Process Hacker
treeext.c
Go to the documentation of this file.
1 /*
2  * Process Hacker Extended Tools -
3  * process and network tree support
4  *
5  * Copyright (C) 2011 wj32
6  *
7  * This file is part of Process Hacker.
8  *
9  * Process Hacker is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation, either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * Process Hacker is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
21  */
22 
23 #include "exttools.h"
24 #define CINTERFACE
25 #define COBJMACROS
26 #include <netfw.h>
27 
28 LONG EtpProcessTreeNewSortFunction(
29  _In_ PVOID Node1,
30  _In_ PVOID Node2,
31  _In_ ULONG SubId,
32  _In_ PVOID Context
33  );
34 
35 LONG EtpNetworkTreeNewSortFunction(
36  _In_ PVOID Node1,
37  _In_ PVOID Node2,
38  _In_ ULONG SubId,
39  _In_ PVOID Context
40  );
41 
42 typedef struct _COLUMN_INFO
43 {
44  ULONG SubId;
45  PWSTR Text;
46  ULONG Width;
47  ULONG Alignment;
48  ULONG TextFlags;
49  BOOLEAN SortDescending;
50 } COLUMN_INFO, *PCOLUMN_INFO;
51 
52 static ULONG ProcessTreeListSortColumn;
53 static PH_SORT_ORDER ProcessTreeListSortOrder;
54 
55 static GUID IID_INetFwMgr_I = { 0xf7898af5, 0xcac4, 0x4632, { 0xa2, 0xec, 0xda, 0x06, 0xe5, 0x11, 0x1a, 0xf2 } };
56 static GUID CLSID_NetFwMgr_I = { 0x304ce942, 0x6e39, 0x40d8, { 0x94, 0x3a, 0xb9, 0x13, 0xc4, 0x0c, 0x9c, 0xd4 } };
57 
58 VOID EtpAddTreeNewColumn(
59  _In_ PPH_PLUGIN_TREENEW_INFORMATION TreeNewInfo,
60  _In_ ULONG SubId,
61  _In_ PWSTR Text,
62  _In_ ULONG Width,
63  _In_ ULONG Alignment,
64  _In_ ULONG TextFlags,
65  _In_ BOOLEAN SortDescending,
66  _In_ PPH_PLUGIN_TREENEW_SORT_FUNCTION SortFunction
67  )
68 {
69  PH_TREENEW_COLUMN column;
70 
71  memset(&column, 0, sizeof(PH_TREENEW_COLUMN));
72  column.SortDescending = SortDescending;
73  column.Text = Text;
74  column.Width = Width;
75  column.Alignment = Alignment;
76  column.TextFlags = TextFlags;
77 
78  PhPluginAddTreeNewColumn(
79  PluginInstance,
80  TreeNewInfo->CmData,
81  &column,
82  SubId,
83  NULL,
84  SortFunction
85  );
86 }
87 
88 VOID EtProcessTreeNewInitializing(
89  _In_ PVOID Parameter
90  )
91 {
92  static COLUMN_INFO columns[] =
93  {
94  { ETPRTNC_DISKREADS, L"Disk Reads", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
95  { ETPRTNC_DISKWRITES, L"Disk Writes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
96  { ETPRTNC_DISKREADBYTES, L"Disk Read Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
97  { ETPRTNC_DISKWRITEBYTES, L"Disk Write Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
98  { ETPRTNC_DISKTOTALBYTES, L"Disk Total Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
99  { ETPRTNC_DISKREADSDELTA, L"Disk Reads Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
100  { ETPRTNC_DISKWRITESDELTA, L"Disk Writes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
101  { ETPRTNC_DISKREADBYTESDELTA, L"Disk Read Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
102  { ETPRTNC_DISKWRITEBYTESDELTA, L"Disk Write Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
103  { ETPRTNC_DISKTOTALBYTESDELTA, L"Disk Total Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
104  { ETPRTNC_NETWORKRECEIVES, L"Network Receives", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
105  { ETPRTNC_NETWORKSENDS, L"Network Sends", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
106  { ETPRTNC_NETWORKRECEIVEBYTES, L"Network Receive Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
107  { ETPRTNC_NETWORKSENDBYTES, L"Network Send Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
108  { ETPRTNC_NETWORKTOTALBYTES, L"Network Total Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
109  { ETPRTNC_NETWORKRECEIVESDELTA, L"Network Receives Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
110  { ETPRTNC_NETWORKSENDSDELTA, L"Network Sends Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
111  { ETPRTNC_NETWORKRECEIVEBYTESDELTA, L"Network Receive Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
112  { ETPRTNC_NETWORKSENDBYTESDELTA, L"Network Send Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
113  { ETPRTNC_NETWORKTOTALBYTESDELTA, L"Network Total Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
114  { ETPRTNC_HARDFAULTS, L"Hard Faults", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
115  { ETPRTNC_HARDFAULTSDELTA, L"Hard Faults Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
116  { ETPRTNC_PEAKTHREADS, L"Peak Threads", 45, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
117  { ETPRTNC_GPU, L"GPU", 45, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
118  { ETPRTNC_GPUDEDICATEDBYTES, L"GPU Dedicated Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
119  { ETPRTNC_GPUSHAREDBYTES, L"GPU Shared Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
120  { ETPRTNC_DISKREADRATE, L"Disk Read Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
121  { ETPRTNC_DISKWRITERATE, L"Disk Write Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
122  { ETPRTNC_DISKTOTALRATE, L"Disk Total Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
123  { ETPRTNC_NETWORKRECEIVERATE, L"Network Receive Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
124  { ETPRTNC_NETWORKSENDRATE, L"Network Send Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
125  { ETPRTNC_NETWORKTOTALRATE, L"Network Total Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE }
126  };
127 
128  PPH_PLUGIN_TREENEW_INFORMATION treeNewInfo = Parameter;
129  ULONG i;
130 
131  for (i = 0; i < sizeof(columns) / sizeof(COLUMN_INFO); i++)
132  {
133  EtpAddTreeNewColumn(treeNewInfo, columns[i].SubId, columns[i].Text, columns[i].Width, columns[i].Alignment,
134  columns[i].TextFlags, columns[i].SortDescending, EtpProcessTreeNewSortFunction);
135  }
136 
137  PhPluginEnableTreeNewNotify(PluginInstance, treeNewInfo->CmData);
138 }
139 
140 static FLOAT EtpCalculateInclusiveGpuUsage(
141  _In_ PPH_PROCESS_NODE ProcessNode
142  )
143 {
144  FLOAT gpuUsage;
145  ULONG i;
146 
147  gpuUsage = EtGetProcessBlock(ProcessNode->ProcessItem)->GpuNodeUsage;
148 
149  for (i = 0; i < ProcessNode->Children->Count; i++)
150  {
151  gpuUsage += EtpCalculateInclusiveGpuUsage(ProcessNode->Children->Items[i]);
152  }
153 
154  return gpuUsage;
155 }
156 
157 VOID EtProcessTreeNewMessage(
158  _In_ PVOID Parameter
159  )
160 {
161  PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
162  PPH_PROCESS_NODE processNode;
163  PET_PROCESS_BLOCK block;
164 
165  if (message->Message == TreeNewGetCellText)
166  {
167  PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
168  PPH_STRING text;
169 
170  processNode = (PPH_PROCESS_NODE)getCellText->Node;
171  block = EtGetProcessBlock(processNode->ProcessItem);
172 
173  PhAcquireQueuedLockExclusive(&block->TextCacheLock);
174 
175  if (block->TextCacheValid[message->SubId])
176  {
177  if (block->TextCache[message->SubId])
178  getCellText->Text = block->TextCache[message->SubId]->sr;
179  }
180  else
181  {
182  text = NULL;
183 
184  switch (message->SubId)
185  {
186  case ETPRTNC_DISKREADS:
187  if (block->DiskReadCount != 0)
188  text = PhFormatUInt64(block->DiskReadCount, TRUE);
189  break;
190  case ETPRTNC_DISKWRITES:
191  if (block->DiskWriteCount != 0)
192  text = PhFormatUInt64(block->DiskWriteCount, TRUE);
193  break;
194  case ETPRTNC_DISKREADBYTES:
195  if (block->DiskReadRaw != 0)
196  text = PhFormatSize(block->DiskReadRaw, -1);
197  break;
198  case ETPRTNC_DISKWRITEBYTES:
199  if (block->DiskWriteRaw != 0)
200  text = PhFormatSize(block->DiskWriteRaw, -1);
201  break;
202  case ETPRTNC_DISKTOTALBYTES:
203  if (block->DiskReadRaw + block->DiskWriteRaw != 0)
204  text = PhFormatSize(block->DiskReadRaw + block->DiskWriteRaw, -1);
205  break;
206  case ETPRTNC_DISKREADSDELTA:
207  if (block->DiskReadDelta.Delta != 0)
208  text = PhFormatUInt64(block->DiskReadDelta.Delta, TRUE);
209  break;
210  case ETPRTNC_DISKWRITESDELTA:
211  if (block->DiskWriteDelta.Delta != 0)
212  text = PhFormatUInt64(block->DiskWriteDelta.Delta, TRUE);
213  break;
214  case ETPRTNC_DISKREADBYTESDELTA:
215  if (block->DiskReadRawDelta.Delta != 0)
216  text = PhFormatSize(block->DiskReadRawDelta.Delta, -1);
217  break;
218  case ETPRTNC_DISKWRITEBYTESDELTA:
219  if (block->DiskWriteRawDelta.Delta != 0)
220  text = PhFormatSize(block->DiskWriteRawDelta.Delta, -1);
221  break;
222  case ETPRTNC_DISKTOTALBYTESDELTA:
223  if (block->DiskReadRawDelta.Delta + block->DiskWriteRawDelta.Delta != 0)
224  text = PhFormatSize(block->DiskReadRawDelta.Delta + block->DiskWriteRawDelta.Delta, -1);
225  break;
226  case ETPRTNC_NETWORKRECEIVES:
227  if (block->NetworkReceiveCount != 0)
228  text = PhFormatUInt64(block->NetworkReceiveCount, TRUE);
229  break;
230  case ETPRTNC_NETWORKSENDS:
231  if (block->NetworkSendCount != 0)
232  text = PhFormatUInt64(block->NetworkSendCount, TRUE);
233  break;
234  case ETPRTNC_NETWORKRECEIVEBYTES:
235  if (block->NetworkReceiveRaw != 0)
236  text = PhFormatSize(block->NetworkReceiveRaw, -1);
237  break;
238  case ETPRTNC_NETWORKSENDBYTES:
239  if (block->NetworkSendRaw != 0)
240  text = PhFormatSize(block->NetworkSendRaw, -1);
241  break;
242  case ETPRTNC_NETWORKTOTALBYTES:
243  if (block->NetworkReceiveRaw + block->NetworkSendRaw != 0)
244  text = PhFormatSize(block->NetworkReceiveRaw + block->NetworkSendRaw, -1);
245  break;
246  case ETPRTNC_NETWORKRECEIVESDELTA:
247  if (block->NetworkReceiveDelta.Delta != 0)
248  text = PhFormatUInt64(block->NetworkReceiveDelta.Delta, TRUE);
249  break;
250  case ETPRTNC_NETWORKSENDSDELTA:
251  if (block->NetworkSendDelta.Delta != 0)
252  text = PhFormatUInt64(block->NetworkSendDelta.Delta, TRUE);
253  break;
254  case ETPRTNC_NETWORKRECEIVEBYTESDELTA:
255  if (block->NetworkReceiveRawDelta.Delta != 0)
256  text = PhFormatSize(block->NetworkReceiveRawDelta.Delta, -1);
257  break;
258  case ETPRTNC_NETWORKSENDBYTESDELTA:
259  if (block->NetworkSendRawDelta.Delta != 0)
260  text = PhFormatSize(block->NetworkSendRawDelta.Delta, -1);
261  break;
262  case ETPRTNC_NETWORKTOTALBYTESDELTA:
263  if (block->NetworkReceiveRawDelta.Delta + block->NetworkSendRawDelta.Delta != 0)
264  text = PhFormatSize(block->NetworkReceiveRawDelta.Delta + block->NetworkSendRawDelta.Delta, -1);
265  break;
266  case ETPRTNC_HARDFAULTS:
267  text = PhFormatUInt64(block->HardFaultsDelta.Value, TRUE);
268  break;
269  case ETPRTNC_HARDFAULTSDELTA:
270  if (block->HardFaultsDelta.Delta != 0)
271  text = PhFormatUInt64(block->HardFaultsDelta.Delta, TRUE);
272  break;
273  case ETPRTNC_PEAKTHREADS:
274  text = PhFormatUInt64(block->ProcessItem->PeakNumberOfThreads, TRUE);
275  break;
276  case ETPRTNC_GPU:
277  {
278  FLOAT gpuUsage;
279 
280  if (!PhGetIntegerSetting(L"PropagateCpuUsage") || processNode->Node.Expanded || ProcessTreeListSortOrder != NoSortOrder)
281  {
282  gpuUsage = block->GpuNodeUsage * 100;
283  }
284  else
285  {
286  gpuUsage = EtpCalculateInclusiveGpuUsage(processNode) * 100;
287  }
288 
289  if (gpuUsage >= 0.01)
290  {
291  PH_FORMAT format;
292 
293  PhInitFormatF(&format, gpuUsage, 2);
294  text = PhFormat(&format, 1, 0);
295  }
296  }
297  break;
298  case ETPRTNC_GPUDEDICATEDBYTES:
299  if (block->GpuDedicatedUsage != 0)
300  text = PhFormatSize(block->GpuDedicatedUsage, -1);
301  break;
302  case ETPRTNC_GPUSHAREDBYTES:
303  if (block->GpuSharedUsage != 0)
304  text = PhFormatSize(block->GpuSharedUsage, -1);
305  break;
306  case ETPRTNC_DISKREADRATE:
307  if (block->DiskReadRawDelta.Delta != 0)
308  EtFormatRate(block->DiskReadRawDelta.Delta, &text, NULL);
309  break;
310  case ETPRTNC_DISKWRITERATE:
311  if (block->DiskWriteRawDelta.Delta != 0)
312  EtFormatRate(block->DiskWriteRawDelta.Delta, &text, NULL);
313  break;
314  case ETPRTNC_DISKTOTALRATE:
315  if (block->DiskReadRawDelta.Delta + block->DiskWriteRawDelta.Delta != 0)
316  EtFormatRate(block->DiskReadRawDelta.Delta + block->DiskWriteRawDelta.Delta, &text, NULL);
317  break;
318  case ETPRTNC_NETWORKRECEIVERATE:
319  if (block->NetworkReceiveRawDelta.Delta != 0)
320  EtFormatRate(block->NetworkReceiveRawDelta.Delta, &text, NULL);
321  break;
322  case ETPRTNC_NETWORKSENDRATE:
323  if (block->NetworkSendRawDelta.Delta != 0)
324  EtFormatRate(block->NetworkSendRawDelta.Delta, &text, NULL);
325  break;
326  case ETPRTNC_NETWORKTOTALRATE:
327  if (block->NetworkReceiveRawDelta.Delta + block->NetworkSendRawDelta.Delta != 0)
328  EtFormatRate(block->NetworkReceiveRawDelta.Delta + block->NetworkSendRawDelta.Delta, &text, NULL);
329  break;
330  }
331 
332  if (text)
333  {
334  getCellText->Text = text->sr;
335  }
336 
337  PhMoveReference(&block->TextCache[message->SubId], text);
338  block->TextCacheValid[message->SubId] = TRUE;
339  }
340 
341  PhReleaseQueuedLockExclusive(&block->TextCacheLock);
342  }
343  else if (message->Message == TreeNewSortChanged)
344  {
345  TreeNew_GetSort(message->TreeNewHandle, &ProcessTreeListSortColumn, &ProcessTreeListSortOrder);
346  }
347  else if (message->Message == TreeNewNodeExpanding)
348  {
349  processNode = message->Parameter1;
350  block = EtGetProcessBlock(processNode->ProcessItem);
351 
352  if (PhGetIntegerSetting(L"PropagateCpuUsage"))
353  block->TextCacheValid[ETPRTNC_GPU] = FALSE;
354  }
355 }
356 
357 LONG EtpProcessTreeNewSortFunction(
358  _In_ PVOID Node1,
359  _In_ PVOID Node2,
360  _In_ ULONG SubId,
361  _In_ PVOID Context
362  )
363 {
364  LONG result;
365  PPH_PROCESS_NODE node1 = Node1;
366  PPH_PROCESS_NODE node2 = Node2;
367  PET_PROCESS_BLOCK block1;
368  PET_PROCESS_BLOCK block2;
369 
370  block1 = EtGetProcessBlock(node1->ProcessItem);
371  block2 = EtGetProcessBlock(node2->ProcessItem);
372 
373  result = 0;
374 
375  switch (SubId)
376  {
377  case ETPRTNC_DISKREADS:
378  result = uint64cmp(block1->DiskReadCount, block2->DiskReadCount);
379  break;
380  case ETPRTNC_DISKWRITES:
381  result = uint64cmp(block1->DiskWriteCount, block2->DiskWriteCount);
382  break;
383  case ETPRTNC_DISKREADBYTES:
384  result = uint64cmp(block1->DiskReadRaw, block2->DiskReadRaw);
385  break;
386  case ETPRTNC_DISKWRITEBYTES:
387  result = uint64cmp(block1->DiskWriteRaw, block2->DiskWriteRaw);
388  break;
389  case ETPRTNC_DISKTOTALBYTES:
390  result = uint64cmp(block1->DiskReadRaw + block1->DiskWriteRaw, block2->DiskReadRaw + block2->DiskWriteRaw);
391  break;
392  case ETPRTNC_DISKREADSDELTA:
393  result = uint64cmp(block1->DiskReadDelta.Delta, block2->DiskReadDelta.Delta);
394  break;
395  case ETPRTNC_DISKWRITESDELTA:
396  result = uint64cmp(block1->DiskWriteDelta.Delta, block2->DiskWriteDelta.Delta);
397  break;
398  case ETPRTNC_DISKREADBYTESDELTA:
399  result = uint64cmp(block1->DiskReadRawDelta.Delta, block2->DiskReadRawDelta.Delta);
400  break;
401  case ETPRTNC_DISKWRITEBYTESDELTA:
402  result = uint64cmp(block1->DiskWriteRawDelta.Delta, block2->DiskWriteRawDelta.Delta);
403  break;
404  case ETPRTNC_DISKTOTALBYTESDELTA:
405  result = uint64cmp(block1->DiskReadRawDelta.Delta + block1->DiskWriteRawDelta.Delta, block2->DiskReadRawDelta.Delta + block2->DiskWriteRawDelta.Delta);
406  break;
407  case ETPRTNC_NETWORKRECEIVES:
408  result = uint64cmp(block1->NetworkReceiveCount, block2->NetworkReceiveCount);
409  break;
410  case ETPRTNC_NETWORKSENDS:
411  result = uint64cmp(block1->NetworkSendCount, block2->NetworkSendCount);
412  break;
413  case ETPRTNC_NETWORKRECEIVEBYTES:
414  result = uint64cmp(block1->NetworkReceiveRaw, block2->NetworkReceiveRaw);
415  break;
416  case ETPRTNC_NETWORKSENDBYTES:
417  result = uint64cmp(block1->NetworkSendRaw, block2->NetworkSendRaw);
418  break;
419  case ETPRTNC_NETWORKTOTALBYTES:
420  result = uint64cmp(block1->NetworkReceiveRaw + block1->NetworkSendRaw, block2->NetworkReceiveRaw + block2->NetworkSendRaw);
421  break;
422  case ETPRTNC_NETWORKRECEIVESDELTA:
423  result = uint64cmp(block1->NetworkReceiveDelta.Delta, block2->NetworkReceiveDelta.Delta);
424  break;
425  case ETPRTNC_NETWORKSENDSDELTA:
426  result = uint64cmp(block1->NetworkSendDelta.Delta, block2->NetworkSendDelta.Delta);
427  break;
428  case ETPRTNC_NETWORKRECEIVEBYTESDELTA:
429  result = uint64cmp(block1->NetworkReceiveRawDelta.Delta, block2->NetworkReceiveRawDelta.Delta);
430  break;
431  case ETPRTNC_NETWORKSENDBYTESDELTA:
432  result = uint64cmp(block1->NetworkSendRawDelta.Delta, block2->NetworkSendRawDelta.Delta);
433  break;
434  case ETPRTNC_NETWORKTOTALBYTESDELTA:
435  result = uint64cmp(block1->NetworkReceiveRawDelta.Delta + block1->NetworkSendRawDelta.Delta, block2->NetworkReceiveRawDelta.Delta + block2->NetworkSendRawDelta.Delta);
436  break;
437  case ETPRTNC_HARDFAULTS:
438  result = uintcmp(block1->HardFaultsDelta.Value, block2->HardFaultsDelta.Value);
439  break;
440  case ETPRTNC_HARDFAULTSDELTA:
441  result = uintcmp(block1->HardFaultsDelta.Delta, block2->HardFaultsDelta.Delta);
442  break;
443  case ETPRTNC_PEAKTHREADS:
444  result = uintcmp(block1->ProcessItem->PeakNumberOfThreads, block2->ProcessItem->PeakNumberOfThreads);
445  break;
446  case ETPRTNC_GPU:
447  result = singlecmp(block1->GpuNodeUsage, block2->GpuNodeUsage);
448  break;
449  case ETPRTNC_GPUDEDICATEDBYTES:
450  result = uint64cmp(block1->GpuDedicatedUsage, block2->GpuDedicatedUsage);
451  break;
452  case ETPRTNC_GPUSHAREDBYTES:
453  result = uint64cmp(block1->GpuSharedUsage, block2->GpuSharedUsage);
454  break;
455  case ETPRTNC_DISKREADRATE:
456  result = uint64cmp(block1->DiskReadRawDelta.Delta, block2->DiskReadRawDelta.Delta);
457  break;
458  case ETPRTNC_DISKWRITERATE:
459  result = uint64cmp(block1->DiskWriteRawDelta.Delta, block2->DiskWriteRawDelta.Delta);
460  break;
461  case ETPRTNC_DISKTOTALRATE:
462  result = uint64cmp(block1->DiskReadRawDelta.Delta + block1->DiskWriteRawDelta.Delta, block2->DiskReadRawDelta.Delta + block2->DiskWriteRawDelta.Delta);
463  break;
464  case ETPRTNC_NETWORKRECEIVERATE:
465  result = uint64cmp(block1->NetworkReceiveRawDelta.Delta, block2->NetworkReceiveRawDelta.Delta);
466  break;
467  case ETPRTNC_NETWORKSENDRATE:
468  result = uint64cmp(block1->NetworkSendRawDelta.Delta, block2->NetworkSendRawDelta.Delta);
469  break;
470  case ETPRTNC_NETWORKTOTALRATE:
471  result = uint64cmp(block1->NetworkReceiveRawDelta.Delta + block1->NetworkSendRawDelta.Delta, block2->NetworkReceiveRawDelta.Delta + block2->NetworkSendRawDelta.Delta);
472  break;
473  }
474 
475  return result;
476 }
477 
478 VOID EtNetworkTreeNewInitializing(
479  _In_ PVOID Parameter
480  )
481 {
482  static COLUMN_INFO columns[] =
483  {
484  { ETNETNC_RECEIVES, L"Receives", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
485  { ETNETNC_SENDS, L"Sends", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
486  { ETNETNC_RECEIVEBYTES, L"Receive Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
487  { ETNETNC_SENDBYTES, L"Send Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
488  { ETNETNC_TOTALBYTES, L"Total Bytes", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
489  { ETNETNC_RECEIVESDELTA, L"Receives Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
490  { ETNETNC_SENDSDELTA, L"Sends Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
491  { ETNETNC_RECEIVEBYTESDELTA, L"Receive Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
492  { ETNETNC_SENDBYTESDELTA, L"Send Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
493  { ETNETNC_TOTALBYTESDELTA, L"Total Bytes Delta", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
494  { ETNETNC_FIREWALLSTATUS, L"Firewall Status", 170, PH_ALIGN_LEFT, 0, FALSE },
495  { ETNETNC_RECEIVERATE, L"Receive Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
496  { ETNETNC_SENDRATE, L"Send Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE },
497  { ETNETNC_TOTALRATE, L"Total Rate", 70, PH_ALIGN_RIGHT, DT_RIGHT, TRUE }
498  };
499 
500  PPH_PLUGIN_TREENEW_INFORMATION treeNewInfo = Parameter;
501  ULONG i;
502 
503  for (i = 0; i < sizeof(columns) / sizeof(COLUMN_INFO); i++)
504  {
505  EtpAddTreeNewColumn(treeNewInfo, columns[i].SubId, columns[i].Text, columns[i].Width, columns[i].Alignment,
506  columns[i].TextFlags, columns[i].SortDescending, EtpNetworkTreeNewSortFunction);
507  }
508 }
509 
510 VOID EtpUpdateFirewallStatus(
511  _Inout_ PET_NETWORK_BLOCK Block
512  )
513 {
514  if (!Block->FirewallStatusValid)
515  {
516  Block->FirewallStatus = EtQueryFirewallStatus(Block->NetworkItem);
517  Block->FirewallStatusValid = TRUE;
518  }
519 }
520 
521 VOID EtNetworkTreeNewMessage(
522  _In_ PVOID Parameter
523  )
524 {
525  PPH_PLUGIN_TREENEW_MESSAGE message = Parameter;
526 
527  if (message->Message == TreeNewGetCellText)
528  {
529  PPH_TREENEW_GET_CELL_TEXT getCellText = message->Parameter1;
530  PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)getCellText->Node;
531  PET_NETWORK_BLOCK block;
532  PPH_STRING text;
533 
534  block = EtGetNetworkBlock(networkNode->NetworkItem);
535 
536  PhAcquireQueuedLockExclusive(&block->TextCacheLock);
537 
538  if (block->TextCacheValid[message->SubId])
539  {
540  if (block->TextCache[message->SubId])
541  getCellText->Text = block->TextCache[message->SubId]->sr;
542  }
543  else
544  {
545  text = NULL;
546 
547  switch (message->SubId)
548  {
549  case ETNETNC_RECEIVES:
550  if (block->ReceiveCount != 0)
551  text = PhFormatUInt64(block->ReceiveCount, TRUE);
552  break;
553  case ETNETNC_SENDS:
554  if (block->SendCount != 0)
555  text = PhFormatUInt64(block->SendCount, TRUE);
556  break;
557  case ETNETNC_RECEIVEBYTES:
558  if (block->ReceiveRaw != 0)
559  text = PhFormatSize(block->ReceiveRaw, -1);
560  break;
561  case ETNETNC_SENDBYTES:
562  if (block->SendRaw != 0)
563  text = PhFormatSize(block->SendRaw, -1);
564  break;
565  case ETNETNC_TOTALBYTES:
566  if (block->ReceiveRaw + block->SendRaw != 0)
567  text = PhFormatSize(block->ReceiveRaw + block->SendRaw, -1);
568  break;
569  case ETNETNC_RECEIVESDELTA:
570  if (block->ReceiveDelta.Delta != 0)
571  text = PhFormatUInt64(block->ReceiveDelta.Delta, TRUE);
572  break;
573  case ETNETNC_SENDSDELTA:
574  if (block->SendDelta.Delta != 0)
575  text = PhFormatUInt64(block->SendDelta.Delta, TRUE);
576  break;
577  case ETNETNC_RECEIVEBYTESDELTA:
578  if (block->ReceiveRawDelta.Delta != 0)
579  text = PhFormatSize(block->ReceiveRawDelta.Delta, -1);
580  break;
581  case ETNETNC_SENDBYTESDELTA:
582  if (block->SendRawDelta.Delta != 0)
583  text = PhFormatSize(block->SendRawDelta.Delta, -1);
584  break;
585  case ETNETNC_TOTALBYTESDELTA:
586  if (block->ReceiveRawDelta.Delta + block->SendRawDelta.Delta != 0)
587  text = PhFormatSize(block->ReceiveRawDelta.Delta + block->SendRawDelta.Delta, -1);
588  break;
589  case ETNETNC_FIREWALLSTATUS:
590  {
591  static PPH_STRING strings[FirewallMaximumStatus];
592  static PH_INITONCE initOnce = PH_INITONCE_INIT;
593 
594  if (PhBeginInitOnce(&initOnce))
595  {
596  strings[FirewallUnknownStatus] = NULL;
597  strings[FirewallAllowedNotRestricted] = PhCreateString(L"Allowed, not restricted");
598  strings[FirewallAllowedRestricted] = PhCreateString(L"Allowed, restricted");
599  strings[FirewallNotAllowedNotRestricted] = PhCreateString(L"Not allowed, not restricted");
600  strings[FirewallNotAllowedRestricted] = PhCreateString(L"Not allowed, restricted");
601  PhEndInitOnce(&initOnce);
602  }
603 
604  EtpUpdateFirewallStatus(block);
605 
606  if (block->FirewallStatus < FirewallMaximumStatus)
607  PhSetReference(&text, strings[block->FirewallStatus]);
608  }
609  break;
610  case ETNETNC_RECEIVERATE:
611  if (block->ReceiveRawDelta.Delta != 0)
612  EtFormatRate(block->ReceiveRawDelta.Delta, &text, NULL);
613  break;
614  case ETNETNC_SENDRATE:
615  if (block->SendRawDelta.Delta != 0)
616  EtFormatRate(block->SendRawDelta.Delta, &text, NULL);
617  break;
618  case ETNETNC_TOTALRATE:
619  if (block->ReceiveRawDelta.Delta + block->SendRawDelta.Delta != 0)
620  EtFormatRate(block->ReceiveRawDelta.Delta + block->SendRawDelta.Delta, &text, NULL);
621  break;
622  }
623 
624  if (text)
625  {
626  getCellText->Text = text->sr;
627  }
628 
629  PhMoveReference(&block->TextCache[message->SubId], text);
630  block->TextCacheValid[message->SubId] = TRUE;
631  }
632 
633  PhReleaseQueuedLockExclusive(&block->TextCacheLock);
634  }
635 }
636 
637 LONG EtpNetworkTreeNewSortFunction(
638  _In_ PVOID Node1,
639  _In_ PVOID Node2,
640  _In_ ULONG SubId,
641  _In_ PVOID Context
642  )
643 {
644  LONG result;
645  PPH_NETWORK_NODE node1 = Node1;
646  PPH_NETWORK_NODE node2 = Node2;
647  PET_NETWORK_BLOCK block1;
648  PET_NETWORK_BLOCK block2;
649 
650  block1 = EtGetNetworkBlock(node1->NetworkItem);
651  block2 = EtGetNetworkBlock(node2->NetworkItem);
652 
653  result = 0;
654 
655  switch (SubId)
656  {
657  case ETNETNC_RECEIVES:
658  result = uint64cmp(block1->ReceiveCount, block2->ReceiveCount);
659  break;
660  case ETNETNC_SENDS:
661  result = uint64cmp(block1->SendCount, block2->SendCount);
662  break;
663  case ETNETNC_RECEIVEBYTES:
664  result = uint64cmp(block1->ReceiveRaw, block2->ReceiveRaw);
665  break;
666  case ETNETNC_SENDBYTES:
667  result = uint64cmp(block1->SendRaw, block2->SendRaw);
668  break;
669  case ETNETNC_TOTALBYTES:
670  result = uint64cmp(block1->ReceiveRaw + block1->SendRaw, block2->ReceiveRaw + block2->SendRaw);
671  break;
672  case ETNETNC_RECEIVESDELTA:
673  result = uint64cmp(block1->ReceiveDelta.Delta, block2->ReceiveDelta.Delta);
674  break;
675  case ETNETNC_SENDSDELTA:
676  result = uint64cmp(block1->SendDelta.Delta, block2->SendDelta.Delta);
677  break;
678  case ETNETNC_RECEIVEBYTESDELTA:
679  result = uint64cmp(block1->ReceiveRawDelta.Delta, block2->ReceiveRawDelta.Delta);
680  break;
681  case ETNETNC_SENDBYTESDELTA:
682  result = uint64cmp(block1->SendRawDelta.Delta, block2->SendRawDelta.Delta);
683  break;
684  case ETNETNC_TOTALBYTESDELTA:
685  result = uint64cmp(block1->ReceiveRawDelta.Delta + block1->SendRawDelta.Delta, block2->ReceiveRawDelta.Delta + block2->SendRawDelta.Delta);
686  break;
687  case ETNETNC_FIREWALLSTATUS:
688  EtpUpdateFirewallStatus(block1);
689  EtpUpdateFirewallStatus(block2);
690  result = intcmp(block1->FirewallStatus, block2->FirewallStatus);
691  break;
692  case ETNETNC_RECEIVERATE:
693  result = uint64cmp(block1->ReceiveRawDelta.Delta, block2->ReceiveRawDelta.Delta);
694  break;
695  case ETNETNC_SENDRATE:
696  result = uint64cmp(block1->SendRawDelta.Delta, block2->SendRawDelta.Delta);
697  break;
698  case ETNETNC_TOTALRATE:
699  result = uint64cmp(block1->ReceiveRawDelta.Delta + block1->SendRawDelta.Delta, block2->ReceiveRawDelta.Delta + block2->SendRawDelta.Delta);
700  break;
701  }
702 
703  return result;
704 }
705 
706 ET_FIREWALL_STATUS EtQueryFirewallStatus(
707  _In_ PPH_NETWORK_ITEM NetworkItem
708  )
709 {
710  static INetFwMgr* manager = NULL;
711  ET_FIREWALL_STATUS result;
712  PPH_PROCESS_ITEM processItem;
713  BSTR imageFileNameBStr;
714  BSTR localAddressBStr;
715  VARIANT allowed;
716  VARIANT restricted;
717 
718  if (!manager)
719  {
720  if (!SUCCEEDED(CoCreateInstance(&CLSID_NetFwMgr_I, NULL, CLSCTX_INPROC_SERVER, &IID_INetFwMgr_I, &manager)))
721  return FirewallUnknownStatus;
722 
723  if (!manager)
724  return FirewallUnknownStatus;
725  }
726 
727  processItem = PhReferenceProcessItem(NetworkItem->ProcessId);
728 
729  if (!processItem)
730  return FirewallUnknownStatus;
731 
732  if (!processItem->FileName)
733  {
734  PhDereferenceObject(processItem);
735  return FirewallUnknownStatus;
736  }
737 
738  result = FirewallUnknownStatus;
739 
740  if (imageFileNameBStr = SysAllocStringLen(processItem->FileName->Buffer, (ULONG)processItem->FileName->Length / sizeof(WCHAR)))
741  {
742  localAddressBStr = NULL;
743 
744  if (!PhIsNullIpAddress(&NetworkItem->LocalEndpoint.Address))
745  localAddressBStr = SysAllocString(NetworkItem->LocalAddressString);
746 
747  if (SUCCEEDED(INetFwMgr_IsPortAllowed(
748  manager,
749  imageFileNameBStr,
750  (NetworkItem->ProtocolType & PH_IPV6_NETWORK_TYPE) ? NET_FW_IP_VERSION_V6 : NET_FW_IP_VERSION_V4,
751  NetworkItem->LocalEndpoint.Port,
752  localAddressBStr,
753  (NetworkItem->ProtocolType & PH_UDP_PROTOCOL_TYPE) ? NET_FW_IP_PROTOCOL_UDP : NET_FW_IP_PROTOCOL_TCP,
754  &allowed,
755  &restricted
756  )))
757  {
758  if (allowed.boolVal)
759  {
760  if (restricted.boolVal)
761  result = FirewallAllowedRestricted;
762  else
763  result = FirewallAllowedNotRestricted;
764  }
765  else
766  {
767  if (restricted.boolVal)
768  result = FirewallNotAllowedRestricted;
769  else
770  result = FirewallNotAllowedNotRestricted;
771  }
772  }
773 
774  if (localAddressBStr)
775  SysFreeString(localAddressBStr);
776 
777  SysFreeString(imageFileNameBStr);
778  }
779 
780  PhDereferenceObject(processItem);
781 
782  return result;
783 }