added user name for session object

other tweaks

WFPCore/WFPEngine.cpp

@@ -104,13 +104,13 @@ std::optional<WFPProviderInfo> WFPEngine::GetProviderByKey(GUID const& guid) con
 	return p;
 }
 
-std::optional<WFPFilterInfo> WFPEngine::GetFilterByKey(GUID const& key, bool includeConditions) const {
+std::optional<WFPFilterInfo> WFPEngine::GetFilterByKey(GUID const& key, bool full) const {
 	FWPM_FILTER* filter;
 	m_LastError = FwpmFilterGetByKey(m_hEngine, &key, &filter);
 	if (m_LastError != ERROR_SUCCESS)
 		return {};
 
-	auto info = InitFilter(filter, includeConditions);
+	auto info = InitFilter(filter, full);
 	FwpmFreeMemory((void**)&filter);
 	return info;
 }
@@ -283,7 +283,7 @@ std::vector<WFPProviderContextInfo> WFPEngine::EnumProviderContexts(bool include
 std::optional<WFPCalloutInfo> WFPEngine::GetCalloutByKey(GUID const& key) const {
 	FWPM_CALLOUT* co;
 	FwpmCalloutGetByKey(m_hEngine, &key, &co);
-	auto info = InitCallout(co);
+	auto info = InitCallout(co, true);
 	FwpmFreeMemory((void**)&co);
 	return info;
 }

WFPCore/WFPEngine.h

@@ -266,6 +266,7 @@ struct WFPSubLayerInfo {
 	WFPSubLayerFlags Flags;
 	GUID ProviderKey;
 	std::vector<BYTE> ProviderData;
+	uint32_t ProviderDataSize;
 	UINT16 Weight;
 };
 
@@ -364,6 +365,7 @@ struct WFPFilterInfo {
 	WFPFilterFlags Flags;
 	GUID ProviderKey;
 	std::vector<BYTE> ProviderData;
+	uint32_t ProviderDataSize;
 	GUID LayerKey;
 	GUID SubLayerKey;
 	WFPValue Weight;
@@ -393,6 +395,7 @@ struct WFPCalloutInfo {
 	WFPCalloutFlags Flags;
 	GUID ProviderKey;
 	std::vector<BYTE> ProviderData;
+	uint32_t ProviderDataSize;
 	GUID ApplicableLayer;
 	UINT32 CalloutId;
 };
@@ -700,8 +703,8 @@ class WFPEngine {
 	//
 	// Filters API
 	//
-	std::optional<WFPFilterInfo> GetFilterByKey(GUID const& key, bool includeConditions = false) const;
-	std::optional<WFPFilterInfo> GetFilterById(UINT64 id, bool includeConditions = false) const;
+	std::optional<WFPFilterInfo> GetFilterByKey(GUID const& key, bool full = true) const;
+	std::optional<WFPFilterInfo> GetFilterById(UINT64 id, bool full = true) const;
 
 	//
 	// layer API
@@ -721,12 +724,12 @@ class WFPEngine {
 	// helpers
 	//
 	static std::wstring ParseMUIString(PCWSTR input);
-	static WFPProviderInfo InitProvider(FWPM_PROVIDER* p, bool includeData = false);
-	static WFPConnectionInfo InitConnection(FWPM_CONNECTION* p, bool includeData);
-	static WFPProviderContextInfo InitProviderContext(FWPM_PROVIDER_CONTEXT* p, bool includeData);
+	static WFPProviderInfo InitProvider(FWPM_PROVIDER* p, bool full = false);
+	static WFPConnectionInfo InitConnection(FWPM_CONNECTION* p, bool full = false);
+	static WFPProviderContextInfo InitProviderContext(FWPM_PROVIDER_CONTEXT* p, bool full = false);
 
 	template<typename TFilter = WFPFilterInfo> requires std::is_base_of_v<WFPFilterInfo, TFilter>
-	static TFilter InitFilter(FWPM_FILTER* filter, bool includeConditions = false) {
+	static TFilter InitFilter(FWPM_FILTER* filter, bool full = false) {
 		TFilter fi;
 		fi.FilterKey = filter->filterKey;
 		fi.FilterId = filter->filterId;
@@ -741,7 +744,8 @@ class WFPEngine {
 		fi.Weight.Init(filter->weight);
 		fi.Action.Type = static_cast<WFPActionType>(filter->action.type);
 		fi.Action.FilterType = filter->action.filterType;
-		if (includeConditions) {
+		fi.ProviderDataSize = filter->providerData.size;
+		if (full) {
 			fi.Conditions.reserve(fi.ConditionCount);
 			for (uint32_t i = 0; i < fi.ConditionCount; i++) {
 				auto& cond = filter->filterCondition[i];
@@ -751,6 +755,10 @@ class WFPEngine {
 				c.Value.Init(cond.conditionValue);
 				fi.Conditions.emplace_back(std::move(c));
 			}
+			if (fi.ProviderDataSize) {
+				fi.ProviderData.resize(fi.ProviderDataSize);
+				memcpy(fi.ProviderData.data(), filter->providerData.data, fi.ProviderDataSize);
+			}
 		}
 		return fi;
 	}
@@ -780,30 +788,36 @@ class WFPEngine {
 	}
 
 	template<typename TLayer = WFPSubLayerInfo> requires std::is_base_of_v<WFPSubLayerInfo, TLayer>
-	static TLayer InitSubLayer(FWPM_SUBLAYER* layer) {
+	static TLayer InitSubLayer(FWPM_SUBLAYER* layer, bool full = false) {
 		TLayer li;
 		li.Name = ParseMUIString(layer->displayData.name);
 		li.Desc = ParseMUIString(layer->displayData.description);
 		li.SubLayerKey = layer->subLayerKey;
 		li.Flags = static_cast<WFPSubLayerFlags>(layer->flags);
 		li.Weight = layer->weight;
 		li.ProviderKey = layer->providerKey ? *layer->providerKey : GUID_NULL;
-		li.ProviderData.resize(layer->providerData.size);
-		memcpy(li.ProviderData.data(), layer->providerData.data, layer->providerData.size);
+		li.ProviderDataSize = layer->providerData.size;
+		if (full && li.ProviderDataSize) {
+			li.ProviderData.resize(li.ProviderDataSize);
+			memcpy(li.ProviderData.data(), layer->providerData.data, layer->providerData.size);
+		}
 		return li;
 	}
 
 	template<typename TCallout = WFPCalloutInfo> requires std::is_base_of_v<WFPCalloutInfo, TCallout>
-	static TCallout InitCallout(FWPM_CALLOUT* c) {
+	static TCallout InitCallout(FWPM_CALLOUT* c, bool full = false) {
 		TCallout ci;
 		ci.Name = ParseMUIString(c->displayData.name);
 		ci.Desc = ParseMUIString(c->displayData.description);
 		ci.ProviderKey = c->providerKey ? *c->providerKey : GUID_NULL;
 		ci.Flags = static_cast<WFPCalloutFlags>(c->flags);
 		ci.CalloutKey = c->calloutKey;
 		ci.ApplicableLayer = c->applicableLayer;
-		ci.ProviderData.resize(c->providerData.size);
-		memcpy(ci.ProviderData.data(), c->providerData.data, c->providerData.size);
+		ci.ProviderDataSize = c->providerData.size;
+		if (full && ci.ProviderDataSize) {
+			ci.ProviderData.resize(ci.ProviderDataSize);
+			memcpy(ci.ProviderData.data(), c->providerData.data, ci.ProviderDataSize);
+		}
 		ci.CalloutId = c->calloutId;
 		ci.ApplicableLayer = c->applicableLayer;
 		return ci;

WFPExplorer/FiltersView.cpp

@@ -31,6 +31,7 @@ CString CFiltersView::GetColumnText(HWND, int row, int col) {
 		case ColumnType::SubLayerKey: return StringHelper::GuidToString(info.SubLayerKey);
 		case ColumnType::Weight: return StringHelper::WFPValueToString(info.Weight, true);
 		case ColumnType::Action: return StringHelper::WFPFilterActionTypeToString(info.Action.Type);
+		case ColumnType::ProviderData: return info.ProviderDataSize == 0 ? L"" : std::format(L"{} Bytes", info.ProviderDataSize).c_str();
 		case ColumnType::ActionKey:
 			if (info.FilterAction.IsEmpty()) {
 				if (info.Action.CalloutKey == GUID_NULL)
@@ -107,6 +108,7 @@ LRESULT CFiltersView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam
 	cm->AddColumn(L"Action", LVCFMT_LEFT, 110, ColumnType::Action);
 	cm->AddColumn(L"Action Filter/Callout", LVCFMT_LEFT, 120, ColumnType::ActionKey);
 	cm->AddColumn(L"Flags", LVCFMT_LEFT, 150, ColumnType::Flags);
+	cm->AddColumn(L"Provider Data", LVCFMT_RIGHT, 100, ColumnType::ProviderData);
 	cm->AddColumn(L"Filter Name", 0, 180, ColumnType::Name);
 	cm->AddColumn(L"Description", 0, 180, ColumnType::Desc);
 	cm->AddColumn(L"Provider", 0, 240, ColumnType::ProviderName);
@@ -162,6 +164,7 @@ void CFiltersView::DoSort(SortInfo const* si) {
 			case ColumnType::Layer: return SortHelper::Sort(GetLayerName(f1), GetLayerName(f2), asc);
 			case ColumnType::SubLayer: return SortHelper::Sort(GetSublayerName(f1), GetSublayerName(f2), asc);
 			case ColumnType::ConditionCount: return SortHelper::Sort(f1.ConditionCount, f2.ConditionCount, asc);
+			case ColumnType::ProviderData: return SortHelper::Sort(f1.ProviderDataSize, f2.ProviderDataSize, asc);
 		}
 		return false;
 	};

WFPExplorer/FiltersView.h

@@ -49,7 +49,7 @@ class CFiltersView :
 
 	enum class ColumnType {
 		Key, Name, Desc, Flags, ProviderGUID, ProviderName, LayerKey, SubLayerKey,
-		Weight, ConditionCount, Action, Id, EffectiveWeight, Layer, SubLayer, ActionKey,
+		Weight, ConditionCount, Action, Id, EffectiveWeight, Layer, SubLayer, ActionKey, ProviderData,
 	};
 
 	struct FilterInfo : WFPFilterInfo {

WFPExplorer/ProvidersView.cpp

@@ -13,11 +13,12 @@ LRESULT CProvidersView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lPar
 	m_List.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP);
 
 	auto cm = GetColumnManager(m_List);
-	cm->AddColumn(L"Provider Key", 0, 250, ColumnType::Key);
+	cm->AddColumn(L"Provider Key", 0, 280, ColumnType::Key);
+	cm->AddColumn(L"Provider Name", 0, 220, ColumnType::Name);
 	cm->AddColumn(L"Service Name", 0, 180, ColumnType::ServiceName);
 	cm->AddColumn(L"Flags", 0, 120, ColumnType::Flags);
-	cm->AddColumn(L"Provider Name", 0, 180, ColumnType::Name);
-	cm->AddColumn(L"Description", 0, 180, ColumnType::Desc);
+	cm->AddColumn(L"Provider Data", LVCFMT_RIGHT, 90, ColumnType::ProviderData);
+	cm->AddColumn(L"Description", 0, 250, ColumnType::Desc);
 
 	CImageList images;
 	images.Create(16, 16, ILC_COLOR32 | ILC_MASK, 2, 2);
@@ -47,7 +48,8 @@ CString CProvidersView::GetColumnText(HWND, int row, int col) {
 		case ColumnType::Key: return StringHelper::GuidToString(info.ProviderKey);
 		case ColumnType::Name: return info.Name.c_str();
 		case ColumnType::Desc: return info.Desc.c_str();
-		case ColumnType::Flags: 
+		case ColumnType::ProviderData: return info.ProviderDataSize == 0 ? L"" : std::format(L"{} Bytes", info.ProviderDataSize).c_str();
+		case ColumnType::Flags:
 			if (info.Flags == WFPProviderFlags::None)
 				return L"0";
 			return std::format(L"0x{:X} ({})", (UINT32)info.Flags, StringHelper::WFPProviderFlagsToString(info.Flags)).c_str();
@@ -67,6 +69,7 @@ void CProvidersView::DoSort(SortInfo const* si) {
 			case ColumnType::Desc: return SortHelper::Sort(p1.Desc, p2.Desc, asc);
 			case ColumnType::Flags: return SortHelper::Sort(p1.Flags, p2.Flags, asc);
 			case ColumnType::ServiceName: return SortHelper::Sort(p1.ServiceName, p2.ServiceName, asc);
+			case ColumnType::ProviderData: return SortHelper::Sort(p1.ProviderDataSize, p2.ProviderDataSize, asc);
 		}
 		return false;
 	};

WFPExplorer/ProvidersView.h

@@ -35,7 +35,7 @@ class CProvidersView :
 
 private:
 	enum class ColumnType {
-		Key, Name, Desc, Flags, ServiceName,
+		Key, Name, Desc, Flags, ServiceName, ProviderData,
 	};
 
 	LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);

WFPExplorer/SessionsView.cpp

@@ -30,6 +30,9 @@ CString CSessionsView::GetColumnText(HWND, int row, int col) {
 		case ColumnType::Key: return StringHelper::GuidToString(session.SessionKey);
 		case ColumnType::Name: return session.Name.c_str();
 		case ColumnType::Desc: return session.Desc.c_str();
+		case ColumnType::SID: return StringHelper::FormatSID((PSID const)session.Sid);
+		case ColumnType::KernelMode: return session.KernelMode ? L"Yes" : L"";
+		case ColumnType::UserName: return session.UserName.c_str();
 		case ColumnType::ProcessId: return std::to_wstring(session.ProcessId).c_str();
 		case ColumnType::Flags: 
 			if (session.Flags == WFPSessionFlags::None)
@@ -55,6 +58,8 @@ void CSessionsView::DoSort(SortInfo const* si) {
 			case ColumnType::Flags: return SortHelper::Sort(s1.Flags, s2.Flags, asc);
 			case ColumnType::ProcessId: return SortHelper::Sort(s1.ProcessId, s2.ProcessId, asc);
 			case ColumnType::ProcessName: return SortHelper::Sort(s1.ProcessName, s2.ProcessName, asc);
+			case ColumnType::UserName: return SortHelper::Sort(s1.UserName, s2.UserName, asc);
+			case ColumnType::KernelMode: return SortHelper::Sort(s1.KernelMode, s2.KernelMode, asc);
 		}
 		return false;
 	};
@@ -74,8 +79,10 @@ LRESULT CSessionsView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lPara
 	cm->AddColumn(L"Session Key", 0, 250, ColumnType::Key);
 	cm->AddColumn(L"PID", LVCFMT_RIGHT, 90, ColumnType::ProcessId);
 	cm->AddColumn(L"Process Name", LVCFMT_LEFT, 180, ColumnType::ProcessName);
+	cm->AddColumn(L"User Name", LVCFMT_LEFT, 220, ColumnType::UserName);
 	cm->AddColumn(L"Flags", LVCFMT_LEFT, 120, ColumnType::Flags);
 	cm->AddColumn(L"Session Name", 0, 180, ColumnType::Name);
+	cm->AddColumn(L"Kernel?", 0, 80, ColumnType::KernelMode);
 	cm->AddColumn(L"Description", 0, 180, ColumnType::Desc);
 
 	CImageList images;

WFPExplorer/SessionsView.h

@@ -35,7 +35,7 @@ class CSessionsView :
 
 private:
 	enum class ColumnType {
-		Key, Name, Desc, Flags, ProcessId, ProcessName,
+		Key, Name, Desc, Flags, ProcessId, ProcessName, UserName, SID, KernelMode,
 	};
 	struct SessionInfo : WFPSessionInfo {
 		CString ProcessName;

WFPExplorer/SublayersView.cpp

@@ -17,6 +17,7 @@ LRESULT CSublayersView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lPar
 	cm->AddColumn(L"Name", 0, 180, ColumnType::Name);
 	cm->AddColumn(L"Flags", 0, 120, ColumnType::Flags);
 	cm->AddColumn(L"Weight", LVCFMT_RIGHT, 80, ColumnType::Weight);
+	cm->AddColumn(L"Provider Data", LVCFMT_RIGHT, 90, ColumnType::ProviderData);
 	cm->AddColumn(L"Provider", 0, 180, ColumnType::Provider);
 	cm->AddColumn(L"Description", 0, 180, ColumnType::Desc);
 
@@ -47,7 +48,8 @@ CString CSublayersView::GetColumnText(HWND, int row, int col) {
 		case ColumnType::Key: return StringHelper::GuidToString(info.SubLayerKey);
 		case ColumnType::Name: return info.Name.c_str();
 		case ColumnType::Desc: return info.Desc.c_str();
-		case ColumnType::Flags: 
+		case ColumnType::ProviderData: return info.ProviderDataSize == 0 ? L"" : std::format(L"{} Bytes", info.ProviderDataSize).c_str();
+		case ColumnType::Flags:
 			if (info.Flags == WFPSubLayerFlags::None)
 				return L"0";
 			return std::format(L"0x{:X} ({})", (UINT32)info.Flags,
@@ -82,6 +84,7 @@ void CSublayersView::DoSort(SortInfo const* si) {
 			case ColumnType::Flags: return SortHelper::Sort(l1.Flags, l2.Flags, asc);
 			case ColumnType::Provider: return SortHelper::Sort(l1.ProviderName, l2.ProviderName, asc);
 			case ColumnType::Weight: return SortHelper::Sort(l1.Weight, l2.Weight, asc);
+			case ColumnType::ProviderData: return SortHelper::Sort(l1.ProviderDataSize, l2.ProviderDataSize, asc);
 		}
 		return false;
 	};

WFPExplorer/SublayersView.h

@@ -35,7 +35,7 @@ class CSublayersView :
 
 private:
 	enum class ColumnType {
-		Key, Name, Desc, Flags, Weight, Provider, 
+		Key, Name, Desc, Flags, Weight, Provider, ProviderData,
 	};
 
 	struct SubLayerInfo : WFPSubLayerInfo {

WFPExplorer/WFPExplorer.rc

@@ -245,6 +245,16 @@ BEGIN
     CONTROL         "",IDC_LIST,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_ALIGNLEFT | LVS_OWNERDATA | WS_BORDER | WS_TABSTOP,7,7,375,240
 END
 
+IDD_PROPSHEET DIALOGEX 0, 0, 309, 176
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Dialog"
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+    DEFPUSHBUTTON   "OK",IDOK,198,155,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,252,155,50,14
+    CONTROL         "",IDC_TABS,"SysTabControl32",0x0,7,7,295,142
+END
+
 
 /////////////////////////////////////////////////////////////////////////////
 //
@@ -293,6 +303,14 @@ BEGIN
         TOPMARGIN, 7
         BOTTOMMARGIN, 247
     END
+
+    IDD_PROPSHEET, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 302
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 169
+    END
 END
 #endif    // APSTUDIO_INVOKED
 
@@ -394,6 +412,11 @@ BEGIN
     0, 0, 100, 100
 END
 
+IDD_PROPSHEET AFX_DIALOG_LAYOUT
+BEGIN
+    0
+END
+
 
 /////////////////////////////////////////////////////////////////////////////
 //

WFPExplorer/resource.h

@@ -32,8 +32,8 @@
 #define IDD_LAYERFIELDS                 226
 #define IDI_CONDITION                   227
 #define IDI_CUBE                        228
-#define IDI_ICON1                       230
 #define IDI_FIELD                       230
+#define IDD_PROPSHEET                   231
 #define IDC_VERSION                     1000
 #define IDC_COPYRIGHT                   1001
 #define IDC_KEY                         1001
@@ -54,6 +54,8 @@
 #define IDC_SUBLAYER_PROP               1014
 #define IDC_VALUE                       1016
 #define IDC_FLAGS                       1017
+#define IDC_TAB1                        1018
+#define IDC_TABS                        1018
 #define ID_WINDOW_CLOSE                 32772
 #define ID_WINDOW_CLOSE_ALL             32773
 #define ID_OPTIONS_ALWAYSONTOP          32775
@@ -73,9 +75,9 @@
 // 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        231
+#define _APS_NEXT_RESOURCE_VALUE        233
 #define _APS_NEXT_COMMAND_VALUE         32789
-#define _APS_NEXT_CONTROL_VALUE         1018
+#define _APS_NEXT_CONTROL_VALUE         1019
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif