Process Hacker
phapp.h
Go to the documentation of this file.
1 #ifndef PHAPP_H
2 #define PHAPP_H
3 
4 #ifdef PHAPP_EXPORT
5 #define PHAPPAPI __declspec(dllexport)
6 #else
7 #define PHAPPAPI
8 #endif
9 
10 #include <phgui.h>
11 #include <treenew.h>
12 #include <graph.h>
13 #include <circbuf.h>
14 #include <dltmgr.h>
15 #include <phnet.h>
16 #include <providers.h>
17 #include <colmgr.h>
18 #include <uimodels.h>
19 #include "../resource.h"
20 
21 #define KPH_ERROR_MESSAGE (L"KProcessHacker does not support your operating system " \
22  L"or could not be loaded. Make sure Process Hacker is running " \
23  L"with administrative privileges.")
24 
25 typedef struct _PH_SYMBOL_PROVIDER *PPH_SYMBOL_PROVIDER; // phapppub
26 
27 // main
28 
29 typedef struct _PH_STARTUP_PARAMETERS
30 {
31  union
32  {
33  struct
34  {
35  ULONG NoKph : 1;
36  ULONG NoSettings : 1;
37  ULONG NoPlugins : 1;
38  ULONG ShowHidden : 1;
39  ULONG ShowVisible : 1;
40  ULONG ShowOptions : 1;
41  ULONG NewInstance : 1;
42  ULONG Elevate : 1;
43  ULONG Silent : 1;
44  ULONG CommandMode : 1;
45  ULONG PhSvc : 1;
46  ULONG InstallKph : 1;
47  ULONG UninstallKph : 1;
48  ULONG Debug : 1;
49  ULONG Help : 1;
50  ULONG Spare : 17;
51  };
52  ULONG Flags;
53  };
54 
55  PPH_STRING SettingsFileName;
56 
57  HWND WindowHandle;
58  POINT Point;
59 
60  PPH_STRING CommandType;
61  PPH_STRING CommandObject;
62  PPH_STRING CommandAction;
63  PPH_STRING CommandValue;
64 
65  PPH_STRING RunAsServiceMode;
66 
67  ULONG SelectPid;
68  ULONG PriorityClass;
69 
70  PPH_LIST PluginParameters;
71  PPH_STRING SelectTab;
72 } PH_STARTUP_PARAMETERS, *PPH_STARTUP_PARAMETERS;
73 
74 extern PPH_STRING PhApplicationDirectory;
75 extern PPH_STRING PhApplicationFileName;
76 PHAPPAPI extern HFONT PhApplicationFont; // phapppub
77 extern PPH_STRING PhCurrentUserName;
78 extern HINSTANCE PhInstanceHandle;
79 extern PPH_STRING PhLocalSystemName;
80 extern BOOLEAN PhPluginsEnabled;
81 extern PPH_STRING PhSettingsFileName;
82 extern PH_INTEGER_PAIR PhSmallIconSize;
83 extern PH_INTEGER_PAIR PhLargeIconSize;
84 extern PH_STARTUP_PARAMETERS PhStartupParameters;
85 
86 extern PH_PROVIDER_THREAD PhPrimaryProviderThread;
87 extern PH_PROVIDER_THREAD PhSecondaryProviderThread;
88 
89 // begin_phapppub
90 PHAPPAPI
91 VOID
92 NTAPI
93 PhRegisterDialog(
94  _In_ HWND DialogWindowHandle
95  );
96 
97 PHAPPAPI
98 VOID
99 NTAPI
100 PhUnregisterDialog(
101  _In_ HWND DialogWindowHandle
102  );
103 
104 typedef BOOLEAN (NTAPI *PPH_MESSAGE_LOOP_FILTER)(
105  _In_ PMSG Message,
106  _In_ PVOID Context
107  );
108 
109 typedef struct _PH_MESSAGE_LOOP_FILTER_ENTRY
110 {
111  PPH_MESSAGE_LOOP_FILTER Filter;
112  PVOID Context;
113 } PH_MESSAGE_LOOP_FILTER_ENTRY, *PPH_MESSAGE_LOOP_FILTER_ENTRY;
114 
115 PHAPPAPI
116 struct _PH_MESSAGE_LOOP_FILTER_ENTRY *
117 NTAPI
118 PhRegisterMessageLoopFilter(
119  _In_ PPH_MESSAGE_LOOP_FILTER Filter,
120  _In_opt_ PVOID Context
121  );
122 
123 PHAPPAPI
124 VOID
125 NTAPI
126 PhUnregisterMessageLoopFilter(
127  _In_ struct _PH_MESSAGE_LOOP_FILTER_ENTRY *FilterEntry
128  );
129 // end_phapppub
130 
131 VOID PhInitializeFont(
132  _In_ HWND hWnd
133  );
134 
135 // appsup
136 
137 extern GUID XP_CONTEXT_GUID;
138 extern GUID VISTA_CONTEXT_GUID;
139 extern GUID WIN7_CONTEXT_GUID;
140 extern GUID WIN8_CONTEXT_GUID;
141 extern GUID WINBLUE_CONTEXT_GUID;
142 
143 typedef struct PACKAGE_ID PACKAGE_ID;
144 
145 // begin_phapppub
146 PHAPPAPI
147 BOOLEAN
148 NTAPI
149 PhGetProcessIsSuspended(
150  _In_ PSYSTEM_PROCESS_INFORMATION Process
151  );
152 // end_phapppub
153 
154 NTSTATUS PhGetProcessSwitchContext(
155  _In_ HANDLE ProcessHandle,
156  _Out_ PGUID Guid
157  );
158 
159 PPH_STRING PhGetProcessPackageFullName(
160  _In_ HANDLE ProcessHandle
161  );
162 
163 PACKAGE_ID *PhPackageIdFromFullName(
164  _In_ PWSTR PackageFullName
165  );
166 
167 PPH_STRING PhGetPackagePath(
168  _In_ PACKAGE_ID *PackageId
169  );
170 
171 // begin_phapppub
172 typedef enum _PH_KNOWN_PROCESS_TYPE
173 {
174  UnknownProcessType,
175  SystemProcessType, // ntoskrnl/ntkrnlpa/...
176  SessionManagerProcessType, // smss
177  WindowsSubsystemProcessType, // csrss
178  WindowsStartupProcessType, // wininit
179  ServiceControlManagerProcessType, // services
180  LocalSecurityAuthorityProcessType, // lsass
181  LocalSessionManagerProcessType, // lsm
182  WindowsLogonProcessType, // winlogon
183  ServiceHostProcessType, // svchost
184  RunDllAsAppProcessType, // rundll32
185  ComSurrogateProcessType, // dllhost
186  TaskHostProcessType, // taskeng, taskhost, taskhostex
187  ExplorerProcessType, // explorer
188  UmdfHostProcessType, // wudfhost
189  MaximumProcessType,
190  KnownProcessTypeMask = 0xffff,
191 
192  KnownProcessWow64 = 0x20000
193 } PH_KNOWN_PROCESS_TYPE;
194 
195 PHAPPAPI
196 NTSTATUS
197 NTAPI
198 PhGetProcessKnownType(
199  _In_ HANDLE ProcessHandle,
200  _Out_ PH_KNOWN_PROCESS_TYPE *KnownProcessType
201  );
202 
203 typedef union _PH_KNOWN_PROCESS_COMMAND_LINE
204 {
205  struct
206  {
207  PPH_STRING GroupName;
208  } ServiceHost;
209  struct
210  {
211  PPH_STRING FileName;
212  PPH_STRING ProcedureName;
213  } RunDllAsApp;
214  struct
215  {
216  GUID Guid;
217  PPH_STRING Name; // optional
218  PPH_STRING FileName; // optional
219  } ComSurrogate;
220 } PH_KNOWN_PROCESS_COMMAND_LINE, *PPH_KNOWN_PROCESS_COMMAND_LINE;
221 
222 PHAPPAPI
223 BOOLEAN
224 NTAPI
225 PhaGetProcessKnownCommandLine(
226  _In_ PPH_STRING CommandLine,
227  _In_ PH_KNOWN_PROCESS_TYPE KnownProcessType,
228  _Out_ PPH_KNOWN_PROCESS_COMMAND_LINE KnownCommandLine
229  );
230 // end_phapppub
231 
232 VOID PhEnumChildWindows(
233  _In_opt_ HWND hWnd,
234  _In_ ULONG Limit,
235  _In_ WNDENUMPROC Callback,
236  _In_ LPARAM lParam
237  );
238 
239 HWND PhGetProcessMainWindow(
240  _In_ HANDLE ProcessId,
241  _In_opt_ HANDLE ProcessHandle
242  );
243 
244 PPH_STRING PhGetServiceRelevantFileName(
245  _In_ PPH_STRINGREF ServiceName,
246  _In_ SC_HANDLE ServiceHandle
247  );
248 
249 PPH_STRING PhEscapeStringForDelimiter(
250  _In_ PPH_STRING String,
251  _In_ WCHAR Delimiter
252  );
253 
254 PPH_STRING PhUnescapeStringForDelimiter(
255  _In_ PPH_STRING String,
256  _In_ WCHAR Delimiter
257  );
258 
259 typedef struct mxml_node_s mxml_node_t;
260 
261 PPH_STRING PhGetOpaqueXmlNodeText(
262  _In_ mxml_node_t *node
263  );
264 
265 // begin_phapppub
266 PHAPPAPI
267 VOID
268 NTAPI
269 PhSearchOnlineString(
270  _In_ HWND hWnd,
271  _In_ PWSTR String
272  );
273 
274 PHAPPAPI
275 VOID
276 NTAPI
277 PhShellExecuteUserString(
278  _In_ HWND hWnd,
279  _In_ PWSTR Setting,
280  _In_ PWSTR String,
281  _In_ BOOLEAN UseShellExecute,
282  _In_opt_ PWSTR ErrorMessage
283  );
284 
285 PHAPPAPI
286 VOID
287 NTAPI
288 PhLoadSymbolProviderOptions(
289  _Inout_ PPH_SYMBOL_PROVIDER SymbolProvider
290  );
291 // end_phapppub
292 
293 PWSTR PhMakeContextAtom(
294  VOID
295  );
296 
297 // begin_phapppub
298 PHAPPAPI
299 VOID
300 NTAPI
301 PhCopyListViewInfoTip(
302  _Inout_ LPNMLVGETINFOTIP GetInfoTip,
303  _In_ PPH_STRINGREF Tip
304  );
305 
306 PHAPPAPI
307 VOID
308 NTAPI
309 PhCopyListView(
310  _In_ HWND ListViewHandle
311  );
312 
313 PHAPPAPI
314 VOID PhHandleListViewNotifyForCopy(
315  _In_ LPARAM lParam,
316  _In_ HWND ListViewHandle
317  );
318 // end_phapppub
319 
320 #define PH_LIST_VIEW_CTRL_C_BEHAVIOR 0x1
321 #define PH_LIST_VIEW_CTRL_A_BEHAVIOR 0x2
322 #define PH_LIST_VIEW_DEFAULT_1_BEHAVIORS (PH_LIST_VIEW_CTRL_C_BEHAVIOR | PH_LIST_VIEW_CTRL_A_BEHAVIOR)
323 
324 VOID PhHandleListViewNotifyBehaviors(
325  _In_ LPARAM lParam,
326  _In_ HWND ListViewHandle,
327  _In_ ULONG Behaviors
328  );
329 
330 // begin_phapppub
331 PHAPPAPI
332 BOOLEAN
333 NTAPI
334 PhGetListViewContextMenuPoint(
335  _In_ HWND ListViewHandle,
336  _Out_ PPOINT Point
337  );
338 // end_phapppub
339 
340 HFONT PhDuplicateFontWithNewWeight(
341  _In_ HFONT Font,
342  _In_ LONG NewWeight
343  );
344 
345 VOID PhSetWindowOpacity(
346  _In_ HWND WindowHandle,
347  _In_ ULONG OpacityPercent
348  );
349 
350 #define PH_OPACITY_TO_ID(Opacity) (ID_OPACITY_10 + (10 - (Opacity) / 10) - 1)
351 #define PH_ID_TO_OPACITY(Id) (100 - (((Id) - ID_OPACITY_10) + 1) * 10)
352 
353 // begin_phapppub
354 PHAPPAPI
355 VOID
356 NTAPI
357 PhLoadWindowPlacementFromSetting(
358  _In_opt_ PWSTR PositionSettingName,
359  _In_opt_ PWSTR SizeSettingName,
360  _In_ HWND WindowHandle
361  );
362 
363 PHAPPAPI
364 VOID
365 NTAPI
366 PhSaveWindowPlacementToSetting(
367  _In_opt_ PWSTR PositionSettingName,
368  _In_opt_ PWSTR SizeSettingName,
369  _In_ HWND WindowHandle
370  );
371 
372 PHAPPAPI
373 VOID
374 NTAPI
375 PhLoadListViewColumnsFromSetting(
376  _In_ PWSTR Name,
377  _In_ HWND ListViewHandle
378  );
379 
380 PHAPPAPI
381 VOID
382 NTAPI
383 PhSaveListViewColumnsToSetting(
384  _In_ PWSTR Name,
385  _In_ HWND ListViewHandle
386  );
387 
388 PHAPPAPI
389 PPH_STRING
390 NTAPI
391 PhGetPhVersion(
392  VOID
393  );
394 
395 PHAPPAPI
396 VOID
397 NTAPI
398 PhGetPhVersionNumbers(
399  _Out_opt_ PULONG MajorVersion,
400  _Out_opt_ PULONG MinorVersion,
401  _Reserved_ PULONG Reserved,
402  _Out_opt_ PULONG RevisionNumber
403  );
404 
405 PHAPPAPI
406 VOID
407 NTAPI
408 PhWritePhTextHeader(
409  _Inout_ PPH_FILE_STREAM FileStream
410  );
411 
412 #define PH_SHELL_APP_PROPAGATE_PARAMETERS 0x1
413 #define PH_SHELL_APP_PROPAGATE_PARAMETERS_IGNORE_VISIBILITY 0x2
414 #define PH_SHELL_APP_PROPAGATE_PARAMETERS_FORCE_SETTINGS 0x4
415 
416 PHAPPAPI
417 BOOLEAN
418 NTAPI
419 PhShellProcessHacker(
420  _In_opt_ HWND hWnd,
421  _In_opt_ PWSTR Parameters,
422  _In_ ULONG ShowWindowType,
423  _In_ ULONG Flags,
424  _In_ ULONG AppFlags,
425  _In_opt_ ULONG Timeout,
426  _Out_opt_ PHANDLE ProcessHandle
427  );
428 // end_phapppub
429 
430 BOOLEAN PhShellProcessHackerEx(
431  _In_opt_ HWND hWnd,
432  _In_opt_ PWSTR FileName,
433  _In_opt_ PWSTR Parameters,
434  _In_ ULONG ShowWindowType,
435  _In_ ULONG Flags,
436  _In_ ULONG AppFlags,
437  _In_opt_ ULONG Timeout,
438  _Out_opt_ PHANDLE ProcessHandle
439  );
440 
441 BOOLEAN PhCreateProcessIgnoreIfeoDebugger(
442  _In_ PWSTR FileName
443  );
444 
445 // begin_phapppub
446 typedef struct _PH_TN_COLUMN_MENU_DATA
447 {
448  HWND TreeNewHandle;
449  PPH_TREENEW_HEADER_MOUSE_EVENT MouseEvent;
450  ULONG DefaultSortColumn;
451  PH_SORT_ORDER DefaultSortOrder;
452 
453  struct _PH_EMENU_ITEM *Menu;
454  struct _PH_EMENU_ITEM *Selection;
455  ULONG ProcessedId;
456 } PH_TN_COLUMN_MENU_DATA, *PPH_TN_COLUMN_MENU_DATA;
457 
458 #define PH_TN_COLUMN_MENU_HIDE_COLUMN_ID ((ULONG)-1)
459 #define PH_TN_COLUMN_MENU_CHOOSE_COLUMNS_ID ((ULONG)-2)
460 #define PH_TN_COLUMN_MENU_SIZE_COLUMN_TO_FIT_ID ((ULONG)-3)
461 #define PH_TN_COLUMN_MENU_SIZE_ALL_COLUMNS_TO_FIT_ID ((ULONG)-4)
462 #define PH_TN_COLUMN_MENU_RESET_SORT_ID ((ULONG)-5)
463 
464 PHAPPAPI
465 VOID
466 NTAPI
467 PhInitializeTreeNewColumnMenu(
468  _Inout_ PPH_TN_COLUMN_MENU_DATA Data
469  );
470 // end_phapppub
471 
472 #define PH_TN_COLUMN_MENU_NO_VISIBILITY 0x1
473 #define PH_TN_COLUMN_MENU_SHOW_RESET_SORT 0x2
474 
475 VOID PhInitializeTreeNewColumnMenuEx(
476  _Inout_ PPH_TN_COLUMN_MENU_DATA Data,
477  _In_ ULONG Flags
478  );
479 
480 // begin_phapppub
481 PHAPPAPI
482 BOOLEAN
483 NTAPI
484 PhHandleTreeNewColumnMenu(
485  _Inout_ PPH_TN_COLUMN_MENU_DATA Data
486  );
487 
488 PHAPPAPI
489 VOID
490 NTAPI
491 PhDeleteTreeNewColumnMenu(
492  _In_ PPH_TN_COLUMN_MENU_DATA Data
493  );
494 
495 typedef struct _PH_TN_FILTER_SUPPORT
496 {
497  PPH_LIST FilterList;
498  HWND TreeNewHandle;
499  PPH_LIST NodeList;
500 } PH_TN_FILTER_SUPPORT, *PPH_TN_FILTER_SUPPORT;
501 
502 typedef BOOLEAN (NTAPI *PPH_TN_FILTER_FUNCTION)(
503  _In_ PPH_TREENEW_NODE Node,
504  _In_opt_ PVOID Context
505  );
506 
507 typedef struct _PH_TN_FILTER_ENTRY
508 {
509  PPH_TN_FILTER_FUNCTION Filter;
510  PVOID Context;
511 } PH_TN_FILTER_ENTRY, *PPH_TN_FILTER_ENTRY;
512 
513 PHAPPAPI
514 VOID
515 NTAPI
516 PhInitializeTreeNewFilterSupport(
517  _Out_ PPH_TN_FILTER_SUPPORT Support,
518  _In_ HWND TreeNewHandle,
519  _In_ PPH_LIST NodeList
520  );
521 
522 PHAPPAPI
523 VOID
524 NTAPI
525 PhDeleteTreeNewFilterSupport(
526  _In_ PPH_TN_FILTER_SUPPORT Support
527  );
528 
529 PHAPPAPI
530 PPH_TN_FILTER_ENTRY
531 NTAPI
532 PhAddTreeNewFilter(
533  _In_ PPH_TN_FILTER_SUPPORT Support,
534  _In_ PPH_TN_FILTER_FUNCTION Filter,
535  _In_opt_ PVOID Context
536  );
537 
538 PHAPPAPI
539 VOID
540 NTAPI
541 PhRemoveTreeNewFilter(
542  _In_ PPH_TN_FILTER_SUPPORT Support,
543  _In_ PPH_TN_FILTER_ENTRY Entry
544  );
545 
546 PHAPPAPI
547 BOOLEAN
548 NTAPI
549 PhApplyTreeNewFiltersToNode(
550  _In_ PPH_TN_FILTER_SUPPORT Support,
551  _In_ PPH_TREENEW_NODE Node
552  );
553 
554 PHAPPAPI
555 VOID
556 NTAPI
557 PhApplyTreeNewFilters(
558  _In_ PPH_TN_FILTER_SUPPORT Support
559  );
560 // end_phapppub
561 
562 typedef struct _PH_COPY_CELL_CONTEXT
563 {
564  HWND TreeNewHandle;
565  ULONG Id; // column ID
566  PPH_STRING MenuItemText;
567 } PH_COPY_CELL_CONTEXT, *PPH_COPY_CELL_CONTEXT;
568 
569 BOOLEAN PhInsertCopyCellEMenuItem(
570  _In_ struct _PH_EMENU_ITEM *Menu,
571  _In_ ULONG InsertAfterId,
572  _In_ HWND TreeNewHandle,
573  _In_ PPH_TREENEW_COLUMN Column
574  );
575 
576 BOOLEAN PhHandleCopyCellEMenuItem(
577  _In_ struct _PH_EMENU_ITEM *SelectedItem
578  );
579 
580 BOOLEAN PhShellOpenKey2(
581  _In_ HWND hWnd,
582  _In_ PPH_STRING KeyName
583  );
584 
585 #define PH_LOAD_SHARED_IMAGE(Name, Type) LoadImage(PhInstanceHandle, (Name), (Type), 0, 0, LR_SHARED)
586 
587 FORCEINLINE PVOID PhpGenericPropertyPageHeader(
588  _In_ HWND hwndDlg,
589  _In_ UINT uMsg,
590  _In_ WPARAM wParam,
591  _In_ LPARAM lParam,
592  _In_ PWSTR ContextName
593  )
594 {
595  PVOID context;
596 
597  switch (uMsg)
598  {
599  case WM_INITDIALOG:
600  {
601  LPPROPSHEETPAGE propSheetPage = (LPPROPSHEETPAGE)lParam;
602 
603  context = (PVOID)propSheetPage->lParam;
604  SetProp(hwndDlg, ContextName, (HANDLE)context);
605  }
606  break;
607  case WM_DESTROY:
608  {
609  context = (PVOID)GetProp(hwndDlg, ContextName);
610  RemoveProp(hwndDlg, ContextName);
611  }
612  break;
613  default:
614  {
615  context = (PVOID)GetProp(hwndDlg, ContextName);
616  }
617  break;
618  }
619 
620  return context;
621 }
622 
623 // mainwnd
624 
625 #define PH_MAINWND_CLASSNAME L"ProcessHacker" // phapppub
626 
627 #ifndef PH_MAINWND_PRIVATE
628 PHAPPAPI extern HWND PhMainWndHandle; // phapppub
629 extern BOOLEAN PhMainWndExiting;
630 #endif
631 
632 #define WM_PH_FIRST (WM_APP + 99)
633 #define WM_PH_ACTIVATE (WM_APP + 99)
634 #define PH_ACTIVATE_REPLY 0x1119
635 
636 #define WM_PH_PROCESS_ADDED (WM_APP + 101)
637 #define WM_PH_PROCESS_MODIFIED (WM_APP + 102)
638 #define WM_PH_PROCESS_REMOVED (WM_APP + 103)
639 #define WM_PH_PROCESSES_UPDATED (WM_APP + 104)
640 
641 #define WM_PH_SERVICE_ADDED (WM_APP + 105)
642 #define WM_PH_SERVICE_MODIFIED (WM_APP + 106)
643 #define WM_PH_SERVICE_REMOVED (WM_APP + 107)
644 #define WM_PH_SERVICES_UPDATED (WM_APP + 108)
645 
646 #define WM_PH_NETWORK_ITEM_ADDED (WM_APP + 109)
647 #define WM_PH_NETWORK_ITEM_MODIFIED (WM_APP + 110)
648 #define WM_PH_NETWORK_ITEM_REMOVED (WM_APP + 111)
649 #define WM_PH_NETWORK_ITEMS_UPDATED (WM_APP + 112)
650 
651 // begin_phapppub
652 #define WM_PH_SHOW_PROCESS_PROPERTIES (WM_APP + 120)
653 #define WM_PH_DESTROY (WM_APP + 121)
654 #define WM_PH_SAVE_ALL_SETTINGS (WM_APP + 122)
655 #define WM_PH_PREPARE_FOR_EARLY_SHUTDOWN (WM_APP + 123)
656 #define WM_PH_CANCEL_EARLY_SHUTDOWN (WM_APP + 124)
657 // end_phapppub
658 #define WM_PH_DELAYED_LOAD_COMPLETED (WM_APP + 125)
659 #define WM_PH_NOTIFY_ICON_MESSAGE (WM_APP + 126)
660 // begin_phapppub
661 #define WM_PH_TOGGLE_VISIBLE (WM_APP + 127)
662 #define WM_PH_SHOW_MEMORY_EDITOR (WM_APP + 128)
663 #define WM_PH_SHOW_MEMORY_RESULTS (WM_APP + 129)
664 #define WM_PH_SELECT_TAB_PAGE (WM_APP + 130)
665 #define WM_PH_GET_CALLBACK_LAYOUT_PADDING (WM_APP + 131)
666 #define WM_PH_INVALIDATE_LAYOUT_PADDING (WM_APP + 132)
667 #define WM_PH_SELECT_PROCESS_NODE (WM_APP + 133)
668 #define WM_PH_SELECT_SERVICE_ITEM (WM_APP + 134)
669 #define WM_PH_SELECT_NETWORK_ITEM (WM_APP + 135)
670 // end_phapppub
671 #define WM_PH_UPDATE_FONT (WM_APP + 136)
672 #define WM_PH_GET_FONT (WM_APP + 137)
673 // begin_phapppub
674 #define WM_PH_INVOKE (WM_APP + 138)
675 #define WM_PH_ADD_MENU_ITEM (WM_APP + 139)
676 #define WM_PH_ADD_TAB_PAGE (WM_APP + 140)
677 #define WM_PH_REFRESH (WM_APP + 141)
678 #define WM_PH_GET_UPDATE_AUTOMATICALLY (WM_APP + 142)
679 #define WM_PH_SET_UPDATE_AUTOMATICALLY (WM_APP + 143)
680 // end_phapppub
681 #define WM_PH_ICON_CLICK (WM_APP + 144)
682 #define WM_PH_LAST (WM_APP + 144)
683 
684 // begin_phapppub
685 #define ProcessHacker_ShowProcessProperties(hWnd, ProcessItem) \
686  SendMessage(hWnd, WM_PH_SHOW_PROCESS_PROPERTIES, 0, (LPARAM)(ProcessItem))
687 #define ProcessHacker_Destroy(hWnd) \
688  SendMessage(hWnd, WM_PH_DESTROY, 0, 0)
689 #define ProcessHacker_SaveAllSettings(hWnd) \
690  SendMessage(hWnd, WM_PH_SAVE_ALL_SETTINGS, 0, 0)
691 #define ProcessHacker_PrepareForEarlyShutdown(hWnd) \
692  SendMessage(hWnd, WM_PH_PREPARE_FOR_EARLY_SHUTDOWN, 0, 0)
693 #define ProcessHacker_CancelEarlyShutdown(hWnd) \
694  SendMessage(hWnd, WM_PH_CANCEL_EARLY_SHUTDOWN, 0, 0)
695 #define ProcessHacker_ToggleVisible(hWnd, AlwaysShow) \
696  SendMessage(hWnd, WM_PH_TOGGLE_VISIBLE, (WPARAM)(AlwaysShow), 0)
697 #define ProcessHacker_ShowMemoryEditor(hWnd, ShowMemoryEditor) \
698  PostMessage(hWnd, WM_PH_SHOW_MEMORY_EDITOR, 0, (LPARAM)(ShowMemoryEditor))
699 #define ProcessHacker_ShowMemoryResults(hWnd, ShowMemoryResults) \
700  PostMessage(hWnd, WM_PH_SHOW_MEMORY_RESULTS, 0, (LPARAM)(ShowMemoryResults))
701 #define ProcessHacker_SelectTabPage(hWnd, Index) \
702  SendMessage(hWnd, WM_PH_SELECT_TAB_PAGE, (WPARAM)(Index), 0)
703 #define ProcessHacker_GetCallbackLayoutPadding(hWnd) \
704  ((PPH_CALLBACK)SendMessage(hWnd, WM_PH_GET_CALLBACK_LAYOUT_PADDING, 0, 0))
705 #define ProcessHacker_InvalidateLayoutPadding(hWnd) \
706  SendMessage(hWnd, WM_PH_INVALIDATE_LAYOUT_PADDING, 0, 0)
707 #define ProcessHacker_SelectProcessNode(hWnd, ProcessNode) \
708  SendMessage(hWnd, WM_PH_SELECT_PROCESS_NODE, 0, (LPARAM)(ProcessNode))
709 #define ProcessHacker_SelectServiceItem(hWnd, ServiceItem) \
710  SendMessage(hWnd, WM_PH_SELECT_SERVICE_ITEM, 0, (LPARAM)(ServiceItem))
711 #define ProcessHacker_SelectNetworkItem(hWnd, NetworkItem) \
712  SendMessage(hWnd, WM_PH_SELECT_NETWORK_ITEM, 0, (LPARAM)(NetworkItem))
713 #define ProcessHacker_Invoke(hWnd, Function, Parameter) \
714  PostMessage(hWnd, WM_PH_INVOKE, (WPARAM)(Parameter), (LPARAM)(Function))
715 #define ProcessHacker_AddMenuItem(hWnd, AddMenuItem) \
716  ((ULONG_PTR)SendMessage(hWnd, WM_PH_ADD_MENU_ITEM, 0, (LPARAM)(AddMenuItem)))
717 #define ProcessHacker_AddTabPage(hWnd, TabPage) \
718  ((PPH_ADDITIONAL_TAB_PAGE)SendMessage(hWnd, WM_PH_ADD_TAB_PAGE, 0, (LPARAM)(TabPage)))
719 #define ProcessHacker_Refresh(hWnd) \
720  SendMessage(hWnd, WM_PH_REFRESH, 0, 0)
721 #define ProcessHacker_GetUpdateAutomatically(hWnd) \
722  ((BOOLEAN)SendMessage(hWnd, WM_PH_GET_UPDATE_AUTOMATICALLY, 0, 0))
723 #define ProcessHacker_SetUpdateAutomatically(hWnd, Value) \
724  SendMessage(hWnd, WM_PH_SET_UPDATE_AUTOMATICALLY, (WPARAM)(Value), 0)
725 // end_phapppub
726 #define ProcessHacker_IconClick(hWnd) \
727  SendMessage(hWnd, WM_PH_ICON_CLICK, 0, 0)
728 
729 typedef struct _PH_SHOWMEMORYEDITOR
730 {
731  HANDLE ProcessId;
732  PVOID BaseAddress;
733  SIZE_T RegionSize;
734  ULONG SelectOffset;
735  ULONG SelectLength;
736  PPH_STRING Title;
737  ULONG Flags;
738 } PH_SHOWMEMORYEDITOR, *PPH_SHOWMEMORYEDITOR;
739 
740 typedef struct _PH_SHOWMEMORYRESULTS
741 {
742  HANDLE ProcessId;
743  PPH_LIST Results;
744 } PH_SHOWMEMORYRESULTS, *PPH_SHOWMEMORYRESULTS;
745 
746 // begin_phapppub
747 typedef struct _PH_LAYOUT_PADDING_DATA
748 {
749  RECT Padding;
750 } PH_LAYOUT_PADDING_DATA, *PPH_LAYOUT_PADDING_DATA;
751 
752 typedef struct _PH_ADDMENUITEM
753 {
754  _In_ PVOID Plugin;
755  _In_ ULONG Location;
756  _In_opt_ PWSTR InsertAfter;
757  _In_ ULONG Flags;
758  _In_ ULONG Id;
759  _In_ PWSTR Text;
760  _In_opt_ PVOID Context;
761 } PH_ADDMENUITEM, *PPH_ADDMENUITEM;
762 
763 typedef HWND (NTAPI *PPH_TAB_PAGE_CREATE_FUNCTION)(
764  _In_ PVOID Context
765  );
766 
767 typedef VOID (NTAPI *PPH_TAB_PAGE_CALLBACK_FUNCTION)(
768  _In_ PVOID Parameter1,
769  _In_ PVOID Parameter2,
770  _In_ PVOID Parameter3,
771  _In_ PVOID Context
772  );
773 
774 typedef struct _PH_ADDITIONAL_TAB_PAGE
775 {
776  PWSTR Text;
777  PVOID Context;
778  PPH_TAB_PAGE_CREATE_FUNCTION CreateFunction;
779  HWND WindowHandle;
780  INT Index;
781  PPH_TAB_PAGE_CALLBACK_FUNCTION SelectionChangedCallback;
782  PPH_TAB_PAGE_CALLBACK_FUNCTION SaveContentCallback;
783  PPH_TAB_PAGE_CALLBACK_FUNCTION FontChangedCallback;
784  PPH_TAB_PAGE_CALLBACK_FUNCTION InitializeSectionMenuItemsCallback;
785  PVOID Reserved[3];
786 } PH_ADDITIONAL_TAB_PAGE, *PPH_ADDITIONAL_TAB_PAGE;
787 // end_phapppub
788 
789 // begin_phapppub
790 #define PH_NOTIFY_MINIMUM 0x1
791 #define PH_NOTIFY_PROCESS_CREATE 0x1
792 #define PH_NOTIFY_PROCESS_DELETE 0x2
793 #define PH_NOTIFY_SERVICE_CREATE 0x4
794 #define PH_NOTIFY_SERVICE_DELETE 0x8
795 #define PH_NOTIFY_SERVICE_START 0x10
796 #define PH_NOTIFY_SERVICE_STOP 0x20
797 #define PH_NOTIFY_MAXIMUM 0x40
798 #define PH_NOTIFY_VALID_MASK 0x3f
799 // end_phapppub
800 
801 BOOLEAN PhMainWndInitialization(
802  _In_ INT ShowCommand
803  );
804 
805 VOID PhLoadDbgHelpFromPath(
806  _In_ PWSTR DbgHelpPath
807  );
808 
809 VOID PhAddMiniProcessMenuItems(
810  _Inout_ struct _PH_EMENU_ITEM *Menu,
811  _In_ HANDLE ProcessId
812  );
813 
814 BOOLEAN PhHandleMiniProcessMenuItem(
815  _Inout_ struct _PH_EMENU_ITEM *MenuItem
816  );
817 
818 VOID PhShowIconContextMenu(
819  _In_ POINT Location
820  );
821 
822 // begin_phapppub
823 PHAPPAPI
824 VOID
825 NTAPI
826 PhShowIconNotification(
827  _In_ PWSTR Title,
828  _In_ PWSTR Text,
829  _In_ ULONG Flags
830  );
831 // end_phapppub
832 
833 VOID PhShowDetailsForIconNotification(
834  VOID
835  );
836 
837 VOID PhShowProcessContextMenu(
838  _In_ PPH_TREENEW_CONTEXT_MENU ContextMenu
839  );
840 
841 VOID PhShowServiceContextMenu(
842  _In_ PPH_TREENEW_CONTEXT_MENU ContextMenu
843  );
844 
845 VOID PhShowNetworkContextMenu(
846  _In_ PPH_TREENEW_CONTEXT_MENU ContextMenu
847  );
848 
849 // plugin
850 
851 extern PH_AVL_TREE PhPluginsByName;
852 
853 VOID PhPluginsInitialization(
854  VOID
855  );
856 
857 BOOLEAN PhIsPluginDisabled(
858  _In_ PPH_STRINGREF BaseName
859  );
860 
861 VOID PhSetPluginDisabled(
862  _In_ PPH_STRINGREF BaseName,
863  _In_ BOOLEAN Disable
864  );
865 
866 VOID PhLoadPlugins(
867  VOID
868  );
869 
870 VOID PhUnloadPlugins(
871  VOID
872  );
873 
874 struct _PH_PLUGIN *PhFindPlugin2(
875  _In_ PPH_STRINGREF Name
876  );
877 
878 // procprp
879 
880 #define PH_PROCESS_PROPCONTEXT_MAXPAGES 20
881 
882 typedef struct _PH_PROCESS_PROPCONTEXT *PPH_PROCESS_PROPCONTEXT; // phapppub
883 
884 typedef struct _PH_PROCESS_PROPCONTEXT
885 {
886  PPH_PROCESS_ITEM ProcessItem;
887  HWND WindowHandle;
888  PH_EVENT CreatedEvent;
889  PPH_STRING Title;
890  PROPSHEETHEADER PropSheetHeader;
891  HPROPSHEETPAGE *PropSheetPages;
892 
893  HANDLE SelectThreadId;
894 } PH_PROCESS_PROPCONTEXT, *PPH_PROCESS_PROPCONTEXT;
895 
896 // begin_phapppub
897 typedef struct _PH_PROCESS_PROPPAGECONTEXT
898 {
899  PPH_PROCESS_PROPCONTEXT PropContext;
900  PVOID Context;
901  PROPSHEETPAGE PropSheetPage;
902 
903  BOOLEAN LayoutInitialized;
904 } PH_PROCESS_PROPPAGECONTEXT, *PPH_PROCESS_PROPPAGECONTEXT;
905 // end_phapppub
906 
907 BOOLEAN PhProcessPropInitialization(
908  VOID
909  );
910 
911 // begin_phapppub
912 PHAPPAPI
913 PPH_PROCESS_PROPCONTEXT
914 NTAPI
915 PhCreateProcessPropContext(
916  _In_ HWND ParentWindowHandle,
917  _In_ PPH_PROCESS_ITEM ProcessItem
918  );
919 // end_phapppub
920 
921 VOID PhRefreshProcessPropContext(
922  _Inout_ PPH_PROCESS_PROPCONTEXT PropContext
923  );
924 
925 // begin_phapppub
926 PHAPPAPI
927 VOID
928 NTAPI
929 PhSetSelectThreadIdProcessPropContext(
930  _Inout_ PPH_PROCESS_PROPCONTEXT PropContext,
931  _In_ HANDLE ThreadId
932  );
933 
934 PHAPPAPI
935 BOOLEAN
936 NTAPI
937 PhAddProcessPropPage(
938  _Inout_ PPH_PROCESS_PROPCONTEXT PropContext,
939  _In_ _Assume_refs_(1) PPH_PROCESS_PROPPAGECONTEXT PropPageContext
940  );
941 
942 PHAPPAPI
943 BOOLEAN
944 NTAPI
945 PhAddProcessPropPage2(
946  _Inout_ PPH_PROCESS_PROPCONTEXT PropContext,
947  _In_ HPROPSHEETPAGE PropSheetPageHandle
948  );
949 
950 PHAPPAPI
951 PPH_PROCESS_PROPPAGECONTEXT
952 NTAPI
953 PhCreateProcessPropPageContext(
954  _In_ LPCWSTR Template,
955  _In_ DLGPROC DlgProc,
956  _In_opt_ PVOID Context
957  );
958 
959 PHAPPAPI
960 PPH_PROCESS_PROPPAGECONTEXT
961 NTAPI
962 PhCreateProcessPropPageContextEx(
963  _In_opt_ PVOID InstanceHandle,
964  _In_ LPCWSTR Template,
965  _In_ DLGPROC DlgProc,
966  _In_opt_ PVOID Context
967  );
968 
969 PHAPPAPI
970 BOOLEAN
971 NTAPI
972 PhPropPageDlgProcHeader(
973  _In_ HWND hwndDlg,
974  _In_ UINT uMsg,
975  _In_ LPARAM lParam,
976  _Out_ LPPROPSHEETPAGE *PropSheetPage,
977  _Out_ PPH_PROCESS_PROPPAGECONTEXT *PropPageContext,
978  _Out_ PPH_PROCESS_ITEM *ProcessItem
979  );
980 
981 PHAPPAPI
982 VOID
983 NTAPI
984 PhPropPageDlgProcDestroy(
985  _In_ HWND hwndDlg
986  );
987 
988 #define PH_PROP_PAGE_TAB_CONTROL_PARENT ((PPH_LAYOUT_ITEM)0x1)
989 
990 PHAPPAPI
991 PPH_LAYOUT_ITEM
992 NTAPI
993 PhAddPropPageLayoutItem(
994  _In_ HWND hwnd,
995  _In_ HWND Handle,
996  _In_ PPH_LAYOUT_ITEM ParentItem,
997  _In_ ULONG Anchor
998  );
999 
1000 PHAPPAPI
1001 VOID
1002 NTAPI
1003 PhDoPropPageLayout(
1004  _In_ HWND hwnd
1005  );
1006 
1007 FORCEINLINE
1008 PPH_LAYOUT_ITEM
1009 PhBeginPropPageLayout(
1010  _In_ HWND hwndDlg,
1011  _In_ PPH_PROCESS_PROPPAGECONTEXT PropPageContext
1012  )
1013 {
1014  if (!PropPageContext->LayoutInitialized)
1015  {
1016  return PhAddPropPageLayoutItem(hwndDlg, hwndDlg,
1017  PH_PROP_PAGE_TAB_CONTROL_PARENT, PH_ANCHOR_ALL);
1018  }
1019  else
1020  {
1021  return NULL;
1022  }
1023 }
1024 
1025 FORCEINLINE
1026 VOID
1027 PhEndPropPageLayout(
1028  _In_ HWND hwndDlg,
1029  _In_ PPH_PROCESS_PROPPAGECONTEXT PropPageContext
1030  )
1031 {
1032  PhDoPropPageLayout(hwndDlg);
1033  PropPageContext->LayoutInitialized = TRUE;
1034 }
1035 
1036 PHAPPAPI
1037 BOOLEAN
1038 NTAPI
1039 PhShowProcessProperties(
1040  _In_ PPH_PROCESS_PROPCONTEXT Context
1041  );
1042 // end_phapppub
1043 
1044 // log
1045 
1046 #define PH_LOG_ENTRY_PROCESS_FIRST 1
1047 #define PH_LOG_ENTRY_PROCESS_CREATE 1
1048 #define PH_LOG_ENTRY_PROCESS_DELETE 2
1049 #define PH_LOG_ENTRY_PROCESS_LAST 2
1050 
1051 #define PH_LOG_ENTRY_SERVICE_FIRST 3
1052 #define PH_LOG_ENTRY_SERVICE_CREATE 3
1053 #define PH_LOG_ENTRY_SERVICE_DELETE 4
1054 #define PH_LOG_ENTRY_SERVICE_START 5
1055 #define PH_LOG_ENTRY_SERVICE_STOP 6
1056 #define PH_LOG_ENTRY_SERVICE_CONTINUE 7
1057 #define PH_LOG_ENTRY_SERVICE_PAUSE 8
1058 #define PH_LOG_ENTRY_SERVICE_LAST 8
1059 
1060 #define PH_LOG_ENTRY_MESSAGE 9 // phapppub
1061 
1062 typedef struct _PH_LOG_ENTRY *PPH_LOG_ENTRY; // phapppub
1063 
1064 typedef struct _PH_LOG_ENTRY
1065 {
1066  UCHAR Type;
1067  UCHAR Reserved1;
1068  USHORT Flags;
1069  LARGE_INTEGER Time;
1070  union
1071  {
1072  struct
1073  {
1074  HANDLE ProcessId;
1075  PPH_STRING Name;
1076  HANDLE ParentProcessId;
1077  PPH_STRING ParentName;
1078  } Process;
1079  struct
1080  {
1081  PPH_STRING Name;
1082  PPH_STRING DisplayName;
1083  } Service;
1084  PPH_STRING Message;
1085  };
1086  UCHAR Buffer[1];
1087 } PH_LOG_ENTRY, *PPH_LOG_ENTRY;
1088 
1089 #ifndef PH_LOG_PRIVATE
1090 extern PH_CIRCULAR_BUFFER_PVOID PhLogBuffer;
1091 PHAPPAPI extern PH_CALLBACK PhLoggedCallback; // phapppub
1092 #endif
1093 
1094 VOID PhLogInitialization(
1095  VOID
1096  );
1097 
1098 VOID PhClearLogEntries(
1099  VOID
1100  );
1101 
1102 VOID PhLogProcessEntry(
1103  _In_ UCHAR Type,
1104  _In_ HANDLE ProcessId,
1105  _In_ PPH_STRING Name,
1106  _In_opt_ HANDLE ParentProcessId,
1107  _In_opt_ PPH_STRING ParentName
1108  );
1109 
1110 VOID PhLogServiceEntry(
1111  _In_ UCHAR Type,
1112  _In_ PPH_STRING Name,
1113  _In_ PPH_STRING DisplayName
1114  );
1115 
1116 // begin_phapppub
1117 PHAPPAPI
1118 VOID
1119 NTAPI
1120 PhLogMessageEntry(
1121  _In_ UCHAR Type,
1122  _In_ PPH_STRING Message
1123  );
1124 
1125 PHAPPAPI
1126 PPH_STRING
1127 NTAPI
1128 PhFormatLogEntry(
1129  _In_ PPH_LOG_ENTRY Entry
1130  );
1131 // end_phapppub
1132 
1133 // dbgcon
1134 
1135 VOID PhShowDebugConsole(
1136  VOID
1137  );
1138 
1139 // actions
1140 
1141 typedef enum _PH_ACTION_ELEVATION_LEVEL
1142 {
1143  NeverElevateAction = 0,
1144  PromptElevateAction = 1,
1145  AlwaysElevateAction = 2
1146 } PH_ACTION_ELEVATION_LEVEL;
1147 
1148 // begin_phapppub
1149 typedef enum _PH_PHSVC_MODE
1150 {
1151  ElevatedPhSvcMode,
1152  Wow64PhSvcMode
1153 } PH_PHSVC_MODE;
1154 
1155 PHAPPAPI
1156 BOOLEAN
1157 NTAPI
1158 PhUiConnectToPhSvc(
1159  _In_opt_ HWND hWnd,
1160  _In_ BOOLEAN ConnectOnly
1161  );
1162 
1163 PHAPPAPI
1164 BOOLEAN
1165 NTAPI
1166 PhUiConnectToPhSvcEx(
1167  _In_opt_ HWND hWnd,
1168  _In_ PH_PHSVC_MODE Mode,
1169  _In_ BOOLEAN ConnectOnly
1170  );
1171 
1172 PHAPPAPI
1173 VOID
1174 NTAPI
1175 PhUiDisconnectFromPhSvc(
1176  VOID
1177  );
1178 
1179 PHAPPAPI
1180 BOOLEAN
1181 NTAPI
1182 PhUiLockComputer(
1183  _In_ HWND hWnd
1184  );
1185 
1186 PHAPPAPI
1187 BOOLEAN
1188 NTAPI
1189 PhUiLogoffComputer(
1190  _In_ HWND hWnd
1191  );
1192 
1193 PHAPPAPI
1194 BOOLEAN
1195 NTAPI
1196 PhUiSleepComputer(
1197  _In_ HWND hWnd
1198  );
1199 
1200 PHAPPAPI
1201 BOOLEAN
1202 NTAPI
1203 PhUiHibernateComputer(
1204  _In_ HWND hWnd
1205  );
1206 
1207 PHAPPAPI
1208 BOOLEAN
1209 NTAPI
1210 PhUiRestartComputer(
1211  _In_ HWND hWnd,
1212  _In_ ULONG Flags
1213  );
1214 
1215 PHAPPAPI
1216 BOOLEAN
1217 NTAPI
1218 PhUiShutdownComputer(
1219  _In_ HWND hWnd,
1220  _In_ ULONG Flags
1221  );
1222 
1223 PHAPPAPI
1224 BOOLEAN
1225 NTAPI
1226 PhUiConnectSession(
1227  _In_ HWND hWnd,
1228  _In_ ULONG SessionId
1229  );
1230 
1231 PHAPPAPI
1232 BOOLEAN
1233 NTAPI
1234 PhUiDisconnectSession(
1235  _In_ HWND hWnd,
1236  _In_ ULONG SessionId
1237  );
1238 
1239 PHAPPAPI
1240 BOOLEAN
1241 NTAPI
1242 PhUiLogoffSession(
1243  _In_ HWND hWnd,
1244  _In_ ULONG SessionId
1245  );
1246 
1247 PHAPPAPI
1248 BOOLEAN
1249 NTAPI
1250 PhUiTerminateProcesses(
1251  _In_ HWND hWnd,
1252  _In_ PPH_PROCESS_ITEM *Processes,
1253  _In_ ULONG NumberOfProcesses
1254  );
1255 
1256 PHAPPAPI
1257 BOOLEAN
1258 NTAPI
1259 PhUiTerminateTreeProcess(
1260  _In_ HWND hWnd,
1261  _In_ PPH_PROCESS_ITEM Process
1262  );
1263 
1264 PHAPPAPI
1265 BOOLEAN
1266 NTAPI
1267 PhUiSuspendProcesses(
1268  _In_ HWND hWnd,
1269  _In_ PPH_PROCESS_ITEM *Processes,
1270  _In_ ULONG NumberOfProcesses
1271  );
1272 
1273 PHAPPAPI
1274 BOOLEAN
1275 NTAPI
1276 PhUiResumeProcesses(
1277  _In_ HWND hWnd,
1278  _In_ PPH_PROCESS_ITEM *Processes,
1279  _In_ ULONG NumberOfProcesses
1280  );
1281 
1282 PHAPPAPI
1283 BOOLEAN
1284 NTAPI
1285 PhUiRestartProcess(
1286  _In_ HWND hWnd,
1287  _In_ PPH_PROCESS_ITEM Process
1288  );
1289 
1290 PHAPPAPI
1291 BOOLEAN
1292 NTAPI
1293 PhUiDebugProcess(
1294  _In_ HWND hWnd,
1295  _In_ PPH_PROCESS_ITEM Process
1296  );
1297 
1298 PHAPPAPI
1299 BOOLEAN
1300 NTAPI
1301 PhUiReduceWorkingSetProcesses(
1302  _In_ HWND hWnd,
1303  _In_ PPH_PROCESS_ITEM *Processes,
1304  _In_ ULONG NumberOfProcesses
1305  );
1306 
1307 PHAPPAPI
1308 BOOLEAN
1309 NTAPI
1310 PhUiSetVirtualizationProcess(
1311  _In_ HWND hWnd,
1312  _In_ PPH_PROCESS_ITEM Process,
1313  _In_ BOOLEAN Enable
1314  );
1315 
1316 PHAPPAPI
1317 BOOLEAN
1318 NTAPI
1319 PhUiDetachFromDebuggerProcess(
1320  _In_ HWND hWnd,
1321  _In_ PPH_PROCESS_ITEM Process
1322  );
1323 
1324 PHAPPAPI
1325 BOOLEAN
1326 NTAPI
1327 PhUiInjectDllProcess(
1328  _In_ HWND hWnd,
1329  _In_ PPH_PROCESS_ITEM Process
1330  );
1331 
1332 PHAPPAPI
1333 BOOLEAN
1334 NTAPI
1335 PhUiSetIoPriorityProcesses(
1336  _In_ HWND hWnd,
1337  _In_ PPH_PROCESS_ITEM *Processes,
1338  _In_ ULONG NumberOfProcesses,
1339  _In_ ULONG IoPriority
1340  );
1341 
1342 PHAPPAPI
1343 BOOLEAN
1344 NTAPI
1345 PhUiSetPagePriorityProcess(
1346  _In_ HWND hWnd,
1347  _In_ PPH_PROCESS_ITEM Process,
1348  _In_ ULONG PagePriority
1349  );
1350 
1351 PHAPPAPI
1352 BOOLEAN
1353 NTAPI
1354 PhUiSetPriorityProcesses(
1355  _In_ HWND hWnd,
1356  _In_ PPH_PROCESS_ITEM *Processes,
1357  _In_ ULONG NumberOfProcesses,
1358  _In_ ULONG PriorityClass
1359  );
1360 
1361 PHAPPAPI
1362 BOOLEAN
1363 NTAPI
1364 PhUiSetDepStatusProcess(
1365  _In_ HWND hWnd,
1366  _In_ PPH_PROCESS_ITEM Process
1367  );
1368 
1369 PHAPPAPI
1370 BOOLEAN
1371 NTAPI
1372 PhUiStartService(
1373  _In_ HWND hWnd,
1374  _In_ PPH_SERVICE_ITEM Service
1375  );
1376 
1377 PHAPPAPI
1378 BOOLEAN
1379 NTAPI
1380 PhUiContinueService(
1381  _In_ HWND hWnd,
1382  _In_ PPH_SERVICE_ITEM Service
1383  );
1384 
1385 PHAPPAPI
1386 BOOLEAN
1387 NTAPI
1388 PhUiPauseService(
1389  _In_ HWND hWnd,
1390  _In_ PPH_SERVICE_ITEM Service
1391  );
1392 
1393 PHAPPAPI
1394 BOOLEAN
1395 NTAPI
1396 PhUiStopService(
1397  _In_ HWND hWnd,
1398  _In_ PPH_SERVICE_ITEM Service
1399  );
1400 
1401 PHAPPAPI
1402 BOOLEAN
1403 NTAPI
1404 PhUiDeleteService(
1405  _In_ HWND hWnd,
1406  _In_ PPH_SERVICE_ITEM Service
1407  );
1408 
1409 PHAPPAPI
1410 BOOLEAN
1411 NTAPI
1412 PhUiCloseConnections(
1413  _In_ HWND hWnd,
1414  _In_ PPH_NETWORK_ITEM *Connections,
1415  _In_ ULONG NumberOfConnections
1416  );
1417 
1418 PHAPPAPI
1419 BOOLEAN
1420 NTAPI
1421 PhUiTerminateThreads(
1422  _In_ HWND hWnd,
1423  _In_ PPH_THREAD_ITEM *Threads,
1424  _In_ ULONG NumberOfThreads
1425  );
1426 
1427 PHAPPAPI
1428 BOOLEAN
1429 NTAPI
1430 PhUiForceTerminateThreads(
1431  _In_ HWND hWnd,
1432  _In_ HANDLE ProcessId,
1433  _In_ PPH_THREAD_ITEM *Threads,
1434  _In_ ULONG NumberOfThreads
1435  );
1436 
1437 PHAPPAPI
1438 BOOLEAN
1439 NTAPI
1440 PhUiSuspendThreads(
1441  _In_ HWND hWnd,
1442  _In_ PPH_THREAD_ITEM *Threads,
1443  _In_ ULONG NumberOfThreads
1444  );
1445 
1446 PHAPPAPI
1447 BOOLEAN
1448 NTAPI
1449 PhUiResumeThreads(
1450  _In_ HWND hWnd,
1451  _In_ PPH_THREAD_ITEM *Threads,
1452  _In_ ULONG NumberOfThreads
1453  );
1454 
1455 PHAPPAPI
1456 BOOLEAN
1457 NTAPI
1458 PhUiSetPriorityThread(
1459  _In_ HWND hWnd,
1460  _In_ PPH_THREAD_ITEM Thread,
1461  _In_ ULONG ThreadPriorityWin32
1462  );
1463 
1464 PHAPPAPI
1465 BOOLEAN
1466 NTAPI
1467 PhUiSetIoPriorityThread(
1468  _In_ HWND hWnd,
1469  _In_ PPH_THREAD_ITEM Thread,
1470  _In_ ULONG IoPriority
1471  );
1472 
1473 PHAPPAPI
1474 BOOLEAN
1475 NTAPI
1476 PhUiSetPagePriorityThread(
1477  _In_ HWND hWnd,
1478  _In_ PPH_THREAD_ITEM Thread,
1479  _In_ ULONG PagePriority
1480  );
1481 
1482 PHAPPAPI
1483 BOOLEAN
1484 NTAPI
1485 PhUiUnloadModule(
1486  _In_ HWND hWnd,
1487  _In_ HANDLE ProcessId,
1488  _In_ PPH_MODULE_ITEM Module
1489  );
1490 
1491 PHAPPAPI
1492 BOOLEAN
1493 NTAPI
1494 PhUiFreeMemory(
1495  _In_ HWND hWnd,
1496  _In_ HANDLE ProcessId,
1497  _In_ PPH_MEMORY_ITEM MemoryItem,
1498  _In_ BOOLEAN Free
1499  );
1500 
1501 PHAPPAPI
1502 BOOLEAN
1503 NTAPI
1504 PhUiCloseHandles(
1505  _In_ HWND hWnd,
1506  _In_ HANDLE ProcessId,
1507  _In_ PPH_HANDLE_ITEM *Handles,
1508  _In_ ULONG NumberOfHandles,
1509  _In_ BOOLEAN Warn
1510  );
1511 
1512 PHAPPAPI
1513 BOOLEAN
1514 NTAPI
1515 PhUiSetAttributesHandle(
1516  _In_ HWND hWnd,
1517  _In_ HANDLE ProcessId,
1518  _In_ PPH_HANDLE_ITEM Handle,
1519  _In_ ULONG Attributes
1520  );
1521 // end_phapppub
1522 
1523 // itemtips
1524 
1525 PPH_STRING PhGetProcessTooltipText(
1526  _In_ PPH_PROCESS_ITEM Process,
1527  _Out_opt_ PULONG ValidToTickCount
1528  );
1529 
1530 PPH_STRING PhGetServiceTooltipText(
1531  _In_ PPH_SERVICE_ITEM Service
1532  );
1533 
1534 // cmdmode
1535 
1536 NTSTATUS PhCommandModeStart(
1537  VOID
1538  );
1539 
1540 // anawait
1541 
1542 VOID PhUiAnalyzeWaitThread(
1543  _In_ HWND hWnd,
1544  _In_ HANDLE ProcessId,
1545  _In_ HANDLE ThreadId,
1546  _In_ PPH_SYMBOL_PROVIDER SymbolProvider
1547  );
1548 
1549 // mdump
1550 
1551 BOOLEAN PhUiCreateDumpFileProcess(
1552  _In_ HWND hWnd,
1553  _In_ PPH_PROCESS_ITEM Process
1554  );
1555 
1556 // about
1557 
1558 VOID PhShowAboutDialog(
1559  _In_ HWND ParentWindowHandle
1560  );
1561 
1562 PPH_STRING PhGetDiagnosticsString(
1563  VOID
1564  );
1565 
1566 // affinity
1567 
1568 VOID PhShowProcessAffinityDialog(
1569  _In_ HWND ParentWindowHandle,
1570  _In_opt_ PPH_PROCESS_ITEM ProcessItem,
1571  _In_opt_ PPH_THREAD_ITEM ThreadItem
1572  );
1573 
1574 // begin_phapppub
1575 PHAPPAPI
1576 BOOLEAN
1577 NTAPI
1578 PhShowProcessAffinityDialog2(
1579  _In_ HWND ParentWindowHandle,
1580  _In_ ULONG_PTR AffinityMask,
1581  _Out_ PULONG_PTR NewAffinityMask
1582  );
1583 // end_phapppub
1584 
1585 // chcol
1586 
1587 #define PH_CONTROL_TYPE_TREE_NEW 1
1588 
1589 VOID PhShowChooseColumnsDialog(
1590  _In_ HWND ParentWindowHandle,
1591  _In_ HWND ControlHandle,
1592  _In_ ULONG Type
1593  );
1594 
1595 // chdlg
1596 
1597 // begin_phapppub
1598 #define PH_CHOICE_DIALOG_SAVED_CHOICES 10
1599 
1600 #define PH_CHOICE_DIALOG_CHOICE 0x0
1601 #define PH_CHOICE_DIALOG_USER_CHOICE 0x1
1602 #define PH_CHOICE_DIALOG_PASSWORD 0x2
1603 #define PH_CHOICE_DIALOG_TYPE_MASK 0x3
1604 
1605 PHAPPAPI
1606 BOOLEAN
1607 NTAPI
1608 PhaChoiceDialog(
1609  _In_ HWND ParentWindowHandle,
1610  _In_ PWSTR Title,
1611  _In_ PWSTR Message,
1612  _In_opt_ PWSTR *Choices,
1613  _In_opt_ ULONG NumberOfChoices,
1614  _In_opt_ PWSTR Option,
1615  _In_ ULONG Flags,
1616  _Inout_ PPH_STRING *SelectedChoice,
1617  _Inout_opt_ PBOOLEAN SelectedOption,
1618  _In_opt_ PWSTR SavedChoicesSettingName
1619  );
1620 // end_phapppub
1621 
1622 // chproc
1623 
1624 // begin_phapppub
1625 PHAPPAPI
1626 BOOLEAN
1627 NTAPI
1628 PhShowChooseProcessDialog(
1629  _In_ HWND ParentWindowHandle,
1630  _In_ PWSTR Message,
1631  _Out_ PHANDLE ProcessId
1632  );
1633 // end_phapppub
1634 
1635 // findobj
1636 
1637 VOID PhShowFindObjectsDialog(
1638  VOID
1639  );
1640 
1641 // gdihndl
1642 
1643 VOID PhShowGdiHandlesDialog(
1644  _In_ HWND ParentWindowHandle,
1645  _In_ PPH_PROCESS_ITEM ProcessItem
1646  );
1647 
1648 // hidnproc
1649 
1650 VOID PhShowHiddenProcessesDialog(
1651  VOID
1652  );
1653 
1654 // hndlprp
1655 
1656 VOID PhShowHandleProperties(
1657  _In_ HWND ParentWindowHandle,
1658  _In_ HANDLE ProcessId,
1659  _In_ PPH_HANDLE_ITEM HandleItem
1660  );
1661 
1662 // hndlstat
1663 
1664 VOID PhShowHandleStatisticsDialog(
1665  _In_ HWND ParentWindowHandle,
1666  _In_ HANDLE ProcessId
1667  );
1668 
1669 // infodlg
1670 
1671 VOID PhShowInformationDialog(
1672  _In_ HWND ParentWindowHandle,
1673  _In_ PWSTR String
1674  );
1675 
1676 // jobprp
1677 
1678 VOID PhShowJobProperties(
1679  _In_ HWND ParentWindowHandle,
1680  _In_ PPH_OPEN_OBJECT OpenObject,
1681  _In_opt_ PVOID Context,
1682  _In_opt_ PWSTR Title
1683  );
1684 
1685 HPROPSHEETPAGE PhCreateJobPage(
1686  _In_ PPH_OPEN_OBJECT OpenObject,
1687  _In_opt_ PVOID Context,
1688  _In_opt_ DLGPROC HookProc
1689  );
1690 
1691 // logwnd
1692 
1693 VOID PhShowLogDialog(
1694  VOID
1695  );
1696 
1697 // memedit
1698 
1699 #define PH_MEMORY_EDITOR_UNMAP_VIEW_OF_SECTION 0x1
1700 
1701 VOID PhShowMemoryEditorDialog(
1702  _In_ HANDLE ProcessId,
1703  _In_ PVOID BaseAddress,
1704  _In_ SIZE_T RegionSize,
1705  _In_ ULONG SelectOffset,
1706  _In_ ULONG SelectLength,
1707  _In_opt_ PPH_STRING Title,
1708  _In_ ULONG Flags
1709  );
1710 
1711 // memlists
1712 
1713 VOID PhShowMemoryListsDialog(
1714  _In_ HWND ParentWindowHandle,
1715  _In_opt_ VOID (NTAPI *RegisterDialog)(HWND),
1716  _In_opt_ VOID (NTAPI *UnregisterDialog)(HWND)
1717  );
1718 
1719 // memprot
1720 
1721 VOID PhShowMemoryProtectDialog(
1722  _In_ HWND ParentWindowHandle,
1723  _In_ PPH_PROCESS_ITEM ProcessItem,
1724  _In_ PPH_MEMORY_ITEM MemoryItem
1725  );
1726 
1727 // memrslt
1728 
1729 VOID PhShowMemoryResultsDialog(
1730  _In_ HANDLE ProcessId,
1731  _In_ PPH_LIST Results
1732  );
1733 
1734 // memsrch
1735 
1736 VOID PhShowMemoryStringDialog(
1737  _In_ HWND ParentWindowHandle,
1738  _In_ PPH_PROCESS_ITEM ProcessItem
1739  );
1740 
1741 // netstk
1742 
1743 VOID PhShowNetworkStackDialog(
1744  _In_ HWND ParentWindowHandle,
1745  _In_ PPH_NETWORK_ITEM NetworkItem
1746  );
1747 
1748 // ntobjprp
1749 
1750 HPROPSHEETPAGE PhCreateEventPage(
1751  _In_ PPH_OPEN_OBJECT OpenObject,
1752  _In_opt_ PVOID Context
1753  );
1754 
1755 HPROPSHEETPAGE PhCreateEventPairPage(
1756  _In_ PPH_OPEN_OBJECT OpenObject,
1757  _In_opt_ PVOID Context
1758  );
1759 
1760 HPROPSHEETPAGE PhCreateMutantPage(
1761  _In_ PPH_OPEN_OBJECT OpenObject,
1762  _In_opt_ PVOID Context
1763  );
1764 
1765 HPROPSHEETPAGE PhCreateSectionPage(
1766  _In_ PPH_OPEN_OBJECT OpenObject,
1767  _In_opt_ PVOID Context
1768  );
1769 
1770 HPROPSHEETPAGE PhCreateSemaphorePage(
1771  _In_ PPH_OPEN_OBJECT OpenObject,
1772  _In_opt_ PVOID Context
1773  );
1774 
1775 HPROPSHEETPAGE PhCreateTimerPage(
1776  _In_ PPH_OPEN_OBJECT OpenObject,
1777  _In_opt_ PVOID Context
1778  );
1779 
1780 // options
1781 
1782 VOID PhShowOptionsDialog(
1783  _In_ HWND ParentWindowHandle
1784  );
1785 
1786 // pagfiles
1787 
1788 VOID PhShowPagefilesDialog(
1789  _In_ HWND ParentWindowHandle
1790  );
1791 
1792 // plugman
1793 
1794 VOID PhShowPluginsDialog(
1795  _In_ HWND ParentWindowHandle
1796  );
1797 
1798 // procrec
1799 
1800 // begin_phapppub
1801 PHAPPAPI
1802 VOID
1803 NTAPI
1804 PhShowProcessRecordDialog(
1805  _In_ HWND ParentWindowHandle,
1806  _In_ PPH_PROCESS_RECORD Record
1807  );
1808 // end_phapppub
1809 
1810 // runas
1811 
1812 typedef struct _PH_RUNAS_SERVICE_PARAMETERS
1813 {
1814  ULONG ProcessId;
1815  PWSTR UserName;
1816  PWSTR Password;
1817  ULONG LogonType;
1818  ULONG SessionId;
1819  PWSTR CurrentDirectory;
1820  PWSTR CommandLine;
1821  PWSTR FileName;
1822  PWSTR DesktopName;
1823  BOOLEAN UseLinkedToken;
1824  PWSTR ServiceName;
1825 } PH_RUNAS_SERVICE_PARAMETERS, *PPH_RUNAS_SERVICE_PARAMETERS;
1826 
1827 VOID PhShowRunAsDialog(
1828  _In_ HWND ParentWindowHandle,
1829  _In_opt_ HANDLE ProcessId
1830  );
1831 
1832 NTSTATUS PhExecuteRunAsCommand(
1833  _In_ PPH_RUNAS_SERVICE_PARAMETERS Parameters
1834  );
1835 
1836 // begin_phapppub
1837 PHAPPAPI
1838 NTSTATUS
1839 NTAPI
1840 PhExecuteRunAsCommand2(
1841  _In_ HWND hWnd,
1842  _In_ PWSTR Program,
1843  _In_opt_ PWSTR UserName,
1844  _In_opt_ PWSTR Password,
1845  _In_opt_ ULONG LogonType,
1846  _In_opt_ HANDLE ProcessIdWithToken,
1847  _In_ ULONG SessionId,
1848  _In_ PWSTR DesktopName,
1849  _In_ BOOLEAN UseLinkedToken
1850  );
1851 // end_phapppub
1852 
1853 NTSTATUS PhRunAsServiceStart(
1854  _In_ PPH_STRING ServiceName
1855  );
1856 
1857 NTSTATUS PhInvokeRunAsService(
1858  _In_ PPH_RUNAS_SERVICE_PARAMETERS Parameters
1859  );
1860 
1861 // sessmsg
1862 
1863 VOID PhShowSessionSendMessageDialog(
1864  _In_ HWND ParentWindowHandle,
1865  _In_ ULONG SessionId
1866  );
1867 
1868 // sessprp
1869 
1870 VOID PhShowSessionProperties(
1871  _In_ HWND ParentWindowHandle,
1872  _In_ ULONG SessionId
1873  );
1874 
1875 // sessshad
1876 
1877 VOID PhShowSessionShadowDialog(
1878  _In_ HWND ParentWindowHandle,
1879  _In_ ULONG SessionId
1880  );
1881 
1882 // srvcr
1883 
1884 VOID PhShowCreateServiceDialog(
1885  _In_ HWND ParentWindowHandle
1886  );
1887 
1888 // srvctl
1889 
1890 // begin_phapppub
1891 #define WM_PH_SET_LIST_VIEW_SETTINGS (WM_APP + 701)
1892 
1893 PHAPPAPI
1894 HWND
1895 NTAPI
1896 PhCreateServiceListControl(
1897  _In_ HWND ParentWindowHandle,
1898  _In_ PPH_SERVICE_ITEM *Services,
1899  _In_ ULONG NumberOfServices
1900  );
1901 // end_phapppub
1902 
1903 // srvprp
1904 
1905 VOID PhShowServiceProperties(
1906  _In_ HWND ParentWindowHandle,
1907  _In_ PPH_SERVICE_ITEM ServiceItem
1908  );
1909 
1910 // termator
1911 
1912 VOID PhShowProcessTerminatorDialog(
1913  _In_ HWND ParentWindowHandle,
1914  _In_ PPH_PROCESS_ITEM ProcessItem
1915  );
1916 
1917 // thrdstk
1918 
1919 VOID PhShowThreadStackDialog(
1920  _In_ HWND ParentWindowHandle,
1921  _In_ HANDLE ProcessId,
1922  _In_ HANDLE ThreadId,
1923  _In_ PPH_THREAD_PROVIDER ThreadProvider
1924  );
1925 
1926 // tokprp
1927 
1928 PPH_STRING PhGetGroupAttributesString(
1929  _In_ ULONG Attributes
1930  );
1931 
1932 PWSTR PhGetPrivilegeAttributesString(
1933  _In_ ULONG Attributes
1934  );
1935 
1936 VOID PhShowTokenProperties(
1937  _In_ HWND ParentWindowHandle,
1938  _In_ PPH_OPEN_OBJECT OpenObject,
1939  _In_opt_ PVOID Context,
1940  _In_opt_ PWSTR Title
1941  );
1942 
1943 HPROPSHEETPAGE PhCreateTokenPage(
1944  _In_ PPH_OPEN_OBJECT OpenObject,
1945  _In_opt_ PVOID Context,
1946  _In_opt_ DLGPROC HookProc
1947  );
1948 
1949 #endif