -275,12 +290,6 @@ NTSTATUS ntsupIsProcessElevated(
_In_ ULONG ProcessId,
_Out_ PBOOL Elevated);
-ULONG ntsupGetMappedFileName(
- _In_ PVOID BaseAddress,
- _Inout_ LPWSTR FileName,
- _In_ ULONG cchFileName,
- _Out_ PSIZE_T cbNeeded);
-
VOID ntsupPurgeSystemCache(
VOID);
diff --git a/Source/Shared/sdk/extdef.h b/Source/Shared/sdk/extdef.h
index 47e0045f..1b653d65 100644
--- a/Source/Shared/sdk/extdef.h
+++ b/Source/Shared/sdk/extdef.h
@@ -4,9 +4,9 @@
*
* TITLE: EXTAPI.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* Windows SDK compatibility header.
*
diff --git a/Source/Shared/treelist/treelist.c b/Source/Shared/treelist/treelist.c
index 111f51ed..a4cd8eb2 100644
--- a/Source/Shared/treelist/treelist.c
+++ b/Source/Shared/treelist/treelist.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: TREELIST.C
*
-* VERSION: 1.34
+* VERSION: 1.35
*
-* DATE: 16 Sept 2021
+* DATE: 10 Jun 2022
*
* TreeList control.
*
@@ -517,9 +517,6 @@ LRESULT CALLBACK TreeListHookProc(
if (!TreeView_GetItemRect(hwnd, (HTREEITEM)hdr->lParam, &rc, TRUE))
break;
- if ((subid == 0) && (rc.right < hr.right - 1)) // is tooltip from the first column?
- break;
-
privateBuffer = (LPTSTR)GetWindowLongPtr(BaseWindow, TL_TOOLTIPSBUFFER_SLOT);
privateBuffer[0] = 0;
@@ -530,21 +527,34 @@ LRESULT CALLBACK TreeListHookProc(
itemex.hItem = (HTREEITEM)hdr->lParam;
TreeView_GetItem(hwnd, &itemex);
- if ((subid > 0) && (itemex.lParam != 0)) {
- subitems = (PTL_SUBITEMS)itemex.lParam;
+ subitems = (PTL_SUBITEMS)itemex.lParam;
+
+ if (subid == 0) // is tooltip from the first column?
+ {
+ if (subitems)
+ if (subitems->CustomTooltip)
+ {
+ SendMessage(hdr->hdr.hwndFrom, TTM_SETMAXTIPWIDTH, 0, 1024);
+ _strncpy(privateBuffer, MAX_PATH, subitems->CustomTooltip, MAX_PATH);
+ hdr->lpszText = privateBuffer;
+ break;
+ }
+ if (rc.right < hr.right - 1) // no overflow
+ break;
+ }
+
+ if ((subid > 0) && (subitems != 0)) {
rc.left = hr.left + 3;
rc.right = hr.right - 3;
+ /*fake DrawText for calculating bounding rectangle*/
dc = GetDC(hwnd);
SelectObject(dc, (HGDIOBJ)SendMessage(hwnd, WM_GETFONT, 0, 0));
-
- /*fake DrawText for calculating bounding rectangle*/
DrawText(dc, subitems->Text[subid - 1], -1, &rc, DT_VCENTER | DT_SINGLELINE | DT_CALCRECT);
-
ReleaseDC(hwnd, dc);
- if (rc.right < hr.right - 2)
+ if (rc.right < hr.right - 2) // no overflow
break;
_strncpy(privateBuffer, MAX_PATH, subitems->Text[subid - 1], MAX_PATH);
@@ -586,24 +596,27 @@ PTL_SUBITEMS PackSubitems(HANDLE hHeap, IN PTL_SUBITEMS Subitems)
for (i = 0; i < Subitems->Count; i++)
strings_size += (_strlen(Subitems->Text[i]) + 1) * sizeof(TCHAR);
+ strings_size += (_strlen(Subitems->CustomTooltip) + 1) * sizeof(TCHAR);
+
newsubitems = (PTL_SUBITEMS)HeapAlloc(hHeap, 0, header_size + strings_size);
if (!newsubitems)
return NULL;
strings = (LPTSTR)((PBYTE)newsubitems + header_size);
-
- newsubitems->UserParam = Subitems->UserParam;
- newsubitems->ColorFlags = Subitems->ColorFlags;
- newsubitems->BgColor = Subitems->BgColor;
- newsubitems->FontColor = Subitems->FontColor;
- newsubitems->Count = Subitems->Count;
+ *newsubitems = *Subitems;
for (i = 0; i < Subitems->Count; i++) {
newsubitems->Text[i] = strings;
- _strcpy(newsubitems->Text[i], Subitems->Text[i]);
+ _strcpy(strings, Subitems->Text[i]);
strings += _strlen(Subitems->Text[i]) + 1;
}
+ if (Subitems->CustomTooltip != NULL)
+ {
+ newsubitems->CustomTooltip = strings;
+ _strcpy(strings, Subitems->CustomTooltip);
+ }
+
return newsubitems;
}
diff --git a/Source/Shared/treelist/treelist.h b/Source/Shared/treelist/treelist.h
index c6cebbec..8b63bbd9 100644
--- a/Source/Shared/treelist/treelist.h
+++ b/Source/Shared/treelist/treelist.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: TREELIST.H
*
-* VERSION: 1.34
+* VERSION: 1.35
*
-* DATE: 16 Sept 2021
+* DATE: 10 Jun 2022
*
* Tree-List custom control header file.
*
@@ -47,11 +47,12 @@
#define TLSTYLE_LINKLINES 0x02
typedef struct _TL_SUBITEMS {
+ ULONG Count;
ULONG ColorFlags;
COLORREF BgColor;
COLORREF FontColor;
PVOID UserParam;
- ULONG Count;
+ LPTSTR CustomTooltip;
LPTSTR Text[1];
} TL_SUBITEMS, *PTL_SUBITEMS;
diff --git a/Source/WinObjEx64/Resource.rc b/Source/WinObjEx64/Resource.rc
index 34bea150..7936ee6c 100644
Binary files a/Source/WinObjEx64/Resource.rc and b/Source/WinObjEx64/Resource.rc differ
diff --git a/Source/WinObjEx64/WinObjEx64.vcxproj b/Source/WinObjEx64/WinObjEx64.vcxproj
index 3673c16a..f188a36f 100644
--- a/Source/WinObjEx64/WinObjEx64.vcxproj
+++ b/Source/WinObjEx64/WinObjEx64.vcxproj
@@ -394,6 +394,9 @@
+
+
+
@@ -412,10 +415,8 @@
-
-
@@ -435,25 +436,14 @@
-
-
-
-
-
-
-
-
-
-
-
-
+
@@ -461,6 +451,10 @@
+
+
+
+
@@ -468,30 +462,14 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/Source/WinObjEx64/WinObjEx64.vcxproj.filters b/Source/WinObjEx64/WinObjEx64.vcxproj.filters
index 18914d91..b546b8f9 100644
--- a/Source/WinObjEx64/WinObjEx64.vcxproj.filters
+++ b/Source/WinObjEx64/WinObjEx64.vcxproj.filters
@@ -43,6 +43,9 @@
{b8b6096c-f90d-41f3-a643-a53ee0fae82b}
+
+ {ef3c4ca0-1364-4947-a6d6-091b33037c05}
+
@@ -63,9 +66,6 @@
Source Files
-
- Source Files
-
Hde
@@ -129,9 +129,6 @@
Source Files\props
-
- Source Files
-
Source Files\extras
@@ -252,6 +249,15 @@
Source Files
+
+ Source Files\sup
+
+
+ Source Files\sup
+
+
+ Source Files\sup
+
@@ -259,15 +265,9 @@
-
- Header Files
-
Header Files
-
- Header Files
-
Header Files
@@ -280,12 +280,6 @@
Header Files
-
- Header Files
-
-
- Header Files
-
Header Files
@@ -310,78 +304,27 @@
Header Files
-
- Header Files
-
Source Files\extras
-
- Source Files\extras
-
-
- Source Files\extras
-
-
- Source Files\extras
-
-
- Source Files\extras
-
-
- Source Files\extras
-
-
- Source Files\extras
-
-
- Source Files\extras
-
-
- Source Files\props
-
Source Files\props
-
- Source Files\props
-
Source Files\props
-
- Source Files\props
-
-
- Source Files\props
-
Source Files\props
-
- Source Files\props
-
-
- Source Files\props
-
Source Files\props
-
- Source Files\props
-
Source Files\props
Header Files
-
- Source Files\props
-
-
- Source Files\extras
-
Header Files
@@ -406,9 +349,6 @@
Source Files\extras
-
- Header Files
-
Ntos
@@ -421,15 +361,6 @@
Ntos
-
- Header Files
-
-
- Source Files\props
-
-
- Source Files\props
-
Header Files
@@ -457,14 +388,20 @@
Header Files
-
- Source Files\extras
+
+ Source Files\props
-
- Source Files\extras
+
+ Source Files\sup
-
- Header Files
+
+ Source Files\sup
+
+
+ Source Files\props
+
+
+ Source Files\extras
diff --git a/Source/WinObjEx64/aboutDlg.c b/Source/WinObjEx64/aboutDlg.c
index b472bbd4..6ab128ff 100644
--- a/Source/WinObjEx64/aboutDlg.c
+++ b/Source/WinObjEx64/aboutDlg.c
@@ -4,9 +4,9 @@
*
* TITLE: ABOUTDLG.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,7 +16,6 @@
*******************************************************************************/
#include "global.h"
#include "msvcver.h"
-#include "winedebug.h"
#define T_ABOUTDLG_ICON_PROP TEXT("aboutDlgIcon")
@@ -121,7 +120,7 @@ VOID AboutDialogInit(
// Fill boot options.
//
if (g_WinObj.IsWine) {
- wine_ver = (PCHAR)wine_get_version();
+ wine_ver = GetWineVersion();
wine_str = (PCHAR)supHeapAlloc(_strlen_a(wine_ver) + MAX_PATH);
if (wine_str) {
_strcpy_a(wine_str, "Wine ");
@@ -140,7 +139,7 @@ VOID AboutDialogInit(
//
// Query KD debugger enabled.
//
- if (ntsupIsKdEnabled(NULL, NULL)) {
+ if (supIsKdEnabled(NULL, NULL)) {
_strcpy(szBuffer, TEXT("Debug, "));
}
@@ -229,7 +228,7 @@ VOID AboutDialogOnNotify(
if ((((LPNMHDR)lParam)->hwndFrom == GetDlgItem(hwndDlg, IDC_ABOUT_SYSLINK))
&& (item.iLink == 0))
{
- supShellExecInExplorerProcess(item.szUrl);
+ supShellExecInExplorerProcess(item.szUrl, NULL);
}
break;
@@ -262,7 +261,7 @@ INT_PTR CALLBACK AboutDialogProc(
case WM_INITDIALOG:
supCenterWindow(hwndDlg);
AboutDialogInit(hwndDlg);
- break;
+ return TRUE;
case WM_NOTIFY:
AboutDialogOnNotify(hwndDlg, lParam);
@@ -270,15 +269,174 @@ INT_PTR CALLBACK AboutDialogProc(
case WM_COMMAND:
- switch (GET_WM_COMMAND_ID(wParam, lParam)) {
- case IDOK:
- case IDCANCEL:
+ if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL) {
+
hIcon = RemoveProp(hwndDlg, T_ABOUTDLG_ICON_PROP);
if (hIcon) {
DestroyIcon((HICON)hIcon);
}
- return EndDialog(hwndDlg, S_OK);
+ return EndDialog(hwndDlg, TRUE);
+
+ }
+
+ }
+ return 0;
+}
+
+static HANDLE StatsDialogThreadHandle = NULL;
+static FAST_EVENT StatsDialogInitializedEvent = FAST_EVENT_INIT;
+#define UPDATE_TIMER_ID 1
+
+/*
+* StatsTimerProc
+*
+* Purpose:
+*
+* Statistics timer callback.
+*
+*/
+VOID StatsTimerProc(
+ HWND hwnd,
+ UINT uMsg,
+ UINT_PTR idEvent,
+ DWORD dwTime)
+{
+ UNREFERENCED_PARAMETER(uMsg);
+ UNREFERENCED_PARAMETER(idEvent);
+ UNREFERENCED_PARAMETER(dwTime);
+
+ WCHAR szBuffer[64];
+
+ SetDlgItemInt(hwnd, IDC_STATS_TOTALHEAPALLOC, g_WinObjStats.TotalHeapAlloc, FALSE);
+ SetDlgItemInt(hwnd, IDC_STATS_TOTALHEAPFREE, g_WinObjStats.TotalHeapFree, FALSE);
+ SetDlgItemInt(hwnd, IDC_STATS_TOTALHEAPSCREATED, g_WinObjStats.TotalHeapsCreated, FALSE);
+ SetDlgItemInt(hwnd, IDC_STATS_TOTALHEAPSDESTROYED, g_WinObjStats.TotalHeapsDestroyed, FALSE);
+ SetDlgItemInt(hwnd, IDC_STATS_TOTALTHREADSCREATED, g_WinObjStats.TotalThreadsCreated, FALSE);
+
+ szBuffer[0] = 0;
+ u64tostr(g_WinObjStats.TotalHeapMemoryAllocated, &szBuffer[0]);
+ SetDlgItemText(hwnd, IDC_STATS_TOTALTHEAPMEMORYALLOCATED, szBuffer);
+
+#ifdef _DEBUG
+ ShowWindow(GetDlgItem(hwnd, IDC_STATS_MAXHEAPALLOCATEDSIZE_STATIC), SW_SHOW);
+ ShowWindow(GetDlgItem(hwnd, IDC_STATS_MAXHEAPALLOCATEDSIZE), SW_SHOW);
+ szBuffer[0] = 0;
+ u64tostr(g_WinObjStats.MaxHeapAllocatedBlockSize, &szBuffer[0]);
+ SetDlgItemText(hwnd, IDC_STATS_MAXHEAPALLOCATEDSIZE, szBuffer);
+#endif
+}
+
+/*
+* StatsDialogProc
+*
+* Purpose:
+*
+* Statistics Dialog Window Procedure
+*
+* During WM_INITDIALOG centers window and sets timer callback.
+*
+*/
+INT_PTR CALLBACK StatsDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam
+)
+{
+ UNREFERENCED_PARAMETER(lParam);
+
+ switch (uMsg) {
+
+ case WM_INITDIALOG:
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
+ SetTimer(hwndDlg, UPDATE_TIMER_ID, 1000, (TIMERPROC)StatsTimerProc);
+ break;
+
+ case WM_DESTROY:
+ PostQuitMessage(0);
+ break;
+
+ case WM_CLOSE:
+ KillTimer(hwndDlg, UPDATE_TIMER_ID);
+ return DestroyWindow(hwndDlg);
+
+ case WM_COMMAND:
+
+ switch (GET_WM_COMMAND_ID(wParam, lParam)) {
+ case IDCANCEL:
+ case IDOK:
+ SendMessage(hwndDlg, WM_CLOSE, 0, 0);
+ break;
+ }
+ break;
+ }
+ return 0;
+}
+
+/*
+* StatsDialogWorkerThread
+*
+* Purpose:
+*
+* Worker thread that creates dialog window and processes messages queue.
+*
+*/
+DWORD StatsDialogWorkerThread(
+ _In_ PVOID Parameter
+)
+{
+ BOOL bResult;
+ MSG message;
+ HWND hwndDlg;
+
+ UNREFERENCED_PARAMETER(Parameter);
+
+ hwndDlg = CreateDialogParam(g_WinObj.hInstance,
+ MAKEINTRESOURCE(IDD_DIALOG_STATS),
+ 0,
+ (DLGPROC)&StatsDialogProc,
+ 0);
+
+ supSetFastEvent(&StatsDialogInitializedEvent);
+
+ do {
+
+ bResult = GetMessage(&message, NULL, 0, 0);
+ if (bResult == -1)
+ break;
+
+ if (!IsDialogMessage(hwndDlg, &message)) {
+ TranslateMessage(&message);
+ DispatchMessage(&message);
}
+
+ } while (bResult != 0);
+
+ supResetFastEvent(&StatsDialogInitializedEvent);
+
+ if (StatsDialogThreadHandle) {
+ NtClose(StatsDialogThreadHandle);
+ StatsDialogThreadHandle = NULL;
}
return 0;
}
+
+/*
+* ShowStatsDialog
+*
+* Purpose:
+*
+* Create statistics dialog if none present.
+*
+*/
+VOID ShowStatsDialog(
+ VOID
+)
+{
+ if (!StatsDialogThreadHandle) {
+
+ StatsDialogThreadHandle = supCreateThread(StatsDialogWorkerThread, NULL, 0);
+ supWaitForFastEvent(&StatsDialogInitializedEvent, NULL);
+
+ }
+}
diff --git a/Source/WinObjEx64/aboutDlg.h b/Source/WinObjEx64/aboutDlg.h
deleted file mode 100644
index 0a6b13f4..00000000
--- a/Source/WinObjEx64/aboutDlg.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2018
-*
-* TITLE: ABOUTDLG.H
-*
-* VERSION: 1.52
-*
-* DATE: 08 Jan 2018
-*
-* Common header file for the About Dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK AboutDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/drivers/winio.c b/Source/WinObjEx64/drivers/winio.c
index 4567d9ce..b98e8c66 100644
--- a/Source/WinObjEx64/drivers/winio.c
+++ b/Source/WinObjEx64/drivers/winio.c
@@ -4,9 +4,9 @@
*
* TITLE: WINIO.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 01 Jun 2022
+* DATE: 19 Jun 2022
*
* WinIo based reader.
*
diff --git a/Source/WinObjEx64/drivers/winio.h b/Source/WinObjEx64/drivers/winio.h
index 84847efb..b4af20cc 100644
--- a/Source/WinObjEx64/drivers/winio.h
+++ b/Source/WinObjEx64/drivers/winio.h
@@ -4,9 +4,9 @@
*
* TITLE: WINIO.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 01 Jun 2022
+* DATE: 19 Jun 2022
*
* Common header file for the WINIO Driver Helper support.
*
diff --git a/Source/WinObjEx64/excepth.c b/Source/WinObjEx64/excepth.c
index 067358e4..57463666 100644
--- a/Source/WinObjEx64/excepth.c
+++ b/Source/WinObjEx64/excepth.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2020
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: EXCEPTH.C
*
-* VERSION: 1.85
+* VERSION: 2.00
*
-* DATE: 05 Mar 2020
+* DATE: 19 Jun 2022
*
* Exception handler routines.
*
@@ -35,44 +35,43 @@ pfnMiniDumpWriteDump pMiniDumpWriteDump;
*
* Purpose:
*
-* Writes minidump information to the specified file.
+* Writes minidump information to the file.
*
*/
BOOL exceptWriteDump(
_In_ EXCEPTION_POINTERS* ExceptionPointers,
- _In_ ULONGLONG IdFile
+ _In_ LPCWSTR lpFileName
)
{
- BOOL bResult;
+ BOOL bResult;
HMODULE hDbgHelp;
- HANDLE hFile;
- WCHAR szFileName[MAX_PATH * 2]; //-V1072
+ HANDLE hFile;
+ WCHAR szFileName[MAX_PATH * 2];
+ UINT cch;
MINIDUMP_EXCEPTION_INFORMATION mdei;
bResult = FALSE;
hDbgHelp = GetModuleHandle(TEXT("dbghelp.dll"));
if (hDbgHelp == NULL) {
+
RtlSecureZeroMemory(szFileName, sizeof(szFileName));
- _strcpy(szFileName, g_WinObj.szSystemDirectory);
+ cch = GetSystemDirectory(szFileName, MAX_PATH);
+ if (cch == 0 || cch > MAX_PATH)
+ return FALSE;
+
_strcat(szFileName, TEXT("\\dbghelp.dll"));
hDbgHelp = LoadLibraryEx(szFileName, 0, 0);
if (hDbgHelp == NULL)
- return bResult;
+ return FALSE;
}
pMiniDumpWriteDump = (pfnMiniDumpWriteDump)GetProcAddress(hDbgHelp, "MiniDumpWriteDump");
if (pMiniDumpWriteDump == NULL)
- return bResult;
+ return FALSE;
- RtlSecureZeroMemory(szFileName, sizeof(szFileName));
- _strcpy(szFileName, g_WinObj.szTempDirectory);
- _strcat(szFileName, TEXT("\\wobjex"));
- u64tostr(IdFile, _strend(szFileName));
- _strcat(szFileName, TEXT(".dmp"));
-
- hFile = CreateFile(szFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
+ hFile = CreateFile(lpFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
if (hFile != INVALID_HANDLE_VALUE) {
mdei.ThreadId = GetCurrentThreadId();
mdei.ExceptionPointers = ExceptionPointers;
@@ -92,11 +91,12 @@ BOOL exceptWriteDump(
*
*/
VOID exceptShowException(
- _In_ EXCEPTION_POINTERS* ExceptionPointers
+ _In_ EXCEPTION_POINTERS* ExceptionPointers,
+ _In_ BOOL LastChance
)
{
- WCHAR szMessage[MAX_PATH * 2];
- ULONGLONG IdFile;
+ WCHAR szFileName[300];
+ WCHAR szMessage[1000];
RtlSecureZeroMemory(&szMessage, sizeof(szMessage));
_strcpy(szMessage, TEXT("Sorry, exception occurred at address: \r\n0x"));
@@ -113,18 +113,46 @@ VOID exceptShowException(
}
u64tohex(ExceptionPointers->ExceptionRecord->ExceptionInformation[1], _strend(szMessage));
}
- IdFile = GetTickCount64();
- if (exceptWriteDump(ExceptionPointers, IdFile)) {
- _strcat(szMessage, TEXT("\r\n\nMinidump wobjex"));
- u64tostr(IdFile, _strend(szMessage));
- _strcat(szMessage, TEXT(".dmp is in %TEMP% directory"));
+ RtlSecureZeroMemory(szFileName, sizeof(szFileName));
+ GetCurrentDirectory(MAX_PATH, szFileName);
+ _strcat(szFileName, TEXT("\\WinObjEx64."));
+ ultostr(GetCurrentProcessId(), _strend(szFileName));
+ _strcat(szFileName, TEXT("."));
+ ultostr(GetCurrentThreadId(), _strend(szFileName));
+ _strcat(szFileName, TEXT(".dmp"));
+
+ if (exceptWriteDump(ExceptionPointers, szFileName)) {
+
+ _strcat(szMessage, TEXT("\r\n\nMinidump saved to "));
+ _strcat(szMessage, szFileName);
+
}
else {
- _strcat(szMessage, TEXT("\r\n\nThere is an error while saving minidump."));
+ _strcat(szMessage, TEXT("\r\nAnd there is an error while saving minidump :("));
}
- _strcat(szMessage, TEXT("\r\n\nPlease report this to the developers, thanks"));
- MessageBox(GetForegroundWindow(), szMessage, NULL, MB_ICONERROR);
+ if (LastChance)
+ _strcat(szMessage, TEXT("\r\n\nThe program will be terminated."));
+
+ MessageBox(0, szMessage, NULL, MB_ICONERROR);
+}
+
+/*
+* exceptFilterUnhandled
+*
+* Purpose:
+*
+* Default exception filter, processing AV with minidump if available.
+*
+*/
+INT exceptFilterUnhandled(
+ _In_ struct _EXCEPTION_POINTERS* ExceptionInfo
+)
+{
+ WDrvProvRelease(&g_kdctx.DriverContext);
+ exceptShowException(ExceptionInfo, TRUE);
+ RtlExitUserProcess(ExceptionInfo->ExceptionRecord->ExceptionCode);
+ return EXCEPTION_EXECUTE_HANDLER;
}
/*
@@ -141,7 +169,7 @@ INT exceptFilter(
)
{
if (ExceptionCode == EXCEPTION_ACCESS_VIOLATION) {
- exceptShowException(ExceptionPointers);
+ exceptShowException(ExceptionPointers, FALSE);
return EXCEPTION_EXECUTE_HANDLER;
}
else {
diff --git a/Source/WinObjEx64/excepth.h b/Source/WinObjEx64/excepth.h
index e2973f74..907b5f79 100644
--- a/Source/WinObjEx64/excepth.h
+++ b/Source/WinObjEx64/excepth.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2020
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: EXCEPTH.H
*
-* VERSION: 1.85
+* VERSION: 2.00
*
-* DATE: 06 Mar 2020
+* DATE: 19 Jun 2022
*
* Common header file for the exception handling routines.
*
@@ -26,5 +26,8 @@ INT exceptFilterWithLog(
_In_ UINT ExceptionCode,
_In_opt_ EXCEPTION_POINTERS* ExceptionPointers);
+INT exceptFilterUnhandled(
+ _In_ struct _EXCEPTION_POINTERS* ExceptionInfo);
+
#define WOBJ_EXCEPTION_FILTER exceptFilter(GetExceptionCode(), GetExceptionInformation())
#define WOBJ_EXCEPTION_FILTER_LOG exceptFilterWithLog(GetExceptionCode(), GetExceptionInformation())
diff --git a/Source/WinObjEx64/extapi.c b/Source/WinObjEx64/extapi.c
index ed7b20ef..2f3ef816 100644
--- a/Source/WinObjEx64/extapi.c
+++ b/Source/WinObjEx64/extapi.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2017 - 2021
+* (C) COPYRIGHT AUTHORS, 2017 - 2022
*
* TITLE: EXTAPI.C
*
-* VERSION: 1.92
+* VERSION: 2.00
*
-* DATE: 30 Oct 2021
+* DATE: 19 Jun 2022
*
* Support unit for pre Windows 10 missing APIs.
*
@@ -39,16 +39,26 @@ NTSTATUS ExApiSetInit(
RtlSecureZeroMemory(&g_ExtApiSet, sizeof(g_ExtApiSet));
- //
- // New Partition API introduced in Windows 10.
- //
+
hNtdll = GetModuleHandle(TEXT("ntdll.dll"));
if (hNtdll) {
+ //
+ // New Partition API introduced in Windows 10 TH1.
+ //
g_ExtApiSet.NtOpenPartition = (pfnNtOpenPartition)GetProcAddress(hNtdll, "NtOpenPartition");
if (g_ExtApiSet.NtOpenPartition) {
g_ExtApiSet.NumberOfAPI += 1;
}
+
+ //
+ // Available since Windows 10 REDSTONE 1.
+ //
+ g_ExtApiSet.NtOpenRegistryTransaction = (pfnNtOpenRegistryTransaction)GetProcAddress(hNtdll, "NtOpenRegistryTransaction");
+
+ if (g_ExtApiSet.NtOpenRegistryTransaction) {
+ g_ExtApiSet.NumberOfAPI += 1;
+ }
}
//
diff --git a/Source/WinObjEx64/extapi.h b/Source/WinObjEx64/extapi.h
index 77eccb3b..34b0ee48 100644
--- a/Source/WinObjEx64/extapi.h
+++ b/Source/WinObjEx64/extapi.h
@@ -1,14 +1,14 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: EXTAPI.H
*
-* VERSION: 1.92
+* VERSION: 2.00
*
-* DATE: 30 Oct 2021
+* DATE: 19 Jun 2022
*
-* Header for pre Windows10 missing API.
+* Header for pre Windows 10+ missing API.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -32,6 +32,11 @@ typedef NTSTATUS (NTAPI *pfnNtManagePartition)(
_In_ ULONG PartitionInformationLength
);
+typedef NTSTATUS (NTAPI *pfnNtOpenRegistryTransaction)(
+ _Out_ PHANDLE RegistryHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ POBJECT_ATTRIBUTES ObjectAttributes);
+
typedef BOOL (WINAPI *pfnIsImmersiveProcess)(
HANDLE hProcess
);
@@ -48,11 +53,12 @@ typedef UINT (WINAPI *pfnGetDpiForWindow)(
typedef UINT (WINAPI *pfnGetDpiForSystem)(
VOID);
-#define EXTAPI_ALL_MAPPED 6
+#define EXTAPI_ALL_MAPPED 7
typedef struct _EXTENDED_API_SET {
ULONG NumberOfAPI;
pfnNtOpenPartition NtOpenPartition;
+ pfnNtOpenRegistryTransaction NtOpenRegistryTransaction;
pfnIsImmersiveProcess IsImmersiveProcess;
pfnGetThreadDpiAwarenessContext GetThreadDpiAwarenessContext;
pfnGetAwarenessFromDpiAwarenessContext GetAwarenessFromDpiAwarenessContext;
diff --git a/Source/WinObjEx64/extras/extras.c b/Source/WinObjEx64/extras/extras.c
index 26f892e4..a2fc838a 100644
--- a/Source/WinObjEx64/extras/extras.c
+++ b/Source/WinObjEx64/extras/extras.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRAS.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,15 +16,7 @@
*******************************************************************************/
#include "global.h"
#include "extras.h"
-#include "extrasUSD.h"
-#include "extrasPN.h"
-#include "extrasSSDT.h"
-#include "extrasDrivers.h"
-#include "extrasIPC.h"
-#include "extrasPSList.h"
-#include "extrasCallbacks.h"
-#include "extrasSL.h"
-#include "extrasCmOpt.h"
+#include "extrasHandlers.h"
/*
* extrasHandleSettingsChange
@@ -155,7 +147,7 @@ VOID extrasProcessElevationRequiredDialogs(
g_kdctx.DriverContext.LoadStatus,
g_kdctx.DriverContext.OpenStatus);
- MessageBox(g_WinObj.MainWindow,
+ MessageBox(g_hwndMain,
szText,
PROGRAM_NAME,
MB_ICONINFORMATION);
diff --git a/Source/WinObjEx64/extras/extras.h b/Source/WinObjEx64/extras/extras.h
index ad8b5f8d..d028f768 100644
--- a/Source/WinObjEx64/extras/extras.h
+++ b/Source/WinObjEx64/extras/extras.h
@@ -4,9 +4,9 @@
*
* TITLE: EXTRAS.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* Common header file for Extras dialogs.
*
diff --git a/Source/WinObjEx64/extras/extrasCallbacks.c b/Source/WinObjEx64/extras/extrasCallbacks.c
index 8f97e545..5ed02493 100644
--- a/Source/WinObjEx64/extras/extrasCallbacks.c
+++ b/Source/WinObjEx64/extras/extrasCallbacks.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASCALLBACKS.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,7 +16,6 @@
*******************************************************************************/
#include "global.h"
#include "extras.h"
-#include "extrasCallbacks.h"
#include "extras/extrasCallbacksPatterns.h"
#include "treelist/treelist.h"
#include "hde/hde64.h"
@@ -215,16 +214,16 @@ OBEX_CALLBACK_DISPATCH_ENTRY g_CallbacksDispatchTable[] = {
&g_SystemCallbacks.IopNotifyLastChanceShutdownQueueHead
},
{
- 0, L"ObProcess",
+ ObjectTypeProcess, L"ObProcess",
QueryCallbackGeneric, DumpObCallbacks, FindObjectTypeCallbackListHeadByType,
&g_SystemCallbacks.ObProcessCallbackHead },
{
- 1, L"ObThread",
+ ObjectTypeThread, L"ObThread",
QueryCallbackGeneric, DumpObCallbacks, FindObjectTypeCallbackListHeadByType,
&g_SystemCallbacks.ObThreadCallbackHead
},
{
- 2, L"ObDesktop",
+ ObjectTypeDesktop, L"ObDesktop",
QueryCallbackGeneric, DumpObCallbacks, FindObjectTypeCallbackListHeadByType,
&g_SystemCallbacks.ObDesktopCallbackHead
},
@@ -1290,9 +1289,6 @@ BOOL FindIopFileSystemQueueHeads(
case 3:
*IopTapeFileSystemQueueHead = kvarAddress;
break;
-
- default:
- break;
}
Count += 1;
if (Count == 4)
@@ -1342,9 +1338,6 @@ BOOL FindIopFileSystemQueueHeads(
case 3:
*IopTapeFileSystemQueueHead = kvarAddress;
break;
-
- default:
- break;
}
Count += 1;
if (Count == 4)
@@ -1713,13 +1706,14 @@ OBEX_FINDCALLBACK_ROUTINE(FindSeFileSystemNotifyRoutinesHead)
*/
OBEX_FINDCALLBACK_ROUTINE(FindObjectTypeCallbackListHeadByType)
{
- ULONG Type = (ULONG)QueryFlags;
ULONG_PTR ListHead = 0;
ULONG ObjectSize, ObjectVersion = 0, CallbackListOffset = 0;
LPWSTR TypeName = NULL;
- POBJINFO CurrentObject = NULL;
+ POBEX_OBJECT_INFORMATION CurrentObject = NULL;
PVOID ObjectTypeInformation = NULL;
+ UNICODE_STRING usName;
+
union {
union {
OBJECT_TYPE_7 *ObjectType_7;
@@ -1730,25 +1724,31 @@ OBEX_FINDCALLBACK_ROUTINE(FindObjectTypeCallbackListHeadByType)
PVOID Ref;
} ObjectType;
- switch (Type) {
- case 0: //PsProcessType
+ switch ((WOBJ_OBJECT_TYPE)(ULONG)QueryFlags) {
+ case ObjectTypeProcess: //PsProcessType
TypeName = TEXT("Process");
break;
- case 1: //PsThreadType
+ case ObjectTypeThread: //PsThreadType
TypeName = TEXT("Thread");
break;
- case 2:
+ case ObjectTypeDesktop:
//ExDesktopObjectType
TypeName = TEXT("Desktop");
break;
default:
+ //
+ // We cannot process this object type.
+ //
return 0;
}
//
// Get the reference to the object.
//
- CurrentObject = ObQueryObject(T_OBJECTTYPES, TypeName);
+ RtlInitUnicodeString(&usName, TypeName);
+ CurrentObject = ObQueryObjectInDirectory(&usName,
+ ObGetPredefinedUnicodeString(OBP_OBTYPES));
+
if (CurrentObject == NULL)
return 0;
@@ -5510,7 +5510,7 @@ VOID SysCbDialogOnInit(
extrasSetDlgIcon(pDlgContext);
SetWindowText(hwndDlg, TEXT("System Callbacks"));
- GetClientRect(g_WinObj.MainWindow, &rc);
+ GetClientRect(g_hwndMain, &rc);
pDlgContext->TreeList = CreateWindowEx(WS_EX_STATICEDGE, WC_TREELIST, NULL,
WS_VISIBLE | WS_CHILD | WS_TABSTOP | TLSTYLE_COLAUTOEXPAND | TLSTYLE_LINKLINES, 12, 14,
rc.right - 24, rc.bottom - 24, hwndDlg, NULL, NULL, NULL);
@@ -5534,7 +5534,7 @@ VOID SysCbDialogOnInit(
SysCbDialogContentRefresh(hwndDlg, pDlgContext, FALSE);
}
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
SendMessage(hwndDlg, WM_SIZE, 0, 0);
}
diff --git a/Source/WinObjEx64/extras/extrasCallbacksPatterns.h b/Source/WinObjEx64/extras/extrasCallbacksPatterns.h
index 2fb23491..e247ae8b 100644
--- a/Source/WinObjEx64/extras/extrasCallbacksPatterns.h
+++ b/Source/WinObjEx64/extras/extrasCallbacksPatterns.h
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASCALLBACKSPATTERNS.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 28 May 2022
+* DATE: 19 Jun 2022
*
* Header with search patterns used by Callbacks dialog routines.
*
diff --git a/Source/WinObjEx64/extras/extrasCmOpt.c b/Source/WinObjEx64/extras/extrasCmOpt.c
index e685e5d8..67de4cce 100644
--- a/Source/WinObjEx64/extras/extrasCmOpt.c
+++ b/Source/WinObjEx64/extras/extrasCmOpt.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASCMOPT.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -242,10 +242,8 @@ BOOL CALLBACK CmOptDlgHandleNotify(
_In_ EXTRASCONTEXT* Context
)
{
- BOOL bHandled = TRUE;
INT nImageIndex;
-
if (NMListView->hdr.idFrom != ID_EXTRASLIST)
return FALSE;
@@ -272,14 +270,10 @@ BOOL CALLBACK CmOptDlgHandleNotify(
Context->lvColumnToSort,
nImageIndex);
- break;
-
- default:
- bHandled = FALSE;
- break;
+ return TRUE;
}
- return bHandled;
+ return FALSE;
}
/*
@@ -640,7 +634,7 @@ VOID CmOptDlgOnInit(
SendMessage(hwndDlg, WM_SIZE, 0, 0);
SetFocus(pDlgContext->ListView);
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
}
/*
diff --git a/Source/WinObjEx64/extras/extrasCmOpt.h b/Source/WinObjEx64/extras/extrasCmOpt.h
deleted file mode 100644
index c905d435..00000000
--- a/Source/WinObjEx64/extras/extrasCmOpt.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2022
-*
-* TITLE: EXTRASCMOPT.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Common header file for Configuration Manager options dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-
-#pragma once
-
-VOID extrasCreateCmOptDialog(
- VOID);
diff --git a/Source/WinObjEx64/extras/extrasDrivers.c b/Source/WinObjEx64/extras/extrasDrivers.c
index e0435242..a81993b8 100644
--- a/Source/WinObjEx64/extras/extrasDrivers.c
+++ b/Source/WinObjEx64/extras/extrasDrivers.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASDRIVERS.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,14 +16,15 @@
*******************************************************************************/
#include "global.h"
#include "extras.h"
-#include "extrasDrivers.h"
BOOLEAN DrvDlgShimsEnabled = FALSE;
-#define ID_DRVLIST_DUMP 40001
-#define ID_DRVLIST_SAVE 40002
-#define ID_DRVLIST_PROP ID_OBJECT_PROPERTIES
-#define ID_DRVLIST_REFRESH ID_VIEW_REFRESH
+#define ID_DRVLIST_REFRESH ID_VIEW_REFRESH
+#define ID_DRVLIST_PROP ID_OBJECT_PROPERTIES
+#define ID_DRVLIST_DUMP 40005
+#define ID_DRVLIST_DUMPFIXED 40006
+#define ID_DRVLIST_SAVE 40007
+
#define ID_CALC_HASH_MD5 6000
#define ID_CALC_HASH_SHA1 6001
@@ -45,6 +46,8 @@ BOOLEAN DrvDlgShimsEnabled = FALSE;
#define COLUMN_DRVLIST_UNLOADED_END_ADDRESS 2
#define COLUMN_DRVLIST_UNLOADED_CURRENT_TIME 3
+#define T_DUMPDRIVER L"Dump Driver (Raw)"
+#define T_DUMPDRIVER_FIXED L"Dump Driver (Fix Sections)"
#define DRVLISTDLG_TRACKSIZE_MIN_X 640
#define DRVLISTDLG_TRACKSIZE_MIN_Y 480
@@ -110,7 +113,7 @@ VOID DrvListCopyHash(
lpszHash = ComputeHashForFile(&fvi,
(MenuId == ID_CALC_HASH_PAGE_SHA1) ? BCRYPT_SHA1_ALGORITHM : BCRYPT_SHA256_ALGORITHM,
PAGE_SIZE,
- g_WinObj.Heap,
+ g_obexHeap,
TRUE);
}
@@ -119,7 +122,7 @@ VOID DrvListCopyHash(
lpszHash = ComputeHashForFile(&fvi,
CryptAlgoIdRef[MenuId - ID_CALC_HASH_MD5],
PAGE_SIZE,
- g_WinObj.Heap,
+ g_obexHeap,
FALSE);
}
@@ -232,6 +235,7 @@ VOID DrvHandlePopupMenu(
InsertMenu(hMenu, ++uPos, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
if (kdConnectDriver()) {
InsertMenu(hMenu, ++uPos, MF_BYCOMMAND, ID_DRVLIST_DUMP, T_DUMPDRIVER);
+ InsertMenu(hMenu, ++uPos, MF_BYCOMMAND, ID_DRVLIST_DUMPFIXED, T_DUMPDRIVER_FIXED);
}
InsertMenu(hMenu, ++uPos, MF_BYCOMMAND, ID_JUMPTOFILE, T_JUMPTOFILE);
@@ -320,6 +324,244 @@ VOID DrvListViewProperties(
}
}
+static HANDLE DumpDialogThreadHandle = NULL;
+static HANDLE DumpWorkerThread = NULL;
+static FAST_EVENT DumpDialogInitializedEvent = FAST_EVENT_INIT;
+volatile LONG TerminateDumpOperation = FALSE;
+HWND DumpWorkerWindow = NULL;
+
+typedef struct _OBEX_DRVDUMP {
+ _In_ BOOL FixSections;
+ _In_ ULONG DumpSize;
+ _In_ ULONG_PTR DumpAddress;
+ _In_ PBYTE Buffer;
+ _In_ HWND ParentWindow;
+ _Out_ ULONG ReadSize;
+ _Out_ NTSTATUS DumpStatus;
+ _In_ WCHAR FileName[MAX_PATH * 2];
+} OBEX_DRVDUMP, * POBEX_DRVDUMP;
+
+DWORD DrvDumpThread(
+ _In_ PVOID Parameter
+)
+{
+ OBEX_DRVDUMP* dumpInfo = (POBEX_DRVDUMP)Parameter;
+
+ PBYTE buffer;
+ ULONG_PTR dumpAddress;
+ ULONG totalSize = dumpInfo->DumpSize, readBytes = 0, i, remainingBytes, memIO = 0;
+
+ for (i = 0,
+ buffer = dumpInfo->Buffer,
+ dumpAddress = dumpInfo->DumpAddress;
+ (i < (totalSize / PAGE_SIZE));
+ i++,
+ dumpAddress += PAGE_SIZE,
+ buffer = (PBYTE)RtlOffsetToPointer(buffer, PAGE_SIZE))
+ {
+
+ if (TerminateDumpOperation) {
+ dumpInfo->DumpStatus = STATUS_CANCELLED;
+ return ERROR_CANCELLED;
+ }
+
+ kdReadSystemMemoryEx(dumpAddress, buffer, PAGE_SIZE, &memIO);
+ readBytes = InterlockedAdd((LONG*)&dumpInfo->ReadSize, memIO);
+ }
+
+ remainingBytes = totalSize % PAGE_SIZE;
+ if (remainingBytes) {
+ kdReadSystemMemoryEx(dumpAddress, buffer, remainingBytes, &memIO);
+ readBytes = InterlockedAdd((LONG*)&dumpInfo->ReadSize, memIO);
+ }
+
+ if (readBytes == 0) {
+ dumpInfo->DumpStatus = STATUS_UNSUCCESSFUL;
+ }
+ else if (readBytes != totalSize) {
+ dumpInfo->DumpStatus = STATUS_PARTIAL_COPY;
+ }
+ else {
+ dumpInfo->DumpStatus = STATUS_SUCCESS;
+ }
+
+ NtClose(DumpWorkerThread);
+ DumpWorkerThread = NULL;
+
+ PostMessage(dumpInfo->ParentWindow, WM_CLOSE, (WPARAM)0, (LPARAM)0);
+ return ERROR_SUCCESS;
+}
+
+VOID DumpTerminateWorker(
+ VOID
+)
+{
+ if (DumpWorkerThread) {
+ _InterlockedExchange((LONG*)&TerminateDumpOperation, TRUE);
+ if (WaitForSingleObject(DumpWorkerThread, 20*1000) == WAIT_TIMEOUT) {
+ TerminateThread(DumpWorkerThread, ERROR_CANCELLED);
+ NtClose(DumpWorkerThread);
+ DumpWorkerThread = NULL;
+ }
+ }
+}
+
+#define DUMP_PROP L"dumpProp"
+
+VOID DumpUpdateTimerProc(
+ HWND hwnd,
+ UINT uMsg,
+ UINT_PTR idEvent,
+ DWORD dwTime)
+{
+ UNREFERENCED_PARAMETER(uMsg);
+ UNREFERENCED_PARAMETER(idEvent);
+ UNREFERENCED_PARAMETER(dwTime);
+
+ OBEX_DRVDUMP* dumpInfo;
+ HWND hwndProgress = GetDlgItem(hwnd, IDC_PROGRESS);
+ WCHAR szBuffer[100];
+
+ dumpInfo = (OBEX_DRVDUMP*)GetProp(hwnd, DUMP_PROP);
+
+ if (dumpInfo) {
+
+ szBuffer[0] = 0;
+
+ RtlStringCchPrintfSecure(szBuffer,
+ RTL_NUMBER_OF(szBuffer),
+ TEXT("Reading %lu (%lu Kb) of %lu (%lu Kb)"),
+ dumpInfo->ReadSize,
+ dumpInfo->ReadSize / 1024,
+ dumpInfo->DumpSize,
+ dumpInfo->DumpSize / 1024);
+
+ SetWindowText(hwndProgress, szBuffer);
+ }
+}
+
+INT_PTR CALLBACK DrvDumpProgressDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam
+)
+{
+ OBEX_DRVDUMP* dumpInfo;
+
+ switch (uMsg) {
+
+ case WM_INITDIALOG:
+ dumpInfo = (POBEX_DRVDUMP)lParam;
+ if (dumpInfo) {
+ SetProp(hwndDlg, DUMP_PROP, (HANDLE)dumpInfo);
+ supCenterWindowSpecifyParent(hwndDlg, dumpInfo->ParentWindow);
+ dumpInfo->ParentWindow = hwndDlg;
+ _InterlockedExchange((LONG*)&TerminateDumpOperation, FALSE);
+ SetTimer(hwndDlg, 1, 300, DumpUpdateTimerProc);
+ DumpWorkerThread = supCreateThread(DrvDumpThread, (PVOID)dumpInfo, 0);
+ }
+ break;
+
+ case WM_DESTROY:
+ PostQuitMessage(0);
+ break;
+
+ case WM_COMMAND:
+
+ switch (GET_WM_COMMAND_ID(wParam, lParam)) {
+ case IDCANCEL:
+ RemoveProp(hwndDlg, DUMP_PROP);
+ DumpTerminateWorker();
+ KillTimer(hwndDlg, 1);
+ return DestroyWindow(hwndDlg);
+ }
+ }
+ return 0;
+}
+
+DWORD DumpDialogWorkerThread(
+ _In_ PVOID Parameter
+)
+{
+ BOOL bResult;
+ MSG message;
+ OBEX_DRVDUMP* dumpInfo = (POBEX_DRVDUMP)Parameter;
+ HWND hwndDlg, hwndParent = dumpInfo->ParentWindow;
+
+ SIZE_T bytesIO;
+ WCHAR szBuffer[100];
+
+ hwndDlg = CreateDialogParam(g_WinObj.hInstance,
+ MAKEINTRESOURCE(IDD_DIALOG_PROGRESS),
+ 0,
+ (DLGPROC)&DrvDumpProgressDialogProc,
+ (LPARAM)dumpInfo);
+
+ DumpWorkerWindow = hwndDlg;
+
+ SetWindowText(hwndDlg, TEXT("Driver dump"));
+
+ supSetFastEvent(&DumpDialogInitializedEvent);
+
+ do {
+
+ bResult = GetMessage(&message, NULL, 0, 0);
+ if (bResult == -1)
+ break;
+
+ if (!IsDialogMessage(hwndDlg, &message)) {
+ TranslateMessage(&message);
+ DispatchMessage(&message);
+ }
+
+ } while (bResult != 0);
+
+ if (NT_SUCCESS(dumpInfo->DumpStatus) || (dumpInfo->DumpStatus == STATUS_PARTIAL_COPY)) {
+
+ if (dumpInfo->FixSections)
+ supImageFixSections(dumpInfo->Buffer);
+
+ bytesIO = supWriteBufferToFile(dumpInfo->FileName, dumpInfo->Buffer,
+ (SIZE_T)dumpInfo->DumpSize, FALSE, FALSE);
+
+ RtlStringCchPrintfSecure(szBuffer, RTL_NUMBER_OF(szBuffer),
+ TEXT("Read %lu (%lu Kb), Write %lu (%lu Kb), Requested %lu (%lu Kb)"),
+ dumpInfo->ReadSize,
+ dumpInfo->ReadSize / 1024,
+ bytesIO,
+ bytesIO / 1024,
+ dumpInfo->DumpSize,
+ dumpInfo->DumpSize / 1024);
+
+ }
+ else if (dumpInfo->DumpStatus == STATUS_CANCELLED) {
+ _strcpy(szBuffer, TEXT("Operation cancelled by user"));
+ }
+ else {
+ _strcpy(szBuffer, TEXT("Error while dumping memory"));
+ }
+
+ supStatusBarSetText(
+ GetDlgItem(hwndParent, ID_EXTRASLIST_STATUSBAR),
+ 1,
+ szBuffer);
+
+ if (dumpInfo->Buffer) {
+ supHeapFree(dumpInfo->Buffer);
+ supHeapFree(dumpInfo);
+ }
+
+ supResetFastEvent(&DumpDialogInitializedEvent);
+
+ if (DumpDialogThreadHandle) {
+ NtClose(DumpDialogThreadHandle);
+ DumpDialogThreadHandle = NULL;
+ }
+
+ return 0;
+}
+
/*
* DrvDumpDriver
*
@@ -329,31 +571,36 @@ VOID DrvListViewProperties(
*
*/
VOID DrvDumpDriver(
- _In_ EXTRASCONTEXT* Context
+ _In_ EXTRASCONTEXT* Context,
+ _In_ BOOL FixSections
)
{
- BOOL bSuccess = FALSE;
- INT iPos;
- ULONG ImageSize;
- SIZE_T sz;
- LPWSTR lpDriverName = NULL;
- PVOID DumpedDrv = NULL;
- ULONG_PTR ImageBase = 0;
- WCHAR szBuffer[MAX_PATH * 2], szDriverDumpInfo[MAX_TEXT_CONVERSION_ULONG64 + 1];
+ INT nSelected;
+ SIZE_T sz;
+ LPWSTR lpDriverName = NULL;
+ WCHAR szBuffer[MAX_PATH * 2], szDriverDumpInfo[MAX_TEXT_CONVERSION_ULONG64];
+ OBEX_DRVDUMP* DumpInfo;
+ ULONG_PTR dumpAddress;
+ ULONG dumpSize;
+
+ if (DumpDialogThreadHandle) {
+ return;
+ }
do {
+
//
// Remember selected index.
//
- iPos = ListView_GetNextItem(Context->ListView, -1, LVNI_SELECTED);
- if (iPos < 0)
+ nSelected = ListView_GetNextItem(Context->ListView, -1, LVNI_SELECTED);
+ if (nSelected < 0)
break;
//
// Query selected driver name.
//
sz = 0;
- lpDriverName = supGetItemText(Context->ListView, iPos, 1, &sz);
+ lpDriverName = supGetItemText(Context->ListView, nSelected, 1, &sz);
if (lpDriverName == NULL)
break;
@@ -372,13 +619,13 @@ VOID DrvDumpDriver(
RtlSecureZeroMemory(szDriverDumpInfo, sizeof(szDriverDumpInfo));
supGetItemText2(
Context->ListView,
- iPos,
+ nSelected,
COLUMN_DRVLIST_DRIVER_ADDRESS,
szDriverDumpInfo,
MAX_TEXT_CONVERSION_ULONG64);
- ImageBase = hextou64(&szDriverDumpInfo[2]);
- if (ImageBase < g_kdctx.SystemRangeStart)
+ dumpAddress = hextou64(&szDriverDumpInfo[2]);
+ if (dumpAddress < g_kdctx.SystemRangeStart)
break;
//
@@ -387,46 +634,33 @@ VOID DrvDumpDriver(
RtlSecureZeroMemory(szDriverDumpInfo, sizeof(szDriverDumpInfo));
supGetItemText2(
Context->ListView,
- iPos,
+ nSelected,
COLUMN_DRVLIST_SIZE,
szDriverDumpInfo,
MAX_TEXT_CONVERSION_ULONG64);
- ImageSize = _strtoul(szDriverDumpInfo);
- if (ImageSize == 0)
+ dumpSize = _strtoul(szDriverDumpInfo);
+ if (dumpSize == 0)
break;
- //
- // Allocate buffer for dump and read kernel memory.
- //
- DumpedDrv = supVirtualAlloc((SIZE_T)ImageSize);
- if (DumpedDrv) {
-
- supSetWaitCursor(TRUE);
-
- //
- // Ignore read errors during dump.
- //
- bSuccess = kdReadSystemMemory(ImageBase, DumpedDrv, ImageSize);
- supSetWaitCursor(FALSE);
-
- if (supWriteBufferToFile(szBuffer, DumpedDrv, ImageSize, FALSE, FALSE) == ImageSize)
- _strcpy(szBuffer, TEXT("Driver saved to disk"));
- else
- _strcpy(szBuffer, TEXT("Driver save to disk error"));
-
- //
- // Free allocated buffer.
- //
- supVirtualFree(DumpedDrv);
-
- _strcat(szBuffer, TEXT(", kernel memory read was "));
- if (bSuccess)
- _strcat(szBuffer, TEXT("successful"));
- else
- _strcat(szBuffer, TEXT("partially successful"));
+ DumpInfo = (OBEX_DRVDUMP*)supHeapAlloc(sizeof(OBEX_DRVDUMP));
+ if (DumpInfo == NULL)
+ break;
- supStatusBarSetText(Context->StatusBar, 1, (LPWSTR)&szBuffer);
+ DumpInfo->Buffer = supHeapAlloc(dumpSize);
+ if (DumpInfo->Buffer == NULL) {
+ supHeapFree(DumpInfo);
+ break;
+ }
+ DumpInfo->FixSections = FixSections;
+ _strcpy(DumpInfo->FileName, szBuffer);
+ DumpInfo->DumpAddress = dumpAddress;
+ DumpInfo->DumpSize = dumpSize;
+ DumpInfo->ParentWindow = Context->hwndDlg;
+
+ DumpDialogThreadHandle = supCreateThread(DumpDialogWorkerThread, (PVOID)DumpInfo, 0);
+ if (DumpDialogThreadHandle) {
+ supWaitForFastEvent(&DumpDialogInitializedEvent, NULL);
}
} while (FALSE);
@@ -591,8 +825,8 @@ VOID DrvListUnloadedDrivers(
_In_ BOOLEAN bRefresh
)
{
- HWND hwndList = Context->ListView;
- WCHAR szBuffer[100];
+ HWND hwndList = Context->ListView;
+ WCHAR szBuffer[100];
if (bRefresh) {
ListView_DeleteAllItems(hwndList);
@@ -631,14 +865,14 @@ VOID DrvListDrivers(
_In_ BOOLEAN bRefresh
)
{
- INT lvItemIndex;
- ULONG i;
+ INT lvItemIndex;
+ ULONG i;
- PCHAR lpDriverName;
- HWND hwndList = Context->ListView;
+ PCHAR lpDriverName;
+ HWND hwndList = Context->ListView;
LVITEM lvitem;
- WCHAR szBuffer[MAX_PATH + 1];
+ WCHAR szBuffer[MAX_PATH + 1];
RTL_PROCESS_MODULES* pModulesList = NULL;
PRTL_PROCESS_MODULE_INFORMATION pModule;
@@ -778,7 +1012,6 @@ BOOL CALLBACK DrvDlgHandleNotify(
_In_ EXTRASCONTEXT* Context
)
{
- BOOL bHandled = TRUE;
INT nImageIndex;
@@ -828,11 +1061,10 @@ BOOL CALLBACK DrvDlgHandleNotify(
break;
default:
- bHandled = FALSE;
- break;
+ return FALSE;
}
- return bHandled;
+ return TRUE;
}
/*
@@ -872,7 +1104,10 @@ VOID DrvDlgHandleWMCommand(
break;
case ID_DRVLIST_DUMP:
- DrvDumpDriver(pDlgContext);
+ DrvDumpDriver(pDlgContext, FALSE);
+ break;
+ case ID_DRVLIST_DUMPFIXED:
+ DrvDumpDriver(pDlgContext, TRUE);
break;
case ID_JUMPTOFILE:
@@ -972,7 +1207,7 @@ VOID DrvDlgOnInit(
};
SetProp(hwndDlg, T_DLGCONTEXT, (HANDLE)lParam);
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
pDlgContext->hwndDlg = hwndDlg;
pDlgContext->lvColumnHit = -1;
@@ -1127,6 +1362,10 @@ INT_PTR CALLBACK DrvDlgProc(
}
}
+ if (DumpWorkerWindow) {
+ SendMessage(DumpWorkerWindow, WM_CLOSE, 0, 0);
+ DumpWorkerWindow = NULL;
+ }
DestroyWindow(hwndDlg);
break;
diff --git a/Source/WinObjEx64/extras/extrasDrivers.h b/Source/WinObjEx64/extras/extrasDrivers.h
deleted file mode 100644
index 8cdbf4e9..00000000
--- a/Source/WinObjEx64/extras/extrasDrivers.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2016 - 2022
-*
-* TITLE: EXTRASDRIVERS.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Common header file for Drivers dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID extrasCreateDriversDialog(
- _In_ DRIVERS_DLG_MODE Mode);
diff --git a/Source/WinObjEx64/extras/extrasSSDT.h b/Source/WinObjEx64/extras/extrasHandlers.h
similarity index 50%
rename from Source/WinObjEx64/extras/extrasSSDT.h
rename to Source/WinObjEx64/extras/extrasHandlers.h
index 449dd499..0d8b2491 100644
--- a/Source/WinObjEx64/extras/extrasSSDT.h
+++ b/Source/WinObjEx64/extras/extrasHandlers.h
@@ -2,13 +2,13 @@
*
* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
-* TITLE: EXTRASSSDT.H
+* TITLE: EXTRAS.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
-* Common header file for Service Table dialog.
+* Common header file for Extras dialogs handlers.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,7 +16,32 @@
* PARTICULAR PURPOSE.
*
*******************************************************************************/
+
#pragma once
+VOID extrasCreateCallbacksDialog(
+ VOID);
+
+VOID extrasCreateCmOptDialog(
+ VOID);
+
+VOID extrasCreateDriversDialog(
+ _In_ DRIVERS_DLG_MODE Mode);
+
+VOID extrasCreateIpcDialog(
+ _In_ IPC_DLG_MODE Mode);
+
+VOID extrasCreatePNDialog(
+ VOID);
+
+VOID extrasCreatePsListDialog(
+ VOID);
+
+VOID extrasCreateSLCacheDialog(
+ VOID);
+
VOID extrasCreateSSDTDialog(
_In_ SSDT_DLG_MODE Mode);
+
+VOID extrasCreateUsdDialog(
+ VOID);
diff --git a/Source/WinObjEx64/extras/extrasIPC.c b/Source/WinObjEx64/extras/extrasIPC.c
index ec515ce1..3cd5e9ec 100644
--- a/Source/WinObjEx64/extras/extrasIPC.c
+++ b/Source/WinObjEx64/extras/extrasIPC.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASIPC.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* IPC supported: Pipes, Mailslots
*
@@ -18,9 +18,8 @@
*******************************************************************************/
#include "global.h"
#include "extras.h"
-#include "extrasIPC.h"
#include "propDlg.h"
-#include "propSecurity.h"
+#include "props.h"
//mailslot root
#define DEVICE_MAILSLOT L"\\Device\\Mailslot\\"
@@ -94,10 +93,6 @@ LPWSTR IpcCreateObjectPathWithName(
LPWSTR lpFullName = NULL, lpRootDirectory = NULL;
SIZE_T sz;
- if (lpObjectName == NULL) {
- return NULL;
- }
-
sz = (1 + _strlen(lpObjectName)) * sizeof(WCHAR);
switch (Mode) {
@@ -109,9 +104,8 @@ LPWSTR IpcCreateObjectPathWithName(
sz += DEVICE_MAILSLOT_LENGTH;
lpRootDirectory = DEVICE_MAILSLOT;
break;
- default:
- break;
}
+
if (lpRootDirectory) {
lpFullName = (LPWSTR)supHeapAlloc(sz);
if (lpFullName == NULL) {
@@ -120,6 +114,7 @@ LPWSTR IpcCreateObjectPathWithName(
_strcpy(lpFullName, lpRootDirectory);
_strcat(lpFullName, lpObjectName);
}
+
return lpFullName;
}
@@ -132,30 +127,21 @@ LPWSTR IpcCreateObjectPathWithName(
*
*/
BOOL CALLBACK IpcOpenObjectMethod(
- _In_ PROP_OBJECT_INFO* Context,
- _Inout_ PHANDLE phObject,
- _In_ ACCESS_MASK DesiredAccess
+ _In_ PROP_OBJECT_INFO* Context,
+ _Inout_ PHANDLE phObject,
+ _In_ ACCESS_MASK DesiredAccess
)
{
BOOL bResult = FALSE;
HANDLE hObject;
NTSTATUS status;
OBJECT_ATTRIBUTES obja;
- UNICODE_STRING uStr;
IO_STATUS_BLOCK iost;
- if (
- (Context == NULL) ||
- (phObject == NULL)
- )
- {
- return bResult;
- }
*phObject = NULL;
- RtlInitUnicodeString(&uStr, Context->lpCurrentObjectPath);
- InitializeObjectAttributes(&obja, &uStr, OBJ_CASE_INSENSITIVE, NULL, NULL);
hObject = NULL;
+ InitializeObjectAttributes(&obja, &Context->NtObjectPath, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenFile(&hObject, DesiredAccess, &obja, &iost,
FILE_SHARE_VALID_FLAGS, FILE_NON_DIRECTORY_FILE);
@@ -168,37 +154,6 @@ BOOL CALLBACK IpcOpenObjectMethod(
return bResult;
}
-/*
-* IpcVerifyContextParameter
-*
-* Purpose:
-*
-* Sanity check of PROP_OBJECT_INFO context.
-*
-*/
-BOOLEAN IpcVerifyContextParameter(
- _In_ PROP_OBJECT_INFO* Context,
- _In_ HWND hwndDlg,
- _In_ IPC_DLG_MODE DialogMode)
-{
- if (Context == NULL) {
- SetLastError(ERROR_NOT_ENOUGH_MEMORY);
- IpcDisplayError(hwndDlg, DialogMode);
- return FALSE;
- }
- if (
- (Context->lpObjectName == NULL) ||
- (Context->lpCurrentObjectPath == NULL)
- )
- {
- SetLastError(ERROR_OBJECT_NOT_FOUND);
- IpcDisplayError(hwndDlg, DialogMode);
- return FALSE;
- }
-
- return TRUE;
-}
-
/*
* IpcMailslotQueryInfo
*
@@ -219,12 +174,6 @@ VOID IpcMailslotQueryInfo(
FILE_MAILSLOT_QUERY_INFORMATION fmqi;
- //
- // Verify context.
- //
- if (!IpcVerifyContextParameter(Context, hwndDlg, IpcModeMailSlots))
- return;
-
hMailslot = NULL;
if (!IpcOpenObjectMethod(Context, &hMailslot, GENERIC_READ)) {
//on error display last win32 error
@@ -232,7 +181,10 @@ VOID IpcMailslotQueryInfo(
return;
}
- SetDlgItemText(hwndDlg, ID_MAILSLOT_FULLPATH, Context->lpCurrentObjectPath);
+ supDisplayCurrentObjectPath(
+ GetDlgItem(hwndDlg, ID_MAILSLOT_FULLPATH),
+ &Context->NtObjectPath,
+ FALSE);
RtlSecureZeroMemory(&fmqi, sizeof(fmqi));
status = NtQueryInformationFile(hMailslot, &iost, &fmqi, sizeof(fmqi), FileMailslotQueryInformation);
@@ -281,17 +233,13 @@ VOID IpcPipeQueryInfo(
LPWSTR lpType;
HANDLE hPipe;
NTSTATUS status;
- WCHAR szBuffer[MAX_PATH];
+ WCHAR szBuffer[64];
IO_STATUS_BLOCK iost;
FILE_PIPE_LOCAL_INFORMATION fpli;
- //
- // Verify context.
- //
- if (!IpcVerifyContextParameter(Context, hwndDlg, IpcModeNamedPipes))
- return;
-
- SetDlgItemText(hwndDlg, ID_PIPE_FULLPATH, Context->lpCurrentObjectPath);
+ supDisplayCurrentObjectPath(GetDlgItem(hwndDlg, ID_PIPE_FULLPATH),
+ &Context->NtObjectPath,
+ FALSE);
//open pipe
hPipe = NULL;
@@ -401,7 +349,7 @@ INT_PTR CALLBACK IpcTypeDialogProc(
SetProp(hwndDlg, T_PROPCONTEXT, (HANDLE)pSheet->lParam);
Context = (PROP_OBJECT_INFO*)pSheet->lParam;
if (Context) {
- pDlgContext = (EXTRASCONTEXT*)Context->Tag;
+ pDlgContext = (EXTRASCONTEXT*)Context->ExtrasContext;
if (pDlgContext) {
hIcon = ImageList_GetIcon(pDlgContext->ImageList,
@@ -425,7 +373,7 @@ INT_PTR CALLBACK IpcTypeDialogProc(
if (wParam) {
Context = (PROP_OBJECT_INFO*)GetProp(hwndDlg, T_PROPCONTEXT);
if (Context) {
- pDlgContext = (EXTRASCONTEXT*)Context->Tag;
+ pDlgContext = (EXTRASCONTEXT*)Context->ExtrasContext;
if (pDlgContext) {
switch (pDlgContext->DialogMode) {
case IpcModeMailSlots:
@@ -434,8 +382,6 @@ INT_PTR CALLBACK IpcTypeDialogProc(
case IpcModeNamedPipes:
IpcPipeQueryInfo(Context, hwndDlg);
break;
- default:
- break;
}
}
}
@@ -446,7 +392,7 @@ INT_PTR CALLBACK IpcTypeDialogProc(
case WM_DESTROY:
Context = (PROP_OBJECT_INFO*)RemoveProp(hwndDlg, T_PROPCONTEXT);
if (Context) {
- pDlgContext = (EXTRASCONTEXT*)Context->Tag;
+ pDlgContext = (EXTRASCONTEXT*)Context->ExtrasContext;
if (pDlgContext) {
DestroyIcon(pDlgContext->ObjectIcon);
pDlgContext->ObjectIcon = NULL;
@@ -472,21 +418,35 @@ VOID IpcDlgShowProperties(
_In_ EXTRASCONTEXT* pDlgContext
)
{
- INT nPages = 0;
+ INT nPages = 0;
PROP_OBJECT_INFO* Context;
- HPROPSHEETPAGE SecurityPage = NULL;
- PROPSHEETPAGE Page;
- PROPSHEETHEADER PropHeader;
- WCHAR szCaption[MAX_PATH];
+ HPROPSHEETPAGE SecurityPage = NULL;
+ PROPSHEETPAGE Page;
+ PROPSHEETHEADER PropHeader;
+ WCHAR szCaption[MAX_PATH];
+ PROP_CONFIG propConfig;
+
+ LPWSTR objectName, objectPathCombined;
+ UNICODE_STRING objectPathNt;
+
+ RtlSecureZeroMemory(&propConfig, sizeof(propConfig));
+ propConfig.ContextType = propNormal;
+ propConfig.ObjectTypeIndex = ObjectTypeFile;
- Context = propContextCreate(NULL, OBTYPE_NAME_FILE, NULL, NULL);
+ objectName = supGetItemText(pDlgContext->ListView, iItem, 0, NULL);
+ objectPathCombined = IpcCreateObjectPathWithName(objectName,
+ (IPC_DLG_MODE)pDlgContext->DialogMode);
+
+ RtlInitUnicodeString(&objectPathNt, objectPathCombined);
+ propConfig.NtObjectPath = &objectPathNt;
+
+ Context = propContextCreate(&propConfig);
if (Context == NULL)
return;
- Context->lpObjectName = supGetItemText(pDlgContext->ListView, iItem, 0, NULL);
- Context->lpCurrentObjectPath = IpcCreateObjectPathWithName(Context->lpObjectName,
- (IPC_DLG_MODE)pDlgContext->DialogMode);
- Context->Tag = (ULONG_PTR)pDlgContext;
+ Context->ExtrasContext = (PVOID)pDlgContext;
+
+ supHeapFree(objectName);
RtlSecureZeroMemory(&IpcPages, sizeof(IpcPages));
//
@@ -826,7 +786,7 @@ VOID IpcDlgOnInit(
EXTRASCONTEXT* pDlgContext = (EXTRASCONTEXT*)lParam;
SetProp(hwndDlg, T_IPCDLGCONTEXT, (HANDLE)lParam);
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
pDlgContext->lvColumnHit = -1;
pDlgContext->lvItemHit = -1;
diff --git a/Source/WinObjEx64/extras/extrasIPC.h b/Source/WinObjEx64/extras/extrasIPC.h
deleted file mode 100644
index 8953b45f..00000000
--- a/Source/WinObjEx64/extras/extrasIPC.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2017 - 2022
-*
-* TITLE: EXTRASIPC.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Common header file for InterProcess Communication mechanisms dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID extrasCreateIpcDialog(
- _In_ IPC_DLG_MODE Mode);
diff --git a/Source/WinObjEx64/extras/extrasPN.c b/Source/WinObjEx64/extras/extrasPN.c
index 1f4112cd..c2387770 100644
--- a/Source/WinObjEx64/extras/extrasPN.c
+++ b/Source/WinObjEx64/extras/extrasPN.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASPN.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 05 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,7 +16,6 @@
*******************************************************************************/
#include "global.h"
#include "extras.h"
-#include "extrasPN.h"
#include "propDlg.h"
EXTRASCONTEXT PnDlgContext;
@@ -47,7 +46,7 @@ static FAST_EVENT PnDlgInitializedEvent = FAST_EVENT_INIT;
VOID PNDlgResetOutput()
{
SetDlgItemText(PnDlgContext.hwndDlg, ID_NAMESPACE_ROOT, T_EmptyString);
- SetDlgItemText(PnDlgContext.hwndDlg, ID_OBJECT_ADDR, T_EmptyString);
+ SetDlgItemText(PnDlgContext.hwndDlg, ID_NAMESPACE_ADDR, T_EmptyString);
SetDlgItemText(PnDlgContext.hwndDlg, ID_SIZEOFBOUNDARYINFO, T_EmptyString);
SetDlgItemText(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_ADDRESS, T_EmptyString);
SetDlgItemText(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_NAME, T_EmptyString);
@@ -70,17 +69,15 @@ VOID PNDlgShowObjectProperties(
_In_ INT iItem
)
{
- LPWSTR lpType, lpName;
- POBJREF objRef = NULL;
-
- OBJREFPNS pnsInfo;
+ POBJREF objRef = NULL;
+ OBJREFPNS pnsInfo;
PROP_NAMESPACE_INFO propNamespace;
- PROP_DIALOG_CREATE_SETTINGS propSettings;
+ PROP_CONFIG propConfig;
//
// Only one namespace object properties dialog at the same time allowed.
//
- ENSURE_DIALOG_UNIQUE(g_NamespacePropWindow);
+ supCloseKnownPropertiesDialog(propGetNamespaceWindow());
//
// Get ref to object, failure here is critical.
@@ -88,7 +85,7 @@ VOID PNDlgShowObjectProperties(
if (!supGetListViewItemParam(PnDlgContext.ListView, iItem, (PVOID*)&objRef))
return;
- RtlCopyMemory(&pnsInfo, &objRef->PrivateNamespace, sizeof(OBJREFPNS));
+ pnsInfo = objRef->PrivateNamespace;
RtlSecureZeroMemory(&propNamespace, sizeof(propNamespace));
propNamespace.ObjectAddress = objRef->ObjectAddress;
@@ -103,23 +100,14 @@ VOID PNDlgShowObjectProperties(
return;
}
- lpName = supGetItemText(PnDlgContext.ListView, iItem, 0, NULL);
- if (lpName) {
- lpType = supGetItemText(PnDlgContext.ListView, iItem, 1, NULL);
- if (lpType) {
-
- RtlSecureZeroMemory(&propSettings, sizeof(propSettings));
-
- propSettings.lpObjectName = lpName;
- propSettings.lpObjectType = lpType;
- propSettings.NamespaceObject = &propNamespace;
-
- propCreateDialog(&propSettings);
+ RtlSecureZeroMemory(&propConfig, sizeof(propConfig));
- supHeapFree(lpType);
- }
- supHeapFree(lpName);
- }
+ propConfig.ContextType = propPrivateNamespace;
+ propConfig.NtObjectName = &objRef->Name;
+ propConfig.ObjectTypeIndex = objRef->ObjectTypeIndex;
+ propConfig.u1.NamespaceObject = &propNamespace;
+ propConfig.hwndParent = PnDlgContext.hwndDlg;
+ propCreateDialog(&propConfig);
//
// propNamespace.BoundaryDescriptor will be freed by propDestroyContext.
@@ -171,31 +159,42 @@ BOOL CALLBACK PNDlgEnumerateCallback(
_In_opt_ PVOID Context
)
{
- INT lvItemIndex;
- UINT ConvertedTypeIndex;
- LPCWSTR TypeName;
+ BOOL bNeedFree;
+ INT lvItemIndex;
+ WOBJ_OBJECT_TYPE objectTypeIndex;
- LVITEM lvItem;
- WCHAR szBuffer[MAX_PATH + 1];
+ LVITEM lvItem;
+ WCHAR szBuffer[MAX_PATH + 1];
+
+ UNICODE_STRING objectName;
+ WOBJ_TYPE_DESC* typeDesc;
UNREFERENCED_PARAMETER(Context);
- ConvertedTypeIndex = supGetObjectNameIndexByTypeIndex((PVOID)Entry->ObjectAddress, Entry->TypeIndex);
- TypeName = ObManagerGetNameByIndex(ConvertedTypeIndex);
+ bNeedFree = supNormalizeUnicodeStringForDisplay(PNSObjectsHeap,
+ &Entry->Name,
+ &objectName);
+
+ if (!bNeedFree)
+ objectName = Entry->Name;
+
+ objectTypeIndex = supGetObjectNameIndexByTypeIndex((PVOID)Entry->ObjectAddress, Entry->TypeIndex);
+ typeDesc = ObManagerGetEntryByTypeIndex(objectTypeIndex);
+ Entry->ObjectTypeIndex = objectTypeIndex;
//Name
RtlSecureZeroMemory(&lvItem, sizeof(lvItem));
lvItem.mask = LVIF_TEXT | LVIF_IMAGE | LVIF_PARAM;
lvItem.iItem = MAXINT;
- lvItem.iImage = ObManagerGetImageIndexByTypeIndex(ConvertedTypeIndex);
- lvItem.pszText = Entry->ObjectName;
+ lvItem.iImage = typeDesc->ImageIndex;
+ lvItem.pszText = objectName.Buffer;
lvItem.lParam = (LPARAM)Entry;
lvItemIndex = ListView_InsertItem(PnDlgContext.ListView, &lvItem);
//Type
lvItem.mask = LVIF_TEXT;
lvItem.iSubItem = 1;
- lvItem.pszText = (LPWSTR)TypeName;
+ lvItem.pszText = typeDesc->Name;
lvItem.iItem = lvItemIndex;
ListView_SetItem(PnDlgContext.ListView, &lvItem);
@@ -211,6 +210,12 @@ BOOL CALLBACK PNDlgEnumerateCallback(
PNSNumberOfObjects += 1;
+ if (bNeedFree) {
+ supFreeDuplicatedUnicodeString(PNSObjectsHeap,
+ &objectName,
+ FALSE);
+ }
+
return FALSE;
}
@@ -423,8 +428,6 @@ BOOL CALLBACK PNDlgBoundaryDescriptorCallback(
SetDlgItemText(hwndDlg, ID_INTEGRITYLABEL, szBuffer);
break;
- default:
- break;
}
return FALSE;
}
@@ -460,7 +463,7 @@ VOID PNDlgShowNamespaceInfo(
if (!supGetListViewItemParam(PnDlgContext.ListView, iItem, (PVOID*)&objRef))
return;
- RtlCopyMemory(&pnsInfo, &objRef->PrivateNamespace, sizeof(OBJREFPNS));
+ pnsInfo = objRef->PrivateNamespace;
//
// Boundary Descriptor Entries.
@@ -488,7 +491,7 @@ VOID PNDlgShowNamespaceInfo(
szBuffer[0] = L'0';
szBuffer[1] = L'x';
u64tohex(pnsInfo.NamespaceLookupEntry, &szBuffer[2]);
- SetDlgItemText(hwndDlg, ID_OBJECT_ADDR, szBuffer);
+ SetDlgItemText(hwndDlg, ID_NAMESPACE_ADDR, szBuffer);
//
// SizeOfBoundaryInformation.
@@ -603,8 +606,6 @@ VOID PNDlgHandleNotify(
PNDlgShowObjectProperties(pListView->iItem);
break;
- default:
- break;
}
}
@@ -647,10 +648,10 @@ VOID PNDialogCreateDataHeap(
)
{
if (bRefresh) {
- if (PNSObjectsHeap) RtlDestroyHeap(PNSObjectsHeap);
+ if (PNSObjectsHeap) supDestroyHeap(PNSObjectsHeap);
}
- PNSObjectsHeap = RtlCreateHeap(HEAP_GROWABLE, NULL, 0, 0, NULL, NULL);
- if (PNSObjectsHeap) RtlSetHeapInformation(PNSObjectsHeap, HeapEnableTerminationOnCorruption, NULL, 0);
+
+ PNSObjectsHeap = supCreateHeap(HEAP_GROWABLE, TRUE);
}
/*
@@ -690,6 +691,8 @@ VOID PNDialogShowInfo(
SetDlgItemText(PnDlgContext.hwndDlg, ID_PNAMESPACESINFO, T_NAMESPACE_QUERY_FAILED);
}
}
+
+ SetFocus(PnDlgContext.ListView);
}
/*
@@ -750,8 +753,8 @@ VOID PNDialogOnClose(
_In_ HWND hwndDlg
)
{
+ if (PNSObjectsHeap) supDestroyHeap(PNSObjectsHeap);
DestroyWindow(hwndDlg);
- if (PNSObjectsHeap) RtlDestroyHeap(PNSObjectsHeap);
}
/*
@@ -766,7 +769,7 @@ VOID PNDialogOnInit(
_In_ HWND hwndDlg
)
{
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
}
/*
@@ -869,6 +872,28 @@ INT_PTR CALLBACK PNDialogProc(
return FALSE;
}
+/*
+* PNSubDlgMsgHandler
+*
+* Purpose:
+*
+* Check window message against existing properties dialog.
+*
+*/
+BOOL PNSubDlgMsgHandler(
+ _In_ LPMSG lpMsg
+)
+{
+ HWND hwnd;
+
+ hwnd = propGetNamespaceWindow();
+ if (hwnd != NULL)
+ if (PropSheet_IsDialogMessage(hwnd, lpMsg))
+ return TRUE;
+
+ return FALSE;
+}
+
/*
* extrasPNDialogWorkerThread
*
@@ -952,6 +977,9 @@ DWORD extrasPNDialogWorkerThread(
if (bResult == -1)
break;
+ if (PNSubDlgMsgHandler(&message))
+ continue;
+
if (IsDialogMessage(hwndDlg, &message)) {
TranslateAccelerator(hwndDlg, acceleratorTable, &message);
}
diff --git a/Source/WinObjEx64/extras/extrasPN.h b/Source/WinObjEx64/extras/extrasPN.h
deleted file mode 100644
index 0c3d9808..00000000
--- a/Source/WinObjEx64/extras/extrasPN.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2022
-*
-* TITLE: EXTRASPN.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Common header file for Extras Private Namespaces dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID extrasCreatePNDialog(
- VOID);
diff --git a/Source/WinObjEx64/extras/extrasPSList.c b/Source/WinObjEx64/extras/extrasPSList.c
index 763cdcbe..c53912d8 100644
--- a/Source/WinObjEx64/extras/extrasPSList.c
+++ b/Source/WinObjEx64/extras/extrasPSList.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASPSLIST.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 06 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -18,9 +18,28 @@
#include "global.h"
#include "propDlg.h"
#include "extras.h"
-#include "extrasPSList.h"
#include "treelist/treelist.h"
-#include "resource.h"
+
+#define PS_COLOR_CURRENT_USER 0xffd0d0
+#define PS_COLOR_SERVICE 0xd0d0ff
+#define PS_COLOR_IMMERSIVE 0xeaea00
+#define PS_COLOR_PROTECTED 0xe6ffe6
+
+#define PSLIST_CELLS_COUNT 3
+
+#define PSLIST_PID_CELL 0
+#define PSLIST_OBJECT_CELL 1
+#define PSLIST_USER_CELL 2
+
+typedef struct _TL_SUBITEMS_PSLIST {
+ ULONG Count;
+ ULONG ColorFlags;
+ COLORREF BgColor;
+ COLORREF FontColor;
+ PVOID UserParam;
+ LPTSTR CustomTooltip;
+ LPTSTR Text[PSLIST_CELLS_COUNT];
+} TL_SUBITEMS_PSLIST, * PTL_SUBITEMS_PSLIST;
#define Y_SPLITTER_SIZE 4
#define Y_SPLITTER_MIN 200
@@ -96,6 +115,89 @@ static LPWSTR T_WAITREASON[] = {
L"WrPhysicalFault"
};
+typedef struct _LEGEND_MAP {
+ UINT Control;
+ UINT Color;
+} LEGEND_MAP, * PLEGEND_MAP;
+
+LEGEND_MAP LegendControls[] = {
+ { IDC_PCTL_USERPROCESS, PS_COLOR_CURRENT_USER },
+ { IDC_PCTL_SERVICE_PROCES, PS_COLOR_SERVICE },
+ { IDC_PCTL_IMMERSIVE_PROCESS, PS_COLOR_IMMERSIVE },
+ { IDC_PCTL_PROTECTED_PROCESS, PS_COLOR_PROTECTED }
+};
+
+INT_PTR CALLBACK PsLegendDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam
+)
+{
+ UINT i;
+ HDC hdc;
+ HWND hwndControl;
+ PAINTSTRUCT paint;
+ RECT rect;
+ HBRUSH hb;
+ UNREFERENCED_PARAMETER(lParam);
+
+ switch (uMsg) {
+
+ case WM_INITDIALOG:
+ supCenterWindow(hwndDlg);
+ return TRUE;
+
+ case WM_COMMAND:
+ if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL) {
+ return EndDialog(hwndDlg, TRUE);
+ }
+ break;
+
+ case WM_CLOSE:
+ EndDialog(hwndDlg, TRUE);
+ return TRUE;
+
+ case WM_PAINT:
+ hdc = BeginPaint(hwndDlg, &paint);
+ if (hdc) {
+
+ for (i = 0; i < RTL_NUMBER_OF(LegendControls); i++) {
+
+ hwndControl = GetDlgItem(hwndDlg, LegendControls[i].Control);
+ if (hwndControl) {
+ RtlSecureZeroMemory(&rect, sizeof(rect));
+ GetClientRect(hwndControl, (LPRECT)&rect);
+ MapWindowPoints(hwndControl, hwndDlg, (LPPOINT)&rect, 2);
+ hb = CreateSolidBrush(LegendControls[i].Color);
+ if (hb) {
+ FillRect(paint.hdc, &rect, hb);
+ DeleteObject(hb);
+ }
+ }
+
+ }
+ EndPaint(hwndDlg, &paint);
+ }
+
+ break;
+ }
+
+ return 0;
+}
+
+VOID PsShowLegendDialog(
+ _In_ HWND hwndParent
+)
+{
+ DialogBoxParam(g_WinObj.hInstance,
+ MAKEINTRESOURCE(IDD_DIALOG_PSLISTLEGEND),
+ hwndParent,
+ PsLegendDialogProc,
+ 0);
+
+}
+
/*
* PsxAllocateUnnamedObjectEntry
*
@@ -116,8 +218,8 @@ PROP_UNNAMED_OBJECT_INFO* PsxAllocateUnnamedObjectEntry(
if (Data == NULL)
return NULL;
- objectEntry = (PROP_UNNAMED_OBJECT_INFO*)RtlAllocateHeap(g_PsListHeap,
- HEAP_ZERO_MEMORY, sizeof(PROP_UNNAMED_OBJECT_INFO));
+ objectEntry = (PROP_UNNAMED_OBJECT_INFO*)supHeapAllocEx(g_PsListHeap,
+ sizeof(PROP_UNNAMED_OBJECT_INFO));
if (objectEntry == NULL)
return NULL;
@@ -129,9 +231,9 @@ PROP_UNNAMED_OBJECT_INFO* PsxAllocateUnnamedObjectEntry(
objectEntry->ClientId.UniqueThread = NULL;
objectEntry->ImageName.MaximumLength = processEntry->ImageName.MaximumLength;
- objectEntry->ImageName.Buffer = (PWSTR)RtlAllocateHeap(g_PsListHeap,
- HEAP_ZERO_MEMORY,
+ objectEntry->ImageName.Buffer = (PWSTR)supHeapAllocEx(g_PsListHeap,
objectEntry->ImageName.MaximumLength);
+
if (objectEntry->ImageName.Buffer) {
RtlCopyUnicodeString(&objectEntry->ImageName, &processEntry->ImageName);
}
@@ -139,11 +241,8 @@ PROP_UNNAMED_OBJECT_INFO* PsxAllocateUnnamedObjectEntry(
else if (ObjectType == ObjectTypeThread)
{
threadEntry = (PSYSTEM_THREAD_INFORMATION)Data;
-
- objectEntry->ClientId.UniqueProcess = threadEntry->ClientId.UniqueProcess;
- objectEntry->ClientId.UniqueThread = threadEntry->ClientId.UniqueThread;
-
- RtlCopyMemory(&objectEntry->ThreadInformation, Data, sizeof(SYSTEM_THREAD_INFORMATION));
+ objectEntry->ClientId = threadEntry->ClientId;
+ objectEntry->ThreadInformation = *threadEntry;
}
return objectEntry;
}
@@ -329,7 +428,7 @@ PROP_UNNAMED_OBJECT_INFO* PsListGetObjectEntry(
{
INT nSelected;
TVITEMEX itemex;
- TL_SUBITEMS_FIXED* subitems = NULL;
+ TL_SUBITEMS_PSLIST* subitems = NULL;
PROP_UNNAMED_OBJECT_INFO* ObjectEntry = NULL;
if (bTreeList) {
@@ -370,20 +469,24 @@ VOID PsListHandleObjectProp(
{
SIZE_T sz;
LPWSTR lpName;
+ HWND hwndParent;
HANDLE UniqueProcessId = NULL, ObjectHandle = NULL;
PUNICODE_STRING ImageName = NULL;
PROP_UNNAMED_OBJECT_INFO* tempEntry;
- PROP_DIALOG_CREATE_SETTINGS propSettings;
+ PROP_CONFIG propConfig;
+ UNICODE_STRING usObjectName;
- //
- // Only one process/thread properties dialog at the same time allowed.
- //
- ENSURE_DIALOG_UNIQUE(g_PsPropWindow);
if (bProcessList) {
+ //
+ // Only one process/thread properties dialog at the same time allowed.
+ //
+ supCloseKnownPropertiesDialog(propGetProcessesWindow());
+ hwndParent = PsDlgContext.TreeList;
+
UniqueProcessId = ObjectEntry->ClientId.UniqueProcess;
if (NT_SUCCESS(supOpenProcess(
UniqueProcessId,
@@ -397,6 +500,11 @@ VOID PsListHandleObjectProp(
ImageName = &ObjectEntry->ImageName;
}
else {
+ //
+ // Only one process/thread properties dialog at the same time allowed.
+ //
+ supCloseKnownPropertiesDialog(propGetThreadsWindow());
+ hwndParent = PsDlgContext.ListView;
tempEntry = PsListGetObjectEntry(TRUE, NULL);
if (tempEntry) {
@@ -447,13 +555,14 @@ VOID PsListHandleObjectProp(
ultostr(HandleToULong(ObjectEntry->ClientId.UniqueThread), _strend(lpName));
}
- RtlSecureZeroMemory(&propSettings, sizeof(propSettings));
-
- propSettings.lpObjectName = lpName;
- propSettings.lpObjectType = (bProcessList) ? OBTYPE_NAME_PROCESS : OBTYPE_NAME_THREAD;
- propSettings.UnnamedObject = ObjectEntry;
-
- propCreateDialog(&propSettings);
+ RtlSecureZeroMemory(&propConfig, sizeof(propConfig));
+ RtlInitUnicodeString(&usObjectName, lpName);
+ propConfig.NtObjectName = &usObjectName;
+ propConfig.ObjectTypeIndex = (bProcessList) ? ObjectTypeProcess : ObjectTypeThread;
+ propConfig.ContextType = propUnnamed;
+ propConfig.u1.UnnamedObject = ObjectEntry;
+ propConfig.hwndParent = hwndParent;
+ propCreateDialog(&propConfig);
supHeapFree(lpName);
}
@@ -508,12 +617,12 @@ HTREEITEM AddProcessEntryTreeList(
PSID processSid = NULL;
HANDLE uniqueProcessId;
PROP_UNNAMED_OBJECT_INFO* objectEntry;
- TL_SUBITEMS_FIXED subitems;
+ TL_SUBITEMS_PSLIST subitems;
ULONG cbCaption;
- PWSTR lpCaption = NULL, lpEnd, lpUserName = NULL;
+ PWSTR lpCaption = NULL, lpValue, lpUserName = NULL;
BOOL bIsProtected = FALSE;
- WCHAR szEPROCESS[32];
+ WCHAR szEPROCESS[32], szPid[32];
objectEntry = PsxAllocateUnnamedObjectEntry(Data, ObjectTypeProcess);
if (objectEntry == NULL)
@@ -539,25 +648,27 @@ HTREEITEM AddProcessEntryTreeList(
lpCaption = (PWSTR)supHeapAlloc(cbCaption);
if (lpCaption) {
- lpEnd = _strcat(lpCaption, TEXT("["));
- ultostr(HandleToULong(uniqueProcessId), lpEnd);
- _strcat(lpCaption, TEXT("]"));
-
- _strcat(lpCaption, TEXT(" "));
-
if (uniqueProcessId == 0) {
- _strcat(lpCaption, T_IDLE_PROCESS);
+ lpValue = T_IDLE_PROCESS;
}
else {
if (objectEntry->ImageName.Buffer) {
- _strcat(lpCaption, objectEntry->ImageName.Buffer);
+ lpValue = objectEntry->ImageName.Buffer;
}
else {
- _strcat(lpCaption, T_Unknown);
+ lpValue = T_Unknown;
}
}
+
+ _strcpy(lpCaption, lpValue);
}
+ //
+ // PID
+ //
+ szPid[0] = 0;
+ ultostr(HandleToULong(uniqueProcessId), szPid);
+
//
// EPROCESS value (can be NULL)
//
@@ -569,9 +680,11 @@ HTREEITEM AddProcessEntryTreeList(
}
subitems.UserParam = (PVOID)objectEntry;
- subitems.Count = 2;
- subitems.Text[0] = szEPROCESS;
- subitems.Text[1] = T_EmptyString;
+ subitems.Count = PSLIST_CELLS_COUNT;
+
+ subitems.Text[PSLIST_PID_CELL] = szPid;
+ subitems.Text[PSLIST_OBJECT_CELL] = szEPROCESS;
+ subitems.Text[PSLIST_USER_CELL] = T_EmptyString;
//
// Colors (set order is sensitive).
@@ -590,7 +703,7 @@ HTREEITEM AddProcessEntryTreeList(
((processSid) && supIsLocalServiceSid(processSid)))
{
subitems.ColorFlags = TLF_BGCOLOR_SET;
- subitems.BgColor = 0xd0d0ff;
+ subitems.BgColor = PS_COLOR_SERVICE;
}
}
@@ -601,7 +714,7 @@ HTREEITEM AddProcessEntryTreeList(
if (processSid && OurSid) {
if (RtlEqualSid(OurSid, processSid)) {
subitems.ColorFlags = TLF_BGCOLOR_SET;
- subitems.BgColor = 0xffd0d0;
+ subitems.BgColor = PS_COLOR_CURRENT_USER;
}
}
@@ -613,13 +726,13 @@ HTREEITEM AddProcessEntryTreeList(
if (supIsImmersiveProcess(ProcessHandle)) {
subitems.ColorFlags = TLF_BGCOLOR_SET;
- subitems.BgColor = 0xeaea00;
+ subitems.BgColor = PS_COLOR_IMMERSIVE;
}
if (NT_SUCCESS(supIsProtectedProcess(ProcessHandle, &bIsProtected))) {
if (bIsProtected) {
subitems.ColorFlags = TLF_BGCOLOR_SET;
- subitems.BgColor = 0xe6ffe6;
+ subitems.BgColor = PS_COLOR_PROTECTED;
}
}
@@ -631,7 +744,7 @@ HTREEITEM AddProcessEntryTreeList(
if (processSid && PolicyHandle) {
if (supLookupSidUserAndDomainEx(processSid, PolicyHandle, &lpUserName)) {
- subitems.Text[1] = lpUserName;
+ subitems.Text[PSLIST_USER_CELL] = lpUserName;
}
}
@@ -676,9 +789,9 @@ BOOL CALLBACK FindItemMatchCallback(
_In_ ULONG_PTR UserContext
)
{
- HANDLE ParentProcessId = (HANDLE)UserContext;
- TL_SUBITEMS_FIXED* subitems = NULL;
- TVITEMEX itemex;
+ HANDLE ParentProcessId = (HANDLE)UserContext;
+ TL_SUBITEMS_PSLIST* subitems = NULL;
+ TVITEMEX itemex;
PROP_UNNAMED_OBJECT_INFO* Entry;
@@ -793,9 +906,7 @@ LPWSTR PsListGetThreadStateAsString(
case StateTransition:
lpState = TEXT("Transition");
break;
- case StateUnknown:
- default:
- break;
+
}
_strcpy(StateBuffer, lpState);
@@ -1104,8 +1215,8 @@ DWORD WINAPI CreateProcessListProc(
ListView_DeleteAllItems(PsDlgContext.ListView);
if (bRefresh) {
- RtlDestroyHeap(g_PsListHeap);
- g_PsListHeap = RtlCreateHeap(HEAP_GROWABLE, NULL, 0, 0, NULL, NULL);
+ supDestroyHeap(g_PsListHeap);
+ g_PsListHeap = supCreateHeap(HEAP_GROWABLE, TRUE);
if (g_PsListHeap == NULL) {
lpErrorMsg = TEXT("Could not allocate heap for process enumeration!");
supStatusBarSetText(PsDlgContext.StatusBar, 2, lpErrorMsg);
@@ -1374,8 +1485,6 @@ INT_PTR PsListHandleNotify(
return 1;
- default:
- break;
}
}
@@ -1400,8 +1509,6 @@ INT_PTR PsListHandleNotify(
}
return 1;
- default:
- break;
}
}
@@ -1447,6 +1554,7 @@ INT_PTR CALLBACK PsListDialogProc(
INT dy;
RECT crc;
INT mark;
+ HMENU hMenu;
HWND TreeListControl, FocusWindow;
if (uMsg == g_WinObj.SettingsChangeMessage) {
@@ -1489,7 +1597,7 @@ INT_PTR CALLBACK PsListDialogProc(
case WM_SHOWWINDOW:
if (wParam == TRUE)
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
break;
case WM_COMMAND:
@@ -1543,8 +1651,10 @@ INT_PTR CALLBACK PsListDialogProc(
}
break;
- default:
+ case ID_VIEW_LEGEND:
+ PsShowLegendDialog(hwndDlg);
break;
+
}
break;
@@ -1602,10 +1712,15 @@ INT_PTR CALLBACK PsListDialogProc(
g_PsListWait = NULL;
}
+ hMenu = GetMenu(hwndDlg);
+ if (hMenu)
+ DestroyMenu(hMenu);
+
DestroyWindow(PsDlgContext.TreeList);
DestroyWindow(hwndDlg);
+
if (g_PsListHeap) {
- RtlDestroyHeap(g_PsListHeap);
+ supDestroyHeap(g_PsListHeap);
g_PsListHeap = NULL;
}
return TRUE;
@@ -1618,6 +1733,38 @@ INT_PTR CALLBACK PsListDialogProc(
return DefDlgProc(hwndDlg, uMsg, wParam, lParam);
}
+/*
+* PsSubDlgMsgHandler
+*
+* Purpose:
+*
+* Check window message against existing dialogs.
+*
+*/
+BOOL PsSubDlgMsgHandler(
+ _In_ LPMSG lpMsg
+)
+{
+ HWND hwnd;
+
+ hwnd = propGetTokenWindow();
+ if (hwnd != NULL)
+ if (PropSheet_IsDialogMessage(hwnd, lpMsg))
+ return TRUE;
+
+ hwnd = propGetProcessesWindow();
+ if (hwnd != NULL)
+ if (PropSheet_IsDialogMessage(hwnd, lpMsg))
+ return TRUE;
+
+ hwnd = propGetThreadsWindow();
+ if (hwnd != NULL)
+ if (PropSheet_IsDialogMessage(hwnd, lpMsg))
+ return TRUE;
+
+ return FALSE;
+}
+
/*
* extrasPsListDialogWorkerThread
*
@@ -1634,6 +1781,7 @@ DWORD extrasPsListDialogWorkerThread(
HDITEM hdritem;
WNDCLASSEX wincls;
+ HMENU hMenu;
HWND hwndDlg;
BOOL bResult;
MSG message;
@@ -1678,6 +1826,9 @@ DWORD extrasPsListDialogWorkerThread(
if (hwndDlg) {
+ hMenu = LoadMenu(g_WinObj.hInstance, MAKEINTRESOURCE(IDR_PSLISTMENU));
+ if (hMenu) SetMenu(hwndDlg, hMenu);
+
PsDlgContext.hwndDlg = hwndDlg;
if (g_kdctx.IsFullAdmin == FALSE) {
@@ -1718,13 +1869,17 @@ DWORD extrasPsListDialogWorkerThread(
hdritem.pszText = TEXT("Process");
TreeList_InsertHeaderItem(PsDlgContext.TreeList, 0, &hdritem);
+ hdritem.cxy = 80;
+ hdritem.pszText = TEXT("PID");
+ TreeList_InsertHeaderItem(PsDlgContext.TreeList, 1, &hdritem);
+
hdritem.cxy = 130;
hdritem.pszText = TEXT("Object");
- TreeList_InsertHeaderItem(PsDlgContext.TreeList, 1, &hdritem);
+ TreeList_InsertHeaderItem(PsDlgContext.TreeList, 2, &hdritem);
hdritem.cxy = 180;
hdritem.pszText = TEXT("User");
- TreeList_InsertHeaderItem(PsDlgContext.TreeList, 2, &hdritem);
+ TreeList_InsertHeaderItem(PsDlgContext.TreeList, 3, &hdritem);
wndStyles = GetWindowLongPtr(PsDlgContext.TreeList, GWL_STYLE);
SetWindowLongPtr(PsDlgContext.TreeList, GWL_STYLE, wndStyles | TLSTYLE_LINKLINES);
@@ -1737,7 +1892,7 @@ DWORD extrasPsListDialogWorkerThread(
g_PsListWait = CreateMutex(NULL, FALSE, NULL);
if (g_PsListWait) {
- g_PsListHeap = RtlCreateHeap(HEAP_GROWABLE, NULL, 0, 0, NULL, NULL);
+ g_PsListHeap = supCreateHeap(HEAP_GROWABLE, TRUE);
if (g_PsListHeap) {
CreateObjectList(FALSE, NULL);
}
@@ -1757,6 +1912,9 @@ DWORD extrasPsListDialogWorkerThread(
if (bResult == -1)
break;
+ if (PsSubDlgMsgHandler(&message))
+ continue;
+
if (IsDialogMessage(hwndDlg, &message)) {
TranslateAccelerator(hwndDlg, acceleratorTable, &message);
}
diff --git a/Source/WinObjEx64/extras/extrasPSList.h b/Source/WinObjEx64/extras/extrasPSList.h
deleted file mode 100644
index b40a473d..00000000
--- a/Source/WinObjEx64/extras/extrasPSList.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2019 - 2022
-*
-* TITLE: EXTRASPSLIST.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Common header file for Process List dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID extrasCreatePsListDialog(
- VOID);
diff --git a/Source/WinObjEx64/extras/extrasSL.c b/Source/WinObjEx64/extras/extrasSL.c
index c289fdc8..41b989b4 100644
--- a/Source/WinObjEx64/extras/extrasSL.c
+++ b/Source/WinObjEx64/extras/extrasSL.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASSL.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -117,7 +117,7 @@ LPWSTR xxxSLCacheGetDescriptorDataType(
_In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR* CacheDescriptor
)
{
- LPWSTR DataType;
+ LPWSTR DataType = NULL;
switch (CacheDescriptor->Type) {
case SL_DATA_SZ:
@@ -135,11 +135,8 @@ LPWSTR xxxSLCacheGetDescriptorDataType(
case SL_DATA_SUM:
DataType = TEXT("SL_DATA_SUM");
break;
-
- default:
- DataType = NULL;
- break;
}
+
return DataType;
}
@@ -249,8 +246,6 @@ VOID SLCacheDialogDisplayDescriptorData(
EnableWindow(GetDlgItem(hwndDlg, IDC_SLVALUE_VIEWWITH), TRUE);
break;
- default:
- break;
}
}
@@ -297,7 +292,7 @@ VOID SLCacheDialogViewBinaryData(
TRUE,
FALSE))
{
- supShellExecInExplorerProcess(szFileName);
+ supShellExecInExplorerProcess(szFileName, NULL);
}
}
@@ -555,7 +550,7 @@ VOID SLCacheDialogOnInit(
};
SetProp(hwndDlg, T_DLGCONTEXT, (HANDLE)lParam);
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
pDlgContext->hwndDlg = hwndDlg;
pDlgContext->lvItemHit = -1;
diff --git a/Source/WinObjEx64/extras/extrasSL.h b/Source/WinObjEx64/extras/extrasSL.h
deleted file mode 100644
index eaf41d91..00000000
--- a/Source/WinObjEx64/extras/extrasSL.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2019 - 2022
-*
-* TITLE: EXTRASSL.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Common header file for Software Licensing Cache dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID extrasCreateSLCacheDialog(
- VOID);
diff --git a/Source/WinObjEx64/extras/extrasSSDT.c b/Source/WinObjEx64/extras/extrasSSDT.c
index 759bc7d5..49f111c7 100644
--- a/Source/WinObjEx64/extras/extrasSSDT.c
+++ b/Source/WinObjEx64/extras/extrasSSDT.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASSSDT.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 05 June 2022
+* DATE: 19 June 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -19,8 +19,19 @@
#include "extras.h"
#include "ntos/ntldr.h"
#include "ksymbols.h"
-#include "extrasSSDT.h"
-#include "extrasSSDTsup.h"
+
+typedef struct _SERVICETABLEENTRY {
+ ULONG ServiceId;
+ ULONG_PTR Address;
+ WCHAR Name[MAX_PATH + 1];
+} SERVICETABLEENTRY, * PSERVICETABLEENTRY;
+
+typedef struct _SDT_TABLE {
+ BOOL Allocated;
+ ULONG Limit;
+ ULONG_PTR Base;
+ PSERVICETABLEENTRY Table;
+} SDT_TABLE, * PSDT_TABLE;
//
// UI part
@@ -38,20 +49,54 @@
//
// Globals
//
+#define INVALID_SERVICE_ENTRY_ID 0xFFFFFFFF
+#define WIN32K_START_INDEX 0x1000
+
SDT_TABLE KiServiceTable;
SDT_TABLE W32pServiceTable;
-SYMCONTEXT *W32SymContext;
+SYMCONTEXT* W32SymContext;
+
+//
+// Win32kApiSetTable signatures
+//
+
+//
+// InitializeWin32Call search pattern
+//
+// push rbp
+// push r12
+// push r13
+// push r14
+// push r15
+//
+BYTE g_pbInitializeWin32CallPattern[] = {
+ 0x55, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57
+};
+
+//
+// Win32kApiSetTable adapter patterns
+//
+BYTE Win32kApiSetAdapterPattern1[] = {
+ 0x4C, 0x8B, 0x15
+};
+BYTE Win32kApiSetAdapterPattern2[] = {
+ 0x48, 0x8B, 0x05
+};
+BYTE Win32kApiSetAdapterPattern3[] = {
+ 0x4C, 0x8B, 0x1D // mov r11, value
+};
+
+W32K_API_SET_LOOKUP_PATTERN W32kApiSetAdapters[] = {
+ { sizeof(Win32kApiSetAdapterPattern1), Win32kApiSetAdapterPattern1 },
+ { sizeof(Win32kApiSetAdapterPattern2), Win32kApiSetAdapterPattern2 },
+ { sizeof(Win32kApiSetAdapterPattern3), Win32kApiSetAdapterPattern3 }
+};
static EXTRASCONTEXT SSTDlgContext[SST_Max];
static HANDLE SdtDlgThreadHandles[SST_Max] = { NULL, NULL };
static FAST_EVENT SdtDlgInitializedEvents[SST_Max] = { FAST_EVENT_INIT, FAST_EVENT_INIT };
-VOID SdtListCreate(
- _In_ HWND hwndDlg,
- _In_ BOOL fRescan,
- _In_ EXTRASCONTEXT* pDlgContext);
-
/*
* SdtLoadWin32kImage
*
@@ -131,7 +176,7 @@ ULONG_PTR SdtQueryWin32kApiSetTable(
(PVOID)hModule,
&SectionSize);
- if (SectionBase == 0 || SectionSize < 10)
+ if (SectionBase == 0 || SectionSize == 0)
return 0;
//
@@ -154,7 +199,8 @@ ULONG_PTR SdtQueryWin32kApiSetTable(
if (hs.flags & F_ERROR)
break;
- if (hs.len == IL_Win32kApiSetTable) {
+ // lea reg, Win32kApiSetTable
+ if (hs.len == 7) {
if ((ptrCode[Index] == 0x4C) &&
(ptrCode[Index + 1] == 0x8D))
@@ -182,1742 +228,1740 @@ ULONG_PTR SdtQueryWin32kApiSetTable(
}
/*
-* SdtDlgCompareFunc
+* SdtListOutputTable
*
* Purpose:
*
-* KiServiceTable/W32pServiceTable Dialog listview comparer function.
+* Output dumped and converted syscall table to listview.
*
*/
-INT CALLBACK SdtDlgCompareFunc(
- _In_ LPARAM lParam1,
- _In_ LPARAM lParam2,
- _In_ LPARAM lParamSort //pointer to EXTRASCALLBACK
+VOID SdtListOutputTable(
+ _In_ HWND hwndDlg,
+ _In_ PRTL_PROCESS_MODULES Modules,
+ _In_ PSDT_TABLE SdtTableEntry
)
{
- INT nResult = 0;
-
- EXTRASCONTEXT* pDlgContext;
- EXTRASCALLBACK* CallbackParam = (EXTRASCALLBACK*)lParamSort;
+ INT lvIndex;
+ ULONG i, iImage, moduleIndex = 0;
+ EXTRASCONTEXT* Context = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (CallbackParam == NULL)
- return 0;
+ LVITEM lvItem;
+ WCHAR szBuffer[MAX_PATH + 1];
- pDlgContext = &SSTDlgContext[CallbackParam->Value];
+ LPWSTR lpBaseName, lpBaseLimit;
- switch (pDlgContext->lvColumnToSort) {
- case COLUMN_SDTLIST_INDEX: //index
- return supGetMaxOfTwoULongFromString(
- pDlgContext->ListView,
- lParam1,
- lParam2,
- pDlgContext->lvColumnToSort,
- pDlgContext->bInverseSort);
- case COLUMN_SDTLIST_ADDRESS: //address (hex)
- return supGetMaxOfTwoU64FromHex(
- pDlgContext->ListView,
- lParam1,
- lParam2,
- pDlgContext->lvColumnToSort,
- pDlgContext->bInverseSort);
- case COLUMN_SDTLIST_NAME: //string (fixed size)
- case COLUMN_SDTLIST_MODULE: //string (fixed size)
- return supGetMaxCompareTwoFixedStrings(
- pDlgContext->ListView,
- lParam1,
- lParam2,
- pDlgContext->lvColumnToSort,
- pDlgContext->bInverseSort);
+ if (Context->DialogMode == SST_Ntos) {
+ lpBaseName = L"KiServiceTable";
+ lpBaseLimit = L"KiServiceLimit";
+ }
+ else if (Context->DialogMode == SST_Win32k) {
+ lpBaseName = L"W32pServiceTable";
+ lpBaseLimit = L"W32pServiceLimit";
}
+ else
+ return;
- return nResult;
-}
+ RtlStringCchPrintfSecure(szBuffer,
+ MAX_PATH,
+ TEXT("%ws 0x%p / %ws %lu (0x%lX)"),
+ lpBaseName,
+ (PVOID)SdtTableEntry->Base,
+ lpBaseLimit,
+ SdtTableEntry->Limit,
+ SdtTableEntry->Limit);
-/*
-* SdtHandlePopupMenu
-*
-* Purpose:
-*
-* Table list popup construction.
-*
-*/
-VOID SdtHandlePopupMenu(
- _In_ HWND hwndDlg,
- _In_ LPPOINT lpPoint,
- _In_ PVOID lpUserParam
-)
-{
- HMENU hMenu;
- UINT uPos = 0;
- EXTRASCONTEXT* Context = (EXTRASCONTEXT*)lpUserParam;
+ supStatusBarSetText(Context->StatusBar, 0, (LPWSTR)&szBuffer);
- hMenu = CreatePopupMenu();
- if (hMenu) {
+ iImage = ObManagerGetImageIndexByTypeIndex(ObjectTypeDevice);
- if (supListViewAddCopyValueItem(hMenu,
- Context->ListView,
- ID_OBJECT_COPY,
- uPos,
- lpPoint,
- &Context->lvItemHit,
- &Context->lvColumnHit))
- {
- InsertMenu(hMenu, ++uPos, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
- }
+ ListView_DeleteAllItems(Context->ListView);
- InsertMenu(hMenu, uPos++, MF_BYCOMMAND, ID_JUMPTOFILE, T_JUMPTOFILE);
- InsertMenu(hMenu, uPos++, MF_BYCOMMAND, ID_SDTLIST_SAVE, T_EXPORTTOFILE);
- InsertMenu(hMenu, uPos++, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
- InsertMenu(hMenu, uPos++, MF_BYCOMMAND, ID_VIEW_REFRESH, T_VIEW_REFRESH);
+ //list table
+ for (i = 0; i < SdtTableEntry->Limit; i++) {
- TrackPopupMenu(hMenu,
- TPM_RIGHTBUTTON | TPM_LEFTALIGN,
- lpPoint->x,
- lpPoint->y,
- 0,
- hwndDlg,
- NULL);
+ RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
+ ultostr(SdtTableEntry->Table[i].ServiceId, szBuffer);
- DestroyMenu(hMenu);
- }
-}
+ //ServiceId
+ RtlSecureZeroMemory(&lvItem, sizeof(lvItem));
+ lvItem.mask = LVIF_TEXT | LVIF_IMAGE;
+ lvItem.iItem = MAXINT;
+ lvItem.iImage = iImage; //imagelist id
+ lvItem.pszText = szBuffer;
+ lvIndex = ListView_InsertItem(Context->ListView, &lvItem);
-/*
-* SdtFreeGlobals
-*
-* Purpose:
-*
-* Release memory allocated for SDT table globals.
-*
-*/
-BOOL CALLBACK SdtFreeGlobals(
- _In_opt_ PVOID Context
-)
-{
- UNREFERENCED_PARAMETER(Context);
+ //Name
+ lvItem.mask = LVIF_TEXT;
+ lvItem.iSubItem = 1;
+ lvItem.pszText = (LPWSTR)SdtTableEntry->Table[i].Name;
+ lvItem.iItem = lvIndex;
+ ListView_SetItem(Context->ListView, &lvItem);
- if (KiServiceTable.Allocated) {
- supHeapFree(KiServiceTable.Table);
- KiServiceTable.Allocated = FALSE;
- }
- if (W32pServiceTable.Allocated) {
- supHeapFree(W32pServiceTable.Table);
- W32pServiceTable.Allocated = FALSE;
- }
+ //Address
+ RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
+ szBuffer[0] = L'0';
+ szBuffer[1] = L'x';
+ u64tohex(SdtTableEntry->Table[i].Address, &szBuffer[2]);
- return TRUE;
+ lvItem.iSubItem = 2;
+ lvItem.pszText = szBuffer;
+ ListView_SetItem(Context->ListView, &lvItem);
+
+ //Module
+ RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
+
+ if (ntsupFindModuleEntryByAddress(
+ Modules,
+ (PVOID)SdtTableEntry->Table[i].Address,
+ &moduleIndex))
+ {
+ MultiByteToWideChar(
+ CP_ACP,
+ 0,
+ (LPCSTR)&Modules->Modules[moduleIndex].FullPathName,
+ (INT)_strlen_a((char*)Modules->Modules[moduleIndex].FullPathName),
+ szBuffer,
+ MAX_PATH);
+ }
+ else {
+ _strcpy(szBuffer, TEXT("Unknown Module"));
+ }
+
+ lvItem.iSubItem = 3;
+ lvItem.pszText = szBuffer;
+ ListView_SetItem(Context->ListView, &lvItem);
+ }
}
/*
-* SdtDlgHandleNotify
+* SdtListCreateTable
*
* Purpose:
*
-* WM_NOTIFY processing for dialog listview.
+* KiServiceTable dump routine.
*
*/
-BOOL SdtDlgHandleNotify(
- _In_ HWND hwndDlg,
- _In_ LPARAM lParam
+BOOL SdtListCreateTable(
+ VOID
)
{
- INT nImageIndex, iSelectionMark;
- LPNMLISTVIEW pListView = (LPNMLISTVIEW)lParam;
- LPWSTR lpItem;
- HWND hwndListView;
-
- EXTRASCONTEXT* pDlgContext;
+ BOOL bResult = FALSE;
+ ULONG EntrySize = 0;
+ SIZE_T memIO;
+ PUTable TableDump = NULL;
+ PBYTE Module = NULL;
+ PIMAGE_EXPORT_DIRECTORY ExportDirectory = NULL;
+ PDWORD ExportNames, ExportFunctions;
+ PWORD NameOrdinals;
- EXTRASCALLBACK CallbackParam;
- WCHAR szBuffer[MAX_PATH + 1];
+ PSERVICETABLEENTRY ServiceEntry;
- if (pListView == NULL)
- return FALSE;
+ CHAR* ServiceName;
+ CHAR* FunctionAddress;
+ ULONG ServiceId, i, j;
- if (pListView->hdr.idFrom != ID_EXTRASLIST)
- return FALSE;
+ __try {
- hwndListView = pListView->hdr.hwndFrom;
+ if ((g_kdctx.Data->KeServiceDescriptorTable.Base == 0) ||
+ (g_kdctx.Data->KeServiceDescriptorTable.Limit == 0))
+ {
+ if (!kdFindKiServiceTable(
+ (ULONG_PTR)g_kdctx.NtOsImageMap,
+ (ULONG_PTR)g_kdctx.NtOsBase,
+ &g_kdctx.Data->KeServiceDescriptorTable))
+ {
+ __leave;
+ }
+ }
- switch (pListView->hdr.code) {
+ //
+ // If table empty, dump and prepare table
+ //
+ if (KiServiceTable.Allocated == FALSE) {
- case LVN_COLUMNCLICK:
+ Module = (PBYTE)GetModuleHandle(TEXT("ntdll.dll"));
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
+ if (Module == NULL)
+ __leave;
- pDlgContext->bInverseSort = (~pDlgContext->bInverseSort) & 1;
- pDlgContext->lvColumnToSort = pListView->iSubItem;
- CallbackParam.lParam = (LPARAM)pDlgContext->lvColumnToSort;
- CallbackParam.Value = pDlgContext->DialogMode;
- ListView_SortItemsEx(hwndListView, &SdtDlgCompareFunc, (LPARAM)&CallbackParam);
+ ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)RtlImageDirectoryEntryToData(
+ Module,
+ TRUE,
+ IMAGE_DIRECTORY_ENTRY_EXPORT,
+ &EntrySize);
- nImageIndex = ImageList_GetImageCount(g_ListViewImages);
- if (pDlgContext->bInverseSort)
- nImageIndex -= 2;
- else
- nImageIndex -= 1;
+ if (ExportDirectory == NULL) {
+ __leave;
+ }
- supUpdateLvColumnHeaderImage(
- hwndListView,
- pDlgContext->lvColumnCount,
- pDlgContext->lvColumnToSort,
- nImageIndex);
- }
- break;
+ ExportNames = (PDWORD)((PBYTE)Module + ExportDirectory->AddressOfNames);
+ ExportFunctions = (PDWORD)((PBYTE)Module + ExportDirectory->AddressOfFunctions);
+ NameOrdinals = (PWORD)((PBYTE)Module + ExportDirectory->AddressOfNameOrdinals);
- case NM_DBLCLK:
+ memIO = sizeof(SERVICETABLEENTRY) * ExportDirectory->NumberOfNames;
- iSelectionMark = ListView_GetSelectionMark(hwndListView);
- if (iSelectionMark >= 0) {
- lpItem = supGetItemText(hwndListView, iSelectionMark, 3, NULL);
- if (lpItem) {
- RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
- if (supGetWin32FileName(lpItem, szBuffer, MAX_PATH))
- supShowProperties(hwndDlg, szBuffer);
- supHeapFree(lpItem);
+ KiServiceTable.Table = (PSERVICETABLEENTRY)supHeapAlloc(memIO);
+ if (KiServiceTable.Table == NULL)
+ __leave;
+
+ KiServiceTable.Allocated = TRUE;
+
+ if (!supDumpSyscallTableConverted(
+ g_kdctx.Data->KeServiceDescriptorTable.Base,
+ g_kdctx.Data->KeServiceDescriptorTable.Limit,
+ &TableDump))
+ {
+ supHeapFree(KiServiceTable.Table);
+ KiServiceTable.Allocated = FALSE;
+ __leave;
+ }
+
+ KiServiceTable.Base = g_kdctx.Data->KeServiceDescriptorTable.Base;
+
+ //
+ // Walk for syscall stubs.
+ //
+ KiServiceTable.Limit = 0;
+ for (i = 0; i < ExportDirectory->NumberOfNames; i++) {
+
+ ServiceName = ((CHAR*)Module + ExportNames[i]);
+
+ //
+ // Use Zw alias to skip various Nt trash like NtdllDialogWndProc/NtGetTickCount.
+ //
+
+ if (*(USHORT*)ServiceName == 'wZ') {
+
+ MultiByteToWideChar(
+ CP_ACP,
+ 0,
+ ServiceName,
+ (INT)_strlen_a(ServiceName),
+ KiServiceTable.Table[KiServiceTable.Limit].Name,
+ MAX_PATH);
+
+ //dirty hack
+ KiServiceTable.Table[KiServiceTable.Limit].Name[0] = L'N';
+ KiServiceTable.Table[KiServiceTable.Limit].Name[1] = L't';
+
+ FunctionAddress = (CHAR*)((CHAR*)Module + ExportFunctions[NameOrdinals[i]]);
+ ServiceEntry = &KiServiceTable.Table[KiServiceTable.Limit];
+
+ if (*(UCHAR*)((UCHAR*)FunctionAddress + 3) == 0xB8) {
+ ServiceId = *(ULONG*)((UCHAR*)FunctionAddress + 4);
+ if (ServiceId < g_kdctx.Data->KeServiceDescriptorTable.Limit) {
+ ServiceEntry->ServiceId = ServiceId;
+ ServiceEntry->Address = TableDump[ServiceId];
+ TableDump[ServiceId] = 0;
+ }
+ else {
+ kdDebugPrint(">>1 %s %lu\r\n", ServiceName, KiServiceTable.Limit);
+ ServiceEntry->ServiceId = INVALID_SERVICE_ENTRY_ID;
+ }
+ }
+ else {
+ kdDebugPrint(">>2 %s %lu\r\n", ServiceName, KiServiceTable.Limit);
+ ServiceEntry->ServiceId = INVALID_SERVICE_ENTRY_ID;
+ }
+
+ KiServiceTable.Limit += 1;
+
+ }//wZ
+ }//for
+
+ for (i = 0; i < KiServiceTable.Limit; i++) {
+ ServiceEntry = &KiServiceTable.Table[i];
+ if (ServiceEntry->ServiceId == INVALID_SERVICE_ENTRY_ID) {
+ for (j = 0; j < g_kdctx.Data->KeServiceDescriptorTable.Limit; j++) {
+ if (TableDump[j] != 0) {
+ ServiceEntry->ServiceId = j;
+ ServiceEntry->Address = TableDump[j];
+ TableDump[j] = 0;
+ break;
+ }
+ }
+ }
}
+
+ supHeapFree(TableDump);
+ TableDump = NULL;
}
- break;
- default:
- return FALSE;
+ bResult = TRUE;
+
}
+ __finally {
- return TRUE;
+ if (AbnormalTermination())
+ supReportAbnormalTermination(__FUNCTIONW__);
+
+ if (TableDump) {
+ supHeapFree(TableDump);
+ }
+ }
+
+ return bResult;
}
/*
-* SdtDlgOnInit
+* ApiSetExtractReferenceFromAdapter
*
* Purpose:
*
-* KiServiceTable Dialog WM_INITDIALOG handler.
+* Extract apiset reference from adapter code.
*
*/
-VOID SdtDlgOnInit(
- _In_ HWND hwndDlg,
- _In_ LPARAM lParam
+ULONG_PTR ApiSetExtractReferenceFromAdapter(
+ _In_ PBYTE ptrFunction
)
{
- INT iImage = ImageList_GetImageCount(g_ListViewImages) - 1;
- EXTRASCONTEXT* pDlgContext = (EXTRASCONTEXT*)lParam;
+ BOOL bFound;
+ PBYTE ptrCode = ptrFunction;
+ ULONG Index = 0, i;
+ LONG Rel = 0;
+ hde64s hs;
- INT SbParts[] = { 400, -1 };
- WCHAR szText[100];
+ ULONG PatternSize;
+ PVOID PatternData;
- LVCOLUMNS_DATA columnData[] =
- {
- { L"Id", 80, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, iImage },
- { L"Service Name", 280, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, I_IMAGENONE },
- { L"Address", 130, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, I_IMAGENONE },
- { L"Module", 220, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, I_IMAGENONE }
- };
+ do {
+ hde64_disasm((void*)(ptrCode + Index), &hs);
+ if (hs.flags & F_ERROR)
+ break;
- SetProp(hwndDlg, T_DLGCONTEXT, (HANDLE)lParam);
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ if (hs.len == 7) {
- pDlgContext->lvColumnHit = -1;
- pDlgContext->lvItemHit = -1;
+ bFound = FALSE;
- pDlgContext->hwndDlg = hwndDlg;
- pDlgContext->StatusBar = GetDlgItem(hwndDlg, ID_EXTRASLIST_STATUSBAR);
- SendMessage(pDlgContext->StatusBar, SB_SETPARTS, 2, (LPARAM)&SbParts);
+ for (i = 0; i < RTL_NUMBER_OF(W32kApiSetAdapters); i++) {
- _strcpy(szText, TEXT("Viewing "));
- if (pDlgContext->DialogMode == SST_Ntos)
- _strcat(szText, TEXT("ntoskrnl service table"));
- else
- _strcat(szText, TEXT("win32k service table"));
+ PatternSize = W32kApiSetAdapters[i].Size;
+ PatternData = W32kApiSetAdapters[i].Data;
- SetWindowText(hwndDlg, szText);
+ if (PatternSize == RtlCompareMemory(&ptrCode[Index],
+ PatternData,
+ PatternSize))
+ {
+ Rel = *(PLONG)(ptrCode + Index + (hs.len - 4));
+ bFound = TRUE;
+ break;
+ }
- extrasSetDlgIcon(pDlgContext);
+ }
- pDlgContext->ListView = GetDlgItem(hwndDlg, ID_EXTRASLIST);
- if (pDlgContext->ListView) {
+ if (bFound)
+ break;
+ }
- //
- // Set listview imagelist, style flags and theme.
- //
- supSetListViewSettings(pDlgContext->ListView,
- LVS_EX_FULLROWSELECT | LVS_EX_DOUBLEBUFFER | LVS_EX_LABELTIP,
- FALSE,
- TRUE,
- g_ListViewImages,
- LVSIL_SMALL);
+ Index += hs.len;
- //
- // And columns and remember their count.
- //
- pDlgContext->lvColumnCount = supAddLVColumnsFromArray(
- pDlgContext->ListView,
- columnData,
- RTL_NUMBER_OF(columnData));
+ } while (Index < 32);
- SendMessage(hwndDlg, WM_SIZE, 0, 0);
+ if (Rel == 0)
+ return 0;
- supListViewEnableRedraw(pDlgContext->ListView, FALSE);
- SdtListCreate(pDlgContext->hwndDlg, FALSE, pDlgContext);
- supListViewEnableRedraw(pDlgContext->ListView, TRUE);
- }
+
+ return (ULONG_PTR)ptrCode + Index + hs.len + Rel;
}
/*
-* SdtDialogProc
+* ApiSetLoadResolvedModule
*
* Purpose:
*
-* KiServiceTable Dialog window procedure.
+* Final apiset resolving and loading actual file.
+*
+* Function return NTSTATUS value and sets ResolvedEntry parameter.
*
*/
-INT_PTR CALLBACK SdtDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam
+_Success_(return == STATUS_SUCCESS)
+NTSTATUS ApiSetLoadResolvedModule(
+ _In_ PVOID ApiSetMap,
+ _In_ PUNICODE_STRING ApiSetToResolve,
+ _Inout_ PANSI_STRING ConvertedModuleName,
+ _Out_ HMODULE * DllModule
)
{
- EXTRASCONTEXT* pDlgContext;
-
- if (uMsg == g_WinObj.SettingsChangeMessage) {
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
- extrasHandleSettingsChange(pDlgContext);
- }
- return TRUE;
- }
+ BOOL ResolvedResult;
+ NTSTATUS Status;
+ UNICODE_STRING usResolvedModule;
- switch (uMsg) {
-
- case WM_INITDIALOG:
- SdtDlgOnInit(hwndDlg, lParam);
- break;
-
- case WM_GETMINMAXINFO:
- if (lParam) {
- supSetMinMaxTrackSize((PMINMAXINFO)lParam,
- SDTDLG_TRACKSIZE_MIN_X,
- SDTDLG_TRACKSIZE_MIN_Y,
- TRUE);
- }
- break;
+ if (DllModule == NULL)
+ return STATUS_INVALID_PARAMETER_2;
+ if (ConvertedModuleName == NULL)
+ return STATUS_INVALID_PARAMETER_3;
- case WM_NOTIFY:
- return SdtDlgHandleNotify(hwndDlg, lParam);
+ *DllModule = NULL;
- case WM_SIZE:
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
- extrasSimpleListResize(hwndDlg);
- }
- break;
+ ResolvedResult = FALSE;
+ RtlInitEmptyUnicodeString(&usResolvedModule, NULL, 0);
- case WM_DESTROY:
- PostQuitMessage(0);
- break;
+ //
+ // Resolve ApiSet.
+ //
+ Status = NtLdrApiSetResolveLibrary(ApiSetMap,
+ ApiSetToResolve,
+ NULL,
+ &ResolvedResult,
+ &usResolvedModule);
- case WM_CLOSE:
- pDlgContext = (EXTRASCONTEXT*)RemoveProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
- extrasRemoveDlgIcon(pDlgContext);
- }
- DestroyWindow(hwndDlg);
- break;
+ if (NT_SUCCESS(Status)) {
- case WM_COMMAND:
+ if (ResolvedResult) {
+ //
+ // ApiSet resolved, load result library.
+ //
+ *DllModule = LoadLibraryEx(usResolvedModule.Buffer, NULL, DONT_RESOLVE_DLL_REFERENCES);
- switch (GET_WM_COMMAND_ID(wParam, lParam)) {
+ //
+ // Convert resolved name back to ANSI for module query.
+ //
+ RtlUnicodeStringToAnsiString(ConvertedModuleName,
+ &usResolvedModule,
+ TRUE);
- case IDCANCEL:
- SendMessage(hwndDlg, WM_CLOSE, 0, 0);
- break;
+ RtlFreeUnicodeString(&usResolvedModule);
+ Status = STATUS_SUCCESS;
+ }
+ }
+ else {
+ //
+ // Change status code for dbg output.
+ //
+ if (Status == STATUS_UNSUCCESSFUL)
+ Status = STATUS_APISET_NOT_PRESENT;
+ }
- case ID_SDTLIST_SAVE:
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
+ return Status;
+}
- if (supListViewExportToFile(
- TEXT("Table.csv"),
- hwndDlg,
- pDlgContext->ListView))
- {
- supStatusBarSetText(pDlgContext->StatusBar, 1, T_LIST_EXPORT_SUCCESS);
- }
+/*
+* ApiSetResolveWin32kTableEntry
+*
+* Purpose:
+*
+* Find entry in Win32kApiSetTable.
+*
+* Function return STATUS_SUCCESS on success and sets ResolvedEntry parameter.
+*
+*/
+NTSTATUS ApiSetResolveWin32kTableEntry(
+ _In_ ULONG_PTR ApiSetTable,
+ _In_ ULONG_PTR LookupEntry,
+ _In_ ULONG EntrySize,
+ _Out_ PVOID* ResolvedEntry
+)
+{
+ NTSTATUS resolveStatus = STATUS_APISET_NOT_PRESENT;
+ PW32K_API_SET_TABLE_ENTRY pvTableEntry = (PW32K_API_SET_TABLE_ENTRY)ApiSetTable;
+ ULONG cEntries;
+ ULONG_PTR entryValue;
+ PULONG_PTR pvHostEntries;
- }
- break;
+ *ResolvedEntry = NULL;
- case ID_VIEW_REFRESH:
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
- supListViewEnableRedraw(pDlgContext->ListView, FALSE);
- SdtListCreate(hwndDlg, TRUE, pDlgContext);
- supListViewEnableRedraw(pDlgContext->ListView, TRUE);
- }
- break;
+ //
+ // Lookup entry in table.
+ //
+ __try {
- case ID_JUMPTOFILE:
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
- supJumpToFileListView(pDlgContext->ListView, 3);
- }
- break;
+ while (pvTableEntry->Host) {
- case ID_OBJECT_COPY:
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
- supListViewCopyItemValueToClipboard(pDlgContext->ListView,
- pDlgContext->lvItemHit,
- pDlgContext->lvColumnHit);
- }
- break;
+ cEntries = pvTableEntry->Host->HostEntriesCount;
+ pvHostEntries = (PULONG_PTR)pvTableEntry->HostEntriesArray;
- }
+ //
+ // Search inside table host entry array.
+ //
+ do {
- break;
+ entryValue = (ULONG_PTR)pvHostEntries;
+ pvHostEntries++;
- case WM_CONTEXTMENU:
- pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
- if (pDlgContext) {
+ if (entryValue == LookupEntry) {
+ *ResolvedEntry = (PVOID)pvTableEntry;
+ resolveStatus = STATUS_SUCCESS;
+ break;
+ }
- supHandleContextMenuMsgForListView(hwndDlg,
- wParam,
- lParam,
- pDlgContext->ListView,
- (pfnPopupMenuHandler)SdtHandlePopupMenu,
- (PVOID)pDlgContext);
+ } while (--cEntries);
+ pvTableEntry = (PW32K_API_SET_TABLE_ENTRY)RtlOffsetToPointer(pvTableEntry, EntrySize);
}
- break;
+ }
+ __except (WOBJ_EXCEPTION_FILTER_LOG) {
+ //
+ // Should never be here. Only in case if table structure changed or ApiSetTable address points to invalid data.
+ //
+ return STATUS_ACCESS_VIOLATION;
}
- return FALSE;
+ return resolveStatus;
}
/*
-* SdtListOutputTable
+* SdtResolveServiceEntryModule
*
* Purpose:
*
-* Output dumped and converted syscall table to listview.
+* Find a module for shadow table entry by parsing apisets(if present) and/or forwarders (if present).
+*
+* Function return NTSTATUS value and sets ResolvedModule, ResolvedModuleName, FunctionName parameters.
*
*/
-VOID SdtListOutputTable(
- _In_ HWND hwndDlg,
- _In_ PRTL_PROCESS_MODULES Modules,
- _In_ PSDT_TABLE SdtTableEntry
+_Success_(return == STATUS_SUCCESS)
+NTSTATUS SdtResolveServiceEntryModule(
+ _In_ PBYTE FunctionPtr,
+ _In_ HMODULE MappedWin32k,
+ _In_opt_ PVOID ApiSetMap,
+ _In_ ULONG_PTR Win32kApiSetTable,
+ _In_ PWIN32_SHADOWTABLE ShadowTableEntry,
+ _Out_ HMODULE * ResolvedModule,
+ _Inout_ PANSI_STRING ResolvedModuleName,
+ _Out_ LPCSTR * FunctionName
)
{
- INT lvIndex;
- ULONG i, iImage, moduleIndex = 0;
- EXTRASCONTEXT* Context = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ BOOLEAN NeedApiSetResolve = (g_NtBuildNumber > 18885);
+ BOOLEAN Win32kApiSetTableExpected = (g_NtBuildNumber > 18935);
- LVITEM lvItem;
- WCHAR szBuffer[MAX_PATH + 1];
+ ULONG ApiSetTableEntrySize;
- LPWSTR lpBaseName, lpBaseLimit;
+ NTSTATUS resultStatus = STATUS_UNSUCCESSFUL, resolveStatus;
- if (Context->DialogMode == SST_Ntos) {
- lpBaseName = KSW_KiServiceTable;
- lpBaseLimit = KSW_KiServiceLimit;
- }
- else if (Context->DialogMode == SST_Win32k) {
- lpBaseName = KSW_W32pServiceTable;
- lpBaseLimit = KSW_W32pServiceLimit;
- }
- else
- return;
+ HMODULE DllModule = NULL;
- RtlStringCchPrintfSecure(szBuffer,
- MAX_PATH,
- TEXT("%ws 0x%p / %ws %lu (0x%lX)"),
- lpBaseName,
- (PVOID)SdtTableEntry->Base,
- lpBaseLimit,
- SdtTableEntry->Limit,
- SdtTableEntry->Limit);
+ LONG32 JmpAddress;
+ ULONG_PTR ApiSetReference;
- supStatusBarSetText(Context->StatusBar, 0, (LPWSTR)&szBuffer);
+ LPCSTR ModuleName;
+ PWCHAR HostName;
- iImage = ObManagerGetImageIndexByTypeIndex(ObjectTypeDevice);
+ W32K_API_SET_TABLE_ENTRY *pvApiSetEntry = NULL;
- ListView_DeleteAllItems(Context->ListView);
+ UNICODE_STRING usApiSetEntry, usModuleName;
+ hde64s hs;
- //list table
- for (i = 0; i < SdtTableEntry->Limit; i++) {
- RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
- ultostr(SdtTableEntry->Table[i].ServiceId, szBuffer);
+ *ResolvedModule = NULL;
- //ServiceId
- RtlSecureZeroMemory(&lvItem, sizeof(lvItem));
- lvItem.mask = LVIF_TEXT | LVIF_IMAGE;
- lvItem.iItem = MAXINT;
- lvItem.iImage = iImage; //imagelist id
- lvItem.pszText = szBuffer;
- lvIndex = ListView_InsertItem(Context->ListView, &lvItem);
+ hde64_disasm((void*)FunctionPtr, &hs);
+ if (hs.flags & F_ERROR) {
+ return STATUS_INTERNAL_ERROR;
+ }
- //Name
- lvItem.mask = LVIF_TEXT;
- lvItem.iSubItem = 1;
- lvItem.pszText = (LPWSTR)SdtTableEntry->Table[i].Name;
- lvItem.iItem = lvIndex;
- ListView_SetItem(Context->ListView, &lvItem);
+ do {
- //Address
- RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
- szBuffer[0] = L'0';
- szBuffer[1] = L'x';
- u64tohex(SdtTableEntry->Table[i].Address, &szBuffer[2]);
+ //
+ // See if this is new Win32kApiSetTable adapter.
+ //
+ if (Win32kApiSetTableExpected && ApiSetMap) {
- lvItem.iSubItem = 2;
- lvItem.pszText = szBuffer;
- ListView_SetItem(Context->ListView, &lvItem);
+ ApiSetReference = ApiSetExtractReferenceFromAdapter(FunctionPtr);
+ if (ApiSetReference) {
- //Module
- RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
+ if (g_NtBuildNumber >= NT_WINSRV_21H1)
+ ApiSetTableEntrySize = sizeof(W32K_API_SET_TABLE_ENTRY_V2);
+ else
+ ApiSetTableEntrySize = sizeof(W32K_API_SET_TABLE_ENTRY);
- if (ntsupFindModuleEntryByAddress(
- Modules,
- (PVOID)SdtTableEntry->Table[i].Address,
- &moduleIndex))
- {
- MultiByteToWideChar(
- CP_ACP,
- 0,
- (LPCSTR)&Modules->Modules[moduleIndex].FullPathName,
- (INT)_strlen_a((char*)Modules->Modules[moduleIndex].FullPathName),
- szBuffer,
- MAX_PATH);
- }
- else {
- _strcpy(szBuffer, TEXT("Unknown Module"));
- }
+ resolveStatus = ApiSetResolveWin32kTableEntry(
+ Win32kApiSetTable,
+ ApiSetReference,
+ ApiSetTableEntrySize,
+ (PVOID*)&pvApiSetEntry);
- lvItem.iSubItem = 3;
- lvItem.pszText = szBuffer;
- ListView_SetItem(Context->ListView, &lvItem);
- }
-}
+ if (!NT_SUCCESS(resolveStatus))
+ return resolveStatus;
-/*
-* SdtListCreateTable
-*
-* Purpose:
-*
-* KiServiceTable dump routine.
-*
-*/
-BOOL SdtListCreateTable(
- VOID
-)
-{
- BOOL bResult = FALSE;
- ULONG EntrySize = 0;
- SIZE_T memIO;
- PUTable TableDump = NULL;
- PBYTE Module = NULL;
- PIMAGE_EXPORT_DIRECTORY ExportDirectory = NULL;
- PDWORD ExportNames, ExportFunctions;
- PWORD NameOrdinals;
+ //
+ // Host is on the same offset for both V1/V2 versions.
+ //
+ HostName = pvApiSetEntry->Host->HostName;
- PSERVICETABLEENTRY ServiceEntry;
+ RtlInitUnicodeString(&usApiSetEntry, HostName);
- CHAR* ServiceName;
- CHAR* FunctionAddress;
- ULONG ServiceId, i, j;
+ resolveStatus = ApiSetLoadResolvedModule(
+ ApiSetMap,
+ &usApiSetEntry,
+ ResolvedModuleName,
+ &DllModule);
- __try {
+ if (NT_SUCCESS(resolveStatus)) {
+ if (DllModule) {
+ *ResolvedModule = DllModule;
+ *FunctionName = ShadowTableEntry->Name;
+ return STATUS_SUCCESS;
+ }
+ else {
+ return STATUS_DLL_NOT_FOUND;
+ }
+ }
+ else {
+ return resolveStatus;
+ }
- if ((g_kdctx.Data->KeServiceDescriptorTable.Base == 0) ||
- (g_kdctx.Data->KeServiceDescriptorTable.Limit == 0))
- {
- if (!kdFindKiServiceTable(
- (ULONG_PTR)g_kdctx.NtOsImageMap,
- (ULONG_PTR)g_kdctx.NtOsBase,
- &g_kdctx.Data->KeServiceDescriptorTable))
- {
- __leave;
}
+ else {
+ resultStatus = STATUS_APISET_NOT_HOSTED;
+ }
+ }
+
+ JmpAddress = *(PLONG32)(FunctionPtr + (hs.len - 4)); // retrieve the offset
+ FunctionPtr = FunctionPtr + hs.len + JmpAddress; // hs.len -> length of jmp instruction
+
+ *FunctionName = NtRawIATEntryToImport(MappedWin32k, FunctionPtr, &ModuleName);
+ if (*FunctionName == NULL) {
+ resultStatus = STATUS_PROCEDURE_NOT_FOUND;
+ break;
}
//
- // If table empty, dump and prepare table
+ // Convert module name to UNICODE.
//
- if (KiServiceTable.Allocated == FALSE) {
+ if (RtlCreateUnicodeStringFromAsciiz(&usModuleName, (PSTR)ModuleName)) {
- Module = (PBYTE)GetModuleHandle(TEXT("ntdll.dll"));
+ //
+ // Check whatever ApiSet resolving required.
+ //
+ if (NeedApiSetResolve) {
- if (Module == NULL)
- __leave;
+ if (ApiSetMap) {
+ resolveStatus = ApiSetLoadResolvedModule(
+ ApiSetMap,
+ &usModuleName,
+ ResolvedModuleName,
+ &DllModule);
+ }
+ else {
+ resolveStatus = STATUS_INVALID_PARAMETER_3;
+ }
- ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)RtlImageDirectoryEntryToData(
- Module,
- TRUE,
- IMAGE_DIRECTORY_ENTRY_EXPORT,
- &EntrySize);
+ if (!NT_SUCCESS(resolveStatus)) {
+ RtlFreeUnicodeString(&usModuleName);
+ return resolveStatus;
+ }
- if (ExportDirectory == NULL) {
- __leave;
+ }
+ else {
+ //
+ // No ApiSet resolve required, load as usual.
+ //
+ DllModule = LoadLibraryEx(usModuleName.Buffer, NULL, DONT_RESOLVE_DLL_REFERENCES);
+ RtlUnicodeStringToAnsiString(ResolvedModuleName, &usModuleName, TRUE);
}
- ExportNames = (PDWORD)((PBYTE)Module + ExportDirectory->AddressOfNames);
- ExportFunctions = (PDWORD)((PBYTE)Module + ExportDirectory->AddressOfFunctions);
- NameOrdinals = (PWORD)((PBYTE)Module + ExportDirectory->AddressOfNameOrdinals);
+ RtlFreeUnicodeString(&usModuleName);
- memIO = sizeof(SERVICETABLEENTRY) * ExportDirectory->NumberOfNames;
+ *ResolvedModule = DllModule;
+ resultStatus = (DllModule != NULL) ? STATUS_SUCCESS : STATUS_DLL_NOT_FOUND;
+ }
- KiServiceTable.Table = (PSERVICETABLEENTRY)supHeapAlloc(memIO);
- if (KiServiceTable.Table == NULL)
- __leave;
- KiServiceTable.Allocated = TRUE;
+ } while (FALSE);
- if (!supDumpSyscallTableConverted(
- g_kdctx.Data->KeServiceDescriptorTable.Base,
- g_kdctx.Data->KeServiceDescriptorTable.Limit,
- &TableDump))
- {
- supHeapFree(KiServiceTable.Table);
- KiServiceTable.Allocated = FALSE;
- __leave;
- }
+ return resultStatus;
+}
- KiServiceTable.Base = g_kdctx.Data->KeServiceDescriptorTable.Base;
+/*
+* SdtListReportEvent
+*
+* Purpose:
+*
+* Add entry to WinObjEx64 runtime log accessible through main menu.
+*
+*/
+VOID SdtListReportEvent(
+ _In_ WOBJ_ENTRY_TYPE EventType,
+ _In_ LPCWSTR FunctionName,
+ _In_ LPCWSTR ErrorString
+)
+{
+ WCHAR szBuffer[1024];
- //
- // Walk for syscall stubs.
- //
- KiServiceTable.Limit = 0;
- for (i = 0; i < ExportDirectory->NumberOfNames; i++) {
+ RtlStringCchPrintfSecure(szBuffer,
+ RTL_NUMBER_OF(szBuffer),
+ TEXT("%ws, %ws"),
+ FunctionName,
+ ErrorString);
- ServiceName = ((CHAR*)Module + ExportNames[i]);
+ logAdd(EventType, szBuffer);
+}
- //
- // Use Zw alias to skip various Nt trash like NtdllDialogWndProc/NtGetTickCount.
- //
+/*
+* SdtListReportFunctionResolveError
+*
+* Purpose:
+*
+* Report function name resolve error.
+*
+*/
+VOID SdtListReportFunctionResolveError(
+ _In_ LPCSTR FunctionName
+)
+{
+ WCHAR szErrorBuffer[512];
- if (*(USHORT*)ServiceName == 'wZ') {
+ RtlSecureZeroMemory(szErrorBuffer, sizeof(szErrorBuffer));
- MultiByteToWideChar(
- CP_ACP,
- 0,
- ServiceName,
- (INT)_strlen_a(ServiceName),
- KiServiceTable.Table[KiServiceTable.Limit].Name,
- MAX_PATH);
+ _strcpy(szErrorBuffer, TEXT("could not resolve function "));
+ MultiByteToWideChar(CP_ACP, 0, FunctionName, -1, _strend(szErrorBuffer), MAX_PATH);
+ _strcat(szErrorBuffer, TEXT(" address"));
+ SdtListReportEvent(EntryTypeError, __FUNCTIONW__, szErrorBuffer);
+}
- //dirty hack
- KiServiceTable.Table[KiServiceTable.Limit].Name[0] = L'N';
- KiServiceTable.Table[KiServiceTable.Limit].Name[1] = L't';
+/*
+* SdtListReportResolveModuleError
+*
+* Purpose:
+*
+* Report module resolve error.
+*
+*/
+VOID SdtListReportResolveModuleError(
+ _In_ NTSTATUS Status,
+ _In_ PWIN32_SHADOWTABLE Table,
+ _In_ PSTRING ResolvedModuleName,
+ _In_ LPCWSTR ErrorSource
+)
+{
+ WCHAR szErrorBuffer[512];
- FunctionAddress = (CHAR*)((CHAR*)Module + ExportFunctions[NameOrdinals[i]]);
- ServiceEntry = &KiServiceTable.Table[KiServiceTable.Limit];
+ RtlSecureZeroMemory(szErrorBuffer, sizeof(szErrorBuffer));
- if (*(UCHAR*)((UCHAR*)FunctionAddress + 3) == 0xB8) {
- ServiceId = *(ULONG*)((UCHAR*)FunctionAddress + 4);
- if (ServiceId < g_kdctx.Data->KeServiceDescriptorTable.Limit) {
- ServiceEntry->ServiceId = ServiceId;
- ServiceEntry->Address = TableDump[ServiceId];
- TableDump[ServiceId] = 0;
- }
- else {
- kdDebugPrint(">>1 %s %lu\r\n", ServiceName, KiServiceTable.Limit);
- ServiceEntry->ServiceId = INVALID_SERVICE_ENTRY_ID;
- }
- }
- else {
- kdDebugPrint(">>2 %s %lu\r\n", ServiceName, KiServiceTable.Limit);
- ServiceEntry->ServiceId = INVALID_SERVICE_ENTRY_ID;
- }
+ //
+ // Most of this errors are not critical and ok.
+ //
- KiServiceTable.Limit += 1;
+ switch (Status) {
- }//wZ
- }//for
+ case STATUS_INTERNAL_ERROR:
+ _strcpy(szErrorBuffer, TEXT("HDE Error"));
+ break;
- for (i = 0; i < KiServiceTable.Limit; i++) {
- ServiceEntry = &KiServiceTable.Table[i];
- if (ServiceEntry->ServiceId == INVALID_SERVICE_ENTRY_ID) {
- for (j = 0; j < g_kdctx.Data->KeServiceDescriptorTable.Limit; j++) {
- if (TableDump[j] != 0) {
- ServiceEntry->ServiceId = j;
- ServiceEntry->Address = TableDump[j];
- TableDump[j] = 0;
- break;
- }
- }
- }
- }
+ case STATUS_APISET_NOT_HOSTED:
+ //
+ // Corresponding apiset not found.
+ //
+ _strcpy(szErrorBuffer, TEXT("not an apiset adapter for "));
+ MultiByteToWideChar(CP_ACP, 0, Table->Name, -1, _strend(szErrorBuffer), MAX_PATH);
+ break;
- supHeapFree(TableDump);
- TableDump = NULL;
- }
+ case STATUS_APISET_NOT_PRESENT:
+ //
+ // ApiSet extension present but empty.
+ //
+ _strcpy(szErrorBuffer, TEXT("extension contains a host for a non-existent apiset "));
+ MultiByteToWideChar(CP_ACP, 0, Table->Name, -1, _strend(szErrorBuffer), MAX_PATH);
+ break;
- bResult = TRUE;
+ case STATUS_PROCEDURE_NOT_FOUND:
+ //
+ // Not a critical issue. This mean we cannot pass this service next to forwarder lookup code.
+ //
+ _strcpy(szErrorBuffer, TEXT("could not resolve function name in module for service id "));
+ ultostr(Table->Index, _strend(szErrorBuffer));
+ _strcat(szErrorBuffer, TEXT(", service name "));
+ MultiByteToWideChar(CP_ACP, 0, Table->Name, -1, _strend(szErrorBuffer), MAX_PATH);
+ break;
- }
- __finally {
+ case STATUS_DLL_NOT_FOUND:
- if (AbnormalTermination())
- supReportAbnormalTermination(__FUNCTIONW__);
+ _strcpy(szErrorBuffer, TEXT("could not load import dll "));
- if (TableDump) {
- supHeapFree(TableDump);
- }
+ MultiByteToWideChar(CP_ACP,
+ 0,
+ ResolvedModuleName->Buffer,
+ ResolvedModuleName->Length,
+ _strend(szErrorBuffer),
+ MAX_PATH);
+
+ break;
+
+ default:
+ //
+ // Unexpected error code.
+ //
+ _strcpy(szErrorBuffer, TEXT("unexpected error 0x"));
+ ultohex(Status, _strend(szErrorBuffer));
+ break;
}
- return bResult;
+ SdtListReportEvent(EntryTypeError, ErrorSource, szErrorBuffer);
}
/*
-* ApiSetExtractReferenceFromAdapter
+* SdtListCreateTableShadow
*
* Purpose:
*
-* Extract apiset reference from adapter code.
+* W32pServiceTable create table routine.
+*
+* Note: This code only for Windows 10 RS1+
*
*/
-ULONG_PTR ApiSetExtractReferenceFromAdapter(
- _In_ PBYTE ptrFunction
+BOOL SdtListCreateTableShadow(
+ _In_ PRTL_PROCESS_MODULES pModules,
+ _Out_ PULONG Status
)
{
- BOOL bFound;
- PBYTE ptrCode = ptrFunction;
- ULONG Index = 0, i;
- LONG Rel = 0;
- hde64s hs;
-
- ULONG PatternSize;
- PVOID PatternData;
-
- do {
- hde64_disasm((void*)(ptrCode + Index), &hs);
- if (hs.flags & F_ERROR)
- break;
-
- if (hs.len == 7) {
-
- bFound = FALSE;
-
- for (i = 0; i < RTL_NUMBER_OF(W32kApiSetAdapters); i++) {
-
- PatternSize = W32kApiSetAdapters[i].Size;
- PatternData = W32kApiSetAdapters[i].Data;
+ BOOLEAN NeedApiSetResolve = (g_NtBuildNumber > 18885);
+ BOOLEAN Win32kApiSetTableExpected = (g_NtBuildNumber > 18935);
+ NTSTATUS ntStatus;
+ BOOL bResult = FALSE;
+ ULONG w32u_limit, w32k_limit, c;
+ HMODULE w32u = NULL, w32k = NULL, DllModule, forwdll;
+ PBYTE fptr;
+ PULONG pServiceLimit, pServiceTable;
+ LPCSTR ModuleName, FunctionName, ForwarderDot, ForwarderFunctionName;
+ HANDLE EnumerationHeap = NULL;
+ ULONG_PTR Win32kBase = 0, kernelWin32kBase = 0;
- if (PatternSize == RtlCompareMemory(&ptrCode[Index],
- PatternData,
- PatternSize))
- {
- Rel = *(PLONG)(ptrCode + Index + (hs.len - 4));
- bFound = TRUE;
- break;
- }
+ PSERVICETABLEENTRY ServiceEntry;
+ PWIN32_SHADOWTABLE table, itable;
+ RESOLVE_INFO rfn;
- }
+ ULONG_PTR Win32kApiSetTable = 0;
- if (bFound)
- break;
- }
+ PVOID pvApiSetMap = NULL;
+ ULONG schemaVersion = 0;
- Index += hs.len;
+ PRTL_PROCESS_MODULE_INFORMATION w32Module, subModule, ForwardModule;
- } while (Index < 32);
+ LOAD_MODULE_ENTRY LoadedModulesHead;
+ PLOAD_MODULE_ENTRY ModuleEntry = NULL, PreviousEntry = NULL;
- if (Rel == 0)
- return 0;
+ ANSI_STRING ResolvedModuleName;
+ WCHAR szBuffer[MAX_PATH * 2];
+ CHAR szForwarderModuleName[MAX_PATH];
- return (ULONG_PTR)ptrCode + Index + hs.len + Rel;
-}
+ LoadedModulesHead.Next = NULL;
+ LoadedModulesHead.hModule = NULL;
-/*
-* ApiSetLoadResolvedModule
-*
-* Purpose:
-*
-* Final apiset resolving and loading actual file.
-*
-* Function return NTSTATUS value and sets ResolvedEntry parameter.
-*
-*/
-_Success_(return == STATUS_SUCCESS)
-NTSTATUS ApiSetLoadResolvedModule(
- _In_ PVOID ApiSetMap,
- _In_ PUNICODE_STRING ApiSetToResolve,
- _Inout_ PANSI_STRING ConvertedModuleName,
- _Out_ HMODULE * DllModule
-)
-{
- BOOL ResolvedResult;
- NTSTATUS Status;
- UNICODE_STRING usResolvedModule;
+ *Status = STATUS_SUCCESS;
- if (DllModule == NULL)
- return STATUS_INVALID_PARAMETER_2;
- if (ConvertedModuleName == NULL)
- return STATUS_INVALID_PARAMETER_3;
+ __try {
- *DllModule = NULL;
+ //
+ // Check if table already built.
+ //
+ if (W32pServiceTable.Allocated == FALSE) {
- ResolvedResult = FALSE;
- RtlInitEmptyUnicodeString(&usResolvedModule, NULL, 0);
+ //
+ // Find win32k loaded image base.
+ //
+ w32Module = (PRTL_PROCESS_MODULE_INFORMATION)ntsupFindModuleEntryByName(
+ pModules,
+ "win32k.sys");
- //
- // Resolve ApiSet.
- //
- Status = NtLdrApiSetResolveLibrary(ApiSetMap,
- ApiSetToResolve,
- NULL,
- &ResolvedResult,
- &usResolvedModule);
+ if (w32Module == NULL) {
+ *Status = ErrShadowWin32kNotFound;
+ __leave;
+ }
- if (NT_SUCCESS(Status)) {
+ Win32kBase = (ULONG_PTR)w32Module->ImageBase;
- if (ResolvedResult) {
//
- // ApiSet resolved, load result library.
+ // Prepare dedicated heap for exports enumeration.
//
- *DllModule = LoadLibraryEx(usResolvedModule.Buffer, NULL, DONT_RESOLVE_DLL_REFERENCES);
+ EnumerationHeap = supCreateHeap(HEAP_GROWABLE, TRUE);
+ if (EnumerationHeap == NULL) {
+ *Status = ErrShadowMemAllocFail;
+ __leave;
+ }
//
- // Convert resolved name back to ANSI for module query.
+ // Load win32u and dump exports, in KnownDlls.
//
- RtlUnicodeStringToAnsiString(ConvertedModuleName,
- &usResolvedModule,
- TRUE);
+ w32u = LoadLibraryEx(TEXT("win32u.dll"), NULL, 0);
+ if (w32u == NULL) {
+ *Status = ErrShadowWin32uLoadFail;
+ __leave;
+ }
- RtlFreeUnicodeString(&usResolvedModule);
- Status = STATUS_SUCCESS;
- }
- }
- else {
- //
- // Change status code for dbg output.
- //
- if (Status == STATUS_UNSUCCESSFUL)
- Status = STATUS_APISET_NOT_PRESENT;
- }
+ w32u_limit = NtRawEnumW32kExports(EnumerationHeap, w32u, &table);
- return Status;
-}
+ //
+ // Load win32k.
+ //
-/*
-* ApiSetResolveWin32kTableEntry
-*
-* Purpose:
-*
-* Find entry in Win32kApiSetTable.
-*
-* Function return STATUS_SUCCESS on success and sets ResolvedEntry parameter.
-*
-*/
-NTSTATUS ApiSetResolveWin32kTableEntry(
- _In_ ULONG_PTR ApiSetTable,
- _In_ ULONG_PTR LookupEntry,
- _In_ ULONG EntrySize,
- _Out_ PVOID* ResolvedEntry
-)
-{
- NTSTATUS resolveStatus = STATUS_APISET_NOT_PRESENT;
- PW32K_API_SET_TABLE_ENTRY pvTableEntry = (PW32K_API_SET_TABLE_ENTRY)ApiSetTable;
- ULONG cEntries;
- ULONG_PTR entryValue;
- PULONG_PTR pvHostEntries;
+ W32SymContext = SymParserCreate();
+ w32k = SdtLoadWin32kImage(W32SymContext);
+ if (w32k == NULL) {
+ *Status = ErrShadowWin32kLoadFail;
+ __leave;
+ }
- *ResolvedEntry = NULL;
+ if (Win32kApiSetTableExpected) {
+ //
+ // Locate Win32kApiSetTable variable. Failure will result in unresolved apiset adapters.
+ //
+ Win32kApiSetTable = SdtQueryWin32kApiSetTable(w32k,
+ w32Module->ImageBase,
+ w32Module->ImageSize);
- //
- // Lookup entry in table.
- //
- __try {
+ if (Win32kApiSetTable == 0) {
+ *Status = ErrShadowApiSetNotFound;
+ }
+ }
- while (pvTableEntry->Host) {
+ //
+ // Query win32k!W32pServiceLimit.
+ //
+ pServiceLimit = (PULONG)GetProcAddress(w32k, "W32pServiceLimit");
+ if (pServiceLimit == NULL) {
+ *Status = ErrShadowW32pServiceLimitNotFound;
+ __leave;
+ }
- cEntries = pvTableEntry->Host->HostEntriesCount;
- pvHostEntries = (PULONG_PTR)pvTableEntry->HostEntriesArray;
+ //
+ // Check whatever win32u is compatible with win32k data.
+ //
+ w32k_limit = *pServiceLimit;
+ if (w32k_limit != w32u_limit) {
+ *Status = ErrShadowWin32uMismatch;
+ __leave;
+ }
//
- // Search inside table host entry array.
+ // Query win32k!W32pServiceTable.
//
- do {
+ RtlSecureZeroMemory(&rfn, sizeof(RESOLVE_INFO));
+ if (!NT_SUCCESS(NtRawGetProcAddress(w32k, "W32pServiceTable", &rfn))) {
+ *Status = ErrShadowW32pServiceTableNotFound;
+ __leave;
+ }
- entryValue = (ULONG_PTR)pvHostEntries;
- pvHostEntries++;
+ //
+ // Query ApiSetMap
+ //
+ if (NeedApiSetResolve) {
- if (entryValue == LookupEntry) {
- *ResolvedEntry = (PVOID)pvTableEntry;
- resolveStatus = STATUS_SUCCESS;
- break;
+ if (!NtLdrApiSetLoadFromPeb(&schemaVersion, (PVOID*)&pvApiSetMap)) {
+ *Status = ErrShadowApiSetSchemaMapNotFound;
+ __leave;
}
- } while (--cEntries);
+ //
+ // Windows 10+ uses modern ApiSetSchema version, everything else not supported.
+ //
+ if (schemaVersion != API_SET_SCHEMA_VERSION_V6) {
+ *Status = ErrShadowApiSetSchemaVerUnknown;
+ __leave;
+ }
+ }
- pvTableEntry = (PW32K_API_SET_TABLE_ENTRY)RtlOffsetToPointer(pvTableEntry, EntrySize);
- }
- }
- __except (WOBJ_EXCEPTION_FILTER_LOG) {
- //
- // Should never be here. Only in case if table structure changed or ApiSetTable address points to invalid data.
- //
- return STATUS_ACCESS_VIOLATION;
- }
+ //
+ // Set global variables.
+ //
+ kernelWin32kBase = Win32kBase + (ULONG_PTR)rfn.Function - (ULONG_PTR)w32k;
- return resolveStatus;
-}
+ //
+ // Insert SystemRoot\System32\Drivers to the loader directories search list.
+ //
+ _strcpy(szBuffer, g_WinObj.szSystemDirectory);
+ _strcat(szBuffer, TEXT("\\drivers"));
+ SetDllDirectory(szBuffer);
-/*
-* SdtResolveServiceEntryModule
-*
-* Purpose:
-*
-* Find a module for shadow table entry by parsing apisets(if present) and/or forwarders (if present).
-*
-* Function return NTSTATUS value and sets ResolvedModule, ResolvedModuleName, FunctionName parameters.
-*
-*/
-_Success_(return == STATUS_SUCCESS)
-NTSTATUS SdtResolveServiceEntryModule(
- _In_ PBYTE FunctionPtr,
- _In_ HMODULE MappedWin32k,
- _In_opt_ PVOID ApiSetMap,
- _In_ ULONG_PTR Win32kApiSetTable,
- _In_ PWIN32_SHADOWTABLE ShadowTableEntry,
- _Out_ HMODULE * ResolvedModule,
- _Inout_ PANSI_STRING ResolvedModuleName,
- _Out_ LPCSTR * FunctionName
-)
-{
- BOOLEAN NeedApiSetResolve = (g_NtBuildNumber > 18885);
- BOOLEAN Win32kApiSetTableExpected = (g_NtBuildNumber > 18935);
+ //
+ // Build table.
+ //
+ pServiceTable = (PULONG)rfn.Function;
- ULONG ApiSetTableEntrySize;
+ for (c = 0; c < w32k_limit; ++c) {
- NTSTATUS resultStatus = STATUS_UNSUCCESSFUL, resolveStatus;
+ itable = table;
+ while (itable != 0) {
- HMODULE DllModule = NULL;
+ if (itable->Index == c + WIN32K_START_INDEX) {
- LONG32 JmpAddress;
- ULONG_PTR ApiSetReference;
+ itable->KernelStubAddress = pServiceTable[c];
+ fptr = (PBYTE)w32k + itable->KernelStubAddress;
+ itable->KernelStubAddress += Win32kBase;
- LPCSTR ModuleName;
- PWCHAR HostName;
+ //
+ // Resolve module name for table entry and load this module to the memory.
+ //
- W32K_API_SET_TABLE_ENTRY *pvApiSetEntry = NULL;
+ DllModule = NULL;
+ RtlSecureZeroMemory(&ResolvedModuleName, sizeof(ResolvedModuleName));
+ ntStatus = SdtResolveServiceEntryModule(fptr,
+ w32k,
+ pvApiSetMap,
+ Win32kApiSetTable,
+ itable,
+ &DllModule,
+ &ResolvedModuleName,
+ &FunctionName);
- UNICODE_STRING usApiSetEntry, usModuleName;
- hde64s hs;
+ if (!NT_SUCCESS(ntStatus)) {
+ SdtListReportResolveModuleError(ntStatus,
+ itable,
+ &ResolvedModuleName,
+ __FUNCTIONW__);
- *ResolvedModule = NULL;
+ break;
+ }
- hde64_disasm((void*)FunctionPtr, &hs);
- if (hs.flags & F_ERROR) {
- return STATUS_INTERNAL_ERROR;
- }
+ ModuleName = ResolvedModuleName.Buffer;
- do {
+ //
+ // Remember loaded module to the internal list.
+ //
+ ModuleEntry = (PLOAD_MODULE_ENTRY)supHeapAllocEx(EnumerationHeap,
+ sizeof(LOAD_MODULE_ENTRY));
- //
- // See if this is new Win32kApiSetTable adapter.
- //
- if (Win32kApiSetTableExpected && ApiSetMap) {
+ if (ModuleEntry) {
+ ModuleEntry->Next = LoadedModulesHead.Next;
+ ModuleEntry->hModule = DllModule;
+ LoadedModulesHead.Next = ModuleEntry;
+ }
- ApiSetReference = ApiSetExtractReferenceFromAdapter(FunctionPtr);
- if (ApiSetReference) {
+ //
+ // Check function forwarding.
+ //
+ if (!NT_SUCCESS(NtRawGetProcAddress(DllModule, FunctionName, &rfn))) {
+ //
+ // Log error.
+ //
+ SdtListReportFunctionResolveError(FunctionName);
+ break;
+ }
- if (g_NtBuildNumber >= NT_WINSRV_21H1)
- ApiSetTableEntrySize = sizeof(W32K_API_SET_TABLE_ENTRY_V2);
- else
- ApiSetTableEntrySize = sizeof(W32K_API_SET_TABLE_ENTRY);
+ //
+ // Function is forward, resolve again.
+ //
+ if (rfn.ResultType == ForwarderString) {
- resolveStatus = ApiSetResolveWin32kTableEntry(
- Win32kApiSetTable,
- ApiSetReference,
- ApiSetTableEntrySize,
- (PVOID*)&pvApiSetEntry);
+ ForwarderDot = _strchr_a(rfn.ForwarderName, '.');
+ ForwarderFunctionName = ForwarderDot + 1;
- if (!NT_SUCCESS(resolveStatus))
- return resolveStatus;
+ //
+ // Build forwarder module name.
+ //
+ RtlSecureZeroMemory(szForwarderModuleName, sizeof(szForwarderModuleName));
+ _strncpy_a(szForwarderModuleName, sizeof(szForwarderModuleName),
+ rfn.ForwarderName, ForwarderDot - &rfn.ForwarderName[0]);
- //
- // Host is on the same offset for both V1/V2 versions.
- //
- HostName = pvApiSetEntry->Host->HostName;
+ _strcat_a(szForwarderModuleName, ".SYS");
- RtlInitUnicodeString(&usApiSetEntry, HostName);
+ ForwardModule = (PRTL_PROCESS_MODULE_INFORMATION)ntsupFindModuleEntryByName(pModules,
+ szForwarderModuleName);
- resolveStatus = ApiSetLoadResolvedModule(
- ApiSetMap,
- &usApiSetEntry,
- ResolvedModuleName,
- &DllModule);
+ if (ForwardModule) {
- if (NT_SUCCESS(resolveStatus)) {
- if (DllModule) {
- *ResolvedModule = DllModule;
- *FunctionName = ShadowTableEntry->Name;
- return STATUS_SUCCESS;
- }
- else {
- return STATUS_DLL_NOT_FOUND;
- }
- }
- else {
- return resolveStatus;
- }
+ if (ForwarderFunctionName) {
- }
- else {
- resultStatus = STATUS_APISET_NOT_HOSTED;
- }
- }
+ forwdll = LoadLibraryExA(szForwarderModuleName, NULL, DONT_RESOLVE_DLL_REFERENCES);
+ if (forwdll) {
- JmpAddress = *(PLONG32)(FunctionPtr + (hs.len - 4)); // retrieve the offset
- FunctionPtr = FunctionPtr + hs.len + JmpAddress; // hs.len -> length of jmp instruction
+ //
+ // Remember loaded module to the internal list.
+ //
+ ModuleEntry = (PLOAD_MODULE_ENTRY)supHeapAllocEx(EnumerationHeap,
+ sizeof(LOAD_MODULE_ENTRY));
- *FunctionName = NtRawIATEntryToImport(MappedWin32k, FunctionPtr, &ModuleName);
- if (*FunctionName == NULL) {
- resultStatus = STATUS_PROCEDURE_NOT_FOUND;
- break;
- }
+ if (ModuleEntry) {
+ ModuleEntry->Next = LoadedModulesHead.Next;
+ ModuleEntry->hModule = forwdll;
+ LoadedModulesHead.Next = ModuleEntry;
+ }
- //
- // Convert module name to UNICODE.
- //
- if (RtlCreateUnicodeStringFromAsciiz(&usModuleName, (PSTR)ModuleName)) {
+ if (NT_SUCCESS(NtRawGetProcAddress(forwdll, ForwarderFunctionName, &rfn))) {
- //
- // Check whatever ApiSet resolving required.
- //
- if (NeedApiSetResolve) {
+ //
+ // Calculate routine kernel mode address.
+ //
+ itable->KernelStubTargetAddress =
+ (ULONG_PTR)ForwardModule->ImageBase + ((ULONG_PTR)rfn.Function - (ULONG_PTR)forwdll);
+ }
- if (ApiSetMap) {
- resolveStatus = ApiSetLoadResolvedModule(
- ApiSetMap,
- &usModuleName,
- ResolvedModuleName,
- &DllModule);
- }
- else {
- resolveStatus = STATUS_INVALID_PARAMETER_3;
- }
+ }
+ else {
+ //
+ // Log error.
+ //
+ SdtListReportEvent(EntryTypeError, __FUNCTIONW__, TEXT("could not load forwarded module"));
+ }
- if (!NT_SUCCESS(resolveStatus)) {
- RtlFreeUnicodeString(&usModuleName);
- return resolveStatus;
- }
+ } // if (ForwarderFunctionName)
+
+ }//if (ForwardModule)
+
+ }
+ else {
+ //
+ // Calculate routine kernel mode address.
+ //
+ subModule = (PRTL_PROCESS_MODULE_INFORMATION)ntsupFindModuleEntryByName(pModules, ModuleName);
+ if (subModule) {
+ itable->KernelStubTargetAddress =
+ (ULONG_PTR)subModule->ImageBase + ((ULONG_PTR)rfn.Function - (ULONG_PTR)DllModule);
+ }
+ RtlFreeAnsiString(&ResolvedModuleName);
+
+ }
+
+ } // if (itable->Index == c + WIN32K_START_INDEX)
+
+ itable = itable->NextService;
+
+ } //while (itable != 0);
}
- else {
+
+ //
+ // Output table.
+ //
+ W32pServiceTable.Table = (PSERVICETABLEENTRY)supHeapAlloc(sizeof(SERVICETABLEENTRY) * w32k_limit);
+ if (W32pServiceTable.Table) {
+
+ W32pServiceTable.Allocated = TRUE;
+ W32pServiceTable.Base = kernelWin32kBase;
+
//
- // No ApiSet resolve required, load as usual.
+ // Convert table to output format.
//
- DllModule = LoadLibraryEx(usModuleName.Buffer, NULL, DONT_RESOLVE_DLL_REFERENCES);
- RtlUnicodeStringToAnsiString(ResolvedModuleName, &usModuleName, TRUE);
+ W32pServiceTable.Limit = 0;
+ itable = table;
+ while (itable != 0) {
+
+ //
+ // Service Id.
+ //
+ ServiceEntry = &W32pServiceTable.Table[W32pServiceTable.Limit];
+
+ ServiceEntry->ServiceId = itable->Index;
+
+ //
+ // Routine real address.
+ //
+ if (itable->KernelStubTargetAddress) {
+ //
+ // Output stub target address.
+ //
+ ServiceEntry->Address = itable->KernelStubTargetAddress;
+
+ }
+ else {
+ //
+ // Query failed, output stub address.
+ //
+ ServiceEntry->Address = itable->KernelStubAddress;
+
+ }
+
+ //
+ // Remember service name.
+ //
+ MultiByteToWideChar(
+ CP_ACP,
+ 0,
+ itable->Name,
+ (INT)_strlen_a(itable->Name),
+ ServiceEntry->Name,
+ MAX_PATH);
+
+ W32pServiceTable.Limit += 1;
+
+ itable = itable->NextService;
+ }
+
}
- RtlFreeUnicodeString(&usModuleName);
+ } // if (W32pServiceTable.Allocated == FALSE)
- *ResolvedModule = DllModule;
- resultStatus = (DllModule != NULL) ? STATUS_SUCCESS : STATUS_DLL_NOT_FOUND;
+ bResult = W32pServiceTable.Allocated;
+
+ }
+ __finally {
+
+ if (AbnormalTermination())
+ supReportAbnormalTermination(__FUNCTIONW__);
+
+ //
+ // Restore default search order.
+ //
+ SetDllDirectory(NULL);
+
+ //
+ // Unload all loaded modules.
+ //
+ for (PreviousEntry = &LoadedModulesHead, ModuleEntry = LoadedModulesHead.Next;
+ ModuleEntry != NULL;
+ PreviousEntry = ModuleEntry, ModuleEntry = ModuleEntry->Next)
+ {
+ FreeLibrary(ModuleEntry->hModule);
}
+ if (EnumerationHeap) supDestroyHeap(EnumerationHeap);
+ if (w32u) FreeLibrary(w32u);
+ if (w32k) FreeLibrary(w32k);
+ if (W32SymContext) {
+ W32SymContext->Parser.UnloadModule(W32SymContext);
+ SymParserDestroy(W32SymContext);
+ W32SymContext = NULL;
+ }
- } while (FALSE);
+ }
- return resultStatus;
+ return bResult;
}
/*
-* SdtListReportEvent
+* SdtDlgCompareFunc
*
* Purpose:
*
-* Add entry to WinObjEx64 runtime log accessible through main menu.
+* KiServiceTable/W32pServiceTable Dialog listview comparer function.
*
*/
-VOID SdtListReportEvent(
- _In_ WOBJ_ENTRY_TYPE EventType,
- _In_ LPCWSTR FunctionName,
- _In_ LPCWSTR ErrorString
+INT CALLBACK SdtDlgCompareFunc(
+ _In_ LPARAM lParam1,
+ _In_ LPARAM lParam2,
+ _In_ LPARAM lParamSort //pointer to EXTRASCALLBACK
)
{
- WCHAR szBuffer[1024];
+ INT nResult = 0;
- RtlStringCchPrintfSecure(szBuffer,
- RTL_NUMBER_OF(szBuffer),
- TEXT("%ws, %ws"),
- FunctionName,
- ErrorString);
+ EXTRASCONTEXT* pDlgContext;
+ EXTRASCALLBACK* CallbackParam = (EXTRASCALLBACK*)lParamSort;
- logAdd(EventType, szBuffer);
+ if (CallbackParam == NULL)
+ return 0;
+
+ pDlgContext = &SSTDlgContext[CallbackParam->Value];
+
+ switch (pDlgContext->lvColumnToSort) {
+ case COLUMN_SDTLIST_INDEX: //index
+ return supGetMaxOfTwoULongFromString(
+ pDlgContext->ListView,
+ lParam1,
+ lParam2,
+ pDlgContext->lvColumnToSort,
+ pDlgContext->bInverseSort);
+ case COLUMN_SDTLIST_ADDRESS: //address (hex)
+ return supGetMaxOfTwoU64FromHex(
+ pDlgContext->ListView,
+ lParam1,
+ lParam2,
+ pDlgContext->lvColumnToSort,
+ pDlgContext->bInverseSort);
+ case COLUMN_SDTLIST_NAME: //string (fixed size)
+ case COLUMN_SDTLIST_MODULE: //string (fixed size)
+ return supGetMaxCompareTwoFixedStrings(
+ pDlgContext->ListView,
+ lParam1,
+ lParam2,
+ pDlgContext->lvColumnToSort,
+ pDlgContext->bInverseSort);
+ }
+
+ return nResult;
}
/*
-* SdtListReportFunctionResolveError
+* SdtListCreate
*
* Purpose:
*
-* Report function name resolve error.
+* (Re)Create service table list.
*
*/
-VOID SdtListReportFunctionResolveError(
- _In_ LPCSTR FunctionName
+VOID SdtListCreate(
+ _In_ HWND hwndDlg,
+ _In_ BOOL fRescan,
+ _In_ EXTRASCONTEXT * pDlgContext
)
{
- WCHAR szErrorBuffer[512];
+ BOOL bSuccess = FALSE;
+ ULONG returnStatus;
+ EXTRASCALLBACK CallbackParam;
+ PRTL_PROCESS_MODULES pModules = NULL;
+ LPWSTR lpStatusMsg;
- RtlSecureZeroMemory(szErrorBuffer, sizeof(szErrorBuffer));
+ __try {
- _strcpy(szErrorBuffer, TEXT("could not resolve function "));
- MultiByteToWideChar(CP_ACP, 0, FunctionName, -1, _strend(szErrorBuffer), MAX_PATH);
- _strcat(szErrorBuffer, TEXT(" address"));
- SdtListReportEvent(EntryTypeError, __FUNCTIONW__, szErrorBuffer);
-}
+ supStatusBarSetText(pDlgContext->StatusBar, 1, TEXT("Initializing table view"));
-/*
-* SdtListReportResolveModuleError
-*
-* Purpose:
-*
-* Report module resolve error.
-*
-*/
-VOID SdtListReportResolveModuleError(
- _In_ NTSTATUS Status,
- _In_ PWIN32_SHADOWTABLE Table,
- _In_ PSTRING ResolvedModuleName,
- _In_ LPCWSTR ErrorSource
-)
-{
- WCHAR szErrorBuffer[512];
+ pModules = (PRTL_PROCESS_MODULES)supGetLoadedModulesList(NULL);
+ if (pModules == NULL) {
- RtlSecureZeroMemory(szErrorBuffer, sizeof(szErrorBuffer));
+ supStatusBarSetText(pDlgContext->StatusBar, 1,
+ TEXT("Could not allocate memory for kernel modules list!"));
- //
- // Most of this errors are not critical and ok.
- //
+ __leave;
+ }
- switch (Status) {
+ if (pDlgContext->DialogMode == SST_Ntos) {
- case STATUS_INTERNAL_ERROR:
- _strcpy(szErrorBuffer, TEXT("HDE Error"));
- break;
+ if (fRescan) {
+ if (KiServiceTable.Allocated) {
+ KiServiceTable.Allocated = FALSE;
+ supHeapFree(KiServiceTable.Table);
+ KiServiceTable.Limit = 0;
+ }
+ }
- case STATUS_APISET_NOT_HOSTED:
- //
- // Corresponding apiset not found.
- //
- _strcpy(szErrorBuffer, TEXT("not an apiset adapter for "));
- MultiByteToWideChar(CP_ACP, 0, Table->Name, -1, _strend(szErrorBuffer), MAX_PATH);
- break;
+ bSuccess = SdtListCreateTable();
+ if (bSuccess) {
+ SdtListOutputTable(hwndDlg, pModules, &KiServiceTable);
+ }
+ else {
+ supStatusBarSetText(pDlgContext->StatusBar, 1, TEXT("Error dumping table"));
+ }
- case STATUS_APISET_NOT_PRESENT:
- //
- // ApiSet extension present but empty.
- //
- _strcpy(szErrorBuffer, TEXT("extension contains a host for a non-existent apiset "));
- MultiByteToWideChar(CP_ACP, 0, Table->Name, -1, _strend(szErrorBuffer), MAX_PATH);
- break;
+ }
+ else if (pDlgContext->DialogMode == SST_Win32k) {
- case STATUS_PROCEDURE_NOT_FOUND:
- //
- // Not a critical issue. This mean we cannot pass this service next to forwarder lookup code.
- //
- _strcpy(szErrorBuffer, TEXT("could not resolve function name in module for service id "));
- ultostr(Table->Index, _strend(szErrorBuffer));
- _strcat(szErrorBuffer, TEXT(", service name "));
- MultiByteToWideChar(CP_ACP, 0, Table->Name, -1, _strend(szErrorBuffer), MAX_PATH);
- break;
+ if (fRescan) {
+ if (W32pServiceTable.Allocated) {
+ W32pServiceTable.Allocated = FALSE;
+ supHeapFree(W32pServiceTable.Table);
+ W32pServiceTable.Limit = 0;
+ }
+ }
- case STATUS_DLL_NOT_FOUND:
+ bSuccess = SdtListCreateTableShadow(pModules, &returnStatus);
+ if (bSuccess) {
- _strcpy(szErrorBuffer, TEXT("could not load import dll "));
+ if (returnStatus == ErrShadowApiSetNotFound) {
+ supStatusBarSetText(pDlgContext->StatusBar, 1,
+ T_ERRSHADOW_APISETTABLE_NOT_FOUND);
+ }
- MultiByteToWideChar(CP_ACP,
- 0,
- ResolvedModuleName->Buffer,
- ResolvedModuleName->Length,
- _strend(szErrorBuffer),
- MAX_PATH);
+ SdtListOutputTable(hwndDlg, pModules, &W32pServiceTable);
+ }
+ else {
- break;
+ switch (returnStatus) {
+
+ case ErrShadowWin32kNotFound:
+ lpStatusMsg = T_ERRSHADOW_WIN32K_NOT_FOUND;
+ break;
+
+ case ErrShadowMemAllocFail:
+ lpStatusMsg = T_ERRSHADOW_MEMORY_NOT_ALLOCATED;
+ break;
+
+ case ErrShadowWin32uLoadFail:
+ lpStatusMsg = T_ERRSHADOW_WIN32U_LOAD_FAILED;
+ break;
+
+ case ErrShadowWin32kLoadFail:
+ lpStatusMsg = T_ERRSHADOW_WIN32K_LOAD_FAILED;
+ break;
+
+ case ErrShadowW32pServiceLimitNotFound:
+ lpStatusMsg = T_ERRSHADOW_WIN32KLIMIT_NOT_FOUND;
+ break;
+
+ case ErrShadowWin32uMismatch:
+ lpStatusMsg = T_ERRSHADOW_WIN32U_MISMATCH;
+ break;
+
+ case ErrShadowW32pServiceTableNotFound:
+ lpStatusMsg = T_ERRSHADOW_TABLE_NOT_FOUND;
+ break;
+
+ case ErrShadowApiSetSchemaMapNotFound:
+ lpStatusMsg = T_ERRSHADOW_APISETMAP_NOT_FOUND;
+ break;
+
+ case ErrShadowApiSetSchemaVerUnknown:
+ lpStatusMsg = T_ERRSHADOW_APISET_VER_UNKNOWN;
+ break;
+
+ default:
+ lpStatusMsg = TEXT("Unknown error");
+ break;
+ }
+
+ supStatusBarSetText(pDlgContext->StatusBar, 1, lpStatusMsg);
+ }
+ }
- default:
- //
- // Unexpected error code.
- //
- _strcpy(szErrorBuffer, TEXT("unexpected error 0x"));
- ultohex(Status, _strend(szErrorBuffer));
- break;
}
+ __finally {
- SdtListReportEvent(EntryTypeError, ErrorSource, szErrorBuffer);
+ if (AbnormalTermination())
+ supReportAbnormalTermination(__FUNCTIONW__);
+
+ if (pModules)
+ supHeapFree(pModules);
+
+ }
+
+ if (bSuccess) {
+ supStatusBarSetText(pDlgContext->StatusBar, 1, TEXT("Table read - OK"));
+ CallbackParam.lParam = 0;
+ CallbackParam.Value = pDlgContext->DialogMode;
+ ListView_SortItemsEx(pDlgContext->ListView, &SdtDlgCompareFunc, (LPARAM)&CallbackParam);
+ SetFocus(pDlgContext->ListView);
+ }
}
/*
-* SdtListCreateTableShadow
+* SdtHandlePopupMenu
*
* Purpose:
*
-* W32pServiceTable create table routine.
-*
-* Note: This code only for Windows 10 RS1+
+* Table list popup construction.
*
*/
-BOOL SdtListCreateTableShadow(
- _In_ PRTL_PROCESS_MODULES pModules,
- _Out_ PULONG Status
+VOID SdtHandlePopupMenu(
+ _In_ HWND hwndDlg,
+ _In_ LPPOINT lpPoint,
+ _In_ PVOID lpUserParam
)
{
- BOOLEAN NeedApiSetResolve = (g_NtBuildNumber > 18885);
- BOOLEAN Win32kApiSetTableExpected = (g_NtBuildNumber > 18935);
- NTSTATUS ntStatus;
- BOOL bResult = FALSE;
- ULONG w32u_limit, w32k_limit, c;
- HMODULE w32u = NULL, w32k = NULL, DllModule, forwdll;
- PBYTE fptr;
- PULONG pServiceLimit, pServiceTable;
- LPCSTR ModuleName, FunctionName, ForwarderDot, ForwarderFunctionName;
- HANDLE EnumerationHeap = NULL;
- ULONG_PTR Win32kBase = 0, kernelWin32kBase = 0;
-
- PSERVICETABLEENTRY ServiceEntry;
- PWIN32_SHADOWTABLE table, itable;
- RESOLVE_INFO rfn;
-
- ULONG_PTR Win32kApiSetTable = 0;
-
- PVOID pvApiSetMap = NULL;
- ULONG schemaVersion = 0;
+ HMENU hMenu;
+ UINT uPos = 0;
+ EXTRASCONTEXT* Context = (EXTRASCONTEXT*)lpUserParam;
- PRTL_PROCESS_MODULE_INFORMATION w32Module, subModule, ForwardModule;
+ hMenu = CreatePopupMenu();
+ if (hMenu) {
- LOAD_MODULE_ENTRY LoadedModulesHead;
- PLOAD_MODULE_ENTRY ModuleEntry = NULL, PreviousEntry = NULL;
+ if (supListViewAddCopyValueItem(hMenu,
+ Context->ListView,
+ ID_OBJECT_COPY,
+ uPos,
+ lpPoint,
+ &Context->lvItemHit,
+ &Context->lvColumnHit))
+ {
+ InsertMenu(hMenu, ++uPos, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
+ }
- ANSI_STRING ResolvedModuleName;
+ InsertMenu(hMenu, uPos++, MF_BYCOMMAND, ID_JUMPTOFILE, T_JUMPTOFILE);
+ InsertMenu(hMenu, uPos++, MF_BYCOMMAND, ID_SDTLIST_SAVE, T_EXPORTTOFILE);
+ InsertMenu(hMenu, uPos++, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
+ InsertMenu(hMenu, uPos++, MF_BYCOMMAND, ID_VIEW_REFRESH, T_VIEW_REFRESH);
- WCHAR szBuffer[MAX_PATH * 2];
- CHAR szForwarderModuleName[MAX_PATH];
+ TrackPopupMenu(hMenu,
+ TPM_RIGHTBUTTON | TPM_LEFTALIGN,
+ lpPoint->x,
+ lpPoint->y,
+ 0,
+ hwndDlg,
+ NULL);
- LoadedModulesHead.Next = NULL;
- LoadedModulesHead.hModule = NULL;
+ DestroyMenu(hMenu);
+ }
+}
- *Status = STATUS_SUCCESS;
+/*
+* SdtFreeGlobals
+*
+* Purpose:
+*
+* Release memory allocated for SDT table globals.
+*
+*/
+BOOL CALLBACK SdtFreeGlobals(
+ _In_opt_ PVOID Context
+)
+{
+ UNREFERENCED_PARAMETER(Context);
- __try {
-
- //
- // Check if table already built.
- //
- if (W32pServiceTable.Allocated == FALSE) {
-
- //
- // Find win32k loaded image base.
- //
- w32Module = (PRTL_PROCESS_MODULE_INFORMATION)ntsupFindModuleEntryByName(
- pModules,
- "win32k.sys");
-
- if (w32Module == NULL) {
- *Status = ErrShadowWin32kNotFound;
- __leave;
- }
-
- Win32kBase = (ULONG_PTR)w32Module->ImageBase;
-
- //
- // Prepare dedicated heap for exports enumeration.
- //
- EnumerationHeap = RtlCreateHeap(HEAP_GROWABLE, NULL, 0, 0, NULL, NULL);
- if (EnumerationHeap == NULL) {
- *Status = ErrShadowMemAllocFail;
- __leave;
- }
-
- //
- // Load win32u and dump exports, in KnownDlls.
- //
- w32u = LoadLibraryEx(TEXT("win32u.dll"), NULL, 0);
- if (w32u == NULL) {
- *Status = ErrShadowWin32uLoadFail;
- __leave;
- }
-
- w32u_limit = NtRawEnumW32kExports(EnumerationHeap, w32u, &table);
-
- //
- // Load win32k.
- //
-
- W32SymContext = SymParserCreate();
- w32k = SdtLoadWin32kImage(W32SymContext);
- if (w32k == NULL) {
- *Status = ErrShadowWin32kLoadFail;
- __leave;
- }
-
- if (Win32kApiSetTableExpected) {
- //
- // Locate Win32kApiSetTable variable. Failure will result in unresolved apiset adapters.
- //
- Win32kApiSetTable = SdtQueryWin32kApiSetTable(w32k,
- w32Module->ImageBase,
- w32Module->ImageSize);
-
- if (Win32kApiSetTable == 0) {
- *Status = ErrShadowApiSetNotFound;
- }
- }
-
- //
- // Query win32k!W32pServiceLimit.
- //
- pServiceLimit = (PULONG)GetProcAddress(w32k, KSA_W32pServiceLimit);
- if (pServiceLimit == NULL) {
- *Status = ErrShadowW32pServiceLimitNotFound;
- __leave;
- }
-
- //
- // Check whatever win32u is compatible with win32k data.
- //
- w32k_limit = *pServiceLimit;
- if (w32k_limit != w32u_limit) {
- *Status = ErrShadowWin32uMismatch;
- __leave;
- }
-
- //
- // Query win32k!W32pServiceTable.
- //
- RtlSecureZeroMemory(&rfn, sizeof(RESOLVE_INFO));
- if (!NT_SUCCESS(NtRawGetProcAddress(w32k, KSA_W32pServiceTable, &rfn))) {
- *Status = ErrShadowW32pServiceTableNotFound;
- __leave;
- }
-
- //
- // Query ApiSetMap
- //
- if (NeedApiSetResolve) {
-
- if (!NtLdrApiSetLoadFromPeb(&schemaVersion, (PVOID*)&pvApiSetMap)) {
- *Status = ErrShadowApiSetSchemaMapNotFound;
- __leave;
- }
-
- //
- // Windows 10+ uses modern ApiSetSchema version, everything else not supported.
- //
- if (schemaVersion != API_SET_SCHEMA_VERSION_V6) {
- *Status = ErrShadowApiSetSchemaVerUnknown;
- __leave;
- }
- }
-
- //
- // Set global variables.
- //
- kernelWin32kBase = Win32kBase + (ULONG_PTR)rfn.Function - (ULONG_PTR)w32k;
-
- //
- // Insert SystemRoot\System32\Drivers to the loader directories search list.
- //
- _strcpy(szBuffer, g_WinObj.szSystemDirectory);
- _strcat(szBuffer, TEXT("\\drivers"));
- SetDllDirectory(szBuffer);
-
- //
- // Build table.
- //
- pServiceTable = (PULONG)rfn.Function;
-
- for (c = 0; c < w32k_limit; ++c) {
-
- itable = table;
- while (itable != 0) {
-
- if (itable->Index == c + WIN32K_START_INDEX) {
-
- itable->KernelStubAddress = pServiceTable[c];
- fptr = (PBYTE)w32k + itable->KernelStubAddress;
- itable->KernelStubAddress += Win32kBase;
-
- //
- // Resolve module name for table entry and load this module to the memory.
- //
-
- DllModule = NULL;
- RtlSecureZeroMemory(&ResolvedModuleName, sizeof(ResolvedModuleName));
- ntStatus = SdtResolveServiceEntryModule(fptr,
- w32k,
- pvApiSetMap,
- Win32kApiSetTable,
- itable,
- &DllModule,
- &ResolvedModuleName,
- &FunctionName);
-
- if (!NT_SUCCESS(ntStatus)) {
-
- SdtListReportResolveModuleError(ntStatus,
- itable,
- &ResolvedModuleName,
- __FUNCTIONW__);
-
- break;
- }
-
- ModuleName = ResolvedModuleName.Buffer;
-
- //
- // Remember loaded module to the internal list.
- //
- ModuleEntry = (PLOAD_MODULE_ENTRY)RtlAllocateHeap(EnumerationHeap,
- HEAP_ZERO_MEMORY,
- sizeof(LOAD_MODULE_ENTRY));
-
- if (ModuleEntry) {
- ModuleEntry->Next = LoadedModulesHead.Next;
- ModuleEntry->hModule = DllModule;
- LoadedModulesHead.Next = ModuleEntry;
- }
-
- //
- // Check function forwarding.
- //
- if (!NT_SUCCESS(NtRawGetProcAddress(DllModule, FunctionName, &rfn))) {
- //
- // Log error.
- //
- SdtListReportFunctionResolveError(FunctionName);
- break;
- }
-
- //
- // Function is forward, resolve again.
- //
- if (rfn.ResultType == ForwarderString) {
-
- ForwarderDot = _strchr_a(rfn.ForwarderName, '.');
- ForwarderFunctionName = ForwarderDot + 1;
-
- //
- // Build forwarder module name.
- //
- RtlSecureZeroMemory(szForwarderModuleName, sizeof(szForwarderModuleName));
- _strncpy_a(szForwarderModuleName, sizeof(szForwarderModuleName),
- rfn.ForwarderName, ForwarderDot - &rfn.ForwarderName[0]);
-
- _strcat_a(szForwarderModuleName, ".SYS");
-
- ForwardModule = (PRTL_PROCESS_MODULE_INFORMATION)ntsupFindModuleEntryByName(pModules,
- szForwarderModuleName);
-
- if (ForwardModule) {
+ if (KiServiceTable.Allocated) {
+ supHeapFree(KiServiceTable.Table);
+ KiServiceTable.Allocated = FALSE;
+ }
+ if (W32pServiceTable.Allocated) {
+ supHeapFree(W32pServiceTable.Table);
+ W32pServiceTable.Allocated = FALSE;
+ }
- if (ForwarderFunctionName) {
+ return TRUE;
+}
- forwdll = LoadLibraryExA(szForwarderModuleName, NULL, DONT_RESOLVE_DLL_REFERENCES);
- if (forwdll) {
+/*
+* SdtDlgHandleNotify
+*
+* Purpose:
+*
+* WM_NOTIFY processing for dialog listview.
+*
+*/
+BOOL SdtDlgHandleNotify(
+ _In_ HWND hwndDlg,
+ _In_ LPARAM lParam
+)
+{
+ INT nImageIndex, iSelectionMark;
+ LPNMLISTVIEW pListView = (LPNMLISTVIEW)lParam;
+ LPWSTR lpItem;
+ HWND hwndListView;
- //
- // Remember loaded module to the internal list.
- //
- ModuleEntry = (PLOAD_MODULE_ENTRY)RtlAllocateHeap(EnumerationHeap,
- HEAP_ZERO_MEMORY,
- sizeof(LOAD_MODULE_ENTRY));
+ EXTRASCONTEXT* pDlgContext;
- if (ModuleEntry) {
- ModuleEntry->Next = LoadedModulesHead.Next;
- ModuleEntry->hModule = forwdll;
- LoadedModulesHead.Next = ModuleEntry;
- }
+ EXTRASCALLBACK CallbackParam;
+ WCHAR szBuffer[MAX_PATH + 1];
- if (NT_SUCCESS(NtRawGetProcAddress(forwdll, ForwarderFunctionName, &rfn))) {
+ if (pListView == NULL)
+ return FALSE;
- //
- // Calculate routine kernel mode address.
- //
- itable->KernelStubTargetAddress =
- (ULONG_PTR)ForwardModule->ImageBase + ((ULONG_PTR)rfn.Function - (ULONG_PTR)forwdll);
- }
+ if (pListView->hdr.idFrom != ID_EXTRASLIST)
+ return FALSE;
- }
- else {
- //
- // Log error.
- //
- SdtListReportEvent(EntryTypeError, __FUNCTIONW__, TEXT("could not load forwarded module"));
- }
+ hwndListView = pListView->hdr.hwndFrom;
- } // if (ForwarderFunctionName)
+ switch (pListView->hdr.code) {
- }//if (ForwardModule)
+ case LVN_COLUMNCLICK:
- }
- else {
- //
- // Calculate routine kernel mode address.
- //
- subModule = (PRTL_PROCESS_MODULE_INFORMATION)ntsupFindModuleEntryByName(pModules, ModuleName);
- if (subModule) {
- itable->KernelStubTargetAddress =
- (ULONG_PTR)subModule->ImageBase + ((ULONG_PTR)rfn.Function - (ULONG_PTR)DllModule);
- }
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
- RtlFreeAnsiString(&ResolvedModuleName);
+ pDlgContext->bInverseSort = (~pDlgContext->bInverseSort) & 1;
+ pDlgContext->lvColumnToSort = pListView->iSubItem;
+ CallbackParam.lParam = (LPARAM)pDlgContext->lvColumnToSort;
+ CallbackParam.Value = pDlgContext->DialogMode;
+ ListView_SortItemsEx(hwndListView, &SdtDlgCompareFunc, (LPARAM)&CallbackParam);
- }
+ nImageIndex = ImageList_GetImageCount(g_ListViewImages);
+ if (pDlgContext->bInverseSort)
+ nImageIndex -= 2;
+ else
+ nImageIndex -= 1;
- } // if (itable->Index == c + WIN32K_START_INDEX)
+ supUpdateLvColumnHeaderImage(
+ hwndListView,
+ pDlgContext->lvColumnCount,
+ pDlgContext->lvColumnToSort,
+ nImageIndex);
+ }
+ break;
- itable = itable->NextService;
+ case NM_DBLCLK:
- } //while (itable != 0);
+ iSelectionMark = ListView_GetSelectionMark(hwndListView);
+ if (iSelectionMark >= 0) {
+ lpItem = supGetItemText(hwndListView, iSelectionMark, 3, NULL);
+ if (lpItem) {
+ RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
+ if (supGetWin32FileName(lpItem, szBuffer, MAX_PATH))
+ supShowProperties(hwndDlg, szBuffer);
+ supHeapFree(lpItem);
}
+ }
+ break;
- //
- // Output table.
- //
- W32pServiceTable.Table = (PSERVICETABLEENTRY)supHeapAlloc(sizeof(SERVICETABLEENTRY) * w32k_limit);
- if (W32pServiceTable.Table) {
-
- W32pServiceTable.Allocated = TRUE;
- W32pServiceTable.Base = kernelWin32kBase;
-
- //
- // Convert table to output format.
- //
- W32pServiceTable.Limit = 0;
- itable = table;
- while (itable != 0) {
-
- //
- // Service Id.
- //
- ServiceEntry = &W32pServiceTable.Table[W32pServiceTable.Limit];
-
- ServiceEntry->ServiceId = itable->Index;
+ default:
+ return FALSE;
+ }
- //
- // Routine real address.
- //
- if (itable->KernelStubTargetAddress) {
- //
- // Output stub target address.
- //
- ServiceEntry->Address = itable->KernelStubTargetAddress;
+ return TRUE;
+}
- }
- else {
- //
- // Query failed, output stub address.
- //
- ServiceEntry->Address = itable->KernelStubAddress;
+/*
+* SdtDlgOnInit
+*
+* Purpose:
+*
+* KiServiceTable Dialog WM_INITDIALOG handler.
+*
+*/
+VOID SdtDlgOnInit(
+ _In_ HWND hwndDlg,
+ _In_ LPARAM lParam
+)
+{
+ INT iImage = ImageList_GetImageCount(g_ListViewImages) - 1;
+ EXTRASCONTEXT* pDlgContext = (EXTRASCONTEXT*)lParam;
- }
+ INT SbParts[] = { 400, -1 };
+ WCHAR szText[100];
- //
- // Remember service name.
- //
- MultiByteToWideChar(
- CP_ACP,
- 0,
- itable->Name,
- (INT)_strlen_a(itable->Name),
- ServiceEntry->Name,
- MAX_PATH);
+ LVCOLUMNS_DATA columnData[] =
+ {
+ { L"Id", 80, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, iImage },
+ { L"Service Name", 280, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, I_IMAGENONE },
+ { L"Address", 130, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, I_IMAGENONE },
+ { L"Module", 220, LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT, I_IMAGENONE }
+ };
- W32pServiceTable.Limit += 1;
+ SetProp(hwndDlg, T_DLGCONTEXT, (HANDLE)lParam);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
- itable = itable->NextService;
- }
+ pDlgContext->lvColumnHit = -1;
+ pDlgContext->lvItemHit = -1;
- }
+ pDlgContext->hwndDlg = hwndDlg;
+ pDlgContext->StatusBar = GetDlgItem(hwndDlg, ID_EXTRASLIST_STATUSBAR);
+ SendMessage(pDlgContext->StatusBar, SB_SETPARTS, 2, (LPARAM)&SbParts);
- } // if (W32pServiceTable.Allocated == FALSE)
+ _strcpy(szText, TEXT("Viewing "));
+ if (pDlgContext->DialogMode == SST_Ntos)
+ _strcat(szText, TEXT("ntoskrnl service table"));
+ else
+ _strcat(szText, TEXT("win32k service table"));
- bResult = W32pServiceTable.Allocated;
+ SetWindowText(hwndDlg, szText);
- }
- __finally {
+ extrasSetDlgIcon(pDlgContext);
- if (AbnormalTermination())
- supReportAbnormalTermination(__FUNCTIONW__);
+ pDlgContext->ListView = GetDlgItem(hwndDlg, ID_EXTRASLIST);
+ if (pDlgContext->ListView) {
//
- // Restore default search order.
+ // Set listview imagelist, style flags and theme.
//
- SetDllDirectory(NULL);
+ supSetListViewSettings(pDlgContext->ListView,
+ LVS_EX_FULLROWSELECT | LVS_EX_DOUBLEBUFFER | LVS_EX_LABELTIP,
+ FALSE,
+ TRUE,
+ g_ListViewImages,
+ LVSIL_SMALL);
//
- // Unload all loaded modules.
+ // And columns and remember their count.
//
- for (PreviousEntry = &LoadedModulesHead, ModuleEntry = LoadedModulesHead.Next;
- ModuleEntry != NULL;
- PreviousEntry = ModuleEntry, ModuleEntry = ModuleEntry->Next)
- {
- FreeLibrary(ModuleEntry->hModule);
- }
- if (EnumerationHeap) RtlDestroyHeap(EnumerationHeap);
- if (w32u) FreeLibrary(w32u);
- if (w32k) FreeLibrary(w32k);
+ pDlgContext->lvColumnCount = supAddLVColumnsFromArray(
+ pDlgContext->ListView,
+ columnData,
+ RTL_NUMBER_OF(columnData));
- if (W32SymContext) {
- W32SymContext->Parser.UnloadModule(W32SymContext);
- SymParserDestroy(W32SymContext);
- W32SymContext = NULL;
- }
+ SendMessage(hwndDlg, WM_SIZE, 0, 0);
+ supListViewEnableRedraw(pDlgContext->ListView, FALSE);
+ SdtListCreate(pDlgContext->hwndDlg, FALSE, pDlgContext);
+ supListViewEnableRedraw(pDlgContext->ListView, TRUE);
}
-
- return bResult;
}
/*
-* SdtListCreate
+* SdtDialogProc
*
* Purpose:
*
-* (Re)Create service table list.
+* KiServiceTable Dialog window procedure.
*
*/
-VOID SdtListCreate(
+INT_PTR CALLBACK SdtDialogProc(
_In_ HWND hwndDlg,
- _In_ BOOL fRescan,
- _In_ EXTRASCONTEXT * pDlgContext
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam
)
{
- BOOL bSuccess = FALSE;
- ULONG returnStatus;
- EXTRASCALLBACK CallbackParam;
- PRTL_PROCESS_MODULES pModules = NULL;
- LPWSTR lpStatusMsg;
-
- __try {
-
- supStatusBarSetText(pDlgContext->StatusBar, 1, TEXT("Initializing table view"));
-
- pModules = (PRTL_PROCESS_MODULES)supGetLoadedModulesList(NULL);
- if (pModules == NULL) {
-
- supStatusBarSetText(pDlgContext->StatusBar, 1,
- TEXT("Could not allocate memory for kernel modules list!"));
+ EXTRASCONTEXT* pDlgContext;
- __leave;
+ if (uMsg == g_WinObj.SettingsChangeMessage) {
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
+ extrasHandleSettingsChange(pDlgContext);
}
+ return TRUE;
+ }
- if (pDlgContext->DialogMode == SST_Ntos) {
-
- if (fRescan) {
- if (KiServiceTable.Allocated) {
- KiServiceTable.Allocated = FALSE;
- supHeapFree(KiServiceTable.Table);
- KiServiceTable.Limit = 0;
- }
- }
+ switch (uMsg) {
- bSuccess = SdtListCreateTable();
- if (bSuccess) {
- SdtListOutputTable(hwndDlg, pModules, &KiServiceTable);
- }
- else {
- supStatusBarSetText(pDlgContext->StatusBar, 1, TEXT("Error dumping table"));
- }
+ case WM_INITDIALOG:
+ SdtDlgOnInit(hwndDlg, lParam);
+ break;
+ case WM_GETMINMAXINFO:
+ if (lParam) {
+ supSetMinMaxTrackSize((PMINMAXINFO)lParam,
+ SDTDLG_TRACKSIZE_MIN_X,
+ SDTDLG_TRACKSIZE_MIN_Y,
+ TRUE);
}
- else if (pDlgContext->DialogMode == SST_Win32k) {
-
- if (fRescan) {
- if (W32pServiceTable.Allocated) {
- W32pServiceTable.Allocated = FALSE;
- supHeapFree(W32pServiceTable.Table);
- W32pServiceTable.Limit = 0;
- }
- }
-
- bSuccess = SdtListCreateTableShadow(pModules, &returnStatus);
- if (bSuccess) {
-
- if (returnStatus == ErrShadowApiSetNotFound) {
- supStatusBarSetText(pDlgContext->StatusBar, 1,
- T_ERRSHADOW_APISETTABLE_NOT_FOUND);
- }
+ break;
- SdtListOutputTable(hwndDlg, pModules, &W32pServiceTable);
- }
- else {
+ case WM_NOTIFY:
+ return SdtDlgHandleNotify(hwndDlg, lParam);
- switch (returnStatus) {
+ case WM_SIZE:
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
+ extrasSimpleListResize(hwndDlg);
+ }
+ break;
- case ErrShadowWin32kNotFound:
- lpStatusMsg = T_ERRSHADOW_WIN32K_NOT_FOUND;
- break;
+ case WM_DESTROY:
+ PostQuitMessage(0);
+ break;
- case ErrShadowMemAllocFail:
- lpStatusMsg = T_ERRSHADOW_MEMORY_NOT_ALLOCATED;
- break;
+ case WM_CLOSE:
+ pDlgContext = (EXTRASCONTEXT*)RemoveProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
+ extrasRemoveDlgIcon(pDlgContext);
+ }
+ DestroyWindow(hwndDlg);
+ break;
- case ErrShadowWin32uLoadFail:
- lpStatusMsg = T_ERRSHADOW_WIN32U_LOAD_FAILED;
- break;
+ case WM_COMMAND:
- case ErrShadowWin32kLoadFail:
- lpStatusMsg = T_ERRSHADOW_WIN32K_LOAD_FAILED;
- break;
+ switch (GET_WM_COMMAND_ID(wParam, lParam)) {
- case ErrShadowW32pServiceLimitNotFound:
- lpStatusMsg = T_ERRSHADOW_WIN32KLIMIT_NOT_FOUND;
- break;
+ case IDCANCEL:
+ SendMessage(hwndDlg, WM_CLOSE, 0, 0);
+ break;
- case ErrShadowWin32uMismatch:
- lpStatusMsg = T_ERRSHADOW_WIN32U_MISMATCH;
- break;
+ case ID_SDTLIST_SAVE:
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
- case ErrShadowW32pServiceTableNotFound:
- lpStatusMsg = T_ERRSHADOW_TABLE_NOT_FOUND;
- break;
+ if (supListViewExportToFile(
+ TEXT("Table.csv"),
+ hwndDlg,
+ pDlgContext->ListView))
+ {
+ supStatusBarSetText(pDlgContext->StatusBar, 1, T_LIST_EXPORT_SUCCESS);
+ }
- case ErrShadowApiSetSchemaMapNotFound:
- lpStatusMsg = T_ERRSHADOW_APISETMAP_NOT_FOUND;
- break;
+ }
+ break;
- case ErrShadowApiSetSchemaVerUnknown:
- lpStatusMsg = T_ERRSHADOW_APISET_VER_UNKNOWN;
- break;
+ case ID_VIEW_REFRESH:
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
+ supListViewEnableRedraw(pDlgContext->ListView, FALSE);
+ SdtListCreate(hwndDlg, TRUE, pDlgContext);
+ supListViewEnableRedraw(pDlgContext->ListView, TRUE);
+ }
+ break;
- default:
- lpStatusMsg = TEXT("Unknown error");
- break;
- }
+ case ID_JUMPTOFILE:
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
+ supJumpToFileListView(pDlgContext->ListView, 3);
+ }
+ break;
- supStatusBarSetText(pDlgContext->StatusBar, 1, lpStatusMsg);
+ case ID_OBJECT_COPY:
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
+ supListViewCopyItemValueToClipboard(pDlgContext->ListView,
+ pDlgContext->lvItemHit,
+ pDlgContext->lvColumnHit);
}
+ break;
+
}
- }
- __finally {
+ break;
- if (AbnormalTermination())
- supReportAbnormalTermination(__FUNCTIONW__);
+ case WM_CONTEXTMENU:
+ pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
+ if (pDlgContext) {
- if (pModules)
- supHeapFree(pModules);
+ supHandleContextMenuMsgForListView(hwndDlg,
+ wParam,
+ lParam,
+ pDlgContext->ListView,
+ (pfnPopupMenuHandler)SdtHandlePopupMenu,
+ (PVOID)pDlgContext);
+ }
+ break;
}
- if (bSuccess) {
- supStatusBarSetText(pDlgContext->StatusBar, 1, TEXT("Table read - OK"));
- CallbackParam.lParam = 0;
- CallbackParam.Value = pDlgContext->DialogMode;
- ListView_SortItemsEx(pDlgContext->ListView, &SdtDlgCompareFunc, (LPARAM)&CallbackParam);
- SetFocus(pDlgContext->ListView);
- }
+ return FALSE;
}
/*
diff --git a/Source/WinObjEx64/extras/extrasSSDTsup.h b/Source/WinObjEx64/extras/extrasSSDTsup.h
deleted file mode 100644
index 838f93fc..00000000
--- a/Source/WinObjEx64/extras/extrasSSDTsup.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2022
-*
-* TITLE: EXTRASSSDTSUP.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Header with search patterns and definitions used by SSDT dialog routines.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-
-#pragma once
-
-#define INVALID_SERVICE_ENTRY_ID 0xFFFFFFFF
-#define WIN32K_START_INDEX 0x1000
-
-typedef struct _SERVICETABLEENTRY {
- ULONG ServiceId;
- ULONG_PTR Address;
- WCHAR Name[MAX_PATH + 1];
-} SERVICETABLEENTRY, * PSERVICETABLEENTRY;
-
-typedef struct _SDT_TABLE {
- BOOL Allocated;
- ULONG Limit;
- ULONG_PTR Base;
- PSERVICETABLEENTRY Table;
-} SDT_TABLE, * PSDT_TABLE;
-
-typedef struct _W32K_API_SET_TABLE_HOST {
- PWCHAR HostName;
- PCHAR TableName;
- PCHAR TableSizeName;
- ULONG HostEntriesCount;
-} W32K_API_SET_TABLE_HOST, * PW32K_API_SET_TABLE_HOST;
-
-typedef struct _W32K_API_SET_TABLE_ENTRY {
- PVOID HostEntriesArray;
- W32K_API_SET_TABLE_HOST* Host;
-} W32K_API_SET_TABLE_ENTRY, * PW32K_API_SET_TABLE_ENTRY;
-
-typedef struct _W32K_API_SET_TABLE_ENTRY_V2 {
- PVOID HostEntriesArray;
- W32K_API_SET_TABLE_HOST* Host;
- W32K_API_SET_TABLE_HOST* AliasHost;
-} W32K_API_SET_TABLE_ENTRY_V2, * PW32K_API_SET_TABLE_ENTRY_V2;
-
-#define KSW_KiServiceTable L"KiServiceTable"
-#define KSW_KiServiceLimit L"KiServiceLimit"
-#define KSW_W32pServiceTable L"W32pServiceTable"
-#define KSW_W32pServiceLimit L"W32pServiceLimit"
-#define KSA_W32pServiceTable "W32pServiceTable"
-#define KSA_W32pServiceLimit "W32pServiceLimit"
-
-
-
-//
-// Win32kApiSetTable signatures
-//
-
-// lea reg, Win32kApiSetTable
-#define IL_Win32kApiSetTable 7
-
-//
-// InitializeWin32Call search pattern
-//
-// push rbp
-// push r12
-// push r13
-// push r14
-// push r15
-//
-BYTE g_pbInitializeWin32CallPattern[] = {
- 0x55, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57
-};
-
-//
-// Win32kApiSetTable adapter patterns
-//
-BYTE Win32kApiSetAdapterPattern1[] = {
- 0x4C, 0x8B, 0x15
-};
-BYTE Win32kApiSetAdapterPattern2[] = {
- 0x48, 0x8B, 0x05
-};
-BYTE Win32kApiSetAdapterPattern3[] = {
- 0x4C, 0x8B, 0x1D // mov r11, value
-};
-
-W32K_API_SET_LOOKUP_PATTERN W32kApiSetAdapters[] = {
- { sizeof(Win32kApiSetAdapterPattern1), Win32kApiSetAdapterPattern1 },
- { sizeof(Win32kApiSetAdapterPattern2), Win32kApiSetAdapterPattern2 },
- { sizeof(Win32kApiSetAdapterPattern3), Win32kApiSetAdapterPattern3 }
-};
diff --git a/Source/WinObjEx64/extras/extrasUSD.c b/Source/WinObjEx64/extras/extrasUSD.c
index 21ab91a4..22d7450a 100644
--- a/Source/WinObjEx64/extras/extrasUSD.c
+++ b/Source/WinObjEx64/extras/extrasUSD.c
@@ -4,9 +4,9 @@
*
* TITLE: EXTRASUSD.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2021
+* DATE: 19 Jun 2021
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,9 +15,8 @@
*
*******************************************************************************/
#include "global.h"
-#include "propObjectDump.h"
+#include "props.h"
#include "extras.h"
-#include "extrasUSD.h"
#include "treelist/treelist.h"
static EXTRASCONTEXT g_UsdDlgContext;
@@ -691,7 +690,7 @@ VOID UsdDialogOnInit(
)
{
UsdDumpSharedRegion(hwndDlg);
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
}
/*
diff --git a/Source/WinObjEx64/extras/extrasUSD.h b/Source/WinObjEx64/extras/extrasUSD.h
deleted file mode 100644
index 9e8633c9..00000000
--- a/Source/WinObjEx64/extras/extrasUSD.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2022
-*
-* TITLE: EXTRASUSD.H
-*
-* VERSION: 1.94
-*
-* DATE: 03 Jun 2022
-*
-* Common header file for Extras User Shared Data dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID extrasCreateUsdDialog(
- VOID);
diff --git a/Source/WinObjEx64/findDlg.c b/Source/WinObjEx64/findDlg.c
index abbbcbdc..02ba918e 100644
--- a/Source/WinObjEx64/findDlg.c
+++ b/Source/WinObjEx64/findDlg.c
@@ -4,9 +4,9 @@
*
* TITLE: FINDDLG.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 03 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,7 +15,6 @@
*
*******************************************************************************/
#include "global.h"
-#include "findDlg.h"
#define FINDDLG_TRACKSIZE_MIN_X 548
#define FINDDLG_TRACKSIZE_MIN_Y 230
@@ -143,27 +142,40 @@ INT CALLBACK FindDlgCompareFunc(
*
*/
VOID FindDlgAddListItem(
- _In_ HWND hList,
- _In_ LPWSTR ObjectName,
- _In_ LPWSTR TypeName
+ _In_ HWND hList,
+ _In_ PUNICODE_STRING ObjectName,
+ _In_ PUNICODE_STRING TypeName
)
{
- INT lvItemIndex;
- LVITEM lvItem;
+ BOOL bNeedFree = FALSE;
+ INT lvItemIndex;
+ LVITEM lvItem;
+ LPWSTR lpName;
+
+ UNICODE_STRING normalizedString;
+
+ bNeedFree = supNormalizeUnicodeStringForDisplay(g_obexHeap, ObjectName, &normalizedString);
+ if (bNeedFree)
+ lpName = normalizedString.Buffer;
+ else
+ lpName = ObjectName->Buffer;
RtlSecureZeroMemory(&lvItem, sizeof(lvItem));
lvItem.mask = LVIF_TEXT | LVIF_IMAGE;
- lvItem.pszText = ObjectName;
- lvItem.iImage = ObManagerGetImageIndexByTypeName(TypeName);
+ lvItem.pszText = lpName;
+ lvItem.iImage = ObManagerGetImageIndexByTypeName(TypeName->Buffer);
lvItem.iItem = MAXINT;
lvItemIndex = ListView_InsertItem(hList, &lvItem);
lvItem.mask = LVIF_TEXT;
lvItem.iSubItem = 1;
- lvItem.pszText = TypeName;
+ lvItem.pszText = TypeName->Buffer;
lvItem.iItem = lvItemIndex;
ListView_SetItem(hList, &lvItem);
+
+ if (bNeedFree)
+ supFreeDuplicatedUnicodeString(g_obexHeap, &normalizedString, FALSE);
}
/*
@@ -437,10 +449,12 @@ VOID FindDlgHandleSearch(
_In_ HWND hwndDlg
)
{
- WCHAR searchString[MAX_PATH + 1], typeName[MAX_PATH + 1];
- LPWSTR pnameStr = (LPWSTR)searchString, ptypeStr = (LPWSTR)typeName;
- PFO_LIST_ITEM flist, plist;
- ULONG cci;
+ WCHAR searchString[MAX_PATH + 1], typeName[MAX_PATH + 1];
+ PFO_LIST_ITEM flist, plist;
+ ULONG cci;
+
+ UNICODE_STRING usName, usType;
+ PUNICODE_STRING pusName = &usName, pusType = &usType;
supSetWaitCursor(TRUE);
EnableWindow(GetDlgItem(hwndDlg, ID_SEARCH_FIND), FALSE);
@@ -461,12 +475,21 @@ VOID FindDlgHandleSearch(
flist = NULL;
- if (searchString[0] == 0)
- pnameStr = NULL;
- if (typeName[0] == L'*')
- ptypeStr = 0;
+ if (searchString[0] == 0) {
+ pusName = NULL;
+ }
+ else {
+ RtlInitUnicodeString(&usName, searchString);
+ }
+ if (typeName[0] == L'*') {
+ pusType = NULL;
+ }
+ else {
+ RtlInitUnicodeString(&usType, typeName);
+ }
- FindObject(KM_OBJECTS_ROOT_DIRECTORY, pnameStr, ptypeStr, &flist);
+ FindObject(ObGetPredefinedUnicodeString(OBP_ROOT),
+ pusName, pusType, &flist);
//
// Disable listview redraw
@@ -475,7 +498,7 @@ VOID FindDlgHandleSearch(
cci = 0;
while (flist != NULL) {
- FindDlgAddListItem(g_FindDlgContext.SearchList, flist->ObjectName, flist->ObjectType);
+ FindDlgAddListItem(g_FindDlgContext.SearchList, &flist->ObjectName, &flist->ObjectType);
plist = flist->Prev;
supHeapFree(flist);
flist = plist;
@@ -564,7 +587,7 @@ VOID FindDlgOnInit(
}
FindDlgAddTypes(hwndDlg);
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
FindDlgResize(hwndDlg, &g_FindDlgContext);
SetActiveWindow(hwndDlg);
}
diff --git a/Source/WinObjEx64/findDlg.h b/Source/WinObjEx64/findDlg.h
deleted file mode 100644
index b2c85de1..00000000
--- a/Source/WinObjEx64/findDlg.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2022
-*
-* TITLE: FINDDLG.H
-*
-* VERSION: 1.94
-*
-* DATE: 04 Jun 2022
-*
-* Common header file for the Find Object dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID FindDlgCreate(
- VOID);
diff --git a/Source/WinObjEx64/global.h b/Source/WinObjEx64/global.h
index 317a1174..7720be5a 100644
--- a/Source/WinObjEx64/global.h
+++ b/Source/WinObjEx64/global.h
@@ -4,9 +4,9 @@
*
* TITLE: GLOBAL.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 02 Jun 2022
+* DATE: 19 Jun 2022
*
* Common header file for the Windows Object Explorer.
*
@@ -88,20 +88,21 @@
#include
#include
#include
+#include
+#include
#include
#include "resource.h"
#include "sdk/extdef.h"
-#include "wine.h"
#include "minirtl/minirtl.h"
#include "minirtl/rtltypes.h"
-#include "ntos\ntos.h"
-#include "ntos\ntalpc.h"
-#include "ntos\ntsup.h"
-#include "ntos\ntbuilds.h"
-#include "ntuser\ntuser.h"
+#include "ntos/ntos.h"
+#include "ntos/ntalpc.h"
+#include "ntos/ntsup.h"
+#include "ntos/ntbuilds.h"
+#include "ntuser/ntuser.h"
#define _NTDEF_
#include
@@ -109,18 +110,19 @@
#include "symparser.h"
#include "objects.h"
-#include "drivers\wdrvprv.h"
+#include "drivers/wdrvprv.h"
+#include "log/log.h"
#include "kldbg.h"
+#include "propCommon.h"
#include "ui.h"
-#include "sup.h"
-#include "supConsts.h"
+#include "sup/sup.h"
+#include "sup/wine.h"
+#include "hash.h"
+#include "extapi.h"
#include "list.h"
#include "excepth.h"
-#include "extapi.h"
#include "plugmngr.h"
-#include "hash.h"
-#include "log\log.h"
-#include "tests\testunit.h"
+#include "tests/testunit.h"
#if defined(__cplusplus)
#include
@@ -146,6 +148,23 @@ extern pqsort rtl_qsort;
#define RtlStringCchPrintfSecure rtl_swprintf_s
#define RtlQuickSort rtl_qsort
+typedef struct _WINOBJ_STATS {
+ ULONG TotalHeapAlloc;
+ ULONG TotalHeapFree;
+ ULONG TotalHeapsCreated;
+ ULONG TotalHeapsDestroyed;
+ ULONG TotalThreadsCreated;
+ ULONG64 TotalHeapMemoryAllocated;
+#ifdef _DEBUG
+ ULONG64 MaxHeapAllocatedBlockSize;
+#endif
+} WINOBJ_STATS, *PWINOBJ_STATS;
+
+extern WINOBJ_STATS g_WinObjStats;
+
+#define OBEX_STATS_INC(Name) (_InterlockedIncrement((LONG*)&g_WinObjStats.Name))
+#define OBEX_STATS_INC64(Name, Value) (_InlineInterlockedAdd64((LONG64*)&g_WinObjStats.Name, Value))
+
typedef struct _WINOBJ_GLOBALS {
BOOLEAN IsWine;
BOOLEAN ListViewDisplayGrid;
@@ -168,7 +187,9 @@ typedef struct _WINOBJ_GLOBALS {
ULONG CurrentDPI;
HINSTANCE hInstance;
HANDLE Heap;
- LPWSTR CurrentObjectPath;
+
+ LIST_ENTRY ObjectPathListHead;
+
pfnHtmlHelpW HtmlHelpW;
RTL_OSVERSIONINFOW osver;
@@ -180,11 +201,26 @@ typedef struct _WINOBJ_GLOBALS {
extern WINOBJ_GLOBALS g_WinObj;
+//
+// Shared heap
+//
+#define g_obexHeap g_WinObj.Heap
+
+//
+// Current object path list
+//
+#define g_ObjectPathListHead g_WinObj.ObjectPathListHead
+
#define g_ListViewImages g_WinObj.ListViewImages
#define g_ToolBarMenuImages g_WinObj.ToolBarMenuImages
#define g_hwndObjectList g_WinObj.ObjectListView
#define g_hwndObjectTree g_WinObj.ObjectTreeView
+
+//
+// Main program window
+//
#define g_hwndMain g_WinObj.MainWindow
+
#define g_hwndStatusBar g_WinObj.MainWindowStatusBar
#define g_hwndToolBar g_WinObj.MainWindowToolBar
#define g_hwndSplitter g_WinObj.MainWindowSplitter
diff --git a/Source/WinObjEx64/hash.c b/Source/WinObjEx64/hash.c
index e6a8a9f4..47ffa59d 100644
--- a/Source/WinObjEx64/hash.c
+++ b/Source/WinObjEx64/hash.c
@@ -4,9 +4,9 @@
*
* TITLE: HASH.C
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 13 May 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
diff --git a/Source/WinObjEx64/hash.h b/Source/WinObjEx64/hash.h
index c9f4329f..5657127a 100644
--- a/Source/WinObjEx64/hash.h
+++ b/Source/WinObjEx64/hash.h
@@ -4,9 +4,9 @@
*
* TITLE: HASH.H
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 13 May 2022
+* DATE: 19 Jun 2022
*
* Header file for the hash support routines.
*
diff --git a/Source/WinObjEx64/kldbg.c b/Source/WinObjEx64/kldbg.c
index 98228668..5e9b9184 100644
--- a/Source/WinObjEx64/kldbg.c
+++ b/Source/WinObjEx64/kldbg.c
@@ -4,9 +4,9 @@
*
* TITLE: KLDBG.C, based on KDSubmarine by Evilcry
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* MINIMUM SUPPORTED OS WINDOWS 7
*
@@ -32,12 +32,70 @@ KLDBGCONTEXT g_kdctx;
//Build number
ULONG g_NtBuildNumber;
+WCHAR g_ObNameNormalizationSymbol = OBJ_NAME_NORMALIZATION_SYMBOL;
+
//Callbacks
NOTIFICATION_CALLBACKS g_SystemCallbacks;
//Context private data
KLDBGPDATA g_kdpdata;
+static UNICODE_STRING g_usObjectsRootDirectory = {
+ sizeof(KM_OBJECTS_ROOT_DIRECTORY) - sizeof(WCHAR),
+ sizeof(KM_OBJECTS_ROOT_DIRECTORY),
+ KM_OBJECTS_ROOT_DIRECTORY
+};
+
+static UNICODE_STRING g_usDirectoryType = {
+ sizeof(OBTYPE_NAME_DIRECTORY) - sizeof(WCHAR),
+ sizeof(OBTYPE_NAME_DIRECTORY),
+ OBTYPE_NAME_DIRECTORY
+};
+
+static UNICODE_STRING g_usObjectTypesDirectory = {
+ sizeof(OBTYPES_DIRECTORY) - sizeof(WCHAR),
+ sizeof(OBTYPES_DIRECTORY),
+ OBTYPES_DIRECTORY
+};
+
+static UNICODE_STRING g_usGlobalRoot = {
+ sizeof(OB_GLOBALROOT) - sizeof(WCHAR),
+ sizeof(OB_GLOBALROOT),
+ OB_GLOBALROOT
+};
+
+static UNICODE_STRING g_usGlobalNamespace = {
+ sizeof(OB_GLOBALNAMESPACE) - sizeof(WCHAR),
+ sizeof(OB_GLOBALNAMESPACE),
+ OB_GLOBALNAMESPACE
+};
+
+/*
+* ObGetPredefinedUnicodeString
+*
+* Purpose:
+*
+* Return pointer to constant unicode string by id.
+*
+*/
+PUNICODE_STRING ObGetPredefinedUnicodeString(
+ _In_ ULONG Index
+)
+{
+ switch (Index) {
+ case OBP_GLOBALNAMESPACE:
+ return &g_usGlobalNamespace;
+ case OBP_GLOBAL:
+ return &g_usGlobalRoot;
+ case OBP_OBTYPES:
+ return &g_usObjectTypesDirectory;
+ case OBP_DIRECTORY:
+ return &g_usDirectoryType;
+ case OBP_ROOT:
+ default:
+ return &g_usObjectsRootDirectory;
+ }
+}
/*
* ObFindAddress
@@ -861,31 +919,23 @@ PVOID ObDumpFltFilterObjectVersionAware(
* Dump UNICODE_STRING from kernel space.
*
*/
+_Success_(return)
BOOLEAN kdDumpUnicodeString(
_In_ PUNICODE_STRING InputString,
_Out_ PUNICODE_STRING OutputString,
- _Out_opt_ PVOID* ReferenceBufferPtr,
- _In_ BOOLEAN IsKernelPtr
+ _Out_opt_ PVOID* ReferenceStringBuffer,
+ _In_ BOOLEAN IsKernelPointer
)
{
ULONG readBytes = 0;
- SIZE_T dumpSize;
LPWSTR lpStringBuffer;
- UNICODE_STRING uStr;
-
- OutputString->Buffer = NULL;
- OutputString->Length = 0;
- OutputString->MaximumLength = 0;
+ UNICODE_STRING string;
- if (ReferenceBufferPtr)
- *ReferenceBufferPtr = NULL;
-
- RtlInitEmptyUnicodeString(&uStr, NULL, 0);
-
- if (IsKernelPtr) {
+ if (IsKernelPointer) {
+ RtlInitEmptyUnicodeString(&string, NULL, 0);
if (kdReadSystemMemoryEx((ULONG_PTR)InputString,
- &uStr,
+ &string,
sizeof(UNICODE_STRING),
&readBytes))
{
@@ -894,40 +944,36 @@ BOOLEAN kdDumpUnicodeString(
}
}
else {
-
- uStr.Buffer = InputString->Buffer;
- uStr.Length = InputString->Length;
- uStr.MaximumLength = InputString->MaximumLength;
-
+ string = *InputString;
}
- if (uStr.Length == 0 || uStr.MaximumLength == 0)
+ if (string.Length == 0 || string.MaximumLength == 0)
return FALSE;
- dumpSize = (SIZE_T)uStr.MaximumLength + MAX_PATH;
- lpStringBuffer = (LPWSTR)supHeapAlloc(dumpSize);
- if (lpStringBuffer == NULL)
- return FALSE;
+ lpStringBuffer = (LPWSTR)supHeapAlloc(string.Length + sizeof(UNICODE_NULL));
+ if (lpStringBuffer) {
- if (kdReadSystemMemoryEx((ULONG_PTR)uStr.Buffer,
- lpStringBuffer,
- uStr.Length,
- &readBytes))
- {
- if (readBytes == uStr.Length) {
+ if (kdReadSystemMemoryEx((ULONG_PTR)string.Buffer,
+ lpStringBuffer,
+ string.Length,
+ &readBytes))
+ {
+ if (readBytes == string.Length) {
- OutputString->Buffer = lpStringBuffer;
- OutputString->Length = uStr.Length;
- OutputString->MaximumLength = uStr.MaximumLength;
+ OutputString->Buffer = lpStringBuffer;
+ OutputString->Length = string.Length;
+ OutputString->MaximumLength = string.MaximumLength;
- if (ReferenceBufferPtr)
- *ReferenceBufferPtr = uStr.Buffer;
+ if (ReferenceStringBuffer)
+ *ReferenceStringBuffer = string.Buffer;
- return TRUE;
+ return TRUE;
+ }
}
+
+ supHeapFree(lpStringBuffer);
}
- supHeapFree(lpStringBuffer);
return FALSE;
}
@@ -1524,84 +1570,39 @@ BOOL kdFindKiServiceTable(
}
/*
-* ObGetDirectoryObjectAddress
-*
-* Purpose:
-*
-* Obtain directory object kernel address by:
-* 1) opening directory by name
-* 2) quering resulted handle in NtQuerySystemInformation(SystemExtendedHandleInformation) handle dump
-*
-*/
-BOOL ObGetDirectoryObjectAddress(
- _In_opt_ LPWSTR lpDirectory,
- _Inout_ PULONG_PTR lpRootAddress,
- _Inout_opt_ PUSHORT lpTypeIndex
-)
-{
- BOOL bFound = FALSE;
- HANDLE hDirectory = NULL;
- LPWSTR lpTarget;
-
- if (lpRootAddress == NULL)
- return bFound;
-
- if (lpDirectory == NULL) {
- lpTarget = KM_OBJECTS_ROOT_DIRECTORY;
- }
- else {
- lpTarget = lpDirectory;
- }
-
- supOpenDirectory(&hDirectory, NULL, lpTarget, DIRECTORY_QUERY);
- if (hDirectory) {
-
- bFound = supQueryObjectFromHandle(hDirectory,
- lpRootAddress,
- lpTypeIndex);
-
- NtClose(hDirectory);
- }
- return bFound;
-}
-
-/*
-* ObQueryNameString
+* ObQueryNameStringFromAddress
*
* Purpose:
*
-* Reads object name from kernel memory.
+* Reads object name from kernel memory if present.
*
* If HeapHandle is g_WinObj use supHeapFree to release allocated memory.
*
*/
-LPWSTR ObQueryNameString(
+_Success_(return)
+BOOL ObQueryNameStringFromAddress(
+ _In_ HANDLE HeapHandle,
_In_ ULONG_PTR NameInfoAddress,
- _Out_opt_ PSIZE_T ReturnLength,
- _In_ HANDLE HeapHandle
+ _Out_ PUNICODE_STRING NameString
)
{
SIZE_T allocLength;
LPWSTR objectName = NULL;
-
OBJECT_HEADER_NAME_INFO nameInfo;
- if (ReturnLength)
- *ReturnLength = 0;
-
RtlSecureZeroMemory(&nameInfo, sizeof(OBJECT_HEADER_NAME_INFO));
if (kdReadSystemMemory(NameInfoAddress,
&nameInfo,
sizeof(OBJECT_HEADER_NAME_INFO)))
{
- if (nameInfo.Name.Length) {
+ if (nameInfo.Name.Length &&
+ supUnicodeStringValid(&nameInfo.Name)) {
- allocLength = nameInfo.Name.Length + sizeof(UNICODE_NULL);
+ allocLength = nameInfo.Name.Length;
- objectName = (LPWSTR)RtlAllocateHeap(HeapHandle,
- HEAP_ZERO_MEMORY,
- allocLength);
+ objectName = (LPWSTR)supHeapAllocEx(HeapHandle,
+ allocLength + sizeof(UNICODE_NULL));
if (objectName != NULL) {
@@ -1611,13 +1612,15 @@ LPWSTR ObQueryNameString(
objectName,
nameInfo.Name.Length))
{
- if (ReturnLength)
- *ReturnLength = allocLength;
+ NameString->Buffer = objectName;
+ NameString->Length = nameInfo.Name.Length;
+ NameString->MaximumLength = nameInfo.Name.MaximumLength;
+
+ return TRUE;
}
else {
- RtlFreeHeap(HeapHandle,
- 0,
+ supHeapFreeEx(HeapHandle,
objectName);
objectName = NULL;
@@ -1625,9 +1628,10 @@ LPWSTR ObQueryNameString(
}
}
+
}
- return objectName;
+ return FALSE;
}
/*
@@ -1650,16 +1654,16 @@ LPWSTR ObQueryNameString(
* Pointer to OBJINFO structure allocated from WinObjEx heap and filled with kernel data.
*
*/
-POBJINFO ObpCopyObjectBasicInfo(
+POBEX_OBJECT_INFORMATION ObpCopyObjectBasicInfo(
_In_ ULONG_PTR ObjectAddress,
_In_ ULONG_PTR ObjectHeaderAddress,
_In_ BOOL ObjectHeaderAddressValid,
_In_opt_ POBJECT_HEADER DumpedObjectHeader
)
{
- ULONG_PTR HeaderAddress = 0, InfoHeaderAddress = 0;
- POBJINFO lpData = NULL;
- OBJECT_HEADER ObjectHeader, * pObjectHeader;
+ ULONG_PTR HeaderAddress = 0, InfoHeaderAddress = 0;
+ OBJECT_HEADER ObjectHeader, *pObjectHeader;
+ POBEX_OBJECT_INFORMATION lpData = NULL;
//
// Convert object address to object header address.
@@ -1703,7 +1707,7 @@ POBJINFO ObpCopyObjectBasicInfo(
//
// Allocate OBJINFO structure, exit on fail.
//
- lpData = (POBJINFO)supHeapAlloc(sizeof(OBJINFO));
+ lpData = (POBEX_OBJECT_INFORMATION)supHeapAlloc(sizeof(OBEX_OBJECT_INFORMATION));
if (lpData == NULL)
return NULL;
@@ -1713,8 +1717,7 @@ POBJINFO ObpCopyObjectBasicInfo(
//
// Copy object header.
//
- supCopyMemory(&lpData->ObjectHeader,
- sizeof(OBJECT_HEADER),
+ RtlCopyMemory(&lpData->ObjectHeader,
pObjectHeader,
sizeof(OBJECT_HEADER));
@@ -1737,7 +1740,49 @@ POBJINFO ObpCopyObjectBasicInfo(
}
/*
-* ObpWalkDirectory
+* ObQueryObjectByAddress
+*
+* Purpose:
+*
+* Look for object at specified address.
+* Returned object memory must be released with supHeapFree when object is no longer needed.
+*
+*/
+POBEX_OBJECT_INFORMATION ObQueryObjectByAddress(
+ _In_ ULONG_PTR ObjectAddress
+)
+{
+ ULONG_PTR ObjectHeaderAddress;
+ OBJECT_HEADER ObjectHeader;
+
+ if (ObjectAddress < g_kdctx.SystemRangeStart)
+ return NULL;
+
+ if (!kdConnectDriver())
+ return NULL;
+
+ //
+ // Read object header, fail is critical.
+ //
+ RtlSecureZeroMemory(&ObjectHeader, sizeof(OBJECT_HEADER));
+ ObjectHeaderAddress = (ULONG_PTR)OBJECT_TO_OBJECT_HEADER(ObjectAddress);
+
+ if (!kdReadSystemMemory(ObjectHeaderAddress,
+ &ObjectHeader,
+ sizeof(OBJECT_HEADER)))
+ {
+ kdReportReadErrorSimple(__FUNCTIONW__, ObjectHeaderAddress, sizeof(OBJECT_HEADER));
+ return NULL;
+ }
+
+ return ObpCopyObjectBasicInfo(ObjectAddress,
+ ObjectHeaderAddress,
+ TRUE,
+ &ObjectHeader);
+}
+
+/*
+* ObpFindObjectInDirectory
*
* Purpose:
*
@@ -1750,262 +1795,194 @@ POBJINFO ObpCopyObjectBasicInfo(
* this routine change as we rely here only on HashBuckets which is on same offset.
*
*/
-POBJINFO ObpWalkDirectory(
- _In_ LPWSTR lpObjectToFind,
+POBEX_OBJECT_INFORMATION ObpFindObjectInDirectory(
+ _In_ PUNICODE_STRING ObjectName,
_In_ ULONG_PTR DirectoryAddress
)
{
- BOOL bFound = FALSE;
- UINT BucketId;
- SIZE_T retSize;
- LPWSTR lpObjectName;
+ BOOL bFound = FALSE;
+ ULONG i;
+ OBJECT_HEADER ObjectHeader;
+ OBJECT_DIRECTORY DirectoryObject;
+ OBJECT_DIRECTORY_ENTRY DirectoryEntry;
+
ULONG_PTR ObjectHeaderAddress, HeadItem, LookupItem, InfoHeaderAddress;
- OBJECT_HEADER ObjectHeader;
- OBJECT_DIRECTORY DirectoryObject;
- OBJECT_DIRECTORY_ENTRY DirectoryEntry;
+ UNICODE_STRING NameString;
- __try {
+ RtlSecureZeroMemory(&DirectoryObject, sizeof(OBJECT_DIRECTORY));
- if (lpObjectToFind == NULL)
- return NULL;
+ //
+ // Read object directory at address.
+ //
+ if (!kdReadSystemMemory(DirectoryAddress,
+ &DirectoryObject,
+ sizeof(OBJECT_DIRECTORY)))
+ {
+ kdReportReadErrorSimple(__FUNCTIONW__, DirectoryAddress, sizeof(OBJECT_DIRECTORY));
+ return NULL;
+ }
- //
- // Read object directory at address.
- //
- RtlSecureZeroMemory(&DirectoryObject, sizeof(OBJECT_DIRECTORY));
+ //
+ // Check if root special case.
+ //
+ if (supIsRootDirectory(ObjectName)) {
- if (!kdReadSystemMemory(DirectoryAddress,
- &DirectoryObject,
- sizeof(OBJECT_DIRECTORY)))
- {
- kdReportReadErrorSimple(__FUNCTIONW__, DirectoryAddress, sizeof(OBJECT_DIRECTORY));
- return NULL;
- }
+ return ObpCopyObjectBasicInfo(DirectoryAddress,
+ 0,
+ FALSE,
+ NULL);
- //
- // Check if root special case.
- //
- if (_strcmpi(lpObjectToFind, KM_OBJECTS_ROOT_DIRECTORY) == 0) {
+ }
- return ObpCopyObjectBasicInfo(DirectoryAddress,
- 0,
- FALSE,
- NULL);
- }
+ //
+ // Not a root directory, scan given object directory.
+ //
+ for (i = 0; i < NUMBER_HASH_BUCKETS; i++) {
- //
- // Not a root directory, scan given object directory.
- //
- for (BucketId = 0; BucketId < NUMBER_HASH_BUCKETS; BucketId++) {
+ HeadItem = (ULONG_PTR)DirectoryObject.HashBuckets[i];
+ if (HeadItem != 0) {
- HeadItem = (ULONG_PTR)DirectoryObject.HashBuckets[BucketId];
- if (HeadItem != 0) {
+ LookupItem = HeadItem;
- LookupItem = HeadItem;
+ do {
- do {
+ //
+ // Read object directory entry, exit on fail.
+ //
+ RtlSecureZeroMemory(&DirectoryEntry, sizeof(OBJECT_DIRECTORY_ENTRY));
- //
- // Read object directory entry, exit on fail.
- //
- RtlSecureZeroMemory(&DirectoryEntry, sizeof(OBJECT_DIRECTORY_ENTRY));
+ if (!kdReadSystemMemory(LookupItem,
+ &DirectoryEntry,
+ sizeof(OBJECT_DIRECTORY_ENTRY)))
+ {
+ kdReportReadErrorSimple(__FUNCTIONW__, LookupItem, sizeof(OBJECT_DIRECTORY_ENTRY));
+ break;
+ }
- if (!kdReadSystemMemory(LookupItem,
- &DirectoryEntry,
- sizeof(OBJECT_DIRECTORY_ENTRY)))
- {
- kdReportReadErrorSimple(__FUNCTIONW__, LookupItem, sizeof(OBJECT_DIRECTORY_ENTRY));
- break;
- }
+ //
+ // Read object header, skip entry on fail.
+ //
+ RtlSecureZeroMemory(&ObjectHeader, sizeof(OBJECT_HEADER));
+ ObjectHeaderAddress = (ULONG_PTR)OBJECT_TO_OBJECT_HEADER(DirectoryEntry.Object);
- //
- // Read object header, skip entry on fail.
- //
- RtlSecureZeroMemory(&ObjectHeader, sizeof(OBJECT_HEADER));
- ObjectHeaderAddress = (ULONG_PTR)OBJECT_TO_OBJECT_HEADER(DirectoryEntry.Object);
+ if (!kdReadSystemMemory(ObjectHeaderAddress,
+ &ObjectHeader,
+ sizeof(OBJECT_HEADER)))
+ {
+ kdReportReadErrorSimple(__FUNCTIONW__, ObjectHeaderAddress, sizeof(OBJECT_HEADER));
+ goto NextItem;
+ }
- if (!kdReadSystemMemory(ObjectHeaderAddress,
- &ObjectHeader,
- sizeof(OBJECT_HEADER)))
- {
- kdReportReadErrorSimple(__FUNCTIONW__, ObjectHeaderAddress, sizeof(OBJECT_HEADER));
- goto NextItem;
- }
+ //
+ // Check if object has name, skip entry on fail.
+ //
+ InfoHeaderAddress = 0;
+ if (!ObHeaderToNameInfoAddress(ObjectHeader.InfoMask,
+ ObjectHeaderAddress,
+ &InfoHeaderAddress,
+ HeaderNameInfoFlag))
+ {
+ goto NextItem;
+ }
+
+ //
+ // If object has name, query it.
+ //
+ if (ObQueryNameStringFromAddress(g_obexHeap,
+ InfoHeaderAddress,
+ &NameString))
+ {
//
- // Check if object has name, skip entry on fail.
+ // Compare object name with what we look for.
//
- InfoHeaderAddress = 0;
+ bFound = RtlEqualUnicodeString(ObjectName, &NameString, TRUE);
+ supHeapFreeEx(g_obexHeap, NameString.Buffer);
- if (!ObHeaderToNameInfoAddress(ObjectHeader.InfoMask,
- ObjectHeaderAddress,
- &InfoHeaderAddress,
- HeaderNameInfoFlag))
- {
- goto NextItem;
- }
+ if (bFound) {
- //
- // If object has name, query it.
- //
- retSize = 0;
- lpObjectName = ObQueryNameString(InfoHeaderAddress, &retSize, g_WinObj.Heap);
- if ((lpObjectName != NULL) && (retSize != 0)) {
+ return ObpCopyObjectBasicInfo(
+ (ULONG_PTR)DirectoryEntry.Object,
+ ObjectHeaderAddress,
+ TRUE,
+ &ObjectHeader);
- //
- // Compare full object names.
- //
- bFound = (_strcmpi(lpObjectName, lpObjectToFind) == 0);
- supHeapFree(lpObjectName);
+ }
- //
- // if they're identical, allocate item info and copy it.
- //
- if (bFound) {
+ }
- return ObpCopyObjectBasicInfo((ULONG_PTR)DirectoryEntry.Object,
- ObjectHeaderAddress,
- TRUE,
- &ObjectHeader);
+ NextItem:
+ LookupItem = (ULONG_PTR)DirectoryEntry.ChainLink;
- }
- }
+ } while (LookupItem != 0);
- NextItem:
- LookupItem = (ULONG_PTR)DirectoryEntry.ChainLink;
- } while (LookupItem != 0);
- }
- }
+ } // HeadItem != 0
+ } // for
- }
- __except (WOBJ_EXCEPTION_FILTER) {
- return NULL;
- }
return NULL;
}
-
+
/*
-* ObQueryObjectByAddress
+* ObGetObjectAddressForDirectory
*
* Purpose:
*
-* Look for object at specified address.
-* Returned object memory must be released with supHeapFree when object is no longer needed.
+* Obtain directory object kernel address by:
+* 1) opening directory by name
+* 2) quering resulted handle in NtQuerySystemInformation(SystemExtendedHandleInformation) handle dump
*
*/
-POBJINFO ObQueryObjectByAddress(
- _In_ ULONG_PTR ObjectAddress
+_Success_(return)
+BOOL ObGetObjectAddressForDirectory(
+ _In_ PUNICODE_STRING DirectoryName,
+ _Out_ PULONG_PTR lpRootAddress,
+ _Out_opt_ PUSHORT lpTypeIndex
)
{
- ULONG_PTR ObjectHeaderAddress;
- OBJECT_HEADER ObjectHeader;
+ BOOL bFound = FALSE;
+ HANDLE hDirectory = NULL;
- if (ObjectAddress < g_kdctx.SystemRangeStart)
- return NULL;
-
- if (!kdConnectDriver())
- return NULL;
-
- //
- // Read object header, fail is critical.
- //
- RtlSecureZeroMemory(&ObjectHeader, sizeof(OBJECT_HEADER));
- ObjectHeaderAddress = (ULONG_PTR)OBJECT_TO_OBJECT_HEADER(ObjectAddress);
+ if (!NT_SUCCESS(supOpenDirectoryEx(&hDirectory, NULL, DirectoryName, DIRECTORY_QUERY)))
+ return FALSE;
- if (!kdReadSystemMemory(ObjectHeaderAddress,
- &ObjectHeader,
- sizeof(OBJECT_HEADER)))
- {
- kdReportReadErrorSimple(__FUNCTIONW__, ObjectHeaderAddress, sizeof(OBJECT_HEADER));
- return NULL;
- }
+ bFound = supQueryObjectFromHandle(hDirectory,
+ lpRootAddress,
+ lpTypeIndex);
- return ObpCopyObjectBasicInfo(ObjectAddress,
- ObjectHeaderAddress,
- TRUE,
- &ObjectHeader);
+ NtClose(hDirectory);
+
+ return bFound;
}
/*
-* ObQueryObject
+* ObQueryObjectInDirectory
*
* Purpose:
*
* Look for object inside specified directory.
-* If object is directory look for it in upper directory.
* Returned object memory must be released with supHeapFree when object is no longer needed.
*
*/
-POBJINFO ObQueryObject(
- _In_ LPWSTR lpDirectory,
- _In_ LPWSTR lpObjectName
+POBEX_OBJECT_INFORMATION ObQueryObjectInDirectory(
+ _In_ PUNICODE_STRING ObjectName,
+ _In_ PUNICODE_STRING DirectoryName
)
{
- BOOL needFree = FALSE;
- ULONG_PTR DirectoryAddress;
- SIZE_T i, l, rdirLen, ldirSz;
- LPWSTR SingleDirName, LookupDirName;
+ ULONG_PTR directoryAddress = 0;
if (!kdConnectDriver())
return NULL;
- __try {
-
- LookupDirName = lpDirectory;
-
- //
- // 1) Check if object is directory self
- // Extract directory name and compare (case insensitive) with object name
- // Else go to 3
- //
- l = 0;
- rdirLen = _strlen(lpDirectory);
- for (i = 0; i < rdirLen; i++) {
- if (lpDirectory[i] == TEXT('\\'))
- l = i + 1;
- }
- SingleDirName = &lpDirectory[l];
- if (_strcmpi(SingleDirName, lpObjectName) == 0) {
- //
- // 2) If we are looking for directory itself, move search directory up
- // e.g. lpDirectory = \ObjectTypes, lpObjectName = ObjectTypes then lpDirectory = \
- //
- ldirSz = rdirLen * sizeof(WCHAR) + sizeof(UNICODE_NULL);
- LookupDirName = (LPWSTR)supHeapAlloc(ldirSz);
- if (LookupDirName == NULL)
- return NULL;
-
- needFree = TRUE;
-
- //special case for root
- if (l == 1) l++;
-
- supCopyMemory(LookupDirName, ldirSz, lpDirectory, (l - 1) * sizeof(WCHAR));
- }
-
- //
- // 3) Get Directory address where we will look for object
- //
- DirectoryAddress = 0;
- if (ObGetDirectoryObjectAddress(LookupDirName, &DirectoryAddress, NULL)) {
-
- if (needFree)
- supHeapFree(LookupDirName);
-
- //
- // 4) Find object in directory by name (case insensitive)
- //
- return ObpWalkDirectory(lpObjectName, DirectoryAddress);
-
- }
- }
-
- __except (WOBJ_EXCEPTION_FILTER) {
+ if (!ObGetObjectAddressForDirectory(DirectoryName,
+ &directoryAddress,
+ NULL))
+ {
return NULL;
}
- return NULL;
+
+ return ObpFindObjectInDirectory(ObjectName, directoryAddress);
}
/*
@@ -2102,7 +2079,7 @@ BOOL ObpEnumeratePrivateNamespaceTable(
OBJECT_NAMESPACE_ENTRY LookupEntry;
if (ListHeap == NULL)
- ListHeap = g_WinObj.Heap;
+ ListHeap = g_obexHeap;
//
// Dump namespace lookup table.
@@ -2171,8 +2148,7 @@ BOOL ObpEnumeratePrivateNamespaceTable(
//
// Allocate object entry
//
- ObjectEntry = (POBJREF)RtlAllocateHeap(ListHeap,
- HEAP_ZERO_MEMORY,
+ ObjectEntry = (POBJREF)supHeapAllocEx(ListHeap,
sizeof(OBJREF));
if (ObjectEntry) {
@@ -2213,9 +2189,7 @@ BOOL ObpEnumeratePrivateNamespaceTable(
//
// Copy object name if exist.
//
- ObjectEntry->ObjectName = ObQueryNameString(InfoHeaderAddress,
- NULL,
- ListHeap);
+ ObQueryNameStringFromAddress(ListHeap, InfoHeaderAddress, &ObjectEntry->Name);
}
@@ -2271,12 +2245,12 @@ BOOL ObEnumeratePrivateNamespaceTable(
typedef struct _OB_NAME_ELEMENT {
LIST_ENTRY ListEntry;
- LPCWSTR lpszName;
+ UNICODE_STRING Name;
} OB_NAME_ELEMENT, * POB_NAME_ELEMENT;
BOOL ObpAddNameElementEntry(
_In_ PLIST_ENTRY ListHead,
- _In_opt_ LPCWSTR ElementName
+ _In_ PUNICODE_STRING ElementName
)
{
POB_NAME_ELEMENT pObElement;
@@ -2285,7 +2259,7 @@ BOOL ObpAddNameElementEntry(
if (pObElement == NULL)
return FALSE;
- pObElement->lpszName = ElementName;
+ pObElement->Name = *ElementName;
InsertHeadList(ListHead, &pObElement->ListEntry);
@@ -2295,22 +2269,23 @@ BOOL ObpAddNameElementEntry(
BOOL ObpDumpNameElementSpecial(
_In_ PLIST_ENTRY ListHead,
_In_ LPWSTR SpecialElement,
- _In_ DWORD Size
+ _In_ ULONG Size
)
{
- SIZE_T allocSize;
- LPWSTR lpName;
+ UNICODE_STRING element;
+
+ element.Buffer = (PWSTR)supHeapAlloc(Size + sizeof(UNICODE_NULL));
- allocSize = Size + sizeof(UNICODE_NULL);
- lpName = (LPWSTR)supHeapAlloc(allocSize);
- if (lpName == NULL) {
+ if (element.Buffer == NULL) {
return FALSE;
}
+
+ _strcpy(element.Buffer, SpecialElement);
+ element.Length = (USHORT)(Size - sizeof(UNICODE_NULL));
+ element.MaximumLength = (USHORT)Size;
- _strcpy(lpName, SpecialElement);
-
- if (!ObpAddNameElementEntry(ListHead, lpName)) {
- supHeapFree(lpName);
+ if (!ObpAddNameElementEntry(ListHead, &element)) {
+ supHeapFree(element.Buffer);
return FALSE;
}
@@ -2323,9 +2298,9 @@ BOOL ObpDumpNameElement(
_Out_ PSIZE_T ElementLength
)
{
- SIZE_T allocSize;
USHORT nameLength;
- LPWSTR lpName;
+ LPWSTR stringBuffer;
+ UNICODE_STRING element;
*ElementLength = 0;
@@ -2333,22 +2308,25 @@ BOOL ObpDumpNameElement(
if (nameLength == 0)
return FALSE;
- allocSize = nameLength + sizeof(UNICODE_NULL);
- lpName = (LPWSTR)supHeapAlloc(allocSize);
- if (lpName == NULL) {
+ stringBuffer = (LPWSTR)supHeapAlloc(nameLength + sizeof(UNICODE_NULL));
+ if (stringBuffer == NULL) {
return FALSE;
}
if (!kdReadSystemMemory((ULONG_PTR)NameInformation->Name.Buffer,
- lpName,
+ stringBuffer,
nameLength))
{
- supHeapFree(lpName);
+ supHeapFree(stringBuffer);
return FALSE;
}
- if (!ObpAddNameElementEntry(ListHead, lpName)) {
- supHeapFree(lpName);
+ element.Buffer = stringBuffer;
+ element.Length = nameLength;
+ element.MaximumLength = nameLength + sizeof(UNICODE_NULL);
+
+ if (!ObpAddNameElementEntry(ListHead, &element)) {
+ supHeapFree(stringBuffer);
return FALSE;
}
@@ -2395,7 +2373,7 @@ SIZE_T ObpDumpObjectName(
objectHeaderAddress,
&headerInfoAddress,
HeaderNameInfoFlag))
- {
+ {
//
// Nothing to process, object is unnamed.
//
@@ -2414,7 +2392,7 @@ SIZE_T ObpDumpObjectName(
ObpDumpNameElementSpecial(ListHead, OBP_ERROR_NAME_LITERAL, OBP_ERROR_NAME_LITERAL_SIZE);
return OBP_ERROR_NAME_LITERAL_SIZE + sizeof(OBJ_NAME_PATH_SEPARATOR);
}
-
+
*NextObject = (ULONG_PTR)nameInfo.Directory;
if (ObpDumpNameElement(ListHead, &nameInfo, &pathLength))
@@ -2431,63 +2409,83 @@ SIZE_T ObpDumpObjectName(
* This routine if possible builds full object namespace path for given object.
*
*/
-LPWSTR ObQueryFullNamespacePath(
- _In_ ULONG_PTR ObjectAddress
+_Success_(return)
+BOOL ObQueryFullNamespacePath(
+ _In_ ULONG_PTR ObjectAddress,
+ _Out_ PUNICODE_STRING Path
)
{
- ULONG_PTR lookupObject = ObjectAddress, nextObject;
- LIST_ENTRY listHead, * listEntry;
- POB_NAME_ELEMENT pNameElement;
- LPWSTR lpObjectName = NULL;
- SIZE_T pathLength, totalLength;
+ BOOL bResult = FALSE;
+ ULONG_PTR LookupObject = ObjectAddress, NextObject;
+ LIST_ENTRY ListHead;
+ PLIST_ENTRY Next;
+ POB_NAME_ELEMENT pathElement;
+ PWSTR stringBuffer = NULL, string;
+ SIZE_T memIO, length;
- if (lookupObject == g_kdctx.DirectoryRootObject) {
+ UNICODE_STRING resultPath;
+
+ if (LookupObject == g_kdctx.DirectoryRootObject) {
+
+ return supDuplicateUnicodeString(g_obexHeap,
+ Path,
+ ObGetPredefinedUnicodeString(OBP_ROOT));
- lpObjectName = (LPWSTR)supHeapAlloc(sizeof(KM_OBJECTS_ROOT_DIRECTORY) + sizeof(UNICODE_NULL));
- if (lpObjectName) {
- _strcpy(lpObjectName, KM_OBJECTS_ROOT_DIRECTORY);
- }
- return lpObjectName;
}
- InitializeListHead(&listHead);
- totalLength = 0;
+ InitializeListHead(&ListHead);
+ memIO = 0;
- while ((lookupObject != g_kdctx.DirectoryRootObject) && (lookupObject != 0)) {
+ while ((LookupObject != g_kdctx.DirectoryRootObject) && (LookupObject != 0)) {
- nextObject = 0;
- totalLength += ObpDumpObjectName(&listHead, lookupObject, &nextObject);
- if (totalLength > UNICODE_STRING_MAX_BYTES)
+ NextObject = 0;
+ memIO += ObpDumpObjectName(&ListHead, LookupObject, &NextObject);
+ if (memIO > UNICODE_STRING_MAX_BYTES)
break;
- lookupObject = nextObject;
+ LookupObject = NextObject;
}
//
// Build path.
//
- if (!IsListEmpty(&listHead)) {
-
- lpObjectName = (LPWSTR)supHeapAlloc(totalLength + sizeof(UNICODE_NULL));
- if (lpObjectName) {
- pathLength = 0;
- listEntry = listHead.Flink;
- while ((listEntry != NULL) && (listEntry != &listHead)) {
- pNameElement = CONTAINING_RECORD(listEntry, OB_NAME_ELEMENT, ListEntry);
- if (pNameElement->lpszName) {
- lpObjectName[pathLength++] = OBJ_NAME_PATH_SEPARATOR;
- _strcpy(lpObjectName + pathLength, pNameElement->lpszName);
- pathLength += _strlen(pNameElement->lpszName);
- supHeapFree((PVOID)pNameElement->lpszName);
- }
- listEntry = listEntry->Flink;
- supHeapFree(pNameElement);
+ if (!IsListEmpty(&ListHead)) {
+
+ stringBuffer = (PWSTR)supHeapAlloc(memIO + sizeof(UNICODE_NULL));
+ if (stringBuffer) {
+
+ resultPath.MaximumLength = (USHORT)memIO + sizeof(UNICODE_NULL);
+ resultPath.Buffer = stringBuffer;
+
+ string = stringBuffer;
+ length = 0;
+
+ Next = ListHead.Flink;
+ while ((Next != NULL) && (Next != &ListHead)) {
+
+ pathElement = CONTAINING_RECORD(Next, OB_NAME_ELEMENT, ListEntry);
+
+ *string++ = OBJ_NAME_PATH_SEPARATOR;
+ length += sizeof(OBJ_NAME_PATH_SEPARATOR);
+
+ RtlCopyMemory(string, pathElement->Name.Buffer, pathElement->Name.Length);
+ string = (PWSTR)RtlOffsetToPointer(string, pathElement->Name.Length);
+ length += pathElement->Name.Length;
+
+ supFreeUnicodeString(g_obexHeap, &pathElement->Name);
+
+ Next = Next->Flink;
+
}
+
+ resultPath.Length = (USHORT)length;
+ *Path = resultPath;
+ bResult = TRUE;
}
}
- return lpObjectName;
+ return bResult;
}
/*
@@ -2582,11 +2580,14 @@ PVOID kdQueryIopInvalidDeviceRequest(
)
{
PVOID pHandler = NULL;
- POBJINFO pSelfObj;
ULONG_PTR drvObjectAddress;
DRIVER_OBJECT drvObject;
PWDRV_PROVIDER drvProvider;
+ POBEX_OBJECT_INFORMATION selfDriverObject;
+
+ UNICODE_STRING usDirectory, usName;
+
//
// Lookup using symbols.
//
@@ -2607,10 +2608,13 @@ PVOID kdQueryIopInvalidDeviceRequest(
drvProvider = g_kdctx.DriverContext.Provider;
if (drvProvider) {
- pSelfObj = ObQueryObject(L"\\Driver", drvProvider->DriverName);
- if (pSelfObj) {
+ RtlInitUnicodeString(&usName, drvProvider->DriverName);
+ RtlInitUnicodeString(&usDirectory, L"\\Driver");
+
+ selfDriverObject = ObQueryObjectInDirectory(&usName, &usDirectory);
+ if (selfDriverObject) {
- drvObjectAddress = pSelfObj->ObjectAddress;
+ drvObjectAddress = selfDriverObject->ObjectAddress;
RtlSecureZeroMemory(&drvObject, sizeof(drvObject));
@@ -2626,7 +2630,7 @@ PVOID kdQueryIopInvalidDeviceRequest(
if (!kdAddressInNtOsImage(pHandler))
pHandler = NULL;
}
- supHeapFree(pSelfObj);
+ supHeapFree(selfDriverObject);
}
}
}
@@ -2703,7 +2707,7 @@ VOID kdReportReadError(
WCHAR szBuffer[512];
RtlStringCchPrintfSecure(szBuffer,
- 512,
+ RTL_NUMBER_OF(szBuffer),
TEXT("%ws 0x%lX, read at 0x%llX, Iosb(0x%lX, 0x%lX), InputBufferLength 0x%lX"),
FunctionName,
Status,
@@ -2806,7 +2810,7 @@ BOOL kdLoadSymbolsForNtImage(
if (SymContext->ModuleBase != 0)
return TRUE;
- supDisplayLoadBanner(TEXT("Please wait...\r\n"), TEXT("Symbols loading"), TRUE);
+ supDisplayLoadBanner(TEXT("Please wait...\r\n"), TEXT("Symbols loading"));
bResult = SymContext->Parser.LoadModule(
SymContext,
@@ -2893,12 +2897,14 @@ BOOL kdQuerySystemInformation(
{
PKLDBGCONTEXT Context = (PKLDBGCONTEXT)lpParameter;
- //
- // Query "\\" directory address and remember directory object type index.
- //
- ObGetDirectoryObjectAddress(NULL,
- &Context->DirectoryRootObject,
- &Context->DirectoryTypeIndex);
+ if (Context->IsFullAdmin) {
+ //
+ // Query "\\" directory address and remember directory object type index.
+ //
+ ObGetObjectAddressForDirectory(ObGetPredefinedUnicodeString(OBP_ROOT),
+ &Context->DirectoryRootObject,
+ &Context->DirectoryTypeIndex);
+ }
//
// Remember system range start value.
@@ -3540,9 +3546,9 @@ BOOL kdGetFieldOffsetFromSymbol(
szLog[0] = 0;
RtlStringCchPrintfSecure(szLog,
RTL_NUMBER_OF(szLog),
- TEXT("%ws(%lu): \"%ws->%ws\", offset 0x%lX"),
+ TEXT("%ws(%ws): \"%ws->%ws\", offset 0x%lX"),
__FUNCTIONW__,
- bResult,
+ (bResult) ? L"SUCCESS" : L"FAIL",
SymbolName,
FieldName,
*Offset);
@@ -3632,9 +3638,9 @@ BOOL kdGetAddressFromSymbolEx(
szLog[0] = 0;
RtlStringCchPrintfSecure(szLog,
RTL_NUMBER_OF(szLog),
- TEXT("%ws(%lu): \"%ws\" address 0x%llX"),
+ TEXT("%ws(%ws): \"%ws\" address 0x%llX"),
__FUNCTIONW__,
- bResult,
+ (bResult) ? L"SUCCESS" : L"FAIL",
SymbolName,
address);
@@ -3770,44 +3776,51 @@ BOOL CALLBACK symCallbackProc(
*
*/
BOOL symInit(
- VOID
+ _In_opt_ LPWSTR lpSymbolPath,
+ _In_opt_ LPWSTR lpDbgHelpDll
)
{
ULONG cch;
WCHAR szFileName[MAX_PATH * 2];
+ LPWSTR dbgHelpDll = lpDbgHelpDll;
if (g_kdctx.NtOsSymContext != NULL)
return TRUE;
- szFileName[0] = 0;
- cch = GetCurrentDirectory(MAX_PATH, szFileName);
- if (cch > 0 && cch < MAX_PATH) {
-
- supPathAddBackSlash(szFileName);
+ if (lpDbgHelpDll == NULL) {
- _strcat(szFileName, TEXT("symdll\\dbghelp.dll"));
+ szFileName[0] = 0;
+ cch = GetCurrentDirectory(MAX_PATH, szFileName);
+ if (cch > 0 && cch < MAX_PATH) {
+ supPathAddBackSlash(szFileName);
+ _strcat(szFileName, TEXT("symdll\\dbghelp.dll"));
+ if (!PathFileExists(szFileName))
+ return FALSE;
+ }
+ else {
+ return FALSE;
+ }
- if (PathFileExists(szFileName)) {
+ dbgHelpDll = szFileName;
- if (SymGlobalsInit(
- SYMOPT_CASE_INSENSITIVE |
- SYMOPT_UNDNAME |
- SYMOPT_FAIL_CRITICAL_ERRORS |
- SYMOPT_EXACT_SYMBOLS |
- SYMOPT_AUTO_PUBLICS,
- NULL,
- szFileName,
- NULL,
- g_WinObj.szSystemDirectory,
- g_WinObj.szTempDirectory,
- (PSYMBOL_REGISTERED_CALLBACK64)symCallbackProc,
- (ULONG64)supSymCallbackReportEvent))
- {
- g_kdctx.NtOsSymContext = (PVOID)SymParserCreate();
- }
- }
+ }
+ if (SymGlobalsInit(
+ SYMOPT_CASE_INSENSITIVE |
+ SYMOPT_UNDNAME |
+ SYMOPT_FAIL_CRITICAL_ERRORS |
+ SYMOPT_EXACT_SYMBOLS |
+ SYMOPT_AUTO_PUBLICS,
+ NULL,
+ dbgHelpDll,
+ lpSymbolPath,
+ g_WinObj.szSystemDirectory,
+ g_WinObj.szTempDirectory,
+ (PSYMBOL_REGISTERED_CALLBACK64)symCallbackProc,
+ (ULONG64)supSymCallbackReportEvent))
+ {
+ g_kdctx.NtOsSymContext = (PVOID)SymParserCreate();
}
return (g_kdctx.NtOsSymContext != NULL);
@@ -3918,12 +3931,29 @@ VOID kdInit(
)
{
NTSTATUS ntStatus;
+ OBEX_CONFIG* obexConfig = supGetParametersBlock();
WCHAR szBuffer[MAX_PATH * 2];
+ LPWSTR lpSymbolPath = NULL, lpDbgHelpDll = NULL;
RtlSecureZeroMemory(&g_kdctx, sizeof(g_kdctx));
RtlSecureZeroMemory(&g_kdpdata, sizeof(g_kdpdata));
RtlSecureZeroMemory(&g_SystemCallbacks, sizeof(g_SystemCallbacks));
+ RtlSecureZeroMemory(obexConfig, sizeof(OBEX_CONFIG));
+
+ if (supReadObexConfiguration(obexConfig)) {
+
+ if (obexConfig->SymbolsDbgHelpDllValid)
+ lpDbgHelpDll = obexConfig->szSymbolsDbgHelpDll;
+
+ if (obexConfig->SymbolsPathValid)
+ lpSymbolPath = obexConfig->szSymbolsPath;
+
+ if (obexConfig->szNormalizationSymbol != 0)
+ g_ObNameNormalizationSymbol = obexConfig->szNormalizationSymbol;
+
+ }
+
g_kdctx.DriverContext.LoadStatus = STATUS_DRIVER_UNABLE_TO_LOAD;
g_kdctx.DriverContext.OpenStatus = STATUS_UNSUCCESSFUL;
@@ -3954,7 +3984,7 @@ VOID kdInit(
//
// Init symbol parser.
//
- symInit();
+ symInit(lpSymbolPath, lpDbgHelpDll);
//
// Query global variables.
@@ -3989,9 +4019,6 @@ VOID kdInit(
g_kdctx.MitigationFlags.Signature = TRUE;
g_kdctx.MitigationFlags.ASLRPolicy = TRUE;
break;
-
- default:
- break;
}
//
diff --git a/Source/WinObjEx64/kldbg.h b/Source/WinObjEx64/kldbg.h
index 4ae08eb9..bcf59e66 100644
--- a/Source/WinObjEx64/kldbg.h
+++ b/Source/WinObjEx64/kldbg.h
@@ -4,9 +4,9 @@
*
* TITLE: KLDBG.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 05 Jun 2022
+* DATE: 19 Jun 2022
*
* Common header file for the Kernel Debugger Driver support.
*
@@ -97,12 +97,17 @@
#define NT_REG_PREP L"\\Registry\\Machine"
#define DRIVER_REGKEY L"%wS\\System\\CurrentControlSet\\Services\\%wS"
+#define OBTYPES_DIRECTORY L"\\ObjectTypes"
+#define OB_GLOBALROOT L"\\GLOBAL??\\GLOBALROOT"
+#define OB_GLOBALNAMESPACE L"\\??"
#define OBJECT_SHIFT 8
#define KM_OBJECTS_ROOT_DIRECTORY L"\\"
#define OBJ_NAME_PATH_SEPARATOR L'\\'
+#define OBJ_NAME_NORMALIZATION_SYMBOL L'?'
+
#define MM_SYSTEM_RANGE_START_7 0xFFFF080000000000
#define MM_SYSTEM_RANGE_START_8 0xFFFF800000000000
@@ -122,6 +127,15 @@ typedef ULONG_PTR *PUTable;
#define OBP_ERROR_NONAME_LITERAL L""
#define OBP_ERROR_NONAME_LITERAL_SIZE (sizeof(OBP_ERROR_NONAME_LITERAL) - sizeof(UNICODE_NULL))
+//
+// Predefined strings
+//
+#define OBP_ROOT 0
+#define OBP_DIRECTORY 1
+#define OBP_OBTYPES 2
+#define OBP_GLOBAL 3
+#define OBP_GLOBALNAMESPACE 4
+
//enum with information flags used by ObGetObjectHeaderOffset
typedef enum _OBJ_HEADER_INFO_FLAG {
HeaderCreatorInfoFlag = 0x1,
@@ -267,14 +281,12 @@ typedef struct _KLDBG {
DWORD BufferSize;
}KLDBG, *PKLDBG;
-typedef struct _OBJINFO {
- LIST_ENTRY ListEntry;
- LPWSTR ObjectName;
+typedef struct _OBEX_OBJECT_INFORMATION {
ULONG_PTR HeaderAddress;
ULONG_PTR ObjectAddress;
OBJECT_HEADER_QUOTA_INFO ObjectQuotaHeader;
OBJECT_HEADER ObjectHeader;
-} OBJINFO, *POBJINFO;
+} OBEX_OBJECT_INFORMATION, * POBEX_OBJECT_INFORMATION;
typedef struct _OBJREFPNS {
ULONG SizeOfBoundaryInformation;
@@ -284,10 +296,11 @@ typedef struct _OBJREFPNS {
typedef struct _OBJREF {
LIST_ENTRY ListEntry;
- LPWSTR ObjectName;
+ UNICODE_STRING Name;
ULONG_PTR HeaderAddress;
ULONG_PTR ObjectAddress;
UCHAR TypeIndex;
+ WOBJ_OBJECT_TYPE ObjectTypeIndex;
OBJREFPNS PrivateNamespace;
} OBJREF, *POBJREF;
@@ -353,11 +366,35 @@ typedef struct _NOTIFICATION_CALLBACKS {
//
extern NOTIFICATION_CALLBACKS g_SystemCallbacks;
+//
+// Normalization symbol
+// (defined in kldbg.c)
+//
+extern WCHAR g_ObNameNormalizationSymbol;
+
typedef struct _W32K_API_SET_LOOKUP_PATTERN {
ULONG Size;
PVOID Data;
} W32K_API_SET_LOOKUP_PATTERN, *PW32K_API_SET_LOOKUP_PATTERN;
+typedef struct _W32K_API_SET_TABLE_HOST {
+ PWCHAR HostName;
+ PCHAR TableName;
+ PCHAR TableSizeName;
+ ULONG HostEntriesCount;
+} W32K_API_SET_TABLE_HOST, * PW32K_API_SET_TABLE_HOST;
+
+typedef struct _W32K_API_SET_TABLE_ENTRY {
+ PVOID HostEntriesArray;
+ W32K_API_SET_TABLE_HOST* Host;
+} W32K_API_SET_TABLE_ENTRY, * PW32K_API_SET_TABLE_ENTRY;
+
+typedef struct _W32K_API_SET_TABLE_ENTRY_V2 {
+ PVOID HostEntriesArray;
+ W32K_API_SET_TABLE_HOST* Host;
+ W32K_API_SET_TABLE_HOST* AliasHost;
+} W32K_API_SET_TABLE_ENTRY_V2, * PW32K_API_SET_TABLE_ENTRY_V2;
+
// return true to stop enumeration
typedef BOOL(CALLBACK* PENUMERATE_PRIVATE_NAMESPACE_CALLBACK)(
_In_ POBJREF Entry,
@@ -376,6 +413,9 @@ typedef BOOL(CALLBACK* PENUMERATE_UNLOADED_DRIVERS_CALLBACK)(
_In_opt_ PVOID Context
);
+PUNICODE_STRING ObGetPredefinedUnicodeString(
+ _In_ ULONG Index);
+
NTSTATUS ObIsValidUnicodeString(
_In_ PCUNICODE_STRING SourceString);
@@ -436,11 +476,7 @@ PVOID ObDumpFltFilterObjectVersionAware(
_Out_ PULONG Size,
_Out_ PULONG Version);
-POBJINFO ObQueryObject(
- _In_ LPWSTR lpDirectory,
- _In_ LPWSTR lpObjectName);
-
-POBJINFO ObQueryObjectByAddress(
+POBEX_OBJECT_INFORMATION ObQueryObjectByAddress(
_In_ ULONG_PTR ObjectAddress);
BOOL ObGetProcessImageFileName(
@@ -457,11 +493,29 @@ BOOL ObHeaderToNameInfoAddress(
_Inout_ PULONG_PTR HeaderInfoAddress,
_In_ OBJ_HEADER_INFO_FLAG InfoFlag);
+_Success_(return)
+BOOL ObQueryNameStringFromAddress(
+ _In_ HANDLE HeapHandle,
+ _In_ ULONG_PTR NameInfoAddress,
+ _Out_ PUNICODE_STRING NameString);
+
+_Success_(return)
+BOOL ObGetObjectAddressForDirectory(
+ _In_ PUNICODE_STRING DirectoryName,
+ _Out_ PULONG_PTR lpRootAddress,
+ _Out_opt_ PUSHORT lpTypeIndex);
+
+POBEX_OBJECT_INFORMATION ObQueryObjectInDirectory(
+ _In_ PUNICODE_STRING ObjectName,
+ _In_ PUNICODE_STRING DirectoryName);
+
PVOID ObGetCallbackBlockRoutine(
_In_ PVOID CallbackBlock);
-LPWSTR ObQueryFullNamespacePath(
- _In_ ULONG_PTR ObjectAddress);
+_Success_(return)
+BOOL ObQueryFullNamespacePath(
+ _In_ ULONG_PTR ObjectAddress,
+ _Out_ PUNICODE_STRING Path);
PVOID kdCreateObjectTypesList(
VOID);
@@ -566,11 +620,12 @@ BOOL kdGetAddressFromSymbolEx(
_In_ ULONG_PTR ImageSize,
_Inout_ ULONG_PTR* Address);
+_Success_(return)
BOOLEAN kdDumpUnicodeString(
_In_ PUNICODE_STRING InputString,
_Out_ PUNICODE_STRING OutputString,
- _Out_opt_ PVOID* ReferenceBufferPtr,
- _In_ BOOLEAN IsKernelPtr);
+ _Out_opt_ PVOID* ReferenceStringBuffer,
+ _In_ BOOLEAN IsKernelPointer);
USHORT kdGetAlpcPortTypeIndex();
diff --git a/Source/WinObjEx64/kldbg_patterns.h b/Source/WinObjEx64/kldbg_patterns.h
index 310518b6..7954c304 100644
--- a/Source/WinObjEx64/kldbg_patterns.h
+++ b/Source/WinObjEx64/kldbg_patterns.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2019 - 2021
+* (C) COPYRIGHT AUTHORS, 2019 - 2022
*
* TITLE: KLDBG_PATTERNS.H
*
-* VERSION: 1.90
+* VERSION: 2.00
*
-* DATE: 11 May 2021
+* DATE: 19 Jun 2022
*
* Header with search patterns used by KLDBG.
*
diff --git a/Source/WinObjEx64/ksymbols.h b/Source/WinObjEx64/ksymbols.h
index 6a32eb3d..6b26352d 100644
--- a/Source/WinObjEx64/ksymbols.h
+++ b/Source/WinObjEx64/ksymbols.h
@@ -4,9 +4,9 @@
*
* TITLE: KSYMBOLS.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 30 May 2022
+* DATE: 19 Jun 2022
*
* Header file for kernel symbol names.
*
diff --git a/Source/WinObjEx64/list.c b/Source/WinObjEx64/list.c
index f8efb3ae..fd8c6746 100644
--- a/Source/WinObjEx64/list.c
+++ b/Source/WinObjEx64/list.c
@@ -1,12 +1,14 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: LIST.C
*
-* VERSION: 1.90
+* VERSION: 2.00
*
-* DATE: 27 May 2021
+* DATE: 19 Jun 2022
+*
+* Program main object listing and search logic.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,6 +18,60 @@
*******************************************************************************/
#include "global.h"
+HANDLE ListObjectsHeap = NULL;
+HANDLE TreeObjectsHeap = NULL;
+
+BOOLEAN ListHeapCreate(
+ _Inout_ PHANDLE HeapHandle
+)
+{
+ HANDLE handle;
+
+ if (*HeapHandle)
+ supDestroyHeap(*HeapHandle);
+
+ handle = supCreateHeap(HEAP_GROWABLE, TRUE);
+ *HeapHandle = handle;
+
+ return (handle != NULL);
+}
+
+VOID ListHeapDestroy(
+ VOID
+)
+{
+ if (ListObjectsHeap) {
+ supDestroyHeap(ListObjectsHeap);
+ ListObjectsHeap = NULL;
+ }
+
+ if (TreeObjectsHeap) {
+ supDestroyHeap(TreeObjectsHeap);
+ TreeObjectsHeap = NULL;
+ }
+}
+
+POBEX_ITEM AllocateObjectItem(
+ _In_ HANDLE HeapHandle,
+ _In_ WOBJ_OBJECT_TYPE TypeIndex,
+ _In_ PUNICODE_STRING Name,
+ _In_ PUNICODE_STRING TypeName,
+ _In_opt_ OBEX_ITEM* Parent
+)
+{
+ POBEX_ITEM item;
+
+ item = supHeapAllocEx(HeapHandle, sizeof(OBEX_ITEM));
+ if (item) {
+ item->Prev = Parent;
+ item->TypeIndex = TypeIndex;
+ supDuplicateUnicodeString(HeapHandle, &item->Name, Name);
+ supDuplicateUnicodeString(HeapHandle, &item->TypeName, TypeName);
+ }
+
+ return item;
+}
+
/*
* GetNextSub
*
@@ -69,6 +125,7 @@ VOID ListToObject(
if (*ObjectName != L'\\')
return;
+ object[0] = 0;
ObjectName++;
item = TreeView_GetRoot(g_hwndObjectTree);
lastfound = item;
@@ -76,7 +133,6 @@ VOID ListToObject(
while ((item != NULL) && (*ObjectName != 0)) {
item = TreeView_GetChild(g_hwndObjectTree, item);
- object[0] = 0; //mars workaround
RtlSecureZeroMemory(object, sizeof(object));
ObjectName = GetNextSub(ObjectName, object);
currentfound = FALSE;
@@ -150,49 +206,83 @@ VOID ListToObject(
*
*/
HTREEITEM AddTreeViewItem(
- _In_ LPWSTR ItemName,
- _In_opt_ HTREEITEM Root
+ _In_ HANDLE HeapHandle,
+ _In_ PUNICODE_STRING ItemName,
+ _In_opt_ HTREEITEM Root,
+ _Inout_opt_ OBEX_ITEM** Parent
)
{
- TVINSERTSTRUCT item;
-
- RtlSecureZeroMemory(&item, sizeof(item));
- item.hParent = Root;
- item.item.mask = TVIF_TEXT | TVIF_SELECTEDIMAGE;
+ BOOL bNeedFree = FALSE;
+ HTREEITEM result;
+ TVINSERTSTRUCT treeItem;
+ OBEX_ITEM* objectRef;
+ UNICODE_STRING objectName;
+
+ bNeedFree = supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ ItemName,
+ &objectName);
+
+ if (!bNeedFree)
+ objectName = *ItemName;
+
+ RtlSecureZeroMemory(&treeItem, sizeof(treeItem));
+ treeItem.hParent = Root;
+ treeItem.item.mask = TVIF_TEXT | TVIF_SELECTEDIMAGE | TVIF_PARAM;
if (Root == NULL) {
- item.item.mask |= TVIF_STATE;
- item.item.state = TVIS_EXPANDED;
- item.item.stateMask = TVIS_EXPANDED;
+ treeItem.item.mask |= TVIF_STATE;
+ treeItem.item.state = TVIS_EXPANDED;
+ treeItem.item.stateMask = TVIS_EXPANDED;
}
- item.item.iSelectedImage = 1;
- item.item.pszText = ItemName;
- return TreeView_InsertItem(g_hwndObjectTree, &item);
+ treeItem.item.iSelectedImage = 1;
+
+ treeItem.item.pszText = objectName.Buffer;
+
+ objectRef = AllocateObjectItem(HeapHandle,
+ ObjectTypeDirectory,
+ ItemName,
+ ObGetPredefinedUnicodeString(OBP_DIRECTORY),
+ (Parent == NULL) ? NULL : *Parent);
+
+ if (Parent) *Parent = objectRef;
+
+ treeItem.item.lParam = (LPARAM)objectRef;
+
+ result = TreeView_InsertItem(g_hwndObjectTree, &treeItem);
+
+ if (bNeedFree)
+ supFreeUnicodeString(g_obexHeap, &objectName);
+
+ return result;
}
/*
-* ListObjectDirectoryTree
+* xxxListObjectDirectoryTree
*
* Purpose:
*
* List given directory to the treeview.
*
*/
-VOID ListObjectDirectoryTree(
- _In_ LPWSTR SubDirName,
+VOID xxxListObjectDirectoryTree(
+ _In_ HANDLE HeapHandle,
+ _In_ PUNICODE_STRING SubDirName,
_In_opt_ HANDLE RootHandle,
- _In_opt_ HTREEITEM ViewRootHandle
+ _In_opt_ HTREEITEM ViewRootHandle,
+ _In_opt_ OBEX_ITEM* Parent
+
)
{
- NTSTATUS ntStatus;
- ULONG queryContext = 0, rLength;
- HANDLE directoryHandle = NULL;
+ ULONG queryContext = 0, rLength;
+ NTSTATUS ntStatus;
+ HANDLE directoryHandle = NULL;
+ OBEX_ITEM* prevItem = Parent;
POBJECT_DIRECTORY_INFORMATION directoryEntry;
- ViewRootHandle = AddTreeViewItem(SubDirName, ViewRootHandle);
+ ViewRootHandle = AddTreeViewItem(HeapHandle, SubDirName, ViewRootHandle, &prevItem);
- supOpenDirectory(&directoryHandle, RootHandle, SubDirName, DIRECTORY_QUERY);
+ supOpenDirectoryEx(&directoryHandle, RootHandle, SubDirName, DIRECTORY_QUERY);
if (directoryHandle == NULL)
return;
@@ -206,17 +296,17 @@ VOID ListObjectDirectoryTree(
rLength = 1024 * 64;
}
else {
-
+
//
// Request required buffer length.
//
rLength = 0;
- ntStatus = NtQueryDirectoryObject(directoryHandle,
- NULL,
- 0,
- TRUE,
- FALSE,
- &queryContext,
+ ntStatus = NtQueryDirectoryObject(directoryHandle,
+ NULL,
+ 0,
+ TRUE,
+ FALSE,
+ &queryContext,
&rLength);
if (ntStatus != STATUS_BUFFER_TOO_SMALL)
@@ -240,14 +330,16 @@ VOID ListObjectDirectoryTree(
break;
}
- if (0 == _strncmpi(directoryEntry->TypeName.Buffer,
- OBTYPE_NAME_DIRECTORY,
- directoryEntry->TypeName.Length / sizeof(WCHAR)))
+ if (RtlEqualUnicodeString(
+ &directoryEntry->TypeName,
+ ObGetPredefinedUnicodeString(OBP_DIRECTORY),
+ TRUE))
{
- ListObjectDirectoryTree(
- directoryEntry->Name.Buffer,
+ xxxListObjectDirectoryTree(HeapHandle,
+ &directoryEntry->Name,
directoryHandle,
- ViewRootHandle);
+ ViewRootHandle,
+ prevItem);
}
supHeapFree(directoryEntry);
@@ -257,6 +349,25 @@ VOID ListObjectDirectoryTree(
NtClose(directoryHandle);
}
+/*
+* ListObjectDirectoryTree
+*
+* Purpose:
+*
+* List given directory to the treeview.
+*
+*/
+VOID ListObjectDirectoryTree(
+ _In_ PUNICODE_STRING SubDirName,
+ _In_opt_ HANDLE RootHandle,
+ _In_opt_ HTREEITEM ViewRootHandle
+)
+{
+ ListHeapCreate(&TreeObjectsHeap);
+ if (TreeObjectsHeap)
+ xxxListObjectDirectoryTree(TreeObjectsHeap, SubDirName, RootHandle, ViewRootHandle, NULL);
+}
+
/*
* AddListViewItem
*
@@ -266,34 +377,48 @@ VOID ListObjectDirectoryTree(
*
*/
VOID AddListViewItem(
+ _In_ HANDLE HeapHandle,
_In_ HANDLE RootDirectoryHandle,
- _In_ POBJECT_DIRECTORY_INFORMATION DirectoryObjectEntry
+ _In_ POBJECT_DIRECTORY_INFORMATION Entry,
+ _In_ OBEX_ITEM* Parent
)
{
- BOOL bFound = FALSE;
- INT lvItemIndex;
- PWSTR objectTypeName, objectName;
- LVITEM lvItem;
- WCHAR szBuffer[MAX_PATH + 1];
+ BOOL bFound = FALSE, bNameAllocated;
+ INT lvItemIndex;
+ PWSTR objectTypeName;
+ LVITEM lvItem;
+ WCHAR szBuffer[MAX_PATH + 1];
WOBJ_TYPE_DESC* typeDesc;
+ OBEX_ITEM* objRef;
+ UNICODE_STRING objectName, normalizedLinkTarget;
- if (!DirectoryObjectEntry) return;
-
- objectTypeName = DirectoryObjectEntry->TypeName.Buffer;
+ objectTypeName = Entry->TypeName.Buffer;
typeDesc = ObManagerGetEntryByTypeName(objectTypeName);
- objectName = DirectoryObjectEntry->Name.Buffer;
+ bNameAllocated = supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ &Entry->Name,
+ &objectName);
+
+ if (!bNameAllocated)
+ objectName = Entry->Name;
//
// Object name column.
//
RtlSecureZeroMemory(&lvItem, sizeof(lvItem));
lvItem.mask = LVIF_TEXT | LVIF_IMAGE | LVIF_PARAM;
- lvItem.pszText = objectName;
+ lvItem.pszText = objectName.Buffer;
lvItem.iItem = MAXINT;
lvItem.iImage = typeDesc->ImageIndex;
- lvItem.lParam = typeDesc->Index;
+
+ objRef = AllocateObjectItem(HeapHandle,
+ typeDesc->Index,
+ &Entry->Name,
+ &Entry->TypeName,
+ Parent);
+
+ lvItem.lParam = (LPARAM)objRef;
lvItemIndex = ListView_InsertItem(g_hwndObjectList, &lvItem);
//
@@ -308,64 +433,77 @@ VOID AddListViewItem(
RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
//
- // Look for object type in well known type names hashes.
- // If found - query information for additional description field.
+ // Special case for symbolic links as their link targets must be normalized before output.
+ // Do not bFound to TRUE so we will fall through the end of routine.
//
+ if (typeDesc->NameHash == OBTYPE_HASH_SYMBOLIC_LINK) {
+
+ if (supResolveSymbolicLinkTargetNormalized(
+ NULL,
+ RootDirectoryHandle,
+ &Entry->Name,
+ &normalizedLinkTarget))
+ {
+ lvItem.mask = LVIF_TEXT;
+ lvItem.iSubItem = 2;
+ lvItem.pszText = normalizedLinkTarget.Buffer;
+ lvItem.iItem = lvItemIndex;
+ ListView_SetItem(g_hwndObjectList, &lvItem);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &normalizedLinkTarget, FALSE);
+ }
- switch (typeDesc->NameHash) {
-
- case OBTYPE_HASH_SYMBOLIC_LINK:
-
- bFound = ntsupResolveSymbolicLink(RootDirectoryHandle,
- &DirectoryObjectEntry->Name,
- szBuffer,
- MAX_PATH * sizeof(WCHAR));
+ }
+ else {
+
+ //
+ // Look for object type in well known type names hashes.
+ // If found - query information for additional description field.
+ //
- break;
+ switch (typeDesc->NameHash) {
- case OBTYPE_HASH_SECTION:
-
- bFound = supQuerySectionFileInfo(RootDirectoryHandle,
- &DirectoryObjectEntry->Name,
- szBuffer,
- MAX_PATH);
+ case OBTYPE_HASH_SECTION:
- break;
+ bFound = supQuerySectionFileInfo(RootDirectoryHandle,
+ &Entry->Name,
+ szBuffer,
+ MAX_PATH);
- case OBTYPE_HASH_DRIVER:
+ break;
- bFound = supQueryDriverDescription(objectName,
- szBuffer,
- MAX_PATH);
+ case OBTYPE_HASH_DRIVER:
- break;
+ bFound = supQueryDriverDescription(objectName.Buffer,
+ szBuffer,
+ MAX_PATH);
- case OBTYPE_HASH_DEVICE:
+ break;
- bFound = supQueryDeviceDescription(objectName,
- szBuffer,
- MAX_PATH);
+ case OBTYPE_HASH_DEVICE:
- break;
+ bFound = supQueryDeviceDescription(NULL,
+ &Entry->Name,
+ szBuffer,
+ MAX_PATH);
- case OBTYPE_HASH_WINSTATION:
+ break;
- bFound = supQueryWinstationDescription(objectName,
- szBuffer,
- MAX_PATH);
+ case OBTYPE_HASH_WINSTATION:
- break;
+ bFound = supQueryWinstationDescription(objectName.Buffer,
+ szBuffer,
+ MAX_PATH);
- case OBTYPE_HASH_TYPE:
+ break;
- bFound = supQueryTypeInfo(objectName,
- szBuffer,
- MAX_PATH);
+ case OBTYPE_HASH_TYPE:
- break;
+ bFound = supQueryTypeInfo(&Entry->Name,
+ szBuffer,
+ MAX_PATH);
- default:
- break;
+ break;
+ }
}
//
@@ -378,29 +516,38 @@ VOID AddListViewItem(
lvItem.iItem = lvItemIndex;
ListView_SetItem(g_hwndObjectList, &lvItem);
}
+
+ if (bNameAllocated)
+ supFreeUnicodeString(g_obexHeap, &objectName);
}
/*
-* ListObjectsInDirectory
+* xxxListCurrentDirectoryObjects
*
* Purpose:
*
-* List given directory to the listview.
+* List directory objects to the listview.
*
*/
-VOID ListObjectsInDirectory(
- _In_ LPWSTR lpObjectDirectory
+VOID xxxListCurrentDirectoryObjects(
+ _In_ HANDLE HeapHandle,
+ _In_ OBEX_ITEM* Parent
)
{
- NTSTATUS ntStatus;
- ULONG queryContext = 0, rLength;
- HANDLE directoryHandle = NULL;
+ NTSTATUS ntStatus;
+ ULONG queryContext = 0, rLength;
+ HANDLE directoryHandle = NULL;
+ UNICODE_STRING usDirectoryName;
POBJECT_DIRECTORY_INFORMATION infoBuffer;
ListView_DeleteAllItems(g_hwndObjectList);
- supOpenDirectory(&directoryHandle, NULL, lpObjectDirectory, DIRECTORY_QUERY);
+ if (supGetCurrentObjectPath(TRUE, &usDirectoryName)) {
+ supOpenDirectoryEx(&directoryHandle, NULL, &usDirectoryName, DIRECTORY_QUERY);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &usDirectoryName, FALSE);
+ }
+
if (directoryHandle == NULL)
return;
@@ -445,7 +592,7 @@ VOID ListObjectsInDirectory(
&rLength);
if (NT_SUCCESS(ntStatus)) {
- AddListViewItem(directoryHandle, infoBuffer);
+ AddListViewItem(HeapHandle, directoryHandle, infoBuffer, Parent);
}
else {
supHeapFree(infoBuffer);
@@ -466,6 +613,112 @@ VOID ListObjectsInDirectory(
NtClose(directoryHandle);
}
+
+/*
+* ListCurrentDirectoryObjects
+*
+* Purpose:
+*
+* List directory objects to the listview.
+*
+*/
+VOID ListCurrentDirectoryObjects(
+ _In_ HTREEITEM ViewRootHandle
+)
+{
+ OBEX_ITEM* objRef = NULL;
+
+ ListHeapCreate(&ListObjectsHeap);
+ if (ListObjectsHeap) {
+
+ if (supGetTreeViewItemParam(g_hwndObjectTree,
+ ViewRootHandle,
+ &objRef))
+ {
+ xxxListCurrentDirectoryObjects(ListObjectsHeap, objRef);
+ }
+
+ }
+}
+
+PFO_LIST_ITEM AllocateFoundItem(
+ _In_ PFO_LIST_ITEM Previous,
+ _In_ PUNICODE_STRING DirectoryName,
+ _In_ POBJECT_DIRECTORY_INFORMATION InfoBuffer
+)
+{
+ PFO_LIST_ITEM Item;
+ SIZE_T BufferLength, TypeNameOffset;
+ PWCH String, StringBuffer;
+
+ BufferLength = sizeof(FO_LIST_ITEM) +
+ InfoBuffer->Name.Length +
+ InfoBuffer->TypeName.Length +
+ DirectoryName->Length +
+ sizeof(OBJ_NAME_PATH_SEPARATOR) +
+ 2 * sizeof(UNICODE_NULL);
+
+ Item = (PFO_LIST_ITEM)supHeapAlloc(BufferLength);
+ if (Item == NULL) {
+ supHeapFree(InfoBuffer);
+ return NULL;
+ }
+
+ Item->Prev = Previous;
+ Item->ObjectName.Buffer = (PWSTR)Item->NameBuffer;
+
+ TypeNameOffset = (SIZE_T)DirectoryName->Length +
+ (SIZE_T)InfoBuffer->Name.Length +
+ sizeof(OBJ_NAME_PATH_SEPARATOR) +
+ sizeof(UNICODE_NULL);
+
+ //
+ // Copy ObjectName.
+ //
+ Item->ObjectType.Buffer = (PWSTR)RtlOffsetToPointer(Item->NameBuffer, TypeNameOffset);
+ StringBuffer = Item->ObjectName.Buffer;
+ String = StringBuffer;
+
+ RtlCopyMemory(String, DirectoryName->Buffer, DirectoryName->Length);
+ String = (PWCH)RtlOffsetToPointer(Item->ObjectName.Buffer, DirectoryName->Length);
+
+ //
+ // Add separator if not root.
+ //
+ if (!supIsRootDirectory(DirectoryName))
+ *String++ = OBJ_NAME_PATH_SEPARATOR;
+
+ RtlCopyMemory(String, InfoBuffer->Name.Buffer, InfoBuffer->Name.Length);
+ String = (PWCH)RtlOffsetToPointer(String, InfoBuffer->Name.Length);
+ *String++ = UNICODE_NULL;
+
+ //
+ // Set new Length/MaximumLength to ObjectName.
+ //
+ BufferLength = (USHORT)((ULONG_PTR)String - (ULONG_PTR)StringBuffer);
+ Item->ObjectName.Length = (USHORT)BufferLength - sizeof(WCHAR);
+ Item->ObjectName.MaximumLength = (USHORT)BufferLength;
+
+ //
+ // Copy ObjectType.
+ //
+ StringBuffer = Item->ObjectType.Buffer;
+ String = StringBuffer;
+
+ RtlCopyMemory(String, InfoBuffer->TypeName.Buffer, InfoBuffer->TypeName.Length);
+ String = (PWCH)RtlOffsetToPointer(String, InfoBuffer->TypeName.Length);
+ *String++ = UNICODE_NULL;
+
+ //
+ // Set new Length/MaximumLength to ObjectType.
+ //
+ BufferLength = (USHORT)((ULONG_PTR)String - (ULONG_PTR)StringBuffer);
+ Item->ObjectType.Length = (USHORT)BufferLength - sizeof(WCHAR);
+ Item->ObjectType.MaximumLength = (USHORT)BufferLength;
+
+ return Item;
+}
+
/*
* FindObject
*
@@ -475,26 +728,27 @@ VOID ListObjectsInDirectory(
*
*/
VOID FindObject(
- _In_ LPWSTR DirName,
- _In_opt_ LPWSTR NameSubstring,
- _In_opt_ LPWSTR TypeName,
+ _In_ PUNICODE_STRING DirectoryName,
+ _In_opt_ PUNICODE_STRING NameSubstring,
+ _In_opt_ PUNICODE_STRING TypeName,
_In_ PFO_LIST_ITEM* List
)
{
- NTSTATUS status;
- ULONG ctx, rlen;
- HANDLE directoryHandle = NULL;
- SIZE_T sdlen;
- LPWSTR newdir;
- PFO_LIST_ITEM tmp;
+ NTSTATUS status;
+ ULONG ctx, rlen;
+ HANDLE directoryHandle = NULL;
+
+ PFO_LIST_ITEM Item;
+ SIZE_T NameSize, BufferLength;
+ PWCH ObjectName, String;
+ UNICODE_STRING SubDirectory;
- POBJECT_DIRECTORY_INFORMATION objinf;
+ POBJECT_DIRECTORY_INFORMATION InfoBuffer;
- supOpenDirectory(&directoryHandle, NULL, DirName, DIRECTORY_QUERY);
+ supOpenDirectoryEx(&directoryHandle, NULL, DirectoryName, DIRECTORY_QUERY);
if (directoryHandle == NULL)
return;
- sdlen = _strlen(DirName);
ctx = 0;
do {
@@ -512,66 +766,99 @@ VOID FindObject(
break;
}
- objinf = (POBJECT_DIRECTORY_INFORMATION)supHeapAlloc((SIZE_T)rlen);
- if (objinf == NULL)
+ InfoBuffer = (POBJECT_DIRECTORY_INFORMATION)supHeapAlloc((SIZE_T)rlen);
+ if (InfoBuffer == NULL)
break;
- status = NtQueryDirectoryObject(directoryHandle, objinf, rlen, TRUE, FALSE, &ctx, &rlen);
+ status = NtQueryDirectoryObject(directoryHandle, InfoBuffer, rlen, TRUE, FALSE, &ctx, &rlen);
if (!NT_SUCCESS(status)) {
- supHeapFree(objinf);
+ supHeapFree(InfoBuffer);
break;
}
- if ((_strstri(objinf->Name.Buffer, NameSubstring) != 0) || (NameSubstring == NULL))
- if ((_strcmpi(objinf->TypeName.Buffer, TypeName) == 0) || (TypeName == NULL)) {
+ if (TypeName) {
- tmp = (PFO_LIST_ITEM)supHeapAlloc(sizeof(FO_LIST_ITEM) +
- objinf->Name.Length +
- objinf->TypeName.Length +
- (sdlen + 4) * sizeof(WCHAR));
+ if (RtlEqualUnicodeString(&InfoBuffer->TypeName, TypeName, TRUE)) {
- if (tmp == NULL) {
- supHeapFree(objinf);
- break;
- }
- tmp->Prev = *List;
- tmp->ObjectName = tmp->NameBuffer;
- tmp->ObjectType = tmp->NameBuffer + sdlen + 2 + objinf->Name.Length / sizeof(WCHAR);
- _strcpy(tmp->ObjectName, DirName);
- if ((DirName[0] == L'\\') && (DirName[1] == 0)) {
- _strncpy(tmp->ObjectName + sdlen, 1 + objinf->Name.Length / sizeof(WCHAR),
- objinf->Name.Buffer, objinf->Name.Length / sizeof(WCHAR));
+ if (NameSubstring) {
+
+ if (ULLONG_MAX != supFindUnicodeStringSubString(&InfoBuffer->Name, NameSubstring)) {
+ Item = AllocateFoundItem(*List, DirectoryName, InfoBuffer);
+ if (Item == NULL)
+ break;
+
+ *List = Item;
+ }
}
else {
- tmp->ObjectName[sdlen] = L'\\';
- _strncpy(tmp->ObjectName + sdlen + 1, 1 + objinf->Name.Length / sizeof(WCHAR),
- objinf->Name.Buffer, objinf->Name.Length / sizeof(WCHAR));
- }
- _strncpy(tmp->ObjectType, 1 + objinf->TypeName.Length / sizeof(WCHAR),
- objinf->TypeName.Buffer, objinf->TypeName.Length / sizeof(WCHAR));
- *List = tmp;
- };
-
- if (_strcmpi(objinf->TypeName.Buffer, OBTYPE_NAME_DIRECTORY) == 0) {
-
- newdir = (LPWSTR)supHeapAlloc((sdlen + 4) * sizeof(WCHAR) + objinf->Name.Length);
- if (newdir != NULL) {
- _strcpy(newdir, DirName);
- if ((DirName[0] == L'\\') && (DirName[1] == 0)) {
- _strncpy(newdir + sdlen, 1 + objinf->Name.Length / sizeof(WCHAR),
- objinf->Name.Buffer, objinf->Name.Length / sizeof(WCHAR));
+ Item = AllocateFoundItem(*List, DirectoryName, InfoBuffer);
+ if (Item == NULL)
+ break;
+
+ *List = Item;
}
- else {
- newdir[sdlen] = L'\\';
- _strncpy(newdir + sdlen + 1, 1 + objinf->Name.Length / sizeof(WCHAR),
- objinf->Name.Buffer, objinf->Name.Length / sizeof(WCHAR));
+
+ }
+
+ }
+ else {
+ if (NameSubstring) {
+ if (ULLONG_MAX != supFindUnicodeStringSubString(&InfoBuffer->Name, NameSubstring)) {
+ Item = AllocateFoundItem(*List, DirectoryName, InfoBuffer);
+ if (Item == NULL)
+ break;
+
+ *List = Item;
}
- FindObject(newdir, NameSubstring, TypeName, List);
- supHeapFree(newdir);
+ }
+ else {
+ Item = AllocateFoundItem(*List, DirectoryName, InfoBuffer);
+ if (Item == NULL)
+ break;
+
+ *List = Item;
+ }
+ }
+
+ //
+ // If this is directory, go inside.
+ //
+ if (RtlEqualUnicodeString(&InfoBuffer->TypeName,
+ ObGetPredefinedUnicodeString(OBP_DIRECTORY),
+ TRUE))
+ {
+ NameSize = (SIZE_T)InfoBuffer->Name.Length +
+ (SIZE_T)DirectoryName->Length +
+ sizeof(OBJ_NAME_PATH_SEPARATOR) +
+ sizeof(UNICODE_NULL);
+
+ ObjectName = (PWCH)supHeapAlloc(NameSize);
+ if (ObjectName != NULL) {
+
+ String = ObjectName;
+
+ RtlCopyMemory(String, DirectoryName->Buffer, DirectoryName->Length);
+ String = (PWCH)RtlOffsetToPointer(String, DirectoryName->Length);
+
+ if (!supIsRootDirectory(DirectoryName))
+ *String++ = OBJ_NAME_PATH_SEPARATOR;
+
+ RtlCopyMemory(String, InfoBuffer->Name.Buffer, InfoBuffer->Name.Length);
+ String = (PWCH)RtlOffsetToPointer(String, InfoBuffer->Name.Length);
+ *String++ = UNICODE_NULL;
+
+ BufferLength = (USHORT)((ULONG_PTR)String - (ULONG_PTR)ObjectName);
+ SubDirectory.Length = (USHORT)BufferLength - sizeof(WCHAR);
+ SubDirectory.MaximumLength = (USHORT)BufferLength;
+ SubDirectory.Buffer = ObjectName;
+
+ FindObject(&SubDirectory, NameSubstring, TypeName, List);
+
+ supHeapFree(ObjectName);
}
}
- supHeapFree(objinf);
+ supHeapFree(InfoBuffer);
} while (TRUE);
diff --git a/Source/WinObjEx64/list.h b/Source/WinObjEx64/list.h
index 62876471..c9ee469d 100644
--- a/Source/WinObjEx64/list.h
+++ b/Source/WinObjEx64/list.h
@@ -1,14 +1,14 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2020
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: LIST.H
*
-* VERSION: 1.87
+* VERSION: 2.00
*
-* DATE: 30 June 2020
+* DATE: 19 Jun 2022
*
-* Common header file main program logic.
+* Common header file for the program object listing logic.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -20,24 +20,41 @@
typedef struct _FO_LIST_ITEM {
struct _FO_LIST_ITEM *Prev;
- LPWSTR ObjectName;
- LPWSTR ObjectType;
- WCHAR NameBuffer[2];
+ UNICODE_STRING ObjectName;
+ UNICODE_STRING ObjectType;
+ WCHAR NameBuffer[2];
} FO_LIST_ITEM, *PFO_LIST_ITEM;
+typedef struct _OBEX_ITEM {
+ struct _OBEX_ITEM *Prev;
+ WOBJ_OBJECT_TYPE TypeIndex;
+ UNICODE_STRING Name;
+ UNICODE_STRING TypeName;
+} OBEX_ITEM, * POBEX_ITEM;
+
+typedef struct _OBEX_PATH_ELEMENT {
+ LIST_ENTRY ListEntry;
+ WOBJ_OBJECT_TYPE TypeIndex;
+ UNICODE_STRING Name;
+ UNICODE_STRING TypeName;
+} OBEX_PATH_ELEMENT, * POBEX_PATH_ELEMENT;
+
+VOID ListHeapDestroy(
+ VOID);
+
VOID ListToObject(
_In_ LPWSTR ObjectName);
VOID ListObjectDirectoryTree(
- _In_ LPWSTR SubDirName,
+ _In_ PUNICODE_STRING SubDirName,
_In_opt_ HANDLE RootHandle,
_In_opt_ HTREEITEM ViewRootHandle);
VOID FindObject(
- _In_ LPWSTR DirName,
- _In_opt_ LPWSTR NameSubstring,
- _In_opt_ LPWSTR TypeName,
+ _In_ PUNICODE_STRING DirectoryName,
+ _In_opt_ PUNICODE_STRING NameSubstring,
+ _In_opt_ PUNICODE_STRING TypeName,
_In_ PFO_LIST_ITEM *List);
-VOID ListObjectsInDirectory(
- _In_ LPWSTR lpObjectDirectory);
+VOID ListCurrentDirectoryObjects(
+ _In_ HTREEITEM ViewRootHandle);
diff --git a/Source/WinObjEx64/log/log.c b/Source/WinObjEx64/log/log.c
index 32864f65..dff4ba98 100644
--- a/Source/WinObjEx64/log/log.c
+++ b/Source/WinObjEx64/log/log.c
@@ -4,9 +4,9 @@
*
* TITLE: LOG.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* Simplified log.
*
@@ -318,7 +318,7 @@ INT_PTR CALLBACK LogViewerDialogProc(
case WM_INITDIALOG:
supCenterWindow(hwndDlg);
LogViewerListLog(hwndDlg);
- break;
+ return TRUE;
case WM_COMMAND:
@@ -328,13 +328,8 @@ INT_PTR CALLBACK LogViewerDialogProc(
case ID_OBJECT_COPY:
LogViewerCopyToClipboard(hwndDlg);
break;
-
- default:
- break;
}
- default:
- break;
}
return 0;
}
diff --git a/Source/WinObjEx64/log/log.h b/Source/WinObjEx64/log/log.h
index befd0b19..668392da 100644
--- a/Source/WinObjEx64/log/log.h
+++ b/Source/WinObjEx64/log/log.h
@@ -4,9 +4,9 @@
*
* TITLE: LOG.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 31 May 2022
+* DATE: 19 Jun 2022
*
* Header file for simplified log support.
*
diff --git a/Source/WinObjEx64/main.c b/Source/WinObjEx64/main.c
index 9aa621ea..69121194 100644
--- a/Source/WinObjEx64/main.c
+++ b/Source/WinObjEx64/main.c
@@ -4,9 +4,9 @@
*
* TITLE: MAIN.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* Program entry point and main window handler.
*
@@ -18,10 +18,6 @@
*******************************************************************************/
#define OEMRESOURCE
#include "global.h"
-#include "aboutDlg.h"
-#include "findDlg.h"
-#include "sdviewDlg.h"
-#include "sysinfoDlg.h"
#include "treelist/treelist.h"
#include "props/propDlg.h"
#include "extras/extras.h"
@@ -43,6 +39,9 @@ BOOL bMainWndSortInverse = FALSE;
//
WINOBJ_GLOBALS g_WinObj;
+// Global stats
+WINOBJ_STATS g_WinObjStats;
+
/*
* guiExtrasDisableAdminFeatures
*
@@ -71,6 +70,7 @@ VOID guiExtrasDisableAdminFeatures(
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_CALLBACKS, FALSE, &mii);
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_DRIVERS, FALSE, &mii);
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_UNLOADEDDRIVERS, FALSE, &mii);
+ SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_PRIVATENAMESPACES, FALSE, &mii);
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_SOFTWARELICENSECACHE, FALSE, &mii);
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_SSDT, FALSE, &mii);
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_W32PSERVICETABLE, FALSE, &mii);
@@ -82,15 +82,6 @@ VOID guiExtrasDisableAdminFeatures(
// Elevated launch.
//
if (g_kdctx.IsFullAdmin) {
- //
- // These features require driver usage.
- //
- /*if (FALSE == kdIoDriverLoaded()) {
- SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_SSDT, FALSE, &mii);
- SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_PRIVATENAMESPACES, FALSE, &mii);
- SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_CALLBACKS, FALSE, &mii);
- SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_UNLOADEDDRIVERS, FALSE, &mii);
- }*/
//
// This feature is not supported in Windows 10 10586.
@@ -143,157 +134,165 @@ INT CALLBACK MainWindowObjectListCompareFunc(
}
/*
-* MainWindowHandleObjectTreeProp
+* MainWindowHandleObjectViewSD
*
* Purpose:
*
-* Object Tree properties per selected item.
+* Handler for View Security Descriptor menu.
*
*/
-VOID MainWindowHandleObjectTreeProp(
- _In_ HWND hwnd
+VOID MainWindowHandleObjectViewSD(
+ _In_ BOOL fList
)
{
- TV_ITEM tvi;
- WCHAR szBuffer[MAX_PATH + 1];
- PROP_DIALOG_CREATE_SETTINGS propSettings;
+ OBEX_ITEM* objRef;
+ WOBJ_OBJECT_TYPE wobjType = ObjectTypeUnknown;
- //
- // Only one object properties dialog at the same time allowed.
- //
- ENSURE_DIALOG_UNIQUE(g_PropWindow);
-
- if (ObjectTreeSelectedItem == NULL)
- return;
+ if (fList) {
- RtlSecureZeroMemory(&tvi, sizeof(TV_ITEM));
+ if (supGetListViewItemParam(g_hwndObjectList,
+ ListView_GetSelectionMark(g_hwndObjectList),
+ (PVOID)&objRef))
+ {
- szBuffer[0] = 0;
- RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
- tvi.pszText = szBuffer;
- tvi.cchTextMax = MAX_PATH;
- tvi.mask = TVIF_TEXT;
- tvi.hItem = ObjectTreeSelectedItem;
- if (TreeView_GetItem(g_hwndObjectTree, &tvi)) {
+ if (objRef)
+ wobjType = objRef->TypeIndex;
- RtlSecureZeroMemory(&propSettings, sizeof(propSettings));
- propSettings.hwndParent = hwnd;
- propSettings.lpObjectName = szBuffer;
- propSettings.lpObjectType = OBTYPE_NAME_DIRECTORY;
+ }
- propCreateDialog(&propSettings);
}
+ else {
+ wobjType = ObjectTypeDirectory;
+ }
+
+ SDViewDialogCreate(wobjType);
+
}
/*
-* MainWindowHandleObjectViewSD
+* MainWindowCopyObjectName
*
* Purpose:
*
-* Handler for View Security Descriptor menu.
+* Handler for Copy Name / Copy Name (Bin) menu.
*
*/
-VOID MainWindowHandleObjectViewSD(
- _In_ HWND hwndParent,
- _In_ BOOL fList
+VOID MainWindowCopyObjectName(
+ _In_ UINT ControlId
)
{
- LVITEM lvi;
- TV_ITEM tvi;
- WOBJ_OBJECT_TYPE wobjType;
- WCHAR szBuffer[MAX_PATH + 1];
+ INT nSelected;
+ OBEX_ITEM* objRef = NULL;
+ HWND hwndFocus;
- szBuffer[0] = 0;
+ UNICODE_STRING normalizedName;
- if (fList) {
-
- RtlSecureZeroMemory(&lvi, sizeof(LVITEM));
- lvi.mask = LVIF_PARAM | LVIF_TEXT;
- lvi.iItem = ListView_GetSelectionMark(g_hwndObjectList);
- lvi.pszText = szBuffer;
- lvi.cchTextMax = MAX_PATH;
-
- if (!ListView_GetItem(g_hwndObjectList, &lvi))
- return;
+ hwndFocus = GetFocus();
+ if (hwndFocus != g_hwndObjectList &&
+ hwndFocus != g_hwndObjectTree)
+ {
+ return;
+ }
- wobjType = (WOBJ_OBJECT_TYPE)lvi.lParam;
+ if (hwndFocus == g_hwndObjectList) {
+
+ nSelected = ListView_GetSelectionMark(g_hwndObjectList);
+ if (nSelected >= 0) {
+ if (!supGetListViewItemParam(g_hwndObjectList, nSelected, &objRef))
+ return;
+ }
}
else {
- RtlSecureZeroMemory(&tvi, sizeof(TV_ITEM));
- tvi.pszText = szBuffer;
- tvi.cchTextMax = MAX_PATH;
- tvi.mask = TVIF_TEXT;
- tvi.hItem = ObjectTreeSelectedItem;
-
- if (!TreeView_GetItem(g_hwndObjectTree, &tvi))
- return;
+ if (ObjectTreeSelectedItem) {
+ if (!supGetTreeViewItemParam(g_hwndObjectTree, ObjectTreeSelectedItem, &objRef))
+ return;
+ }
- wobjType = ObjectTypeDirectory;
}
- SDViewDialogCreate(hwndParent,
- g_WinObj.CurrentObjectPath,
- szBuffer,
- wobjType);
+ if (objRef == NULL)
+ return;
+ if (ControlId == ID_OBJECT_COPY_NAME) {
+ if (supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ &objRef->Name,
+ &normalizedName))
+ {
+ supClipboardCopy(normalizedName.Buffer, normalizedName.Length);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &normalizedName, FALSE);
+ }
+ }
+ else {
+ supClipboardCopyUnicodeStringRaw(&objRef->Name);
+ }
}
/*
-* MainWindowHandleObjectListProp
+* MainWindowShowObjectProperties
*
* Purpose:
*
-* Object List properties per selected item.
+* Display properties dialog for a selected item.
*
*/
-VOID MainWindowHandleObjectListProp(
+VOID MainWindowShowObjectProperties(
_In_ HWND hwnd
)
{
- INT nSelected;
- LPWSTR lpItemText, lpType, lpDesc = NULL;
-
- PROP_DIALOG_CREATE_SETTINGS propSettings;
+ INT nSelected;
+ HWND hwndFocus;
+ OBEX_ITEM* objRef = NULL;
+ PROP_CONFIG propConfig;
+ UNICODE_STRING objectPath;
+
+ hwndFocus = GetFocus();
+ if (hwndFocus != g_hwndObjectList &&
+ hwndFocus != g_hwndObjectTree)
+ {
+ return;
+ }
//
- // Only one object properties dialog allowed at same time.
+ // Get current object path.
//
- if (g_PropWindow != NULL)
+ if (!supGetCurrentObjectPath(FALSE, &objectPath))
return;
//
- // Query selected index, leave on failure.
+ // Only one object properties dialog allowed at same time.
//
- nSelected = ListView_GetSelectionMark(g_hwndObjectList);
- if (nSelected == -1)
- return;
+ supCloseKnownPropertiesDialog(propGetCommonWindow());
- lpItemText = supGetItemText(g_hwndObjectList, nSelected, 0, NULL);
- if (lpItemText) {
- lpType = supGetItemText(g_hwndObjectList, nSelected, 1, NULL);
- if (lpType) {
+ if (hwndFocus == g_hwndObjectList) {
- //lpDesc is not important, we can work if it NULL
- lpDesc = supGetItemText(g_hwndObjectList, nSelected, 2, NULL);
-
- RtlSecureZeroMemory(&propSettings, sizeof(propSettings));
-
- propSettings.hwndParent = hwnd;
- propSettings.lpObjectName = lpItemText;
- propSettings.lpObjectType = lpType;
- propSettings.lpDescription = lpDesc;
+ //
+ // Query selected index, leave on failure.
+ //
+ nSelected = ListView_GetSelectionMark(g_hwndObjectList);
+ if (nSelected >= 0) {
+ supGetListViewItemParam(g_hwndObjectList, nSelected, &objRef);
+ }
- propCreateDialog(&propSettings);
+ }
+ else {
- if (lpDesc) {
- supHeapFree(lpDesc);
- }
- supHeapFree(lpType);
+ if (ObjectTreeSelectedItem) {
+ supGetTreeViewItemParam(g_hwndObjectTree, ObjectTreeSelectedItem, &objRef);
}
- supHeapFree(lpItemText);
}
+
+ if (objRef) {
+ RtlSecureZeroMemory(&propConfig, sizeof(propConfig));
+ propConfig.hwndParent = hwnd;
+ propConfig.ObjectTypeIndex = objRef->TypeIndex;
+ propConfig.NtObjectName = &objRef->Name;
+ propConfig.NtObjectPath = &objectPath;
+ propCreateDialog(&propConfig);
+ }
+
+ supFreeUnicodeString(g_obexHeap, &objectPath);
}
/*
@@ -308,8 +307,8 @@ VOID MainWindowOnRefresh(
VOID
)
{
- LPWSTR CurrentPath = NULL;
- SIZE_T len;
+ BOOL bOkay;
+ UNICODE_STRING currentPath, normalizedPath;
supSetWaitCursor(TRUE);
@@ -319,17 +318,20 @@ VOID MainWindowOnRefresh(
supCreateSCMSnapshot(SERVICE_DRIVER, NULL);
sapiCreateSetupDBSnapshot();
- len = _strlen(g_WinObj.CurrentObjectPath);
- CurrentPath = (LPWSTR)supHeapAlloc((len + 1) * sizeof(WCHAR));
- if (CurrentPath)
- _strcpy(CurrentPath, g_WinObj.CurrentObjectPath);
+ bOkay = supGetCurrentObjectPath(TRUE, ¤tPath);
TreeView_DeleteAllItems(g_hwndObjectTree);
- ListObjectDirectoryTree(L"\\", NULL, NULL);
-
- if (CurrentPath) {
- ListToObject(CurrentPath);
- supHeapFree(CurrentPath);
+ ListObjectDirectoryTree(ObGetPredefinedUnicodeString(OBP_ROOT), NULL, NULL);
+
+ if (bOkay) {
+ if (supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ ¤tPath,
+ &normalizedPath))
+ {
+ ListToObject(normalizedPath.Buffer);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &normalizedPath, FALSE);
+ }
+ supFreeDuplicatedUnicodeString(g_obexHeap, ¤tPath, FALSE);
}
supSetWaitCursor(FALSE);
@@ -384,6 +386,63 @@ VOID MainWindowOnDisplayGridChange(
EnumWindows((WNDENUMPROC)MainWindowEnumWndProc, (LPARAM)dwProcessId);
}
+/*
+* MainWindowHandleGotoLinkTarget
+*
+* Purpose:
+*
+* Resolve symbolic link target and select it in winobjex window.
+*
+*/
+VOID MainWindowHandleGotoLinkTarget(
+ VOID
+)
+{
+ UNICODE_STRING linkName, linkTarget, normalizedLinkTarget;
+
+ if (!supGetCurrentObjectPath(TRUE, &linkName))
+ return;
+
+ // Global??
+ if (RtlEqualUnicodeString(&linkName,
+ ObGetPredefinedUnicodeString(OBP_GLOBAL),
+ TRUE))
+ {
+ ListToObject(KM_OBJECTS_ROOT_DIRECTORY);
+ }
+
+ if (supResolveSymbolicLinkTarget(NULL, NULL, &linkName, &linkTarget)) {
+
+ //
+ // Check against \\GLOBAL??
+ //
+ if (RtlEqualUnicodeString(&linkTarget,
+ ObGetPredefinedUnicodeString(OBP_GLOBALNAMESPACE),
+ TRUE))
+ {
+ // DosDevices
+ ListToObject(L"\\GLOBAL??");
+ }
+ else {
+
+ //
+ // Usual link, prepare it for output and do the listing.
+ //
+ if (supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ &linkTarget,
+ &normalizedLinkTarget))
+ {
+ ListToObject(normalizedLinkTarget.Buffer);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &normalizedLinkTarget, FALSE);
+ }
+ }
+
+ supFreeDuplicatedUnicodeString(g_obexHeap, &linkTarget, FALSE);
+ }
+
+ supFreeDuplicatedUnicodeString(g_obexHeap, &linkName, FALSE);
+}
+
/*
* MainWindowHandleWMCommand
*
@@ -397,9 +456,7 @@ LRESULT MainWindowHandleWMCommand(
_In_ WPARAM wParam
)
{
- LPWSTR lpItemText;
- HWND hwndFocus;
- WORD ControlId = LOWORD(wParam);
+ WORD ControlId = LOWORD(wParam);
switch (ControlId) {
@@ -421,45 +478,21 @@ LRESULT MainWindowHandleWMCommand(
break;
case ID_OBJECT_PROPERTIES:
- hwndFocus = GetFocus();
- if (hwndFocus == g_hwndObjectList) {
- MainWindowHandleObjectListProp(hwnd);
- }
- if (hwndFocus == g_hwndObjectTree) {
- MainWindowHandleObjectTreeProp(hwnd);
- }
+ MainWindowShowObjectProperties(hwnd);
break;
- case ID_OBJECT_GOTOLINKTARGET:
- lpItemText = supGetItemText(g_hwndObjectList,
- ListView_GetSelectionMark(g_hwndObjectList), 2, NULL);
+ case ID_OBJECT_COPY_NAME:
+ case ID_OBJECT_COPY_NAME_BINARY:
+ MainWindowCopyObjectName(ControlId);
+ break;
- if (lpItemText) {
- if (_strcmpi(lpItemText, L"\\??") == 0) {
- ListToObject(L"\\GLOBAL??");
- }
- else {
- ListToObject(lpItemText);
- }
- supHeapFree(lpItemText);
- }
- else {
- lpItemText = supGetItemText(g_hwndObjectList,
- ListView_GetSelectionMark(g_hwndObjectList), 0, NULL);
+ case ID_OBJECT_GOTOLINKTARGET:
- if (lpItemText) {
- if ((_strcmpi(lpItemText, L"GLOBALROOT") == 0) &&
- (_strcmpi(g_WinObj.CurrentObjectPath, L"\\GLOBAL??") == 0))
- {
- ListToObject(L"\\");
- }
- supHeapFree(lpItemText);
- }
- }
+ MainWindowHandleGotoLinkTarget();
break;
case ID_VIEW_SECURITYDESCRIPTOR:
- MainWindowHandleObjectViewSD(hwnd, (GetFocus() == g_hwndObjectList));
+ MainWindowHandleObjectViewSD((GetFocus() == g_hwndObjectList));
break;
case ID_FIND_FINDOBJECT:
@@ -503,6 +536,10 @@ LRESULT MainWindowHandleWMCommand(
extrasShowDialogById(ControlId);
break;
+ case ID_HELP_STATISTICS:
+ ShowStatsDialog();
+ break;
+
case ID_HELP_ABOUT:
DialogBoxParam(
@@ -526,111 +563,15 @@ LRESULT MainWindowHandleWMCommand(
ShowSysInfoDialog(hwnd);
break;
- default:
- break;
}
if ((ControlId >= ID_MENU_PLUGINS) && (ControlId < ID_MENU_PLUGINS_MAX)) {
- PmProcessEntry(GetFocus(), ControlId, ObjectTreeSelectedItem);
+ PmProcessEntry(GetFocus(), ControlId);
}
return FALSE;
}
-/*
-* MainWindowTreeViewSelChanged
-*
-* Purpose:
-*
-* Tree List TVN_ITEMEXPANDED, TVN_SELCHANGED handler.
-*
-*/
-VOID MainWindowTreeViewSelChanged(
- _In_ LPNMTREEVIEWW trhdr
-)
-{
- HTREEITEM treeItem, treeRoot;
- TVITEMEX tvexItem;
- POE_LIST_ITEM objectListItem = NULL, prevObjectListItem = NULL;
- SIZE_T objectPathLength = 1; // size of empty string buffer in characters
- WCHAR szTreeItemText[MAX_PATH + 1];
-
- if (trhdr == NULL)
- return;
-
- if (!trhdr->itemNew.hItem)
- return;
-
- if (g_WinObj.CurrentObjectPath != NULL)
- supHeapFree(g_WinObj.CurrentObjectPath);
-
- RtlSecureZeroMemory(&tvexItem, sizeof(tvexItem));
-
- treeRoot = TreeView_GetRoot(trhdr->hdr.hwndFrom);
-
- //
- // Build the path from bottom to top and counting string buffer size.
- //
- for (treeItem = trhdr->itemNew.hItem; treeItem != treeRoot;
- treeItem = TreeView_GetParent(trhdr->hdr.hwndFrom, treeItem))
- {
- RtlSecureZeroMemory(&szTreeItemText, sizeof(szTreeItemText));
- tvexItem.mask = TVIF_HANDLE | TVIF_TEXT;
- tvexItem.hItem = treeItem;
- tvexItem.pszText = szTreeItemText;
- tvexItem.cchTextMax = MAX_PATH;
- TreeView_GetItem(trhdr->hdr.hwndFrom, &tvexItem);
-
- objectPathLength += _strlen(szTreeItemText) + 1; //+1 for '\'
-
- objectListItem = (POE_LIST_ITEM)supHeapAlloc(sizeof(OE_LIST_ITEM));
- if (objectListItem) {
- objectListItem->Prev = prevObjectListItem;
- objectListItem->TreeItem = treeItem;
- }
- prevObjectListItem = objectListItem;
- }
-
- if (objectListItem == NULL) {
- g_WinObj.CurrentObjectPath = (LPWSTR)supHeapAlloc(2 * sizeof(WCHAR));
- if (g_WinObj.CurrentObjectPath) {
- g_WinObj.CurrentObjectPath[0] = L'\\';
- g_WinObj.CurrentObjectPath[1] = 0;
- }
- return;
- }
-
- objectListItem = prevObjectListItem;
- g_WinObj.CurrentObjectPath = (LPWSTR)supHeapAlloc(objectPathLength * sizeof(WCHAR));
- if (g_WinObj.CurrentObjectPath) {
-
- objectPathLength = 0;
-
- //
- // Building the final string.
- //
- while (objectListItem != NULL) {
-
- RtlSecureZeroMemory(&szTreeItemText, sizeof(szTreeItemText));
- tvexItem.mask = TVIF_HANDLE | TVIF_TEXT;
- tvexItem.hItem = objectListItem->TreeItem;
- tvexItem.pszText = szTreeItemText;
- tvexItem.cchTextMax = MAX_PATH;
- TreeView_GetItem(trhdr->hdr.hwndFrom, &tvexItem);
-
- g_WinObj.CurrentObjectPath[objectPathLength] = L'\\';
- objectPathLength++;
- _strcpy(g_WinObj.CurrentObjectPath + objectPathLength, szTreeItemText);
- objectPathLength += _strlen(szTreeItemText);
-
- prevObjectListItem = objectListItem->Prev;
- supHeapFree(objectListItem);
- objectListItem = prevObjectListItem;
- }
- }
- return;
-}
-
/*
* MainWindowPopupMenuInsertViewSD
*
@@ -679,15 +620,19 @@ VOID MainWindowHandleTreePopupMenu(
)
{
HMENU hMenu;
+ UINT uPosition = 0;
hMenu = CreatePopupMenu();
if (hMenu) {
- InsertMenu(hMenu, 0, MF_BYCOMMAND, ID_OBJECT_PROPERTIES, T_PROPERTIES);
+ InsertMenu(hMenu, uPosition++, MF_BYCOMMAND, ID_OBJECT_COPY_NAME, T_COPY_OBJECT_NAME);
+ InsertMenu(hMenu, uPosition++, MF_BYCOMMAND, ID_OBJECT_COPY_NAME_BINARY, T_COPY_OBJECT_NAME_BIN);
+ InsertMenu(hMenu, uPosition++, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
+ InsertMenu(hMenu, uPosition++, MF_BYCOMMAND, ID_OBJECT_PROPERTIES, T_PROPERTIES);
supSetMenuIcon(hMenu, ID_OBJECT_PROPERTIES,
ImageList_ExtractIcon(g_WinObj.hInstance, g_ToolBarMenuImages, 0));
- MainWindowPopupMenuInsertViewSD(hMenu, 1);
+ MainWindowPopupMenuInsertViewSD(hMenu, uPosition++);
PmBuildPluginPopupMenuByObjectType(hMenu, ObjectTypeDirectory);
@@ -719,6 +664,9 @@ VOID MainWindowHandleObjectPopupMenu(
hMenu = CreatePopupMenu();
if (hMenu == NULL) return;
+ InsertMenu(hMenu, uPosition++, MF_BYCOMMAND, ID_OBJECT_COPY_NAME, T_COPY_OBJECT_NAME);
+ InsertMenu(hMenu, uPosition++, MF_BYCOMMAND, ID_OBJECT_COPY_NAME_BINARY, T_COPY_OBJECT_NAME_BIN);
+ InsertMenu(hMenu, uPosition++, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
InsertMenu(hMenu, uPosition++, MF_BYCOMMAND, ID_OBJECT_PROPERTIES, T_PROPERTIES);
supSetMenuIcon(hMenu, ID_OBJECT_PROPERTIES,
@@ -726,9 +674,6 @@ VOID MainWindowHandleObjectPopupMenu(
objType = supObjectListGetObjectType(hwndlv, iItem);
- //
- // Only supOpenNamedObjectByType supported types.
- //
switch (objType) {
//
@@ -768,8 +713,6 @@ VOID MainWindowHandleObjectPopupMenu(
MainWindowPopupMenuInsertViewSD(hMenu, uPosition);
break;
- default:
- break;
}
EnableMenuItem(GetSubMenu(GetMenu(hwnd), IDMM_OBJECT), ID_OBJECT_GOTOLINKTARGET, uGotoSymLinkEnable);
@@ -800,55 +743,78 @@ LRESULT MainWindowHandleWMNotify(
LPTOOLTIPTEXT lpttt;
LPNMLISTVIEW lvn;
LPNMTREEVIEW lpnmTreeView;
- LPWSTR str;
- SIZE_T lcp;
LVITEM lvitem;
- TVHITTESTINFO hti;
+ TVHITTESTINFO tvhti;
+ LVHITTESTINFO lvhti;
POINT pt;
- WCHAR szItemString[MAX_PATH + 1];
+
+ OBEX_ITEM *objRef;
if (hdr) {
+ //
+ // TreeList notify.
+ //
if (hdr->hwndFrom == g_hwndObjectTree) {
switch (hdr->code) {
case TVN_ITEMEXPANDED:
case TVN_SELCHANGED:
SetFocus(g_hwndObjectTree);
supSetWaitCursor(TRUE);
- MainWindowTreeViewSelChanged((LPNMTREEVIEWW)lParam);
- SendMessage(g_hwndStatusBar, WM_SETTEXT, 0, (LPARAM)g_WinObj.CurrentObjectPath);
+ lpnmTreeView = (LPNMTREEVIEW)lParam;
+ if (lpnmTreeView) {
+ ObjectTreeSelectedItem = lpnmTreeView->itemNew.hItem;
- ListObjectsInDirectory(g_WinObj.CurrentObjectPath);
+ supBuildCurrentObjectList((OBEX_ITEM*)lpnmTreeView->itemNew.lParam);
+ ListCurrentDirectoryObjects(ObjectTreeSelectedItem);
- ListView_SortItemsEx(g_hwndObjectList, &MainWindowObjectListCompareFunc, g_SortColumn);
+ supDisplayCurrentObjectPath(g_hwndStatusBar, NULL, TRUE);
+
+ ListView_SortItemsEx(g_hwndObjectList, &MainWindowObjectListCompareFunc, g_SortColumn);
+ }
supSetGotoLinkTargetToolButtonState(hwnd, 0, 0, TRUE, FALSE);
supSetWaitCursor(FALSE);
-
- lpnmTreeView = (LPNMTREEVIEW)lParam;
- if (lpnmTreeView) {
- ObjectTreeSelectedItem = lpnmTreeView->itemNew.hItem;
- }
+
break;
case NM_RCLICK:
GetCursorPos(&pt);
- hti.pt = pt;
- ScreenToClient(hdr->hwndFrom, &hti.pt);
- if (TreeView_HitTest(hdr->hwndFrom, &hti) &&
- (hti.flags & (TVHT_ONITEM | TVHT_ONITEMRIGHT))) {
- ObjectTreeSelectedItem = hti.hItem;
+ tvhti.pt = pt;
+ ScreenToClient(hdr->hwndFrom, &tvhti.pt);
+ if (TreeView_HitTest(hdr->hwndFrom, &tvhti) &&
+ (tvhti.flags & (TVHT_ONITEM | TVHT_ONITEMRIGHT)))
+ {
+ ObjectTreeSelectedItem = tvhti.hItem;
TreeView_SelectItem(g_hwndObjectTree, ObjectTreeSelectedItem);
- SendMessage(g_hwndStatusBar, WM_SETTEXT, 0, (LPARAM)g_WinObj.CurrentObjectPath);
+
+ if (supGetTreeViewItemParam(g_hwndObjectTree, ObjectTreeSelectedItem, &objRef))
+ supBuildCurrentObjectList(objRef);
+
+ supDisplayCurrentObjectPath(g_hwndStatusBar, NULL, TRUE);
+
supSetGotoLinkTargetToolButtonState(hwnd, 0, 0, TRUE, FALSE);
- MainWindowHandleTreePopupMenu(hwnd, &pt);
+ }
+ break;
+
+ case NM_DBLCLK:
+ GetCursorPos(&pt);
+ tvhti.pt = pt;
+ ScreenToClient(hdr->hwndFrom, &tvhti.pt);
+ if (TreeView_HitTest(hdr->hwndFrom, &tvhti) &&
+ (tvhti.flags & (TVHT_ONITEM | TVHT_ONITEMRIGHT)))
+ {
+ MainWindowShowObjectProperties(hwnd);
}
break;
}
}
+ //
+ // ListView notify.
+ //
if (hdr->hwndFrom == g_hwndObjectList) {
switch (hdr->code) {
case NM_SETFOCUS:
@@ -866,27 +832,13 @@ LRESULT MainWindowHandleWMNotify(
if ((lvn->uNewState & LVIS_SELECTED) &&
!(lvn->uOldState & LVIS_SELECTED))
{
- RtlSecureZeroMemory(&szItemString, sizeof(szItemString));
- ListView_GetItemText(g_hwndObjectList, lvn->iItem, 0, szItemString, MAX_PATH);
- lcp = _strlen(g_WinObj.CurrentObjectPath);
- if (lcp) {
- str = (LPWSTR)supHeapAlloc((lcp + sizeof(szItemString) + 4) * sizeof(WCHAR));
- if (str) {
-
- _strcpy(str, g_WinObj.CurrentObjectPath);
-
- if ((str[0] == L'\\') && (str[1] == 0)) {
- _strcpy(str + lcp, szItemString);
- }
- else {
- str[lcp] = L'\\';
- _strcpy(str + lcp + 1, szItemString);
- }
- SendMessage(g_hwndStatusBar, WM_SETTEXT, 0, (LPARAM)str);
- supHeapFree(str);
- }
- supSetGotoLinkTargetToolButtonState(hwnd, g_hwndObjectList, lvn->iItem, FALSE, FALSE);
+ if (supGetListViewItemParam(g_hwndObjectList, lvn->iItem, &objRef)) {
+ supBuildCurrentObjectList(objRef);
}
+
+ supDisplayCurrentObjectPath(g_hwndStatusBar, NULL, TRUE);
+ supSetGotoLinkTargetToolButtonState(hwnd, g_hwndObjectList, lvn->iItem, FALSE, FALSE);
+
}
break;
@@ -910,12 +862,34 @@ LRESULT MainWindowHandleWMNotify(
break;
- case NM_DBLCLK:
- MainWindowHandleObjectListProp(hwnd);
+ case NM_RCLICK:
+ GetCursorPos(&pt);
+ lvhti.pt = pt;
+ lvhti.iItem = -1;
+ ScreenToClient(hdr->hwndFrom, &lvhti.pt);
+ ListView_HitTest(hdr->hwndFrom, &lvhti);
+ if (lvhti.flags & LVHT_ONITEM) {
+ lvn = (LPNMLISTVIEW)lParam;
+ if (supGetListViewItemParam(g_hwndObjectList, lvn->iItem, &objRef)) {
+ supBuildCurrentObjectList(objRef);
+ }
+
+ supDisplayCurrentObjectPath(g_hwndStatusBar, NULL, TRUE);
+ supSetGotoLinkTargetToolButtonState(hwnd, g_hwndObjectList, lvn->iItem, FALSE, FALSE);
+ }
break;
- default:
+ case NM_DBLCLK:
+ GetCursorPos(&pt);
+ lvhti.pt = pt;
+ lvhti.iItem = -1;
+ ScreenToClient(hdr->hwndFrom, &lvhti.pt);
+ ListView_HitTest(hdr->hwndFrom, &lvhti);
+ if (lvhti.flags & LVHT_ONITEM) {
+ MainWindowShowObjectProperties(hwnd);
+ }
break;
+
}
}
@@ -937,9 +911,6 @@ LRESULT MainWindowHandleWMNotify(
lpttt->uFlags |= TTF_DI_SETITEM;
break;
- default:
- break;
-
}
}
}
@@ -985,32 +956,33 @@ VOID MainWindowResizeHandler(
}
/*
-* MainWindowProc
+* MainWindowOnContextMenu
*
* Purpose:
*
-* Main window procedure.
+* Main window WM_CONTEXTMENU handler.
*
*/
-LRESULT CALLBACK MainWindowProc(
+VOID MainWindowOnContextMenu(
_In_ HWND hwnd,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
+ _In_ HWND hwndFrom,
_In_ LPARAM lParam
)
{
- INT mark;
- LONG NewSplitterPos;
- RECT ToolBarRect, crc;
- LPDRAWITEMSTRUCT pds;
- LPMEASUREITEMSTRUCT pms;
+ RECT crc;
+ TVHITTESTINFO tvhti;
+ LVHITTESTINFO lvhti;
+ POINT pt;
- switch (uMsg) {
- case WM_CONTEXTMENU:
-
- RtlSecureZeroMemory(&crc, sizeof(crc));
+ if (hwndFrom == g_hwndObjectTree) {
- if ((HWND)wParam == g_hwndObjectTree) {
+ GetCursorPos(&pt);
+ tvhti.pt = pt;
+ ScreenToClient(g_hwndObjectTree, &tvhti.pt);
+ if (TreeView_HitTest(g_hwndObjectTree, &tvhti) &&
+ (tvhti.flags & (TVHT_ONITEM | TVHT_ONITEMRIGHT)))
+ {
+ RtlSecureZeroMemory(&crc, sizeof(crc));
TreeView_GetItemRect(g_hwndObjectTree,
TreeView_GetSelection(g_hwndObjectTree), &crc, TRUE);
@@ -1020,19 +992,54 @@ LRESULT CALLBACK MainWindowProc(
MainWindowHandleTreePopupMenu(hwnd, (LPPOINT)&crc);
}
- if ((HWND)wParam == g_hwndObjectList) {
- mark = ListView_GetSelectionMark(g_hwndObjectList);
-
- if (lParam == MAKELPARAM(-1, -1)) {
- ListView_GetItemRect(g_hwndObjectList, mark, &crc, TRUE);
+ }
+ else if (hwndFrom == g_hwndObjectList) {
+
+ GetCursorPos(&pt);
+ lvhti.pt = pt;
+ lvhti.iItem = -1;
+ ScreenToClient(g_hwndObjectList, &lvhti.pt);
+ ListView_HitTest(g_hwndObjectList, &lvhti);
+ if (lvhti.flags & LVHT_ONITEM) {
+ if (lParam == MAKELPARAM(-1, -1))
+ {
+ RtlSecureZeroMemory(&crc, sizeof(crc));
+
+ ListView_GetItemRect(g_hwndObjectList, lvhti.iItem, &crc, TRUE);
crc.top = crc.bottom;
ClientToScreen(g_hwndObjectList, (LPPOINT)&crc);
}
else
GetCursorPos((LPPOINT)&crc);
- MainWindowHandleObjectPopupMenu(hwnd, g_hwndObjectList, mark, (LPPOINT)&crc);
+ MainWindowHandleObjectPopupMenu(hwnd, g_hwndObjectList, lvhti.iItem, (LPPOINT)&crc);
}
+ }
+}
+
+/*
+* MainWindowProc
+*
+* Purpose:
+*
+* Main window procedure.
+*
+*/
+LRESULT CALLBACK MainWindowProc(
+ _In_ HWND hwnd,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam
+)
+{
+ LONG NewSplitterPos;
+ RECT ToolBarRect;
+ LPDRAWITEMSTRUCT pds;
+ LPMEASUREITEMSTRUCT pms;
+
+ switch (uMsg) {
+ case WM_CONTEXTMENU:
+ MainWindowOnContextMenu(hwnd, (HWND)wParam, lParam);
break;
case WM_COMMAND:
@@ -1119,12 +1126,16 @@ BOOL MainWindowDlgMsgHandler(
_In_ LPMSG lpMsg
)
{
- if (g_DesktopPropWindow != NULL)
- if (PropSheet_IsDialogMessage(g_DesktopPropWindow, lpMsg))
+ HWND hwnd;
+
+ hwnd = propGetDesktopWindow();
+ if (hwnd != NULL)
+ if (PropSheet_IsDialogMessage(hwnd, lpMsg))
return TRUE;
- if (g_PropWindow != NULL)
- if (PropSheet_IsDialogMessage(g_PropWindow, lpMsg))
+ hwnd = propGetCommonWindow();
+ if (hwnd != NULL)
+ if (PropSheet_IsDialogMessage(hwnd, lpMsg))
return TRUE;
return FALSE;
@@ -1167,16 +1178,12 @@ DWORD guiInitGlobals(
//
// Create dedicated heap.
//
- Globals->Heap = RtlCreateHeap(HEAP_GROWABLE, NULL, 0, 0, NULL, NULL);
+ Globals->Heap = supCreateHeap(HEAP_GROWABLE, TRUE);
if (Globals->Heap == NULL) {
dwResult = INIT_ERROR_NOHEAP;
break;
}
- if (IsWine == FALSE) {
- RtlSetHeapInformation(Globals->Heap, HeapEnableTerminationOnCorruption, NULL, 0);
- }
-
//
// Remember %TEMP% directory.
//
@@ -1219,7 +1226,7 @@ DWORD guiInitGlobals(
if (dwResult != INIT_NO_ERROR) {
if (Globals->Heap)
- RtlDestroyHeap(Globals->Heap);
+ supDestroyHeap(Globals->Heap);
}
return dwResult;
@@ -1595,7 +1602,7 @@ DWORD guiCreateMainWindowAndComponents(
WC_TREEVIEW,
NULL,
WS_VISIBLE | WS_CHILD | WS_TABSTOP |
- TVS_DISABLEDRAGDROP | TVS_HASBUTTONS | TVS_HASLINES | TVS_LINESATROOT,
+ TVS_DISABLEDRAGDROP | TVS_HASBUTTONS | TVS_HASLINES | TVS_LINESATROOT | TVS_TRACKSELECT,
0,
0,
0,
@@ -1892,10 +1899,12 @@ UINT WinObjExMain()
UINT result = ERROR_SUCCESS;
DWORD initResult;
+ RtlSecureZeroMemory(&g_WinObjStats, sizeof(g_WinObjStats));
+
logCreate();
bIsFullAdmin = ntsupUserIsFullAdmin();
- bIsWine = (is_wine() == 1);
+ bIsWine = (IsWine() == 1);
if (bIsWine) bIsFullAdmin = FALSE; // On Wine drop admin related features as they require driver.
if (!InitMSVCRT()) {
@@ -1942,7 +1951,7 @@ UINT WinObjExMain()
guiCreateObjectListColumns();
- ListObjectDirectoryTree(KM_OBJECTS_ROOT_DIRECTORY, NULL, NULL);
+ ListObjectDirectoryTree(ObGetPredefinedUnicodeString(OBP_ROOT), NULL, NULL);
TreeView_SelectItem(g_hwndObjectTree, TreeView_GetRoot(g_hwndObjectTree));
SetFocus(g_hwndObjectTree);
@@ -1957,6 +1966,7 @@ UINT WinObjExMain()
//
// Do not move anywhere.
//
+ ListHeapDestroy();
supShutdown();
logFree();
@@ -1978,6 +1988,7 @@ UINT WinObjExMain()
void main()
{
__security_init_cookie();
+ SetUnhandledExceptionFilter((LPTOP_LEVEL_EXCEPTION_FILTER)exceptFilterUnhandled);
ExitProcess(WinObjExMain());
}
#else
@@ -1994,6 +2005,7 @@ int CALLBACK WinMain(
UNREFERENCED_PARAMETER(lpCmdLine);
UNREFERENCED_PARAMETER(nCmdShow);
+ SetUnhandledExceptionFilter((LPTOP_LEVEL_EXCEPTION_FILTER)exceptFilterUnhandled);
ExitProcess(WinObjExMain());
}
#endif
diff --git a/Source/WinObjEx64/msvcver.h b/Source/WinObjEx64/msvcver.h
index 9075a6ba..ce5e6194 100644
--- a/Source/WinObjEx64/msvcver.h
+++ b/Source/WinObjEx64/msvcver.h
@@ -4,9 +4,9 @@
*
* TITLE: MSVCVER.H
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 30 Apr 2022
+* DATE: 19 Jun 2022
*
* Visual Studio compiler version determination.
*
diff --git a/Source/WinObjEx64/objects.c b/Source/WinObjEx64/objects.c
index aa38f1eb..8d5ac774 100644
--- a/Source/WinObjEx64/objects.c
+++ b/Source/WinObjEx64/objects.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2017 - 2021
+* (C) COPYRIGHT AUTHORS, 2017 - 2022
*
* TITLE: OBJECTS.C
*
-* VERSION: 1.92
+* VERSION: 2.00
*
-* DATE: 03 Oct 2021
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -214,13 +214,13 @@ INT ObManagerComparerName(
*
*/
LPWSTR ObManagerGetNameByIndex(
- _In_ ULONG TypeIndex
+ _In_ WOBJ_OBJECT_TYPE TypeIndex
)
{
ULONG nIndex;
for (nIndex = 0; nIndex < g_ObjectTypesCount; nIndex++) {
- if (gpObjectTypes[nIndex]->Index == (WOBJ_OBJECT_TYPE)TypeIndex)
+ if (gpObjectTypes[nIndex]->Index == TypeIndex)
return gpObjectTypes[nIndex]->Name;
}
@@ -237,19 +237,41 @@ LPWSTR ObManagerGetNameByIndex(
*
*/
UINT ObManagerGetImageIndexByTypeIndex(
- _In_ ULONG TypeIndex
+ _In_ WOBJ_OBJECT_TYPE TypeIndex
)
{
- ULONG nIndex;
+ ULONG i;
- for (nIndex = 0; nIndex < g_ObjectTypesCount; nIndex++) {
- if (gpObjectTypes[nIndex]->Index == (WOBJ_OBJECT_TYPE)TypeIndex)
- return gpObjectTypes[nIndex]->ImageIndex;
+ for (i = 0; i < g_ObjectTypesCount; i++) {
+ if (gpObjectTypes[i]->Index == TypeIndex)
+ return gpObjectTypes[i]->ImageIndex;
}
return ObjectTypeUnknown;
}
+/*
+* ObManagerGetEntryByTypeIndex
+*
+* Purpose:
+*
+* Returns object entry by type index.
+*
+*/
+WOBJ_TYPE_DESC* ObManagerGetEntryByTypeIndex(
+ _In_ WOBJ_OBJECT_TYPE TypeIndex
+)
+{
+ ULONG i;
+
+ for (i = 0; i < g_ObjectTypesCount; i++) {
+ if (gpObjectTypes[i]->Index == TypeIndex)
+ return gpObjectTypes[i];
+ }
+
+ return &g_TypeUnknown;
+}
+
/*
* ObManagerGetEntryByTypeName
*
@@ -296,7 +318,7 @@ WOBJ_TYPE_DESC* ObManagerGetEntryByTypeName(
* Returns object index of known type.
*
*/
-UINT ObManagerGetIndexByTypeName(
+WOBJ_OBJECT_TYPE ObManagerGetIndexByTypeName(
_In_opt_ LPCWSTR lpTypeName
)
{
diff --git a/Source/WinObjEx64/objects.h b/Source/WinObjEx64/objects.h
index ea8c2719..77bd6286 100644
--- a/Source/WinObjEx64/objects.h
+++ b/Source/WinObjEx64/objects.h
@@ -4,9 +4,9 @@
*
* TITLE: OBJECTS.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 31 May 2022
+* DATE: 19 Jun 2022
*
* Header file for internal Windows object types handling.
*
@@ -20,6 +20,7 @@
//
// Object Type Indexes Used By Program Only
+//
// NOT RELATED TO REAL OBJECTS INDEXES
// ObjectTypeUnknown and ObjectTypeMax always end this list
//
@@ -222,17 +223,19 @@ HIMAGELIST ObManagerLoadImageList(
VOID);
UINT ObManagerGetImageIndexByTypeIndex(
- _In_ ULONG TypeIndex);
+ _In_ WOBJ_OBJECT_TYPE TypeIndex);
UINT ObManagerGetImageIndexByTypeName(
_In_opt_ LPCWSTR lpTypeName);
-
-UINT ObManagerGetIndexByTypeName(
+WOBJ_OBJECT_TYPE ObManagerGetIndexByTypeName(
_In_opt_ LPCWSTR lpTypeName);
LPWSTR ObManagerGetNameByIndex(
- _In_ ULONG TypeIndex);
+ _In_ WOBJ_OBJECT_TYPE TypeIndex);
+
+WOBJ_TYPE_DESC* ObManagerGetEntryByTypeIndex(
+ _In_ WOBJ_OBJECT_TYPE TypeIndex);
WOBJ_TYPE_DESC *ObManagerGetEntryByTypeName(
_In_opt_ LPCWSTR lpTypeName);
diff --git a/Source/WinObjEx64/plugmngr.c b/Source/WinObjEx64/plugmngr.c
index 0fb3246d..130eb862 100644
--- a/Source/WinObjEx64/plugmngr.c
+++ b/Source/WinObjEx64/plugmngr.c
@@ -4,9 +4,9 @@
*
* TITLE: PLUGMNGR.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* Plugin manager.
*
@@ -18,7 +18,6 @@
*******************************************************************************/
#define OEMRESOURCE
#include "global.h"
-#include "ui.h"
static LIST_ENTRY g_PluginsListHead;
volatile UINT g_PluginCount = 0;
@@ -44,6 +43,34 @@ BOOL PmpReadSystemMemoryEx(
return kdReadSystemMemory2(NULL, Address, Buffer, BufferSize, NumberOfBytesRead);
}
+/*
+* PmpOpenObjectByType
+*
+* Purpose:
+*
+* Open object by type (plugin version).
+*
+*/
+NTSTATUS PmpOpenObjectByType(
+ _Out_ HANDLE* ObjectHandle,
+ _In_ ULONG TypeIndex,
+ _In_ PUNICODE_STRING ObjectDirectory,
+ _In_ PUNICODE_STRING ObjectName,
+ _In_ ACCESS_MASK DesiredAccess
+)
+{
+ __try {
+ return supOpenNamedObjectByType(ObjectHandle,
+ TypeIndex,
+ ObjectDirectory,
+ ObjectName,
+ DesiredAccess);
+ }
+ __except (WOBJ_EXCEPTION_FILTER_LOG) {
+ return GetExceptionCode();
+ }
+}
+
/*
* PmpReportInvalidPlugin
*
@@ -580,15 +607,11 @@ WINOBJEX_PLUGIN_INTERNAL* PmpGetEntryById(
*
*/
VOID PmpFreeObjectData(
- _In_ PWINOBJEX_PARAM_OBJECT ObjectPtr
+ _In_ PWINOBJEX_PARAM_OBJECT ParamObject
)
{
- if (ObjectPtr->ObjectDirectory) {
- HeapFree(GetProcessHeap(), 0, ObjectPtr->ObjectDirectory);
- }
- if (ObjectPtr->ObjectName) {
- HeapFree(GetProcessHeap(), 0, ObjectPtr->ObjectName);
- }
+ supFreeDuplicatedUnicodeString(g_obexHeap, &ParamObject->Directory, FALSE);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &ParamObject->Name, FALSE);
}
/*
@@ -600,84 +623,11 @@ VOID PmpFreeObjectData(
*
*/
BOOL PmpAllocateObjectData(
- _In_ HWND ParentWindow,
- _In_ PWINOBJEX_PARAM_OBJECT ObjectPtr,
- _In_opt_ HTREEITEM ObjectTreeItem
+ _In_ PWINOBJEX_PARAM_OBJECT ParamObject
)
{
- INT nSelected;
- LPWSTR lpObjectName = NULL;
-
- HANDLE processHeap = GetProcessHeap();
- BOOL bNameAllocated = FALSE;
-
- TV_ITEM tvi;
- WCHAR szBuffer[MAX_PATH + 1];
-
- ObjectPtr->ObjectDirectory = NULL;
- ObjectPtr->ObjectName = NULL;
- ObjectPtr->Reserved = NULL;
-
- if (ParentWindow == g_hwndObjectList) {
-
- //
- // Query selected index, leave on failure.
- //
- nSelected = ListView_GetSelectionMark(g_hwndObjectList);
- if (nSelected == -1)
- return FALSE;
-
- lpObjectName = supGetItemText(g_hwndObjectList, nSelected, 0, NULL);
- if (lpObjectName) bNameAllocated = TRUE;
-
- }
- else
- if (ParentWindow == g_hwndObjectTree) {
- if (ObjectTreeItem) {
-
- RtlSecureZeroMemory(&tvi, sizeof(TV_ITEM));
-
- szBuffer[0] = 0;
- RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
- tvi.pszText = szBuffer;
- tvi.cchTextMax = MAX_PATH;
- tvi.mask = TVIF_TEXT;
- tvi.hItem = ObjectTreeItem;
- if (TreeView_GetItem(g_hwndObjectTree, &tvi)) {
- lpObjectName = (LPWSTR)&szBuffer;
- bNameAllocated = FALSE;
- }
- }
- }
- else
- return FALSE;
-
- if (lpObjectName == NULL)
- return FALSE;
-
- ObjectPtr->ObjectDirectory = (LPWSTR)HeapAlloc(processHeap, HEAP_ZERO_MEMORY,
- (1 + _strlen(g_WinObj.CurrentObjectPath)) * sizeof(WCHAR));
-
- if (ObjectPtr->ObjectDirectory) {
- _strcpy(ObjectPtr->ObjectDirectory, g_WinObj.CurrentObjectPath);
- }
- else {
- return FALSE;
- }
-
- ObjectPtr->ObjectName = (LPWSTR)HeapAlloc(processHeap, HEAP_ZERO_MEMORY,
- (1 + _strlen(lpObjectName)) * sizeof(WCHAR));
-
- if (ObjectPtr->ObjectName) {
- _strcpy(ObjectPtr->ObjectName, lpObjectName);
- }
- else {
- HeapFree(processHeap, 0, ObjectPtr->ObjectDirectory);
- ObjectPtr->ObjectDirectory = NULL;
- return FALSE;
- }
-
- return TRUE;
+ return supGetCurrentObjectPath(FALSE, &ParamObject->Directory) &&
+ supGetCurrentObjectName(&ParamObject->Name);
}
/*
@@ -690,8 +640,7 @@ BOOL PmpAllocateObjectData(
*/
VOID PmProcessEntry(
_In_ HWND ParentWindow,
- _In_ UINT Id,
- _In_opt_ HTREEITEM ObjectTreeItem
+ _In_ UINT Id
)
{
NTSTATUS ntStatus;
@@ -780,7 +729,7 @@ VOID PmProcessEntry(
//
if (PluginEntry->Plugin.Type == ContextPlugin) {
- if (!PmpAllocateObjectData(ParentWindow, &ParamBlock.Object, ObjectTreeItem)) {
+ if (!PmpAllocateObjectData(&ParamBlock.Object)) {
MessageBox(ParentWindow,
TEXT("Cannot allocate memory for plugin data"),
@@ -800,12 +749,12 @@ VOID PmProcessEntry(
//
ParamBlock.ReadSystemMemoryEx = (pfnReadSystemMemoryEx)&PmpReadSystemMemoryEx;
ParamBlock.GetInstructionLength = (pfnGetInstructionLength)&kdGetInstructionLength;
- ParamBlock.OpenNamedObjectByType = (pfnOpenNamedObjectByType)&supOpenNamedObjectByType;
+ ParamBlock.OpenNamedObjectByType = (pfnOpenNamedObjectByType)&PmpOpenObjectByType;
//
// Version.
//
- RtlCopyMemory(&ParamBlock.Version, &g_WinObj.osver, sizeof(RTL_OSVERSIONINFOW));
+ ParamBlock.Version = g_WinObj.osver;
ntStatus = PluginEntry->Plugin.StartPlugin(&ParamBlock);
@@ -814,10 +763,9 @@ VOID PmProcessEntry(
ultohex((ULONG)ntStatus, _strend(szMessage));
MessageBox(ParentWindow, szMessage, NULL, MB_ICONERROR);
}
- else {
- if (PluginEntry->Plugin.Type == ContextPlugin) {
- PmpFreeObjectData(&ParamBlock.Object);
- }
+
+ if (PluginEntry->Plugin.Type == ContextPlugin) {
+ PmpFreeObjectData(&ParamBlock.Object);
}
}
@@ -1150,8 +1098,6 @@ VOID PmpHandleNotify(
break;
- default:
- break;
}
}
@@ -1203,7 +1149,7 @@ INT_PTR CALLBACK PmpDialogProc(
switch (uMsg) {
case WM_INITDIALOG:
- supCenterWindowSpecifyParent(hwndDlg, g_WinObj.MainWindow);
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
PmpEnumerateEntries(hwndDlg);
break;
diff --git a/Source/WinObjEx64/plugmngr.h b/Source/WinObjEx64/plugmngr.h
index 82da40a5..dae7d65b 100644
--- a/Source/WinObjEx64/plugmngr.h
+++ b/Source/WinObjEx64/plugmngr.h
@@ -4,9 +4,9 @@
*
* TITLE: PLUGINMNGR.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* Common header file for the plugin manager.
*
@@ -19,7 +19,7 @@
#pragma once
-#define WOBJ_PLUGIN_SYSTEM_VERSION 18712
+#define WOBJ_PLUGIN_SYSTEM_VERSION 20006
//
// Plugin init routine name.
@@ -58,14 +58,13 @@ typedef UCHAR(CALLBACK* pfnGetInstructionLength)(
typedef NTSTATUS(*pfnOpenNamedObjectByType)(
_Out_ HANDLE* ObjectHandle,
_In_ ULONG TypeIndex,
- _In_ LPWSTR ObjectDirectory,
- _In_opt_ LPWSTR ObjectName,
+ _In_ PUNICODE_STRING ObjectDirectory,
+ _In_ PUNICODE_STRING ObjectName,
_In_ ACCESS_MASK DesiredAccess);
typedef struct _WINOBJEX_PARAM_OBJECT {
- LPWSTR ObjectName;
- LPWSTR ObjectDirectory;
- PVOID Reserved;
+ UNICODE_STRING Name;
+ UNICODE_STRING Directory;
} WINOBJEX_PARAM_OBJECT, * PWINOBJEX_PARAM_OBJECT;
typedef struct _WINOBJEX_PARAM_BLOCK {
@@ -162,8 +161,7 @@ VOID PmDestroy();
VOID PmProcessEntry(
_In_ HWND ParentWindow,
- _In_ UINT Id,
- _In_opt_ HTREEITEM ObjectTreeItem);
+ _In_ UINT Id);
VOID PmBuildPluginPopupMenuByObjectType(
_In_ HMENU ContextMenu,
diff --git a/Source/WinObjEx64/props/propAlpcPort.c b/Source/WinObjEx64/props/propAlpcPort.c
index 4dbea6ed..ecef8971 100644
--- a/Source/WinObjEx64/props/propAlpcPort.c
+++ b/Source/WinObjEx64/props/propAlpcPort.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPALPCPORT.C
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 11 May 2021
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,7 +15,6 @@
*
*******************************************************************************/
#include "global.h"
-#include "propDlg.h"
#include "extras.h"
#define COLUMN_ALPCLIST_SERVER_PORT 0
@@ -138,9 +137,6 @@ VOID AlpcPortListHandleWMCommand(
}
break;
-
- default:
- break;
}
}
@@ -195,8 +191,6 @@ BOOL AlpcPortListHandleNotify(
}
break;
- default:
- break;
}
return FALSE;
diff --git a/Source/WinObjEx64/props/propAlpcPort.h b/Source/WinObjEx64/props/propAlpcPort.h
deleted file mode 100644
index 5b1c8b04..00000000
--- a/Source/WinObjEx64/props/propAlpcPort.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2021
-*
-* TITLE: PROPALPCPORT.H
-*
-* VERSION: 1.90
-*
-* DATE: 11 May 2021
-*
-* Common header file for ALPC Port property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK AlpcPortListDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propBasic.c b/Source/WinObjEx64/props/propBasic.c
index c2a8222e..11958320 100644
--- a/Source/WinObjEx64/props/propBasic.c
+++ b/Source/WinObjEx64/props/propBasic.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPBASIC.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -33,7 +33,7 @@ typedef VOID(CALLBACK* pfnPropQueryInfoRoutine)(
//
VOID propSetBasicInfoEx(
_In_ HWND hwndDlg,
- _In_ POBJINFO InfoObject);
+ _In_ POBEX_OBJECT_INFORMATION InfoObject);
/*
* propSetObjectHeaderAddressInfo
@@ -1048,10 +1048,10 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQuerySymlink)
NTSTATUS status;
ULONG bytesNeeded;
HANDLE hObject = NULL;
- LPWSTR lpLinkTarget;
WCHAR szBuffer[MAX_PATH + 1];
OBJECT_BASIC_INFORMATION obi;
+ UNICODE_STRING objectName, normalizedName;
SetDlgItemText(hwndDlg, ID_OBJECT_SYMLINK_TARGET, T_CannotQuery);
SetDlgItemText(hwndDlg, ID_OBJECT_SYMLINK_CREATION, T_CannotQuery);
@@ -1063,15 +1063,24 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQuerySymlink)
return;
}
- //
- // Copy link target from main object list for performance reasons.
- // Because we don't need to query same data again.
- //
- lpLinkTarget = Context->lpDescription;
- if (lpLinkTarget) {
- SetDlgItemText(hwndDlg, ID_OBJECT_SYMLINK_TARGET, lpLinkTarget);
- }
+ if (supCreateObjectPathFromElements(&Context->NtObjectName,
+ &Context->NtObjectPath,
+ &objectName,
+ TRUE))
+ {
+ if (supResolveSymbolicLinkTargetNormalized(
+ hObject,
+ NULL,
+ &objectName,
+ &normalizedName))
+ {
+ SetDlgItemText(hwndDlg, ID_OBJECT_SYMLINK_TARGET, normalizedName.Buffer);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &normalizedName, FALSE);
+ }
+ supFreeDuplicatedUnicodeString(g_obexHeap, &objectName, FALSE);
+ }
+
//Query Link Creation Time
RtlSecureZeroMemory(&obi, sizeof(OBJECT_BASIC_INFORMATION));
@@ -1435,6 +1444,11 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQuerySection)
szBuffer[0] = 0;
ultostr(sii.SubSystemMinorVersion, szBuffer);
SetDlgItemText(hwndDlg, ID_IMAGE_MNV, szBuffer);
+
+ //Image Flags
+ szBuffer[0] = 0;
+ ultostr(sii.ImageFlags, szBuffer);
+ SetDlgItemText(hwndDlg, ID_IMAGE_FLAGS, szBuffer);
}
}
}
@@ -1507,24 +1521,25 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryWindowStation)
*/
PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryDriver)
{
- LPWSTR lpItemText;
ENUMCHILDWNDDATA ChildWndData;
+ WCHAR szBuffer[MAX_PATH + 1];
+
UNREFERENCED_PARAMETER(ExtendedInfoAvailable);
- //
- // For performance reasons instead of query again
- // we use description from main object list.
- //
- lpItemText = Context->lpDescription;
- if (lpItemText) {
+ RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
+ if (supQueryDriverDescription(Context->NtObjectName.Buffer,
+ szBuffer,
+ MAX_PATH))
+ {
//show hidden controls
if (GetWindowRect(GetDlgItem(hwndDlg, ID_DRIVERINFO), &ChildWndData.Rect)) {
ChildWndData.nCmdShow = SW_SHOW;
EnumChildWindows(hwndDlg, supCallbackShowChildWindow, (LPARAM)&ChildWndData);
}
- SetDlgItemText(hwndDlg, ID_DRIVERDISPLAYNAME, lpItemText);
+ SetDlgItemText(hwndDlg, ID_DRIVERDISPLAYNAME, szBuffer);
}
+
}
/*
@@ -1537,24 +1552,27 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryDriver)
*/
PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryDevice)
{
- LPWSTR lpItemText;
ENUMCHILDWNDDATA ChildWndData;
+ WCHAR szBuffer[MAX_PATH + 1];
+
UNREFERENCED_PARAMETER(ExtendedInfoAvailable);
- //
- // For performance reasons instead of query again
- // we use description from main object list.
- //
- lpItemText = Context->lpDescription;
- if (lpItemText) {
+ RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
+ if (supQueryDeviceDescription(
+ &Context->NtObjectPath,
+ &Context->NtObjectName,
+ szBuffer,
+ MAX_PATH))
+ {
//show hidden controls
if (GetWindowRect(GetDlgItem(hwndDlg, ID_DEVICEINFO), &ChildWndData.Rect)) {
ChildWndData.nCmdShow = SW_SHOW;
EnumChildWindows(hwndDlg, supCallbackShowChildWindow, (LPARAM)&ChildWndData);
}
- SetDlgItemText(hwndDlg, ID_DEVICEDESCRIPTION, lpItemText);
+ SetDlgItemText(hwndDlg, ID_DEVICEDESCRIPTION, szBuffer);
}
+
}
/*
@@ -1562,7 +1580,7 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryDevice)
*
* Purpose:
*
-* Set information values for Partition object type
+* Set information values for MemoryPartition object type
*
*/
PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryMemoryPartition)
@@ -1584,6 +1602,33 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryMemoryPartition)
propCloseCurrentObject(Context, hObject);
}
+/*
+* propBasicQueryRegistryTransaction
+*
+* Purpose:
+*
+* Set information values for RegistryTransaction object type
+*
+*/
+PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryRegistryTransaction)
+{
+ HANDLE hObject = NULL;
+
+ UNREFERENCED_PARAMETER(ExtendedInfoAvailable);
+
+ //
+ // Open Registry Transaction object.
+ //
+ if (!propOpenCurrentObject(Context, &hObject, TRANSACTION_QUERY_INFORMATION))
+ return;
+
+ //
+ // Query object basic and type info if needed.
+ //
+ propSetDefaultInfo(Context, hwndDlg, hObject);
+ propCloseCurrentObject(Context, hObject);
+}
+
/*
* propBasicQueryProcess
*
@@ -1905,7 +1950,7 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryThread)
THREAD_NAME_INFORMATION *NameInformation;
- Thread = &Context->UnnamedObjectInfo.ThreadInformation;
+ Thread = &Context->u1.UnnamedObjectInfo.ThreadInformation;
//
// Open Thread object.
@@ -2710,7 +2755,8 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryDesktop)
BOOL bExtendedInfoAvailable;
HANDLE hDesktop = NULL;
ULONG_PTR ObjectAddress = 0, HeaderAddress = 0, InfoHeaderAddress = 0;
- OBJINFO InfoObject;
+
+ OBEX_OBJECT_INFORMATION InfoObject;
UNREFERENCED_PARAMETER(ExtendedInfoAvailable);
@@ -2788,7 +2834,7 @@ PROP_QUERY_INFORMATION_ROUTINE(propBasicQueryDesktop)
*/
VOID propSetBasicInfoEx(
_In_ HWND hwndDlg,
- _In_ POBJINFO InfoObject
+ _In_ POBEX_OBJECT_INFORMATION InfoObject
)
{
INT i;
@@ -2852,18 +2898,30 @@ VOID propSetBasicInfo(
_In_ HWND hwndDlg
)
{
- BOOL ExtendedInfoAvailable = FALSE, bQueryTrustLabel = FALSE;
- POBJINFO InfoObject = NULL;
+ BOOL ExtendedInfoAvailable = FALSE, bQueryTrustLabel = FALSE;
+ POBEX_OBJECT_INFORMATION InfoObject = NULL;
pfnPropQueryInfoRoutine propQueryInfoRoutine;
- SetDlgItemText(hwndDlg, ID_OBJECT_NAME, Context->lpObjectName);
- SetDlgItemText(hwndDlg, ID_OBJECT_TYPE, Context->lpObjectType);
+ UNICODE_STRING usObjectName;
+
+ if (supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ &Context->NtObjectName,
+ &usObjectName))
+ {
+ SetDlgItemText(hwndDlg, ID_OBJECT_NAME, usObjectName.Buffer);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &usObjectName, FALSE);
+ }
+ else {
+ SetDlgItemText(hwndDlg, ID_OBJECT_NAME, Context->NtObjectName.Buffer);
+ }
+
+ SetDlgItemText(hwndDlg, ID_OBJECT_TYPE, Context->TypeDescription->Name);
//
// Desktops should be parsed differently.
//
- if (Context->TypeIndex != ObjectTypeDesktop) {
+ if (Context->ObjectTypeIndex != ObjectTypeDesktop) {
//
// Dump object information depending on context type.
@@ -2871,15 +2929,16 @@ VOID propSetBasicInfo(
switch (Context->ContextType) {
case propPrivateNamespace:
- InfoObject = ObQueryObjectByAddress(Context->NamespaceInfo.ObjectAddress);
+ InfoObject = ObQueryObjectByAddress(Context->u1.NamespaceInfo.ObjectAddress);
break;
case propUnnamed:
- InfoObject = ObQueryObjectByAddress(Context->UnnamedObjectInfo.ObjectAddress);
+ InfoObject = ObQueryObjectByAddress(Context->u1.UnnamedObjectInfo.ObjectAddress);
break;
+ case propNormal:
default:
- InfoObject = ObQueryObject(Context->lpCurrentObjectPath, Context->lpObjectName);
+ InfoObject = ObQueryObjectInDirectory(&Context->NtObjectName, &Context->NtObjectPath);
break;
}
@@ -2888,11 +2947,11 @@ VOID propSetBasicInfo(
if (Context->ContextType == propUnnamed) {
- if (Context->UnnamedObjectInfo.ObjectAddress) {
+ if (Context->u1.UnnamedObjectInfo.ObjectAddress) {
propSetObjectHeaderAddressInfo(
hwndDlg,
- Context->UnnamedObjectInfo.ObjectAddress,
- (ULONG_PTR)OBJECT_TO_OBJECT_HEADER(Context->UnnamedObjectInfo.ObjectAddress));
+ Context->u1.UnnamedObjectInfo.ObjectAddress,
+ (ULONG_PTR)OBJECT_TO_OBJECT_HEADER(Context->u1.UnnamedObjectInfo.ObjectAddress));
}
}
else {
@@ -2902,7 +2961,7 @@ VOID propSetBasicInfo(
}
else {
//make copy of received dump
- supCopyMemory(&Context->ObjectInfo, sizeof(OBJINFO), InfoObject, sizeof(OBJINFO));
+ RtlCopyMemory(&Context->ObjectInfo, InfoObject, sizeof(OBEX_OBJECT_INFORMATION));
//
// Set Object Address, Header Address, NP/PP Charge, RefCount, HandleCount, Attributes.
@@ -2913,7 +2972,7 @@ VOID propSetBasicInfo(
// Special case for AlpcPort object type.
// The only information we can get is from driver here as we cannot open port directly.
//
- if (Context->TypeIndex == ObjectTypePort) {
+ if (Context->ObjectTypeIndex == ObjectTypePort) {
propBasicQueryAlpcPort(Context, hwndDlg, FALSE);
}
@@ -2927,7 +2986,7 @@ VOID propSetBasicInfo(
//
propQueryInfoRoutine = NULL;
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeDirectory:
bQueryTrustLabel = TRUE;
//if TRUE skip this because directory is basic dialog and basic info already set
@@ -2981,6 +3040,9 @@ VOID propSetBasicInfo(
case ObjectTypeMemoryPartition:
propQueryInfoRoutine = (pfnPropQueryInfoRoutine)propBasicQueryMemoryPartition;
break;
+ case ObjectTypeRegistryTransaction:
+ propQueryInfoRoutine = (pfnPropQueryInfoRoutine)propBasicQueryRegistryTransaction;
+ break;
case ObjectTypeProcess:
propQueryInfoRoutine = (pfnPropQueryInfoRoutine)propBasicQueryProcess;
break;
diff --git a/Source/WinObjEx64/props/propBasic.h b/Source/WinObjEx64/props/propBasic.h
deleted file mode 100644
index c0d42b29..00000000
--- a/Source/WinObjEx64/props/propBasic.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
-*
-* TITLE: PROPBASIC.H
-*
-* VERSION: 1.90
-*
-* DATE: 11 May 2021
-*
-* Common header file for Basic property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK BasicPropDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propBasicConsts.h b/Source/WinObjEx64/props/propBasicConsts.h
index 4d32603e..4e997e5d 100644
--- a/Source/WinObjEx64/props/propBasicConsts.h
+++ b/Source/WinObjEx64/props/propBasicConsts.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: PROPBASICCONSTS.H
*
-* VERSION: 1.90
+* VERSION: 2.00
*
-* DATE: 11 May 2021
+* DATE: 19 Jun 2022
*
* Consts header file for Basic property sheet.
*
diff --git a/Source/WinObjEx64/props/propCommon.h b/Source/WinObjEx64/props/propCommon.h
new file mode 100644
index 00000000..65a481ff
--- /dev/null
+++ b/Source/WinObjEx64/props/propCommon.h
@@ -0,0 +1,118 @@
+/*******************************************************************************
+*
+* (C) COPYRIGHT AUTHORS, 2022
+*
+* TITLE: PROPCOMMON.H
+*
+* VERSION: 2.00
+*
+* DATE: 19 Jun 2022
+*
+* Common header file for the property sheet based dialogs.
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+
+#pragma once
+
+typedef enum _PROP_CONTEXT_TYPE {
+ propNormal = 0,
+ propPrivateNamespace = 1,
+ propUnnamed = 2,
+ propMax = 3
+} PROP_CONTEXT_TYPE;
+
+typedef struct _PROP_NAMESPACE_INFO {
+ ULONG Reserved;
+ ULONG SizeOfBoundaryDescriptor;
+ OBJECT_BOUNDARY_DESCRIPTOR* BoundaryDescriptor;
+ ULONG_PTR ObjectAddress;
+} PROP_NAMESPACE_INFO, * PPROP_NAMESPACE_INFO;
+
+typedef struct _PROP_UNNAMED_OBJECT_INFO {
+ BOOL IsThreadToken;
+ ULONG_PTR ObjectAddress;
+ CLIENT_ID ClientId;
+ SYSTEM_THREAD_INFORMATION ThreadInformation;
+ UNICODE_STRING ImageName;
+} PROP_UNNAMED_OBJECT_INFO, * PPROP_UNNAMED_OBJECT_INFO;
+
+typedef struct _PROP_OBJECT_INFO {
+
+ PROP_CONTEXT_TYPE ContextType;
+ WOBJ_OBJECT_TYPE ObjectTypeIndex;
+
+ //
+ // Object specific flags
+ //
+ DWORD ObjectFlags;
+
+ //
+ // Unicode strings for object name/path where used.
+ //
+ UNICODE_STRING NtObjectName;
+ UNICODE_STRING NtObjectPath;
+
+ //
+ // Context specific data.
+ //
+ PVOID ExtrasContext;
+
+ //
+ // Reference to object type description entry in global array.
+ //
+ WOBJ_TYPE_DESC* TypeDescription;
+ WOBJ_TYPE_DESC* ShadowTypeDescription; //valid only for types, same as TypeDescription for everything else.
+
+ //
+ // Icons assigned during runtime.
+ //
+ HICON ObjectIcon;
+ HICON ObjectTypeIcon;
+
+ OBEX_OBJECT_INFORMATION ObjectInfo; //object dump related structures
+
+ //
+ // Private namespace or unnamed object (process/thread/token) information.
+ //
+ union {
+ PROP_NAMESPACE_INFO NamespaceInfo;
+ PROP_UNNAMED_OBJECT_INFO UnnamedObjectInfo;
+ } u1;
+
+} PROP_OBJECT_INFO, * PPROP_OBJECT_INFO;
+
+typedef struct _PROP_CONFIG {
+ PROP_CONTEXT_TYPE ContextType;
+ HWND hwndParent;
+
+ WOBJ_OBJECT_TYPE ObjectTypeIndex;
+
+ PUNICODE_STRING NtObjectName;
+ PUNICODE_STRING NtObjectPath;
+
+ union {
+ PVOID ObjectData;
+ union {
+ PROP_NAMESPACE_INFO* NamespaceObject;
+ PROP_UNNAMED_OBJECT_INFO* UnnamedObject;
+ } u1;
+ };
+} PROP_CONFIG, * PPROP_CONFIG;
+
+//open object method (propOpenCurrentObject)
+typedef BOOL(CALLBACK* POPENOBJECTMETHOD)(
+ _In_ PROP_OBJECT_INFO* Context,
+ _Inout_ PHANDLE phObject,
+ _In_ ACCESS_MASK DesiredAccess
+ );
+
+//close object method (propCloseCurrentObject)
+typedef VOID(CALLBACK* PCLOSEOBJECTMETHOD)(
+ _In_ PROP_OBJECT_INFO* Context,
+ _In_ HANDLE hObject
+ );
diff --git a/Source/WinObjEx64/props/propDesktop.c b/Source/WinObjEx64/props/propDesktop.c
index 61d05089..c58ff365 100644
--- a/Source/WinObjEx64/props/propDesktop.c
+++ b/Source/WinObjEx64/props/propDesktop.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPDESKTOP.C
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 11 May 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -37,30 +37,28 @@ BOOL CALLBACK DesktopListEnumProc(
_In_ LPARAM lParam
)
{
- BOOL bSucc;
- INT nIndex;
- DWORD bytesNeeded, dwDesktopHeapSize;
+ BOOL bSucc;
+ INT nIndex;
+ DWORD bytesNeeded, dwDesktopHeapSize;
LPWSTR lpName, StringSid;
- PSID pSID;
+ PSID pSID;
SIZE_T sz;
- HDESK hDesktop;
+ HDESK hDesktop;
LVITEM lvitem;
- WCHAR szBuffer[MAX_PATH];
+ WCHAR szHeap[64];
DLG_ENUM_CALLBACK_CONTEXT* enumParam = (DLG_ENUM_CALLBACK_CONTEXT*)lParam;
if (enumParam == NULL) {
return FALSE;
}
- // Desktop\\Object+0
- sz = (3 + _strlen(lpszDesktop) + _strlen(enumParam->ObjectContext->lpObjectName)) * sizeof(WCHAR);
+ // Object
+ sz = (1 + _strlen(lpszDesktop)) * sizeof(WCHAR);
lpName = (LPWSTR)supHeapAlloc(sz);
if (lpName == NULL)
return 0;
- _strcpy(lpName, enumParam->ObjectContext->lpObjectName);
- _strcat(lpName, TEXT("\\"));
- _strcat(lpName, lpszDesktop);
+ _strcpy(lpName, lpszDesktop);
//Name
RtlSecureZeroMemory(&lvitem, sizeof(lvitem));
@@ -126,10 +124,10 @@ BOOL CALLBACK DesktopListEnumProc(
&bytesNeeded))
{
if (dwDesktopHeapSize) {
- RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
- ultostr(dwDesktopHeapSize / 1024, szBuffer);
- _strcat(szBuffer, TEXT(" Mb"));
- lvitem.pszText = szBuffer;
+ szHeap[0] = 0;
+ ultostr(dwDesktopHeapSize / 1024, szHeap);
+ _strcat(szHeap, TEXT(" Mb"));
+ lvitem.pszText = szHeap;
}
else {
lvitem.pszText = T_EmptyString;
@@ -296,15 +294,15 @@ VOID DesktopListShowProperties(
)
{
EXTRASCONTEXT* pDlgContext;
- SIZE_T ItemTextSize, i, l;
- LPWSTR lpName, lpItemText;
+ LPWSTR lpName;
+ UNICODE_STRING usObjectName;
- PROP_DIALOG_CREATE_SETTINGS propSettings;
+ PROP_CONFIG propConfig;
//
// Allow only one dialog at same time.
//
- ENSURE_DIALOG_UNIQUE(g_DesktopPropWindow);
+ supCloseKnownPropertiesDialog(propGetDesktopWindow());
//
// A very basic support for this type.
@@ -313,28 +311,24 @@ VOID DesktopListShowProperties(
pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
if (pDlgContext) {
- ItemTextSize = 0;
- lpItemText = supGetItemText(
+ lpName = supGetItemText(
pDlgContext->ListView,
ListView_GetSelectionMark(pDlgContext->ListView),
0,
- &ItemTextSize);
+ NULL);
- if (lpItemText) {
- l = 0;
- for (i = 0; i < ItemTextSize / sizeof(WCHAR); i++)
- if (lpItemText[i] == L'\\')
- l = i + 1;
- lpName = &lpItemText[l];
+ if (lpName) {
- RtlSecureZeroMemory(&propSettings, sizeof(propSettings));
- propSettings.hwndParent = hwndDlg;
- propSettings.lpObjectName = lpName;
- propSettings.lpObjectType = OBTYPE_NAME_DESKTOP;
+ RtlInitUnicodeString(&usObjectName, lpName);
- propCreateDialog(&propSettings);
+ RtlSecureZeroMemory(&propConfig, sizeof(propConfig));
+ propConfig.hwndParent = hwndDlg;
+ propConfig.NtObjectName = &usObjectName;
+ propConfig.ObjectTypeIndex = ObjectTypeDesktop;
- supHeapFree(lpItemText);
+ propCreateDialog(&propConfig);
+
+ supHeapFree(lpName);
}
}
}
diff --git a/Source/WinObjEx64/props/propDesktop.h b/Source/WinObjEx64/props/propDesktop.h
deleted file mode 100644
index 91ea8233..00000000
--- a/Source/WinObjEx64/props/propDesktop.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2018
-*
-* TITLE: PROPDESKTOP.H
-*
-* VERSION: 1.52
-*
-* DATE: 08 Jan 2018
-*
-* Common header file for Desktops property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK DesktopListDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propDlg.c b/Source/WinObjEx64/props/propDlg.c
index b6096b5a..4469dfd8 100644
--- a/Source/WinObjEx64/props/propDlg.c
+++ b/Source/WinObjEx64/props/propDlg.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPDLG.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 06 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,19 +15,10 @@
*
*******************************************************************************/
#include "global.h"
-#include "propAlpcPort.h"
-#include "propBasic.h"
-#include "propDesktop.h"
-#include "propDriver.h"
-#include "propObjectDump.h"
-#include "propProcess.h"
-#include "propSection.h"
-#include "propSecurity.h"
-#include "propToken.h"
-#include "propType.h"
+#include "props.h"
//previously focused window
-HWND hPrevFocus;
+HWND PreviousFocus = NULL;
//maximum number of possible pages, include space reserved for future use
#define MAX_PAGE 10
@@ -37,11 +28,42 @@ HPROPSHEETPAGE PropPages[MAX_PAGE];
WNDPROC PropSheetOriginalWndProc = NULL;
//handle to the PropertySheet window
-HWND g_PropWindow = NULL;
-HWND g_PsPropWindow = NULL;
-HWND g_PsTokenWindow = NULL;
-HWND g_DesktopPropWindow = NULL;
-HWND g_NamespacePropWindow = NULL;
+HWND CommonPropWindow = NULL;
+HWND ProcessesPropWindow = NULL;
+HWND ThreadsPropWindow = NULL;
+HWND TokenPropWindow = NULL;
+HWND DesktopPropWindow = NULL;
+HWND NamespacePropWindow = NULL;
+
+HWND propGetCommonWindow()
+{
+ return CommonPropWindow;
+}
+
+HWND propGetProcessesWindow()
+{
+ return ProcessesPropWindow;
+}
+
+HWND propGetThreadsWindow()
+{
+ return ThreadsPropWindow;
+}
+
+HWND propGetTokenWindow()
+{
+ return TokenPropWindow;
+}
+
+HWND propGetDesktopWindow()
+{
+ return DesktopPropWindow;
+}
+
+HWND propGetNamespaceWindow()
+{
+ return NamespacePropWindow;
+}
/*
* propCloseCurrentObject
@@ -59,6 +81,33 @@ BOOL propCloseCurrentObject(
return supCloseObjectFromContext(Context, hObject);
}
+/*
+* propIsUnsupportedTypeForOpen
+*
+* Purpose:
+*
+* Filter object opening by type as we cannot open everything.
+*
+*/
+BOOL propIsUnsupportedTypeForOpen(
+ _In_ WOBJ_OBJECT_TYPE TypeIndex
+)
+{
+ WOBJ_OBJECT_TYPE propUnsupportedTypes[] = {
+ ObjectTypeUnknown,
+ ObjectTypeFltConnPort,
+ ObjectTypeFltComnPort,
+ ObjectTypeWaitablePort
+ };
+
+ ULONG i;
+ for (i = 0; i < RTL_NUMBER_OF(propUnsupportedTypes); i++)
+ if (TypeIndex == propUnsupportedTypes[i])
+ return TRUE;
+
+ return FALSE;
+}
+
/*
* propOpenCurrentObject
*
@@ -67,66 +116,52 @@ BOOL propCloseCurrentObject(
* Opens currently viewed object depending on type
*
*/
+_Success_(return)
BOOL propOpenCurrentObject(
_In_ PROP_OBJECT_INFO* Context,
_Out_ PHANDLE phObject,
_In_ ACCESS_MASK DesiredAccess
)
{
- BOOL bResult;
- HANDLE hObject, hDirectory;
- NTSTATUS status;
- UNICODE_STRING ustr;
- OBJECT_ATTRIBUTES obja;
+ BOOL bResult;
+ HANDLE hObject, hDirectory;
+ NTSTATUS status;
+ OBJECT_ATTRIBUTES obja;
bResult = FALSE;
- *phObject = NULL;
-
//
// Filter unsupported types.
//
- if (
- (Context->TypeIndex == ObjectTypeUnknown) ||
- (Context->TypeIndex == ObjectTypeFltConnPort) ||
- (Context->TypeIndex == ObjectTypeFltComnPort) ||
- (Context->TypeIndex == ObjectTypeWaitablePort)
- )
- {
+ if (propIsUnsupportedTypeForOpen(Context->ObjectTypeIndex)) {
SetLastError(ERROR_UNSUPPORTED_TYPE);
- return bResult;
+ return FALSE;
}
//
// Handle window station type.
//
- if (Context->TypeIndex == ObjectTypeWinstation) {
+ if (Context->ObjectTypeIndex == ObjectTypeWinstation) {
hObject = supOpenWindowStationFromContext(Context, FALSE, DesiredAccess); //WINSTA_READATTRIBUTES for query
bResult = (hObject != NULL);
if (bResult) {
*phObject = hObject;
- SetLastError(ERROR_SUCCESS);
- }
- else {
- SetLastError(ERROR_ACCESS_DENIED);
}
+
return bResult;
}
//
// Handle desktop type.
//
- if (Context->TypeIndex == ObjectTypeDesktop) {
- if (Context->lpObjectName == NULL) {
- SetLastError(ERROR_INVALID_PARAMETER);
- return bResult;
- }
- hObject = OpenDesktop(Context->lpObjectName, 0, FALSE, DesiredAccess); //DESKTOP_READOBJECTS for query
+ if (Context->ObjectTypeIndex == ObjectTypeDesktop) {
+
+ hObject = OpenDesktop(Context->NtObjectName.Buffer, 0, FALSE, DesiredAccess); //DESKTOP_READOBJECTS for query
bResult = (hObject != NULL);
if (bResult) {
*phObject = hObject;
- SetLastError(ERROR_SUCCESS);
}
+
return bResult;
}
@@ -155,13 +190,10 @@ BOOL propOpenCurrentObject(
// Namespace objects must be handled in a special way.
//
if (Context->ContextType == propPrivateNamespace) {
- if (Context->lpObjectName == NULL) {
- SetLastError(ERROR_INVALID_PARAMETER);
- return bResult;
- }
- RtlInitUnicodeString(&ustr, Context->lpObjectName);
- InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
+ InitializeObjectAttributes(&obja, &Context->NtObjectName,
+ OBJ_CASE_INSENSITIVE, NULL, NULL);
+
hObject = supOpenObjectFromContext(
Context,
&obja,
@@ -176,14 +208,6 @@ BOOL propOpenCurrentObject(
return bResult;
}
- if ((Context->lpObjectName == NULL) ||
- (Context->lpCurrentObjectPath == NULL)
- )
- {
- SetLastError(ERROR_INVALID_PARAMETER);
- return bResult;
- }
-
hDirectory = NULL;
if (DesiredAccess == 0) {
@@ -193,16 +217,16 @@ BOOL propOpenCurrentObject(
//
// Handle directory type.
//
- if (Context->TypeIndex == ObjectTypeDirectory) {
+ if (Context->ObjectTypeIndex == ObjectTypeDirectory) {
//
// If this is root, then root hDirectory = NULL.
//
- if (_strcmpi(Context->lpObjectName, KM_OBJECTS_ROOT_DIRECTORY) != 0) {
+ if (!supIsRootDirectory(&Context->NtObjectName)) {
//
// Otherwise open directory that keep this object.
//
- supOpenDirectoryForObject(&hDirectory, Context->lpObjectName, Context->lpCurrentObjectPath);
+ supOpenDirectoryEx(&hDirectory, NULL, &Context->NtObjectPath, DIRECTORY_QUERY);
if (hDirectory == NULL) {
SetLastError(ERROR_OBJECT_NOT_FOUND);
return bResult;
@@ -213,8 +237,9 @@ BOOL propOpenCurrentObject(
// Open object in directory.
//
- status = supOpenDirectory(&hObject, hDirectory,
- Context->lpObjectName,
+ status = supOpenDirectoryEx(&hObject,
+ hDirectory,
+ &Context->NtObjectName,
DesiredAccess);
if (!NT_SUCCESS(status)) {
@@ -237,14 +262,13 @@ BOOL propOpenCurrentObject(
//
// Open directory which current object belongs.
//
- supOpenDirectoryForObject(&hDirectory, Context->lpObjectName, Context->lpCurrentObjectPath);
+ supOpenDirectoryEx(&hDirectory, NULL, &Context->NtObjectPath, DIRECTORY_QUERY);
if (hDirectory == NULL) {
SetLastError(ERROR_OBJECT_NOT_FOUND);
return bResult;
}
- RtlInitUnicodeString(&ustr, Context->lpObjectName);
- InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, hDirectory, NULL);
+ InitializeObjectAttributes(&obja, &Context->NtObjectName, OBJ_CASE_INSENSITIVE, hDirectory, NULL);
status = STATUS_UNSUCCESSFUL;
hObject = NULL;
@@ -277,97 +301,92 @@ BOOL propOpenCurrentObject(
*
*/
PPROP_OBJECT_INFO propContextCreate(
- _In_opt_ LPWSTR lpObjectName,
- _In_opt_ LPCWSTR lpObjectType,
- _In_opt_ LPWSTR lpCurrentObjectPath,
- _In_opt_ LPWSTR lpDescription
+ _In_ PROP_CONFIG* Config
)
{
- BOOL bSelectedObject = FALSE, bSelectedDirectory = FALSE;
- PROP_OBJECT_INFO* Context;
+ PROP_OBJECT_INFO* propContext;
- __try {
- //
- // Allocate context structure.
- //
- Context = (PROP_OBJECT_INFO*)supHeapAlloc(sizeof(PROP_OBJECT_INFO));
- if (Context == NULL)
- return NULL;
+ union {
+ PVOID Ref;
+ union {
+ PROP_NAMESPACE_INFO* NamespaceObject;
+ PROP_UNNAMED_OBJECT_INFO* UnnamedObject;
+ };
+ } ObjectRef;
- Context->TypeDescription = ObManagerGetEntryByTypeName(lpObjectType);
+ //
+ // Allocate context structure.
+ //
+ propContext = (PROP_OBJECT_INFO*)supHeapAlloc(sizeof(PROP_OBJECT_INFO));
+ if (propContext == NULL)
+ return NULL;
+
+ propContext->ObjectTypeIndex = Config->ObjectTypeIndex;
+
+ //
+ // Copy object name if given.
+ //
+ if (Config->NtObjectName) {
+ supDuplicateUnicodeString(g_obexHeap, &propContext->NtObjectName, Config->NtObjectName);
+ }
+
+ //
+ // Copy object path if given because dialog is modeless.
+ //
+ if (Config->NtObjectPath) {
+ supDuplicateUnicodeString(g_obexHeap, &propContext->NtObjectPath, Config->NtObjectPath);
+ }
+
+ propContext->TypeDescription = ObManagerGetEntryByTypeIndex(propContext->ObjectTypeIndex);
+ //
+ // Check if object is Type object.
+ // Type objects handled differently.
+ //
+ if (propContext->ObjectTypeIndex == ObjectTypeType) {
+ propContext->ShadowTypeDescription = ObManagerGetEntryByTypeName(propContext->NtObjectName.Buffer);
+ }
+ else {
//
// Use the same type descriptor by default for shadow.
//
- Context->ShadowTypeDescription = Context->TypeDescription;
+ propContext->ShadowTypeDescription = propContext->TypeDescription;
+ }
- //
- // Copy object name if given.
- //
- if (lpObjectName) {
+ //
+ // Remember namespace or unnamed object info.
+ // Always last.
+ //
+ ObjectRef.Ref = Config->ObjectData;
- Context->lpObjectName = (LPWSTR)supHeapAlloc((1 + _strlen(lpObjectName)) * sizeof(WCHAR));
- if (Context->lpObjectName) {
- _strcpy(Context->lpObjectName, lpObjectName);
- bSelectedObject = (_strcmpi(Context->lpObjectName, TEXT("ObjectTypes")) == 0);
- }
- }
+ if (Config->ContextType == propPrivateNamespace) {
- //
- // Copy object type if given.
- //
- if (lpObjectType) {
- Context->lpObjectType = (LPWSTR)supHeapAlloc((1 + _strlen(lpObjectType)) * sizeof(WCHAR));
- if (Context->lpObjectType) {
- _strcpy(Context->lpObjectType, lpObjectType);
- }
- Context->TypeIndex = ObManagerGetIndexByTypeName(lpObjectType);
- }
- else {
- Context->TypeIndex = ObjectTypeUnknown;
- }
+ propContext->ContextType = propPrivateNamespace;
+ propContext->u1.NamespaceInfo = *ObjectRef.NamespaceObject;
- //
- // Copy CurrentObjectPath if given, as it can change because dialog is modeless.
- //
- if (lpCurrentObjectPath) {
- Context->lpCurrentObjectPath = (LPWSTR)supHeapAlloc((1 + _strlen(lpCurrentObjectPath)) * sizeof(WCHAR));
- if (Context->lpCurrentObjectPath) {
- _strcpy(Context->lpCurrentObjectPath, lpCurrentObjectPath);
- bSelectedDirectory = (_strcmpi(Context->lpCurrentObjectPath, T_OBJECTTYPES) == 0);
- }
- }
+ }
+ else if (Config->ContextType == propUnnamed) {
+ propContext->ContextType = propUnnamed;
//
- // Copy object description, could be NULL.
+ // Copy generic data.
//
- if (lpDescription) {
- Context->lpDescription = (LPWSTR)supHeapAlloc((1 + _strlen(lpDescription)) * sizeof(WCHAR));
- if (Context->lpDescription) {
- _strcpy(Context->lpDescription, lpDescription);
- }
+ propContext->u1.UnnamedObjectInfo.ObjectAddress = ObjectRef.UnnamedObject->ObjectAddress;
+ propContext->u1.UnnamedObjectInfo.ClientId = ObjectRef.UnnamedObject->ClientId;
+ if (propContext->ObjectTypeIndex == ObjectTypeThread) {
+ propContext->u1.UnnamedObjectInfo.ThreadInformation = ObjectRef.UnnamedObject->ThreadInformation;
}
//
- // Check if object is Type object.
- // Type objects handled differently.
+ // Copy image name if present.
//
- if ((bSelectedObject == FALSE) && (bSelectedDirectory != FALSE)) {
- Context->IsType = TRUE;
- //
- // Query actual type index for case when user will browse Type object info.
- //
- if (Context->lpObjectName) {
- Context->ShadowTypeDescription = ObManagerGetEntryByTypeName(Context->lpObjectName);
- }
-
- }
+ supDuplicateUnicodeString(g_obexHeap,
+ &propContext->u1.UnnamedObjectInfo.ImageName,
+ &ObjectRef.UnnamedObject->ImageName);
}
- __except (WOBJ_EXCEPTION_FILTER_LOG) {
- return NULL;
- }
- return Context;
+
+ return propContext;
}
/*
@@ -382,50 +401,68 @@ VOID propContextDestroy(
_In_ PROP_OBJECT_INFO* Context
)
{
- __try {
-
- //free associated icons
- supDestroyIconForObjectType(Context);
-
- //free name
- if (Context->lpObjectName) {
- supHeapFree(Context->lpObjectName);
- }
- //free type
- if (Context->lpObjectType) {
- supHeapFree(Context->lpObjectType);
+ //free associated icons
+ if (Context->ObjectTypeIndex == ObjectTypeType) {
+ if (Context->ObjectTypeIcon) {
+ DestroyIcon(Context->ObjectTypeIcon);
}
- //free currentobjectpath
- if (Context->lpCurrentObjectPath) {
- supHeapFree(Context->lpCurrentObjectPath);
- }
- //free description
- if (Context->lpDescription) {
- supHeapFree(Context->lpDescription);
- }
- //free boundary descriptor
- if (Context->ContextType == propPrivateNamespace) {
- if (Context->NamespaceInfo.BoundaryDescriptor) {
- supHeapFree(Context->NamespaceInfo.BoundaryDescriptor);
- }
+ }
+ if (Context->ObjectIcon) {
+ DestroyIcon(Context->ObjectIcon);
+ }
+
+ //free boundary descriptor
+ if (Context->ContextType == propPrivateNamespace) {
+ if (Context->u1.NamespaceInfo.BoundaryDescriptor) {
+ supHeapFree(Context->u1.NamespaceInfo.BoundaryDescriptor);
}
+ }
+ else if (Context->ContextType == propUnnamed) {
//free unnamed object info
- if (Context->ContextType == propUnnamed) {
- if (Context->UnnamedObjectInfo.ImageName.Buffer)
- supHeapFree(Context->UnnamedObjectInfo.ImageName.Buffer);
- }
+ supFreeDuplicatedUnicodeString(g_obexHeap, &Context->u1.UnnamedObjectInfo.ImageName, FALSE);
+ }
- if (Context->PortObjectInfo.IsAllocated) {
- if (Context->PortObjectInfo.ReferenceHandle)
- NtClose(Context->PortObjectInfo.ReferenceHandle);
- }
+ supFreeDuplicatedUnicodeString(g_obexHeap, &Context->NtObjectName, FALSE);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &Context->NtObjectPath, FALSE);
- //free context itself
- supHeapFree(Context);
+ //free context itself
+ supHeapFree(Context);
+}
+VOID propSetSharedHwnd(
+ _In_ HWND hwnd
+)
+{
+ if (hwnd == TokenPropWindow) {
+ TokenPropWindow = NULL;
}
- __except (WOBJ_EXCEPTION_FILTER) {
- return;
+ else if (hwnd == ProcessesPropWindow) {
+ if (TokenPropWindow) {
+ TokenPropWindow = NULL;
+ }
+ if (ThreadsPropWindow) {
+ ThreadsPropWindow = NULL;
+ }
+ ProcessesPropWindow = NULL;
+ }
+ else if (hwnd == ThreadsPropWindow) {
+ ThreadsPropWindow = NULL;
+ }
+ else if (hwnd == NamespacePropWindow) {
+ NamespacePropWindow = NULL;
+ }
+ else if (hwnd == DesktopPropWindow) {
+ DesktopPropWindow = NULL;
+ }
+ if (hwnd == CommonPropWindow) {
+ if (DesktopPropWindow) {
+ DesktopPropWindow = NULL;
+ }
+ //restore previous focus
+ if (PreviousFocus && IsWindow(PreviousFocus)) {
+ SetFocus(PreviousFocus);
+ }
+ CommonPropWindow = NULL;
}
}
@@ -464,30 +501,8 @@ LRESULT WINAPI PropSheetCustomWndProc(
break;
case WM_CLOSE:
- if (hwnd == g_PsTokenWindow) {
- g_PsTokenWindow = NULL;
- }
- else if (hwnd == g_PsPropWindow) {
- g_PsPropWindow = NULL;
- }
- else if (hwnd == g_NamespacePropWindow) {
- g_NamespacePropWindow = NULL;
- }
- else if (hwnd == g_DesktopPropWindow) {
- g_DesktopPropWindow = NULL;
- }
- if (hwnd == g_PropWindow) {
- if (g_DesktopPropWindow) {
- g_DesktopPropWindow = NULL;
- }
- //restore previous focus
- if (hPrevFocus && IsWindow(hPrevFocus)) {
- SetFocus(hPrevFocus);
- }
- g_PropWindow = NULL;
- }
-
- return DestroyWindow(hwnd);
+ propSetSharedHwnd(hwnd);
+ DestroyWindow(hwnd);
break;
case WM_COMMAND:
@@ -496,83 +511,10 @@ LRESULT WINAPI PropSheetCustomWndProc(
return TRUE;
}
break;
- default:
- break;
- }
- return CallWindowProc(PropSheetOriginalWndProc, hwnd, Msg, wParam, lParam);
-}
-
-/*
-* propCopyNamespaceObject
-*
-* Purpose:
-*
-* Copy namespace object to the properties context.
-*
-*/
-VOID propCopyNamespaceObject(
- _In_ PROP_OBJECT_INFO* DestinationContext,
- _In_ PROP_NAMESPACE_INFO* NamespaceObject
-)
-{
- DestinationContext->ContextType = propPrivateNamespace;
-
- RtlCopyMemory(
- &DestinationContext->NamespaceInfo,
- NamespaceObject,
- sizeof(PROP_NAMESPACE_INFO));
-}
-/*
-* propCopyUnnamedObject
-*
-* Purpose:
-*
-* Copy unnamed object to the properties context.
-*
-*/
-VOID propCopyUnnamedObject(
- _In_ PROP_OBJECT_INFO* DestinationContext,
- _In_ PROP_UNNAMED_OBJECT_INFO* SourceObject
-)
-{
- PVOID CopyBuffer;
- SIZE_T CopySize;
-
- DestinationContext->ContextType = propUnnamed;
-
- //
- // Copy generic data.
- //
- DestinationContext->UnnamedObjectInfo.ObjectAddress = SourceObject->ObjectAddress;
-
- RtlCopyMemory(&DestinationContext->UnnamedObjectInfo.ClientId,
- &SourceObject->ClientId,
- sizeof(CLIENT_ID));
-
- if (DestinationContext->TypeIndex == ObjectTypeThread) {
-
- RtlCopyMemory(&DestinationContext->UnnamedObjectInfo.ThreadInformation,
- &SourceObject->ThreadInformation,
- sizeof(SYSTEM_THREAD_INFORMATION));
}
- //
- // Copy image name if present.
- //
- CopySize = SourceObject->ImageName.MaximumLength;
- if (CopySize) {
- CopyBuffer = supHeapAlloc(CopySize);
- if (CopyBuffer) {
-
- DestinationContext->UnnamedObjectInfo.ImageName.MaximumLength = (USHORT)CopySize;
- DestinationContext->UnnamedObjectInfo.ImageName.Buffer = (PWSTR)CopyBuffer;
-
- RtlCopyUnicodeString(&DestinationContext->UnnamedObjectInfo.ImageName,
- &SourceObject->ImageName);
-
- }
- }
+ return CallWindowProc(PropSheetOriginalWndProc, hwnd, Msg, wParam, lParam);
}
HPROPSHEETPAGE propAddPage(
@@ -622,7 +564,7 @@ INT propCreatePages(
//
// Select dialog for basic info.
//
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeTimer:
pszTemplate = MAKEINTRESOURCE(IDD_PROP_TIMER);
break;
@@ -687,7 +629,7 @@ INT propCreatePages(
// Create Objects page for supported types.
//
if (IsDriverAssisted) {
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeDirectory:
case ObjectTypeDriver:
case ObjectTypeDevice:
@@ -715,8 +657,8 @@ INT propCreatePages(
//
// Create specific page for Process/Thread objects.
//
- if ((Context->TypeIndex == ObjectTypeProcess) ||
- (Context->TypeIndex == ObjectTypeThread))
+ if ((Context->ObjectTypeIndex == ObjectTypeProcess) ||
+ (Context->ObjectTypeIndex == ObjectTypeThread))
{
PropPages[nPages++] = propAddPage(
TEXT("Token"),
@@ -728,7 +670,7 @@ INT propCreatePages(
//
// Create additional page(s), depending on object type.
//
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeDirectory:
case ObjectTypePort:
case ObjectTypeFltComnPort:
@@ -743,6 +685,7 @@ INT propCreatePages(
case ObjectTypeSession:
case ObjectTypeIoCompletion:
case ObjectTypeMemoryPartition:
+ case ObjectTypeRegistryTransaction:
case ObjectTypeProcess:
case ObjectTypeThread:
case ObjectTypeWinstation:
@@ -757,7 +700,9 @@ INT propCreatePages(
//
// Add desktop list for selected desktop, located here because of sheets order.
//
- if (Context->TypeIndex == ObjectTypeWinstation) {
+ // WinStation->Basic->Process->[Desktops]->Security
+ //
+ if (Context->ObjectTypeIndex == ObjectTypeWinstation) {
PropPages[nPages++] = propAddPage(
TEXT("Desktops"),
@@ -787,7 +732,7 @@ INT propCreatePages(
//
if (g_NtBuildNumber >= NT_WIN10_THRESHOLD1 &&
- Context->TypeIndex == ObjectTypeSection
+ Context->ObjectTypeIndex == ObjectTypeSection
&& IsDriverAssisted)
{
PropPages[nPages++] = propAddPage(
@@ -800,7 +745,7 @@ INT propCreatePages(
//
// Add ALPC port specific page, driver assistance required.
//
- if (Context->TypeIndex == ObjectTypePort && IsDriverAssisted) {
+ if (Context->ObjectTypeIndex == ObjectTypePort && IsDriverAssisted) {
PropPages[nPages++] = propAddPage(
TEXT("Connections"),
@@ -822,10 +767,10 @@ INT propCreatePages(
// Create Security Dialog if available.
//
hSecurityPage = propSecurityCreatePage(
- Context, //Context
- (POPENOBJECTMETHOD)&propOpenCurrentObject, //OpenObjectMethod
- (PCLOSEOBJECTMETHOD)&propCloseCurrentObject, //CloseObjectMethod
- SI_EDIT_OWNER | SI_EDIT_PERMS | //psiFlags
+ Context, //Context
+ (POPENOBJECTMETHOD)&propOpenCurrentObject, //OpenObjectMethod
+ (PCLOSEOBJECTMETHOD)&propCloseCurrentObject, //CloseObjectMethod
+ SI_EDIT_OWNER | SI_EDIT_PERMS | //psiFlags
SI_ADVANCED | SI_NO_ACL_PROTECT | SI_NO_TREE_APPLY |
SI_PAGE_TITLE
);
@@ -847,59 +792,29 @@ INT propCreatePages(
*
*/
VOID propCreateDialog(
- _In_ PROP_DIALOG_CREATE_SETTINGS* Settings
+ _In_ PROP_CONFIG* Config
)
{
- BOOL IsSimpleContext = FALSE;
- INT nPages;
- HWND hwnd, topLevelOwner;
+ INT nPages;
+ HWND hwnd, topLevelOwner;
PROP_OBJECT_INFO* propContext = NULL;
- PROPSHEETHEADER PropHeader;
- WCHAR szCaption[MAX_PATH * 2];
-
- //
- // Mutual exclusion situation.
- //
- if ((Settings->NamespaceObject != NULL) && (Settings->UnnamedObject != NULL))
- return;
-
- IsSimpleContext = (Settings->NamespaceObject != NULL) || (Settings->UnnamedObject != NULL);
+ PROPSHEETHEADER PropHeader;
+ WOBJ_TYPE_DESC* typeEntry;
+ WCHAR szCaption[MAX_PATH * 2];
//
// Allocate context variable, copy name, type, object path.
//
- propContext = propContextCreate(
- Settings->lpObjectName,
- Settings->lpObjectType,
- (IsSimpleContext) ? NULL : g_WinObj.CurrentObjectPath,
- (IsSimpleContext) ? NULL : Settings->lpDescription);
-
+ propContext = propContextCreate(Config);
if (propContext == NULL)
return;
-
- //
- // Remember namespace or unnamed object info.
- //
- if (Settings->NamespaceObject) {
-
- propCopyNamespaceObject(propContext,
- Settings->NamespaceObject);
-
- }
- else if (Settings->UnnamedObject) {
-
- propCopyUnnamedObject(propContext,
- Settings->UnnamedObject);
-
- }
-
//
// Remember previously focused window.
// Except special types: Desktop.
//
- if (propContext->TypeIndex != ObjectTypeDesktop) {
- hPrevFocus = GetFocus();
+ if (propContext->ObjectTypeIndex != ObjectTypeDesktop) {
+ PreviousFocus = GetFocus();
}
nPages = propCreatePages(propContext);
@@ -907,24 +822,25 @@ VOID propCreateDialog(
//
// Finally create property sheet.
//
- if (propContext->IsType) {
- if (Settings->lpObjectName) {
- _strncpy(szCaption, MAX_PATH, Settings->lpObjectName, _strlen(Settings->lpObjectName));
- }
- else {
- _strcpy(szCaption, TEXT("Unknown Object"));
- }
+ if (propContext->ObjectTypeIndex == ObjectTypeType) {
+
+ _strncpy(szCaption,
+ MAX_PATH,
+ propContext->NtObjectName.Buffer,
+ propContext->NtObjectName.Length / sizeof(WCHAR));
+
}
else {
- if (Settings->lpObjectType) {
- _strncpy(szCaption, MAX_PATH, Settings->lpObjectType, _strlen(Settings->lpObjectType));
+ typeEntry = propContext->TypeDescription;
+ if (typeEntry->Index != ObjectTypeUnknown) {
+ _strncpy(szCaption, MAX_PATH, typeEntry->Name, _strlen(typeEntry->Name));
}
else {
_strcpy(szCaption, TEXT("Unknown Type"));
}
}
- topLevelOwner = Settings->hwndParent;
+ topLevelOwner = Config->hwndParent;
_strcat(szCaption, TEXT(" Properties"));
RtlSecureZeroMemory(&PropHeader, sizeof(PropHeader));
@@ -942,27 +858,31 @@ VOID propCreateDialog(
if (!hwnd) {
if (topLevelOwner)
EnableWindow(topLevelOwner, TRUE);
+
+ propContextDestroy(propContext);
return;
}
if (propContext->ContextType == propPrivateNamespace) {
- g_NamespacePropWindow = hwnd;
+ NamespacePropWindow = hwnd;
}
else {
- switch (propContext->TypeIndex) {
+ switch (propContext->ObjectTypeIndex) {
case ObjectTypeProcess:
+ ProcessesPropWindow = hwnd;
+ break;
case ObjectTypeThread:
- g_PsPropWindow = hwnd;
+ ThreadsPropWindow = hwnd;
break;
case ObjectTypeToken:
- g_PsTokenWindow = hwnd;
+ TokenPropWindow = hwnd;
break;
case ObjectTypeDesktop:
- g_DesktopPropWindow = hwnd;
+ DesktopPropWindow = hwnd;
break;
default:
- g_PropWindow = hwnd;
+ CommonPropWindow = hwnd;
break;
}
@@ -975,5 +895,4 @@ VOID propCreateDialog(
SetWindowLongPtr(hwnd, GWLP_WNDPROC, (LONG_PTR)&PropSheetCustomWndProc);
}
- supCenterWindow(hwnd);
}
diff --git a/Source/WinObjEx64/props/propDlg.h b/Source/WinObjEx64/props/propDlg.h
index 3ffb4683..c0fa202d 100644
--- a/Source/WinObjEx64/props/propDlg.h
+++ b/Source/WinObjEx64/props/propDlg.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: PROPDLG.H
*
-* VERSION: 1.90
+* VERSION: 2.00
*
-* DATE: 11 May 2021
+* DATE: 19 Jun 2022
*
* Common header file for properties dialog.
*
@@ -18,15 +18,14 @@
*******************************************************************************/
#pragma once
-//
-// Externs for global properties variables.
-//
-extern HWND g_PropWindow;
-extern HWND g_PsTokenWindow;
-extern HWND g_PsPropWindow;
-extern HWND g_DesktopPropWindow;
-extern HWND g_NamespacePropWindow;
+HWND propGetCommonWindow();
+HWND propGetProcessesWindow();
+HWND propGetThreadsWindow();
+HWND propGetTokenWindow();
+HWND propGetDesktopWindow();
+HWND propGetNamespaceWindow();
+_Success_(return)
BOOL propOpenCurrentObject(
_In_ PROP_OBJECT_INFO *Context,
_Out_ PHANDLE phObject,
@@ -37,13 +36,10 @@ BOOL propCloseCurrentObject(
_In_ HANDLE hObject);
VOID propCreateDialog(
- _In_ PROP_DIALOG_CREATE_SETTINGS *Settings);
+ _In_ PROP_CONFIG *Config);
PPROP_OBJECT_INFO propContextCreate(
- _In_opt_ LPWSTR lpObjectName,
- _In_opt_ LPCWSTR lpObjectType,
- _In_opt_ LPWSTR lpCurrentObjectPath,
- _In_opt_ LPWSTR lpDescription);
+ _In_ PROP_CONFIG* Config);
VOID propContextDestroy(
_In_ PROP_OBJECT_INFO *Context);
diff --git a/Source/WinObjEx64/props/propDriver.c b/Source/WinObjEx64/props/propDriver.c
index 454e0a9b..d3858526 100644
--- a/Source/WinObjEx64/props/propDriver.c
+++ b/Source/WinObjEx64/props/propDriver.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: PROPDRIVER.C
*
-* VERSION: 1.90
+* VERSION: 2.00
*
-* DATE: 16 May 2021
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,8 +15,7 @@
*
*******************************************************************************/
#include "global.h"
-#include "supConsts.h"
-#include "propObjectDump.h"
+#include "props.h"
#define REGEDITWNDCLASS L"RegEdit_RegEdit"
#define REGEDIT_EXE L"regedit.exe"
@@ -86,7 +85,7 @@ VOID DriverSetInfo(
schService = OpenService(
SchSCManager,
- Context->lpObjectName,
+ Context->NtObjectName.Buffer,
SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_ENUMERATE_DEPENDENTS);
if (schService == NULL)
@@ -114,7 +113,7 @@ VOID DriverSetInfo(
bResult = QueryServiceConfig(schService, psci, bytesNeeded, &bytesNeeded);
if (bResult) {
//set key name (identical to object name)
- SetDlgItemText(hwndDlg, IDC_SERVICE_KEYNAME, Context->lpObjectName);
+ SetDlgItemText(hwndDlg, IDC_SERVICE_KEYNAME, Context->NtObjectName.Buffer);
//set image path info
SetDlgItemText(hwndDlg, IDC_SERVICE_IMAGEPATH, psci->lpBinaryPathName);
//set display name
@@ -459,9 +458,13 @@ VOID DriverJumpToKey(
WCHAR szBuffer[MAX_PATH * 2];
+ //
+ // NtObjectName does not require normalization because regedit cannot handle bogus names anyway.
+ //
+
do {
- sz = _strlen(Context->lpObjectName);
+ sz = _strlen(Context->NtObjectName.Buffer);
if (sz == 0)
break;
@@ -475,7 +478,7 @@ VOID DriverJumpToKey(
break;
_strcpy(lpRegPath, PROPDRVREGSERVICESKEY);
- _strcat(lpRegPath, Context->lpObjectName);
+ _strcat(lpRegPath, Context->NtObjectName.Buffer);
//
// Start RegEdit.
diff --git a/Source/WinObjEx64/props/propDriver.h b/Source/WinObjEx64/props/propDriver.h
deleted file mode 100644
index e4afb33b..00000000
--- a/Source/WinObjEx64/props/propDriver.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2018
-*
-* TITLE: PROPDRIVER.H
-*
-* VERSION: 1.52
-*
-* DATE: 08 Jan 2018
-*
-* Common header file for Driver object information page.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK DriverRegistryDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propObjectDump.c b/Source/WinObjEx64/props/propObjectDump.c
index 00a485a0..b7075eb1 100644
--- a/Source/WinObjEx64/props/propObjectDump.c
+++ b/Source/WinObjEx64/props/propObjectDump.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPOBJECTDUMP.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -99,8 +99,8 @@ HTREEITEM propObDumpAddress(
_In_ COLORREF FontColor
)
{
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32];
RtlSecureZeroMemory(&subitems, sizeof(subitems));
subitems.Count = 2;
@@ -151,15 +151,15 @@ HTREEITEM propObDumpAddress(
VOID propObDumpAddressWithModule(
_In_ HWND TreeList,
_In_ HTREEITEM hParent,
- _In_ LPWSTR lpszName,
+ _In_ LPWSTR Name,
_In_opt_ PVOID Address,
_In_ PRTL_PROCESS_MODULES pModules,
_In_opt_ PVOID SelfDriverBase,
_In_ ULONG SelfDriverSize
)
{
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1], szModuleName[MAX_PATH * 2];
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32], szModuleName[MAX_PATH * 2];
RtlSecureZeroMemory(&subitems, sizeof(subitems));
subitems.Count = 2;
@@ -201,7 +201,7 @@ VOID propObDumpAddressWithModule(
TVIF_TEXT | TVIF_STATE,
0,
0,
- lpszName,
+ Name,
&subitems);
}
@@ -262,8 +262,8 @@ VOID propObDumpByte(
_In_ BOOL IsBool
)
{
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32];
RtlSecureZeroMemory(&subitems, sizeof(subitems));
@@ -280,7 +280,7 @@ VOID propObDumpByte(
else {
RtlStringCchPrintfSecure(szValue,
- DUMP_CONVERSION_LENGTH,
+ RTL_NUMBER_OF(szValue),
FORMAT_HEXBYTE,
Value);
@@ -382,7 +382,7 @@ HTREEITEM propObDumpUlong(
)
{
TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ WCHAR szValue[32];
RtlSecureZeroMemory(&szValue, sizeof(szValue));
RtlSecureZeroMemory(&subitems, sizeof(subitems));
@@ -399,7 +399,7 @@ HTREEITEM propObDumpUlong(
if (IsUShort) {
RtlStringCchPrintfSecure(szValue,
- DUMP_CONVERSION_LENGTH,
+ RTL_NUMBER_OF(szValue),
FORMAT_HEXUSHORT,
Value);
@@ -414,7 +414,7 @@ HTREEITEM propObDumpUlong(
if (IsUShort) {
RtlStringCchPrintfSecure(szValue,
- DUMP_CONVERSION_LENGTH,
+ RTL_NUMBER_OF(szValue),
FORMAT_USHORT,
Value);
@@ -463,8 +463,8 @@ HTREEITEM propObDumpLong(
_In_ COLORREF FontColor
)
{
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32];
RtlSecureZeroMemory(&szValue, sizeof(szValue));
RtlSecureZeroMemory(&subitems, sizeof(subitems));
@@ -479,7 +479,7 @@ HTREEITEM propObDumpLong(
if (HexDump) {
RtlStringCchPrintfSecure(szValue,
- DUMP_CONVERSION_LENGTH,
+ RTL_NUMBER_OF(szValue),
FORMAT_HEXLONG, Value);
}
else {
@@ -527,8 +527,8 @@ VOID propObDumpUlong64(
_In_ COLORREF FontColor
)
{
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32];
RtlSecureZeroMemory(&subitems, sizeof(subitems));
subitems.Count = 2;
@@ -589,8 +589,8 @@ VOID propObDumpLong64(
_In_ COLORREF FontColor
)
{
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32];
RtlSecureZeroMemory(&subitems, sizeof(subitems));
subitems.Count = 2;
@@ -648,7 +648,7 @@ HTREEITEM propObAddHexValue(
_In_ BOOL AsPointer
)
{
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ WCHAR szValue[32];
TL_SUBITEMS_FIXED subitems;
RtlSecureZeroMemory(&subitems, sizeof(subitems));
@@ -782,9 +782,9 @@ VOID propObDumpUSHORT(
_In_ BOOLEAN HexOutput
)
{
- LPCWSTR lpFormat;
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ LPCWSTR lpFormat;
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32];
RtlSecureZeroMemory(&subitems, sizeof(subitems));
RtlSecureZeroMemory(szValue, sizeof(szValue));
@@ -792,7 +792,7 @@ VOID propObDumpUSHORT(
lpFormat = (HexOutput) ? FORMAT_HEXUSHORT : FORMAT_USHORT;
RtlStringCchPrintfSecure(szValue,
- DUMP_CONVERSION_LENGTH,
+ RTL_NUMBER_OF(szValue),
lpFormat,
Value);
@@ -824,36 +824,20 @@ VOID propObDumpUnicodeStringInternal(
_In_ LPWSTR StringName,
_In_opt_ PUNICODE_STRING String,
_In_opt_ PVOID ReferenceBufferAddress,
- _In_ BOOLEAN IsKernelPtr
+ _In_ BOOLEAN IsKernelPointer
)
{
- HTREEITEM h_tviSubItem;
- TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ BOOL bNormalized = FALSE;
+ HTREEITEM h_tviSubItem;
+ TL_SUBITEMS_FIXED subitems;
+ WCHAR szValue[32];
+ UNICODE_STRING displayString;
RtlSecureZeroMemory(&subitems, sizeof(subitems));
subitems.Count = 2;
- if (IsKernelPtr) {
-
- subitems.Text[1] = T_PUNICODE_STRING;
-
- if (ReferenceBufferAddress == NULL) {
- subitems.Text[0] = T_NULL;
- }
- else {
- RtlSecureZeroMemory(&szValue, sizeof(szValue));
- szValue[0] = TEXT('0');
- szValue[1] = TEXT('x');
- u64tohex((ULONG_PTR)ReferenceBufferAddress, &szValue[2]);
- subitems.Text[0] = szValue;
- }
-
- }
- else {
- subitems.Text[0] = T_EmptyString;
- subitems.Text[1] = T_UNICODE_STRING;
- }
+ subitems.Text[0] = T_EmptyString;
+ subitems.Text[1] = (IsKernelPointer) ? T_PUNICODE_STRING : T_UNICODE_STRING;
//
// Add root node.
@@ -905,23 +889,28 @@ VOID propObDumpUnicodeStringInternal(
else {
RtlSecureZeroMemory(&szValue, sizeof(szValue));
- szValue[0] = TEXT('0');
- szValue[1] = TEXT('x');
+ if (ReferenceBufferAddress == NULL) {
+ subitems.Text[0] = T_NULL;
+ }
+ else {
+ RtlSecureZeroMemory(&szValue, sizeof(szValue));
+ szValue[0] = TEXT('0');
+ szValue[1] = TEXT('x');
+ u64tohex((ULONG_PTR)ReferenceBufferAddress, &szValue[2]);
+ subitems.Text[0] = szValue;
+ }
- if (IsKernelPtr) {
- u64tohex((ULONG_PTR)String->Buffer, &szValue[2]);
+ bNormalized = supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ String,
+ &displayString);
+ if (bNormalized)
+ {
+ subitems.Text[1] = displayString.Buffer;
}
else {
- if (ReferenceBufferAddress) {
- u64tohex((ULONG_PTR)ReferenceBufferAddress, &szValue[2]);
- }
- else {
- szValue[0] = 0;
- }
+ subitems.Text[1] = String->Buffer;
}
- subitems.Text[0] = szValue;
- subitems.Text[1] = String->Buffer;
}
supTreeListAddItem(
@@ -935,6 +924,8 @@ VOID propObDumpUnicodeStringInternal(
}
+ if (bNormalized)
+ supFreeDuplicatedUnicodeString(g_obexHeap, &displayString, FALSE);
}
/*
@@ -950,7 +941,7 @@ VOID propObDumpUnicodeString(
_In_ HTREEITEM hParent,
_In_ LPWSTR StringName,
_In_ PUNICODE_STRING InputString,
- _In_ BOOLEAN IsKernelPtr
+ _In_ BOOLEAN IsKernelPointer
)
{
UNICODE_STRING dumpedString;
@@ -960,19 +951,47 @@ VOID propObDumpUnicodeString(
bDumpOk = kdDumpUnicodeString(InputString,
&dumpedString,
&pvRefAddr,
- IsKernelPtr);
+ IsKernelPointer);
propObDumpUnicodeStringInternal(TreeList,
hParent,
StringName,
&dumpedString,
pvRefAddr,
- IsKernelPtr);
+ IsKernelPointer);
if (bDumpOk)
supHeapFree(dumpedString.Buffer);
}
+/*
+* propDumpQueryFullNamespaceNormalizedPath
+*
+* Purpose:
+*
+* Query full namespace path for object with a normalization for output.
+*
+*/
+_Success_(return)
+BOOL propDumpQueryFullNamespaceNormalizedPath(
+ _In_ ULONG_PTR ObjectAddress,
+ _Out_ PUNICODE_STRING NormalizedPath
+)
+{
+ BOOL bResult = FALSE;
+ UNICODE_STRING objectName;
+
+ if (ObQueryFullNamespacePath(ObjectAddress, &objectName)) {
+
+ bResult = supNormalizeUnicodeStringForDisplay(g_obexHeap,
+ &objectName, NormalizedPath);
+
+ supFreeUnicodeString(g_obexHeap, &objectName);
+ }
+
+ return bResult;
+}
+
/*
* propDumpObjectForAddress
*
@@ -990,15 +1009,18 @@ VOID propDumpObjectForAddress(
_In_ LPWSTR lpErrorLiteral
)
{
+ BOOL bOkay = FALSE;
COLORREF bgColor = 0;
ULONG_PTR objectAddress = (ULONG_PTR)pvObject;
- LPWSTR lpObjectName = NULL, lpName = NULL;
+ LPWSTR lpName = NULL;
+
+ UNICODE_STRING normalizedName;
if (objectAddress) {
- lpObjectName = ObQueryFullNamespacePath(objectAddress);
- if (lpObjectName) {
- lpName = lpObjectName;
+ bOkay = propDumpQueryFullNamespaceNormalizedPath(objectAddress, &normalizedName);
+ if (bOkay) {
+ lpName = normalizedName.Buffer;
}
else {
lpName = lpErrorLiteral;
@@ -1015,8 +1037,8 @@ VOID propDumpObjectForAddress(
(COLORREF)bgColor,
(COLORREF)0);
- if (lpObjectName)
- supHeapFree(lpObjectName);
+ if (bOkay)
+ supFreeUnicodeString(g_obexHeap, &normalizedName);
}
/*
@@ -1188,15 +1210,19 @@ VOID propObDumpDriverExtension(
PVOID Ref;
} DrvExt;
+ BOOL bPathAllocated;
+
HTREEITEM h_tviRootItem;
COLORREF BgColor;
PDRIVER_OBJECT SelfDriverObject;
- LPWSTR lpDesc, lpObjectName;
+ LPWSTR lpDesc;
PVOID DriverExtensionPtr;
ULONG ObjectSize = 0;
ULONG ObjectVersion = 0;
+ UNICODE_STRING normalizedPath;
+
DriverExtensionPtr = ObDumpDriverExtensionVersionAware((ULONG_PTR)DriverExtension,
&ObjectSize,
&ObjectVersion);
@@ -1221,7 +1247,7 @@ VOID propObDumpDriverExtension(
//
BgColor = 0;
lpDesc = NULL;
- lpObjectName = NULL;
+ bPathAllocated = FALSE;
//must be self-ref
SelfDriverObject = DrvExt.Versions.DriverExtensionCompatible->DriverObject;
@@ -1234,9 +1260,10 @@ VOID propObDumpDriverExtension(
//find ref
if (SelfDriverObject != NULL) {
- lpObjectName = ObQueryFullNamespacePath((ULONG_PTR)SelfDriverObject);
- if (lpObjectName) {
- lpDesc = lpObjectName;
+ bPathAllocated = propDumpQueryFullNamespaceNormalizedPath(
+ (ULONG_PTR)SelfDriverObject, &normalizedPath);
+ if (bPathAllocated) {
+ lpDesc = normalizedPath.Buffer;
}
else {
//sef-ref not found, notify, could be object outside directory so we don't know it name etc
@@ -1250,11 +1277,13 @@ VOID propObDumpDriverExtension(
propObDumpAddress(TreeList, h_tviRootItem, T_FIELD_DRIVER_OBJECT,
lpDesc, SelfDriverObject, BgColor, 0);
- if (lpObjectName)
- supHeapFree(lpObjectName);
+ if (bPathAllocated)
+ supFreeDuplicatedUnicodeString(g_obexHeap, &normalizedPath, FALSE);
//AddDevice
- propObDumpAddressWithModule(TreeList, h_tviRootItem, TEXT("AddDevice"),
+ propObDumpAddressWithModule(TreeList,
+ h_tviRootItem,
+ TEXT("AddDevice"),
DrvExt.Versions.DriverExtensionCompatible->AddDevice,
ModulesList,
LoaderEntry->DllBase,
@@ -2762,7 +2791,7 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpSyncObject)
WCHAR szValue[MAX_PATH + 1];
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeEvent:
ObjectSize = sizeof(KEVENT);
@@ -2803,7 +2832,7 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpSyncObject)
// Object name
//
Header = NULL;
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeEvent:
lpType = T_KEVENT;
Event = (KEVENT*)Object;
@@ -2914,7 +2943,7 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpSyncObject)
propObDumpDispatcherHeader(hwndTreeList, h_tviRootItem, Header, lpDescType, lpDesc1, lpDesc2);
//type specific values
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeMutant:
if (Mutant) {
propObDumpListEntry(hwndTreeList, h_tviRootItem, L"MutantListEntry", &Mutant->MutantListEntry);
@@ -2967,7 +2996,7 @@ VOID propObDumpObjectTypeFlags(
LPWSTR lpType;
TL_SUBITEMS_FIXED TreeListSubitems;
- WCHAR szValue[DUMP_CONVERSION_LENGTH + 1];
+ WCHAR szValue[32];
if (ObjectTypeFlags) {
@@ -2983,7 +3012,7 @@ VOID propObDumpObjectTypeFlags(
RtlSecureZeroMemory(szValue, sizeof(szValue));
RtlStringCchPrintfSecure(szValue,
- DUMP_CONVERSION_LENGTH,
+ RTL_NUMBER_OF(szValue),
FORMAT_HEXBYTE,
ObjectTypeFlags);
@@ -3017,18 +3046,18 @@ VOID propObDumpObjectTypeFlags(
*/
PROP_OBJECT_DUMP_ROUTINE(propObDumpObjectType)
{
- BOOL bOkay;
- HTREEITEM h_tviRootItem, h_tviSubItem, h_tviGenericMapping;
- UINT i;
- LPWSTR lpType = NULL;
- POBJINFO CurrentObject = NULL;
- PVOID ObjectTypeInformation = NULL;
- PRTL_PROCESS_MODULES ModulesList = NULL;
- TL_SUBITEMS_FIXED TreeListSubItems;
- PVOID TypeProcs[MAX_KNOWN_OBJECT_TYPE_PROCEDURES];
- PVOID SelfDriverBase;
- ULONG SelfDriverSize;
-
+ BOOL bOkay;
+ HTREEITEM h_tviRootItem, h_tviSubItem, h_tviGenericMapping;
+ UINT i;
+ LPWSTR lpType = NULL;
+ PVOID ObjectTypeInformation = NULL;
+ PRTL_PROCESS_MODULES ModulesList = NULL;
+ TL_SUBITEMS_FIXED TreeListSubItems;
+ PVOID TypeProcs[MAX_KNOWN_OBJECT_TYPE_PROCEDURES];
+ PVOID SelfDriverBase;
+ ULONG SelfDriverSize;
+
+ POBEX_OBJECT_INFORMATION CurrentObject = NULL;
ULONG ObjectSize = 0;
ULONG ObjectVersion = 0;
@@ -3066,7 +3095,10 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpObjectType)
//
// Get the reference to the object.
//
- CurrentObject = ObQueryObject(T_OBJECTTYPES, Context->lpObjectName);
+ CurrentObject = ObQueryObjectInDirectory(
+ &Context->NtObjectName,
+ ObGetPredefinedUnicodeString(OBP_OBTYPES));
+
if (CurrentObject == NULL)
break;
@@ -3227,10 +3259,8 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpObjectType)
//
RtlSecureZeroMemory(TypeProcs, sizeof(TypeProcs));
- supCopyMemory(
- &TypeProcs,
- sizeof(TypeProcs),
- &ObjectType.Versions.ObjectTypeCompatible->TypeInfo.DumpProcedure,
+ RtlCopyMemory(&TypeProcs,
+ &ObjectType.Versions.ObjectTypeCompatible->TypeInfo.DumpProcedure,
sizeof(TypeProcs));
//assume ntoskrnl first in list and list initialized
@@ -3499,7 +3529,7 @@ VOID propObxDumpFltFilter(
ULONG objectVersion, objectSize = 0;
PVOID pvFltObject;
TL_SUBITEMS_FIXED subitems;
- WCHAR szValue[MAX_TEXT_CONVERSION_ULONG64 + 1];
+ WCHAR szValue[MAX_TEXT_CONVERSION_ULONG64];
FLT_FILTER_COMPATIBLE compatObject;
@@ -4001,7 +4031,7 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpAlpcPort)
ALPC_PORT_STATE PortState;
TL_SUBITEMS_FIXED subitems;
- WCHAR szBuffer[DUMP_CONVERSION_LENGTH + 1];
+ WCHAR szValue[32];
union {
union {
@@ -4050,11 +4080,11 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpAlpcPort)
RtlSecureZeroMemory(&subitems, sizeof(subitems));
subitems.Count = 2;
- szBuffer[0] = L'0';
- szBuffer[1] = L'x';
- szBuffer[2] = 0;
- u64tohex((ULONG_PTR)AlpcPort.u1.Port7600->CommunicationInfo, &szBuffer[2]);
- subitems.Text[0] = szBuffer;
+ szValue[0] = L'0';
+ szValue[1] = L'x';
+ szValue[2] = 0;
+ u64tohex((ULONG_PTR)AlpcPort.u1.Port7600->CommunicationInfo, &szValue[2]);
+ subitems.Text[0] = szValue;
subitems.Text[1] = TEXT("PALPC_COMMUNICATION_INFO");
h_tviSubItem = supTreeListAddItem(
@@ -4293,8 +4323,6 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpAlpcPort)
case OBVERSION_ALPCPORT_V4:
PortState.State = AlpcPort.u1.Port10240->u1.State;
break;
- default:
- break;
}
for (i = 0; i < RTL_NUMBER_OF(T_ALPC_PORT_STATE); i++) {
@@ -4339,6 +4367,9 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpCallback)
CALLBACK_OBJECT ObjectDump;
CALLBACK_REGISTRATION CallbackRegistration;
+ UNICODE_STRING NormalizedName;
+ LPWSTR ObjectName;
+
//
// Read object body.
//
@@ -4388,6 +4419,14 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpCallback)
ListHead = Context->ObjectInfo.ObjectAddress + FIELD_OFFSET(CALLBACK_OBJECT, RegisteredCallbacks);
ListEntry.Flink = ObjectDump.RegisteredCallbacks.Flink;
Count = 0;
+
+ if (supNormalizeUnicodeStringForDisplay(g_obexHeap, &Context->NtObjectName, &NormalizedName)) {
+ ObjectName = NormalizedName.Buffer;
+ }
+ else {
+ ObjectName = Context->NtObjectName.Buffer;
+ }
+
while ((ULONG_PTR)ListEntry.Flink != ListHead) {
//
@@ -4410,7 +4449,7 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpCallback)
propObDumpAddressWithModule(hwndTreeList,
h_tviRootItem,
- Context->lpObjectName,
+ ObjectName,
CallbackRegistration.CallbackFunction,
Modules,
NULL,
@@ -4425,6 +4464,7 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpCallback)
TEXT("This object has no registered callbacks or there is an query error."));
}
+ supFreeDuplicatedUnicodeString(g_obexHeap, &NormalizedName, FALSE);
supHeapFree(Modules);
}
@@ -4600,7 +4640,7 @@ INT_PTR ObjectDumpOnInit(
pvDlgContext->tlSubItemHit = -1;
SetProp(hwndDlg, T_DLGCONTEXT, (HANDLE)pvDlgContext);
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeDirectory:
ObDumpRoutine = (pfnObDumpRoutine)propObDumpDirectoryObject;
@@ -4721,9 +4761,6 @@ VOID ObjectDumpOnWMCommand(
pvDlgContext->tlSubItemHit);
break;
-
- default:
- break;
}
}
diff --git a/Source/WinObjEx64/props/propObjectDumpConsts.h b/Source/WinObjEx64/props/propObjectDumpConsts.h
index 603eb142..7ddea5a6 100644
--- a/Source/WinObjEx64/props/propObjectDumpConsts.h
+++ b/Source/WinObjEx64/props/propObjectDumpConsts.h
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: PROPOBJECTDUMPCONSTS.H
*
-* VERSION: 1.92
+* VERSION: 2.00
*
-* DATE: 19 Sep 2021
+* DATE: 19 Jun 2022
*
* Consts header file for structured object dumps.
*
@@ -24,8 +24,6 @@
#define CLR_INVL 0xa9a9a9 //silver
#define CLR_LGRY 0xd3d3d3 //light grey
-#define DUMP_CONVERSION_LENGTH 99
-
#define FORMAT_HEXBYTE L"0x%02X"
#define FORMAT_HEXUSHORT L"0x%04X"
#define FORMAT_HEXDWORD L"0x%08X"
diff --git a/Source/WinObjEx64/props/propProcess.c b/Source/WinObjEx64/props/propProcess.c
index dc9d0ceb..55a070fa 100644
--- a/Source/WinObjEx64/props/propProcess.c
+++ b/Source/WinObjEx64/props/propProcess.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPPROCESS.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 03 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -18,6 +18,8 @@
#include "propDlg.h"
#include "extras.h"
+#define COLUMN_PSLIST_NAME 0
+#define COLUMN_PSLIST_ID 1
#define COLUMN_PSLIST_HANDLE 2
#define COLUMN_PSLIST_GRANTEDACCESS 3
@@ -83,7 +85,7 @@ INT CALLBACK ProcessListCompareFunc(
goto Done;
switch (lvColumnToSort) {
- case 0:
+ case COLUMN_PSLIST_NAME:
//
// Name column.
//
@@ -100,7 +102,7 @@ INT CALLBACK ProcessListCompareFunc(
nResult = _strcmpi(FirstToCompare, SecondToCompare);
break;
- case 1:
+ case COLUMN_PSLIST_ID:
//
// Id column.
//
@@ -112,8 +114,6 @@ INT CALLBACK ProcessListCompareFunc(
nResult = Value1 > Value2;
break;
- default:
- break;
}
Done:
diff --git a/Source/WinObjEx64/props/propProcess.h b/Source/WinObjEx64/props/propProcess.h
deleted file mode 100644
index 8a49eb89..00000000
--- a/Source/WinObjEx64/props/propProcess.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2018
-*
-* TITLE: PROPPROCESS.H
-*
-* VERSION: 1.52
-*
-* DATE: 08 Jan 2018
-*
-* Common header file for Process property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK ProcessListDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propSection.c b/Source/WinObjEx64/props/propSection.c
index b85ba368..6c5fe977 100644
--- a/Source/WinObjEx64/props/propSection.c
+++ b/Source/WinObjEx64/props/propSection.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2021
+* (C) COPYRIGHT AUTHORS, 2021 - 2022
*
* TITLE: PROPSECTION.C
*
-* VERSION: 1.92
+* VERSION: 2.00
*
-* DATE: 17 Sep 2021
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,10 +15,9 @@
*
*******************************************************************************/
#include "global.h"
-#include "propDlg.h"
#include "extras.h"
+#include "props.h"
#include "propObjectDumpConsts.h"
-#include "propObjectDump.h"
#define COLUMN_SECTION_VIEW_OBJECT 0
#define COLUMN_SECTION_VIEW_ADDRESS 1
@@ -730,8 +729,6 @@ VOID SectionPropertiesCreate(
lpError = TEXT("Object flags are not supported.");
break;
- default:
- break;
}
supObDumpShowError(hwndDlg, lpError);
}
@@ -788,9 +785,6 @@ INT_PTR CALLBACK SectionPropertiesDialogProc(
pDlgContext->tlSubItemHit);
}
break;
-
- default:
- break;
}
break;
diff --git a/Source/WinObjEx64/props/propSection.h b/Source/WinObjEx64/props/propSection.h
deleted file mode 100644
index ac794b8a..00000000
--- a/Source/WinObjEx64/props/propSection.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2021
-*
-* TITLE: PROPSECTION.H
-*
-* VERSION: 1.90
-*
-* DATE: 11 May 2021
-*
-* Common header file for Section property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK SectionPropertiesDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propSecurity.c b/Source/WinObjEx64/props/propSecurity.c
index 7507f019..3b58ab9a 100644
--- a/Source/WinObjEx64/props/propSecurity.c
+++ b/Source/WinObjEx64/props/propSecurity.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPSECURITY.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,10 +15,93 @@
*
*******************************************************************************/
#include "global.h"
-#include "propDlg.h"
-#include "propSecurity.h"
#include "propSecurityConsts.h"
+typedef struct _ObjectSecurityVtbl ObjectSecurityVtbl, * PObjectSecurityVtbl;
+
+//class
+typedef struct _IObjectSecurity {
+ ObjectSecurityVtbl* lpVtbl;
+ ULONG RefCount;
+ ULONG psiFlags;
+ ULONG dwAccessMax;
+ GENERIC_MAPPING GenericMapping;
+ ACCESS_MASK ValidAccessMask;
+ HINSTANCE hInstance;
+ PROP_OBJECT_INFO* ObjectContext;
+ PSI_ACCESS AccessTable;//dynamically allocated access table
+ POPENOBJECTMETHOD OpenObjectMethod;
+ PCLOSEOBJECTMETHOD CloseObjectMethod;
+} IObjectSecurity, * PIObjectSecurity;
+
+
+//Vtbl prototypes
+
+typedef HRESULT(STDMETHODCALLTYPE* pQueryInterface)(
+ _In_ IObjectSecurity* This,
+ _In_ REFIID riid,
+ _Out_ void** ppvObject);
+
+typedef ULONG(STDMETHODCALLTYPE* pAddRef)(
+ _In_ IObjectSecurity* This);
+
+typedef ULONG(STDMETHODCALLTYPE* pRelease)(
+ _In_ IObjectSecurity* This);
+
+// *** ISecurityInformation methods ***
+typedef HRESULT(STDMETHODCALLTYPE* pGetObjectInformation)(
+ _In_ IObjectSecurity* This,
+ _Out_ PSI_OBJECT_INFO pObjectInfo);
+
+typedef HRESULT(STDMETHODCALLTYPE* pGetSecurity)(
+ _In_ IObjectSecurity* This,
+ _In_ SECURITY_INFORMATION RequestedInformation,
+ _Out_ PSECURITY_DESCRIPTOR* ppSecurityDescriptor,
+ _In_ BOOL fDefault);
+
+typedef HRESULT(STDMETHODCALLTYPE* pSetSecurity)(
+ _In_ IObjectSecurity* This,
+ _In_ SECURITY_INFORMATION SecurityInformation,
+ _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor);
+
+typedef HRESULT(STDMETHODCALLTYPE* pGetAccessRights)(
+ _In_ IObjectSecurity* This,
+ _In_ const GUID* pguidObjectType,
+ _In_ DWORD dwFlags,
+ _Out_ PSI_ACCESS* ppAccess,
+ _Out_ ULONG* pcAccesses,
+ _Out_ ULONG* piDefaultAccess);
+
+typedef HRESULT(STDMETHODCALLTYPE* pMapGeneric)(
+ _In_ IObjectSecurity* This,
+ _In_ const GUID* pguidObjectType,
+ _In_ UCHAR* pAceFlags,
+ _In_ ACCESS_MASK* pMask);
+
+typedef HRESULT(STDMETHODCALLTYPE* pGetInheritTypes)(
+ _In_ IObjectSecurity* This,
+ _Out_ PSI_INHERIT_TYPE* ppInheritTypes,
+ _Out_ ULONG* pcInheritTypes);
+
+typedef HRESULT(STDMETHODCALLTYPE* pPropertySheetPageCallback)(
+ _In_ IObjectSecurity* This,
+ _In_ HWND hwnd,
+ _In_ UINT uMsg,
+ _In_ SI_PAGE_TYPE uPage);
+
+typedef struct _ObjectSecurityVtbl {
+ pQueryInterface QueryInterface;
+ pAddRef AddRef;
+ pRelease Release;
+ pGetObjectInformation GetObjectInformation;
+ pGetSecurity GetSecurity;
+ pSetSecurity SetSecurity;
+ pGetAccessRights GetAccessRights;
+ pMapGeneric MapGeneric;
+ pGetInheritTypes GetInheritTypes;
+ pPropertySheetPageCallback PropertySheetPageCallback;
+} ObjectSecurityVtbl, * PObjectSecurityVtbl;
+
/*
* propSecurityObjectSupported
*
@@ -28,34 +111,41 @@
*
*/
BOOL propSecurityObjectSupported(
- _In_ UINT nTypeIndex
+ _In_ WOBJ_OBJECT_TYPE nTypeIndex
)
{
- if ((nTypeIndex != ObjectTypePort) &&
- (nTypeIndex != ObjectTypeFile) &&
- (nTypeIndex != ObjectTypeDirectory) &&
- (nTypeIndex != ObjectTypeDevice) &&
- (nTypeIndex != ObjectTypeSection) &&
- (nTypeIndex != ObjectTypeEvent) &&
- (nTypeIndex != ObjectTypeEventPair) &&
- (nTypeIndex != ObjectTypeMutant) &&
- (nTypeIndex != ObjectTypeDesktop) &&
- (nTypeIndex != ObjectTypeKey) &&
- (nTypeIndex != ObjectTypeSemaphore) &&
- (nTypeIndex != ObjectTypeSymbolicLink) &&
- (nTypeIndex != ObjectTypeTimer) &&
- (nTypeIndex != ObjectTypeWinstation) &&
- (nTypeIndex != ObjectTypeIoCompletion) &&
- (nTypeIndex != ObjectTypeJob) &&
- (nTypeIndex != ObjectTypeSession) &&
- (nTypeIndex != ObjectTypeMemoryPartition) &&
- (nTypeIndex != ObjectTypeProcess) &&
- (nTypeIndex != ObjectTypeThread) &&
- (nTypeIndex != ObjectTypeToken))
- {
- return FALSE;
+ WOBJ_OBJECT_TYPE SecuritySupportedTypes[] = {
+ ObjectTypeDesktop,
+ ObjectTypeDevice,
+ ObjectTypeDirectory,
+ ObjectTypeEvent,
+ ObjectTypeEventPair,
+ ObjectTypeFile,
+ ObjectTypeIoCompletion,
+ ObjectTypeJob,
+ ObjectTypeKey,
+ ObjectTypeMemoryPartition,
+ ObjectTypeMutant,
+ ObjectTypePort,
+ ObjectTypeProcess,
+ ObjectTypeRegistryTransaction,
+ ObjectTypeSection,
+ ObjectTypeSemaphore,
+ ObjectTypeSession,
+ ObjectTypeSymbolicLink,
+ ObjectTypeThread,
+ ObjectTypeTimer,
+ ObjectTypeToken,
+ ObjectTypeWinstation
+ };
+
+ UINT i;
+ for (i = 0; i < RTL_NUMBER_OF(SecuritySupportedTypes); i++) {
+ if (SecuritySupportedTypes[i] == nTypeIndex)
+ return TRUE;
}
- return TRUE;
+
+ return FALSE;
}
/*
@@ -72,7 +162,7 @@ PSI_ACCESS propGetAccessTable(
{
SI_ACCESS* AccessTable = NULL;
- switch (This->ObjectContext->TypeIndex) {
+ switch (This->ObjectContext->ObjectTypeIndex) {
case ObjectTypeDirectory:
This->dwAccessMax = MAX_KNOWN_DIRECTORY_ACCESS_VALUE;
@@ -169,6 +259,11 @@ PSI_ACCESS propGetAccessTable(
This->dwAccessMax = MAX_KNOWN_PORT_ACCESS_VALUE;
AccessTable = (PSI_ACCESS)&PortAccessValues;
break;
+
+ case ObjectTypeRegistryTransaction:
+ This->dwAccessMax = MAX_KNOWN_TRANSACTION_ACCESS_VALUE;
+ AccessTable = (PSI_ACCESS)&TransactionAccessValues;
+ break;
}
return AccessTable;
@@ -296,7 +391,7 @@ HRESULT STDMETHODCALLTYPE GetObjectInformation(
pObjectInfo->dwFlags = This->psiFlags;
pObjectInfo->hInstance = This->hInstance;
pObjectInfo->pszPageTitle = TEXT("Security");
- pObjectInfo->pszObjectName = This->ObjectContext->lpObjectName;
+ pObjectInfo->pszObjectName = This->ObjectContext->NtObjectName.Buffer;
return S_OK;
}
@@ -533,30 +628,31 @@ HRESULT propSecurityConstructor(
//copy object specific access table if it present
if (TypeAccessTable && This->dwAccessMax) {
- supCopyMemory(This->AccessTable,
- Size,
+
+ RtlCopyMemory(This->AccessTable,
TypeAccessTable,
- (This->dwAccessMax * sizeof(SI_ACCESS)));
+ This->dwAccessMax * sizeof(SI_ACCESS));
+
}
if (This->ValidAccessMask & DELETE) {
- supCopyMemory(&This->AccessTable[This->dwAccessMax++], sizeof(SI_ACCESS),
+ RtlCopyMemory(&This->AccessTable[This->dwAccessMax++],
&GeneralAccessValues[0], sizeof(SI_ACCESS));
}
if (This->ValidAccessMask & READ_CONTROL) {
- supCopyMemory(&This->AccessTable[This->dwAccessMax++], sizeof(SI_ACCESS),
+ RtlCopyMemory(&This->AccessTable[This->dwAccessMax++],
&GeneralAccessValues[1], sizeof(SI_ACCESS));
}
if (This->ValidAccessMask & WRITE_DAC) {
- supCopyMemory(&This->AccessTable[This->dwAccessMax++], sizeof(SI_ACCESS),
+ RtlCopyMemory(&This->AccessTable[This->dwAccessMax++],
&GeneralAccessValues[2], sizeof(SI_ACCESS));
}
if (This->ValidAccessMask & WRITE_OWNER) {
- supCopyMemory(&This->AccessTable[This->dwAccessMax++], sizeof(SI_ACCESS),
+ RtlCopyMemory(&This->AccessTable[This->dwAccessMax++],
&GeneralAccessValues[3], sizeof(SI_ACCESS));
}
if (This->ValidAccessMask & SYNCHRONIZE) {
- supCopyMemory(&This->AccessTable[This->dwAccessMax++], sizeof(SI_ACCESS),
+ RtlCopyMemory(&This->AccessTable[This->dwAccessMax++],
&GeneralAccessValues[4], sizeof(SI_ACCESS));
}
hResult = S_OK;
@@ -564,7 +660,7 @@ HRESULT propSecurityConstructor(
} while (FALSE);
//cleanup
- This->CloseObjectMethod(Context, hObject);
+ if (hObject) This->CloseObjectMethod(Context, hObject);
if (TypeInfo) {
supHeapFree(TypeInfo);
}
@@ -598,15 +694,7 @@ HPROPSHEETPAGE propSecurityCreatePage(
{
IObjectSecurity* psi;
- if (
- (Context == NULL) ||
- (OpenObjectMethod == NULL) //OpenObjectMethod is required
- )
- {
- return NULL;
- }
-
- if (!propSecurityObjectSupported(Context->TypeIndex)) {
+ if (!propSecurityObjectSupported(Context->ObjectTypeIndex)) {
return NULL;
}
diff --git a/Source/WinObjEx64/props/propSecurity.h b/Source/WinObjEx64/props/propSecurity.h
deleted file mode 100644
index 8b7ea316..00000000
--- a/Source/WinObjEx64/props/propSecurity.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2020
-*
-* TITLE: PROPSECURITY.H
-*
-* VERSION: 1.83
-*
-* DATE: 21 Dec 2019
-*
-* Common header file for Security property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-#include
-#include
-
-typedef struct _ObjectSecurityVtbl ObjectSecurityVtbl, * PObjectSecurityVtbl;
-
-//open object method (propOpenCurrentObject)
-typedef BOOL(CALLBACK* POPENOBJECTMETHOD)(
- _In_ PROP_OBJECT_INFO* Context,
- _Inout_ PHANDLE phObject,
- _In_ ACCESS_MASK DesiredAccess
- );
-
-//close object method (propCloseCurrentObject)
-typedef VOID(CALLBACK* PCLOSEOBJECTMETHOD)(
- _In_ PROP_OBJECT_INFO* Context,
- _In_ HANDLE hObject
- );
-
-//class
-typedef struct _IObjectSecurity {
- ObjectSecurityVtbl* lpVtbl;
- ULONG RefCount;
- ULONG psiFlags;
- ULONG dwAccessMax;
- GENERIC_MAPPING GenericMapping;
- ACCESS_MASK ValidAccessMask;
- HINSTANCE hInstance;
- PROP_OBJECT_INFO* ObjectContext;
- PSI_ACCESS AccessTable;//dynamically allocated access table
- POPENOBJECTMETHOD OpenObjectMethod;
- PCLOSEOBJECTMETHOD CloseObjectMethod;
-} IObjectSecurity, * PIObjectSecurity;
-
-
-//Vtbl prototypes
-
-typedef HRESULT(STDMETHODCALLTYPE* pQueryInterface)(
- _In_ IObjectSecurity* This,
- _In_ REFIID riid,
- _Out_ void** ppvObject);
-
-typedef ULONG(STDMETHODCALLTYPE* pAddRef)(
- _In_ IObjectSecurity* This);
-
-typedef ULONG(STDMETHODCALLTYPE* pRelease)(
- _In_ IObjectSecurity* This);
-
-// *** ISecurityInformation methods ***
-typedef HRESULT(STDMETHODCALLTYPE* pGetObjectInformation)(
- _In_ IObjectSecurity* This,
- _Out_ PSI_OBJECT_INFO pObjectInfo);
-
-typedef HRESULT(STDMETHODCALLTYPE* pGetSecurity)(
- _In_ IObjectSecurity* This,
- _In_ SECURITY_INFORMATION RequestedInformation,
- _Out_ PSECURITY_DESCRIPTOR* ppSecurityDescriptor,
- _In_ BOOL fDefault);
-
-typedef HRESULT(STDMETHODCALLTYPE* pSetSecurity)(
- _In_ IObjectSecurity* This,
- _In_ SECURITY_INFORMATION SecurityInformation,
- _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor);
-
-typedef HRESULT(STDMETHODCALLTYPE* pGetAccessRights)(
- _In_ IObjectSecurity* This,
- _In_ const GUID* pguidObjectType,
- _In_ DWORD dwFlags,
- _Out_ PSI_ACCESS* ppAccess,
- _Out_ ULONG* pcAccesses,
- _Out_ ULONG* piDefaultAccess);
-
-typedef HRESULT(STDMETHODCALLTYPE* pMapGeneric)(
- _In_ IObjectSecurity* This,
- _In_ const GUID* pguidObjectType,
- _In_ UCHAR* pAceFlags,
- _In_ ACCESS_MASK* pMask);
-
-typedef HRESULT(STDMETHODCALLTYPE* pGetInheritTypes)(
- _In_ IObjectSecurity* This,
- _Out_ PSI_INHERIT_TYPE* ppInheritTypes,
- _Out_ ULONG* pcInheritTypes);
-
-typedef HRESULT(STDMETHODCALLTYPE* pPropertySheetPageCallback)(
- _In_ IObjectSecurity* This,
- _In_ HWND hwnd,
- _In_ UINT uMsg,
- _In_ SI_PAGE_TYPE uPage);
-
-typedef struct _ObjectSecurityVtbl {
- pQueryInterface QueryInterface;
- pAddRef AddRef;
- pRelease Release;
- pGetObjectInformation GetObjectInformation;
- pGetSecurity GetSecurity;
- pSetSecurity SetSecurity;
- pGetAccessRights GetAccessRights;
- pMapGeneric MapGeneric;
- pGetInheritTypes GetInheritTypes;
- pPropertySheetPageCallback PropertySheetPageCallback;
-} ObjectSecurityVtbl, * PObjectSecurityVtbl;
-
-HPROPSHEETPAGE propSecurityCreatePage(
- _In_ PROP_OBJECT_INFO* Context,
- _In_ POPENOBJECTMETHOD OpenObjectMethod,
- _In_opt_ PCLOSEOBJECTMETHOD CloseObjectMethod,
- _In_ ULONG psiFlags);
diff --git a/Source/WinObjEx64/props/propSecurityConsts.h b/Source/WinObjEx64/props/propSecurityConsts.h
index 6bfbed63..3d319b5e 100644
--- a/Source/WinObjEx64/props/propSecurityConsts.h
+++ b/Source/WinObjEx64/props/propSecurityConsts.h
@@ -4,9 +4,9 @@
*
* TITLE: PROPSECURITYCONSTS.H
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 24 Mar 2022
+* DATE: 19 Jun 2022
*
* Consts header file for Security property sheet.
*
@@ -26,16 +26,18 @@
#define SI_ACCESS_DEFAULT_FLAGS SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC
+#define SI_ACCESS_DEFAULT_ENTRY(Access, Name) { &GUID_NULL, Access, Name, SI_ACCESS_DEFAULT_FLAGS }
+
//
//General Access Values
//
#define MAX_KNOWN_GENERAL_ACCESS_VALUE 5
static SI_ACCESS GeneralAccessValues[MAX_KNOWN_GENERAL_ACCESS_VALUE] = {
- { &GUID_NULL, DELETE, L"Delete", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, READ_CONTROL, L"Read Control", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WRITE_DAC, L"Write DAC", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WRITE_OWNER, L"Write Owner", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SYNCHRONIZE, L"Synchronize", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(DELETE, L"Delete"),
+ SI_ACCESS_DEFAULT_ENTRY(READ_CONTROL, L"Read Control"),
+ SI_ACCESS_DEFAULT_ENTRY(WRITE_DAC, L"Write DAC"),
+ SI_ACCESS_DEFAULT_ENTRY(WRITE_OWNER, L"Write Owner"),
+ SI_ACCESS_DEFAULT_ENTRY(SYNCHRONIZE, L"Synchronize")
};
//
@@ -43,11 +45,11 @@ static SI_ACCESS GeneralAccessValues[MAX_KNOWN_GENERAL_ACCESS_VALUE] = {
//
#define MAX_KNOWN_SECTION_ACCESS_VALUE 5
static SI_ACCESS SectionAccessValues[MAX_KNOWN_SECTION_ACCESS_VALUE] = {
- { &GUID_NULL, SECTION_QUERY, L"Query", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SECTION_MAP_WRITE, L"Map Write", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SECTION_MAP_READ, L"Map Read", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SECTION_MAP_EXECUTE, L"Map Execute", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SECTION_EXTEND_SIZE, L"Extend Size", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(SECTION_QUERY, L"Query"),
+ SI_ACCESS_DEFAULT_ENTRY(SECTION_MAP_WRITE, L"Map Write"),
+ SI_ACCESS_DEFAULT_ENTRY(SECTION_MAP_READ, L"Map Read"),
+ SI_ACCESS_DEFAULT_ENTRY(SECTION_MAP_EXECUTE, L"Map Execute"),
+ SI_ACCESS_DEFAULT_ENTRY(SECTION_EXTEND_SIZE, L"Extend Size")
};
//
@@ -55,10 +57,10 @@ static SI_ACCESS SectionAccessValues[MAX_KNOWN_SECTION_ACCESS_VALUE] = {
//
#define MAX_KNOWN_DIRECTORY_ACCESS_VALUE 4
static SI_ACCESS DirectoryAccessValues[MAX_KNOWN_DIRECTORY_ACCESS_VALUE] = {
- { &GUID_NULL, DIRECTORY_QUERY, L"Query", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DIRECTORY_TRAVERSE, L"Traverse", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DIRECTORY_CREATE_OBJECT, L"Create Object", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DIRECTORY_CREATE_SUBDIRECTORY, L"Create SubDirectory", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(DIRECTORY_QUERY, L"Query"),
+ SI_ACCESS_DEFAULT_ENTRY(DIRECTORY_TRAVERSE, L"Traverse"),
+ SI_ACCESS_DEFAULT_ENTRY(DIRECTORY_CREATE_OBJECT, L"Create Object"),
+ SI_ACCESS_DEFAULT_ENTRY(DIRECTORY_CREATE_SUBDIRECTORY, L"Create SubDirectory")
};
//
@@ -66,20 +68,20 @@ static SI_ACCESS DirectoryAccessValues[MAX_KNOWN_DIRECTORY_ACCESS_VALUE] = {
//
#define MAX_KNOWN_FILE_ACCESS_VALUE 14
static SI_ACCESS FileAccessValues[MAX_KNOWN_FILE_ACCESS_VALUE] = {
- { &GUID_NULL, FILE_READ_DATA, L"Read Data", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_LIST_DIRECTORY, L"List Directory", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_WRITE_DATA, L"Write Data", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_ADD_FILE, L"Add File", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_APPEND_DATA, L"Append Data", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_ADD_SUBDIRECTORY, L"Add SubDirectory", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_CREATE_PIPE_INSTANCE, L"Create Pipe Instance", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_READ_EA, L"Read EA", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_WRITE_EA, L"Write EA", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_EXECUTE, L"Execute", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_TRAVERSE, L"Traverse", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_DELETE_CHILD, L"Delete Child", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_READ_ATTRIBUTES, L"Read Attributes", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, FILE_WRITE_ATTRIBUTES, L"Write Attributes", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(FILE_READ_DATA, L"Read Data"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_LIST_DIRECTORY, L"List Directory"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_WRITE_DATA, L"Write Data"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_ADD_FILE, L"Add File"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_APPEND_DATA, L"Append Data"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_ADD_SUBDIRECTORY, L"Add SubDirectory"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_CREATE_PIPE_INSTANCE, L"Create Pipe Instance"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_READ_EA, L"Read EA"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_WRITE_EA, L"Write EA"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_EXECUTE, L"Execute"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_TRAVERSE, L"Traverse"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_DELETE_CHILD, L"Delete Child"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_READ_ATTRIBUTES, L"Read Attributes"),
+ SI_ACCESS_DEFAULT_ENTRY(FILE_WRITE_ATTRIBUTES, L"Write Attributes")
};
//
@@ -87,17 +89,16 @@ static SI_ACCESS FileAccessValues[MAX_KNOWN_FILE_ACCESS_VALUE] = {
//
#define MAX_KNOWN_EVENT_ACCESS_VALUE 2
static SI_ACCESS EventAccessValues[MAX_KNOWN_EVENT_ACCESS_VALUE] = {
- { &GUID_NULL, EVENT_QUERY_STATE, L"Query State", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, EVENT_MODIFY_STATE, L"Modify State", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(EVENT_QUERY_STATE, L"Query State"),
+ SI_ACCESS_DEFAULT_ENTRY(EVENT_MODIFY_STATE, L"Modify State")
};
-
//
//Mutant Access Values
//
#define MAX_KNOWN_MUTANT_ACCESS_VALUE 1
static SI_ACCESS MutantAccessValues[MAX_KNOWN_MUTANT_ACCESS_VALUE] = {
- { &GUID_NULL, MUTANT_QUERY_STATE, L"Query State", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(MUTANT_QUERY_STATE, L"Query State")
};
//
@@ -105,15 +106,15 @@ static SI_ACCESS MutantAccessValues[MAX_KNOWN_MUTANT_ACCESS_VALUE] = {
//
#define MAX_KNOWN_DESKTOP_ACCESS_VALUE 9
static SI_ACCESS DesktopAccessValues[MAX_KNOWN_DESKTOP_ACCESS_VALUE] = {
- { &GUID_NULL, DESKTOP_READOBJECTS, L"Read Objects", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_CREATEWINDOW, L"Create Window", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_CREATEMENU, L"Create Menu", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_HOOKCONTROL, L"Hook Control", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_JOURNALRECORD, L"Journal Record", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_JOURNALPLAYBACK, L"Journal Playback", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_ENUMERATE, L"Enumerate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_WRITEOBJECTS, L"WriteObjects", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, DESKTOP_SWITCHDESKTOP, L"Switch Desktop", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_READOBJECTS, L"Read Objects"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_CREATEWINDOW, L"Create Window"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_CREATEMENU, L"Create Menu"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_HOOKCONTROL, L"Hook Control"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_JOURNALRECORD, L"Journal Record"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_JOURNALPLAYBACK, L"Journal Playback"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_ENUMERATE, L"Enumerate"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_WRITEOBJECTS, L"Write Objects"),
+ SI_ACCESS_DEFAULT_ENTRY(DESKTOP_SWITCHDESKTOP, L"Switch Desktop")
};
//
@@ -121,15 +122,15 @@ static SI_ACCESS DesktopAccessValues[MAX_KNOWN_DESKTOP_ACCESS_VALUE] = {
//
#define MAX_KNOWN_WINSTATION_ACCESS_VALUE 9
static SI_ACCESS WinStationAccessValues[MAX_KNOWN_WINSTATION_ACCESS_VALUE] = {
- { &GUID_NULL, WINSTA_ENUMDESKTOPS, L"Enumerate Desktops", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_READATTRIBUTES, L"Read Attributes", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_ACCESSCLIPBOARD, L"Access Clipboard", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_CREATEDESKTOP, L"Create Desktop", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_WRITEATTRIBUTES, L"Write Attributes", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_ACCESSGLOBALATOMS, L"Access Global Atoms", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_EXITWINDOWS, L"Exit Windows", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_ENUMERATE, L"Enumerate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, WINSTA_READSCREEN, L"Read Screen", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_ENUMDESKTOPS, L"Enumerate Desktops"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_READATTRIBUTES, L"Read Attributes"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_ACCESSCLIPBOARD, L"Access Clipboard"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_CREATEDESKTOP, L"Create Desktop"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_WRITEATTRIBUTES, L"Write Attributes"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_ACCESSGLOBALATOMS, L"Access Global Atoms"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_EXITWINDOWS, L"Exit Windows"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_ENUMERATE, L"Enumerate"),
+ SI_ACCESS_DEFAULT_ENTRY(WINSTA_READSCREEN, L"Read Screen")
};
//
@@ -137,14 +138,14 @@ static SI_ACCESS WinStationAccessValues[MAX_KNOWN_WINSTATION_ACCESS_VALUE] = {
//
#define MAX_KNOWN_KEY_ACCESS_VALUE 8
static SI_ACCESS KeyAccessValues[MAX_KNOWN_KEY_ACCESS_VALUE] = {
- { &GUID_NULL, KEY_QUERY_VALUE, L"Query Value", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, KEY_SET_VALUE, L"Set Value", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, KEY_CREATE_SUB_KEY, L"Create Subkey", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, KEY_ENUMERATE_SUB_KEYS, L"Enumerate Subkeys", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, KEY_NOTIFY, L"Notify", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, KEY_CREATE_LINK, L"Create Link", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, KEY_WOW64_64KEY, L"Access 64 bit key", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, KEY_WOW64_32KEY, L"Access 32 bit key", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(KEY_QUERY_VALUE, L"Query Value"),
+ SI_ACCESS_DEFAULT_ENTRY(KEY_SET_VALUE, L"Set Value"),
+ SI_ACCESS_DEFAULT_ENTRY(KEY_CREATE_SUB_KEY, L"Create Subkey"),
+ SI_ACCESS_DEFAULT_ENTRY(KEY_ENUMERATE_SUB_KEYS, L"Enumerate Subkeys"),
+ SI_ACCESS_DEFAULT_ENTRY(KEY_NOTIFY, L"Notify"),
+ SI_ACCESS_DEFAULT_ENTRY(KEY_CREATE_LINK, L"Create Link"),
+ SI_ACCESS_DEFAULT_ENTRY(KEY_WOW64_64KEY, L"Access 64 bit key"),
+ SI_ACCESS_DEFAULT_ENTRY(KEY_WOW64_32KEY, L"Access 32 bit key")
};
//
@@ -152,8 +153,8 @@ static SI_ACCESS KeyAccessValues[MAX_KNOWN_KEY_ACCESS_VALUE] = {
//
#define MAX_KNOWN_SEMAPHORE_ACCESS_VALUE 2
static SI_ACCESS SemaphoreAccessValues[MAX_KNOWN_SEMAPHORE_ACCESS_VALUE] = {
- { &GUID_NULL, SEMAPHORE_QUERY_STATE, L"Query State", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SEMAPHORE_MODIFY_STATE, L"Modify State", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(SEMAPHORE_QUERY_STATE, L"Query State"),
+ SI_ACCESS_DEFAULT_ENTRY(SEMAPHORE_MODIFY_STATE, L"Modify State")
};
//
@@ -161,8 +162,8 @@ static SI_ACCESS SemaphoreAccessValues[MAX_KNOWN_SEMAPHORE_ACCESS_VALUE] = {
//
#define MAX_KNOWN_SYMLINK_ACCESS_VALUE 2
static SI_ACCESS SymlinkAccessValues[MAX_KNOWN_SYMLINK_ACCESS_VALUE] = {
- { &GUID_NULL, SYMBOLIC_LINK_QUERY, L"Link Query", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SYMBOLIC_LINK_SET, L"Link Set", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(SYMBOLIC_LINK_QUERY, L"Link Query"),
+ SI_ACCESS_DEFAULT_ENTRY(SYMBOLIC_LINK_SET, L"Link Set")
};
//
@@ -170,8 +171,8 @@ static SI_ACCESS SymlinkAccessValues[MAX_KNOWN_SYMLINK_ACCESS_VALUE] = {
//
#define MAX_KNOWN_TIMER_ACCESS_VALUE 2
static SI_ACCESS TimerAccessValues[MAX_KNOWN_TIMER_ACCESS_VALUE] = {
- { &GUID_NULL, TIMER_QUERY_STATE, L"Query State", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TIMER_MODIFY_STATE, L"Modify State", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(TIMER_QUERY_STATE, L"Query State"),
+ SI_ACCESS_DEFAULT_ENTRY(TIMER_MODIFY_STATE, L"Modify State")
};
//
@@ -179,11 +180,11 @@ static SI_ACCESS TimerAccessValues[MAX_KNOWN_TIMER_ACCESS_VALUE] = {
//
#define MAX_KNOWN_JOB_ACCESS_VALUE 5
static SI_ACCESS JobAccessValues[MAX_KNOWN_JOB_ACCESS_VALUE] = {
- { &GUID_NULL, JOB_OBJECT_ASSIGN_PROCESS, L"Assign Process", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, JOB_OBJECT_SET_ATTRIBUTES, L"Set Attributes", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, JOB_OBJECT_QUERY, L"Query", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, JOB_OBJECT_TERMINATE, L"Terminate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, JOB_OBJECT_SET_SECURITY_ATTRIBUTES, L"Set Security Attributes", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(JOB_OBJECT_ASSIGN_PROCESS, L"Assign Process"),
+ SI_ACCESS_DEFAULT_ENTRY(JOB_OBJECT_SET_ATTRIBUTES, L"Set Attributes"),
+ SI_ACCESS_DEFAULT_ENTRY(JOB_OBJECT_QUERY, L"Query"),
+ SI_ACCESS_DEFAULT_ENTRY(JOB_OBJECT_TERMINATE, L"Terminate"),
+ SI_ACCESS_DEFAULT_ENTRY(JOB_OBJECT_SET_SECURITY_ATTRIBUTES, L"Set Security Attributes")
};
//
@@ -191,7 +192,7 @@ static SI_ACCESS JobAccessValues[MAX_KNOWN_JOB_ACCESS_VALUE] = {
//
#define MAX_KNOWN_PORT_ACCESS_VALUE 1
static SI_ACCESS PortAccessValues[MAX_KNOWN_PORT_ACCESS_VALUE] = {
- { &GUID_NULL, PORT_CONNECT, L"Connect", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(PORT_CONNECT, L"Connect")
};
//
@@ -199,8 +200,8 @@ static SI_ACCESS PortAccessValues[MAX_KNOWN_PORT_ACCESS_VALUE] = {
//
#define MAX_KNOWN_SESSION_ACCESS_VALUE 2
static SI_ACCESS SessionAccessValues[MAX_KNOWN_SESSION_ACCESS_VALUE] = {
- { &GUID_NULL, SESSION_QUERY_ACCESS, L"Query", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, SESSION_MODIFY_ACCESS, L"Modify", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(SESSION_QUERY_ACCESS, L"Query"),
+ SI_ACCESS_DEFAULT_ENTRY(SESSION_MODIFY_ACCESS, L"Modify")
};
//
@@ -208,8 +209,8 @@ static SI_ACCESS SessionAccessValues[MAX_KNOWN_SESSION_ACCESS_VALUE] = {
//
#define MAX_KNOWN_IOCOMPLETION_ACCESS_VALUE 2
static SI_ACCESS IoCompletionAccessValues[MAX_KNOWN_IOCOMPLETION_ACCESS_VALUE] = {
- { &GUID_NULL, IO_COMPLETION_QUERY_STATE, L"Query State", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, IO_COMPLETION_MODIFY_STATE, L"Modify State", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(IO_COMPLETION_QUERY_STATE, L"Query State"),
+ SI_ACCESS_DEFAULT_ENTRY(IO_COMPLETION_MODIFY_STATE, L"Modify State")
};
//
@@ -217,8 +218,8 @@ static SI_ACCESS IoCompletionAccessValues[MAX_KNOWN_IOCOMPLETION_ACCESS_VALUE] =
//
#define MAX_KNOWN_MEMORYPARTITION_ACCESS_VALUE 2
static SI_ACCESS MemoryPartitionAccessValues[MAX_KNOWN_MEMORYPARTITION_ACCESS_VALUE] = {
- { &GUID_NULL, MEMORY_PARTITION_QUERY_ACCESS, L"Query", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, MEMORY_PARTITION_MODIFY_ACCESS, L"Modify", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(MEMORY_PARTITION_QUERY_ACCESS, L"Query"),
+ SI_ACCESS_DEFAULT_ENTRY(MEMORY_PARTITION_MODIFY_ACCESS, L"Modify")
};
//
@@ -226,20 +227,20 @@ static SI_ACCESS MemoryPartitionAccessValues[MAX_KNOWN_MEMORYPARTITION_ACCESS_VA
//
#define MAX_KNOWN_PROCESS_ACCESS_VALUE 14
static SI_ACCESS ProcessAccessValues[MAX_KNOWN_PROCESS_ACCESS_VALUE] = {
- { &GUID_NULL, PROCESS_TERMINATE, L"Terminate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_CREATE_THREAD, L"Create Thread", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_SET_SESSIONID, L"Set Session Id", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_VM_OPERATION, L"VM Operation", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_VM_READ, L"VM Read", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_VM_WRITE, L"VM Write", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_DUP_HANDLE, L"Duplicate Handle", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_CREATE_PROCESS, L"Create Process", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_SET_QUOTA, L"Set Quota", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_SET_INFORMATION, L"Set Information", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_QUERY_INFORMATION, L"Query Information", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_SUSPEND_RESUME, L"Suspend Resume", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_QUERY_LIMITED_INFORMATION, L"Query Limited Information", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, PROCESS_SET_LIMITED_INFORMATION, L"Set Limited Information", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_TERMINATE, L"Terminate"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_CREATE_THREAD, L"Create Thread"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_SET_SESSIONID, L"Set Session Id"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_VM_OPERATION, L"VM Operation"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_VM_READ, L"VM Read"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_VM_WRITE, L"VM Write"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_DUP_HANDLE, L"Duplicate Handle"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_CREATE_PROCESS, L"Create Process"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_SET_QUOTA, L"Set Quota"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_SET_INFORMATION, L"Set Information"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_QUERY_INFORMATION, L"Query Information"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_SUSPEND_RESUME, L"Suspend Resume"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_QUERY_LIMITED_INFORMATION, L"Query Limited Information"),
+ SI_ACCESS_DEFAULT_ENTRY(PROCESS_SET_LIMITED_INFORMATION, L"Set Limited Information")
};
//
@@ -247,19 +248,19 @@ static SI_ACCESS ProcessAccessValues[MAX_KNOWN_PROCESS_ACCESS_VALUE] = {
//
#define MAX_KNOWN_THREAD_ACCESS_VALUE 13
static SI_ACCESS ThreadAccessValues[MAX_KNOWN_THREAD_ACCESS_VALUE] = {
- { &GUID_NULL, THREAD_TERMINATE, L"Terminate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_SUSPEND_RESUME, L"Suspend Resume", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_ALERT, L"Alert", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_GET_CONTEXT, L"Get Context", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_SET_CONTEXT, L"Set Context", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_QUERY_INFORMATION, L"Query Information", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_SET_INFORMATION, L"Set Information", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_SET_THREAD_TOKEN, L"Set Thread Token", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_IMPERSONATE, L"Impersonate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_DIRECT_IMPERSONATION, L"Direct Impersonation", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_SET_LIMITED_INFORMATION, L"Set Limited Information", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_QUERY_LIMITED_INFORMATION, L"Query Limited Information", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, THREAD_RESUME, L"Resume", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_TERMINATE, L"Terminate"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_SUSPEND_RESUME, L"Suspend Resume"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_ALERT, L"Alert"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_GET_CONTEXT, L"Get Context"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_SET_CONTEXT, L"Set Context"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_QUERY_INFORMATION, L"Query Information"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_SET_INFORMATION, L"Set Information"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_SET_THREAD_TOKEN, L"Set Thread Token"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_IMPERSONATE, L"Impersonate"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_DIRECT_IMPERSONATION, L"Direct Impersonation"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_SET_LIMITED_INFORMATION, L"Set Limited Information"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_QUERY_LIMITED_INFORMATION, L"Query Limited Information"),
+ SI_ACCESS_DEFAULT_ENTRY(THREAD_RESUME, L"Resume")
};
//
@@ -268,13 +269,24 @@ static SI_ACCESS ThreadAccessValues[MAX_KNOWN_THREAD_ACCESS_VALUE] = {
#define MAX_KNOWN_TOKEN_ACCESS_VALUE 9
static SI_ACCESS TokenAccessValues[MAX_KNOWN_TOKEN_ACCESS_VALUE] = {
- { &GUID_NULL, TOKEN_ASSIGN_PRIMARY, L"AssignPrimary", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_DUPLICATE, L"Duplicate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_IMPERSONATE, L"Impersonate", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_QUERY, L"Query", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_QUERY_SOURCE, L"Query Source", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_ADJUST_PRIVILEGES, L"Adjust Privileges", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_ADJUST_GROUPS, L"Adjust Groups", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_ADJUST_DEFAULT, L"Adjust Default", SI_ACCESS_DEFAULT_FLAGS },
- { &GUID_NULL, TOKEN_ADJUST_SESSIONID, L"Adjust SessionId", SI_ACCESS_DEFAULT_FLAGS }
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_ASSIGN_PRIMARY, L"Assign Primary"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_DUPLICATE, L"Duplicate"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_IMPERSONATE, L"Impersonate"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_QUERY, L"Query"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_QUERY_SOURCE, L"Query Source"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_ADJUST_PRIVILEGES, L"Adjust Privileges"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_ADJUST_GROUPS, L"Adjust Groups"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_ADJUST_DEFAULT, L"Adjust Default"),
+ SI_ACCESS_DEFAULT_ENTRY(TOKEN_ADJUST_SESSIONID, L"Adjust SessionId")
+};
+
+#define MAX_KNOWN_TRANSACTION_ACCESS_VALUE 7
+static SI_ACCESS TransactionAccessValues[MAX_KNOWN_TRANSACTION_ACCESS_VALUE] = {
+ SI_ACCESS_DEFAULT_ENTRY(TRANSACTION_QUERY_INFORMATION, L"Query Information"),
+ SI_ACCESS_DEFAULT_ENTRY(TRANSACTION_SET_INFORMATION, L"Set Information"),
+ SI_ACCESS_DEFAULT_ENTRY(TRANSACTION_ENLIST, L"Enlist"),
+ SI_ACCESS_DEFAULT_ENTRY(TRANSACTION_COMMIT, L"Commit"),
+ SI_ACCESS_DEFAULT_ENTRY(TRANSACTION_ROLLBACK, L"Rollback"),
+ SI_ACCESS_DEFAULT_ENTRY(TRANSACTION_PROPAGATE, L"Propagate"),
+ SI_ACCESS_DEFAULT_ENTRY(TRANSACTION_RIGHT_RESERVED1, L"Right Reserved1")
};
diff --git a/Source/WinObjEx64/props/propToken.c b/Source/WinObjEx64/props/propToken.c
index c45c07db..1cb88f2f 100644
--- a/Source/WinObjEx64/props/propToken.c
+++ b/Source/WinObjEx64/props/propToken.c
@@ -4,9 +4,9 @@
*
* TITLE: PROPTOKEN.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 31 May 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -182,7 +182,7 @@ VOID TokenPageListInfo(
WCHAR szBuffer[MAX_PATH], szPrivName[MAX_PATH + 1];
- if (Context->TypeIndex == ObjectTypeProcess) {
+ if (Context->ObjectTypeIndex == ObjectTypeProcess) {
DesiredAccessLv1 = PROCESS_QUERY_INFORMATION;
DesiredAccessLv2 = PROCESS_QUERY_LIMITED_INFORMATION;
}
@@ -202,7 +202,7 @@ VOID TokenPageListInfo(
return;
}
- if (Context->TypeIndex == ObjectTypeProcess) {
+ if (Context->ObjectTypeIndex == ObjectTypeProcess) {
Status = supOpenProcessTokenEx(ObjectHandle, &TokenHandle);
if (!NT_SUCCESS(Status))
@@ -466,7 +466,7 @@ VOID TokenPageShowAdvancedProperties(
{
OBJECT_ATTRIBUTES ObjectAttributes = RTL_INIT_OBJECT_ATTRIBUTES((PUNICODE_STRING)NULL, 0);
PROP_UNNAMED_OBJECT_INFO TokenObject;
- PROP_DIALOG_CREATE_SETTINGS propSettings;
+ PROP_CONFIG propConfig;
LPWSTR FormatStringTokenProcess = TEXT("Process Token, PID:%llu");
LPWSTR FormatStringTokenThread = TEXT("Thread Token, PID:%llu, TID:%llu");
@@ -474,10 +474,12 @@ VOID TokenPageShowAdvancedProperties(
HANDLE TokenHandle = NULL;
WCHAR szFakeName[MAX_PATH + 1];
+ UNICODE_STRING usObjectName;
+
//
// Only one token properties dialog at the same time allowed.
//
- ENSURE_DIALOG_UNIQUE(g_PsTokenWindow);
+ supCloseKnownPropertiesDialog(propGetTokenWindow());
RtlSecureZeroMemory(&TokenObject, sizeof(PROP_UNNAMED_OBJECT_INFO));
@@ -502,7 +504,7 @@ VOID TokenPageShowAdvancedProperties(
NtClose(TokenHandle);
}
- RtlSecureZeroMemory(&propSettings, sizeof(propSettings));
+ RtlSecureZeroMemory(&propConfig, sizeof(propConfig));
if (TokenObject.IsThreadToken) {
@@ -521,13 +523,16 @@ VOID TokenPageShowAdvancedProperties(
TokenObject.ClientId.UniqueProcess);
}
+
+ RtlInitUnicodeString(&usObjectName, szFakeName);
- propSettings.hwndParent = hwndDlg;
- propSettings.lpObjectName = szFakeName;
- propSettings.lpObjectType = OBTYPE_NAME_TOKEN;
- propSettings.UnnamedObject = &TokenObject;
+ propConfig.hwndParent = hwndDlg;
+ propConfig.NtObjectName = &usObjectName;
+ propConfig.ObjectTypeIndex = ObjectTypeToken;
+ propConfig.ContextType = propUnnamed;
+ propConfig.u1.UnnamedObject = &TokenObject;
- propCreateDialog(&propSettings);
+ propCreateDialog(&propConfig);
}
/*
@@ -602,8 +607,7 @@ INT_PTR TokenPageDialogOnCommand(
TokenPageShowAdvancedProperties(hwndDlg);
Result = 1;
break;
- default:
- break;
+
}
return Result;
@@ -633,11 +637,11 @@ INT_PTR TokenPageDialogOnInit(
//
SetProp(hwndDlg,
T_TOKEN_PROP_CID_PID,
- Context->UnnamedObjectInfo.ClientId.UniqueProcess);
+ Context->u1.UnnamedObjectInfo.ClientId.UniqueProcess);
SetProp(hwndDlg,
T_TOKEN_PROP_CID_TID,
- Context->UnnamedObjectInfo.ClientId.UniqueThread);
+ Context->u1.UnnamedObjectInfo.ClientId.UniqueThread);
SetProp(hwndDlg,
T_TOKEN_PROP_TYPE,
@@ -696,7 +700,8 @@ INT_PTR CALLBACK TokenPageDialogProc(
break;
default:
- return 0;
+ return FALSE;
}
- return 1;
+
+ return TRUE;
}
diff --git a/Source/WinObjEx64/props/propToken.h b/Source/WinObjEx64/props/propToken.h
deleted file mode 100644
index 25f7e8f5..00000000
--- a/Source/WinObjEx64/props/propToken.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2019 - 2021
-*
-* TITLE: PROPTOKEN.H
-*
-* VERSION: 1.90
-*
-* DATE: 17 May 2021
-*
-* Common header file for Token property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK TokenPageDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propType.c b/Source/WinObjEx64/props/propType.c
index 182377f0..d7dabb2a 100644
--- a/Source/WinObjEx64/props/propType.c
+++ b/Source/WinObjEx64/props/propType.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015 - 2021
+* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
* TITLE: PROPTYPE.C
*
-* VERSION: 1.92
+* VERSION: 2.00
*
-* DATE: 07 Dec 2021
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -531,83 +531,61 @@ VOID propSetTypeListView(
* Used if object dumped info not available (restricted user, no driver etc).
*
*/
+_Success_(return)
BOOL propQueryTypeInfo(
- _In_ LPWSTR lpObjectType,
- _Inout_ POBJECT_TYPE_COMPATIBLE pObjectTypeDump
+ _In_ PUNICODE_STRING ObjectType,
+ _Out_ POBJECT_TYPE_COMPATIBLE Information
)
{
BOOL bResult = FALSE;
ULONG i;
- SIZE_T sz;
- LPWSTR lpType;
POBJECT_TYPES_INFORMATION pObjectTypes = NULL;
POBJECT_TYPE_INFORMATION pObject;
- if (lpObjectType == NULL)
- return bResult;
+ pObjectTypes = (POBJECT_TYPES_INFORMATION)supGetObjectTypesInfo();
+ if (pObjectTypes == NULL)
+ return FALSE;
- __try {
+ pObject = OBJECT_TYPES_FIRST_ENTRY(pObjectTypes);
- do {
- pObjectTypes = (POBJECT_TYPES_INFORMATION)supGetObjectTypesInfo();
- if (pObjectTypes == NULL) {
- break;
- }
+ __try {
- //
- // Warning: older Wine/Staging incorrectly implement memory structure layout for this structure and therefore will crash.
- //
-
- pObject = OBJECT_TYPES_FIRST_ENTRY(pObjectTypes);
-
- for (i = 0; i < pObjectTypes->NumberOfTypes; i++) {
-
- sz = (pObject->TypeName.MaximumLength) + sizeof(UNICODE_NULL);
- lpType = (LPWSTR)supHeapAlloc(sz);
- if (lpType) {
- _strncpy(lpType,
- sz / sizeof(WCHAR),
- pObject->TypeName.Buffer,
- pObject->TypeName.Length / sizeof(WCHAR));
-
- if (_strcmpi(lpType, lpObjectType) == 0) {
- pObjectTypeDump->TotalNumberOfHandles = pObject->TotalNumberOfHandles;
- pObjectTypeDump->TotalNumberOfObjects = pObject->TotalNumberOfObjects;
- pObjectTypeDump->TypeInfo.InvalidAttributes = pObject->InvalidAttributes;
- pObjectTypeDump->TypeInfo.GenericMapping = pObject->GenericMapping;
- pObjectTypeDump->TypeInfo.ValidAccessMask = pObject->ValidAccessMask;
- pObjectTypeDump->TypeInfo.DefaultNonPagedPoolCharge = pObject->DefaultNonPagedPoolCharge;
- pObjectTypeDump->TypeInfo.DefaultPagedPoolCharge = pObject->DefaultPagedPoolCharge;
- pObjectTypeDump->HighWaterNumberOfHandles = pObject->HighWaterNumberOfHandles;
- pObjectTypeDump->HighWaterNumberOfObjects = pObject->HighWaterNumberOfObjects;
- pObjectTypeDump->TypeInfo.PoolType = (POOL_TYPE)pObject->PoolType;
- if (pObject->SecurityRequired) {
- SET_BIT(pObjectTypeDump->TypeInfo.ObjectTypeFlags, 3);
- }
- if (pObject->MaintainHandleCount) {
- SET_BIT(pObjectTypeDump->TypeInfo.ObjectTypeFlags, 4);
- }
- bResult = TRUE;
- }
- supHeapFree(lpType);
- if (bResult) {
- break;
- }
+ //
+ // Warning: older Wine/Staging incorrectly implement memory structure layout for this structure and therefore will crash.
+ //
+ for (i = 0; i < pObjectTypes->NumberOfTypes; i++) {
+
+ if (RtlEqualUnicodeString(ObjectType, &pObject->TypeName, TRUE)) {
+ Information->TotalNumberOfHandles = pObject->TotalNumberOfHandles;
+ Information->TotalNumberOfObjects = pObject->TotalNumberOfObjects;
+ Information->TypeInfo.InvalidAttributes = pObject->InvalidAttributes;
+ Information->TypeInfo.GenericMapping = pObject->GenericMapping;
+ Information->TypeInfo.ValidAccessMask = pObject->ValidAccessMask;
+ Information->TypeInfo.DefaultNonPagedPoolCharge = pObject->DefaultNonPagedPoolCharge;
+ Information->TypeInfo.DefaultPagedPoolCharge = pObject->DefaultPagedPoolCharge;
+ Information->HighWaterNumberOfHandles = pObject->HighWaterNumberOfHandles;
+ Information->HighWaterNumberOfObjects = pObject->HighWaterNumberOfObjects;
+ Information->TypeInfo.PoolType = (POOL_TYPE)pObject->PoolType;
+ if (pObject->SecurityRequired) {
+ SET_BIT(Information->TypeInfo.ObjectTypeFlags, 3);
+ }
+ if (pObject->MaintainHandleCount) {
+ SET_BIT(Information->TypeInfo.ObjectTypeFlags, 4);
}
- pObject = OBJECT_TYPES_NEXT_ENTRY(pObject);
+ bResult = TRUE;
+ break;
}
- } while (FALSE);
-
- if (pObjectTypes) {
- supHeapFree(pObjectTypes);
+ pObject = OBJECT_TYPES_NEXT_ENTRY(pObject);
}
+
}
__except (EXCEPTION_EXECUTE_HANDLER) {
supReportAbnormalTermination(__FUNCTIONW__);
return FALSE;
}
+ supHeapFree(pObjectTypes);
return bResult;
}
@@ -625,25 +603,27 @@ VOID propSetTypeInfo(
_In_ HWND hwndDlg
)
{
- BOOL bOkay;
- WOBJ_OBJECT_TYPE RealTypeIndex;
- INT i;
- POBJINFO pObject = NULL;
- LPCWSTR lpTypeDescription = NULL;
- OBJECT_TYPE_COMPATIBLE ObjectTypeDump;
- WCHAR szConvertBuffer[64];
- WCHAR szType[MAX_PATH * 2];
+ BOOL bOkay;
+ WOBJ_OBJECT_TYPE RealTypeIndex;
+ INT i;
+ LPCWSTR lpTypeDescription = NULL;
+ OBJECT_TYPE_COMPATIBLE ObjectTypeDump;
+ WCHAR szConvertBuffer[64];
+ WCHAR szType[MAX_PATH * 2];
+
+ POBEX_OBJECT_INFORMATION pObject = NULL;
+ UNICODE_STRING usName;
+
+ lpTypeDescription = Context->TypeDescription->Name;
RealTypeIndex = Context->ShadowTypeDescription->Index;
- if ((RealTypeIndex > ObjectTypeUnknown)) {
+ if (RealTypeIndex > ObjectTypeUnknown) {
RealTypeIndex = ObjectTypeUnknown;
}
//if type is not known set it description to it type name
- if (RealTypeIndex == ObjectTypeUnknown) {
- lpTypeDescription = Context->lpObjectType;
- }
- else {
+ if (RealTypeIndex != ObjectTypeUnknown) {
+
//set description
RtlSecureZeroMemory(&szType, sizeof(szType));
if (LoadString(
@@ -654,9 +634,6 @@ VOID propSetTypeInfo(
{
lpTypeDescription = szType;
}
- else {
- lpTypeDescription = Context->lpObjectType;
- }
}
@@ -671,19 +648,22 @@ VOID propSetTypeInfo(
//
bOkay = FALSE;
RtlSecureZeroMemory(&ObjectTypeDump, sizeof(ObjectTypeDump));
- if (Context->IsType) {
+ if (Context->ObjectTypeIndex == ObjectTypeType) {
//query object by name, thus were giving us proper object type dump
- pObject = ObQueryObject(T_OBJECTTYPES, Context->lpObjectName);
+ pObject = ObQueryObjectInDirectory(
+ &Context->NtObjectName,
+ ObGetPredefinedUnicodeString(OBP_OBTYPES));
//cannot query, no driver or other error, try second method
if (pObject == NULL) {
- bOkay = propQueryTypeInfo(Context->lpObjectName, &ObjectTypeDump);
+ bOkay = propQueryTypeInfo(&Context->NtObjectName, &ObjectTypeDump);
}
//if type is not known set it description to it type name
- if (RealTypeIndex == ObjectTypeUnknown)
- lpTypeDescription = Context->lpObjectName;
+ if (RealTypeIndex == ObjectTypeUnknown) {
+ lpTypeDescription = Context->NtObjectName.Buffer;
+ }
else {
//set description
RtlSecureZeroMemory(&szType, sizeof(szType));
@@ -696,7 +676,7 @@ VOID propSetTypeInfo(
lpTypeDescription = szType;
}
else {
- lpTypeDescription = Context->lpObjectType;
+ lpTypeDescription = Context->TypeDescription->Name;
}
}
}
@@ -705,13 +685,16 @@ VOID propSetTypeInfo(
//
// Query object type object.
//
- pObject = ObQueryObject(T_OBJECTTYPES, Context->lpObjectType);
+ pObject = ObQueryObjectInDirectory(
+ &Context->NtObjectName,
+ ObGetPredefinedUnicodeString(OBP_OBTYPES));
//
// If we cannot query because of no driver or other error, try second method.
//
if (pObject == NULL) {
- bOkay = propQueryTypeInfo(Context->lpObjectType, &ObjectTypeDump);
+ RtlInitUnicodeString(&usName, Context->TypeDescription->Name);
+ bOkay = propQueryTypeInfo(&usName, &ObjectTypeDump);
}
}
diff --git a/Source/WinObjEx64/props/propType.h b/Source/WinObjEx64/props/propType.h
deleted file mode 100644
index b2e01029..00000000
--- a/Source/WinObjEx64/props/propType.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2018
-*
-* TITLE: PROPTYPE.H
-*
-* VERSION: 1.52
-*
-* DATE: 08 Jan 2018
-*
-* Common header file for Type property sheet.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-INT_PTR CALLBACK TypePropDialogProc(
- _In_ HWND hwndDlg,
- _In_ UINT uMsg,
- _In_ WPARAM wParam,
- _In_ LPARAM lParam);
diff --git a/Source/WinObjEx64/props/propTypeConsts.h b/Source/WinObjEx64/props/propTypeConsts.h
index 062768e5..e8549366 100644
--- a/Source/WinObjEx64/props/propTypeConsts.h
+++ b/Source/WinObjEx64/props/propTypeConsts.h
@@ -4,9 +4,9 @@
*
* TITLE: PROPTYPECONSTS.H
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 24 Mar 2022
+* DATE: 19 Jun 2022
*
* Consts header file for Type property sheet.
*
diff --git a/Source/WinObjEx64/props/propObjectDump.h b/Source/WinObjEx64/props/props.h
similarity index 64%
rename from Source/WinObjEx64/props/propObjectDump.h
rename to Source/WinObjEx64/props/props.h
index ddb23552..e92bdbf5 100644
--- a/Source/WinObjEx64/props/propObjectDump.h
+++ b/Source/WinObjEx64/props/props.h
@@ -2,13 +2,13 @@
*
* (C) COPYRIGHT AUTHORS, 2015 - 2022
*
-* TITLE: PROPOBJECTDUMP.H
+* TITLE: PROPS.H
*
-* VERSION: 1.93
+* VERSION: 2.00
*
-* DATE: 13 May 2022
+* DATE: 19 Jun 2022
*
-* Common header file for the object dump support.
+* Common header file for properties dialog definitions.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,14 +16,79 @@
* PARTICULAR PURPOSE.
*
*******************************************************************************/
+
#pragma once
+//
+// Dialog procs.
+//
+
+INT_PTR CALLBACK AlpcPortListDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+INT_PTR CALLBACK BasicPropDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+INT_PTR CALLBACK DesktopListDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+INT_PTR CALLBACK DriverRegistryDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
INT_PTR CALLBACK ObjectDumpDialogProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam);
+INT_PTR CALLBACK ProcessListDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+INT_PTR CALLBACK SectionPropertiesDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+INT_PTR CALLBACK TokenPageDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+INT_PTR CALLBACK TypePropDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+//
+// Security page.
+//
+HPROPSHEETPAGE propSecurityCreatePage(
+ _In_ PROP_OBJECT_INFO* Context,
+ _In_ POPENOBJECTMETHOD OpenObjectMethod,
+ _In_opt_ PCLOSEOBJECTMETHOD CloseObjectMethod,
+ _In_ ULONG psiFlags);
+
+//
+// Object dump
+//
HTREEITEM propObDumpUlong(
_In_ HWND TreeList,
_In_ HTREEITEM hParent,
@@ -111,4 +176,4 @@ VOID propObDumpUnicodeString(
_In_ HTREEITEM hParent,
_In_ LPWSTR StringName,
_In_ PUNICODE_STRING InputString,
- _In_ BOOLEAN IsKernelPtr);
+ _In_ BOOLEAN IsKernelPointer);
diff --git a/Source/WinObjEx64/resource.h b/Source/WinObjEx64/resource.h
index b9ebfe6c..8a51f689 100644
Binary files a/Source/WinObjEx64/resource.h and b/Source/WinObjEx64/resource.h differ
diff --git a/Source/WinObjEx64/sdviewDlg.c b/Source/WinObjEx64/sdviewDlg.c
index 1d1b0658..6f0b8042 100644
--- a/Source/WinObjEx64/sdviewDlg.c
+++ b/Source/WinObjEx64/sdviewDlg.c
@@ -4,9 +4,9 @@
*
* TITLE: SDVIEWDLG.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -15,11 +15,15 @@
*
*******************************************************************************/
#include "global.h"
-#include "sdviewDlg.h"
#define SDVIEWDLG_TRACKSIZE_MIN_X 480
#define SDVIEWDLG_TRACKSIZE_MIN_Y 320
+HWND SDViewDialogWindow = NULL;
+static HANDLE SDViewDialogThreadHandle = NULL;
+static FAST_EVENT SDViewDialogInitializedEvent = FAST_EVENT_INIT;
+static FAST_EVENT SDViewDialogFinalizedEvent;
+
//
// SDView Dialog context structure.
//
@@ -36,9 +40,9 @@ typedef struct _SDVIEW_CONTEXT {
//
// Viewed object data.
//
- LPWSTR Directory;
- LPWSTR Name;
WOBJ_OBJECT_TYPE Type;
+ UNICODE_STRING NtObjectDirectory;
+ UNICODE_STRING NtObjectName;
//
// ListView selection.
@@ -51,7 +55,6 @@ typedef struct _SDVIEW_CONTEXT {
//
RECT WindowRect;
RECT ListRect;
- RECT ButtonRect;
} SDVIEW_CONTEXT, * PSDVIEW_CONTEXT;
//
@@ -89,15 +92,13 @@ typedef VOID(CALLBACK* pfnAceOutputCallback)(
*
*/
VOID FreeSDViewContext(
- _In_ SDVIEW_CONTEXT* SdViewContext
+ _In_ SDVIEW_CONTEXT* Context
)
{
- if (SdViewContext->Name)
- supHeapFree(SdViewContext->Name);
- if (SdViewContext->Directory)
- supHeapFree(SdViewContext->Directory);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &Context->NtObjectDirectory, FALSE);
+ supFreeDuplicatedUnicodeString(g_obexHeap, &Context->NtObjectName, FALSE);
- supHeapFree(SdViewContext);
+ supHeapFree(Context);
}
/*
@@ -109,47 +110,26 @@ VOID FreeSDViewContext(
*
*/
SDVIEW_CONTEXT* AllocateSDViewContext(
- _In_ LPWSTR ObjectDirectory,
- _In_opt_ LPWSTR ObjectName,
_In_ WOBJ_OBJECT_TYPE ObjectType
)
{
SDVIEW_CONTEXT* ctx;
- SIZE_T nLen, nNameLen = 0;
-
- nLen = _strlen(ObjectDirectory);
- if (nLen == 0)
- return NULL;
-
- if (ObjectName) {
- nNameLen = _strlen(ObjectName);
- if (nNameLen == 0)
- return NULL;
- }
ctx = (SDVIEW_CONTEXT*)supHeapAlloc(sizeof(SDVIEW_CONTEXT));
if (ctx == NULL)
return NULL;
- ctx->Directory = (LPWSTR)supHeapAlloc((1 + nLen) * sizeof(WCHAR));
- if (ctx->Directory == NULL) {
- FreeSDViewContext(ctx);
+ ctx->Type = ObjectType;
+
+ if (!supGetCurrentObjectPath(FALSE, &ctx->NtObjectDirectory)) {
+ supHeapFree(ctx);
return NULL;
}
- _strcpy(ctx->Directory, ObjectDirectory);
-
- ctx->Type = ObjectType;
-
- if (ObjectName) {
-
- ctx->Name = (LPWSTR)supHeapAlloc((1 + nNameLen) * sizeof(WCHAR));
- if (ctx->Name == NULL) {
- FreeSDViewContext(ctx);
- return NULL;
- }
-
- _strcpy(ctx->Name, ObjectName);
+ if (!supGetCurrentObjectName(&ctx->NtObjectName)) {
+ supFreeDuplicatedUnicodeString(g_obexHeap, &ctx->NtObjectDirectory, FALSE);
+ supHeapFree(ctx);
+ return NULL;
}
return ctx;
@@ -744,8 +724,8 @@ NTSTATUS SDViewDumpObjectSecurity(
ntStatus = supOpenNamedObjectByType(&hObject,
Context->Type,
- Context->Directory,
- Context->Name,
+ &Context->NtObjectDirectory,
+ &Context->NtObjectName,
READ_CONTROL);
if (!NT_SUCCESS(ntStatus))
@@ -841,7 +821,10 @@ VOID SDViewInitControls(
INT i;
HWND aclList = GetDlgItem(hwndDlg, IDC_SDVIEW_LIST);
HWND sidOwner = GetDlgItem(hwndDlg, IDC_SDVIEW_OWNER);
- HWND okButton = GetDlgItem(hwndDlg, IDOK);
+
+ UNICODE_STRING objectName, normalizedName;
+ LPWSTR caption;
+ ULONG captionLength;
//
// Set listview style flags and theme.
@@ -879,8 +862,35 @@ VOID SDViewInitControls(
GetClientRect(hwndDlg, &Context->WindowRect);
GetWindowRect(aclList, &Context->ListRect);
- GetWindowRect(okButton, &Context->ButtonRect);
- ScreenToClient(hwndDlg, (LPPOINT)&Context->ButtonRect);
+
+ //
+ // Set dialog caption.
+ //
+ if (supCreateObjectPathFromElements(&Context->NtObjectName,
+ &Context->NtObjectDirectory,
+ &objectName,
+ TRUE))
+ {
+ if (supNormalizeUnicodeStringForDisplay(g_obexHeap, &objectName, &normalizedName)) {
+
+ captionLength = normalizedName.Length + MAX_PATH;
+ caption = (LPWSTR)supHeapAlloc(captionLength);
+ if (caption) {
+
+ RtlStringCchPrintfSecure(caption,
+ captionLength / sizeof(WCHAR),
+ TEXT("Security Descriptor: %ws"),
+ normalizedName.Buffer);
+
+ SetWindowText(hwndDlg, caption);
+
+ supHeapFree(caption);
+ }
+ supFreeUnicodeString(g_obexHeap, &normalizedName);
+ }
+
+ supFreeUnicodeString(g_obexHeap, &objectName);
+ }
}
/*
@@ -939,7 +949,6 @@ VOID SDViewOnResize(
)
{
HWND hwndList = GetDlgItem(hwndDlg, IDC_SDVIEW_LIST);
- HWND hwndButton = GetDlgItem(hwndDlg, IDOK);
WORD dlgWidth = LOWORD(lParam), dlgHeight = HIWORD(lParam);
INT dx, dy;
@@ -952,15 +961,6 @@ VOID SDViewOnResize(
dlgHeight - dy - Context->ListRect.top,
SWP_NOMOVE);
- dx = Context->WindowRect.right - Context->ButtonRect.left;
- dy = Context->WindowRect.bottom - Context->ButtonRect.top;
-
- SetWindowPos(hwndButton, NULL,
- dlgWidth - dx,
- dlgHeight - dy,
- 0, 0,
- SWP_NOSIZE);
-
SendMessage(Context->StatusBar, WM_SIZE, 0, 0);
RedrawWindow(hwndDlg, NULL, 0, RDW_ERASE | RDW_INVALIDATE | RDW_ERASENOW);
}
@@ -984,10 +984,8 @@ VOID SDViewDialogOnInit(
SDVIEW_CONTEXT* dlgContext;
ENUMCHILDWNDDATA wndData;
- supCenterWindow(hwndDlg);
- if (lParam == 0)
- return;
-
+ SDViewDialogWindow = hwndDlg;
+ supCenterWindowSpecifyParent(hwndDlg, g_hwndMain);
dlgContext = (SDVIEW_CONTEXT*)lParam;
SetProp(hwndDlg, T_DLGCONTEXT, (HANDLE)lParam);
@@ -1012,7 +1010,6 @@ VOID SDViewDialogOnInit(
SDViewInitControls(hwndDlg, dlgContext);
-
//
// Dump object security information.
//
@@ -1085,6 +1082,11 @@ INT_PTR CALLBACK SDViewDialogProc(
}
break;
+ case WM_DESTROY:
+ SDViewDialogWindow = NULL;
+ PostQuitMessage(0);
+ break;
+
case WM_CLOSE:
dlgContext = (SDVIEW_CONTEXT*)RemoveProp(hwndDlg, T_DLGCONTEXT);
if (dlgContext) {
@@ -1108,7 +1110,6 @@ INT_PTR CALLBACK SDViewDialogProc(
switch (GET_WM_COMMAND_ID(wParam, lParam)) {
case IDCANCEL:
- case IDOK:
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
break;
@@ -1120,8 +1121,6 @@ INT_PTR CALLBACK SDViewDialogProc(
dlgContext->iColumnHit);
}
break;
- default:
- break;
}
default:
@@ -1132,102 +1131,53 @@ INT_PTR CALLBACK SDViewDialogProc(
}
/*
-* SDViewSetCaptionTextFormatted
+* SDViewDialogWorkerThread
*
* Purpose:
*
-* Set dialog window caption text.
+* Create and initialize ViewSecurityDescriptor Dialog.
*
*/
-VOID SDViewSetCaptionTextFormatted(
- _In_ HWND DialogWindow,
- _In_ LPWSTR ObjectDirectory,
- _In_opt_ LPWSTR ObjectName
+DWORD SDViewDialogWorkerThread(
+ _In_ PVOID Parameter
)
{
- LPWSTR lpText;
- SIZE_T cch, l;
-
- cch = MAX_PATH + _strlen(ObjectDirectory);
- if (ObjectName) cch += _strlen(ObjectName);
+ BOOL bResult;
+ MSG message;
+ HWND hwnd;
+ SDVIEW_CONTEXT* context = (SDVIEW_CONTEXT*)Parameter;
- lpText = (LPWSTR)supHeapAlloc(cch * sizeof(WCHAR));
- if (lpText) {
-
- _strcpy(lpText, TEXT("Security Descriptor ("));
- _strcat(lpText, ObjectDirectory);
- l = _strlen(ObjectDirectory);
- if (ObjectDirectory[l - 1] != L'\\') {
- _strcat(lpText, TEXT("\\"));
- }
- if (ObjectName) {
- _strcat(lpText, ObjectName);
- }
- _strcat(lpText, TEXT(")"));
- SetWindowText(DialogWindow, lpText);
- supHeapFree(lpText);
- }
-}
+ hwnd = CreateDialogParam(g_WinObj.hInstance,
+ MAKEINTRESOURCE(IDD_DIALOG_SDVIEW),
+ 0,
+ (DLGPROC)&SDViewDialogProc,
+ (LPARAM)context);
-/*
-* SDViewSetCaption
-*
-* Purpose:
-*
-* Format and set dialog window caption text as "Security Descriptor (ObjectDirectory\ObjectName)".
-*
-*/
-VOID SDViewSetCaption(
- _In_ HWND DialogWindow,
- _In_ LPWSTR ObjectDirectory,
- _In_ LPWSTR ObjectName,
- _In_ WOBJ_OBJECT_TYPE ObjectType
-)
-{
- SIZE_T i, l, rdirLen, ldirSz;
- LPWSTR SingleDirName, ParentDir;
+ supSetFastEvent(&SDViewDialogInitializedEvent);
+ do {
- if (ObjectType == ObjectTypeDirectory) {
+ bResult = GetMessage(&message, NULL, 0, 0);
+ if (bResult == -1)
+ break;
- //
- // Root case.
- //
- if (_strcmpi(ObjectName, KM_OBJECTS_ROOT_DIRECTORY) == 0) {
- SDViewSetCaptionTextFormatted(DialogWindow, ObjectDirectory, NULL);
- return;
+ if (!IsDialogMessage(hwnd, &message)) {
+ TranslateMessage(&message);
+ DispatchMessage(&message);
}
- }
-
- //
- // Extract parent directory name, handle self case.
- //
- l = 0;
- rdirLen = _strlen(ObjectDirectory);
- for (i = 0; i < rdirLen; i++) {
- if (ObjectDirectory[i] == L'\\')
- l = i + 1;
- }
-
- SingleDirName = &ObjectDirectory[l];
+ } while (bResult != 0);
- if (_strcmpi(SingleDirName, ObjectName) == 0) {
-
- ldirSz = rdirLen * sizeof(WCHAR) + sizeof(UNICODE_NULL);
- ParentDir = (LPWSTR)supHeapAlloc(ldirSz);
- if (ParentDir) {
- if (l == 1) l++;
- supCopyMemory(ParentDir, ldirSz, ObjectDirectory, (l - 1) * sizeof(WCHAR));
- SDViewSetCaptionTextFormatted(DialogWindow, ParentDir, ObjectName);
- supHeapFree(ParentDir);
- }
+ supResetFastEvent(&SDViewDialogInitializedEvent);
+ if (SDViewDialogThreadHandle) {
+ NtClose(SDViewDialogThreadHandle);
+ SDViewDialogThreadHandle = NULL;
}
- else {
- SDViewSetCaptionTextFormatted(DialogWindow, ObjectDirectory, ObjectName);
- }
+ supSetFastEvent(&SDViewDialogFinalizedEvent);
+
+ return 0;
}
/*
@@ -1235,41 +1185,26 @@ VOID SDViewSetCaption(
*
* Purpose:
*
-* Create and initialize ViewSecurityDescriptor Dialog.
+* Create dialog worker thread.
*
*/
VOID SDViewDialogCreate(
- _In_ HWND ParentWindow,
- _In_ LPWSTR ObjectDirectory,
- _In_ LPWSTR ObjectName,
_In_ WOBJ_OBJECT_TYPE ObjectType
)
{
- HWND hwndDlg;
- SDVIEW_CONTEXT* SDViewContext;
+ SDVIEW_CONTEXT* context;
- if (ObjectDirectory == NULL || ObjectName == NULL)
- return;
-
- SDViewContext = AllocateSDViewContext(ObjectDirectory,
- ObjectName,
- ObjectType);
-
- if (SDViewContext == NULL)
- return;
-
- hwndDlg = CreateDialogParam(g_WinObj.hInstance,
- MAKEINTRESOURCE(IDD_DIALOG_SDVIEW),
- ParentWindow,
- (DLGPROC)&SDViewDialogProc,
- (LPARAM)SDViewContext);
+ if (SDViewDialogThreadHandle) {
+ PostMessage(SDViewDialogWindow, WM_CLOSE, 0, 0);
+ supWaitForFastEvent(&SDViewDialogFinalizedEvent, NULL);
+ }
- if (hwndDlg) {
+ context = AllocateSDViewContext(ObjectType);
+ if (context) {
- SDViewSetCaption(hwndDlg, ObjectDirectory, ObjectName, ObjectType);
+ supInitFastEvent(&SDViewDialogFinalizedEvent);
+ SDViewDialogThreadHandle = supCreateDialogWorkerThread(SDViewDialogWorkerThread, context, 0);
+ supWaitForFastEvent(&SDViewDialogInitializedEvent, NULL);
}
- else {
- supHeapFree(SDViewContext);
- }
}
diff --git a/Source/WinObjEx64/sdviewDlg.h b/Source/WinObjEx64/sdviewDlg.h
deleted file mode 100644
index a3e753a6..00000000
--- a/Source/WinObjEx64/sdviewDlg.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2020 - 2021
-*
-* TITLE: SDVIEWDLG.H
-*
-* VERSION: 1.88
-*
-* DATE: 05 Dec 2020
-*
-* Common header file for the SecurityDescriptor View Dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-VOID SDViewDialogCreate(
- _In_ HWND ParentWindow,
- _In_ LPWSTR ObjectDirectory,
- _In_ LPWSTR ObjectName,
- _In_ WOBJ_OBJECT_TYPE ObjectType);
diff --git a/Source/WinObjEx64/sup.c b/Source/WinObjEx64/sup/sup.c
similarity index 85%
rename from Source/WinObjEx64/sup.c
rename to Source/WinObjEx64/sup/sup.c
index 685ed234..f68a7e9f 100644
--- a/Source/WinObjEx64/sup.c
+++ b/Source/WinObjEx64/sup/sup.c
@@ -4,9 +4,9 @@
*
* TITLE: SUP.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 05 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -16,24 +16,22 @@
*******************************************************************************/
#include "global.h"
#include "treelist/treelist.h"
+#include "props/propTypeConsts.h"
LIST_ENTRY supShutdownListHead;
CRITICAL_SECTION supShutdownListLock;
+HANDLE ObjectPathHeap = NULL;
+
+OBEX_CONFIG g_LoadedParametersBlock;
+
//
// Setup info/SCM database.
//
SAPIDB g_sapiDB;
SCMDB g_scmDB;
-HWND g_hwndBanner = NULL;
-
-//#define _PROFILE_MEMORY_USAGE_
-
-
-#ifdef _PROFILE_MEMORY_USAGE_
-ULONG g_cHeapAlloc = 0;
-#endif
+HWND BannerWindow = NULL;
int __cdecl supxHandlesLookupCallback(
void const* first,
@@ -44,104 +42,153 @@ int __cdecl supxHandlesLookupCallback2(
void const* second);
/*
-* supHeapAlloc
+* supCreateHeap
*
* Purpose:
*
-* Wrapper for RtlAllocateHeap with WinObjEx heap.
+* Wrapper around RtlCreateHeap with statistics support.
*
*/
-#ifndef _PROFILE_MEMORY_USAGE_
-FORCEINLINE PVOID supHeapAlloc(
- _In_ SIZE_T Size)
+HANDLE supCreateHeap(
+ _In_ ULONG HeapFlags,
+ _In_ BOOL TerminateOnCorruption
+)
{
- return RtlAllocateHeap(g_WinObj.Heap, HEAP_ZERO_MEMORY, Size);
+ HANDLE heapHandle;
+
+ heapHandle = RtlCreateHeap(HeapFlags, NULL, 0, 0, NULL, NULL);
+ if (heapHandle == NULL)
+ return NULL;
+
+ if (TerminateOnCorruption && g_WinObj.IsWine == FALSE) {
+ RtlSetHeapInformation(heapHandle, HeapEnableTerminationOnCorruption, NULL, 0);
+ }
+
+ OBEX_STATS_INC(TotalHeapsCreated);
+
+ return heapHandle;
}
-#else
-PVOID supHeapAlloc(
- _In_ SIZE_T Size)
+
+/*
+* supDestroyHeap
+*
+* Purpose:
+*
+* Wrapper around RtlDestroyHeap with statistics support.
+*
+*/
+BOOL supDestroyHeap(
+ _In_ HANDLE HeapHandle
+)
{
- LONG x;
- DWORD LastError;
- PVOID Buffer = NULL;
- WCHAR szBuffer[100];
+ BOOL bResult;
- Buffer = RtlAllocateHeap(g_WinObj.Heap, HEAP_ZERO_MEMORY, Size);
- LastError = GetLastError();
+ bResult = (RtlDestroyHeap(HeapHandle) == NULL);
+ if (bResult)
+ OBEX_STATS_INC(TotalHeapsDestroyed);
+
+ return bResult;
+}
+
+/*
+* supHeapAllocEx
+*
+* Purpose:
+*
+* Wrapper for RtlAllocateHeap with statistics support.
+*
+*/
+FORCEINLINE PVOID supHeapAllocEx(
+ _In_ HANDLE Heap,
+ _In_ SIZE_T Size
+)
+{
+ PVOID Buffer;
+
+#ifdef _DEBUG
+ ULONG64 MaxHeapAllocatedBlockSize;
+#endif
+
+ Buffer = RtlAllocateHeap(Heap, HEAP_ZERO_MEMORY, Size);
if (Buffer) {
- x = InterlockedIncrement((PLONG)&g_cHeapAlloc);
+ OBEX_STATS_INC(TotalHeapAlloc);
+ OBEX_STATS_INC64(TotalHeapMemoryAllocated, Size);
- RtlStringCchPrintfSecure(szBuffer, 100,
- L"supHeapAlloc, block %p with size %llu, g_cHeapAlloc %x\r\n",
- Buffer, Size, x);
+#ifdef _DEBUG
+ MaxHeapAllocatedBlockSize = g_WinObjStats.MaxHeapAllocatedBlockSize;
- OutputDebugString(szBuffer);
- }
- else {
+ while (1) {
+
+ if (Size <= MaxHeapAllocatedBlockSize)
+ break;
- RtlStringCchPrintfSecure(szBuffer, 100,
- L"Allocation, block size %llu, FAILED\r\n",
- Size);
+ MaxHeapAllocatedBlockSize = InterlockedCompareExchange64(
+ (LONG64*)&g_WinObjStats.MaxHeapAllocatedBlockSize,
+ (LONG64)Size,
+ (LONG64)MaxHeapAllocatedBlockSize);
- OutputDebugString(szBuffer);
+ }
+#endif
}
- SetLastError(LastError);
return Buffer;
}
-#endif
/*
-* supHeapFree
+* supHeapFreeEx
*
* Purpose:
*
-* Wrapper for RtlFreeHeap with WinObjEx heap.
+* Wrapper for RtlFreeHeap with statistics support.
*
*/
-#ifndef _PROFILE_MEMORY_USAGE_
-FORCEINLINE BOOL supHeapFree(
- _In_ PVOID Memory)
-{
- return RtlFreeHeap(g_WinObj.Heap, 0, Memory);
-}
-#else
-BOOL supHeapFree(
- _In_ PVOID Memory)
+FORCEINLINE BOOL supHeapFreeEx(
+ _In_ HANDLE Heap,
+ _In_ PVOID Memory
+)
{
- LONG x;
- BOOL bSuccess;
- DWORD LastError;
- WCHAR szBuffer[100];
-
- bSuccess = RtlFreeHeap(g_WinObj.Heap, 0, Memory);
- LastError = GetLastError();
+ BOOL Result;
- if (bSuccess) {
+ Result = RtlFreeHeap(Heap, 0, Memory);
- x = InterlockedDecrement((PLONG)&g_cHeapAlloc);
+ if (Result) {
- RtlStringCchPrintfSecure(szBuffer, 100,
- L"supHeapFree, block %p, g_cHeapAlloc %x\r\n",
- Memory, x);
+ OBEX_STATS_INC(TotalHeapFree);
- OutputDebugString(szBuffer);
}
- else {
- RtlStringCchPrintfSecure(szBuffer, 100,
- L"supHeapFree, block %p, FAILED\r\n",
- Memory);
+ return Result;
+}
- OutputDebugString(szBuffer);
- }
+/*
+* supHeapAlloc
+*
+* Purpose:
+*
+* Wrapper for RtlAllocateHeap with WinObjEx heap.
+*
+*/
+FORCEINLINE PVOID supHeapAlloc(
+ _In_ SIZE_T Size)
+{
+ return supHeapAllocEx(g_obexHeap, Size);
+}
- SetLastError(LastError);
- return bSuccess;
+/*
+* supHeapFree
+*
+* Purpose:
+*
+* Wrapper for RtlFreeHeap with WinObjEx heap.
+*
+*/
+FORCEINLINE BOOL supHeapFree(
+ _In_ PVOID Memory)
+{
+ return supHeapFreeEx(g_obexHeap, Memory);
}
-#endif
/*
* supGetDPIValue
@@ -328,7 +375,7 @@ VOID supClipboardCopy(
if (hglbCopy != NULL) {
lptstrCopy = (LPWSTR)GlobalLock(hglbCopy);
if (lptstrCopy) {
- supCopyMemory(lptstrCopy, dwSize, lpText, cbText);
+ RtlCopyMemory(lptstrCopy, lpText, cbText);
}
GlobalUnlock(hglbCopy);
if (!SetClipboardData(CF_UNICODETEXT, hglbCopy))
@@ -614,37 +661,237 @@ HICON supGetMainIcon(
}
/*
-* supCopyMemory
+* supFreeUnicodeString
*
* Purpose:
*
-* Copies bytes between buffers.
+* Release memory allocated for string.
*
-* dest - Destination buffer
-* cbdest - Destination buffer size in bytes
-* src - Source buffer
-* cbsrc - Source buffer size in bytes
+*/
+_Success_(return)
+BOOL supFreeUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Inout_ PUNICODE_STRING String
+)
+{
+ if (String->Buffer) {
+ return supHeapFreeEx(HeapHandle, String->Buffer);
+ }
+ return FALSE;
+}
+
+/*
+* supFreeDuplicatedUnicodeString
+*
+* Purpose:
+*
+* Release memory allocated for duplicated string.
*
*/
-void supCopyMemory(
- _Inout_ void* dest,
- _In_ size_t cbdest,
- _In_ const void* src,
- _In_ size_t cbsrc
+_Success_(return)
+BOOL supFreeDuplicatedUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Inout_ PUNICODE_STRING DuplicatedString,
+ _In_ BOOL DoZeroMemory
)
{
- char* d = (char*)dest;
- char* s = (char*)src;
+ BOOL bResult = FALSE;
+ if (DuplicatedString->Buffer) {
+ bResult = supHeapFreeEx(HeapHandle, DuplicatedString->Buffer);
+ if (DoZeroMemory) {
+ DuplicatedString->Buffer = NULL;
+ DuplicatedString->Length = DuplicatedString->MaximumLength = 0;
+ }
+ }
+ return bResult;
+}
- if ((dest == 0) || (src == 0) || (cbdest == 0))
- return;
- if (cbdest < cbsrc)
- cbsrc = cbdest;
+/*
+* supDuplicateUnicodeString
+*
+* Purpose:
+*
+* Duplicate existing UNICODE_STRING to another without RtlDuplicateUnicodeString.
+*
+* Note: Use supFreeDuplicatedUnicodeString to release allocated memory.
+*
+*/
+_Success_(return)
+BOOL supDuplicateUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Out_ PUNICODE_STRING DestinationString,
+ _In_ PUNICODE_STRING SourceString
+)
+{
+ USHORT maxLength = SourceString->MaximumLength;
+ PWCHAR strBuffer;
- while (cbsrc > 0) {
- *d++ = *s++;
- cbsrc--;
+ if (maxLength == 0 || maxLength < SourceString->Length)
+ return FALSE;
+
+ strBuffer = (PWCHAR)supHeapAllocEx(HeapHandle, (SIZE_T)maxLength);
+ if (strBuffer) {
+ DestinationString->Buffer = strBuffer;
+ DestinationString->MaximumLength = maxLength;
+ RtlCopyUnicodeString(DestinationString, SourceString);
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/*
+* supCreateObjectPathFromElements
+*
+* Purpose:
+*
+* Build object path with provided directory and name.
+*
+* Note: Use supFreeDuplicatedUnicodeString to release allocated memory.
+*
+*/
+_Success_(return)
+BOOL supCreateObjectPathFromElements(
+ _In_ PUNICODE_STRING ObjectName,
+ _In_ PUNICODE_STRING DirectoryName,
+ _Out_ PUNICODE_STRING ObjectPath,
+ _In_ BOOLEAN NullTerminate
+)
+{
+ BOOL bResult = FALSE, bIsRootDirectory;
+ PWSTR nameBuffer, string = NULL;
+ ULONG memIO;
+ USHORT bufferLength;
+
+ //
+ // Must be valid strings.
+ //
+ if (ObjectName->Length == 0 ||
+ DirectoryName->Length == 0)
+ {
+ return FALSE;
+ }
+
+ bIsRootDirectory = supIsRootDirectory(DirectoryName);
+ memIO = ObjectName->Length + DirectoryName->Length;
+
+ if (!bIsRootDirectory)
+ memIO += sizeof(OBJ_NAME_PATH_SEPARATOR);
+
+ if (NullTerminate)
+ memIO += sizeof(UNICODE_NULL);
+
+ nameBuffer = (PWSTR)supHeapAlloc(memIO);
+ string = nameBuffer;
+
+ if (string) {
+
+ RtlCopyMemory(string, DirectoryName->Buffer, DirectoryName->Length);
+ string = (PWSTR)RtlOffsetToPointer(string, DirectoryName->Length);
+
+ if (!supIsRootDirectory(ObjectName)) {
+
+ if (!bIsRootDirectory)
+ *string++ = OBJ_NAME_PATH_SEPARATOR;
+
+ RtlCopyMemory(string, ObjectName->Buffer, ObjectName->Length);
+ string = (PWSTR)RtlOffsetToPointer(string, ObjectName->Length);
+
+ }
+
+ if (NullTerminate)
+ *string++ = UNICODE_NULL;
+
+ bResult = TRUE;
+ }
+
+ bufferLength = (USHORT)((ULONG_PTR)string - (ULONG_PTR)nameBuffer);
+ ObjectPath->Buffer = nameBuffer;
+ if (NullTerminate)
+ ObjectPath->Length = (USHORT)(bufferLength - sizeof(UNICODE_NULL));
+ else
+ ObjectPath->Length = (USHORT)bufferLength;
+
+ ObjectPath->MaximumLength = (USHORT)memIO;
+
+ return bResult;
+}
+
+/*
+* supCreateObjectPathFromCurrentPath
+*
+* Purpose:
+*
+* Build string that include current directory and object name.
+*
+*/
+_Success_(return)
+BOOL supCreateObjectPathFromCurrentPath(
+ _In_ PUNICODE_STRING ObjectName,
+ _Out_ PUNICODE_STRING ObjectPath,
+ _In_ BOOLEAN NullTerminate
+)
+{
+ USHORT bufferLength;
+ BOOL bResult = FALSE, bIsRootDirectory;
+ PWSTR nameBuffer, string = NULL;
+ ULONG memIO;
+ UNICODE_STRING currentPath;
+
+ if (ObjectName->Length == 0)
+ return FALSE;
+
+ //
+ // If ObjectName is root, return root.
+ //
+ if (supIsRootDirectory(ObjectName)) {
+ return supDuplicateUnicodeString(g_obexHeap, ObjectPath, ObjectName);
}
+
+ if (!supGetCurrentObjectPath(TRUE, ¤tPath))
+ return FALSE;
+
+ bIsRootDirectory = supIsRootDirectory(¤tPath);
+
+ memIO = ObjectName->Length + currentPath.Length;
+
+ if (!bIsRootDirectory)
+ memIO += sizeof(OBJ_NAME_PATH_SEPARATOR);
+
+ if (NullTerminate)
+ memIO += sizeof(UNICODE_NULL);
+
+ nameBuffer = (PWSTR)supHeapAlloc(memIO);
+ string = nameBuffer;
+
+ if (string) {
+
+ RtlCopyMemory(string, currentPath.Buffer, currentPath.Length);
+ string = (PWSTR)RtlOffsetToPointer(string, currentPath.Length);
+
+ if (!bIsRootDirectory)
+ *string++ = OBJ_NAME_PATH_SEPARATOR;
+
+ RtlCopyMemory(string, ObjectName->Buffer, ObjectName->Length);
+ string = (PWSTR)RtlOffsetToPointer(string, ObjectName->Length);
+
+ if (NullTerminate)
+ *string++ = UNICODE_NULL;
+
+ bResult = TRUE;
+ }
+
+ bufferLength = (USHORT)((ULONG_PTR)string - (ULONG_PTR)nameBuffer);
+ ObjectPath->Buffer = nameBuffer;
+ if (NullTerminate)
+ ObjectPath->Length = (USHORT)(bufferLength - sizeof(UNICODE_NULL));
+ else
+ ObjectPath->Length = (USHORT)bufferLength;
+
+ ObjectPath->MaximumLength = (USHORT)memIO;
+
+ supFreeDuplicatedUnicodeString(g_obexHeap, ¤tPath, FALSE);
+ return bResult;
}
/*
@@ -675,8 +922,8 @@ VOID CALLBACK supSymCallbackReportEvent(
_In_ LPCWSTR EventText
)
{
- SendDlgItemMessage(g_hwndBanner, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)EventText);
- SendDlgItemMessage(g_hwndBanner, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)(LPWSTR)L"\r\n");
+ SendDlgItemMessage(BannerWindow, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)EventText);
+ SendDlgItemMessage(BannerWindow, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)(LPWSTR)L"\r\n");
}
/*
@@ -703,29 +950,21 @@ INT_PTR CALLBACK supxLoadBannerDialog(
if (lParam) {
pvData = (SUP_BANNER_DATA*)lParam;
-
- if (pvData->fList) {
- SendDlgItemMessage(hwndDlg, IDC_LOADING_MSG, EM_SETLIMITTEXT, 0, 0);
- supCenterWindowPerScreen(hwndDlg);
- if (pvData->lpCaption) SetWindowText(hwndDlg, pvData->lpCaption);
- SendDlgItemMessage(hwndDlg, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)pvData->lpText);
- }
- else {
- supCenterWindow(hwndDlg);
- SetDlgItemText(hwndDlg, IDC_LOADING_MSG, (LPWSTR)pvData->lpText);
- }
-
+ SendDlgItemMessage(hwndDlg, IDC_LOADING_MSG, EM_SETLIMITTEXT, 0, 0);
+ supCenterWindowPerScreen(hwndDlg);
+ if (pvData->lpCaption) SetWindowText(hwndDlg, pvData->lpCaption);
+ SendDlgItemMessage(hwndDlg, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)pvData->lpText);
}
- break;
+ return TRUE;
case WM_CLOSE:
DestroyWindow(hwndDlg);
- g_hwndBanner = NULL;
+ BannerWindow = NULL;
break;
}
- return 0;
+ return FALSE;
}
/*
@@ -741,13 +980,13 @@ VOID supUpdateLoadBannerText(
_In_ BOOL UseList
)
{
- if (g_hwndBanner) {
+ if (BannerWindow) {
if (UseList) {
- SendDlgItemMessage(g_hwndBanner, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)lpText);
- SendDlgItemMessage(g_hwndBanner, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)(LPWSTR)L"\r\n");
+ SendDlgItemMessage(BannerWindow, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)lpText);
+ SendDlgItemMessage(BannerWindow, IDC_LOADING_MSG, EM_REPLACESEL, (WPARAM)0, (LPARAM)(LPWSTR)L"\r\n");
}
else {
- SetDlgItemText(g_hwndBanner, IDC_LOADING_MSG, lpText);
+ SetDlgItemText(BannerWindow, IDC_LOADING_MSG, lpText);
}
}
@@ -763,26 +1002,24 @@ VOID supUpdateLoadBannerText(
*/
VOID supDisplayLoadBanner(
_In_ LPCWSTR lpMessage,
- _In_opt_ LPCWSTR lpCaption,
- _In_ BOOL UseList
+ _In_opt_ LPCWSTR lpCaption
)
{
SUP_BANNER_DATA bannerData;
- bannerData.fList = UseList;
bannerData.lpText = lpMessage;
bannerData.lpCaption = lpCaption;
- g_hwndBanner = CreateDialogParam(
+ BannerWindow = CreateDialogParam(
g_WinObj.hInstance,
- bannerData.fList ? MAKEINTRESOURCE(IDD_DIALOG_LOADLIST) : MAKEINTRESOURCE(IDD_DIALOG_LOAD),
+ MAKEINTRESOURCE(IDD_DIALOG_LOADLIST),
0,
supxLoadBannerDialog,
(LPARAM)&bannerData);
- if (g_hwndBanner) {
+ if (BannerWindow) {
supSetWaitCursor(TRUE);
- SetCapture(g_hwndBanner);
+ SetCapture(BannerWindow);
}
}
@@ -798,10 +1035,10 @@ VOID supCloseLoadBanner(
VOID
)
{
- if (g_hwndBanner) {
+ if (BannerWindow) {
supSetWaitCursor(FALSE);
ReleaseCapture();
- SendMessage(g_hwndBanner, WM_CLOSE, 0, 0);
+ SendMessage(BannerWindow, WM_CLOSE, 0, 0);
}
}
@@ -949,8 +1186,8 @@ PVOID supGetLoadedModulesList(
{
return ntsupGetLoadedModulesListEx(FALSE,
ReturnLength,
- supHeapAlloc,
- supHeapFree);
+ (PNTSUPMEMALLOC)supHeapAlloc,
+ (PNTSUPMEMFREE)supHeapFree);
}
/*
@@ -969,8 +1206,8 @@ PVOID supGetLoadedModulesList2(
{
return ntsupGetLoadedModulesListEx(TRUE,
ReturnLength,
- supHeapAlloc,
- supHeapFree);
+ (PNTSUPMEMALLOC)supHeapAlloc,
+ (PNTSUPMEMFREE)supHeapFree);
}
/*
@@ -1187,7 +1424,7 @@ HIMAGELIST supLoadImageList(
* Known type names listed in objects.c, objects.h
*
*/
-UINT supGetObjectNameIndexByTypeIndex(
+WOBJ_OBJECT_TYPE supGetObjectNameIndexByTypeIndex(
_In_ PVOID Object,
_In_ UCHAR TypeIndex
)
@@ -1310,7 +1547,7 @@ VOID supJumpToFile(
_strcpy(szExplorer, g_WinObj.szWindowsDirectory);
_strcat(szExplorer, TEXT("\\explorer.exe"));
- supShellExecInExplorerProcessEx(szExplorer, lpCommand);
+ supShellExecInExplorerProcess(szExplorer, lpCommand);
supHeapFree(lpCommand);
}
@@ -1330,6 +1567,8 @@ WOBJ_OBJECT_TYPE supObjectListGetObjectType(
_In_ INT iItem
)
{
+ OBEX_ITEM* objectReference;
+
LVITEM lvItem;
lvItem.mask = LVIF_PARAM;
@@ -1338,7 +1577,11 @@ WOBJ_OBJECT_TYPE supObjectListGetObjectType(
lvItem.lParam = 0;
ListView_GetItem(hwndList, &lvItem);
- return (WOBJ_OBJECT_TYPE)lvItem.lParam;
+ objectReference = (OBEX_ITEM*)lvItem.lParam;
+ if (objectReference)
+ return objectReference->TypeIndex;
+
+ return ObjectTypeUnknown;
}
/*
@@ -1357,7 +1600,7 @@ VOID supSetGotoLinkTargetToolButtonState(
_In_ BOOL bForceEnable
)
{
- UINT uEnable = MF_BYCOMMAND | MF_GRAYED;
+ UINT uEnable = MF_BYCOMMAND | MF_GRAYED;
if (bForce) {
if (bForceEnable)
@@ -1740,6 +1983,28 @@ VOID supxSetProcessMitigationPolicies()
}
}
+/*
+* supxFreeCurrentObjectList
+*
+* Purpose:
+*
+* Destroy object path heap.
+*
+* Must be called once during program shutdown once
+*
+*/
+BOOL supxFreeCurrentObjectList(
+ _In_ PVOID Unused
+)
+{
+ UNREFERENCED_PARAMETER(Unused);
+
+ if (ObjectPathHeap)
+ supDestroyHeap(ObjectPathHeap);
+
+ return TRUE;
+}
+
/*
* supInit
*
@@ -1786,6 +2051,7 @@ VOID supInit(
// Remember current DPI value.
//
g_WinObj.CurrentDPI = supGetDPIValue(NULL);
+ supAddShutdownCallback(supxFreeCurrentObjectList, NULL);
}
/*
@@ -2039,8 +2305,8 @@ BOOL sapiQueryDeviceProperty(
if (PropertyBufferSize)
*PropertyBufferSize = 0;
- dataSize = (1 + MAX_PATH) * sizeof(WCHAR);
- lpProperty = (LPWSTR)RtlAllocateHeap(SnapshotHeap, HEAP_ZERO_MEMORY, dataSize);
+ dataSize = (MAX_PATH * sizeof(WCHAR)) + sizeof(UNICODE_NULL);
+ lpProperty = (LPWSTR)supHeapAllocEx(SnapshotHeap, dataSize);
if (lpProperty == NULL)
return FALSE;
@@ -2054,9 +2320,9 @@ BOOL sapiQueryDeviceProperty(
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
- RtlFreeHeap(SnapshotHeap, 0, lpProperty);
+ supHeapFreeEx(SnapshotHeap, lpProperty);
dataSize = returnLength;
- lpProperty = (LPWSTR)RtlAllocateHeap(SnapshotHeap, HEAP_ZERO_MEMORY, dataSize);
+ lpProperty = (LPWSTR)supHeapAllocEx(SnapshotHeap, dataSize);
if (lpProperty) {
result = SetupDiGetDeviceRegistryProperty(hDevInfo,
@@ -2073,7 +2339,7 @@ BOOL sapiQueryDeviceProperty(
if (!result) {
if (lpProperty) {
- RtlFreeHeap(SnapshotHeap, 0, lpProperty);
+ supHeapFreeEx(SnapshotHeap, lpProperty);
lpProperty = NULL;
}
dataSize = 0;
@@ -2104,14 +2370,11 @@ BOOL sapiCreateSetupDBSnapshot(
HANDLE Heap;
HDEVINFO hDevInfo;
- Heap = RtlCreateHeap(HEAP_GROWABLE, NULL, 0, 0, NULL, NULL);
+ Heap = supCreateHeap(HEAP_GROWABLE, TRUE);
if (Heap == NULL) {
return FALSE;
}
- if (g_WinObj.IsWine == FALSE) {
- RtlSetHeapInformation(Heap, HeapEnableTerminationOnCorruption, NULL, 0);
- }
g_sapiDB.HeapHandle = Heap;
hDevInfo = SetupDiGetClassDevs(NULL, NULL, NULL, DIGCF_PRESENT | DIGCF_ALLCLASSES);
@@ -2124,7 +2387,7 @@ BOOL sapiCreateSetupDBSnapshot(
for (i = 0; SetupDiEnumDeviceInfo(hDevInfo, i, &DeviceInfoData); i++) {
- Entry = (PSAPIDBENTRY)RtlAllocateHeap(Heap, HEAP_ZERO_MEMORY, sizeof(SAPIDBENTRY));
+ Entry = (PSAPIDBENTRY)supHeapAllocEx(Heap, sizeof(SAPIDBENTRY));
if (Entry == NULL) {
bFailed = TRUE;
break;
@@ -2161,7 +2424,7 @@ BOOL sapiCreateSetupDBSnapshot(
}
if (bFailed) {
- RtlDestroyHeap(Heap);
+ supDestroyHeap(Heap);
RtlSecureZeroMemory(&g_sapiDB, sizeof(g_sapiDB));
}
return bResult;
@@ -2180,7 +2443,7 @@ VOID sapiFreeSnapshot(
)
{
EnterCriticalSection(&g_sapiDB.Lock);
- RtlDestroyHeap(g_sapiDB.HeapHandle);
+ supDestroyHeap(g_sapiDB.HeapHandle);
g_sapiDB.HeapHandle = NULL;
g_sapiDB.ListHead.Blink = NULL;
g_sapiDB.ListHead.Flink = NULL;
@@ -2223,50 +2486,48 @@ BOOL WINAPI supCallbackShowChildWindow(
BOOL supQueryWinstationDescription(
_In_ LPCWSTR lpWindowStationName,
_Inout_ LPWSTR Buffer,
- _In_ DWORD ccBuffer //size of buffer in chars
+ _In_ DWORD cchBuffer //size of buffer in chars
)
{
BOOL bFound = FALSE;
- LPCWSTR lpType;
-
- ULONG entryId;
-
- if (lpWindowStationName == NULL) {
- SetLastError(ERROR_INVALID_NAME);
- return bFound;
- }
+ LPCWSTR lpType = T_UnknownType;
+
+ ULONG i;
+
+ struct {
+ LPCWSTR lpszWinSta;
+ LPCWSTR lpszDesc;
+ } lpWinstationDescriptions[] = {
+ { T_WINSTA_SYSTEM, L"System" },
+ { T_WINSTA_ANONYMOUS, L"Anonymous" },
+ { T_WINSTA_LOCALSERVICE, L"Local Service" },
+ { T_WINSTA_NETWORK_SERVICE, L"Network Service" }
+ };
- if ((Buffer == NULL) || (ccBuffer < MAX_PATH)) {
- SetLastError(ERROR_INSUFFICIENT_BUFFER);
+ if (lpWindowStationName == NULL ||
+ cchBuffer < MAX_PATH)
+ {
return bFound;
}
- lpType = NULL;
+ for (i = 0; i < RTL_NUMBER_OF(lpWinstationDescriptions); i++) {
- for (entryId = 0; entryId < MAX_KNOWN_WINSTA_DESCRIPTIONS; entryId++) {
+ bFound = (_strstri(lpWindowStationName,
+ lpWinstationDescriptions[i].lpszWinSta) != NULL);
- if (_strstri(lpWindowStationName,
- g_WinstaDescArray[entryId].lpszWinSta) != NULL)
- {
- lpType = g_WinstaDescArray[entryId].lpszDesc;
- bFound = TRUE;
+ if (bFound) {
+ lpType = lpWinstationDescriptions[i].lpszDesc;
break;
}
}
- if (lpType == NULL)
- lpType = T_UnknownType;
-
_strcpy(Buffer, lpType);
_strcat(Buffer, TEXT(" logon session"));
return bFound;
}
-#include "props\propDlg.h"
-#include "props\propTypeConsts.h"
-
/*
* supQueryTypeInfo
*
@@ -2278,7 +2539,7 @@ BOOL supQueryWinstationDescription(
*
*/
BOOL supQueryTypeInfo(
- _In_ LPCWSTR lpTypeName,
+ _In_ PUNICODE_STRING TypeName,
_Inout_ LPWSTR Buffer,
_In_ DWORD cchBuffer //size of buffer in chars
)
@@ -2303,10 +2564,8 @@ BOOL supQueryTypeInfo(
objectEntry = &objectTypesList->Types[i];
- if (_strncmpi(objectEntry->TypeName->Buffer,
- lpTypeName,
- objectEntry->TypeName->Length / sizeof(WCHAR)) == 0)
- {
+ if (RtlEqualUnicodeString(objectEntry->TypeName, TypeName, TRUE)) {
+
for (nPool = 0; nPool < MAX_KNOWN_POOL_TYPES; nPool++) {
if (objectEntry->PoolType == a_PoolTypes[nPool].dwValue) {
_strncpy(Buffer,
@@ -2337,71 +2596,70 @@ BOOL supQueryTypeInfo(
*
*/
BOOL supQueryDeviceDescription(
- _In_ LPCWSTR lpDeviceName,
+ _In_opt_ PUNICODE_STRING Path,
+ _In_ PUNICODE_STRING Name,
_Inout_ LPWSTR Buffer,
- _In_ DWORD ccBuffer //size of buffer in chars
+ _In_ DWORD cchBuffer //size of buffer in chars
)
{
- BOOL bResult, bIsRoot;
- SIZE_T Length;
- LPWSTR lpFullDeviceName = NULL;
+ BOOL bResult;
PLIST_ENTRY Entry;
PSAPIDBENTRY Item;
+ SIZE_T deviceLength;
+
+ UNICODE_STRING deviceName;
bResult = FALSE;
- if ((ccBuffer < MAX_PATH) || (Buffer == NULL)) {
- SetLastError(ERROR_INSUFFICIENT_BUFFER);
- return bResult;
+ RtlInitEmptyUnicodeString(&deviceName, NULL, 0);
+
+ if (Path == NULL) {
+ if (!supCreateObjectPathFromCurrentPath(Name, &deviceName, TRUE))
+ return FALSE;
+ }
+ else {
+ if (!supCreateObjectPathFromElements(Name, Path, &deviceName, TRUE))
+ return FALSE;
}
+ EnterCriticalSection(&g_sapiDB.Lock);
+
//
- // Build full device path.
+ // Enumerate devices.
//
- Length = (4 + _strlen(lpDeviceName) + _strlen(g_WinObj.CurrentObjectPath)) * sizeof(WCHAR);
- lpFullDeviceName = (LPWSTR)supHeapAlloc(Length);
- if (lpFullDeviceName != NULL) {
+ Entry = g_sapiDB.ListHead.Flink;
+ while (Entry && Entry != &g_sapiDB.ListHead) {
- // create full path device name for comparison
- _strcpy(lpFullDeviceName, g_WinObj.CurrentObjectPath);
- bIsRoot = (_strcmpi(g_WinObj.CurrentObjectPath, L"\\") == 0);
- if (bIsRoot == FALSE) {
- _strcat(lpFullDeviceName, L"\\");
- }
- _strcat(lpFullDeviceName, lpDeviceName);
+ Item = CONTAINING_RECORD(Entry, SAPIDBENTRY, ListEntry);
+ if (Item->lpDeviceName != NULL) {
- EnterCriticalSection(&g_sapiDB.Lock);
+ //
+ // lpDeviceName expects to be zero terminated.
+ //
+ deviceLength = _strlen(deviceName.Buffer);
- //
- // Enumerate devices.
- //
- Entry = g_sapiDB.ListHead.Flink;
- while (Entry && Entry != &g_sapiDB.ListHead) {
+ if (_strncmpi(deviceName.Buffer, Item->lpDeviceName, deviceLength) == 0) {
- Item = CONTAINING_RECORD(Entry, SAPIDBENTRY, ListEntry);
- if (Item->lpDeviceName != NULL) {
- if (_strcmpi(lpFullDeviceName, Item->lpDeviceName) == 0) {
- if (Item->lpDeviceDesc != NULL) {
+ if (Item->lpDeviceDesc != NULL) {
- _strncpy(
- Buffer,
- ccBuffer,
- Item->lpDeviceDesc,
- _strlen(Item->lpDeviceDesc));
+ _strncpy(
+ Buffer,
+ cchBuffer,
+ Item->lpDeviceDesc,
+ _strlen(Item->lpDeviceDesc));
- }
- bResult = TRUE;
- break;
}
+ bResult = TRUE;
+ break;
}
-
- Entry = Entry->Flink;
}
- LeaveCriticalSection(&g_sapiDB.Lock);
-
- supHeapFree(lpFullDeviceName);
+ Entry = Entry->Flink;
}
+
+ LeaveCriticalSection(&g_sapiDB.Lock);
+
+ supFreeDuplicatedUnicodeString(g_obexHeap, &deviceName, FALSE);
return bResult;
}
@@ -2418,7 +2676,7 @@ BOOL supQueryDeviceDescription(
BOOL supQueryDriverDescription(
_In_ LPCWSTR lpDriverName,
_Inout_ LPWSTR Buffer,
- _In_ DWORD ccBuffer //size of buffer in chars
+ _In_ DWORD cchBuffer //size of buffer in chars
)
{
BOOL bResult;
@@ -2440,11 +2698,6 @@ BOOL supQueryDriverDescription(
bResult = FALSE;
- if ((ccBuffer < MAX_PATH) || (Buffer == NULL)) {
- SetLastError(ERROR_INSUFFICIENT_BUFFER);
- return bResult;
- }
-
//
// First attempt - look in SCM database.
//
@@ -2472,7 +2725,7 @@ BOOL supQueryDriverDescription(
continue;
sz = _strlen(lpDisplayName);
- _strncpy(Buffer, ccBuffer, lpDisplayName, sz);
+ _strncpy(Buffer, cchBuffer, lpDisplayName, sz);
bResult = TRUE;
break;
}
@@ -2546,7 +2799,7 @@ BOOL supQueryDriverDescription(
dwSize = 0;
bResult = VerQueryValue(vinfo, szBuffer, (LPVOID*)&lpDisplayName, (PUINT)&dwSize);
if (bResult) {
- _strncpy(Buffer, ccBuffer, lpDisplayName, dwSize);
+ _strncpy(Buffer, cchBuffer, lpDisplayName, dwSize);
}
}
@@ -2721,12 +2974,6 @@ BOOL supQuerySectionFileInfo(
WCHAR szQueryBlock[MAX_PATH + 1];
bResult = FALSE;
-
- if ((ccBuffer < MAX_PATH) || (Buffer == NULL)) {
- SetLastError(ERROR_INSUFFICIENT_BUFFER);
- return bResult;
- }
-
vinfo = NULL;
hSection = NULL;
@@ -2791,76 +3038,6 @@ BOOL supQuerySectionFileInfo(
return bResult;
}
-/*
-* supOpenDirectoryForObject
-*
-* Purpose:
-*
-* Open directory for given object, handle self case.
-*
-*/
-NTSTATUS supOpenDirectoryForObject(
- _Out_ PHANDLE DirectoryHandle,
- _In_ LPCWSTR lpObjectName,
- _In_ LPCWSTR lpDirectory
-)
-{
- BOOL needFree = FALSE;
- NTSTATUS ntStatus;
- SIZE_T i, l, rdirLen, ldirSz;
- LPWSTR singleDirName, lookupDirName;
-
- *DirectoryHandle = NULL;
-
- if (lpObjectName == NULL)
- return STATUS_INVALID_PARAMETER_2;
- if (lpDirectory == NULL)
- return STATUS_INVALID_PARAMETER_3;
-
- lookupDirName = (LPWSTR)lpDirectory;
-
- //
- // 1) Check if object is directory self
- // Extract directory name and compare (case insensitive) with object name
- // Else go to 3
- //
- l = 0;
- rdirLen = _strlen(lookupDirName);
- for (i = 0; i < rdirLen; i++) {
- if (lookupDirName[i] == TEXT('\\'))
- l = i + 1;
- }
-
- singleDirName = &lookupDirName[l];
- if (_strcmpi(singleDirName, lpObjectName) == 0) {
- //
- // 2) If we are looking for directory, move search directory up
- // e.g. lpDirectory = \ObjectTypes, lpObjectName = ObjectTypes then lpDirectory = \
- //
- ldirSz = rdirLen * sizeof(WCHAR) + sizeof(UNICODE_NULL);
- lookupDirName = (LPWSTR)supHeapAlloc(ldirSz);
- if (lookupDirName == NULL)
- return STATUS_INSUFFICIENT_RESOURCES;
-
- needFree = TRUE;
-
- //special case for root
- if (l == 1) l++;
-
- supCopyMemory(lookupDirName, ldirSz, lpDirectory, (l - 1) * sizeof(WCHAR));
- }
- //
- // 3) Open directory
- //
- ntStatus = supOpenDirectory(DirectoryHandle, NULL, lookupDirName, DIRECTORY_QUERY);
-
- if (needFree) {
- supHeapFree(lookupDirName);
- }
-
- return ntStatus;
-}
-
/*
* supSaveDialogExecute
*
@@ -3255,14 +3432,12 @@ HWINSTA supOpenWindowStationFromContext(
{
HWINSTA hObject = NULL;
UNICODE_STRING CurrentWinstaDir;
- UNICODE_STRING WinstaDir;
DWORD LastError = ERROR_ACCESS_DENIED;
if (supxGetWindowStationName(&CurrentWinstaDir)) {
- RtlInitUnicodeString(&WinstaDir, Context->lpCurrentObjectPath);
- if (RtlEqualUnicodeString(&WinstaDir, &CurrentWinstaDir, TRUE)) {
- hObject = OpenWindowStation(Context->lpObjectName, fInherit, dwDesiredAccess);
+ if (RtlEqualUnicodeString(&Context->NtObjectPath, &CurrentWinstaDir, TRUE)) {
+ hObject = OpenWindowStation(Context->NtObjectName.Buffer, fInherit, dwDesiredAccess);
LastError = GetLastError();
}
RtlFreeUnicodeString(&CurrentWinstaDir);
@@ -3984,7 +4159,7 @@ INT supGetMaxOfTwoUlongFromHex(
INT nResult;
LPWSTR lpItem1 = NULL, lpItem2 = NULL;
ULONG ad1, ad2;
- WCHAR szText[MAX_TEXT_CONVERSION_ULONG64 + 1];
+ WCHAR szText[MAX_TEXT_CONVERSION_ULONG64];
RtlSecureZeroMemory(&szText, sizeof(szText));
@@ -4035,7 +4210,7 @@ INT supGetMaxOfTwoU64FromHex(
INT nResult;
LPWSTR lpItem1 = NULL, lpItem2 = NULL;
ULONG_PTR ad1, ad2;
- WCHAR szText[MAX_TEXT_CONVERSION_ULONG64 + 1];
+ WCHAR szText[MAX_TEXT_CONVERSION_ULONG64];
RtlSecureZeroMemory(&szText, sizeof(szText));
@@ -4086,7 +4261,7 @@ INT supGetMaxOfTwoLongFromString(
INT nResult;
LPWSTR lpItem1 = NULL, lpItem2 = NULL;
LONG_PTR value1, value2;
- WCHAR szText[MAX_TEXT_CONVERSION_ULONG64 + 1];
+ WCHAR szText[MAX_TEXT_CONVERSION_ULONG64];
RtlSecureZeroMemory(&szText, sizeof(szText));
@@ -4137,7 +4312,7 @@ INT supGetMaxOfTwoULongFromString(
INT nResult;
LPWSTR lpItem1 = NULL, lpItem2 = NULL;
ULONG_PTR value1, value2;
- WCHAR szText[MAX_TEXT_CONVERSION_ULONG64 + 1];
+ WCHAR szText[MAX_TEXT_CONVERSION_ULONG64];
RtlSecureZeroMemory(&szText, sizeof(szText));
@@ -4273,6 +4448,35 @@ INT supListViewBaseComparer(
return nResult;
}
+/*
+* supOpenLinkedToken
+*
+* Purpose:
+*
+* Query token linked token handle.
+*
+*/
+NTSTATUS supOpenLinkedToken(
+ _In_ HANDLE TokenHandle,
+ _Out_ PHANDLE LinkedTokenHandle
+)
+{
+ ULONG rLen;
+ NTSTATUS ntStatus;
+ TOKEN_LINKED_TOKEN linkedToken;
+
+ ntStatus = NtQueryInformationToken(
+ TokenHandle,
+ TokenLinkedToken,
+ &linkedToken,
+ sizeof(TOKEN_LINKED_TOKEN),
+ &rLen);
+
+ *LinkedTokenHandle = linkedToken.LinkedToken;
+
+ return ntStatus;
+}
+
/*
* supOpenTokenByParam
*
@@ -4374,6 +4578,39 @@ NTSTATUS supOpenDeviceObjectEx(
0);
}
+BOOL supxCanOpenObjectType(
+ _In_ UINT nTypeIndex
+)
+{
+ UINT SupportedNamedTypes[] = {
+ ObjectTypeDirectory,
+ ObjectTypeDevice,
+ ObjectTypeEvent,
+ ObjectTypeEventPair,
+ ObjectTypeIoCompletion,
+ ObjectTypeJob,
+ ObjectTypeKey,
+ ObjectTypeKeyedEvent,
+ ObjectTypeMutant,
+ ObjectTypeMemoryPartition,
+ ObjectTypePort,
+ ObjectTypeRegistryTransaction,
+ ObjectTypeSemaphore,
+ ObjectTypeTimer,
+ ObjectTypeSymbolicLink,
+ ObjectTypeSection,
+ ObjectTypeSession
+ };
+
+ UINT i;
+ for (i = 0; i < RTL_NUMBER_OF(SupportedNamedTypes); i++) {
+ if (SupportedNamedTypes[i] == nTypeIndex)
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
/*
* supOpenNamedObjectByType
*
@@ -4381,44 +4618,24 @@ NTSTATUS supOpenDeviceObjectEx(
*
* Open object of supported type and return handle to it.
*
-* Supported types are:
-*
-* Directory (ObjectName parameter then should be NULL)
-* Device
-* Mutant
-* Key
-* KeyedEvent
-* Semaphore
-* Timer
-* Event
-* EventPair
-* SymbolicLink
-* IoCompletion
-* Section
-* Job
-* Session
-* MemoryPartition
-* AlpcPort
+* Supported types are list in SupportedNamedTypes array.
*
*/
NTSTATUS supOpenNamedObjectByType(
_Out_ HANDLE* ObjectHandle,
_In_ ULONG TypeIndex,
- _In_ LPCWSTR ObjectDirectory,
- _In_ LPCWSTR ObjectName,
+ _In_ PUNICODE_STRING ObjectDirectory,
+ _In_ PUNICODE_STRING ObjectName,
_In_ ACCESS_MASK DesiredAccess
)
{
- OBJECT_ATTRIBUTES obja;
- UNICODE_STRING ustr;
HANDLE rootHandle = NULL, objectHandle = NULL;
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
-
- LPWSTR objectFullName = NULL;
- SIZE_T cchObjectFullName;
-
PNTOBJECTOPENPROCEDURE ObjectOpenProcedure = NULL;
+ UNICODE_STRING portName;
+ OBJECT_ATTRIBUTES obja;
+
*ObjectHandle = NULL;
if (ObjectDirectory == NULL)
@@ -4427,57 +4644,28 @@ NTSTATUS supOpenNamedObjectByType(
if (ObjectName == NULL)
return STATUS_INVALID_PARAMETER_4;
- if ((TypeIndex != ObjectTypeDirectory) &&
- (TypeIndex != ObjectTypeDevice) &&
- (TypeIndex != ObjectTypeEvent) &&
- (TypeIndex != ObjectTypeEventPair) &&
- (TypeIndex != ObjectTypeIoCompletion) &&
- (TypeIndex != ObjectTypeJob) &&
- (TypeIndex != ObjectTypeKey) &&
- (TypeIndex != ObjectTypeKeyedEvent) &&
- (TypeIndex != ObjectTypeMutant) &&
- (TypeIndex != ObjectTypeMemoryPartition) &&
- (TypeIndex != ObjectTypePort) &&
- (TypeIndex != ObjectTypeSemaphore) &&
- (TypeIndex != ObjectTypeTimer) &&
- (TypeIndex != ObjectTypeSymbolicLink) &&
- (TypeIndex != ObjectTypeSection) &&
- (TypeIndex != ObjectTypeSession))
- {
+ if (!supxCanOpenObjectType(TypeIndex))
return STATUS_NOT_SUPPORTED;
- }
//
// Special ALPC port case.
//
if (TypeIndex == ObjectTypePort) {
- //
- // Build full object name.
- //
- cchObjectFullName = 4 + _strlen(ObjectDirectory) +
- _strlen(ObjectName) +
- sizeof(UNICODE_NULL);
-
- objectFullName = (LPWSTR)supHeapAlloc(cchObjectFullName * sizeof(WCHAR));
- if (objectFullName) {
-
- RtlStringCchPrintfSecure(objectFullName,
- cchObjectFullName,
- L"%s\\%s",
- ObjectDirectory,
- ObjectName);
-
+ RtlInitEmptyUnicodeString(&portName, NULL, 0);
+ if (supCreateObjectPathFromElements(ObjectName,
+ ObjectDirectory,
+ &portName,
+ TRUE))
+ {
//
// Open port by name.
//
ntStatus = supOpenPortObjectByName(ObjectHandle,
DesiredAccess,
- NULL,
- objectFullName);
-
- supHeapFree(objectFullName);
+ &portName);
+ supHeapFree(portName.Buffer);
}
return ntStatus;
@@ -4490,24 +4678,20 @@ NTSTATUS supOpenNamedObjectByType(
//
// If this is root, then root rootHandle = NULL.
- //
- if (_strcmpi(ObjectName, KM_OBJECTS_ROOT_DIRECTORY) != 0) {
-
- ntStatus = supOpenDirectoryForObject(
- &rootHandle,
- ObjectName,
- ObjectDirectory);
-
- if (!NT_SUCCESS(ntStatus)) {
+ //
+ if (!supIsRootDirectory(ObjectName)) {
+ //
+ // Otherwise open directory that keep this object.
+ //
+ ntStatus = supOpenDirectoryEx(&rootHandle, NULL, ObjectDirectory, DIRECTORY_QUERY);
+ if (!NT_SUCCESS(ntStatus))
return ntStatus;
- }
-
}
//
// Open object in directory.
//
- ntStatus = supOpenDirectory(&objectHandle, rootHandle, ObjectName, DesiredAccess);
+ ntStatus = supOpenDirectoryEx(&objectHandle, rootHandle, ObjectName, DesiredAccess);
if (rootHandle)
NtClose(rootHandle);
@@ -4519,13 +4703,10 @@ NTSTATUS supOpenNamedObjectByType(
//
// Open directory which object belongs.
//
- RtlInitUnicodeString(&ustr, ObjectDirectory);
- InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
-
- supOpenDirectoryForObject(&rootHandle, ObjectName, ObjectDirectory);
-
- RtlInitUnicodeString(&ustr, ObjectName);
- obja.RootDirectory = rootHandle;
+ ntStatus = supOpenDirectoryEx(&rootHandle, NULL, ObjectDirectory, DIRECTORY_QUERY);
+ if (!NT_SUCCESS(ntStatus)) {
+ return ntStatus;
+ }
//
// Select open object procedure.
@@ -4588,6 +4769,11 @@ NTSTATUS supOpenNamedObjectByType(
ObjectOpenProcedure = (PNTOBJECTOPENPROCEDURE)g_ExtApiSet.NtOpenPartition;
}
break;
+ case ObjectTypeRegistryTransaction:
+ if (g_ExtApiSet.NtOpenRegistryTransaction) {
+ ObjectOpenProcedure = (PNTOBJECTOPENPROCEDURE)g_ExtApiSet.NtOpenRegistryTransaction;
+ }
+ break;
default:
ObjectOpenProcedure = NULL;
break;
@@ -4603,6 +4789,8 @@ NTSTATUS supOpenNamedObjectByType(
//
// Open object of the given type.
//
+ InitializeObjectAttributes(&obja, ObjectName, OBJ_CASE_INSENSITIVE, rootHandle, NULL);
+
ntStatus = ObjectOpenProcedure(
&objectHandle,
DesiredAccess,
@@ -4748,9 +4936,7 @@ BOOL supxEnumAlpcPortsCallback(
pusObjectName = (PUNICODE_STRING)pBuffer;
if (pusObjectName->Buffer && pusObjectName->Length) {
- if (0 == _strcmpi(enumContext->ObjectFullName,
- pusObjectName->Buffer))
- {
+ if (RtlEqualUnicodeString(enumContext->ObjectName, pusObjectName, TRUE)) {
enumContext->ObjectHandle = objectHandle;
bStopEnum = TRUE;
break;
@@ -4790,8 +4976,7 @@ BOOL supxEnumAlpcPortsCallback(
NTSTATUS supOpenPortObjectByName(
_Out_ PHANDLE ObjectHandle,
_In_ ACCESS_MASK DesiredAccess,
- _Out_opt_ PHANDLE ReferenceHandle,
- _In_ LPCWSTR ObjectName
+ _In_ PUNICODE_STRING ObjectName
)
{
USHORT alpcPortTypeIndex;
@@ -4801,8 +4986,6 @@ NTSTATUS supOpenPortObjectByName(
if (ObjectHandle)
*ObjectHandle = NULL;
- if (ReferenceHandle)
- *ReferenceHandle = NULL;
do {
@@ -4829,7 +5012,7 @@ NTSTATUS supOpenPortObjectByName(
// Walk handle table looking for our named port.
//
enumContext.AlpcPortTypeIndex = alpcPortTypeIndex;
- enumContext.ObjectFullName = ObjectName;
+ enumContext.ObjectName = ObjectName;
enumContext.ObjectHandle = NULL;
if (supEnumHandleDump(pHandles,
@@ -4849,10 +5032,7 @@ NTSTATUS supOpenPortObjectByName(
0,
0);
- if (ReferenceHandle)
- *ReferenceHandle = enumContext.ObjectHandle;
- else
- NtClose(enumContext.ObjectHandle);
+ NtClose(enumContext.ObjectHandle);
}
else {
@@ -4876,7 +5056,7 @@ NTSTATUS supOpenPortObjectByName(
*
* Purpose:
*
-* Open handle for ALPC port object type with handle duplication using WinObjEx64 property context.
+* Open handle for ALPC port object type.
*
*/
NTSTATUS supOpenPortObjectFromContext(
@@ -4886,73 +5066,26 @@ NTSTATUS supOpenPortObjectFromContext(
)
{
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
- HANDLE refHandle = NULL;
- LPWSTR objectFullName = NULL;
- SIZE_T cchObjectFullName;
-
- *ObjectHandle = NULL;
- /*
- Context->PortObjectInfo.IsAllocated = TRUE;
- Context->PortObjectInfo.ReferenceHandle = TestGetPortHandle();
- */
+ UNICODE_STRING portName;
- if (Context->PortObjectInfo.IsAllocated) {
+ *ObjectHandle = NULL;
- ntStatus = NtDuplicateObject(NtCurrentProcess(),
- Context->PortObjectInfo.ReferenceHandle,
- NtCurrentProcess(),
- ObjectHandle,
+ RtlInitEmptyUnicodeString(&portName, NULL, 0);
+ if (supCreateObjectPathFromElements(
+ &Context->NtObjectName,
+ &Context->NtObjectPath,
+ &portName,
+ TRUE))
+ {
+ ntStatus = supOpenPortObjectByName(ObjectHandle,
DesiredAccess,
- 0,
- 0);
+ &portName);
+ supHeapFree(portName.Buffer);
}
else {
-
- do {
-
- //
- // Build full object name.
- //
- cchObjectFullName = 4 + _strlen(Context->lpCurrentObjectPath) +
- _strlen(Context->lpObjectName) +
- sizeof(UNICODE_NULL);
-
- objectFullName = (LPWSTR)supHeapAlloc(cchObjectFullName * sizeof(WCHAR));
- if (objectFullName) {
-
- RtlStringCchPrintfSecure(objectFullName,
- cchObjectFullName,
- L"%s\\%s",
- Context->lpCurrentObjectPath,
- Context->lpObjectName);
-
- //
- // Open port by name.
- //
- ntStatus = supOpenPortObjectByName(ObjectHandle,
- DesiredAccess,
- &refHandle,
- objectFullName);
-
- if (NT_SUCCESS(ntStatus)) {
-
- //
- // Save handle as reference.
- //
- Context->PortObjectInfo.ReferenceHandle = refHandle;
- Context->PortObjectInfo.IsAllocated = TRUE;
- }
-
- supHeapFree(objectFullName);
- }
- else {
- ntStatus = STATUS_INSUFFICIENT_RESOURCES;
- }
-
- } while (FALSE);
-
+ ntStatus = STATUS_INSUFFICIENT_RESOURCES;
}
return ntStatus;
@@ -4988,7 +5121,7 @@ HANDLE supOpenObjectFromContext(
&hPrivateNamespace,
MAXIMUM_ALLOWED,
&objaNamespace,
- Context->NamespaceInfo.BoundaryDescriptor);
+ Context->u1.NamespaceInfo.BoundaryDescriptor);
if (!NT_SUCCESS(ntStatus)) {
*Status = ntStatus;
@@ -5005,14 +5138,14 @@ HANDLE supOpenObjectFromContext(
// Open object of common type.
//
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeProcess:
if (Context->ContextType == propUnnamed) {
ntStatus = supOpenProcessEx(
- Context->UnnamedObjectInfo.ClientId.UniqueProcess,
+ Context->u1.UnnamedObjectInfo.ClientId.UniqueProcess,
PROCESS_ALL_ACCESS,
&hObject);
@@ -5030,7 +5163,7 @@ HANDLE supOpenObjectFromContext(
&hObject,
DesiredAccess,
ObjectAttributes,
- &Context->UnnamedObjectInfo.ClientId);
+ &Context->u1.UnnamedObjectInfo.ClientId);
}
else
@@ -5043,10 +5176,10 @@ HANDLE supOpenObjectFromContext(
if (Context->ContextType == propUnnamed) {
ntStatus = supOpenTokenByParam(
- &Context->UnnamedObjectInfo.ClientId,
+ &Context->u1.UnnamedObjectInfo.ClientId,
ObjectAttributes,
DesiredAccess,
- Context->UnnamedObjectInfo.IsThreadToken,
+ Context->u1.UnnamedObjectInfo.IsThreadToken,
&hObject);
}
@@ -5187,6 +5320,20 @@ HANDLE supOpenObjectFromContext(
break;
+ case ObjectTypeRegistryTransaction:
+
+ if (g_ExtApiSet.NtOpenRegistryTransaction) {
+
+ ntStatus = g_ExtApiSet.NtOpenRegistryTransaction(
+ &hObject,
+ DesiredAccess,
+ ObjectAttributes);
+ }
+ else
+ ntStatus = STATUS_PROCEDURE_NOT_FOUND;
+
+ break;
+
default:
ntStatus = STATUS_OBJECTID_NOT_FOUND;
break;
@@ -5222,7 +5369,7 @@ BOOL supCloseObjectFromContext(
else {
- switch (Context->TypeIndex) {
+ switch (Context->ObjectTypeIndex) {
case ObjectTypeWinstation:
bResult = CloseWindowStation((HWINSTA)hObject);
break;
@@ -5624,6 +5771,20 @@ BOOL supPrintTimeConverted(
{
FILETIME ConvertedTime = { 0, 0 };
TIME_FIELDS TimeFields = { 0, 0, 0, 0, 0, 0, 0, 0 };
+ LPCWSTR lpszMonths[12] = {
+ L"Jan",
+ L"Feb",
+ L"Mar",
+ L"Apr",
+ L"May",
+ L"Jun",
+ L"Jul",
+ L"Aug",
+ L"Sep",
+ L"Oct",
+ L"Nov",
+ L"Dec"
+ };
if (FileTimeToLocalFileTime((PFILETIME)Time, (PFILETIME)&ConvertedTime)) {
RtlTimeToTimeFields((PLARGE_INTEGER)&ConvertedTime, (PTIME_FIELDS)&TimeFields);
@@ -5639,7 +5800,7 @@ BOOL supPrintTimeConverted(
TimeFields.Minute,
TimeFields.Second,
TimeFields.Day,
- g_szMonths[TimeFields.Month - 1],
+ lpszMonths[TimeFields.Month - 1],
TimeFields.Year);
return TRUE;
@@ -5648,6 +5809,35 @@ BOOL supPrintTimeConverted(
return FALSE;
}
+/*
+* supGetTreeViewItemParam
+*
+* Purpose:
+*
+* Return TreeView item associated parameter.
+*
+*/
+_Success_(return)
+BOOL supGetTreeViewItemParam(
+ _In_ HWND hwndTreeView,
+ _In_ HTREEITEM hTreeItem,
+ _Out_ PVOID* outParam
+)
+{
+ TV_ITEM tvi;
+
+ RtlSecureZeroMemory(&tvi, sizeof(TV_ITEM));
+
+ tvi.mask = TVIF_PARAM;
+ tvi.hItem = hTreeItem;
+ if (!TreeView_GetItem(hwndTreeView, &tvi))
+ return FALSE;
+
+ *outParam = (PVOID)tvi.lParam;
+
+ return TRUE;
+}
+
/*
* supGetListViewItemParam
*
@@ -5656,6 +5846,7 @@ BOOL supPrintTimeConverted(
* Return ListView item associated parameter.
*
*/
+_Success_(return)
BOOL supGetListViewItemParam(
_In_ HWND hwndListView,
_In_ INT itemIndex,
@@ -5664,8 +5855,6 @@ BOOL supGetListViewItemParam(
{
LVITEM lvItem;
- *outParam = NULL;
-
lvItem.mask = LVIF_PARAM;
lvItem.iItem = itemIndex;
lvItem.iSubItem = 0;
@@ -6008,8 +6197,8 @@ PSUP_HANDLE_DUMP supHandlesCreateFilteredAndSortedList(
handleDump = (PSYSTEM_HANDLE_INFORMATION_EX)ntsupGetSystemInfoEx(
SystemExtendedHandleInformation,
&returnLength,
- supHeapAlloc,
- supHeapFree);
+ (PNTSUPMEMALLOC)supHeapAlloc,
+ (PNTSUPMEMFREE)supHeapFree);
if (handleDump == NULL)
return NULL;
@@ -6501,7 +6690,7 @@ HRESULT supxGetShellDispatchFromView(IShellView * psv, REFIID riid, void** ppv)
}
/*
-* supShellExecInExplorerProcessEx
+* supShellExecInExplorerProcess
*
* Purpose:
*
@@ -6509,7 +6698,7 @@ HRESULT supxGetShellDispatchFromView(IShellView * psv, REFIID riid, void** ppv)
* making it run with IL of Windows Explorer and not WinObjEx64.
*
*/
-HRESULT supShellExecInExplorerProcessEx(
+HRESULT supShellExecInExplorerProcess(
_In_ PCWSTR pszFile,
_In_opt_ PCWSTR pszArguments
)
@@ -6612,21 +6801,6 @@ HRESULT supShellExecInExplorerProcessEx(
return hr;
}
-/*
-* supShellExecInExplorerProcess
-*
-* Purpose:
-*
-* Run ShellExecute from Windows Explorer process through shell interfaces
-* making it run with IL of Windows Explorer and not WinObjEx64.
-*
-*/
-HRESULT WINAPI supShellExecInExplorerProcess(
- _In_ PCWSTR pszFile)
-{
- return supShellExecInExplorerProcessEx(pszFile, NULL);
-}
-
/*
* supLoadIconForObjectType
*
@@ -6656,42 +6830,18 @@ BOOLEAN supLoadIconForObjectType(
if (hIcon) {
- SendDlgItemMessage(hwndDlg, ID_OBJECT_ICON,
- STM_SETIMAGE, IMAGE_ICON, (LPARAM)hIcon);
-
- if (IsShadow)
- Context->ObjectTypeIcon = hIcon;
- else
- Context->ObjectIcon = hIcon;
-
- return TRUE;
- }
-
- return FALSE;
-}
-
-/*
-* supDestroyIconForObjectType
-*
-* Purpose:
-*
-* Destroy icon used to represent object (or its type) which properties is currently viewed.
-*
-*/
-VOID supDestroyIconForObjectType(
- _In_ PROP_OBJECT_INFO * Context
-)
-{
- if (Context->IsType) {
- if (Context->ObjectTypeIcon) {
- DestroyIcon(Context->ObjectTypeIcon);
- Context->ObjectTypeIcon = NULL;
- }
- }
- if (Context->ObjectIcon) {
- DestroyIcon(Context->ObjectIcon);
- Context->ObjectIcon = NULL;
+ SendDlgItemMessage(hwndDlg, ID_OBJECT_ICON,
+ STM_SETIMAGE, IMAGE_ICON, (LPARAM)hIcon);
+
+ if (IsShadow)
+ Context->ObjectTypeIcon = hIcon;
+ else
+ Context->ObjectIcon = hIcon;
+
+ return TRUE;
}
+
+ return FALSE;
}
/*
@@ -7408,7 +7558,7 @@ VOID supQueryAlpcPortObjectTypeIndex(
sdLength = SECURITY_DESCRIPTOR_MIN_LENGTH +
(ULONG)sizeof(ACL) +
- 2 * (ULONG)sizeof(ACCESS_ALLOWED_ACE) +
+ (ULONG)(2 * sizeof(ACCESS_ALLOWED_ACE)) +
RtlLengthSid(SeWorldSid) +
RtlLengthSid(SeRestrictedSid) +
8;
@@ -8803,12 +8953,20 @@ HANDLE supCreateThread(
_In_ DWORD dwCreationFlags
)
{
- return CreateThread(NULL,
+ HANDLE threadHandle;
+
+ threadHandle = CreateThread(NULL,
0,
lpStartAddress,
lpParameter,
dwCreationFlags,
NULL);
+
+ if (threadHandle) {
+ OBEX_STATS_INC(TotalThreadsCreated);
+ }
+
+ return threadHandle;
}
/*
@@ -8845,176 +9003,653 @@ HANDLE supCreateDialogWorkerThread(
}
/*
+* supGetCurrentObjectPath
+*
+* Purpose:
+*
+* Build full path to current object.
+*
+* If IncludeName is FALSE then result path does not
+* include object name except for root directory.
+*
+* e.g.
+* For \\ result will be \\
+* For \\ABC result will be \\
+* For \\ABC\\DEF result will be \\ABC
+*
+* If IncludeName is TRUE then result path *will*
+* include object name
*
-* Fast events, taken from ph2
-*
+* e.g.
+* For \\ result will be \\
+* For \\ABC result will be \\ABC
+* For \\ABC\\DEF result will be \\ABC\\DEF
*/
+_Success_(return != FALSE)
+BOOL supGetCurrentObjectPath(
+ _In_ BOOLEAN IncludeName,
+ _Out_ PUNICODE_STRING ObjectPath
+)
+{
+ OBEX_PATH_ELEMENT* ObjectPathEntry;
+ PLIST_ENTRY Head, Entry, FinalEntry, ObjectRootEntry = NULL;
+
+ ULONG NameInfoSize, BufferLength;
+ PWCH StringBuffer, ObjectName;
+
+ PUNICODE_STRING String;
+
+ RtlInitEmptyUnicodeString(ObjectPath, NULL, 0);
+
+ if (IsListEmpty(&g_ObjectPathListHead))
+ return FALSE;
+
+ NameInfoSize = sizeof(UNICODE_NULL);
+
+ Head = &g_ObjectPathListHead;
+ Entry = Head->Blink; // Beginning of path
+
+ if (IncludeName) {
+ FinalEntry = Head;
+ }
+ else {
+ FinalEntry = Head->Flink; // Current object name
+ }
+
+ ObjectRootEntry = Entry;
+ while ((Entry) && (Entry != FinalEntry)) {
+
+ ObjectPathEntry = CONTAINING_RECORD(Entry, OBEX_PATH_ELEMENT, ListEntry);
+ NameInfoSize += ObjectPathEntry->Name.Length;
+
+ //
+ // If not last and first then add separator size.
+ //
+ if ((Entry != ObjectRootEntry) && (Entry->Blink != FinalEntry))
+ NameInfoSize += sizeof(OBJ_NAME_PATH_SEPARATOR);
+
+ Entry = Entry->Blink;
+ }
+
+ //
+ // If this is root then leave.
+ //
+ if (NameInfoSize == sizeof(UNICODE_NULL)) {
+ return supDuplicateUnicodeString(g_obexHeap, ObjectPath, ObGetPredefinedUnicodeString(OBP_ROOT));
+ }
+
+ ObjectName = (PWCH)supHeapAlloc(NameInfoSize);
+ if (ObjectName == NULL)
+ return FALSE;
+
+ StringBuffer = ObjectName;
+
+ Head = &g_ObjectPathListHead;
+ Entry = Head->Blink; // Beginning of path
+
+ if (IncludeName) {
+ FinalEntry = Head;
+ }
+ else {
+ FinalEntry = Head->Flink; // Current object name
+ }
+
+ ObjectRootEntry = Entry;
+ while ((Entry) && (Entry != FinalEntry)) {
+
+ ObjectPathEntry = CONTAINING_RECORD(Entry, OBEX_PATH_ELEMENT, ListEntry);
+
+ String = &ObjectPathEntry->Name;
+
+ RtlCopyMemory(StringBuffer, String->Buffer, String->Length);
+ StringBuffer = (PWCH)((PCH)StringBuffer + String->Length);
+
+ //
+ // If not last and first then add separator.
+ //
+ if ((Entry != ObjectRootEntry) && (Entry->Blink != FinalEntry))
+ *StringBuffer++ = OBJ_NAME_PATH_SEPARATOR;
+
+ Entry = Entry->Blink;
+ }
+
+ *StringBuffer++ = UNICODE_NULL;
+
+ BufferLength = (USHORT)((ULONG_PTR)StringBuffer - (ULONG_PTR)ObjectName);
+ ObjectPath->Buffer = ObjectName;
+ ObjectPath->Length = (USHORT)(BufferLength - sizeof(UNICODE_NULL));
+ ObjectPath->MaximumLength = (USHORT)BufferLength;
+
+ return TRUE;
+}
/*
-* supInitFastEvent
+* supGetCurrentObjectName
*
* Purpose:
*
-* Initialize fast event.
+* Return name of currently selected object.
*
*/
-VOID supInitFastEvent(
- _In_ PFAST_EVENT Event
+_Success_(return)
+BOOL supGetCurrentObjectName(
+ _Out_ PUNICODE_STRING ObjectName
)
{
- Event->Value = FAST_EVENT_REFCOUNT_INC;
- Event->EventHandle = NULL;
+ OBEX_PATH_ELEMENT* entry = NULL;
+ LIST_ENTRY* listEntry, * head;
+
+ RtlInitEmptyUnicodeString(ObjectName, NULL, 0);
+
+ if (IsListEmpty(&g_ObjectPathListHead))
+ return FALSE;
+
+ head = &g_ObjectPathListHead;
+ listEntry = head->Flink;
+ if (listEntry) {
+ entry = CONTAINING_RECORD(listEntry, OBEX_PATH_ELEMENT, ListEntry);
+ return supDuplicateUnicodeString(g_obexHeap, ObjectName, &entry->Name);
+ }
+
+ return FALSE;
}
/*
-* supReferenceFastEvent
+* supBuildCurrentObjectList
*
* Purpose:
*
-* Make a reference for fast event.
+* Create list of current object path elements including name.
*
*/
-VOID supReferenceFastEvent(
- _In_ PFAST_EVENT Event
+VOID supBuildCurrentObjectList(
+ _In_ PVOID ListHead
)
{
- _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, FAST_EVENT_REFCOUNT_INC);
+ OBEX_ITEM* nextItem;
+ OBEX_PATH_ELEMENT* entry = NULL;
+
+ if (ObjectPathHeap)
+ supDestroyHeap(ObjectPathHeap);
+
+ ObjectPathHeap = supCreateHeap(HEAP_GROWABLE, TRUE);
+ if (ObjectPathHeap == NULL)
+ return;
+
+ InitializeListHead(&g_ObjectPathListHead);
+
+ nextItem = (OBEX_ITEM*)ListHead;
+ while (nextItem) {
+ entry = (OBEX_PATH_ELEMENT*)supHeapAllocEx(ObjectPathHeap, sizeof(OBEX_PATH_ELEMENT));
+ if (entry) {
+ entry->TypeIndex = nextItem->TypeIndex;
+ supDuplicateUnicodeString(ObjectPathHeap, &entry->Name, &nextItem->Name);
+ supDuplicateUnicodeString(ObjectPathHeap, &entry->TypeName, &nextItem->TypeName);
+ InsertTailList(&g_ObjectPathListHead, &entry->ListEntry);
+ }
+ nextItem = nextItem->Prev;
+ }
+
}
/*
-* supDereferenceFastEvent
+* supNormalizeUnicodeStringForDisplay
*
* Purpose:
*
-* Remove reference from fast event.
+* Create a copy of unicode string, friendly for output.
*
*/
-VOID supDereferenceFastEvent(
- _In_ PFAST_EVENT Event,
- _In_opt_ HANDLE EventHandle
+_Success_(return)
+BOOL supNormalizeUnicodeStringForDisplay(
+ _In_ HANDLE HeapHandle,
+ _In_ PUNICODE_STRING SourceString,
+ _Out_ PUNICODE_STRING NormalizedString
)
{
- ULONG_PTR value;
+ PWCH stringBuffer, src, dst;
+ ULONG i;
- value = _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, -FAST_EVENT_REFCOUNT_INC);
- if (((value >> FAST_EVENT_REFCOUNT_SHIFT) & FAST_EVENT_REFCOUNT_MASK) - 1 == 0)
- {
- if (EventHandle)
- {
- NtClose(EventHandle);
- Event->EventHandle = NULL;
+ stringBuffer = (PWCH)supHeapAllocEx(HeapHandle,
+ SourceString->Length + sizeof(UNICODE_NULL));
+
+ if (stringBuffer) {
+
+ dst = stringBuffer;
+ src = SourceString->Buffer;
+
+ i = SourceString->Length / sizeof(WCHAR);
+ while (i--) {
+
+ if (*src == 0)
+ *dst = g_ObNameNormalizationSymbol;
+ else
+ *dst = *src;
+
+ src++;
+ dst++;
}
+
+ *dst = UNICODE_NULL;
+
+ RtlInitUnicodeString(NormalizedString, stringBuffer);
+ return TRUE;
}
+
+ return FALSE;
}
/*
-* supSetFastEvent
+* supDisplayCurrentObjectPath
*
* Purpose:
*
-* Set event to signaled state.
+* Output current object path to the control.
*
*/
-VOID supSetFastEvent(
- _In_ PFAST_EVENT Event
+VOID supDisplayCurrentObjectPath(
+ _In_ HWND hwnd,
+ _In_opt_ PUNICODE_STRING Path,
+ _In_ BOOLEAN NormalizePath
)
{
- HANDLE eventHandle;
- if (!_InterlockedBitTestAndSetPointer((PLONG_PTR)&Event->Value, FAST_EVENT_SET_SHIFT)) {
- eventHandle = Event->EventHandle;
+ BOOL bNeedFree = FALSE;
+ UNICODE_STRING us, ns;
+
+ if (Path) {
+ us = *Path;
+ }
+ else {
+ if (!supGetCurrentObjectPath(TRUE, &us))
+ return;
+
+ bNeedFree = TRUE;
+ }
+
+ if (NormalizePath) {
+ if (supNormalizeUnicodeStringForDisplay(g_obexHeap, &us, &ns)) {
+
+ SendMessage(hwnd, WM_SETTEXT, 0, (LPARAM)ns.Buffer);
+
+ supFreeUnicodeString(g_obexHeap, &ns);
+ }
+ }
+ else {
+ SendMessage(hwnd, WM_SETTEXT, 0, (LPARAM)us.Buffer);
+ }
+
+ if (bNeedFree)
+ supFreeDuplicatedUnicodeString(g_obexHeap, &us, FALSE);
+
+}
+
+/*
+* supResolveSymbolicLinkTarget
+*
+* Purpose:
+*
+* Resolve symbolic link target and copy it to the supplied buffer.
+*
+* Return FALSE on error.
+*
+*/
+_Success_(return)
+BOOL supResolveSymbolicLinkTarget(
+ _In_opt_ HANDLE LinkHandle,
+ _In_opt_ HANDLE RootDirectoryHandle,
+ _In_ PUNICODE_STRING LinkName,
+ _Out_ PUNICODE_STRING LinkTarget
+)
+{
+ BOOL bResult = FALSE;
+ HANDLE hObject = NULL;
+ ULONG rLen = 0;
+ NTSTATUS ntStatus;
+ UNICODE_STRING linkTarget;
+ OBJECT_ATTRIBUTES obja;
+ PWCH stringBuffer;
+
+ if (LinkHandle == NULL) {
+ //
+ // There is no handle, open it.
+ //
+ InitializeObjectAttributes(&obja, LinkName, OBJ_CASE_INSENSITIVE, RootDirectoryHandle, NULL);
+ if (!NT_SUCCESS(NtOpenSymbolicLinkObject(&hObject, SYMBOLIC_LINK_QUERY, &obja)))
+ return FALSE;
+ }
+ else {
+ hObject = LinkHandle;
+ }
+
+ RtlInitEmptyUnicodeString(&linkTarget, NULL, 0);
+ ntStatus = NtQuerySymbolicLinkObject(hObject, &linkTarget, &rLen);
+
+ if (ntStatus == STATUS_BUFFER_TOO_SMALL ||
+ ntStatus == STATUS_BUFFER_OVERFLOW)
+ {
+ stringBuffer = (PWCH)supHeapAlloc(rLen + sizeof(UNICODE_NULL));
+ if (stringBuffer) {
+
+ linkTarget.Buffer = stringBuffer;
+ linkTarget.Length = 0;
+ linkTarget.MaximumLength = (USHORT)rLen;
+
+ ntStatus = NtQuerySymbolicLinkObject(hObject, &linkTarget, &rLen);
+ if (NT_SUCCESS(ntStatus)) {
+ *LinkTarget = linkTarget;
+ bResult = TRUE;
+ }
+ else {
+ supHeapFree(stringBuffer);
+ }
- if (eventHandle)
- {
- NtSetEvent(eventHandle, NULL);
}
+
+ }
+
+ //
+ // If there is no input handle close what we opened.
+ //
+ if (LinkHandle == NULL) {
+ if (hObject) NtClose(hObject);
}
+
+ return bResult;
}
/*
-* supTestFastEvent
+* supResolveSymbolicLinkTargetNormalized
*
* Purpose:
*
-* Returns fast even state.
+* Resolve symbolic link target in a GUI friendly output form.
+*
+* Return FALSE on error.
*
*/
-BOOLEAN supTestFastEvent(
- _In_ PFAST_EVENT Event
+_Success_(return)
+BOOL supResolveSymbolicLinkTargetNormalized(
+ _In_opt_ HANDLE LinkHandle,
+ _In_opt_ HANDLE RootDirectoryHandle,
+ _In_ PUNICODE_STRING LinkName,
+ _Out_ PUNICODE_STRING NormalizedLinkTarget
)
{
- return (BOOLEAN)Event->Set;
+ BOOL bResult;
+ UNICODE_STRING linkTarget;
+
+ if (!supResolveSymbolicLinkTarget(
+ LinkHandle,
+ RootDirectoryHandle,
+ LinkName,
+ &linkTarget))
+ {
+ return FALSE;
+ }
+
+ bResult = supNormalizeUnicodeStringForDisplay(g_obexHeap, &linkTarget, NormalizedLinkTarget);
+
+ supFreeDuplicatedUnicodeString(g_obexHeap, &linkTarget, FALSE);
+
+ return bResult;
}
/*
-* supResetFastEvent
+* supClipboardCopyUnicodeStringRaw
*
* Purpose:
*
-* Perform fast even manual reset.
+* Copy UNICODE_STRING buffer to the clipboard as C array.
*
*/
-VOID supResetFastEvent(
- _In_ PFAST_EVENT Event
+VOID supClipboardCopyUnicodeStringRaw(
+ _In_ PUNICODE_STRING String
)
{
- if (Event == NULL)
+ BYTE* src, * end;
+ PWCH copyBuffer, dst;
+ SIZE_T length;
+ BYTE x;
+
+ //
+ // '0', 'x', ',', ' ', 'A', 'B' = 6 * sizeof(WCHAR)
+ //
+ length = 100 + ((SIZE_T)String->Length * 12);
+ copyBuffer = (PWCH)supHeapAlloc(length);
+ if (copyBuffer == NULL)
return;
- if (supTestFastEvent(Event))
- Event->Value = FAST_EVENT_REFCOUNT_INC;
+ _strcpy(copyBuffer, TEXT("unsigned char data["));
+ ultostr(String->Length, _strend(copyBuffer));
+ dst = _strcat(copyBuffer, TEXT("] = {"));
+
+ src = (BYTE*)String->Buffer;
+ end = (BYTE*)RtlOffsetToPointer(String->Buffer, String->Length);
+ while (src < end) {
+
+ *dst++ = '0';
+ *dst++ = 'x';
+ x = *src++;
+
+ *dst++ = nibbletoh(x >> 4, TRUE);
+ *dst++ = nibbletoh(x & 15, TRUE);
+
+ if (src != end) {
+ *dst++ = ',';
+ *dst++ = ' ';
+ }
+ }
+
+ *dst++ = 0;
+ _strcat(copyBuffer, TEXT("}; "));
+
+ supClipboardCopy(copyBuffer, _strlen(copyBuffer) * sizeof(WCHAR));
+ supHeapFree(copyBuffer);
}
/*
-* supWaitForFastEvent
+* supFindUnicodeStringSubString
*
* Purpose:
*
-* Do the wait for event, if event object not allocated - allocate it.
+* Return offset to substring if found and ULLONG_MAX instead.
+*
+* Case Insensitive.
*
*/
-BOOLEAN supWaitForFastEvent(
- _In_ PFAST_EVENT Event,
- _In_opt_ PLARGE_INTEGER Timeout
+SIZE_T supFindUnicodeStringSubString(
+ _In_ PUNICODE_STRING String,
+ _In_ PUNICODE_STRING SubString
)
{
- BOOLEAN result;
- ULONG_PTR value;
- HANDLE eventHandle;
+ SIZE_T length1;
+ SIZE_T length2;
+ UNICODE_STRING string1;
+ UNICODE_STRING string2;
+ WCHAR c;
+ SIZE_T i;
- value = Event->Value;
- if (value & FAST_EVENT_SET)
- return TRUE;
+ if (SubString == NULL)
+ return 0;
- if (Timeout && Timeout->QuadPart == 0)
- return FALSE;
+ length1 = String->Length / sizeof(WCHAR);
+ length2 = SubString->Length / sizeof(WCHAR);
- supReferenceFastEvent(Event);
- eventHandle = Event->EventHandle;
+ if (length2 > length1)
+ return ULLONG_MAX;
- if (eventHandle == NULL) {
+ if (length2 == 0)
+ return 0;
- NtCreateEvent(&eventHandle, EVENT_ALL_ACCESS, NULL, NotificationEvent, FALSE);
- assert(eventHandle);
+ string1.Buffer = String->Buffer;
+ string1.Length = SubString->Length - sizeof(WCHAR);
+ string2.Buffer = SubString->Buffer;
+ string2.Length = SubString->Length - sizeof(WCHAR);
- if (NULL != _InterlockedCompareExchangePointer(
- &Event->EventHandle,
- eventHandle,
- NULL))
+ c = RtlUpcaseUnicodeChar(*string2.Buffer++);
+
+ for (i = length1 - length2 + 1; i != 0; i--) {
+ if (RtlUpcaseUnicodeChar(*string1.Buffer++) == c &&
+ RtlEqualUnicodeString(&string1, &string2, TRUE))
{
- NtClose(eventHandle);
- eventHandle = Event->EventHandle;
+ return (ULONG_PTR)(string1.Buffer - String->Buffer - 1);
}
-
}
- if (!(Event->Value & FAST_EVENT_SET)) {
- result = (NtWaitForSingleObject(eventHandle, FALSE, Timeout) == STATUS_WAIT_0);
+ return ULLONG_MAX;
+}
+
+/*
+* supImageFixSections
+*
+* Purpose:
+*
+* Fix sections after dump.
+*
+*/
+BOOL supImageFixSections(
+ _In_ LPVOID Buffer
+)
+{
+ PIMAGE_DOS_HEADER idh = NULL;
+ PIMAGE_FILE_HEADER fh1 = NULL;
+ PIMAGE_NT_HEADERS ImageHeaders = NULL;
+ PIMAGE_SECTION_HEADER Section = NULL;
+ DWORD vaddr, secalign, vsize, part;
+ WORD i, c;
+
+ __try {
+
+ idh = (PIMAGE_DOS_HEADER)Buffer;
+ fh1 = (PIMAGE_FILE_HEADER)((ULONG_PTR)Buffer + ((PIMAGE_DOS_HEADER)Buffer)->e_lfanew + sizeof(DWORD));
+ if (fh1->Machine != IMAGE_FILE_MACHINE_AMD64) {
+ return FALSE;
+ }
+
+ ImageHeaders = (PIMAGE_NT_HEADERS)((PBYTE)Buffer + idh->e_lfanew);
+ Section = IMAGE_FIRST_SECTION(ImageHeaders);
+ secalign = ImageHeaders->OptionalHeader.SectionAlignment;
+ c = ImageHeaders->FileHeader.NumberOfSections;
+
+ vaddr = Section->VirtualAddress;
+ for (i = 0; i < c; i++) {
+
+ //recalculate virtual size/address for each section
+ vsize = Section->Misc.VirtualSize;
+ part = vsize % secalign;
+ if (part != 0) {
+ vsize = vsize + secalign - part;
+ }
+ Section->SizeOfRawData = vsize;
+ Section->PointerToRawData = vaddr;
+ vaddr += vsize;
+ Section = (PIMAGE_SECTION_HEADER)((PBYTE)Section + sizeof(IMAGE_SECTION_HEADER));
+ }
+
}
- else {
- result = TRUE;
+ __except (WOBJ_EXCEPTION_FILTER_LOG) {
+ return FALSE;
}
+ return TRUE;
+}
- supDereferenceFastEvent(Event, eventHandle);
+/*
+* supCloseKnownPropertiesDialog
+*
+* Purpose:
+*
+* Send WM_CLOSE to known properties dialog if it present.
+*
+*/
+VOID supCloseKnownPropertiesDialog(
+ _In_opt_ HWND hwndDlg
+)
+{
+ if (hwndDlg)
+ SendMessage(hwndDlg, WM_CLOSE, 0, 0);
+}
- return result;
+/*
+* supReadObexConfiguration
+*
+* Purpose:
+*
+* Reads program configuration data from registry if present.
+*
+*/
+_Success_(return)
+BOOL supReadObexConfiguration(
+ _Out_ POBEX_CONFIG Configuration
+)
+{
+ HKEY hKey;
+ DWORD data = 0, cbData, dwType;
+ WCHAR szBuffer[MAX_PATH + 1];
+ WCHAR symbol;
+
+ INT i;
+ WCHAR szValidSymbols[] = {
+ '!', '"', '#', '$', '%', '\'',
+ '(', ')','*', '+', '-', '.',
+ ':', ';', '<', '>', '=', '?',
+ '@', ']', '[', '^', '_', '`',
+ '{', '}', '~' };
+
+ Configuration->SymbolsPathValid = FALSE;
+ Configuration->SymbolsDbgHelpDllValid = FALSE;
+ Configuration->szNormalizationSymbol = OBJ_NAME_NORMALIZATION_SYMBOL;
+
+ if (ERROR_SUCCESS == RegOpenKeyEx(HKEY_CURRENT_USER, supObexConfiguration, 0, KEY_READ, &hKey)) {
+
+ cbData = sizeof(DWORD);
+ dwType = REG_DWORD;
+ if (ERROR_SUCCESS == RegQueryValueEx(hKey, supObexNormalizationSymbol,
+ NULL, &dwType, (LPBYTE)&data, &cbData))
+ {
+ if (dwType == REG_DWORD && cbData == sizeof(DWORD)) {
+ symbol = (WCHAR)data;
+ for (i = 0; i < RTL_NUMBER_OF(szValidSymbols); i++) {
+ if (szValidSymbols[i] == symbol) {
+ Configuration->szNormalizationSymbol = symbol;
+ break;
+ }
+ }
+ }
+ }
+
+ RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
+ cbData = MAX_PATH * sizeof(WCHAR);
+ dwType = REG_SZ;
+ if (ERROR_SUCCESS == RegQueryValueEx(hKey, supObexSymPath,
+ NULL, &dwType, (LPBYTE)&szBuffer, &cbData))
+ {
+ if (dwType == REG_SZ && cbData > sizeof(UNICODE_NULL)) {
+ _strcpy(Configuration->szSymbolsPath, szBuffer);
+ Configuration->SymbolsPathValid = TRUE;
+ }
+ }
+
+ RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
+ cbData = MAX_PATH * sizeof(WCHAR);
+ dwType = REG_SZ;
+ if (ERROR_SUCCESS == RegQueryValueEx(hKey, supObexSymDbgHelpDll,
+ NULL, &dwType, (LPBYTE)&szBuffer, &cbData))
+ {
+ if (dwType == REG_SZ && cbData > sizeof(UNICODE_NULL)) {
+ _strcpy(Configuration->szSymbolsDbgHelpDll, szBuffer);
+ Configuration->SymbolsDbgHelpDllValid = TRUE;
+ }
+ }
+
+ RegCloseKey(hKey);
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+POBEX_CONFIG supGetParametersBlock(
+ VOID)
+{
+ return &g_LoadedParametersBlock;
}
diff --git a/Source/WinObjEx64/sup.h b/Source/WinObjEx64/sup/sup.h
similarity index 81%
rename from Source/WinObjEx64/sup.h
rename to Source/WinObjEx64/sup/sup.h
index 660a8c07..9b24189d 100644
--- a/Source/WinObjEx64/sup.h
+++ b/Source/WinObjEx64/sup/sup.h
@@ -4,9 +4,9 @@
*
* TITLE: SUP.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* Common header file for the program support routines.
*
@@ -18,17 +18,57 @@
*******************************************************************************/
#pragma once
-#include
-#include
-
#define T_DEVICE_PROCEXP152 L"\\Device\\ProcExp152"
#define PE_DEVICE_TYPE 0x8335
#define IOCTL_PE_OPEN_PROCESS_TOKEN CTL_CODE(PE_DEVICE_TYPE, 0x3, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_PE_OPEN_PROCESS CTL_CODE(PE_DEVICE_TYPE, 0xF, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define T_SECUREBOOTSTATEKEY L"System\\CurrentControlSet\\Control\\SecureBoot\\State"
+#define T_SECUREBOOTSTATEVALUE L"UEFISecureBootEnabled"
+
+#define T_VERSION_TRANSLATION L"\\VarFileInfo\\Translation"
+#define FORMAT_VERSION_DESCRIPTION L"\\StringFileInfo\\%04x%04x\\FileDescription"
+#define HHCTRLOCXKEY L"CLSID\\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\\InprocServer32"
+#define T_OBJECT_TYPES L"ObjectTypes"
+
+#define FORMAT_TIME_DATE_VALUE L"%02hd:%02hd:%02hd, %02hd %ws %04hd"
+#define FORMAT_TIME_VALUE L"%I64u:%02hd:%02hd"
+#define FORMAT_TIME_VALUE_MS L"%hd:%02hd:%02hd.%03hd"
+#define T_FORMATTED_ATTRIBUTE L" 0x"
+
+#define HHCTRLOCX L"hhctrl.ocx"
+
+#define T_WINSTA_SYSTEM L"-0x0-3e7$"
+#define T_WINSTA_ANONYMOUS L"-0x0-3e6$"
+#define T_WINSTA_LOCALSERVICE L"-0x0-3e5$"
+#define T_WINSTA_NETWORK_SERVICE L"-0x0-3e4$"
+
+#define supServicesRegPath L"System\\CurrentControlSet\\Services\\"
+#define supServicesRegPathSize sizeof(supServicesRegPath) - sizeof(WCHAR)
+
+#define supObexConfiguration L"Software\\WinObjEx64"
+#define supObexSymPath L"SymPath"
+#define supObexSymDbgHelpDll L"SymDbgHelpDll"
+#define supObexNormalizationSymbol L"NormalizationSymbol"
+
+// All relatives to supObexConfiguration
+typedef struct _OBEX_CONFIG {
+ BOOLEAN SymbolsPathValid;
+ BOOLEAN SymbolsDbgHelpDllValid;
+ WCHAR szNormalizationSymbol; //supObexNormalizationSymbol
+ WCHAR szSymbolsPath[MAX_PATH + 1]; //supObexSymbolsPath
+ WCHAR szSymbolsDbgHelpDll[MAX_PATH + 1]; //supObexSymbolsDbgHelpDll
+} OBEX_CONFIG, * POBEX_CONFIG;
+
#define INITIAL_BUFFER_SIZE (256) * (1024)
+#define GET_BIT(Integer, Bit) (((Integer) >> (Bit)) & 0x1)
+#define SET_BIT(Integer, Bit) ((Integer) |= 1 << (Bit))
+#define CLEAR_BIT(Integer, Bit) ((Integer) &= ~(1 << (Bit)))
+
+#define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1)
+
typedef struct _SAPIDB {
LIST_ENTRY ListHead;
HANDLE HeapHandle;
@@ -78,7 +118,7 @@ typedef struct _OBEX_THREAD_LOOKUP_ENTRY {
typedef struct _ALPCPORT_ENUM_CONTEXT {
_In_ USHORT AlpcPortTypeIndex;
- _In_ LPCWSTR ObjectFullName;
+ _In_ PUNICODE_STRING ObjectName;
_Out_ HANDLE ObjectHandle;
} ALPCPORT_ENUM_CONTEXT, * PALPCPORT_ENUM_CONTEXT;
@@ -90,6 +130,11 @@ typedef struct _PS_HANDLE_DUMP_ENUM_CONTEXT {
_In_ PVOID ProcessList;
} PS_HANDLE_DUMP_ENUM_CONTEXT, *PPS_HANDLE_DUMP_ENUM_CONTEXT;
+typedef struct _WINSTA_DESC {
+ LPCWSTR lpszWinSta;
+ LPCWSTR lpszDesc;
+} WINSTA_DESC, * PWINSTA_DESC;
+
typedef BOOL(CALLBACK* PSUPSHUTDOWNCALLBACK)(
_In_opt_ PVOID Context
);
@@ -100,27 +145,6 @@ typedef struct _SUP_SHUTDOWN_CALLBACK {
PVOID Context;
} SUP_SHUTDOWN_CALLBACK, PSUP_SHUTDOWN_CALLBACK;
-typedef struct _FAST_EVENT {
- union {
- ULONG_PTR Value;
- USHORT Set : 1;
- USHORT RefCount : 15;
- UCHAR Reserved;
- UCHAR AvailableForUse;
-#ifdef _WIN64
- ULONG Spare;
-#endif
- };
- HANDLE EventHandle;
-} FAST_EVENT, * PFAST_EVENT;
-
-#define FAST_EVENT_SET 0x1
-#define FAST_EVENT_SET_SHIFT 0
-#define FAST_EVENT_REFCOUNT_SHIFT 1
-#define FAST_EVENT_REFCOUNT_INC 0x2
-#define FAST_EVENT_REFCOUNT_MASK (((ULONG_PTR)1 << 15) - 1)
-#define FAST_EVENT_INIT { { FAST_EVENT_REFCOUNT_INC }, NULL }
-
// return true to stop enumeration
typedef BOOL(CALLBACK* PENUMERATE_SL_CACHE_VALUE_DESCRIPTORS_CALLBACK)(
_In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR* CacheDescriptor,
@@ -170,10 +194,6 @@ typedef struct _PROCESS_MITIGATION_POLICY_RAW_DATA {
ULONG Value;
} PROCESS_MITIGATION_POLICY_RAW_DATA, *PPROCESS_MITIGATION_POLICY_RAW_DATA;
-#define GET_BIT(Integer, Bit) (((Integer) >> (Bit)) & 0x1)
-#define SET_BIT(Integer, Bit) ((Integer) |= 1 << (Bit))
-#define CLEAR_BIT(Integer, Bit) ((Integer) &= ~(1 << (Bit)))
-
typedef struct _ENUMCHILDWNDDATA {
RECT Rect;
INT nCmdShow;
@@ -190,11 +210,6 @@ typedef struct _SAPIDBENTRY {
LPWSTR lpDeviceDesc;
} SAPIDBENTRY, *PSAPIDBENTRY;
-extern SAPIDB g_sapiDB;
-extern SCMDB g_scmDB;
-
-#define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1)
-
typedef struct tagVERBLOCK {
WORD wTotLen;
WORD wValLen;
@@ -257,9 +272,79 @@ typedef struct _FILE_VIEW_INFO {
typedef struct _SUP_BANNER_DATA {
LPCWSTR lpText;
LPCWSTR lpCaption;
- BOOL fList;
} SUP_BANNER_DATA, * PSUP_BANNER_DATA;
+//
+// Fast event
+//
+typedef struct _FAST_EVENT {
+ union {
+ ULONG_PTR Value;
+ USHORT Set : 1;
+ USHORT RefCount : 15;
+ UCHAR Reserved;
+ UCHAR AvailableForUse;
+#ifdef _WIN64
+ ULONG Spare;
+#endif
+ };
+ HANDLE EventHandle;
+} FAST_EVENT, * PFAST_EVENT;
+
+#define FAST_EVENT_SET 0x1
+#define FAST_EVENT_SET_SHIFT 0
+#define FAST_EVENT_REFCOUNT_SHIFT 1
+#define FAST_EVENT_REFCOUNT_INC 0x2
+#define FAST_EVENT_REFCOUNT_MASK (((ULONG_PTR)1 << 15) - 1)
+#define FAST_EVENT_INIT { { FAST_EVENT_REFCOUNT_INC }, NULL }
+
+VOID supInitFastEvent(
+ _In_ PFAST_EVENT Event);
+
+VOID supReferenceFastEvent(
+ _In_ PFAST_EVENT Event);
+
+VOID supDereferenceFastEvent(
+ _In_ PFAST_EVENT Event,
+ _In_opt_ HANDLE EventHandle);
+
+VOID supSetFastEvent(
+ _In_ PFAST_EVENT Event);
+
+BOOLEAN supTestFastEvent(
+ _In_ PFAST_EVENT Event);
+
+VOID supResetFastEvent(
+ _In_ PFAST_EVENT Event);
+
+BOOLEAN supWaitForFastEvent(
+ _In_ PFAST_EVENT Event,
+ _In_opt_ PLARGE_INTEGER Timeout);
+
+//
+// Heap memory allocations
+//
+HANDLE supCreateHeap(
+ _In_ ULONG HeapFlags,
+ _In_ BOOL TerminateOnCorruption);
+
+BOOL supDestroyHeap(
+ _In_ HANDLE HeapHandle);
+
+PVOID supHeapAllocEx(
+ _In_ HANDLE Heap,
+ _In_ SIZE_T Size);
+
+BOOL supHeapFreeEx(
+ _In_ HANDLE Heap,
+ _In_ PVOID Memory);
+
+PVOID supHeapAlloc(
+ _In_ SIZE_T Size);
+
+BOOL supHeapFree(
+ _In_ PVOID Memory);
+
//
// Use shared NTSUP forward.
//
@@ -274,7 +359,7 @@ typedef struct _SUP_BANNER_DATA {
#define supQueryUserModeAccessibleRange ntsupQueryUserModeAccessibleRange
#define supIsProcess32bit ntsupIsProcess32bit
#define supQueryThreadWin32StartAddress ntsupQueryThreadWin32StartAddress
-#define supOpenDirectory ntsupOpenDirectory
+#define supOpenDirectoryEx ntsupOpenDirectoryEx
#define supQueryProcessName ntsupQueryProcessName
#define supQueryProcessEntryById ntsupQueryProcessEntryById
#define supWriteBufferToFile ntsupWriteBufferToFile
@@ -307,23 +392,34 @@ typedef struct _SUP_BANNER_DATA {
#define supQueryThreadInformation(ThreadHandle, ThreadInformationClass, Buffer, ReturnLength) \
ntsupQueryThreadInformation(ThreadHandle, ThreadInformationClass, Buffer, ReturnLength, supHeapAlloc, supHeapFree)
+FORCEINLINE BOOLEAN supUnicodeStringValid(
+ _In_ PUNICODE_STRING SourceString
+)
+{
+ if (SourceString == NULL)
+ return FALSE;
+
+ if (((SourceString->Length % sizeof(WCHAR)) != 0) ||
+ ((SourceString->MaximumLength % sizeof(WCHAR)) != 0) ||
+ (SourceString->Length > SourceString->MaximumLength) ||
+ (SourceString->MaximumLength > (UNICODE_STRING_MAX_CHARS * sizeof(WCHAR))))
+ {
+ return FALSE;
+ }
+ else if ((SourceString->Buffer == NULL) &&
+ ((SourceString->Length != 0) || (SourceString->MaximumLength != 0)))
+ {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+#define supIsRootDirectory(DirectoryName) RtlEqualUnicodeString(ObGetPredefinedUnicodeString(OBP_ROOT), DirectoryName, TRUE)
+
BOOL supInitMSVCRT(
VOID);
-#ifndef _DEBUG
-FORCEINLINE PVOID supHeapAlloc(
- _In_ SIZE_T Size);
-
-FORCEINLINE BOOL supHeapFree(
- _In_ PVOID Memory);
-#else
-PVOID supHeapAlloc(
- _In_ SIZE_T Size);
-
-BOOL supHeapFree(
- _In_ PVOID Memory);
-#endif
-
VOID supTreeListEnableRedraw(
_In_ HWND TreeList,
_In_ BOOL fEnable);
@@ -360,11 +456,45 @@ HICON supGetMainIcon(
_In_ INT cx,
_In_ INT cy);
-void supCopyMemory(
- _Inout_ void* dest,
- _In_ size_t ccdest,
- _In_ const void* src,
- _In_ size_t ccsrc);
+_Success_(return)
+BOOL supNormalizeUnicodeStringForDisplay(
+ _In_ HANDLE HeapHandle,
+ _In_ PUNICODE_STRING SourceString,
+ _Out_ PUNICODE_STRING NormalizedString);
+
+_Success_(return)
+BOOL supFreeUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Inout_ PUNICODE_STRING String);
+
+_Success_(return)
+BOOL supFreeDuplicatedUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Inout_ PUNICODE_STRING DuplicatedString,
+ _In_ BOOL DoZeroMemory);
+
+_Success_(return)
+BOOL supDuplicateUnicodeString(
+ _In_ HANDLE HeapHandle,
+ _Out_ PUNICODE_STRING DestinationString,
+ _In_ PUNICODE_STRING SourceString);
+
+_Success_(return)
+BOOL supCreateObjectPathFromElements(
+ _In_ PUNICODE_STRING ObjectName,
+ _In_ PUNICODE_STRING DirectoryName,
+ _Out_ PUNICODE_STRING ObjectPath,
+ _In_ BOOLEAN NullTerminate);
+
+_Success_(return)
+BOOL supCreateObjectPathFromCurrentPath(
+ _In_ PUNICODE_STRING ObjectName,
+ _Out_ PUNICODE_STRING ObjectPath,
+ _In_ BOOLEAN NullTerminate);
+
+SIZE_T supFindUnicodeStringSubString(
+ _In_ PUNICODE_STRING String,
+ _In_ PUNICODE_STRING SubString);
VOID supCenterWindow(
_In_ HWND hwnd);
@@ -388,8 +518,7 @@ VOID supCloseLoadBanner(
VOID supDisplayLoadBanner(
_In_ LPCWSTR lpMessage,
- _In_opt_ LPCWSTR lpCaption,
- _In_ BOOL UseList);
+ _In_opt_ LPCWSTR lpCaption);
HIMAGELIST supLoadImageList(
_In_ HINSTANCE hInst,
@@ -399,7 +528,7 @@ HIMAGELIST supLoadImageList(
PVOID supGetObjectTypesInfo(
VOID);
-UINT supGetObjectNameIndexByTypeIndex(
+WOBJ_OBJECT_TYPE supGetObjectNameIndexByTypeIndex(
_In_ PVOID Object,
_In_ UCHAR TypeIndex);
@@ -493,24 +622,25 @@ BOOL supQuerySectionFileInfo(
_In_ DWORD ccBuffer);
BOOL supQueryTypeInfo(
- _In_ LPCWSTR lpTypeName,
- _Inout_ LPWSTR Buffer,
- _In_ DWORD cchBuffer);
+ _In_ PUNICODE_STRING TypeName,
+ _Inout_ LPWSTR Buffer,
+ _In_ DWORD cchhBuffer);
BOOL supQueryDriverDescription(
_In_ LPCWSTR lpDriverName,
_Inout_ LPWSTR Buffer,
- _In_ DWORD ccBuffer);
+ _In_ DWORD cchBuffer);
BOOL supQueryDeviceDescription(
- _In_ LPCWSTR lpDeviceName,
+ _In_opt_ PUNICODE_STRING Path,
+ _In_ PUNICODE_STRING Name,
_Inout_ LPWSTR Buffer,
_In_ DWORD ccBuffer);
BOOL supQueryWinstationDescription(
_In_ LPCWSTR lpWindowStationName,
_Inout_ LPWSTR Buffer,
- _In_ DWORD ccBuffer);
+ _In_ DWORD cchBuffer);
PVOID supGetTokenInfo(
_In_ HANDLE TokenHandle,
@@ -537,11 +667,6 @@ NTSTATUS supOpenDeviceObjectEx(
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
-NTSTATUS supOpenDirectoryForObject(
- _Out_ PHANDLE DirectoryHandle,
- _In_ LPCWSTR lpObjectName,
- _In_ LPCWSTR lpDirectory);
-
BOOL supDumpSyscallTableConverted(
_In_ ULONG_PTR ServiceTableAddress,
_In_ ULONG ServiceLimit,
@@ -656,8 +781,8 @@ INT supGetMaxCompareTwoFixedStrings(
NTSTATUS supOpenNamedObjectByType(
_Out_ HANDLE* ObjectHandle,
_In_ ULONG TypeIndex,
- _In_ LPCWSTR ObjectDirectory,
- _In_ LPCWSTR ObjectName,
+ _In_ PUNICODE_STRING ObjectDirectory,
+ _In_ PUNICODE_STRING ObjectName,
_In_ ACCESS_MASK DesiredAccess);
HANDLE supOpenObjectFromContext(
@@ -728,6 +853,13 @@ BOOL supPrintTimeConverted(
_In_ WCHAR* lpszBuffer,
_In_ SIZE_T cchBuffer);
+_Success_(return)
+BOOL supGetTreeViewItemParam(
+ _In_ HWND hwndTreeView,
+ _In_ HTREEITEM hTreeItem,
+ _Out_ PVOID * outParam);
+
+_Success_(return)
BOOL supGetListViewItemParam(
_In_ HWND hwndListView,
_In_ INT itemIndex,
@@ -793,13 +925,10 @@ BOOLEAN supSLCacheEnumerate(
_In_opt_ PENUMERATE_SL_CACHE_VALUE_DESCRIPTORS_CALLBACK Callback,
_In_opt_ PVOID Context);
-HRESULT supShellExecInExplorerProcessEx(
+HRESULT supShellExecInExplorerProcess(
_In_ PCWSTR pszFile,
_In_opt_ PCWSTR pszArguments);
-HRESULT WINAPI supShellExecInExplorerProcess(
- _In_ PCWSTR pszFile);
-
VOID supShowNtStatus(
_In_ HWND hWnd,
_In_ LPCWSTR lpText,
@@ -814,8 +943,9 @@ BOOLEAN supLoadIconForObjectType(
_In_ HIMAGELIST ImageList,
_In_ BOOLEAN IsShadow);
-VOID supDestroyIconForObjectType(
- _In_ PROP_OBJECT_INFO * Context);
+NTSTATUS supOpenLinkedToken(
+ _In_ HANDLE TokenHandle,
+ _Out_ PHANDLE LinkedTokenHandle);
NTSTATUS supOpenTokenByParam(
_In_ CLIENT_ID * ClientId,
@@ -912,8 +1042,7 @@ BOOL supEnumHandleDump(
NTSTATUS supOpenPortObjectByName(
_Out_ PHANDLE ObjectHandle,
_In_ ACCESS_MASK DesiredAccess,
- _Out_opt_ PHANDLE ReferenceHandle,
- _In_ LPCWSTR ObjectName);
+ _In_ PUNICODE_STRING ObjectName);
NTSTATUS supOpenPortObjectFromContext(
_Out_ PHANDLE ObjectHandle,
@@ -1039,28 +1168,52 @@ HANDLE supCreateDialogWorkerThread(
_In_opt_ __drv_aliasesMem LPVOID lpParameter,
_In_ DWORD dwCreationFlags);
-VOID supInitFastEvent(
- _In_ PFAST_EVENT Event);
+VOID CALLBACK supSymCallbackReportEvent(
+ _In_ LPCWSTR EventText);
-VOID supReferenceFastEvent(
- _In_ PFAST_EVENT Event);
+VOID supBuildCurrentObjectList(
+ _In_ PVOID ListHead);
-VOID supDereferenceFastEvent(
- _In_ PFAST_EVENT Event,
- _In_opt_ HANDLE EventHandle);
+_Success_(return != FALSE)
+BOOL supGetCurrentObjectPath(
+ _In_ BOOLEAN IncludeName,
+ _Out_ PUNICODE_STRING ObjectPath);
-VOID supSetFastEvent(
- _In_ PFAST_EVENT Event);
+_Success_(return)
+BOOL supGetCurrentObjectName(
+ _Out_ PUNICODE_STRING ObjectName);
-BOOLEAN supTestFastEvent(
- _In_ PFAST_EVENT Event);
+VOID supDisplayCurrentObjectPath(
+ _In_ HWND hwnd,
+ _In_opt_ PUNICODE_STRING Path,
+ _In_ BOOLEAN NormalizePath);
-VOID supResetFastEvent(
- _In_ PFAST_EVENT Event);
+_Success_(return)
+BOOL supResolveSymbolicLinkTarget(
+ _In_opt_ HANDLE LinkHandle,
+ _In_opt_ HANDLE RootDirectoryHandle,
+ _In_ PUNICODE_STRING LinkName,
+ _Out_ PUNICODE_STRING LinkTarget);
-BOOLEAN supWaitForFastEvent(
- _In_ PFAST_EVENT Event,
- _In_opt_ PLARGE_INTEGER Timeout);
+_Success_(return)
+BOOL supResolveSymbolicLinkTargetNormalized(
+ _In_opt_ HANDLE LinkHandle,
+ _In_opt_ HANDLE RootDirectoryHandle,
+ _In_ PUNICODE_STRING LinkName,
+ _Out_ PUNICODE_STRING NormalizedLinkTarget);
-VOID CALLBACK supSymCallbackReportEvent(
- _In_ LPCWSTR EventText);
+VOID supClipboardCopyUnicodeStringRaw(
+ _In_ PUNICODE_STRING String);
+
+BOOL supImageFixSections(
+ _In_ LPVOID Buffer);
+
+VOID supCloseKnownPropertiesDialog(
+ _In_opt_ HWND hwndDlg);
+
+_Success_(return)
+BOOL supReadObexConfiguration(
+ _Out_ POBEX_CONFIG Configuration);
+
+POBEX_CONFIG supGetParametersBlock(
+ VOID);
diff --git a/Source/WinObjEx64/sup/sync.c b/Source/WinObjEx64/sup/sync.c
new file mode 100644
index 00000000..c4d43750
--- /dev/null
+++ b/Source/WinObjEx64/sup/sync.c
@@ -0,0 +1,195 @@
+/*******************************************************************************
+*
+* (C) COPYRIGHT AUTHORS, 2022
+*
+* TITLE: SYNC.C
+*
+* VERSION: 2.00
+*
+* DATE: 19 Jun 2022
+*
+* Synchronization primitives.
+*
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+#include "global.h"
+
+/*
+*
+* Fast events, taken from ph2
+*
+*/
+
+/*
+* supInitFastEvent
+*
+* Purpose:
+*
+* Initialize fast event.
+*
+*/
+VOID supInitFastEvent(
+ _In_ PFAST_EVENT Event
+)
+{
+ Event->Value = FAST_EVENT_REFCOUNT_INC;
+ Event->EventHandle = NULL;
+}
+
+/*
+* supReferenceFastEvent
+*
+* Purpose:
+*
+* Make a reference for fast event.
+*
+*/
+VOID supReferenceFastEvent(
+ _In_ PFAST_EVENT Event
+)
+{
+ _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, FAST_EVENT_REFCOUNT_INC);
+}
+
+/*
+* supDereferenceFastEvent
+*
+* Purpose:
+*
+* Remove reference from fast event.
+*
+*/
+VOID supDereferenceFastEvent(
+ _In_ PFAST_EVENT Event,
+ _In_opt_ HANDLE EventHandle
+)
+{
+ ULONG_PTR value;
+
+ value = _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, -FAST_EVENT_REFCOUNT_INC);
+ if (((value >> FAST_EVENT_REFCOUNT_SHIFT) & FAST_EVENT_REFCOUNT_MASK) - 1 == 0)
+ {
+ if (EventHandle)
+ {
+ NtClose(EventHandle);
+ Event->EventHandle = NULL;
+ }
+ }
+}
+
+/*
+* supSetFastEvent
+*
+* Purpose:
+*
+* Set event to signaled state.
+*
+*/
+VOID supSetFastEvent(
+ _In_ PFAST_EVENT Event
+)
+{
+ HANDLE eventHandle;
+ if (!_InterlockedBitTestAndSetPointer((PLONG_PTR)&Event->Value, FAST_EVENT_SET_SHIFT)) {
+ eventHandle = Event->EventHandle;
+
+ if (eventHandle)
+ {
+ NtSetEvent(eventHandle, NULL);
+ }
+ }
+}
+
+/*
+* supTestFastEvent
+*
+* Purpose:
+*
+* Returns fast event state.
+*
+*/
+BOOLEAN supTestFastEvent(
+ _In_ PFAST_EVENT Event
+)
+{
+ return (BOOLEAN)Event->Set;
+}
+
+/*
+* supResetFastEvent
+*
+* Purpose:
+*
+* Perform fast event manual reset.
+*
+*/
+VOID supResetFastEvent(
+ _In_ PFAST_EVENT Event
+)
+{
+ if (Event == NULL)
+ return;
+
+ if (supTestFastEvent(Event))
+ Event->Value = FAST_EVENT_REFCOUNT_INC;
+}
+
+/*
+* supWaitForFastEvent
+*
+* Purpose:
+*
+* Do the wait for event, if event object not allocated - allocate it.
+*
+*/
+BOOLEAN supWaitForFastEvent(
+ _In_ PFAST_EVENT Event,
+ _In_opt_ PLARGE_INTEGER Timeout
+)
+{
+ BOOLEAN result;
+ ULONG_PTR value;
+ HANDLE eventHandle;
+
+ value = Event->Value;
+ if (value & FAST_EVENT_SET)
+ return TRUE;
+
+ if (Timeout && Timeout->QuadPart == 0)
+ return FALSE;
+
+ supReferenceFastEvent(Event);
+ eventHandle = Event->EventHandle;
+
+ if (eventHandle == NULL) {
+
+ NtCreateEvent(&eventHandle, EVENT_ALL_ACCESS, NULL, NotificationEvent, FALSE);
+ assert(eventHandle);
+
+ if (NULL != _InterlockedCompareExchangePointer(
+ &Event->EventHandle,
+ eventHandle,
+ NULL))
+ {
+ NtClose(eventHandle);
+ eventHandle = Event->EventHandle;
+ }
+
+ }
+
+ if (!(Event->Value & FAST_EVENT_SET)) {
+ result = (NtWaitForSingleObject(eventHandle, FALSE, Timeout) == STATUS_WAIT_0);
+ }
+ else {
+ result = TRUE;
+ }
+
+ supDereferenceFastEvent(Event, eventHandle);
+
+ return result;
+}
diff --git a/Source/WinObjEx64/wine.c b/Source/WinObjEx64/sup/wine.c
similarity index 79%
rename from Source/WinObjEx64/wine.c
rename to Source/WinObjEx64/sup/wine.c
index 0996be71..5f6effea 100644
--- a/Source/WinObjEx64/wine.c
+++ b/Source/WinObjEx64/sup/wine.c
@@ -4,9 +4,9 @@
*
* TITLE: WINE.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -17,10 +17,14 @@
#include "global.h"
#include "ntos/ntldr.h"
-#include "winedebug.h"
+
+#define _WINE_DEBUG_MODE
+#undef _WINE_DEBUG_MODE
+
+typedef char* (__cdecl* pwine_get_version)(void);
/*
-* wine_get_version
+* GetWineVersion
*
* Purpose:
*
@@ -30,7 +34,9 @@
*
*/
#ifndef _WINE_DEBUG_MODE
-const char* wine_get_version(void)
+PCHAR GetWineVersion(
+ VOID
+)
{
pwine_get_version pfn = NULL;
HMODULE hmod;
@@ -58,7 +64,7 @@ const char* wine_get_version(void)
return NULL;
}
#else
-const char* wine_get_version(void)
+PCHAR WineGetVersion(void)
{
return "6.0";
}
@@ -66,18 +72,20 @@ const char* wine_get_version(void)
/*
-* is_wine
+* IsWine
*
* Purpose:
*
* Query if there is a Wine layer enabled.
*
*/
-int is_wine(void)
+BOOLEAN IsWine(
+ VOID
+)
{
- CONST CHAR* szWine;
+ PCHAR lpWine;
- szWine = wine_get_version();
+ lpWine = GetWineVersion();
- return (szWine != NULL);
+ return (lpWine != NULL);
}
diff --git a/Source/WinObjEx64/extras/extrasCallbacks.h b/Source/WinObjEx64/sup/wine.h
similarity index 72%
rename from Source/WinObjEx64/extras/extrasCallbacks.h
rename to Source/WinObjEx64/sup/wine.h
index 717d4484..cdd48b2c 100644
--- a/Source/WinObjEx64/extras/extrasCallbacks.h
+++ b/Source/WinObjEx64/sup/wine.h
@@ -2,13 +2,13 @@
*
* (C) COPYRIGHT AUTHORS, 2018 - 2022
*
-* TITLE: EXTRASCALLBACKS.H
+* TITLE: WINE.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 04 Jun 2022
+* DATE: 19 Jun 2022
*
-* Common header file for Callbacks dialog.
+* Wine/Wine staging support header file.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -19,5 +19,5 @@
#pragma once
-VOID extrasCreateCallbacksDialog(
- VOID);
+PCHAR GetWineVersion(VOID);
+BOOLEAN IsWine(VOID);
diff --git a/Source/WinObjEx64/supConsts.h b/Source/WinObjEx64/supConsts.h
deleted file mode 100644
index d762bb5f..00000000
--- a/Source/WinObjEx64/supConsts.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2015 - 2020
-*
-* TITLE: SUPCONSTS.H
-*
-* VERSION: 1.87
-*
-* DATE: 25 July 2020
-*
-* Consts header file for support unit.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-#pragma once
-
-#define T_SECUREBOOTSTATEKEY L"System\\CurrentControlSet\\Control\\SecureBoot\\State"
-#define T_SECUREBOOTSTATEVALUE L"UEFISecureBootEnabled"
-
-#define T_VERSION_TRANSLATION L"\\VarFileInfo\\Translation"
-#define FORMAT_VERSION_DESCRIPTION L"\\StringFileInfo\\%04x%04x\\FileDescription"
-#define HHCTRLOCXKEY L"CLSID\\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\\InprocServer32"
-#define T_OBJECTTYPES L"\\ObjectTypes"
-
-#define FORMAT_TIME_DATE_VALUE L"%02hd:%02hd:%02hd, %02hd %ws %04hd"
-#define FORMAT_TIME_VALUE L"%I64u:%02hd:%02hd"
-#define FORMAT_TIME_VALUE_MS L"%hd:%02hd:%02hd.%03hd"
-#define T_FORMATTED_ATTRIBUTE L" 0x"
-
-#define HHCTRLOCX L"hhctrl.ocx"
-
-#define T_WINSTA_SYSTEM L"-0x0-3e7$"
-#define T_WINSTA_ANONYMOUS L"-0x0-3e6$"
-#define T_WINSTA_LOCALSERVICE L"-0x0-3e5$"
-#define T_WINSTA_NETWORK_SERVICE L"-0x0-3e4$"
-
-#define supServicesRegPath L"System\\CurrentControlSet\\Services\\"
-#define supServicesRegPathSize sizeof(supServicesRegPath) - sizeof(WCHAR)
-
-#define MAX_KNOWN_WINSTA_DESCRIPTIONS 4
-static WINSTA_DESC g_WinstaDescArray[MAX_KNOWN_WINSTA_DESCRIPTIONS] = {
- { T_WINSTA_SYSTEM, L"System" },
- { T_WINSTA_ANONYMOUS, L"Anonymous" },
- { T_WINSTA_LOCALSERVICE, L"Local Service" },
- { T_WINSTA_NETWORK_SERVICE, L"Network Service" }
-};
diff --git a/Source/WinObjEx64/symparser.c b/Source/WinObjEx64/symparser.c
index 09162bd0..12d78202 100644
--- a/Source/WinObjEx64/symparser.c
+++ b/Source/WinObjEx64/symparser.c
@@ -6,7 +6,7 @@
*
* VERSION: 1.18
*
-* DATE: 05 Jun 2021
+* DATE: 20 Jun 2021
*
* DbgHelp wrapper for symbols parser support.
*
@@ -1415,7 +1415,7 @@ PSYMCONTEXT SymParserCreate(
Context = (PSYMCONTEXT)supHeapAlloc(sizeof(SYMCONTEXT));
if (Context) {
- RtlCopyMemory(&Context->DbgHelp, &g_SymGlobals.ApiSet, sizeof(DBGHELP_PTRS));
+ Context->DbgHelp = g_SymGlobals.ApiSet;
Context->ProcessHandle = g_SymGlobals.ProcessHandle;
Context->ModuleBase = 0;
@@ -1489,7 +1489,7 @@ BOOL SymGlobalsInit(
HMODULE hDbg = NULL;
LPWSTR locaDbgHelplPath = NULL;
SIZE_T nLen;
- WCHAR szWinPath[MAX_PATH + 1];
+ WCHAR szWinPath[MAX_PATH * 2];
RtlSecureZeroMemory(&g_SymGlobals, sizeof(g_SymGlobals));
@@ -1502,19 +1502,6 @@ BOOL SymGlobalsInit(
return FALSE;
}
- nLen = _strlen(lpSystemPath);
- if (nLen > MAX_PATH) {
- SetLastError(ERROR_INVALID_PARAMETER);
- return FALSE;
- }
-
- RtlSecureZeroMemory(&szWinPath, sizeof(szWinPath));
-
- _strncpy(szWinPath,
- MAX_PATH,
- lpSystemPath,
- nLen);
-
nLen = _strlen(lpTempPath);
if (nLen > MAX_PATH) {
SetLastError(ERROR_INVALID_PARAMETER);
@@ -1530,8 +1517,23 @@ BOOL SymGlobalsInit(
}
else {
+
+ nLen = _strlen(lpSystemPath);
+ if (nLen > MAX_PATH) {
+ SetLastError(ERROR_INVALID_PARAMETER);
+ return FALSE;
+ }
+
+ RtlSecureZeroMemory(&szWinPath, sizeof(szWinPath));
+
+ _strncpy(szWinPath,
+ MAX_PATH,
+ lpSystemPath,
+ nLen);
+
supPathAddBackSlash(szWinPath);
_strcat(szWinPath, DEFAULT_DLL);
+
locaDbgHelplPath = szWinPath;
}
diff --git a/Source/WinObjEx64/sysinfoDlg.c b/Source/WinObjEx64/sysinfoDlg.c
index 4e83fccb..d68f11e6 100644
--- a/Source/WinObjEx64/sysinfoDlg.c
+++ b/Source/WinObjEx64/sysinfoDlg.c
@@ -4,9 +4,9 @@
*
* TITLE: SYSINFODLG.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 07 Jun 2022
+* DATE: 19 Jun 2022
*
* System Information Dialog.
*
@@ -199,6 +199,8 @@ VOID SysInfoCollectInformation(
HKEY hKey;
DWORD dwType, cbData, dwValue;
+ OBEX_CONFIG* obConfig = supGetParametersBlock();
+
PARAFORMAT ParaFormat;
CHARRANGE CharRange;
@@ -241,7 +243,7 @@ VOID SysInfoCollectInformation(
//
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
if (g_WinObj.IsWine) {
- lpWineVersion = (PCHAR)wine_get_version();
+ lpWineVersion = (PCHAR)GetWineVersion();
RtlSecureZeroMemory(szWineVer, sizeof(szWineVer));
if (0 == MultiByteToWideChar(CP_ACP, 0, lpWineVersion, (INT)_strlen_a(lpWineVersion),
szWineVer, RTL_NUMBER_OF(szWineVer)))
@@ -345,6 +347,15 @@ VOID SysInfoCollectInformation(
AddParameterValueBool(hwndOutput, TEXT("Internal.IsFullAdmin"), g_kdctx.IsFullAdmin); //admin privileges available
AddParameterValueBool(hwndOutput, TEXT("Internal.IsSecureBoot"), g_kdctx.IsSecureBoot); //secure boot enabled
AddParameterValueBool(hwndOutput, TEXT("Internal.IsWine"), g_WinObj.IsWine);
+ AddParameterValue32Hex(hwndOutput, TEXT("Internal.NameNormalizationSymbol"), (ULONG)g_ObNameNormalizationSymbol);
+
+ if (obConfig->SymbolsDbgHelpDllValid) {
+ AddParameterValue(hwndOutput, TEXT("Parameters.SymbolsDbgHelpDll"), obConfig->szSymbolsDbgHelpDll);
+ }
+ if (obConfig->SymbolsPathValid) {
+ AddParameterValue(hwndOutput, TEXT("Parameters.SymbolsPath"), obConfig->szSymbolsPath);
+ }
+
AddParameterValueBool(hwndOutput, TEXT("MitigationFlags.ASLRPolicy"), g_kdctx.MitigationFlags.ASLRPolicy);
AddParameterValueBool(hwndOutput, TEXT("MitigationFlags.DynamicCode"), g_kdctx.MitigationFlags.DynamicCode);
AddParameterValueBool(hwndOutput, TEXT("MitigationFlags.ExtensionPointDisable"), g_kdctx.MitigationFlags.ExtensionPointDisable);
@@ -376,7 +387,7 @@ VOID SysInfoCollectInformation(
lpType = L"Microsoft";
break;
}
- AddParameterValue(hwndOutput, TEXT("Driver.ActiveProvider"), lpType);
+ AddParameterValue(hwndOutput, TEXT("Driver.SelectedProvider"), lpType);
//
// Ntoskrnl
@@ -393,12 +404,6 @@ VOID SysInfoCollectInformation(
AddParameterValue64Hex(hwndOutput, TEXT("NtSymContext.ModuleBase"), ((PSYMCONTEXT)g_kdctx.NtOsSymContext)->ModuleBase);
}
- //
- // Directory object
- //
- AddParameterValue64Hex(hwndOutput, TEXT("System.DirectoryRootObject"), g_kdctx.DirectoryRootObject); //address of object root directory
- AddParameterValueUlong(hwndOutput, TEXT("System.DirectoryTypeIndex"), g_kdctx.DirectoryTypeIndex);
-
//
// Product info
//
@@ -411,17 +416,31 @@ VOID SysInfoCollectInformation(
AddParameterValue64Hex(hwndOutput, TEXT("System.MinimumUserModeAddress"), (ULONG_PTR)g_kdctx.MinimumUserModeAddress);
AddParameterValue64Hex(hwndOutput, TEXT("System.MaximumUserModeAddress"), (ULONG_PTR)g_kdctx.MaximumUserModeAddress);
- //
- // List kldbg data.
- //
- AddParameterValueBool(hwndOutput, TEXT("System.ObHeaderCookieValid"), g_kdctx.Data->ObHeaderCookie.Valid);
- AddParameterValue32Hex(hwndOutput, TEXT("System.ObHeaderCookie"), g_kdctx.Data->ObHeaderCookie.Value);
+ if (g_kdctx.IsFullAdmin) {
- AddParameterValueUlong(hwndOutput, TEXT("System.KiServiceLimit"), g_kdctx.Data->KeServiceDescriptorTable.Limit);
- AddParameterValue64Hex(hwndOutput, TEXT("System.KiServiceTableAddress"), (ULONG_PTR)g_kdctx.Data->KeServiceDescriptorTable.Base);
- AddParameterValue64Hex(hwndOutput, TEXT("System.IopInvalidDeviceRequest"), (ULONG_PTR)g_kdctx.Data->IopInvalidDeviceRequest);
- AddParameterValue64Hex(hwndOutput, TEXT("System.PrivateNamespaceLookupTable"), (ULONG_PTR)g_kdctx.Data->PrivateNamespaceLookupTable);
+ //
+ // List kldbg data if there is something to show since this data fetched dynamically during usage.
+ //
+ AddParameterValueBool(hwndOutput, TEXT("System.ObHeaderCookieValid"), g_kdctx.Data->ObHeaderCookie.Valid);
+ AddParameterValue32Hex(hwndOutput, TEXT("System.ObHeaderCookie"), g_kdctx.Data->ObHeaderCookie.Value);
+ AddParameterValueUlong(hwndOutput, TEXT("System.DirectoryTypeIndex"), g_kdctx.DirectoryTypeIndex);
+ if (g_kdctx.DirectoryRootObject)
+ AddParameterValue64Hex(hwndOutput, TEXT("System.DirectoryRootObject"), g_kdctx.DirectoryRootObject);
+
+ if (g_kdctx.Data->KeServiceDescriptorTable.Limit)
+ AddParameterValueUlong(hwndOutput, TEXT("System.KiServiceLimit"), g_kdctx.Data->KeServiceDescriptorTable.Limit);
+
+ if (g_kdctx.Data->KeServiceDescriptorTable.Base)
+ AddParameterValue64Hex(hwndOutput, TEXT("System.KiServiceTableAddress"), (ULONG_PTR)g_kdctx.Data->KeServiceDescriptorTable.Base);
+
+ if (g_kdctx.Data->IopInvalidDeviceRequest)
+ AddParameterValue64Hex(hwndOutput, TEXT("System.IopInvalidDeviceRequest"), (ULONG_PTR)g_kdctx.Data->IopInvalidDeviceRequest);
+
+ if (g_kdctx.Data->PrivateNamespaceLookupTable)
+ AddParameterValue64Hex(hwndOutput, TEXT("System.PrivateNamespaceLookupTable"), (ULONG_PTR)g_kdctx.Data->PrivateNamespaceLookupTable);
+
+ }
//
// List other data.
//
@@ -585,10 +604,11 @@ LRESULT CALLBACK SysInfoDialogProc(
UNREFERENCED_PARAMETER(lParam);
switch (uMsg) {
- case WM_INITDIALOG:
-
- SysInfoCollectInformation(hwnd);
- break;
+ case WM_SHOWWINDOW:
+ if (LOWORD(wParam)) {
+ SysInfoCollectInformation(hwnd);
+ }
+ return TRUE;
case WM_COMMAND:
switch (GET_WM_COMMAND_ID(wParam, lParam)) {
@@ -615,8 +635,10 @@ VOID ShowSysInfoDialog(
_In_ HWND hwndParent
)
{
- if (!supRichEdit32Load())
+ if (!supRichEdit32Load()) {
+ MessageBox(hwndParent, TEXT("Could not load RichEdit library"), NULL, MB_ICONERROR);
return;
+ }
DialogBoxParam(g_WinObj.hInstance,
MAKEINTRESOURCE(IDD_DIALOG_GLOBALS),
diff --git a/Source/WinObjEx64/sysinfoDlg.h b/Source/WinObjEx64/sysinfoDlg.h
deleted file mode 100644
index 8d9cb925..00000000
--- a/Source/WinObjEx64/sysinfoDlg.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2022
-*
-* TITLE: SYSINFODLG.H
-*
-* VERSION: 1.94
-*
-* DATE: 06 Jun 2022
-*
-* Common header file for the WinObjEx64 Globals and System Information Dialog.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-
-#pragma once
-
-VOID ShowSysInfoDialog(
- _In_ HWND hwndParent);
diff --git a/Source/WinObjEx64/tests/testunit.c b/Source/WinObjEx64/tests/testunit.c
index 976114cf..995b795a 100644
--- a/Source/WinObjEx64/tests/testunit.c
+++ b/Source/WinObjEx64/tests/testunit.c
@@ -4,9 +4,9 @@
*
* TITLE: TESTUNIT.C
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 06 Jun 2022
+* DATE: 19 Jun 2022
*
* Test code used while debug.
*
@@ -26,26 +26,24 @@
#pragma warning(pop)
#include
-HANDLE g_TestIoCompletion = NULL, g_TestTransaction = NULL;
HANDLE g_TestNamespace = NULL, g_TestMutex = NULL;
HANDLE g_TestMailslot = NULL;
-HANDLE g_DebugObject = NULL;
-HANDLE g_TestJob = NULL;
-HDESK g_TestDesktop = NULL;
HANDLE g_TestThread = NULL;
HANDLE g_TestPortThread = NULL;
HANDLE g_PortHandle;
PVOID g_MappedSection = NULL;
HANDLE g_SectionVaTest = NULL;
+HANDLE g_ResourceManager = NULL;
+HANDLE g_TestJob = NULL;
typedef struct _LPC_USER_MESSAGE {
PORT_MESSAGE Header;
BYTE Data[128];
-} LPC_USER_MESSAGE, *PLPC_USER_MESSAGE;
+} LPC_USER_MESSAGE, * PLPC_USER_MESSAGE;
typedef struct _QUERY_REQUEST {
ULONG Data;
-} QUERY_REQUEST, *PQUERY_REQUEST;
+} QUERY_REQUEST, * PQUERY_REQUEST;
#define WOBJEX_TEST_PORT L"\\Rpc Control\\WinObjEx_ServiceTestPort48429"
@@ -54,6 +52,163 @@ HANDLE TestGetPortHandle()
return g_PortHandle;
}
+typedef NTSTATUS (NTAPI* pfnNtCreateRegistryTransaction)(
+ _Out_ PHANDLE Handle,
+ _In_ ACCESS_MASK DesiredAccess, //generic + TRANSACTION_*
+ _In_ POBJECT_ATTRIBUTES ObjectAttributes,
+ _In_ DWORD Flags);
+
+VOID TestRegistryTransaction()
+{
+ NTSTATUS ntStatus;
+ HANDLE hObject;
+ OBJECT_ATTRIBUTES obja;
+ UNICODE_STRING usName;
+ pfnNtCreateRegistryTransaction NtCreateRegistryTransaction;
+ HMODULE hNtdll;
+
+ hNtdll = GetModuleHandle(L"ntdll.dll");
+ if (hNtdll) {
+
+ NtCreateRegistryTransaction = (pfnNtCreateRegistryTransaction)GetProcAddress(hNtdll, "NtCreateRegistryTransaction");
+ if (NtCreateRegistryTransaction != NULL) {
+
+ RtlInitUnicodeString(&usName, L"\\RPC Control\\TestRegTransaction");
+ InitializeObjectAttributes(&obja, &usName, OBJ_CASE_INSENSITIVE, NULL, NULL);
+ ntStatus = NtCreateRegistryTransaction(&hObject, TRANSACTION_ALL_ACCESS, &obja, 0);
+ if (NT_SUCCESS(ntStatus)) {
+ __nop();
+ }
+
+ }
+
+ }
+}
+
+VOID TestCreateBogusObjects()
+{
+ HANDLE hTimer = NULL, hDirectory = NULL, hObject = NULL;
+ LARGE_INTEGER liDueTime;
+ LPWSTR lpName;
+ SIZE_T l, i;
+ OBJECT_ATTRIBUTES obja;
+ UNICODE_STRING usName, usObject;
+
+ WCHAR szBuffer[MAX_PATH + 1];
+
+ liDueTime.QuadPart = -1000000000000LL;
+
+ lpName = (LPWSTR)supHeapAlloc(UNICODE_STRING_MAX_BYTES);
+ if (lpName) {
+ _strcpy(lpName, L"\\BaseNamedObjects\\BogusLongName");
+ l = _strlen(lpName);
+ for (i = l; i < UNICODE_STRING_MAX_CHARS - l - 1; i++)
+ lpName[i] = L't';
+
+ RtlInitUnicodeString(&usName, lpName);
+ InitializeObjectAttributes(&obja, &usName, OBJ_CASE_INSENSITIVE, NULL, NULL);
+
+ NtCreateTimer(&hTimer, TIMER_ALL_ACCESS, &obja, NotificationTimer);
+ if (hTimer) {
+ SetWaitableTimer(hTimer, &liDueTime, 0, NULL, NULL, 0);
+ }
+
+ supHeapFree(lpName);
+ }
+
+ _strcpy(szBuffer, L"\\BaseNamedObjects\\BogusEmbeddedNull");
+ l = _strlen(szBuffer);
+ szBuffer[l++] = 0;
+ szBuffer[l++] = L't';
+ szBuffer[l++] = L'e';
+ szBuffer[l++] = L's';
+ szBuffer[l++] = L't';
+
+ l *= 2;
+
+ usName.Buffer = szBuffer;
+ usName.Length = (USHORT)l;
+ usName.MaximumLength = usName.Length + sizeof(UNICODE_NULL);
+
+ InitializeObjectAttributes(&obja, &usName, OBJ_CASE_INSENSITIVE, NULL, NULL);
+
+ NtCreateTimer(&hTimer, TIMER_ALL_ACCESS, &obja, NotificationTimer);
+ if (hTimer) SetWaitableTimer(hTimer, &liDueTime, 0, NULL, NULL, 0);
+
+ _strcpy(szBuffer, L"\\RPC Control\\BogusEmbeddedNull");
+ l = _strlen(szBuffer);
+ szBuffer[l++] = 0;
+ szBuffer[l++] = L't';
+ szBuffer[l++] = L'e';
+ szBuffer[l++] = L's';
+ szBuffer[l++] = L't';
+
+ l *= 2;
+
+ usName.Buffer = szBuffer;
+ usName.Length = (USHORT)l;
+ usName.MaximumLength = usName.Length + sizeof(UNICODE_NULL);
+ if (NT_SUCCESS(NtCreateDirectoryObject(&hDirectory, DIRECTORY_ALL_ACCESS, &obja))) {
+ RtlInitUnicodeString(&usName, L"SomeTimer");
+ obja.RootDirectory = hDirectory;
+ if (NT_SUCCESS(NtCreateTimer(&hTimer, TIMER_ALL_ACCESS,
+ &obja, NotificationTimer)))
+ {
+ if (hTimer) SetWaitableTimer(hTimer, &liDueTime, 0, NULL, NULL, 0);
+ }
+ }
+
+ _strcpy(szBuffer, L"SurpriseDirectory");
+ l = _strlen(szBuffer);
+ szBuffer[l++] = 0;
+ szBuffer[l++] = L't';
+ szBuffer[l++] = L'e';
+ szBuffer[l++] = L's';
+ szBuffer[l++] = L't';
+ szBuffer[l++] = 0;
+ szBuffer[l++] = L'h';
+ szBuffer[l++] = L'a';
+ szBuffer[l++] = 0;
+ szBuffer[l++] = 0;
+ szBuffer[l++] = L'h';
+ szBuffer[l++] = L'a';
+ l *= 2;
+
+ usName.Buffer = szBuffer;
+ usName.Length = (USHORT)l;
+ usName.MaximumLength = usName.Length + sizeof(UNICODE_NULL);
+ obja.RootDirectory = hDirectory;
+ if (NT_SUCCESS(NtCreateDirectoryObject(&hDirectory, DIRECTORY_ALL_ACCESS, &obja))) {
+ RtlInitUnicodeString(&usObject, L"SurpriseTimer");
+ obja.RootDirectory = hDirectory;
+ obja.ObjectName = &usObject;
+ if (NT_SUCCESS(NtCreateTimer(&hTimer, TIMER_ALL_ACCESS,
+ &obja, NotificationTimer)))
+ {
+ if (hTimer) SetWaitableTimer(hTimer, &liDueTime, 0, NULL, NULL, 0);
+
+ RtlInitUnicodeString(&usObject, L"\\RPC Control\\TestLink");
+ InitializeObjectAttributes(&obja, &usObject, OBJ_CASE_INSENSITIVE, NULL, NULL);
+
+ _strcpy(szBuffer, L"\\RPC Control\\BogusEmbeddedNull");
+ l = _strlen(szBuffer);
+ szBuffer[l++] = 0;
+ szBuffer[l++] = L't';
+ szBuffer[l++] = L'e';
+ szBuffer[l++] = L's';
+ szBuffer[l++] = L't';
+ l *= 2;
+
+ usName.Length = (USHORT)l;
+ usName.MaximumLength = usName.Length + sizeof(UNICODE_NULL);
+
+ NtCreateSymbolicLinkObject(&hObject, SYMBOLIC_LINK_ALL_ACCESS, &obja, &usName);
+
+ }
+ }
+
+}
+
DWORD WINAPI LPCListener(LPVOID lpThreadParameter)
{
NTSTATUS Status;
@@ -135,14 +290,15 @@ VOID TestDebugObject(
VOID
)
{
+ HANDLE hObject = NULL;
NTSTATUS status;
OBJECT_ATTRIBUTES obja;
UNICODE_STRING ustr = RTL_CONSTANT_STRING(L"\\BaseNamedObjects\\TestDebugObject");
InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
- status = NtCreateDebugObject(&g_DebugObject, DEBUG_ALL_ACCESS, &obja, 0);
+ status = NtCreateDebugObject(&hObject, DEBUG_ALL_ACCESS, &obja, 0);
if (NT_SUCCESS(status)) {
- Beep(0, 0);
+ __nop();
}
}
@@ -238,7 +394,6 @@ VOID TestPartition(
VOID
)
{
- NTSTATUS status;
HANDLE TargetHandle = NULL;
OBJECT_ATTRIBUTES obja;
UNICODE_STRING ustr = RTL_CONSTANT_STRING(L"\\KernelObjects\\MemoryPartition0");
@@ -246,11 +401,8 @@ VOID TestPartition(
if (g_ExtApiSet.NtOpenPartition != NULL) {
InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
- status = g_ExtApiSet.NtOpenPartition(&TargetHandle, MEMORY_PARTITION_QUERY_ACCESS, &obja);
- if (NT_SUCCESS(status)) {
- __nop();
- NtClose(TargetHandle);
- }
+ g_ExtApiSet.NtOpenPartition(&TargetHandle, MEMORY_PARTITION_QUERY_ACCESS, &obja);
+
}
}
@@ -258,12 +410,13 @@ VOID TestIoCompletion(
VOID
)
{
+ HANDLE hCompletion = NULL;
OBJECT_ATTRIBUTES obja;
UNICODE_STRING ustr = RTL_CONSTANT_STRING(L"\\BaseNamedObjects\\TestIoCompletion");
//IoCompletion
InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
- NtCreateIoCompletion(&g_TestIoCompletion, IO_COMPLETION_ALL_ACCESS, &obja, 100);
+ NtCreateIoCompletion(&hCompletion, IO_COMPLETION_ALL_ACCESS, &obja, 100);
}
VOID TestTimer(
@@ -282,16 +435,52 @@ VOID TestTimer(
}
+VOID TestTransactionResourceManager(
+ VOID
+)
+{
+ HANDLE hObject = NULL;
+ OBJECT_ATTRIBUTES obja;
+ UNICODE_STRING usName;
+ GUID tmp;
+
+ InitializeObjectAttributes(&obja, NULL, OBJ_CASE_INSENSITIVE, NULL, NULL);
+
+ if (NT_SUCCESS(NtCreateTransactionManager(&hObject,
+ TRANSACTIONMANAGER_ALL_ACCESS,
+ &obja,
+ NULL,
+ TRANSACTION_MANAGER_VOLATILE,
+ 0)))
+ {
+ if (S_OK == CoCreateGuid(&tmp)) {
+ RtlInitUnicodeString(&usName, L"\\BaseNamedObjects\\TestRm");
+ obja.ObjectName = &usName;
+ if (NT_SUCCESS(NtCreateResourceManager(&g_ResourceManager,
+ RESOURCEMANAGER_ALL_ACCESS,
+ hObject,
+ &tmp,
+ &obja,
+ RESOURCE_MANAGER_VOLATILE,
+ NULL)))
+ {
+ __nop();
+ }
+ }
+ }
+}
+
VOID TestTransaction(
VOID
)
{
+ HANDLE hObject;
OBJECT_ATTRIBUTES obja;
UNICODE_STRING ustr = RTL_CONSTANT_STRING(L"\\BaseNamedObjects\\TestTransaction");
//TmTx
InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
- NtCreateTransaction(&g_TestTransaction, TRANSACTION_ALL_ACCESS, &obja, NULL, NULL, 0, 0, 0, NULL, NULL);
+ NtCreateTransaction(&hObject, TRANSACTION_ALL_ACCESS, &obja, NULL, NULL, 0, 0, 0, NULL, NULL);
}
VOID TestPrivateNamespace(
@@ -441,7 +630,7 @@ VOID TestException(
_In_ BOOL bNaked
)
{
- if (bNaked)
+ if (bNaked)
*(PBYTE)(NULL) = 0;
else {
@@ -455,30 +644,6 @@ VOID TestException(
}
}
-#include "ui.h"
-
-VOID TestWinsta(
- VOID
-)
-{
- NTSTATUS Status;
- HWINSTA hWinsta;
- PROP_OBJECT_INFO Context;
-
- //Context.lpCurrentObjectPath = L"\\Windows\\WindowStations";
- Context.lpCurrentObjectPath = L"\\Sessions\\1\\Windows\\WindowStations";
- Context.lpObjectName = L"Winsta0";
-
- hWinsta = OpenWindowStation(L"WinSta0", FALSE, WINSTA_ALL_ACCESS);
- //hWinsta = supOpenWindowStationFromContext(&Context, FALSE, READ_CONTROL);
- if (hWinsta) {
- CloseWindowStation(hWinsta);
- Status = RtlGetLastNtStatus();
- if (NT_SUCCESS(Status))
- Beep(0, 0);
- }
-}
-
VOID TestJob()
{
UINT i;
@@ -555,7 +720,7 @@ VOID TestPsObjectSecurity(
}
if (dwErr != ERROR_SUCCESS)
- Beep(0, 0);
+ __nop();
supHeapFree(EmptyDacl);
}
@@ -565,15 +730,16 @@ VOID TestDesktop(
VOID
)
{
+ HANDLE hDesktop;
DWORD LastError = 0;
- g_TestDesktop = CreateDesktop(TEXT("TestDesktop"), NULL, NULL, 0,
+ hDesktop = CreateDesktop(TEXT("TestDesktop"), NULL, NULL, 0,
DESKTOP_CREATEWINDOW | DESKTOP_SWITCHDESKTOP, NULL);
- if (g_TestDesktop == NULL) {
+ if (hDesktop == NULL) {
LastError = GetLastError();
if (LastError != 0)
- Beep(0, 0);
+ __nop();
}
}
@@ -587,7 +753,7 @@ DWORD WINAPI TokenImpersonationThreadProc(PVOID Parameter)
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) {
if (!ImpersonateLoggedOnUser(hToken))
- Beep(0, 0);
+ __nop();
CloseHandle(hToken);
}
@@ -598,7 +764,7 @@ DWORD WINAPI TokenImpersonationThreadProc(PVOID Parameter)
} while (i < 1000);
if (!RevertToSelf())
- Beep(0, 0);
+ __nop();
ExitThread(0);
}
@@ -685,12 +851,12 @@ VOID TestApiSetResolve()
}
BOOL CALLBACK EnumerateSLValueDescriptorCallback(
- _In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor,
+ _In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR* CacheDescriptor,
_In_opt_ PVOID Context
)
{
- WCHAR *EntryName;
- CHAR *EntryType;
+ WCHAR* EntryName;
+ CHAR* EntryType;
UNREFERENCED_PARAMETER(Context);
@@ -889,7 +1055,7 @@ VOID TestShadowDirectory()
RtlInitUnicodeString(&ustr, L"\\BaseNamedObjects");
InitializeObjectAttributes(&dirObja, &ustr, OBJ_CASE_INSENSITIVE, NULL, NULL);
ntStatus = NtOpenDirectoryObject(&shadowDirHandle, DIRECTORY_QUERY | DIRECTORY_TRAVERSE, &dirObja);
-
+
if (NT_SUCCESS(ntStatus)) {
//
@@ -915,7 +1081,7 @@ VOID TestShadowDirectory()
obja.RootDirectory = NULL;
ntStatus = NtOpenMutant(&testHandle2, MUTANT_ALL_ACCESS, &obja);
if (NT_SUCCESS(ntStatus)) {
- Beep(0, 0);
+ __nop();
}
}
}
@@ -927,14 +1093,15 @@ VOID TestAlpcPortOpen()
{
HANDLE hObject = NULL;
NTSTATUS ntStatus;
+ UNICODE_STRING usName;
- ntStatus = supOpenPortObjectByName(&hObject,
+ RtlInitUnicodeString(&usName, WOBJEX_TEST_PORT);
+
+ ntStatus = supOpenPortObjectByName(&hObject,
PORT_ALL_ACCESS,
- NULL,
- WOBJEX_TEST_PORT);
+ &usName);
if (NT_SUCCESS(ntStatus)) {
- Beep(0, 0);
NtClose(hObject);
}
else {
@@ -971,7 +1138,7 @@ VOID TestSymbols()
SYM_CHILD* pSymChild;
WCHAR* pStrEnd;
- WCHAR* pOutput;
+ WCHAR* pOutput;
if (!kdIsSymAvailable((PSYMCONTEXT)g_kdctx.NtOsSymContext))
return;
@@ -1098,10 +1265,10 @@ VOID TestSessions()
DWORD sessionsCount, i;
WTS_SESSION_INFO* pSessions;
- if (WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE,
- 0,
- 1,
- &pSessions,
+ if (WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE,
+ 0,
+ 1,
+ &pSessions,
&sessionsCount))
{
for (i = 0; i < sessionsCount; i++) {
@@ -1155,7 +1322,7 @@ VOID TestObCallback()
HANDLE Pid2;
BYTE Spare[392];
} request;
-
+
NTSTATUS ntStatus;
DWORD procId1 = 3448;
@@ -1199,16 +1366,19 @@ VOID TestStart(
VOID
)
{
+ TestCall();
+ TestRegistryTransaction();
+ //TestTransactionResourceManager();
+ TestCreateBogusObjects();
//TestCmControlVector();
//TestObCallback();
- TestCall();
//TestSectionControlArea();
//TestSymbols();
//TestSectionImage();
//TestShadowDirectory();
//TestPsObjectSecurity();
//TestLicenseCache();
- TestApiSetResolve();
+ //TestApiSetResolve();
//TestDesktop();
//TestApiPort();
//TestAlpcPortOpen();
@@ -1217,10 +1387,9 @@ VOID TestStart(
//TestPartition();
//TestPrivateNamespace();
//TestIoCompletion();
- TestTimer();
+ //TestTimer();
//TestTransaction();
- //TestWinsta();
- TestSessions();
+ //TestSessions();
//TestThread();
//PreHashTypes();
//TestJob();
@@ -1230,10 +1399,6 @@ VOID TestStop(
VOID
)
{
- if (g_DebugObject) NtClose(g_DebugObject);
- if (g_TestIoCompletion) NtClose(g_TestIoCompletion);
- if (g_TestTransaction) NtClose(g_TestTransaction);
-
if (g_TestMutex != NULL) {
CloseHandle(g_TestMutex);
}
@@ -1247,9 +1412,7 @@ VOID TestStop(
TerminateJobObject(g_TestJob, 0);
NtClose(g_TestJob);
}
- if (g_TestDesktop) {
- CloseDesktop(g_TestDesktop);
- }
+
if (g_TestThread) {
TerminateThread(g_TestThread, 0);
CloseHandle(g_TestThread);
diff --git a/Source/WinObjEx64/tests/testunit.h b/Source/WinObjEx64/tests/testunit.h
index 8a90c2a0..261f0cfd 100644
--- a/Source/WinObjEx64/tests/testunit.h
+++ b/Source/WinObjEx64/tests/testunit.h
@@ -4,9 +4,9 @@
*
* TITLE: TESTUNIT.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 02 Jun 2022
+* DATE: 19 Jun 2022
*
* Common header file for test code.
*
diff --git a/Source/WinObjEx64/ui.h b/Source/WinObjEx64/ui.h
index 9c0323a3..c9edadfc 100644
--- a/Source/WinObjEx64/ui.h
+++ b/Source/WinObjEx64/ui.h
@@ -4,9 +4,9 @@
*
* TITLE: UI.H
*
-* VERSION: 1.94
+* VERSION: 2.00
*
-* DATE: 31 May 2022
+* DATE: 19 Jun 2022
*
* Common header file for the user interface.
*
@@ -47,9 +47,9 @@ typedef HWND(WINAPI *pfnHtmlHelpW)(
_In_ DWORD_PTR dwData
);
-#define PROGRAM_MAJOR_VERSION 1
-#define PROGRAM_MINOR_VERSION 9
-#define PROGRAM_REVISION_NUMBER 4
+#define PROGRAM_MAJOR_VERSION 2
+#define PROGRAM_MINOR_VERSION 0
+#define PROGRAM_REVISION_NUMBER 0
#define PROGRAM_BUILD_NUMBER 2206
#ifdef _USE_OWN_DRIVER
@@ -61,6 +61,9 @@ typedef HWND(WINAPI *pfnHtmlHelpW)(
#define WINOBJEX64_WNDCLASS L"WinObjEx64Class"
#define WINOBJEX64_PSLISTCLASS L"WinObjEx64PsListClass"
+#define T_COPY_OBJECT_NAME L"Copy Name"
+#define T_COPY_OBJECT_NAME_BIN L"Copy Name (Binary)"
+
#define T_PROPERTIES L"Properties...\tEnter"
#define T_GOTOLINKTARGET L"Go To Link Target\tCtrl+->"
#define T_VIEWSD L"View Security Descriptor..."
@@ -68,7 +71,6 @@ typedef HWND(WINAPI *pfnHtmlHelpW)(
#define T_RUNASSYSTEM L"R&un as LocalSystem"
#define T_EXPORTTOFILE L"Export List"
#define T_JUMPTOFILE L"Jump to File"
-#define T_DUMPDRIVER L"Dump Driver"
#define T_VIEW_REFRESH L"Refresh\tF5"
#define T_VIEW_PLUGINS L"View Plugins"
#define T_EMPTY L" "
@@ -103,96 +105,20 @@ typedef HWND(WINAPI *pfnHtmlHelpW)(
#define IDMM_HELP 5
typedef struct _TL_SUBITEMS_FIXED {
+ ULONG Count;
ULONG ColorFlags;
COLORREF BgColor;
COLORREF FontColor;
PVOID UserParam;
- ULONG Count;
+ LPTSTR CustomTooltip;
LPTSTR Text[2];
} TL_SUBITEMS_FIXED, *PTL_SUBITEMS_FIXED;
-//
-// Property Dialogs
-//
-
-//Variable typedefs
-
-typedef enum _PROP_CONTEXT_TYPE {
- propNormal = 0,
- propPrivateNamespace = 1,
- propUnnamed = 2,
- propMax = 3
-} PROP_CONTEXT_TYPE;
-
-typedef struct _PROP_NAMESPACE_INFO {
- ULONG Reserved;
- ULONG SizeOfBoundaryDescriptor;
- OBJECT_BOUNDARY_DESCRIPTOR *BoundaryDescriptor;
- ULONG_PTR ObjectAddress;
-} PROP_NAMESPACE_INFO, *PPROP_NAMESPACE_INFO;
-
-typedef struct _PROP_UNNAMED_OBJECT_INFO {
- ULONG_PTR ObjectAddress;
- CLIENT_ID ClientId;
- SYSTEM_THREAD_INFORMATION ThreadInformation;
- UNICODE_STRING ImageName;
- BOOL IsThreadToken;
-} PROP_UNNAMED_OBJECT_INFO, *PPROP_UNNAMED_OBJECT_INFO;
-
-typedef struct _PROP_PORT_OBJECT {
- BOOL IsAllocated;
- HANDLE ReferenceHandle;
-} PROP_PORT_OBJECT, * PPROP_PORT_OBJECT;
-
-typedef struct _PROP_OBJECT_INFO {
- PROP_CONTEXT_TYPE ContextType;
- BOOL IsType; //TRUE if selected object is an object type
- UINT TypeIndex;
- DWORD ObjectFlags;//object specific flags
- LPWSTR lpObjectName;
- LPWSTR lpObjectType;
- LPWSTR lpCurrentObjectPath;
- LPWSTR lpDescription; //description from main list (3rd column)
- ULONG_PTR Tag;
- WOBJ_TYPE_DESC *TypeDescription;
- WOBJ_TYPE_DESC *ShadowTypeDescription; //valid only for types, same as TypeDescription for everything else.
- HICON ObjectIcon;
- HICON ObjectTypeIcon;
- OBJINFO ObjectInfo; //object dump related structures
- PROP_NAMESPACE_INFO NamespaceInfo;
- PROP_UNNAMED_OBJECT_INFO UnnamedObjectInfo;
- PROP_PORT_OBJECT PortObjectInfo;
-} PROP_OBJECT_INFO, *PPROP_OBJECT_INFO;
-
-//
-// If dialog already present - activate it window and return.
-//
-#define ENSURE_DIALOG_UNIQUE(Dialog) { \
- if (Dialog != NULL) { \
- SetActiveWindow(Dialog); \
- return; \
- } \
-}
-
-typedef struct _PROP_DIALOG_CREATE_SETTINGS {
- HWND hwndParent;
- LPWSTR lpObjectName;
- LPCWSTR lpObjectType;
- LPWSTR lpDescription;
- PROP_NAMESPACE_INFO *NamespaceObject;
- PROP_UNNAMED_OBJECT_INFO *UnnamedObject;
-} PROP_DIALOG_CREATE_SETTINGS, *PPROP_DIALOG_CREATE_SETTINGS;
-
typedef struct _VALUE_DESC {
LPWSTR lpDescription;
DWORD dwValue;
} VALUE_DESC, *PVALUE_DESC;
-typedef struct _WINSTA_DESC {
- LPCWSTR lpszWinSta;
- LPCWSTR lpszDesc;
-} WINSTA_DESC, * PWINSTA_DESC;
-
typedef struct _LVCOLUMNS_DATA {
LPWSTR Name;
INT Width;
@@ -240,22 +166,6 @@ typedef struct _LVCOLUMNS_DATA {
// prop used by ipc dialogs
#define T_IPCDLGCONTEXT TEXT("IpcDlgContext")
-//Calendar
-static LPCWSTR g_szMonths[12] = {
- L"Jan",
- L"Feb",
- L"Mar",
- L"Apr",
- L"May",
- L"Jun",
- L"Jul",
- L"Aug",
- L"Sep",
- L"Oct",
- L"Nov",
- L"Dec"
-};
-
#define INIT_NO_ERROR 0
#define INIT_ERROR_NOCRT 1
#define INIT_ERROR_NOHEAP 2
@@ -295,3 +205,24 @@ static LPCWSTR g_szMonths[12] = {
#define T_ERRSHADOW_TABLE_NOT_FOUND TEXT("W32pServiceTable was not found in win32k module")
#define T_ERRSHADOW_APISETMAP_NOT_FOUND TEXT("ApiSetSchema map was not found")
#define T_ERRSHADOW_APISET_VER_UNKNOWN TEXT("ApiSetSchema version is unknown")
+
+//
+// Common Dialog handlers.
+//
+VOID FindDlgCreate(
+ VOID);
+
+VOID ShowSysInfoDialog(
+ _In_ HWND hwndParent);
+
+VOID SDViewDialogCreate(
+ _In_ WOBJ_OBJECT_TYPE ObjectType);
+
+INT_PTR CALLBACK AboutDialogProc(
+ _In_ HWND hwndDlg,
+ _In_ UINT uMsg,
+ _In_ WPARAM wParam,
+ _In_ LPARAM lParam);
+
+VOID ShowStatsDialog(
+ VOID);
diff --git a/Source/WinObjEx64/wine.h b/Source/WinObjEx64/wine.h
deleted file mode 100644
index 5f65daf2..00000000
--- a/Source/WinObjEx64/wine.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2018 - 2021
-*
-* TITLE: WINE.H
-*
-* VERSION: 1.92
-*
-* DATE: 06 Dec 2021
-*
-* Wine/Wine staging support header file.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-
-#pragma once
-
-typedef char* (__cdecl *pwine_get_version)(void);
-
-const char *wine_get_version(void);
-int is_wine(void);
diff --git a/Source/WinObjEx64/winedebug.h b/Source/WinObjEx64/winedebug.h
deleted file mode 100644
index c0431c41..00000000
--- a/Source/WinObjEx64/winedebug.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*******************************************************************************
-*
-* (C) COPYRIGHT AUTHORS, 2019 - 2020
-*
-* TITLE: WINEDEBUG.H
-*
-* VERSION: 1.83
-*
-* DATE: 01 Dec 2019
-*
-* Wine debug definition header.
-*
-* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
-* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
-* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
-* PARTICULAR PURPOSE.
-*
-*******************************************************************************/
-
-#pragma once
-
-#define _WINE_DEBUG_MODE
-#undef _WINE_DEBUG_MODE
diff --git a/WinObjEx64.sha256 b/WinObjEx64.sha256
index 86bce409..a99792cb 100644
--- a/WinObjEx64.sha256
+++ b/WinObjEx64.sha256
@@ -3,12 +3,13 @@ e192abb83dded0fe227f3fe69cb0ac7aaa197941917afd497b4cf8796a03e041 *Compiled\WHATS
fa001b1ac9bbbb6c954d5dd609de60fa2b0277a6cfe35f6428591e4b4b1e8453 *Compiled\WHATSNEW_180.md
764927e79e6226e9a5185b0672b5b6422c27f6c4955afa45b6e3032a766797e4 *Compiled\WHATSNEW_187.md
d3c54e144f4ea198d761a0c89764d6cd39da19c0aa51661a9f37135e4f842a85 *Compiled\WHATSNEW_190.md
+c4205a94f6ed7ff8e26b318712acaab2d2d849fa97e7d92325d25cae49200c01 *Compiled\WHATSNEW_200.md
85ea539802640fce924ee0dda14d9a0ed3e786f5ca131c4ae0815f7beeba69f8 *Compiled\WinObjEx64.chm
-824252597d1bfb4e852c5e08c66f4eb79913b5a8f544f4be07034ecc591dfae4 *Compiled\WinObjEx64.exe
-158720439270201f23d3220eea21286923111b4dfec32b31b072a73a754e73ce *Compiled\plugins\ApiSetView.dll
-8daf3fb59b1d43475dc5ef48f0120d60d2e05468c5cd3c1c04a91e7ec0499ad8 *Compiled\plugins\ExamplePlugin.dll
-e19eb5a7d43f27cfbac2335494c49afa6ad23408e2ccf6e72d031e32a6994485 *Compiled\plugins\ImageScope.dll
-107b763f3f93816bf9de7db7ef675f2fc0fb61cf1ce185c0de4ce1ce213f20a0 *Compiled\plugins\Sonar.dll
+6b3180a969421a4336222a3a7922ac7652df780ad0169363375f89b36137536d *Compiled\WinObjEx64.exe
+b7d674453e9734472f85bd4ca3c53651e0702f32b5a801fce014a74b4d255bae *Compiled\plugins\ApiSetView.dll
+24a64aa290d1c21deae5029db957df728041006ef69087ad947eee8d4482881c *Compiled\plugins\ExamplePlugin.dll
+50b4c0ad3b58ac10fb0e2d386ce92287f9e30e0580d9f5b4b99a191f08d5b8ef *Compiled\plugins\ImageScope.dll
+84a944cd1fc5c5b0b21198768c166e9fe2a545112419ba98721ef7fe852b445b *Compiled\plugins\Sonar.dll
91a934ed83e8d2cda56f9ada2d4026247d2f5017483bf487d1a51c4b332e9314 *Docs\Callbacks.pdf
a9a7b1448aae42671a9e38df1074056d6e1f6e5c0e15d95790be3be66f6b7910 *Docs\Plugins.pdf
b5760ed4f02ce90db0584eabc3f7f220ca7c69036ceb71c9aadac83c15f07c98 *Screenshots\AlpcPortConnections.png
@@ -16,6 +17,7 @@ fba30e9030b549408da8e2efceb0d1aa0089d5c6621b664eba0b34b01a1a0a2e *Screenshots\Ap
54b8e37f2debeb936ac61eef516195feb3707da2214b8c7ea5d756ddcbd3ed43 *Screenshots\ApiSetView190.png
7e2b0bcb3a2f0947f1effed2306d0178e4ad28da6427d5d7735017630bfb960a *Screenshots\CallbackObjectView.png
88def410b5810caf649aa5402fed789e9be0c4bd2d18019ea3db25110b510acf *Screenshots\CallbacksView.png
+c1fdc1a3ca8c1f6db37bec4c33e475475feae17a5401fbc5e83cd01d007d4dec *Screenshots\CmControlVector.png
40c9b6f06ee689921f2b11715a54ee57f8968078d66fabdb343ff92a0c5acf75 *Screenshots\FindObjectDialog.png
47da9272f9d83ed89942acaf0fec1b900b17d3d098601157f16d57514f742b35 *Screenshots\ImsSection.png
c26f510707acbf18dd7e233a18a4fb7fe931242b573a01d17292c31d04f2bca3 *Screenshots\ImsStrings.png
@@ -38,13 +40,13 @@ cb66fca90766db12474ce057436364dabaf3e948f6ffa7e9651f869656f0b33c *Screenshots\Vi
ef65a909e8d9bc7ec94ecbc0f465f24a7968d6675eadf7f25f6414c66d6b28be *Screenshots\ViewingTypeInformation.png
db0ab26d20a62ba7c9c844e916e88168b72a7e52932d3483eb2d0a2e535b75a8 *Screenshots\ViewingUserSharedData.png
9e2b64f390c609172c5791dd138a748d31bf4d2cc839f01dbd514afe1cdfd083 *Screenshots\W32pServiceTableView.png
-fdeea2b058e7eeb50577cd5e3615a51ab8cd427fcccf4b0d716a974285d3073d *Source\CHANGELOG.txt
-7a973f6336017a50f90a7ccd9b9d60e4cf2e2252ebb860fd0cf513cf9e4c587a *Source\FILELIST.txt
+e0aeca50fc17d42b6943d0460cf8ef60c452ff4beca7c915165c5f5c98920237 *Source\CHANGELOG.txt
+ab18e9c97f2090cc135e6017085122ff455bd5721c4fc2e19ab03fd87affb654 *Source\FILELIST.txt
fb5db833eb13f6c7812cf9b8ca2b2e4f60b9133b700edd2065c3431c41509911 *Source\TypesWithNoDesc.txt
89f58de2ad50d5abba574acb90cc06454322a83bf0f4cc0da7e77201fde10d18 *Source\WinObjEx64.sln
abb1cfa5a1ebfc0dfa4fa646b8bf969020fc413ebcfa6189fe03e78c975fb7d6 *Source\WinObjEx64_Plugins.sln
39a976ac4e1b76c2058815c5017bd3acceb69950286cfdf8c5704b7e31b8cca0 *Source\drvstore\kldbgdrv.sys
-c19392cb3749add83029bdfa025f9e2a0b316ca13ec427ac86512260d5f5ac74 *Source\Plugins\plugin_def.h
+b3c0d3570b4c5b355bb718cd6a4f04e245066c743a1f37cf181d9bfa0c11e7dd *Source\Plugins\plugin_def.h
e36729912beb610d6499db18955104ce0a6f4318867e6c1b5a1e3ae413a6a0b3 *Source\Plugins\postbuild.cmd
3cb8b22fc2265da62aa183e1d6dcd22609e4463f01940308bc1eb9d6393132b1 *Source\Plugins\ApiSetView\ApiSetView.vcxproj
6f229b03fbc6b950b0037e15eed24d0ea603e1252f3de004fc84ca4ca06d3834 *Source\Plugins\ApiSetView\ApiSetView.vcxproj.filters
@@ -56,7 +58,7 @@ e55841373762f00b9b27cfe98d1cf1531a7efd47bfe8523887c7f9fbdd275c15 *Source\Plugins
2281055032972c36f4ce314aa6f6131c0bdbe258ed01900f39945476f8a82965 *Source\Plugins\ApiSetView\query.h
3bb248eff6da831cfc760df31bb2f91d5d4011c397a617d1dcae0beeb731fbf2 *Source\Plugins\ApiSetView\resource.h
3a862ff059b3bbd2f299074add8f26143a3f6c517cd9dfeac265e72e5236f416 *Source\Plugins\ApiSetView\Resource.rc
-40c11c10307e81e5cf22ab07a30afc5776059ac979f86b5eb6c761cccba6ccf8 *Source\Plugins\ApiSetView\ui.h
+bf4babab7c15bb59d59ae3bf56c62f9e368875fe5bc619bc9a73e3e297ec281a *Source\Plugins\ApiSetView\ui.h
5a23963d9013636311144bc273f9e065c5545992f1b3e08e60e53ae423734a8b *Source\Plugins\ExamplePlugin\ExamplePlugin.vcxproj
011a8e38aa9df8e77e7e786666be5cc4656054f4522681bdd1e4eda4501b1481 *Source\Plugins\ExamplePlugin\ExamplePlugin.vcxproj.filters
e953b026d0f383188c753487df0a4d879fa5da5ba82ac979aa877db84e89a060 *Source\Plugins\ExamplePlugin\ExamplePlugin.vcxproj.user
@@ -69,15 +71,15 @@ cea96ab2b67531d4b9823d5c42897df621f0926b24741389f5165ad29dfd1856 *Source\Plugins
1968ba5ddc7b4876599413c2a5d96b70eb72a1bb2d3007764b3fc14e5c08111a *Source\Plugins\ImageScope\ImageScope.vcxproj
712e286a7176d3b7f1511b19539ce1240bcf68cd8af0026a48c7f949ae013149 *Source\Plugins\ImageScope\ImageScope.vcxproj.filters
c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676 *Source\Plugins\ImageScope\ImageScope.vcxproj.user
-e58ab26eff0491c193d7f50ea87df6c6ef076690b80fb9d4e773337df72a9596 *Source\Plugins\ImageScope\main.c
+b64cd0c55c502d947a86c8f03fdc6d82edc0cf2262903eb7409a97a589ca4ff6 *Source\Plugins\ImageScope\main.c
a1beafe144a0b20f062de225ce53a23d7d6e0bcce8266ee488788a2adf896512 *Source\Plugins\ImageScope\query.c
70fcd612f41f100e8803326e5f28b8beccdef7bc9f22b41ccc0ef4f92fc1ae59 *Source\Plugins\ImageScope\query.h
c1503020ed3120fdbf07cd802f4185844bada59eac02ba5820f92ef3b2bb3710 *Source\Plugins\ImageScope\resource.h
-a465fcf43e71fa992a0f822f70f48779bede66703c0757e60cdcd35ac09aff15 *Source\Plugins\ImageScope\Resource.rc
-5e44b9f2d3286788619102fac42c2c7066fccbe83d3261ea58aab522a98f3427 *Source\Plugins\ImageScope\sup.c
-608baf12262249a1a3350bf465add16c8bc5794501cdf1fd0f62c7a4fb1b0bfb *Source\Plugins\ImageScope\sup.h
-e0cfb8b35b852e69247519d68cbb6a1b1f8c37f5f3cafb3345421d04d615dae0 *Source\Plugins\ImageScope\ui.c
-66d4face06c8db8923cd3c96c017983e6e14beed90f91e24f6425d8c15e53bb2 *Source\Plugins\ImageScope\ui.h
+72371088ac62c76946e6f2bb75749cc088f9d9cd7d5121490beb86a170fee838 *Source\Plugins\ImageScope\Resource.rc
+b1a964451f6305fbc1d0e446c7f5351fc92ce1b8ffaed114e0906265269ad70f *Source\Plugins\ImageScope\sup.c
+ab06f4cccfd4801c99fadf18ba7cd8d91f90a52ce859ef6de7ec498464b3eb0b *Source\Plugins\ImageScope\sup.h
+312487df885300838bff12693b315a66f87abafe7b6d6f178793df2e0e89c123 *Source\Plugins\ImageScope\ui.c
+9ca3b622df0abe8d55298c064c7938378722a25b65720444d2c481e51b30d486 *Source\Plugins\ImageScope\ui.h
6b2236b93693d4830feb90ee504ae03555d4882d4c301bea55f7980973b5fb32 *Source\Plugins\Sonar\export.def
b8828842e612e5a1cadfd9f6153dc006c296d3dec2178f48125211ef3b256111 *Source\Plugins\Sonar\global.h
b0923db27c811713437c00f94b559f80c5d7f7dd535c4099993b2bfcf143720f *Source\Plugins\Sonar\main.c
@@ -91,7 +93,7 @@ f9984294e5c4de3af2648c3bf0ece10fd1f06517e8264cf0dbc9662dd909551e *Source\Plugins
e953b026d0f383188c753487df0a4d879fa5da5ba82ac979aa877db84e89a060 *Source\Plugins\Sonar\Sonar.vcxproj.user
df39b80bc2de9b9b98665d8feac7fee9ef79127558e48a3deed3a5da99b567e2 *Source\Plugins\Sonar\sup.c
d9892fb88f1f97e7e444c4a1f0eac60115fdec289aef60339686f5428756a012 *Source\Plugins\Sonar\sup.h
-0c3022061db061b12f4538776dc28def2cf82b59f3028571c04aab42fd09bcf9 *Source\Plugins\Sonar\ui.h
+72d1b9aa5fa158affc761ebbe4883fd46fbf01196bb9af75c0892d017796da3a *Source\Plugins\Sonar\ui.h
51a674dae96f453bd269989bbba1c38a1e2f275df412c60c6c85d2bdec239e99 *Source\Shared\minirtl\hextou64.c
ceb8cd23185964369b52677950ebec681ffb254b9827d1e689337b43f345dc6c *Source\Shared\minirtl\hextoul.c
aa7d751fd93a3ce22a338a898280c281aba27a0320235674be90392dc400d2a1 *Source\Shared\minirtl\i64tostr.c
@@ -125,15 +127,15 @@ ffac2569a1dd61c400cda45839c7314bdd99cfcb5c17d503807db34c168628d2 *Source\Shared\
0738401b5c38184fc36bee3561f62af2234e897f521c10119c468e93d735c2b3 *Source\Shared\ntos\ntbuilds.h
69a2ac18f7ae51f231ff70195e914fdf1331564d7e109d052d8c0e6f2c6760a4 *Source\Shared\ntos\ntldr.c
083d71cbe45e72854cfc45e20b85ec805c8dd66f18c3a111236195a980c44333 *Source\Shared\ntos\ntldr.h
-68eceb062d86c1234b52e4b73c612220ff8d4a547c3055fb94e8472674c2d874 *Source\Shared\ntos\ntos.h
-6979c3177228a7f2f8d9f5ce4279d057b5d355ad95b20f4d7b9adef8c566c47d *Source\Shared\ntos\ntsup.c
-0efb2ffd0270cecd9d95046a4865b3264c5eda45601851f8e6efcdeecf8ac349 *Source\Shared\ntos\ntsup.h
+e98e4705ca61d6c7a88ad5ab754aefb4a5033f255107fdde67a5035b46af00a3 *Source\Shared\ntos\ntos.h
+750ff82aad837e9214377d78dded1d8893872518f08fcf831eea99b85c75098d *Source\Shared\ntos\ntsup.c
+21c6926e7556c518533222445234853c7c5a08252f0a8c02b6782605ab3892c6 *Source\Shared\ntos\ntsup.h
9988958033a3019273cadc83bfcdc8246d171df91fb6d6628ad933f03e58c1c6 *Source\Shared\ntuser\ntuser.h
-43e391b939e1e3118371a0af7209d47f30d34fcbdbf6e74ac9bb1904e38c2547 *Source\Shared\sdk\extdef.h
+1ec471eaeaec9402fb4a71f25ea7aa44de3a169f346ccaf873001dfbc59987c4 *Source\Shared\sdk\extdef.h
07da31bbf0fbb8e3fbf06f5b1557cb4415f267008834684617dfdadb93a4b25f *Source\Shared\tabs\tabsctrl.c
fe9f3b5ce134b8d292a6a82df44ce0a201cfb2c029ac131f54564e3ac80b7172 *Source\Shared\tabs\tabsctrl.h
-ce2ec00fd84aa5db7c67e1c95f503657804ffa6b3fb6a8fffe95de99476c6a18 *Source\Shared\treelist\treelist.c
-33aac331f85b82bb59f46a81c085eabc26cbb62997a331b65cbb944f02dd96fa *Source\Shared\treelist\treelist.h
+a0ae082961fc1825bed5a15f15285753485edbadce1eb62cc4809f95b74f4a0c *Source\Shared\treelist\treelist.c
+1c6051f0fdeccfe6ecf16f9b360c738cd03307a9f7c0242120581aba1285cb99 *Source\Shared\treelist\treelist.h
1bc873890f680f1bc71883f9ca13ce2773de254863a0539e8cb3198fbba80d44 *Source\Utils\readme.txt
c776bc97ee2fbe48d3e148bb37c887862e6de212d4391d6df9b5f149e40ed223 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.sln
c4a28bc43a63a40ff2d8699fa261ee1ced6783d199043484ea7921e8d078ea08 *Source\Utils\GenAsIo2Unlock\GenAsIo2Unlock.vcxproj
@@ -146,108 +148,81 @@ b0d8cc5b64482cd97871ff55e8dff0006679fabc397002fb00e03a4f6162d19d *Source\Utils\S
50886b1d269d1b4e67cfccf01444c85882f633f620fda361f23106aede6e2649 *Source\Utils\SearchPattern\SearchPattern.vcxproj.filters
93f2393e8962a32c42afad8c407f51c86fdba50316b70ccb436bcfe9015b7f0e *Source\Utils\SearchPattern\SearchPattern.vcxproj.user
342acfe1fb4f8f882b540ed09ab519ac8731a1f754b5e41a97812bc20e4381fc *Source\Utils\SearchPattern\test.cmd
-2cbb0921c88d819a50ff7cb36d4646a40221981a6af543f627bd80c24b79a126 *Source\WinObjEx64\aboutDlg.c
-e2877173023bae50e74772f142fec35cb72e30ea963dd90b39f382339a8a5b24 *Source\WinObjEx64\aboutDlg.h
+91822aa5d2b089b6cd60b98f61a60ad9bdcadff7fdb7c0e2fa38df63077feb4c *Source\WinObjEx64\aboutDlg.c
9e54675313dfcf120d83549865688882d6a6fd85f029c797d4be4eed9e3a58b7 *Source\WinObjEx64\driver.rc
-0d8692c3888e499558e9e0b97df2da16e58163c0f104b0ebc4a9394130424614 *Source\WinObjEx64\excepth.c
-8ac5c0a74e70cd77f6df9e4ab5115f44e778f60ae7460a6d145cdae8987a8b2f *Source\WinObjEx64\excepth.h
-dec43704b04ac9fc791f5a9477a6d82514c474556f579a577da5e335d6451226 *Source\WinObjEx64\extapi.c
-1ec98a0cf02e6b9eb0942d83b17d65a2cfe1afaa4b6bd407cbb21d417b49680b *Source\WinObjEx64\extapi.h
-9eef803d4edfbbd9f4e352fcb34a683c85d25ff9f37ddd73ccea9caea42bab63 *Source\WinObjEx64\findDlg.c
-448a91283daf89c3eee5a18012fe3d50271b5db6aa4dcb6f31f3702e6b3e7c14 *Source\WinObjEx64\findDlg.h
-66379999da6a3b31993c67190433929f363ab62bea19266e9da9eae7ac89ec31 *Source\WinObjEx64\global.h
-efae658152f746d41a6e03d13b9035410cf90cd859140ecc744d2dfa3b773c2a *Source\WinObjEx64\hash.c
-e79c1a5016f2d227be91eb345f08f515902144c63e3b09403a2d99dc8e8e771a *Source\WinObjEx64\hash.h
-5c70e317138e4b29a57ce4b28b71da3b3a58cb11ce5e3b953c67c929d55f182a *Source\WinObjEx64\kldbg.c
-08b55baff03772a2e5372a16d5db268d9d059431f0d253c7aaf79bc68d81ab90 *Source\WinObjEx64\kldbg.h
-1f0d722b6cd9b6d5c5f3ec1a7e110ce579c5d025a34a46a373a9d63cc9d85bbb *Source\WinObjEx64\kldbg_patterns.h
-c5e6655cce287691588493a3ca46bac005d8d812c0291afeb275a118891ed77a *Source\WinObjEx64\ksymbols.h
-db67f3b8a3981c32e0018bcfed34dbfe5e600ff1fa2b34ab76870065b0f54807 *Source\WinObjEx64\list.c
-0228c8f92e3c895fbc28ba4fadd28a6563e12bb1aaa6fd2b6bb6eaca1f8f3b44 *Source\WinObjEx64\list.h
-8ba70065593a341ce14e2304bacd9f00002df134b824e99674cbed35e640c249 *Source\WinObjEx64\main.c
-cf2e16f01e9b3daa6de0c5c3dc3ade68207e997cfa21e7caaba864381b11acf2 *Source\WinObjEx64\msvcver.h
-0f1f80b3b898fec1a89529c280cb4ac8c7e5ac840d682e7b5422ef8e61440af8 *Source\WinObjEx64\objects.c
-e751bec4a013a1f9cf2c3ef5dcb2a0d30655a1c495769a8886a46a309b046c97 *Source\WinObjEx64\objects.h
-fa8b91f9b565c7360aad2e50ae067d5be38c0de3fa99ba9198912461db0f01c0 *Source\WinObjEx64\plugmngr.c
-37209f354c8ee4ce9e0a2f069fdfee41380e20d9f56a31513d442500f5471f53 *Source\WinObjEx64\plugmngr.h
-4f7271708d0229b5168b5c2169c044bc6cb07930f21ebe0296b54080ec32face *Source\WinObjEx64\resource.h
-ace6090dccdfc66ebdbfb9d3936de513b40d7176fbb3b04a22333cf642a35b84 *Source\WinObjEx64\Resource.rc
-c190cb0ed80da38ce221ebe60b399f11acd8cc31d7e406875a3028a38b12f87f *Source\WinObjEx64\sdviewDlg.c
-ff4d638f70a48825900fd78bfc1bbec73a7528e29b92b4dbea3c21169e722a35 *Source\WinObjEx64\sdviewDlg.h
-aeaac1b0a88fc23c3e42a4ddd3d13edbb35ba99235f36267b5e9b91e1126ac13 *Source\WinObjEx64\sup.c
-462101a6c6f1ec1b396c3c0f0c5276e19763ab72126ba85f09c391fa1ea6daa2 *Source\WinObjEx64\sup.h
-0fe701062cd013ab03eca9e51824b2a7ecac09db933c1e1de3c8b007ee6148d2 *Source\WinObjEx64\supConsts.h
-06058ab5a8c7dd8fecb21b6221b3c689d81d6dd0430a4d6e314855bef95d7599 *Source\WinObjEx64\symparser.c
+86d0ea96261f15a973a42904e17e3552370e15ed1132065aab94d82eb44b4e0e *Source\WinObjEx64\excepth.c
+f70944012df5d37cbb490253b5973e9743908420c86f55021c85ef7f77b22052 *Source\WinObjEx64\excepth.h
+519a6ce20a3739d0adbb5f5e409a72b3563c2446d53332e16b83cb70d6715356 *Source\WinObjEx64\extapi.c
+c251e49c1fa3f1f69bf0a6e767b53e626fc0fb426dfd067d66f5ad63e44d2a9c *Source\WinObjEx64\extapi.h
+94f6ed43dbc7c1cb29fe9e87a580ee2522c83d006bbe4a06eec08f2921ea8825 *Source\WinObjEx64\findDlg.c
+8e9026da800c7d2dfd4dc6dbb4cfe09833592dc147586152f2c8950376059c73 *Source\WinObjEx64\global.h
+657ad230646b3dda6bc6d9f8af105ccef1dcc8e60757508637187c56ddf61ff2 *Source\WinObjEx64\hash.c
+91877ba05d36d1001e5b6a106bc3b48dbfeab5170080691051a81245fb2d7200 *Source\WinObjEx64\hash.h
+494e1578e3c9cb843a217019c7a0cf8d2813ae57b9197ccddcc0015231741d5d *Source\WinObjEx64\kldbg.c
+f418ff1909ff42fd1885ad0872e8a33cc9596163f0b4309251fd98355ce3280f *Source\WinObjEx64\kldbg.h
+c68b84390c641bafc2427db96e5dc5926d37035c9b8928e690d228cc3c856d4e *Source\WinObjEx64\kldbg_patterns.h
+64f058bae2d97ffd4c66b74b7dac13f7f9e086a81aef02b9f4e0b951735cd72d *Source\WinObjEx64\ksymbols.h
+d64d77b5771b6e775dd371852d1f7fd84d7d0432d2e567c0c637878b131b0347 *Source\WinObjEx64\list.c
+18ee7f9fcc5880d69fa7d1b5070e80f0b97e19899f3fef8ed5dbe7594d3034a1 *Source\WinObjEx64\list.h
+52d569a0484914e14da72cb98b15a6769020fd2b2ae0cb2e7ae08c932786d6f3 *Source\WinObjEx64\main.c
+12b2254a78059c8b90747af23f1efef644c68bc4f04fb0aa621a29455f14e924 *Source\WinObjEx64\msvcver.h
+81b07a2a0c6e2494d713b41578c5e7224565372a66d17fd8cf47881f1f0e31b3 *Source\WinObjEx64\objects.c
+eec6b4e520a13a07729e7d0b51e123c526177cd80e8d92e59c21aa664e965901 *Source\WinObjEx64\objects.h
+3881d8fd5935b12949467bddb9ad4156c553068d8fb7c4b8b98003a5f17286b2 *Source\WinObjEx64\plugmngr.c
+8dc17c3c9504041c303a496bbc0a1f8a0cc49a74b7204b9ef199bf0663d4eca1 *Source\WinObjEx64\plugmngr.h
+41907bc22c614ab86730ef5dc2c0202aab9585220f0a54da369f722c08133832 *Source\WinObjEx64\resource.h
+efbeaedc74f74d01eb6209699119db48f396805a0e8b0a95ce0a7448d1b1d898 *Source\WinObjEx64\Resource.rc
+161f371f8d53b2a2d84d953d2fee521c946d261d837f9411e69a5e739d9b7a98 *Source\WinObjEx64\sdviewDlg.c
+5cba0e33a6ae9fac2d099dce0e14efa38997208c80fe628acd933a10e77b36f9 *Source\WinObjEx64\symparser.c
80d167cb85b0e0b455dbb5774119e990b0c9085ac014e49207ae8e74ee19227e *Source\WinObjEx64\symparser.h
-942dd4edab146b3280556fe44e1e5abac12bc3bbb21f21aa5ccc662f6b4d1558 *Source\WinObjEx64\sysinfoDlg.c
-abbea050889900e73802f21134e871059fdd139860562c4047d7b995b8cd8344 *Source\WinObjEx64\sysinfoDlg.h
-c968b6f78c8002536e5b8a37b124b418eb8bccfac75aff284355232835be97d6 *Source\WinObjEx64\ui.h
-195eff12652bee15834b9143ba2ef2c3f4c8d13394fa4eaf7ec73fb56444eeae *Source\WinObjEx64\wine.c
-4bf27b56bba8c55641692c928c9cbecb7059a766c24d1c35cf45a73d8dbfc7ea *Source\WinObjEx64\wine.h
-791272a6a27c324a3ffafe7830331272210b99feac5d8fe991e3fa5a47fa5aa4 *Source\WinObjEx64\winedebug.h
-a2fe7707d31e78c94f933f0a5077c60622e7003a238a5a9c3074c29792068168 *Source\WinObjEx64\WinObjEx64.vcxproj
-1b0dbfeda288a77b9e8151403c1803ca93df1a1fe06f949f176a20f06cd17720 *Source\WinObjEx64\WinObjEx64.vcxproj.filters
+0d4c68e643a009280b4dfaa8c4a2229c61881bd233a5c2306cc90ab4b2feaaa5 *Source\WinObjEx64\sysinfoDlg.c
+3210f885e75f616dae84507d61a272280a98a0bef84f83aa041696feef71851e *Source\WinObjEx64\ui.h
+4ba9c9fb91adc3b0c7500cda62fb0ac8e331072aa792a9993b0fd107f8f6163f *Source\WinObjEx64\WinObjEx64.vcxproj
+ac28ae6aeb4604a7c71da0f5b2b41110f9191c147facd15dc1dc7421d1def37d *Source\WinObjEx64\WinObjEx64.vcxproj.filters
ac74885d66be7ae3d4f0f6004aa24241ffdac7cd29e2a59b38d7bf2030ea6564 *Source\WinObjEx64\WinObjEx64.vcxproj.user
b9d3432c775aca7ca3bba376e15a39b8c08831a620f6825599f2712c0dc974f6 *Source\WinObjEx64\drivers\wdbgdrv.c
4e9843a81b9d5677e659074d2f696310c613f857b2847fa0d83d1b0b04a3bdf0 *Source\WinObjEx64\drivers\wdbgdrv.h
5bf35529186a052b1432e6321995b6f9428c4d90a183e63a66afa5f40f6d43cf *Source\WinObjEx64\drivers\wdrvprv.c
d519634f47890a27dfe69452e5b8d875d37f16f0b90ac17395d2de439114bc11 *Source\WinObjEx64\drivers\wdrvprv.h
-b4a1f1e377a4740364b4a18af2ec2f97535e15e38798a0a2f4def8e6836a6070 *Source\WinObjEx64\drivers\winio.c
-b64b09630b1207d96c134f67146effe43a9fe04ad00c3f930a8968c6162147d1 *Source\WinObjEx64\drivers\winio.h
-a1ed3ab18754225547d3ed64f9754a617b8e81a6e0af7c0de95fa25fcbe19dba *Source\WinObjEx64\extras\extras.c
-917de5c62b213aad12f9669092b5137e081a5189bd9513bc32d3b10c7d720440 *Source\WinObjEx64\extras\extras.h
-ebdd308fc6cf9e6d500f5f7dba9cac66c2982c139ddf51312a9c86f762ca9d96 *Source\WinObjEx64\extras\extrasCallbacks.c
-c548666e8e5f04d59af7cb664806d9002ee25909512a5aac2bcddfcb5f37b9c7 *Source\WinObjEx64\extras\extrasCallbacks.h
-550115842e8c46a14faadfd460a47528c24fba03b5ac202d6394e826d1811d15 *Source\WinObjEx64\extras\extrasCallbacksPatterns.h
-d95058ca43a287f7581cf28867f67414be3500de6b7673e5fcea3ae8f7a36486 *Source\WinObjEx64\extras\extrasCmOpt.c
-91fadf67b77654bb67704b3366cd2b429df95386601c0c9da13159c8b0c46404 *Source\WinObjEx64\extras\extrasCmOpt.h
-54bc933218397831383c1a4be5bfabf128bafa02e9d11fae87a71c927d7ad5f4 *Source\WinObjEx64\extras\extrasDrivers.c
-774ad522462d3b9dfeead7335aa8f8d40664209461dad45623031a95934a9ca7 *Source\WinObjEx64\extras\extrasDrivers.h
-296f5d1d378ba24af75bd6efc719f5633d9a6397d16dd16e11434697cad9b4cf *Source\WinObjEx64\extras\extrasIPC.c
-8916175eeaffe13a95e0204a64e41b2e7f4af6db56dde29f8cb2cef575daf3cd *Source\WinObjEx64\extras\extrasIPC.h
-25369aa89019b3052b741ad8ac5716dcd3a1d37f901c6c707d077f141ee1470f *Source\WinObjEx64\extras\extrasPN.c
-5340aa12388ed410183de1f08a4eb1a1ce2c650ccb8708c9f5fb67d2b1ae30e9 *Source\WinObjEx64\extras\extrasPN.h
-75c12ac915aaac0cf0cda3873d8954e96d423992c007b7d2ab9983709d9cac61 *Source\WinObjEx64\extras\extrasPSList.c
-8d32e64de73d1c8ed3a543f470ffe9b96b19f53752a7b5ab27ea35d212f49df8 *Source\WinObjEx64\extras\extrasPSList.h
-7414a5871dd57d9ce4aa72f0aabb61136ffbba2b4bc94bba7012907f68f607e2 *Source\WinObjEx64\extras\extrasSL.c
-cdb71550e2455d3350938f6fa4b4669c54c95ba04c01280a5097363b2b1086cb *Source\WinObjEx64\extras\extrasSL.h
-19442038eb271b5eda35fe8c150f8ad4c430d271c1b469d801d535a9b50301cd *Source\WinObjEx64\extras\extrasSSDT.c
-498a159c5d6291ffb2df47d66971df863c6773dbdb367c59d871f802c9fd5f3e *Source\WinObjEx64\extras\extrasSSDT.h
-bf8ae4aab0d12be5a3495798f8da71f42d675c28f6cd1fdb09a2a1bfe22ff067 *Source\WinObjEx64\extras\extrasSSDTsup.h
-06fe140ccf32839fbd04775eff20aaa6d5a6c9a9b2cf6a6339fc8a3837a1bc8a *Source\WinObjEx64\extras\extrasUSD.c
-fc510043bc5cfdb5968224599b9ca96b989b0354fa3cb594e1c2711f910393f4 *Source\WinObjEx64\extras\extrasUSD.h
+fbd174ff5481dc5688cfe024761d882ea159699b09f61fda4f26fc466832421a *Source\WinObjEx64\drivers\winio.c
+720ede45bc6fbec045e22da51e14ec703d33cea2c6d3fa7fb8c46163c2faa031 *Source\WinObjEx64\drivers\winio.h
+228717e08983e8c020423035e7fccb79038b17b5143a161eef5bd87d06a1ead5 *Source\WinObjEx64\extras\extras.c
+a22fd439c6839ff2e323882131a1245d9a195f4b34d78721386607f597d36634 *Source\WinObjEx64\extras\extras.h
+7cefb0e353a2f8aed5da8849bb6c6dc8baa92c85d6043ef62b72f299f38cdc0e *Source\WinObjEx64\extras\extrasCallbacks.c
+b33ada355b61038982d48a33fcd96fc7caa482d2b8930cb72413f4136829c402 *Source\WinObjEx64\extras\extrasCallbacksPatterns.h
+5572a843753c6add0c5d6b489b81e789491b2c58fd8262671de0370604a5854b *Source\WinObjEx64\extras\extrasCmOpt.c
+19de4c95f796ddc21256803b7793acf5d87a3d5d0eaeb02fabd0d3aed98644d1 *Source\WinObjEx64\extras\extrasDrivers.c
+3a3c13c29c978ff4c093b9bba5eca9118601ebf5a90386371ddec6b5576ff419 *Source\WinObjEx64\extras\extrasHandlers.h
+313c4a71e7641fcc9205516e7f0352dd0dbf1ea5c7631ee5e0104668a08ab74b *Source\WinObjEx64\extras\extrasIPC.c
+0d9082b4fad1ec1fbf5def9be3b0f15ad3739383634afa933ae3b75dfa90873a *Source\WinObjEx64\extras\extrasPN.c
+4bf45285d57585e2e25c19b9bc69c1404d22c041273ccc5186dfa9dcf4e3255b *Source\WinObjEx64\extras\extrasPSList.c
+653600d126604ae921c120b98512a0273518b26dd1f2c639d29c8f2537832e23 *Source\WinObjEx64\extras\extrasSL.c
+efac1a3edcdf158ec964a826a40185a648244c7dd1f59ddbbb04940aade3d169 *Source\WinObjEx64\extras\extrasSSDT.c
+a16e474e86b4bf5dbf3f238ee29587352c45ec0499902f15f2ca706d4c9fc050 *Source\WinObjEx64\extras\extrasUSD.c
c7eb605f930f9622306e127b5674d9578e5349c2eadbeb785f26a70645e196a6 *Source\WinObjEx64\hde\hde64.c
e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e *Source\WinObjEx64\hde\hde64.h
f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30 *Source\WinObjEx64\hde\pstdint.h
b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2 *Source\WinObjEx64\hde\table64.h
-b47d6f3b731fcedb23848743eac8c4987ea292c855c2719341dab54134f68757 *Source\WinObjEx64\log\log.c
-9931c85224699cac3951c825814cffa3dd5b417585311d8c9e2c4009267316c3 *Source\WinObjEx64\log\log.h
-dffeb8f1e7b593d7d0ec2438ba76dc8e060f18b4928520ce6975cd940c77154b *Source\WinObjEx64\props\propAlpcPort.c
-f2729d1787dfc1f1d2fb9b710f0d585de0eb2207d499b95f8ee96205f89dc12e *Source\WinObjEx64\props\propAlpcPort.h
-6bf2d52cf4dc0027ca8d2de07fa9e7c9dcb7776da17b03f6b12c675a8099696d *Source\WinObjEx64\props\propBasic.c
-fffa7061059e8485047b4a6ad5c3ce8d1e7ba7d8d8dba891f4cc4d07b81f6fd5 *Source\WinObjEx64\props\propBasic.h
-bfaa9ee9af01cc7357d6745086ff516506913c1bda073a479d792fc287e8ee0c *Source\WinObjEx64\props\propBasicConsts.h
-88aec1e529aae3519ed3ee54f6e5d41d7c61f19d65eb317673b5b8b87b71bdde *Source\WinObjEx64\props\propDesktop.c
-0c6e9e35aed5ffbb3b007afceafc21a8574e6990cd3458833fc4a657d74db91c *Source\WinObjEx64\props\propDesktop.h
-6dfee019f7f5c53315078620a2430a483d637d3b46cc05755023a740bad90248 *Source\WinObjEx64\props\propDlg.c
-4e201923cf8bdb31093aa9cbf72e70371c350ce0a42abbbd59b3cbb6a90af3ff *Source\WinObjEx64\props\propDlg.h
-aa0480add4f8d50ee3d62bc4c36d9a9b4625279c28cd1fd7a42b6079d19828d5 *Source\WinObjEx64\props\propDriver.c
-f6b58057ca7b133ff5423ae934905bcd890808d3b048d2f1baa7f65bf644f8a1 *Source\WinObjEx64\props\propDriver.h
-007660428a192d78961d270b9651b85bba04dcf7d7c1d43fa502eded10e659b7 *Source\WinObjEx64\props\propObjectDump.c
-fba3aab53909e00cc23405b70665f9e2d7887d6de2413387a93e0e3226fc9dc6 *Source\WinObjEx64\props\propObjectDump.h
-763827529e6d5dcef6b73e6230f7cc0278197cc13aabcf1b678f0cdac303215f *Source\WinObjEx64\props\propObjectDumpConsts.h
-8a7fc99d65a0c31ac383ebdb9bcce859f05407820d4cf9712d544772ca558ce2 *Source\WinObjEx64\props\propProcess.c
-268532ddb21dde8b097d077247cf4005dda741a53576f57066413b5b8dadb590 *Source\WinObjEx64\props\propProcess.h
-9789a33dd3c3fa4024c6085b8ffb0c30c1e9e2bdd628a2ba539cb86997c71216 *Source\WinObjEx64\props\propSection.c
-40b6dc9adeb748e9fea4326efe55e9072e70a859cae06116e65670c11921459f *Source\WinObjEx64\props\propSection.h
-585baff056db86453119b5c6560106d8055ce766c9ee17213c7a13a5319bda41 *Source\WinObjEx64\props\propSecurity.c
-73d05e11e43f6515001d9389d619c6846884cdcd08257797e97042da353a742e *Source\WinObjEx64\props\propSecurity.h
-aea11624287f7fea27c0dd6a785a1c42f62aaf69a23d5cab3c80685c044de38b *Source\WinObjEx64\props\propSecurityConsts.h
-5cef123d244c5356e9814cb13c3b6fc55487ca38560e95476997a8acae7bcef2 *Source\WinObjEx64\props\propToken.c
-92fed8e1a334e87ae36ab75f8976ec167f05f8b3333da4a1e48dd946c109ee2a *Source\WinObjEx64\props\propToken.h
-c3e1a73558f86e75d8bf0cce90562db9c460b66a0cb3a02290d42c8829d4857b *Source\WinObjEx64\props\propType.c
-8ae27671295d405392f03a59e01f2227dcc754d668632f7baf202b596652b383 *Source\WinObjEx64\props\propType.h
-d1bd41eff5392ec858aaed280423db9b5254ffa8206efbcdb3a14dfff28c0d14 *Source\WinObjEx64\props\propTypeConsts.h
+da84f23f8d6c21842c6a2a65c934bce5cab97809e0ccdd1e9038d5fcdf83c267 *Source\WinObjEx64\log\log.c
+5a2ae6adbb686b1dfebf1570443d2655b0f26296f1e5ec3b0a76f9786a2058bb *Source\WinObjEx64\log\log.h
+d366e96b8ea05aaebc4b0de26424ec6462ee2e2f81162d51cca7ffa955dbede2 *Source\WinObjEx64\props\propAlpcPort.c
+20435b68b13b0a90cdfad8681efbc0fe94b747381ef8c4999d582eef4789b61c *Source\WinObjEx64\props\propBasic.c
+852be8261bb5abd4c328b96366cd3b74ca3991a0c1c530b229cbf15b4d61eb5a *Source\WinObjEx64\props\propBasicConsts.h
+cb9f4daec374362e334d7bc20c0662e77e79a8c3152125d054636ef1a6ae3402 *Source\WinObjEx64\props\propCommon.h
+c3e517ef7a11a350890fe77aaba8760444f3d28ab9c872780f374a71d8f87333 *Source\WinObjEx64\props\propDesktop.c
+921dbe5ceed4f5a3d185227ee401291067b477ee2f14615b3e6753627ee65167 *Source\WinObjEx64\props\propDlg.c
+11dbe7d95c1cdf63650c87b8d8fbc059fa812e9b2982041aa20eb3812cd460c7 *Source\WinObjEx64\props\propDlg.h
+24a93fbf8a3b305cce6cf0a44ff2e2eb73450dca784bd7648ea7ce3c553fa801 *Source\WinObjEx64\props\propDriver.c
+5189fbc7e0582818850ea839f9da5d66d6b0d582589e54b79d199eb9b17e6e33 *Source\WinObjEx64\props\propObjectDump.c
+c272693b113ab89cf47a299f253dac2c91db4d0870bb4e11e47d936b9145400b *Source\WinObjEx64\props\propObjectDumpConsts.h
+925149939d9b7bb94cbb0daf7683b7b13575c9d9e9499ebfec7751e8219864bf *Source\WinObjEx64\props\propProcess.c
+b8d3fc4cb86b5d9d7d3bc5cb94b3e58fa33002c3f1160d8e874b3878aa6e8e99 *Source\WinObjEx64\props\props.h
+c32f90e2a943c657b647ec5a2b029a68d4b820f8b745d74a2e281e71e3732d32 *Source\WinObjEx64\props\propSection.c
+467b7bdc640b8b2c5e784769aebe054257acea16f9b618568dd92bc16d7c9731 *Source\WinObjEx64\props\propSecurity.c
+af86f247784194f17d8407e8f448bc52807e87ff9d421baa76a5e548eabacb74 *Source\WinObjEx64\props\propSecurityConsts.h
+e2f0702faf4d8363bd7b201de213c7c0bec7534d0ecb911c553d4aaf30fefe72 *Source\WinObjEx64\props\propToken.c
+ca8672795caa0de1d7d83c0d56f73879ebcecff6d4dbebe6ca88742523c416e1 *Source\WinObjEx64\props\propType.c
+5dd7b39f26f31990eb41e1f7a90dedd6512d19a8298b336b3030945508773426 *Source\WinObjEx64\props\propTypeConsts.h
51f0d1a560dd77a7f3164ae2c8f9801d6a2902bd5cfd367db522199aca35b1ff *Source\WinObjEx64\rsrc\100.ico
eca976b7dd50ea206588610ccb938fbc437f7165c667e19239bf0d36d4af22f9 *Source\WinObjEx64\rsrc\101.ico
09ee2f9dfd3a4a4d8df268ed909588a94db0e97a1601ba8d4b7e6441a1626395 *Source\WinObjEx64\rsrc\102.ico
@@ -307,6 +282,11 @@ d4876437f5ea4c307b3894ff6a4ccd10922a366167104bb78b1103ebadd4f483 *Source\WinObjE
0a0782e65543df1fb04f4f747cf375f109d5c673b7d0641e4bb61025ffdb9044 *Source\WinObjEx64\rsrc\obex.manifest
9c908e205f42861f5ce840cf07886009fe7fad09352820508757ae8d8f6a34ae *Source\WinObjEx64\rsrc\pipe.ico
92dc90794153274f263de95bad0a7ffb9539c38755f5cd46d45ee1e988a6411e *Source\WinObjEx64\rsrc\security.ico
-a1583d56998b70aab21709326447cf222c5d20fbd43f5ada60546d393b66727a *Source\WinObjEx64\tests\testunit.c
-1e99c2c94c964ac7dc864ad9136e683e6159155d6ad60ca388c7c84b0a8e0e00 *Source\WinObjEx64\tests\testunit.h
+70fb3515eb2b31ebfaf9b9dbc165538ed8fb247dee19bb1cea89666c9c596379 *Source\WinObjEx64\sup\sup.c
+72c254116224c18131efedc19802cbfb99340f8c733a61ab19eba493ddd0ea87 *Source\WinObjEx64\sup\sup.h
+ccc88a804d4694e9ba3f97a5678d9595465e6f9afe0ec9b9613cf7c9808703a5 *Source\WinObjEx64\sup\sync.c
+11af5dbe0036bb3e36607e5446cf9ec07895e49fd5137b23933bbe3830293587 *Source\WinObjEx64\sup\wine.c
+0eaaa450c1e2b5c8448eb0bafd8cacc1c2d9edda30334223339a948ab1536b53 *Source\WinObjEx64\sup\wine.h
+24454db160e00d514ff9bdd0f515e249460d0b948423293241542fcb230c7d4a *Source\WinObjEx64\tests\testunit.c
+4df4ac3b1294d3a6564a329f3f3049f7b770c8d38bf3aadbfbf86ecf091434e7 *Source\WinObjEx64\tests\testunit.h
1232f65b57bc8732ead29a730308f6c67bc53a2f9fafd47f8c7cc4b4f676a9e9 *Source\WinObjEx64\utils\GenAsIo2Unlock.exe