AV in Process Hacker v3.0.8110.3583 Git-cc0ab078 Plugins-Extra Git-717d8e160 after adding GraphExplorerPlugin #81
Comments
This thing didn't exist until a few hours ago and is WIP. |
|
I checked the reproducibility of the phenomenon on several more machines - it exists. I can send a dump of the moment of failure - maybe I missed something? ProcessHacker.7z included PH v3.0.8111.3584 Git-1de60a7d, .pdb files, crashdump, config, launch script. |
The plugin is missing locks for process provider events when adding/removing items.
I haven't added the support because the process provider events will probably be removed. This repository is for unstable plugin development and stuff is missing which is intentional since it was just added yesterday. You should wait for an official release. |
|
So far I have only looked at it in the test set - I did not include it in the working one, and what I saw I said to help in testing. |
It's appreciated. I would normally fix crashes but this is a rare occasion where it's something new. The crash is missing support for something that probably won't remain... It's a WIP. |
|
I have corrected the toolkit by excluding the GraphExplorerPlugin and ReparseEnumPlugin from the assembly - this one is not going to be assembled because the Reparse flags of the tags have not been described yet. And as I saw it immediately looked what to expect from him - great! Far Manager has a plug-in NTFS File Information which, among other features, is reading MFT, working with streams, defragmenting files, calculating hashes, and also parses symlinks for parts, and naturally, the appearance of a similar tool in PH made me happy. I really want to be able to see where this or that symlink leads and does the file have streams? Such an opportunity will greatly help out, especially when repairing damage when any information that allows you to determine a repair plan is worth its weight in gold. |
ReparseEnumPlugin is fine and was completed.
No. The ReparseEnum plugin is showing the ntfs volume reparse cache and only contains a few entries. It's not a file browser and will never be similar to Far Manager since they're completely unrelated. |
|
And when I tried to compile it, the compiler displayed the error message c2065: .\plugins-extra\ReparseEnumPlugin\main.c (551,37): error C2065: IO_REPARSE_TAG_DATALESS_CIM: undeclared identifier [.\plugins-extra\ReparseEnumPlugin\ReparseEnumPlugin.vcxproj] Maybe I'm missing something? I looked at this identifier - grep did not find anything and therefore I commented it out in .sln for now |
|
You need the latest SDK installed. |
#define IO_REPARSE_TAG_DATALESS_CIM (0xA0000028L) |
|
Big thanks! I do't know this flag. |
|
Just use |
|
Yes, I have SDK 19041, and according to MS, there will be no newer one: In to https://developer.microsoft.com/ru-ru/windows/downloads/sdk-archive/ says:
grep ... also thanks! I not find whis record's. And I think it's better: add a line to SDL or just commit it to the PH sources? I added it to the main.h plugin and everything was assembled, looked at it in action - great! Everything has a list of Repars Points, and the ability to copy. I just did not delete it - this is on occasion on a test symbol, which is not a pity.:) |
|
ABOUT! The perfect solution! Thank you so much! And I already thought from GCC in a loop to brute force the GNU patch tree, only my hands did not reach the implementation of this disgrace. :) |
If you add GraphExplorerPlugin to the plug-in kit, then after calling it through the Tools - Graph Explorer menu, even if the plug-in is completed by ESC or its window is closed by the Close command, after a while in Process Hacker Access Violation occurs due to reading at the address 0x00000000. I have this phenomenon observed in 100% of cases within the first minute after closing the plugin and minimizing Process Hacker to the system tray. I attach screenshots of the dump decryption:
The text was updated successfully, but these errors were encountered: