Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Object Manager Plus #2197

Merged
merged 93 commits into from
Nov 15, 2024
Merged

Object Manager Plus #2197

merged 93 commits into from
Nov 15, 2024

Conversation

DartVanya
Copy link
Contributor

@DartVanya DartVanya commented Sep 13, 2024
edited
Loading

  • Implement properties support for Object Manager

    • Standard System Informer handle properties window for Windows objects (including Directories).
    • Add support for missing object types: Device, EventPair, Timer, Semaphore, FilterConnectionPort
    • [System Informer] Add target link info for Symbolic links
    • Fix Directory handles leaking
    • [ET Plugin] Add Windows Object tab to properties window: object attributes and creation time.

  • Enhanced Object Manager

    • [System Informer] Add GeneralCallbackHandlePropertiesWindowPreOpen, calls on WM_INITDIALOG and allows plugins to customize general handle properties tab.
    • Display real handles count and hide irrelevant access entry. Show object address
    • Add Symbolic Link Target column
    • Enhanced navigation to symlink: focus to target in ListView.

  • Defied WinObj: search, statusbar, refresh

    • Implements search using standard SI searchbox: searches all 3 columns (name, type, target)
    • Status bar (pseudo) with fullpath to selected object (can copy on righclick menu), current directory object count
    • Refresh button - full rebuild of tree and current directory list

  • [System Informer, Plugins] Fixed WM_KEYDOWN forwarding (both for PH and plugins), broken by 5bf7f29#diff-22c39c7de8c6ce2547b9cda41005993a982b12b5f4d567a14ce7e38534c2bf77L1789

  • Add target resolving for Device and ALPC port

    • Renamed Symbolic Link Target column to Target
    • Implemented (experimental) asynchronous resolver for Device and ALPC port targets.
      • Resolving Device driver target. Added menu Go to device driver
      • Resolving ALPC server process target. Added menu Go to process...

  • Add target resolving for Mutant, fix search

    • Improve resolver. Added mutant client owner to target and menu Go to thread...
    • Improve filter: it now stay when changing directory. If selected entry match it stay selected and visible when performing search.
    • Tri-state column sort now saved and loaded from settings (ObjectManagerWindowListSort). Sort now works correctly on directory or filter change.
    • Enter - open properties, Ctrl+Enter - open security, Shift+Enter or Shift+Dblclk on symlink opens its properties.

  • Support for open symlink target in explorer

  • Show Job process list in target column

  • Add CpuPartition type support and icons for more types

    • Add icon for Job, Semaphore, FilterConnectionPort, CpuPartition, Partition

New Object Handles page in properties

  • Old Windows Object page entries moved to general page in "Basic information" block. Windows Object replaced with Handles page.
  • Menu - Go to process... supported
  • Now opens real objects for ALPC Port, FilterConnectionPort, Key (\REGISTRY) using new method (credits to https://github.com/zodiacon/ObjectExplorer)
  • Show additional handles for ALPC Port, Device, Key (match by object name). Extra entries will be highlight with ColorInheritHandles)

[phlib, kphlib] Add PhOpenDevice. And Oject Manager Plus FINAL

  • My first attempt in kernel programming. Add PhOpenDevice -> KphOpenDevice. Opens Device object handle and optional Device Driver handle. Can open lowest or topmost device from stack.
  • Propertines - Device driver info: show topmost and lowest drivers in stack
  • [Theme General] ListVew: fix text readability for hot and selected colored items.
    TreeNew: significantly improve visibility of selected item.

Support for multiple non-modal object properties windows

  • Add GeneralCallbackHandlePropertiesUninitializing. Save and load properties window position to/from ObjectManagerPropertiesWindowPosition setting
  • Resolving of Driver Image into Target column, menu - Open file location. Show Driver Image in properties.

Add KphOpenObjectByTypeIndex

  • [Experimental]. Can open any object types like Callback, Type, etc.
  • New icons for Callback, KeyedEvent, Type, Semaphore

@DartVanya
Implement properties support for Object Manager
2463e2c 
- Standard System Informer handle properties window for Windows objects (including Directories).
- Add support for missing object types: Device, EventPair, Timer, Semaphore, FilterConnectionPort
- Add target link info for Symbolic links
- Fix Directory handles leaking
@DartVanya
Enhanced Object Manager
6df0062 
- Add Windows Object tab to properties window: object attributes and creation time.
- Add GeneralCallbackHandlePropertiesWindowPreOpen, calls on WM_INITDIALOG and allows plugins to customize general handle properties tab.
-- Display real handles count and hide irrelevant access entry (EtHandlePropertiesWindowPreOpen).
- Add Symbolic Link Target column
- Enhanced navigation to symlink: focus to target in ListView.
@DartVanya
Merge branch 'winsiderss:master' into ObjManagerPlus
0d69a76
@DartVanya
Fix bug
726209f
@DartVanya
Center properties window to ObjMgr window
7d56d32
@DartVanya
Merge branch 'winsiderss:master' into ObjManagerPlus
0f62519
@DartVanya
Defied WinObj: search, statusbar, refresh
535512f 
- Implements search using standard SI searchbox: searches all 3 columns (name, type, symlink)
- Status bar (pseudo) with fullpath to selected object (can copy on righclick menu), current directory object count
- Refresh button - full rebuild of tree and current dir list
- Get object address using KSI (previous commit)
@DartVanya
Merge branch 'winsiderss:master' into ObjManagerPlus
2a5be4c
@DartVanya
Fix memory leaks and violations + other improvements
9ef7295 
- I finally understand how PH memory management works and fixed (hope) horrible previous code.
- Fixed WM_KEYDOWN forwarding (both for PH and plugins), broken by 5bf7f29
- F5 - refresh, filter will be reapplied after refresh
- Autosizing of Name column on window resizing. Plugin properties window position will not overwrite generic handle propertines window position setting.
@DartVanya
Merge branch 'winsiderss:master' into ObjManagerPlus
a56cead
@DartVanya
Fix directory security bug
7a8d222
@DartVanya
Merge branch 'master' into ObjManagerPlus
07d02b7
@DartVanya
Fix directory security bug
6129939
@DartVanya
Merge branch 'ObjManagerPlus' of https://github.com/DartVanya/systemi…
61ee5dc 
…nformer into ObjManagerPlus
@DartVanya
Speedup search
3f0fcb6
@jxy-s
Copy link
Member

jxy-s commented Sep 14, 2024

Awesome work! I'll help give an in-depth review when I have some cycles. Some initial feedback on the video you provided (thanks for that it's very helpful). I wonder if it makes sense to change the "Symbolic Link Target" column to a more generic "Target" column to show information/names of things more broadly? I'm thinking, for example, you could show the name for named object or the device for filter ports. Instead of only showing symbol link names.

@dmex dmex self-assigned this Sep 14, 2024
dmex and others added 6 commits September 14, 2024 10:55
@dmex
Merge branch 'master' into ObjManagerPlus
64ca49c
@DartVanya
Show File info for Device and FilterConnectionPort
de9c45d
@DartVanya
Merge branch 'ObjManagerPlus' of https://github.com/DartVanya/systemi…
d32789f 
…nformer into ObjManagerPlus
@DartVanya
Fix pool table auto refresh
d3717d1 
Broken by 0c0c938
@DartVanya
Minor refresh fixes
5d0ccff
@DartVanya
Add target resolving for Device and ALPC port
c6443fe 
- Renamed Symbolic Link Target column to Target
- Implemented (experimental) asynchronous resolver for Device and ALPC port targets.
-- Resolving Device driver target. Added menu Go to device driver
-- Resolving ALPC server process target. Added menu Go to server process
- Rewritten navigaton to symbolic links (and device drivers)
@DartVanya
Copy link
Contributor Author

DartVanya commented Sep 15, 2024
edited
Loading

Awesome work! I'll help give an in-depth review when I have some cycles. Some initial feedback on the video you provided (thanks for that it's very helpful). I wonder if it makes sense to change the "Symbolic Link Target" column to a more generic "Target" column to show information/names of things more broadly? I'm thinking, for example, you could show the name for named object or the device for filter ports. Instead of only showing symbol link names.

Add target resolving for Device and ALPC port

  • Renamed Symbolic Link Target column to Target
  • Implemented (experimental) asynchronous resolver for Device and ALPC port targets.
    • Resolving Device driver target. Added menu Go to device driver
    • Resolving ALPC server process target. Added menu Go to server process
  • Rewritten navigaton to symbolic links (and device drivers)

Add target resolving for Mutant, fix search

resolver_test.mp4

@DartVanya
Add target resolving for Mutant, fix search
8dbe1a7 
- Improve resolver. Added mutant client owner to target and menu Go to thread...
- Improve filter: it now stay when changing directory. If selected entry match it stay selected and visible when performing search.
- Tri-state column sort now saved and loaded from settings (ObjectManagerWindowListSort). Sort now works correctly on directory or filter change.
- Enter - open properties, Shift+Enter - open security, Shift+Dblclk on symlink opens its properties.
@DartVanya
Merge branch 'master' into ObjManagerPlus
d01f1be
@DartVanya
Create resolver thread by NtCreateThreadEx
9d5e5b6
@DartVanya DartVanya force-pushed the ObjManagerPlus branch 2 times, most recently from baaf60c to 678539e Compare November 12, 2024 13:08
jxy-s

This comment was marked as resolved.

Sign in to view

@DartVanya
Transition to PhQuerySymbolicLinkObject
17ba73e 
- Fix SymbolicLink target in handle properties
@DartVanya

This comment was marked as resolved.

Sign in to view
@jxy-s

This comment was marked as resolved.

Sign in to view
@DartVanya
Transit to new driver APIs
318dbab 
- Object Handles tab: added support for changing handle attributes
- ET plugin extensions now available for Driver, Device, Type (globally for any handle properties windows)
jxy-s

This comment was marked as resolved.

Sign in to view

jxy-s
jxy-s requested changes Nov 14, 2024
View reviewed changes
Copy link
Member

@jxy-s jxy-s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more things @DartVanya. I think we're very close to being able to merge 🚀 .

There is some formatting and style nits that I opted not to comment on. Mostly function close parenthesis is not correctly indented or mics style things here and there. I don't mind going to clean those up myself after merging. 👍

jxy-s
jxy-s reviewed Nov 14, 2024
View reviewed changes
jxy-s
jxy-s reviewed Nov 14, 2024
View reviewed changes
jxy-s
jxy-s reviewed Nov 15, 2024
View reviewed changes
@DartVanya
new KphQueryInformationObject KphObjectAttributesInformation
bfcab09 
- Extract information from more kernel objects using new method (ex. \PowerPort, \Win32kCrossSessionGlobals)
- Retrieve extra object attributes from OBJECT_HEADER.Flags via driver
- Show additional Driver info: Service Name, Size, Start Address, Flags
@jxy-s jxy-s merged commit 504d941 into winsiderss:master Nov 15, 2024
1 check passed
alabuzhev
alabuzhev reviewed Nov 22, 2024
View reviewed changes
plugins/ExtendedTools/objmgr.c
@@ -877,35 +2397,53 @@ INT_PTR CALLBACK WinObjDlgProc(
EtObjectManagerRootDirectoryObject
);

{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, why this block was removed please?

9ef7295's description doesn't explain it and there seem to be no related comments.

It was added in b84bdc9, implementing #2074.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could removed this by mistake since many things were rewritten and added. I will look into and try to revert this and commit to #2284.

Copy link
Member

@jxy-s jxy-s Nov 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DartVanya please use a different PR. Try to break up your changes into more consumable/reviewable PRs, please ❤️. Because, I don't immediately see how restoring this functionality is directly related to the PR you linked.

Copy link
Contributor Author

@DartVanya DartVanya Nov 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jxy-s Sorry, we talk about it before, and I already did same mistake again 😥
I will rebase PR to unstack objmgr changes to different PR.

Copy link
Contributor Author

@DartVanya DartVanya Nov 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 165f3a5

@alabuzhev alabuzhev mentioned this pull request Nov 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alabuzhev alabuzhev alabuzhev left review comments

@jxy-s jxy-s jxy-s requested changes

@dmex dmex Awaiting requested review from dmex

Assignees

@dmex dmex

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DartVanya @jxy-s @alabuzhev @dmex