Process Hacker
uimodels.h
Go to the documentation of this file.
1 #ifndef PH_UIMODELS_H
2 #define PH_UIMODELS_H
3 
4 // begin_phapppub
5 // Common state highlighting support
6 
7 typedef struct _PH_SH_STATE
8 {
9  PH_ITEM_STATE State;
10  HANDLE StateListHandle;
11  ULONG TickCount;
12 } PH_SH_STATE, *PPH_SH_STATE;
13 // end_phapppub
14 
15 FORCEINLINE VOID PhChangeShStateTn(
16  _Inout_ PPH_TREENEW_NODE Node,
17  _Inout_ PPH_SH_STATE ShState,
18  _Inout_ PPH_POINTER_LIST *StateList,
19  _In_ PH_ITEM_STATE NewState,
20  _In_ COLORREF NewTempBackColor,
21  _In_opt_ HWND TreeNewHandleForUpdate
22  )
23 {
24  if (!*StateList)
25  *StateList = PhCreatePointerList(4);
26 
27  if (ShState->State == NormalItemState)
28  ShState->StateListHandle = PhAddItemPointerList(*StateList, Node);
29 
30  ShState->TickCount = GetTickCount();
31  ShState->State = NewState;
32 
33  Node->UseTempBackColor = TRUE;
34  Node->TempBackColor = NewTempBackColor;
35 
36  if (TreeNewHandleForUpdate)
37  TreeNew_InvalidateNode(TreeNewHandleForUpdate, Node);
38 }
39 
40 #define PH_TICK_SH_STATE_TN(NodeType, ShStateFieldName, StateList, RemoveFunction, HighlightingDuration, TreeNewHandleForUpdate, Invalidate, FullyInvalidated, ...) \
41  do { \
42  NodeType *node; \
43  ULONG enumerationKey = 0; \
44  ULONG tickCount; \
45  BOOLEAN preferFullInvalidate; \
46  HANDLE stateListHandle; \
47  BOOLEAN redrawDisabled = FALSE; \
48  BOOLEAN needsFullInvalidate = FALSE; \
49 \
50  if (!StateList || StateList->Count == 0) \
51  break; \
52 \
53  tickCount = GetTickCount(); \
54  preferFullInvalidate = StateList->Count > 8; \
55 \
56  while (PhEnumPointerList(StateList, &enumerationKey, &node)) \
57  { \
58  if (PhRoundNumber(tickCount - node->ShStateFieldName.TickCount, 100) < (HighlightingDuration)) \
59  continue; \
60 \
61  stateListHandle = node->ShStateFieldName.StateListHandle; \
62 \
63  if (node->ShStateFieldName.State == NewItemState) \
64  { \
65  node->ShStateFieldName.State = NormalItemState; \
66  ((PPH_TREENEW_NODE)node)->UseTempBackColor = FALSE; \
67  if (Invalidate) \
68  { \
69  if (preferFullInvalidate) \
70  { \
71  needsFullInvalidate = TRUE; \
72  } \
73  else \
74  { \
75  TreeNew_InvalidateNode(TreeNewHandleForUpdate, node); \
76  } \
77  } \
78  } \
79  else if (node->ShStateFieldName.State == RemovingItemState) \
80  { \
81  if (TreeNewHandleForUpdate) \
82  { \
83  if (!redrawDisabled) \
84  { \
85  TreeNew_SetRedraw((TreeNewHandleForUpdate), FALSE); \
86  redrawDisabled = TRUE; \
87  } \
88  } \
89 \
90  RemoveFunction(node, __VA_ARGS__); \
91  needsFullInvalidate = TRUE; \
92  } \
93 \
94  PhRemoveItemPointerList(StateList, stateListHandle); \
95  } \
96 \
97  if (TreeNewHandleForUpdate) \
98  { \
99  if (redrawDisabled) \
100  TreeNew_SetRedraw((TreeNewHandleForUpdate), TRUE); \
101  if (needsFullInvalidate) \
102  { \
103  InvalidateRect((TreeNewHandleForUpdate), NULL, FALSE); \
104  if (FullyInvalidated) \
105  *((PBOOLEAN)FullyInvalidated) = TRUE; \
106  } \
107  } \
108  } while (0)
109 
110 // proctree
111 
112 // Columns
113 
114 // Default columns should go first
115 #define PHPRTLC_NAME 0
116 #define PHPRTLC_PID 1
117 #define PHPRTLC_CPU 2
118 #define PHPRTLC_IOTOTALRATE 3
119 #define PHPRTLC_PRIVATEBYTES 4
120 #define PHPRTLC_USERNAME 5
121 #define PHPRTLC_DESCRIPTION 6
122 
123 #define PHPRTLC_COMPANYNAME 7
124 #define PHPRTLC_VERSION 8
125 #define PHPRTLC_FILENAME 9
126 #define PHPRTLC_COMMANDLINE 10
127 #define PHPRTLC_PEAKPRIVATEBYTES 11
128 #define PHPRTLC_WORKINGSET 12
129 #define PHPRTLC_PEAKWORKINGSET 13
130 #define PHPRTLC_PRIVATEWS 14
131 #define PHPRTLC_SHAREDWS 15
132 #define PHPRTLC_SHAREABLEWS 16
133 #define PHPRTLC_VIRTUALSIZE 17
134 #define PHPRTLC_PEAKVIRTUALSIZE 18
135 #define PHPRTLC_PAGEFAULTS 19
136 #define PHPRTLC_SESSIONID 20
137 #define PHPRTLC_PRIORITYCLASS 21
138 #define PHPRTLC_BASEPRIORITY 22
139 
140 #define PHPRTLC_THREADS 23
141 #define PHPRTLC_HANDLES 24
142 #define PHPRTLC_GDIHANDLES 25
143 #define PHPRTLC_USERHANDLES 26
144 #define PHPRTLC_IORORATE 27
145 #define PHPRTLC_IOWRATE 28
146 #define PHPRTLC_INTEGRITY 29
147 #define PHPRTLC_IOPRIORITY 30
148 #define PHPRTLC_PAGEPRIORITY 31
149 #define PHPRTLC_STARTTIME 32
150 #define PHPRTLC_TOTALCPUTIME 33
151 #define PHPRTLC_KERNELCPUTIME 34
152 #define PHPRTLC_USERCPUTIME 35
153 #define PHPRTLC_VERIFICATIONSTATUS 36
154 #define PHPRTLC_VERIFIEDSIGNER 37
155 #define PHPRTLC_ASLR 38
156 #define PHPRTLC_RELATIVESTARTTIME 39
157 #define PHPRTLC_BITS 40
158 #define PHPRTLC_ELEVATION 41
159 #define PHPRTLC_WINDOWTITLE 42
160 #define PHPRTLC_WINDOWSTATUS 43
161 #define PHPRTLC_CYCLES 44
162 #define PHPRTLC_CYCLESDELTA 45
163 #define PHPRTLC_CPUHISTORY 46
164 #define PHPRTLC_PRIVATEBYTESHISTORY 47
165 #define PHPRTLC_IOHISTORY 48
166 #define PHPRTLC_DEPSTATUS 49
167 #define PHPRTLC_VIRTUALIZED 50
168 #define PHPRTLC_CONTEXTSWITCHES 51
169 #define PHPRTLC_CONTEXTSWITCHESDELTA 52
170 #define PHPRTLC_PAGEFAULTSDELTA 53
171 
172 #define PHPRTLC_IOREADS 54
173 #define PHPRTLC_IOWRITES 55
174 #define PHPRTLC_IOOTHER 56
175 #define PHPRTLC_IOREADBYTES 57
176 #define PHPRTLC_IOWRITEBYTES 58
177 #define PHPRTLC_IOOTHERBYTES 59
178 #define PHPRTLC_IOREADSDELTA 60
179 #define PHPRTLC_IOWRITESDELTA 61
180 #define PHPRTLC_IOOTHERDELTA 62
181 
182 #define PHPRTLC_OSCONTEXT 63
183 #define PHPRTLC_PAGEDPOOL 64
184 #define PHPRTLC_PEAKPAGEDPOOL 65
185 #define PHPRTLC_NONPAGEDPOOL 66
186 #define PHPRTLC_PEAKNONPAGEDPOOL 67
187 #define PHPRTLC_MINIMUMWORKINGSET 68
188 #define PHPRTLC_MAXIMUMWORKINGSET 69
189 #define PHPRTLC_PRIVATEBYTESDELTA 70
190 #define PHPRTLC_SUBSYSTEM 71
191 #define PHPRTLC_PACKAGENAME 72
192 #define PHPRTLC_APPID 73
193 #define PHPRTLC_DPIAWARENESS 74
194 #define PHPRTLC_CFGUARD 75
195 
196 #define PHPRTLC_MAXIMUM 76
197 #define PHPRTLC_IOGROUP_COUNT 9
198 
199 #define PHPN_WSCOUNTERS 0x1
200 #define PHPN_GDIUSERHANDLES 0x2
201 #define PHPN_IOPAGEPRIORITY 0x4
202 #define PHPN_WINDOW 0x8
203 #define PHPN_DEPSTATUS 0x10
204 #define PHPN_TOKEN 0x20
205 #define PHPN_OSCONTEXT 0x40
206 #define PHPN_QUOTALIMITS 0x80
207 #define PHPN_IMAGE 0x100
208 #define PHPN_APPID 0x200
209 #define PHPN_DPIAWARENESS 0x400
210 
211 // begin_phapppub
212 typedef struct _PH_PROCESS_NODE
213 {
214  PH_TREENEW_NODE Node;
215 
216  PH_HASH_ENTRY HashEntry;
217 
218  PH_SH_STATE ShState;
219 
220  HANDLE ProcessId;
221  PPH_PROCESS_ITEM ProcessItem;
222 
223  struct _PH_PROCESS_NODE *Parent;
224  PPH_LIST Children;
225 // end_phapppub
226 
227  PH_STRINGREF TextCache[PHPRTLC_MAXIMUM];
228 
229  PH_STRINGREF DescriptionText;
230 
231  // If the user has selected certain columns we need extra information
232  // that isn't retrieved by the process provider.
233  ULONG ValidMask;
234 
235  // WS counters
236  PH_PROCESS_WS_COUNTERS WsCounters;
237  // GDI, USER handles
238  ULONG GdiHandles;
239  ULONG UserHandles;
240  // I/O, Page priority
241  ULONG IoPriority;
242  ULONG PagePriority;
243  // Window
244  HWND WindowHandle;
245  PPH_STRING WindowText;
246  BOOLEAN WindowHung;
247  // DEP status
248  ULONG DepStatus;
249  // Token
250  BOOLEAN VirtualizationAllowed;
251  BOOLEAN VirtualizationEnabled;
252  // OS Context
253  GUID OsContextGuid;
254  ULONG OsContextVersion;
255  // Quota Limits
256  SIZE_T MinimumWorkingSetSize;
257  SIZE_T MaximumWorkingSetSize;
258  // Image
259  USHORT ImageCharacteristics;
260  USHORT ImageReserved;
261  USHORT ImageSubsystem;
262  USHORT ImageDllCharacteristics;
263  // App ID
264  PPH_STRING AppIdText;
265  // Cycles (Vista only)
266  PH_UINT64_DELTA CyclesDelta;
267  // DPI Awareness
268  ULONG DpiAwareness;
269 
270  PPH_STRING TooltipText;
271  ULONG TooltipTextValidToTickCount;
272 
273  // Text buffers
274  WCHAR CpuUsageText[PH_INT32_STR_LEN_1];
275  PPH_STRING IoTotalRateText;
276  PPH_STRING PrivateBytesText;
277  PPH_STRING PeakPrivateBytesText;
278  PPH_STRING WorkingSetText;
279  PPH_STRING PeakWorkingSetText;
280  PPH_STRING PrivateWsText;
281  PPH_STRING SharedWsText;
282  PPH_STRING ShareableWsText;
283  PPH_STRING VirtualSizeText;
284  PPH_STRING PeakVirtualSizeText;
285  PPH_STRING PageFaultsText;
286  WCHAR BasePriorityText[PH_INT32_STR_LEN_1];
287  WCHAR ThreadsText[PH_INT32_STR_LEN_1 + 3];
288  WCHAR HandlesText[PH_INT32_STR_LEN_1 + 3];
289  WCHAR GdiHandlesText[PH_INT32_STR_LEN_1 + 3];
290  WCHAR UserHandlesText[PH_INT32_STR_LEN_1 + 3];
291  PPH_STRING IoRoRateText;
292  PPH_STRING IoWRateText;
293  WCHAR PagePriorityText[PH_INT32_STR_LEN_1];
294  PPH_STRING StartTimeText;
295  WCHAR TotalCpuTimeText[PH_TIMESPAN_STR_LEN_1];
296  WCHAR KernelCpuTimeText[PH_TIMESPAN_STR_LEN_1];
297  WCHAR UserCpuTimeText[PH_TIMESPAN_STR_LEN_1];
298  PPH_STRING RelativeStartTimeText;
299  PPH_STRING WindowTitleText;
300  PPH_STRING CyclesText;
301  PPH_STRING CyclesDeltaText;
302  PPH_STRING ContextSwitchesText;
303  PPH_STRING ContextSwitchesDeltaText;
304  PPH_STRING PageFaultsDeltaText;
305  PPH_STRING IoGroupText[PHPRTLC_IOGROUP_COUNT];
306  PPH_STRING PagedPoolText;
307  PPH_STRING PeakPagedPoolText;
308  PPH_STRING NonPagedPoolText;
309  PPH_STRING PeakNonPagedPoolText;
310  PPH_STRING MinimumWorkingSetText;
311  PPH_STRING MaximumWorkingSetText;
312  PPH_STRING PrivateBytesDeltaText;
313 
314  // Graph buffers
315  PH_GRAPH_BUFFERS CpuGraphBuffers;
316  PH_GRAPH_BUFFERS PrivateGraphBuffers;
317  PH_GRAPH_BUFFERS IoGraphBuffers;
318 // begin_phapppub
319 } PH_PROCESS_NODE, *PPH_PROCESS_NODE;
320 // end_phapppub
321 
322 VOID PhProcessTreeListInitialization(
323  VOID
324  );
325 
326 VOID PhInitializeProcessTreeList(
327  _In_ HWND hwnd
328  );
329 
330 VOID PhLoadSettingsProcessTreeList(
331  VOID
332  );
333 
334 VOID PhSaveSettingsProcessTreeList(
335  VOID
336  );
337 
338 VOID PhReloadSettingsProcessTreeList(
339  VOID
340  );
341 
342 // begin_phapppub
343 PHAPPAPI
344 struct _PH_TN_FILTER_SUPPORT *
345 NTAPI
346 PhGetFilterSupportProcessTreeList(
347  VOID
348  );
349 // end_phapppub
350 
351 PPH_PROCESS_NODE PhAddProcessNode(
352  _In_ PPH_PROCESS_ITEM ProcessItem,
353  _In_ ULONG RunId
354  );
355 
356 // begin_phapppub
357 PHAPPAPI
358 PPH_PROCESS_NODE
359 NTAPI
360 PhFindProcessNode(
361  _In_ HANDLE ProcessId
362  );
363 // end_phapppub
364 
365 VOID PhRemoveProcessNode(
366  _In_ PPH_PROCESS_NODE ProcessNode
367  );
368 
369 // begin_phapppub
370 PHAPPAPI
371 VOID
372 NTAPI
373 PhUpdateProcessNode(
374  _In_ PPH_PROCESS_NODE ProcessNode
375  );
376 // end_phapppub
377 
378 VOID PhTickProcessNodes(
379  VOID
380  );
381 
382 // begin_phapppub
383 PHAPPAPI
384 PPH_PROCESS_ITEM
385 NTAPI
386 PhGetSelectedProcessItem(
387  VOID
388  );
389 
390 PHAPPAPI
391 VOID
392 NTAPI
393 PhGetSelectedProcessItems(
394  _Out_ PPH_PROCESS_ITEM **Processes,
395  _Out_ PULONG NumberOfProcesses
396  );
397 
398 PHAPPAPI
399 VOID
400 NTAPI
401 PhDeselectAllProcessNodes(
402  VOID
403  );
404 
405 PHAPPAPI
406 VOID
407 NTAPI
408 PhExpandAllProcessNodes(
409  _In_ BOOLEAN Expand
410  );
411 
412 PHAPPAPI
413 VOID
414 NTAPI
415 PhInvalidateAllProcessNodes(
416  VOID
417  );
418 
419 PHAPPAPI
420 VOID
421 NTAPI
422 PhSelectAndEnsureVisibleProcessNode(
423  _In_ PPH_PROCESS_NODE ProcessNode
424  );
425 // end_phapppub
426 
427 VOID PhSelectAndEnsureVisibleProcessNodes(
428  _In_ PPH_PROCESS_NODE *ProcessNodes,
429  _In_ ULONG NumberOfProcessNodes
430  );
431 
432 PPH_LIST PhGetProcessTreeListLines(
433  _In_ HWND TreeListHandle,
434  _In_ ULONG NumberOfNodes,
435  _In_ PPH_LIST RootNodes,
436  _In_ ULONG Mode
437  );
438 
439 VOID PhCopyProcessTree(
440  VOID
441  );
442 
443 VOID PhWriteProcessTree(
444  _Inout_ PPH_FILE_STREAM FileStream,
445  _In_ ULONG Mode
446  );
447 
448 PPH_LIST PhDuplicateProcessNodeList(
449  VOID
450  );
451 
452 // srvlist
453 
454 // Columns
455 
456 #define PHSVTLC_NAME 0
457 #define PHSVTLC_DISPLAYNAME 1
458 #define PHSVTLC_TYPE 2
459 #define PHSVTLC_STATUS 3
460 #define PHSVTLC_STARTTYPE 4
461 #define PHSVTLC_PID 5
462 
463 #define PHSVTLC_BINARYPATH 6
464 #define PHSVTLC_ERRORCONTROL 7
465 #define PHSVTLC_GROUP 8
466 #define PHSVTLC_DESCRIPTION 9
467 
468 #define PHSVTLC_MAXIMUM 10
469 
470 #define PHSN_CONFIG 0x1
471 #define PHSN_DESCRIPTION 0x2
472 
473 // begin_phapppub
474 typedef struct _PH_SERVICE_NODE
475 {
476  PH_TREENEW_NODE Node;
477 
478  PH_SH_STATE ShState;
479 
480  PPH_SERVICE_ITEM ServiceItem;
481 // end_phapppub
482 
483  PH_STRINGREF TextCache[PHSVTLC_MAXIMUM];
484 
485  ULONG ValidMask;
486 
487  WCHAR StartTypeText[12 + 24 + 1];
488  // Config
489  PPH_STRING BinaryPath;
490  PPH_STRING LoadOrderGroup;
491  // Description
492  PPH_STRING Description;
493 
494  PPH_STRING TooltipText;
495 // begin_phapppub
496 } PH_SERVICE_NODE, *PPH_SERVICE_NODE;
497 // end_phapppub
498 
499 VOID PhServiceTreeListInitialization(
500  VOID
501  );
502 
503 VOID PhInitializeServiceTreeList(
504  _In_ HWND hwnd
505  );
506 
507 VOID PhLoadSettingsServiceTreeList(
508  VOID
509  );
510 
511 VOID PhSaveSettingsServiceTreeList(
512  VOID
513  );
514 
515 // begin_phapppub
516 PHAPPAPI
517 struct _PH_TN_FILTER_SUPPORT *
518 NTAPI
519 PhGetFilterSupportServiceTreeList(
520  VOID
521  );
522 // end_phapppub
523 
524 PPH_SERVICE_NODE PhAddServiceNode(
525  _In_ PPH_SERVICE_ITEM ServiceItem,
526  _In_ ULONG RunId
527  );
528 
529 // begin_phapppub
530 PHAPPAPI
531 PPH_SERVICE_NODE
532 NTAPI
533 PhFindServiceNode(
534  _In_ PPH_SERVICE_ITEM ServiceItem
535  );
536 // end_phapppub
537 
538 VOID PhRemoveServiceNode(
539  _In_ PPH_SERVICE_NODE ServiceNode
540  );
541 
542 // begin_phapppub
543 PHAPPAPI
544 VOID
545 NTAPI
546 PhUpdateServiceNode(
547  _In_ PPH_SERVICE_NODE ServiceNode
548  );
549 // end_phapppub
550 
551 VOID PhTickServiceNodes(
552  VOID
553  );
554 
555 // begin_phapppub
556 PHAPPAPI
557 PPH_SERVICE_ITEM
558 NTAPI
559 PhGetSelectedServiceItem(
560  VOID
561  );
562 
563 PHAPPAPI
564 VOID
565 NTAPI
566 PhGetSelectedServiceItems(
567  _Out_ PPH_SERVICE_ITEM **Services,
568  _Out_ PULONG NumberOfServices
569  );
570 
571 PHAPPAPI
572 VOID
573 NTAPI
574 PhDeselectAllServiceNodes(
575  VOID
576  );
577 
578 PHAPPAPI
579 VOID
580 NTAPI
581 PhSelectAndEnsureVisibleServiceNode(
582  _In_ PPH_SERVICE_NODE ServiceNode
583  );
584 // end_phapppub
585 
586 VOID PhCopyServiceList(
587  VOID
588  );
589 
590 VOID PhWriteServiceList(
591  _Inout_ PPH_FILE_STREAM FileStream,
592  _In_ ULONG Mode
593  );
594 
595 // netlist
596 
597 // Columns
598 
599 #define PHNETLC_PROCESS 0
600 #define PHNETLC_LOCALADDRESS 1
601 #define PHNETLC_LOCALPORT 2
602 #define PHNETLC_REMOTEADDRESS 3
603 #define PHNETLC_REMOTEPORT 4
604 #define PHNETLC_PROTOCOL 5
605 #define PHNETLC_STATE 6
606 #define PHNETLC_OWNER 7
607 #define PHNETLC_TIMESTAMP 8
608 #define PHNETLC_MAXIMUM 9
609 
610 // begin_phapppub
611 typedef struct _PH_NETWORK_NODE
612 {
613  PH_TREENEW_NODE Node;
614 
615  PH_SH_STATE ShState;
616 
617  PPH_NETWORK_ITEM NetworkItem;
618 // end_phapppub
619 
620  PH_STRINGREF TextCache[PHNETLC_MAXIMUM];
621 
622  LONG UniqueId;
623  PPH_STRING ProcessNameText;
624  PH_STRINGREF LocalAddressText;
625  PH_STRINGREF RemoteAddressText;
626  PPH_STRING TimeStampText;
627 
628  PPH_STRING TooltipText;
629 // begin_phapppub
630 } PH_NETWORK_NODE, *PPH_NETWORK_NODE;
631 // end_phapppub
632 
633 VOID PhNetworkTreeListInitialization(
634  VOID
635  );
636 
637 VOID PhInitializeNetworkTreeList(
638  _In_ HWND hwnd
639  );
640 
641 VOID PhLoadSettingsNetworkTreeList(
642  VOID
643  );
644 
645 VOID PhSaveSettingsNetworkTreeList(
646  VOID
647  );
648 
649 // begin_phapppub
650 PHAPPAPI
651 struct _PH_TN_FILTER_SUPPORT *
652 NTAPI
653 PhGetFilterSupportNetworkTreeList(
654  VOID
655  );
656 // end_phapppub
657 
658 PPH_NETWORK_NODE PhAddNetworkNode(
659  _In_ PPH_NETWORK_ITEM NetworkItem,
660  _In_ ULONG RunId
661  );
662 
663 // begin_phapppub
664 PHAPPAPI
665 PPH_NETWORK_NODE
666 NTAPI
667 PhFindNetworkNode(
668  _In_ PPH_NETWORK_ITEM NetworkItem
669  );
670 // end_phapppub
671 
672 VOID PhRemoveNetworkNode(
673  _In_ PPH_NETWORK_NODE NetworkNode
674  );
675 
676 VOID PhUpdateNetworkNode(
677  _In_ PPH_NETWORK_NODE NetworkNode
678  );
679 
680 VOID PhTickNetworkNodes(
681  VOID
682  );
683 
684 PPH_NETWORK_ITEM PhGetSelectedNetworkItem(
685  VOID
686  );
687 
688 VOID PhGetSelectedNetworkItems(
689  _Out_ PPH_NETWORK_ITEM **NetworkItems,
690  _Out_ PULONG NumberOfNetworkItems
691  );
692 
693 VOID PhDeselectAllNetworkNodes(
694  VOID
695  );
696 
697 VOID PhSelectAndEnsureVisibleNetworkNode(
698  _In_ PPH_NETWORK_NODE NetworkNode
699  );
700 
701 VOID PhCopyNetworkList(
702  VOID
703  );
704 
705 VOID PhWriteNetworkList(
706  _Inout_ PPH_FILE_STREAM FileStream,
707  _In_ ULONG Mode
708  );
709 
710 // thrdlist
711 
712 // Columns
713 
714 #define PHTHTLC_TID 0
715 #define PHTHTLC_CPU 1
716 #define PHTHTLC_CYCLESDELTA 2
717 #define PHTHTLC_STARTADDRESS 3
718 #define PHTHTLC_PRIORITY 4
719 #define PHTHTLC_SERVICE 5
720 
721 #define PHTHTLC_MAXIMUM 6
722 
723 // begin_phapppub
724 typedef struct _PH_THREAD_NODE
725 {
726  PH_TREENEW_NODE Node;
727 
728  PH_SH_STATE ShState;
729 
730  HANDLE ThreadId;
731  PPH_THREAD_ITEM ThreadItem;
732 // end_phapppub
733 
734  PH_STRINGREF TextCache[PHTHTLC_MAXIMUM];
735 
736  ULONG ValidMask;
737 
738  WCHAR CpuUsageText[PH_INT32_STR_LEN_1];
739  PPH_STRING CyclesDeltaText; // used for Context Switches Delta as well
740  PPH_STRING StartAddressText;
741  PPH_STRING PriorityText;
742 // begin_phapppub
743 } PH_THREAD_NODE, *PPH_THREAD_NODE;
744 // end_phapppub
745 
746 typedef struct _PH_THREAD_LIST_CONTEXT
747 {
748  HWND ParentWindowHandle;
749  HWND TreeNewHandle;
750  ULONG TreeNewSortColumn;
751  PH_SORT_ORDER TreeNewSortOrder;
752  PH_CM_MANAGER Cm;
753  BOOLEAN UseCycleTime;
754  BOOLEAN HasServices;
755 
756  PPH_HASHTABLE NodeHashtable;
757  PPH_LIST NodeList;
758 
759  BOOLEAN EnableStateHighlighting;
760  PPH_POINTER_LIST NodeStateList;
761 } PH_THREAD_LIST_CONTEXT, *PPH_THREAD_LIST_CONTEXT;
762 
763 VOID PhInitializeThreadList(
764  _In_ HWND ParentWindowHandle,
765  _In_ HWND TreeNewHandle,
766  _Out_ PPH_THREAD_LIST_CONTEXT Context
767  );
768 
769 VOID PhDeleteThreadList(
770  _In_ PPH_THREAD_LIST_CONTEXT Context
771  );
772 
773 VOID PhLoadSettingsThreadList(
774  _Inout_ PPH_THREAD_LIST_CONTEXT Context
775  );
776 
777 VOID PhSaveSettingsThreadList(
778  _Inout_ PPH_THREAD_LIST_CONTEXT Context
779  );
780 
781 PPH_THREAD_NODE PhAddThreadNode(
782  _Inout_ PPH_THREAD_LIST_CONTEXT Context,
783  _In_ PPH_THREAD_ITEM ThreadItem,
784  _In_ BOOLEAN FirstRun
785  );
786 
787 PPH_THREAD_NODE PhFindThreadNode(
788  _In_ PPH_THREAD_LIST_CONTEXT Context,
789  _In_ HANDLE ThreadId
790  );
791 
792 VOID PhRemoveThreadNode(
793  _In_ PPH_THREAD_LIST_CONTEXT Context,
794  _In_ PPH_THREAD_NODE ThreadNode
795  );
796 
797 VOID PhUpdateThreadNode(
798  _In_ PPH_THREAD_LIST_CONTEXT Context,
799  _In_ PPH_THREAD_NODE ThreadNode
800  );
801 
802 VOID PhTickThreadNodes(
803  _In_ PPH_THREAD_LIST_CONTEXT Context
804  );
805 
806 PPH_THREAD_ITEM PhGetSelectedThreadItem(
807  _In_ PPH_THREAD_LIST_CONTEXT Context
808  );
809 
810 VOID PhGetSelectedThreadItems(
811  _In_ PPH_THREAD_LIST_CONTEXT Context,
812  _Out_ PPH_THREAD_ITEM **Threads,
813  _Out_ PULONG NumberOfThreads
814  );
815 
816 VOID PhDeselectAllThreadNodes(
817  _In_ PPH_THREAD_LIST_CONTEXT Context
818  );
819 
820 // modlist
821 
822 // Columns
823 
824 #define PHMOTLC_NAME 0
825 #define PHMOTLC_BASEADDRESS 1
826 #define PHMOTLC_SIZE 2
827 #define PHMOTLC_DESCRIPTION 3
828 
829 #define PHMOTLC_COMPANYNAME 4
830 #define PHMOTLC_VERSION 5
831 #define PHMOTLC_FILENAME 6
832 
833 #define PHMOTLC_TYPE 7
834 #define PHMOTLC_LOADCOUNT 8
835 #define PHMOTLC_VERIFICATIONSTATUS 9
836 #define PHMOTLC_VERIFIEDSIGNER 10
837 #define PHMOTLC_ASLR 11
838 #define PHMOTLC_TIMESTAMP 12
839 #define PHMOTLC_CFGUARD 13
840 #define PHMOTLC_LOADTIME 14
841 #define PHMOTLC_LOADREASON 15
842 
843 #define PHMOTLC_MAXIMUM 16
844 
845 // begin_phapppub
846 typedef struct _PH_MODULE_NODE
847 {
848  PH_TREENEW_NODE Node;
849 
850  PH_SH_STATE ShState;
851 
852  PPH_MODULE_ITEM ModuleItem;
853 // end_phapppub
854 
855  PH_STRINGREF TextCache[PHMOTLC_MAXIMUM];
856 
857  ULONG ValidMask;
858 
859  PPH_STRING TooltipText;
860 
861  PPH_STRING SizeText;
862  WCHAR LoadCountText[PH_INT32_STR_LEN_1];
863  PPH_STRING TimeStampText;
864  PPH_STRING LoadTimeText;
865 // begin_phapppub
866 } PH_MODULE_NODE, *PPH_MODULE_NODE;
867 // end_phapppub
868 
869 typedef struct _PH_MODULE_LIST_CONTEXT
870 {
871  HWND ParentWindowHandle;
872  HWND TreeNewHandle;
873  ULONG TreeNewSortColumn;
874  PH_SORT_ORDER TreeNewSortOrder;
875  PH_CM_MANAGER Cm;
876 
877  PPH_HASHTABLE NodeHashtable;
878  PPH_LIST NodeList;
879 
880  BOOLEAN EnableStateHighlighting;
881  PPH_POINTER_LIST NodeStateList;
882 
883  HFONT BoldFont;
884 } PH_MODULE_LIST_CONTEXT, *PPH_MODULE_LIST_CONTEXT;
885 
886 VOID PhInitializeModuleList(
887  _In_ HWND ParentWindowHandle,
888  _In_ HWND TreeNewHandle,
889  _Out_ PPH_MODULE_LIST_CONTEXT Context
890  );
891 
892 VOID PhDeleteModuleList(
893  _In_ PPH_MODULE_LIST_CONTEXT Context
894  );
895 
896 VOID PhLoadSettingsModuleList(
897  _Inout_ PPH_MODULE_LIST_CONTEXT Context
898  );
899 
900 VOID PhSaveSettingsModuleList(
901  _Inout_ PPH_MODULE_LIST_CONTEXT Context
902  );
903 
904 PPH_MODULE_NODE PhAddModuleNode(
905  _Inout_ PPH_MODULE_LIST_CONTEXT Context,
906  _In_ PPH_MODULE_ITEM ModuleItem,
907  _In_ ULONG RunId
908  );
909 
910 PPH_MODULE_NODE PhFindModuleNode(
911  _In_ PPH_MODULE_LIST_CONTEXT Context,
912  _In_ PPH_MODULE_ITEM ModuleItem
913  );
914 
915 VOID PhRemoveModuleNode(
916  _In_ PPH_MODULE_LIST_CONTEXT Context,
917  _In_ PPH_MODULE_NODE ModuleNode
918  );
919 
920 VOID PhUpdateModuleNode(
921  _In_ PPH_MODULE_LIST_CONTEXT Context,
922  _In_ PPH_MODULE_NODE ModuleNode
923  );
924 
925 VOID PhTickModuleNodes(
926  _In_ PPH_MODULE_LIST_CONTEXT Context
927  );
928 
929 PPH_MODULE_ITEM PhGetSelectedModuleItem(
930  _In_ PPH_MODULE_LIST_CONTEXT Context
931  );
932 
933 VOID PhGetSelectedModuleItems(
934  _In_ PPH_MODULE_LIST_CONTEXT Context,
935  _Out_ PPH_MODULE_ITEM **Modules,
936  _Out_ PULONG NumberOfModules
937  );
938 
939 VOID PhDeselectAllModuleNodes(
940  _In_ PPH_MODULE_LIST_CONTEXT Context
941  );
942 
943 // hndllist
944 
945 // Columns
946 
947 #define PHHNTLC_TYPE 0
948 #define PHHNTLC_NAME 1
949 #define PHHNTLC_HANDLE 2
950 
951 #define PHHNTLC_OBJECTADDRESS 3
952 #define PHHNTLC_ATTRIBUTES 4
953 #define PHHNTLC_GRANTEDACCESS 5
954 #define PHHNTLC_GRANTEDACCESSSYMBOLIC 6
955 #define PHHNTLC_ORIGINALNAME 7
956 #define PHHNTLC_FILESHAREACCESS 8
957 
958 #define PHHNTLC_MAXIMUM 9
959 
960 // begin_phapppub
961 typedef struct _PH_HANDLE_NODE
962 {
963  PH_TREENEW_NODE Node;
964 
965  PH_SH_STATE ShState;
966 
967  HANDLE Handle;
968  PPH_HANDLE_ITEM HandleItem;
969 // end_phapppub
970 
971  PH_STRINGREF TextCache[PHHNTLC_MAXIMUM];
972 
973  PPH_STRING GrantedAccessSymbolicText;
974  WCHAR FileShareAccessText[4];
975 // begin_phapppub
976 } PH_HANDLE_NODE, *PPH_HANDLE_NODE;
977 // end_phapppub
978 
979 typedef struct _PH_HANDLE_LIST_CONTEXT
980 {
981  HWND ParentWindowHandle;
982  HWND TreeNewHandle;
983  ULONG TreeNewSortColumn;
984  PH_SORT_ORDER TreeNewSortOrder;
985  PH_CM_MANAGER Cm;
986  BOOLEAN HideUnnamedHandles;
987 
988  PPH_HASHTABLE NodeHashtable;
989  PPH_LIST NodeList;
990 
991  BOOLEAN EnableStateHighlighting;
992  PPH_POINTER_LIST NodeStateList;
993 } PH_HANDLE_LIST_CONTEXT, *PPH_HANDLE_LIST_CONTEXT;
994 
995 VOID PhInitializeHandleList(
996  _In_ HWND ParentWindowHandle,
997  _In_ HWND TreeNewHandle,
998  _Out_ PPH_HANDLE_LIST_CONTEXT Context
999  );
1000 
1001 VOID PhDeleteHandleList(
1002  _In_ PPH_HANDLE_LIST_CONTEXT Context
1003  );
1004 
1005 VOID PhLoadSettingsHandleList(
1006  _Inout_ PPH_HANDLE_LIST_CONTEXT Context
1007  );
1008 
1009 VOID PhSaveSettingsHandleList(
1010  _Inout_ PPH_HANDLE_LIST_CONTEXT Context
1011  );
1012 
1013 VOID PhSetOptionsHandleList(
1014  _Inout_ PPH_HANDLE_LIST_CONTEXT Context,
1015  _In_ BOOLEAN HideUnnamedHandles
1016  );
1017 
1018 PPH_HANDLE_NODE PhAddHandleNode(
1019  _Inout_ PPH_HANDLE_LIST_CONTEXT Context,
1020  _In_ PPH_HANDLE_ITEM HandleItem,
1021  _In_ ULONG RunId
1022  );
1023 
1024 PPH_HANDLE_NODE PhFindHandleNode(
1025  _In_ PPH_HANDLE_LIST_CONTEXT Context,
1026  _In_ HANDLE Handle
1027  );
1028 
1029 VOID PhRemoveHandleNode(
1030  _In_ PPH_HANDLE_LIST_CONTEXT Context,
1031  _In_ PPH_HANDLE_NODE HandleNode
1032  );
1033 
1034 VOID PhUpdateHandleNode(
1035  _In_ PPH_HANDLE_LIST_CONTEXT Context,
1036  _In_ PPH_HANDLE_NODE HandleNode
1037  );
1038 
1039 VOID PhTickHandleNodes(
1040  _In_ PPH_HANDLE_LIST_CONTEXT Context
1041  );
1042 
1043 PPH_HANDLE_ITEM PhGetSelectedHandleItem(
1044  _In_ PPH_HANDLE_LIST_CONTEXT Context
1045  );
1046 
1047 VOID PhGetSelectedHandleItems(
1048  _In_ PPH_HANDLE_LIST_CONTEXT Context,
1049  _Out_ PPH_HANDLE_ITEM **Handles,
1050  _Out_ PULONG NumberOfHandles
1051  );
1052 
1053 VOID PhDeselectAllHandleNodes(
1054  _In_ PPH_HANDLE_LIST_CONTEXT Context
1055  );
1056 
1057 // memlist
1058 
1059 // Columns
1060 
1061 #define PHMMTLC_BASEADDRESS 0
1062 #define PHMMTLC_TYPE 1
1063 #define PHMMTLC_SIZE 2
1064 #define PHMMTLC_PROTECTION 3
1065 #define PHMMTLC_USE 4
1066 #define PHMMTLC_TOTALWS 5
1067 #define PHMMTLC_PRIVATEWS 6
1068 #define PHMMTLC_SHAREABLEWS 7
1069 #define PHMMTLC_SHAREDWS 8
1070 #define PHMMTLC_LOCKEDWS 9
1071 #define PHMMTLC_COMMITTED 10
1072 #define PHMMTLC_PRIVATE 11
1073 
1074 #define PHMMTLC_MAXIMUM 12
1075 
1076 // begin_phapppub
1077 typedef struct _PH_MEMORY_NODE
1078 {
1079  PH_TREENEW_NODE Node;
1080 
1081  BOOLEAN IsAllocationBase;
1082  BOOLEAN Reserved1;
1083  USHORT Reserved2;
1084  PPH_MEMORY_ITEM MemoryItem;
1085 
1086  struct _PH_MEMORY_NODE *Parent;
1087  PPH_LIST Children;
1088 // end_phapppub
1089 
1090  PH_STRINGREF TextCache[PHMMTLC_MAXIMUM];
1091 
1092  WCHAR BaseAddressText[PH_PTR_STR_LEN_1];
1093  WCHAR TypeText[30];
1094  PPH_STRING SizeText;
1095  WCHAR ProtectionText[17];
1096  PPH_STRING UseText;
1097  PPH_STRING TotalWsText;
1098  PPH_STRING PrivateWsText;
1099  PPH_STRING ShareableWsText;
1100  PPH_STRING SharedWsText;
1101  PPH_STRING LockedWsText;
1102  PPH_STRING CommittedText;
1103  PPH_STRING PrivateText;
1104 // begin_phapppub
1105 } PH_MEMORY_NODE, *PPH_MEMORY_NODE;
1106 // end_phapppub
1107 
1108 typedef struct _PH_MEMORY_LIST_CONTEXT
1109 {
1110  HWND ParentWindowHandle;
1111  HWND TreeNewHandle;
1112  ULONG TreeNewSortColumn;
1113  PH_SORT_ORDER TreeNewSortOrder;
1114  PH_CM_MANAGER Cm;
1115  BOOLEAN HideFreeRegions;
1116 
1117  PPH_LIST AllocationBaseNodeList; // Allocation base nodes (list should always be sorted by base address)
1118  PPH_LIST RegionNodeList; // Memory region nodes
1119 } PH_MEMORY_LIST_CONTEXT, *PPH_MEMORY_LIST_CONTEXT;
1120 
1121 VOID PhInitializeMemoryList(
1122  _In_ HWND ParentWindowHandle,
1123  _In_ HWND TreeNewHandle,
1124  _Out_ PPH_MEMORY_LIST_CONTEXT Context
1125  );
1126 
1127 VOID PhDeleteMemoryList(
1128  _In_ PPH_MEMORY_LIST_CONTEXT Context
1129  );
1130 
1131 VOID PhLoadSettingsMemoryList(
1132  _Inout_ PPH_MEMORY_LIST_CONTEXT Context
1133  );
1134 
1135 VOID PhSaveSettingsMemoryList(
1136  _Inout_ PPH_MEMORY_LIST_CONTEXT Context
1137  );
1138 
1139 VOID PhSetOptionsMemoryList(
1140  _Inout_ PPH_MEMORY_LIST_CONTEXT Context,
1141  _In_ BOOLEAN HideFreeRegions
1142  );
1143 
1144 VOID PhReplaceMemoryList(
1145  _Inout_ PPH_MEMORY_LIST_CONTEXT Context,
1146  _In_ PPH_MEMORY_ITEM_LIST List
1147  );
1148 
1149 VOID PhUpdateMemoryNode(
1150  _In_ PPH_MEMORY_LIST_CONTEXT Context,
1151  _In_ PPH_MEMORY_NODE MemoryNode
1152  );
1153 
1154 PPH_MEMORY_NODE PhGetSelectedMemoryNode(
1155  _In_ PPH_MEMORY_LIST_CONTEXT Context
1156  );
1157 
1158 VOID PhGetSelectedMemoryNodes(
1159  _In_ PPH_MEMORY_LIST_CONTEXT Context,
1160  _Out_ PPH_MEMORY_NODE **MemoryNodes,
1161  _Out_ PULONG NumberOfMemoryNodes
1162  );
1163 
1164 VOID PhDeselectAllMemoryNodes(
1165  _In_ PPH_MEMORY_LIST_CONTEXT Context
1166  );
1167 
1168 #endif