1.5.5

DavidXanatos · May 3, 2024 · cb33967 · cb33967
1 parent ac93a2f
commit cb33967
Show file tree

Hide file tree

Showing 65 changed files with 3,553 additions and 1,076 deletions.
diff --git a/ProcessHacker/phlib/apiimport.c b/ProcessHacker/phlib/apiimport.c
@@ -6,7 +6,7 @@
  * Authors:
  *
  *     wj32    2015
- *     dmex    2019-2023
+ *     dmex    2019-2024
  *
  */
 
@@ -91,5 +91,3 @@ PH_DEFINE_IMPORT(L"userenv.dll", GetAppContainerRegistryLocation);
 PH_DEFINE_IMPORT(L"userenv.dll", GetAppContainerFolderPath);
 
 PH_DEFINE_IMPORT(L"user32.dll", SetWindowDisplayAffinity);
-
-PH_DEFINE_IMPORT(L"winsta.dll", WinStationQueryInformationW);
diff --git a/ProcessHacker/phlib/appruntime.c b/ProcessHacker/phlib/appruntime.c
@@ -20,9 +20,9 @@
 #endif
 
 #ifdef __hstring_h__
-C_ASSERT(sizeof(HSTRING_REFERENCE) == sizeof(HSTRING_HEADER));
+static_assert(sizeof(HSTRING_REFERENCE) == sizeof(HSTRING_HEADER), "HSTRING_REFERENCE must equal WSTRING_HEADER");
 #else
-C_ASSERT(sizeof(HSTRING_REFERENCE) == sizeof(WSTRING_HEADER));
+static_assert(sizeof(HSTRING_REFERENCE) == sizeof(WSTRING_HEADER), "HSTRING_REFERENCE must equal WSTRING_HEADER");
 #endif
 
 PPH_STRING PhCreateStringFromWindowsRuntimeString(
@@ -382,20 +382,20 @@ static PVOID PhDetoursPackageSystemIdentificationContext(
 
     if (PhBeginInitOnce(&initOnce))
     {
-        index = TlsAlloc();
+        index = PhTlsAlloc();
         PhEndInitOnce(&initOnce);
     }
 
     if (index != TLS_OUT_OF_INDEXES)
     {
         if (Initialize)
         {
-            if (TlsSetValue(index, Buffer))
+            if (NT_SUCCESS(PhTlsSetValue(index, Buffer)))
                 return Buffer;
         }
         else
         {
-            return TlsGetValue(index);
+            return PhTlsGetValue(index);
         }
     }
 
@@ -713,22 +713,23 @@ HRESULT PhGetProcessSystemIdentification(
     {
         PSYSTEM_PROCESS_INFORMATION process;
 
-        process = PhFindProcessInformation(processes, ProcessId);
-
-        for (ULONG i = 0; i < process->NumberOfThreads; i++)
+        if (process = PhFindProcessInformation(processes, ProcessId))
         {
-            HANDLE tempThreadHandle;
+            for (ULONG i = 0; i < process->NumberOfThreads; i++)
+            {
+                HANDLE tempThreadHandle;
 
-            threadId = process->Threads[i].ClientId.UniqueThread;
+                threadId = process->Threads[i].ClientId.UniqueThread;
 
-            if (NT_SUCCESS(PhOpenThread(
-                &tempThreadHandle,
-                THREAD_QUERY_LIMITED_INFORMATION,
-                threadId
-                )))
-            {
-                threadHandle = tempThreadHandle;
-                break;
+                if (NT_SUCCESS(PhOpenThread(
+                    &tempThreadHandle,
+                    THREAD_QUERY_LIMITED_INFORMATION,
+                    threadId
+                    )))
+                {
+                    threadHandle = tempThreadHandle;
+                    break;
+                }
             }
         }
 

diff --git a/ProcessHacker/phlib/basesup.c b/ProcessHacker/phlib/basesup.c
@@ -145,7 +145,7 @@ BOOLEAN PhBaseInitialization(
     PhInitializeFreeList(&PhpBaseThreadContextFreeList, sizeof(PHP_BASE_THREAD_CONTEXT), 16);
 
 #ifdef DEBUG
-    PhDbgThreadDbgTlsIndex = TlsAlloc();
+    PhDbgThreadDbgTlsIndex = PhTlsAlloc();
 #endif
 
     return TRUE;
@@ -176,7 +176,7 @@ NTSTATUS PhpBaseThreadStart(
     InsertTailList(&PhDbgThreadListHead, &dbg.ListEntry);
     PhReleaseQueuedLockExclusive(&PhDbgThreadListLock);
 
-    TlsSetValue(PhDbgThreadDbgTlsIndex, &dbg);
+    PhTlsSetValue(PhDbgThreadDbgTlsIndex, &dbg);
 #endif
 
     // Initialization code
@@ -823,6 +823,12 @@ PVOID PhReAllocate(
 #if defined(PH_DEBUG_HEAP)
     return realloc(Memory, Size);
 #else
+    // RtlReAllocateHeap does not behave the same as realloc when Memory is NULL.
+    // For consistency with realloc above and easier drop-in replacements for
+    // realloc, produce the same behavior as realloc. If Memory is NULL, then
+    // allocate a new block.
+    if (!Memory) return RtlAllocateHeap(PhHeapHandle, HEAP_GENERATE_EXCEPTIONS, Size);
+
     return RtlReAllocateHeap(PhHeapHandle, HEAP_GENERATE_EXCEPTIONS, Memory, Size);
 #endif
 }
@@ -848,6 +854,12 @@ PVOID PhReAllocateSafe(
 #if defined(PH_DEBUG_HEAP)
     return realloc(Memory, Size);
 #else
+    // RtlReAllocateHeap does not behave the same as realloc when Memory is NULL.
+    // For consistency with realloc above and easier drop-in replacements for
+    // realloc, produce the same behavior as realloc. If Memory is NULL, then
+    // allocate a new block.
+    if (!Memory) return RtlAllocateHeap(PhHeapHandle, 0, Size);
+
     return RtlReAllocateHeap(PhHeapHandle, 0, Memory, Size);
 #endif
 }
@@ -7673,3 +7685,107 @@ ULONG PhCountBitsUlongPtr(
         //return count;
     }
 }
+
+#pragma region Thread Local Storage (TLS)
+
+ULONG PhTlsAlloc(
+    VOID
+    )
+{
+    if (WindowsVersion < WINDOWS_NEW)
+    {
+        PTEB currentTeb;
+        PPEB currentPeb;
+        ULONG i;
+
+        currentTeb = NtCurrentTeb();
+        currentPeb = currentTeb->ProcessEnvironmentBlock;
+        RtlAcquirePebLock();
+
+        for (
+            i = RtlFindClearBitsAndSet(currentPeb->TlsBitmap, 1, 0);
+            ;
+            i = RtlFindClearBitsAndSet(currentPeb->TlsBitmap, 1, 0)
+            )
+        {
+            if (i != ULONG_MAX)
+            {
+                RtlReleasePebLock();
+                currentTeb->TlsSlots[i] = NULL;
+                return i;
+            }
+
+            if (currentTeb->TlsExpansionSlots)
+                break;
+
+            RtlReleasePebLock();
+            currentTeb->TlsExpansionSlots = (PVOID*)RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, 0x2000);
+            if (!currentTeb->TlsExpansionSlots) goto CleanupExit;
+            RtlAcquirePebLock();
+        }
+
+        i = RtlFindClearBitsAndSet(currentPeb->TlsExpansionBitmap, 1, 0);
+        RtlReleasePebLock();
+
+        if (i != ULONG_MAX)
+        {
+            currentTeb->TlsExpansionSlots[i] = NULL;
+            return i + TLS_MINIMUM_AVAILABLE;
+        }
+    }
+
+CleanupExit:
+    //RtlSetLastWin32ErrorAndNtStatusFromNtStatus(STATUS_NO_MEMORY);
+    //return ULONG_MAX;
+    return TlsAlloc();
+}
+
+PVOID PhTlsGetValue(
+    _In_ ULONG Index
+    )
+{
+    if (WindowsVersion < WINDOWS_NEW && Index < TLS_MINIMUM_AVAILABLE)
+    {
+        return NtCurrentTeb()->TlsSlots[Index];
+    }
+
+    return TlsGetValue(Index);
+}
+
+NTSTATUS PhTlsSetValue(
+    _In_ ULONG Index,
+    _In_opt_ PVOID Value
+    )
+{
+    if (WindowsVersion < WINDOWS_NEW && Index < TLS_MINIMUM_AVAILABLE)
+    {
+        NtCurrentTeb()->TlsSlots[Index] = Value;
+        return STATUS_SUCCESS;
+    }
+
+    if (TlsSetValue(Index, Value))
+        return STATUS_SUCCESS;
+
+    return PhGetLastWin32ErrorAsNtStatus();
+}
+
+#pragma endregion
+
+ULONG PhGetLastError(
+    VOID
+    )
+{
+    if (WindowsVersion < WINDOWS_NEW)
+        return NtCurrentTeb()->LastErrorValue;
+    return GetLastError();
+}
+
+VOID PhSetLastError(
+    _In_ ULONG ErrorValue
+    )
+{
+    if (WindowsVersion < WINDOWS_NEW)
+        NtCurrentTeb()->LastErrorValue = ErrorValue;
+    else
+        SetLastError(ErrorValue);
+}
diff --git a/ProcessHacker/phlib/cpysave.c b/ProcessHacker/phlib/cpysave.c
@@ -496,6 +496,49 @@ PPH_STRING PhGetListViewItemText(
     return buffer;
 }
 
+//PPH_STRING PhGetListViewItemText(
+//    _In_ HWND ListViewHandle,
+//    _In_ INT Index,
+//    _In_ INT SubIndex
+//    )
+//{
+//    WCHAR buffer[DOS_MAX_PATH_LENGTH] = L"";
+//    LVITEM item;
+//
+//    item.mask = LVIF_TEXT;
+//    item.iItem = Index;
+//    item.iSubItem = SubIndex;
+//    item.pszText = buffer;
+//    item.cchTextMax = RTL_NUMBER_OF(buffer);
+//
+//    if (ListView_GetItem(ListViewHandle, &item))
+//    {
+//        return PhCreateString(buffer);
+//    }
+//
+//    return NULL;
+//}
+
+PPH_STRING PhGetListViewSelectedItemText(
+    _In_ HWND ListViewHandle
+    )
+{
+    INT index;
+
+    index = PhFindListViewItemByFlags(
+        ListViewHandle,
+        INT_ERROR,
+        LVNI_SELECTED
+        );
+
+    if (index != INT_ERROR)
+    {
+        return PhGetListViewItemText(ListViewHandle, index, 0);
+    }
+
+    return NULL;
+}
+
 PPH_STRING PhaGetListViewItemText(
     _In_ HWND ListViewHandle,
     _In_ INT Index,

diff --git a/ProcessHacker/phlib/data.c b/ProcessHacker/phlib/data.c
@@ -127,6 +127,27 @@ PSID PhSeInternetExplorerSid( // S-1-15-3-4096 (dmex)
     return internetExplorerSid;
 }
 
+PSID PhSeCloudActiveDirectorySid( // S-1-12-1 (dmex)
+    VOID
+    )
+{
+    static PH_INITONCE initOnce = PH_INITONCE_INIT;
+    static UCHAR activeDirectorySidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG[1])];
+    PSID activeDirectorySid = (PSID)activeDirectorySidBuffer;
+
+    if (PhBeginInitOnce(&initOnce))
+    {
+        PhInitializeSid(activeDirectorySid, &(SID_IDENTIFIER_AUTHORITY){ 0, 0, 0, 0, 0, 12 }, 1);
+        *PhSubAuthoritySid(activeDirectorySid, 0) = 1;
+
+        PhEndInitOnce(&initOnce);
+    }
+
+    assert(PhLengthSid(activeDirectorySid) == sizeof(activeDirectorySidBuffer));
+
+    return activeDirectorySid;
+}
+
 // Unicode
 
 DECLSPEC_SELECTANY CONST

diff --git a/ProcessHacker/phlib/error.c b/ProcessHacker/phlib/error.c
@@ -6,7 +6,7 @@
  * Authors:
  *
  *     wj32    2010-2011
- *     dmex    2018-2023
+ *     dmex    2018-2024
  *
  */
 
@@ -41,7 +41,7 @@ ULONG PhNtStatusToServiceStatus(
     case STATUS_SERVICE_NOTIFICATION: return ERROR_SERVICE_NOTIFICATION;
     case STATUS_UNSATISFIED_DEPENDENCIES: return ERROR_DEPENDENT_SERVICES_RUNNING;
     case STATUS_IMAGE_ALREADY_LOADED: return ERROR_SERVICE_ALREADY_RUNNING;
-    case STATUS_AUDITING_DISABLED: return ERROR_SERVICE_DISABLED; // ??
+    case STATUS_ACCOUNT_DISABLED: return ERROR_SERVICE_DISABLED;
     case STATUS_OBJECT_NAME_NOT_FOUND: return ERROR_SERVICE_DOES_NOT_EXIST;
     case STATUS_OBJECT_NAME_COLLISION: return ERROR_SERVICE_EXISTS;
     case STATUS_OBJECT_NAME_EXISTS: return ERROR_DUPLICATE_SERVICE_NAME;
@@ -69,15 +69,18 @@ NTSTATUS PhDosErrorToNtStatus(
     case ERROR_SUCCESS: return STATUS_SUCCESS;
     case ERROR_INVALID_FUNCTION: return STATUS_ILLEGAL_FUNCTION;
     case ERROR_FILE_NOT_FOUND: return STATUS_NO_SUCH_FILE;
+    case ERROR_PATH_NOT_FOUND: return STATUS_OBJECT_PATH_NOT_FOUND;
     case ERROR_ACCESS_DENIED: return STATUS_ACCESS_DENIED;
     case ERROR_INVALID_HANDLE: return STATUS_INVALID_HANDLE;
+    case ERROR_INVALID_DATA: return STATUS_DATA_ERROR;
     case ERROR_NO_MORE_FILES: return STATUS_NO_MORE_FILES;
     case ERROR_BAD_LENGTH: return STATUS_INFO_LENGTH_MISMATCH;
     case ERROR_SHARING_VIOLATION: return STATUS_SHARING_VIOLATION;
     case ERROR_HANDLE_EOF: return STATUS_END_OF_FILE;
     case ERROR_NOT_SUPPORTED: return STATUS_NOT_SUPPORTED;
     case ERROR_INVALID_PARAMETER: return STATUS_INVALID_PARAMETER;
     case ERROR_INSUFFICIENT_BUFFER: return STATUS_BUFFER_TOO_SMALL;
+    case ERROR_INVALID_NAME: return STATUS_OBJECT_NAME_INVALID;
     case ERROR_MOD_NOT_FOUND: return STATUS_DLL_NOT_FOUND;
     case ERROR_PROC_NOT_FOUND: return STATUS_PROCEDURE_NOT_FOUND;
     case ERROR_NOT_LOCKED: return STATUS_NOT_LOCKED;
@@ -94,25 +97,41 @@ NTSTATUS PhDosErrorToNtStatus(
     case ERROR_STACK_OVERFLOW: return STATUS_STACK_OVERFLOW;
     case ERROR_DEPENDENT_SERVICES_RUNNING: return STATUS_UNSATISFIED_DEPENDENCIES;
     case ERROR_SERVICE_ALREADY_RUNNING: return STATUS_IMAGE_ALREADY_LOADED;
-    case ERROR_SERVICE_DISABLED: return STATUS_AUDITING_DISABLED; // ??
+    case ERROR_SERVICE_DISABLED: return STATUS_ACCOUNT_DISABLED;
     case ERROR_SERVICE_DOES_NOT_EXIST: return STATUS_OBJECT_NAME_NOT_FOUND;
     case ERROR_SERVICE_EXISTS: return STATUS_OBJECT_NAME_COLLISION;
     case ERROR_DUPLICATE_SERVICE_NAME: return STATUS_OBJECT_NAME_EXISTS;
+    case ERROR_NOT_FOUND: return STATUS_NOT_FOUND;
     case ERROR_CANCELLED: return STATUS_CANCELLED;
     case ERROR_SERVICE_NOT_FOUND: return STATUS_OBJECT_PATH_INVALID;
     case ERROR_SOME_NOT_MAPPED: return STATUS_SOME_NOT_MAPPED;
     case ERROR_PRIVILEGE_NOT_HELD: return STATUS_PRIVILEGE_NOT_HELD;
+    case ERROR_LOGON_FAILURE: return STATUS_LOGON_FAILURE;
     case ERROR_NONE_MAPPED: return STATUS_NONE_MAPPED;
     case ERROR_INTERNAL_ERROR: return STATUS_INTERNAL_ERROR;
     case ERROR_NO_SYSTEM_RESOURCES: return STATUS_INSUFFICIENT_RESOURCES;
     case ERROR_TIMEOUT: return STATUS_TIMEOUT;
+    case ERROR_RESOURCE_TYPE_NOT_FOUND: return STATUS_RESOURCE_TYPE_NOT_FOUND;
+    case ERROR_RESOURCE_NAME_NOT_FOUND: return STATUS_RESOURCE_NAME_NOT_FOUND;
+    case ERROR_RESOURCE_LANG_NOT_FOUND: return STATUS_RESOURCE_LANG_NOT_FOUND;
+    case ERROR_NOT_ENOUGH_QUOTA: return STATUS_QUOTA_EXCEEDED;
     case ERROR_INVALID_TIME: return STATUS_INVALID_PARAMETER;
     case ERROR_WMI_GUID_NOT_FOUND: return STATUS_WMI_GUID_NOT_FOUND;
     case ERROR_WMI_INSTANCE_NOT_FOUND: return STATUS_WMI_INSTANCE_NOT_FOUND;
     case ERROR_ACTIVE_CONNECTIONS: return STATUS_ALREADY_DISCONNECTED;
     case ERROR_CTX_CLOSE_PENDING: return STATUS_CTX_CLOSE_PENDING;
     case ERROR_SERVICES_FAILED_AUTOSTART: return STATUS_SERVICES_FAILED_AUTOSTART;
     case ERROR_INVALID_SERVICE_CONTROL: return STATUS_INVALID_DEVICE_REQUEST;
+    case ERROR_MUI_FILE_NOT_FOUND: return STATUS_MUI_FILE_NOT_FOUND;
+    case ERROR_MUI_INVALID_FILE: return STATUS_MUI_INVALID_FILE;
+    case ERROR_MUI_INVALID_RC_CONFIG: return STATUS_MUI_INVALID_RC_CONFIG;
+    case ERROR_MUI_INVALID_LOCALE_NAME: return STATUS_MUI_INVALID_LOCALE_NAME;
+    case ERROR_MUI_INVALID_ULTIMATEFALLBACK_NAME: return STATUS_MUI_INVALID_ULTIMATEFALLBACK_NAME;
+    case ERROR_MUI_FILE_NOT_LOADED: return STATUS_MUI_FILE_NOT_LOADED;
+    case ERROR_RESOURCE_ENUM_USER_STOP: return STATUS_RESOURCE_ENUM_USER_STOP;
+    case NTE_INVALID_HANDLE: return STATUS_INVALID_HANDLE;
+    case NTE_INVALID_PARAMETER: return STATUS_INVALID_PARAMETER;
+    case NTE_BUFFER_TOO_SMALL: return STATUS_BUFFER_TOO_SMALL;
     default:
         {
             //assert(FALSE); // Update the table. (dmex)