Skip to content

Commit

Permalink
objprp ListView indexes cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@DartVanya
DartVanya committed Jan 29, 2025
1 parent 280a677 commit 807a00a
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 59 deletions.
44 changes: 27 additions & 17 deletions plugins/ExtendedTools/objmgr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1283,8 +1283,7 @@ NTSTATUS EtpTargetResolverWorkThreadStart(
if (winStationInfo.Domain[0] == UNICODE_NULL || winStationInfo.UserName[0] == UNICODE_NULL)
{
entry->Target = PhFormatString(L"%s (%s)", winStationInfo.WinStationName, EtMapSessionConnectState(winStationInfo.ConnectState));
}

}
else
{
entry->Target = PhFormatString(
Expand Down Expand Up @@ -1903,7 +1902,7 @@ NTSTATUS EtObjectManagerOpenRealObject(
NTSTATUS status = STATUS_UNSUCCESSFUL;
PPH_STRING fullName;
ULONG targetIndex;
ULONG i;
ULONG_PTR i;
PSYSTEM_HANDLE_INFORMATION_EX handles;
PPH_HASHTABLE processHandleHashtable;
PVOID* processHandlePtr;
Expand Down Expand Up @@ -1957,7 +1956,7 @@ NTSTATUS EtObjectManagerOpenRealObject(
// Open a handle to the process if we don't already have one.
if (processHandlePtr = PhFindItemSimpleHashtable(
processHandleHashtable,
(PVOID)handleInfo->UniqueProcessId
handleInfo->UniqueProcessId
))
{
processHandle = *processHandlePtr;
Expand Down Expand Up @@ -2035,14 +2034,16 @@ NTSTATUS EtObjectManagerOpenRealObject(
}
}

i = 0;
while (PhEnumHashtable(processHandleHashtable, &procEntry, &i))
{
status = NtClose(procEntry->Value);

if (!NT_SUCCESS(status))
ULONG j = 0;
while (PhEnumHashtable(processHandleHashtable, &procEntry, &j))
{
PhShowStatus(nullptr, L"Unidentified third party object.", status, 0);
NTSTATUS status = NtClose(procEntry->Value);

if (!NT_SUCCESS(status))
{
PhShowStatus(nullptr, L"Unidentified third party object.", status, 0);
}
}
}

Expand Down Expand Up @@ -2386,6 +2387,16 @@ VOID NTAPI EtpObjectManagerObjectProperties(
// Object Manager plugin window
PhShowHandlePropertiesEx(context->WindowHandle, processId, handleItem, PluginInstance, PhGetString(Entry->TypeName));

// Update the object address for items skipped by resolver
Entry->Object = handleItem->Object;
if (Entry->Object) PhPrintPointer(Entry->ObjectString, Entry->Object);
else Entry->ObjectString[0] = UNICODE_NULL;
if (Entry->Context->UseAddressColumn)
{
Entry->ItemIndex = PhFindIListViewItemByParam(context->ListViewClass, INT_ERROR, Entry);
IListView_RedrawItems(Entry->Context->ListViewClass, Entry->ItemIndex, Entry->ItemIndex);
}

PhDereferenceObject(objectContext.CurrentPath);
}

Expand Down Expand Up @@ -2798,8 +2809,11 @@ VOID EtpObjectManagerCopyObjectAddress(
{
Entry->Object = objectAddress;
PhPrintPointer(Entry->ObjectString, objectAddress);
Entry->ItemIndex = PhFindIListViewItemByParam(context->ListViewClass, INT_ERROR, Entry);
IListView_RedrawItems(Entry->Context->ListViewClass, Entry->ItemIndex, Entry->ItemIndex);
if (Entry->Context->UseAddressColumn)
{
Entry->ItemIndex = PhFindIListViewItemByParam(context->ListViewClass, INT_ERROR, Entry);
IListView_RedrawItems(Entry->Context->ListViewClass, Entry->ItemIndex, Entry->ItemIndex);
}
PhInitializeStringRef(&pointer, Entry->ObjectString);
}
}
Expand Down Expand Up @@ -3073,10 +3087,7 @@ INT_PTR CALLBACK WinObjDlgProc(

PhDeleteLayoutManager(&context->LayoutManager);

if (context->ListViewClass)
{
IListView_Release(context->ListViewClass);
}
PhDestroyListViewInterface(context->ListViewClass);

PostQuitMessage(0);
}
Expand Down Expand Up @@ -3785,7 +3796,6 @@ NTSTATUS EtShowObjectManagerDialogThread(

PhSetEvent(&EtObjectManagerDialogInitializedEvent);

PostMessage(EtObjectManagerDialogHandle, WM_PH_SHOW_DIALOG, 0, 0);
while (result = GetMessage(&message, NULL, 0, 0))
{
if (result == INT_ERROR)
Expand Down
109 changes: 67 additions & 42 deletions plugins/ExtendedTools/objprp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,22 @@ LRESULT CALLBACK EtpGeneralPageWindowSubclassProc(
return CallWindowProc(oldWndProc, hWnd, uMsg, wParam, lParam);
}

_Success_(return)
BOOLEAN FORCEINLINE EtFindIListViewItemByIndexParam(
_In_ IListView* ListViewClass,
_In_ LONG Index,
_Out_ PLONG FoundIndex
)
{
BOOLEAN found;
LONG index;

if (found = (index = PhFindIListViewItemByParam(ListViewClass, INT_ERROR, UlongToPtr(Index))) != INT_ERROR)
*FoundIndex = index;

return found;
}

VOID EtHandlePropertiesWindowInitialized(
_In_ PVOID Parameter
)
Expand All @@ -319,6 +335,7 @@ VOID EtHandlePropertiesWindowInitialized(

PPH_HANDLE_PROPERTIES_CONTEXT context = Parameter;
WCHAR string[PH_INT64_STR_LEN_1];
LONG index;

// Object Manager
if (EtObjectManagerDialogHandle && context->OwnerPlugin == PluginInstance)
Expand Down Expand Up @@ -348,14 +365,15 @@ VOID EtHandlePropertiesWindowInitialized(
}

// Show real handles count
if (context->ProcessId == NtCurrentProcessId())
if (context->ProcessId == NtCurrentProcessId() &&
EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_HANDLES, &index))
{
ULONG64 real_count = ULONG64_MAX;
PPH_STRING count = PH_AUTO(PhGetIListViewItemText(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_HANDLES, 1));
PPH_STRING count = PH_AUTO(PhGetIListViewItemText(context->ListViewClass, index, 1));
if (!PhIsNullOrEmptyString(count) && PhStringToUInt64(&count->sr, 0, &real_count) && real_count > 0)
{
PhPrintUInt32(string, OBJECT_CORRECT_HANDLES_COUNT(real_count));
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_HANDLES, 1, string);
PhSetIListViewSubItem(context->ListViewClass, index, 1, string);
}

// HACK for \REGISTRY permissions
Expand All @@ -381,8 +399,9 @@ VOID EtHandlePropertiesWindowInitialized(
// Removing of row breaks cached indexes, so hide reference value instead
//PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_REFERENCES, 1, L"");

PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ACCESSMASK);
EtListViewRowCache[OBJECT_GENERAL_INDEX_ATTRIBUTES] = PhAddIListViewGroupItem(
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ACCESSMASK, &index))
PhRemoveIListViewItem(context->ListViewClass, index);
index = PhAddIListViewGroupItem(
context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO,
OBJECT_GENERAL_INDEX_ATTRIBUTES,
Expand All @@ -409,36 +428,42 @@ VOID EtHandlePropertiesWindowInitialized(
PhRemoveEndStringBuilder(&stringBuilder, 2);

Attributes = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[OBJECT_GENERAL_INDEX_ATTRIBUTES], 1, PhGetString(Attributes));
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(Attributes));

// Show creation time (for symbolic links)
if (EtObjectManagerTimeCached.QuadPart != 0)
{
SYSTEMTIME startTimeFields;
SYSTEMTIME systemTime;

EtListViewRowCache[OBJECT_GENERAL_INDEX_CREATIONTIME] = PhAddIListViewGroupItem(
index = PhAddIListViewGroupItem(
context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO,
OBJECT_GENERAL_INDEX_CREATIONTIME,
L"Creation time",
NULL
);

PhLargeIntegerToLocalSystemTime(&startTimeFields, &EtObjectManagerTimeCached);
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[OBJECT_GENERAL_INDEX_CREATIONTIME], 1, PhaFormatDateTime(&startTimeFields)->Buffer);
PhLargeIntegerToLocalSystemTime(&systemTime, &EtObjectManagerTimeCached);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhaFormatDateTime(&systemTime)->Buffer);
}

// Remove irrelevant information if we couldn't open real object
if (PhEqualString2(context->HandleItem->TypeName, L"ALPC Port", TRUE))
{
if (!context->HandleItem->Object)
{
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_FLAGS, 1, NULL);
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_SEQUENCENUMBER, 1, NULL);
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT, 1, NULL);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_FLAGS, &index))
PhSetIListViewSubItem(context->ListViewClass, index, 1, NULL);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_SEQUENCENUMBER, &index))
PhSetIListViewSubItem(context->ListViewClass, index, 1, NULL);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT, &index))
PhSetIListViewSubItem(context->ListViewClass, index, 1, NULL);
}
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT + 3);
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT + 2);

if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ALPCCLIENT, &index))
PhRemoveIListViewItem(context->ListViewClass, index);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ALPCSERVER, &index))
PhRemoveIListViewItem(context->ListViewClass, index);
}
}
else if ((ULONG_PTR)context->OwnerPlugin == ((ULONG_PTR)PluginInstance | OBJECT_CHILD_HANDLEPROP_WINDOW))
Expand All @@ -453,22 +478,16 @@ VOID EtHandlePropertiesWindowInitialized(
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_TYPE);
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_NAME);

EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_NAME] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 0, L"Name", NULL);
INT origNameIndex = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 1, L"Original name", NULL);
EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_TYPE] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 2, L"Type", NULL);
EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_OBJECT] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 3, L"Object address", NULL);
EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_ACCESSMASK] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 4, L"Granted access", NULL);

PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_NAME], 1, PhGetString(context->HandleItem->BestObjectName));
PhSetIListViewSubItem(context->ListViewClass, origNameIndex, 1, PhGetString(context->HandleItem->ObjectName));
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_TYPE], 1, PhGetString(context->HandleItem->TypeName));
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_OBJECT], 1, context->HandleItem->ObjectString);
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_ACCESSMASK], 1, PhGetString(accessString));
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 0, L"Name", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(context->HandleItem->BestObjectName));
index = PhAddIListViewGroupItem(context->ListViewClass,PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 1, L"Original name", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(context->HandleItem->ObjectName));
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 2, L"Type", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(context->HandleItem->TypeName));
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 3, L"Object address", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, context->HandleItem->ObjectString);
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 4, L"Granted access", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(accessString));
}
}

Expand Down Expand Up @@ -1262,7 +1281,7 @@ static NTSTATUS NTAPI EtpSearchHandleFunction(

if (NT_SUCCESS(PhGetHandleInformation(
handleContext->ProcessHandle,
(HANDLE)handleContext->HandleInfo->HandleValue,
handleContext->HandleInfo->HandleValue,
handleContext->HandleInfo->ObjectTypeIndex,
NULL,
NULL,
Expand Down Expand Up @@ -1325,7 +1344,7 @@ VOID EtpEnumObjectHandles(
PH_STRINGREF typeName;
ULONG typeIndex;

if (PhSplitStringRefAtLastChar(&Context->HandleItem->ObjectName->sr, L'\\', &firstPart, &typeName))
if (PhSplitStringRefAtLastChar(&Context->HandleItem->ObjectName->sr, OBJ_NAME_PATH_SEPARATOR, &firstPart, &typeName))
if ((typeIndex = PhGetObjectTypeNumber(&typeName)) != ULONG_MAX)
findBySameTypeIndex = typeIndex;
}
Expand All @@ -1340,7 +1359,6 @@ VOID EtpEnumObjectHandles(
PVOID* processHandlePtr;
HANDLE processHandle;
PPH_KEY_VALUE_PAIR procEntry;
ULONG j = 0;

PPH_STRING objectName;
BOOLEAN objectNameMatched;
Expand Down Expand Up @@ -1457,8 +1475,18 @@ VOID EtpEnumObjectHandles(
PhWaitForWorkQueue(&workQueue);
}

while (PhEnumHashtable(processHandleHashtable, &procEntry, &j))
NtClose((HANDLE)procEntry->Value);
{
ULONG j = 0;
while (PhEnumHashtable(processHandleHashtable, &procEntry, &j))
{
NTSTATUS status = NtClose(procEntry->Value);

if (!NT_SUCCESS(status))
{
PhShowStatus(nullptr, L"Unidentified third party object.", status, 0);
}
}
}

PhDereferenceObject(processHandleHashtable);

Expand All @@ -1476,14 +1504,14 @@ VOID EtpEnumObjectHandles(
PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo = searchResults->Items[i];

// Skip Object Manager own handles
if ((HANDLE)handleInfo->UniqueProcessId == NtCurrentProcessId() &&
if (handleInfo->UniqueProcessId == NtCurrentProcessId() &&
PhFindItemList(EtObjectManagerOwnHandles, (PVOID)handleInfo->HandleValue) != ULONG_MAX)
{
continue;
}

entry = PhAllocateZero(sizeof(ET_HANDLE_ENTRY));
entry->ProcessId = (HANDLE)handleInfo->UniqueProcessId;
entry->ProcessId = handleInfo->UniqueProcessId;
entry->HandleItem = PhCreateHandleItem(handleInfo);
entry->OwnHandle = handleInfo->Object == Context->HandleItem->Object;

Expand Down Expand Up @@ -1822,10 +1850,7 @@ INT_PTR CALLBACK EtpObjHandlesPageDlgProc(
{
EtpHandlesFreeListViewItems(context);

if (context->ListViewClass)
{
IListView_Release(context->ListViewClass);
}
PhDestroyListViewInterface(context->ListViewClass);
}
break;
case WM_NCDESTROY:
Expand Down

0 comments on commit 807a00a

Please sign in to comment.