Process Hacker
phapppub.h
Go to the documentation of this file.
1 #ifndef _PH_PHAPPPUB_H
2 #define _PH_PHAPPPUB_H
3 
4 // This file was automatically generated. Do not edit.
5 
6 #ifdef __cplusplus
7 extern "C" {
8 #endif
9 
10 //
11 // providers
12 //
13 
14 PHAPPAPI extern PH_CALLBACK PhProcessAddedEvent; // phapppub
15 PHAPPAPI extern PH_CALLBACK PhProcessModifiedEvent; // phapppub
16 PHAPPAPI extern PH_CALLBACK PhProcessRemovedEvent; // phapppub
17 PHAPPAPI extern PH_CALLBACK PhProcessesUpdatedEvent; // phapppub
18 
19 #define DPCS_PROCESS_ID ((HANDLE)(LONG_PTR)-2)
20 #define INTERRUPTS_PROCESS_ID ((HANDLE)(LONG_PTR)-3)
21 
22 // DPCs, Interrupts and System Idle Process are not real.
23 // Non-"real" processes can never be opened.
24 #define PH_IS_REAL_PROCESS_ID(ProcessId) ((LONG_PTR)(ProcessId) > 0)
25 
26 // DPCs and Interrupts are fake, but System Idle Process is not.
27 #define PH_IS_FAKE_PROCESS_ID(ProcessId) ((LONG_PTR)(ProcessId) < 0)
28 
29 // The process item has been removed.
30 #define PH_PROCESS_ITEM_REMOVED 0x1
31 
32 typedef enum _VERIFY_RESULT VERIFY_RESULT;
33 typedef struct _PH_PROCESS_RECORD *PPH_PROCESS_RECORD;
34 
35 typedef struct _PH_PROCESS_ITEM
36 {
37  PH_HASH_ENTRY HashEntry;
38  ULONG State;
39  PPH_PROCESS_RECORD Record;
40 
41  // Basic
42 
43  HANDLE ProcessId;
44  HANDLE ParentProcessId;
45  PPH_STRING ProcessName;
46  ULONG SessionId;
47 
48  LARGE_INTEGER CreateTime;
49 
50  // Handles
51 
52  HANDLE QueryHandle;
53 
54  // Parameters
55 
56  PPH_STRING FileName;
57  PPH_STRING CommandLine;
58 
59  // File
60 
61  HICON SmallIcon;
62  HICON LargeIcon;
63  PH_IMAGE_VERSION_INFO VersionInfo;
64 
65  // Security
66 
67  PPH_STRING UserName;
68  TOKEN_ELEVATION_TYPE ElevationType;
69  MANDATORY_LEVEL IntegrityLevel;
70  PWSTR IntegrityString;
71 
72  // Other
73 
74  PPH_STRING JobName;
75  HANDLE ConsoleHostProcessId;
76 
77  // Signature, Packed
78 
79  VERIFY_RESULT VerifyResult;
80  PPH_STRING VerifySignerName;
81  ULONG ImportFunctions;
82  ULONG ImportModules;
83 
84  // Flags
85 
86  union
87  {
88  ULONG Flags;
89  struct
90  {
91  ULONG UpdateIsDotNet : 1;
92  ULONG IsBeingDebugged : 1;
93  ULONG IsDotNet : 1;
94  ULONG IsElevated : 1;
95  ULONG IsInJob : 1;
96  ULONG IsInSignificantJob : 1;
97  ULONG IsPacked : 1;
98  ULONG IsPosix : 1;
99  ULONG IsSuspended : 1;
100  ULONG IsWow64 : 1;
101  ULONG IsImmersive : 1;
102  ULONG IsWow64Valid : 1;
103  ULONG IsPartiallySuspended : 1;
104  ULONG AddedEventSent : 1;
105  ULONG Spare : 18;
106  };
107  };
108 
109  // Misc.
110 
111  ULONG JustProcessed;
112  PH_EVENT Stage1Event;
113 
114  PPH_POINTER_LIST ServiceList;
115  PH_QUEUED_LOCK ServiceListLock;
116 
117  WCHAR ProcessIdString[PH_INT32_STR_LEN_1];
118  WCHAR ParentProcessIdString[PH_INT32_STR_LEN_1];
119  WCHAR SessionIdString[PH_INT32_STR_LEN_1];
120 
121  // Dynamic
122 
123  KPRIORITY BasePriority;
124  ULONG PriorityClass;
125  LARGE_INTEGER KernelTime;
126  LARGE_INTEGER UserTime;
127  ULONG NumberOfHandles;
128  ULONG NumberOfThreads;
129 
130  FLOAT CpuUsage; // Below Windows 7, sum of kernel and user CPU usage; above Windows 7, cycle-based CPU usage.
131  FLOAT CpuKernelUsage;
132  FLOAT CpuUserUsage;
133 
134  PH_UINT64_DELTA CpuKernelDelta;
135  PH_UINT64_DELTA CpuUserDelta;
136  PH_UINT64_DELTA IoReadDelta;
137  PH_UINT64_DELTA IoWriteDelta;
138  PH_UINT64_DELTA IoOtherDelta;
139  PH_UINT64_DELTA IoReadCountDelta;
140  PH_UINT64_DELTA IoWriteCountDelta;
141  PH_UINT64_DELTA IoOtherCountDelta;
142  PH_UINT32_DELTA ContextSwitchesDelta;
143  PH_UINT32_DELTA PageFaultsDelta;
144  PH_UINT64_DELTA CycleTimeDelta; // since WIN7
145 
146  VM_COUNTERS_EX VmCounters;
147  IO_COUNTERS IoCounters;
148  SIZE_T WorkingSetPrivateSize; // since VISTA
149  ULONG PeakNumberOfThreads; // since WIN7
150  ULONG HardFaultCount; // since WIN7
151 
152  ULONG SequenceNumber;
153  PH_CIRCULAR_BUFFER_FLOAT CpuKernelHistory;
154  PH_CIRCULAR_BUFFER_FLOAT CpuUserHistory;
155  PH_CIRCULAR_BUFFER_ULONG64 IoReadHistory;
156  PH_CIRCULAR_BUFFER_ULONG64 IoWriteHistory;
157  PH_CIRCULAR_BUFFER_ULONG64 IoOtherHistory;
158  PH_CIRCULAR_BUFFER_SIZE_T PrivateBytesHistory;
159  //PH_CIRCULAR_BUFFER_SIZE_T WorkingSetHistory;
160 
161  // New fields
162  PH_UINTPTR_DELTA PrivateBytesDelta;
163  PPH_STRING PackageFullName;
164 } PH_PROCESS_ITEM, *PPH_PROCESS_ITEM;
165 
166 // The process itself is dead.
167 #define PH_PROCESS_RECORD_DEAD 0x1
168 // An extra reference has been added to the process record for the statistics system.
169 #define PH_PROCESS_RECORD_STAT_REF 0x2
170 
171 typedef struct _PH_PROCESS_RECORD
172 {
173  LIST_ENTRY ListEntry;
174  LONG RefCount;
175  ULONG Flags;
176 
177  HANDLE ProcessId;
178  HANDLE ParentProcessId;
179  ULONG SessionId;
180  LARGE_INTEGER CreateTime;
181  LARGE_INTEGER ExitTime;
182 
183  PPH_STRING ProcessName;
184  PPH_STRING FileName;
185  PPH_STRING CommandLine;
186  /*PPH_STRING UserName;*/
187 } PH_PROCESS_RECORD, *PPH_PROCESS_RECORD;
188 
189 PHAPPAPI
190 PPH_STRING
191 NTAPI
192 PhGetClientIdName(
193  _In_ PCLIENT_ID ClientId
194  );
195 
196 PHAPPAPI
197 PPH_STRING
198 NTAPI
199 PhGetClientIdNameEx(
200  _In_ PCLIENT_ID ClientId,
201  _In_opt_ PPH_STRING ProcessName
202  );
203 
204 PHAPPAPI
205 PWSTR
206 NTAPI
207 PhGetProcessPriorityClassString(
208  _In_ ULONG PriorityClass
209  );
210 
211 PHAPPAPI
212 PPH_PROCESS_ITEM
213 NTAPI
214 PhReferenceProcessItem(
215  _In_ HANDLE ProcessId
216  );
217 
218 PHAPPAPI
219 VOID
220 NTAPI
221 PhEnumProcessItems(
222  _Out_opt_ PPH_PROCESS_ITEM **ProcessItems,
223  _Out_ PULONG NumberOfProcessItems
224  );
225 
226 PHAPPAPI
227 BOOLEAN
228 NTAPI
229 PhGetStatisticsTime(
230  _In_opt_ PPH_PROCESS_ITEM ProcessItem,
231  _In_ ULONG Index,
232  _Out_ PLARGE_INTEGER Time
233  );
234 
235 PHAPPAPI
236 PPH_STRING
237 NTAPI
238 PhGetStatisticsTimeString(
239  _In_opt_ PPH_PROCESS_ITEM ProcessItem,
240  _In_ ULONG Index
241  );
242 
243 PHAPPAPI
244 VOID
245 NTAPI
246 PhReferenceProcessRecord(
247  _In_ PPH_PROCESS_RECORD ProcessRecord
248  );
249 
250 PHAPPAPI
251 BOOLEAN
252 NTAPI
253 PhReferenceProcessRecordSafe(
254  _In_ PPH_PROCESS_RECORD ProcessRecord
255  );
256 
257 PHAPPAPI
258 VOID
259 NTAPI
260 PhReferenceProcessRecordForStatistics(
261  _In_ PPH_PROCESS_RECORD ProcessRecord
262  );
263 
264 PHAPPAPI
265 VOID
266 NTAPI
267 PhDereferenceProcessRecord(
268  _In_ PPH_PROCESS_RECORD ProcessRecord
269  );
270 
271 PHAPPAPI
272 PPH_PROCESS_RECORD
273 NTAPI
274 PhFindProcessRecord(
275  _In_opt_ HANDLE ProcessId,
276  _In_ PLARGE_INTEGER Time
277  );
278 
279 PHAPPAPI
280 PPH_PROCESS_ITEM
281 NTAPI
282 PhReferenceProcessItemForParent(
283  _In_ HANDLE ParentProcessId,
284  _In_ HANDLE ProcessId,
285  _In_ PLARGE_INTEGER CreateTime
286  );
287 
288 PHAPPAPI
289 PPH_PROCESS_ITEM
290 NTAPI
291 PhReferenceProcessItemForRecord(
292  _In_ PPH_PROCESS_RECORD Record
293  );
294 
295 PHAPPAPI extern PH_CALLBACK PhServiceAddedEvent; // phapppub
296 PHAPPAPI extern PH_CALLBACK PhServiceModifiedEvent; // phapppub
297 PHAPPAPI extern PH_CALLBACK PhServiceRemovedEvent; // phapppub
298 PHAPPAPI extern PH_CALLBACK PhServicesUpdatedEvent; // phapppub
299 
300 typedef struct _PH_SERVICE_ITEM
301 {
302  PH_STRINGREF Key; // points to Name
303  PPH_STRING Name;
304  PPH_STRING DisplayName;
305 
306  // State
307  ULONG Type;
308  ULONG State;
309  ULONG ControlsAccepted;
310  ULONG Flags; // e.g. SERVICE_RUNS_IN_SYSTEM_PROCESS
311  HANDLE ProcessId;
312 
313  // Config
314  ULONG StartType;
315  ULONG ErrorControl;
316 
317 } PH_SERVICE_ITEM, *PPH_SERVICE_ITEM;
318 
319 typedef struct _PH_SERVICE_MODIFIED_DATA
320 {
321  PPH_SERVICE_ITEM Service;
322  PH_SERVICE_ITEM OldService;
323 } PH_SERVICE_MODIFIED_DATA, *PPH_SERVICE_MODIFIED_DATA;
324 
325 typedef enum _PH_SERVICE_CHANGE
326 {
327  ServiceStarted,
328  ServiceContinued,
329  ServicePaused,
330  ServiceStopped
331 } PH_SERVICE_CHANGE, *PPH_SERVICE_CHANGE;
332 
333 PHAPPAPI
334 PPH_SERVICE_ITEM
335 NTAPI
336 PhReferenceServiceItem(
337  _In_ PWSTR Name
338  );
339 
340 PHAPPAPI
341 PH_SERVICE_CHANGE
342 NTAPI
343 PhGetServiceChange(
344  _In_ PPH_SERVICE_MODIFIED_DATA Data
345  );
346 
347 PHAPPAPI extern PH_CALLBACK PhNetworkItemAddedEvent; // phapppub
348 PHAPPAPI extern PH_CALLBACK PhNetworkItemModifiedEvent; // phapppub
349 PHAPPAPI extern PH_CALLBACK PhNetworkItemRemovedEvent; // phapppub
350 PHAPPAPI extern PH_CALLBACK PhNetworkItemsUpdatedEvent; // phapppub
351 
352 #define PH_NETWORK_OWNER_INFO_SIZE 16
353 
354 typedef struct _PH_NETWORK_ITEM
355 {
356  ULONG ProtocolType;
357  PH_IP_ENDPOINT LocalEndpoint;
358  PH_IP_ENDPOINT RemoteEndpoint;
359  ULONG State;
360  HANDLE ProcessId;
361 
362  PPH_STRING ProcessName;
363  HICON ProcessIcon;
364  BOOLEAN ProcessIconValid;
365  PPH_STRING OwnerName;
366 
367  BOOLEAN JustResolved;
368 
369  WCHAR LocalAddressString[65];
370  WCHAR LocalPortString[PH_INT32_STR_LEN_1];
371  WCHAR RemoteAddressString[65];
372  WCHAR RemotePortString[PH_INT32_STR_LEN_1];
373  PPH_STRING LocalHostString;
374  PPH_STRING RemoteHostString;
375 
376  LARGE_INTEGER CreateTime;
377  ULONGLONG OwnerInfo[PH_NETWORK_OWNER_INFO_SIZE];
378 } PH_NETWORK_ITEM, *PPH_NETWORK_ITEM;
379 
380 PHAPPAPI
381 PPH_NETWORK_ITEM
382 NTAPI
383 PhReferenceNetworkItem(
384  _In_ ULONG ProtocolType,
385  _In_ PPH_IP_ENDPOINT LocalEndpoint,
386  _In_ PPH_IP_ENDPOINT RemoteEndpoint,
387  _In_ HANDLE ProcessId
388  );
389 
390 PHAPPAPI
391 PWSTR
392 NTAPI
393 PhGetProtocolTypeName(
394  _In_ ULONG ProtocolType
395  );
396 
397 PHAPPAPI
398 PWSTR
399 NTAPI
400 PhGetTcpStateName(
401  _In_ ULONG State
402  );
403 
404 typedef struct _PH_MODULE_ITEM
405 {
406  PVOID BaseAddress;
407  ULONG Size;
408  ULONG Flags;
409  ULONG Type;
410  USHORT LoadReason;
411  USHORT LoadCount;
412  PPH_STRING Name;
413  PPH_STRING FileName;
414  PH_IMAGE_VERSION_INFO VersionInfo;
415 
416  WCHAR BaseAddressString[PH_PTR_STR_LEN_1];
417 
418  BOOLEAN IsFirst;
419  BOOLEAN JustProcessed;
420 
421  VERIFY_RESULT VerifyResult;
422  PPH_STRING VerifySignerName;
423 
424  ULONG ImageTimeDateStamp;
425  USHORT ImageCharacteristics;
426  USHORT ImageDllCharacteristics;
427 
428  LARGE_INTEGER LoadTime;
429 } PH_MODULE_ITEM, *PPH_MODULE_ITEM;
430 
431 typedef struct _PH_MODULE_PROVIDER
432 {
433  PPH_HASHTABLE ModuleHashtable;
434  PH_FAST_LOCK ModuleHashtableLock;
435  PH_CALLBACK ModuleAddedEvent;
436  PH_CALLBACK ModuleModifiedEvent;
437  PH_CALLBACK ModuleRemovedEvent;
438  PH_CALLBACK UpdatedEvent;
439 
440  HANDLE ProcessId;
441  HANDLE ProcessHandle;
442  PPH_STRING PackageFullName;
443  SLIST_HEADER QueryListHead;
444  NTSTATUS RunStatus;
445 } PH_MODULE_PROVIDER, *PPH_MODULE_PROVIDER;
446 
447 typedef struct _PH_THREAD_ITEM
448 {
449  HANDLE ThreadId;
450 
451  LARGE_INTEGER CreateTime;
452  LARGE_INTEGER KernelTime;
453  LARGE_INTEGER UserTime;
454 
455  FLOAT CpuUsage;
456  PH_UINT64_DELTA CpuKernelDelta;
457  PH_UINT64_DELTA CpuUserDelta;
458 
459  PH_UINT32_DELTA ContextSwitchesDelta;
460  PH_UINT64_DELTA CyclesDelta;
461  LONG Priority;
462  LONG BasePriority;
463  ULONG64 StartAddress;
464  PPH_STRING StartAddressString;
465  PPH_STRING StartAddressFileName;
466  enum _PH_SYMBOL_RESOLVE_LEVEL StartAddressResolveLevel;
467  KTHREAD_STATE State;
468  KWAIT_REASON WaitReason;
469  LONG PriorityWin32;
470  PPH_STRING ServiceName;
471 
472  HANDLE ThreadHandle;
473 
474  BOOLEAN IsGuiThread;
475  BOOLEAN JustResolved;
476 
477  WCHAR ThreadIdString[PH_INT32_STR_LEN_1];
478 } PH_THREAD_ITEM, *PPH_THREAD_ITEM;
479 
480 typedef enum _PH_KNOWN_PROCESS_TYPE PH_KNOWN_PROCESS_TYPE;
481 
482 typedef struct _PH_THREAD_PROVIDER
483 {
484  PPH_HASHTABLE ThreadHashtable;
485  PH_FAST_LOCK ThreadHashtableLock;
486  PH_CALLBACK ThreadAddedEvent;
487  PH_CALLBACK ThreadModifiedEvent;
488  PH_CALLBACK ThreadRemovedEvent;
489  PH_CALLBACK UpdatedEvent;
490  PH_CALLBACK LoadingStateChangedEvent;
491 
492  HANDLE ProcessId;
493  HANDLE ProcessHandle;
494  BOOLEAN HasServices;
495  BOOLEAN HasServicesKnown;
496  BOOLEAN Terminating;
497  struct _PH_SYMBOL_PROVIDER *SymbolProvider;
498 
499  SLIST_HEADER QueryListHead;
500  PH_QUEUED_LOCK LoadSymbolsLock;
501  LONG SymbolsLoading;
502  ULONG64 RunId;
503  ULONG64 SymbolsLoadedRunId;
504 } PH_THREAD_PROVIDER, *PPH_THREAD_PROVIDER;
505 
506 PHAPPAPI
507 PPH_STRING
508 NTAPI
509 PhGetThreadPriorityWin32String(
510  _In_ LONG PriorityWin32
511  );
512 
513 #define PH_HANDLE_FILE_SHARED_READ 0x1
514 #define PH_HANDLE_FILE_SHARED_WRITE 0x2
515 #define PH_HANDLE_FILE_SHARED_DELETE 0x4
516 #define PH_HANDLE_FILE_SHARED_MASK 0x7
517 
518 typedef struct _PH_HANDLE_ITEM
519 {
520  PH_HASH_ENTRY HashEntry;
521 
522  HANDLE Handle;
523  PVOID Object;
524  ULONG Attributes;
525  ACCESS_MASK GrantedAccess;
526  ULONG FileFlags;
527 
528  PPH_STRING TypeName;
529  PPH_STRING ObjectName;
530  PPH_STRING BestObjectName;
531 
532  WCHAR HandleString[PH_PTR_STR_LEN_1];
533  WCHAR ObjectString[PH_PTR_STR_LEN_1];
534  WCHAR GrantedAccessString[PH_PTR_STR_LEN_1];
535 } PH_HANDLE_ITEM, *PPH_HANDLE_ITEM;
536 
537 typedef struct _PH_HANDLE_PROVIDER
538 {
539  PPH_HASH_ENTRY *HandleHashSet;
540  ULONG HandleHashSetSize;
541  ULONG HandleHashSetCount;
542  PH_QUEUED_LOCK HandleHashSetLock;
543 
544  PH_CALLBACK HandleAddedEvent;
545  PH_CALLBACK HandleModifiedEvent;
546  PH_CALLBACK HandleRemovedEvent;
547  PH_CALLBACK UpdatedEvent;
548 
549  HANDLE ProcessId;
550  HANDLE ProcessHandle;
551 
552  PPH_HASHTABLE TempListHashtable;
553  NTSTATUS RunStatus;
554 } PH_HANDLE_PROVIDER, *PPH_HANDLE_PROVIDER;
555 
556 typedef enum _PH_MEMORY_REGION_TYPE
557 {
558  UnknownRegion,
559  CustomRegion,
560  UnusableRegion,
561  MappedFileRegion,
562  UserSharedDataRegion,
563  PebRegion,
564  Peb32Region,
565  TebRegion,
566  Teb32Region, // Not used
567  StackRegion,
568  Stack32Region,
569  HeapRegion,
570  Heap32Region,
571  HeapSegmentRegion,
572  HeapSegment32Region
573 } PH_MEMORY_REGION_TYPE;
574 
575 typedef struct _PH_MEMORY_ITEM
576 {
577  LIST_ENTRY ListEntry;
578  PH_AVL_LINKS Links;
579 
580  union
581  {
582  struct
583  {
584  PVOID BaseAddress;
585  PVOID AllocationBase;
586  ULONG AllocationProtect;
587  SIZE_T RegionSize;
588  ULONG State;
589  ULONG Protect;
590  ULONG Type;
591  };
592  MEMORY_BASIC_INFORMATION BasicInfo;
593  };
594 
595  struct _PH_MEMORY_ITEM *AllocationBaseItem;
596 
597  SIZE_T CommittedSize;
598  SIZE_T PrivateSize;
599 
600  SIZE_T TotalWorkingSetPages;
601  SIZE_T PrivateWorkingSetPages;
602  SIZE_T SharedWorkingSetPages;
603  SIZE_T ShareableWorkingSetPages;
604  SIZE_T LockedWorkingSetPages;
605 
606  PH_MEMORY_REGION_TYPE RegionType;
607 
608  union
609  {
610  struct
611  {
612  PPH_STRING Text;
613  BOOLEAN PropertyOfAllocationBase;
614  } Custom;
615  struct
616  {
617  PPH_STRING FileName;
618  } MappedFile;
619  struct
620  {
621  HANDLE ThreadId;
622  } Teb;
623  struct
624  {
625  HANDLE ThreadId;
626  } Stack;
627  struct
628  {
629  ULONG Index;
630  } Heap;
631  struct
632  {
633  struct _PH_MEMORY_ITEM *HeapItem;
634  } HeapSegment;
635  } u;
636 } PH_MEMORY_ITEM, *PPH_MEMORY_ITEM;
637 
638 typedef struct _PH_MEMORY_ITEM_LIST
639 {
640  HANDLE ProcessId;
641  PH_AVL_TREE Set;
642  LIST_ENTRY ListHead;
643 } PH_MEMORY_ITEM_LIST, *PPH_MEMORY_ITEM_LIST;
644 
645 PHAPPAPI
646 VOID
647 NTAPI
648 PhDeleteMemoryItemList(
649  _In_ PPH_MEMORY_ITEM_LIST List
650  );
651 
652 PHAPPAPI
653 PPH_MEMORY_ITEM
654 NTAPI
655 PhLookupMemoryItemList(
656  _In_ PPH_MEMORY_ITEM_LIST List,
657  _In_ PVOID Address
658  );
659 
660 #define PH_QUERY_MEMORY_IGNORE_FREE 0x1
661 #define PH_QUERY_MEMORY_REGION_TYPE 0x2
662 #define PH_QUERY_MEMORY_WS_COUNTERS 0x4
663 
664 PHAPPAPI
665 NTSTATUS
666 NTAPI
667 PhQueryMemoryItemList(
668  _In_ HANDLE ProcessId,
669  _In_ ULONG Flags,
670  _Out_ PPH_MEMORY_ITEM_LIST List
671  );
672 
673 //
674 // colmgr
675 //
676 
677 typedef LONG (NTAPI *PPH_CM_POST_SORT_FUNCTION)(
678  _In_ LONG Result,
679  _In_ PVOID Node1,
680  _In_ PVOID Node2,
681  _In_ PH_SORT_ORDER SortOrder
682  );
683 
684 PHAPPAPI
685 BOOLEAN
686 NTAPI
687 PhCmLoadSettings(
688  _In_ HWND TreeNewHandle,
689  _In_ PPH_STRINGREF Settings
690  );
691 
692 PHAPPAPI
693 PPH_STRING
694 NTAPI
695 PhCmSaveSettings(
696  _In_ HWND TreeNewHandle
697  );
698 
699 //
700 // uimodels
701 //
702 
703 // Common state highlighting support
704 
705 typedef struct _PH_SH_STATE
706 {
707  PH_ITEM_STATE State;
708  HANDLE StateListHandle;
709  ULONG TickCount;
710 } PH_SH_STATE, *PPH_SH_STATE;
711 
712 typedef struct _PH_PROCESS_NODE
713 {
714  PH_TREENEW_NODE Node;
715 
716  PH_HASH_ENTRY HashEntry;
717 
718  PH_SH_STATE ShState;
719 
720  HANDLE ProcessId;
721  PPH_PROCESS_ITEM ProcessItem;
722 
723  struct _PH_PROCESS_NODE *Parent;
724  PPH_LIST Children;
725 
726 } PH_PROCESS_NODE, *PPH_PROCESS_NODE;
727 
728 PHAPPAPI
729 struct _PH_TN_FILTER_SUPPORT *
730 NTAPI
731 PhGetFilterSupportProcessTreeList(
732  VOID
733  );
734 
735 PHAPPAPI
736 PPH_PROCESS_NODE
737 NTAPI
738 PhFindProcessNode(
739  _In_ HANDLE ProcessId
740  );
741 
742 PHAPPAPI
743 VOID
744 NTAPI
745 PhUpdateProcessNode(
746  _In_ PPH_PROCESS_NODE ProcessNode
747  );
748 
749 PHAPPAPI
750 PPH_PROCESS_ITEM
751 NTAPI
752 PhGetSelectedProcessItem(
753  VOID
754  );
755 
756 PHAPPAPI
757 VOID
758 NTAPI
759 PhGetSelectedProcessItems(
760  _Out_ PPH_PROCESS_ITEM **Processes,
761  _Out_ PULONG NumberOfProcesses
762  );
763 
764 PHAPPAPI
765 VOID
766 NTAPI
767 PhDeselectAllProcessNodes(
768  VOID
769  );
770 
771 PHAPPAPI
772 VOID
773 NTAPI
774 PhExpandAllProcessNodes(
775  _In_ BOOLEAN Expand
776  );
777 
778 PHAPPAPI
779 VOID
780 NTAPI
781 PhInvalidateAllProcessNodes(
782  VOID
783  );
784 
785 PHAPPAPI
786 VOID
787 NTAPI
788 PhSelectAndEnsureVisibleProcessNode(
789  _In_ PPH_PROCESS_NODE ProcessNode
790  );
791 
792 typedef struct _PH_SERVICE_NODE
793 {
794  PH_TREENEW_NODE Node;
795 
796  PH_SH_STATE ShState;
797 
798  PPH_SERVICE_ITEM ServiceItem;
799 
800 } PH_SERVICE_NODE, *PPH_SERVICE_NODE;
801 
802 PHAPPAPI
803 struct _PH_TN_FILTER_SUPPORT *
804 NTAPI
805 PhGetFilterSupportServiceTreeList(
806  VOID
807  );
808 
809 PHAPPAPI
810 PPH_SERVICE_NODE
811 NTAPI
812 PhFindServiceNode(
813  _In_ PPH_SERVICE_ITEM ServiceItem
814  );
815 
816 PHAPPAPI
817 VOID
818 NTAPI
819 PhUpdateServiceNode(
820  _In_ PPH_SERVICE_NODE ServiceNode
821  );
822 
823 PHAPPAPI
824 PPH_SERVICE_ITEM
825 NTAPI
826 PhGetSelectedServiceItem(
827  VOID
828  );
829 
830 PHAPPAPI
831 VOID
832 NTAPI
833 PhGetSelectedServiceItems(
834  _Out_ PPH_SERVICE_ITEM **Services,
835  _Out_ PULONG NumberOfServices
836  );
837 
838 PHAPPAPI
839 VOID
840 NTAPI
841 PhDeselectAllServiceNodes(
842  VOID
843  );
844 
845 PHAPPAPI
846 VOID
847 NTAPI
848 PhSelectAndEnsureVisibleServiceNode(
849  _In_ PPH_SERVICE_NODE ServiceNode
850  );
851 
852 typedef struct _PH_NETWORK_NODE
853 {
854  PH_TREENEW_NODE Node;
855 
856  PH_SH_STATE ShState;
857 
858  PPH_NETWORK_ITEM NetworkItem;
859 
860 } PH_NETWORK_NODE, *PPH_NETWORK_NODE;
861 
862 PHAPPAPI
863 struct _PH_TN_FILTER_SUPPORT *
864 NTAPI
865 PhGetFilterSupportNetworkTreeList(
866  VOID
867  );
868 
869 PHAPPAPI
870 PPH_NETWORK_NODE
871 NTAPI
872 PhFindNetworkNode(
873  _In_ PPH_NETWORK_ITEM NetworkItem
874  );
875 
876 typedef struct _PH_THREAD_NODE
877 {
878  PH_TREENEW_NODE Node;
879 
880  PH_SH_STATE ShState;
881 
882  HANDLE ThreadId;
883  PPH_THREAD_ITEM ThreadItem;
884 
885 } PH_THREAD_NODE, *PPH_THREAD_NODE;
886 
887 typedef struct _PH_MODULE_NODE
888 {
889  PH_TREENEW_NODE Node;
890 
891  PH_SH_STATE ShState;
892 
893  PPH_MODULE_ITEM ModuleItem;
894 
895 } PH_MODULE_NODE, *PPH_MODULE_NODE;
896 
897 typedef struct _PH_HANDLE_NODE
898 {
899  PH_TREENEW_NODE Node;
900 
901  PH_SH_STATE ShState;
902 
903  HANDLE Handle;
904  PPH_HANDLE_ITEM HandleItem;
905 
906 } PH_HANDLE_NODE, *PPH_HANDLE_NODE;
907 
908 typedef struct _PH_MEMORY_NODE
909 {
910  PH_TREENEW_NODE Node;
911 
912  BOOLEAN IsAllocationBase;
913  BOOLEAN Reserved1;
914  USHORT Reserved2;
915  PPH_MEMORY_ITEM MemoryItem;
916 
917  struct _PH_MEMORY_NODE *Parent;
918  PPH_LIST Children;
919 
920 } PH_MEMORY_NODE, *PPH_MEMORY_NODE;
921 
922 //
923 // phapp
924 //
925 
926 typedef struct _PH_SYMBOL_PROVIDER *PPH_SYMBOL_PROVIDER; // phapppub
927 
928 PHAPPAPI extern HFONT PhApplicationFont; // phapppub
929 
930 PHAPPAPI
931 VOID
932 NTAPI
933 PhRegisterDialog(
934  _In_ HWND DialogWindowHandle
935  );
936 
937 PHAPPAPI
938 VOID
939 NTAPI
940 PhUnregisterDialog(
941  _In_ HWND DialogWindowHandle
942  );
943 
944 typedef BOOLEAN (NTAPI *PPH_MESSAGE_LOOP_FILTER)(
945  _In_ PMSG Message,
946  _In_ PVOID Context
947  );
948 
949 typedef struct _PH_MESSAGE_LOOP_FILTER_ENTRY
950 {
951  PPH_MESSAGE_LOOP_FILTER Filter;
952  PVOID Context;
953 } PH_MESSAGE_LOOP_FILTER_ENTRY, *PPH_MESSAGE_LOOP_FILTER_ENTRY;
954 
955 PHAPPAPI
956 struct _PH_MESSAGE_LOOP_FILTER_ENTRY *
957 NTAPI
958 PhRegisterMessageLoopFilter(
959  _In_ PPH_MESSAGE_LOOP_FILTER Filter,
960  _In_opt_ PVOID Context
961  );
962 
963 PHAPPAPI
964 VOID
965 NTAPI
966 PhUnregisterMessageLoopFilter(
967  _In_ struct _PH_MESSAGE_LOOP_FILTER_ENTRY *FilterEntry
968  );
969 
970 PHAPPAPI
971 BOOLEAN
972 NTAPI
973 PhGetProcessIsSuspended(
974  _In_ PSYSTEM_PROCESS_INFORMATION Process
975  );
976 
977 typedef enum _PH_KNOWN_PROCESS_TYPE
978 {
979  UnknownProcessType,
980  SystemProcessType, // ntoskrnl/ntkrnlpa/...
981  SessionManagerProcessType, // smss
982  WindowsSubsystemProcessType, // csrss
983  WindowsStartupProcessType, // wininit
984  ServiceControlManagerProcessType, // services
985  LocalSecurityAuthorityProcessType, // lsass
986  LocalSessionManagerProcessType, // lsm
987  WindowsLogonProcessType, // winlogon
988  ServiceHostProcessType, // svchost
989  RunDllAsAppProcessType, // rundll32
990  ComSurrogateProcessType, // dllhost
991  TaskHostProcessType, // taskeng, taskhost, taskhostex
992  ExplorerProcessType, // explorer
993  UmdfHostProcessType, // wudfhost
994  MaximumProcessType,
995  KnownProcessTypeMask = 0xffff,
996 
997  KnownProcessWow64 = 0x20000
998 } PH_KNOWN_PROCESS_TYPE;
999 
1000 PHAPPAPI
1001 NTSTATUS
1002 NTAPI
1003 PhGetProcessKnownType(
1004  _In_ HANDLE ProcessHandle,
1005  _Out_ PH_KNOWN_PROCESS_TYPE *KnownProcessType
1006  );
1007 
1008 typedef union _PH_KNOWN_PROCESS_COMMAND_LINE
1009 {
1010  struct
1011  {
1012  PPH_STRING GroupName;
1013  } ServiceHost;
1014  struct
1015  {
1016  PPH_STRING FileName;
1017  PPH_STRING ProcedureName;
1018  } RunDllAsApp;
1019  struct
1020  {
1021  GUID Guid;
1022  PPH_STRING Name; // optional
1023  PPH_STRING FileName; // optional
1024  } ComSurrogate;
1025 } PH_KNOWN_PROCESS_COMMAND_LINE, *PPH_KNOWN_PROCESS_COMMAND_LINE;
1026 
1027 PHAPPAPI
1028 BOOLEAN
1029 NTAPI
1030 PhaGetProcessKnownCommandLine(
1031  _In_ PPH_STRING CommandLine,
1032  _In_ PH_KNOWN_PROCESS_TYPE KnownProcessType,
1033  _Out_ PPH_KNOWN_PROCESS_COMMAND_LINE KnownCommandLine
1034  );
1035 
1036 PHAPPAPI
1037 VOID
1038 NTAPI
1039 PhSearchOnlineString(
1040  _In_ HWND hWnd,
1041  _In_ PWSTR String
1042  );
1043 
1044 PHAPPAPI
1045 VOID
1046 NTAPI
1047 PhShellExecuteUserString(
1048  _In_ HWND hWnd,
1049  _In_ PWSTR Setting,
1050  _In_ PWSTR String,
1051  _In_ BOOLEAN UseShellExecute,
1052  _In_opt_ PWSTR ErrorMessage
1053  );
1054 
1055 PHAPPAPI
1056 VOID
1057 NTAPI
1058 PhLoadSymbolProviderOptions(
1059  _Inout_ PPH_SYMBOL_PROVIDER SymbolProvider
1060  );
1061 
1062 PHAPPAPI
1063 VOID
1064 NTAPI
1065 PhCopyListViewInfoTip(
1066  _Inout_ LPNMLVGETINFOTIP GetInfoTip,
1067  _In_ PPH_STRINGREF Tip
1068  );
1069 
1070 PHAPPAPI
1071 VOID
1072 NTAPI
1073 PhCopyListView(
1074  _In_ HWND ListViewHandle
1075  );
1076 
1077 PHAPPAPI
1078 VOID PhHandleListViewNotifyForCopy(
1079  _In_ LPARAM lParam,
1080  _In_ HWND ListViewHandle
1081  );
1082 
1083 PHAPPAPI
1084 BOOLEAN
1085 NTAPI
1086 PhGetListViewContextMenuPoint(
1087  _In_ HWND ListViewHandle,
1088  _Out_ PPOINT Point
1089  );
1090 
1091 PHAPPAPI
1092 VOID
1093 NTAPI
1094 PhLoadWindowPlacementFromSetting(
1095  _In_opt_ PWSTR PositionSettingName,
1096  _In_opt_ PWSTR SizeSettingName,
1097  _In_ HWND WindowHandle
1098  );
1099 
1100 PHAPPAPI
1101 VOID
1102 NTAPI
1103 PhSaveWindowPlacementToSetting(
1104  _In_opt_ PWSTR PositionSettingName,
1105  _In_opt_ PWSTR SizeSettingName,
1106  _In_ HWND WindowHandle
1107  );
1108 
1109 PHAPPAPI
1110 VOID
1111 NTAPI
1112 PhLoadListViewColumnsFromSetting(
1113  _In_ PWSTR Name,
1114  _In_ HWND ListViewHandle
1115  );
1116 
1117 PHAPPAPI
1118 VOID
1119 NTAPI
1120 PhSaveListViewColumnsToSetting(
1121  _In_ PWSTR Name,
1122  _In_ HWND ListViewHandle
1123  );
1124 
1125 PHAPPAPI
1126 PPH_STRING
1127 NTAPI
1128 PhGetPhVersion(
1129  VOID
1130  );
1131 
1132 PHAPPAPI
1133 VOID
1134 NTAPI
1135 PhGetPhVersionNumbers(
1136  _Out_opt_ PULONG MajorVersion,
1137  _Out_opt_ PULONG MinorVersion,
1138  _Reserved_ PULONG Reserved,
1139  _Out_opt_ PULONG RevisionNumber
1140  );
1141 
1142 PHAPPAPI
1143 VOID
1144 NTAPI
1145 PhWritePhTextHeader(
1146  _Inout_ PPH_FILE_STREAM FileStream
1147  );
1148 
1149 #define PH_SHELL_APP_PROPAGATE_PARAMETERS 0x1
1150 #define PH_SHELL_APP_PROPAGATE_PARAMETERS_IGNORE_VISIBILITY 0x2
1151 #define PH_SHELL_APP_PROPAGATE_PARAMETERS_FORCE_SETTINGS 0x4
1152 
1153 PHAPPAPI
1154 BOOLEAN
1155 NTAPI
1156 PhShellProcessHacker(
1157  _In_opt_ HWND hWnd,
1158  _In_opt_ PWSTR Parameters,
1159  _In_ ULONG ShowWindowType,
1160  _In_ ULONG Flags,
1161  _In_ ULONG AppFlags,
1162  _In_opt_ ULONG Timeout,
1163  _Out_opt_ PHANDLE ProcessHandle
1164  );
1165 
1166 typedef struct _PH_TN_COLUMN_MENU_DATA
1167 {
1168  HWND TreeNewHandle;
1169  PPH_TREENEW_HEADER_MOUSE_EVENT MouseEvent;
1170  ULONG DefaultSortColumn;
1171  PH_SORT_ORDER DefaultSortOrder;
1172 
1173  struct _PH_EMENU_ITEM *Menu;
1174  struct _PH_EMENU_ITEM *Selection;
1175  ULONG ProcessedId;
1176 } PH_TN_COLUMN_MENU_DATA, *PPH_TN_COLUMN_MENU_DATA;
1177 
1178 #define PH_TN_COLUMN_MENU_HIDE_COLUMN_ID ((ULONG)-1)
1179 #define PH_TN_COLUMN_MENU_CHOOSE_COLUMNS_ID ((ULONG)-2)
1180 #define PH_TN_COLUMN_MENU_SIZE_COLUMN_TO_FIT_ID ((ULONG)-3)
1181 #define PH_TN_COLUMN_MENU_SIZE_ALL_COLUMNS_TO_FIT_ID ((ULONG)-4)
1182 #define PH_TN_COLUMN_MENU_RESET_SORT_ID ((ULONG)-5)
1183 
1184 PHAPPAPI
1185 VOID
1186 NTAPI
1187 PhInitializeTreeNewColumnMenu(
1188  _Inout_ PPH_TN_COLUMN_MENU_DATA Data
1189  );
1190 
1191 PHAPPAPI
1192 BOOLEAN
1193 NTAPI
1194 PhHandleTreeNewColumnMenu(
1195  _Inout_ PPH_TN_COLUMN_MENU_DATA Data
1196  );
1197 
1198 PHAPPAPI
1199 VOID
1200 NTAPI
1201 PhDeleteTreeNewColumnMenu(
1202  _In_ PPH_TN_COLUMN_MENU_DATA Data
1203  );
1204 
1205 typedef struct _PH_TN_FILTER_SUPPORT
1206 {
1207  PPH_LIST FilterList;
1208  HWND TreeNewHandle;
1209  PPH_LIST NodeList;
1210 } PH_TN_FILTER_SUPPORT, *PPH_TN_FILTER_SUPPORT;
1211 
1212 typedef BOOLEAN (NTAPI *PPH_TN_FILTER_FUNCTION)(
1213  _In_ PPH_TREENEW_NODE Node,
1214  _In_opt_ PVOID Context
1215  );
1216 
1217 typedef struct _PH_TN_FILTER_ENTRY
1218 {
1219  PPH_TN_FILTER_FUNCTION Filter;
1220  PVOID Context;
1221 } PH_TN_FILTER_ENTRY, *PPH_TN_FILTER_ENTRY;
1222 
1223 PHAPPAPI
1224 VOID
1225 NTAPI
1226 PhInitializeTreeNewFilterSupport(
1227  _Out_ PPH_TN_FILTER_SUPPORT Support,
1228  _In_ HWND TreeNewHandle,
1229  _In_ PPH_LIST NodeList
1230  );
1231 
1232 PHAPPAPI
1233 VOID
1234 NTAPI
1235 PhDeleteTreeNewFilterSupport(
1236  _In_ PPH_TN_FILTER_SUPPORT Support
1237  );
1238 
1239 PHAPPAPI
1240 PPH_TN_FILTER_ENTRY
1241 NTAPI
1242 PhAddTreeNewFilter(
1243  _In_ PPH_TN_FILTER_SUPPORT Support,
1244  _In_ PPH_TN_FILTER_FUNCTION Filter,
1245  _In_opt_ PVOID Context
1246  );
1247 
1248 PHAPPAPI
1249 VOID
1250 NTAPI
1251 PhRemoveTreeNewFilter(
1252  _In_ PPH_TN_FILTER_SUPPORT Support,
1253  _In_ PPH_TN_FILTER_ENTRY Entry
1254  );
1255 
1256 PHAPPAPI
1257 BOOLEAN
1258 NTAPI
1259 PhApplyTreeNewFiltersToNode(
1260  _In_ PPH_TN_FILTER_SUPPORT Support,
1261  _In_ PPH_TREENEW_NODE Node
1262  );
1263 
1264 PHAPPAPI
1265 VOID
1266 NTAPI
1267 PhApplyTreeNewFilters(
1268  _In_ PPH_TN_FILTER_SUPPORT Support
1269  );
1270 
1271 #define PH_MAINWND_CLASSNAME L"ProcessHacker" // phapppub
1272 
1273 PHAPPAPI extern HWND PhMainWndHandle; // phapppub
1274 
1275 #define WM_PH_SHOW_PROCESS_PROPERTIES (WM_APP + 120)
1276 #define WM_PH_DESTROY (WM_APP + 121)
1277 #define WM_PH_SAVE_ALL_SETTINGS (WM_APP + 122)
1278 #define WM_PH_PREPARE_FOR_EARLY_SHUTDOWN (WM_APP + 123)
1279 #define WM_PH_CANCEL_EARLY_SHUTDOWN (WM_APP + 124)
1280 #define WM_PH_TOGGLE_VISIBLE (WM_APP + 127)
1281 #define WM_PH_SHOW_MEMORY_EDITOR (WM_APP + 128)
1282 #define WM_PH_SHOW_MEMORY_RESULTS (WM_APP + 129)
1283 #define WM_PH_SELECT_TAB_PAGE (WM_APP + 130)
1284 #define WM_PH_GET_CALLBACK_LAYOUT_PADDING (WM_APP + 131)
1285 #define WM_PH_INVALIDATE_LAYOUT_PADDING (WM_APP + 132)
1286 #define WM_PH_SELECT_PROCESS_NODE (WM_APP + 133)
1287 #define WM_PH_SELECT_SERVICE_ITEM (WM_APP + 134)
1288 #define WM_PH_SELECT_NETWORK_ITEM (WM_APP + 135)
1289 #define WM_PH_INVOKE (WM_APP + 138)
1290 #define WM_PH_ADD_MENU_ITEM (WM_APP + 139)
1291 #define WM_PH_ADD_TAB_PAGE (WM_APP + 140)
1292 #define WM_PH_REFRESH (WM_APP + 141)
1293 #define WM_PH_GET_UPDATE_AUTOMATICALLY (WM_APP + 142)
1294 #define WM_PH_SET_UPDATE_AUTOMATICALLY (WM_APP + 143)
1295 
1296 #define ProcessHacker_ShowProcessProperties(hWnd, ProcessItem) \
1297  SendMessage(hWnd, WM_PH_SHOW_PROCESS_PROPERTIES, 0, (LPARAM)(ProcessItem))
1298 #define ProcessHacker_Destroy(hWnd) \
1299  SendMessage(hWnd, WM_PH_DESTROY, 0, 0)
1300 #define ProcessHacker_SaveAllSettings(hWnd) \
1301  SendMessage(hWnd, WM_PH_SAVE_ALL_SETTINGS, 0, 0)
1302 #define ProcessHacker_PrepareForEarlyShutdown(hWnd) \
1303  SendMessage(hWnd, WM_PH_PREPARE_FOR_EARLY_SHUTDOWN, 0, 0)
1304 #define ProcessHacker_CancelEarlyShutdown(hWnd) \
1305  SendMessage(hWnd, WM_PH_CANCEL_EARLY_SHUTDOWN, 0, 0)
1306 #define ProcessHacker_ToggleVisible(hWnd, AlwaysShow) \
1307  SendMessage(hWnd, WM_PH_TOGGLE_VISIBLE, (WPARAM)(AlwaysShow), 0)
1308 #define ProcessHacker_ShowMemoryEditor(hWnd, ShowMemoryEditor) \
1309  PostMessage(hWnd, WM_PH_SHOW_MEMORY_EDITOR, 0, (LPARAM)(ShowMemoryEditor))
1310 #define ProcessHacker_ShowMemoryResults(hWnd, ShowMemoryResults) \
1311  PostMessage(hWnd, WM_PH_SHOW_MEMORY_RESULTS, 0, (LPARAM)(ShowMemoryResults))
1312 #define ProcessHacker_SelectTabPage(hWnd, Index) \
1313  SendMessage(hWnd, WM_PH_SELECT_TAB_PAGE, (WPARAM)(Index), 0)
1314 #define ProcessHacker_GetCallbackLayoutPadding(hWnd) \
1315  ((PPH_CALLBACK)SendMessage(hWnd, WM_PH_GET_CALLBACK_LAYOUT_PADDING, 0, 0))
1316 #define ProcessHacker_InvalidateLayoutPadding(hWnd) \
1317  SendMessage(hWnd, WM_PH_INVALIDATE_LAYOUT_PADDING, 0, 0)
1318 #define ProcessHacker_SelectProcessNode(hWnd, ProcessNode) \
1319  SendMessage(hWnd, WM_PH_SELECT_PROCESS_NODE, 0, (LPARAM)(ProcessNode))
1320 #define ProcessHacker_SelectServiceItem(hWnd, ServiceItem) \
1321  SendMessage(hWnd, WM_PH_SELECT_SERVICE_ITEM, 0, (LPARAM)(ServiceItem))
1322 #define ProcessHacker_SelectNetworkItem(hWnd, NetworkItem) \
1323  SendMessage(hWnd, WM_PH_SELECT_NETWORK_ITEM, 0, (LPARAM)(NetworkItem))
1324 #define ProcessHacker_Invoke(hWnd, Function, Parameter) \
1325  PostMessage(hWnd, WM_PH_INVOKE, (WPARAM)(Parameter), (LPARAM)(Function))
1326 #define ProcessHacker_AddMenuItem(hWnd, AddMenuItem) \
1327  ((ULONG_PTR)SendMessage(hWnd, WM_PH_ADD_MENU_ITEM, 0, (LPARAM)(AddMenuItem)))
1328 #define ProcessHacker_AddTabPage(hWnd, TabPage) \
1329  ((PPH_ADDITIONAL_TAB_PAGE)SendMessage(hWnd, WM_PH_ADD_TAB_PAGE, 0, (LPARAM)(TabPage)))
1330 #define ProcessHacker_Refresh(hWnd) \
1331  SendMessage(hWnd, WM_PH_REFRESH, 0, 0)
1332 #define ProcessHacker_GetUpdateAutomatically(hWnd) \
1333  ((BOOLEAN)SendMessage(hWnd, WM_PH_GET_UPDATE_AUTOMATICALLY, 0, 0))
1334 #define ProcessHacker_SetUpdateAutomatically(hWnd, Value) \
1335  SendMessage(hWnd, WM_PH_SET_UPDATE_AUTOMATICALLY, (WPARAM)(Value), 0)
1336 
1337 typedef struct _PH_LAYOUT_PADDING_DATA
1338 {
1339  RECT Padding;
1340 } PH_LAYOUT_PADDING_DATA, *PPH_LAYOUT_PADDING_DATA;
1341 
1342 typedef struct _PH_ADDMENUITEM
1343 {
1344  _In_ PVOID Plugin;
1345  _In_ ULONG Location;
1346  _In_opt_ PWSTR InsertAfter;
1347  _In_ ULONG Flags;
1348  _In_ ULONG Id;
1349  _In_ PWSTR Text;
1350  _In_opt_ PVOID Context;
1351 } PH_ADDMENUITEM, *PPH_ADDMENUITEM;
1352 
1353 typedef HWND (NTAPI *PPH_TAB_PAGE_CREATE_FUNCTION)(
1354  _In_ PVOID Context
1355  );
1356 
1357 typedef VOID (NTAPI *PPH_TAB_PAGE_CALLBACK_FUNCTION)(
1358  _In_ PVOID Parameter1,
1359  _In_ PVOID Parameter2,
1360  _In_ PVOID Parameter3,
1361  _In_ PVOID Context
1362  );
1363 
1364 typedef struct _PH_ADDITIONAL_TAB_PAGE
1365 {
1366  PWSTR Text;
1367  PVOID Context;
1368  PPH_TAB_PAGE_CREATE_FUNCTION CreateFunction;
1369  HWND WindowHandle;
1370  INT Index;
1371  PPH_TAB_PAGE_CALLBACK_FUNCTION SelectionChangedCallback;
1372  PPH_TAB_PAGE_CALLBACK_FUNCTION SaveContentCallback;
1373  PPH_TAB_PAGE_CALLBACK_FUNCTION FontChangedCallback;
1374  PPH_TAB_PAGE_CALLBACK_FUNCTION InitializeSectionMenuItemsCallback;
1375  PVOID Reserved[3];
1376 } PH_ADDITIONAL_TAB_PAGE, *PPH_ADDITIONAL_TAB_PAGE;
1377 
1378 #define PH_NOTIFY_MINIMUM 0x1
1379 #define PH_NOTIFY_PROCESS_CREATE 0x1
1380 #define PH_NOTIFY_PROCESS_DELETE 0x2
1381 #define PH_NOTIFY_SERVICE_CREATE 0x4
1382 #define PH_NOTIFY_SERVICE_DELETE 0x8
1383 #define PH_NOTIFY_SERVICE_START 0x10
1384 #define PH_NOTIFY_SERVICE_STOP 0x20
1385 #define PH_NOTIFY_MAXIMUM 0x40
1386 #define PH_NOTIFY_VALID_MASK 0x3f
1387 
1388 PHAPPAPI
1389 VOID
1390 NTAPI
1391 PhShowIconNotification(
1392  _In_ PWSTR Title,
1393  _In_ PWSTR Text,
1394  _In_ ULONG Flags
1395  );
1396 
1397 typedef struct _PH_PROCESS_PROPCONTEXT *PPH_PROCESS_PROPCONTEXT; // phapppub
1398 
1399 typedef struct _PH_PROCESS_PROPPAGECONTEXT
1400 {
1401  PPH_PROCESS_PROPCONTEXT PropContext;
1402  PVOID Context;
1403  PROPSHEETPAGE PropSheetPage;
1404 
1405  BOOLEAN LayoutInitialized;
1406 } PH_PROCESS_PROPPAGECONTEXT, *PPH_PROCESS_PROPPAGECONTEXT;
1407 
1408 PHAPPAPI
1409 PPH_PROCESS_PROPCONTEXT
1410 NTAPI
1411 PhCreateProcessPropContext(
1412  _In_ HWND ParentWindowHandle,
1413  _In_ PPH_PROCESS_ITEM ProcessItem
1414  );
1415 
1416 PHAPPAPI
1417 VOID
1418 NTAPI
1419 PhSetSelectThreadIdProcessPropContext(
1420  _Inout_ PPH_PROCESS_PROPCONTEXT PropContext,
1421  _In_ HANDLE ThreadId
1422  );
1423 
1424 PHAPPAPI
1425 BOOLEAN
1426 NTAPI
1427 PhAddProcessPropPage(
1428  _Inout_ PPH_PROCESS_PROPCONTEXT PropContext,
1429  _In_ _Assume_refs_(1) PPH_PROCESS_PROPPAGECONTEXT PropPageContext
1430  );
1431 
1432 PHAPPAPI
1433 BOOLEAN
1434 NTAPI
1435 PhAddProcessPropPage2(
1436  _Inout_ PPH_PROCESS_PROPCONTEXT PropContext,
1437  _In_ HPROPSHEETPAGE PropSheetPageHandle
1438  );
1439 
1440 PHAPPAPI
1441 PPH_PROCESS_PROPPAGECONTEXT
1442 NTAPI
1443 PhCreateProcessPropPageContext(
1444  _In_ LPCWSTR Template,
1445  _In_ DLGPROC DlgProc,
1446  _In_opt_ PVOID Context
1447  );
1448 
1449 PHAPPAPI
1450 PPH_PROCESS_PROPPAGECONTEXT
1451 NTAPI
1452 PhCreateProcessPropPageContextEx(
1453  _In_opt_ PVOID InstanceHandle,
1454  _In_ LPCWSTR Template,
1455  _In_ DLGPROC DlgProc,
1456  _In_opt_ PVOID Context
1457  );
1458 
1459 PHAPPAPI
1460 BOOLEAN
1461 NTAPI
1462 PhPropPageDlgProcHeader(
1463  _In_ HWND hwndDlg,
1464  _In_ UINT uMsg,
1465  _In_ LPARAM lParam,
1466  _Out_ LPPROPSHEETPAGE *PropSheetPage,
1467  _Out_ PPH_PROCESS_PROPPAGECONTEXT *PropPageContext,
1468  _Out_ PPH_PROCESS_ITEM *ProcessItem
1469  );
1470 
1471 PHAPPAPI
1472 VOID
1473 NTAPI
1474 PhPropPageDlgProcDestroy(
1475  _In_ HWND hwndDlg
1476  );
1477 
1478 #define PH_PROP_PAGE_TAB_CONTROL_PARENT ((PPH_LAYOUT_ITEM)0x1)
1479 
1480 PHAPPAPI
1481 PPH_LAYOUT_ITEM
1482 NTAPI
1483 PhAddPropPageLayoutItem(
1484  _In_ HWND hwnd,
1485  _In_ HWND Handle,
1486  _In_ PPH_LAYOUT_ITEM ParentItem,
1487  _In_ ULONG Anchor
1488  );
1489 
1490 PHAPPAPI
1491 VOID
1492 NTAPI
1493 PhDoPropPageLayout(
1494  _In_ HWND hwnd
1495  );
1496 
1497 FORCEINLINE
1498 PPH_LAYOUT_ITEM
1499 PhBeginPropPageLayout(
1500  _In_ HWND hwndDlg,
1501  _In_ PPH_PROCESS_PROPPAGECONTEXT PropPageContext
1502  )
1503 {
1504  if (!PropPageContext->LayoutInitialized)
1505  {
1506  return PhAddPropPageLayoutItem(hwndDlg, hwndDlg,
1507  PH_PROP_PAGE_TAB_CONTROL_PARENT, PH_ANCHOR_ALL);
1508  }
1509  else
1510  {
1511  return NULL;
1512  }
1513 }
1514 
1515 FORCEINLINE
1516 VOID
1517 PhEndPropPageLayout(
1518  _In_ HWND hwndDlg,
1519  _In_ PPH_PROCESS_PROPPAGECONTEXT PropPageContext
1520  )
1521 {
1522  PhDoPropPageLayout(hwndDlg);
1523  PropPageContext->LayoutInitialized = TRUE;
1524 }
1525 
1526 PHAPPAPI
1527 BOOLEAN
1528 NTAPI
1529 PhShowProcessProperties(
1530  _In_ PPH_PROCESS_PROPCONTEXT Context
1531  );
1532 
1533 #define PH_LOG_ENTRY_MESSAGE 9 // phapppub
1534 
1535 typedef struct _PH_LOG_ENTRY *PPH_LOG_ENTRY; // phapppub
1536 
1537 PHAPPAPI extern PH_CALLBACK PhLoggedCallback; // phapppub
1538 
1539 PHAPPAPI
1540 VOID
1541 NTAPI
1542 PhLogMessageEntry(
1543  _In_ UCHAR Type,
1544  _In_ PPH_STRING Message
1545  );
1546 
1547 PHAPPAPI
1548 PPH_STRING
1549 NTAPI
1550 PhFormatLogEntry(
1551  _In_ PPH_LOG_ENTRY Entry
1552  );
1553 
1554 typedef enum _PH_PHSVC_MODE
1555 {
1556  ElevatedPhSvcMode,
1557  Wow64PhSvcMode
1558 } PH_PHSVC_MODE;
1559 
1560 PHAPPAPI
1561 BOOLEAN
1562 NTAPI
1563 PhUiConnectToPhSvc(
1564  _In_opt_ HWND hWnd,
1565  _In_ BOOLEAN ConnectOnly
1566  );
1567 
1568 PHAPPAPI
1569 BOOLEAN
1570 NTAPI
1571 PhUiConnectToPhSvcEx(
1572  _In_opt_ HWND hWnd,
1573  _In_ PH_PHSVC_MODE Mode,
1574  _In_ BOOLEAN ConnectOnly
1575  );
1576 
1577 PHAPPAPI
1578 VOID
1579 NTAPI
1580 PhUiDisconnectFromPhSvc(
1581  VOID
1582  );
1583 
1584 PHAPPAPI
1585 BOOLEAN
1586 NTAPI
1587 PhUiLockComputer(
1588  _In_ HWND hWnd
1589  );
1590 
1591 PHAPPAPI
1592 BOOLEAN
1593 NTAPI
1594 PhUiLogoffComputer(
1595  _In_ HWND hWnd
1596  );
1597 
1598 PHAPPAPI
1599 BOOLEAN
1600 NTAPI
1601 PhUiSleepComputer(
1602  _In_ HWND hWnd
1603  );
1604 
1605 PHAPPAPI
1606 BOOLEAN
1607 NTAPI
1608 PhUiHibernateComputer(
1609  _In_ HWND hWnd
1610  );
1611 
1612 PHAPPAPI
1613 BOOLEAN
1614 NTAPI
1615 PhUiRestartComputer(
1616  _In_ HWND hWnd,
1617  _In_ ULONG Flags
1618  );
1619 
1620 PHAPPAPI
1621 BOOLEAN
1622 NTAPI
1623 PhUiShutdownComputer(
1624  _In_ HWND hWnd,
1625  _In_ ULONG Flags
1626  );
1627 
1628 PHAPPAPI
1629 BOOLEAN
1630 NTAPI
1631 PhUiConnectSession(
1632  _In_ HWND hWnd,
1633  _In_ ULONG SessionId
1634  );
1635 
1636 PHAPPAPI
1637 BOOLEAN
1638 NTAPI
1639 PhUiDisconnectSession(
1640  _In_ HWND hWnd,
1641  _In_ ULONG SessionId
1642  );
1643 
1644 PHAPPAPI
1645 BOOLEAN
1646 NTAPI
1647 PhUiLogoffSession(
1648  _In_ HWND hWnd,
1649  _In_ ULONG SessionId
1650  );
1651 
1652 PHAPPAPI
1653 BOOLEAN
1654 NTAPI
1655 PhUiTerminateProcesses(
1656  _In_ HWND hWnd,
1657  _In_ PPH_PROCESS_ITEM *Processes,
1658  _In_ ULONG NumberOfProcesses
1659  );
1660 
1661 PHAPPAPI
1662 BOOLEAN
1663 NTAPI
1664 PhUiTerminateTreeProcess(
1665  _In_ HWND hWnd,
1666  _In_ PPH_PROCESS_ITEM Process
1667  );
1668 
1669 PHAPPAPI
1670 BOOLEAN
1671 NTAPI
1672 PhUiSuspendProcesses(
1673  _In_ HWND hWnd,
1674  _In_ PPH_PROCESS_ITEM *Processes,
1675  _In_ ULONG NumberOfProcesses
1676  );
1677 
1678 PHAPPAPI
1679 BOOLEAN
1680 NTAPI
1681 PhUiResumeProcesses(
1682  _In_ HWND hWnd,
1683  _In_ PPH_PROCESS_ITEM *Processes,
1684  _In_ ULONG NumberOfProcesses
1685  );
1686 
1687 PHAPPAPI
1688 BOOLEAN
1689 NTAPI
1690 PhUiRestartProcess(
1691  _In_ HWND hWnd,
1692  _In_ PPH_PROCESS_ITEM Process
1693  );
1694 
1695 PHAPPAPI
1696 BOOLEAN
1697 NTAPI
1698 PhUiDebugProcess(
1699  _In_ HWND hWnd,
1700  _In_ PPH_PROCESS_ITEM Process
1701  );
1702 
1703 PHAPPAPI
1704 BOOLEAN
1705 NTAPI
1706 PhUiReduceWorkingSetProcesses(
1707  _In_ HWND hWnd,
1708  _In_ PPH_PROCESS_ITEM *Processes,
1709  _In_ ULONG NumberOfProcesses
1710  );
1711 
1712 PHAPPAPI
1713 BOOLEAN
1714 NTAPI
1715 PhUiSetVirtualizationProcess(
1716  _In_ HWND hWnd,
1717  _In_ PPH_PROCESS_ITEM Process,
1718  _In_ BOOLEAN Enable
1719  );
1720 
1721 PHAPPAPI
1722 BOOLEAN
1723 NTAPI
1724 PhUiDetachFromDebuggerProcess(
1725  _In_ HWND hWnd,
1726  _In_ PPH_PROCESS_ITEM Process
1727  );
1728 
1729 PHAPPAPI
1730 BOOLEAN
1731 NTAPI
1732 PhUiInjectDllProcess(
1733  _In_ HWND hWnd,
1734  _In_ PPH_PROCESS_ITEM Process
1735  );
1736 
1737 PHAPPAPI
1738 BOOLEAN
1739 NTAPI
1740 PhUiSetIoPriorityProcesses(
1741  _In_ HWND hWnd,
1742  _In_ PPH_PROCESS_ITEM *Processes,
1743  _In_ ULONG NumberOfProcesses,
1744  _In_ ULONG IoPriority
1745  );
1746 
1747 PHAPPAPI
1748 BOOLEAN
1749 NTAPI
1750 PhUiSetPagePriorityProcess(
1751  _In_ HWND hWnd,
1752  _In_ PPH_PROCESS_ITEM Process,
1753  _In_ ULONG PagePriority
1754  );
1755 
1756 PHAPPAPI
1757 BOOLEAN
1758 NTAPI
1759 PhUiSetPriorityProcesses(
1760  _In_ HWND hWnd,
1761  _In_ PPH_PROCESS_ITEM *Processes,
1762  _In_ ULONG NumberOfProcesses,
1763  _In_ ULONG PriorityClass
1764  );
1765 
1766 PHAPPAPI
1767 BOOLEAN
1768 NTAPI
1769 PhUiSetDepStatusProcess(
1770  _In_ HWND hWnd,
1771  _In_ PPH_PROCESS_ITEM Process
1772  );
1773 
1774 PHAPPAPI
1775 BOOLEAN
1776 NTAPI
1777 PhUiStartService(
1778  _In_ HWND hWnd,
1779  _In_ PPH_SERVICE_ITEM Service
1780  );
1781 
1782 PHAPPAPI
1783 BOOLEAN
1784 NTAPI
1785 PhUiContinueService(
1786  _In_ HWND hWnd,
1787  _In_ PPH_SERVICE_ITEM Service
1788  );
1789 
1790 PHAPPAPI
1791 BOOLEAN
1792 NTAPI
1793 PhUiPauseService(
1794  _In_ HWND hWnd,
1795  _In_ PPH_SERVICE_ITEM Service
1796  );
1797 
1798 PHAPPAPI
1799 BOOLEAN
1800 NTAPI
1801 PhUiStopService(
1802  _In_ HWND hWnd,
1803  _In_ PPH_SERVICE_ITEM Service
1804  );
1805 
1806 PHAPPAPI
1807 BOOLEAN
1808 NTAPI
1809 PhUiDeleteService(
1810  _In_ HWND hWnd,
1811  _In_ PPH_SERVICE_ITEM Service
1812  );
1813 
1814 PHAPPAPI
1815 BOOLEAN
1816 NTAPI
1817 PhUiCloseConnections(
1818  _In_ HWND hWnd,
1819  _In_ PPH_NETWORK_ITEM *Connections,
1820  _In_ ULONG NumberOfConnections
1821  );
1822 
1823 PHAPPAPI
1824 BOOLEAN
1825 NTAPI
1826 PhUiTerminateThreads(
1827  _In_ HWND hWnd,
1828  _In_ PPH_THREAD_ITEM *Threads,
1829  _In_ ULONG NumberOfThreads
1830  );
1831 
1832 PHAPPAPI
1833 BOOLEAN
1834 NTAPI
1835 PhUiForceTerminateThreads(
1836  _In_ HWND hWnd,
1837  _In_ HANDLE ProcessId,
1838  _In_ PPH_THREAD_ITEM *Threads,
1839  _In_ ULONG NumberOfThreads
1840  );
1841 
1842 PHAPPAPI
1843 BOOLEAN
1844 NTAPI
1845 PhUiSuspendThreads(
1846  _In_ HWND hWnd,
1847  _In_ PPH_THREAD_ITEM *Threads,
1848  _In_ ULONG NumberOfThreads
1849  );
1850 
1851 PHAPPAPI
1852 BOOLEAN
1853 NTAPI
1854 PhUiResumeThreads(
1855  _In_ HWND hWnd,
1856  _In_ PPH_THREAD_ITEM *Threads,
1857  _In_ ULONG NumberOfThreads
1858  );
1859 
1860 PHAPPAPI
1861 BOOLEAN
1862 NTAPI
1863 PhUiSetPriorityThread(
1864  _In_ HWND hWnd,
1865  _In_ PPH_THREAD_ITEM Thread,
1866  _In_ ULONG ThreadPriorityWin32
1867  );
1868 
1869 PHAPPAPI
1870 BOOLEAN
1871 NTAPI
1872 PhUiSetIoPriorityThread(
1873  _In_ HWND hWnd,
1874  _In_ PPH_THREAD_ITEM Thread,
1875  _In_ ULONG IoPriority
1876  );
1877 
1878 PHAPPAPI
1879 BOOLEAN
1880 NTAPI
1881 PhUiSetPagePriorityThread(
1882  _In_ HWND hWnd,
1883  _In_ PPH_THREAD_ITEM Thread,
1884  _In_ ULONG PagePriority
1885  );
1886 
1887 PHAPPAPI
1888 BOOLEAN
1889 NTAPI
1890 PhUiUnloadModule(
1891  _In_ HWND hWnd,
1892  _In_ HANDLE ProcessId,
1893  _In_ PPH_MODULE_ITEM Module
1894  );
1895 
1896 PHAPPAPI
1897 BOOLEAN
1898 NTAPI
1899 PhUiFreeMemory(
1900  _In_ HWND hWnd,
1901  _In_ HANDLE ProcessId,
1902  _In_ PPH_MEMORY_ITEM MemoryItem,
1903  _In_ BOOLEAN Free
1904  );
1905 
1906 PHAPPAPI
1907 BOOLEAN
1908 NTAPI
1909 PhUiCloseHandles(
1910  _In_ HWND hWnd,
1911  _In_ HANDLE ProcessId,
1912  _In_ PPH_HANDLE_ITEM *Handles,
1913  _In_ ULONG NumberOfHandles,
1914  _In_ BOOLEAN Warn
1915  );
1916 
1917 PHAPPAPI
1918 BOOLEAN
1919 NTAPI
1920 PhUiSetAttributesHandle(
1921  _In_ HWND hWnd,
1922  _In_ HANDLE ProcessId,
1923  _In_ PPH_HANDLE_ITEM Handle,
1924  _In_ ULONG Attributes
1925  );
1926 
1927 PHAPPAPI
1928 BOOLEAN
1929 NTAPI
1930 PhShowProcessAffinityDialog2(
1931  _In_ HWND ParentWindowHandle,
1932  _In_ ULONG_PTR AffinityMask,
1933  _Out_ PULONG_PTR NewAffinityMask
1934  );
1935 
1936 #define PH_CHOICE_DIALOG_SAVED_CHOICES 10
1937 
1938 #define PH_CHOICE_DIALOG_CHOICE 0x0
1939 #define PH_CHOICE_DIALOG_USER_CHOICE 0x1
1940 #define PH_CHOICE_DIALOG_PASSWORD 0x2
1941 #define PH_CHOICE_DIALOG_TYPE_MASK 0x3
1942 
1943 PHAPPAPI
1944 BOOLEAN
1945 NTAPI
1946 PhaChoiceDialog(
1947  _In_ HWND ParentWindowHandle,
1948  _In_ PWSTR Title,
1949  _In_ PWSTR Message,
1950  _In_opt_ PWSTR *Choices,
1951  _In_opt_ ULONG NumberOfChoices,
1952  _In_opt_ PWSTR Option,
1953  _In_ ULONG Flags,
1954  _Inout_ PPH_STRING *SelectedChoice,
1955  _Inout_opt_ PBOOLEAN SelectedOption,
1956  _In_opt_ PWSTR SavedChoicesSettingName
1957  );
1958 
1959 PHAPPAPI
1960 BOOLEAN
1961 NTAPI
1962 PhShowChooseProcessDialog(
1963  _In_ HWND ParentWindowHandle,
1964  _In_ PWSTR Message,
1965  _Out_ PHANDLE ProcessId
1966  );
1967 
1968 PHAPPAPI
1969 VOID
1970 NTAPI
1971 PhShowProcessRecordDialog(
1972  _In_ HWND ParentWindowHandle,
1973  _In_ PPH_PROCESS_RECORD Record
1974  );
1975 
1976 PHAPPAPI
1977 NTSTATUS
1978 NTAPI
1979 PhExecuteRunAsCommand2(
1980  _In_ HWND hWnd,
1981  _In_ PWSTR Program,
1982  _In_opt_ PWSTR UserName,
1983  _In_opt_ PWSTR Password,
1984  _In_opt_ ULONG LogonType,
1985  _In_opt_ HANDLE ProcessIdWithToken,
1986  _In_ ULONG SessionId,
1987  _In_ PWSTR DesktopName,
1988  _In_ BOOLEAN UseLinkedToken
1989  );
1990 
1991 #define WM_PH_SET_LIST_VIEW_SETTINGS (WM_APP + 701)
1992 
1993 PHAPPAPI
1994 HWND
1995 NTAPI
1996 PhCreateServiceListControl(
1997  _In_ HWND ParentWindowHandle,
1998  _In_ PPH_SERVICE_ITEM *Services,
1999  _In_ ULONG NumberOfServices
2000  );
2001 
2002 //
2003 // extmgr
2004 //
2005 
2006 typedef enum _PH_EM_OBJECT_TYPE
2007 {
2008  EmProcessItemType,
2009  EmProcessNodeType,
2010  EmServiceItemType,
2011  EmServiceNodeType,
2012  EmNetworkItemType,
2013  EmNetworkNodeType,
2014  EmThreadItemType,
2015  EmThreadNodeType,
2016  EmModuleItemType,
2017  EmModuleNodeType,
2018  EmHandleItemType,
2019  EmHandleNodeType,
2020  EmThreadsContextType,
2021  EmModulesContextType,
2022  EmHandlesContextType,
2023  EmThreadProviderType,
2024  EmModuleProviderType,
2025  EmHandleProviderType,
2026  EmMemoryNodeType,
2027  EmMemoryContextType,
2028  EmMaximumObjectType
2029 } PH_EM_OBJECT_TYPE;
2030 
2031 typedef enum _PH_EM_OBJECT_OPERATION
2032 {
2033  EmObjectCreate,
2034  EmObjectDelete,
2035  EmMaximumObjectOperation
2036 } PH_EM_OBJECT_OPERATION;
2037 
2038 typedef VOID (NTAPI *PPH_EM_OBJECT_CALLBACK)(
2039  _In_ PVOID Object,
2040  _In_ PH_EM_OBJECT_TYPE ObjectType,
2041  _In_ PVOID Extension
2042  );
2043 
2044 //
2045 // notifico
2046 //
2047 
2048 typedef VOID (NTAPI *PPH_NF_UPDATE_REGISTERED_ICON)(
2049  _In_ struct _PH_NF_ICON *Icon
2050  );
2051 
2052 typedef VOID (NTAPI *PPH_NF_BEGIN_BITMAP)(
2053  _Out_ PULONG Width,
2054  _Out_ PULONG Height,
2055  _Out_ HBITMAP *Bitmap,
2056  _Out_opt_ PVOID *Bits,
2057  _Out_ HDC *Hdc,
2058  _Out_ HBITMAP *OldBitmap
2059  );
2060 
2061 typedef struct _PH_NF_POINTERS
2062 {
2063  PPH_NF_UPDATE_REGISTERED_ICON UpdateRegisteredIcon;
2064  PPH_NF_BEGIN_BITMAP BeginBitmap;
2065 } PH_NF_POINTERS, *PPH_NF_POINTERS;
2066 
2067 #define PH_NF_UPDATE_IS_BITMAP 0x1
2068 #define PH_NF_UPDATE_DESTROY_RESOURCE 0x2
2069 
2070 typedef VOID (NTAPI *PPH_NF_ICON_UPDATE_CALLBACK)(
2071  _In_ struct _PH_NF_ICON *Icon,
2072  _Out_ PVOID *NewIconOrBitmap,
2073  _Out_ PULONG Flags,
2074  _Out_ PPH_STRING *NewText,
2075  _In_opt_ PVOID Context
2076  );
2077 
2078 typedef BOOLEAN (NTAPI *PPH_NF_ICON_MESSAGE_CALLBACK)(
2079  _In_ struct _PH_NF_ICON *Icon,
2080  _In_ ULONG_PTR WParam,
2081  _In_ ULONG_PTR LParam,
2082  _In_opt_ PVOID Context
2083  );
2084 
2085 // Special messages
2086 // The message type is stored in LOWORD(LParam), and the message data is in WParam.
2087 
2088 #define PH_NF_MSG_SHOWMINIINFOSECTION (WM_APP + 1)
2089 
2090 typedef struct _PH_NF_MSG_SHOWMINIINFOSECTION_DATA
2091 {
2092  PWSTR SectionName; // NULL to leave unchanged
2093 } PH_NF_MSG_SHOWMINIINFOSECTION_DATA, *PPH_NF_MSG_SHOWMINIINFOSECTION_DATA;
2094 
2095 // Structures and internal functions
2096 
2097 #define PH_NF_ICON_UNAVAILABLE 0x1
2098 #define PH_NF_ICON_SHOW_MINIINFO 0x2
2099 
2100 typedef struct _PH_NF_ICON
2101 {
2102  // Public
2103 
2104  struct _PH_PLUGIN *Plugin;
2105  ULONG SubId;
2106  PVOID Context;
2107  PPH_NF_POINTERS Pointers;
2108 
2109 } PH_NF_ICON, *PPH_NF_ICON;
2110 
2111 // Public registration data
2112 
2113 typedef struct _PH_NF_ICON_REGISTRATION_DATA
2114 {
2115  PPH_NF_ICON_UPDATE_CALLBACK UpdateCallback;
2116  PPH_NF_ICON_MESSAGE_CALLBACK MessageCallback;
2117 } PH_NF_ICON_REGISTRATION_DATA, *PPH_NF_ICON_REGISTRATION_DATA;
2118 
2119 //
2120 // settings
2121 //
2122 
2123 typedef enum _PH_SETTING_TYPE
2124 {
2125  StringSettingType,
2126  IntegerSettingType,
2127  IntegerPairSettingType
2128 } PH_SETTING_TYPE, PPH_SETTING_TYPE;
2129 
2130 PHAPPAPI
2131 _May_raise_ ULONG
2132 NTAPI
2133 PhGetIntegerSetting(
2134  _In_ PWSTR Name
2135  );
2136 
2137 PHAPPAPI
2138 _May_raise_ PH_INTEGER_PAIR
2139 NTAPI
2140 PhGetIntegerPairSetting(
2141  _In_ PWSTR Name
2142  );
2143 
2144 PHAPPAPI
2145 _May_raise_ PPH_STRING
2146 NTAPI
2147 PhGetStringSetting(
2148  _In_ PWSTR Name
2149  );
2150 
2151 PHAPPAPI
2152 _May_raise_ VOID
2153 NTAPI
2154 PhSetIntegerSetting(
2155  _In_ PWSTR Name,
2156  _In_ ULONG Value
2157  );
2158 
2159 PHAPPAPI
2160 _May_raise_ VOID
2161 NTAPI
2162 PhSetIntegerPairSetting(
2163  _In_ PWSTR Name,
2164  _In_ PH_INTEGER_PAIR Value
2165  );
2166 
2167 PHAPPAPI
2168 _May_raise_ VOID
2169 NTAPI
2170 PhSetStringSetting(
2171  _In_ PWSTR Name,
2172  _In_ PWSTR Value
2173  );
2174 
2175 PHAPPAPI
2176 _May_raise_ VOID
2177 NTAPI
2178 PhSetStringSetting2(
2179  _In_ PWSTR Name,
2180  _In_ PPH_STRINGREF Value
2181  );
2182 
2183 #define PhaGetStringSetting(Name) ((PPH_STRING)PhAutoDereferenceObject(PhGetStringSetting(Name))) // phapppub
2184 
2185 // High-level settings creation
2186 
2187 typedef struct _PH_SETTING_CREATE
2188 {
2189  PH_SETTING_TYPE Type;
2190  PWSTR Name;
2191  PWSTR DefaultValue;
2192 } PH_SETTING_CREATE, *PPH_SETTING_CREATE;
2193 
2194 PHAPPAPI
2195 VOID
2196 NTAPI
2197 PhAddSettings(
2198  _In_ PPH_SETTING_CREATE Settings,
2199  _In_ ULONG NumberOfSettings
2200  );
2201 
2202 //
2203 // sysinfo
2204 //
2205 
2206 typedef enum _PH_SYSINFO_VIEW_TYPE
2207 {
2208  SysInfoSummaryView,
2209  SysInfoSectionView
2210 } PH_SYSINFO_VIEW_TYPE;
2211 
2212 typedef VOID (NTAPI *PPH_SYSINFO_COLOR_SETUP_FUNCTION)(
2213  _Out_ PPH_GRAPH_DRAW_INFO DrawInfo,
2214  _In_ COLORREF Color1,
2215  _In_ COLORREF Color2
2216  );
2217 
2218 typedef struct _PH_SYSINFO_PARAMETERS
2219 {
2220  HWND SysInfoWindowHandle;
2221  HWND ContainerWindowHandle;
2222 
2223  HFONT Font;
2224  HFONT MediumFont;
2225  HFONT LargeFont;
2226  ULONG FontHeight;
2227  ULONG FontAverageWidth;
2228  ULONG MediumFontHeight;
2229  ULONG MediumFontAverageWidth;
2230  COLORREF GraphBackColor;
2231  COLORREF PanelForeColor;
2232  PPH_SYSINFO_COLOR_SETUP_FUNCTION ColorSetupFunction;
2233 
2234  ULONG MinimumGraphHeight;
2235  ULONG SectionViewGraphHeight;
2236  ULONG PanelWidth;
2237 } PH_SYSINFO_PARAMETERS, *PPH_SYSINFO_PARAMETERS;
2238 
2239 typedef enum _PH_SYSINFO_SECTION_MESSAGE
2240 {
2241  SysInfoCreate,
2242  SysInfoDestroy,
2243  SysInfoTick,
2244  SysInfoViewChanging, // PH_SYSINFO_VIEW_TYPE Parameter1, PPH_SYSINFO_SECTION Parameter2
2245  SysInfoCreateDialog, // PPH_SYSINFO_CREATE_DIALOG Parameter1
2246  SysInfoGraphGetDrawInfo, // PPH_GRAPH_DRAW_INFO Parameter1
2247  SysInfoGraphGetTooltipText, // PPH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT Parameter1
2248  SysInfoGraphDrawPanel, // PPH_SYSINFO_DRAW_PANEL Parameter1
2249  MaxSysInfoMessage
2250 } PH_SYSINFO_SECTION_MESSAGE;
2251 
2252 typedef BOOLEAN (NTAPI *PPH_SYSINFO_SECTION_CALLBACK)(
2253  _In_ struct _PH_SYSINFO_SECTION *Section,
2254  _In_ PH_SYSINFO_SECTION_MESSAGE Message,
2255  _In_opt_ PVOID Parameter1,
2256  _In_opt_ PVOID Parameter2
2257  );
2258 
2259 typedef struct _PH_SYSINFO_CREATE_DIALOG
2260 {
2261  BOOLEAN CustomCreate;
2262 
2263  // Parameters for default create
2264  PVOID Instance;
2265  PWSTR Template;
2266  DLGPROC DialogProc;
2267  PVOID Parameter;
2268 } PH_SYSINFO_CREATE_DIALOG, *PPH_SYSINFO_CREATE_DIALOG;
2269 
2270 typedef struct _PH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT
2271 {
2272  ULONG Index;
2273  PH_STRINGREF Text;
2274 } PH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT, *PPH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT;
2275 
2276 typedef struct _PH_SYSINFO_DRAW_PANEL
2277 {
2278  HDC hdc;
2279  RECT Rect;
2280  BOOLEAN CustomDraw;
2281 
2282  // Parameters for default draw
2283  PPH_STRING Title;
2284  PPH_STRING SubTitle;
2285  PPH_STRING SubTitleOverflow;
2286 } PH_SYSINFO_DRAW_PANEL, *PPH_SYSINFO_DRAW_PANEL;
2287 
2288 typedef struct _PH_SYSINFO_SECTION
2289 {
2290  // Public
2291 
2292  // Initialization
2293  PH_STRINGREF Name;
2294  ULONG Flags;
2295  PPH_SYSINFO_SECTION_CALLBACK Callback;
2296  PVOID Context;
2297  PVOID Reserved[3];
2298 
2299  // State
2300  HWND GraphHandle;
2301  PH_GRAPH_STATE GraphState;
2302  PPH_SYSINFO_PARAMETERS Parameters;
2303  PVOID Reserved2[3];
2304 
2305 } PH_SYSINFO_SECTION, *PPH_SYSINFO_SECTION;
2306 
2307 PHAPPAPI
2308 VOID
2309 NTAPI
2310 PhSiSetColorsGraphDrawInfo(
2311  _Out_ PPH_GRAPH_DRAW_INFO DrawInfo,
2312  _In_ COLORREF Color1,
2313  _In_ COLORREF Color2
2314  );
2315 
2316 //
2317 // procgrp
2318 //
2319 
2320 typedef struct _PH_PROCESS_GROUP
2321 {
2322  PPH_PROCESS_ITEM Representative; // An element of Processes (no extra reference added)
2323  PPH_LIST Processes; // List of PPH_PROCESS_ITEM
2324 } PH_PROCESS_GROUP, *PPH_PROCESS_GROUP;
2325 
2326 //
2327 // miniinfo
2328 //
2329 
2330 // Section
2331 
2332 typedef VOID (NTAPI *PPH_MINIINFO_SET_SECTION_TEXT)(
2333  _In_ struct _PH_MINIINFO_SECTION *Section,
2334  _In_opt_ PPH_STRING Text
2335  );
2336 
2337 typedef struct _PH_MINIINFO_PARAMETERS
2338 {
2339  HWND ContainerWindowHandle;
2340  HWND MiniInfoWindowHandle;
2341 
2342  HFONT Font;
2343  HFONT MediumFont;
2344  ULONG FontHeight;
2345  ULONG FontAverageWidth;
2346  ULONG MediumFontHeight;
2347  ULONG MediumFontAverageWidth;
2348 
2349  PPH_MINIINFO_SET_SECTION_TEXT SetSectionText;
2350 } PH_MINIINFO_PARAMETERS, *PPH_MINIINFO_PARAMETERS;
2351 
2352 typedef enum _PH_MINIINFO_SECTION_MESSAGE
2353 {
2354  MiniInfoCreate,
2355  MiniInfoDestroy,
2356  MiniInfoTick,
2357  MiniInfoSectionChanging, // PPH_MINIINFO_SECTION Parameter1
2358  MiniInfoShowing, // BOOLEAN Parameter1 (Showing)
2359  MiniInfoCreateDialog, // PPH_MINIINFO_CREATE_DIALOG Parameter1
2360  MaxMiniInfoMessage
2361 } PH_MINIINFO_SECTION_MESSAGE;
2362 
2363 typedef BOOLEAN (NTAPI *PPH_MINIINFO_SECTION_CALLBACK)(
2364  _In_ struct _PH_MINIINFO_SECTION *Section,
2365  _In_ PH_MINIINFO_SECTION_MESSAGE Message,
2366  _In_opt_ PVOID Parameter1,
2367  _In_opt_ PVOID Parameter2
2368  );
2369 
2370 typedef struct _PH_MINIINFO_CREATE_DIALOG
2371 {
2372  BOOLEAN CustomCreate;
2373 
2374  // Parameters for default create
2375  PVOID Instance;
2376  PWSTR Template;
2377  DLGPROC DialogProc;
2378  PVOID Parameter;
2379 } PH_MINIINFO_CREATE_DIALOG, *PPH_MINIINFO_CREATE_DIALOG;
2380 
2381 #define PH_MINIINFO_SECTION_NO_UPPER_MARGINS 0x1
2382 
2383 typedef struct _PH_MINIINFO_SECTION
2384 {
2385  // Public
2386 
2387  // Initialization
2388  PH_STRINGREF Name;
2389  ULONG Flags;
2390  PPH_MINIINFO_SECTION_CALLBACK Callback;
2391  PVOID Context;
2392  PVOID Reserved1[3];
2393 
2394  PPH_MINIINFO_PARAMETERS Parameters;
2395  PVOID Reserved2[3];
2396 
2397 } PH_MINIINFO_SECTION, *PPH_MINIINFO_SECTION;
2398 
2399 // List section
2400 
2401 typedef enum _PH_MINIINFO_LIST_SECTION_MESSAGE
2402 {
2403  MiListSectionCreate,
2404  MiListSectionDestroy,
2405  MiListSectionTick,
2406  MiListSectionShowing, // BOOLEAN Parameter1 (Showing)
2407  MiListSectionDialogCreated, // HWND Parameter1
2408  MiListSectionSortProcessList, // PPH_MINIINFO_LIST_SECTION_SORT_LIST Parameter1
2409  MiListSectionAssignSortData, // PPH_MINIINFO_LIST_SECTION_ASSIGN_SORT_DATA Parameter1
2410  MiListSectionSortGroupList, // PPH_MINIINFO_LIST_SECTION_SORT_LIST Parameter1
2411  MiListSectionGetTitleText, // PPH_MINIINFO_LIST_SECTION_GET_TITLE_TEXT Parameter1
2412  MiListSectionGetUsageText, // PPH_MINIINFO_LIST_SECTION_GET_USAGE_TEXT Parameter1
2413  MiListSectionInitializeContextMenu, // PPH_MINIINFO_LIST_SECTION_MENU_INFORMATION Parameter1
2414  MiListSectionHandleContextMenu, // PPH_MINIINFO_LIST_SECTION_MENU_INFORMATION Parameter1
2415  MaxMiListSectionMessage
2416 } PH_MINIINFO_LIST_SECTION_MESSAGE;
2417 
2418 typedef BOOLEAN (NTAPI *PPH_MINIINFO_LIST_SECTION_CALLBACK)(
2419  _In_ struct _PH_MINIINFO_LIST_SECTION *ListSection,
2420  _In_ PH_MINIINFO_LIST_SECTION_MESSAGE Message,
2421  _In_opt_ PVOID Parameter1,
2422  _In_opt_ PVOID Parameter2
2423  );
2424 
2425 // The list section performs the following steps when constructing the list of process groups:
2426 // 1. MiListSectionSortProcessList is sent in order to sort the process list.
2427 // 2. A small number of process groups is created from the first few processes in the sorted list (typically high
2428 // resource consumers).
2429 // 3. MiListSectionAssignSortData is sent for each process group so that the user can assign custom sort data to
2430 // each process group.
2431 // 4. MiListSectionSortGroupList is sent in order to ensure that the process groups are correctly sorted by resource
2432 // usage.
2433 // The user also has access to the sort data when handling MiListSectionGetTitleText and MiListSectionGetUsageText.
2434 
2435 typedef struct _PH_MINIINFO_LIST_SECTION_SORT_DATA
2436 {
2437  PH_TREENEW_NODE DoNotModify;
2438  ULONGLONG UserData[4];
2439 } PH_MINIINFO_LIST_SECTION_SORT_DATA, *PPH_MINIINFO_LIST_SECTION_SORT_DATA;
2440 
2441 typedef struct _PH_MINIINFO_LIST_SECTION_ASSIGN_SORT_DATA
2442 {
2443  PPH_PROCESS_GROUP ProcessGroup;
2444  PPH_MINIINFO_LIST_SECTION_SORT_DATA SortData;
2445 } PH_MINIINFO_LIST_SECTION_ASSIGN_SORT_DATA, *PPH_MINIINFO_LIST_SECTION_ASSIGN_SORT_DATA;
2446 
2447 typedef struct _PH_MINIINFO_LIST_SECTION_SORT_LIST
2448 {
2449  // MiListSectionSortProcessList: List of PPH_PROCESS_NODE
2450  // MiListSectionSortGroupList: List of PPH_MINIINFO_LIST_SECTION_SORT_DATA
2451  PPH_LIST List;
2452 } PH_MINIINFO_LIST_SECTION_SORT_LIST, *PPH_MINIINFO_LIST_SECTION_SORT_LIST;
2453 
2454 typedef struct _PH_MINIINFO_LIST_SECTION_GET_TITLE_TEXT
2455 {
2456  PPH_PROCESS_GROUP ProcessGroup;
2457  PPH_MINIINFO_LIST_SECTION_SORT_DATA SortData;
2458  PPH_STRING Title; // Top line (may already contain a string)
2459  PPH_STRING Subtitle; // Bottom line (may already contain a string)
2460  COLORREF TitleColor;
2461  COLORREF SubtitleColor;
2462 } PH_MINIINFO_LIST_SECTION_GET_TITLE_TEXT, *PPH_MINIINFO_LIST_SECTION_GET_TITLE_TEXT;
2463 
2464 typedef struct _PH_MINIINFO_LIST_SECTION_GET_USAGE_TEXT
2465 {
2466  PPH_PROCESS_GROUP ProcessGroup;
2467  PPH_MINIINFO_LIST_SECTION_SORT_DATA SortData;
2468  PPH_STRING Line1; // Top line
2469  PPH_STRING Line2; // Bottom line
2470  COLORREF Line1Color;
2471  COLORREF Line2Color;
2472 } PH_MINIINFO_LIST_SECTION_GET_USAGE_TEXT, *PPH_MINIINFO_LIST_SECTION_GET_USAGE_TEXT;
2473 
2474 typedef struct _PH_MINIINFO_LIST_SECTION_MENU_INFORMATION
2475 {
2476  PPH_PROCESS_GROUP ProcessGroup;
2477  PPH_MINIINFO_LIST_SECTION_SORT_DATA SortData;
2478  PPH_TREENEW_CONTEXT_MENU ContextMenu;
2479  struct _PH_EMENU_ITEM *SelectedItem;
2480 } PH_MINIINFO_LIST_SECTION_MENU_INFORMATION, *PPH_MINIINFO_LIST_SECTION_MENU_INFORMATION;
2481 
2482 typedef struct _PH_MINIINFO_LIST_SECTION
2483 {
2484  // Public
2485 
2486  PPH_MINIINFO_SECTION Section; // State
2487  HWND DialogHandle; // State
2488  HWND TreeNewHandle; // State
2489  PVOID Context; // Initialization
2490  PPH_MINIINFO_LIST_SECTION_CALLBACK Callback; // Initialization
2491 
2492 } PH_MINIINFO_LIST_SECTION, *PPH_MINIINFO_LIST_SECTION;
2493 
2494 //
2495 // phplug
2496 //
2497 
2498 // Callbacks
2499 
2500 typedef enum _PH_GENERAL_CALLBACK
2501 {
2502  GeneralCallbackMainWindowShowing = 0, // INT ShowCommand [main thread]
2503  GeneralCallbackProcessesUpdated = 1, // [main thread]
2504  GeneralCallbackGetProcessHighlightingColor = 2, // PPH_PLUGIN_GET_HIGHLIGHTING_COLOR Data [main thread]
2505  GeneralCallbackGetProcessTooltipText = 3, // PPH_PLUGIN_GET_TOOLTIP_TEXT Data [main thread]
2506  GeneralCallbackProcessPropertiesInitializing = 4, // PPH_PLUGIN_PROCESS_PROPCONTEXT Data [properties thread]
2507  GeneralCallbackMainMenuInitializing = 5, // PPH_PLUGIN_MENU_INFORMATION Data [main thread]
2508  GeneralCallbackNotifyEvent = 6, // PPH_PLUGIN_NOTIFY_EVENT Data [main thread]
2509  GeneralCallbackServicePropertiesInitializing = 7, // PPH_PLUGIN_OBJECT_PROPERTIES Data [properties thread]
2510  GeneralCallbackHandlePropertiesInitializing = 8, // PPH_PLUGIN_OBJECT_PROPERTIES Data [properties thread]
2511  GeneralCallbackProcessMenuInitializing = 9, // PPH_PLUGIN_MENU_INFORMATION Data [main thread]
2512  GeneralCallbackServiceMenuInitializing = 10, // PPH_PLUGIN_MENU_INFORMATION Data [main thread]
2513  GeneralCallbackNetworkMenuInitializing = 11, // PPH_PLUGIN_MENU_INFORMATION Data [main thread]
2514  GeneralCallbackIconMenuInitializing = 12, // PPH_PLUGIN_MENU_INFORMATION Data [main thread]
2515  GeneralCallbackThreadMenuInitializing = 13, // PPH_PLUGIN_MENU_INFORMATION Data [properties thread]
2516  GeneralCallbackModuleMenuInitializing = 14, // PPH_PLUGIN_MENU_INFORMATION Data [properties thread]
2517  GeneralCallbackMemoryMenuInitializing = 15, // PPH_PLUGIN_MENU_INFORMATION Data [properties thread]
2518  GeneralCallbackHandleMenuInitializing = 16, // PPH_PLUGIN_MENU_INFORMATION Data [properties thread]
2519  GeneralCallbackProcessTreeNewInitializing = 17, // PPH_PLUGIN_TREENEW_INFORMATION Data [main thread]
2520  GeneralCallbackServiceTreeNewInitializing = 18, // PPH_PLUGIN_TREENEW_INFORMATION Data [main thread]
2521  GeneralCallbackNetworkTreeNewInitializing = 19, // PPH_PLUGIN_TREENEW_INFORMATION Data [main thread]
2522  GeneralCallbackModuleTreeNewInitializing = 20, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2523  GeneralCallbackModuleTreeNewUninitializing = 21, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2524  GeneralCallbackThreadTreeNewInitializing = 22, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2525  GeneralCallbackThreadTreeNewUninitializing = 23, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2526  GeneralCallbackHandleTreeNewInitializing = 24, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2527  GeneralCallbackHandleTreeNewUninitializing = 25, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2528  GeneralCallbackThreadStackControl = 26, // PPH_PLUGIN_THREAD_STACK_CONTROL Data [properties thread]
2529  GeneralCallbackSystemInformationInitializing = 27, // PPH_PLUGIN_SYSINFO_POINTERS Data [system information thread]
2530  GeneralCallbackMainWindowTabChanged = 28, // INT NewIndex [main thread]
2531  GeneralCallbackMemoryTreeNewInitializing = 29, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2532  GeneralCallbackMemoryTreeNewUninitializing = 30, // PPH_PLUGIN_TREENEW_INFORMATION Data [properties thread]
2533  GeneralCallbackMemoryItemListControl = 31, // PPH_PLUGIN_MEMORY_ITEM_LIST_CONTROL Data [properties thread]
2534  GeneralCallbackMiniInformationInitializing = 32, // PPH_PLUGIN_MINIINFO_POINTERS Data [main thread]
2535  GeneralCallbackMiListSectionMenuInitializing = 33, // PPH_PLUGIN_MENU_INFORMATION Data [main thread]
2536  GeneralCallbackMaximum
2537 } PH_GENERAL_CALLBACK, *PPH_GENERAL_CALLBACK;
2538 
2539 typedef enum _PH_PLUGIN_CALLBACK
2540 {
2541  PluginCallbackLoad = 0, // PPH_LIST Parameters [main thread] // list of strings, might be NULL
2542  PluginCallbackUnload = 1, // [main thread]
2543  PluginCallbackShowOptions = 2, // HWND ParentWindowHandle [main thread]
2544  PluginCallbackMenuItem = 3, // PPH_PLUGIN_MENU_ITEM MenuItem [main/properties thread]
2545  PluginCallbackTreeNewMessage = 4, // PPH_PLUGIN_TREENEW_MESSAGE Message [main/properties thread]
2546  PluginCallbackPhSvcRequest = 5, // PPH_PLUGIN_PHSVC_REQUEST Message [phsvc thread]
2547  PluginCallbackMenuHook = 6, // PH_PLUGIN_MENU_HOOK_INFORMATION MenuHookInfo [menu thread]
2548  PluginCallbackMaximum
2549 } PH_PLUGIN_CALLBACK, *PPH_PLUGIN_CALLBACK;
2550 
2551 typedef struct _PH_PLUGIN_GET_HIGHLIGHTING_COLOR
2552 {
2553  // Parameter is:
2554  // PPH_PROCESS_ITEM for GeneralCallbackGetProcessHighlightingColor
2555 
2556  PVOID Parameter;
2557  COLORREF BackColor;
2558  BOOLEAN Handled;
2559  BOOLEAN Cache;
2560 } PH_PLUGIN_GET_HIGHLIGHTING_COLOR, *PPH_PLUGIN_GET_HIGHLIGHTING_COLOR;
2561 
2562 typedef struct _PH_PLUGIN_GET_TOOLTIP_TEXT
2563 {
2564  // Parameter is:
2565  // PPH_PROCESS_ITEM for GeneralCallbackGetProcessTooltipText
2566 
2567  PVOID Parameter;
2568  PPH_STRING_BUILDER StringBuilder;
2569  ULONG ValidForMs;
2570 } PH_PLUGIN_GET_TOOLTIP_TEXT, *PPH_PLUGIN_GET_TOOLTIP_TEXT;
2571 
2572 typedef struct _PH_PLUGIN_PROCESS_PROPCONTEXT
2573 {
2574  PPH_PROCESS_PROPCONTEXT PropContext;
2575  PPH_PROCESS_ITEM ProcessItem;
2576 } PH_PLUGIN_PROCESS_PROPCONTEXT, *PPH_PLUGIN_PROCESS_PROPCONTEXT;
2577 
2578 typedef struct _PH_PLUGIN_NOTIFY_EVENT
2579 {
2580  // Parameter is:
2581  // PPH_PROCESS_ITEM for Type = PH_NOTIFY_PROCESS_*
2582  // PPH_SERVICE_ITEM for Type = PH_NOTIFY_SERVICE_*
2583 
2584  ULONG Type;
2585  BOOLEAN Handled;
2586  PVOID Parameter;
2587 } PH_PLUGIN_NOTIFY_EVENT, *PPH_PLUGIN_NOTIFY_EVENT;
2588 
2589 typedef struct _PH_PLUGIN_OBJECT_PROPERTIES
2590 {
2591  // Parameter is:
2592  // PPH_SERVICE_ITEM for GeneralCallbackServicePropertiesInitializing
2593  // PPH_PLUGIN_HANDLE_PROPERTIES_CONTEXT for GeneralCallbackHandlePropertiesInitializing
2594 
2595  PVOID Parameter;
2596  ULONG NumberOfPages;
2597  ULONG MaximumNumberOfPages;
2598  HPROPSHEETPAGE *Pages;
2599 } PH_PLUGIN_OBJECT_PROPERTIES, *PPH_PLUGIN_OBJECT_PROPERTIES;
2600 
2601 typedef struct _PH_PLUGIN_HANDLE_PROPERTIES_CONTEXT
2602 {
2603  HANDLE ProcessId;
2604  PPH_HANDLE_ITEM HandleItem;
2605 } PH_PLUGIN_HANDLE_PROPERTIES_CONTEXT, *PPH_PLUGIN_HANDLE_PROPERTIES_CONTEXT;
2606 
2607 typedef struct _PH_EMENU_ITEM *PPH_EMENU_ITEM, *PPH_EMENU;
2608 
2609 #define PH_PLUGIN_MENU_DISALLOW_HOOKS 0x1
2610 
2611 typedef struct _PH_PLUGIN_MENU_INFORMATION
2612 {
2613  PPH_EMENU Menu;
2614  HWND OwnerWindow;
2615 
2616  union
2617  {
2618  struct
2619  {
2620  PVOID Reserved[8]; // Reserve space for future expansion of this union
2621  } DoNotUse;
2622  struct
2623  {
2624  ULONG SubMenuIndex;
2625  } MainMenu;
2626  struct
2627  {
2628  PPH_PROCESS_ITEM *Processes;
2629  ULONG NumberOfProcesses;
2630  } Process;
2631  struct
2632  {
2633  PPH_SERVICE_ITEM *Services;
2634  ULONG NumberOfServices;
2635  } Service;
2636  struct
2637  {
2638  PPH_NETWORK_ITEM *NetworkItems;
2639  ULONG NumberOfNetworkItems;
2640  } Network;
2641  struct
2642  {
2643  HANDLE ProcessId;
2644  PPH_THREAD_ITEM *Threads;
2645  ULONG NumberOfThreads;
2646  } Thread;
2647  struct
2648  {
2649  HANDLE ProcessId;
2650  PPH_MODULE_ITEM *Modules;
2651  ULONG NumberOfModules;
2652  } Module;
2653  struct
2654  {
2655  HANDLE ProcessId;
2656  PPH_MEMORY_NODE *MemoryNodes;
2657  ULONG NumberOfMemoryNodes;
2658  } Memory;
2659  struct
2660  {
2661  HANDLE ProcessId;
2662  PPH_HANDLE_ITEM *Handles;
2663  ULONG NumberOfHandles;
2664  } Handle;
2665  struct
2666  {
2667  PPH_STRINGREF SectionName;
2668  PPH_PROCESS_GROUP ProcessGroup;
2669  } MiListSection;
2670  } u;
2671 
2672  ULONG Flags;
2673  PPH_LIST PluginHookList;
2674 } PH_PLUGIN_MENU_INFORMATION, *PPH_PLUGIN_MENU_INFORMATION;
2675 
2676 C_ASSERT(RTL_FIELD_SIZE(PH_PLUGIN_MENU_INFORMATION, u) == RTL_FIELD_SIZE(PH_PLUGIN_MENU_INFORMATION, u.DoNotUse));
2677 
2678 typedef struct _PH_PLUGIN_MENU_HOOK_INFORMATION
2679 {
2680  PPH_PLUGIN_MENU_INFORMATION MenuInfo;
2681  PPH_EMENU SelectedItem;
2682  PVOID Context;
2683  BOOLEAN Handled;
2684 } PH_PLUGIN_MENU_HOOK_INFORMATION, *PPH_PLUGIN_MENU_HOOK_INFORMATION;
2685 
2686 typedef struct _PH_PLUGIN_TREENEW_INFORMATION
2687 {
2688  HWND TreeNewHandle;
2689  PVOID CmData;
2690  PVOID SystemContext; // e.g. PPH_THREADS_CONTEXT
2691 } PH_PLUGIN_TREENEW_INFORMATION, *PPH_PLUGIN_TREENEW_INFORMATION;
2692 
2693 typedef enum _PH_PLUGIN_THREAD_STACK_CONTROL_TYPE
2694 {
2695  PluginThreadStackInitializing,
2696  PluginThreadStackUninitializing,
2697  PluginThreadStackResolveSymbol,
2698  PluginThreadStackGetTooltip,
2699  PluginThreadStackWalkStack,
2700  PluginThreadStackBeginDefaultWalkStack,
2701  PluginThreadStackEndDefaultWalkStack,
2702  PluginThreadStackMaximum
2703 } PH_PLUGIN_THREAD_STACK_CONTROL_TYPE;
2704 
2705 typedef struct _PH_SYMBOL_PROVIDER *PPH_SYMBOL_PROVIDER;
2706 typedef struct _PH_THREAD_STACK_FRAME *PPH_THREAD_STACK_FRAME;
2707 
2708 typedef BOOLEAN (NTAPI *PPH_PLUGIN_WALK_THREAD_STACK_CALLBACK)(
2709  _In_ PPH_THREAD_STACK_FRAME StackFrame,
2710  _In_opt_ PVOID Context
2711  );
2712 
2713 typedef struct _PH_PLUGIN_THREAD_STACK_CONTROL
2714 {
2715  PH_PLUGIN_THREAD_STACK_CONTROL_TYPE Type;
2716  PVOID UniqueKey;
2717 
2718  union
2719  {
2720  struct
2721  {
2722  HANDLE ProcessId;
2723  HANDLE ThreadId;
2724  HANDLE ThreadHandle;
2725  PPH_SYMBOL_PROVIDER SymbolProvider;
2726  BOOLEAN CustomWalk;
2727  } Initializing;
2728  struct
2729  {
2730  PPH_THREAD_STACK_FRAME StackFrame;
2731  PPH_STRING Symbol;
2732  } ResolveSymbol;
2733  struct
2734  {
2735  PPH_THREAD_STACK_FRAME StackFrame;
2736  PPH_STRING_BUILDER StringBuilder;
2737  } GetTooltip;
2738  struct
2739  {
2740  NTSTATUS Status;
2741  HANDLE ThreadHandle;
2742  HANDLE ProcessHandle;
2743  PCLIENT_ID ClientId;
2744  ULONG Flags;
2745  PPH_PLUGIN_WALK_THREAD_STACK_CALLBACK Callback;
2746  PVOID CallbackContext;
2747  } WalkStack;
2748  } u;
2749 } PH_PLUGIN_THREAD_STACK_CONTROL, *PPH_PLUGIN_THREAD_STACK_CONTROL;
2750 
2751 typedef enum _PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL_TYPE
2752 {
2753  PluginMemoryItemListInitialized,
2754  PluginMemoryItemListMaximum
2755 } PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL_TYPE;
2756 
2757 typedef struct _PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL
2758 {
2759  PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL_TYPE Type;
2760 
2761  union
2762  {
2763  struct
2764  {
2765  PPH_MEMORY_ITEM_LIST List;
2766  } Initialized;
2767  } u;
2768 } PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL, *PPH_PLUGIN_MEMORY_ITEM_LIST_CONTROL;
2769 
2770 typedef PPH_SYSINFO_SECTION (NTAPI *PPH_SYSINFO_CREATE_SECTION)(
2771  _In_ PPH_SYSINFO_SECTION Template
2772  );
2773 
2774 typedef PPH_SYSINFO_SECTION (NTAPI *PPH_SYSINFO_FIND_SECTION)(
2775  _In_ PPH_STRINGREF Name
2776  );
2777 
2778 typedef VOID (NTAPI *PPH_SYSINFO_ENTER_SECTION_VIEW)(
2779  _In_ PPH_SYSINFO_SECTION NewSection
2780  );
2781 
2782 typedef VOID (NTAPI *PPH_SYSINFO_RESTORE_SUMMARY_VIEW)(
2783  VOID
2784  );
2785 
2786 typedef struct _PH_PLUGIN_SYSINFO_POINTERS
2787 {
2788  HWND WindowHandle;
2789  PPH_SYSINFO_CREATE_SECTION CreateSection;
2790  PPH_SYSINFO_FIND_SECTION FindSection;
2791  PPH_SYSINFO_ENTER_SECTION_VIEW EnterSectionView;
2792  PPH_SYSINFO_RESTORE_SUMMARY_VIEW RestoreSummaryView;
2793 } PH_PLUGIN_SYSINFO_POINTERS, *PPH_PLUGIN_SYSINFO_POINTERS;
2794 
2795 typedef PPH_MINIINFO_SECTION (NTAPI *PPH_MINIINFO_CREATE_SECTION)(
2796  _In_ PPH_MINIINFO_SECTION Template
2797  );
2798 
2799 typedef PPH_MINIINFO_SECTION (NTAPI *PPH_MINIINFO_FIND_SECTION)(
2800  _In_ PPH_STRINGREF Name
2801  );
2802 
2803 typedef PPH_MINIINFO_LIST_SECTION (NTAPI *PPH_MINIINFO_CREATE_LIST_SECTION)(
2804  _In_ PWSTR Name,
2805  _In_ ULONG Flags,
2806  _In_ PPH_MINIINFO_LIST_SECTION Template
2807  );
2808 
2809 typedef struct _PH_PLUGIN_MINIINFO_POINTERS
2810 {
2811  HWND WindowHandle;
2812  PPH_MINIINFO_CREATE_SECTION CreateSection;
2813  PPH_MINIINFO_FIND_SECTION FindSection;
2814  PPH_MINIINFO_CREATE_LIST_SECTION CreateListSection;
2815 } PH_PLUGIN_MINIINFO_POINTERS, *PPH_PLUGIN_MINIINFO_POINTERS;
2816 
2817 typedef struct _PH_PLUGIN_TREENEW_MESSAGE
2818 {
2819  HWND TreeNewHandle;
2820  PH_TREENEW_MESSAGE Message;
2821  PVOID Parameter1;
2822  PVOID Parameter2;
2823  ULONG SubId;
2824  PVOID Context;
2825 } PH_PLUGIN_TREENEW_MESSAGE, *PPH_PLUGIN_TREENEW_MESSAGE;
2826 
2827 typedef LONG (NTAPI *PPH_PLUGIN_TREENEW_SORT_FUNCTION)(
2828  _In_ PVOID Node1,
2829  _In_ PVOID Node2,
2830  _In_ ULONG SubId,
2831  _In_ PVOID Context
2832  );
2833 
2834 typedef NTSTATUS (NTAPI *PPHSVC_SERVER_PROBE_BUFFER)(
2835  _In_ PPH_RELATIVE_STRINGREF String,
2836  _In_ ULONG Alignment,
2837  _In_ BOOLEAN AllowNull,
2838  _Out_ PVOID *Pointer
2839  );
2840 
2841 typedef NTSTATUS (NTAPI *PPHSVC_SERVER_CAPTURE_BUFFER)(
2842  _In_ PPH_RELATIVE_STRINGREF String,
2843  _In_ BOOLEAN AllowNull,
2844  _Out_ PVOID *CapturedBuffer
2845  );
2846 
2847 typedef NTSTATUS (NTAPI *PPHSVC_SERVER_CAPTURE_STRING)(
2848  _In_ PPH_RELATIVE_STRINGREF String,
2849  _In_ BOOLEAN AllowNull,
2850  _Out_ PPH_STRING *CapturedString
2851  );
2852 
2853 typedef struct _PH_PLUGIN_PHSVC_REQUEST
2854 {
2855  ULONG SubId;
2856  NTSTATUS ReturnStatus;
2857  PVOID InBuffer;
2858  ULONG InLength;
2859  PVOID OutBuffer;
2860  ULONG OutLength;
2861 
2862  PPHSVC_SERVER_PROBE_BUFFER ProbeBuffer;
2863  PPHSVC_SERVER_CAPTURE_BUFFER CaptureBuffer;
2864  PPHSVC_SERVER_CAPTURE_STRING CaptureString;
2865 } PH_PLUGIN_PHSVC_REQUEST, *PPH_PLUGIN_PHSVC_REQUEST;
2866 
2867 typedef VOID (NTAPI *PPHSVC_CLIENT_FREE_HEAP)(
2868  _In_ PVOID Memory
2869  );
2870 
2871 typedef PVOID (NTAPI *PPHSVC_CLIENT_CREATE_STRING)(
2872  _In_opt_ PVOID String,
2873  _In_ SIZE_T Length,
2874  _Out_ PPH_RELATIVE_STRINGREF StringRef
2875  );
2876 
2877 typedef struct _PH_PLUGIN_PHSVC_CLIENT
2878 {
2879  HANDLE ServerProcessId;
2880  PPHSVC_CLIENT_FREE_HEAP FreeHeap;
2881  PPHSVC_CLIENT_CREATE_STRING CreateString;
2882 } PH_PLUGIN_PHSVC_CLIENT, *PPH_PLUGIN_PHSVC_CLIENT;
2883 
2884 // Plugin structures
2885 
2886 typedef struct _PH_PLUGIN_INFORMATION
2887 {
2888  PWSTR DisplayName;
2889  PWSTR Author;
2890  PWSTR Description;
2891  PWSTR Url;
2892  BOOLEAN HasOptions;
2893  BOOLEAN Reserved1[3];
2894  PVOID Interface;
2895 } PH_PLUGIN_INFORMATION, *PPH_PLUGIN_INFORMATION;
2896 
2897 #define PH_PLUGIN_FLAG_RESERVED 0x1
2898 
2899 typedef struct _PH_PLUGIN
2900 {
2901  // Public
2902 
2903  PH_AVL_LINKS Links;
2904 
2905  PVOID Reserved;
2906  PVOID DllBase;
2907 
2908 } PH_PLUGIN, *PPH_PLUGIN;
2909 
2910 // Plugin API
2911 
2912 PHAPPAPI
2913 PPH_PLUGIN
2914 NTAPI
2915 PhRegisterPlugin(
2916  _In_ PWSTR Name,
2917  _In_ PVOID DllBase,
2918  _Out_opt_ PPH_PLUGIN_INFORMATION *Information
2919  );
2920 
2921 PHAPPAPI
2922 PPH_PLUGIN
2923 NTAPI
2924 PhFindPlugin(
2925  _In_ PWSTR Name
2926  );
2927 
2928 PHAPPAPI
2929 PPH_PLUGIN_INFORMATION
2930 NTAPI
2931 PhGetPluginInformation(
2932  _In_ PPH_PLUGIN Plugin
2933  );
2934 
2935 PHAPPAPI
2936 PPH_CALLBACK
2937 NTAPI
2938 PhGetPluginCallback(
2939  _In_ PPH_PLUGIN Plugin,
2940  _In_ PH_PLUGIN_CALLBACK Callback
2941  );
2942 
2943 PHAPPAPI
2944 PPH_CALLBACK
2945 NTAPI
2946 PhGetGeneralCallback(
2947  _In_ PH_GENERAL_CALLBACK Callback
2948  );
2949 
2950 PHAPPAPI
2951 ULONG
2952 NTAPI
2953 PhPluginReserveIds(
2954  _In_ ULONG Count
2955  );
2956 
2957 typedef VOID (NTAPI *PPH_PLUGIN_MENU_ITEM_DELETE_FUNCTION)(
2958  _In_ struct _PH_PLUGIN_MENU_ITEM *MenuItem
2959  );
2960 
2961 typedef struct _PH_PLUGIN_MENU_ITEM
2962 {
2963  PPH_PLUGIN Plugin;
2964  ULONG Id;
2965  ULONG Reserved1;
2966  PVOID Context;
2967 
2968  HWND OwnerWindow; // valid only when the menu item is chosen
2969  PVOID Reserved2;
2970  PVOID Reserved3;
2971  PPH_PLUGIN_MENU_ITEM_DELETE_FUNCTION DeleteFunction; // valid only for EMENU-based menu items
2972 } PH_PLUGIN_MENU_ITEM, *PPH_PLUGIN_MENU_ITEM;
2973 
2974 // Location
2975 #define PH_MENU_ITEM_LOCATION_VIEW 1
2976 #define PH_MENU_ITEM_LOCATION_TOOLS 2
2977 
2978 // Id flags (non-functional)
2979 #define PH_MENU_ITEM_SUB_MENU 0x80000000
2980 #define PH_MENU_ITEM_RETURN_MENU 0x40000000
2981 #define PH_MENU_ITEM_VALID_FLAGS 0xc0000000
2982 
2983 PHAPPAPI
2984 ULONG_PTR
2985 NTAPI
2986 PhPluginAddMenuItem(
2987  _In_ PPH_PLUGIN Plugin,
2988  _In_ ULONG_PTR Location,
2989  _In_opt_ PWSTR InsertAfter,
2990  _In_ ULONG Id,
2991  _In_ PWSTR Text,
2992  _In_opt_ PVOID Context
2993  );
2994 
2995 typedef struct _PH_PLUGIN_SYSTEM_STATISTICS
2996 {
2997  PSYSTEM_PERFORMANCE_INFORMATION Performance;
2998 
2999  ULONG NumberOfProcesses;
3000  ULONG NumberOfThreads;
3001  ULONG NumberOfHandles;
3002 
3003  FLOAT CpuKernelUsage;
3004  FLOAT CpuUserUsage;
3005 
3006  PH_UINT64_DELTA IoReadDelta;
3007  PH_UINT64_DELTA IoWriteDelta;
3008  PH_UINT64_DELTA IoOtherDelta;
3009 
3010  ULONG CommitPages;
3011  ULONG PhysicalPages;
3012 
3013  HANDLE MaxCpuProcessId;
3014  HANDLE MaxIoProcessId;
3015 
3016  PPH_CIRCULAR_BUFFER_FLOAT CpuKernelHistory;
3017  PPH_CIRCULAR_BUFFER_FLOAT CpuUserHistory;
3018  PPH_CIRCULAR_BUFFER_FLOAT *CpusKernelHistory;
3019  PPH_CIRCULAR_BUFFER_FLOAT *CpusUserHistory;
3020  PPH_CIRCULAR_BUFFER_ULONG64 IoReadHistory;
3021  PPH_CIRCULAR_BUFFER_ULONG64 IoWriteHistory;
3022  PPH_CIRCULAR_BUFFER_ULONG64 IoOtherHistory;
3023  PPH_CIRCULAR_BUFFER_ULONG CommitHistory;
3024  PPH_CIRCULAR_BUFFER_ULONG PhysicalHistory;
3025  PPH_CIRCULAR_BUFFER_ULONG MaxCpuHistory; // ID of max. CPU process
3026  PPH_CIRCULAR_BUFFER_ULONG MaxIoHistory; // ID of max. I/O process
3027  PPH_CIRCULAR_BUFFER_FLOAT MaxCpuUsageHistory;
3028  PPH_CIRCULAR_BUFFER_ULONG64 MaxIoReadOtherHistory;
3029  PPH_CIRCULAR_BUFFER_ULONG64 MaxIoWriteHistory;
3030 } PH_PLUGIN_SYSTEM_STATISTICS, *PPH_PLUGIN_SYSTEM_STATISTICS;
3031 
3032 PHAPPAPI
3033 VOID
3034 NTAPI
3035 PhPluginGetSystemStatistics(
3036  _Out_ PPH_PLUGIN_SYSTEM_STATISTICS Statistics
3037  );
3038 
3039 PHAPPAPI
3040 PPH_EMENU_ITEM
3041 NTAPI
3042 PhPluginCreateEMenuItem(
3043  _In_ PPH_PLUGIN Plugin,
3044  _In_ ULONG Flags,
3045  _In_ ULONG Id,
3046  _In_ PWSTR Text,
3047  _In_opt_ PVOID Context
3048  );
3049 
3050 PHAPPAPI
3051 BOOLEAN
3052 NTAPI
3053 PhPluginAddMenuHook(
3054  _Inout_ PPH_PLUGIN_MENU_INFORMATION MenuInfo,
3055  _In_ PPH_PLUGIN Plugin,
3056  _In_opt_ PVOID Context
3057  );
3058 
3059 PHAPPAPI
3060 BOOLEAN
3061 NTAPI
3062 PhPluginAddTreeNewColumn(
3063  _In_ PPH_PLUGIN Plugin,
3064  _In_ PVOID CmData,
3065  _In_ PPH_TREENEW_COLUMN Column,
3066  _In_ ULONG SubId,
3067  _In_opt_ PVOID Context,
3068  _In_opt_ PPH_PLUGIN_TREENEW_SORT_FUNCTION SortFunction
3069  );
3070 
3071 PHAPPAPI
3072 VOID
3073 NTAPI
3074 PhPluginSetObjectExtension(
3075  _In_ PPH_PLUGIN Plugin,
3076  _In_ PH_EM_OBJECT_TYPE ObjectType,
3077  _In_ ULONG ExtensionSize,
3078  _In_opt_ PPH_EM_OBJECT_CALLBACK CreateCallback,
3079  _In_opt_ PPH_EM_OBJECT_CALLBACK DeleteCallback
3080  );
3081 
3082 PHAPPAPI
3083 PVOID
3084 NTAPI
3085 PhPluginGetObjectExtension(
3086  _In_ PPH_PLUGIN Plugin,
3087  _In_ PVOID Object,
3088  _In_ PH_EM_OBJECT_TYPE ObjectType
3089  );
3090 
3091 PHAPPAPI
3092 struct _PH_NF_ICON *
3093 NTAPI
3094 PhPluginRegisterIcon(
3095  _In_ PPH_PLUGIN Plugin,
3096  _In_ ULONG SubId,
3097  _In_opt_ PVOID Context,
3098  _In_ PWSTR Text,
3099  _In_ ULONG Flags,
3100  _In_ struct _PH_NF_ICON_REGISTRATION_DATA *RegistrationData
3101  );
3102 
3103 PHAPPAPI
3104 VOID
3105 NTAPI
3106 PhPluginEnableTreeNewNotify(
3107  _In_ PPH_PLUGIN Plugin,
3108  _In_ PVOID CmData
3109  );
3110 
3111 PHAPPAPI
3112 BOOLEAN
3113 NTAPI
3114 PhPluginQueryPhSvc(
3115  _Out_ PPH_PLUGIN_PHSVC_CLIENT Client
3116  );
3117 
3118 PHAPPAPI
3119 NTSTATUS
3120 NTAPI
3121 PhPluginCallPhSvc(
3122  _In_ PPH_PLUGIN Plugin,
3123  _In_ ULONG SubId,
3124  _In_reads_bytes_opt_(InLength) PVOID InBuffer,
3125  _In_ ULONG InLength,
3126  _Out_writes_bytes_opt_(OutLength) PVOID OutBuffer,
3127  _In_ ULONG OutLength
3128  );
3129 
3130 //
3131 // procprpp
3132 //
3133 
3134 typedef struct _PH_THREADS_CONTEXT
3135 {
3136  PPH_THREAD_PROVIDER Provider;
3137  PH_CALLBACK_REGISTRATION ProviderRegistration;
3138  PH_CALLBACK_REGISTRATION AddedEventRegistration;
3139  PH_CALLBACK_REGISTRATION ModifiedEventRegistration;
3140  PH_CALLBACK_REGISTRATION RemovedEventRegistration;
3141  PH_CALLBACK_REGISTRATION UpdatedEventRegistration;
3142  PH_CALLBACK_REGISTRATION LoadingStateChangedEventRegistration;
3143 
3144  HWND WindowHandle;
3145 
3146  HWND Private; // phapppub
3147  HWND TreeNewHandle; // phapppub
3148 } PH_THREADS_CONTEXT, *PPH_THREADS_CONTEXT;
3149 
3150 typedef struct _PH_MODULES_CONTEXT
3151 {
3152  PPH_MODULE_PROVIDER Provider;
3153  PH_PROVIDER_REGISTRATION ProviderRegistration;
3154  PH_CALLBACK_REGISTRATION AddedEventRegistration;
3155  PH_CALLBACK_REGISTRATION ModifiedEventRegistration;
3156  PH_CALLBACK_REGISTRATION RemovedEventRegistration;
3157  PH_CALLBACK_REGISTRATION UpdatedEventRegistration;
3158 
3159  HWND WindowHandle;
3160 
3161  HWND Private; // phapppub
3162  HWND TreeNewHandle; // phapppub
3163 } PH_MODULES_CONTEXT, *PPH_MODULES_CONTEXT;
3164 
3165 typedef struct _PH_HANDLES_CONTEXT
3166 {
3167  PPH_HANDLE_PROVIDER Provider;
3168  PH_PROVIDER_REGISTRATION ProviderRegistration;
3169  PH_CALLBACK_REGISTRATION AddedEventRegistration;
3170  PH_CALLBACK_REGISTRATION ModifiedEventRegistration;
3171  PH_CALLBACK_REGISTRATION RemovedEventRegistration;
3172  PH_CALLBACK_REGISTRATION UpdatedEventRegistration;
3173 
3174  HWND WindowHandle;
3175 
3176  HWND Private; // phapppub
3177  HWND TreeNewHandle; // phapppub
3178 } PH_HANDLES_CONTEXT, *PPH_HANDLES_CONTEXT;
3179 
3180 typedef struct _PH_MEMORY_CONTEXT
3181 {
3182  HANDLE ProcessId;
3183  HWND WindowHandle;
3184 
3185  HWND Private; // phapppub
3186  HWND TreeNewHandle; // phapppub
3187 } PH_MEMORY_CONTEXT, *PPH_MEMORY_CONTEXT;
3188 
3189 //
3190 // phsvccl
3191 //
3192 
3193 PHLIBAPI
3194 NTSTATUS PhSvcCallChangeServiceConfig(
3195  _In_ PWSTR ServiceName,
3196  _In_ ULONG ServiceType,
3197  _In_ ULONG StartType,
3198  _In_ ULONG ErrorControl,
3199  _In_opt_ PWSTR BinaryPathName,
3200  _In_opt_ PWSTR LoadOrderGroup,
3201  _Out_opt_ PULONG TagId,
3202  _In_opt_ PWSTR Dependencies,
3203  _In_opt_ PWSTR ServiceStartName,
3204  _In_opt_ PWSTR Password,
3205  _In_opt_ PWSTR DisplayName
3206  );
3207 
3208 PHLIBAPI
3209 NTSTATUS PhSvcCallChangeServiceConfig2(
3210  _In_ PWSTR ServiceName,
3211  _In_ ULONG InfoLevel,
3212  _In_ PVOID Info
3213  );
3214 
3215 PHLIBAPI
3216 NTSTATUS PhSvcCallPostMessage(
3217  _In_opt_ HWND hWnd,
3218  _In_ UINT Msg,
3219  _In_ WPARAM wParam,
3220  _In_ LPARAM lParam
3221  );
3222 
3223 PHLIBAPI
3224 NTSTATUS PhSvcCallSendMessage(
3225  _In_opt_ HWND hWnd,
3226  _In_ UINT Msg,
3227  _In_ WPARAM wParam,
3228  _In_ LPARAM lParam
3229  );
3230 
3231 #ifdef __cplusplus
3232 }
3233 #endif
3234 
3235 #endif