Merge pull request #448 from processhacker/master

[pull] master from processhacker:master

ProcessHacker/ProcessHacker.manifest

@@ -39,8 +39,5 @@
     <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2019/WindowsSettings">
       <activeCodePage>UTF-8</activeCodePage>
     </asmv3:windowsSettings>
-    <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2020/WindowsSettings">
-      <heapType>SegmentHeap</heapType>
-    </asmv3:windowsSettings>
   </asmv3:application>
 </assembly>

ProcessHacker/proctree.c

@@ -234,8 +234,8 @@ VOID PhInitializeProcessTreeList(
     PhAddTreeNewColumnEx2(hwnd, PHPRTLC_TIMELINE, FALSE, L"Timeline", 100, PH_ALIGN_LEFT, ULONG_MAX, 0, TN_COLUMN_FLAG_CUSTOMDRAW | TN_COLUMN_FLAG_SORTDESCENDING);
     PhAddTreeNewColumnEx(hwnd, PHPRTLC_POWERTHROTTLING, FALSE, L"Power throttling", 70, PH_ALIGN_LEFT, ULONG_MAX, 0, TRUE);
     PhAddTreeNewColumnEx(hwnd, PHPRTLC_ARCHITECTURE, FALSE, L"Architecture", 70, PH_ALIGN_LEFT, ULONG_MAX, 0, TRUE);
-    PhAddTreeNewColumn(hwnd, PHPRTLC_PARENTPID, TRUE, L"Parent PID", 50, PH_ALIGN_RIGHT, 0, DT_RIGHT);
-    PhAddTreeNewColumn(hwnd, PHPRTLC_PARENTCONSOLEPID, TRUE, L"Parent console PID", 50, PH_ALIGN_RIGHT, 0, DT_RIGHT);
+    PhAddTreeNewColumn(hwnd, PHPRTLC_PARENTPID, FALSE, L"Parent PID", 50, PH_ALIGN_RIGHT, 0, DT_RIGHT);
+    PhAddTreeNewColumn(hwnd, PHPRTLC_PARENTCONSOLEPID, FALSE, L"Parent console PID", 50, PH_ALIGN_RIGHT, 0, DT_RIGHT);
     PhAddTreeNewColumnEx(hwnd, PHPRTLC_COMMITSIZE, FALSE, L"Shared commit", 70, PH_ALIGN_RIGHT, ULONG_MAX, DT_RIGHT, TRUE);
     PhAddTreeNewColumnEx(hwnd, PHPRTLC_PRIORITYBOOST, FALSE, L"Priority boost", 45, PH_ALIGN_LEFT, ULONG_MAX, 0, TRUE);
 

phlib/appresolver.c

@@ -854,31 +854,67 @@ HRESULT PhAppResolverBeginCrashDumpTask(
     )
 {
     HRESULT status;
-    IOSTaskCompletion* taskCompletionManager;
+    IOSTaskCompletion* taskCompletion;
 
     status = PhGetClassObject(
         L"twinapi.appcore.dll",
         &CLSID_OSTaskCompletion_I,
         &IID_IOSTaskCompletion_I,
-        &taskCompletionManager
+        &taskCompletion
         );
 
     if (SUCCEEDED(status))
     {
         status = IOSTaskCompletion_BeginTask(
-            taskCompletionManager,
+            taskCompletion,
             HandleToUlong(ProcessId),
             PT_TC_CRASHDUMP
             );
     }
 
     if (SUCCEEDED(status))
     {
-        *TaskHandle = taskCompletionManager;
+        *TaskHandle = taskCompletion;
     }
-    else if (taskCompletionManager)
+    else if (taskCompletion)
     {
-        IOSTaskCompletion_Release(taskCompletionManager);
+        IOSTaskCompletion_Release(taskCompletion);
+    }
+
+    return status;
+}
+
+HRESULT PhAppResolverBeginCrashDumpTaskByHandle(
+    _In_ HANDLE ProcessHandle,
+    _Out_ HANDLE *TaskHandle
+    )
+{
+    HRESULT status;
+    IOSTaskCompletion* taskCompletion;
+
+    status = PhGetClassObject(
+        L"twinapi.appcore.dll",
+        &CLSID_OSTaskCompletion_I,
+        &IID_IOSTaskCompletion_I,
+        &taskCompletion
+        );
+
+    if (SUCCEEDED(status))
+    {
+        status = IOSTaskCompletion_BeginTaskByHandle(
+            taskCompletion,
+            ProcessHandle,
+            PT_TC_CRASHDUMP
+            );
+    }
+
+    if (SUCCEEDED(status))
+    {
+        *TaskHandle = taskCompletion;
+    }
+    else if (taskCompletion)
+    {
+        IOSTaskCompletion_Release(taskCompletion);
     }
 
     return status;

phlib/basesup.c

@@ -264,7 +264,7 @@ NTSTATUS PhCreateUserThread(
         0,
         StackSize,
         StackSize,
-        0 // attributeList
+        NULL // attributeList
         );
 
     if (NT_SUCCESS(status))
@@ -320,7 +320,7 @@ HANDLE PhCreateThread(
     // for checking errors. We need to preserve this behavior for compatibility -dmex
     // TODO: Migrate code over to PhCreateThreadEx and remove this function.
     //RtlSetLastWin32ErrorAndNtStatusFromNtStatus(status);
-    SetLastError(RtlNtStatusToDosError(status));
+    SetLastError(PhNtStatusToDosError(status));
 
     if (NT_SUCCESS(status))
     {

phlib/global.c

@@ -246,19 +246,19 @@ BOOLEAN PhHeapInitialization(
     _In_opt_ SIZE_T HeapCommitSize
     )
 {
-    if (WindowsVersion >= WINDOWS_8)
-    {
-        PhHeapHandle = RtlCreateHeap(
-            HEAP_GROWABLE | HEAP_CREATE_SEGMENT_HEAP | HEAP_CLASS_1,
-            NULL,
-            0,
-            0,
-            NULL,
-            NULL
-            );
-    }
-
-    if (!PhHeapHandle)
+    //if (WindowsVersion >= WINDOWS_8)
+    //{
+    //    PhHeapHandle = RtlCreateHeap(
+    //        HEAP_GROWABLE | HEAP_CREATE_SEGMENT_HEAP | HEAP_CLASS_1,
+    //        NULL,
+    //        0,
+    //        0,
+    //        NULL,
+    //        NULL
+    //        );
+    //}
+    //
+    //if (!PhHeapHandle)
     {
         PhHeapHandle = RtlCreateHeap(
             HEAP_GROWABLE | HEAP_CLASS_1,
@@ -272,15 +272,14 @@ BOOLEAN PhHeapInitialization(
         if (!PhHeapHandle)
             return FALSE;
 
-        if (WindowsVersion >= WINDOWS_VISTA)
-        {
-            RtlSetHeapInformation(
-                PhHeapHandle,
-                HeapCompatibilityInformation,
-                &(ULONG){ HEAP_COMPATIBILITY_LFH },
-                sizeof(ULONG)
-                );
-        }
+#if (PHNT_VERSION >= PHNT_VISTA)
+        RtlSetHeapInformation(
+            PhHeapHandle,
+            HeapCompatibilityInformation,
+            &(ULONG){ HEAP_COMPATIBILITY_LFH },
+            sizeof(ULONG)
+            );
+#endif
     }
 
     return TRUE;

phlib/include/appresolver.h

@@ -99,6 +99,11 @@ HRESULT PhAppResolverBeginCrashDumpTask(
     _Out_ HANDLE* TaskHandle
     );
 
+HRESULT PhAppResolverBeginCrashDumpTaskByHandle(
+    _In_ HANDLE ProcessHandle,
+    _Out_ HANDLE* TaskHandle
+    );
+
 HRESULT PhAppResolverEndCrashDumpTask(
     _In_ HANDLE TaskHandle
     );

phlib/native.c

@@ -9463,7 +9463,7 @@ NTSTATUS PhCreateNamedPipe(
 
     status = NtCreateNamedPipeFile(
         &pipeHandle,
-        FILE_GENERIC_READ | FILE_GENERIC_WRITE,
+        FILE_GENERIC_READ | FILE_GENERIC_WRITE | SYNCHRONIZE,
         &objectAttributes,
         &isb,
         FILE_SHARE_READ | FILE_SHARE_WRITE,
@@ -9523,7 +9523,7 @@ NTSTATUS PhConnectPipe(
 
     status = NtCreateFile(
         &pipeHandle,
-        FILE_GENERIC_READ | FILE_GENERIC_WRITE,
+        FILE_GENERIC_READ | FILE_GENERIC_WRITE | SYNCHRONIZE,
         &objectAttributes,
         &isb,
         NULL,

phlib/util.c

@@ -593,7 +593,7 @@ PPH_STRING PhGetStatusMessage(
             Status == STATUS_ACCESS_VIOLATION
             )
         {
-            Win32Result = RtlNtStatusToDosError(Status);
+            Win32Result = RtlNtStatusToDosErrorNoTeb(Status);
         }
         // Process NTSTATUS values with the NT-Win32 facility.
         else if (NT_NTWIN32(Status))

plugins/ExtendedTools/etwmon.c

@@ -275,8 +275,16 @@ VOID NTAPI EtpEtwEventCallback(
 
             if (PhWindowsVersion >= WINDOWS_8)
             {
-                diskEvent.ClientId.UniqueThread = UlongToHandle(data->IssuingThreadId);
-                diskEvent.ClientId.UniqueProcess = EtThreadIdToProcessId(diskEvent.ClientId.UniqueThread);
+                if (data->IssuingThreadId != ULONG_MAX)
+                {
+                    diskEvent.ClientId.UniqueThread = UlongToHandle(data->IssuingThreadId);
+                    diskEvent.ClientId.UniqueProcess = EtThreadIdToProcessId(diskEvent.ClientId.UniqueThread);
+                }
+                else
+                {
+                    diskEvent.ClientId.UniqueThread = 0;
+                    diskEvent.ClientId.UniqueProcess = SYSTEM_PROCESS_ID;
+                }
             }
             else
             {
@@ -285,6 +293,11 @@ VOID NTAPI EtpEtwEventCallback(
                     diskEvent.ClientId.UniqueProcess = UlongToHandle(EventRecord->EventHeader.ProcessId);
                     diskEvent.ClientId.UniqueThread = UlongToHandle(EventRecord->EventHeader.ThreadId);
                 }
+                else
+                {
+                    diskEvent.ClientId.UniqueThread = 0;
+                    diskEvent.ClientId.UniqueProcess = SYSTEM_PROCESS_ID;
+                }
             }
 
             diskEvent.IrpFlags = data->IrpFlags;

plugins/ExtendedTools/etwstat.c

@@ -257,11 +257,16 @@ VOID NTAPI EtEtwProcessesUpdatedCallback(
     PET_PROCESS_BLOCK maxNetworkBlock = NULL;
     PLIST_ENTRY listEntry;
 
+    // Since Windows 8, we no longer get the correct process/thread IDs in the
+    // event headers for disk events. We need to update our process information since
+    // etwmon uses our EtThreadIdToProcessId function. (wj32)
+    if (PhWindowsVersion >= WINDOWS_8)
+        EtpUpdateProcessInformation();
+
     // ETW is extremely lazy when it comes to flushing buffers, so we must do it manually. (wj32)
     //EtFlushEtwSession();
 
     // Update global statistics.
-
     PhUpdateDelta(&EtDiskReadDelta, EtpDiskReadRaw);
     PhUpdateDelta(&EtDiskWriteDelta, EtpDiskWriteRaw);
     PhUpdateDelta(&EtNetworkReceiveDelta, EtpNetworkReceiveRaw);

tools/peview/clrprp.c

@@ -284,7 +284,7 @@ VOID PvpPeClrEnumSections(
                 PPH_STRING message;
 
                 //message = PH_AUTO(PhGetNtMessage(GetExceptionCode()));
-                message = PH_AUTO(PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode()))); // WIN32_FROM_NTSTATUS
+                message = PH_AUTO(PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode()))); // WIN32_FROM_NTSTATUS
 
                 PhSetListViewSubItem(ListViewHandle, lvItemIndex, 5, PhGetStringOrEmpty(message));
             }

tools/peview/debugprp.c

@@ -184,7 +184,7 @@ INT_PTR CALLBACK PvpPeDebugDlgProc(
                             PPH_STRING message;
 
                             //message = PH_AUTO(PhGetNtMessage(GetExceptionCode()));
-                            message = PH_AUTO(PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode()))); // WIN32_FROM_NTSTATUS
+                            message = PH_AUTO(PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode()))); // WIN32_FROM_NTSTATUS
 
                             PhSetListViewSubItem(context->ListViewHandle, lvItemIndex, 5, PhGetStringOrEmpty(message));
                         }

tools/peview/pedirprp.c

@@ -283,7 +283,7 @@ VOID PvpPeEnumerateImageDataDirectory(
         __except (EXCEPTION_EXECUTE_HANDLER)
         {
             //directoryNode->HashString = PhGetNtMessage(GetExceptionCode());
-            directoryNode->HashString = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
+            directoryNode->HashString = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
         }
 
         __try
@@ -302,7 +302,7 @@ VOID PvpPeEnumerateImageDataDirectory(
         __except (EXCEPTION_EXECUTE_HANDLER)
         {
             //directoryNode->EntropyString = PhGetNtMessage(GetExceptionCode());
-            directoryNode->EntropyString = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
+            directoryNode->EntropyString = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
         }
 
         __try
@@ -323,7 +323,7 @@ VOID PvpPeEnumerateImageDataDirectory(
         __except (EXCEPTION_EXECUTE_HANDLER)
         {
             //directoryNode->SsdeepString = PhGetNtMessage(GetExceptionCode());
-            directoryNode->SsdeepString = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
+            directoryNode->SsdeepString = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
         }
 
         __try
@@ -348,7 +348,7 @@ VOID PvpPeEnumerateImageDataDirectory(
         __except (EXCEPTION_EXECUTE_HANDLER)
         {
             //sectionNode->TlshString = PhGetNtMessage(GetExceptionCode());
-            directoryNode->TlshString = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
+            directoryNode->TlshString = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())); // WIN32_FROM_NTSTATUS
         }
     }
 

tools/peview/peheaderprp.c

@@ -246,7 +246,7 @@ VOID PvSetPeImageDosStubHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_DOS_STUBENTROPY, 1, PhGetString(message));
                 PhDereferenceObject(message);
@@ -275,7 +275,7 @@ VOID PvSetPeImageDosStubHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_DOS_STUBHASH, 1, PhGetString(message));
                 PhDereferenceObject(message);
@@ -326,7 +326,7 @@ VOID PvSetPeImageDosStubHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_DOS_RICHENTROPY, 1, PhGetString(message));
                 PhDereferenceObject(message);
@@ -355,7 +355,7 @@ VOID PvSetPeImageDosStubHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_DOS_RICHHASH, 1, PhGetString(message));
                 PhDereferenceObject(message);
@@ -406,7 +406,7 @@ VOID PvSetPeImageDosStubHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_DOS_ENTROPY, 1, PhGetString(message));
                 PhDereferenceObject(message);
@@ -435,7 +435,7 @@ VOID PvSetPeImageDosStubHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_DOS_HASH, 1, PhGetString(message));
                 PhDereferenceObject(message);
@@ -755,7 +755,7 @@ VOID PvSetPeImageOverlayHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_PE_OVERLAY_ENTROPY, 1, PhGetString(message));
                 PhDereferenceObject(message);
@@ -784,7 +784,7 @@ VOID PvSetPeImageOverlayHeaderProperties(
         {
             PPH_STRING message;
 
-            if (message = PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode())))
+            if (message = PhGetWin32Message(PhNtStatusToDosError(GetExceptionCode())))
             {
                 PhSetListViewSubItem(Context->ListViewHandle, PVP_IMAGE_HEADER_INDEX_PE_OVERLAY_HASH, 1, PhGetString(message));
                 PhDereferenceObject(message);