1.4.5

small update with RS1 new fields, screenshots updated, old versions
removed

README.md

@@ -30,5 +30,7 @@ For a changelog see program help file -> History or changelog.txt in Source dire
 
 # Authors
 
+
 (c) 2015 - 2016 WinObjEx64 Project
+
 Original WinObjEx (c) 2003 - 2005 Four-F

Source/CHANGELOG.txt

@@ -1,15 +1,9 @@
-v1.4.4
-FltConnectionPort object dump added
-some rearrange with switching to VS 2015 U3
-
-v1.4.3
-hde instead of ldasm
-
-v1.4.2
-some cleanup, properties for drivers
-
-v 1.4.1
-some cleanup, rtls update
+v1.4.5
+added file properties for drivers (menu -> extras -> Drivers) 
+added FltConnectionPort object dump 
+switched to hde instead of ldasm 
+rtls updated, switched to VS2015 U3 
+note: Windows 10 RS1 (14393 release) supported as well as TH1(10240)/TH2(10586) 
 
 v 1.4.0
 drivers list and dump (menu -> extras)

Source/TODO.txt

@@ -1 +1,38 @@
-LP) More objects icons and descriptions
+LP) More objects icons and descriptions
+
+typedef struct _ESERVERSILO_GLOBALS
+{
+    struct _OBP_SILODRIVERSTATE ObSiloState;
+    struct _SEP_SILOSTATE SeSiloState;
+    struct _SEP_RM_LSA_CONNECTION_STATE SeRmSiloState;
+    struct _ETW_SILODRIVERSTATE * EtwSiloState;
+    struct _EPROCESS * MiSessionLeaderProcess;
+    struct _EPROCESS * ExpDefaultErrorPortProcess;
+    void * ExpDefaultErrorPort;
+    unsigned long HardErrorState;
+    struct _WNF_SILODRIVERSTATE WnfSiloState;
+    void * ApiSetSection;
+    void * ApiSetSchema;
+    unsigned char OneCoreForwardersEnabled;
+    struct _UNICODE_STRING SiloRootDirectoryName;
+    struct _PSP_STORAGE * Storage;
+    enum _SERVERSILO_STATE State;
+    long ExitStatus;
+    struct _KEVENT * DeleteEvent;
+    struct _SILO_USER_SHARED_DATA UserSharedData;
+    struct _WORK_QUEUE_ITEM TerminateWorkItem;
+} ESERVERSILO_GLOBALS, *PESERVERSILO_GLOBALS;
+
+typedef struct _OBP_SYSTEM_DOS_DEVICE_STATE
+{
+    unsigned long GlobalDeviceMap;
+    unsigned long LocalDeviceCount[26];
+} OBP_SYSTEM_DOS_DEVICE_STATE, *POBP_SYSTEM_DOS_DEVICE_STATE;
+
+typedef struct _OBP_SILODRIVERSTATE
+{
+    struct _DEVICE_MAP * SystemDeviceMap;
+    struct _OBP_SYSTEM_DOS_DEVICE_STATE SystemDosDeviceState;
+    struct _EX_PUSH_LOCK DeviceMapLock;
+    struct _OBJECT_NAMESPACE_LOOKUPTABLE PrivateNamespaceLookupTable;
+} OBP_SILODRIVERSTATE, *POBP_SILODRIVERSTATE;

Source/WinObjEx64/extrasUSD.c

@@ -4,9 +4,9 @@
 *
 *  TITLE:       EXTRASUSD.C
 *
-*  VERSION:     1.44
+*  VERSION:     1.45
 *
-*  DATE:        17 July 2016
+*  DATE:        06 Aug 2016
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -189,7 +189,7 @@ VOID UsdDumpSharedRegion(
         subitems.Count = 1;
         h_tviSubItem = TreeListAddItem(UsdTreeList, h_tviRootItem, TVIF_TEXT | TVIF_STATE, 0, 0, TEXT("SharedDataFlags"), &subitems);
         if (h_tviSubItem) {
-            for (i = 0; i < 9; i++) {
+            for (i = 0; i < MAX_KNOWN_SHAREDDATAFLAGS; i++) {
                 if (GET_BIT(pData->SharedDataFlags, i)) {
                     RtlSecureZeroMemory(&subitems, sizeof(subitems));
                     RtlSecureZeroMemory(&szValue, sizeof(szValue));

Source/WinObjEx64/extrasUSD.h

@@ -4,9 +4,9 @@
 *
 *  TITLE:       EXTRASUSD.H
 *
-*  VERSION:     1.44
+*  VERSION:     1.45
 *
-*  DATE:        17 July 2016
+*  DATE:        06 Aug 2016
 *
 *  Common header file for Extras User Shared Data dialog.
 *
@@ -55,7 +55,8 @@ static LPWSTR T_PROCESSOR_FEATURES[] = {
     L""
 };
 
-static LPCWSTR T_SharedDataFlags[9] = {
+#define MAX_KNOWN_SHAREDDATAFLAGS 10
+static LPCWSTR T_SharedDataFlags[MAX_KNOWN_SHAREDDATAFLAGS] = {
     L"DbgErrorPortPresent",
     L"DbgElevationEnabled",
     L"DbgVirtEnabled",
@@ -64,7 +65,8 @@ static LPCWSTR T_SharedDataFlags[9] = {
     L"DbgDynProcessorEnabled",
     L"DbgConsoleBrokerEnabled",
     L"DbgSecureBootEnabled",
-    L"DbgMultiSessionSku"
+    L"DbgMultiSessionSku",
+    L"DbgMultiUsersInSessionSku"
 };
 
 #define MAX_KNOWN_SUITEMASKS 18

Source/WinObjEx64/kldbg.c

@@ -4,9 +4,9 @@
 *
 *  TITLE:       KLDBG.C, based on KDSubmarine by Evilcry
 *
-*  VERSION:     1.44
+*  VERSION:     1.45
 *
-*  DATE:        17 July 2016 
+*  DATE:        06 Aug 2016 
 *
 *  MINIMUM SUPPORTED OS WINDOWS 7
 *
@@ -1299,42 +1299,12 @@ BOOL kdIsDebugBoot(
     VOID
 )
 {
-    BOOL    cond = FALSE, bResult = FALSE;
-    HKEY    hKey;
-    LPWSTR  lpszBootOptions = NULL;
-    LRESULT lRet;
-    SIZE_T  memIO;
-    DWORD   dwSize;
+    ULONG rl = 0;
+    SYSTEM_KERNEL_DEBUGGER_INFORMATION kdInfo;
 
-    do {
-
-        lRet = RegOpenKeyExW(HKEY_LOCAL_MACHINE, RegControlKey, 0, KEY_QUERY_VALUE, &hKey);
-        if (lRet != ERROR_SUCCESS)
-            break;
-
-        dwSize = 0;
-        lRet = RegQueryValueExW(hKey, RegStartOptionsValue, NULL, NULL, (LPBYTE)NULL, &dwSize);
-        if (lRet != ERROR_SUCCESS)
-            break;
-
-        memIO = dwSize + sizeof(WCHAR);
-        lpszBootOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, memIO);
-        if (lpszBootOptions == NULL)
-            break;
-
-        lRet = RegQueryValueExW(hKey, RegStartOptionsValue, NULL, NULL, (LPBYTE)lpszBootOptions, &dwSize);
-        if (lRet != ERROR_SUCCESS)
-            break;
-
-        if (_strstri(lpszBootOptions, L"DEBUG") != NULL)
-            bResult = TRUE;
-
-        RegCloseKey(hKey);
-        HeapFree(GetProcessHeap(), 0, lpszBootOptions);
-
-    } while (cond);
-
-    return bResult;
+    RtlSecureZeroMemory(&kdInfo, sizeof(kdInfo));
+    NtQuerySystemInformation(SystemKernelDebuggerInformation, &kdInfo, sizeof(kdInfo), &rl);
+    return kdInfo.KernelDebuggerEnabled;
 }
 
 /*

Source/WinObjEx64/ntos.h

@@ -4,9 +4,9 @@
 *
 *  TITLE:       NTOS.H
 *
-*  VERSION:     1.48
+*  VERSION:     1.49
 *
-*  DATE:        17 July 2016
+*  DATE:        06 Aug 2016
 *
 *  Common header file for the ntos API functions and definitions.
 *
@@ -109,6 +109,18 @@
 #define TRACELOG_ACCESS_REALTIME      0x0400
 #define TRACELOG_REGISTER_GUIDS       0x0800
 
+//
+// Partition Specific Access Rights.
+//
+
+#define MEMORY_PARTITION_QUERY_ACCESS  0x0001
+#define MEMORY_PARTITION_MODIFY_ACCESS 0x0002
+
+#define MEMORY_PARTITION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |         \
+                                     SYNCHRONIZE |                      \
+                                     MEMORY_PARTITION_QUERY_ACCESS |    \
+                                     MEMORY_PARTITION_MODIFY_ACCESS)
+
 #define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
 #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 )
 #define ZwCurrentProcess() NtCurrentProcess()
@@ -213,6 +225,19 @@ typedef struct _SEMAPHORE_BASIC_INFORMATION {
 ** Semaphore END
 */
 
+/*
+** Kernel Debugger START
+*/
+
+typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
+    BOOLEAN KernelDebuggerEnabled;
+    BOOLEAN KernelDebuggerNotPresent;
+} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
+
+/*
+** Kernel Debugger END
+*/
+
 /*
 ** FileCache and MemoryList START
 */
@@ -4181,7 +4206,8 @@ typedef struct _KUSER_SHARED_DATA_COMPAT {
 			ULONG DbgConsoleBrokerEnabled : 1;
 			ULONG DbgSecureBootEnabled : 1;
 			ULONG DbgMultiSessionSku : 1;
-			ULONG SpareBits : 23;
+            ULONG DbgMultiUsersInSessionSku : 1;
+			ULONG SpareBits : 22;
 		};
 	};
 

Source/WinObjEx64/propSecurityConsts.h

@@ -4,9 +4,9 @@
 *
 *  TITLE:       PROPSECURITYCONSTS.H
 *
-*  VERSION:     1.44
+*  VERSION:     1.45
 *
-*  DATE:        17 July 2016
+*  DATE:        07 Aug 2016
 *
 *  Consts header file for Security property sheet.
 *
@@ -199,3 +199,13 @@ static SI_ACCESS IoCompletionAccessValues[MAX_KNOWN_IOCOMPLETION_ACCESS_VALUE] =
     { &GUID_NULL, IO_COMPLETION_QUERY_STATE, L"Query State", SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC },
     { &GUID_NULL, IO_COMPLETION_MODIFY_STATE, L"Modify State", SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC }
 };
+
+//
+//MemoryPartition Access Values
+//
+#define MAX_KNOWN_MEMORYPARTITION_ACCESS_VALUE 3
+static SI_ACCESS MemoryPartitionAccessValues[MAX_KNOWN_MEMORYPARTITION_ACCESS_VALUE] = {
+    { &GUID_NULL, MEMORY_PARTITION_ALL_ACCESS, L"Full Control", SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC},
+    { &GUID_NULL, MEMORY_PARTITION_QUERY_ACCESS, L"Query", SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC },
+    { &GUID_NULL, MEMORY_PARTITION_MODIFY_ACCESS, L"Modify", SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC }
+};

Source/WinObjEx64/propTypeConsts.h

@@ -4,9 +4,9 @@
 *
 *  TITLE:       PROPTYPECONSTS.H
 *
-*  VERSION:     1.44
+*  VERSION:     1.45
 *
-*  DATE:        17 July 2016
+*  DATE:        07 Aug 2016
 *
 *  Consts header file for Type property sheet.
 *
@@ -402,6 +402,13 @@ static VALUE_DESC a_CompositionProp[MAX_KNOWN_COMPOSITION_ATTRIBUTES] = {
     { L"COMPOSITIONSURFACE_WRITE", 0x0002L }
 };
 
+//Known Memory Partition Access Rights
+#define MAX_KNOWN_MEMPARTITION_ATTRIBUTES 2
+static VALUE_DESC a_MemPartProp[MAX_KNOWN_MEMPARTITION_ATTRIBUTES] = {
+    { L"MEMORY_PARTITION_QUERY_ACCESS", MEMORY_PARTITION_QUERY_ACCESS },
+    { L"MEMORY_PARTITION_MODIFY_ACCESS", MEMORY_PARTITION_MODIFY_ACCESS }
+};
+
 //Known Object Type Initializers
 #define MAX_KNOWN_OBJECT_TYPE_PROCEDURES 8
 static LPWSTR T_TYPEPROCEDURES[MAX_KNOWN_OBJECT_TYPE_PROCEDURES] = {

Source/WinObjEx64/ui.h

@@ -4,9 +4,9 @@
 *
 *  TITLE:       UI.H
 *
-*  VERSION:     1.44
+*  VERSION:     1.45
 *
-*  DATE:        17 July 2016
+*  DATE:        06 Aug 2016
 *
 *  Common header file for the user interface.
 *
@@ -33,7 +33,7 @@ typedef HWND(WINAPI *pfnHtmlHelpW)(
     _In_ DWORD_PTR dwData
     );
 
-#define PROGRAM_VERSION         L"1.4.4"
+#define PROGRAM_VERSION         L"1.4.5"
 #define PROGRAM_NAME            L"Windows Object Explorer 64-bit"
 #define PROFRAM_NAME_AND_TITLE  L"Object Explorer for Windows 7/8/8.1/10"
 #define MAINWINDOWCLASSNAME     L"WinObjEx64Class"