Process Hacker
filter.c
Go to the documentation of this file.
1 /*
2  * Process Hacker ToolStatus -
3  * search filter callbacks
4  *
5  * Copyright (C) 2011-2015 dmex
6  * Copyright (C) 2010-2013 wj32
7  *
8  * This file is part of Process Hacker.
9  *
10  * Process Hacker is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation, either version 3 of the License, or
13  * (at your option) any later version.
14  *
15  * Process Hacker is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
22  */
23 
24 #include "toolstatus.h"
25 #include <verify.h>
26 
27 BOOLEAN WordMatchStringRef(
28  _In_ PPH_STRINGREF Text
29  )
30 {
31  PH_STRINGREF part;
32  PH_STRINGREF remainingPart;
33 
34  remainingPart = SearchboxText->sr;
35 
36  while (remainingPart.Length != 0)
37  {
38  PhSplitStringRefAtChar(&remainingPart, '|', &part, &remainingPart);
39 
40  if (part.Length != 0)
41  {
42  if (PhFindStringInStringRef(Text, &part, TRUE) != -1)
43  return TRUE;
44  }
45  }
46 
47  return FALSE;
48 }
49 
50 static BOOLEAN WordMatchStringZ(
51  _In_ PWSTR Text
52  )
53 {
54  PH_STRINGREF text;
55 
56  PhInitializeStringRef(&text, Text);
57  return WordMatchStringRef(&text);
58 }
59 
60 BOOLEAN ProcessTreeFilterCallback(
61  _In_ PPH_TREENEW_NODE Node,
62  _In_opt_ PVOID Context
63  )
64 {
65  PPH_PROCESS_NODE processNode = (PPH_PROCESS_NODE)Node;
66 
67  if (PhIsNullOrEmptyString(SearchboxText))
68  return TRUE;
69 
70  if (!PhIsNullOrEmptyString(processNode->ProcessItem->ProcessName))
71  {
72  if (WordMatchStringRef(&processNode->ProcessItem->ProcessName->sr))
73  return TRUE;
74  }
75 
76  if (!PhIsNullOrEmptyString(processNode->ProcessItem->FileName))
77  {
78  if (WordMatchStringRef(&processNode->ProcessItem->FileName->sr))
79  return TRUE;
80  }
81 
82  if (!PhIsNullOrEmptyString(processNode->ProcessItem->CommandLine))
83  {
84  if (WordMatchStringRef(&processNode->ProcessItem->CommandLine->sr))
85  return TRUE;
86  }
87 
88  if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.CompanyName))
89  {
90  if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.CompanyName->sr))
91  return TRUE;
92  }
93 
94  if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.FileDescription))
95  {
96  if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.FileDescription->sr))
97  return TRUE;
98  }
99 
100  if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.FileVersion))
101  {
102  if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.FileVersion->sr))
103  return TRUE;
104  }
105 
106  if (!PhIsNullOrEmptyString(processNode->ProcessItem->VersionInfo.ProductName))
107  {
108  if (WordMatchStringRef(&processNode->ProcessItem->VersionInfo.ProductName->sr))
109  return TRUE;
110  }
111 
112  if (!PhIsNullOrEmptyString(processNode->ProcessItem->UserName))
113  {
114  if (WordMatchStringRef(&processNode->ProcessItem->UserName->sr))
115  return TRUE;
116  }
117 
118  if (processNode->ProcessItem->IntegrityString)
119  {
120  if (WordMatchStringZ(processNode->ProcessItem->IntegrityString))
121  return TRUE;
122  }
123 
124  if (!PhIsNullOrEmptyString(processNode->ProcessItem->JobName))
125  {
126  if (WordMatchStringRef(&processNode->ProcessItem->JobName->sr))
127  return TRUE;
128  }
129 
130  if (!PhIsNullOrEmptyString(processNode->ProcessItem->VerifySignerName))
131  {
132  if (WordMatchStringRef(&processNode->ProcessItem->VerifySignerName->sr))
133  return TRUE;
134  }
135 
136  if (processNode->ProcessItem->ProcessIdString[0] != 0)
137  {
138  if (WordMatchStringZ(processNode->ProcessItem->ProcessIdString))
139  return TRUE;
140  }
141 
142  if (processNode->ProcessItem->ParentProcessIdString[0] != 0)
143  {
144  if (WordMatchStringZ(processNode->ProcessItem->ParentProcessIdString))
145  return TRUE;
146  }
147 
148  if (processNode->ProcessItem->SessionIdString[0] != 0)
149  {
150  if (WordMatchStringZ(processNode->ProcessItem->SessionIdString))
151  return TRUE;
152  }
153 
154  if (!PhIsNullOrEmptyString(processNode->ProcessItem->PackageFullName))
155  {
156  if (WordMatchStringRef(&processNode->ProcessItem->PackageFullName->sr))
157  return TRUE;
158  }
159 
160  if (WordMatchStringZ(PhGetProcessPriorityClassString(processNode->ProcessItem->PriorityClass)))
161  {
162  return TRUE;
163  }
164 
165  if (processNode->ProcessItem->VerifyResult != VrUnknown)
166  {
167  switch (processNode->ProcessItem->VerifyResult)
168  {
169  case VrNoSignature:
170  if (WordMatchStringZ(L"NoSignature"))
171  return TRUE;
172  break;
173  case VrTrusted:
174  if (WordMatchStringZ(L"Trusted"))
175  return TRUE;
176  break;
177  case VrExpired:
178  if (WordMatchStringZ(L"Expired"))
179  return TRUE;
180  break;
181  case VrRevoked:
182  if (WordMatchStringZ(L"Revoked"))
183  return TRUE;
184  break;
185  case VrDistrust:
186  if (WordMatchStringZ(L"Distrust"))
187  return TRUE;
188  break;
189  case VrSecuritySettings:
190  if (WordMatchStringZ(L"SecuritySettings"))
191  return TRUE;
192  break;
193  case VrBadSignature:
194  if (WordMatchStringZ(L"BadSignature"))
195  return TRUE;
196  break;
197  default:
198  if (WordMatchStringZ(L"Unknown"))
199  return TRUE;
200  break;
201  }
202  }
203 
204  if (WINDOWS_HAS_UAC && processNode->ProcessItem->ElevationType != TokenElevationTypeDefault)
205  {
206  switch (processNode->ProcessItem->ElevationType)
207  {
208  case TokenElevationTypeLimited:
209  if (WordMatchStringZ(L"Limited"))
210  return TRUE;
211  break;
212  case TokenElevationTypeFull:
213  if (WordMatchStringZ(L"Full"))
214  return TRUE;
215  break;
216  default:
217  if (WordMatchStringZ(L"Unknown"))
218  return TRUE;
219  break;
220  }
221  }
222 
223  if (WordMatchStringZ(L"UpdateIsDotNet") && processNode->ProcessItem->UpdateIsDotNet)
224  {
225  return TRUE;
226  }
227 
228  if (WordMatchStringZ(L"IsBeingDebugged") && processNode->ProcessItem->IsBeingDebugged)
229  {
230  return TRUE;
231  }
232 
233  if (WordMatchStringZ(L"IsDotNet") && processNode->ProcessItem->IsDotNet)
234  {
235  return TRUE;
236  }
237 
238  if (WordMatchStringZ(L"IsElevated") && processNode->ProcessItem->IsElevated)
239  {
240  return TRUE;
241  }
242 
243  if (WordMatchStringZ(L"IsInJob") && processNode->ProcessItem->IsInJob)
244  {
245  return TRUE;
246  }
247 
248  if (WordMatchStringZ(L"IsInSignificantJob") && processNode->ProcessItem->IsInSignificantJob)
249  {
250  return TRUE;
251  }
252 
253  if (WordMatchStringZ(L"IsPacked") && processNode->ProcessItem->IsPacked)
254  {
255  return TRUE;
256  }
257 
258  if (WordMatchStringZ(L"IsPosix") && processNode->ProcessItem->IsPosix)
259  {
260  return TRUE;
261  }
262 
263  if (WordMatchStringZ(L"IsSuspended") && processNode->ProcessItem->IsSuspended)
264  {
265  return TRUE;
266  }
267 
268  if (WordMatchStringZ(L"IsWow64") && processNode->ProcessItem->IsWow64)
269  {
270  return TRUE;
271  }
272 
273  if (WordMatchStringZ(L"IsImmersive") && processNode->ProcessItem->IsImmersive)
274  {
275  return TRUE;
276  }
277 
278  if (processNode->ProcessItem->ServiceList && processNode->ProcessItem->ServiceList->Count != 0)
279  {
280  ULONG enumerationKey = 0;
281  PPH_SERVICE_ITEM serviceItem;
282  PPH_LIST serviceList;
283  ULONG i;
284  BOOLEAN matched = FALSE;
285 
286  // Copy the service list so we can search it.
287  serviceList = PhCreateList(processNode->ProcessItem->ServiceList->Count);
288 
289  PhAcquireQueuedLockShared(&processNode->ProcessItem->ServiceListLock);
290 
291  while (PhEnumPointerList(
292  processNode->ProcessItem->ServiceList,
293  &enumerationKey,
294  &serviceItem
295  ))
296  {
297  PhReferenceObject(serviceItem);
298  PhAddItemList(serviceList, serviceItem);
299  }
300 
301  PhReleaseQueuedLockShared(&processNode->ProcessItem->ServiceListLock);
302 
303  for (i = 0; i < serviceList->Count; i++)
304  {
305  serviceItem = serviceList->Items[i];
306 
307  if (!PhIsNullOrEmptyString(serviceItem->Name))
308  {
309  if (WordMatchStringRef(&serviceItem->Name->sr))
310  {
311  matched = TRUE;
312  break;
313  }
314  }
315 
316  if (!PhIsNullOrEmptyString(serviceItem->DisplayName))
317  {
318  if (WordMatchStringRef(&serviceItem->DisplayName->sr))
319  {
320  matched = TRUE;
321  break;
322  }
323  }
324 
325  if (serviceItem->ProcessId)
326  {
327  WCHAR processIdString[PH_INT32_STR_LEN_1];
328 
329  PhPrintUInt32(processIdString, HandleToUlong(serviceItem->ProcessId));
330 
331  if (WordMatchStringZ(processIdString))
332  {
333  matched = TRUE;
334  break;
335  }
336  }
337  }
338 
339  PhDereferenceObjects(serviceList->Items, serviceList->Count);
340  PhDereferenceObject(serviceList);
341 
342  if (matched)
343  return TRUE;
344  }
345 
346  return FALSE;
347 }
348 
349 BOOLEAN ServiceTreeFilterCallback(
350  _In_ PPH_TREENEW_NODE Node,
351  _In_opt_ PVOID Context
352  )
353 {
354  PPH_SERVICE_NODE serviceNode = (PPH_SERVICE_NODE)Node;
355 
356  if (PhIsNullOrEmptyString(SearchboxText))
357  return TRUE;
358 
359  if (WordMatchStringZ(PhGetServiceTypeString(serviceNode->ServiceItem->Type)))
360  return TRUE;
361 
362  if (WordMatchStringZ(PhGetServiceStateString(serviceNode->ServiceItem->State)))
363  return TRUE;
364 
365  if (WordMatchStringZ(PhGetServiceStartTypeString(serviceNode->ServiceItem->StartType)))
366  return TRUE;
367 
368  if (WordMatchStringZ(PhGetServiceErrorControlString(serviceNode->ServiceItem->ErrorControl)))
369  return TRUE;
370 
371  if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->Name))
372  {
373  if (WordMatchStringRef(&serviceNode->ServiceItem->Name->sr))
374  return TRUE;
375  }
376 
377  if (!PhIsNullOrEmptyString(serviceNode->ServiceItem->DisplayName))
378  {
379  if (WordMatchStringRef(&serviceNode->ServiceItem->DisplayName->sr))
380  return TRUE;
381  }
382 
383  if (serviceNode->ServiceItem->ProcessId)
384  {
385  WCHAR processIdString[PH_INT32_STR_LEN_1];
386 
387  PhPrintUInt32(processIdString, HandleToUlong(serviceNode->ServiceItem->ProcessId));
388 
389  if (WordMatchStringZ(processIdString))
390  return TRUE;
391  }
392 
393  return FALSE;
394 }
395 
396 BOOLEAN NetworkTreeFilterCallback(
397  _In_ PPH_TREENEW_NODE Node,
398  _In_opt_ PVOID Context
399  )
400 {
401  PPH_NETWORK_NODE networkNode = (PPH_NETWORK_NODE)Node;
402 
403  if (PhIsNullOrEmptyString(SearchboxText))
404  return TRUE;
405 
406  if (!PhIsNullOrEmptyString(networkNode->NetworkItem->ProcessName))
407  {
408  if (WordMatchStringRef(&networkNode->NetworkItem->ProcessName->sr))
409  return TRUE;
410  }
411 
412  if (!PhIsNullOrEmptyString(networkNode->NetworkItem->OwnerName))
413  {
414  if (WordMatchStringRef(&networkNode->NetworkItem->OwnerName->sr))
415  return TRUE;
416  }
417 
418  if (networkNode->NetworkItem->LocalAddressString[0] != 0)
419  {
420  if (WordMatchStringZ(networkNode->NetworkItem->LocalAddressString))
421  return TRUE;
422  }
423 
424  if (networkNode->NetworkItem->LocalPortString[0] != 0)
425  {
426  if (WordMatchStringZ(networkNode->NetworkItem->LocalPortString))
427  return TRUE;
428  }
429 
430  if (!PhIsNullOrEmptyString(networkNode->NetworkItem->LocalHostString))
431  {
432  if (WordMatchStringRef(&networkNode->NetworkItem->LocalHostString->sr))
433  return TRUE;
434  }
435 
436  if (networkNode->NetworkItem->RemoteAddressString[0] != 0)
437  {
438  if (WordMatchStringZ(networkNode->NetworkItem->RemoteAddressString))
439  return TRUE;
440  }
441 
442  if (networkNode->NetworkItem->RemotePortString[0] != 0)
443  {
444  if (WordMatchStringZ(networkNode->NetworkItem->RemotePortString))
445  return TRUE;
446  }
447 
448  if (!PhIsNullOrEmptyString(networkNode->NetworkItem->RemoteHostString))
449  {
450  if (WordMatchStringRef(&networkNode->NetworkItem->RemoteHostString->sr))
451  return TRUE;
452  }
453 
454  if (WordMatchStringZ(PhGetProtocolTypeName(networkNode->NetworkItem->ProtocolType)))
455  return TRUE;
456 
457  if ((networkNode->NetworkItem->ProtocolType & PH_TCP_PROTOCOL_TYPE) &&
458  WordMatchStringZ(PhGetTcpStateName(networkNode->NetworkItem->State)))
459  return TRUE;
460 
461  if (networkNode->NetworkItem->ProcessId)
462  {
463  WCHAR processIdString[PH_INT32_STR_LEN_1];
464 
465  PhPrintUInt32(processIdString, HandleToUlong(networkNode->NetworkItem->ProcessId));
466 
467  if (WordMatchStringZ(processIdString))
468  return TRUE;
469  }
470 
471  return FALSE;
472 }