Skip to content

Commit

Permalink
No commit message
Browse files Browse the repository at this point in the history
  • Loading branch information
@DavidXanatos
DavidXanatos committed Mar 26, 2022
1 parent fc0d3db commit 753db1e
Show file tree
Hide file tree
Showing 125 changed files with 10,472 additions and 1,869 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Expand Up @@ -3,6 +3,15 @@ All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).


## [1.4.1] - 2022-03-26

### Fixed
- fixed singleapp not working
- the xprocesshacker.sys driver is now signed with a new certificate and shoudl load on win 11

### Changed
- updated PHlib to version 3.0.4706



## [1.4.0] - 2021-10-05
Expand Down
6 changes: 5 additions & 1 deletion ProcessHacker/XProcessHacker/KProcessHacker.vcxproj
View file
Expand Up @@ -28,7 +28,7 @@
<PropertyGroup Label="Globals">
<RootNamespace>KProcessHacker</RootNamespace>
<VCTargetsPath Condition="'$(VCTargetsPath11)' != '' and '$(VisualStudioVersion)' == '11.0'">$(VCTargetsPath11)</VCTargetsPath>
<WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
<WindowsTargetPlatformVersion>10.0.19041.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<PropertyGroup Label="PropertySheets">
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
Expand All @@ -41,24 +41,28 @@
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
<Driver_SpectreMitigation>false</Driver_SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
<Driver_SpectreMitigation>false</Driver_SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
<Driver_SpectreMitigation>false</Driver_SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<CharacterSet>Unicode</CharacterSet>
<SpectreMitigation>false</SpectreMitigation>
<Driver_SpectreMitigation>false</Driver_SpectreMitigation>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
Expand Down
6 changes: 3 additions & 3 deletions ProcessHacker/XProcessHacker/resource.rc
View file
Expand Up @@ -18,10 +18,10 @@
#define VER_PRERELEASE 0

#define VER_COMPANYNAME_STR "wj32\0"
#define VER_FILEDESCRIPTION_STR "KProcessHacker\0"
#define VER_FILEDESCRIPTION_STR "XProcessHacker\0"
#define VER_LEGALCOPYRIGHT_STR "Licensed under the GNU GPL, v3.\0"
#define VER_ORIGINALFILENAME_STR "kprocesshacker.sys\0"
#define VER_PRODUCTNAME_STR "KProcessHacker\0"
#define VER_ORIGINALFILENAME_STR "xprocesshacker.sys\0"
#define VER_PRODUCTNAME_STR "XProcessHacker\0"

VS_VERSION_INFO VERSIONINFO
FILEVERSION VER_FILEVERSION
Expand Down
4 changes: 3 additions & 1 deletion ProcessHacker/phlib/apiimport.c
View file
Expand Up @@ -41,7 +41,7 @@ PVOID PhpImportProcedure(
module = PhGetLoaderEntryDllBase(ModuleName);

if (!module)
module = PhLoadLibrarySafe(ModuleName);
module = PhLoadLibrary(ModuleName);

if (module)
{
Expand Down Expand Up @@ -79,6 +79,8 @@ PH_DEFINE_IMPORT(L"ntdll.dll", NtQueryDefaultLocale);
PH_DEFINE_IMPORT(L"ntdll.dll", NtQueryDefaultUILanguage);
PH_DEFINE_IMPORT(L"ntdll.dll", NtTraceControl);
PH_DEFINE_IMPORT(L"ntdll.dll", NtQueryOpenSubKeysEx);
PH_DEFINE_IMPORT(L"ntdll.dll", NtCreateProcessStateChange);
PH_DEFINE_IMPORT(L"ntdll.dll", NtChangeProcessState);

PH_DEFINE_IMPORT(L"ntdll.dll", RtlDefaultNpAcl);
PH_DEFINE_IMPORT(L"ntdll.dll", RtlGetTokenNamedObjectPath);
Expand Down
86 changes: 85 additions & 1 deletion ProcessHacker/phlib/appresolver.c
View file
Expand Up @@ -99,7 +99,7 @@ static BOOLEAN PhpKernelAppCoreInitialized(
{
PVOID kernelBaseModuleHandle;

if (kernelBaseModuleHandle = PhLoadLibrarySafe(L"kernelbase.dll")) // kernel.appcore.dll
if (kernelBaseModuleHandle = PhLoadLibrary(L"kernelbase.dll")) // kernel.appcore.dll
{
AppContainerDeriveSidFromMoniker_I = PhGetDllBaseProcedureAddress(kernelBaseModuleHandle, "AppContainerDeriveSidFromMoniker", 0);
AppContainerLookupMoniker_I = PhGetDllBaseProcedureAddress(kernelBaseModuleHandle, "AppContainerLookupMoniker", 0);
Expand Down Expand Up @@ -897,6 +897,90 @@ HRESULT PhAppResolverEndCrashDumpTask(
return status;
}

HRESULT PhAppResolverGetEdpContextForWindow(
_In_ HWND WindowHandle,
_Out_ EDP_CONTEXT_STATES* State
)
{
static PH_INITONCE initOnce = PH_INITONCE_INIT;
HRESULT status;
PEDP_CONTEXT context;

if (PhBeginInitOnce(&initOnce))
{
if (WindowsVersion >= WINDOWS_10)
{
PVOID edputilModuleHandle;

if (edputilModuleHandle = PhLoadLibrary(L"edputil.dll"))
{
EdpGetContextForWindow_I = PhGetDllBaseProcedureAddress(edputilModuleHandle, "EdpGetContextForWindow", 0);
EdpFreeContext_I = PhGetDllBaseProcedureAddress(edputilModuleHandle, "EdpFreeContext", 0);
}
}

PhEndInitOnce(&initOnce);
}

if (!(EdpGetContextForWindow_I && EdpFreeContext_I))
return E_FAIL;

status = EdpGetContextForWindow_I(
WindowHandle,
&context
);

if (SUCCEEDED(status))
{
*State = context->contextStates;
EdpFreeContext_I(context);
}

return status;
}

HRESULT PhAppResolverGetEdpContextForProcess(
_In_ HANDLE ProcessId,
_Out_ EDP_CONTEXT_STATES* State
)
{
static PH_INITONCE initOnce = PH_INITONCE_INIT;
HRESULT status;
PEDP_CONTEXT context;

if (PhBeginInitOnce(&initOnce))
{
if (WindowsVersion >= WINDOWS_10)
{
PVOID edputilModuleHandle;

if (edputilModuleHandle = PhLoadLibrary(L"edputil.dll"))
{
EdpGetContextForProcess_I = PhGetDllBaseProcedureAddress(edputilModuleHandle, "EdpGetContextForProcess", 0);
EdpFreeContext_I = PhGetDllBaseProcedureAddress(edputilModuleHandle, "EdpFreeContext", 0);
}
}

PhEndInitOnce(&initOnce);
}

if (!(EdpGetContextForWindow_I && EdpFreeContext_I))
return E_FAIL;

status = EdpGetContextForProcess_I(
HandleToUlong(ProcessId),
&context
);

if (SUCCEEDED(status))
{
*State = context->contextStates;
EdpFreeContext_I(context);
}

return status;
}

// TODO: FIXME
//HICON PhAppResolverGetPackageIcon(
// _In_ HANDLE ProcessId,
Expand Down
149 changes: 139 additions & 10 deletions ProcessHacker/phlib/basesup.c
View file
Expand Up @@ -73,12 +73,7 @@
#define PH_VECTOR_LEVEL_SSE2 1
#define PH_VECTOR_LEVEL_AVX 2

#if (_MSC_VER < 1920 || DEBUG)
// Newer versions of the CRT support AVX/SSE vectorization for string routines
// but keep using our vectorization for debug builds since optimizations are
// disabled for the debug CRT and slower than our routines in this case. (dmex)
#define PH_LEGACY_CRT_SUPPORT 1
#endif
#define PH_NATIVE_STRING_CONVERSION 1

typedef struct _PHP_BASE_THREAD_CONTEXT
{
Expand Down Expand Up @@ -150,7 +145,10 @@ BOOLEAN PhBaseInitialization(
// NOTE: This is unused for now.
/*if (USER_SHARED_DATA->XState.EnabledFeatures & XSTATE_MASK_AVX)
PhpVectorLevel = PH_VECTOR_LEVEL_AVX;
else*/ if (USER_SHARED_DATA->ProcessorFeatures[PF_XMMI64_INSTRUCTIONS_AVAILABLE])
else if (USER_SHARED_DATA->ProcessorFeatures[PF_XMMI64_INSTRUCTIONS_AVAILABLE])
PhpVectorLevel = PH_VECTOR_LEVEL_SSE2;*/

if (IsProcessorFeaturePresent(PF_XMMI64_INSTRUCTIONS_AVAILABLE))
PhpVectorLevel = PH_VECTOR_LEVEL_SSE2;

PhStringType = PhCreateObjectType(L"String", 0, NULL);
Expand Down Expand Up @@ -226,6 +224,64 @@ NTSTATUS PhpBaseThreadStart(
return status;
}

// rev from RtlCreateUserThread (dmex)
NTSTATUS PhCreateUserThread(
_Out_opt_ PHANDLE ThreadHandle,
_In_ HANDLE ProcessHandle,
_In_ ULONG CreateFlags,
_In_opt_ SIZE_T StackSize,
_In_ PUSER_THREAD_START_ROUTINE StartAddress,
_In_opt_ PVOID Parameter
)
{
NTSTATUS status;
HANDLE threadHandle;
OBJECT_ATTRIBUTES objectAttributes;
UCHAR buffer[FIELD_OFFSET(PS_ATTRIBUTE_LIST, Attributes) + sizeof(PS_ATTRIBUTE[2])] = { 0 };
PPS_ATTRIBUTE_LIST attributeList = (PPS_ATTRIBUTE_LIST)buffer;
CLIENT_ID clientId = { 0 };
PTEB teb = NULL;

InitializeObjectAttributes(&objectAttributes, NULL, 0, NULL, NULL);
attributeList->TotalLength = sizeof(buffer);
attributeList->Attributes[0].Attribute = PS_ATTRIBUTE_CLIENT_ID;
attributeList->Attributes[0].Size = sizeof(CLIENT_ID);
attributeList->Attributes[0].ValuePtr = &clientId;
attributeList->Attributes[0].ReturnLength = NULL;
attributeList->Attributes[1].Attribute = PS_ATTRIBUTE_TEB_ADDRESS;
attributeList->Attributes[1].Size = sizeof(PTEB);
attributeList->Attributes[1].ValuePtr = &teb;
attributeList->Attributes[1].ReturnLength = NULL;

status = NtCreateThreadEx(
&threadHandle,
THREAD_ALL_ACCESS,
&objectAttributes,
ProcessHandle,
StartAddress,
Parameter,
CreateFlags,
0,
StackSize,
StackSize,
0 // attributeList
);

if (NT_SUCCESS(status))
{
if (ThreadHandle)
{
*ThreadHandle = threadHandle;
}
else if (threadHandle)
{
NtClose(threadHandle);
}
}

return status;
}

/**
* Creates a thread.
*
Expand Down Expand Up @@ -612,7 +668,7 @@ SIZE_T PhCountStringZ(
_In_ PWSTR String
)
{
#if (PH_LEGACY_CRT_SUPPORT && !defined(_ARM64_))
#ifndef _ARM64_
if (PhpVectorLevel >= PH_VECTOR_LEVEL_SSE2)
{
PWSTR p;
Expand Down Expand Up @@ -1433,7 +1489,7 @@ ULONG_PTR PhFindCharInStringRef(

if (!IgnoreCase)
{
#if (PH_LEGACY_CRT_SUPPORT && !defined(_ARM64_))
#ifndef _ARM64_
if (PhpVectorLevel >= PH_VECTOR_LEVEL_SSE2)
{
SIZE_T length16;
Expand Down Expand Up @@ -1526,7 +1582,7 @@ ULONG_PTR PhFindLastCharInStringRef(

if (!IgnoreCase)
{
#if (PH_LEGACY_CRT_SUPPORT && !defined(_ARM64_))
#ifndef _ARM64_
if (PhpVectorLevel >= PH_VECTOR_LEVEL_SSE2)
{
SIZE_T length16;
Expand Down Expand Up @@ -5234,6 +5290,79 @@ ULONG PhHashStringRef(
return hash;
}

ULONG PhHashStringRefEx(
_In_ PPH_STRINGREF String,
_In_ BOOLEAN IgnoreCase,
_In_ PH_STRING_HASH HashAlgorithm
)
{
switch (HashAlgorithm)
{
case PH_STRING_HASH_DEFAULT:
case PH_STRING_HASH_FNV1A:
return PhHashStringRef(String, IgnoreCase);
case PH_STRING_HASH_X65599:
{
ULONG hash = 0;
PWCHAR end;
PWCHAR p;

if (String->Length == 0)
return 0;

end = String->Buffer + (String->Length / sizeof(WCHAR));

if (IgnoreCase)
{
// This is the fastest implementation (copied from ReactOS) (dmex)
for (p = String->Buffer; p != end; p++)
{
hash = ((65599 * (hash)) + (ULONG)(((*p) >= L'a' && (*p) <= L'z') ? (*p) - L'a' + L'A' : (*p)));
}

// Medium fast
//UNICODE_STRING unicodeString;
//
//if (!PhStringRefToUnicodeString(String, &unicodeString))
// return 0;
//
//if (!NT_SUCCESS(RtlHashUnicodeString(&unicodeString, TRUE, HASH_STRING_ALGORITHM_X65599, &hash)))
// return 0;
//
// Slower than the above two (based on PhHashBytes) (dmex)
//SIZE_T count = String->Length / sizeof(WCHAR);
//PWCHAR p = String->Buffer;
//do
//{
// hash += (USHORT)RtlUpcaseUnicodeChar(*p++); // __ascii_towupper(*p++);
// hash *= 0x1003F;
//} while (--count != 0);
}
else
{
// This is the fastest implementation (copied from ReactOS) (dmex)
for (p = String->Buffer; p != end; p++)
{
hash = ((65599 * (hash)) + (ULONG)(*p));
}

// This is fast but slightly slower (based on PhHashBytes) (dmex)
//SIZE_T count = String->Length / sizeof(WCHAR);
//PWCHAR p = String->Buffer;
//do
//{
// hash *= 0x1003F;
// hash += *p++;
//} while (--count != 0);
}

return hash;
}
}

return 0;
}

BOOLEAN NTAPI PhpSimpleHashtableEqualFunction(
_In_ PVOID Entry1,
_In_ PVOID Entry2
Expand Down

0 comments on commit 753db1e

Please sign in to comment.