Skip to content

Commit

Permalink
objprp ListView indexes cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@DartVanya
DartVanya committed Jan 29, 2025
1 parent 280a677 commit 90375f1
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 43 deletions.
33 changes: 24 additions & 9 deletions plugins/ExtendedTools/objmgr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1903,7 +1903,7 @@ NTSTATUS EtObjectManagerOpenRealObject(
NTSTATUS status = STATUS_UNSUCCESSFUL;
PPH_STRING fullName;
ULONG targetIndex;
ULONG i;
ULONG_PTR i;
PSYSTEM_HANDLE_INFORMATION_EX handles;
PPH_HASHTABLE processHandleHashtable;
PVOID* processHandlePtr;
Expand Down Expand Up @@ -2035,14 +2035,16 @@ NTSTATUS EtObjectManagerOpenRealObject(
}
}

i = 0;
while (PhEnumHashtable(processHandleHashtable, &procEntry, &i))
{
status = NtClose(procEntry->Value);

if (!NT_SUCCESS(status))
ULONG j = 0;
while (PhEnumHashtable(processHandleHashtable, &procEntry, &j))
{
PhShowStatus(nullptr, L"Unidentified third party object.", status, 0);
NTSTATUS status = NtClose(procEntry->Value);

if (!NT_SUCCESS(status))
{
PhShowStatus(nullptr, L"Unidentified third party object.", status, 0);
}
}
}

Expand Down Expand Up @@ -2386,6 +2388,16 @@ VOID NTAPI EtpObjectManagerObjectProperties(
// Object Manager plugin window
PhShowHandlePropertiesEx(context->WindowHandle, processId, handleItem, PluginInstance, PhGetString(Entry->TypeName));

// Update the object address for items skipped by resolver
Entry->Object = handleItem->Object;
if (Entry->Object) PhPrintPointer(Entry->ObjectString, Entry->Object);
else Entry->ObjectString[0] = UNICODE_NULL;
if (Entry->Context->UseAddressColumn)
{
Entry->ItemIndex = PhFindIListViewItemByParam(context->ListViewClass, INT_ERROR, Entry);
IListView_RedrawItems(Entry->Context->ListViewClass, Entry->ItemIndex, Entry->ItemIndex);
}

PhDereferenceObject(objectContext.CurrentPath);
}

Expand Down Expand Up @@ -2798,8 +2810,11 @@ VOID EtpObjectManagerCopyObjectAddress(
{
Entry->Object = objectAddress;
PhPrintPointer(Entry->ObjectString, objectAddress);
Entry->ItemIndex = PhFindIListViewItemByParam(context->ListViewClass, INT_ERROR, Entry);
IListView_RedrawItems(Entry->Context->ListViewClass, Entry->ItemIndex, Entry->ItemIndex);
if (Entry->Context->UseAddressColumn)
{
Entry->ItemIndex = PhFindIListViewItemByParam(context->ListViewClass, INT_ERROR, Entry);
IListView_RedrawItems(Entry->Context->ListViewClass, Entry->ItemIndex, Entry->ItemIndex);
}
PhInitializeStringRef(&pointer, Entry->ObjectString);
}
}
Expand Down
95 changes: 61 additions & 34 deletions plugins/ExtendedTools/objprp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,21 @@ LRESULT CALLBACK EtpGeneralPageWindowSubclassProc(
return CallWindowProc(oldWndProc, hWnd, uMsg, wParam, lParam);
}

BOOLEAN FORCEINLINE EtFindIListViewItemByIndexParam(
_In_ IListView* ListViewClass,
_In_ LONG Index,
_Out_ PLONG FoundIndex
)
{
BOOLEAN found;
LONG index;

if (found = (index = PhFindIListViewItemByParam(ListViewClass, INT_ERROR, UlongToPtr(Index))) != INT_ERROR)
*FoundIndex = index;

return found;
}

VOID EtHandlePropertiesWindowInitialized(
_In_ PVOID Parameter
)
Expand All @@ -319,6 +334,7 @@ VOID EtHandlePropertiesWindowInitialized(

PPH_HANDLE_PROPERTIES_CONTEXT context = Parameter;
WCHAR string[PH_INT64_STR_LEN_1];
LONG index;

// Object Manager
if (EtObjectManagerDialogHandle && context->OwnerPlugin == PluginInstance)
Expand Down Expand Up @@ -348,14 +364,15 @@ VOID EtHandlePropertiesWindowInitialized(
}

// Show real handles count
if (context->ProcessId == NtCurrentProcessId())
if (context->ProcessId == NtCurrentProcessId() &&
EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_HANDLES, &index))
{
ULONG64 real_count = ULONG64_MAX;
PPH_STRING count = PH_AUTO(PhGetIListViewItemText(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_HANDLES, 1));
PPH_STRING count = PH_AUTO(PhGetIListViewItemText(context->ListViewClass, index, 1));
if (!PhIsNullOrEmptyString(count) && PhStringToUInt64(&count->sr, 0, &real_count) && real_count > 0)
{
PhPrintUInt32(string, OBJECT_CORRECT_HANDLES_COUNT(real_count));
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_HANDLES, 1, string);
PhSetIListViewSubItem(context->ListViewClass, index, 1, string);
}

// HACK for \REGISTRY permissions
Expand All @@ -381,8 +398,9 @@ VOID EtHandlePropertiesWindowInitialized(
// Removing of row breaks cached indexes, so hide reference value instead
//PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_REFERENCES, 1, L"");

PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ACCESSMASK);
EtListViewRowCache[OBJECT_GENERAL_INDEX_ATTRIBUTES] = PhAddIListViewGroupItem(
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ACCESSMASK, &index))
PhRemoveIListViewItem(context->ListViewClass, index);
index = PhAddIListViewGroupItem(
context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO,
OBJECT_GENERAL_INDEX_ATTRIBUTES,
Expand All @@ -409,36 +427,42 @@ VOID EtHandlePropertiesWindowInitialized(
PhRemoveEndStringBuilder(&stringBuilder, 2);

Attributes = PH_AUTO(PhFinalStringBuilderString(&stringBuilder));
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[OBJECT_GENERAL_INDEX_ATTRIBUTES], 1, PhGetString(Attributes));
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(Attributes));

// Show creation time (for symbolic links)
if (EtObjectManagerTimeCached.QuadPart != 0)
{
SYSTEMTIME startTimeFields;
SYSTEMTIME systemTime;

EtListViewRowCache[OBJECT_GENERAL_INDEX_CREATIONTIME] = PhAddIListViewGroupItem(
index = PhAddIListViewGroupItem(
context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO,
OBJECT_GENERAL_INDEX_CREATIONTIME,
L"Creation time",
NULL
);

PhLargeIntegerToLocalSystemTime(&startTimeFields, &EtObjectManagerTimeCached);
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[OBJECT_GENERAL_INDEX_CREATIONTIME], 1, PhaFormatDateTime(&startTimeFields)->Buffer);
PhLargeIntegerToLocalSystemTime(&systemTime, &EtObjectManagerTimeCached);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhaFormatDateTime(&systemTime)->Buffer);
}

// Remove irrelevant information if we couldn't open real object
if (PhEqualString2(context->HandleItem->TypeName, L"ALPC Port", TRUE))
{
if (!context->HandleItem->Object)
{
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_FLAGS, 1, NULL);
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_SEQUENCENUMBER, 1, NULL);
PhSetIListViewSubItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT, 1, NULL);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_FLAGS, &index))
PhSetIListViewSubItem(context->ListViewClass, index, 1, NULL);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_SEQUENCENUMBER, &index))
PhSetIListViewSubItem(context->ListViewClass, index, 1, NULL);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT, &index))
PhSetIListViewSubItem(context->ListViewClass, index, 1, NULL);
}
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT + 3);
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_PORTCONTEXT + 2);

if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ALPCCLIENT, &index))
PhRemoveIListViewItem(context->ListViewClass, index);
if (EtFindIListViewItemByIndexParam(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_ALPCSERVER, &index))
PhRemoveIListViewItem(context->ListViewClass, index);
}
}
else if ((ULONG_PTR)context->OwnerPlugin == ((ULONG_PTR)PluginInstance | OBJECT_CHILD_HANDLEPROP_WINDOW))
Expand All @@ -453,22 +477,16 @@ VOID EtHandlePropertiesWindowInitialized(
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_TYPE);
PhRemoveIListViewItem(context->ListViewClass, PH_HANDLE_GENERAL_INDEX_NAME);

EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_NAME] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 0, L"Name", NULL);
INT origNameIndex = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 1, L"Original name", NULL);
EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_TYPE] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 2, L"Type", NULL);
EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_OBJECT] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 3, L"Object address", NULL);
EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_ACCESSMASK] = PhAddIListViewGroupItem(context->ListViewClass,
PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 4, L"Granted access", NULL);

PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_NAME], 1, PhGetString(context->HandleItem->BestObjectName));
PhSetIListViewSubItem(context->ListViewClass, origNameIndex, 1, PhGetString(context->HandleItem->ObjectName));
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_TYPE], 1, PhGetString(context->HandleItem->TypeName));
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_OBJECT], 1, context->HandleItem->ObjectString);
PhSetIListViewSubItem(context->ListViewClass, EtListViewRowCache[PH_HANDLE_GENERAL_INDEX_ACCESSMASK], 1, PhGetString(accessString));
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 0, L"Name", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(context->HandleItem->BestObjectName));
index = PhAddIListViewGroupItem(context->ListViewClass,PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 1, L"Original name", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(context->HandleItem->ObjectName));
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 2, L"Type", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(context->HandleItem->TypeName));
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 3, L"Object address", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, context->HandleItem->ObjectString);
index = PhAddIListViewGroupItem(context->ListViewClass, PH_HANDLE_GENERAL_CATEGORY_BASICINFO, 4, L"Granted access", NULL);
PhSetIListViewSubItem(context->ListViewClass, index, 1, PhGetString(accessString));
}
}

Expand Down Expand Up @@ -1340,7 +1358,6 @@ VOID EtpEnumObjectHandles(
PVOID* processHandlePtr;
HANDLE processHandle;
PPH_KEY_VALUE_PAIR procEntry;
ULONG j = 0;

PPH_STRING objectName;
BOOLEAN objectNameMatched;
Expand Down Expand Up @@ -1457,8 +1474,18 @@ VOID EtpEnumObjectHandles(
PhWaitForWorkQueue(&workQueue);
}

while (PhEnumHashtable(processHandleHashtable, &procEntry, &j))
NtClose((HANDLE)procEntry->Value);
{
ULONG j = 0;
while (PhEnumHashtable(processHandleHashtable, &procEntry, &j))
{
NTSTATUS status = NtClose(procEntry->Value);

if (!NT_SUCCESS(status))
{
PhShowStatus(nullptr, L"Unidentified third party object.", status, 0);
}
}
}

PhDereferenceObject(processHandleHashtable);

Expand Down

0 comments on commit 90375f1

Please sign in to comment.