Copy disabled (too large)
Download .txt
Showing preview only (15,962K chars total). Download the full file to get everything.
Repository: winsiderss/systeminformer
Branch: master
Commit: 0d2893cc8929
Files: 1190
Total size: 44.0 MB
Directory structure:
gitextract_4bdkv5wf/
├── .editorconfig
├── .gitattributes
├── .github/
│ ├── CODEOWNERS
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yml
│ │ ├── config.yml
│ │ └── feature_request.yml
│ └── workflows/
│ ├── cla.yml
│ ├── cmake.yml
│ ├── msbuild.yml
│ └── scan.yml
├── .gitignore
├── .vscode/
│ ├── launch.json
│ └── tasks.json
├── .vsconfig
├── CHANGELOG.txt
├── CLA.md
├── CMakeLists.txt
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── COPYRIGHT.txt
├── Common.Kernel.props
├── Common.Kernel.ruleset
├── Common.User.props
├── Directory.Build.props
├── HACKING.md
├── KSystemInformer/
│ ├── Directory.Build.props
│ ├── KSystemInformer.inf
│ ├── KSystemInformer.sln
│ ├── KSystemInformer.slnx
│ ├── KSystemInformer.vcxproj
│ ├── KSystemInformer.vcxproj.filters
│ ├── README.md
│ ├── alloc.c
│ ├── alpc.c
│ ├── back_trace.c
│ ├── bin-signed/
│ │ ├── amd64/
│ │ │ ├── ksi.pdb
│ │ │ ├── systeminformer.pdb
│ │ │ └── systeminformer.sys
│ │ └── arm64/
│ │ ├── ksi.pdb
│ │ ├── systeminformer.pdb
│ │ └── systeminformer.sys
│ ├── cid_table.c
│ ├── cid_tracking.c
│ ├── comms.c
│ ├── comms_handlers.c
│ ├── device.c
│ ├── driver.c
│ ├── dyndata.c
│ ├── dynimp.c
│ ├── file.c
│ ├── hash.c
│ ├── imgcoherency.c
│ ├── include/
│ │ ├── comms.h
│ │ ├── informer.h
│ │ ├── informer_filep.h
│ │ ├── kph.h
│ │ ├── ntfill.h
│ │ ├── pooltags.h
│ │ └── trace.h
│ ├── informer.c
│ ├── informer_debug.c
│ ├── informer_file.c
│ ├── informer_filenc.c
│ ├── informer_fileop.c
│ ├── informer_image.c
│ ├── informer_object.c
│ ├── informer_process.c
│ ├── informer_registry.c
│ ├── informer_thread.c
│ ├── knowndll.c
│ ├── kphobject.c
│ ├── kphthread.c
│ ├── ksidll.c
│ ├── ksidll.def
│ ├── ksidll.vcxproj
│ ├── lsa.c
│ ├── main.c
│ ├── object.c
│ ├── parameters.c
│ ├── process.c
│ ├── protection.c
│ ├── ratelmt.c
│ ├── resource.rc
│ ├── ringbuff.c
│ ├── session_token.c
│ ├── system.c
│ ├── thread.c
│ ├── umaccess.c
│ ├── util.c
│ ├── verify.c
│ └── vm.c
├── LICENSE.txt
├── README.md
├── README.txt
├── SECURITY.md
├── SystemInformer/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── SystemInformer.def
│ ├── SystemInformer.def.h
│ ├── SystemInformer.manifest
│ ├── SystemInformer.rc
│ ├── SystemInformer.vcxproj
│ ├── SystemInformer.vcxproj.filters
│ ├── about.c
│ ├── actions.c
│ ├── admintask.c
│ ├── affinity.c
│ ├── anawait.c
│ ├── appsup.c
│ ├── chcol.c
│ ├── chdlg.c
│ ├── chproc.c
│ ├── colmgr.c
│ ├── colsetmgr.c
│ ├── dbgcon.c
│ ├── delayhook.c
│ ├── delayload.c
│ ├── devprv.c
│ ├── extmgr.c
│ ├── findobj.c
│ ├── gdihndl.c
│ ├── heapinfo.c
│ ├── hidnproc.c
│ ├── hndllist.c
│ ├── hndlmenu.c
│ ├── hndlprp.c
│ ├── hndlprv.c
│ ├── hndlstat.c
│ ├── include/
│ │ ├── actions.h
│ │ ├── appsup.h
│ │ ├── colmgr.h
│ │ ├── colsetmgr.h
│ │ ├── devprv.h
│ │ ├── extmgr.h
│ │ ├── extmgri.h
│ │ ├── heapstruct.h
│ │ ├── hidnproc.h
│ │ ├── hndllist.h
│ │ ├── hndlmenu.h
│ │ ├── hndlprv.h
│ │ ├── informer.h
│ │ ├── ksisup.h
│ │ ├── mainwnd.h
│ │ ├── mainwndp.h
│ │ ├── memlist.h
│ │ ├── memprv.h
│ │ ├── memsrch.h
│ │ ├── miniinfo.h
│ │ ├── miniinfop.h
│ │ ├── modlist.h
│ │ ├── modprv.h
│ │ ├── netlist.h
│ │ ├── netprv.h
│ │ ├── notifico.h
│ │ ├── notificop.h
│ │ ├── notiftoast.h
│ │ ├── phapp.h
│ │ ├── phappres.h
│ │ ├── phfwddef.h
│ │ ├── phplug.h
│ │ ├── phsettings.h
│ │ ├── phsvc.h
│ │ ├── phsvcapi.h
│ │ ├── phsvccl.h
│ │ ├── phuisup.h
│ │ ├── procgrp.h
│ │ ├── procmtgn.h
│ │ ├── procprp.h
│ │ ├── procprpp.h
│ │ ├── procprv.h
│ │ ├── proctree.h
│ │ ├── srvlist.h
│ │ ├── srvprv.h
│ │ ├── sysinfo.h
│ │ ├── sysinfop.h
│ │ ├── thrdlist.h
│ │ └── thrdprv.h
│ ├── infodlg.c
│ ├── informer.c
│ ├── itemtips.c
│ ├── jobprp.c
│ ├── kdump.c
│ ├── ksidbg.c
│ ├── ksisup.c
│ ├── ksyscall.c
│ ├── log.c
│ ├── logwnd.c
│ ├── main.c
│ ├── mainwnd.c
│ ├── mdump.c
│ ├── memedit.c
│ ├── memlist.c
│ ├── memlists.c
│ ├── memmod.c
│ ├── memprot.c
│ ├── memprv.c
│ ├── memrslt.c
│ ├── memsrch.c
│ ├── memsrcht.c
│ ├── miniinfo.c
│ ├── modlist.c
│ ├── modprv.c
│ ├── mtgndlg.c
│ ├── mwpgdev.c
│ ├── mwpgnet.c
│ ├── mwpgproc.c
│ ├── mwpgsrv.c
│ ├── netlist.c
│ ├── netprv.c
│ ├── netstk.c
│ ├── netsup.c
│ ├── notifico.c
│ ├── notiftoast.cpp
│ ├── ntobjprp.c
│ ├── options.c
│ ├── pagfiles.c
│ ├── phsvc/
│ │ ├── clapi.c
│ │ ├── svcapi.c
│ │ ├── svcapiport.c
│ │ ├── svcclient.c
│ │ └── svcmain.c
│ ├── plugin.c
│ ├── plugman.c
│ ├── procgrp.c
│ ├── procmtgn.c
│ ├── procprp.c
│ ├── procprv.c
│ ├── procrec.c
│ ├── proctree.c
│ ├── prpgenv.c
│ ├── prpggen.c
│ ├── prpghndl.c
│ ├── prpgjob.c
│ ├── prpgmem.c
│ ├── prpgmod.c
│ ├── prpgperf.c
│ ├── prpgsrv.c
│ ├── prpgstat.c
│ ├── prpgthrd.c
│ ├── prpgtok.c
│ ├── prpgvdm.c
│ ├── prpgwmi.c
│ ├── resource.h
│ ├── resources/
│ │ ├── capslist.txt
│ │ ├── etwguids.txt
│ │ └── pooltag.txt
│ ├── runas.c
│ ├── searchbox.c
│ ├── sessmsg.c
│ ├── sessprp.c
│ ├── sessshad.c
│ ├── settings.c
│ ├── srvcr.c
│ ├── srvctl.c
│ ├── srvlist.c
│ ├── srvprp.c
│ ├── srvprv.c
│ ├── sysinfo.c
│ ├── syssccpu.c
│ ├── sysscio.c
│ ├── sysscmem.c
│ ├── thrdlist.c
│ ├── thrdprv.c
│ ├── thrdstk.c
│ ├── thrdstks.c
│ ├── tokprp.c
│ ├── usrlist.c
│ └── version.rc
├── SystemInformer.natvis
├── SystemInformer.sln
├── SystemInformer.slnx
├── build/
│ ├── KSystemInformer.ddf
│ ├── README.md
│ ├── build_clean.cmd
│ ├── build_cmake.cmd
│ ├── build_compile_commands.cmd
│ ├── build_debug.cmd
│ ├── build_devenv.cmd
│ ├── build_dyndata.cmd
│ ├── build_header.cmd
│ ├── build_init.cmd
│ ├── build_msix.cmd
│ ├── build_release.cmd
│ ├── build_sdk.cmd
│ ├── build_sdk_rebuild.cmd
│ ├── build_thirdparty.cmd
│ ├── build_tools.cmd
│ ├── build_verbose.cmd
│ ├── build_zdriver.cmd
│ ├── build_zdriver_cab.cmd
│ ├── build_zdriver_sdk.cmd
│ ├── build_zsign.cmd
│ └── build_zwntapi.ps1
├── cmake/
│ ├── commands.cmake
│ ├── platform.cmake
│ ├── prefast.cmake
│ ├── toolchain/
│ │ ├── clang-msvc-amd64.cmake
│ │ ├── clang-msvc-arm64.cmake
│ │ ├── clang-msvc-x86.cmake
│ │ ├── clang-msvc.cmake
│ │ ├── finalize-msvc.cmake
│ │ ├── msvc-amd64.cmake
│ │ ├── msvc-arm64.cmake
│ │ ├── msvc-x86.cmake
│ │ ├── msvc.cmake
│ │ └── override-msvc.cmake
│ ├── tools.cmake
│ └── tracewpp.cmake
├── kphlib/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── include/
│ │ ├── kphapi.h
│ │ ├── kphdyn.h
│ │ ├── kphdyndata.h
│ │ ├── kphlibbase.h
│ │ ├── kphmsg.h
│ │ ├── kphmsgdefs.h
│ │ ├── kphmsgdyn.h
│ │ ├── kphringbuff.h
│ │ ├── sistatus.h
│ │ └── sistatus.rc
│ ├── kphdyn.c
│ ├── kphdyn.xml
│ ├── kphdyndata.c
│ ├── kphlib_km.filters
│ ├── kphlib_km.vcxproj
│ ├── kphlib_km.vcxproj.filters
│ ├── kphlib_um.vcxproj
│ ├── kphlib_um.vcxproj.filters
│ ├── kphmsg.c
│ ├── kphmsgdyn.c
│ ├── kphringbuff.c
│ └── sistatus.mc
├── packages.config
├── phlib/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── apiimport.c
│ ├── apistubs.cpp
│ ├── appresolver.c
│ ├── appruntime.c
│ ├── avltree.c
│ ├── basestring.c
│ ├── basesup.c
│ ├── bcd.cpp
│ ├── circbuf.c
│ ├── circbuf_i.h
│ ├── colorbox.c
│ ├── cpysave.c
│ ├── data.c
│ ├── directdraw.cpp
│ ├── dspick.c
│ ├── emenu.c
│ ├── error.c
│ ├── extlv.c
│ ├── fastlock.c
│ ├── filepool.c
│ ├── filestream.c
│ ├── firmware.c
│ ├── format.c
│ ├── format_i.h
│ ├── format_std.cpp
│ ├── global.c
│ ├── graph.c
│ ├── guisup.c
│ ├── guisuplistview.cpp
│ ├── handle.c
│ ├── hexedit.c
│ ├── hndlinfo.c
│ ├── http.c
│ ├── hvsocketcontrol.c
│ ├── icotobmp.c
│ ├── imgcoherency.c
│ ├── include/
│ │ ├── apiimport.h
│ │ ├── appresolver.h
│ │ ├── appresolverp.h
│ │ ├── bcd.h
│ │ ├── circbuf.h
│ │ ├── circbuf_h.h
│ │ ├── colorbox.h
│ │ ├── cpysave.h
│ │ ├── dltmgr.h
│ │ ├── dspick.h
│ │ ├── emenu.h
│ │ ├── exlf.h
│ │ ├── exprodid.h
│ │ ├── fastlock.h
│ │ ├── filepool.h
│ │ ├── filepoolp.h
│ │ ├── filestream.h
│ │ ├── filestreamp.h
│ │ ├── graph.h
│ │ ├── guisup.h
│ │ ├── guisupp.h
│ │ ├── guisupview.h
│ │ ├── handle.h
│ │ ├── handlep.h
│ │ ├── hexedit.h
│ │ ├── hexeditp.h
│ │ ├── hndlinfo.h
│ │ ├── hvsocketcontrol.h
│ │ ├── json.h
│ │ ├── kphcomms.h
│ │ ├── kphuser.h
│ │ ├── lsamsup.h
│ │ ├── lsasup.h
│ │ ├── mapimg.h
│ │ ├── mapldr.h
│ │ ├── ph.h
│ │ ├── phafd.h
│ │ ├── phbase.h
│ │ ├── phbasesup.h
│ │ ├── phconfig.h
│ │ ├── phconsole.h
│ │ ├── phdata.h
│ │ ├── phfirmware.h
│ │ ├── phintrin.h
│ │ ├── phintrnl.h
│ │ ├── phnative.h
│ │ ├── phnativeinl.h
│ │ ├── phnet.h
│ │ ├── phsup.h
│ │ ├── phutil.h
│ │ ├── provider.h
│ │ ├── queuedlock.h
│ │ ├── ref.h
│ │ ├── refp.h
│ │ ├── searchbox.h
│ │ ├── secedit.h
│ │ ├── seceditp.h
│ │ ├── secwmi.h
│ │ ├── settings.h
│ │ ├── strsrch.h
│ │ ├── svcsup.h
│ │ ├── symprv.h
│ │ ├── symprvp.h
│ │ ├── templ.h
│ │ ├── thirdparty.h
│ │ ├── trace.h
│ │ ├── treenew.h
│ │ ├── treenewp.h
│ │ ├── verify.h
│ │ ├── verifyp.h
│ │ ├── workqueue.h
│ │ ├── workqueuep.h
│ │ └── wslsup.h
│ ├── json.c
│ ├── kph.c
│ ├── kphcomms.c
│ ├── lsamsup.c
│ ├── lsasup.c
│ ├── mapexlf.c
│ ├── mapimg.c
│ ├── mapldr.c
│ ├── maplib.c
│ ├── native.c
│ ├── nativefile.c
│ ├── nativeflt.c
│ ├── nativejob.c
│ ├── nativekey.c
│ ├── nativemodule.c
│ ├── nativepipe.c
│ ├── nativeprocess.c
│ ├── nativesocket.c
│ ├── nativethread.c
│ ├── nativetoken.c
│ ├── nativetxn.c
│ ├── nativeuser.c
│ ├── phlib.vcxproj
│ ├── phlib.vcxproj.filters
│ ├── provider.c
│ ├── queuedlock.c
│ ├── ref.c
│ ├── searchbox.c
│ ├── secdata.c
│ ├── secedit.c
│ ├── secwmi.c
│ ├── settings.c
│ ├── strsrch.c
│ ├── svcsup.c
│ ├── symprv.c
│ ├── symprv_std.cpp
│ ├── sync.c
│ ├── theme.c
│ ├── treenew.c
│ ├── util.c
│ ├── verify.c
│ ├── workqueue.c
│ └── wslsup.c
├── phnt/
│ ├── CMakeLists.txt
│ ├── README.md
│ ├── include/
│ │ ├── ntafd.h
│ │ ├── ntbcd.h
│ │ ├── ntdbg.h
│ │ ├── ntexapi.h
│ │ ├── ntgdi.h
│ │ ├── ntimage.h
│ │ ├── ntintsafe.h
│ │ ├── ntioapi.h
│ │ ├── ntkeapi.h
│ │ ├── ntldr.h
│ │ ├── ntlpcapi.h
│ │ ├── ntmisc.h
│ │ ├── ntmmapi.h
│ │ ├── ntnls.h
│ │ ├── ntobapi.h
│ │ ├── ntpebteb.h
│ │ ├── ntpfapi.h
│ │ ├── ntpnpapi.h
│ │ ├── ntpoapi.h
│ │ ├── ntpsapi.h
│ │ ├── ntregapi.h
│ │ ├── ntrtl.h
│ │ ├── ntsam.h
│ │ ├── ntseapi.h
│ │ ├── ntsmss.h
│ │ ├── ntstrsafe.h
│ │ ├── ntsxs.h
│ │ ├── nttmapi.h
│ │ ├── nttp.h
│ │ ├── ntuser.h
│ │ ├── ntwmi.h
│ │ ├── ntwow64.h
│ │ ├── ntxcapi.h
│ │ ├── ntzwapi.h
│ │ ├── phnt.h
│ │ ├── phnt_ntdef.h
│ │ ├── phnt_windows.h
│ │ ├── smbios.h
│ │ ├── subprocesstag.h
│ │ ├── usermgr.h
│ │ └── winsta.h
│ ├── meson.build
│ └── zw_options.txt
├── plugins/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── DotNetTools/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── DotNetTools.rc
│ │ ├── DotNetTools.vcxproj
│ │ ├── DotNetTools.vcxproj.filters
│ │ ├── asmpage.c
│ │ ├── clr/
│ │ │ ├── LICENSE.TXT
│ │ │ ├── clrdata.h
│ │ │ ├── cor.h
│ │ │ ├── corsym.h
│ │ │ ├── dacprivate.h
│ │ │ ├── dbgappdomain.h
│ │ │ ├── ipcenums.h
│ │ │ ├── ipcheader.h
│ │ │ ├── ipcshared.h
│ │ │ ├── perfcounterdefs.h
│ │ │ ├── sospriv.h
│ │ │ └── xclrdata.h
│ │ ├── clretw.h
│ │ ├── clrsup.c
│ │ ├── clrsup.h
│ │ ├── counters.c
│ │ ├── dn.h
│ │ ├── main.c
│ │ ├── perfpage.c
│ │ ├── resource.h
│ │ ├── stackext.c
│ │ ├── svcext.c
│ │ ├── svcext.h
│ │ ├── treeext.c
│ │ └── version.rc
│ ├── ExtendedNotifications/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── ExtendedNotifications.rc
│ │ ├── ExtendedNotifications.vcxproj
│ │ ├── ExtendedNotifications.vcxproj.filters
│ │ ├── extnoti.h
│ │ ├── filelog.c
│ │ ├── main.c
│ │ ├── resource.h
│ │ └── version.rc
│ ├── ExtendedServices/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── ExtendedServices.rc
│ │ ├── ExtendedServices.vcxproj
│ │ ├── ExtendedServices.vcxproj.filters
│ │ ├── depend.c
│ │ ├── extsrv.h
│ │ ├── main.c
│ │ ├── other.c
│ │ ├── recovery.c
│ │ ├── resource.h
│ │ ├── srvprgrs.c
│ │ ├── svcpkg.c
│ │ ├── svcpnp.c
│ │ ├── trigger.c
│ │ ├── triggpg.c
│ │ └── version.rc
│ ├── ExtendedTools/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── Efi/
│ │ │ ├── EfiDevicePath.h
│ │ │ └── EfiTypes.h
│ │ ├── ExtendedTools.rc
│ │ ├── ExtendedTools.vcxproj
│ │ ├── ExtendedTools.vcxproj.filters
│ │ ├── PresentMon/
│ │ │ ├── ETW/
│ │ │ │ ├── Microsoft_Windows_D3D9.h
│ │ │ │ ├── Microsoft_Windows_DXGI.h
│ │ │ │ ├── Microsoft_Windows_Dwm_Core.h
│ │ │ │ ├── Microsoft_Windows_DxgKrnl.h
│ │ │ │ ├── Microsoft_Windows_EventMetadata.h
│ │ │ │ └── Microsoft_Windows_Win32k.h
│ │ │ ├── LICENSE.txt
│ │ │ ├── PresentMon.cpp
│ │ │ ├── PresentMon.hpp
│ │ │ ├── PresentMonTraceConsumer.cpp
│ │ │ ├── PresentMonTraceConsumer.hpp
│ │ │ ├── TraceConsumer.cpp
│ │ │ ├── TraceConsumer.hpp
│ │ │ └── TraceSession.cpp
│ │ ├── counters.c
│ │ ├── d3dkmt/
│ │ │ ├── LICENSE
│ │ │ ├── d3dkmdt.h
│ │ │ ├── d3dkmthk.h
│ │ │ └── d3dukmdt.h
│ │ ├── disktab.c
│ │ ├── disktabp.h
│ │ ├── efi_guid_list.h
│ │ ├── etwdisk.c
│ │ ├── etwmini.c
│ │ ├── etwmini.h
│ │ ├── etwmon.c
│ │ ├── etwmon.h
│ │ ├── etwprprp.c
│ │ ├── etwstat.c
│ │ ├── etwsys.c
│ │ ├── etwsys.h
│ │ ├── extension/
│ │ │ └── plugin.h
│ │ ├── exttools.h
│ │ ├── firmware.c
│ │ ├── firmware_editor.c
│ │ ├── framemon.cpp
│ │ ├── framemon.h
│ │ ├── frameprp.c
│ │ ├── fwmon.c
│ │ ├── fwtab.c
│ │ ├── gpudetails.c
│ │ ├── gpumini.c
│ │ ├── gpumini.h
│ │ ├── gpumon.c
│ │ ├── gpumon.h
│ │ ├── gpunodes.c
│ │ ├── gpuprprp.c
│ │ ├── gpusys.c
│ │ ├── gpusys.h
│ │ ├── iconext.c
│ │ ├── main.c
│ │ ├── modsrv.c
│ │ ├── namedpipes.c
│ │ ├── npudetails.c
│ │ ├── npumini.c
│ │ ├── npumini.h
│ │ ├── npumon.c
│ │ ├── npumon.h
│ │ ├── npunodes.c
│ │ ├── npuprprp.c
│ │ ├── npusys.c
│ │ ├── npusys.h
│ │ ├── objmgr.c
│ │ ├── objprp.c
│ │ ├── options.c
│ │ ├── pooldb.c
│ │ ├── pooldialog.c
│ │ ├── pooldialogbig.c
│ │ ├── poolmon.h
│ │ ├── pooltree.c
│ │ ├── reparse.c
│ │ ├── resource.h
│ │ ├── smbios.c
│ │ ├── svcext.c
│ │ ├── thrdact.c
│ │ ├── tpm.c
│ │ ├── tpm.h
│ │ ├── tpm_editor.c
│ │ ├── treeext.c
│ │ ├── unldll.c
│ │ ├── utils.c
│ │ ├── version.rc
│ │ ├── waitchain.c
│ │ └── wswatch.c
│ ├── HardwareDevices/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── HardwareDevices.rc
│ │ ├── HardwareDevices.vcxproj
│ │ ├── HardwareDevices.vcxproj.filters
│ │ ├── adapter.c
│ │ ├── d3dkmt/
│ │ │ ├── LICENSE
│ │ │ ├── d3dkmdt.h
│ │ │ ├── d3dkmthk.h
│ │ │ └── d3dukmdt.h
│ │ ├── deviceprops.c
│ │ ├── devices.h
│ │ ├── devicetree.c
│ │ ├── disk.c
│ │ ├── diskdetails.c
│ │ ├── diskgraph.c
│ │ ├── disknotify.c
│ │ ├── diskoptions.c
│ │ ├── fmifs.h
│ │ ├── gpu.c
│ │ ├── gpudetails.c
│ │ ├── gpugraph.c
│ │ ├── gpunodes.c
│ │ ├── gpuoptions.c
│ │ ├── graphics.c
│ │ ├── main.c
│ │ ├── ndis.c
│ │ ├── ndiswlan.c
│ │ ├── ndiswlan.h
│ │ ├── netdetails.c
│ │ ├── netgraph.c
│ │ ├── netoptions.c
│ │ ├── power.c
│ │ ├── powergraph.c
│ │ ├── poweroptions.c
│ │ ├── prpsh.c
│ │ ├── prpsh.h
│ │ ├── resource.h
│ │ ├── storage.c
│ │ └── version.rc
│ ├── NetworkTools/
│ │ ├── CMakeLists.txt
│ │ ├── NetworkTools.rc
│ │ ├── NetworkTools.vcxproj
│ │ ├── NetworkTools.vcxproj.filters
│ │ ├── country.c
│ │ ├── main.c
│ │ ├── nettools.h
│ │ ├── options.c
│ │ ├── pages.c
│ │ ├── ping.c
│ │ ├── ports.c
│ │ ├── resource.h
│ │ ├── resources/
│ │ │ └── licence.txt
│ │ ├── tracert.c
│ │ ├── tracert.h
│ │ ├── tracetree.c
│ │ ├── update.c
│ │ ├── version.rc
│ │ └── whois.c
│ ├── OnlineChecks/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── OnlineChecks.rc
│ │ ├── OnlineChecks.vcxproj
│ │ ├── OnlineChecks.vcxproj.filters
│ │ ├── api.c
│ │ ├── main.c
│ │ ├── onlnchk.h
│ │ ├── options.c
│ │ ├── page1.c
│ │ ├── page2.c
│ │ ├── page3.c
│ │ ├── page4.c
│ │ ├── resource.h
│ │ ├── scan.c
│ │ ├── upload.c
│ │ └── version.rc
│ ├── Plugins.props
│ ├── Plugins.sln
│ ├── Plugins.slnx
│ ├── ToolStatus/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── ToolStatus.rc
│ │ ├── ToolStatus.vcxproj
│ │ ├── ToolStatus.vcxproj.filters
│ │ ├── customizesb.c
│ │ ├── customizetb.c
│ │ ├── filter.c
│ │ ├── find.c
│ │ ├── graph.c
│ │ ├── main.c
│ │ ├── options.c
│ │ ├── plugin.c
│ │ ├── resource.h
│ │ ├── statusbar.c
│ │ ├── taskbar.c
│ │ ├── toolbar.c
│ │ ├── toolbarsup.c
│ │ ├── toolstatus.h
│ │ └── version.rc
│ ├── Updater/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── Updater.rc
│ │ ├── Updater.vcxproj
│ │ ├── Updater.vcxproj.filters
│ │ ├── main.c
│ │ ├── options.c
│ │ ├── page1.c
│ │ ├── page2.c
│ │ ├── page3.c
│ │ ├── page4.c
│ │ ├── page5.c
│ │ ├── resource.h
│ │ ├── updater.c
│ │ ├── updater.h
│ │ ├── verify.c
│ │ └── version.rc
│ ├── UserNotes/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── UserNotes.rc
│ │ ├── UserNotes.vcxproj
│ │ ├── UserNotes.vcxproj.filters
│ │ ├── db.c
│ │ ├── db.h
│ │ ├── main.c
│ │ ├── options.c
│ │ ├── prpcmpage.c
│ │ ├── resource.h
│ │ ├── usernotes.h
│ │ └── version.rc
│ ├── WindowExplorer/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── WindowExplorer.rc
│ │ ├── WindowExplorer.vcxproj
│ │ ├── WindowExplorer.vcxproj.filters
│ │ ├── main.c
│ │ ├── prpsh.c
│ │ ├── prpsh.h
│ │ ├── resource.h
│ │ ├── utils.c
│ │ ├── version.rc
│ │ ├── wnddlg.c
│ │ ├── wndexp.h
│ │ ├── wndprp.c
│ │ ├── wndtree.c
│ │ └── wndtree.h
│ ├── include/
│ │ ├── commonutil.h
│ │ ├── networktoolsintf.h
│ │ └── toolstatusintf.h
│ └── readme.txt
└── tools/
├── CMakeLists.txt
├── CompileCommandsJson/
│ ├── CompileCommandsJson.cs
│ ├── CompileCommandsJson.csproj
│ ├── CompileCommandsJson.sln
│ ├── CompileCommandsJson.slnx
│ └── Properties/
│ └── PublishProfiles/
│ ├── amd64.pubxml
│ └── arm64.pubxml
├── CustomBuildTool/
│ ├── AzureClient.cs
│ ├── AzureSignTool/
│ │ ├── AuthenticodeKeyVaultSigner.cs
│ │ ├── ECDsaKeyVault.cs
│ │ ├── ECDsaKeyVaultExtensions.cs
│ │ ├── KeyVaultConfigurationDiscoverer.cs
│ │ ├── KeyVaultContext.cs
│ │ ├── LICENSE.txt
│ │ ├── MemoryCertificateStore.cs
│ │ ├── NativeMethods.cs
│ │ ├── RSAKeyVault.cs
│ │ ├── RSAKeyVaultExtensions.cs
│ │ └── TimeStampConfiguration.cs
│ ├── Build.cs
│ ├── BuildAzure.cs
│ ├── BuildConfig.cs
│ ├── BuildDevOps.cs
│ ├── BuildGithub.cs
│ ├── BuildHttpClient.cs
│ ├── BuildSourceForge.cs
│ ├── BuildToolsId.cs
│ ├── BuildVerify.cs
│ ├── BuildVirusTotal.cs
│ ├── BuildVisualStudio.cs
│ ├── CustomBuildTool.csproj
│ ├── CustomBuildTool.sln
│ ├── CustomBuildTool.slnx
│ ├── DynData.cs
│ ├── GlobalSuppressions.cs
│ ├── HeaderGen.cs
│ ├── NativeImports.txt
│ ├── NativeMethods.json
│ ├── NativeMethods.txt
│ ├── Program.cs
│ ├── Properties/
│ │ └── PublishProfiles/
│ │ ├── amd64.pubxml
│ │ └── arm64.pubxml
│ ├── Utils.cs
│ ├── Win32.cs
│ ├── Zip.cs
│ └── app.manifest
├── CustomCmdTool/
│ ├── CustomCmdTool.sln
│ ├── CustomCmdTool.slnx
│ ├── CustomCmdTool.vcxproj
│ ├── CustomCmdTool.vcxproj.filters
│ ├── app.manifest
│ └── main.c
├── CustomDebugTool/
│ └── CustomDebugTool.slnx
├── CustomSetupTool/
│ ├── CustomSetupTool.sln
│ ├── CustomSetupTool.slnx
│ ├── CustomSetupTool.vcxproj
│ ├── CustomSetupTool.vcxproj.filters
│ ├── app.manifest
│ ├── extract.c
│ ├── install.c
│ ├── main.c
│ ├── resource.h
│ ├── resource.rc
│ ├── setup.h
│ ├── startpage.c
│ ├── uninstall.c
│ ├── update.c
│ ├── util.c
│ └── version.rc
├── CustomSignTool/
│ ├── CustomSignTool.manifest
│ ├── CustomSignTool.sln
│ ├── CustomSignTool.slnx
│ ├── CustomSignTool.vcxproj
│ ├── CustomSignTool.vcxproj.filters
│ ├── main.c
│ ├── resource.h
│ └── resource.rc
├── CustomStartTool/
│ ├── CustomStartTool.sln
│ ├── CustomStartTool.slnx
│ ├── CustomStartTool.vcxproj
│ ├── CustomStartTool.vcxproj.filters
│ ├── app.manifest
│ └── main.c
├── Directory.Build.props
├── GenerateZw/
│ ├── GenerateZw.csproj
│ ├── GenerateZw.sln
│ ├── GenerateZw.slnx
│ ├── Program.cs
│ ├── Properties/
│ │ └── PublishProfiles/
│ │ └── 64Bit.pubxml
│ └── ZwGen.cs
├── fixlib/
│ ├── fixlib.c
│ ├── fixlib.sln
│ ├── fixlib.slnx
│ ├── fixlib.vcxproj
│ └── fixlib.vcxproj.filters
├── fixlib_bcd/
│ ├── lib32/
│ │ └── bcd.def
│ ├── lib64/
│ │ └── bcd.def
│ └── make_bcd_lib.cmd
├── msix/
│ ├── PackageManifest64.msix.xml
│ ├── PackageTemplate.appinstaller
│ ├── PackageTemplate.msix.xml
│ └── build.cmd
├── peview/
│ ├── CMakeLists.txt
│ ├── appmanifest.c
│ ├── attributes.c
│ ├── cfgprp.c
│ ├── chcol.c
│ ├── clrprp.c
│ ├── clrprptables.c
│ ├── clrtableimportprp.c
│ ├── clrtableimports.cpp
│ ├── colmgr.c
│ ├── colmgr.h
│ ├── debugprp.c
│ ├── delayhook.c
│ ├── disimp.c
│ ├── ehcontprp.c
│ ├── exlfdynamic.c
│ ├── exlfexports.c
│ ├── exlfimports.c
│ ├── exlfprp.c
│ ├── expprp.c
│ ├── hashprp.c
│ ├── impprp.c
│ ├── include/
│ │ ├── peview.h
│ │ └── prpsh.h
│ ├── layout.c
│ ├── ldprp.c
│ ├── libprp.c
│ ├── links.c
│ ├── main.c
│ ├── mappings.c
│ ├── metahost/
│ │ ├── CorError.h
│ │ ├── CorHdr.h
│ │ ├── cor.h
│ │ ├── gchost.h
│ │ ├── ivalidator.h
│ │ ├── ivehandler.h
│ │ ├── metahost.h
│ │ └── mscoree.h
│ ├── misc.c
│ ├── options.c
│ ├── pdb.c
│ ├── pdbprp.c
│ ├── pechpeprp.c
│ ├── pedirprp.c
│ ├── pedynrelocprp.c
│ ├── peexceptprp.c
│ ├── peheaderprp.c
│ ├── pemuiprp.c
│ ├── pepogoprp.c
│ ├── peprp.c
│ ├── peprpwnd.c
│ ├── perelocprp.c
│ ├── pesectionprp.c
│ ├── peview.manifest
│ ├── peview.rc
│ ├── peview.vcxproj
│ ├── peview.vcxproj.filters
│ ├── previewprp.c
│ ├── processes.c
│ ├── propstore.c
│ ├── prpsh.c
│ ├── resource.h
│ ├── resprp.c
│ ├── richprp.c
│ ├── searchbox.c
│ ├── secprp.c
│ ├── settings.c
│ ├── streams.c
│ ├── strings.c
│ ├── tlsprp.c
│ ├── version.rc
│ ├── versioninfoprp.c
│ └── volatileprp.c
├── tests/
│ └── phlib-test/
│ ├── main.c
│ ├── phlib-test.manifest
│ ├── phlib-test.sln
│ ├── phlib-test.slnx
│ ├── phlib-test.vcxproj
│ ├── phlib-test.vcxproj.filters
│ ├── t_avltree.c
│ ├── t_basesup.c
│ ├── t_format.c
│ ├── t_util.c
│ └── tests.h
├── thirdparty/
│ ├── CMakeLists.txt
│ ├── detours/
│ │ ├── LICENSE.txt
│ │ ├── detours.cpp
│ │ ├── detours.h
│ │ ├── disasm.cpp
│ │ ├── disolarm.cpp
│ │ ├── disolarm64.cpp
│ │ ├── disolia64.cpp
│ │ ├── disolx64.cpp
│ │ ├── disolx86.cpp
│ │ └── modules.cpp
│ ├── jsonc/
│ │ ├── COPYING
│ │ ├── ChangeLog
│ │ ├── arraylist.c
│ │ ├── arraylist.h
│ │ ├── config.h
│ │ ├── debug.c
│ │ ├── debug.h
│ │ ├── json.h
│ │ ├── json_c_version.c
│ │ ├── json_c_version.h
│ │ ├── json_config.h
│ │ ├── json_inttypes.h
│ │ ├── json_object.c
│ │ ├── json_object.h
│ │ ├── json_object_iterator.c
│ │ ├── json_object_iterator.h
│ │ ├── json_object_private.h
│ │ ├── json_pointer.c
│ │ ├── json_pointer.h
│ │ ├── json_pointer_private.h
│ │ ├── json_tokener.c
│ │ ├── json_tokener.h
│ │ ├── json_types.h
│ │ ├── json_util.c
│ │ ├── json_util.h
│ │ ├── json_visit.c
│ │ ├── json_visit.h
│ │ ├── libjson.c
│ │ ├── linkhash.c
│ │ ├── linkhash.h
│ │ ├── math_compat.h
│ │ ├── printbuf.c
│ │ ├── printbuf.h
│ │ ├── random_seed.c
│ │ ├── random_seed.h
│ │ ├── snprintf_compat.h
│ │ ├── strdup_compat.h
│ │ ├── strerror_override.c
│ │ ├── strerror_override.h
│ │ └── vasprintf_compat.h
│ ├── maxminddb/
│ │ ├── LICENSE
│ │ ├── data-pool.c
│ │ ├── data-pool.h
│ │ ├── maxminddb-compat-util.h
│ │ ├── maxminddb.c
│ │ ├── maxminddb.h
│ │ └── maxminddb_config.h
│ ├── md5/
│ │ ├── LICENSE
│ │ ├── md5.c
│ │ └── md5.h
│ ├── miniz/
│ │ ├── LICENSE
│ │ ├── miniz.c
│ │ ├── miniz.h
│ │ ├── miniz_common.h
│ │ ├── miniz_tdef.c
│ │ ├── miniz_tdef.h
│ │ ├── miniz_tinfl.c
│ │ ├── miniz_tinfl.h
│ │ ├── miniz_zip.c
│ │ └── miniz_zip.h
│ ├── mxml/
│ │ ├── LICENSE
│ │ ├── config.h
│ │ ├── mxml-attr.c
│ │ ├── mxml-file.c
│ │ ├── mxml-get.c
│ │ ├── mxml-index.c
│ │ ├── mxml-node.c
│ │ ├── mxml-options.c
│ │ ├── mxml-private.c
│ │ ├── mxml-private.h
│ │ ├── mxml-search.c
│ │ ├── mxml-set.c
│ │ └── mxml.h
│ ├── pcre/
│ │ ├── LICENCE
│ │ ├── README
│ │ ├── config.h
│ │ ├── pcre2.h
│ │ ├── pcre2_auto_possess.c
│ │ ├── pcre2_chartables.c
│ │ ├── pcre2_chkdint.c
│ │ ├── pcre2_compile.c
│ │ ├── pcre2_compile.h
│ │ ├── pcre2_compile_class.c
│ │ ├── pcre2_config.c
│ │ ├── pcre2_context.c
│ │ ├── pcre2_convert.c
│ │ ├── pcre2_dfa_match.c
│ │ ├── pcre2_dftables.c
│ │ ├── pcre2_error.c
│ │ ├── pcre2_extuni.c
│ │ ├── pcre2_find_bracket.c
│ │ ├── pcre2_fuzzsupport.c
│ │ ├── pcre2_internal.h
│ │ ├── pcre2_intmodedep.h
│ │ ├── pcre2_jit_char_inc.h
│ │ ├── pcre2_jit_compile.c
│ │ ├── pcre2_jit_match.c
│ │ ├── pcre2_jit_misc.c
│ │ ├── pcre2_jit_neon_inc.h
│ │ ├── pcre2_jit_simd_inc.h
│ │ ├── pcre2_jit_test.c
│ │ ├── pcre2_maketables.c
│ │ ├── pcre2_match.c
│ │ ├── pcre2_match_data.c
│ │ ├── pcre2_newline.c
│ │ ├── pcre2_ord2utf.c
│ │ ├── pcre2_pattern_info.c
│ │ ├── pcre2_printint.c
│ │ ├── pcre2_script_run.c
│ │ ├── pcre2_serialize.c
│ │ ├── pcre2_string_utils.c
│ │ ├── pcre2_study.c
│ │ ├── pcre2_substitute.c
│ │ ├── pcre2_substring.c
│ │ ├── pcre2_tables.c
│ │ ├── pcre2_ucd.c
│ │ ├── pcre2_ucp.h
│ │ ├── pcre2_ucptables.c
│ │ ├── pcre2_util.h
│ │ ├── pcre2_valid_utf.c
│ │ ├── pcre2_xclass.c
│ │ ├── pcre2posix.c
│ │ └── pcre2posix.h
│ ├── sha/
│ │ ├── LICENSE
│ │ ├── sha.c
│ │ └── sha.h
│ ├── sha256/
│ │ ├── LICENSE
│ │ ├── sha256.c
│ │ └── sha256.h
│ ├── ssdeep/
│ │ ├── COPYING.txt
│ │ ├── fuzzy.c
│ │ └── fuzzy.h
│ ├── thirdparty.sln
│ ├── thirdparty.slnx
│ ├── thirdparty.vcxproj
│ ├── thirdparty.vcxproj.filters
│ ├── tlsh/
│ │ ├── LICENSE
│ │ ├── tlsh.cpp
│ │ ├── tlsh.h
│ │ ├── tlsh_impl.cpp
│ │ ├── tlsh_impl.h
│ │ ├── tlsh_util.cpp
│ │ ├── tlsh_util.h
│ │ ├── tlsh_win_version.h
│ │ ├── tlsh_wrapper.cpp
│ │ └── tlsh_wrapper.h
│ ├── winsdk/
│ │ ├── cvconst.h
│ │ ├── dia2.h
│ │ └── dia3.h
│ ├── xxhash/
│ │ ├── CHANGELOG
│ │ ├── LICENSE
│ │ ├── xxhash.c
│ │ ├── xxhash.h
│ │ ├── xxhashwrapper.c
│ │ └── xxhashwrapper.h
│ └── zydis/
│ ├── LICENSE
│ ├── Zydis.c
│ └── Zydis.h
└── versioning/
├── build_version.cmd
└── version.rc
================================================
FILE CONTENTS
================================================
================================================
FILE: .editorconfig
================================================
root = true
[*.{c,c++,cc,cpp,cppm,cxx,h,h++,hh,hpp,hxx,inl,ipp,ixx,tlh,tli}]
charset = utf-8
end_of_line = crlf
indent_style = space
indent_size = 4
trim_trailing_whitespace = true
insert_final_newline = true
================================================
FILE: .gitattributes
================================================
# Auto detect text files
* text=auto working-tree-encoding=UTF-8
# Custom for Visual Studio
*.cs diff=csharp
*.sln merge=union
*.slnx merge=union
*.csproj merge=union
*.vbproj merge=union
*.fsproj merge=union
*.dbproj merge=union
# Project files
*.appinstaller text
*.bat text
*.c text
*.cs text
*.cpp text
*.config text
*.cmake text
*.cmd text
*.csproj text
*.def text
*.ddf text
*.editorconfig text
*.gitattributes text
*.gitignore text
*.h text
*.hpp text
*.inc text
*.inf text
*.json text
*.map text
*.manifest text
*.mc text
*.md text
*.natvis text
*.ps1 text
*.props text
*.pubxml text
*.resx text
*.rc text
*.sh text eol=lf
*.sln text
*.slnx text
*.txt text
*.vsconfig text
*.vcxproj text
*.filters text
*.xml text
*.yml text
*.yaml text
**AUTHORS text
**COPYING text
**CHANGELOG text
**CODEOWNERS text
**LICENSE text
**LICENCE text
**README text
*.bmp binary
*.dll binary
*.exe binary
*.ico binary
*.lib binary
*.pdb binary
*.png binary
*.s binary
*.sys binary
*.zip binary
# svg standard require LF
*.svg text eol=lf
# Standard to msysgit
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain
# Ignore files during repository export
.gitattributes export-ignore
.gitignore export-ignore
.gitmodules export-ignore
.github export-ignore
================================================
FILE: .github/CODEOWNERS
================================================
# Below is a list of System Informer team members' GitHub handles who are
# suggested reviewers for contributions to this repository.
#
# These names are just suggestions. It is fine to have your changes
# reviewed by someone else.
#
# Use git ls-files '<pattern>' without a / prefix to see the list of matching files.
/CODEOWNERS @dmex @jxy-s
/KSystemInformer @jxy-s
/SystemInformer @dmex @jxy-s
/build @dmex @jxy-s
/kphlib @jxy-s
/phlib @dmex @jxy-s
/phnt @dmex @jxy-s
/plugins @dmex @jxy-s
/tools @dmex
/tools/CustomBuildTool/DynData.cs @jxy-s
.github/workflows @dmex @jxy-s
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
github: [dmex, jxy-s]
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.yml
================================================
name: 'Bug report'
description: Report bugs or other issues
body:
- type: textarea
attributes:
label: Brief description of your issue
placeholder: Briefly describe your issue here.
validations:
required: true
- type: textarea
attributes:
label: Steps to reproduce (optional)
placeholder: How to reproduce the issue?
validations:
required: false
- type: textarea
attributes:
label: Expected behavior (optional)
placeholder: What did you expect to happen?
validations:
required: false
- type: textarea
attributes:
label: Actual behavior (optional)
placeholder: What is currently happening?
validations:
required: false
- type: textarea
attributes:
label: Environment (optional)
placeholder: |
System Informer version
Windows version
Any other information?
render: shell
validations:
required: false
================================================
FILE: .github/ISSUE_TEMPLATE/config.yml
================================================
blank_issues_enabled: true
contact_links:
- name: General Questions
url: https://github.com/winsiderss/systeminformer/discussions/new
about: Have a question? Start a new discussion.
- name: Review open issues
url: https://github.com/winsiderss/systeminformer/issues
about: Check existing bug reports for already reported issues.
- name: Create a blank issue
url: https://github.com/winsiderss/systeminformer/issues/new
about: Create a blank issue for anything else.
================================================
FILE: .github/ISSUE_TEMPLATE/feature_request.yml
================================================
name: "Feature request"
description: Suggest features, modifications or ideas
type: "Feature"
labels: ["enhancement"]
body:
- type: textarea
attributes:
label: Description of the feature, modification, idea or suggestion
validations:
required: true
- type: textarea
attributes:
label: Proposed implementation details (optional)
placeholder: Suggest how to implement the feature.
validations:
required: false
================================================
FILE: .github/workflows/cla.yml
================================================
name: "CLA Assistant"
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened,closed,synchronize]
permissions:
actions: write
checks: read
contents: read
issues: read
discussions: read
pull-requests: write
statuses: read
jobs:
CLAssistant:
if: ${{ github.event_name == 'pull_request_target' || github.event.issue.pull_request }}
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
uses: cla-assistant/github-action@dbc1c64d82d3aad5072007a41fff2828ae6d23ec
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_ASSISTANT_TOKEN }}
with:
path-to-signatures: 'systeminformer/cla-signatures.json'
path-to-document: 'https://github.com/winsiderss/systeminformer/blob/master/CLA.md'
branch: 'main'
remote-organization-name: 'winsiderss'
remote-repository-name: 'winsiderss-cla'
lock-pullrequest-aftermerge: false
================================================
FILE: .github/workflows/cmake.yml
================================================
name: 'cmake-continuous-integration'
on:
workflow_dispatch:
push:
branches: ['master']
pull_request:
branches: ['master']
jobs:
build:
permissions:
contents: read
strategy:
fail-fast: false
matrix:
os:
- windows-latest
toolchain:
- msvc-amd64
- msvc-arm64
- msvc-x86
- clang-msvc-amd64
- clang-msvc-arm64
- clang-msvc-x86
configuration:
- Debug
- Release
generator:
- Ninja
runs-on: ${{ matrix.os }}
name: ${{ matrix.configuration }} ${{ matrix.toolchain }}
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
- name: NuGet Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
working-directory: ${{github.workspace}}
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Build Tools
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_tools.cmd
- name: Generate
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_cmake.cmd "${{ matrix.generator }}" ${{ matrix.configuration }} ${{ matrix.toolchain }} generate
- name: Build
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_cmake.cmd "${{ matrix.generator }}" ${{ matrix.configuration }} ${{ matrix.toolchain }} build
================================================
FILE: .github/workflows/msbuild.yml
================================================
name: 'continuous-integration'
on:
workflow_dispatch:
push:
branches: ['master']
pull_request:
branches: ['master']
jobs:
build:
permissions:
contents: read
strategy:
fail-fast: false
matrix:
os: ['windows-latest']
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
- name: NuGet Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
working-directory: ${{github.workspace}}
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Build Tools
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_init.cmd
- name: Build Solution
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_debug.cmd
build-release:
permissions:
contents: read
strategy:
matrix:
os: ['windows-latest']
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
- name: NuGet Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
working-directory: ${{github.workspace}}
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Build Tools
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_init.cmd
- name: Build Solution
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_release.cmd
build-driver:
permissions:
contents: read
strategy:
matrix:
os: ['windows-latest']
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
- name: NuGet Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
working-directory: ${{github.workspace}}
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Build Tools
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_tools.cmd
- name: Build Driver
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_zdriver.cmd prefast
build-driver-release:
permissions:
contents: read
strategy:
matrix:
os: ['windows-latest']
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
- name: NuGet Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
working-directory: ${{github.workspace}}
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Build Tools
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_tools.cmd
- name: Build Driver
shell: cmd
working-directory: ${{github.workspace}}
run: build\build_zdriver.cmd release
================================================
FILE: .github/workflows/scan.yml
================================================
name: 'CodeQL Analysis'
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 0'
jobs:
analyze_driver:
name: analyze-driver
runs-on: windows-2025
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: false
matrix:
language: ['cpp']
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
with:
fetch-depth: 0
- name: Nuget Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Build Tools
shell: cmd
run: build\build_tools.cmd
- name: Initialize CodeQL
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
languages: ${{ matrix.language }}
- name: Build Driver
shell: cmd
run: build\build_zdriver.cmd
- name: Finalize CodeQL Database
run: |
$codeqlPath = (Get-ChildItem -Path "$env:RUNNER_TOOL_CACHE\CodeQL" -Recurse -Filter "codeql.exe" | Select-Object -First 1).FullName
& $codeqlPath database finalize "${{ runner.temp }}\codeql_databases\cpp"
- name: Download Windows Driver Query Packs
shell: pwsh
run: |
$codeqlPath = (Get-ChildItem -Path "$env:RUNNER_TOOL_CACHE\CodeQL" -Recurse -Filter "codeql.exe" | Select-Object -First 1).FullName
& $codeqlPath pack download microsoft/windows-drivers@1.8.2
& $codeqlPath pack download microsoft/cpp-queries@0.0.4
- name: Run Windows Driver Analysis
shell: pwsh
run: |
$codeqlPath = (Get-ChildItem -Path "$env:RUNNER_TOOL_CACHE\CodeQL" -Recurse -Filter "codeql.exe" | Select-Object -First 1).FullName
$sarifOut = Join-Path "${{ runner.temp }}" "driver-analysis.sarif"
& $codeqlPath database analyze "${{ runner.temp }}\codeql_databases\cpp" microsoft/windows-drivers --format=sarifv2.1.0 --output=$sarifOut
if ($LASTEXITCODE -ne 0) { exit $LASTEXITCODE }
- name: Filter CodeQL Results
uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d # 1.0.1
with:
input: ${{ runner.temp }}\driver-analysis.sarif
output: ${{ runner.temp }}\driver-filtered.sarif
patterns: packages/**
- name: Upload CodeQL Results
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
sarif_file: ${{ runner.temp }}\driver-filtered.sarif
analyze_library:
name: analyze-software
runs-on: windows-2025
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ['cpp']
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
with:
fetch-depth: 0
- name: Nuget Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Build Init
shell: cmd
run: build\build_init.cmd
- name: Initialize CodeQL
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
languages: ${{ matrix.language }}
- name: Build Driver
shell: cmd
run: build\build_zdriver.cmd
- name: Build Release
shell: cmd
run: build\build_release.cmd
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
category: '/language:${{ matrix.language }}'
output: sarif-results
upload: never
- name: Filter CodeQL Results
uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d # 1.0.1
with:
input: sarif-results/cpp.sarif
output: sarif-results/filtered.sarif
patterns: |
packages/**/*
tools/CustomBuildTool/generated/**/*
tools/CustomBuildTool/obj/**/*
tools/thirdparty/**/*
- name: Upload CodeQL Results
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
sarif_file: sarif-results/filtered.sarif
analyze_csharp:
name: analyze-tools
runs-on: windows-2025
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ['csharp']
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
with:
fetch-depth: 0
- name: Nuget Cache
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # 5.0.0
with:
path: packages
key: nuget-${{ runner.os }}-${{ hashFiles('**/packages.config') }}
restore-keys: nuget-${{ runner.os }}-
- name: Nuget Restore
shell: cmd
run: nuget restore .\packages.config -PackagesDirectory .\packages\
- name: Initialize CodeQL
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
languages: ${{ matrix.language }}
- name: Build Tools
shell: cmd
run: build\build_tools.cmd
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
category: '/language:${{ matrix.language }}'
output: sarif-results
upload: never
- name: Filter CodeQL Results
uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d # 1.0.1
with:
input: sarif-results/csharp.sarif
output: sarif-results/filtered.sarif
patterns: |
packages/**/*
tools/CustomBuildTool/generated/**/*
tools/CustomBuildTool/obj/**/*
tools/thirdparty/**/*
- name: Upload CodeQL Results
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # 4.31.7
with:
sarif_file: sarif-results/filtered.sarif
================================================
FILE: .gitignore
================================================
#################
## Visual Studio
#################
# User-specific files
*.suo
*.user
*.key
*.sig
*.orig
# Build results
*.exe
*.sys
*.dll
*.lib
*.appx
*.appxbundle
*.cer
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pfx
*.pgc
*.pgd
*.pvk
*.res
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tlog
*.tmp
*.vspscc
*_i.c
*_p.c
*.bak
# Visual C++ cache files
*.aps
*.idb
*.ncb
*.opendb
*.opensdf
*.sdf
*.db
# Visual Studio profiler
*.psess
*.vsp
# ReSharper is a .NET coding add-in
_ReSharper*
# Click-Once directory
publish
# Others
[Bb]in
[Oo]bj
*.Cache
~$*
# Backup & report files
_UpgradeReport_Files/
#Backup*/
UpgradeLog*.XML
# Windows image file caches
Thumbs.db
# Folder config file
Desktop.ini
# Visual Studio files
ipch/
.vs/
# VS Code files
.vscode/*
.vscode/settings.json
!.vscode/launch.json
!.vscode/tasks.json
!.vscode/extensions.json
*.code-workspace
# NuGet Packages
*.nupkg
**/packages/
**/vcpkg_installed/
# CMake files
**/.cmake/
**/CMakeCache.txt
**/CMakeFiles/
# JSON Compilation Database
**/compile_commands.json
**/.cache/
# AI instructions and caches
.github/copilot-instructions.md
.clinerules
memory-bank/
##########################
## Project specific rules
##########################
**/bin/
**/out/
build/output/
plugins-extra/
sdk/
target/
tools/thirdparty/vcpkg_installed/*
bin-cmake/
build-*/
!KSystemInformer/bin-signed/*/ksi.dll
!KSystemInformer/bin-signed/*/ksi.pdb
!KSystemInformer/bin-signed/*/systeminformer.sys
!KSystemInformer/bin-signed/*/systeminformer.pdb
!tools/CustomSignTool/bin/Release*/CustomSignTool.exe
!tools/fixlib/bin/Release/fixlib.exe
================================================
FILE: .vscode/launch.json
================================================
{
"version": "0.2.0",
"configurations": [
{
"name": "Launch SystemInformer (Debug64)",
"type": "cppvsdbg",
"request": "launch",
"program": "${workspaceFolder}/bin/Debug64/SystemInformer.exe",
"args": [],
"stopAtEntry": false,
"cwd": "${workspaceFolder}",
"environment": [],
"console": "integratedTerminal"
},
{
"name": "Attach to Process",
"type": "cppvsdbg",
"request": "attach",
"processId": "${command:pickProcess}"
}
]
}
================================================
FILE: .vscode/tasks.json
================================================
{
"version": "2.0.0",
"tasks": [
{
"label": "Build SystemInformer (Debug64)",
"type": "shell",
"command": "msbuild",
"args": [
"${workspaceFolder}/SystemInformer.sln",
"/p:Configuration=Debug",
"/p:Platform=x64",
"/t:Rebuild",
"/m"
],
"group": {
"kind": "build",
"isDefault": true
},
"problemMatcher": "$msCompile"
},
{
"label": "Build Plugins (Debug64)",
"type": "shell",
"command": "msbuild",
"args": [
"${workspaceFolder}/Plugins/Plugins.sln",
"/p:Configuration=Debug",
"/p:Platform=x64",
"/t:Rebuild",
"/m"
],
"group": {
"kind": "build",
"isDefault": true
},
"problemMatcher": "$msCompile"
},
{
"label": "Build ThirdParty (Debug64)",
"type": "shell",
"command": "msbuild",
"args": [
"${workspaceFolder}/tools/thirdparty/thirdparty.sln",
"/p:Configuration=Debug",
"/p:Platform=x64",
"/t:Rebuild",
"/m"
],
"group": {
"kind": "build",
"isDefault": true
},
"problemMatcher": "$msCompile"
},
{
"label": "Build SystemInformer (kernel driver) (Debug64)",
"type": "shell",
"command": "msbuild",
"args": [
"${workspaceFolder}/KSystemInformer/KSystemInformer.sln",
"/p:Configuration=Debug",
"/p:Platform=x64",
"/t:Rebuild",
"/m"
],
"options": {
"env": {
"KSI_NO_WPP": "1"
}
},
"group": {
"kind": "build",
"isDefault": true
},
"problemMatcher": "$msCompile"
},
{
"label": "Build Initialize (Debug64)",
"type": "shell",
"command": "${workspaceFolder}/build/build_init.cmd",
"group": {
"kind": "build",
"isDefault": true
},
},
{
"label": "Build devenv [CMD] (Debug64)",
"type": "shell",
"command": "${workspaceFolder}/build/build_devenv.cmd",
"group": { "kind": "build", }
},
{
"label": "Build prefast [CMD] (Debug64)",
"type": "shell",
"command": "${workspaceFolder}/build/build_zdriver.cmd",
"args": [
"debug",
"rebuild",
"prefast"
],
"options": {
"env": {
"KSI_NO_WPP": "1"
}
},
"group": {
"kind": "build",
}
}
]
}
================================================
FILE: .vsconfig
================================================
{
"version": "1.0",
"components": [
"Microsoft.Component.MSBuild",
"Microsoft.VisualStudio.Component.Git",
"Microsoft.VisualStudio.Component.VC.Redist.14.Latest",
"Microsoft.VisualStudio.Component.VC.Tools.x86.x64",
"Microsoft.VisualStudio.Component.VC.Tools.ARM64",
"Microsoft.VisualStudio.Component.VC.Runtimes.x86.x64.Spectre",
"Microsoft.VisualStudio.Component.VC.Runtimes.ARM64.Spectre",
"Microsoft.VisualStudio.Component.NuGet.BuildTools",
"Microsoft.VisualStudio.Workload.NativeDesktop"
],
"extensions": []
}
================================================
FILE: CHANGELOG.txt
================================================
Process Hacker
3.0
* HIGHLIGHTS:
* New Process Hacker setup.
* New process properties handle search.
* Added F11 hotkey for fullscreen System Information window.
* OTHER CHANGES:
* Updated Updater plugin:
* New design and layout.
* Updated WindowExplorer plugin:
* Added Windows process properties page.
* NOTE:
* Support for Windows XP and Vista has been dropped. For those platforms, use Process Hacker 2.38.
* This release has significant internal code changes. Please make sure all plugins are up-to-date.
2.39
* HIGHLIGHTS:
* Improved compatibility with security and anti-cheat software
* Added ability to edit process environment variables
* Fixed .NET process detection
* OTHER CHANGES:
* Improved tooltip information for dllhost.exe
* Removed Terminator
* Updated DotNetTools plugin:
* Fixed .NET assembly tab performance issues
* Added extra .NET memory counters to the .NET performance tab
* Added "Show sizes in bytes" checkbox to the .NET performance tab
* Added right-click menu to the .NET assembly tab
* Updated ExtendedTools plugin:
* Fixed "No process" disk event bug
* Updated HardwareDevices plugin:
* Fixed incorrect drive letters
* Fixed drive letter and panel clipping issue
2.38
* HIGHLIGHTS:
* Added labels to indicate the maximum data point in each I/O graph
* Graph grids now scale correctly when resized
* Improved high DPI scaling
* Added exploit mitigation policy information to process properties (Windows 8 and above)
* Added File modified time and File size columns for processes and modules
* Added Key modified time column for services
* Clicking a tray icon now shows the pop-up UI (useful for touch-enabled devices)
* The NetAdapters plugin has been renamed to HardwareDevices
* This plugin shows network adapter and disk drive graphs
* If you are manually upgrading, please delete NetAdapters.dll from the plugins folder
* Updated UserNotes plugin:
* Added "Collapse by default" option for processes
* OTHER CHANGES:
* Added "Start when I log on" option
* Added "Not responding" text to tray icon rich pop-up for programs that are hung
* Added right-click menu and double-click action for environment variables
* Added dialog box to show long command line strings
* Added Time stamp column for processes
* Added -sysinfo command line parameter for opening System Information at startup
* Added 32x32 icons for high DPI displays
* Digital signature verification is now performed with very low I/O priority
* Improved performance when handling a large number of threads, modules or handles
* The pop-up UI no longer displays when double-clicking the tray icon
* Fixed ASLR state being shown as N/A in process properties
* Fixed multi monitor window placement bug
* Fixed handle enumeration bug affecting processes with PID >= 65536
* Fixed Interrupts being missing from the max CPU usage history
* Updated ToolStatus plugin:
* Added 32x32 icons for high DPI displays
* Fixed status bar crash
* NOTE:
* This release has significant internal code changes. Please make sure all plugins are up-to-date.
2.37
* HIGHLIGHTS:
* Updated for Windows 10
* The "Include CPU (and other) usage of children in collapsed processes" option now aggregates memory and I/O statistics
* Added regex search to "Find Handles or DLLs"
* Added process exit codes to log
* Fixed crash that occurred under some conditions when processes terminated
* OTHER CHANGES:
* Added warning when trying to search for handles when the system has too many handles open
* Upgraded to PCRE2
* Updated DotNetTools plugin:
* Rewrite of .NET Performance statistics and AppDomain enumeration
* Updated OnlineChecks plugin:
* Fixed virusscan.jotti.org uploader
* Updated NetAdapters plugin:
* Added adapter details window
* Updated ToolStatus plugin:
* Added CPU, Memory and I/O graphs to the toolbar (not enabled by default)
* Added toolbar and status bar customization, as well as a new theme
* Added option to auto-hide the main menu
* Updated UserNotes plugin:
* Added individual process highlighting support
2.36
* HIGHLIGHTS:
* New rich pop-up UI when hovering the cursor over a tray icon, showing the most active processes
* Completely new Memory tab for processes, with heap, stack and working set usage
* Process Hacker now takes 32-bit dumps of 32-bit processes on 64-bit Windows
* NOTE: When using the portable (.zip) release, the entire archive must be extracted
* Updated DotNetTools plugin:
* Process Hacker now displays managed stack traces for 32-bit .NET processes on 64-bit Windows
* Fixed inaccurate stack traces when clicking Refresh
* Added AppDomain column for threads in .NET programs
* OTHER CHANGES:
* Added customizable bytes per row setting for memory editor
* Dramatically faster handle listing and search when running without administrative privileges
* Improved accuracy and speed of symbol resolution, especially when new modules are loaded
* Added trigger and delayed start information to service list
* Added file information to service list tooltips
* Balloon tips for process/service notifications are now clickable
* Added handle names for unnamed File objects
* Added I/O Priority to tray icon process menu
* Added warning for users who attempt to start the 32-bit version on 64-bit Windows
* Updated ExtendedServices plugin:
* Added service protection and SID information
* Added auto-elevation when saving recovery information, triggers and other service settings
* Updated ExtendedTools plugin:
* Added tray icon mini info window support
* Improved automatic GPU node selection
* Updated UserNotes plugin:
* Added tray icon mini info window support
* Fixed a bug in phsvc that caused hangs when automatically elevating actions
* Fixed hang when viewing handle security for certain File objects
* Fixed lack of information on startup when using slower refresh intervals
* Fixed Read/Write Address crash
* Fixed service non-polling mode on Windows 8 and above
* Fixed file dialog crash in Windows PE environments
* Fixed string scanning false positive case
* Fixed process window detection for Modern UI apps
* Fixed handle list selection bug when disabling "Hide unnamed handles"
* NOTE:
* This release has significant internal code changes. Please make sure all plugins are up-to-date.
2.35
* NEW/IMPROVED:
* Added Load Time and Load Reason columns for modules (Windows 8 and above)
* Added handle names for Job and Section objects
* Added Read/Write Memory for Section objects (in process Handles tab)
* Added CF Guard (Control Flow Guard) column for processes and modules
* Added highlighting for AppContainer DLLs
* Added AppContainer and CF Guard image characteristics to peview
* Added Open Key and Open File Location menu items for services
* Set priority and I/O priority for multiple processes at once
* Support for up to 64 processors when setting process/thread affinity
* Updated ExtendedTools plugin:
* Added Disk and Network graphs for all processes
* Updated UserNotes plugin:
* Added ability to save I/O priority
* FIXED:
* Fixed memory editor copy bug
2.34
* NEW/IMPROVED:
* Proper Unicode support
* CPU and GPU graphs are displayed in a grid now (thanks pavel_kv!)
* Start Task Manager now elevates when necessary
* Better names for memory regions in Memory tab (for PEBs, TEBs, thread stacks)
* Added tooltip information for user-mode driver framework (UMDF) host processes
* Added option to reduce row height (set ThinRows to 1 in settings.xml)
* Added NetAdapters plugin: adds graphs for selected network adapters to the System Information window
* Updated ExtendedTools plugin:
* Added GPU graphs for all processes
* Can now use the search box in the Disk tab
* Improved kernel logger handling
* FIXED:
* Fixed touch scrolling
* Fixed EtwRegistration object names for 64-bit Windows 8.1
* Fixed tray icons being clipped in high DPI environments
* Fixed crash in memory editor
* Fixed multi monitor window placement bug
2.33
* NEW/IMPROVED:
* View digital signature information from process properties and peview
* Signatures for Windows 8 apps are now detected
* Improved file, key, process and thread handle properties
* Added DPI Awareness column
* Added new Windows 8.1 process protection information
* KProcessHacker is no longer needed for highlighting of GUI threads
* Added suspend count for threads on Windows 8.1
* Updated DotNetTools plugin:
* Improved .NET assembly enumeration timeout handling
* FIXED:
* Service start type and error control are never updated if modified outside of Process Hacker
2.32
* NOTE:
* All executable files are now signed.
* NEW/IMPROVED:
* Updated for Windows 8.1
* Added progress display for thread stacks
* Updated ExtendedServices plugin:
* Added new trigger data types
* Updated NetworkTools plugin:
* Updated UI
* Updated OnlineChecks plugin:
* Added file analyzed prompt
* FIXED:
* Fixed handling of long symbol names
* Fixed Run As preventing Windows 8 apps from starting
* Fixed console host information for Windows 8.1
* Fixed reflected processes not terminating on Windows 8.1
* Fixed CPU frequency on Windows 8.1
2.31
* NEW/IMPROVED:
* Updated ExtendedServices plugin:
* Fixed some bugs relating to Windows 8
* Updated OnlineChecks plugin:
* Added upload progress
* Updated UserNotes plugin:
* Fixed bug where process priorities were not actually saved
* FIXED:
* Fixed module list not updating properly
* DLL enumeration crash
2.30
* NEW/IMPROVED:
* Added "Icon click toggles visibility" option
* Re-enabled powerful process termination on 32-bit Windows 8
* Updated UserNotes plugin:
* Added ability to save process priority
* Added "Only for processes with the same command line" option for process comments
* FIXED:
* Fixed crash on CPUs without SSE2
2.29
* NEW/IMPROVED:
* Added App ID column for processes
* Added new ASLR information for Windows 8
* Added Restart to Boot Options and Hybrid Shutdown menu items for Windows 8
* Added ability to specify processes by their names and inject and unload DLLs in command line
* Removed 512 character limit when copying text
* Moved Terminator to Miscellaneous menu
* Updated default dbghelp.dll path for Windows SDK v8
* Updated ExtendedServices plugin:
* Added new triggers for Windows 8
* Fixed bug when restarting services
* Updated ExtendedTools plugin:
* Improved support for multiple GPUs (again)
* GPU column now respects "Include CPU usage of children" option
* Updated ToolStatus plugin:
* Fixed search box fonts
* Fixed controls not being properly hidden/removed from the window when disabled
* Updated WindowExplorer plugin:
* Fixed window list not displaying Modern UI windows
* FIXED:
* Fixed Load Count column sorting bug
* Fixed signature verification on Windows 8
* Fixed task scheduler information on Windows 8
* Fixed drag bug in tree list
* Fixed KProcessHacker bug affecting TmTx objects
* Fixed Run As feature on Windows 8
* Fixed bug where -settings parameter is not propagated
* Fixed tab key behavior on main window
* Fixed recognition of Modern UI windows
2.28
* NEW/IMPROVED:
* peview now resolves .lnk targets
* Fixed Ctrl+A for processes, services and network connections and added Ctrl+A for other windows
* Changed confirmation prompts to select the destructive action by default
* Updated DotNetTools plugin:
* Fixed inaccurate stack traces for certain .NET programs
* Updated ExtendedTools plugin:
* Fixed network graph scaling
* Updated ToolStatus plugin:
* Added search box
* Updated Updater plugin
* FIXED:
* Fixed Verification Status column sorting bug in module list
* Fixed rare System Information crash
* Fixed bug in opening process handles
* Fixed freezing when viewing stack traces of certain system threads
2.27
* NEW/IMPROVED:
* Updated OnlineChecks plugin:
* 2012-01-16: Updated VirusTotal uploader and added hash checking
* FIXED:
* Fixed Description column sorting bug
* Fixed notification icon bug
2.26
* NEW/IMPROVED:
* Added option to show Commit Charge in system information summary view
* Added -priority and -selectpid command line options
* Updated ExtendedTools plugin:
* Improved support for multiple GPUs
* FIXED:
* Fixed 100% CPU when starting on some machines
2.25
* NEW/IMPROVED:
* Improved CPU frequency calculation
* Updated ExtendedTools plugin:
* Added GPU node selection
* Fixed incorrect GPU usage calculation
* FIXED:
* Graph tooltip position with large cursors
* Fixed .NET process detection
* Fixed incorrect values in Bits column
2.24
* NOTE:
* This release has significant internal code changes. Please make sure all plugins are up-to-date.
* NEW/IMPROVED:
* Completely new system information window
* Added option to scroll to new processes
* Added option to hide driver services
* Added menu item to copy individual cells
* Improved module scanning
* Added Start Task Manager menu item
* Added Image base to peview
* Updated ExtendedTools plugin:
* Added support for new system information window
* Added Disk, Network and GPU tray icons
* Added support for custom fonts in the Disk tab
* Updated Updater plugin:
* Added download speed
* Added remaining time
* FIXED:
* Fixed retrieval of version information for certain files
* Fixed driver file names on Windows XP
* Fixed Run As Administrator when used with complex commands
2.23
* NEW/IMPROVED:
* Added display of token capabilities, user/device claims and security attributes
* Added ability to change token integrity levels
* Added Description column to service list
* Added option to reset all settings
* Made grid color darker
* Enabled multi-selection in the hidden processes window
* Added UserNotes plugin
* Updated ExtendedNotifications plugin:
* Added Growl support
* Updated ExtendedTools plugin:
* Added GPU monitoring
* Added rate columns for disk and network I/O
* FIXED:
* Fixed copying lists when plugin columns are enabled
* Freezing when viewing the tooltip for a process with a very long command line
* Disabled Hidden Processes feature on 64-bit systems
2.22
* NEW/IMPROVED:
* Added highlighting for metro style apps
* Added Package Name column
* Added package name to process tooltip
* Improved .NET process detection
* Updated OS Context column for Windows 8
* Updated ExtendedTools plugin:
* Updated disk monitoring for Windows 8
* Updated memory list information for Windows 8
* Updated WindowExplorer plugin:
* Fixed hook support for low integrity processes
* FIXED:
* Fixed memory leaks
* Fixed bug preventing Interrupts/DPCs from being shown as the max. CPU process on 64-bit systems
* Fixed DEP Status column on 64-bit systems
2.21
* NEW/IMPROVED:
* Added Private Bytes Delta, ASLR and Subsystem columns
* Added ASLR and Time Stamp columns to modules list
* Added check for debugger in Terminator
* FIXED:
* Fixed Show CPU Below 0.01 not respecting locale
* Fixed copying from network list
2.20
* NEW/IMPROVED:
* Added support for managed thread stacks on x64
* Added column selection for handle list
* Added CPU column to threads list
* Improved module detection
* Added Ideal Processor to Threads tab
* Added pool usage and minimum/maximum working set columns
* Implemented Properties button for Thread handles
* Set descending sort as the default for most numeric columns
* Extended header context menu
* Removed tooltip text truncation
* Improved cycle-based CPU usage calculation
* Set default KProcessHacker security level to only allow connections when Process Hacker is running as administrator.
See README.txt for instructions on how to restore the old behavior.
* Added Updater plugin
* Updated DotNetTools plugin:
* Added managed symbol resolution for thread stacks
* Updated ExtendedTools plugin:
* Added Disk tab
* Added Hard Faults, Hard Faults Delta and Peak Threads columns to process tree list
* Added Firewall Status column
* FIXED:
* Fixed file name resolution bug
* Save settings on shutdown/logoff
* Fixed state highlighting bug
* Fixed command line propagation for -elevate
* Fixed tree list mouse wheel handling
* Fixed saving network list
2.19
* NEW/IMPROVED:
* Added cycle-based CPU usage for Windows 7
* Added Show CPU Below 0.01
* Added OS Context column
* Rewrote graph drawing code for improved performance
* Optimized retrieval of cycle time and private working set information for Windows 7
* Added Open File Location to process context menu and reorganized some items
* Added checkboxes to Terminator
* FIXED:
* Crash when sorting by Time Stamp
* GDI handle leak in drag selection
2.18
* NEW/IMPROVED:
* Completely rewritten tree list control:
* Process Name column is now fixed to the left
* Tooltips for column headers
* Improved performance
* Bug fixes
* Added more process tree list columns
* Added Time stamp column to network list
* Date/time display is now swapped (so time is shown before date)
* Added W3 terminator test
* Added DotNetTools plugin
* Updated ExtendedServices plugin:
* Disabled editing of required privileges for drivers
* Updated ExtendedTools plugin:
* Added ETW columns for processes and network connections
* Updated OnlineChecks plugin:
* Added Comodo Instant Malware Analysis
* Updated WindowExplorer plugin:
* Fixed hook bugs
* FIXED:
* Fixed Run As This User
* Verification Status sorting
2.17
* NEW/IMPROVED:
* Added support for setting page priority
* Added elevation support for setting priority
* Added support for automatically using a settings file in the program directory (e.g. ProcessHacker.exe.settings.xml)
* Improved Run As mechanism
* Updated ExtendedServices plugin:
* Added support for editing triggers
* Added support for editing preshutdown time-out
* Added support for editing required privileges
* Added elevation support for restarting services
* Updated WindowExplorer plugin:
* Added more window properties
* FIXED:
* Handle leak
2.16
* NEW/IMPROVED:
* Updated WindowExplorer plugin
* PE viewer: Added version string to CLR tab
* PE viewer: Added display of delay imports
* PE viewer: Added Load Config tab
* Improved wait analysis
* Added arrows to the service list to indicate whether a service is running
* FIXED:
* Fixed the IPv6-related workaround causing crashes
* Incorrect handling of window positions
2.15
* NEW/IMPROVED:
* Updated ExtendedServices plugin
* Updated ToolStatus plugin
* Added DEP Status column
* Improved User Name column
* FIXED:
* Image file versions
* Workaround for an IPv6-related bug in Windows XP
* DPCs and Interrupts in System Information tooltips
* File dialog crash on Windows XP
* ExtendedTools plugin: WS Watch refresh bug
2.14
* NEW/IMPROVED:
* ExtendedServices plugin: Option to add a Services menu for processes
* Command line support for setting process priority and I/O priority
* Improved termination of explorer.exe
* FIXED:
* Icon should restore the main window if it is minimized
* System Information window crashes
* Hide Processes From Other Users and Hide Signed Processes settings are now saved
* Font selection on Windows XP
* ToolStatus plugin: Always on Top status being reset by Find Window
* Service-related crashes
* WindowExplorer plugin: sorting in tree list
* Process minidump creation with old versions of dbghelp.dll
2.13
* NEW/IMPROVED:
* Added copy support to PE viewer
* Added Connect Time, Disconnect Time and Last Input Time to session properties
* Added more working set counters to the Statistics tab
* FIXED:
* Column sort arrows
* CPU usage calculations
2.12
* NEW/IMPROVED:
* Updated KProcessHacker for Windows 7 SP1
* Added elevation support for more actions
* Added ability to disable plugins
* Updated ToolStatus plugin
* Added Remote Control for sessions
* More command line options
* FIXED:
* Memory leaks
* Run As issues with different sessions
2.11
* NEW/IMPROVED:
* Added WS Watch and other features to ExtendedTools plugin
* Added WindowExplorer plugin
* Properties for hidden processes
* Improved menus
* Debug console can now be closed without affecting the entire program
* FIXED:
* Always on Top issues
* Hang when setting DEP status of a terminating process
* Encoding bug in NetworkTools plugin
* LSA interfacing issues
* Creating dumps of self
2.10
* NEW/IMPROVED:
* KProcessHacker is now signed, so it works on 64-bit systems. Thank you to the ReactOS Foundation.
* Added Run As Limited User
* Added CPU, private bytes and I/O history columns
* Added font selection
* Slightly improved highlighting configuration
* FIXED:
* High DPI support
* Multi-monitor support in graph tooltips
* DEP status retrieval
* ExtendedTools plugin crash
* Notification icon menu crash
* Memory leaks
* Other small bug fixes
2.9
* NEW/IMPROVED:
* Added column selection for modules list
* Added wait analysis for 64-bit systems
* Added signature verification for modules
* Added ExtendedTools plugin (Vista and above only) with Disk and Network information
* Updated ExtendedNotifications plugin: added ability to log events to a file
* Updated ExtendedServices plugin: new tab on Vista and above
* Updated ToolStatus plugin: resolves ghost windows to hung windows
* Environment variables and current directory are now correctly shown for WOW64 processes
* I/O priority names are now used instead of numbers
* FIXED:
* Network list bug
* Memory leaks
2.8
* NEW/IMPROVED:
* Better service list (including column selection)
* Added Peak Handles
* Process tree sorting is now preserved
* Save works for services and network connections
* Pausing now works correctly with the Network tab
* Added option to display inclusive CPU usages for collapsed processes
* Added CLR tab to peview
* Added ability to destroy heaps
* Improved process tree list appearance
* Certain command line parameters are now propagated
* FIXED:
* Icon handling bugs
* Memory leaks
* Extended tooltips for WOW64 processes
2.7
* NEW/IMPROVED:
* Vastly improved startup time and lower memory usage
* Added Cycles and Cycles Delta columns
* Added option to disable address resolution for network connections
* Added Logon Time to session properties
* Added time stamp display to peview
* FIXED:
* ToolStatus layout problems
* .NET highlighting crashes
* Run As on Windows XP
2.6
* NEW/IMPROVED:
* Sorting for most lists is now much faster
* Hide Signed Processes option
* Added plugin for uploading files to online virus scanners
* Added Network tools plugin
* Updated ExtendedServices plugin
* PE viewer now verifies checksums
* Performance improvements
* FIXED:
* Fixed service handle leak
2.5
* NEW/IMPROVED:
* Unmap section views in Memory tab
* Plugin for extended service information (including recovery information, dependencies and dependents)
* FIXED:
* Critical bug for file dialogs on Windows XP
* Esc couldn't close Service Properties on open
* Small bug fixes
2.4
* NEW/IMPROVED:
* Better Run As behaviour
* Show Processes From All Users option
* Can now unmap section views
* Control over thread affinity
* Window Title and Window Status columns
* Plugin for filtering notifications
* Plugin for toolbar and status bar
* Performance improvements
* FIXED:
* Memory leak
* SbieSupport plugin on 64-bit
* Crash when running under certain conditions
* Memory case-insensitive filter
* Process parent association bug
* REMOVED:
* Process database
2.3
* NEW/IMPROVED:
* Can add processes to jobs
* Double-clicking in the system information graphs now opens information for the relevant process
* Setting I/O priority doesn't need KProcessHacker anymore
* Elevation for certain actions
* FIXED:
* HKCU key name resolution
* Network connection host resolution
* Information window resizing
* Log clearing
2.2
* NEW/IMPROVED:
* Plugins support
* Can now unload 32-bit modules on 64-bit systems
* Tasks are shown in tooltips for taskeng.exe/taskhost.exe processes
* Run As can now start processes elevated
* Handle count by type
* Process priorities in notification icon menu
* CSV export
* Relative start times
* FIXED:
* Run and Run As shortcuts
* Command line handling
* Process tree selection
2.1
* NEW/IMPROVED:
* Add Pause key shortcut to pause/resume updates
* Added Ctrl+Tab and Ctrl+Shift+Tab shortcuts
* Grid is a bit darker
* Checks for digital signatures and packing is now off by default and optional
* FIXED:
* MD5 calculation code for files was wrong
* Process record bugs
2.0
* First release in the Process Hacker 2.x branch.
================================================
FILE: CLA.md
================================================
# Contribution License Agreement
This Contribution License Agreement (“Agreement”) is agreed to by the party signing (“You”),
and conveys certain license rights to Winsider Seminars & Solutions, Inc. and its affiliates
(“Winsiderss”) for Your contributions to Winsider Seminars & Solutions, Inc. open source projects.
This Agreement is effective as of the latest signature date.
1. **Definitions**. “**Code**” means the computer software code, whether in human-readable or
machine-executable form, that is delivered by You to Winsider Seminars & Solutions, Inc. under
this Agreement. “**Project**” means the System Informer project owned or managed by Winsider
Seminars & Solutions, Inc. and offered under the terms of the following license(s) MIT (including
any right to adopt any future version of a license if permitted). “**Submit**” is the act of
uploading, submitting, transmitting, or distributing code or other content to any Project,
including but not limited to communication on electronic mailing lists, source code control
systems, and issue tracking systems that are managed by, or on behalf of, the Project for the
purpose of discussing and improving that Project, but excluding communication that is conspicuously
marked or otherwise designated in writing by You as “Not a Submission.” “**Submission**” means the
Code and any other copyrightable material Submitted by You, including any associated comments and
documentation.
2. **Your Submission**. You must agree to the terms of this Agreement before making a Submission
to any Project. This Agreement covers any and all Submissions that You, now or in the future
(except as described in Section 4 below), Submit to any Project.
3. **Originality of Work**. You represent that each of Your Submissions is entirely Your original
work. Should You wish to Submit materials that are not Your original work, You may Submit them
separately to the Project if You (a) retain all copyright and license information that was in the
materials as You received them, (b) in the description accompanying Your Submission, include the
phrase “Submission containing materials of a third party:” followed by the names of the third
party and any licenses or other restrictions of which You are aware, and (c) follow any other
instructions in the Project’s written guidelines concerning Submissions.
4. **Your Employer**. References to “employer” in this Agreement include Your employer or anyone
else for whom You are acting in making Your Submission, e.g. as a contractor, vendor, or agent.
If Your Submission is made in the course of Your work for an employer or Your employer has
intellectual property rights in Your Submission by contract or applicable law, You must secure
permission from Your employer to make the Submission before signing this Agreement. In that case,
the term “You” in this Agreement will refer to You and the employer collectively. If You change
employers in the future and desire to Submit additional Submissions for the new employer, then
You agree to sign a new Agreement and secure permission from the new employer before Submitting
those Submissions.
5. **Licenses**.
- **Copyright License**. You grant Winsider Seminars & Solutions, Inc., and those who receive
the Submission directly or indirectly from Winsider Seminars & Solutions, Inc., a perpetual,
worldwide, non-exclusive, royalty-free, irrevocable license in the Submission to reproduce,
prepare derivative works of, publicly display, publicly perform, and distribute the Submission
and such derivative works, and to sublicense any or all of the foregoing rights to third parties.
- **Patent License**. You grant Winsider Seminars & Solutions, Inc., and those who receive the
Submission directly or indirectly from Winsider Seminars & Solutions, Inc., a perpetual,
worldwide, non-exclusive, royalty-free, irrevocable license under Your patent claims that are
necessarily infringed by the Submission or the combination of the Submission with the Project
to which it was Submitted to make, have made, use, offer to sell, sell and import or otherwise
dispose of the Submission alone or with the Project.
- **Other Rights Reserved**. Each party reserves all rights not expressly granted in this
Agreement. No additional licenses or rights whatsoever (including, without limitation, any
implied licenses) are granted by implication, exhaustion, estoppel or otherwise.
6. **Representations and Warranties**. You represent that You are legally entitled to grant the
above licenses. You represent that each of Your Submissions is entirely Your original work (except
as You may have disclosed under Section 3). You represent that You have secured permission from
Your employer to make the Submission in cases where Your Submission is made in the course of Your
work for Your employer or Your employer has intellectual property rights in Your Submission by
contract or applicable law. If You are signing this Agreement on behalf of Your employer, You
represent and warrant that You have the necessary authority to bind the listed employer to the
obligations contained in this Agreement. You are not expected to provide support for Your
Submission, unless You choose to do so. UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING,
AND EXCEPT FOR THE WARRANTIES EXPRESSLY STATED IN SECTIONS 3, 4, AND 6, THE SUBMISSION PROVIDED
UNDER THIS AGREEMENT IS PROVIDED WITHOUT WARRANTY OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, ANY
WARRANTY OF NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
7. **Notice to Winsider Seminars & Solutions, Inc.**. You agree to notify Winsider Seminars &
Solutions, Inc. in writing of any facts or circumstances of which You later become aware that would
make Your representations in this Agreement inaccurate in any respect.
8. **Information about Submissions**. You agree that contributions to Projects and information
about contributions may be maintained indefinitely and disclosed publicly, including Your name
and other information that You submit with Your Submission.
9. **Governing Law/Jurisdiction**. This Agreement and all disputes, claims, actions, suits or
other proceedings arising out of this agreement or relating in any way to it shall be governed by
the laws of Quebec, Canada excluding its private international law provisions.
10. **Entire Agreement/Assignment**. This Agreement is the entire agreement between the parties,
and supersedes any and all prior agreements, understandings or communications, written or oral,
between the parties relating to the subject matter hereof. This Agreement may be assigned by
Winsider Seminars & Solutions, Inc..
================================================
FILE: CMakeLists.txt
================================================
#
# Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.
#
# This file is part of System Informer.
#
cmake_minimum_required(VERSION 3.30.0 FATAL_ERROR)
project(SystemInformer)
set(SI_ROOT ${CMAKE_CURRENT_SOURCE_DIR})
list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
include(commands)
set(CMAKE_CONFIGURATION_TYPES "Debug;Release" CACHE STRING "" FORCE)
# TODO change this to bin once we fully transition to cmake
# set up to allow user to disable with "" or "OFF"
set(SI_OUTPUT_DIR "${SI_ROOT}/bin-cmake" CACHE PATH "Output directory")
option(SI_WITH_CORE "Configure core projects" ON)
option(SI_WITH_PLUGINS "Configure plugin projects" OFF)
option(SI_WITH_KERNEL "Configure kernel projects" OFF)
option(SI_WITH_PREFAST "Enables prefast analysis" OFF)
option(SI_WITH_WPP_USER "Enables user mode WPP trace" OFF)
option(SI_WITH_WPP_KERNEL "Enables kernel mode WPP trace" ON)
if (MSVC_NOT_CLANG AND CMAKE_BUILD_TYPE STREQUAL "Release")
add_compile_options(/d1trimfile:${SI_ROOT})
endif()
if(SI_WITH_CORE)
add_subdirectory(SystemInformer)
add_subdirectory(phnt)
add_subdirectory(phlib)
add_subdirectory(tools)
endif()
if(SI_WITH_KERNEL)
message(FATAL_ERROR "Kernel mode projects are not supported")
add_subdirectory(KSystemInformer)
endif()
if(SI_WITH_PLUGINS)
add_subdirectory(plugins)
endif()
if(SI_WITH_CORE OR SI_WITH_KERNEL)
add_subdirectory(kphlib)
endif()
================================================
FILE: CODE_OF_CONDUCT.md
================================================
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at dmex04@gmail.com and johnny.shaw@live.com. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq
================================================
FILE: CONTRIBUTING.md
================================================
# Contribution Guidelines
================================================
FILE: COPYRIGHT.txt
================================================
== System Informer ==
System Informer is licensed. A full copy of the license is provided in LICENSE.txt.
Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.
== Mini-XML ==
System Informer uses Mini-XML licensed under the following terms:
The Mini-XML library and included programs are provided under the
terms of the GNU Library General Public License (LGPL) with the
following exceptions:
1. Static linking of applications to the Mini-XML library
does not constitute a derivative work and does not require
the author to provide source code for the application, use
the shared Mini-XML libraries, or link their applications
against a user-supplied version of Mini-XML.
If you link the application to a modified version of
Mini-XML, then the changes to Mini-XML must be provided
under the terms of the LGPL in sections 1, 2, and 4.
2. You do not have to provide a copy of the Mini-XML license
with programs that are linked to the Mini-XML library, nor
do you have to identify the Mini-XML license in your
program or documentation as required by section 6 of the
LGPL.
== PCRE ==
System Informer uses Perl-Compatible Regular Expressions licensed under the
following terms:
PCRE is a library of functions to support regular expressions whose syntax
and semantics are as close as possible to those of the Perl 5 language.
Release 8 of PCRE is distributed under the terms of the "BSD" licence, as
specified below.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the University of Cambridge nor the name of Google
Inc. nor the names of their contributors may be used to endorse or
promote products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
== MD5 ==
System Informer uses a MD5 implementation licensed under the following terms:
MD5 hash implementation and interface functions
Copyright (c) 2003-2005, Jouni Malinen <jkmaline@cc.hut.fi>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation.
== SHA ==
System Informer uses a SHA implementation licensed under the following terms:
Copyright 2004 Filip Navara
Based on public domain SHA code by Steve Reid <steve@edmweb.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
== Natural order string comparison ==
System Informer uses "strnatcmp.c" licensed under the following terms:
strnatcmp.c -- Perform 'natural order' comparisons of strings in C.
Copyright (C) 2000, 2004 by Martin Pool <mbp sourcefrog net>
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
This code has been modified for System Informer.
================================================
FILE: Common.Kernel.props
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project>
<PropertyGroup Label="Global">
<CodeAnalysisTreatWarningsAsErrors>true</CodeAnalysisTreatWarningsAsErrors>
<DriverType>WDM</DriverType>
<MSBuildProjectExtensionsPath>$(ProjectDir)$(ProjectName)\obj\</MSBuildProjectExtensionsPath>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ResolveNuGetPackages>false</ResolveNuGetPackages>
<SignMode>Off</SignMode>
<WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
</PropertyGroup>
<PropertyGroup Label="Configuration">
<CharacterSet>Unicode</CharacterSet>
<Driver_SpectreMitigation>Spectre</Driver_SpectreMitigation>
<TargetVersion>Windows10</TargetVersion>
<_NT_TARGET_VERSION Condition="'$(Platform)'=='x64'">0x0A00</_NT_TARGET_VERSION>
<_NT_TARGET_VERSION Condition="'$(Platform)'=='ARM64'">0xA000004</_NT_TARGET_VERSION>
</PropertyGroup>
<PropertyGroup Condition="$(Configuration)=='Debug'" Label="Configuration">
<LinkIncremental>true</LinkIncremental>
<UseDebugLibraries>true</UseDebugLibraries>
<WholeProgramOptimization>false</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="$(Configuration)=='Release'" Label="Configuration">
<LinkIncremental>false</LinkIncremental>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>$(SystemInformerRoot)\Common.Kernel.ruleset</CodeAnalysisRuleSet>
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<EnableInf2cat>false</EnableInf2cat>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>$(CRT_IncludePath);$(KM_IncludePath);$(KIT_SHARED_IncludePath)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(SystemInformerRoot)phnt\include\</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(SystemInformerRoot)kphlib\include\</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(ProjectDir)include\</AdditionalIncludeDirectories>
<AdditionalOptions>/kernel /utf-8 /INTEGRITYCHECK /d1nodatetime %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions Condition="'$(Platform)'=='x64'">/d2guardretpoline %(AdditionalOptions)</AdditionalOptions>
<CallingConvention>StdCall</CallingConvention>
<ConformanceMode>true</ConformanceMode>
<ControlFlowGuard>Guard</ControlFlowGuard>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<DisableSpecificWarnings>4201</DisableSpecificWarnings>
<GuardEHContMetadata>true</GuardEHContMetadata>
<GuardSignedReturns Condition="'$(Platform)'=='ARM64'">true</GuardSignedReturns>
<LanguageStandard>stdcpp20</LanguageStandard>
<LanguageStandard_C>stdc17</LanguageStandard_C>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<PreprocessorDefinitions>POOL_NX_OPTIN;POOL_ZERO_DOWN_LEVEL_SUPPORT;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Platform)'=='x64'">_AMD64_;AMD64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Platform)'=='ARM64'">_ARM64_;ARM64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Configuration)'=='DEBUG'">_DEBUG;DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<StringPooling>true</StringPooling>
<UseStandardPreprocessor>true</UseStandardPreprocessor>
<WarningLevel>Level4</WarningLevel>
</ClCompile>
<ClCompile Condition="'$(Configuration)'=='Release'">
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
<InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
<IntrinsicFunctions>true</IntrinsicFunctions>
<Optimization>MaxSpeed</Optimization>
</ClCompile>
<Link>
<AdditionalLibraryDirectories>%(AdditionalLibraryDirectories);$(OutDir)</AdditionalLibraryDirectories>
<AdditionalOptions>/INTEGRITYCHECK /DEPENDENTLOADFLAG:0x800 /FILEALIGN:0x1000 %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions>/NATVIS:$(SystemInformerRoot)SystemInformer.natvis %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions Condition="'$(Platform)'=='x64'">/guard:retpoline %(AdditionalOptions)</AdditionalOptions>
<AdditionalOptions Condition="'$(Configuration)'=='Release'">/BREPRO /NOVCFEATURE /NOCOFFGRPINFO %(AdditionalOptions)</AdditionalOptions>
<CETCompat Condition="'$(Platform)'!='ARM64'">true</CETCompat>
<LinkTimeCodeGeneration Condition="'$(Configuration)'=='Release'">UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
<RandomizedBaseAddress>true</RandomizedBaseAddress>
<UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
</Link>
<Lib>
<LinkTimeCodeGeneration Condition="'$(Configuration)'=='Release'">UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
<TreatLibWarningAsErrors>true</TreatLibWarningAsErrors>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
</Lib>
<ResourceCompile>
<AdditionalOptions>/c 65001 %(AdditionalOptions)</AdditionalOptions>
</ResourceCompile>
</ItemDefinitionGroup>
<!-- WPP Trace
- Set KSI_NO_WPP to disable WPP trace compile entirely.
-->
<PropertyGroup>
<KsiNoWpp Condition="'$(KSI_NO_WPP)'!=''">true</KsiNoWpp>
</PropertyGroup>
<Target Name="KsiRunWpp"
BeforeTargets="BeforeClCompile"
Condition="'$(KsiNoWpp)'!='true'"
Inputs="@(ClInclude);@(ClCompile)"
Outputs="@(ClInclude->'$(IntDir)tmh\%(Filename).tmh');@(ClCompile->'$(IntDir)tmh\%(Filename).tmh')">
<MakeDir Directories="$(IntDir)tmh" Condition="!Exists('$(IntDir)tmh')" />
<PropertyGroup>
<TraceWppCmd>tracewpp.exe</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -km</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -ext:.c.cpp.h.hpp</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -preserveext:.c.cpp.h.hpp</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -I"$(WindowsSdkDir)bin\$(TargetPlatformVersion)\WppConfig\Rev1"</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -odir:"$(IntDir)tmh"</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -scan:"$(SystemInformerRoot)KSystemInformer\include\trace.h"</TraceWppCmd>
</PropertyGroup>
<Exec Command="$(TraceWppCmd) @(ClInclude->'"%(FullPath)"', ' ') @(ClCompile->'"%(FullPath)"', ' ')"/>
</Target>
<ItemDefinitionGroup Condition="'$(KsiNoWpp)'!='true'">
<ClCompile>
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(IntDir)tmh\</AdditionalIncludeDirectories>
<PreprocessorDefinitions>TMH_FILE=%(FileName)%(Extension).tmh;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(KsiNoWpp)'=='true'">
<ClCompile>
<PreprocessorDefinitions>KSI_NO_WPP;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
</ItemDefinitionGroup>
</Project>
================================================
FILE: Common.Kernel.ruleset
================================================
<?xml version="1.0" encoding="utf-8"?>
<RuleSet Name="Rules for KSystemInformer" Description="Code analysis rules for KSystemInformer." ToolsVersion="17.0">
<Include Path="AllRules.ruleset" Action="Default" />
<Rules AnalyzerId="Microsoft.Analyzers.NativeCodeAnalysis" RuleNamespace="Microsoft.Rules.Native">
<Rule Id="C6014" Action="None" />
<Rule Id="C6320" Action="None" />
<Rule Id="C6262" Action="None" />
<Rule Id="C28023" Action="None" />
<Rule Id="C28194" Action="None" />
<Rule Id="C28195" Action="None" />
</Rules>
</RuleSet>
================================================
FILE: Common.User.props
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- Global -->
<ItemDefinitionGroup>
<ClCompile>
<TreatWarningAsError>true</TreatWarningAsError>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<MinimalRebuild>false</MinimalRebuild>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<LanguageStandard>stdcpplatest</LanguageStandard>
<LanguageStandard_C>stdclatest</LanguageStandard_C>
<StringPooling>true</StringPooling>
<SupportJustMyCode>false</SupportJustMyCode>
<UseFullPaths>false</UseFullPaths>
<UseStandardPreprocessor>true</UseStandardPreprocessor>
<ConformanceMode>true</ConformanceMode>
<EnforceTypeConversionRules>true</EnforceTypeConversionRules>
<WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<LargeAddressAware>true</LargeAddressAware>
</Link>
<Lib>
<TreatLibWarningAsErrors>true</TreatLibWarningAsErrors>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
<LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
</Lib>
<ResourceCompile>
<Culture>0x0009</Culture>
<AdditionalOptions>/c 65001 %(AdditionalOptions)</AdditionalOptions>
<PreprocessorDefinitions>%(PreprocessorDefinitions);$(ExternalPreprocessorOptions)</PreprocessorDefinitions>
</ResourceCompile>
</ItemDefinitionGroup>
<!-- WPP Trace (optional, disabled by default)
- Conditional based on presence of necessary WDK parts.
- Set SI_WITH_WPP to enable WPP trace compile.
-->
<PropertyGroup>
<SiNoWpp Condition="'$(SI_WITH_WPP)'==''">true</SiNoWpp>
</PropertyGroup>
<Target Name="SiRunWpp"
BeforeTargets="BeforeClCompile"
Condition="'$(SiNoWpp)'!='true' and Exists('$(WindowsSdkDir)\bin\$(TargetPlatformVersion)\WppConfig\Rev1\')"
Inputs="@(ClInclude);@(ClCompile)"
Outputs="@(ClInclude->'$(IntDir)tmh\%(Filename).tmh');@(ClCompile->'$(IntDir)tmh\%(Filename).tmh')">
<MakeDir Directories="$(IntDir)tmh" Condition="!Exists('$(IntDir)tmh')" />
<PropertyGroup>
<TraceWppCmd>tracewpp.exe</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -um</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -ext:.c.cpp.h.hpp</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -preserveext:.c.cpp.h.hpp</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -I"$(WindowsSdkDir)bin\$(TargetPlatformVersion)\WppConfig\Rev1"</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -odir:"$(IntDir)tmh"</TraceWppCmd>
<TraceWppCmd>$(TraceWppCmd) -scan:"$(SystemInformerRoot)phlib\include\trace.h"</TraceWppCmd>
</PropertyGroup>
<Exec Command="$(TraceWppCmd) @(ClInclude->'"%(FullPath)"', ' ') @(ClCompile->'"%(FullPath)"', ' ')"/>
</Target>
<ItemDefinitionGroup Condition="'$(SiNoWpp)'!='true' and Exists('$(WindowsSdkDir)\bin\$(TargetPlatformVersion)\WppConfig\Rev1\')">
<ClCompile>
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(IntDir)tmh\</AdditionalIncludeDirectories>
<PreprocessorDefinitions>TMH_FILE=%(FileName)%(Extension).tmh;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(SiNoWpp)'=='true' or !Exists('$(WindowsSdkDir)\bin\$(TargetPlatformVersion)\WppConfig\Rev1\')">
<ClCompile>
<PreprocessorDefinitions>SI_NO_WPP;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
</ItemDefinitionGroup>
<!-- Debug Builds -->
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<CharacterSet>Unicode</CharacterSet>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<SpectreMitigation>false</SpectreMitigation>
<LinkIncremental>true</LinkIncremental>
<WholeProgramOptimization>false</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<CharacterSet>Unicode</CharacterSet>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<SpectreMitigation>false</SpectreMitigation>
<LinkIncremental>true</LinkIncremental>
<WholeProgramOptimization>false</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<CharacterSet>Unicode</CharacterSet>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<SpectreMitigation>false</SpectreMitigation>
<LinkIncremental>true</LinkIncremental>
<WholeProgramOptimization>false</WholeProgramOptimization>
</PropertyGroup>
<!-- Release Builds -->
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<CharacterSet>Unicode</CharacterSet>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<SpectreMitigation>Spectre</SpectreMitigation>
<LinkIncremental>false</LinkIncremental>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<CharacterSet>Unicode</CharacterSet>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<SpectreMitigation>Spectre</SpectreMitigation>
<LinkIncremental>false</LinkIncremental>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<CharacterSet>Unicode</CharacterSet>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<SpectreMitigation>Spectre</SpectreMitigation>
<LinkIncremental>false</LinkIncremental>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<!-- Debug|Win32 Builds -->
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<AdditionalOptions>/utf-8 /d1nodatetime %(AdditionalOptions)</AdditionalOptions>
<PreprocessorDefinitions>WIN32;DEBUG;_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);$(ExternalPreprocessorOptions)</PreprocessorDefinitions>
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
<EnableEnhancedInstructionSet>$(ExternalSimdOptions)</EnableEnhancedInstructionSet>
<Optimization>Disabled</Optimization>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<CallingConvention>StdCall</CallingConvention>
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
<FloatingPointModel>Precise</FloatingPointModel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
</ClCompile>
<Link>
<AdditionalOptions>/BREPRO /DEBUGTYPE:CV,PDATA /DEPENDENTLOADFLAG:0x800 /FILEALIGN:0x1000 /NOOPTIDATA /BASERELOCCLUSTERING /NATVIS:$(MSBuildThisFileDirectory)\SystemInformer.natvis %(AdditionalOptions) $(ExternalLinkerOptions)</AdditionalOptions>
<AdditionalDependencies>invalidcontinue.obj;noarg.obj;noenv.obj;nothrownew.obj;%(AdditionalDependencies)</AdditionalDependencies>
<MinimumRequiredVersion>6.01</MinimumRequiredVersion>
<TargetMachine>MachineX86</TargetMachine>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<GenerateDebugInformation>true</GenerateDebugInformation>
<UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<!-- Debug|x64 Builds -->
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<AdditionalOptions>/utf-8 /d1nodatetime /d1import_no_registry /jumptablerdata %(AdditionalOptions) $(ExternalAdditionalOptions)</AdditionalOptions>
<PreprocessorDefinitions>WIN64;DEBUG;_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);$(ExternalPreprocessorOptions)</PreprocessorDefinitions>
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
<EnableEnhancedInstructionSet>$(ExternalSimdOptions)</EnableEnhancedInstructionSet>
<Optimization>Disabled</Optimization>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<CallingConvention>StdCall</CallingConvention>
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
<FloatingPointModel>Precise</FloatingPointModel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
</ClCompile>
<Link>
<AdditionalOptions>/BREPRO /DEBUGTYPE:CV,PDATA /DEPENDENTLOADFLAG:0x800 /FILEALIGN:0x1000 /NOOPTIDATA /BASERELOCCLUSTERING /NATVIS:$(MSBuildThisFileDirectory)\SystemInformer.natvis %(AdditionalOptions) $(ExternalLinkerOptions)</AdditionalOptions>
<AdditionalDependencies>invalidcontinue.obj;noarg.obj;noenv.obj;nothrownew.obj;%(AdditionalDependencies)</AdditionalDependencies>
<MinimumRequiredVersion>6.01</MinimumRequiredVersion>
<TargetMachine>MachineX64</TargetMachine>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<GenerateDebugInformation>true</GenerateDebugInformation>
<UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<!-- Debug|ARM64 Builds -->
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<ClCompile>
<AdditionalOptions>/utf-8 /d1nodatetime /d1import_no_registry %(AdditionalOptions)</AdditionalOptions>
<PreprocessorDefinitions>WIN64;DEBUG;_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);$(ExternalPreprocessorOptions)</PreprocessorDefinitions>
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
<EnableEnhancedInstructionSet>$(ExternalSimdOptions)</EnableEnhancedInstructionSet>
<Optimization>Disabled</Optimization>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<CallingConvention>StdCall</CallingConvention>
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
<FloatingPointModel>Precise</FloatingPointModel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<GuardSignedReturns>true</GuardSignedReturns>
</ClCompile>
<Link>
<AdditionalOptions>/BREPRO /DEBUGTYPE:CV,PDATA /DEPENDENTLOADFLAG:0x800 /FILEALIGN:0x1000 /NOOPTIDATA /BASERELOCCLUSTERING /NATVIS:$(MSBuildThisFileDirectory)\SystemInformer.natvis %(AdditionalOptions) $(ExternalLinkerOptions)</AdditionalOptions>
<AdditionalDependencies>invalidcontinue.obj;noarg.obj;noenv.obj;nothrownew.obj;%(AdditionalDependencies)</AdditionalDependencies>
<MinimumRequiredVersion>10</MinimumRequiredVersion>
<TargetMachine>MachineARM64</TargetMachine>
<FullProgramDatabaseFile>true</FullProgramDatabaseFile>
<GenerateDebugInformation>true</GenerateDebugInformation>
<UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<!-- Release|Win32 Builds -->
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<AdditionalOptions>/utf-8 /d1nodatetime /d1import_no_registry /d1trimfile:"$(MSBuildThisFileDirectory)\" %(AdditionalOptions)</AdditionalOptions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);$(ExternalPreprocessorOptions)</PreprocessorDefinitions>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<Optimization>MaxSpeed</Optimization>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<CallingConvention>StdCall</CallingConvention>
<FloatingPointModel>Precise</FloatingPointModel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SpectreMitigation>Spectre</SpectreMitigation>
<IntelJCCErratum>true</IntelJCCErratum>
<InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
<WholeProgramOptimization>true</WholeProgramOptimization>
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<AdditionalOptions>/BREPRO /DEBUGTYPE:CV,PDATA /DEPENDENTLOADFLAG:0x800 /PDBALTPATH:%_PDB% /FILEALIGN:0x1000 /NOOPTIDATA /NOVCFEATURE /NOCOFFGRPINFO /BASERELOCCLUSTERING %(AdditionalOptions) $(ExternalLinkerOptions)</AdditionalOptions>
<AdditionalDependencies>invalidcontinue.obj;noarg.obj;noenv.obj;nothrownew.obj;%(AdditionalDependencies)</AdditionalDependencies>
<CETCompat>true</CETCompat>
<MinimumRequiredVersion>6.01</MinimumRequiredVersion>
<TargetMachine>MachineX86</TargetMachine>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SetChecksum>true</SetChecksum>
<StripPrivateSymbols>$(OutDir)$(TargetName)_stripped.pdb</StripPrivateSymbols>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<!-- Release|x64 Builds -->
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<AdditionalOptions>/utf-8 /d1nodatetime /d1import_no_registry /guard:xfg /jumptablerdata /d1trimfile:"$(MSBuildThisFileDirectory)\" %(AdditionalOptions)</AdditionalOptions>
<PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);$(ExternalPreprocessorOptions)</PreprocessorDefinitions>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<EnableEnhancedInstructionSet>$(ExternalSimdOptions)</EnableEnhancedInstructionSet>
<Optimization>MaxSpeed</Optimization>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<CallingConvention>StdCall</CallingConvention>
<FloatingPointModel>Precise</FloatingPointModel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SpectreMitigation>Spectre</SpectreMitigation>
<IntelJCCErratum>true</IntelJCCErratum>
<GuardEHContMetadata>true</GuardEHContMetadata>
<InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
<WholeProgramOptimization>true</WholeProgramOptimization>
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<AdditionalOptions>/BREPRO /DEBUGTYPE:CV,PDATA /DEPENDENTLOADFLAG:0x800 /PDBALTPATH:%_PDB% /FILEALIGN:0x1000 /LTCG /GUARD:XFG /NOOPTIDATA /NOVCFEATURE /NOCOFFGRPINFO /BASERELOCCLUSTERING %(AdditionalOptions) $(ExternalLinkerOptions)</AdditionalOptions>
<AdditionalDependencies>invalidcontinue.obj;noarg.obj;noenv.obj;nothrownew.obj;%(AdditionalDependencies)</AdditionalDependencies>
<CETCompat>true</CETCompat>
<MinimumRequiredVersion>6.01</MinimumRequiredVersion>
<TargetMachine>MachineX64</TargetMachine>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SetChecksum>true</SetChecksum>
<StripPrivateSymbols>$(OutDir)$(TargetName)_stripped.pdb</StripPrivateSymbols>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<!-- Release|ARM64 Builds -->
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<ClCompile>
<AdditionalOptions>/utf-8 /d1nodatetime /d1import_no_registry /d1trimfile:"$(MSBuildThisFileDirectory)\" %(AdditionalOptions)</AdditionalOptions>
<PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions);$(ExternalPreprocessorOptions)</PreprocessorDefinitions>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<EnableEnhancedInstructionSet>$(ExternalSimdOptions)</EnableEnhancedInstructionSet>
<Optimization>MaxSpeed</Optimization>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<CallingConvention>StdCall</CallingConvention>
<FloatingPointModel>Precise</FloatingPointModel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<GuardSignedReturns>true</GuardSignedReturns>
<GuardEHContMetadata>true</GuardEHContMetadata>
<InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
<WholeProgramOptimization>true</WholeProgramOptimization>
<FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
<ControlFlowGuard>Guard</ControlFlowGuard>
</ClCompile>
<Link>
<AdditionalOptions>/BREPRO /DEBUGTYPE:CV,PDATA /DEPENDENTLOADFLAG:0x800 /PDBALTPATH:%_PDB% /FILEALIGN:0x1000 /LTCG /NOOPTIDATA /NOVCFEATURE /NOCOFFGRPINFO /BASERELOCCLUSTERING %(AdditionalOptions) $(ExternalLinkerOptions)</AdditionalOptions>
<AdditionalDependencies>invalidcontinue.obj;noarg.obj;noenv.obj;nothrownew.obj;%(AdditionalDependencies)</AdditionalDependencies>
<MinimumRequiredVersion>10</MinimumRequiredVersion>
<TargetMachine>MachineARM64</TargetMachine>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SetChecksum>true</SetChecksum>
<StripPrivateSymbols>$(OutDir)$(TargetName)_stripped.pdb</StripPrivateSymbols>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
<UseUnicodeResponseFiles>true</UseUnicodeResponseFiles>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
</Project>
================================================
FILE: Directory.Build.props
================================================
<Project>
<PropertyGroup>
<SystemInformerRoot>$(MSBuildThisFileDirectory)</SystemInformerRoot>
</PropertyGroup>
<Import Project="packages\Microsoft.Windows.SDK.CPP.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.props" Condition="Exists('packages\Microsoft.Windows.SDK.CPP.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.props')"/>
<Import Project="packages\Microsoft.Windows.SDK.CPP.x86.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.x86.props" Condition="Exists('packages\Microsoft.Windows.SDK.CPP.x86.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.x86.props') and '$(Platform)' == 'Win32'"/>
<Import Project="packages\Microsoft.Windows.SDK.CPP.x64.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.x64.props" Condition="Exists('packages\Microsoft.Windows.SDK.CPP.x64.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.x64.props') and '$(Platform)' == 'x64'"/>
<Import Project="packages\Microsoft.Windows.SDK.CPP.ARM64.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.ARM64.props" Condition="Exists('packages\Microsoft.Windows.SDK.CPP.ARM64.10.0.26100.7463\build\native\Microsoft.Windows.SDK.cpp.ARM64.props') and '$(Platform)' == 'ARM64'"/>
<Import Project="packages\Microsoft.Windows.WDK.x64.10.0.26100.6584\build\native\Microsoft.Windows.WDK.x64.props" Condition="Exists('packages\Microsoft.Windows.WDK.x64.10.0.26100.6584\build\native\Microsoft.Windows.WDK.x64.props') and '$(Platform)' == 'x64'"/>
<Import Project="packages\Microsoft.Windows.WDK.ARM64.10.0.26100.6584\build\native\Microsoft.Windows.WDK.ARM64.props" Condition="Exists('packages\Microsoft.Windows.WDK.ARM64.10.0.26100.6584\build\native\Microsoft.Windows.WDK.ARM64.props') and '$(Platform)' == 'ARM64'"/>
</Project>
================================================
FILE: HACKING.md
================================================
## Conventions
### Names
* Functions, function parameters, and global variables use CamelCase.
* Local variables use lowerCamelCase.
* Structs, enums and unions use CAPS_WITH_UNDERSCORES.
All names must have an appropriate prefix (with some exceptions):
* `Ph` or `PH_` (structures) for public names.
* `Php` or `PHP_` for private names.
* Some variants such as `Pha`.
* Private prefixes are created by appending `p` to the prefix. E.g. `Ph` -> `Php`, `Pha` -> `Phap`.
* Functions and global variables without a prefix must be declared "static".
* `static` names must not have a public prefix.
* Names with a private prefix do not have to be `static`.
* Structures without a prefix must be declared in a `.c/.cpp` file. Structures declared in a `.c/.cpp` file do not require a prefix.
### Types
Unless used for the Win32 API, the standard types are:
* `BOOLEAN` for a 1 byte boolean, or `LOGICAL` for a 4 byte boolean.
* `UCHAR` for 1 byte.
* `SHORT`/`USHORT` for 2 bytes.
* `LONG`/`ULONG` for 4 bytes.
* `LONG64`/`ULONG64` for 8 bytes.
* `CHAR` for a 1 byte character.
* `WCHAR` for a 2 byte character.
* `PSTR` for a string of 1 byte characters.
* `PWSTR` for a string of 2 byte characters.
#### Booleans
Always use:
```
if (booleanVariable) // not "if (booleanVariable == TRUE)"
{
...
}
```
to test a boolean value.
### Annotations, qualifiers
* All functions use SAL annotations, such as `_In_`, `_Inout_`, `_Out_`, etc.
* Do not use `volatile` in definitions. Instead, cast to a volatile pointer when necessary.
### Function success indicators
There are three main types of indicators used:
* A `BOOLEAN` value is returned. `TRUE` indicates success.
* A `NTSTATUS` value is returned. The `NT_SUCCESS` macro checks if a status value indicates success.
* A `HRESULT` value is returned. The `HR_SUCCESS` macro checks if a status value indicates success.
* Do not use the `SUCCEEDED` macro since third parties return `S_FALSE` for errors which `SUCCEEDED` considers a success code.
* The result of the function is returned (e.g. a pointer). A special value (e.g. `NULL`) indicates failure.
Unless indicated, a function which fails is guaranteed not to modify any of its output parameters (`_Out_`, `_Out_opt_`, etc.).
For functions which are passed a callback function, it is not guaranteed that a failed function has not executed the callback function.
### Threads
Every thread start routine must have the following signature:
```
_Function_class_(USER_THREAD_START_ROUTINE)
NTSTATUS NTAPI NameOfRoutine(
_In_ PVOID Parameter
);
```
Thread creation is done through the `PhCreateThread` and `PhCreateThreadEx` functions.
### Collections
The collections available are summarized below:
Name | Use | Type
--------------------- | ----------------------- | ---------------
`PH_ARRAY` | Array | Non-intrusive
`PH_LIST` | Array | Non-intrusive
`LIST_ENTRY` | Doubly linked list | Intrusive
`SINGLE_LIST_ENTRY` | Singly linked list | Intrusive
`PH_POINTER_LIST` | Array | Non-intrusive
`LIST_ENTRY` | Stack | Intrusive
`SINGLE_LIST_ENTRY` | Stack | Intrusive
`LIST_ENTRY` | Queue | Intrusive
`RTL_AVL_TABLE` | Binary tree (AVL) | Non-intrusive
`PH_AVL_LINKS` | Binary tree (AVL) | Intrusive
`RTL_GENERIC_TABLE` | Binary tree (splay) | Non-intrusive
`PH_HASHTABLE` | Hashtable | Non-intrusive
`PH_HASH_ENTRY` | Hashtable | Intrusive
`PH_CIRCULAR_BUFFER` | Circular buffer | Non-intrusive
### Synchronization
The queued lock should be used for all synchronization, due to its small size and good performance. Although the queued lock is a reader-writer lock, it can be used as a mutex simply by using the exclusive acquire/release functions.
- Events can be used through `PH_EVENT`. This object does not create a kernel event object until needed, and testing its state is very fast.
- Rundown protection is available through `PH_RUNDOWN_PROTECT`.
- Condition variables are available using the queued lock. Simply declare and initialize a queued lock variable, and use the `PhPulse(All)Condition` and `PhWaitForCondition` functions.
- Custom locking with low overhead can be built using the wake event, built on the queued lock. Test one or more conditions in a loop and use `PhQueueWakeEvent`/`PhWaitForWakeEvent` to block. When a condition is modified use `PhSetWakeEvent` to wake waiters. If after calling `PhQueueWakeEvent` it is determined that no blocking should occur, use `PhSetWakeEvent`.
### Exceptions (SEH)
The only method of error handling used in Process Hacker is the return value (`NTSTATUS`, `BOOLEAN`, etc.). Exceptions are used for exceptional situations which cannot easily be recovered from (e.g. a lock acquire function fails to block, or an object has a negative reference count.
Exceptions to this rule include:
* `PhAllocate`, which raises an exception if it fails to allocate. Checking the return value of each allocation to increase reliability is not worth the extra effort involved, as failed allocations are very rare.
* `PhProbeAddress`, which raises an exception if an address lies outside of a specified range. Raising an exception makes it possible to conduct multiple checks in one SEH block.
* `STATUS_NOT_IMPLEMENTED` exceptions triggered by code paths which should not be reached, purely due to programmer error. `assert(FALSE)` could also be used in this case.
### Memory management
Use `PhAllocate`/`PhFree` to allocate/free memory. For complex objects, use the reference counting system.
There is semi-automatic reference counting available in the form of auto-dereference pools (similar to Apple's `NSAutoreleasePool`s). Use the `PhAutoDereferenceObject` to add an object to the thread's pool, and the object will be dereferenced at an unspecified time in the future. However, the object is guaranteed to not be dereferenced while the current function is executing.
Referencing an object is necessary whenever a pointer to the object is stored in a globally visible location or passed to another thread. In most other cases, referencing is not necessary.
All objects passed to functions must have a guaranteed reference for the duration of that call. One mistake is to keep a reference which could be destroyed in a window procedure, and to use that reference implicitly inside the window procedure. Messages can still be pumped (e.g. dialog boxes) while the window procedure is executing, so the window procedure must reference the object as soon as possible.
### Names (2)
#### Object creation/deletion
* Allocate means allocate memory without initialization.
* Create means allocate memory for an object and initialize the object.
* Free can be used for objects created with Allocate or Create functions.
* Destroy can also be used for objects created with Create functions.
* Initialize means initialize an object with caller-supplied storage.
* Delete is paired with Initialize and does not free the object as it was allocated by the caller.
* Create is used when objects are being created through the reference counting system.
Examples:
* `PhAllocateFromFreeList`/`PhFreeToFreeList`
* `PhCreateFileDialog`/`PhFreeFileDialog`
* `PhInitializeWorkQueue`/`PhDeleteWorkQueue`
* `PhCreateString`/`PhDereferenceObject`
#### Element counts
* Length specifies the length in bytes. E.g. `PhCreateString` requires the length to be specified in bytes.
* Count specifies the length in elements. E.g. `PhSubstring` requires the length to be specified in characters.
* Index specifies the index in elements. E.g. `PhSubstring` requires the index to be specified in characters.
When null terminated strings are being written to output, the return count, if any, must be specified as the number of characters written including the null terminator.
### Strings
Strings use the `PH_STRING` type, managed by reference counting. To create a string object from a null-terminated string:
```
PPH_STRING myString = PhCreateString(L"My string");
wprintf(
L"My string is \"%s\", and uses %Iu bytes.\n",
myString->Buffer,
myString->Length
);
```
All string objects have an embedded length (always in bytes), and the string is additionally null-terminated for compatibility reasons.
String objects must be treated as immutable unless a string object is created and modified before the pointer is shared with any other functions or stored in any global variables. This exception applies only when creating a string using `PhCreateString` or `PhCreateStringEx`.
Strings can be concatenated with `PhConcatStrings`:
```
PPH_STRING newString;
newString = PhConcatStrings(
4,
L"My first string, ",
L"My second string, ",
aStringFromSomewhere,
L"My fourth string."
);
```
Another version concatenates two strings:
```
PPH_STRING newString;
newString = PhConcatStrings2(
L"My first string, ",
L"My second string."
);
```
Strings can be formatted:
```
PPH_STRING newString;
newString = PhFormatString(
L"%d: %s, %#x",
100,
L"test",
0xff
);
```
### Tips
* Use !! to "cast" to a boolean.
================================================
FILE: KSystemInformer/Directory.Build.props
================================================
<Project>
<!-- Merge with parent Directory.Build.props -->
<Import Project="$([MSBuild]::GetPathOfFileAbove('Directory.Build.props', '$(MSBuildThisFileDirectory)../'))" />
<Import Project="$(SystemInformerRoot)/Common.Kernel.props" />
</Project>
================================================
FILE: KSystemInformer/KSystemInformer.inf
================================================
;
; Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.
;
; This file is part of System Informer.
;
; Authors:
;
; jxy-s 2022-2025
;
[Version]
Signature = "$WINDOWS NT$"
Class = ActivityMonitor
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
Provider = SystemInformer
DriverVer = 09/01/2022,3.0.0000.0000
CatalogFile = KSystemInformer.cat
PnpLockdown = 1
[DestinationDirs]
DefaultDestDir = 13
[SystemInformer.Service]
DisplayName = KSystemInformer
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %13%\systeminformer.sys
[SystemInformer.CopyFiles]
systeminformer.sys
ksi.dll
[SourceDisksFiles]
systeminformer.sys = 1,,
ksi.dll = 1,,
[SourceDisksNames]
1 = %DiskId1%,,,""
[Strings]
DiskId1 = "KSystemInformer Disk #1"
;
; AMD64 Section
;
[DefaultInstall.NTamd64]
CopyFiles = SystemInformer.CopyFiles
[DefaultInstall.NTamd64.Services]
AddService = KSystemInformer,,SystemInformer.Service
;
; ARM64 Section
;
[DefaultInstall.NTarm64]
CopyFiles = SystemInformer.CopyFiles
[DefaultInstall.NTarm64.Services]
AddService = KSystemInformer,,SystemInformer.Service
================================================
FILE: KSystemInformer/KSystemInformer.sln
================================================
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.7.34024.191
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KSystemInformer", "KSystemInformer.vcxproj", "{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}"
ProjectSection(ProjectDependencies) = postProject
{B1863396-A667-42DB-97AC-C5E033CEE321} = {B1863396-A667-42DB-97AC-C5E033CEE321}
{B385D394-19CC-48BC-827E-AF9ADCE559E0} = {B385D394-19CC-48BC-827E-AF9ADCE559E0}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "kphlib", "..\kphlib\kphlib_km.vcxproj", "{B1863396-A667-42DB-97AC-C5E033CEE321}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ksidll", "ksidll.vcxproj", "{B385D394-19CC-48BC-827E-AF9ADCE559E0}"
ProjectSection(ProjectDependencies) = postProject
{B1863396-A667-42DB-97AC-C5E033CEE321} = {B1863396-A667-42DB-97AC-C5E033CEE321}
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|ARM64 = Debug|ARM64
Debug|x64 = Debug|x64
Release|ARM64 = Release|ARM64
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Debug|ARM64.ActiveCfg = Debug|ARM64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Debug|ARM64.Build.0 = Debug|ARM64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Debug|ARM64.Deploy.0 = Debug|ARM64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Debug|x64.ActiveCfg = Debug|x64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Debug|x64.Build.0 = Debug|x64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Debug|x64.Deploy.0 = Debug|x64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Release|ARM64.ActiveCfg = Release|ARM64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Release|ARM64.Build.0 = Release|ARM64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Release|ARM64.Deploy.0 = Release|ARM64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Release|x64.ActiveCfg = Release|x64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Release|x64.Build.0 = Release|x64
{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}.Release|x64.Deploy.0 = Release|x64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Debug|ARM64.ActiveCfg = Debug|ARM64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Debug|ARM64.Build.0 = Debug|ARM64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Debug|ARM64.Deploy.0 = Debug|ARM64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Debug|x64.ActiveCfg = Debug|x64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Debug|x64.Build.0 = Debug|x64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Debug|x64.Deploy.0 = Debug|x64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Release|ARM64.ActiveCfg = Release|ARM64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Release|ARM64.Build.0 = Release|ARM64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Release|ARM64.Deploy.0 = Release|ARM64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Release|x64.ActiveCfg = Release|x64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Release|x64.Build.0 = Release|x64
{B1863396-A667-42DB-97AC-C5E033CEE321}.Release|x64.Deploy.0 = Release|x64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Debug|ARM64.ActiveCfg = Debug|ARM64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Debug|ARM64.Build.0 = Debug|ARM64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Debug|ARM64.Deploy.0 = Debug|ARM64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Debug|x64.ActiveCfg = Debug|x64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Debug|x64.Build.0 = Debug|x64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Debug|x64.Deploy.0 = Debug|x64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Release|ARM64.ActiveCfg = Release|ARM64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Release|ARM64.Build.0 = Release|ARM64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Release|ARM64.Deploy.0 = Release|ARM64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Release|x64.ActiveCfg = Release|x64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Release|x64.Build.0 = Release|x64
{B385D394-19CC-48BC-827E-AF9ADCE559E0}.Release|x64.Deploy.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {4989C8A8-DCF1-48A9-9012-23369AB01403}
EndGlobalSection
EndGlobal
================================================
FILE: KSystemInformer/KSystemInformer.slnx
================================================
<Solution>
<Configurations>
<Platform Name="ARM64" />
<Platform Name="x64" />
</Configurations>
<Project Path="../kphlib/kphlib_km.vcxproj" Id="b1863396-a667-42db-97ac-c5e033cee321">
</Project>
<Project Path="ksidll.vcxproj" Id="b385d394-19cc-48bc-827e-af9adce559e0">
<BuildDependency Project="../kphlib/kphlib_km.vcxproj" />
</Project>
<Project Path="KSystemInformer.vcxproj" Id="f4853009-c5d2-4a25-be4d-bb0d9f84e2ff">
<BuildDependency Project="../kphlib/kphlib_km.vcxproj" />
<BuildDependency Project="ksidll.vcxproj" />
</Project>
</Solution>
================================================
FILE: KSystemInformer/KSystemInformer.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|ARM64">
<Configuration>Debug</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM64">
<Configuration>Release</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{F4853009-C5D2-4A25-BE4D-BB0D9F84E2FF}</ProjectGuid>
<TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
<ConfigurationType>Driver</ConfigurationType>
<RootNamespace>KSystemInformer</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup>
<IntDir>$(SystemInformerRoot)KSystemInformer\obj\$(Configuration)$(PlatformArchitecture)\$(ProjectName)\</IntDir>
<OutDir>$(SystemInformerRoot)KSystemInformer\bin\$(Configuration)$(PlatformArchitecture)\</OutDir>
<TargetName>SystemInformer</TargetName>
</PropertyGroup>
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies>ksi.lib;FltMgr.lib;ksecdd.lib;kphlib_km.lib;volatileaccessk.lib;umaccess.lib%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<ResourceCompile>
<AdditionalIncludeDirectories>%(AdditionalIncludeDirectories);$(SystemInformerRoot)kphlib\include\</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="alloc.c" />
<ClCompile Include="alpc.c" />
<ClCompile Include="back_trace.c" />
<ClCompile Include="cid_table.c" />
<ClCompile Include="cid_tracking.c" />
<ClCompile Include="comms.c" />
<ClCompile Include="comms_handlers.c" />
<ClCompile Include="device.c" />
<ClCompile Include="driver.c" />
<ClCompile Include="dyndata.c" />
<ClCompile Include="dynimp.c" />
<ClCompile Include="file.c" />
<ClCompile Include="hash.c" />
<ClCompile Include="imgcoherency.c" />
<ClCompile Include="informer_debug.c" />
<ClCompile Include="informer_file.c" />
<ClCompile Include="informer_fileop.c" />
<ClCompile Include="informer_filenc.c" />
<ClCompile Include="informer_image.c" />
<ClCompile Include="informer_object.c" />
<ClCompile Include="informer_process.c" />
<ClCompile Include="informer.c" />
<ClCompile Include="informer_registry.c" />
<ClCompile Include="informer_thread.c" />
<ClCompile Include="knowndll.c" />
<ClCompile Include="kphobject.c" />
<ClCompile Include="kphthread.c" />
<ClCompile Include="lsa.c" />
<ClCompile Include="main.c" />
<ClCompile Include="object.c" />
<ClCompile Include="parameters.c" />
<ClCompile Include="process.c" />
<ClCompile Include="protection.c" />
<ClCompile Include="ratelmt.c" />
<ClCompile Include="ringbuff.c" />
<ClCompile Include="session_token.c" />
<ClCompile Include="system.c" />
<ClCompile Include="thread.c" />
<ClCompile Include="umaccess.c" />
<ClCompile Include="util.c" />
<ClCompile Include="verify.c" />
<ClCompile Include="vm.c" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="include\comms.h" />
<ClInclude Include="include\informer.h" />
<ClInclude Include="include\informer_filep.h" />
<ClInclude Include="include\kph.h" />
<ClInclude Include="include\ntfill.h" />
<ClInclude Include="include\pooltags.h" />
<ClInclude Include="include\trace.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
================================================
FILE: KSystemInformer/KSystemInformer.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="dyndata.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="dynimp.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="main.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="object.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="process.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="driver.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="thread.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="vm.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="util.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="verify.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_file.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="comms.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_image.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_process.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_thread.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_debug.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="comms_handlers.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="hash.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_object.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="alloc.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="cid_table.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="kphobject.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="cid_tracking.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="protection.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="alpc.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="system.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="file.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="knowndll.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="back_trace.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="parameters.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_fileop.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_filenc.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="informer_registry.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="session_token.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="lsa.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="imgcoherency.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="device.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="ringbuff.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="kphthread.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="include\kph.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\ntfill.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\comms.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\informer.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\trace.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\pooltags.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="include\informer_filep.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>
================================================
FILE: KSystemInformer/README.md
================================================
# System Informer Kernel
- optimizes retrieval of information from the system
- enables broader inspection into the system
- informs of system activity in realtime
- assists in removal of malware
## Security
[Security Policies and Procedures](../SECURITY.md)
Because the information exposed through the driver enables, by design, broader
access into the system. Access is strictly limited to verified callers.
Access is restricted based on the state of the calling process. This involves
signing, privilege, and other state checks. If the client does not meet the
state requirements they are denied access.
Any binaries built with the intention of loading into System Informer must
have a `.sig` from the key pair integrated into the build process and driver.
Or be signed by Microsoft or an anti-malware vendor. Loading of unsigned
modules will restrict access to the driver. Third-party plugins are supported,
however when they are loaded access to the driver will be restricted as they
are not signed.
The driver tracks verified clients, restricts access by other actors on the
system, and denies access if the process is tampered with. The intention is to
discourage exploitation of the client when the driver is active. If tampering
or exploitation is detected the client is denied access.
## Development
Developers may suppress protections and state requirements by disabling secure
boot (if applicable) then enabling debug and test signing mode. Doing this will
permit the client process to be debugged and enables use of test signing keys.
```
bcdedit /debug on
bcdedit /set testsigning on
```
Developers may generate their own key pair for use in their environment.
1. execute `tools\CustomSignTool\bin\Release64\CustomSignTool.exe createkeypair kph.key public.key`
2. copy `kph.key` into `tools\CustomSignTool\resources`
3. copy the bytes for `public.key` into the `KphpPublicKeys` array in [verify.c](verify.c)
- `KphKeyTypeProd` does not require debug and test signing enablement
- `KphKeyTypeTest` requires debug and test signing enablement
4. regenerate dynamic data `tools\CustomBuildTool\bin\Release\amd64\CustomBuildTool.exe -dyndata`
5. rebuild the kernel _and_ user components
It's important to regenerate the dynamic data and build the kernel and user
components after creating and placing the new key pair. The driver uses the
public key to validate the dynamic data and user mode binaries. Neglecting to
do this will result in failures to load or connect to the driver.
Once these steps are completed builds of System Informer components will
generate a `.sig` file next to the output binaries. And the developer built
driver will use the specified key when doing verification checks. Any plugins
not built through the regular build process must also have their own `.sig`.
================================================
FILE: KSystemInformer/alloc.c
================================================
/*
* Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.
*
* This file is part of System Informer.
*
* Authors:
*
* jxy-s 2022-2026
*
*/
#include <kph.h>
#include <trace.h>
typedef struct _KPH_LOOKASIDE_INIT
{
SIZE_T Size;
ULONG Tag;
} KPH_LOOKASIDE_INIT, *PKPH_LOOKASIDE_INIT;
KPH_PROTECTED_DATA_SECTION_RO_PUSH();
static const UNICODE_STRING KphpPagedLookasideObjectTypeName = RTL_CONSTANT_STRING(L"KphPagedLookaside");
static const UNICODE_STRING KphpNPagedLookasideObjectTypeName = RTL_CONSTANT_STRING(L"KphNPagedLookaside");
KPH_PROTECTED_DATA_SECTION_RO_POP();
KPH_PROTECTED_DATA_SECTION_PUSH();
static PKPH_OBJECT_TYPE KphpPagedLookasideObjectType = NULL;
static PKPH_OBJECT_TYPE KphpNPagedLookasideObjectType = NULL;
static ULONG KphpRandomPoolTag = 0;
KPH_PROTECTED_DATA_SECTION_POP();
/**
* \brief Allocates non-page-able memory.
*
* \param[in] NumberOfBytes The number of bytes to allocate.
* \param[in] Tag The pool tag to use.
*
* \return Allocated non-page-able memory. Null on failure.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_Return_allocatesMem_size_(NumberOfBytes)
PVOID KphAllocateNPaged(
_In_ SIZE_T NumberOfBytes,
_In_ ULONG Tag
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
if (KphpRandomPoolTag)
{
Tag = KphpRandomPoolTag;
}
#pragma warning(suppress: 4995) // suppress deprecation warning
return ExAllocatePoolZero(NonPagedPoolNx, NumberOfBytes, Tag);
}
/**
* \brief Frees memory.
*
* \param[in] Memory The memory to free.
* \param[in] Tag The tag associated with the allocation.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphFree(
_FreesMem_ PVOID Memory,
_In_ ULONG Tag
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
NT_ASSERT(Memory);
if (KphpRandomPoolTag)
{
Tag = KphpRandomPoolTag;
}
#pragma warning(suppress: 4995) // suppress deprecation warning
ExFreePoolWithTag(Memory, Tag);
}
/**
* \brief Initialized a non-page-able lookaside list.
*
* \param[out] Lookaside The lookaside list to initialize.
* \param[in] Size The size of entries in the lookaside list.
* \param[in] Tag The pool tag to use.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphInitializeNPagedLookaside(
_Out_ PNPAGED_LOOKASIDE_LIST Lookaside,
_In_ SIZE_T Size,
_In_ ULONG Tag
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
if (KphpRandomPoolTag)
{
Tag = KphpRandomPoolTag;
}
#pragma warning(suppress: 4995) // suppress deprecation warning
ExInitializeNPagedLookasideList(Lookaside,
NULL,
NULL,
POOL_NX_ALLOCATION,
Size,
Tag,
0);
}
/**
* \brief Deletes a non-page-able lookaside list.
*
* \param[in,out] Lookaside The lookaside to delete.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphDeleteNPagedLookaside(
_Inout_ PNPAGED_LOOKASIDE_LIST Lookaside
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
#pragma warning(suppress: 4995) // suppress deprecation warning
ExDeleteNPagedLookasideList(Lookaside);
}
/**
* \brief Allocates non-page-able memory from the lookaside list.
*
* \param[in,out] Lookaside The lookaside list to allocate from.
*
* \return Allocated non-page-able memory. Null on failure.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_Return_allocatesMem_size_(Lookaside->L.Size)
PVOID KphAllocateFromNPagedLookaside(
_Inout_ PNPAGED_LOOKASIDE_LIST Lookaside
)
{
PVOID memory;
KPH_NPAGED_CODE_DISPATCH_MAX();
#pragma warning(suppress: 4995) // suppress deprecation warning
memory = ExAllocateFromNPagedLookasideList(Lookaside);
if (memory)
{
RtlZeroMemory(memory, Lookaside->L.Size);
}
return memory;
}
/**
* \brief Frees non-page-able memory back to the lookaside list.
*
* \param[in,out] Lookaside The lookaside list to free back to.
* \param[in] Memory The memory to free.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphFreeToNPagedLookaside(
_Inout_ PNPAGED_LOOKASIDE_LIST Lookaside,
_In_freesMem_ PVOID Memory
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
NT_ASSERT(Memory);
#pragma warning(suppress: 4995) // suppress deprecation warning
ExFreeToNPagedLookasideList(Lookaside, Memory);
}
/**
* \brief Allocates a non-page-able lookaside object.
*
* \param[in] Size The size of the lookaside object.
*
* \return Allocated lookaside object, null on allocation failure.
*/
_Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
_Return_allocatesMem_size_(Size)
PVOID KSIAPI KphpAllocateNPagedLookasideObject(
_In_ SIZE_T Size
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
return KphAllocateNPaged(Size, KPH_TAG_NPAGED_LOOKASIDE_OBJECT);
}
/**
* \brief Initializes a non-page-able lookaside object.
*
* \param[in,out] Object The lookaside object to initialize.
* \param[in] Parameter The lookaside initialization parameters.
*
* \return STATUS_SUCCESS
*/
_Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
_Must_inspect_result_
NTSTATUS KSIAPI KphpInitializeNPagedLookasideObject(
_Inout_ PVOID Object,
_In_opt_ PVOID Parameter
)
{
PKPH_NPAGED_LOOKASIDE_OBJECT lookaside;
PKPH_LOOKASIDE_INIT init;
KPH_NPAGED_CODE_DISPATCH_MAX();
NT_ASSERT(Parameter);
lookaside = Object;
init = Parameter;
KphInitializeNPagedLookaside((PNPAGED_LOOKASIDE_LIST)lookaside,
init->Size,
init->Tag);
return STATUS_SUCCESS;
}
/**
* \brief Deletes a non-page-able lookaside object.
*
* \param[in,out] Object The lookaside object to delete.
*/
_Function_class_(KPH_TYPE_DELETE_PROCEDURE)
VOID KSIAPI KphpDeleteNPagedLookasideObject(
_Inout_ PVOID Object
)
{
PKPH_NPAGED_LOOKASIDE_OBJECT lookaside;
KPH_NPAGED_CODE_DISPATCH_MAX();
lookaside = Object;
KphDeleteNPagedLookaside((PNPAGED_LOOKASIDE_LIST)Object);
}
/**
* \brief Frees a non-page-page lookaside object.
*
* \param[in] Object The lookaside object to free.
*/
_Function_class_(KPH_TYPE_FREE_PROCEDURE)
VOID KSIAPI KphpFreeNPagedLookasideObject(
_In_freesMem_ PVOID Object
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
KphFree(Object, KPH_TAG_NPAGED_LOOKASIDE_OBJECT);
}
/**
* \brief Creates a non-page-able lookaside object.
*
* \param[out] Lookaside Set to the new non-page-able lookaside object on success.
* \param[in] Size The size of entries in the lookaside list.
* \param[in] Tag The pool tag to use.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
NTSTATUS KphCreateNPagedLookasideObject(
_Outptr_result_nullonfailure_ PKPH_NPAGED_LOOKASIDE_OBJECT* Lookaside,
_In_ SIZE_T Size,
_In_ ULONG Tag
)
{
NTSTATUS status;
KPH_LOOKASIDE_INIT init;
KPH_NPAGED_CODE_DISPATCH_MAX();
if (KphpRandomPoolTag)
{
Tag = KphpRandomPoolTag;
}
init.Size = Size;
init.Tag = Tag;
*Lookaside = NULL;
status = KphCreateObject(KphpNPagedLookasideObjectType,
sizeof(KPH_NPAGED_LOOKASIDE_OBJECT),
Lookaside,
&init);
if (!NT_SUCCESS(status))
{
*Lookaside = NULL;
}
return status;
}
/**
* \brief Allocates from a non-page-able lookaside object.
*
* \param[in,out] Lookaside The non-page-able lookaside object to allocate from.
*
* \return Allocated non-page-able memory. Null on failure.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_Return_allocatesMem_size_(Lookaside->L.Size)
PVOID KphAllocateFromNPagedLookasideObject(
_Inout_ PKPH_NPAGED_LOOKASIDE_OBJECT Lookaside
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
return KphAllocateFromNPagedLookaside((PNPAGED_LOOKASIDE_LIST)Lookaside);
}
/**
* \brief Frees non-page-able memory back to the lookaside object.
*
* \param[in,out] Lookaside The lookaside object to free back to.
* \param[in] Memory The memory to free.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphFreeToNPagedLookasideObject(
_Inout_ PKPH_NPAGED_LOOKASIDE_OBJECT Lookaside,
_In_freesMem_ PVOID Memory
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
KphFreeToNPagedLookaside((PNPAGED_LOOKASIDE_LIST)Lookaside, Memory);
}
KPH_PAGED_FILE();
/**
* \brief Allocates page-able memory.
*
* \param[in] NumberOfBytes The number of bytes to allocate.
* \param[in] Tag The pool tag to use.
*
* \return Allocated page-able memory. Null on failure.
*/
_IRQL_requires_max_(APC_LEVEL)
_Return_allocatesMem_size_(NumberOfBytes)
PVOID KphAllocatePaged(
_In_ SIZE_T NumberOfBytes,
_In_ ULONG Tag
)
{
KPH_PAGED_CODE();
if (KphpRandomPoolTag)
{
Tag = KphpRandomPoolTag;
}
#pragma warning(suppress: 4995) // suppress deprecation warning
return ExAllocatePoolZero(PagedPool, NumberOfBytes, Tag);
}
/**
* \brief Initialized a page-able lookaside list.
*
* \param[in] Lookaside The lookaside list to initialize.
* \param[in] Size The size of entries in the lookaside list.
* \param[in] Tag The pool tag to use.
*/
_IRQL_requires_max_(APC_LEVEL)
VOID KphInitializePagedLookaside(
_Out_ PPAGED_LOOKASIDE_LIST Lookaside,
_In_ SIZE_T Size,
_In_ ULONG Tag
)
{
KPH_PAGED_CODE();
if (KphpRandomPoolTag)
{
Tag = KphpRandomPoolTag;
}
#pragma warning(suppress: 4995) // suppress deprecation warning
ExInitializePagedLookasideList(Lookaside, NULL, NULL, 0, Size, Tag, 0);
}
/**
* \brief Deletes a page-able lookaside list.
*
* \param[in,out] Lookaside The lookaside to delete.
*/
_IRQL_requires_max_(APC_LEVEL)
VOID KphDeletePagedLookaside(
_Inout_ PPAGED_LOOKASIDE_LIST Lookaside
)
{
KPH_PAGED_CODE();
#pragma warning(suppress: 4995) // suppress deprecation warning
ExDeletePagedLookasideList(Lookaside);
}
/**
* \brief Allocates page-able memory from the lookaside list.
*
* \param[in,out] Lookaside The lookaside list to allocate from.
*
* \return Allocated page-able memory. Null on failure.
*/
_IRQL_requires_max_(APC_LEVEL)
_Return_allocatesMem_size_(Lookaside->L.Size)
PVOID KphAllocateFromPagedLookaside(
_Inout_ PPAGED_LOOKASIDE_LIST Lookaside
)
{
PVOID memory;
KPH_PAGED_CODE();
#pragma warning(suppress: 4995) // suppress deprecation warning
memory = ExAllocateFromPagedLookasideList(Lookaside);
if (memory)
{
RtlZeroMemory(memory, Lookaside->L.Size);
}
return memory;
}
/**
* \brief Frees page-able memory back to the lookaside list.
*
* \param[in,out] Lookaside The lookaside list to free back to.
* \param[in] Memory The memory to free.
*/
_IRQL_requires_max_(APC_LEVEL)
VOID KphFreeToPagedLookaside(
_Inout_ PPAGED_LOOKASIDE_LIST Lookaside,
_In_freesMem_ PVOID Memory
)
{
KPH_PAGED_CODE();
NT_ASSERT(Memory);
#pragma warning(suppress: 4995) // suppress deprecation warning
ExFreeToPagedLookasideList(Lookaside, Memory);
}
/**
* \brief Allocates a page-able lookaside object.
*
* \param[in] Size The size of the lookaside object.
*
* \return Allocated lookaside object, null on allocation failure.
*/
_Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
_Return_allocatesMem_size_(Size)
PVOID KSIAPI KphpAllocatePagedLookasideObject(
_In_ SIZE_T Size
)
{
KPH_PAGED_CODE();
return KphAllocateNPaged(Size, KPH_TAG_PAGED_LOOKASIDE_OBJECT);
}
/**
* \brief Initializes a page-able lookaside object.
*
* \param[in,out] Object The lookaside object to initialize.
* \param[in] Parameter The lookaside initialization parameters.
*
* \return STATUS_SUCCESS
*/
_Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
_Must_inspect_result_
NTSTATUS KSIAPI KphpInitializePagedLookasideObject(
_Inout_ PVOID Object,
_In_opt_ PVOID Parameter
)
{
PKPH_PAGED_LOOKASIDE_OBJECT lookaside;
PKPH_LOOKASIDE_INIT init;
KPH_PAGED_CODE();
NT_ASSERT(Parameter);
lookaside = Object;
init = Parameter;
KphInitializePagedLookaside((PPAGED_LOOKASIDE_LIST)lookaside,
init->Size,
init->Tag);
return STATUS_SUCCESS;
}
/**
* \brief Deletes a page-able lookaside object.
*
* \param[in,out] Object The lookaside object to delete.
*/
_Function_class_(KPH_TYPE_DELETE_PROCEDURE)
VOID KSIAPI KphpDeletePagedLookasideObject(
_Inout_ PVOID Object
)
{
PKPH_PAGED_LOOKASIDE_OBJECT lookaside;
KPH_PAGED_CODE();
lookaside = Object;
KphDeletePagedLookaside((PPAGED_LOOKASIDE_LIST)Object);
}
/**
* \brief Frees a page-page lookaside object.
*
* \param[in] Object The lookaside object to free.
*/
_Function_class_(KPH_TYPE_FREE_PROCEDURE)
VOID KSIAPI KphpFreePagedLookasideObject(
_In_freesMem_ PVOID Object
)
{
KPH_PAGED_CODE();
KphFree(Object, KPH_TAG_PAGED_LOOKASIDE_OBJECT);
}
/**
* \brief Creates a page-able lookaside object.
*
* \param[out] Lookaside Set to the new page-able lookaside object on success.
* \param[in] Size The size of entries in the lookaside list.
* \param[in] Tag The pool tag to use.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS KphCreatePagedLookasideObject(
_Outptr_result_nullonfailure_ PKPH_PAGED_LOOKASIDE_OBJECT* Lookaside,
_In_ SIZE_T Size,
_In_ ULONG Tag
)
{
NTSTATUS status;
KPH_LOOKASIDE_INIT init;
KPH_PAGED_CODE();
if (KphpRandomPoolTag)
{
Tag = KphpRandomPoolTag;
}
init.Size = Size;
init.Tag = Tag;
*Lookaside = NULL;
status = KphCreateObject(KphpPagedLookasideObjectType,
sizeof(KPH_PAGED_LOOKASIDE_OBJECT),
Lookaside,
&init);
if (!NT_SUCCESS(status))
{
*Lookaside = NULL;
}
return status;
}
/**
* \brief Allocates from a page-able lookaside object.
*
* \param[in,out] Lookaside The page-able lookaside object to allocate from.
*
* \return Allocated page-able memory. Null on failure.
*/
_IRQL_requires_max_(APC_LEVEL)
_Return_allocatesMem_size_(Lookaside->L.Size)
PVOID KphAllocateFromPagedLookasideObject(
_Inout_ PKPH_PAGED_LOOKASIDE_OBJECT Lookaside
)
{
KPH_PAGED_CODE();
return KphAllocateFromPagedLookaside((PPAGED_LOOKASIDE_LIST)Lookaside);
}
/**
* \brief Frees page-able memory back to the lookaside object.
*
* \param[in,out] Lookaside The lookaside object to free back to.
* \param[in] Memory The memory to free.
*/
_IRQL_requires_max_(APC_LEVEL)
VOID KphFreeToPagedLookasideObject(
_Inout_ PKPH_PAGED_LOOKASIDE_OBJECT Lookaside,
_In_freesMem_ PVOID Memory
)
{
KPH_PAGED_CODE();
KphFreeToPagedLookaside((PPAGED_LOOKASIDE_LIST)Lookaside, Memory);
}
/**
* \brief Makes a byte suitable for a pool tag.
*
* \param[in] Byte A byte to make suitable for a pool tag.
*
* \return A byte suitable for a pool tag.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
BYTE KphpMakePoolTagByte(
_In_ BYTE Byte
)
{
BYTE outByte;
KPH_PAGED_CODE_PASSIVE();
outByte = Byte % '~';
if (outByte < ' ')
{
outByte += ' ';
}
return outByte;
}
/**
* \brief Generates a randomized pool tag.
*
* \return Randomized pool tag.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
ULONG KphpGenerateRandomPoolTag(
VOID
)
{
ULONG64 interruptTime;
ULONG seed;
ULONG randomValue;
BYTE byte;
ULONG poolTag;
KPH_PAGED_CODE_PASSIVE();
interruptTime = KeQueryInterruptTime();
seed = (ULONG)(interruptTime >> 32);
seed |= (ULONG)interruptTime;
seed ^= PtrToUlong(PsGetCurrentThread());
do
{
randomValue = RtlRandomEx(&seed);
} while (!randomValue);
poolTag = 0;
byte = KphpMakePoolTagByte(randomValue & 0xff);
poolTag = (ULONG)byte;
byte = KphpMakePoolTagByte((randomValue >> 8) & 0xff);
poolTag |= ((ULONG)byte << 8);
byte = KphpMakePoolTagByte((randomValue >> 16) & 0xff);
poolTag |= ((ULONG)byte << 16);
byte = KphpMakePoolTagByte((randomValue >> 24) & 0xff);
poolTag |= ((ULONG)byte << 24);
return poolTag;
}
/**
* \brief Initializes allocation infrastructure.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
VOID KphInitializeAlloc(
VOID
)
{
KPH_OBJECT_TYPE_INFO typeInfo;
KPH_PAGED_CODE_PASSIVE();
if (KphParameterFlags.RandomizedPoolTag)
{
KphpRandomPoolTag = KphpGenerateRandomPoolTag();
}
typeInfo.Allocate = KphpAllocatePagedLookasideObject;
typeInfo.Initialize = KphpInitializePagedLookasideObject;
typeInfo.Delete = KphpDeletePagedLookasideObject;
typeInfo.Free = KphpFreePagedLookasideObject;
typeInfo.Flags = 0;
KphCreateObjectType(&KphpPagedLookasideObjectTypeName,
&typeInfo,
&KphpPagedLookasideObjectType);
typeInfo.Allocate = KphpAllocateNPagedLookasideObject;
typeInfo.Initialize = KphpInitializeNPagedLookasideObject;
typeInfo.Delete = KphpDeleteNPagedLookasideObject;
typeInfo.Free = KphpFreeNPagedLookasideObject;
typeInfo.Flags = 0;
KphCreateObjectType(&KphpNPagedLookasideObjectTypeName,
&typeInfo,
&KphpNPagedLookasideObjectType);
}
================================================
FILE: KSystemInformer/alpc.c
================================================
/*
* Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.
*
* This file is part of System Informer.
*
* Authors:
*
* jxy-s 2022-2026
*
*/
#include <kph.h>
#include <trace.h>
KPH_PAGED_FILE();
#define KPH_ALPC_NAME_BUFFER_SIZE ((MAX_PATH * 2) + sizeof(OBJECT_NAME_INFORMATION))
/**
* \brief References any communication ports associated with the input port.
* The caller must dereference any returned objects by calling ObDereferenceObject.
*
* \param[in] Dyn Dynamic configuration.
* \param[in] Port The ALPC port to references the associated ports of.
* \param[out] ConnectionPort Set to the connection port.
* \param[out] ServerPort Set to the server port.
* \param[out] ClientPort Set to the client port.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
_Must_inspect_result_
NTSTATUS KphpReferenceAlpcCommunicationPorts(
_In_ PKPH_DYN Dyn,
_In_ PVOID Port,
_Outptr_result_maybenull_ PVOID* ConnectionPort,
_Outptr_result_maybenull_ PVOID* ServerPort,
_Outptr_result_maybenull_ PVOID* ClientPort
)
{
NTSTATUS status;
PVOID communicationInfo;
PVOID handleTable;
PVOID handleTableLock;
BOOLEAN typeMismatch;
PVOID connectionPort;
PVOID serverPort;
PVOID clientPort;
KPH_PAGED_CODE_PASSIVE();
*ConnectionPort = NULL;
*ServerPort = NULL;
*ClientPort = NULL;
connectionPort = NULL;
serverPort = NULL;
clientPort = NULL;
if ((Dyn->AlpcCommunicationInfo == ULONG_MAX) ||
(Dyn->AlpcHandleTable == ULONG_MAX) ||
(Dyn->AlpcHandleTableLock == ULONG_MAX))
{
status = STATUS_NOINTERFACE;
goto Exit;
}
communicationInfo = *(PVOID*)Add2Ptr(Port, Dyn->AlpcCommunicationInfo);
if (!communicationInfo)
{
status = STATUS_NOT_FOUND;
goto Exit;
}
handleTable = Add2Ptr(communicationInfo, Dyn->AlpcHandleTable);
handleTableLock = Add2Ptr(handleTable, Dyn->AlpcHandleTableLock);
typeMismatch = FALSE;
FltAcquirePushLockShared(handleTableLock);
if (Dyn->AlpcConnectionPort != ULONG_MAX)
{
connectionPort = *(PVOID*)Add2Ptr(communicationInfo,
Dyn->AlpcConnectionPort);
if (connectionPort)
{
if (ObGetObjectType(connectionPort) != *AlpcPortObjectType)
{
typeMismatch = TRUE;
connectionPort = NULL;
}
else
{
ObReferenceObject(connectionPort);
}
}
}
if (Dyn->AlpcServerCommunicationPort != ULONG_MAX)
{
serverPort = *(PVOID*)Add2Ptr(communicationInfo,
Dyn->AlpcServerCommunicationPort);
if (serverPort)
{
if (ObGetObjectType(serverPort) != *AlpcPortObjectType)
{
typeMismatch = TRUE;
serverPort = NULL;
}
else
{
ObReferenceObject(serverPort);
}
}
}
if (Dyn->AlpcClientCommunicationPort != ULONG_MAX)
{
clientPort = *(PVOID*)Add2Ptr(communicationInfo,
Dyn->AlpcClientCommunicationPort);
if (clientPort)
{
if (ObGetObjectType(clientPort) != *AlpcPortObjectType)
{
typeMismatch = TRUE;
clientPort = NULL;
}
else
{
ObReferenceObject(clientPort);
}
}
}
FltReleasePushLock(handleTableLock);
if (typeMismatch)
{
status = STATUS_OBJECT_TYPE_MISMATCH;
goto Exit;
}
*ConnectionPort = connectionPort;
connectionPort = NULL;
*ServerPort = serverPort;
serverPort = NULL;
*ClientPort = clientPort;
clientPort = NULL;
status = STATUS_SUCCESS;
Exit:
if (connectionPort)
{
ObDereferenceObject(connectionPort);
}
if (serverPort)
{
ObDereferenceObject(serverPort);
}
if (clientPort)
{
ObDereferenceObject(clientPort);
}
return status;
}
/**
* \brief Retrieves the basic information for an ALPC port.
*
* \param[in] Dyn Dynamic configuration.
* \param[in] Port The ALPC port to get the basic information of.
* \param[out] Info Populated with the basic information.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
_Must_inspect_result_
NTSTATUS KphpAlpcBasicInfo(
_In_ PKPH_DYN Dyn,
_In_ PVOID Port,
_Out_ PKPH_ALPC_BASIC_INFORMATION Info
)
{
PEPROCESS process;
PVOID portObjectLock;
KPH_PAGED_CODE_PASSIVE();
RtlZeroMemory(Info, sizeof(*Info));
if ((Dyn->AlpcOwnerProcess == ULONG_MAX) ||
(Dyn->AlpcPortObjectLock == ULONG_MAX))
{
return STATUS_NOINTERFACE;
}
//
// The OS uses the first bit of the OwnerProcess to denote if it is valid,
// if the first bit of the OwnerProcess is set is it invalid. Checking the
// bit should be done under the PortObjectLock.
// See: ntoskrnl!AlpcpPortQueryServerSessionInfo
//
portObjectLock = Add2Ptr(Port, Dyn->AlpcPortObjectLock);
FltAcquirePushLockShared(portObjectLock);
process = *(PEPROCESS*)Add2Ptr(Port, Dyn->AlpcOwnerProcess);
if (process && (((ULONG_PTR)process & 1) == 0))
{
Info->OwnerProcessId = PsGetProcessId(process);
}
FltReleasePushLock(portObjectLock);
if ((Dyn->AlpcAttributes != ULONG_MAX) &&
(Dyn->AlpcAttributesFlags != ULONG_MAX))
{
Info->Flags = *(PULONG)Add2Ptr(Add2Ptr(Port, Dyn->AlpcAttributes),
Dyn->AlpcAttributesFlags);
}
if (Dyn->AlpcPortContext != ULONG_MAX)
{
Info->PortContext = *(PVOID*)Add2Ptr(Port, Dyn->AlpcPortContext);
}
if (Dyn->AlpcSequenceNo != ULONG_MAX)
{
Info->SequenceNo = *(PULONG)Add2Ptr(Port, Dyn->AlpcSequenceNo);
}
if (Dyn->AlpcState != ULONG_MAX)
{
Info->State = *(PULONG)Add2Ptr(Port, Dyn->AlpcState);
}
return STATUS_SUCCESS;
}
/**
* \brief Retrieves the communication information for an ALPC port.
*
* \param[in] Dyn Dynamic configuration.
* \param[in] Port The ALPC port to get the information of.
* \param[out] Info Populated with the communication information.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
_Must_inspect_result_
NTSTATUS KphpAlpcCommunicationInfo(
_In_ PKPH_DYN Dyn,
_In_ PVOID Port,
_Out_ PKPH_ALPC_COMMUNICATION_INFORMATION Info
)
{
NTSTATUS status;
PVOID connectionPort;
PVOID serverPort;
PVOID clientPort;
KPH_PAGED_CODE_PASSIVE();
RtlZeroMemory(Info, sizeof(*Info));
status = KphpReferenceAlpcCommunicationPorts(Dyn,
Port,
&connectionPort,
&serverPort,
&clientPort);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KphpReferenceAlpcCommunicationPorts failed: %!STATUS!",
status);
connectionPort = NULL;
serverPort = NULL;
clientPort = NULL;
goto Exit;
}
if (connectionPort)
{
status = KphpAlpcBasicInfo(Dyn,
connectionPort,
&Info->ConnectionPort);
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
if (serverPort)
{
status = KphpAlpcBasicInfo(Dyn,
serverPort,
&Info->ServerCommunicationPort);
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
if (clientPort)
{
status = KphpAlpcBasicInfo(Dyn,
clientPort,
&Info->ClientCommunicationPort);
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
Exit:
if (connectionPort)
{
ObDereferenceObject(connectionPort);
}
if (serverPort)
{
ObDereferenceObject(serverPort);
}
if (clientPort)
{
ObDereferenceObject(clientPort);
}
return status;
}
/**
* \brief Utility function for copying the ALPC port name into an output string.
*
* \param[in] Port The ALPC port to copy the name of.
* \param[in] NameBuffer Preallocated name buffer to use to get the name.
* \param[in,out] Buffer The space to write the string.
* \param[in,out] RemainingLength The remaining space to write the string.
* \param[in,out] ReturnLength Updated by number of bytes written or required.
* \param[out] String The string to populate.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
_Must_inspect_result_
NTSTATUS KphpAlpcCopyPortName(
_In_ PVOID Port,
_In_bytecount_(KPH_ALPC_NAME_BUFFER_SIZE) POBJECT_NAME_INFORMATION NameBuffer,
_Inout_ PVOID* Buffer,
_Inout_ PULONG RemainingLength,
_Inout_ PULONG ReturnLength,
_Out_opt_ PUNICODE_STRING String
)
{
NTSTATUS status;
ULONG returnLength;
KPH_PAGED_CODE_PASSIVE();
if (String)
{
RtlZeroMemory(String, sizeof(*String));
}
status = KphQueryNameObject(Port,
NameBuffer,
KPH_ALPC_NAME_BUFFER_SIZE,
&returnLength);
if (!NT_SUCCESS(status) || (NameBuffer->Name.Length == 0))
{
//
// We're best effort here.
//
return STATUS_SUCCESS;
}
status = RtlULongAdd(*ReturnLength, NameBuffer->Name.Length, ReturnLength);
if (!NT_SUCCESS(status))
{
return status;
}
if (!String || (NameBuffer->Name.Length > *RemainingLength))
{
//
// Success, return length is updated with the needed length.
//
return STATUS_SUCCESS;
}
String->Buffer = *Buffer;
String->MaximumLength = NameBuffer->Name.Length;
*Buffer = Add2Ptr(*Buffer, NameBuffer->Name.Length);
*RemainingLength -= NameBuffer->Name.Length;
RtlCopyUnicodeString(String, &NameBuffer->Name);
return STATUS_SUCCESS;
}
/**
* \brief Retrieves the names of the communication ports for a given ALPC port.
*
* \param[in] Dyn Dynamic configuration.
* \param[in] Port The port to retrieve the names of.
* \param[out] Info Populated with the name information.
* \param[in] InfoLength The length of the information buffer.
* \param[out] ReturnLength Receives the number of bytes written or required.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
_Must_inspect_result_
NTSTATUS KphpAlpcCommunicationNamesInfo(
_In_ PKPH_DYN Dyn,
_In_ PVOID Port,
_Out_writes_bytes_opt_(InfoLength) PKPH_ALPC_COMMUNICATION_NAMES_INFORMATION Info,
_In_ ULONG InfoLength,
_Out_ PULONG ReturnLength
)
{
NTSTATUS status;
POBJECT_NAME_INFORMATION nameBuffer;
PVOID connectionPort;
PVOID serverPort;
PVOID clientPort;
PVOID buffer;
ULONG remainingLength;
KPH_PAGED_CODE_PASSIVE();
*ReturnLength = sizeof(KPH_ALPC_COMMUNICATION_NAMES_INFORMATION);
nameBuffer = NULL;
if (Info && (InfoLength >= sizeof(KPH_ALPC_COMMUNICATION_NAMES_INFORMATION)))
{
RtlZeroMemory(Info, sizeof(KPH_ALPC_COMMUNICATION_NAMES_INFORMATION));
remainingLength = (InfoLength - sizeof(KPH_ALPC_COMMUNICATION_NAMES_INFORMATION));
buffer = Add2Ptr(Info, sizeof(KPH_ALPC_COMMUNICATION_NAMES_INFORMATION));
}
else
{
remainingLength = 0;
buffer = NULL;
}
status = KphpReferenceAlpcCommunicationPorts(Dyn,
Port,
&connectionPort,
&serverPort,
&clientPort);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KphpReferenceAlpcCommunicationPorts failed: %!STATUS!",
status);
connectionPort = NULL;
serverPort = NULL;
clientPort = NULL;
goto Exit;
}
nameBuffer = KphAllocatePaged(KPH_ALPC_NAME_BUFFER_SIZE,
KPH_TAG_ALPC_NAME_QUERY);
if (!nameBuffer)
{
status = STATUS_INSUFFICIENT_RESOURCES;
goto Exit;
}
if (connectionPort)
{
status = KphpAlpcCopyPortName(connectionPort,
nameBuffer,
&buffer,
&remainingLength,
ReturnLength,
(Info ? &Info->ConnectionPort : NULL));
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
if (serverPort)
{
status = KphpAlpcCopyPortName(serverPort,
nameBuffer,
&buffer,
&remainingLength,
ReturnLength,
(Info ? &Info->ServerCommunicationPort : NULL));
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
if (clientPort)
{
status = KphpAlpcCopyPortName(clientPort,
nameBuffer,
&buffer,
&remainingLength,
ReturnLength,
(Info ? &Info->ClientCommunicationPort : NULL));
if (!NT_SUCCESS(status))
{
goto Exit;
}
}
if (*ReturnLength > InfoLength)
{
status = STATUS_BUFFER_TOO_SMALL;
}
else
{
status = STATUS_SUCCESS;
}
Exit:
if (nameBuffer)
{
KphFree(nameBuffer, KPH_TAG_ALPC_NAME_QUERY);
}
if (connectionPort)
{
ObDereferenceObject(connectionPort);
}
if (serverPort)
{
ObDereferenceObject(serverPort);
}
if (clientPort)
{
ObDereferenceObject(clientPort);
}
return status;
}
/**
* \brief Queries information about an ALPC port.
*
* \param[in] ProceessHandle Handle to the process where the ALPC handle resides.
* \param[in] PortHandle Handle to the ALPC port to query.
* \param[in] AlpcInformationClass Information class to query.
* \param[out] AlpcInformation Populated with information by ALPC port.
* \param[in] AlpcInformationLength Length of the ALPC information buffer.
* \param[out] ReturnLength Receives the number of bytes written or required.
* \param[in] AccessMode The mode in which to perform access checks.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
_Must_inspect_result_
NTSTATUS KphAlpcQueryInformation(
_In_ HANDLE ProcessHandle,
_In_ HANDLE PortHandle,
_In_ KPH_ALPC_INFORMATION_CLASS AlpcInformationClass,
_Out_writes_bytes_opt_(AlpcInformationLength) PVOID AlpcInformation,
_In_ ULONG AlpcInformationLength,
_Out_opt_ PULONG ReturnLength,
_In_ KPROCESSOR_MODE AccessMode
)
{
NTSTATUS status;
PKPH_DYN dyn;
PEPROCESS process;
KAPC_STATE apcState;
PVOID port;
ULONG returnLength;
PVOID buffer;
BYTE stackBuffer[64];
KPROCESSOR_MODE accessMode;
KPH_PAGED_CODE_PASSIVE();
dyn = NULL;
port = NULL;
returnLength = 0;
buffer = NULL;
status = ObReferenceObjectByHandle(ProcessHandle,
0,
*PsProcessType,
AccessMode,
&process,
NULL);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"ObReferenceObjectByHandle failed: %!STATUS!",
status);
process = NULL;
goto Exit;
}
if (process == PsInitialSystemProcess)
{
PortHandle = MakeKernelHandle(PortHandle);
accessMode = KernelMode;
}
else
{
if (IsKernelHandle(PortHandle))
{
status = STATUS_INVALID_HANDLE;
goto Exit;
}
accessMode = AccessMode;
}
KeStackAttachProcess(process, &apcState);
status = ObReferenceObjectByHandle(PortHandle,
0,
*AlpcPortObjectType,
accessMode,
&port,
NULL);
KeUnstackDetachProcess(&apcState);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"ObReferenceObjectByHandle failed: %!STATUS!",
status);
port = NULL;
goto Exit;
}
switch (AlpcInformationClass)
{
case KphAlpcBasicInformation:
{
KPH_ALPC_BASIC_INFORMATION info;
dyn = KphReferenceDynData();
if (!dyn)
{
status = STATUS_NOINTERFACE;
goto Exit;
}
if (!AlpcInformation ||
(AlpcInformationLength < sizeof(KPH_ALPC_BASIC_INFORMATION)))
{
status = STATUS_INFO_LENGTH_MISMATCH;
returnLength = sizeof(KPH_ALPC_BASIC_INFORMATION);
goto Exit;
}
status = KphpAlpcBasicInfo(dyn, port, &info);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KphpAlpcBasicInfo failed: %!STATUS!",
status);
goto Exit;
}
status = KphCopyToMode(AlpcInformation,
&info,
sizeof(KPH_ALPC_BASIC_INFORMATION),
AccessMode);
if (NT_SUCCESS(status))
{
returnLength = sizeof(KPH_ALPC_BASIC_INFORMATION);
}
break;
}
case KphAlpcCommunicationInformation:
{
KPH_ALPC_COMMUNICATION_INFORMATION info;
dyn = KphReferenceDynData();
if (!dyn)
{
status = STATUS_NOINTERFACE;
goto Exit;
}
if (!AlpcInformation ||
(AlpcInformationLength < sizeof(KPH_ALPC_COMMUNICATION_INFORMATION)))
{
status = STATUS_INFO_LENGTH_MISMATCH;
returnLength = sizeof(KPH_ALPC_COMMUNICATION_INFORMATION);
goto Exit;
}
status = KphpAlpcCommunicationInfo(dyn, port, &info);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KphpAlpcCommunicationInfo failed: %!STATUS!",
status);
goto Exit;
}
status = KphCopyToMode(AlpcInformation,
&info,
sizeof(KPH_ALPC_COMMUNICATION_INFORMATION),
AccessMode);
if (NT_SUCCESS(status))
{
returnLength = sizeof(KPH_ALPC_COMMUNICATION_INFORMATION);
}
break;
}
case KphAlpcCommunicationNamesInformation:
{
ULONG allocatedSize;
PKPH_ALPC_COMMUNICATION_NAMES_INFORMATION info;
dyn = KphReferenceDynData();
if (!dyn)
{
status = STATUS_NOINTERFACE;
goto Exit;
}
allocatedSize = AlpcInformationLength;
if (allocatedSize < sizeof(KPH_ALPC_COMMUNICATION_NAMES_INFORMATION))
{
allocatedSize = sizeof(KPH_ALPC_COMMUNICATION_NAMES_INFORMATION);
}
buffer = KphAllocatePagedA(allocatedSize,
KPH_TAG_ALPC_QUERY,
stackBuffer);
if (!buffer)
{
status = STATUS_INSUFFICIENT_RESOURCES;
goto Exit;
}
info = buffer;
status = KphpAlpcCommunicationNamesInfo(dyn,
port,
info,
AlpcInformationLength,
&returnLength);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KphpAlpcCommunicationNamesInfo failed: %!STATUS!",
status);
goto Exit;
}
if (!AlpcInformation)
{
status = STATUS_BUFFER_TOO_SMALL;
goto Exit;
}
RebaseUnicodeString(&info->ConnectionPort,
buffer,
AlpcInformation);
RebaseUnicodeString(&info->ServerCommunicationPort,
buffer,
AlpcInformation);
RebaseUnicodeString(&info->ClientCommunicationPort,
buffer,
AlpcInformation);
status = KphCopyToMode(AlpcInformation,
info,
returnLength,
AccessMode);
break;
}
default:
{
status = STATUS_INVALID_INFO_CLASS;
break;
}
}
Exit:
if (buffer)
{
KphFreeA(buffer, KPH_TAG_ALPC_QUERY, stackBuffer);
}
if (port)
{
ObDereferenceObject(port);
}
if (process)
{
ObDereferenceObject(process);
}
if (dyn)
{
KphDereferenceObject(dyn);
}
if (ReturnLength)
{
KphWriteULongToMode(ReturnLength, returnLength, AccessMode);
}
return status;
}
================================================
FILE: KSystemInformer/back_trace.c
================================================
/*
* Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.
*
* This file is part of System Informer.
*
* Authors:
*
* jxy-s 2023-2026
*
*/
#include <kph.h>
#include <trace.h>
typedef struct _KPH_STACK_BACK_TRACE_OBJECT
{
KSI_KAPC Apc;
KEVENT CompletedEvent;
ULONG FramesToSkip;
ULONG FramesToCapture;
ULONG CapturedFrames;
ULONG BackTraceHash;
ULONG Flags;
BOOLEAN DoHash;
PKPH_THREAD_CONTEXT Thread;
PVOID BackTrace[ANYSIZE_ARRAY];
} KPH_STACK_BACK_TRACE_OBJECT, *PKPH_STACK_BACK_TRACE_OBJECT;
KPH_PROTECTED_DATA_SECTION_RO_PUSH();
static const UNICODE_STRING KphpStackBackTraceTypeName = RTL_CONSTANT_STRING(L"KphStackBackTrace");
KPH_PROTECTED_DATA_SECTION_RO_POP();
KPH_PROTECTED_DATA_SECTION_PUSH();
static PVOID KphpSelfImageBase = NULL;
static PVOID KphpSelfImageEnd = NULL;
static PVOID KphpKsiImageBase = NULL;
static PVOID KphpKsiImageEnd = NULL;
static PKPH_OBJECT_TYPE KphpStackBackTraceType = NULL;
KPH_PROTECTED_DATA_SECTION_POP();
//
// Sentinel value inserted into the stack back trace when part of the stack
// couldn't be captured for some reason.
//
#define KPH_STACK_SENTINEL_FRAME ((PVOID)(ULONG_PTR)0xbad)
/**
* \brief Tries to add a sentinel frame to the stack back trace.
*
* \param[in] FramesToCapture The number of frames to capture.
* \param[out] BackTrace Buffer to store the back trace in.
* \param[in,out] Frames On input, the number of frames captured so far. If a
* sentinel frame is added, this is incremented.
* \param[in] Flags A combination of KPH_STACK_BACK_TRACE_* flags.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphpTryAddSentinelFrame(
_In_ ULONG FramesToCapture,
_Out_writes_(FramesToCapture) PVOID* BackTrace,
_Inout_ PULONG Frames,
_In_ ULONG Flags
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
if (FlagOn(Flags, KPH_STACK_BACK_TRACE_NO_SENTINEL))
{
return;
}
if (*Frames < FramesToCapture)
{
BackTrace[*Frames] = KPH_STACK_SENTINEL_FRAME;
(*Frames)++;
}
}
/**
* \brief Captures a stack back trace.
*
* \param[in] FramesToSkip The number of kernel frames to skip.
* \param[in] FramesToCapture The number of frames to capture.
* \param[out] BackTrace Buffer to store the back trace in.
* \param[out] BackTraceHash Optionally receives a hash of the back trace.
* \param[in] Flags A combination of KPH_STACK_BACK_TRACE_* flags.
* \param[in] Thread Optional thread context of the target thread, used for
* internal tracking to prevent accidental recursion.
*
* \return The number of captured frames.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_Success_(return != 0)
ULONG KphpCaptureStackBackTrace(
_In_ ULONG FramesToSkip,
_In_ ULONG FramesToCapture,
_Out_writes_(FramesToCapture) PVOID* BackTrace,
_Out_opt_ PULONG BackTraceHash,
_In_ ULONG Flags,
_In_opt_ PKPH_THREAD_CONTEXT Thread
)
{
ULONG frames;
ULONG skip;
KPH_NPAGED_CODE_DISPATCH_MAX();
FramesToSkip += 1;
skip = (FramesToSkip << RTL_STACK_WALKING_MODE_FRAMES_TO_SKIP_SHIFT);
frames = RtlWalkFrameChain(BackTrace, FramesToCapture, skip);
if (frames <= FramesToSkip)
{
frames = 0;
goto ContinueCapture;
}
frames -= FramesToSkip;
if (FlagOn(Flags, KPH_STACK_BACK_TRACE_SKIP_KPH))
{
for (skip = 0; skip < frames; skip++)
{
if (((BackTrace[skip] < KphpSelfImageBase) ||
(BackTrace[skip] >= KphpSelfImageEnd)) &&
((BackTrace[skip] < KphpKsiImageBase) ||
(BackTrace[skip] >= KphpKsiImageEnd)))
{
break;
}
}
if (frames <= skip)
{
frames = 0;
goto ContinueCapture;
}
frames -= skip;
RtlMoveMemory(BackTrace, &BackTrace[skip], frames * sizeof(PVOID));
}
ContinueCapture:
if (!FlagOn(Flags, KPH_STACK_BACK_TRACE_USER_MODE) ||
(KeGetCurrentIrql() == DISPATCH_LEVEL))
{
goto Exit;
}
if (!Thread)
{
KphpTryAddSentinelFrame(FramesToCapture, BackTrace, &frames, Flags);
goto Exit;
}
NT_ASSERT(Thread->EThread == PsGetCurrentThread());
//
// N.B. This path can become accidentally recursive if the user mode stack
// needs to be paged in and another kernel callback lands here again. In
// that case skip the capture.
//
if (Thread->CapturingUserModeStack)
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"Skipping user mode stack capture for "
"thread %lu in process %wZ (%lu)",
HandleToULong(Thread->ClientId.UniqueThread),
KphGetThreadImageName(Thread),
HandleToULong(Thread->ClientId.UniqueProcess));
KphpTryAddSentinelFrame(FramesToCapture, BackTrace, &frames, Flags);
goto Exit;
}
Thread->CapturingUserModeStack = TRUE;
__try
{
frames += RtlWalkFrameChain(&BackTrace[frames],
FramesToCapture - frames,
RTL_WALK_USER_MODE_STACK);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
KphpTryAddSentinelFrame(FramesToCapture, BackTrace, &frames, Flags);
}
Thread->CapturingUserModeStack = FALSE;
Exit:
NT_ASSERT(frames <= FramesToCapture);
if (BackTraceHash)
{
*BackTraceHash = 0;
for (ULONG i = 0; i < frames; i++)
{
#pragma prefast(suppress: 6385)
*BackTraceHash += PtrToUlong(BackTrace[i]);
}
}
return frames;
}
/**
* \brief Captures a stack back trace.
*
* \param[in] FramesToSkip The number of kernel frames to skip.
* \param[in] FramesToCapture The number of frames to capture.
* \param[out] BackTrace Buffer to store the back trace in.
* \param[out] BackTraceHash Optionally receives a hash of the back trace.
* \param[in] Flags A combination of KPH_STACK_BACK_TRACE_* flags.
*
* \return The number of captured frames.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_Success_(return != 0)
ULONG KphCaptureStackBackTrace(
_In_ ULONG FramesToSkip,
_In_ ULONG FramesToCapture,
_Out_writes_(FramesToCapture) PVOID* BackTrace,
_Out_opt_ PULONG BackTraceHash,
_In_ ULONG Flags
)
{
ULONG frames;
PKPH_THREAD_CONTEXT thread;
KPH_NPAGED_CODE_DISPATCH_MAX();
if (FlagOn(Flags, KPH_STACK_BACK_TRACE_USER_MODE) &&
(KeGetCurrentIrql() < DISPATCH_LEVEL))
{
thread = KphGetCurrentThreadContext();
}
else
{
thread = NULL;
}
frames = KphpCaptureStackBackTrace(FramesToSkip,
FramesToCapture,
BackTrace,
BackTraceHash,
Flags,
thread);
if (thread)
{
KphDereferenceObject(thread);
}
return frames;
}
KPH_PAGED_FILE();
/**
* \brief Captures the current stack back trace into a back trace object.
*
* \param[in,out] BackTrace The back trace object to populate.
*/
_IRQL_requires_(APC_LEVEL)
_IRQL_requires_same_
VOID KphpCaptureStackBackTraceIntoObject(
_Inout_ PKPH_STACK_BACK_TRACE_OBJECT BackTrace
)
{
PULONG backTraceHash;
ULONG capturedFrames;
KPH_PAGED_CODE_APC();
if (BackTrace->DoHash)
{
backTraceHash = &BackTrace->BackTraceHash;
}
else
{
backTraceHash = NULL;
}
capturedFrames = KphpCaptureStackBackTrace(BackTrace->FramesToSkip,
BackTrace->FramesToCapture,
BackTrace->BackTrace,
backTraceHash,
BackTrace->Flags,
BackTrace->Thread);
BackTrace->CapturedFrames = capturedFrames;
KeSetEvent(&BackTrace->CompletedEvent, EVENT_INCREMENT, FALSE);
}
/**
* \brief APC routine for capturing the stack back trace of a thread.
*
* \param[in] Apc The ACP executed, contained within the back trace object.
* \param[in] NormalRoutine Unused.
* \param[in] NormalContext Unused.
* \param[in] SystemArgument1 Unused.
* \param[in] SystemArgument2 Unused.
*/
_Function_class_(KSI_KKERNEL_ROUTINE)
_IRQL_requires_(APC_LEVEL)
_IRQL_requires_same_
VOID KSIAPI KphpCaptureStackBackTraceThreadSpecialApc(
_In_ PKSI_KAPC Apc,
_Inout_ _Deref_pre_maybenull_ PKNORMAL_ROUTINE *NormalRoutine,
_Inout_ _Deref_pre_maybenull_ PVOID *NormalContext,
_Inout_ _Deref_pre_maybenull_ PVOID *SystemArgument1,
_Inout_ _Deref_pre_maybenull_ PVOID *SystemArgument2
)
{
PKPH_STACK_BACK_TRACE_OBJECT backTrace;
KPH_PAGED_CODE_APC();
UNREFERENCED_PARAMETER(NormalRoutine);
UNREFERENCED_PARAMETER(NormalContext);
UNREFERENCED_PARAMETER(SystemArgument1);
UNREFERENCED_PARAMETER(SystemArgument2);
backTrace = CONTAINING_RECORD(Apc, KPH_STACK_BACK_TRACE_OBJECT, Apc);
KphpCaptureStackBackTraceIntoObject(backTrace);
}
/**
* \brief APC cleanup routine for stack back trace capture.
*
* \param[in] Apc The ACP to clean up.
* \param[in] Reason Unused.
*/
_Function_class_(KSI_KCLEANUP_ROUTINE)
_IRQL_requires_min_(PASSIVE_LEVEL)
_IRQL_requires_max_(APC_LEVEL)
_IRQL_requires_same_
VOID KSIAPI KphpCaptureStackBackTraceThreadSpecialApcCleanup(
_In_ PKSI_KAPC Apc,
_In_ KSI_KAPC_CLEANUP_REASON Reason
)
{
PKPH_STACK_BACK_TRACE_OBJECT backTrace;
KPH_PAGED_CODE();
UNREFERENCED_PARAMETER(Apc);
DBG_UNREFERENCED_PARAMETER(Reason);
backTrace = CONTAINING_RECORD(Apc, KPH_STACK_BACK_TRACE_OBJECT, Apc);
KphDereferenceObject(backTrace);
}
/**
* \brief Allocates a stack back trace object.
*
* \param[in] Size The size to allocate.
*
* \return Allocated object, null on allocation failure.
*/
_Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
_Return_allocatesMem_size_(Size)
PVOID KSIAPI KphpStackBackTraceAllocate(
_In_ SIZE_T Size
)
{
KPH_PAGED_CODE();
return KphAllocateNPaged(Size, KPH_TAG_BACK_TRACE_OBJECT);
}
/**
* \brief Frees a stack back trace object.
*
* \param[in] Object The stack back trace object to free.
*/
_Function_class_(KPH_TYPE_FREE_PROCEDURE)
VOID KSIAPI KphpStackBackTraceFree(
_In_freesMem_ PVOID Object
)
{
KPH_PAGED_CODE();
KphFree(Object, KPH_TAG_BACK_TRACE_OBJECT);
}
/**
* \brief Initializes a stack back trace object.
*
* \param[in,out] Object The stack back trace object to initialize.
* \param[in] Parameter The thread to initialize the back trace object for.
*
* \return STATUS_SUCCESS
*/
_Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
_Must_inspect_result_
NTSTATUS KSIAPI KphpStackBackTraceInitialize(
_Inout_ PVOID Object,
_In_opt_ PVOID Parameter
)
{
PKPH_STACK_BACK_TRACE_OBJECT backTrace;
PETHREAD thread;
KPH_PAGED_CODE();
NT_ASSERT(Parameter);
backTrace = Object;
thread = Parameter;
KsiInitializeApc(&backTrace->Apc,
KphDriverObject,
thread,
OriginalApcEnvironment,
KphpCaptureStackBackTraceThreadSpecialApc,
KphpCaptureStackBackTraceThreadSpecialApcCleanup,
NULL,
KernelMode,
NULL);
KeInitializeEvent(&backTrace->CompletedEvent, NotificationEvent, FALSE);
backTrace->Thread = KphGetEThreadContext(thread);
return STATUS_SUCCESS;
}
/**
* \brief Deletes a stack back trace object.
*
* \param[in] Object The stack back trace object to delete.
*/
_Function_class_(KPH_TYPE_DELETE_PROCEDURE)
VOID KSIAPI KphpStackBackTraceDelete(
_Inout_ PVOID Object
)
{
PKPH_STACK_BACK_TRACE_OBJECT backTrace;
KPH_PAGED_CODE();
backTrace = Object;
if (backTrace->Thread)
{
KphDereferenceObject(backTrace->Thread);
}
}
/**
* \brief Captures a stack back trace for a given thread.
*
* \param[in] Thread The thread to capture the stack back trace of.
* \param[in] FramesToSkip The number of kernel frames to skip.
* \param[in] FramesToCapture The number of frames to capture.
* \param[out] BackTrace Buffer to store the back trace in.
* \param[out] CapturedFrames Receives the number of captured frames.
* \param[out] BackTraceHash Optionally receives a hash of the back trace.
* \param[in] Flags A combination of KPH_STACK_BACK_TRACE_* flags.
* \param[in] Timeout Optionally specifies a timeout for the capture operation.
*
* \return STATUS_SUCCES, STATUS_TIMEOUT, or errant status.
*/
_IRQL_requires_max_(APC_LEVEL)
_Must_inspect_result_
NTSTATUS KphCaptureStackBackTraceThread(
_In_ PETHREAD Thread,
_In_ ULONG FramesToSkip,
_In_ ULONG FramesToCapture,
_Out_writes_(FramesToCapture) PVOID* BackTrace,
_Out_ PULONG CapturedFrames,
_Out_opt_ PULONG BackTraceHash,
_In_ ULONG Flags,
_In_opt_ PLARGE_INTEGER Timeout
)
{
NTSTATUS status;
ULONG backTraceSize;
PKPH_STACK_BACK_TRACE_OBJECT backTrace;
KPH_PAGED_CODE();
if (Thread == PsGetCurrentThread())
{
*CapturedFrames = KphCaptureStackBackTrace(FramesToSkip,
FramesToCapture,
BackTrace,
BackTraceHash,
Flags);
return (*CapturedFrames ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL);
}
NT_ASSERT(KphpStackBackTraceType);
*CapturedFrames = 0;
if (BackTraceHash)
{
*BackTraceHash = 0;
}
backTrace = NULL;
status = RtlULongAdd(FramesToCapture,
sizeof(KPH_STACK_BACK_TRACE_OBJECT),
&backTraceSize);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"RtlULongAdd failed: %!STATUS!",
status);
goto Exit;
}
status = KphCreateObject(KphpStackBackTraceType,
backTraceSize,
&backTrace,
Thread);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KphCreateObject failed: %!STATUS!",
status);
backTrace = NULL;
goto Exit;
}
backTrace->FramesToCapture = FramesToCapture;
backTrace->FramesToSkip = FramesToSkip;
backTrace->Flags = Flags;
backTrace->DoHash = (BackTraceHash != NULL);
//
// The APC could fire immediately we must reference before trying to queue.
//
KphReferenceObject(backTrace);
if (!KsiInsertQueueApc(&backTrace->Apc, NULL, NULL, IO_NO_INCREMENT))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KsiInsertQueueApc failed");
KphDereferenceObject(backTrace);
status = STATUS_UNSUCCESSFUL;
goto Exit;
}
status = KeWaitForSingleObject(&backTrace->CompletedEvent,
Executive,
KernelMode,
FALSE,
Timeout);
if (status != STATUS_SUCCESS)
{
NTSTATUS removeStatus;
NT_ASSERT(status == STATUS_TIMEOUT);
removeStatus = KsiRemoveQueueApc(&backTrace->Apc);
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"KsiRemoveQueueApc: %!STATUS!",
removeStatus);
goto Exit;
}
NT_ASSERT(backTrace->CapturedFrames <= FramesToCapture);
RtlCopyMemory(BackTrace,
backTrace->BackTrace,
backTrace->CapturedFrames * sizeof(PVOID));
*CapturedFrames = backTrace->CapturedFrames;
if (BackTraceHash)
{
*BackTraceHash = backTrace->BackTraceHash;
}
Exit:
if (backTrace)
{
KphDereferenceObject(backTrace);
}
return status;
}
/**
* \brief Initialized stack back trace infrastructure.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(PASSIVE_LEVEL)
_Must_inspect_result_
NTSTATUS KphInitializeStackBackTrace(
VOID
)
{
NTSTATUS status;
KPH_OBJECT_TYPE_INFO typeInfo;
SYSTEM_SINGLE_MODULE_INFORMATION info;
KPH_PAGED_CODE_PASSIVE();
typeInfo.Allocate = KphpStackBackTraceAllocate;
typeInfo.Initialize = KphpStackBackTraceInitialize;
typeInfo.Delete = KphpStackBackTraceDelete;
typeInfo.Free = KphpStackBackTraceFree;
typeInfo.Flags = 0;
KphCreateObjectType(&KphpStackBackTraceTypeName,
&typeInfo,
&KphpStackBackTraceType);
RtlZeroMemory(&info, sizeof(SYSTEM_SINGLE_MODULE_INFORMATION));
info.TargetModuleAddress = (PVOID)KphInitializeStackBackTrace;
status = ZwQuerySystemInformation(SystemSingleModuleInformation,
&info,
sizeof(SYSTEM_SINGLE_MODULE_INFORMATION),
NULL);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"ZwQuerySystemInformation failed: %!STATUS!",
status);
return status;
}
KphpSelfImageBase = info.ExInfo.BaseInfo.ImageBase;
KphpSelfImageEnd = Add2Ptr(KphpSelfImageBase, info.ExInfo.BaseInfo.ImageSize);
RtlZeroMemory(&info, sizeof(SYSTEM_SINGLE_MODULE_INFORMATION));
info.TargetModuleAddress = (PVOID)KsiInitializeApc;
status = ZwQuerySystemInformation(SystemSingleModuleInformation,
&info,
sizeof(SYSTEM_SINGLE_MODULE_INFORMATION),
NULL);
if (!NT_SUCCESS(status))
{
KphTracePrint(TRACE_LEVEL_VERBOSE,
GENERAL,
"ZwQuerySystemInformation failed: %!STATUS!",
status);
return status;
}
KphpKsiImageBase = info.ExInfo.BaseInfo.ImageBase;
KphpKsiImageEnd = Add2Ptr(KphpKsiImageBase, info.ExInfo.BaseInfo.ImageSize);
return STATUS_SUCCESS;
}
================================================
FILE: KSystemInformer/cid_table.c
================================================
/*
* Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.
*
* This file is part of System Informer.
*
* Authors:
*
* jxy-s 2022-2026
*
*/
#include <kph.h>
#include <trace.h>
#define KPH_CID_TABLE_LEVEL_MASK ((ULONG_PTR)3)
#define KPH_CID_TABLE_L0 ((ULONG_PTR)0)
#define KPH_CID_TABLE_L1 ((ULONG_PTR)1)
#define KPH_CID_TABLE_L2 ((ULONG_PTR)2)
#define KPH_CID_TABLE_POINTER_MASK ~KPH_CID_TABLE_LEVEL_MASK
#define KPH_CID_LIMIT (1 << 24)
#define KPH_CID_L0_COUNT (PAGE_SIZE / sizeof(KPH_CID_TABLE_ENTRY))
#define KPH_CID_L1_COUNT (PAGE_SIZE / sizeof(PKPH_CID_TABLE_ENTRY))
#define KPH_CID_L2_COUNT (KPH_CID_LIMIT / (KPH_CID_L0_COUNT * KPH_CID_L1_COUNT))
#define KPH_CID_MAX_L0 KPH_CID_L0_COUNT
#define KPH_CID_MAX_L1 (KPH_CID_L1_COUNT * KPH_CID_L0_COUNT)
#define KPH_CID_MAX_L2 (KPH_CID_L2_COUNT * KPH_CID_L1_COUNT * KPH_CID_L0_COUNT)
#define KPH_CID_MAX KPH_CID_MAX_L2
C_ASSERT(KPH_CID_MAX == KPH_CID_LIMIT);
#define KphpCidToId(x) ((ULONG_PTR)x / 4)
/**
* \brief Assigns an object to the table entry.
*
* \param[in,out] Entry The entry to assign to.
* \param[in] Object Optional object pointer to assign into the table entry.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphCidAssignObject(
_Inout_ PKPH_CID_TABLE_ENTRY Entry,
_In_opt_ PVOID Object
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
KphAtomicAssignObjectReference(&Entry->ObjectRef, Object);
}
/**
* \brief References the object in the table entry.
*
* \param[in,out] Entry The entry to reference the object of.
*
* \return Referenced object pointer, NULL if no object is assigned.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_Must_inspect_result_
PVOID KphCidReferenceObject(
_In_ PKPH_CID_TABLE_ENTRY Entry
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
return KphAtomicReferenceObject(&Entry->ObjectRef);
}
/**
* \brief Allocates a CID table for a given level.
*
* \param[in] Level The level to allocate for.
*
* \return Allocated table or null on allocation failure.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_When_(Level == KPH_CID_TABLE_L0, _Return_allocatesMem_size_(KPH_CID_L0_COUNT * sizeof(KPH_CID_TABLE_ENTRY)))
_When_(Level == KPH_CID_TABLE_L1, _Return_allocatesMem_size_(KPH_CID_L1_COUNT * sizeof(PKPH_CID_TABLE_ENTRY)))
_When_(Level == KPH_CID_TABLE_L2, _Return_allocatesMem_size_(KPH_CID_L2_COUNT * sizeof(PKPH_CID_TABLE_ENTRY)))
PVOID KphpCidAllocateTable(
_In_ ULONG_PTR Level
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
switch (Level)
{
case KPH_CID_TABLE_L0:
{
return KphAllocateNPaged(KPH_CID_L0_COUNT * sizeof(KPH_CID_TABLE_ENTRY),
KPH_TAG_CID_TABLE);
}
case KPH_CID_TABLE_L1:
{
return KphAllocateNPaged(KPH_CID_L1_COUNT * sizeof(PKPH_CID_TABLE_ENTRY),
KPH_TAG_CID_TABLE);
}
case KPH_CID_TABLE_L2:
{
return KphAllocateNPaged(KPH_CID_L2_COUNT * sizeof(PKPH_CID_TABLE_ENTRY),
KPH_TAG_CID_TABLE);
}
default:
{
NT_ASSERT(FALSE);
break;
}
}
return NULL;
}
/**
* \brief Creates and initializes a CID table
*
* \param[out] Table The table to create an initialize.
*
* \return Successful or errant status.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
_Must_inspect_result_
NTSTATUS KphCidTableCreate(
_Out_ PKPH_CID_TABLE Table
)
{
KPH_NPAGED_CODE_DISPATCH_MAX();
Table->Table = (ULONG_PTR)KphpCidAllocateTable(KPH_CID_TABLE_L0);
if (!Table->Table)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
KeInitializeSpinLock(&Table->Lock);
return STATUS_SUCCESS;
}
/**
* \brief Deletes a CID table.
*
* \param[in] Table The table to delete.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
VOID KphCidTableDelete(
_In_ PKPH_CID_TABLE Table
)
{
ULONG_PTR tableCode;
PKPH_CID_TABLE_ENTRY tableL0;
PKPH_CID_TABLE_ENTRY* tableL1;
PKPH_CID_TABLE_ENTRY** tableL2;
KPH_NPAGED_CODE_DISPATCH_MAX();
tableCode = ReadULongPtrAcquire(&Table->Table);
if (!tableCode)
{
return;
}
switch (tableCode & KPH_CID_TABLE_LEVEL_MASK)
{
case KPH_CID_TABLE_L0:
{
tableL0 = (PKPH_CID_TABLE_ENTRY)(tableCode & KPH_CID_TABLE_POINTER_MASK);
NT_ASSERT(tableL0);
KphFree(tableL0, KPH_TAG_CID_TABLE);
break;
}
case KPH_CID_TABLE_L1:
{
tableL1 = (PKPH_CID_TABLE_ENTRY*)(tableCode & KPH_CID_TABLE_POINTER_MASK);
NT_ASSERT(tableL1);
for (ULONG i = 0; i < KPH_CID_L1_COUNT; i++)
{
#pragma prefast(suppress : 6001) // memory is initialized
if (tableL1[i])
{
KphFree(tableL1[i], KPH_TAG_CID_TABLE);
}
}
KphFree(tableL1, KPH_TAG_CID_TABLE);
break;
}
case KPH_CID_TABLE_L2:
{
tableL2 = (PKPH_CID_TABLE_ENTRY**)(tableCode & KPH_CID_TABLE_POINTER_MASK);
NT_ASSERT(tableL2);
for (ULONG i = 0; i < KPH_CID_L2_COUNT; i++)
{
tableL1 = tableL2[i];
if (!tableL1)
{
continue;
}
for (ULONG j = 0; j < KPH_CID_L1_COUNT; j++)
{
#pragma prefast(suppress : 6001) // memory is initialized
if (tableL1[j])
{
KphFree(tableL1[j], KPH_TAG_CID_TABLE);
}
}
KphFree(tableL1, KPH_TAG_CID_TABLE);
}
KphFree(tableL2, KPH_TAG_CID_TABLE);
break;
}
default:
{
NT_ASSERT(FALSE);
break;
}
}
}
/**
* \brief Looks up an entry in the CID table.
*
* \param[in] Cid The CID to look up the entry of.
* \param[in] Table The table to look up the CID in.
*
* \return Pointer to the CID table entry, null if the table hasn't been
* expanded enough.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
PKPH_CID_TABLE_ENTRY KphpCidLookupEntry(
_In_ HANDLE Cid,
_In_ PKPH_CID_TABLE Table
)
{
ULONG_PTR table;
PKPH_CID_TABLE_ENTRY tableL0;
PKPH_CID_TABLE_ENTRY* tableL1;
PKPH_CID_TABLE_ENTRY** tableL2;
ULONG_PTR id;
KPH_NPAGED_CODE_DISPATCH_MAX();
id = KphpCidToId(Cid);
table = ReadULongPtrAcquire(&Table->Table);
switch (table & KPH_CID_TABLE_LEVEL_MASK)
{
case KPH_CID_TABLE_L0:
{
if (id >= KPH_CID_MAX_L0)
{
return NULL;
}
tableL0 = (PKPH_CID_TABLE_ENTRY)(table & KPH_CID_TABLE_POINTER_MASK);
return &tableL0[id];
}
case KPH_CID_TABLE_L1:
{
if (id >= KPH_CID_MAX_L1)
{
return NULL;
}
tableL1 = (PKPH_CID_TABLE_ENTRY*)(table & KPH_CID_TABLE_POINTER_MASK);
tableL0 = tableL1[id / KPH_CID_MAX_L0];
if (!tableL0)
{
return NULL;
}
return &tableL0[id % KPH_CID_MAX_L0];
}
case KPH_CID_TABLE_L2:
{
if (id >= KPH_CID_MAX_L2)
{
return NULL;
}
tableL2 = (PKPH_CID_TABLE_ENTRY**)(table & KPH_CID_TABLE_POINTER_MASK);
tableL1 = tableL2[id / KPH_CID_MAX_L1];
if (!tableL1)
{
return NULL;
}
tableL0 = tableL1[(id % KPH_CID_MAX_L1) / KPH_CID_MAX_L0];
if (!tableL0)
{
return NULL;
}
return &tableL0[(id % KPH_CID_MAX_L1) % KPH_CID_MAX_L0];
}
default:
{
NT_ASSERT(FALSE);
return NULL;
}
}
}
/**
* \brief Expands a CID table making it capable of holding an entry for a CID.
*
* \param[in] Cid The CID for which the table should be expanded for.
* \param[in,out] Table The table that should be expanded to hold the CID.
*
* \return Pointer to the table entry for the CID, null on allocation failure.
*/
_IRQL_requires_max_(DISPATCH_LEVEL)
PKPH_CID_TABLE_ENTRY KphpCidExpandTableFor(
_In_ HANDLE Cid,
_Inout_ PKPH_CID_TABLE Table
)
{
PKPH_CID_TABLE_ENTRY entry;
ULONG_PTR table;
ULONG_PTR level;
PKPH_CID_TABLE_ENTRY tableL0;
PKPH_CID_TABLE_ENTRY* tableL1;
PKPH_CID_TABLE_ENTRY** tableL2;
ULONG_PTR id;
KIRQL oldIrql;
KPH_NPAGED_CODE_DISPATCH_MAX();
id = KphpCidToId(Cid);
if (id >= KPH_CID_MAX)
{
//
// We can't, as of now, service CIDs over the maximum. It is extremely
// unlikely we'll ever get here. The system is likely to run out of
// memory before this happens. It also should be impossible given the
// limit enforced by handle tables for PspCidTable. Unless Microsoft
// changes it, the limit is 1 << 24.
//
NT_ASSERT(FALSE);
return NULL;
}
KeAcquireSpinLock(&Table->Lock, &oldIrql);
//
// See if another thread beat us.
//
entry = KphpCidLookupEntry(Cid, Table);
if (entry)
{
//
// Rock and roll!
//
goto Exit;
}
//
// We are the chosen one. Go expand the tree.
//
table = ReadULongPtrAcquire(&Table->Table);
level = (table & KPH_CID_TABLE_LEVEL_MASK);
if (level == KPH_CID_TABLE_L0)
{
//
// If we're here then we *must* be migrating to level 1.
//
NT_ASSERT(id >= KPH_CID_MAX_L0);
tableL1 = KphpCidAllocateTable(KPH_CID_TABLE_L1);
if (!tableL1)
{
entry = NULL;
goto Exit;
}
tableL1[0] = (PKPH_CID_TABLE_ENTRY)(table & KPH_CID_TABLE_POINTER_MASK);
table = ((ULONG_PTR)tableL1 | KPH_CID_TABLE_L1);
level = KPH_CID_TABLE_L1;
InterlockedExchangePointer((PVOID*)&Table->Table, (PVOID)table);
//
// Fall through for level 1 expansion.
//
}
if (level == KPH_CID_TABLE_L1)
{
if (id < KPH_CID_MAX_L1)
{
//
// Allocate a new block in the level 1 table.
//
tableL1 = (PKPH_CID_TABLE_ENTRY*)(table & KPH_CID_TABLE_POINTER_M
gitextract_4bdkv5wf/
├── .editorconfig
├── .gitattributes
├── .github/
│ ├── CODEOWNERS
│ ├── FUNDING.yml
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yml
│ │ ├── config.yml
│ │ └── feature_request.yml
│ └── workflows/
│ ├── cla.yml
│ ├── cmake.yml
│ ├── msbuild.yml
│ └── scan.yml
├── .gitignore
├── .vscode/
│ ├── launch.json
│ └── tasks.json
├── .vsconfig
├── CHANGELOG.txt
├── CLA.md
├── CMakeLists.txt
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── COPYRIGHT.txt
├── Common.Kernel.props
├── Common.Kernel.ruleset
├── Common.User.props
├── Directory.Build.props
├── HACKING.md
├── KSystemInformer/
│ ├── Directory.Build.props
│ ├── KSystemInformer.inf
│ ├── KSystemInformer.sln
│ ├── KSystemInformer.slnx
│ ├── KSystemInformer.vcxproj
│ ├── KSystemInformer.vcxproj.filters
│ ├── README.md
│ ├── alloc.c
│ ├── alpc.c
│ ├── back_trace.c
│ ├── bin-signed/
│ │ ├── amd64/
│ │ │ ├── ksi.pdb
│ │ │ ├── systeminformer.pdb
│ │ │ └── systeminformer.sys
│ │ └── arm64/
│ │ ├── ksi.pdb
│ │ ├── systeminformer.pdb
│ │ └── systeminformer.sys
│ ├── cid_table.c
│ ├── cid_tracking.c
│ ├── comms.c
│ ├── comms_handlers.c
│ ├── device.c
│ ├── driver.c
│ ├── dyndata.c
│ ├── dynimp.c
│ ├── file.c
│ ├── hash.c
│ ├── imgcoherency.c
│ ├── include/
│ │ ├── comms.h
│ │ ├── informer.h
│ │ ├── informer_filep.h
│ │ ├── kph.h
│ │ ├── ntfill.h
│ │ ├── pooltags.h
│ │ └── trace.h
│ ├── informer.c
│ ├── informer_debug.c
│ ├── informer_file.c
│ ├── informer_filenc.c
│ ├── informer_fileop.c
│ ├── informer_image.c
│ ├── informer_object.c
│ ├── informer_process.c
│ ├── informer_registry.c
│ ├── informer_thread.c
│ ├── knowndll.c
│ ├── kphobject.c
│ ├── kphthread.c
│ ├── ksidll.c
│ ├── ksidll.def
│ ├── ksidll.vcxproj
│ ├── lsa.c
│ ├── main.c
│ ├── object.c
│ ├── parameters.c
│ ├── process.c
│ ├── protection.c
│ ├── ratelmt.c
│ ├── resource.rc
│ ├── ringbuff.c
│ ├── session_token.c
│ ├── system.c
│ ├── thread.c
│ ├── umaccess.c
│ ├── util.c
│ ├── verify.c
│ └── vm.c
├── LICENSE.txt
├── README.md
├── README.txt
├── SECURITY.md
├── SystemInformer/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── SystemInformer.def
│ ├── SystemInformer.def.h
│ ├── SystemInformer.manifest
│ ├── SystemInformer.rc
│ ├── SystemInformer.vcxproj
│ ├── SystemInformer.vcxproj.filters
│ ├── about.c
│ ├── actions.c
│ ├── admintask.c
│ ├── affinity.c
│ ├── anawait.c
│ ├── appsup.c
│ ├── chcol.c
│ ├── chdlg.c
│ ├── chproc.c
│ ├── colmgr.c
│ ├── colsetmgr.c
│ ├── dbgcon.c
│ ├── delayhook.c
│ ├── delayload.c
│ ├── devprv.c
│ ├── extmgr.c
│ ├── findobj.c
│ ├── gdihndl.c
│ ├── heapinfo.c
│ ├── hidnproc.c
│ ├── hndllist.c
│ ├── hndlmenu.c
│ ├── hndlprp.c
│ ├── hndlprv.c
│ ├── hndlstat.c
│ ├── include/
│ │ ├── actions.h
│ │ ├── appsup.h
│ │ ├── colmgr.h
│ │ ├── colsetmgr.h
│ │ ├── devprv.h
│ │ ├── extmgr.h
│ │ ├── extmgri.h
│ │ ├── heapstruct.h
│ │ ├── hidnproc.h
│ │ ├── hndllist.h
│ │ ├── hndlmenu.h
│ │ ├── hndlprv.h
│ │ ├── informer.h
│ │ ├── ksisup.h
│ │ ├── mainwnd.h
│ │ ├── mainwndp.h
│ │ ├── memlist.h
│ │ ├── memprv.h
│ │ ├── memsrch.h
│ │ ├── miniinfo.h
│ │ ├── miniinfop.h
│ │ ├── modlist.h
│ │ ├── modprv.h
│ │ ├── netlist.h
│ │ ├── netprv.h
│ │ ├── notifico.h
│ │ ├── notificop.h
│ │ ├── notiftoast.h
│ │ ├── phapp.h
│ │ ├── phappres.h
│ │ ├── phfwddef.h
│ │ ├── phplug.h
│ │ ├── phsettings.h
│ │ ├── phsvc.h
│ │ ├── phsvcapi.h
│ │ ├── phsvccl.h
│ │ ├── phuisup.h
│ │ ├── procgrp.h
│ │ ├── procmtgn.h
│ │ ├── procprp.h
│ │ ├── procprpp.h
│ │ ├── procprv.h
│ │ ├── proctree.h
│ │ ├── srvlist.h
│ │ ├── srvprv.h
│ │ ├── sysinfo.h
│ │ ├── sysinfop.h
│ │ ├── thrdlist.h
│ │ └── thrdprv.h
│ ├── infodlg.c
│ ├── informer.c
│ ├── itemtips.c
│ ├── jobprp.c
│ ├── kdump.c
│ ├── ksidbg.c
│ ├── ksisup.c
│ ├── ksyscall.c
│ ├── log.c
│ ├── logwnd.c
│ ├── main.c
│ ├── mainwnd.c
│ ├── mdump.c
│ ├── memedit.c
│ ├── memlist.c
│ ├── memlists.c
│ ├── memmod.c
│ ├── memprot.c
│ ├── memprv.c
│ ├── memrslt.c
│ ├── memsrch.c
│ ├── memsrcht.c
│ ├── miniinfo.c
│ ├── modlist.c
│ ├── modprv.c
│ ├── mtgndlg.c
│ ├── mwpgdev.c
│ ├── mwpgnet.c
│ ├── mwpgproc.c
│ ├── mwpgsrv.c
│ ├── netlist.c
│ ├── netprv.c
│ ├── netstk.c
│ ├── netsup.c
│ ├── notifico.c
│ ├── notiftoast.cpp
│ ├── ntobjprp.c
│ ├── options.c
│ ├── pagfiles.c
│ ├── phsvc/
│ │ ├── clapi.c
│ │ ├── svcapi.c
│ │ ├── svcapiport.c
│ │ ├── svcclient.c
│ │ └── svcmain.c
│ ├── plugin.c
│ ├── plugman.c
│ ├── procgrp.c
│ ├── procmtgn.c
│ ├── procprp.c
│ ├── procprv.c
│ ├── procrec.c
│ ├── proctree.c
│ ├── prpgenv.c
│ ├── prpggen.c
│ ├── prpghndl.c
│ ├── prpgjob.c
│ ├── prpgmem.c
│ ├── prpgmod.c
│ ├── prpgperf.c
│ ├── prpgsrv.c
│ ├── prpgstat.c
│ ├── prpgthrd.c
│ ├── prpgtok.c
│ ├── prpgvdm.c
│ ├── prpgwmi.c
│ ├── resource.h
│ ├── resources/
│ │ ├── capslist.txt
│ │ ├── etwguids.txt
│ │ └── pooltag.txt
│ ├── runas.c
│ ├── searchbox.c
│ ├── sessmsg.c
│ ├── sessprp.c
│ ├── sessshad.c
│ ├── settings.c
│ ├── srvcr.c
│ ├── srvctl.c
│ ├── srvlist.c
│ ├── srvprp.c
│ ├── srvprv.c
│ ├── sysinfo.c
│ ├── syssccpu.c
│ ├── sysscio.c
│ ├── sysscmem.c
│ ├── thrdlist.c
│ ├── thrdprv.c
│ ├── thrdstk.c
│ ├── thrdstks.c
│ ├── tokprp.c
│ ├── usrlist.c
│ └── version.rc
├── SystemInformer.natvis
├── SystemInformer.sln
├── SystemInformer.slnx
├── build/
│ ├── KSystemInformer.ddf
│ ├── README.md
│ ├── build_clean.cmd
│ ├── build_cmake.cmd
│ ├── build_compile_commands.cmd
│ ├── build_debug.cmd
│ ├── build_devenv.cmd
│ ├── build_dyndata.cmd
│ ├── build_header.cmd
│ ├── build_init.cmd
│ ├── build_msix.cmd
│ ├── build_release.cmd
│ ├── build_sdk.cmd
│ ├── build_sdk_rebuild.cmd
│ ├── build_thirdparty.cmd
│ ├── build_tools.cmd
│ ├── build_verbose.cmd
│ ├── build_zdriver.cmd
│ ├── build_zdriver_cab.cmd
│ ├── build_zdriver_sdk.cmd
│ ├── build_zsign.cmd
│ └── build_zwntapi.ps1
├── cmake/
│ ├── commands.cmake
│ ├── platform.cmake
│ ├── prefast.cmake
│ ├── toolchain/
│ │ ├── clang-msvc-amd64.cmake
│ │ ├── clang-msvc-arm64.cmake
│ │ ├── clang-msvc-x86.cmake
│ │ ├── clang-msvc.cmake
│ │ ├── finalize-msvc.cmake
│ │ ├── msvc-amd64.cmake
│ │ ├── msvc-arm64.cmake
│ │ ├── msvc-x86.cmake
│ │ ├── msvc.cmake
│ │ └── override-msvc.cmake
│ ├── tools.cmake
│ └── tracewpp.cmake
├── kphlib/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── include/
│ │ ├── kphapi.h
│ │ ├── kphdyn.h
│ │ ├── kphdyndata.h
│ │ ├── kphlibbase.h
│ │ ├── kphmsg.h
│ │ ├── kphmsgdefs.h
│ │ ├── kphmsgdyn.h
│ │ ├── kphringbuff.h
│ │ ├── sistatus.h
│ │ └── sistatus.rc
│ ├── kphdyn.c
│ ├── kphdyn.xml
│ ├── kphdyndata.c
│ ├── kphlib_km.filters
│ ├── kphlib_km.vcxproj
│ ├── kphlib_km.vcxproj.filters
│ ├── kphlib_um.vcxproj
│ ├── kphlib_um.vcxproj.filters
│ ├── kphmsg.c
│ ├── kphmsgdyn.c
│ ├── kphringbuff.c
│ └── sistatus.mc
├── packages.config
├── phlib/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── apiimport.c
│ ├── apistubs.cpp
│ ├── appresolver.c
│ ├── appruntime.c
│ ├── avltree.c
│ ├── basestring.c
│ ├── basesup.c
│ ├── bcd.cpp
│ ├── circbuf.c
│ ├── circbuf_i.h
│ ├── colorbox.c
│ ├── cpysave.c
│ ├── data.c
│ ├── directdraw.cpp
│ ├── dspick.c
│ ├── emenu.c
│ ├── error.c
│ ├── extlv.c
│ ├── fastlock.c
│ ├── filepool.c
│ ├── filestream.c
│ ├── firmware.c
│ ├── format.c
│ ├── format_i.h
│ ├── format_std.cpp
│ ├── global.c
│ ├── graph.c
│ ├── guisup.c
│ ├── guisuplistview.cpp
│ ├── handle.c
│ ├── hexedit.c
│ ├── hndlinfo.c
│ ├── http.c
│ ├── hvsocketcontrol.c
│ ├── icotobmp.c
│ ├── imgcoherency.c
│ ├── include/
│ │ ├── apiimport.h
│ │ ├── appresolver.h
│ │ ├── appresolverp.h
│ │ ├── bcd.h
│ │ ├── circbuf.h
│ │ ├── circbuf_h.h
│ │ ├── colorbox.h
│ │ ├── cpysave.h
│ │ ├── dltmgr.h
│ │ ├── dspick.h
│ │ ├── emenu.h
│ │ ├── exlf.h
│ │ ├── exprodid.h
│ │ ├── fastlock.h
│ │ ├── filepool.h
│ │ ├── filepoolp.h
│ │ ├── filestream.h
│ │ ├── filestreamp.h
│ │ ├── graph.h
│ │ ├── guisup.h
│ │ ├── guisupp.h
│ │ ├── guisupview.h
│ │ ├── handle.h
│ │ ├── handlep.h
│ │ ├── hexedit.h
│ │ ├── hexeditp.h
│ │ ├── hndlinfo.h
│ │ ├── hvsocketcontrol.h
│ │ ├── json.h
│ │ ├── kphcomms.h
│ │ ├── kphuser.h
│ │ ├── lsamsup.h
│ │ ├── lsasup.h
│ │ ├── mapimg.h
│ │ ├── mapldr.h
│ │ ├── ph.h
│ │ ├── phafd.h
│ │ ├── phbase.h
│ │ ├── phbasesup.h
│ │ ├── phconfig.h
│ │ ├── phconsole.h
│ │ ├── phdata.h
│ │ ├── phfirmware.h
│ │ ├── phintrin.h
│ │ ├── phintrnl.h
│ │ ├── phnative.h
│ │ ├── phnativeinl.h
│ │ ├── phnet.h
│ │ ├── phsup.h
│ │ ├── phutil.h
│ │ ├── provider.h
│ │ ├── queuedlock.h
│ │ ├── ref.h
│ │ ├── refp.h
│ │ ├── searchbox.h
│ │ ├── secedit.h
│ │ ├── seceditp.h
│ │ ├── secwmi.h
│ │ ├── settings.h
│ │ ├── strsrch.h
│ │ ├── svcsup.h
│ │ ├── symprv.h
│ │ ├── symprvp.h
│ │ ├── templ.h
│ │ ├── thirdparty.h
│ │ ├── trace.h
│ │ ├── treenew.h
│ │ ├── treenewp.h
│ │ ├── verify.h
│ │ ├── verifyp.h
│ │ ├── workqueue.h
│ │ ├── workqueuep.h
│ │ └── wslsup.h
│ ├── json.c
│ ├── kph.c
│ ├── kphcomms.c
│ ├── lsamsup.c
│ ├── lsasup.c
│ ├── mapexlf.c
│ ├── mapimg.c
│ ├── mapldr.c
│ ├── maplib.c
│ ├── native.c
│ ├── nativefile.c
│ ├── nativeflt.c
│ ├── nativejob.c
│ ├── nativekey.c
│ ├── nativemodule.c
│ ├── nativepipe.c
│ ├── nativeprocess.c
│ ├── nativesocket.c
│ ├── nativethread.c
│ ├── nativetoken.c
│ ├── nativetxn.c
│ ├── nativeuser.c
│ ├── phlib.vcxproj
│ ├── phlib.vcxproj.filters
│ ├── provider.c
│ ├── queuedlock.c
│ ├── ref.c
│ ├── searchbox.c
│ ├── secdata.c
│ ├── secedit.c
│ ├── secwmi.c
│ ├── settings.c
│ ├── strsrch.c
│ ├── svcsup.c
│ ├── symprv.c
│ ├── symprv_std.cpp
│ ├── sync.c
│ ├── theme.c
│ ├── treenew.c
│ ├── util.c
│ ├── verify.c
│ ├── workqueue.c
│ └── wslsup.c
├── phnt/
│ ├── CMakeLists.txt
│ ├── README.md
│ ├── include/
│ │ ├── ntafd.h
│ │ ├── ntbcd.h
│ │ ├── ntdbg.h
│ │ ├── ntexapi.h
│ │ ├── ntgdi.h
│ │ ├── ntimage.h
│ │ ├── ntintsafe.h
│ │ ├── ntioapi.h
│ │ ├── ntkeapi.h
│ │ ├── ntldr.h
│ │ ├── ntlpcapi.h
│ │ ├── ntmisc.h
│ │ ├── ntmmapi.h
│ │ ├── ntnls.h
│ │ ├── ntobapi.h
│ │ ├── ntpebteb.h
│ │ ├── ntpfapi.h
│ │ ├── ntpnpapi.h
│ │ ├── ntpoapi.h
│ │ ├── ntpsapi.h
│ │ ├── ntregapi.h
│ │ ├── ntrtl.h
│ │ ├── ntsam.h
│ │ ├── ntseapi.h
│ │ ├── ntsmss.h
│ │ ├── ntstrsafe.h
│ │ ├── ntsxs.h
│ │ ├── nttmapi.h
│ │ ├── nttp.h
│ │ ├── ntuser.h
│ │ ├── ntwmi.h
│ │ ├── ntwow64.h
│ │ ├── ntxcapi.h
│ │ ├── ntzwapi.h
│ │ ├── phnt.h
│ │ ├── phnt_ntdef.h
│ │ ├── phnt_windows.h
│ │ ├── smbios.h
│ │ ├── subprocesstag.h
│ │ ├── usermgr.h
│ │ └── winsta.h
│ ├── meson.build
│ └── zw_options.txt
├── plugins/
│ ├── CMakeLists.txt
│ ├── Directory.Build.props
│ ├── DotNetTools/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── DotNetTools.rc
│ │ ├── DotNetTools.vcxproj
│ │ ├── DotNetTools.vcxproj.filters
│ │ ├── asmpage.c
│ │ ├── clr/
│ │ │ ├── LICENSE.TXT
│ │ │ ├── clrdata.h
│ │ │ ├── cor.h
│ │ │ ├── corsym.h
│ │ │ ├── dacprivate.h
│ │ │ ├── dbgappdomain.h
│ │ │ ├── ipcenums.h
│ │ │ ├── ipcheader.h
│ │ │ ├── ipcshared.h
│ │ │ ├── perfcounterdefs.h
│ │ │ ├── sospriv.h
│ │ │ └── xclrdata.h
│ │ ├── clretw.h
│ │ ├── clrsup.c
│ │ ├── clrsup.h
│ │ ├── counters.c
│ │ ├── dn.h
│ │ ├── main.c
│ │ ├── perfpage.c
│ │ ├── resource.h
│ │ ├── stackext.c
│ │ ├── svcext.c
│ │ ├── svcext.h
│ │ ├── treeext.c
│ │ └── version.rc
│ ├── ExtendedNotifications/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── ExtendedNotifications.rc
│ │ ├── ExtendedNotifications.vcxproj
│ │ ├── ExtendedNotifications.vcxproj.filters
│ │ ├── extnoti.h
│ │ ├── filelog.c
│ │ ├── main.c
│ │ ├── resource.h
│ │ └── version.rc
│ ├── ExtendedServices/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── ExtendedServices.rc
│ │ ├── ExtendedServices.vcxproj
│ │ ├── ExtendedServices.vcxproj.filters
│ │ ├── depend.c
│ │ ├── extsrv.h
│ │ ├── main.c
│ │ ├── other.c
│ │ ├── recovery.c
│ │ ├── resource.h
│ │ ├── srvprgrs.c
│ │ ├── svcpkg.c
│ │ ├── svcpnp.c
│ │ ├── trigger.c
│ │ ├── triggpg.c
│ │ └── version.rc
│ ├── ExtendedTools/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── Efi/
│ │ │ ├── EfiDevicePath.h
│ │ │ └── EfiTypes.h
│ │ ├── ExtendedTools.rc
│ │ ├── ExtendedTools.vcxproj
│ │ ├── ExtendedTools.vcxproj.filters
│ │ ├── PresentMon/
│ │ │ ├── ETW/
│ │ │ │ ├── Microsoft_Windows_D3D9.h
│ │ │ │ ├── Microsoft_Windows_DXGI.h
│ │ │ │ ├── Microsoft_Windows_Dwm_Core.h
│ │ │ │ ├── Microsoft_Windows_DxgKrnl.h
│ │ │ │ ├── Microsoft_Windows_EventMetadata.h
│ │ │ │ └── Microsoft_Windows_Win32k.h
│ │ │ ├── LICENSE.txt
│ │ │ ├── PresentMon.cpp
│ │ │ ├── PresentMon.hpp
│ │ │ ├── PresentMonTraceConsumer.cpp
│ │ │ ├── PresentMonTraceConsumer.hpp
│ │ │ ├── TraceConsumer.cpp
│ │ │ ├── TraceConsumer.hpp
│ │ │ └── TraceSession.cpp
│ │ ├── counters.c
│ │ ├── d3dkmt/
│ │ │ ├── LICENSE
│ │ │ ├── d3dkmdt.h
│ │ │ ├── d3dkmthk.h
│ │ │ └── d3dukmdt.h
│ │ ├── disktab.c
│ │ ├── disktabp.h
│ │ ├── efi_guid_list.h
│ │ ├── etwdisk.c
│ │ ├── etwmini.c
│ │ ├── etwmini.h
│ │ ├── etwmon.c
│ │ ├── etwmon.h
│ │ ├── etwprprp.c
│ │ ├── etwstat.c
│ │ ├── etwsys.c
│ │ ├── etwsys.h
│ │ ├── extension/
│ │ │ └── plugin.h
│ │ ├── exttools.h
│ │ ├── firmware.c
│ │ ├── firmware_editor.c
│ │ ├── framemon.cpp
│ │ ├── framemon.h
│ │ ├── frameprp.c
│ │ ├── fwmon.c
│ │ ├── fwtab.c
│ │ ├── gpudetails.c
│ │ ├── gpumini.c
│ │ ├── gpumini.h
│ │ ├── gpumon.c
│ │ ├── gpumon.h
│ │ ├── gpunodes.c
│ │ ├── gpuprprp.c
│ │ ├── gpusys.c
│ │ ├── gpusys.h
│ │ ├── iconext.c
│ │ ├── main.c
│ │ ├── modsrv.c
│ │ ├── namedpipes.c
│ │ ├── npudetails.c
│ │ ├── npumini.c
│ │ ├── npumini.h
│ │ ├── npumon.c
│ │ ├── npumon.h
│ │ ├── npunodes.c
│ │ ├── npuprprp.c
│ │ ├── npusys.c
│ │ ├── npusys.h
│ │ ├── objmgr.c
│ │ ├── objprp.c
│ │ ├── options.c
│ │ ├── pooldb.c
│ │ ├── pooldialog.c
│ │ ├── pooldialogbig.c
│ │ ├── poolmon.h
│ │ ├── pooltree.c
│ │ ├── reparse.c
│ │ ├── resource.h
│ │ ├── smbios.c
│ │ ├── svcext.c
│ │ ├── thrdact.c
│ │ ├── tpm.c
│ │ ├── tpm.h
│ │ ├── tpm_editor.c
│ │ ├── treeext.c
│ │ ├── unldll.c
│ │ ├── utils.c
│ │ ├── version.rc
│ │ ├── waitchain.c
│ │ └── wswatch.c
│ ├── HardwareDevices/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── HardwareDevices.rc
│ │ ├── HardwareDevices.vcxproj
│ │ ├── HardwareDevices.vcxproj.filters
│ │ ├── adapter.c
│ │ ├── d3dkmt/
│ │ │ ├── LICENSE
│ │ │ ├── d3dkmdt.h
│ │ │ ├── d3dkmthk.h
│ │ │ └── d3dukmdt.h
│ │ ├── deviceprops.c
│ │ ├── devices.h
│ │ ├── devicetree.c
│ │ ├── disk.c
│ │ ├── diskdetails.c
│ │ ├── diskgraph.c
│ │ ├── disknotify.c
│ │ ├── diskoptions.c
│ │ ├── fmifs.h
│ │ ├── gpu.c
│ │ ├── gpudetails.c
│ │ ├── gpugraph.c
│ │ ├── gpunodes.c
│ │ ├── gpuoptions.c
│ │ ├── graphics.c
│ │ ├── main.c
│ │ ├── ndis.c
│ │ ├── ndiswlan.c
│ │ ├── ndiswlan.h
│ │ ├── netdetails.c
│ │ ├── netgraph.c
│ │ ├── netoptions.c
│ │ ├── power.c
│ │ ├── powergraph.c
│ │ ├── poweroptions.c
│ │ ├── prpsh.c
│ │ ├── prpsh.h
│ │ ├── resource.h
│ │ ├── storage.c
│ │ └── version.rc
│ ├── NetworkTools/
│ │ ├── CMakeLists.txt
│ │ ├── NetworkTools.rc
│ │ ├── NetworkTools.vcxproj
│ │ ├── NetworkTools.vcxproj.filters
│ │ ├── country.c
│ │ ├── main.c
│ │ ├── nettools.h
│ │ ├── options.c
│ │ ├── pages.c
│ │ ├── ping.c
│ │ ├── ports.c
│ │ ├── resource.h
│ │ ├── resources/
│ │ │ └── licence.txt
│ │ ├── tracert.c
│ │ ├── tracert.h
│ │ ├── tracetree.c
│ │ ├── update.c
│ │ ├── version.rc
│ │ └── whois.c
│ ├── OnlineChecks/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── OnlineChecks.rc
│ │ ├── OnlineChecks.vcxproj
│ │ ├── OnlineChecks.vcxproj.filters
│ │ ├── api.c
│ │ ├── main.c
│ │ ├── onlnchk.h
│ │ ├── options.c
│ │ ├── page1.c
│ │ ├── page2.c
│ │ ├── page3.c
│ │ ├── page4.c
│ │ ├── resource.h
│ │ ├── scan.c
│ │ ├── upload.c
│ │ └── version.rc
│ ├── Plugins.props
│ ├── Plugins.sln
│ ├── Plugins.slnx
│ ├── ToolStatus/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── ToolStatus.rc
│ │ ├── ToolStatus.vcxproj
│ │ ├── ToolStatus.vcxproj.filters
│ │ ├── customizesb.c
│ │ ├── customizetb.c
│ │ ├── filter.c
│ │ ├── find.c
│ │ ├── graph.c
│ │ ├── main.c
│ │ ├── options.c
│ │ ├── plugin.c
│ │ ├── resource.h
│ │ ├── statusbar.c
│ │ ├── taskbar.c
│ │ ├── toolbar.c
│ │ ├── toolbarsup.c
│ │ ├── toolstatus.h
│ │ └── version.rc
│ ├── Updater/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── Updater.rc
│ │ ├── Updater.vcxproj
│ │ ├── Updater.vcxproj.filters
│ │ ├── main.c
│ │ ├── options.c
│ │ ├── page1.c
│ │ ├── page2.c
│ │ ├── page3.c
│ │ ├── page4.c
│ │ ├── page5.c
│ │ ├── resource.h
│ │ ├── updater.c
│ │ ├── updater.h
│ │ ├── verify.c
│ │ └── version.rc
│ ├── UserNotes/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── UserNotes.rc
│ │ ├── UserNotes.vcxproj
│ │ ├── UserNotes.vcxproj.filters
│ │ ├── db.c
│ │ ├── db.h
│ │ ├── main.c
│ │ ├── options.c
│ │ ├── prpcmpage.c
│ │ ├── resource.h
│ │ ├── usernotes.h
│ │ └── version.rc
│ ├── WindowExplorer/
│ │ ├── CHANGELOG.txt
│ │ ├── CMakeLists.txt
│ │ ├── WindowExplorer.rc
│ │ ├── WindowExplorer.vcxproj
│ │ ├── WindowExplorer.vcxproj.filters
│ │ ├── main.c
│ │ ├── prpsh.c
│ │ ├── prpsh.h
│ │ ├── resource.h
│ │ ├── utils.c
│ │ ├── version.rc
│ │ ├── wnddlg.c
│ │ ├── wndexp.h
│ │ ├── wndprp.c
│ │ ├── wndtree.c
│ │ └── wndtree.h
│ ├── include/
│ │ ├── commonutil.h
│ │ ├── networktoolsintf.h
│ │ └── toolstatusintf.h
│ └── readme.txt
└── tools/
├── CMakeLists.txt
├── CompileCommandsJson/
│ ├── CompileCommandsJson.cs
│ ├── CompileCommandsJson.csproj
│ ├── CompileCommandsJson.sln
│ ├── CompileCommandsJson.slnx
│ └── Properties/
│ └── PublishProfiles/
│ ├── amd64.pubxml
│ └── arm64.pubxml
├── CustomBuildTool/
│ ├── AzureClient.cs
│ ├── AzureSignTool/
│ │ ├── AuthenticodeKeyVaultSigner.cs
│ │ ├── ECDsaKeyVault.cs
│ │ ├── ECDsaKeyVaultExtensions.cs
│ │ ├── KeyVaultConfigurationDiscoverer.cs
│ │ ├── KeyVaultContext.cs
│ │ ├── LICENSE.txt
│ │ ├── MemoryCertificateStore.cs
│ │ ├── NativeMethods.cs
│ │ ├── RSAKeyVault.cs
│ │ ├── RSAKeyVaultExtensions.cs
│ │ └── TimeStampConfiguration.cs
│ ├── Build.cs
│ ├── BuildAzure.cs
│ ├── BuildConfig.cs
│ ├── BuildDevOps.cs
│ ├── BuildGithub.cs
│ ├── BuildHttpClient.cs
│ ├── BuildSourceForge.cs
│ ├── BuildToolsId.cs
│ ├── BuildVerify.cs
│ ├── BuildVirusTotal.cs
│ ├── BuildVisualStudio.cs
│ ├── CustomBuildTool.csproj
│ ├── CustomBuildTool.sln
│ ├── CustomBuildTool.slnx
│ ├── DynData.cs
│ ├── GlobalSuppressions.cs
│ ├── HeaderGen.cs
│ ├── NativeImports.txt
│ ├── NativeMethods.json
│ ├── NativeMethods.txt
│ ├── Program.cs
│ ├── Properties/
│ │ └── PublishProfiles/
│ │ ├── amd64.pubxml
│ │ └── arm64.pubxml
│ ├── Utils.cs
│ ├── Win32.cs
│ ├── Zip.cs
│ └── app.manifest
├── CustomCmdTool/
│ ├── CustomCmdTool.sln
│ ├── CustomCmdTool.slnx
│ ├── CustomCmdTool.vcxproj
│ ├── CustomCmdTool.vcxproj.filters
│ ├── app.manifest
│ └── main.c
├── CustomDebugTool/
│ └── CustomDebugTool.slnx
├── CustomSetupTool/
│ ├── CustomSetupTool.sln
│ ├── CustomSetupTool.slnx
│ ├── CustomSetupTool.vcxproj
│ ├── CustomSetupTool.vcxproj.filters
│ ├── app.manifest
│ ├── extract.c
│ ├── install.c
│ ├── main.c
│ ├── resource.h
│ ├── resource.rc
│ ├── setup.h
│ ├── startpage.c
│ ├── uninstall.c
│ ├── update.c
│ ├── util.c
│ └── version.rc
├── CustomSignTool/
│ ├── CustomSignTool.manifest
│ ├── CustomSignTool.sln
│ ├── CustomSignTool.slnx
│ ├── CustomSignTool.vcxproj
│ ├── CustomSignTool.vcxproj.filters
│ ├── main.c
│ ├── resource.h
│ └── resource.rc
├── CustomStartTool/
│ ├── CustomStartTool.sln
│ ├── CustomStartTool.slnx
│ ├── CustomStartTool.vcxproj
│ ├── CustomStartTool.vcxproj.filters
│ ├── app.manifest
│ └── main.c
├── Directory.Build.props
├── GenerateZw/
│ ├── GenerateZw.csproj
│ ├── GenerateZw.sln
│ ├── GenerateZw.slnx
│ ├── Program.cs
│ ├── Properties/
│ │ └── PublishProfiles/
│ │ └── 64Bit.pubxml
│ └── ZwGen.cs
├── fixlib/
│ ├── fixlib.c
│ ├── fixlib.sln
│ ├── fixlib.slnx
│ ├── fixlib.vcxproj
│ └── fixlib.vcxproj.filters
├── fixlib_bcd/
│ ├── lib32/
│ │ └── bcd.def
│ ├── lib64/
│ │ └── bcd.def
│ └── make_bcd_lib.cmd
├── msix/
│ ├── PackageManifest64.msix.xml
│ ├── PackageTemplate.appinstaller
│ ├── PackageTemplate.msix.xml
│ └── build.cmd
├── peview/
│ ├── CMakeLists.txt
│ ├── appmanifest.c
│ ├── attributes.c
│ ├── cfgprp.c
│ ├── chcol.c
│ ├── clrprp.c
│ ├── clrprptables.c
│ ├── clrtableimportprp.c
│ ├── clrtableimports.cpp
│ ├── colmgr.c
│ ├── colmgr.h
│ ├── debugprp.c
│ ├── delayhook.c
│ ├── disimp.c
│ ├── ehcontprp.c
│ ├── exlfdynamic.c
│ ├── exlfexports.c
│ ├── exlfimports.c
│ ├── exlfprp.c
│ ├── expprp.c
│ ├── hashprp.c
│ ├── impprp.c
│ ├── include/
│ │ ├── peview.h
│ │ └── prpsh.h
│ ├── layout.c
│ ├── ldprp.c
│ ├── libprp.c
│ ├── links.c
│ ├── main.c
│ ├── mappings.c
│ ├── metahost/
│ │ ├── CorError.h
│ │ ├── CorHdr.h
│ │ ├── cor.h
│ │ ├── gchost.h
│ │ ├── ivalidator.h
│ │ ├── ivehandler.h
│ │ ├── metahost.h
│ │ └── mscoree.h
│ ├── misc.c
│ ├── options.c
│ ├── pdb.c
│ ├── pdbprp.c
│ ├── pechpeprp.c
│ ├── pedirprp.c
│ ├── pedynrelocprp.c
│ ├── peexceptprp.c
│ ├── peheaderprp.c
│ ├── pemuiprp.c
│ ├── pepogoprp.c
│ ├── peprp.c
│ ├── peprpwnd.c
│ ├── perelocprp.c
│ ├── pesectionprp.c
│ ├── peview.manifest
│ ├── peview.rc
│ ├── peview.vcxproj
│ ├── peview.vcxproj.filters
│ ├── previewprp.c
│ ├── processes.c
│ ├── propstore.c
│ ├── prpsh.c
│ ├── resource.h
│ ├── resprp.c
│ ├── richprp.c
│ ├── searchbox.c
│ ├── secprp.c
│ ├── settings.c
│ ├── streams.c
│ ├── strings.c
│ ├── tlsprp.c
│ ├── version.rc
│ ├── versioninfoprp.c
│ └── volatileprp.c
├── tests/
│ └── phlib-test/
│ ├── main.c
│ ├── phlib-test.manifest
│ ├── phlib-test.sln
│ ├── phlib-test.slnx
│ ├── phlib-test.vcxproj
│ ├── phlib-test.vcxproj.filters
│ ├── t_avltree.c
│ ├── t_basesup.c
│ ├── t_format.c
│ ├── t_util.c
│ └── tests.h
├── thirdparty/
│ ├── CMakeLists.txt
│ ├── detours/
│ │ ├── LICENSE.txt
│ │ ├── detours.cpp
│ │ ├── detours.h
│ │ ├── disasm.cpp
│ │ ├── disolarm.cpp
│ │ ├── disolarm64.cpp
│ │ ├── disolia64.cpp
│ │ ├── disolx64.cpp
│ │ ├── disolx86.cpp
│ │ └── modules.cpp
│ ├── jsonc/
│ │ ├── COPYING
│ │ ├── ChangeLog
│ │ ├── arraylist.c
│ │ ├── arraylist.h
│ │ ├── config.h
│ │ ├── debug.c
│ │ ├── debug.h
│ │ ├── json.h
│ │ ├── json_c_version.c
│ │ ├── json_c_version.h
│ │ ├── json_config.h
│ │ ├── json_inttypes.h
│ │ ├── json_object.c
│ │ ├── json_object.h
│ │ ├── json_object_iterator.c
│ │ ├── json_object_iterator.h
│ │ ├── json_object_private.h
│ │ ├── json_pointer.c
│ │ ├── json_pointer.h
│ │ ├── json_pointer_private.h
│ │ ├── json_tokener.c
│ │ ├── json_tokener.h
│ │ ├── json_types.h
│ │ ├── json_util.c
│ │ ├── json_util.h
│ │ ├── json_visit.c
│ │ ├── json_visit.h
│ │ ├── libjson.c
│ │ ├── linkhash.c
│ │ ├── linkhash.h
│ │ ├── math_compat.h
│ │ ├── printbuf.c
│ │ ├── printbuf.h
│ │ ├── random_seed.c
│ │ ├── random_seed.h
│ │ ├── snprintf_compat.h
│ │ ├── strdup_compat.h
│ │ ├── strerror_override.c
│ │ ├── strerror_override.h
│ │ └── vasprintf_compat.h
│ ├── maxminddb/
│ │ ├── LICENSE
│ │ ├── data-pool.c
│ │ ├── data-pool.h
│ │ ├── maxminddb-compat-util.h
│ │ ├── maxminddb.c
│ │ ├── maxminddb.h
│ │ └── maxminddb_config.h
│ ├── md5/
│ │ ├── LICENSE
│ │ ├── md5.c
│ │ └── md5.h
│ ├── miniz/
│ │ ├── LICENSE
│ │ ├── miniz.c
│ │ ├── miniz.h
│ │ ├── miniz_common.h
│ │ ├── miniz_tdef.c
│ │ ├── miniz_tdef.h
│ │ ├── miniz_tinfl.c
│ │ ├── miniz_tinfl.h
│ │ ├── miniz_zip.c
│ │ └── miniz_zip.h
│ ├── mxml/
│ │ ├── LICENSE
│ │ ├── config.h
│ │ ├── mxml-attr.c
│ │ ├── mxml-file.c
│ │ ├── mxml-get.c
│ │ ├── mxml-index.c
│ │ ├── mxml-node.c
│ │ ├── mxml-options.c
│ │ ├── mxml-private.c
│ │ ├── mxml-private.h
│ │ ├── mxml-search.c
│ │ ├── mxml-set.c
│ │ └── mxml.h
│ ├── pcre/
│ │ ├── LICENCE
│ │ ├── README
│ │ ├── config.h
│ │ ├── pcre2.h
│ │ ├── pcre2_auto_possess.c
│ │ ├── pcre2_chartables.c
│ │ ├── pcre2_chkdint.c
│ │ ├── pcre2_compile.c
│ │ ├── pcre2_compile.h
│ │ ├── pcre2_compile_class.c
│ │ ├── pcre2_config.c
│ │ ├── pcre2_context.c
│ │ ├── pcre2_convert.c
│ │ ├── pcre2_dfa_match.c
│ │ ├── pcre2_dftables.c
│ │ ├── pcre2_error.c
│ │ ├── pcre2_extuni.c
│ │ ├── pcre2_find_bracket.c
│ │ ├── pcre2_fuzzsupport.c
│ │ ├── pcre2_internal.h
│ │ ├── pcre2_intmodedep.h
│ │ ├── pcre2_jit_char_inc.h
│ │ ├── pcre2_jit_compile.c
│ │ ├── pcre2_jit_match.c
│ │ ├── pcre2_jit_misc.c
│ │ ├── pcre2_jit_neon_inc.h
│ │ ├── pcre2_jit_simd_inc.h
│ │ ├── pcre2_jit_test.c
│ │ ├── pcre2_maketables.c
│ │ ├── pcre2_match.c
│ │ ├── pcre2_match_data.c
│ │ ├── pcre2_newline.c
│ │ ├── pcre2_ord2utf.c
│ │ ├── pcre2_pattern_info.c
│ │ ├── pcre2_printint.c
│ │ ├── pcre2_script_run.c
│ │ ├── pcre2_serialize.c
│ │ ├── pcre2_string_utils.c
│ │ ├── pcre2_study.c
│ │ ├── pcre2_substitute.c
│ │ ├── pcre2_substring.c
│ │ ├── pcre2_tables.c
│ │ ├── pcre2_ucd.c
│ │ ├── pcre2_ucp.h
│ │ ├── pcre2_ucptables.c
│ │ ├── pcre2_util.h
│ │ ├── pcre2_valid_utf.c
│ │ ├── pcre2_xclass.c
│ │ ├── pcre2posix.c
│ │ └── pcre2posix.h
│ ├── sha/
│ │ ├── LICENSE
│ │ ├── sha.c
│ │ └── sha.h
│ ├── sha256/
│ │ ├── LICENSE
│ │ ├── sha256.c
│ │ └── sha256.h
│ ├── ssdeep/
│ │ ├── COPYING.txt
│ │ ├── fuzzy.c
│ │ └── fuzzy.h
│ ├── thirdparty.sln
│ ├── thirdparty.slnx
│ ├── thirdparty.vcxproj
│ ├── thirdparty.vcxproj.filters
│ ├── tlsh/
│ │ ├── LICENSE
│ │ ├── tlsh.cpp
│ │ ├── tlsh.h
│ │ ├── tlsh_impl.cpp
│ │ ├── tlsh_impl.h
│ │ ├── tlsh_util.cpp
│ │ ├── tlsh_util.h
│ │ ├── tlsh_win_version.h
│ │ ├── tlsh_wrapper.cpp
│ │ └── tlsh_wrapper.h
│ ├── winsdk/
│ │ ├── cvconst.h
│ │ ├── dia2.h
│ │ └── dia3.h
│ ├── xxhash/
│ │ ├── CHANGELOG
│ │ ├── LICENSE
│ │ ├── xxhash.c
│ │ ├── xxhash.h
│ │ ├── xxhashwrapper.c
│ │ └── xxhashwrapper.h
│ └── zydis/
│ ├── LICENSE
│ ├── Zydis.c
│ └── Zydis.h
└── versioning/
├── build_version.cmd
└── version.rc
Showing preview only (692K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (9333 symbols across 365 files)
FILE: KSystemInformer/alloc.c
type KPH_LOOKASIDE_INIT (line 16) | typedef struct _KPH_LOOKASIDE_INIT
function _Return_allocatesMem_size_ (line 40) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphFree (line 64) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphInitializeNPagedLookaside (line 89) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphDeleteNPagedLookaside (line 118) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _Return_allocatesMem_size_ (line 136) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphFreeToNPagedLookaside (line 162) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _Return_allocatesMem_size_ (line 182) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function NTSTATUS (line 203) | NTSTATUS KSIAPI KphpInitializeNPagedLookasideObject(
function KSIAPI (line 231) | KSIAPI KphpDeleteNPagedLookasideObject(
function KSIAPI (line 250) | KSIAPI KphpFreeNPagedLookasideObject(
function KphCreateNPagedLookasideObject (line 268) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _Return_allocatesMem_size_ (line 309) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphFreeToNPagedLookasideObject (line 326) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _Return_allocatesMem_size_ (line 347) | _IRQL_requires_max_(APC_LEVEL)
function KphInitializePagedLookaside (line 372) | _IRQL_requires_max_(APC_LEVEL)
function KphDeletePagedLookaside (line 395) | _IRQL_requires_max_(APC_LEVEL)
function _Return_allocatesMem_size_ (line 413) | _IRQL_requires_max_(APC_LEVEL)
function KphFreeToPagedLookaside (line 439) | _IRQL_requires_max_(APC_LEVEL)
function _Return_allocatesMem_size_ (line 460) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function NTSTATUS (line 481) | NTSTATUS KSIAPI KphpInitializePagedLookasideObject(
function KSIAPI (line 509) | KSIAPI KphpDeletePagedLookasideObject(
function KSIAPI (line 528) | KSIAPI KphpFreePagedLookasideObject(
function KphCreatePagedLookasideObject (line 546) | _IRQL_requires_max_(APC_LEVEL)
function _Return_allocatesMem_size_ (line 587) | _IRQL_requires_max_(APC_LEVEL)
function KphFreeToPagedLookasideObject (line 604) | _IRQL_requires_max_(APC_LEVEL)
function KphpMakePoolTagByte (line 622) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpGenerateRandomPoolTag (line 644) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphInitializeAlloc (line 683) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/alpc.c
function NTSTATUS (line 34) | NTSTATUS KphpReferenceAlpcCommunicationPorts(
function NTSTATUS (line 184) | NTSTATUS KphpAlpcBasicInfo(
function NTSTATUS (line 257) | NTSTATUS KphpAlpcCommunicationInfo(
function NTSTATUS (line 357) | NTSTATUS KphpAlpcCopyPortName(
function NTSTATUS (line 424) | NTSTATUS KphpAlpcCommunicationNamesInfo(
function NTSTATUS (line 575) | NTSTATUS KphAlpcQueryInformation(
FILE: KSystemInformer/back_trace.c
type KPH_STACK_BACK_TRACE_OBJECT (line 16) | typedef struct _KPH_STACK_BACK_TRACE_OBJECT
function KphpTryAddSentinelFrame (line 56) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _Success_ (line 91) | _IRQL_requires_max_(DISPATCH_LEVEL)
function __except (line 187) | __except (EXCEPTION_EXECUTE_HANDLER)
function _Success_ (line 223) | _IRQL_requires_max_(DISPATCH_LEVEL)
function VOID (line 272) | VOID KphpCaptureStackBackTraceIntoObject(
function _IRQL_requires_ (line 311) | _Function_class_(KSI_KKERNEL_ROUTINE)
function _IRQL_requires_min_ (line 342) | _Function_class_(KSI_KCLEANUP_ROUTINE)
function _Return_allocatesMem_size_ (line 370) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function KSIAPI (line 387) | KSIAPI KphpStackBackTraceFree(
function NTSTATUS (line 406) | NTSTATUS KSIAPI KphpStackBackTraceInitialize(
function KSIAPI (line 444) | KSIAPI KphpStackBackTraceDelete(
function NTSTATUS (line 476) | NTSTATUS KphCaptureStackBackTraceThread(
function NTSTATUS (line 613) | NTSTATUS KphInitializeStackBackTrace(
FILE: KSystemInformer/cid_table.c
function KphCidAssignObject (line 43) | _IRQL_requires_max_(DISPATCH_LEVEL)
function PVOID (line 63) | PVOID KphCidReferenceObject(
function _When_ (line 79) | _IRQL_requires_max_(DISPATCH_LEVEL)
function NTSTATUS (line 125) | NTSTATUS KphCidTableCreate(
function KphCidTableDelete (line 147) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpCidLookupEntry (line 244) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpCidExpandTableFor (line 329) | _IRQL_requires_max_(DISPATCH_LEVEL)
function PKPH_CID_TABLE_ENTRY (line 496) | PKPH_CID_TABLE_ENTRY KphCidGetEntry(
function BOOLEAN (line 526) | BOOLEAN KphpCidEnumerateInvokeCallback(
function KphpCidEnumerate (line 576) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphCidEnumerate (line 718) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphCidRundown (line 741) | _IRQL_requires_max_(DISPATCH_LEVEL)
FILE: KSystemInformer/cid_tracking.c
type KPH_CID_APC (line 17) | typedef struct _KPH_CID_APC
function PVOID (line 57) | PVOID KphpLookupContext(
function PKPH_PROCESS_CONTEXT (line 91) | PKPH_PROCESS_CONTEXT KphGetSystemProcessContext(
function PKPH_PROCESS_CONTEXT (line 115) | PKPH_PROCESS_CONTEXT KphGetProcessContext(
function PKPH_PROCESS_CONTEXT (line 134) | PKPH_PROCESS_CONTEXT KphGetEProcessContext(
function PKPH_THREAD_CONTEXT (line 158) | PKPH_THREAD_CONTEXT KphGetThreadContext(
function KphCidMarkPopulated (line 172) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpCidWaitForPopulate (line 196) | _IRQL_requires_max_(APC_LEVEL)
function _IRQL_requires_max_ (line 224) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 256) | _Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
function _IRQL_requires_max_ (line 282) | _Function_class_(KPH_TYPE_DELETE_PROCEDURE)
function _IRQL_requires_max_ (line 305) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function _IRQL_requires_min_ (line 325) | _Function_class_(KSI_KCLEANUP_ROUTINE)
function _IRQL_requires_max_ (line 353) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 385) | _Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
function _IRQL_requires_max_ (line 660) | _Function_class_(KPH_TYPE_DELETE_PROCEDURE)
function _IRQL_requires_max_ (line 719) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function _IRQL_requires_max_ (line 740) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function KphpInitializeWSLThreadContext (line 770) | _IRQL_requires_(APC_LEVEL)
function _IRQL_requires_ (line 839) | _Function_class_(KSI_KKERNEL_ROUTINE)
function KphpInitThreadContextInOriginalEnvironment (line 901) | _IRQL_requires_max_(APC_LEVEL)
function _IRQL_requires_max_ (line 1002) | _Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
function _IRQL_requires_max_ (line 1108) | _Function_class_(KPH_TYPE_DELETE_PROCEDURE)
function _IRQL_requires_max_ (line 1139) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function NTSTATUS (line 1160) | NTSTATUS KphCidInitialize(
function KphpUnlinkProcessContextThreadContexts (line 1287) | _IRQL_requires_max_(APC_LEVEL)
function _IRQL_requires_max_ (line 1329) | _Function_class_(KPH_CID_RUNDOWN_CALLBACK)
function KphCidCleanup (line 1353) | _IRQL_requires_max_(PASSIVE_LEVEL)
function PVOID (line 1394) | PVOID KphpTrackContext(
function PVOID (line 1455) | PVOID KphpUntrackContext(
function BOOLEAN (line 1494) | BOOLEAN KSIAPI KphpCidEnumPostPopulate(
function NTSTATUS (line 1533) | NTSTATUS KphCidPopulate(
function PKPH_PROCESS_CONTEXT (line 1805) | PKPH_PROCESS_CONTEXT KphTrackProcessContext(
function PKPH_PROCESS_CONTEXT (line 1829) | PKPH_PROCESS_CONTEXT KphUntrackProcessContext(
function PKPH_THREAD_CONTEXT (line 1861) | PKPH_THREAD_CONTEXT KphTrackThreadContext(
function PKPH_THREAD_CONTEXT (line 1885) | PKPH_THREAD_CONTEXT KphUntrackThreadContext(
type KPH_ENUM_CONTEXT (line 1925) | typedef struct _KPH_ENUM_CONTEXT
function KSIAPI (line 1943) | KSIAPI KphpEnumerateContexts(
function KphEnumerateProcessContexts (line 2000) | _IRQL_requires_max_(APC_LEVEL)
function KphEnumerateThreadContexts (line 2025) | _IRQL_requires_max_(APC_LEVEL)
function KphEnumerateCidContexts (line 2050) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 2077) | NTSTATUS KphCheckProcessApcNoopRoutine(
function KphVerifyProcessAndProtectIfAppropriate (line 2177) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _Maybenull_ (line 2253) | _Maybenull_
function KphGetProcessState (line 2275) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 2406) | NTSTATUS KphQueryInformationProcessContext(
function NTSTATUS (line 2514) | NTSTATUS KphQueryInformationThreadContext(
FILE: KSystemInformer/comms.c
type KPHM_QUEUE_ITEM (line 23) | typedef struct _KPHM_QUEUE_ITEM
function KphGetConnectedClientCount (line 59) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphGetInformerClientCount (line 83) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpGetInformerClients (line 125) | KphpGetInformerClients(
function BOOLEAN (line 167) | BOOLEAN KphpAddConnectedClient(
function PKPH_CLIENT (line 202) | PKPH_CLIENT KphpRemoveConnectedClient(
function PKPHM_QUEUE_ITEM (line 246) | PKPHM_QUEUE_ITEM KphpAllocateMessageQueueItem()
function PKPH_MESSAGE (line 260) | PKPH_MESSAGE KphAllocateNPagedMessage(
function KphFreeNPagedMessage (line 274) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpCommsMessageIsRateLimited (line 293) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpCommsQueueIsRateLimited (line 354) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpCommsCopyMessageToRingBuffer (line 444) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphCommsSendNPagedMessageAsync (line 541) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphCaptureStackInMessage (line 617) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpFreeMessageQueueItem (line 660) | _IRQL_requires_max_(APC_LEVEL)
function _IRQL_requires_max_ (line 689) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 709) | _Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
function _IRQL_requires_max_ (line 736) | _Function_class_(KPH_TYPE_DELETE_PROCEDURE)
function _IRQL_requires_max_ (line 787) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function _IRQL_requires_max_ (line 805) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 825) | _Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
function _IRQL_requires_max_ (line 869) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function KphpCommsInitializeRingBuffer (line 888) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_max_ (line 979) | _Function_class_(PFLT_CONNECT_NOTIFY)
function _IRQL_requires_max_ (line 1119) | _Function_class_(PFLT_DISCONNECT_NOTIFY)
function KphpSendRequiredStateFailure (line 1151) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_max_ (line 1198) | _Function_class_(PFLT_MESSAGE_NOTIFY)
function KphpFreeCommsSecurityDescriptor (line 1397) | _IRQL_always_function_max_(PASSIVE_LEVEL)
function NTSTATUS (line 1418) | NTSTATUS KphpBuildCommsSecurityDescriptor(
function NTSTATUS (line 1454) | NTSTATUS KphGetInformerClientSettings(
function NTSTATUS (line 1528) | NTSTATUS KphSetInformerClientSettings(
function NTSTATUS (line 1607) | NTSTATUS KphGetInformerClientStats(
function BOOLEAN (line 1692) | BOOLEAN KphpGetTimeoutForMessage(
function NTSTATUS (line 1764) | NTSTATUS KphpFltSendMessage(
function KphpCommsSendMessageAsync (line 1820) | _IRQL_requires_max_(APC_LEVEL)
function KphpCommsSendMessage (line 1915) | _IRQL_requires_max_(APC_LEVEL)
function PKPHM_QUEUE_ITEM (line 2105) | PKPHM_QUEUE_ITEM KphpMessageQueueCoalesceItems(
function KphpMessageQueueProcessItems (line 2267) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_max_ (line 2317) | _Function_class_(KPH_THREAD_START_ROUTINE)
function NTSTATUS (line 2360) | NTSTATUS KphCommsStart(
function KphCommsStop (line 2535) | _IRQL_requires_max_(PASSIVE_LEVEL)
function PKPH_MESSAGE (line 2603) | PKPH_MESSAGE KphAllocateMessage(
function KphFreeMessage (line 2617) | _IRQL_requires_max_(APC_LEVEL)
function KphCommsSendMessageAsync (line 2637) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 2662) | NTSTATUS KphCommsSendMessage(
FILE: KSystemInformer/comms_handlers.c
function _IRQL_requires_max_ (line 139) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 156) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 173) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 190) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 213) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 236) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 262) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 288) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 314) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 340) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 366) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 392) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 417) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 445) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 471) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 497) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 523) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 549) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 580) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 607) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 636) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 664) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 690) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 718) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 753) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 781) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 808) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 835) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 861) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 890) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 919) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 948) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 975) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 998) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 1032) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1067) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 1099) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1127) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1155) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1181) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1202) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1223) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1264) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1305) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1328) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1355) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1378) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1404) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1430) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1456) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1481) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1506) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1532) | _Function_class_(KPHM_REQUIRED_STATE)
function _IRQL_requires_max_ (line 1561) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1590) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1616) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1642) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1668) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1694) | _Function_class_(KPHM_HANDLER)
function _IRQL_requires_max_ (line 1717) | _Function_class_(KPHM_HANDLER)
FILE: KSystemInformer/device.c
function NTSTATUS (line 28) | NTSTATUS KphOpenDevice(
function NTSTATUS (line 184) | NTSTATUS KphOpenDeviceDriver(
function KphOpenDeviceBaseDevice (line 256) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/driver.c
function NTSTATUS (line 31) | NTSTATUS KphOpenDriver(
function NTSTATUS (line 61) | NTSTATUS KphQueryInformationDriver(
FILE: KSystemInformer/dyndata.c
type KPH_DYN_INIT (line 18) | typedef struct _KPH_DYN_INIT
type KPH_DYN_ATOMIC (line 25) | typedef union _KPH_DYN_ATOMIC
type KPH_DYN_MODULE (line 31) | typedef struct _KPH_DYN_MODULE
type KPH_DYN_MODULE_CLASS (line 41) | typedef enum _KPH_DYN_MODULE_CLASS
function _Must_inspect_result_ (line 68) | _Must_inspect_result_
function _IRQL_requires_max_ (line 85) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 105) | _Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
function _IRQL_requires_max_ (line 190) | _Function_class_(KPH_TYPE_DELETE_PROCEDURE)
function _IRQL_requires_max_ (line 213) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function NTSTATUS (line 236) | NTSTATUS KphpActivateDynData(
function NTSTATUS (line 394) | NTSTATUS KphActivateDynData(
function NTSTATUS (line 486) | NTSTATUS KphIsDynDataActive(
function KphpInitializeDynModules (line 513) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphInitializeDynData (line 595) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphCleanupDynData (line 641) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/dynimp.c
function KphDynamicImport (line 38) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphGetSystemRoutineAddress (line 68) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpGetRoutineAddressByModuleList (line 93) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphGetRoutineAddress (line 166) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/file.c
function NTSTATUS (line 29) | NTSTATUS KphpCheckFileHandleForQuery(
function NTSTATUS (line 91) | NTSTATUS KphQueryInformationFile(
function NTSTATUS (line 212) | NTSTATUS KphQueryVolumeInformationFile(
function NTSTATUS (line 344) | NTSTATUS KphCreateFile(
FILE: KSystemInformer/hash.c
type KPH_HASHING_INFRASTRUCTURE (line 65) | typedef struct _KPH_HASHING_INFRASTRUCTURE
type KPH_HASHING_EACACHE_INFORMATION (line 71) | typedef struct _KPH_HASHING_EACACHE_INFORMATION
type KPH_HASHING_EACACHE_INFORMATION (line 76) | typedef const KPH_HASHING_EACACHE_INFORMATION *PCKPH_HASHING_EACACHE_INF...
type KPH_HASHING_EACACHE_CONTEXT (line 78) | typedef struct _KPH_HASHING_EACACHE_CONTEXT
type KPH_HASHING_AUTHENTICODE_CONTEXT (line 88) | typedef struct _KPH_HASHING_AUTHENTICODE_CONTEXT
type KPH_HASHING_ENTRY (line 95) | typedef struct _KPH_HASHING_ENTRY
type KPH_HASHING_CONTEXT (line 103) | typedef struct _KPH_HASHING_CONTEXT
function _Return_allocatesMem_size_ (line 140) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function NTSTATUS (line 161) | NTSTATUS KSIAPI KphpInitHashingInfra(
function KSIAPI (line 221) | KSIAPI KphpDeleteHashingInfra(
function KSIAPI (line 240) | KSIAPI KphpFreeHashingInfra(
function PKPH_HASHING_CONTEXT (line 256) | PKPH_HASHING_CONTEXT KphpAllocateHashingContext(
function KphpCloseHashingEaCacheContext (line 267) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpFreeHashingContext (line 312) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 341) | NTSTATUS KphInitializeHashing(
function KphCleanupHashing (line 375) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphReferenceHashingInfrastructure (line 391) | _IRQL_requires_max_(APC_LEVEL)
function KphDereferenceHashingInfrastructure (line 406) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 430) | NTSTATUS KphHashBuffer(
function NTSTATUS (line 553) | NTSTATUS KphpUpdateHash(
function NTSTATUS (line 665) | NTSTATUS KphpUpdateHashes(
function NTSTATUS (line 719) | NTSTATUS KphpInitializeHashingContext(
function KphpLoadHashesFromEaCache (line 822) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpInitializeEaCacheContext (line 951) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpProgressEaCacheContext (line 1119) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 1182) | NTSTATUS KphpInitializeFileHashingContext(
function KphpInitializeAuthenticodeHashing (line 1219) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 1412) | NTSTATUS KphpFinishHashes(
function KphpCopyHashes (line 1524) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 1568) | NTSTATUS KphpHashFile(
function NTSTATUS (line 1721) | NTSTATUS KphQueryHashInformationFile(
function NTSTATUS (line 1818) | NTSTATUS KphQueryHashInformationFileObject(
FILE: KSystemInformer/imgcoherency.c
function NTSTATUS (line 32) | NTSTATUS KphpCheckImageCoherency(
function NTSTATUS (line 181) | NTSTATUS KphCheckImageCoherency(
FILE: KSystemInformer/include/comms.h
type KPH_CLIENT_INFORMER_STATE (line 15) | typedef struct _KPH_CLIENT_INFORMER_STATE
type KPH_CLIENT_INFORMER_STATE_ATOMIC (line 22) | typedef union _KPH_CLIENT_INFORMER_STATE_ATOMIC
type KPH_CLIENT (line 28) | typedef struct _KPH_CLIENT
type KPHM_HANDLER (line 47) | typedef KPHM_HANDLER* PKPHM_HANDLER;
type KPHM_REQUIRED_STATE (line 68) | typedef KPHM_REQUIRED_STATE* PKPHM_REQUIRED_STATE;
type KPH_MESSAGE_HANDLER (line 79) | typedef struct _KPH_MESSAGE_HANDLER
FILE: KSystemInformer/include/informer_filep.h
function _IRQL_requires_max_ (line 15) | _Function_class_(PFLT_POST_OPERATION_CALLBACK)
FILE: KSystemInformer/include/kph.h
function FORCEINLINE (line 484) | FORCEINLINE
function _Return_allocatesMem_size_ (line 498) | _IRQL_requires_max_(DISPATCH_LEVEL)
function VOID (line 572) | VOID KphpFreeA(
function _IRQL_requires_max_ (line 599) | _IRQL_requires_max_(DISPATCH_LEVEL)
function INT (line 1102) | INT KphCompareMemory(
function BOOLEAN (line 1114) | BOOLEAN KphEqualMemory(
type INT (line 1124) | typedef
type KPH_BINARY_SEARCH_CALLBACK (line 1133) | typedef KPH_BINARY_SEARCH_CALLBACK* PKPH_BINARY_SEARCH_CALLBACK;
function _Must_inspect_result_ (line 1135) | _Must_inspect_result_
type KPH_OBJECT_HEADER (line 1580) | typedef struct _KPH_OBJECT_HEADER
type KPH_TYPE_ALLOCATE_PROCEDURE (line 1602) | typedef KPH_TYPE_ALLOCATE_PROCEDURE* PKPH_TYPE_ALLOCATE_PROCEDURE;
type _Must_inspect_result_ (line 1604) | typedef
type KPH_TYPE_INITIALIZE_PROCEDURE (line 1613) | typedef KPH_TYPE_INITIALIZE_PROCEDURE* PKPH_TYPE_INITIALIZE_PROCEDURE;
type VOID (line 1615) | typedef
type KPH_TYPE_DELETE_PROCEDURE (line 1622) | typedef KPH_TYPE_DELETE_PROCEDURE* PKPH_TYPE_DELETE_PROCEDURE;
type VOID (line 1624) | typedef
type KPH_TYPE_FREE_PROCEDURE (line 1631) | typedef KPH_TYPE_FREE_PROCEDURE* PKPH_TYPE_FREE_PROCEDURE;
type KPH_OBJECT_TYPE_INFO (line 1633) | typedef struct _KPH_OBJECT_TYPE_INFO
type KPH_OBJECT_TYPE (line 1652) | typedef struct _KPH_OBJECT_TYPE
type KPH_ATOMIC_OBJECT_REF (line 1697) | typedef struct _KPH_ATOMIC_OBJECT_REF
type KPH_CID_TABLE_ENTRY (line 1722) | typedef struct _KPH_CID_TABLE_ENTRY
type KPH_CID_TABLE (line 1727) | typedef struct _KPH_CID_TABLE
type BOOLEAN (line 1763) | typedef
type KPH_CID_ENUMERATE_CALLBACK (line 1771) | typedef KPH_CID_ENUMERATE_CALLBACK* PKPH_CID_ENUMERATE_CALLBACK;
type VOID (line 1780) | typedef
type KPH_CID_RUNDOWN_CALLBACK (line 1788) | typedef KPH_CID_RUNDOWN_CALLBACK* PKPH_CID_RUNDOWN_CALLBACK;
type KPH_SESSION_TOKEN_ATOMIC (line 1807) | typedef union _KPH_SESSION_TOKEN_ATOMIC
type KPH_INFORMER_STATE_ATOMIC (line 1813) | typedef union _KPH_INFORMER_STATE_ATOMIC
type KPH_PROCESS_CONTEXT (line 1819) | typedef struct _KPH_PROCESS_CONTEXT
type KPH_PROCESS_CONTEXT_INFORMATION_CLASS (line 1905) | typedef enum _KPH_PROCESS_CONTEXT_INFORMATION_CLASS
type KPH_THREAD_CONTEXT (line 1920) | typedef struct _KPH_THREAD_CONTEXT
type KPH_THREAD_CONTEXT_INFORMATION_CLASS (line 1973) | typedef enum _KPH_THREAD_CONTEXT_INFORMATION_CLASS
type _Must_inspect_result_ (line 2064) | typedef
type KPH_ENUM_PROCESS_CONTEXTS_CALLBACK (line 2073) | typedef KPH_ENUM_PROCESS_CONTEXTS_CALLBACK* PKPH_ENUM_PROCESS_CONTEXTS_C...
type _Must_inspect_result_ (line 2081) | typedef
type KPH_ENUM_THREAD_CONTEXTS_CALLBACK (line 2090) | typedef KPH_ENUM_THREAD_CONTEXTS_CALLBACK* PKPH_ENUM_THREAD_CONTEXTS_CAL...
type _Must_inspect_result_ (line 2098) | typedef
type KPH_ENUM_CID_CONTEXTS_CALLBACK (line 2107) | typedef KPH_ENUM_CID_CONTEXTS_CALLBACK* PKPH_ENUM_CID_CONTEXTS_CALLBACK;
function BOOLEAN (line 2140) | BOOLEAN KphTestProcessState(
function BOOLEAN (line 2150) | BOOLEAN KphTestProcessContextState(
function FORCEINLINE (line 2211) | FORCEINLINE
function KSISYSAPI (line 2319) | KSISYSAPI
type KSI_KAPC_CLEANUP_REASON (line 2337) | typedef enum _KSI_KAPC_CLEANUP_REASON
type KSI_KCLEANUP_ROUTINE (line 2356) | typedef KSI_KCLEANUP_ROUTINE *PKSI_KCLEANUP_ROUTINE;
type KSI_KKERNEL_ROUTINE (line 2371) | typedef KSI_KKERNEL_ROUTINE *PKSI_KKERNEL_ROUTINE;
type KSI_WORK_QUEUE_ROUTINE (line 2416) | typedef KSI_WORK_QUEUE_ROUTINE *PKSI_WORK_QUEUE_ROUTINE;
type KSI_WORK_QUEUE_ITEM (line 2418) | typedef struct _KSI_WORK_QUEUE_ITEM
function _Success_ (line 2547) | _IRQL_requires_max_(DISPATCH_LEVEL)
type KPH_RING_SECTION (line 2619) | typedef struct _KPH_RING_SECTION
type KPH_RING_BUFFER (line 2626) | typedef struct _KPH_RING_BUFFER
type KPH_THREAD_START_ROUTINE (line 2681) | typedef KPH_THREAD_START_ROUTINE *PKPH_THREAD_START_ROUTINE;
type KPH_RATE_BUCKET (line 2812) | typedef union _KPH_RATE_BUCKET
type KPH_RATE_LIMIT (line 2823) | typedef struct _KPH_RATE_LIMIT
FILE: KSystemInformer/include/ntfill.h
type CLIENT_ID32 (line 12) | typedef struct _CLIENT_ID32
type CLIENT_ID64 (line 18) | typedef struct _CLIENT_ID64
type STRING32 (line 24) | typedef const STRING32 *PCUNICODE_STRING32;
type EX_FAST_REF (line 28) | typedef struct _EX_FAST_REF
type _EX_PUSH_LOCK_WAIT_BLOCK (line 38) | struct _EX_PUSH_LOCK_WAIT_BLOCK
type HANDLE_TABLE_ENTRY (line 88) | typedef struct _HANDLE_TABLE_ENTRY
type HANDLE_TABLE (line 103) | typedef struct _HANDLE_TABLE HANDLE_TABLE, *PHANDLE_TABLE;
type _Must_inspect_result_ (line 105) | typedef
type EX_ENUM_HANDLE_CALLBACK (line 116) | typedef EX_ENUM_HANDLE_CALLBACK* PEX_ENUM_HANDLE_CALLBACK;
type BOOLEAN (line 154) | typedef
type IO_CHECK_FILE_OBJECT_OPENED_AS_COPY_SOURCE (line 161) | typedef IO_CHECK_FILE_OBJECT_OPENED_AS_COPY_SOURCE* PIO_CHECK_FILE_OBJEC...
type IO_CHECK_FILE_OBJECT_OPENED_AS_COPY_DESTINATION (line 169) | typedef IO_CHECK_FILE_OBJECT_OPENED_AS_COPY_DESTINATION* PIO_CHECK_FILE_...
type COPY_INFORMATION (line 171) | typedef struct _COPY_INFORMATION
type IO_GET_COPY_INFORMATION_EXTENSION (line 184) | typedef IO_GET_COPY_INFORMATION_EXTENSION* PIO_GET_COPY_INFORMATION_EXTE...
type FLT_GET_COPY_INFORMATION_FROM_CALLBACK_DATA (line 197) | typedef FLT_GET_COPY_INFORMATION_FROM_CALLBACK_DATA* PFLT_GET_COPY_INFOR...
type KAPC_ENVIRONMENT (line 201) | typedef enum _KAPC_ENVIRONMENT
type KNORMAL_ROUTINE (line 220) | typedef KNORMAL_ROUTINE *PKNORMAL_ROUTINE;
type KRUNDOWN_ROUTINE (line 231) | typedef KRUNDOWN_ROUTINE *PKRUNDOWN_ROUTINE;
type KKERNEL_ROUTINE (line 246) | typedef KKERNEL_ROUTINE *PKKERNEL_ROUTINE;
type BOOLEAN (line 279) | typedef
type KE_REMOVE_QUEUE_APC (line 286) | typedef KE_REMOVE_QUEUE_APC* PKE_REMOVE_QUEUE_APC;
function FORCEINLINE (line 303) | FORCEINLINE
type OBJECT_CREATE_INFORMATION (line 316) | typedef struct _OBJECT_CREATE_INFORMATION OBJECT_CREATE_INFORMATION, *PO...
type OBJECT_HEADER (line 318) | typedef struct _OBJECT_HEADER
type REG_SAVE_MERGED_KEY_INFORMATION (line 421) | typedef struct _REG_SAVE_MERGED_KEY_INFORMATION
type IMAGE_RESOURCE_DATA_ENTRY (line 451) | typedef struct _IMAGE_RESOURCE_DATA_ENTRY IMAGE_RESOURCE_DATA_ENTRY, *PI...
type LDR_RESOURCE_INFO (line 463) | typedef struct _LDR_RESOURCE_INFO
type VS_VERSION_INFO_STRUCT (line 485) | typedef struct _VS_VERSION_INFO_STRUCT
type VS_FIXEDFILEINFO (line 493) | typedef struct _FIXEDFILEINFO
type NON_PAGED_DEBUG_INFO (line 510) | typedef struct _NON_PAGED_DEBUG_INFO NON_PAGED_DEBUG_INFO, *PNON_PAGED_D...
type KLDR_DATA_TABLE_ENTRY (line 512) | typedef struct _KLDR_DATA_TABLE_ENTRY
type _EJOB (line 582) | struct _EJOB
type PS_PROTECTION (line 637) | typedef struct _PS_PROTECTION
type PS_PROTECTED_TYPE (line 651) | typedef enum _PS_PROTECTED_TYPE
type PS_PROTECTED_SIGNER (line 658) | typedef enum _PS_PROTECTED_SIGNER
type NTSTATUS (line 681) | typedef
type PS_SET_LOAD_IMAGE_NOTIFY_ROUTINE_EX (line 689) | typedef PS_SET_LOAD_IMAGE_NOTIFY_ROUTINE_EX* PPS_SET_LOAD_IMAGE_NOTIFY_R...
type PSCREATEPROCESSNOTIFYTYPE (line 692) | typedef enum _PSCREATEPROCESSNOTIFYTYPE
type NTSTATUS (line 699) | typedef
type PS_SET_CREATE_PROCESS_NOTIFY_ROUTINE_EX2 (line 708) | typedef PS_SET_CREATE_PROCESS_NOTIFY_ROUTINE_EX2* PPS_SET_CREATE_PROCESS...
type PROCESS_MITIGATION_POLICY_INFORMATION (line 784) | typedef struct _PROCESS_MITIGATION_POLICY_INFORMATION
type PS_GET_PROCESS_SEQUENCE_NUMBER (line 823) | typedef PS_GET_PROCESS_SEQUENCE_NUMBER* PPS_GET_PROCESS_SEQUENCE_NUMBER;
type PS_GET_PROCESS_START_KEY (line 832) | typedef PS_GET_PROCESS_START_KEY* PPS_GET_PROCESS_START_KEY;
type PROCESS_TELEMETRY_ID_INFORMATION (line 834) | typedef struct _PROCESS_TELEMETRY_ID_INFORMATION
type NTSYSCALLAPI (line 857) | typedef
type ZW_CREATE_PROCESS_EX (line 873) | typedef ZW_CREATE_PROCESS_EX* PZW_CREATE_PROCESS_EX;
type MM_PROTECT_DRIVER_SECTION (line 940) | typedef MM_PROTECT_DRIVER_SECTION* PMM_PROTECT_DRIVER_SECTION;
type MMVAD_FLAGS (line 947) | typedef struct _MMVAD_FLAGS
type MM_PRIVATE_VAD_FLAGS (line 960) | typedef struct _MM_PRIVATE_VAD_FLAGS
type MM_GRAPHICS_VAD_FLAGS (line 980) | typedef struct _MM_GRAPHICS_VAD_FLAGS
type MM_SHARED_VAD_FLAGS (line 1000) | typedef struct _MM_SHARED_VAD_FLAGS
type MMVAD_FLAGS1 (line 1015) | typedef struct _MMVAD_FLAGS1
type MMVAD_SHORT (line 1021) | typedef struct _MMVAD_SHORT
function FORCEINLINE (line 1075) | FORCEINLINE
function FORCEINLINE (line 1091) | FORCEINLINE
type MMVAD_FLAGS2 (line 1107) | typedef struct _MMVAD_FLAGS2
type MI_VAD_SEQUENTIAL_INFO (line 1118) | typedef struct _MI_VAD_SEQUENTIAL_INFO
type MMEXTEND_INFO (line 1124) | typedef struct _MMEXTEND_INFO
type MMPTE_HIGHLOW (line 1130) | typedef struct _MMPTE_HIGHLOW
type MMPTE_HARDWARE (line 1136) | typedef struct _MMPTE_HARDWARE
type MMPTE_PROTOTYPE (line 1157) | typedef struct _MMPTE_PROTOTYPE
type MMPTE_SOFTWARE (line 1171) | typedef struct _MMPTE_SOFTWARE
type MMPTE_TIMESTAMP (line 1189) | typedef struct _MMPTE_TIMESTAMP
type MMPTE_TRANSITION (line 1202) | typedef struct _MMPTE_TRANSITION
type MMPTE_SUBSECTION (line 1216) | typedef struct _MMPTE_SUBSECTION
type MMPTE_LIST (line 1230) | typedef struct _MMPTE_LIST
type MMPTE (line 1243) | typedef struct _MMPTE
type MMVAD (line 1262) | typedef struct _MMVAD
function FORCEINLINE (line 1287) | FORCEINLINE
function FORCEINLINE (line 1296) | FORCEINLINE
type ALG_ID (line 1360) | typedef unsigned int ALG_ID;
type CRYPT_INTEGER_BLOB (line 1392) | typedef struct _CRYPTOAPI_BLOB
type MINCRYPT_KNOWN_ROOT (line 1496) | typedef enum _MINCRYPT_KNOWN_ROOT
type MINCRYPT_STRING (line 1520) | typedef struct _MINCRYPT_STRING
type MINCRYPT_CHAIN_ELEMENT (line 1528) | typedef struct _MINCRYPT_CHAIN_ELEMENT
type MINCRYPT_CHAIN_INFO (line 1538) | typedef struct _MINCRYPT_CHAIN_INFO
type MINCRYPT_POLICY_INFO (line 1555) | typedef struct _MINCRYPT_POLICY_INFO
type CI_FREE_POLICY_INFO (line 1582) | typedef CI_FREE_POLICY_INFO* PCI_FREE_POLICY_INFO;
type CI_CHECK_SIGNED_FILE (line 1600) | typedef CI_CHECK_SIGNED_FILE* PCI_CHECK_SIGNED_FILE;
type CI_CHECK_SIGNED_FILE_EX (line 1620) | typedef CI_CHECK_SIGNED_FILE_EX* PCI_CHECK_SIGNED_FILE_EX;
type CI_VERIFY_HASH_IN_CATALOG (line 1640) | typedef CI_VERIFY_HASH_IN_CATALOG* PCI_VERIFY_HASH_IN_CATALOG;
type CI_VERIFY_HASH_IN_CATALOG_EX (line 1662) | typedef CI_VERIFY_HASH_IN_CATALOG_EX* PCI_VERIFY_HASH_IN_CATALOG_EX;
type NTSTATUS (line 1679) | typedef
type CI_VALIDATE_FILE_OBJECT (line 1694) | typedef CI_VALIDATE_FILE_OBJECT* PCI_VALIDATE_FILE_OBJECT;
type PVOID (line 1697) | typedef _Function_class_(CI_ALLOCATE_ROUTINE)
type CI_ALLOCATE_ROUTINE (line 1703) | typedef CI_ALLOCATE_ROUTINE* PCI_ALLOCATE_ROUTINE;
type NTSTATUS (line 1707) | typedef
type CI_GET_CERT_PUBLISHER_NAME (line 1716) | typedef CI_GET_CERT_PUBLISHER_NAME* PCI_GET_CERT_PUBLISHER_NAME;
type PORT_MESSAGE (line 1726) | typedef struct _PORT_MESSAGE
type HANDLE (line 1759) | typedef HANDLE ALPC_HANDLE, *PALPC_HANDLE;
type ALPC_PORT_ATTRIBUTES (line 1765) | typedef struct _ALPC_PORT_ATTRIBUTES
type ALPC_MESSAGE_ATTRIBUTES (line 1786) | typedef struct _ALPC_MESSAGE_ATTRIBUTES
type _Must_inspect_result_ (line 1819) | typedef
type LXP_PROCESS_GET_CURRENT (line 1827) | typedef LXP_PROCESS_GET_CURRENT* PLXP_PROCESS_GET_CURRENT;
type _Must_inspect_result_ (line 1829) | typedef
type LXP_THREAD_GET_CURRENT (line 1837) | typedef LXP_THREAD_GET_CURRENT* PLXP_THREAD_GET_CURRENT;
type CFG_CALL_TARGET_INFO (line 1882) | typedef struct _CFG_CALL_TARGET_INFO {
type CFG_CALL_TARGET_LIST_INFORMATION (line 1887) | typedef struct _CFG_CALL_TARGET_LIST_INFORMATION
type SE_REGISTER_IMAGE_VERIFICATION_CALLBACK (line 1949) | typedef SE_REGISTER_IMAGE_VERIFICATION_CALLBACK* PSE_REGISTER_IMAGE_VERI...
type SE_UNREGISTER_IMAGE_VERIFICATION_CALLBACK (line 1959) | typedef SE_UNREGISTER_IMAGE_VERIFICATION_CALLBACK* PSE_UNREGISTER_IMAGE_...
type SCHANNEL_CRED (line 2160) | typedef struct _SCHANNEL_CRED
type eTlsAlgorithmUsage (line 2183) | typedef enum _eTlsAlgorithmUsage
type CRYPTO_SETTINGS (line 2195) | typedef struct _CRYPTO_SETTINGS
type TLS_PARAMETERS (line 2205) | typedef struct _TLS_PARAMETERS
type SCH_CREDENTIALS (line 2218) | typedef struct _SCH_CREDENTIALS
type SecPkgContext_ConnectionInfo (line 2281) | typedef struct _SecPkgContext_ConnectionInfo
type SecPkgContext_ConnectionInfoEx (line 2296) | typedef struct _SecPkgContext_ConnectionInfoEx
type SecPkgContext_CipherInfo (line 2310) | typedef struct _SecPkgContext_CipherInfo
FILE: KSystemInformer/informer.c
type KPH_INFORMER_STATE (line 18) | typedef struct _KPH_INFORMER_STATE
function _IRQL_requires_max_ (line 38) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function NTSTATUS (line 72) | NTSTATUS
function _IRQL_requires_max_ (line 119) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function KphInformerProcessAllowed (line 142) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphInformerGlobalAllowed (line 185) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphInformerAllowed (line 220) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphInformerOptions (line 267) | _IRQL_requires_max_(DISPATCH_LEVEL)
function NTSTATUS (line 323) | NTSTATUS KphpInformerCopySettingsToMode(
function NTSTATUS (line 367) | NTSTATUS KphGetInformerSettings(
function NTSTATUS (line 407) | NTSTATUS KphSetInformerSettings(
function NTSTATUS (line 484) | NTSTATUS KphGetInformerProcessSettings(
type KPH_SET_INFORMER_PROCESS_SETTINGS_CONTEXT (line 566) | typedef struct _KPH_SET_INFORMER_PROCESS_SETTINGS_CONTEXT
function BOOLEAN (line 582) | BOOLEAN KSIAPI KphpSetInformerProcessSettings(
function NTSTATUS (line 630) | NTSTATUS KphSetInformerProcessSettings(
function NTSTATUS (line 743) | NTSTATUS KphGetInformerStats(
function KphCleanupInformer (line 869) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 889) | NTSTATUS KphInitializeInformer(
FILE: KSystemInformer/informer_debug.c
type KPH_DBG_PRINT_SLOT (line 19) | typedef struct _KPH_DBG_PRINT_SLOT
function _IRQL_requires_min_ (line 39) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _IRQL_requires_max_ (line 125) | _Function_class_(KDEFERRED_ROUTINE)
function KphpDebugPrintCallback (line 160) | _IRQL_always_function_min_(DISPATCH_LEVEL)
function NTSTATUS (line 222) | NTSTATUS KphDebugInformerStart(
function KphDebugInformerStop (line 295) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/informer_file.c
function _IRQL_requires_max_ (line 37) | _Function_class_(PFLT_FILTER_UNLOAD_CALLBACK)
function _IRQL_requires_max_ (line 65) | _Function_class_(PFLT_INSTANCE_QUERY_TEARDOWN_CALLBACK)
function NTSTATUS (line 179) | NTSTATUS KphFltRegister(
function KphFltUnregister (line 440) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 467) | NTSTATUS KphFltInformerStart(
FILE: KSystemInformer/informer_filenc.c
function NTSTATUS (line 42) | NTSTATUS KphpFltGetFileNameInformation(
function KphpFltNameCacheFileNameLength (line 83) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltNameCacheCopyFileName (line 108) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 137) | NTSTATUS KphpFltGetFileNameUseContext(
function NTSTATUS (line 248) | NTSTATUS KphpFltGetFileNameUseNameCache(
function NTSTATUS (line 395) | NTSTATUS KphpFltGetFileNameCopy(
function NTSTATUS (line 442) | NTSTATUS KphpFltGetVolumeName(
function NTSTATUS (line 495) | NTSTATUS KphpFltGetFileName(
function NTSTATUS (line 563) | NTSTATUS KphpFltGetDestinationFileNameInformation(
function NTSTATUS (line 669) | NTSTATUS KphpFltGetDestFileName(
function KphpFltReleaseFileName (line 698) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltReapFileNameCache (line 753) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _IRQL_requires_max_ (line 803) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 820) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function KphpFltCleanupFileNameCache (line 840) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpFltInitializeFileNameCache (line 871) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/informer_fileop.c
type KPH_FLT_OPTIONS (line 20) | typedef union _KPH_FLT_OPTIONS
type KPH_FLT_COMPLETION_CONTEXT (line 40) | typedef struct _KPH_FLT_COMPLETION_CONTEXT
function KphpFltGetOptions (line 59) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltGetMessageId (line 175) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpFltInitMessage (line 258) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltCopyFileName (line 357) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltCopyBuffer (line 439) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltCopyFsControl (line 647) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltCopyIoControl (line 809) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltFillCommonMessage (line 1026) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpFltFillPreOpMessage (line 1094) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltFillPostOpMessage (line 1279) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpFltHandleNameTunneling (line 1475) | _IRQL_requires_max_(APC_LEVEL)
function KphpFltIsNameTunnelingPossible (line 1546) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpFltPostOpHandleNameTunneling (line 1588) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphpFltFreeCompletionContext (line 1651) | _IRQL_requires_max_(DISPATCH_LEVEL)
function _IRQL_requires_max_ (line 1696) | _Function_class_(PFLT_POST_OPERATION_CALLBACK)
function NTSTATUS (line 1831) | NTSTATUS KphpFltPreOpCreateCompletionContext(
function KphpFltPreOpSend (line 1974) | _IRQL_requires_max_(APC_LEVEL)
function VOID (line 2116) | VOID KphpFltRequestHandler(
function _IRQL_requires_max_ (line 2209) | _Function_class_(PFLT_PRE_OPERATION_CALLBACK)
function KphpFltCleanupFileOp (line 2391) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpFltInitializeFileOp (line 2409) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/informer_image.c
function KphpPerformImageTracking (line 31) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_max_ (line 51) | _Function_class_(PLOAD_IMAGE_NOTIFY_ROUTINE)
function _IRQL_requires_max_ (line 164) | _Function_class_(PLOAD_IMAGE_NOTIFY_ROUTINE)
function _IRQL_requires_same_ (line 202) | _IRQL_requires_same_
function NTSTATUS (line 340) | NTSTATUS KphImageInformerStart(
function KphImageInformerStop (line 408) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/informer_object.c
type KPH_OB_OPTIONS (line 19) | typedef union _KPH_OB_OPTIONS
type KPH_OB_CALL_CONTEXT (line 31) | typedef struct _KPH_OB_CALL_CONTEXT
function KphpObGetOptions (line 58) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPreGetMessageId (line 144) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPostGetMessageId (line 200) | _IRQL_requires_max_(APC_LEVEL)
function KphpObCopyObjectName (line 257) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPreFillMessage (line 329) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPostFillMessage (line 421) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPostOpSend (line 520) | _IRQL_requires_max_(APC_LEVEL)
function _IRQL_requires_max_ (line 561) | _Function_class_(POB_POST_OPERATION_CALLBACK)
function KphpObPreOpSetCallContext (line 594) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPreOpSend (line 654) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPerformProcessTracking (line 698) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpObPerformThreadTracking (line 792) | _IRQL_requires_max_(APC_LEVEL)
function KphpObPerformProcessAndThreadTracking (line 866) | _IRQL_requires_max_(APC_LEVEL)
function _IRQL_requires_max_ (line 948) | _Function_class_(POB_PRE_OPERATION_CALLBACK)
function NTSTATUS (line 1015) | NTSTATUS KphObjectInformerStart(
function KphObjectInformerStop (line 1075) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/informer_process.c
type KPH_PROCESS_CREATE_APC (line 19) | typedef struct _KPH_PROCESS_CREATE_APC
function PKPH_PROCESS_CREATE_APC (line 39) | PKPH_PROCESS_CREATE_APC KphpAllocateProcessCreateApc(
function KphpFreeProcessCreateApc (line 63) | _IRQL_requires_max_(APC_LEVEL)
function PKPH_PROCESS_CONTEXT (line 89) | PKPH_PROCESS_CONTEXT KphpPerformProcessTracking(
function _IRQL_requires_max_ (line 196) | _Function_class_(PCREATE_PROCESS_NOTIFY_ROUTINE_EX)
function _IRQL_requires_min_ (line 391) | _Function_class_(KSI_KCLEANUP_ROUTINE)
function _IRQL_requires_ (line 427) | _Function_class_(KSI_KKERNEL_ROUTINE)
function KphpPerformProcessCreationTracking (line 470) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 628) | NTSTATUS KphProcessInformerStart(
function KphProcessInformerStop (line 699) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/informer_registry.c
type KPH_REG_OPTIONS (line 19) | typedef union _KPH_REG_OPTIONS
type KPH_REG_CALL_CONTEXT (line 35) | typedef struct _KPH_REG_CALL_CONTEXT
type KPH_REG_PRE_INFORMATION (line 45) | typedef union _KPH_REG_PRE_INFORMATION
type KPH_REG_POST_INFORMATION (line 78) | typedef union _KPH_REG_POST_INFORMATION
function KphpRegGetOptions (line 108) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegGetMessageId (line 216) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegFillCommonMessage (line 276) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyObjectInfo (line 515) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegFillObjectInfo (line 606) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 645) | NTSTATUS KphpRegMakeObjectName(
function KphpRegFillCreateKeyObjectInfo (line 756) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegFillLoadKeyObjectInfo (line 823) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyUnicodeStringWithDefault (line 887) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyUnicodeString (line 974) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyValueName (line 992) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyMultipleValueNames (line 1013) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyBuffer (line 1195) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyObjectName (line 1270) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegCopyHandleName (line 1379) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegFillPostOpMessage (line 1439) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegFillPreOpMessage (line 1798) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegPostOpSend (line 1970) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegFreeCallContext (line 2006) | _IRQL_requires_max_(APC_LEVEL)
function KphpRegPostOp (line 2028) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 2063) | NTSTATUS KphpRegPreOpSetCallContext(
function NTSTATUS (line 2343) | NTSTATUS KphRegistryInformerStart(
function KphRegistryInformerStop (line 2381) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/informer_thread.c
type KPH_THREAD_NOTIFY_TYPE (line 18) | typedef enum _KPH_THREAD_NOTIFY_TYPE
function PKPH_THREAD_CONTEXT (line 40) | PKPH_THREAD_CONTEXT KphpPerformThreadTracking(
function _IRQL_requires_max_ (line 118) | _Function_class_(PCREATE_THREAD_NOTIFY_ROUTINE)
function else (line 160) | else if (Type == KphThreadNotifyExecute)
function _IRQL_requires_max_ (line 284) | _Function_class_(PCREATE_THREAD_NOTIFY_ROUTINE)
function NTSTATUS (line 360) | NTSTATUS KphThreadInformerStart(
function KphThreadInformerStop (line 396) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/knowndll.c
type KPH_KNOWN_DLL_EXPORT (line 16) | typedef struct _KPH_KNOWN_DLL_EXPORT
type KPH_KNOWN_DLL_INFORMATION (line 22) | typedef struct _KPH_KNOWN_DLL_INFORMATION
function KphInitializeKnownDll (line 52) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/kphobject.c
function VOID (line 43) | VOID KphpObjectDelete(
function VOID (line 66) | VOID KphpObjectDeferDelete(
function VOID (line 90) | VOID KphCreateObjectType(
function _Must_inspect_result_ (line 134) | _Must_inspect_result_
function VOID (line 184) | VOID KphReferenceObject(
function VOID (line 200) | VOID KphDereferenceObject(
function VOID (line 235) | VOID KphDereferenceObjectDeferDelete(
function _Must_inspect_result_ (line 262) | _Must_inspect_result_
function FORCEINLINE (line 297) | FORCEINLINE
function FORCEINLINE (line 338) | FORCEINLINE
function FORCEINLINE (line 359) | FORCEINLINE
function FORCEINLINE (line 404) | FORCEINLINE
function _Must_inspect_result_ (line 435) | _Must_inspect_result_
function _Must_inspect_result_ (line 465) | _Must_inspect_result_
function VOID (line 503) | VOID KphAtomicAssignObjectReference(
function _Must_inspect_result_ (line 537) | _Must_inspect_result_
function _IRQL_requires_max_ (line 553) | _Function_class_(KSI_WORK_QUEUE_ROUTINE)
function KphObjectInitialize (line 583) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/kphthread.c
type KPH_THREAD_START_CONTEXT (line 16) | typedef struct _KPH_THREAD_START_CONTEXT
function VOID (line 36) | VOID KphpThreadStartRoutine(
function KphCreateSystemThread (line 102) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphCleanupThreading (line 222) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphInitializeThreading (line 238) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/ksidll.c
function KsipGetSystemRoutineAddress (line 32) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_ (line 63) | _Function_class_(KRUNDOWN_ROUTINE)
function _IRQL_requires_ (line 83) | _Function_class_(KNORMAL_ROUTINE)
function _IRQL_requires_ (line 111) | _Function_class_(KKERNEL_ROUTINE)
function VOID (line 152) | VOID KSIAPI KsiInitializeApc(
function BOOLEAN (line 179) | BOOLEAN KSIAPI KsiInsertQueueApc(
function NTSTATUS (line 202) | NTSTATUS KSIAPI KsiRemoveQueueApc(
function _IRQL_requires_max_ (line 248) | _Function_class_(WORKER_THREAD_ROUTINE)
function KSIAPI (line 269) | KSIAPI KsiInitializeWorkItem(
function KSIAPI (line 285) | KSIAPI KsiQueueWorkItem(
function _IRQL_requires_same_ (line 322) | _IRQL_requires_same_
function NTSTATUS (line 445) | NTSTATUS KSIAPI KsiInitialize(
function KSIAPI (line 463) | KSIAPI KsiUninitialize(
function NTSTATUS (line 472) | NTSTATUS DllUnload(
function NTSTATUS (line 486) | NTSTATUS DllInitialize(
FILE: KSystemInformer/lsa.c
function KphpGetLsassProcessId (line 30) | _IRQL_requires_max_(APC_LEVEL)
function KphpCacheLsassProcessId (line 157) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 205) | NTSTATUS KphProcessIsLsass(
function KphValidateLsass (line 274) | _IRQL_requires_max_(APC_LEVEL)
function KphInvalidateLsass (line 301) | _IRQL_requires_max_(PASSIVE_LEVEL)
function BOOLEAN (line 330) | BOOLEAN KphCanIdentifyLsass(
FILE: KSystemInformer/main.c
function KphpProtectSections (line 37) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphpDriverCleanup (line 79) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_ (line 110) | _Function_class_(DRIVER_UNLOAD)
function _IRQL_requires_ (line 136) | _Function_class_(DRIVER_INITIALIZE)
FILE: KSystemInformer/object.c
type KPH_ENUMERATE_PROCESS_HANDLES_CONTEXT (line 17) | typedef struct _KPH_ENUMERATE_PROCESS_HANDLES_CONTEXT
function _Must_inspect_result_ (line 32) | _Must_inspect_result_
function ULONG (line 64) | ULONG KphObpGetHandleAttributes(
function KphpGetFileObjectInformation (line 90) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 229) | NTSTATUS KphReferenceProcessHandleTable(
function _IRQL_requires_max_ (line 287) | _Releases_lock_(Process)
type KPH_ENUM_PROC_HANDLE_EX_CONTEXT (line 334) | typedef struct _KPH_ENUM_PROC_HANDLE_EX_CONTEXT
function _IRQL_requires_max_ (line 350) | _Function_class_(EX_ENUM_HANDLE_CALLBACK)
function KphEnumerateProcessHandlesEx (line 385) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_max_ (line 453) | _Function_class_(KPH_ENUM_PROCESS_HANDLES_CALLBACK)
function NTSTATUS (line 548) | NTSTATUS KphEnumerateProcessHandles(
function NTSTATUS (line 682) | NTSTATUS KphQueryNameObject(
function NTSTATUS (line 759) | NTSTATUS KphpExtractNameFileObject(
function NTSTATUS (line 940) | NTSTATUS KphQueryNameFileObject(
function NTSTATUS (line 1018) | NTSTATUS KphQueryInformationObject(
function NTSTATUS (line 2030) | NTSTATUS KphSetInformationObject(
function NTSTATUS (line 2169) | NTSTATUS KphOpenNamedObject(
function NTSTATUS (line 2220) | NTSTATUS KphDuplicateObject(
function NTSTATUS (line 2338) | NTSTATUS KphpCompareObjects(
function NTSTATUS (line 2417) | NTSTATUS KphCompareObjects(
FILE: KSystemInformer/parameters.c
type KPH_PARAMETER_TYPE (line 14) | typedef enum _KPH_PARAMETER_TYPE
type KPH_PARAMETER (line 20) | typedef struct _KPH_PARAMETER
function KphCleanupParameters (line 73) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphInitializeParameters (line 106) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/process.c
function NTSTATUS (line 33) | NTSTATUS KphOpenProcess(
function NTSTATUS (line 156) | NTSTATUS KphOpenProcessToken(
function NTSTATUS (line 266) | NTSTATUS KphOpenProcessJob(
function NTSTATUS (line 364) | NTSTATUS KphTerminateProcess(
function NTSTATUS (line 477) | NTSTATUS KphQueryInformationProcess(
function NTSTATUS (line 835) | NTSTATUS KphSetInformationProcess(
FILE: KSystemInformer/protection.c
type KPH_ENUM_FOR_PROTECTION (line 17) | typedef struct _KPH_ENUM_FOR_PROTECTION
type KPH_IMAGE_LOAD_APC (line 25) | typedef struct _KPH_IMAGE_LOAD_APC
type KPH_IMAGE_LOAD_APC_INIT (line 33) | typedef struct _KPH_IMAGE_LOAD_APC_INIT
function _Return_allocatesMem_size_ (line 58) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function NTSTATUS (line 79) | NTSTATUS KSIAPI KphpInitializeImageLoadApc(
function KSIAPI (line 114) | KSIAPI KphpDeleteImageLoadApc(
function KSIAPI (line 140) | KSIAPI KphpFreeImageLoadApc(
function NTSTATUS (line 162) | NTSTATUS KphpShouldAllowObjectAccess(
function _IRQL_requires_max_ (line 388) | _Function_class_(KPH_ENUM_PROCESS_HANDLES_CALLBACK)
function _IRQL_requires_max_ (line 506) | _Function_class_(KPH_ENUM_PROCESS_CONTEXTS_CALLBACK)
function KphStopProtectingProcess (line 583) | _IRQL_requires_max_(APC_LEVEL)
function KphIsProtectedProcess (line 610) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 639) | NTSTATUS KphStartProtectingProcess(
function KphpShouldPermitCreatorProcess (line 735) | _IRQL_requires_max_(APC_LEVEL)
function KphApplyObProtections (line 769) | _IRQL_requires_max_(APC_LEVEL)
function _IRQL_requires_min_ (line 1006) | _Function_class_(KSI_KCLEANUP_ROUTINE)
function _IRQL_requires_ (line 1033) | _Function_class_(KNORMAL_ROUTINE)
function _IRQL_requires_ (line 1103) | _Function_class_(KSI_KKERNEL_ROUTINE)
function _IRQL_requires_ (line 1137) | _Function_class_(KSI_KKERNEL_ROUTINE)
function KphpHandleUntrustedImageLoad (line 1246) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 1427) | NTSTATUS KphpReOpenImageFile(
function KphpApplyImageProtections (line 1615) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_ (line 1830) | _Function_class_(KNORMAL_ROUTINE)
function _IRQL_requires_ (line 1864) | _Function_class_(KSI_KKERNEL_ROUTINE)
function KphpApplyImageProtectionsApcsDisabled (line 1895) | _IRQL_requires_max_(PASSIVE_LEVEL)
function KphApplyImageProtections (line 1984) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 2050) | NTSTATUS KphAcquireDriverUnloadProtection(
function NTSTATUS (line 2119) | NTSTATUS KphReleaseDriverUnloadProtection(
function KphGetDriverUnloadProtectionCount (line 2186) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 2214) | NTSTATUS KphpStripProtectedProcessMasks(
function NTSTATUS (line 2305) | NTSTATUS KphStripProtectedProcessMasks(
function KphInitializeProtection (line 2370) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/ratelmt.c
function KphInitializeRateLimit (line 33) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphRateLimitConsumeToken (line 60) | _IRQL_requires_max_(DISPATCH_LEVEL)
FILE: KSystemInformer/ringbuff.c
function KphReserveRingBuffer (line 36) | _Return_allocatesMem_size_(Length)
function VOID (line 183) | VOID KphpSubmitRingBuffer(
function VOID (line 216) | VOID KphCommitRingBuffer(
function VOID (line 234) | VOID KphDiscardRingBuffer(
function NTSTATUS (line 264) | NTSTATUS KphpCreateRingBufferSection(
function KphpDeleteRingBufferSection (line 397) | _IRQL_requires_max_(PASSIVE_LEVEL)
function _IRQL_requires_max_ (line 423) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 440) | _Function_class_(KPH_TYPE_DELETE_PROCEDURE)
function _IRQL_requires_max_ (line 468) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function NTSTATUS (line 499) | NTSTATUS KphCreateRingBuffer(
function KphInitializeRingBuffer (line 724) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/session_token.c
type KPH_SESSION_TOKEN_INIT (line 16) | typedef struct _KPH_SESSION_TOKEN_INIT
function _IRQL_requires_max_ (line 39) | _Function_class_(KPH_TYPE_ALLOCATE_PROCEDURE)
function _IRQL_requires_max_ (line 61) | _Function_class_(KPH_TYPE_FREE_PROCEDURE)
function _IRQL_requires_max_ (line 80) | _Function_class_(KPH_TYPE_INITIALIZE_PROCEDURE)
function NTSTATUS (line 166) | NTSTATUS KphRequestSessionAccessToken(
function NTSTATUS (line 258) | NTSTATUS KphpVerifySessionToken(
function NTSTATUS (line 370) | NTSTATUS KphpAssignProcessSessionToken(
function NTSTATUS (line 453) | NTSTATUS KphAssignProcessSessionToken(
function NTSTATUS (line 531) | NTSTATUS KphpAssignThreadSessionToken(
function NTSTATUS (line 616) | NTSTATUS KphAssignThreadSessionToken(
function BOOLEAN (line 692) | BOOLEAN KphpSessionTokenPrivilegeCheck(
function BOOLEAN (line 772) | BOOLEAN KphpThreadSessionTokenPrivilegeCheck(
function BOOLEAN (line 805) | BOOLEAN KphpProcessSessionTokenPrivilegeCheck(
function BOOLEAN (line 838) | BOOLEAN KphSessionTokenPrivilegeCheck(
function KphInitializeSessionToken (line 862) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/system.c
function NTSTATUS (line 30) | NTSTATUS KphSystemControl(
FILE: KSystemInformer/thread.c
function NTSTATUS (line 33) | NTSTATUS KphOpenThread(
function NTSTATUS (line 150) | NTSTATUS KphOpenThreadProcess(
function NTSTATUS (line 244) | NTSTATUS KphCaptureStackBackTraceThreadByHandle(
function NTSTATUS (line 409) | NTSTATUS KphSetInformationThread(
function NTSTATUS (line 629) | NTSTATUS KphQueryInformationThread(
FILE: KSystemInformer/umaccess.c
function NTSTATUS (line 29) | NTSTATUS KphCaptureUnicodeString(
function KphReleaseUnicodeString (line 97) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 118) | NTSTATUS KphZeroModeMemory(
function __except (line 162) | __except (UmaExceptionFilter(AccessMode))
function NTSTATUS (line 182) | NTSTATUS KphCopyFromMode(
function KphWriteUCharToMode (line 212) | _IRQL_requires_max_(APC_LEVEL)
function KphWriteULongToMode (line 242) | _IRQL_requires_max_(APC_LEVEL)
function KphWriteULong64ToMode (line 272) | _IRQL_requires_max_(APC_LEVEL)
function KphWriteLong64ToMode (line 302) | _IRQL_requires_max_(APC_LEVEL)
function KphWriteSizeTToMode (line 332) | _IRQL_requires_max_(APC_LEVEL)
function KphWritePointerToMode (line 362) | _IRQL_requires_max_(APC_LEVEL)
function KphWriteHandleToMode (line 395) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 521) | NTSTATUS KphReadLargeIntegerFromMode(
FILE: KSystemInformer/util.c
function _Must_inspect_result_ (line 30) | _Must_inspect_result_
function _Must_inspect_result_ (line 80) | _Must_inspect_result_
function KPH_SEARCH_MEMORY_SIZED (line 128) | KPH_SEARCH_MEMORY_SIZED(UCHAR)
function BOOLEAN (line 159) | BOOLEAN KphAcquireRundown(
function KphReleaseRundown (line 173) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphGetProcessSequenceNumber (line 190) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphGetProcessStartKey (line 230) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphGetCurrentThreadSubProcessTag (line 275) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphGetThreadSubProcessTagEx (line 347) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphGetThreadSubProcessTag (line 422) | _IRQL_requires_max_(DISPATCH_LEVEL)
function KphInitializeRundown (line 437) | _IRQL_requires_max_(APC_LEVEL)
function KphWaitForRundown (line 453) | _IRQL_requires_max_(APC_LEVEL)
function KphInitializeRWLock (line 468) | _IRQL_requires_max_(APC_LEVEL)
function KphDeleteRWLock (line 483) | _IRQL_requires_max_(APC_LEVEL)
function _Acquires_lock_ (line 498) | _IRQL_requires_max_(APC_LEVEL)
function _Releases_lock_ (line 530) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 600) | NTSTATUS KphAcquireReference(
function NTSTATUS (line 656) | NTSTATUS KphReleaseReference(
function NTSTATUS (line 708) | NTSTATUS KphValidateAddressForSystemModules(
function NTSTATUS (line 781) | NTSTATUS KphQueryRegistryString(
function KphFreeRegistryString (line 904) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 927) | NTSTATUS KphQueryRegistryBinary(
function KphFreeRegistryBinary (line 1014) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 1036) | NTSTATUS KphQueryRegistryULong(
function NTSTATUS (line 1099) | NTSTATUS KphMapViewInSystem(
function KphUnmapViewInSystem (line 1231) | _IRQL_always_function_max_(PASSIVE_LEVEL)
function NTSTATUS (line 1252) | NTSTATUS KphGetNameFileObject(
function KphFreeNameFileObject (line 1330) | _IRQL_requires_max_(APC_LEVEL)
function KphSinglePrivilegeCheckEx (line 1350) | _IRQL_requires_max_(APC_LEVEL)
function KphSinglePrivilegeCheck (line 1379) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 1411) | NTSTATUS KphpGetKernelFileName(
function NTSTATUS (line 1459) | NTSTATUS KphGetKernelVersion(
function NTSTATUS (line 1506) | NTSTATUS KphpParseFileVersion(
function NTSTATUS (line 1678) | NTSTATUS KphGetFileVersion(
function NTSTATUS (line 1819) | NTSTATUS KphpSetCfgCallTargetInformation(
function NTSTATUS (line 1868) | NTSTATUS KphGuardGrantSuppressedCallAccess(
function NTSTATUS (line 1894) | NTSTATUS KphDisableXfgOnTarget(
function NTSTATUS (line 1926) | NTSTATUS KphGetFileNameFinalComponent(
function NTSTATUS (line 1961) | NTSTATUS KphGetProcessImageName(
function KphFreeProcessImageName (line 2000) | _IRQL_requires_max_(APC_LEVEL)
function NTSTATUS (line 2021) | NTSTATUS KphOpenParametersKey(
function NTSTATUS (line 2091) | NTSTATUS KphDominationCheck(
function NTSTATUS (line 2161) | NTSTATUS KphDominationAndPrivilegeCheck(
function NTSTATUS (line 2208) | NTSTATUS KphGetSigningLevel(
function NTSTATUS (line 2354) | NTSTATUS KphImageNtHeader(
FILE: KSystemInformer/verify.c
type KPH_KEY_TYPE (line 28) | typedef enum _KPH_KEY_TYPE
type KPH_KEY (line 34) | typedef struct _KPH_KEY
type KPH_KEY (line 39) | typedef const KPH_KEY* PCKPH_KEY;
function NTSTATUS (line 224) | NTSTATUS KphpVerifyHash(
function KphVerifyCloseKey (line 271) | _IRQL_requires_max_(PASSIVE_LEVEL)
function NTSTATUS (line 292) | NTSTATUS KphVerifyCreateKey(
function NTSTATUS (line 331) | NTSTATUS KphVerifyBufferEx(
function NTSTATUS (line 384) | NTSTATUS KphVerifyBuffer(
function NTSTATUS (line 415) | NTSTATUS KphVerifyFileObject(
function NTSTATUS (line 650) | NTSTATUS KphVerifyFile(
function NTSTATUS (line 770) | NTSTATUS KphInitializeVerify(
function KphCleanupVerify (line 815) | _IRQL_requires_max_(PASSIVE_LEVEL)
FILE: KSystemInformer/vm.c
function NTSTATUS (line 30) | NTSTATUS KphpQuerySectionMappings(
function NTSTATUS (line 199) | NTSTATUS KphReadVirtualMemory(
function NTSTATUS (line 384) | NTSTATUS KphQuerySection(
function NTSTATUS (line 508) | NTSTATUS KphQueryVirtualMemory(
FILE: SystemInformer/about.c
function INT_PTR (line 31) | static INT_PTR CALLBACK PhpAboutDlgProc(
function VOID (line 132) | VOID PhShowAboutDialog(
function FORCEINLINE (line 155) | FORCEINLINE ULONG PhpGetObjectTypeObjectCount(
function PPH_STRING (line 167) | PPH_STRING PhGetDiagnosticsString(
function PPH_STRING (line 246) | PPH_STRING PhGetApplicationVersionString(
FILE: SystemInformer/actions.c
function HRESULT (line 61) | HRESULT CALLBACK PhpElevateActionCallbackProc(
function PhpShowElevatePrompt (line 88) | _Success_(return)
function PhpElevationLevelAndConnectToPhSvc (line 151) | _Success_(return)
function BOOLEAN (line 205) | BOOLEAN PhpShowErrorAndConnectToPhSvc(
function BOOLEAN (line 265) | BOOLEAN PhUiConnectToPhSvc(
function VOID (line 280) | VOID PhpGetPhSvcPortName(
function BOOLEAN (line 309) | BOOLEAN PhpStartPhSvcProcess(
function BOOLEAN (line 409) | BOOLEAN PhUiConnectToPhSvcEx(
function VOID (line 503) | VOID PhUiDisconnectFromPhSvc(
function BOOLEAN (line 523) | BOOLEAN PhUiLockComputer(
function BOOLEAN (line 541) | BOOLEAN PhUiLogoffComputer(
function BOOLEAN (line 559) | BOOLEAN PhUiSleepComputer(
function BOOLEAN (line 584) | BOOLEAN PhUiHibernateComputer(
function BOOLEAN (line 611) | BOOLEAN PhUiRestartComputer(
function BOOLEAN (line 867) | BOOLEAN PhUiShutdownComputer(
function PVOID (line 1000) | PVOID PhUiCreateComputerBootDeviceMenu(
function PVOID (line 1051) | PVOID PhUiCreateComputerFirmwareDeviceMenu(
function VOID (line 1100) | VOID PhUiHandleComputerBootApplicationMenu(
function VOID (line 1158) | VOID PhUiHandleComputerFirmwareApplicationMenu(
type PHP_USERSMENU_ENTRY (line 1204) | typedef struct _PHP_USERSMENU_ENTRY
function PhpUsersMainMenuNameCompare (line 1218) | static int __cdecl PhpUsersMainMenuNameCompare(
function VOID (line 1235) | VOID PhUiCreateSessionMenu(
function BOOLEAN (line 1354) | BOOLEAN PhUiConnectSession(
function BOOLEAN (line 1416) | BOOLEAN PhUiDisconnectSession(
function BOOLEAN (line 1436) | BOOLEAN PhUiLogoffSession(
function BOOLEAN (line 1463) | BOOLEAN PhIsDangerousProcess(
type PH_IS_SYSTEM_PROCESS_CONTEXT (line 1515) | typedef struct _PH_IS_SYSTEM_PROCESS_CONTEXT
function NTAPI (line 1522) | NTAPI PhIsSystemProcessCallback(
function BOOLEAN (line 1550) | BOOLEAN PhIsTerminalServerSystemProcess(
function BOOLEAN (line 1616) | static BOOLEAN PhpShowContinueMessageProcesses(
function BOOLEAN (line 1766) | static BOOLEAN PhpShowErrorProcess(
function BOOLEAN (line 1803) | BOOLEAN PhUiTerminateProcesses(
function BOOLEAN (line 1894) | BOOLEAN PhpUiTerminateTreeProcess(
function BOOLEAN (line 1979) | BOOLEAN PhUiTerminateTreeProcess(
function BOOLEAN (line 2019) | BOOLEAN PhUiSuspendProcesses(
function BOOLEAN (line 2096) | BOOLEAN PhpUiSuspendTreeProcess(
function BOOLEAN (line 2177) | BOOLEAN PhUiSuspendTreeProcess(
function BOOLEAN (line 2216) | BOOLEAN PhUiResumeProcesses(
function BOOLEAN (line 2293) | BOOLEAN PhpUiResumeTreeProcess(
function BOOLEAN (line 2374) | BOOLEAN PhUiResumeTreeProcess(
function BOOLEAN (line 2413) | BOOLEAN PhUiFreezeTreeProcess(
function BOOLEAN (line 2462) | BOOLEAN PhUiThawTreeProcess(
function BOOLEAN (line 2492) | BOOLEAN PhUiRestartProcess(
function PPH_STRING (line 2853) | static PPH_STRING PhFindDebuggerPath(
function BOOLEAN (line 2976) | BOOLEAN PhUiDebugProcess(
function BOOLEAN (line 3212) | BOOLEAN PhUiReduceWorkingSetProcesses(
function BOOLEAN (line 3267) | BOOLEAN PhUiSetEmptyWorkingSetProcesses(
function BOOLEAN (line 3312) | BOOLEAN PhUiSetActivityModeration(
function BOOLEAN (line 3434) | BOOLEAN PhUiSetVirtualizationProcess(
function BOOLEAN (line 3499) | BOOLEAN PhUiSetCriticalProcess(
function BOOLEAN (line 3564) | BOOLEAN PhUiSetEcoModeProcess(
function BOOLEAN (line 3656) | BOOLEAN PhUiSetExecutionRequiredProcess(
function BOOLEAN (line 3702) | BOOLEAN PhUiDetachFromDebuggerProcess(
function BOOLEAN (line 3759) | BOOLEAN PhUiLoadDllProcess(
function BOOLEAN (line 3839) | BOOLEAN PhUiSetIoPriorityProcesses(
function BOOLEAN (line 3925) | BOOLEAN PhUiSetPagePriorityProcess(
function BOOLEAN (line 3971) | BOOLEAN PhUiSetPriorityClassProcesses(
function BOOLEAN (line 4059) | BOOLEAN PhUiSetBoostPriorityProcesses(
function BOOLEAN (line 4104) | BOOLEAN PhUiSetBoostPriorityProcess(
type PH_UI_SERVICE_PROGRESS_DIALOG (line 4133) | typedef struct _PH_UI_SERVICE_PROGRESS_DIALOG
type PH_UI_SERVICE_ITEM (line 4162) | typedef struct _PH_UI_SERVICE_ITEM
function VOID (line 4176) | VOID PhpShowServiceProgressInitializeText(
function HRESULT (line 4200) | HRESULT CALLBACK PhpUiServiceErrorDialogCallbackProc(
function VOID (line 4236) | VOID PhUiNavigateServiceErrorDialogPage(
function VOID (line 4280) | VOID PhUiNavigateServiceCompleteDialogPage(
function VOID (line 4287) | VOID PhUiNavigateServiceErrorDialogPageFromThread(
function PhpUiServicePendingStartCallback (line 4294) | _Function_class_(USER_THREAD_START_ROUTINE)
function HRESULT (line 4461) | HRESULT CALLBACK PhpUiServiceProgressDialogCallbackProc(
function VOID (line 4497) | VOID PhShowServiceProgressDialogStatusPage(
function HRESULT (line 4523) | HRESULT CALLBACK PhpUiServiceConfirmDialogCallbackProc(
function VOID (line 4551) | VOID PhShowServiceProgressDialogConfirmMessage(
function LRESULT (line 4587) | static LRESULT CALLBACK PhpUiServiceProgressDialogWndProc(
function HRESULT (line 4648) | HRESULT CALLBACK PhpUiServiceInitializeDialogCallbackProc(
function PhShowServiceProgressDialogThread (line 4694) | _Function_class_(USER_THREAD_START_ROUTINE)
function PhServiceProgressContextDeleteProcedure (line 4720) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PPH_UI_SERVICE_PROGRESS_DIALOG (line 4732) | PPH_UI_SERVICE_PROGRESS_DIALOG PhCreateServiceProgressContext(
function VOID (line 4752) | VOID PhShowServiceProgressDialog(
function BOOLEAN (line 4783) | static BOOLEAN PhpShowContinueMessageServices(
function BOOLEAN (line 4822) | static BOOLEAN PhpShowErrorService(
function PhUiServiceStartCallback (line 4842) | _Function_class_(USER_THREAD_START_ROUTINE)
function BOOLEAN (line 4866) | BOOLEAN PhUiStartServices(
function BOOLEAN (line 4992) | BOOLEAN PhUiStartService(
function PhUiServiceContinueCallback (line 5048) | _Function_class_(USER_THREAD_START_ROUTINE)
function BOOLEAN (line 5072) | BOOLEAN PhUiContinueServices(
function BOOLEAN (line 5200) | BOOLEAN PhUiContinueService(
function PhUiServicePauseCallback (line 5256) | _Function_class_(USER_THREAD_START_ROUTINE)
function BOOLEAN (line 5280) | BOOLEAN PhUiPauseServices(
function BOOLEAN (line 5408) | BOOLEAN PhUiPauseService(
function PhUiServiceStopCallback (line 5464) | _Function_class_(USER_THREAD_START_ROUTINE)
function BOOLEAN (line 5488) | BOOLEAN PhUiStopServices(
function BOOLEAN (line 5616) | BOOLEAN PhUiStopService(
function BOOLEAN (line 5669) | BOOLEAN PhUiDeleteService(
function PhUiServiceRestartCallback (line 5733) | _Function_class_(USER_THREAD_START_ROUTINE)
function BOOLEAN (line 5780) | BOOLEAN PhUiRestartServices(
function BOOLEAN (line 5904) | BOOLEAN PhUiCloseConnections(
function BOOLEAN (line 6000) | static BOOLEAN PhpShowContinueMessageThreads(
function BOOLEAN (line 6042) | static BOOLEAN PhpShowErrorThread(
function BOOLEAN (line 6062) | BOOLEAN PhUiTerminateThreads(
function BOOLEAN (line 6143) | BOOLEAN PhUiSuspendThreads(
function BOOLEAN (line 6210) | BOOLEAN PhUiResumeThreads(
function BOOLEAN (line 6277) | BOOLEAN PhUiSetBoostPriorityThreads(
function BOOLEAN (line 6316) | BOOLEAN PhUiSetBoostPriorityThread(
function BOOLEAN (line 6344) | BOOLEAN PhUiSetPriorityThreads(
function BOOLEAN (line 6389) | BOOLEAN PhUiSetPriorityThread(
function BOOLEAN (line 6417) | BOOLEAN PhUiSetIoPriorityThread(
function BOOLEAN (line 6472) | BOOLEAN PhUiSetPagePriorityThread(
function BOOLEAN (line 6501) | BOOLEAN PhUiUnloadModule(
function BOOLEAN (line 6711) | BOOLEAN PhUiFreeMemory(
function BOOLEAN (line 6824) | BOOLEAN PhUiEmptyProcessMemoryWorkingSet(
function BOOLEAN (line 6857) | static BOOLEAN PhpShowErrorHandle(
function BOOLEAN (line 6901) | BOOLEAN PhUiCloseHandles(
function BOOLEAN (line 7041) | BOOLEAN PhUiSetAttributesHandle(
function BOOLEAN (line 7099) | BOOLEAN PhUiFlushHeapProcesses(
FILE: SystemInformer/admintask.c
function HRESULT (line 25) | HRESULT PhCreateAdminTask(
function HRESULT (line 279) | HRESULT PhDeleteAdminTask(
function HRESULT (line 343) | HRESULT PhRunAsAdminTask(
function NTSTATUS (line 448) | NTSTATUS PhRunAsAdminTaskUIAccess(
FILE: SystemInformer/affinity.c
type PH_AFFINITY_DIALOG_CONTEXT (line 23) | typedef struct _PH_AFFINITY_DIALOG_CONTEXT
function VOID (line 50) | VOID PhShowProcessAffinityDialog(
function PhShowProcessAffinityDialog2 (line 73) | _Success_(return)
function VOID (line 104) | VOID PhShowThreadAffinityDialog(
function BOOLEAN (line 147) | static BOOLEAN PhpShowProcessErrorAffinity(
function BOOLEAN (line 165) | static BOOLEAN PhpShowThreadErrorAffinity(
function VOID (line 183) | VOID PhpShowThreadErrorAffinityList(
function BOOLEAN (line 216) | BOOLEAN PhpCheckThreadsHaveSameAffinity(
function INT_PTR (line 253) | INT_PTR CALLBACK PhpProcessAffinityDlgProc(
function NTSTATUS (line 765) | NTSTATUS PhSetProcessItemAffinityMask(
function NTSTATUS (line 789) | NTSTATUS PhSetProcessItemPagePriority(
function NTSTATUS (line 813) | NTSTATUS PhSetProcessItemIoPriority(
function NTSTATUS (line 837) | NTSTATUS PhSetProcessItemPriority(
function NTSTATUS (line 861) | NTSTATUS PhSetProcessItemPriorityBoost(
function NTSTATUS (line 885) | NTSTATUS PhSetProcessItemThrottlingState(
FILE: SystemInformer/anawait.c
type ANALYZE_WAIT_CONTEXT (line 32) | typedef struct _ANALYZE_WAIT_CONTEXT
function VOID (line 94) | VOID PhUiAnalyzeWaitThread(
function VOID (line 175) | VOID PhpAnalyzeWaitPassive(
function NTAPI (line 327) | NTAPI PhpWalkThreadStackAnalyzeCallback(
function VOID (line 709) | VOID PhpAnalyzeWaitFallbacks(
function BOOLEAN (line 743) | static BOOLEAN PhpWaitUntilThreadIsWaiting(
function PhpGetThreadLastSystemCallNumber (line 795) | _Success_(return)
function PhpWfsoThreadStart (line 812) | _Function_class_(USER_THREAD_START_ROUTINE)
function PhpWfmoThreadStart (line 828) | _Function_class_(USER_THREAD_START_ROUTINE)
function PhpRfThreadStart (line 844) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 860) | VOID PhpInitializeServiceNumbers(
function PPH_STRING (line 946) | PPH_STRING PhpaGetHandleString(
function VOID (line 990) | VOID PhpGetWfmoInformation(
function PPH_STRING (line 1071) | PPH_STRING PhpaGetSendMessageReceiver(
function PPH_STRING (line 1097) | PPH_STRING PhpaGetAlpcInformation(
FILE: SystemInformer/appsup.c
function BOOLEAN (line 35) | BOOLEAN PhGetProcessIsSuspended(
function BOOLEAN (line 53) | BOOLEAN PhIsProcessSuspended(
function BOOLEAN (line 74) | BOOLEAN PhIsProcessBackground(
function PCPH_STRINGREF (line 101) | PCPH_STRINGREF PhGetProcessPriorityClassString(
function PPH_STRING (line 164) | PPH_STRING PhGetProcessProtectionString(
function NTSTATUS (line 515) | NTSTATUS PhGetProcessKnownType(
function PH_KNOWN_PROCESS_TYPE (line 554) | PH_KNOWN_PROCESS_TYPE PhGetProcessKnownTypeEx(
function NTAPI (line 673) | NTAPI PhpSvchostCommandLineCallback(
function PhaGetProcessKnownCommandLine (line 689) | _Success_(return)
function PPH_STRING (line 893) | PPH_STRING PhEscapeStringForDelimiter(
function PPH_STRING (line 924) | PPH_STRING PhUnescapeStringForDelimiter(
function VOID (line 960) | VOID PhSearchOnlineString(
function VOID (line 968) | VOID PhShellExecuteUserString(
function VOID (line 1161) | VOID PhLoadSymbolProviderOptions(
function VOID (line 1192) | VOID PhCopyListViewInfoTip(
function VOID (line 1226) | VOID PhCopyListView(
function VOID (line 1237) | VOID PhHandleListViewNotifyForCopy(
function VOID (line 1245) | VOID PhHandleListViewNotifyBehaviors(
function BOOLEAN (line 1278) | BOOLEAN PhGetListViewContextMenuPoint(
function VOID (line 1322) | VOID PhSetWindowOpacity(
function PPH_STRING (line 1349) | PPH_STRING PhGetPhVersion(
function VOID (line 1366) | VOID PhGetPhVersionNumbers(
function PPH_STRING (line 1383) | PPH_STRING PhGetPhVersionHash(
function PH_RELEASE_CHANNEL (line 1390) | PH_RELEASE_CHANNEL PhGetPhReleaseChannel(
function PCWSTR (line 1397) | PCWSTR PhGetPhReleaseChannelString(
function VOID (line 1416) | VOID PhWritePhTextHeader(
function NTSTATUS (line 1452) | NTSTATUS PhShellProcessHacker(
function VOID (line 1474) | VOID PhpAppendCommandLineArgument(
function NTSTATUS (line 1491) | NTSTATUS PhShellProcessHackerEx(
function BOOLEAN (line 1627) | BOOLEAN PhCreateProcessIgnoreIfeoDebugger(
function VOID (line 1694) | VOID PhInitializeTreeNewColumnMenu(
function VOID (line 1701) | VOID PhInitializeTreeNewColumnMenuEx(
function VOID (line 1773) | VOID PhpEnsureValidSortColumnTreeNew(
function BOOLEAN (line 1838) | BOOLEAN PhHandleTreeNewColumnMenu(
function VOID (line 1904) | VOID PhDeleteTreeNewColumnMenu(
function VOID (line 1915) | VOID PhInitializeTreeNewFilterSupport(
function VOID (line 1926) | VOID PhDeleteTreeNewFilterSupport(
function PPH_TN_FILTER_ENTRY (line 1937) | PPH_TN_FILTER_ENTRY PhAddTreeNewFilter(
function VOID (line 1957) | VOID PhRemoveTreeNewFilter(
function BOOLEAN (line 1976) | BOOLEAN PhApplyTreeNewFiltersToNode(
function VOID (line 2005) | VOID PhApplyTreeNewFilters(
function NTAPI (line 2031) | NTAPI PhpCopyCellEMenuItemDeleteFunction(
function BOOLEAN (line 2042) | BOOLEAN PhInsertCopyCellEMenuItem(
function BOOLEAN (line 2090) | BOOLEAN PhHandleCopyCellEMenuItem(
function NTAPI (line 2142) | NTAPI PhpCopyListViewEMenuItemDeleteFunction(
function BOOLEAN (line 2153) | BOOLEAN PhInsertCopyListViewEMenuItem(
function BOOLEAN (line 2222) | BOOLEAN PhHandleCopyListViewEMenuItem(
function BOOLEAN (line 2268) | BOOLEAN PhpSelectFavoriteInRegedit(
function VOID (line 2362) | VOID PhShellOpenKey(
function NTSTATUS (line 2441) | NTSTATUS PhRegeditOpenUserFavoritesKey(
function BOOLEAN (line 2555) | BOOLEAN PhShellOpenKey2(
function PPH_STRING (line 2608) | PPH_STRING PhPcre2GetErrorMessage(
function HBITMAP (line 2640) | HBITMAP PhGetShieldBitmap(
function HICON (line 2683) | HICON PhGetApplicationIcon(
function HICON (line 2718) | HICON PhGetApplicationIconEx(
function VOID (line 2728) | VOID PhSetWindowIcon(
function VOID (line 2756) | VOID PhDestroyWindowIcon(
function VOID (line 2773) | VOID PhSetApplicationWindowIcon(
function VOID (line 2785) | VOID PhSetApplicationWindowIconEx(
function VOID (line 2798) | VOID PhSetStaticWindowIcon(
function VOID (line 2815) | VOID PhDeleteStaticWindowIcon(
function BOOLEAN (line 2827) | BOOLEAN PhWordMatchStringRef(
FILE: SystemInformer/chcol.c
type COLUMNS_DIALOG_CONTEXT (line 16) | typedef struct _COLUMNS_DIALOG_CONTEXT
function VOID (line 47) | VOID PhShowChooseColumnsDialog(
function PhpColumnsCompareDisplayIndexTn (line 75) | static int __cdecl PhpColumnsCompareDisplayIndexTn(
function PhpInactiveColumnsCompareNameTn (line 87) | static long __cdecl PhpInactiveColumnsCompareNameTn(
function ULONG (line 100) | static ULONG IndexOfStringInList(
function VOID (line 114) | VOID PhpColumnsResetListBox(
function NTAPI (line 157) | NTAPI PhpInactiveColumnsSearchControlCallback(
function NTAPI (line 173) | NTAPI PhpActiveColumnsSearchControlCallback(
function INT_PTR (line 188) | INT_PTR CALLBACK PhpColumnsDlgProc(
FILE: SystemInformer/chdlg.c
type PH_CHOICE_DIALOG_CONTEXT (line 19) | typedef struct _PH_CHOICE_DIALOG_CONTEXT
function INT_PTR (line 35) | INT_PTR CALLBACK PhChoiceDlgProc(
function INT_PTR (line 324) | INT_PTR CALLBACK PhChooseNewPageDlgProc(
function BOOLEAN (line 602) | BOOLEAN PhaChoiceDialog(
function BOOLEAN (line 637) | BOOLEAN PhChoiceDialog(
FILE: SystemInformer/chproc.c
type PH_CHOOSE_PROCESS_DIALOG_CONTEXT (line 17) | typedef struct _PH_CHOOSE_PROCESS_DIALOG_CONTEXT
function PhShowChooseProcessDialog (line 35) | _Success_(return)
function VOID (line 66) | static VOID PhpRefreshProcessList(
function VOID (line 173) | static VOID PhpChooseProcessSetImagelist(
function INT_PTR (line 202) | INT_PTR CALLBACK PhpChooseProcessDlgProc(
FILE: SystemInformer/colmgr.c
type PH_CM_SORT_CONTEXT (line 19) | typedef struct _PH_CM_SORT_CONTEXT
function VOID (line 28) | VOID PhCmInitializeManager(
function VOID (line 43) | VOID PhCmDeleteManager(
function PPH_CM_COLUMN (line 64) | PPH_CM_COLUMN PhCmCreateColumn(
function PPH_CM_COLUMN (line 100) | PPH_CM_COLUMN PhCmFindColumn(
function VOID (line 124) | VOID PhCmSetNotifyPlugin(
function BOOLEAN (line 142) | BOOLEAN PhCmForwardMessage(
function PhCmpSortFunction (line 254) | static int __cdecl PhCmpSortFunction(
function BOOLEAN (line 270) | BOOLEAN PhCmForwardSort(
function BOOLEAN (line 306) | BOOLEAN PhCmLoadSettings(
function BOOLEAN (line 314) | BOOLEAN PhCmLoadSettingsEx(
function PPH_STRING (line 578) | PPH_STRING PhCmSaveSettings(
function PPH_STRING (line 585) | PPH_STRING PhCmSaveSettingsEx(
FILE: SystemInformer/colsetmgr.c
function PPH_LIST (line 16) | PPH_LIST PhInitializeColumnSetList(
function VOID (line 67) | VOID PhSaveSettingsColumnList(
function VOID (line 106) | VOID PhDeleteColumnSetList(
function PhLoadSettingsColumnSet (line 126) | _Success_(return)
function VOID (line 190) | VOID PhSaveSettingsColumnSet(
type PH_COLUMNSET_DIALOG_CONTEXT (line 243) | typedef struct _PH_COLUMNSET_DIALOG_CONTEXT
function VOID (line 263) | VOID PhShowColumnSetEditorDialog(
function VOID (line 277) | VOID PhpMoveListViewItem(
function VOID (line 315) | VOID PhpMoveSelectedListViewItemUp(
function VOID (line 331) | VOID PhpMoveSelectedListViewItemDown(
function INT_PTR (line 347) | INT_PTR CALLBACK PhpColumnSetEditorDlgProc(
FILE: SystemInformer/dbgcon.c
type STRING_TABLE_ENTRY (line 34) | typedef struct _STRING_TABLE_ENTRY
function VOID (line 69) | VOID PhShowDebugConsole(
function VOID (line 111) | VOID PhCloseDebugConsole(
function BOOL (line 122) | BOOL ConsoleHandlerRoutine(
function PWSTR (line 138) | static PWSTR PhpGetSymbolForAddress(
function VOID (line 147) | static VOID PhpPrintObjectInfo(
function VOID (line 217) | static VOID PhpDumpObjectInfo(
function VOID (line 260) | VOID PhpPrintHashtableStatistics(
function VOID (line 329) | static VOID PhpDebugCreateObjectHook(
function VOID (line 349) | static VOID PhpDeleteNewObjectList(
function PhpStringHashtableEqualFunction (line 362) | _Function_class_(PH_HASHTABLE_EQUAL_FUNCTION)
function PhpStringHashtableHashFunction (line 374) | _Function_class_(PH_HASHTABLE_HASH_FUNCTION)
function PhpStringEntryCompareByCount (line 384) | static int __cdecl PhpStringEntryCompareByCount(
function NTSTATUS (line 395) | static NTSTATUS PhpLeakEnumerationRoutine(
type RW_TEST_CONTEXT (line 445) | typedef struct _RW_TEST_CONTEXT
function PhpRwLockTestThreadStart (line 461) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 534) | static VOID PhpTestRwLock(
function VOID (line 591) | VOID FASTCALL PhfAcquireCriticalSection(
function VOID (line 599) | VOID FASTCALL PhfReleaseCriticalSection(
function PhpDebugConsoleThreadStart (line 606) | _Function_class_(USER_THREAD_START_ROUTINE)
FILE: SystemInformer/delayhook.c
function LRESULT (line 36) | LRESULT CALLBACK PhMenuWindowHookProcedure(
function LRESULT (line 102) | LRESULT CALLBACK PhDialogWindowHookProcedure(
function LRESULT (line 136) | LRESULT CALLBACK PhRebarWindowHookProcedure(
function LRESULT (line 160) | LRESULT CALLBACK PhComboBoxWindowHookProcedure(
function LRESULT (line 190) | LRESULT CALLBACK PhStaticWindowHookProcedure(
type PHP_THEME_WINDOW_STATUSBAR_CONTEXT (line 349) | typedef struct _PHP_THEME_WINDOW_STATUSBAR_CONTEXT
function VOID (line 373) | VOID ThemeWindowStatusBarCreateBufferedContext(
function VOID (line 394) | VOID ThemeWindowStatusBarDestroyBufferedContext(
function LONG (line 416) | LONG ThemeWindowStatusBarUpdateRectToIndex(
function VOID (line 444) | VOID ThemeWindowStatusBarDrawPart(
function VOID (line 496) | VOID ThemeWindowRenderStatusBar(
function LRESULT (line 558) | LRESULT CALLBACK PhStatusBarWindowHookProcedure(
function LRESULT (line 711) | LRESULT CALLBACK PhEditWindowHookProcedure(
type PHP_THEME_WINDOW_HEADER_CONTEXT (line 769) | typedef struct _PHP_THEME_WINDOW_HEADER_CONTEXT
function VOID (line 776) | VOID ThemeWindowRenderHeaderControl(
function LRESULT (line 941) | LRESULT CALLBACK PhHeaderWindowHookProcedure(
function VOID (line 1129) | VOID PhRegisterDialogSuperClass(
function VOID (line 1149) | VOID PhRegisterMenuSuperClass(
function VOID (line 1169) | VOID PhRegisterRebarSuperClass(
function VOID (line 1189) | VOID PhRegisterComboBoxSuperClass(
function VOID (line 1209) | VOID PhRegisterStaticSuperClass(
function VOID (line 1229) | VOID PhRegisterStatusBarSuperClass(
function VOID (line 1249) | VOID PhRegisterEditSuperClass(
function VOID (line 1269) | VOID PhRegisterHeaderSuperClass(
type TASKDIALOG_CALLBACK_WRAP (line 1307) | typedef struct _TASKDIALOG_CALLBACK_WRAP
type TASKDIALOG_COMMON_CONTEXT (line 1313) | typedef struct _TASKDIALOG_COMMON_CONTEXT
type TASKDIALOG_WINDOW_CONTEXT (line 1319) | typedef struct _TASKDIALOG_WINDOW_CONTEXT
function HRESULT (line 1351) | HRESULT PhDrawThemeBackgroundHook(
function HRESULT (line 1390) | HRESULT WINAPI PhDrawThemeBackgroundExHook(
function HWND (line 1477) | HWND PhCreateWindowExHook(
function BOOL (line 1536) | BOOL WINAPI PhSystemParametersInfoHook(
function HRESULT (line 1636) | HRESULT WINAPI PhDrawThemeTextHook(
function HRESULT (line 1662) | HRESULT WINAPI PhDrawThemeTextExHook(
function PhDetoursComCtl32DrawTextW (line 1693) | int PhDetoursComCtl32DrawTextW(
function HRESULT (line 1740) | HRESULT PhGetThemeColorHook(
function HTHEME (line 1772) | HTHEME PhOpenNcThemeDataHook(
function CALLBACK (line 1787) | CALLBACK PhInitializeTaskDialogTheme(
function LRESULT (line 1847) | LRESULT CALLBACK ThemeTaskDialogMasterSubclass(
function HRESULT (line 1936) | HRESULT CALLBACK ThemeTaskDialogCallbackHook(
function HRESULT (line 1960) | HRESULT PhTaskDialogIndirectHook(
function VOID (line 1977) | VOID PhRegisterDetoursHooks(
function BOOLEAN (line 2053) | BOOLEAN PhIsThemeTransparencyEnabled(
function VOID (line 2076) | VOID PhInitializeSuperclassControls(
FILE: SystemInformer/delayload.c
function VOID (line 25) | VOID PhDelayLoadImportAcquire(
function VOID (line 52) | VOID PhDelayLoadImportRelease(
function PVOID (line 84) | PVOID WINAPI __delayLoadHelper2(
FILE: SystemInformer/devprv.c
type PH_DEVICE_PROPERTY_FILL_CALLBACK (line 156) | typedef PH_DEVICE_PROPERTY_FILL_CALLBACK* PPH_DEVICE_PROPERTY_FILL_CALLB...
type PH_DEVICE_PROPERTY_TABLE_ENTRY (line 158) | typedef struct _PH_DEVICE_PROPERTY_TABLE_ENTRY
function BOOLEAN (line 166) | BOOLEAN PhpGetDevicePropertyGuid(
function BOOLEAN (line 197) | BOOLEAN PhpGetDeviceInterfacePropertyGuid(
function BOOLEAN (line 228) | BOOLEAN PhpGetClassPropertyGuid(
function BOOLEAN (line 258) | BOOLEAN PhpGetDevicePropertyUInt64(
function BOOLEAN (line 289) | BOOLEAN PhpGetDeviceInterfacePropertyUInt64(
function BOOLEAN (line 320) | BOOLEAN PhpGetClassPropertyUInt64(
function BOOLEAN (line 350) | BOOLEAN PhpGetDevicePropertyInt64(
function BOOLEAN (line 381) | BOOLEAN PhpGetDeviceInterfacePropertyInt64(
function BOOLEAN (line 412) | BOOLEAN PhpGetClassPropertyInt64(
function BOOLEAN (line 442) | BOOLEAN PhpGetDevicePropertyUInt32(
function BOOLEAN (line 473) | BOOLEAN PhpGetDeviceInterfacePropertyUInt32(
function BOOLEAN (line 504) | BOOLEAN PhpGetClassPropertyUInt32(
function BOOLEAN (line 534) | BOOLEAN PhpGetDevicePropertyInt32(
function BOOLEAN (line 565) | BOOLEAN PhpGetDeviceInterfacePropertyInt32(
function BOOLEAN (line 596) | BOOLEAN PhpGetClassPropertyInt32(
function BOOLEAN (line 626) | BOOLEAN PhpGetDevicePropertyNTSTATUS(
function BOOLEAN (line 657) | BOOLEAN PhpGetDeviceInterfacePropertyNTSTATUS(
function BOOLEAN (line 688) | BOOLEAN PhpGetClassPropertyNTSTATUS(
function BOOLEAN (line 718) | BOOLEAN PhpGetDevicePropertyBoolean(
function BOOLEAN (line 752) | BOOLEAN PhpGetDeviceInterfacePropertyBoolean(
function BOOLEAN (line 786) | BOOLEAN PhpGetClassPropertyBoolean(
function BOOLEAN (line 819) | BOOLEAN PhpGetDevicePropertyTimeStamp(
function BOOLEAN (line 854) | BOOLEAN PhpGetDeviceInterfacePropertyTimeStamp(
function BOOLEAN (line 889) | BOOLEAN PhpGetClassPropertyTimeStamp(
function BOOLEAN (line 923) | BOOLEAN PhpGetDevicePropertyString(
function BOOLEAN (line 983) | BOOLEAN PhpGetDeviceInterfacePropertyString(
function BOOLEAN (line 1043) | BOOLEAN PhpGetClassPropertyString(
function BOOLEAN (line 1101) | BOOLEAN PhpGetDevicePropertyStringList(
function BOOLEAN (line 1179) | BOOLEAN PhpGetDeviceInterfacePropertyStringList(
function BOOLEAN (line 1257) | BOOLEAN PhpGetClassPropertyStringList(
function BOOLEAN (line 1333) | BOOLEAN PhpGetDevicePropertyBinary(
function BOOLEAN (line 1397) | BOOLEAN PhpGetDeviceInterfacePropertyBinary(
function BOOLEAN (line 1461) | BOOLEAN PhpGetClassPropertyBinary(
function NTAPI (line 1524) | NTAPI PhpDevPropFillString(
function VOID (line 1584) | VOID PhpDevPropFillUInt64Common(
function NTAPI (line 1639) | NTAPI PhpDevPropFillUInt64(
function NTAPI (line 1666) | NTAPI PhpDevPropFillUInt64Hex(
function VOID (line 1692) | VOID PhpDevPropFillInt64Common(
function NTAPI (line 1747) | NTAPI PhpDevPropFillInt64(
function VOID (line 1773) | VOID PhpDevPropFillUInt32Common(
function NTAPI (line 1828) | NTAPI PhpDevPropFillUInt32(
function NTAPI (line 1855) | NTAPI PhpDevPropFillUInt32Hex(
function NTAPI (line 1883) | NTAPI PhpDevPropFillInt32(
function NTAPI (line 1947) | NTAPI PhpDevPropFillNTSTATUS(
type PH_WELL_KNOWN_GUID (line 2006) | typedef struct _PH_WELL_KNOWN_GUID
function PhpWellKnownGuidSortFunction (line 2623) | static int __cdecl PhpWellKnownGuidSortFunction(
function PhpWellKnownGuidSearchFunction (line 2637) | static int __cdecl PhpWellKnownGuidSearchFunction(
function PPH_STRING (line 2649) | PPH_STRING PhpDevPropWellKnownGuidToString(
function NTAPI (line 2691) | NTAPI PhpDevPropFillGuid(
function PPH_STRING (line 2753) | PPH_STRING PhpDevPropPciDeviceTypeToString(
function NTAPI (line 2806) | NTAPI PhpDevPropFillPciDeviceType(
function PPH_STRING (line 2828) | PPH_STRING PhpDevPropPciDeviceInterruptSupportToString(
function NTAPI (line 2854) | NTAPI PhpDevPropFillPciDeviceInterruptSupport(
function PPH_STRING (line 2876) | PPH_STRING PhpDevPropPciDeviceRequestSizeToString(
function NTAPI (line 2908) | NTAPI PhpDevPropFillPciDeviceRequestSize(
function PPH_STRING (line 2930) | PPH_STRING PhpDevPropPciDeviceSriovSupportToString(
function NTAPI (line 2960) | NTAPI PhpDevPropFillPciDeviceSriovSupport(
function NTAPI (line 2983) | NTAPI PhpDevPropFillBoolean(
function NTAPI (line 3052) | NTAPI PhpDevPropFillTimeStamp(
function NTAPI (line 3116) | NTAPI PhpDevPropFillStringList(
function NTAPI (line 3196) | NTAPI PhpDevPropFillStringOrStringList(
function VOID (line 3223) | VOID PhpDevPropFillBinaryCommon(
function NTAPI (line 3282) | NTAPI PhpDevPropFillBinary(
function PCPH_STRINGREF (line 3306) | PCPH_STRINGREF PhpDevPowerStateString(
function PCPH_STRINGREF (line 3327) | PCPH_STRINGREF PhpDevSysPowerStateString(
function PPH_STRING (line 3349) | PPH_STRING PhpDevSysPowerPowerDataString(
function NTAPI (line 3422) | NTAPI PhpDevPropFillPowerData(
function NTAPI (line 3448) | NTAPI PhpDevPropFillUInt32Flags(
function PPH_DEVICE_PROPERTY (line 3847) | PPH_DEVICE_PROPERTY PhGetDeviceProperty(
function BOOLEAN (line 3880) | BOOLEAN PhLookupDevicePropertyClass(
function HICON (line 3900) | HICON PhGetDeviceIcon(
function ULONG (line 3947) | ULONG PhpGenerateInstanceIdHash(
function PhpDeviceItemSortFunction (line 3954) | static int __cdecl PhpDeviceItemSortFunction(
function PhpDeviceItemSearchFunction (line 3968) | static int __cdecl PhpDeviceItemSearchFunction(
function PPH_DEVICE_ITEM (line 3982) | PPH_DEVICE_ITEM PhLookupDeviceItemByHash(
function PPH_DEVICE_ITEM (line 4002) | PPH_DEVICE_ITEM PhLookupDeviceItem(
function PPH_DEVICE_ITEM (line 4012) | PPH_DEVICE_ITEM PhReferenceDeviceItemByHash(
function PPH_DEVICE_ITEM (line 4026) | PPH_DEVICE_ITEM PhReferenceDeviceItem(
function PPH_DEVICE_ITEM (line 4040) | PPH_DEVICE_ITEM PhReferenceDeviceItem2(
function PhpDeviceInfoDeleteProcedure (line 4054) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PhpDeviceItemDeleteProcedure (line 4069) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PhpDeviceTreeDeleteProcedure (line 4113) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PhpDeviceNotifyDeleteProcedure (line 4144) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PPH_DEVICE_ITEM (line 4160) | PPH_DEVICE_ITEM NTAPI PhpAddDeviceItem(
function PPH_DEVICE_ITEM (line 4249) | PPH_DEVICE_ITEM NTAPI PhpAddDeviceInterfaceItem(
function VOID (line 4310) | VOID PhpGetInterfaceClassList(
function VOID (line 4356) | VOID PhpAssociateDeviceInterfaces(
function VOID (line 4391) | VOID PhpCheckDeviceTree(
function PPH_DEVICE_TREE (line 4473) | PPH_DEVICE_TREE PhpCreateDeviceTree(
function PPH_DEVICE_TREE (line 4608) | PPH_DEVICE_TREE PhpPublishDeviceTree(
function VOID (line 4628) | VOID PhpDeviceNotify(
function CALLBACK (line 4657) | CALLBACK PhpCmNotifyCallback(
function NTAPI (line 4725) | NTAPI ServiceProviderUpdatedCallback(
function BOOLEAN (line 4740) | BOOLEAN PhpDeviceProviderInitialization(
function BOOLEAN (line 4795) | BOOLEAN PhDeviceProviderInitialization(
function PPH_DEVICE_TREE (line 4812) | PPH_DEVICE_TREE PhReferenceDeviceTree(
function PPH_DEVICE_TREE (line 4819) | PPH_DEVICE_TREE PhReferenceDeviceTreeEx(
function BOOLEAN (line 4837) | BOOLEAN PhEnumDeviceResources(
FILE: SystemInformer/extmgr.c
function VOID (line 28) | VOID PhEmInitialization(
function VOID (line 46) | VOID PhEmInitializeAppContext(
function VOID (line 67) | VOID PhEmSetObjectExtension(
function PVOID (line 104) | PVOID PhEmGetObject(
function PVOID (line 127) | PVOID PhEmGetObjectExtension(
function SIZE_T (line 149) | SIZE_T PhEmGetObjectSize(
function VOID (line 166) | VOID PhEmCallObjectOperation(
function PhEmParseCompoundId (line 207) | _Success_(return)
FILE: SystemInformer/findobj.c
type PH_HANDLE_SEARCH_CONTEXT (line 39) | typedef struct _PH_HANDLE_SEARCH_CONTEXT
type PHP_OBJECT_RESULT_TYPE (line 68) | typedef enum _PHP_OBJECT_RESULT_TYPE
type PHP_OBJECT_SEARCH_RESULT (line 75) | typedef struct _PHP_OBJECT_SEARCH_RESULT
type PH_HANDLE_OBJECT_TREE_COLUMN_ITEM_NAME (line 89) | typedef enum _PH_HANDLE_OBJECT_TREE_COLUMN_ITEM_NAME
type PH_HANDLE_OBJECT_TREE_ROOT_NODE (line 101) | typedef struct _PH_HANDLE_OBJECT_TREE_ROOT_NODE
function BEGIN_SORT_FUNCTION (line 141) | BEGIN_SORT_FUNCTION(Process)
function END_SORT_FUNCTION (line 145) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 151) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 157) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 163) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 169) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 175) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 181) | END_SORT_FUNCTION
function VOID (line 194) | VOID PhpHandleObjectSaveSettingsTreeList(
function VOID (line 223) | VOID PhpDestroyHandleObjectNode(
function PPH_HANDLE_OBJECT_TREE_ROOT_NODE (line 236) | PPH_HANDLE_OBJECT_TREE_ROOT_NODE PhpAddHandleObjectNode(
function VOID (line 285) | VOID PhpRemoveHandleObjectNode(
function VOID (line 303) | VOID PhpUpdateHandleObjectNode(
function BOOLEAN (line 314) | BOOLEAN NTAPI PhpHandleObjectTreeNewCallback(
function VOID (line 489) | VOID PhpClearHandleObjectTree(
function PPH_HANDLE_OBJECT_TREE_ROOT_NODE (line 502) | PPH_HANDLE_OBJECT_TREE_ROOT_NODE PhpGetSelectedHandleObjectNode(
function PhpGetSelectedHandleObjectNodes (line 519) | _Success_(return)
function VOID (line 551) | VOID PhpInitializeHandleObjectTree(
function VOID (line 583) | VOID PhpDeleteHandleObjectTree(
function VOID (line 598) | VOID PhpInitializeFindObjMenu(
function PhpStringObjectTypeCompare (line 635) | static int __cdecl PhpStringObjectTypeCompare(
function VOID (line 646) | VOID PhpUpdateDropdownThemeMetrics(
function VOID (line 690) | VOID PhpPopulateObjectTypes(
function VOID (line 764) | VOID PhpFindObjectAddResultEntries(
function VOID (line 846) | VOID PhpFindObjectClearResultEntries(
function BOOLEAN (line 860) | static BOOLEAN MatchSearchString(
function BOOLEAN (line 868) | static BOOLEAN MatchTypeString(
type SEARCH_HANDLE_CONTEXT (line 879) | typedef struct _SEARCH_HANDLE_CONTEXT
function NTAPI (line 888) | NTAPI SearchHandleFunction(
type SEARCH_MODULE_CONTEXT (line 955) | typedef struct _SEARCH_MODULE_CONTEXT
function NTAPI (line 962) | NTAPI EnumModulesCallback(
function PhpFindObjectsThreadStart (line 1018) | _Function_class_(USER_THREAD_START_ROUTINE)
function PhpFindObjectsDeleteProcedure (line 1184) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PPH_HANDLE_SEARCH_CONTEXT (line 1204) | PPH_HANDLE_SEARCH_CONTEXT PhCreateFindObjectContext(
function NTAPI (line 1224) | NTAPI PhFindObjectsSearchControlCallback(
function INT_PTR (line 1236) | INT_PTR CALLBACK PhFindObjectsDlgProc(
function PhpFindObjectsDialogThreadStart (line 1776) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 1823) | VOID PhShowFindObjectsDialog(
FILE: SystemInformer/gdihndl.c
type PH_GDI_HANDLES_CONTEXT (line 20) | typedef struct _PH_GDI_HANDLES_CONTEXT
type PH_GDI_HANDLE_ITEM (line 29) | typedef struct _PH_GDI_HANDLE_ITEM
function VOID (line 45) | VOID PhShowGdiHandlesDialog(
function PCWSTR (line 70) | PCWSTR PhpGetGdiHandleTypeName(
function PPH_STRING (line 109) | PPH_STRING PhpGetGdiHandleInformation(
function VOID (line 212) | VOID PhpRefreshGdiHandles(
function LONG (line 295) | LONG NTAPI PhpGdiHandleHandleCompareFunction(
function LONG (line 307) | LONG NTAPI PhpGdiHandleObjectCompareFunction(
function INT_PTR (line 319) | INT_PTR CALLBACK PhpGdiHandlesDlgProc(
FILE: SystemInformer/heapinfo.c
type PH_PROCESS_HEAPS_CONTEXT (line 21) | typedef struct _PH_PROCESS_HEAPS_CONTEXT
type HEAP_COUNTERS (line 43) | typedef struct _HEAP_COUNTERS
type HEAP_COUNTERS32 (line 70) | typedef struct _HEAP_COUNTERS32
type HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS (line 97) | typedef struct _HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS
type HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS32 (line 103) | typedef struct _HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS32
type HEAP_RUNTIME_MEMORY_STATS (line 109) | typedef struct _HEAP_RUNTIME_MEMORY_STATS
type HEAP_RUNTIME_MEMORY_STATS32 (line 119) | typedef struct _HEAP_RUNTIME_MEMORY_STATS32
function VOID (line 148) | VOID PhShowProcessHeapsDialog(
function INT (line 169) | static INT NTAPI PhpHeapAddressCompareFunction(
function INT (line 193) | static INT NTAPI PhpHeapUsedCompareFunction(
function INT (line 217) | static INT NTAPI PhpHeapCommittedCompareFunction(
function INT (line 241) | static INT NTAPI PhpHeapEntriesCompareFunction(
function HFONT (line 265) | static HFONT NTAPI PhpHeapFontFunction(
function PPH_STRING (line 311) | PPH_STRING PhGetProcessHeapFlagsText(
function PCWSTR (line 364) | PCWSTR PhGetProcessHeapClassText(
function VOID (line 651) | VOID PhpSetProcessHeapsWindowText(
function INT_PTR (line 678) | INT_PTR CALLBACK PhpProcessHeapsDlgProc(
type PH_PROCESS_LOCKS_CONTEXT (line 1297) | typedef struct _PH_PROCESS_LOCKS_CONTEXT
function VOID (line 1326) | VOID PhShowProcessLocksDialog(
function NTAPI (line 1348) | NTAPI PhEnumProcessLocksCallback(
function VOID (line 1417) | VOID PhEnumerateProcessLocks(
function INT_PTR (line 1442) | INT_PTR CALLBACK PhProcessLocksDlgProc(
FILE: SystemInformer/hidnproc.c
function VOID (line 80) | VOID PhShowZombieProcessesDialog(
function VOID (line 101) | VOID PhZombieProcessesCleanupList(
function PhZombieProcessesThread (line 126) | _Function_class_(USER_THREAD_START_ROUTINE)
function INT_PTR (line 154) | INT_PTR CALLBACK PhpZombieProcessesDlgProc(
function COLORREF (line 603) | COLORREF NTAPI PhpZombieProcessesColorFunction(
function BOOLEAN (line 623) | BOOLEAN NTAPI PhpZombieProcessesCallback(
function VOID (line 656) | VOID PhZombieProcessesUpdateListView(
function NTSTATUS (line 684) | NTSTATUS PhpCreateProcessItemForZombieProcess(
function NTSTATUS (line 738) | NTSTATUS PhpEnumZombieProcessesBruteForce(
type CSR_HANDLES_CONTEXT (line 851) | typedef struct _CSR_HANDLES_CONTEXT
function BOOLEAN (line 858) | static BOOLEAN NTAPI PhpCsrProcessHandlesCallback(
function NTSTATUS (line 918) | NTSTATUS PhpEnumZombieProcessesCsrHandles(
type PH_ENUM_NEXT_PROCESS_CONTEXT (line 954) | typedef struct _PH_ENUM_NEXT_PROCESS_CONTEXT
function NTSTATUS (line 960) | NTSTATUS NTAPI PhpEnumNextProcessHandles(
function NTSTATUS (line 1019) | NTSTATUS PhpEnumZombieProcessHandles(
function NTSTATUS (line 1040) | NTSTATUS PhpEnumZombieSubKeyHandles(
function NTSTATUS (line 1182) | NTSTATUS PhpEnumEtwGuidHandles(
function NTSTATUS (line 1316) | NTSTATUS PhpEnumNtdllHandles(
function NTSTATUS (line 1450) | NTSTATUS PhEnumZombieProcesses(
function NTSTATUS (line 1475) | NTSTATUS PhpOpenCsrProcesses(
function NTSTATUS (line 1536) | NTSTATUS PhpGetCsrHandleProcessId(
function NTSTATUS (line 1587) | NTSTATUS PhEnumCsrProcessHandles(
function NTSTATUS (line 1657) | NTSTATUS PhOpenProcessByCsrHandle(
type OPEN_PROCESS_BY_CSR_CONTEXT (line 1703) | typedef struct _OPEN_PROCESS_BY_CSR_CONTEXT
function BOOLEAN (line 1711) | static BOOLEAN NTAPI PhpOpenProcessByCsrHandlesCallback(
function NTSTATUS (line 1732) | NTSTATUS PhOpenProcessByCsrHandles(
FILE: SystemInformer/hndllist.c
function VOID (line 60) | VOID PhInitializeHandleList(
function VOID (line 114) | VOID PhDeleteHandleList(
function PhpHandleNodeHashtableEqualFunction (line 131) | _Function_class_(PH_HASHTABLE_EQUAL_FUNCTION)
function PhpHandleNodeHashtableHashFunction (line 143) | _Function_class_(PH_HASHTABLE_HASH_FUNCTION)
function VOID (line 151) | VOID PhLoadSettingsHandleList(
function VOID (line 168) | VOID PhSaveSettingsHandleList(
function VOID (line 185) | VOID PhSetOptionsHandleList(
function PPH_HANDLE_NODE (line 207) | PPH_HANDLE_NODE PhAddHandleNode(
function PPH_HANDLE_NODE (line 252) | PPH_HANDLE_NODE PhFindHandleNode(
function VOID (line 274) | VOID PhRemoveHandleNode(
function VOID (line 299) | VOID PhpDestroyHandleNode(
function VOID (line 317) | VOID PhpRemoveHandleNode(
function VOID (line 334) | VOID PhUpdateHandleNode(
function VOID (line 345) | VOID PhExpandAllHandleNodes(
function VOID (line 368) | VOID PhTickHandleNodes(
function PhpHandleTreeNewPostSortFunction (line 396) | _Function_class_(PH_CM_POST_SORT_FUNCTION)
function BEGIN_SORT_FUNCTION (line 410) | BEGIN_SORT_FUNCTION(Type)
function END_SORT_FUNCTION (line 414) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 420) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 426) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 432) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 438) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 444) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 450) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 460) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 466) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 472) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 478) | END_SORT_FUNCTION
function NTAPI (line 486) | NTAPI PhpHandleTreeNewCallback(
function PPH_HANDLE_ITEM (line 805) | PPH_HANDLE_ITEM PhGetSelectedHandleItem(
function VOID (line 826) | VOID PhGetSelectedHandleItems(
function VOID (line 849) | VOID PhDeselectAllHandleNodes(
FILE: SystemInformer/hndlmenu.c
function VOID (line 23) | VOID PhInsertHandleObjectPropertiesEMenuItems(
function NTSTATUS (line 77) | static NTSTATUS PhpDuplicateHandleFromProcessItem(
function VOID (line 108) | static VOID PhpShowProcessPropContext(
function VOID (line 116) | VOID PhShowHandleObjectProperties1(
function VOID (line 427) | VOID PhShowHandleObjectProperties2(
FILE: SystemInformer/hndlprp.c
type PHP_HANDLE_GENERAL_CATEGORY (line 28) | typedef enum _PHP_HANDLE_GENERAL_CATEGORY
type PHP_HANDLE_GENERAL_INDEX (line 47) | typedef enum _PHP_HANDLE_GENERAL_INDEX
type HANDLE_PROPERTIES_CONTEXT (line 103) | typedef struct _HANDLE_PROPERTIES_CONTEXT
type HANDLE_PERMISSIONS_CONTEXT (line 113) | typedef struct _HANDLE_PERMISSIONS_CONTEXT
function PhpDuplicateHandleFromProcess (line 175) | _Function_class_(PH_OPEN_OBJECT)
function PhpDuplicateHandleCloseProcess (line 227) | _Function_class_(PH_CLOSE_OBJECT)
type HANDLE_PROPERTIES_THREAD_CONTEXT (line 239) | typedef struct _HANDLE_PROPERTIES_THREAD_CONTEXT
function BOOLEAN (line 246) | BOOLEAN PhpIsVerboseBestObjectName(
function PhHandlePropertiesContextDeleteProcedure (line 268) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PHANDLE_PROPERTIES_CONTEXT (line 279) | PHANDLE_PROPERTIES_CONTEXT PhCreateHandlePropertiesContext(
function PhpShowHandlePropertiesThread (line 299) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 478) | VOID PhShowHandleProperties(
function VOID (line 495) | VOID PhAddHandleListViewItem(
function VOID (line 505) | VOID PhSetHandleListViewItem(
function VOID (line 520) | VOID PhpUpdateHandleGeneralListViewGroups(
function VOID (line 626) | VOID PhpUpdateHandleGeneral(
function INT_PTR (line 2047) | INT_PTR CALLBACK PhpHandleGeneralDlgProc(
function VOID (line 2224) | VOID PhAddStatusPermissionsTrustee(
function VOID (line 2252) | VOID PhAddHandlePermissionsTrustee(
function VOID (line 2341) | VOID PhUpdateHandlePermissionsOwnerSecurity(
function VOID (line 2436) | VOID PhUpdateHandlePermissionsGroupSecurity(
function VOID (line 2531) | VOID PhUpdateHandlePermissionsSaclSecurity(
function VOID (line 2597) | VOID PhUpdateHandlePermissionsLabelSecurity(
function VOID (line 2663) | VOID PhUpdateHandlePermissionsDaclSecurity(
function VOID (line 2744) | VOID PhUpdateHandlePermissionSecurity(
function VOID (line 2831) | VOID PhUpdateHandleAuditingSecurity(
function INT_PTR (line 2917) | INT_PTR CALLBACK PhpHandlePermissionsDlgProc(
function INT_PTR (line 3102) | INT_PTR CALLBACK PhpHandleAuditingDlgProc(
FILE: SystemInformer/hndlprv.c
type PHP_CREATE_HANDLE_ITEM_CONTEXT (line 24) | typedef struct _PHP_CREATE_HANDLE_ITEM_CONTEXT
function PPH_HANDLE_PROVIDER (line 45) | PPH_HANDLE_PROVIDER PhCreateHandleProvider(
function PhpHandleProviderDeleteProcedure (line 98) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PPH_HANDLE_ITEM (line 122) | PPH_HANDLE_ITEM PhCreateHandleItem(
function PhpHandleItemDeleteProcedure (line 162) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function FORCEINLINE (line 177) | FORCEINLINE BOOLEAN PhCompareHandleItem(
function FORCEINLINE (line 185) | FORCEINLINE ULONG PhHashHandleItem(
function PPH_HANDLE_ITEM (line 192) | PPH_HANDLE_ITEM PhpLookupHandleItem(
function PPH_HANDLE_ITEM (line 219) | PPH_HANDLE_ITEM PhReferenceHandleItem(
function VOID (line 238) | VOID PhDereferenceAllHandleItems(
function VOID (line 263) | VOID PhpAddHandleItem(
function VOID (line 286) | VOID PhpRemoveHandleItem(
function PhpCreateHandleItemFunction (line 296) | _Function_class_(USER_THREAD_START_ROUTINE)
function PhHandleProviderUpdate (line 350) | _Function_class_(PH_PROVIDER_FUNCTION)
FILE: SystemInformer/hndlstat.c
type HANDLE_STATISTICS_ENTRY (line 18) | typedef struct _HANDLE_STATISTICS_ENTRY
type HANDLE_STATISTICS_CONTEXT (line 24) | typedef struct _HANDLE_STATISTICS_CONTEXT
function VOID (line 41) | VOID PhShowHandleStatisticsDialog(
function PhDestroyHandleStatistics (line 91) | void PhDestroyHandleStatistics(
function LONG (line 113) | static LONG NTAPI PhpTypeCountCompareFunction(
function INT_PTR (line 125) | INT_PTR CALLBACK PhpHandleStatisticsDlgProc(
FILE: SystemInformer/include/actions.h
type _PH_ACTION_ELEVATION_LEVEL (line 18) | enum _PH_ACTION_ELEVATION_LEVEL
type PH_PHSVC_MODE (line 26) | typedef enum _PH_PHSVC_MODE
type PH_POWERACTION_TYPE (line 84) | typedef enum _PH_POWERACTION_TYPE
FILE: SystemInformer/include/appsup.h
type PH_KNOWN_PROCESS_TYPE (line 69) | typedef enum _PH_KNOWN_PROCESS_TYPE
type PH_KNOWN_PROCESS_COMMAND_LINE (line 111) | typedef union _PH_KNOWN_PROCESS_COMMAND_LINE
type PH_RELEASE_CHANNEL (line 257) | typedef enum _PH_RELEASE_CHANNEL
type _PH_EMENU_ITEM (line 321) | struct _PH_EMENU_ITEM
type PH_TN_COLUMN_MENU_DATA (line 323) | typedef struct _PH_TN_COLUMN_MENU_DATA
type PH_TN_FILTER_SUPPORT (line 373) | typedef struct _PH_TN_FILTER_SUPPORT
type BOOLEAN (line 380) | typedef _Function_class_(PH_TN_FILTER_FUNCTION)
type PH_TN_FILTER_FUNCTION (line 385) | typedef PH_TN_FILTER_FUNCTION* PPH_TN_FILTER_FUNCTION;
type PH_TN_FILTER_ENTRY (line 387) | typedef struct _PH_TN_FILTER_ENTRY
type PH_COPY_CELL_CONTEXT (line 441) | typedef struct _PH_COPY_CELL_CONTEXT
type PH_COPY_ITEM_CONTEXT (line 465) | typedef struct _PH_COPY_ITEM_CONTEXT
function NTAPI (line 613) | NTAPI
function NTAPI (line 628) | NTAPI
function FORCEINLINE (line 661) | FORCEINLINE PVOID PhpGenericPropertyPageHeader(
FILE: SystemInformer/include/colmgr.h
type LONG (line 19) | typedef _Function_class_(PH_CM_POST_SORT_FUNCTION)
type PH_CM_POST_SORT_FUNCTION (line 26) | typedef PH_CM_POST_SORT_FUNCTION* PPH_CM_POST_SORT_FUNCTION;
type PH_CM_MANAGER (line 29) | typedef struct _PH_CM_MANAGER
type PH_PLUGIN (line 39) | typedef struct _PH_PLUGIN PH_PLUGIN, *PPH_PLUGIN;
type PH_CM_COLUMN (line 41) | typedef struct _PH_CM_COLUMN
FILE: SystemInformer/include/colsetmgr.h
type PH_COLUMN_SET_ENTRY (line 4) | typedef struct _PH_COLUMN_SET_ENTRY
FILE: SystemInformer/include/devprv.h
type PH_DEVICE_PROPERTY_CLASS (line 22) | typedef enum _PH_DEVICE_PROPERTY_CLASS
type PH_DEVICE_PROPERTY_TYPE (line 263) | typedef enum _PH_DEVICE_PROPERTY_TYPE
type PH_DEVICE_PROPERTY (line 281) | typedef struct _PH_DEVICE_PROPERTY
type PH_DEVINFO (line 318) | typedef struct _PH_DEVINFO
type PH_DEVINFO_DATA (line 323) | typedef struct _PH_DEVINFO_DATA
type PH_DEVICE_ITEM (line 334) | typedef struct _PH_DEVICE_ITEM
type PH_DEVICE_TREE (line 371) | typedef struct _PH_DEVICE_TREE
type PH_DEVICE_ENUM_RESOURCES_CALLBACK (line 392) | typedef PH_DEVICE_ENUM_RESOURCES_CALLBACK* PPH_DEVICE_ENUM_RESOURCES_CAL...
type PH_DEVICE_NOTIFY_ACTION (line 491) | typedef enum _PH_DEVICE_NOTIFY_ACTION
type PH_DEVICE_NOTIFY (line 500) | typedef struct _PH_DEVICE_NOTIFY
FILE: SystemInformer/include/extmgr.h
type PH_EM_OBJECT_TYPE (line 17) | typedef enum _PH_EM_OBJECT_TYPE
type PH_EM_OBJECT_OPERATION (line 42) | typedef enum _PH_EM_OBJECT_OPERATION
type PH_EM_APP_CONTEXT (line 56) | typedef struct _PH_EM_APP_CONTEXT
FILE: SystemInformer/include/extmgri.h
type PH_EM_OBJECT_TYPE_STATE (line 18) | typedef struct _PH_EM_OBJECT_TYPE_STATE
type PH_EM_OBJECT_EXTENSION (line 25) | typedef struct _PH_EM_OBJECT_EXTENSION
FILE: SystemInformer/include/heapstruct.h
type HEAP_ENTRY (line 17) | typedef struct _HEAP_ENTRY
type HEAP_SEGMENT (line 26) | typedef struct _HEAP_SEGMENT
type HEAP_OLD (line 47) | typedef struct _HEAP_OLD
type HEAP_WIN8 (line 63) | typedef struct _HEAP_WIN8
type RTLP_HEAP_COMMIT_LIMIT_DATA (line 81) | typedef struct _RTLP_HEAP_COMMIT_LIMIT_DATA
type HEAP_PSEUDO_TAG_ENTRY (line 87) | typedef struct _HEAP_PSEUDO_TAG_ENTRY
type HEAP_TUNING_PARAMETERS (line 93) | typedef struct _HEAP_TUNING_PARAMETERS
type HEAP_COUNTERS (line 99) | typedef struct _HEAP_COUNTERS
type HEAP (line 126) | typedef struct _HEAP
type SEGMENT_HEAP_WIN8 (line 197) | typedef struct _SEGMENT_HEAP_WIN8
type RTL_HP_ENV_HANDLE (line 209) | typedef struct _RTL_HP_ENV_HANDLE
type HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS (line 214) | typedef struct _HEAP_OPPORTUNISTIC_LARGE_PAGE_STATS
type RTL_HP_SEG_ALLOC_POLICY (line 220) | typedef struct _RTL_HP_SEG_ALLOC_POLICY
type HEAP_RUNTIME_MEMORY_STATS (line 226) | typedef struct _HEAP_RUNTIME_MEMORY_STATS
type SEGMENT_HEAP (line 237) | typedef struct _SEGMENT_HEAP
type HEAP_ENTRY32 (line 276) | typedef struct _HEAP_ENTRY32
type HEAP_SEGMENT32 (line 282) | typedef struct _HEAP_SEGMENT32
type HEAP_OLD32 (line 300) | typedef struct _HEAP_OLD32
type HEAP32 (line 315) | typedef struct _HEAP32
type SEGMENT_HEAP32 (line 329) | typedef struct _SEGMENT_HEAP32
type PH_ANY_HEAP (line 337) | typedef union _PH_ANY_HEAP
FILE: SystemInformer/include/hidnproc.h
type PH_ZOMBIE_PROCESS_METHOD (line 16) | typedef enum _PH_ZOMBIE_PROCESS_METHOD
type PH_ZOMBIE_PROCESS_TYPE (line 26) | typedef enum _PH_ZOMBIE_PROCESS_TYPE
type PH_ZOMBIE_PROCESS_ENTRY (line 34) | typedef struct _PH_ZOMBIE_PROCESS_ENTRY
type PH_CSR_HANDLE_INFO (line 41) | typedef struct _PH_CSR_HANDLE_INFO
FILE: SystemInformer/include/hndllist.h
type PH_HANDLE_TREE_MENUITEM (line 40) | typedef enum _PH_HANDLE_TREE_MENUITEM
type PH_HANDLE_NODE (line 58) | typedef struct _PH_HANDLE_NODE
type PH_HANDLE_LIST_CONTEXT (line 81) | typedef struct _PH_HANDLE_LIST_CONTEXT
FILE: SystemInformer/include/hndlmenu.h
type PH_HANDLE_ITEM_INFO (line 20) | typedef struct _PH_HANDLE_ITEM_INFO
FILE: SystemInformer/include/hndlprv.h
type PH_HANDLE_ITEM (line 25) | typedef struct _PH_HANDLE_ITEM
type PH_HANDLE_PROVIDER (line 51) | typedef struct _PH_HANDLE_PROVIDER
FILE: SystemInformer/include/informer.h
type PH_INFORMER_CONTEXT (line 15) | typedef struct _PH_INFORMER_CONTEXT
FILE: SystemInformer/include/ksisup.h
function FORCEINLINE (line 75) | FORCEINLINE
function FORCEINLINE (line 94) | FORCEINLINE
FILE: SystemInformer/include/mainwnd.h
type PH_MAINWINDOW_CALLBACK_TYPE (line 40) | typedef enum _PH_MAINWINDOW_CALLBACK_TYPE
type PH_SHOW_MEMORY_EDITOR (line 172) | typedef struct _PH_SHOW_MEMORY_EDITOR
type PH_SHOW_MEMORY_RESULTS (line 184) | typedef struct _PH_SHOW_MEMORY_RESULTS
type PH_LAYOUT_PADDING_DATA (line 191) | typedef struct _PH_LAYOUT_PADDING_DATA
type PH_MAIN_TAB_PAGE_MESSAGE (line 198) | typedef enum _PH_MAIN_TAB_PAGE_MESSAGE
type _PH_MAIN_TAB_PAGE (line 216) | struct _PH_MAIN_TAB_PAGE
type BOOLEAN (line 218) | typedef _Function_class_(PH_MAIN_TAB_PAGE_CALLBACK)
type PH_MAIN_TAB_PAGE_CALLBACK (line 225) | typedef PH_MAIN_TAB_PAGE_CALLBACK* PPH_MAIN_TAB_PAGE_CALLBACK;
type PH_MAIN_TAB_PAGE_EXPORT_CONTENT (line 227) | typedef struct _PH_MAIN_TAB_PAGE_EXPORT_CONTENT
type PH_MAIN_TAB_PAGE_MENU_INFORMATION (line 233) | typedef struct _PH_MAIN_TAB_PAGE_MENU_INFORMATION
type PH_MAIN_TAB_PAGE (line 239) | typedef struct _PH_MAIN_TAB_PAGE
type PH_TOAST_REASON (line 311) | typedef enum _PH_TOAST_REASON
type VOID (line 321) | typedef _Function_class_(PH_TOAST_CALLBACK)
type PH_TOAST_CALLBACK (line 327) | typedef PH_TOAST_CALLBACK* PPH_TOAST_CALLBACK;
type PH_EMENU (line 371) | typedef struct _PH_EMENU_ITEM PH_EMENU, *PPH_EMENU;
FILE: SystemInformer/include/mainwndp.h
type PH_MWP_NOTIFICATION_DETAILS (line 25) | typedef union _PH_MWP_NOTIFICATION_DETAILS
type _PH_MAIN_TAB_PAGE (line 431) | struct _PH_MAIN_TAB_PAGE
type PH_PROVIDER_EVENT_QUEUE (line 432) | typedef struct _PH_PROVIDER_EVENT_QUEUE PH_PROVIDER_EVENT_QUEUE, *PPH_PR...
type DECLSPEC_ALIGN (line 434) | struct DECLSPEC_ALIGN
FILE: SystemInformer/include/memlist.h
type PH_MEMORY_NODE (line 41) | typedef struct _PH_MEMORY_NODE
type PH_MEMORY_LIST_CONTEXT (line 84) | typedef struct _PH_MEMORY_LIST_CONTEXT
FILE: SystemInformer/include/memprv.h
type PH_MEMORY_REGION_TYPE (line 19) | typedef enum _PH_MEMORY_REGION_TYPE
type PH_ACTIVATION_CONTEXT_DATA_TYPE (line 53) | typedef enum _PH_ACTIVATION_CONTEXT_DATA_TYPE
type PH_MEMORY_ITEM (line 60) | typedef struct _PH_MEMORY_ITEM
type PH_MEMORY_ITEM_LIST (line 168) | typedef struct _PH_MEMORY_ITEM_LIST
FILE: SystemInformer/include/memsrch.h
type PH_MEMORY_RESULT (line 4) | typedef struct _PH_MEMORY_RESULT
type PH_MEMORY_SEARCH_OPTIONS (line 20) | typedef struct _PH_MEMORY_SEARCH_OPTIONS
type PH_MEMORY_STRING_OPTIONS (line 27) | typedef struct _PH_MEMORY_STRING_OPTIONS
FILE: SystemInformer/include/miniinfo.h
type PH_MINIINFO_SECTION (line 21) | typedef struct _PH_MINIINFO_SECTION PH_MINIINFO_SECTION, *PPH_MINIINFO_S...
type PH_MINIINFO_PARAMETERS (line 28) | typedef struct _PH_MINIINFO_PARAMETERS
type PH_MINIINFO_SECTION_MESSAGE (line 43) | typedef enum _PH_MINIINFO_SECTION_MESSAGE
type PH_MINIINFO_CREATE_DIALOG (line 61) | typedef struct _PH_MINIINFO_CREATE_DIALOG
type PH_MINIINFO_SECTION (line 76) | typedef struct _PH_MINIINFO_SECTION
type PH_MINIINFO_PIN_TYPE (line 101) | typedef enum _PH_MINIINFO_PIN_TYPE
type PH_MINIINFO_LIST_SECTION_MESSAGE (line 127) | typedef enum _PH_MINIINFO_LIST_SECTION_MESSAGE
type PH_MINIINFO_LIST_SECTION (line 144) | typedef struct _PH_MINIINFO_LIST_SECTION PH_MINIINFO_LIST_SECTION, *PPH_...
type PH_MINIINFO_LIST_SECTION_SORT_DATA (line 163) | typedef struct _PH_MINIINFO_LIST_SECTION_SORT_DATA
type PH_MINIINFO_LIST_SECTION_ASSIGN_SORT_DATA (line 169) | typedef struct _PH_MINIINFO_LIST_SECTION_ASSIGN_SORT_DATA
type PH_MINIINFO_LIST_SECTION_SORT_LIST (line 175) | typedef struct _PH_MINIINFO_LIST_SECTION_SORT_LIST
type PH_MINIINFO_LIST_SECTION_GET_TITLE_TEXT (line 182) | typedef struct _PH_MINIINFO_LIST_SECTION_GET_TITLE_TEXT
type PH_MINIINFO_LIST_SECTION_GET_USAGE_TEXT (line 192) | typedef struct _PH_MINIINFO_LIST_SECTION_GET_USAGE_TEXT
type PH_MINIINFO_LIST_SECTION_MENU_INFORMATION (line 202) | typedef struct _PH_MINIINFO_LIST_SECTION_MENU_INFORMATION
type PH_MINIINFO_LIST_SECTION (line 212) | typedef struct _PH_MINIINFO_LIST_SECTION
FILE: SystemInformer/include/miniinfop.h
type PH_MIP_ADJUST_PIN_RESULT (line 136) | typedef enum _PH_MIP_ADJUST_PIN_RESULT
type PH_MIP_GROUP_NODE (line 254) | typedef struct _PH_MIP_GROUP_NODE
FILE: SystemInformer/include/modlist.h
type PH_MODULE_NODE (line 56) | typedef struct _PH_MODULE_NODE
type PH_MODULE_LIST_CONTEXT (line 107) | typedef struct _PH_MODULE_LIST_CONTEXT
FILE: SystemInformer/include/modprv.h
type PH_MODULE_ITEM (line 20) | typedef struct _PH_MODULE_ITEM
type PH_MODULE_PROVIDER (line 74) | typedef struct _PH_MODULE_PROVIDER
FILE: SystemInformer/include/netlist.h
type PH_NETWORK_NODE (line 37) | typedef struct _PH_NETWORK_NODE
FILE: SystemInformer/include/netprv.h
type PH_NETWORK_PROVIDER_FLAG (line 20) | typedef enum _PH_NETWORK_PROVIDER_FLAG
type PH_NETWORK_ITEM (line 30) | typedef struct _PH_NETWORK_ITEM
FILE: SystemInformer/include/notifico.h
type PH_TRAY_ICON_ID (line 18) | typedef enum _PH_TRAY_ICON_ID
type PH_TRAY_ICON_GUID (line 34) | typedef enum _PH_TRAY_ICON_GUID
type PH_NF_ICON (line 55) | typedef struct _PH_NF_ICON PH_NF_ICON, *PPH_NF_ICON;
type VOID (line 57) | typedef _Function_class_(PH_NF_UPDATE_REGISTERED_ICON)
type PH_NF_UPDATE_REGISTERED_ICON (line 61) | typedef PH_NF_UPDATE_REGISTERED_ICON* PPH_NF_UPDATE_REGISTERED_ICON;
type VOID (line 63) | typedef _Function_class_(PH_NF_BEGIN_BITMAP)
type PH_NF_BEGIN_BITMAP (line 72) | typedef PH_NF_BEGIN_BITMAP* PPH_NF_BEGIN_BITMAP;
type PH_NF_POINTERS (line 74) | typedef struct _PH_NF_POINTERS
type VOID (line 82) | typedef _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
type PH_NF_ICON_UPDATE_CALLBACK (line 90) | typedef PH_NF_ICON_UPDATE_CALLBACK* PPH_NF_ICON_UPDATE_CALLBACK;
type BOOLEAN (line 92) | typedef _Function_class_(PH_NF_ICON_MESSAGE_CALLBACK)
type PH_NF_ICON_MESSAGE_CALLBACK (line 99) | typedef PH_NF_ICON_MESSAGE_CALLBACK* PPH_NF_ICON_MESSAGE_CALLBACK;
type PH_NF_MSG_SHOWMINIINFOSECTION_DATA (line 106) | typedef struct _PH_NF_MSG_SHOWMINIINFOSECTION_DATA
type PH_PLUGIN (line 119) | typedef struct _PH_PLUGIN PH_PLUGIN, *PPH_PLUGIN;
type PH_NF_ICON (line 121) | typedef struct _PH_NF_ICON
type PH_NF_ICON_REGISTRATION_DATA (line 221) | typedef struct _PH_NF_ICON_REGISTRATION_DATA
FILE: SystemInformer/include/notificop.h
type PH_NF_WORKQUEUE_DATA (line 18) | typedef struct _PH_NF_WORKQUEUE_DATA
type PH_NF_BITMAP (line 41) | typedef struct _PH_NF_BITMAP
FILE: SystemInformer/include/phapp.h
type PH_STARTUP_PARAMETERS (line 41) | typedef struct _PH_STARTUP_PARAMETERS
type PH_MESSAGE_LOOP_FILTER_ENTRY (line 115) | typedef struct _PH_MESSAGE_LOOP_FILTER_ENTRY
type _PH_LOG_ENTRY (line 184) | struct _PH_LOG_ENTRY
type PH_LOG_ENTRY (line 186) | typedef struct _PH_LOG_ENTRY
type PH_LIVE_DUMP_OPTIONS (line 548) | typedef union _PH_LIVE_DUMP_OPTIONS
type PH_RUNAS_SERVICE_PARAMETERS (line 721) | typedef struct _PH_RUNAS_SERVICE_PARAMETERS
type VOID (line 806) | typedef _Function_class_(PH_SEARCHCONTROL_CALLBACK)
type PH_SEARCHCONTROL_CALLBACK (line 811) | typedef PH_SEARCHCONTROL_CALLBACK* PPH_SEARCHCONTROL_CALLBACK;
FILE: SystemInformer/include/phfwddef.h
type _PH_SYMBOL_PROVIDER (line 19) | struct _PH_SYMBOL_PROVIDER
type _PH_PROCESS_ITEM (line 23) | struct _PH_PROCESS_ITEM
type _PH_PROCESS_RECORD (line 24) | struct _PH_PROCESS_RECORD
type _PH_SERVICE_ITEM (line 25) | struct _PH_SERVICE_ITEM
type _PH_NETWORK_ITEM (line 26) | struct _PH_NETWORK_ITEM
type _PH_MODULE_ITEM (line 27) | struct _PH_MODULE_ITEM
type _PH_MODULE_PROVIDER (line 28) | struct _PH_MODULE_PROVIDER
type _PH_THREAD_ITEM (line 29) | struct _PH_THREAD_ITEM
type _PH_THREAD_PROVIDER (line 30) | struct _PH_THREAD_PROVIDER
type _PH_HANDLE_ITEM (line 31) | struct _PH_HANDLE_ITEM
type _PH_HANDLE_PROVIDER (line 32) | struct _PH_HANDLE_PROVIDER
type _PH_MEMORY_ITEM (line 33) | struct _PH_MEMORY_ITEM
type _PH_MEMORY_ITEM_LIST (line 34) | struct _PH_MEMORY_ITEM_LIST
type _PH_PROCESS_NODE (line 38) | struct _PH_PROCESS_NODE
type _PH_SERVICE_NODE (line 39) | struct _PH_SERVICE_NODE
type _PH_NETWORK_NODE (line 40) | struct _PH_NETWORK_NODE
type _PH_MODULE_NODE (line 41) | struct _PH_MODULE_NODE
type _PH_THREAD_NODE (line 42) | struct _PH_THREAD_NODE
type _PH_HANDLE_NODE (line 43) | struct _PH_HANDLE_NODE
type _PH_MEMORY_NODE (line 44) | struct _PH_MEMORY_NODE
type _PH_PROCESS_PROPCONTEXT (line 48) | struct _PH_PROCESS_PROPCONTEXT
FILE: SystemInformer/include/phplug.h
type PH_GENERAL_CALLBACK (line 23) | typedef enum _PH_GENERAL_CALLBACK
type PH_PLUGIN_CALLBACK (line 92) | typedef enum _PH_PLUGIN_CALLBACK
type PH_PROCESS_PROVIDER_UPDATED_EVENT (line 106) | typedef struct _PH_PROCESS_PROVIDER_UPDATED_EVENT
type PH_PLUGIN_GET_HIGHLIGHTING_COLOR (line 113) | typedef struct _PH_PLUGIN_GET_HIGHLIGHTING_COLOR
type PH_PLUGIN_GET_TOOLTIP_TEXT (line 125) | typedef struct _PH_PLUGIN_GET_TOOLTIP_TEXT
type PH_PLUGIN_PROCESS_PROPCONTEXT (line 135) | typedef struct _PH_PLUGIN_PROCESS_PROPCONTEXT
type PH_PLUGIN_NOTIFY_EVENT (line 141) | typedef struct _PH_PLUGIN_NOTIFY_EVENT
type PH_PLUGIN_OBJECT_PROPERTIES (line 153) | typedef struct _PH_PLUGIN_OBJECT_PROPERTIES
type PH_PLUGIN_IS_DANGEROUS_PROCESS (line 165) | typedef struct _PH_PLUGIN_IS_DANGEROUS_PROCESS
type PH_PLUGIN_HANDLE_GENERAL_CATEGORY (line 171) | typedef enum _PH_PLUGIN_HANDLE_GENERAL_CATEGORY
type PH_PLUGIN_HANDLE_GENERAL_INDEX (line 189) | typedef enum _PH_PLUGIN_HANDLE_GENERAL_INDEX
type PH_PLUGIN (line 239) | typedef struct _PH_PLUGIN PH_PLUGIN, *PPH_PLUGIN;
type PH_PLUGIN_HANDLE_PROPERTIES_WINDOW_CONTEXT (line 241) | typedef struct _PH_PLUGIN_HANDLE_PROPERTIES_WINDOW_CONTEXT
type PH_PLUGIN_PROCESS_STATS_EVENT (line 251) | typedef struct _PH_PLUGIN_PROCESS_STATS_EVENT
type PH_PLUGIN_HANDLE_PROPERTIES_CONTEXT (line 259) | typedef struct _PH_PLUGIN_HANDLE_PROPERTIES_CONTEXT
type _PH_EMENU_ITEM (line 266) | struct _PH_EMENU_ITEM
type PH_PLUGIN_MENU_INFORMATION (line 270) | typedef struct _PH_PLUGIN_MENU_INFORMATION
type PH_PLUGIN_MENU_HOOK_INFORMATION (line 337) | typedef struct _PH_PLUGIN_MENU_HOOK_INFORMATION
type PH_PLUGIN_TREENEW_INFORMATION (line 345) | typedef struct _PH_PLUGIN_TREENEW_INFORMATION
type PH_PLUGIN_THREAD_STACK_CONTROL_TYPE (line 352) | typedef enum _PH_PLUGIN_THREAD_STACK_CONTROL_TYPE
type _PH_SYMBOL_PROVIDER (line 364) | struct _PH_SYMBOL_PROVIDER
type _PH_THREAD_STACK_FRAME (line 365) | struct _PH_THREAD_STACK_FRAME
type BOOLEAN (line 367) | typedef _Function_class_(PH_PLUGIN_WALK_THREAD_STACK_CALLBACK)
type PH_PLUGIN_WALK_THREAD_STACK_CALLBACK (line 372) | typedef PH_PLUGIN_WALK_THREAD_STACK_CALLBACK *PPH_PLUGIN_WALK_THREAD_STA...
type PH_PLUGIN_THREAD_STACK_CONTROL (line 374) | typedef struct _PH_PLUGIN_THREAD_STACK_CONTROL
type PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL_TYPE (line 414) | typedef enum _PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL_TYPE
type PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL (line 420) | typedef struct _PH_PLUGIN_MEMORY_ITEM_LIST_CONTROL
type PPH_SYSINFO_SECTION (line 433) | typedef _Function_class_(PH_SYSINFO_CREATE_SECTION)
type PH_SYSINFO_CREATE_SECTION (line 437) | typedef PH_SYSINFO_CREATE_SECTION *PPH_SYSINFO_CREATE_SECTION;
type PPH_SYSINFO_SECTION (line 439) | typedef _Function_class_(PH_SYSINFO_FIND_SECTION)
type PH_SYSINFO_FIND_SECTION (line 443) | typedef PH_SYSINFO_FIND_SECTION *PPH_SYSINFO_FIND_SECTION;
type VOID (line 445) | typedef _Function_class_(PH_SYSINFO_ENTER_SECTION_VIEW)
type PH_SYSINFO_ENTER_SECTION_VIEW (line 449) | typedef PH_SYSINFO_ENTER_SECTION_VIEW *PPH_SYSINFO_ENTER_SECTION_VIEW;
type VOID (line 451) | typedef _Function_class_(PH_SYSINFO_RESTORE_SUMMARY_VIEW)
type PH_SYSINFO_RESTORE_SUMMARY_VIEW (line 455) | typedef PH_SYSINFO_RESTORE_SUMMARY_VIEW *PPH_SYSINFO_RESTORE_SUMMARY_VIEW;
type PH_PLUGIN_SYSINFO_POINTERS (line 457) | typedef struct _PH_PLUGIN_SYSINFO_POINTERS
type PPH_MINIINFO_SECTION (line 466) | typedef _Function_class_(PH_MINIINFO_CREATE_SECTION)
type PH_MINIINFO_CREATE_SECTION (line 470) | typedef PH_MINIINFO_CREATE_SECTION *PPH_MINIINFO_CREATE_SECTION;
type PPH_MINIINFO_SECTION (line 472) | typedef _Function_class_(PH_MINIINFO_FIND_SECTION)
type PH_MINIINFO_FIND_SECTION (line 476) | typedef PH_MINIINFO_FIND_SECTION *PPH_MINIINFO_FIND_SECTION;
type PH_MINIINFO_LIST_SECTION (line 478) | typedef struct _PH_MINIINFO_LIST_SECTION PH_MINIINFO_LIST_SECTION, *PPH_...
type PH_PLUGIN_MINIINFO_POINTERS (line 486) | typedef struct _PH_PLUGIN_MINIINFO_POINTERS
type _PH_NF_ICON_REGISTRATION_DATA (line 496) | struct _PH_NF_ICON_REGISTRATION_DATA
type PPH_PLUGIN (line 512) | typedef _Function_class_(PH_REGISTER_TRAY_ICON)
type PH_REGISTER_TRAY_ICON (line 522) | typedef PH_REGISTER_TRAY_ICON *PPH_REGISTER_TRAY_ICON;
type PH_TRAY_ICON_POINTERS (line 524) | typedef struct _PH_TRAY_ICON_POINTERS
type PH_OPTIONS_SECTION (line 531) | typedef struct _PH_OPTIONS_SECTION
type PPH_OPTIONS_SECTION (line 548) | typedef _Function_class_(PH_OPTIONS_CREATE_SECTION)
type PH_OPTIONS_CREATE_SECTION (line 556) | typedef PH_OPTIONS_CREATE_SECTION *PPH_OPTIONS_CREATE_SECTION;
type PPH_OPTIONS_SECTION (line 558) | typedef _Function_class_(PH_OPTIONS_FIND_SECTION)
type PH_OPTIONS_FIND_SECTION (line 562) | typedef PH_OPTIONS_FIND_SECTION *PPH_OPTIONS_FIND_SECTION;
type VOID (line 564) | typedef _Function_class_(PH_OPTIONS_ENTER_SECTION_VIEW)
type PH_OPTIONS_ENTER_SECTION_VIEW (line 568) | typedef PH_OPTIONS_ENTER_SECTION_VIEW *PPH_OPTIONS_ENTER_SECTION_VIEW;
type PH_PLUGIN_OPTIONS_POINTERS (line 570) | typedef struct _PH_PLUGIN_OPTIONS_POINTERS
type PH_PLUGIN_TREENEW_MESSAGE (line 580) | typedef struct _PH_PLUGIN_TREENEW_MESSAGE
type LONG (line 590) | typedef _Function_class_(PH_PLUGIN_TREENEW_SORT_FUNCTION)
type PH_PLUGIN_TREENEW_SORT_FUNCTION (line 598) | typedef PH_PLUGIN_TREENEW_SORT_FUNCTION *PPH_PLUGIN_TREENEW_SORT_FUNCTION;
type NTSTATUS (line 600) | typedef _Function_class_(PHSVC_SERVER_PROBE_BUFFER)
type PHSVC_SERVER_PROBE_BUFFER (line 607) | typedef PHSVC_SERVER_PROBE_BUFFER *PPHSVC_SERVER_PROBE_BUFFER;
type NTSTATUS (line 609) | typedef _Function_class_(PHSVC_SERVER_CAPTURE_BUFFER)
type PHSVC_SERVER_CAPTURE_BUFFER (line 615) | typedef PHSVC_SERVER_CAPTURE_BUFFER *PPHSVC_SERVER_CAPTURE_BUFFER;
type NTSTATUS (line 617) | typedef _Function_class_(PHSVC_SERVER_CAPTURE_STRING)
type PHSVC_SERVER_CAPTURE_STRING (line 623) | typedef PHSVC_SERVER_CAPTURE_STRING *PPHSVC_SERVER_CAPTURE_STRING;
type PH_PLUGIN_PHSVC_REQUEST (line 625) | typedef struct _PH_PLUGIN_PHSVC_REQUEST
type VOID (line 639) | typedef _Function_class_(PHSVC_CLIENT_FREE_HEAP)
type PHSVC_CLIENT_FREE_HEAP (line 643) | typedef PHSVC_CLIENT_FREE_HEAP *PPHSVC_CLIENT_FREE_HEAP;
type PVOID (line 645) | typedef _Function_class_(PHSVC_CLIENT_CREATE_STRING)
type PHSVC_CLIENT_CREATE_STRING (line 651) | typedef PHSVC_CLIENT_CREATE_STRING *PPHSVC_CLIENT_CREATE_STRING;
type PH_PLUGIN_PHSVC_CLIENT (line 653) | typedef struct _PH_PLUGIN_PHSVC_CLIENT
type PH_PLUGIN_INFORMATION (line 662) | typedef struct _PH_PLUGIN_INFORMATION
type PH_PLUGIN (line 677) | typedef struct _PH_PLUGIN
function NTAPI (line 712) | NTAPI
function NTAPI (line 742) | NTAPI
function NTAPI (line 764) | NTAPI
type _PH_PLUGIN_MENU_ITEM (line 806) | struct _PH_PLUGIN_MENU_ITEM
type PH_PLUGIN_MENU_ITEM_DELETE_FUNCTION (line 812) | typedef PH_PLUGIN_MENU_ITEM_DELETE_FUNCTION *PPH_PLUGIN_MENU_ITEM_DELETE...
type PH_PLUGIN_MENU_ITEM (line 814) | typedef struct _PH_PLUGIN_MENU_ITEM
type PH_PLUGIN_SYSTEM_STATISTICS (line 834) | typedef struct _PH_PLUGIN_SYSTEM_STATISTICS
type PH_PLUGIN_ENUMERATE (line 994) | typedef PH_PLUGIN_ENUMERATE *PPH_PLUGIN_ENUMERATE;
FILE: SystemInformer/include/phsvc.h
type PHSVC_STOP (line 22) | typedef struct _PHSVC_STOP
type PHSVC_CLIENT (line 40) | typedef struct _PHSVC_CLIENT
type PHSVC_THREAD_CONTEXT (line 73) | typedef struct _PHSVC_THREAD_CONTEXT
type NTSTATUS (line 93) | typedef _Function_class_(PHSVC_API_PROCEDURE)
type PHSVC_API_PROCEDURE (line 98) | typedef PHSVC_API_PROCEDURE* PPHSVC_API_PROCEDURE;
type CONST (line 99) | typedef CONST PPHSVC_API_PROCEDURE
FILE: SystemInformer/include/phsvcapi.h
type PHSVC_API_NUMBER (line 19) | typedef enum _PHSVC_API_NUMBER
type PHSVC_API_CONNECTINFO (line 45) | typedef struct _PHSVC_API_CONNECTINFO
type PHSVC_API_PLUGIN (line 50) | typedef union _PHSVC_API_PLUGIN
type PHSVC_API_EXECUTERUNASCOMMAND (line 63) | typedef union _PHSVC_API_EXECUTERUNASCOMMAND
type PHSVC_API_UNLOADDRIVER (line 84) | typedef union _PHSVC_API_UNLOADDRIVER
type PHSVC_API_CONTROLPROCESS_COMMAND (line 94) | typedef enum _PHSVC_API_CONTROLPROCESS_COMMAND
type PHSVC_API_CONTROLPROCESS (line 103) | typedef union _PHSVC_API_CONTROLPROCESS
type PHSVC_API_CONTROLSERVICE_COMMAND (line 113) | typedef enum _PHSVC_API_CONTROLSERVICE_COMMAND
type PHSVC_API_CONTROLSERVICE (line 123) | typedef union _PHSVC_API_CONTROLSERVICE
type PHSVC_API_CREATESERVICE (line 132) | typedef union _PHSVC_API_CREATESERVICE
type PHSVC_API_CHANGESERVICECONFIG (line 155) | typedef union _PHSVC_API_CHANGESERVICECONFIG
type PHSVC_API_CHANGESERVICECONFIG2 (line 177) | typedef union _PHSVC_API_CHANGESERVICECONFIG2
type PHSVC_API_SETTCPENTRY (line 187) | typedef union _PHSVC_API_SETTCPENTRY
type PHSVC_API_CONTROLTHREAD_COMMAND (line 199) | typedef enum _PHSVC_API_CONTROLTHREAD_COMMAND
type PHSVC_API_CONTROLTHREAD (line 207) | typedef union _PHSVC_API_CONTROLTHREAD
type PHSVC_API_ADDACCOUNTRIGHT (line 217) | typedef union _PHSVC_API_ADDACCOUNTRIGHT
type PHSVC_API_ISSUEMEMORYLISTCOMMAND (line 226) | typedef union _PHSVC_API_ISSUEMEMORYLISTCOMMAND
type PHSVC_API_POSTMESSAGE (line 234) | typedef union _PHSVC_API_POSTMESSAGE
type PHSVC_API_CREATEPROCESSIGNOREIFEODEBUGGER (line 245) | typedef union _PHSVC_API_CREATEPROCESSIGNOREIFEODEBUGGER
type PHSVC_API_SETSERVICESECURITY (line 254) | typedef union _PHSVC_API_SETSERVICESECURITY
type PHSVC_API_WRITEMINIDUMPPROCESS (line 264) | typedef union _PHSVC_API_WRITEMINIDUMPPROCESS
type PHSVC_API_PROCESSHEAPINFORMATION (line 275) | typedef union _PHSVC_API_PROCESSHEAPINFORMATION
type PHSVC_API_CREATEPROCESSFORKSI (line 288) | typedef union _PHSVC_API_CREATEPROCESSFORKSI
type PHSVC_API_PAYLOAD (line 297) | typedef union _PHSVC_API_PAYLOAD
type PHSVC_API_MSG (line 329) | typedef struct _PHSVC_API_MSG
type PHSVC_API_MSG64 (line 335) | typedef struct _PHSVC_API_MSG64
FILE: SystemInformer/include/phuisup.h
type PH_SH_STATE (line 18) | typedef struct _PH_SH_STATE
function FORCEINLINE (line 25) | FORCEINLINE VOID PhChangeShStateTn(
type PH_PROVIDER_EVENT_TYPE (line 111) | typedef enum _PH_PROVIDER_EVENT_TYPE
type PH_PROVIDER_EVENT (line 118) | typedef struct _PH_PROVIDER_EVENT
type PH_PROVIDER_EVENT_QUEUE (line 129) | typedef struct _PH_PROVIDER_EVENT_QUEUE
function FORCEINLINE (line 135) | FORCEINLINE VOID PhInitializeProviderEventQueue(
function FORCEINLINE (line 144) | FORCEINLINE VOID PhDeleteProviderEventQueue(
function FORCEINLINE (line 162) | FORCEINLINE VOID PhPushProviderEventQueue(
function FORCEINLINE (line 180) | FORCEINLINE PPH_PROVIDER_EVENT PhFlushProviderEventQueue(
FILE: SystemInformer/include/procgrp.h
type PH_PROCESS_GROUP (line 17) | typedef struct _PH_PROCESS_GROUP
FILE: SystemInformer/include/procmtgn.h
type PH_PROCESS_MITIGATION_POLICY_ALL_INFORMATION (line 16) | typedef struct _PH_PROCESS_MITIGATION_POLICY_ALL_INFORMATION
FILE: SystemInformer/include/procprp.h
type PH_PROCESS_WAITPROPCONTEXT (line 16) | typedef struct _PH_PROCESS_WAITPROPCONTEXT
type PH_PROCESS_PROPCONTEXT (line 27) | typedef struct _PH_PROCESS_PROPCONTEXT
type PH_PROCESS_PROPPAGECONTEXT (line 41) | typedef struct _PH_PROCESS_PROPPAGECONTEXT
function FORCEINLINE (line 141) | FORCEINLINE
function FORCEINLINE (line 159) | FORCEINLINE
FILE: SystemInformer/include/procprpp.h
type PH_PROCESS_PROPSHEETCONTEXT (line 25) | typedef struct _PH_PROCESS_PROPSHEETCONTEXT
type PH_THREADS_CONTEXT (line 225) | typedef struct _PH_THREADS_CONTEXT
type PH_MODULES_CONTEXT (line 262) | typedef struct _PH_MODULES_CONTEXT
type PH_HANDLES_CONTEXT (line 298) | typedef struct _PH_HANDLES_CONTEXT
type PH_MEMORY_CONTEXT (line 336) | typedef struct _PH_MEMORY_CONTEXT
type PH_STATISTICS_CONTEXT (line 368) | typedef struct _PH_STATISTICS_CONTEXT
type PH_PERFORMANCE_CONTEXT (line 465) | typedef struct _PH_PERFORMANCE_CONTEXT
type PH_ENVIRONMENT_ITEM (line 486) | typedef struct _PH_ENVIRONMENT_ITEM
type PH_ENVIRONMENT_CONTEXT (line 492) | typedef struct _PH_ENVIRONMENT_CONTEXT
FILE: SystemInformer/include/procprv.h
type PH_PROCESS_PROVIDER_FLAG (line 28) | typedef enum _PH_PROCESS_PROVIDER_FLAG
type _PH_PROCESS_RECORD (line 127) | struct _PH_PROCESS_RECORD
type PH_IMAGELIST_ITEM (line 129) | typedef struct _PH_IMAGELIST_ITEM
type PH_PROCESS_ITEM (line 136) | typedef struct _PH_PROCESS_ITEM
type PH_PROCESS_RECORD (line 323) | typedef struct _PH_PROCESS_RECORD
type VERIFY_RESULT (line 385) | typedef enum _VERIFY_RESULT VERIFY_RESULT;
type _PH_VERIFY_FILE_INFO (line 386) | struct _PH_VERIFY_FILE_INFO
FILE: SystemInformer/include/proctree.h
type PH_PROCESS_NODE (line 164) | typedef struct _PH_PROCESS_NODE
type PH_AGGREGATE_TYPE (line 497) | typedef enum _PH_AGGREGATE_TYPE
type PH_AGGREGATE_LOCATION (line 505) | typedef enum _PH_AGGREGATE_LOCATION
FILE: SystemInformer/include/srvlist.h
type PH_SERVICE_NODE (line 45) | typedef struct _PH_SERVICE_NODE
FILE: SystemInformer/include/srvprv.h
type VERIFY_RESULT (line 22) | typedef enum _VERIFY_RESULT VERIFY_RESULT;
type _PH_IMAGELIST_ITEM (line 23) | struct _PH_IMAGELIST_ITEM
type PH_SERVICE_ITEM (line 25) | typedef struct _PH_SERVICE_ITEM
type PH_SERVICE_MODIFIED_DATA (line 88) | typedef struct _PH_SERVICE_MODIFIED_DATA
type PH_SERVICE_CHANGE (line 94) | typedef enum _PH_SERVICE_CHANGE
function NTAPI (line 123) | NTAPI
FILE: SystemInformer/include/sysinfo.h
type PH_SYSINFO_VIEW_TYPE (line 17) | typedef enum _PH_SYSINFO_VIEW_TYPE
type VOID (line 23) | typedef _Function_class_(PH_SYSINFO_COLOR_SETUP_FUNCTION)
type PH_SYSINFO_COLOR_SETUP_FUNCTION (line 30) | typedef PH_SYSINFO_COLOR_SETUP_FUNCTION* PPH_SYSINFO_COLOR_SETUP_FUNCTION;
type PH_SYSINFO_PARAMETERS (line 32) | typedef struct _PH_SYSINFO_PARAMETERS
type PH_SYSINFO_SECTION_MESSAGE (line 66) | typedef enum _PH_SYSINFO_SECTION_MESSAGE
type _PH_SYSINFO_SECTION (line 80) | struct _PH_SYSINFO_SECTION
type BOOLEAN (line 82) | typedef _Function_class_(PH_SYSINFO_SECTION_CALLBACK)
type PH_SYSINFO_SECTION_CALLBACK (line 89) | typedef PH_SYSINFO_SECTION_CALLBACK* PPH_SYSINFO_SECTION_CALLBACK;
type PH_SYSINFO_CREATE_DIALOG (line 91) | typedef struct _PH_SYSINFO_CREATE_DIALOG
type PH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT (line 102) | typedef struct _PH_SYSINFO_GRAPH_GET_TOOLTIP_TEXT
type PH_SYSINFO_DRAW_PANEL (line 108) | typedef struct _PH_SYSINFO_DRAW_PANEL
type PH_SYSINFO_SECTION (line 122) | typedef struct _PH_SYSINFO_SECTION
FILE: SystemInformer/include/thrdlist.h
type PH_THREAD_TREELIST_COLUMN (line 18) | typedef enum _PH_THREAD_TREELIST_COLUMN
type PH_THREAD_TREELIST_MENUITEM (line 72) | typedef enum _PH_THREAD_TREELIST_MENUITEM
type PH_THREAD_TOKEN_STATE (line 83) | typedef enum _PH_THREAD_TOKEN_STATE
type PH_THREAD_NODE (line 92) | typedef struct _PH_THREAD_NODE
type PH_THREAD_LIST_CONTEXT (line 169) | typedef struct _PH_THREAD_LIST_CONTEXT
FILE: SystemInformer/include/thrdprv.h
type PH_THREAD_ITEM (line 20) | typedef struct _PH_THREAD_ITEM
type PH_KNOWN_PROCESS_TYPE (line 87) | typedef enum _PH_KNOWN_PROCESS_TYPE PH_KNOWN_PROCESS_TYPE;
type PH_THREAD_PROVIDER (line 89) | typedef struct _PH_THREAD_PROVIDER
FILE: SystemInformer/infodlg.c
type PH_INFORMATION_CONTEXT (line 17) | typedef struct _PH_INFORMATION_CONTEXT
function INT_PTR (line 25) | static INT_PTR CALLBACK PhpInformationDlgProc(
function VOID (line 204) | VOID PhShowInformationDialog(
FILE: SystemInformer/informer.c
type PH_INFORMER_DB_REAP (line 23) | typedef struct _PH_INFORMER_DB_REAP
type SQLITE_APICALL (line 62) | typedef int SQLITE_APICALL
type SQLITE_APICALL (line 63) | typedef int SQLITE_APICALL
type sqlite3_int64 (line 64) | typedef sqlite3_int64 SQLITE_APICALL
type sqlite3_int64 (line 65) | typedef sqlite3_int64 SQLITE_APICALL sqlite3_column_int64_fn(sqlite3_stm...
function VOID (line 93) | VOID PhpInformerGetKeys(
function ULONG64 (line 156) | ULONG64 PhpInformerDatabaseQueryCountUnsafe(
function VOID (line 170) | VOID PhpInformerDatabaseInsert(
function VOID (line 194) | VOID PhpInformerDatabaseReap(
function PPH_LIST (line 232) | PPH_LIST PhInformerDatabaseQuery(
function VOID (line 294) | VOID PhpInformerDatabaseReferenceMessage(
function VOID (line 307) | VOID PhpInformerDatabaseDereferenceMessage(
function BOOLEAN (line 320) | BOOLEAN PhpInfomerLoadSQLite(
function VOID (line 352) | VOID PhpInitializeInformerDatabase(
function NTSTATUS (line 504) | NTSTATUS PhInformerReply(
function BOOLEAN (line 520) | BOOLEAN PhInformerDispatch(
function NTAPI (line 545) | NTAPI PhpInformerReapWorkItemRoutine(
function NTAPI (line 559) | NTAPI PhpInformerProcessUpdatedHandler(
function NTAPI (line 589) | NTAPI PhpInformerProcessRemovedHandler(
function VOID (line 622) | VOID PhInformerInitialize(
function VOID (line 648) | VOID PhInformerActivate(
FILE: SystemInformer/itemtips.c
function VOID (line 52) | VOID PhpAppendStringWithLineBreaks(
function ServiceForTooltipCompare (line 89) | static int __cdecl ServiceForTooltipCompare(
function PPH_STRING (line 100) | PPH_STRING PhGetProcessTooltipText(
function VOID (line 550) | VOID PhpFillUmdfDrivers(
function VOID (line 667) | VOID PhpFillRunningTasks(
function VOID (line 811) | VOID PhpFillWmiProviderHost(
function PPH_STRING (line 822) | PPH_STRING PhGetServiceTooltipText(
FILE: SystemInformer/jobprp.c
type JOB_PAGE_CONTEXT (line 25) | typedef struct _JOB_PAGE_CONTEXT
function VOID (line 65) | VOID PhShowJobProperties(
function HPROPSHEETPAGE (line 92) | HPROPSHEETPAGE PhCreateJobPage(
function INT (line 127) | INT CALLBACK PhpJobPropPageProc(
function FORCEINLINE (line 149) | FORCEINLINE PJOB_PAGE_CONTEXT PhpJobPageHeader(
function VOID (line 159) | static VOID PhpAddLimit(
function VOID (line 171) | static VOID PhpAddJobProcesses(
function INT_PTR (line 201) | INT_PTR CALLBACK PhpJobPageProc(
function VOID (line 589) | VOID PhpShowJobAdvancedProperties(
function VOID (line 634) | static VOID PhpRefreshJobStatisticsInfo(
function NTAPI (line 718) | NTAPI ProcessesUpdatedCallback(
function INT_PTR (line 726) | INT_PTR CALLBACK PhpJobStatisticsPageProc(
function INT (line 776) | INT CALLBACK PhpJobStatisticsSheetProc(
FILE: SystemInformer/kdump.c
type PH_LIVE_DUMP_CONFIG (line 14) | typedef struct _PH_LIVE_DUMP_CONFIG
function PhpCreateLiveKernelDump (line 25) | _Function_class_(USER_THREAD_START_ROUTINE)
function HRESULT (line 93) | HRESULT CALLBACK PhpLiveDumpPageCallbackProc(
function HRESULT (line 104) | HRESULT CALLBACK PhpLiveDumpProgressDialogCallbackProc(
function PhpLiveDumpTaskDialogThread (line 238) | _Function_class_(USER_THREAD_START_ROUTINE)
function PPH_STRING (line 287) | PPH_STRING PhpLiveDumpFileDialogFileName(
function VOID (line 332) | VOID PhUiCreateLiveDump(
function INT_PTR (line 355) | INT_PTR CALLBACK PhpLiveDumpDlgProc(
function VOID (line 425) | VOID PhShowLiveDumpDialog(
FILE: SystemInformer/ksidbg.c
type KSI_DEBUG_LOG_GET_LOG_STRING (line 27) | typedef KSI_DEBUG_LOG_GET_LOG_STRING* PKSI_DEBUG_LOG_GET_LOG_STRING;
type SI_DEBUG_LOG_DEF (line 29) | typedef struct _KSI_DEBUG_LOG_DEF
function PPH_STRING (line 47) | PPH_STRING KsiDebugLogProcessCreate(
function PPH_STRING (line 72) | PPH_STRING KsiDebugLogProcessExit(
function PPH_STRING (line 95) | PPH_STRING KsiDebugLogThreadCreate(
function PPH_STRING (line 110) | PPH_STRING KsiDebugLogThreadExecute(
function PPH_STRING (line 122) | PPH_STRING KsiDebugLogThreadExit(
function PPH_STRING (line 145) | PPH_STRING KsiDebugLogImageLoad(
function PPH_STRING (line 165) | PPH_STRING KsiDebugLogDebugPrint(
function PPH_STRING (line 191) | PPH_STRING KsiDebugLogHandleProcess(
function PPH_STRING (line 285) | PPH_STRING KsiDebugLogHandleThread(
function PPH_STRING (line 385) | PPH_STRING KsiDebugLogHandleDesktop(
function PPH_STRING (line 484) | PPH_STRING KsiDebugLogRequiredStateFailure(
function PPH_STRING (line 498) | PPH_STRING KsiDebugLogFileCommon(
function PPH_STRING (line 592) | PPH_STRING KsiDebugLogRegCommon(
function PPH_STRING (line 641) | PPH_STRING KsiDebugLogRegCommonWithValue(
function PPH_STRING (line 694) | PPH_STRING KsiDebugLogRegCommonWithMultipleValues(
function PPH_STRING (line 781) | PPH_STRING KsiDebugLogRegSaveRestoreKey(
function PPH_STRING (line 834) | PPH_STRING KsiDebugLogRegReplaceKey(
function PPH_STRING (line 891) | PPH_STRING KsiDebugLogSaveMergedKey(
function PPH_STRING (line 948) | PPH_STRING KsiDebugLogImageVerify(
function PPH_STRING (line 1154) | PPH_STRING KsiDebugLogGetTimeString(
function BOOLEAN (line 1176) | BOOLEAN KsiDebugLogSkip(
function VOID (line 1197) | VOID KsiDebugLogMessageLog(
function VOID (line 1264) | VOID KsiDebugLogMessageRaw(
function NTAPI (line 1280) | NTAPI KsiDebugLogMessageCallback(
function NTAPI (line 1293) | NTAPI KsiDebugMonitorRoutine(
function VOID (line 1335) | VOID KsiDebugLogInitialize(
function VOID (line 1411) | VOID KsiDebugLogFinalize(
FILE: SystemInformer/ksisup.c
type KSI_SUPPORT_DATA (line 29) | typedef struct _KSI_SUPPORT_DATA
type KSI_KERNEL_SUPPORT_CHECK_CONTEXT (line 38) | typedef struct _KSI_KERNEL_SUPPORT_CHECK_CONTEXT
function PPH_STRING (line 82) | PPH_STRING KsiGetKernelFileName(
function PCWSTR (line 105) | PCWSTR KsiGetWindowsVersionString(
function PPH_STRING (line 170) | PPH_STRING KsiGetWindowsBuildString(
function PPH_STRING (line 193) | PPH_STRING KsiGetKernelVersionString(
function VOID (line 235) | VOID KsiGetKernelSupportData(
function PPH_STRING (line 278) | PPH_STRING KsiGetKernelSupportString(
function VOID (line 312) | VOID PhShowKsiStatus(
function PPH_STRING (line 395) | PPH_STRING PhpGetKsiMessage(
function PPH_STRING (line 493) | PPH_STRING PhpGetKsiMessage2(
function LONG (line 610) | LONG PhpShowKsiMessage(
function PPH_STRING (line 701) | PPH_STRING PhGetKsiMessage(
function LONG (line 723) | LONG PhShowKsiMessage2(
function VOID (line 749) | VOID PhShowKsiMessageEx(
function VOID (line 771) | VOID PhShowKsiMessage(
function VOID (line 795) | VOID KsiCreateRandomizedName(
function NTSTATUS (line 819) | NTSTATUS KsiSvcConnectToServer(
function NTSTATUS (line 901) | NTSTATUS PhRestartSelf(
function PPH_STRING (line 1015) | PPH_STRING PhGetKsiServiceName(
function KsiCommsCallback (line 1043) | _Function_class_(KPH_COMMS_CALLBACK)
function NTSTATUS (line 1071) | NTSTATUS KsiReadConfiguration(
function NTSTATUS (line 1123) | NTSTATUS KsiValidateDynamicConfiguration(
function NTSTATUS (line 1171) | NTSTATUS KsiGetDynData(
function VOID (line 1236) | VOID KsiActivateDynData(
function PPH_STRING (line 1347) | PPH_STRING PhGetKsiFileName(
function PPH_STRING (line 1378) | PPH_STRING PhGetTemporaryKsiDirectory(
function NTSTATUS (line 1405) | NTSTATUS KsiCreateTemporaryDriverFile(
function NTSTATUS (line 1451) | NTSTATUS KsiConnect(
function KsiInitializeCallbackThread (line 1762) | _Function_class_(USER_THREAD_START_ROUTINE)
function HRESULT (line 1794) | static HRESULT CALLBACK KsiSplashScreenDialogCallbackProc(
function VOID (line 1856) | VOID KsiShowInitializingSplashScreen(
function VOID (line 1884) | VOID PhInitializeKsi(
function NTSTATUS (line 1958) | NTSTATUS PhCleanupKsi(
function PhParseKsiSettingsBlob (line 2023) | _Success_(return)
function PVOID (line 2079) | PVOID PhCreateKsiSettingsBlob(
function NTSTATUS (line 2141) | NTSTATUS PhQueryKphCounters(
function PPH_STRING (line 2181) | PPH_STRING KsiCreateBuildString(
function NTSTATUS (line 2219) | NTSTATUS KsiCreatePlatformSupportInformation(
type KSI_PLATFORM_BUILD_ENTRY (line 2367) | typedef struct _KSI_PLATFORM_BUILD_ENTRY
function PPH_STRING (line 2373) | PPH_STRING KsiCreatePlatformBuildString(
function PPH_STRING (line 2443) | PPH_STRING KsiCreateUpdateWindowsString(
function KsiCheckKernelSupportThread (line 2481) | _Function_class_(USER_THREAD_START_ROUTINE)
function HRESULT (line 2545) | HRESULT CALLBACK KsiKernelSupportCheckDialogCallbackProc(
function VOID (line 2618) | VOID KsiShowKernelSupportCheckDialog(
FILE: SystemInformer/ksyscall.c
type NT_SYSTEMCALL_NUMBER (line 18) | typedef union _NT_SYSTEMCALL_NUMBER
type PH_SYSCALL_NAME_ENTRY (line 28) | typedef struct _PH_SYSCALL_NAME_ENTRY
function PhpSystemCallListIndexSort (line 34) | static int __cdecl PhpSystemCallListIndexSort(
function VOID (line 46) | VOID PhGenerateSyscallLists(
function PPH_STRING (line 248) | PPH_STRING PhGetSystemCallNumberName(
FILE: SystemInformer/log.c
function VOID (line 20) | VOID PhLogInitialization(
function PPH_LOG_ENTRY (line 32) | PPH_LOG_ENTRY PhpCreateLogEntry(
function VOID (line 47) | VOID PhpFreeLogEntry(
function PPH_LOG_ENTRY (line 69) | PPH_LOG_ENTRY PhpCreateProcessLogEntry(
function PPH_LOG_ENTRY (line 98) | PPH_LOG_ENTRY PhpCreateServiceLogEntry(
function PPH_LOG_ENTRY (line 115) | PPH_LOG_ENTRY PhpCreateDeviceLogEntry(
function PPH_LOG_ENTRY (line 132) | PPH_LOG_ENTRY PhpCreateMessageLogEntry(
function VOID (line 146) | VOID PhpLogEntry(
function VOID (line 160) | VOID PhClearLogEntries(
function VOID (line 176) | VOID PhLogProcessEntry(
function VOID (line 188) | VOID PhLogServiceEntry(
function VOID (line 197) | VOID PhLogDeviceEntry(
function VOID (line 206) | VOID PhLogMessageEntry(
function PPH_STRING (line 214) | PPH_STRING PhpFormatLogEntryToBuffer(
function PPH_STRING (line 241) | PPH_STRING PhFormatLogEntry(
function PCPH_STRINGREF (line 468) | PCPH_STRINGREF PhFormatLogType(
FILE: SystemInformer/logwnd.c
function VOID (line 40) | VOID PhShowLogDialog(
function NTAPI (line 64) | NTAPI LoggedCallback(
function VOID (line 75) | static VOID PhpUpdateLogList(
function PPH_STRING (line 93) | static PPH_STRING PhpGetStringForSelectedLogEntries(
function INT_PTR (line 154) | INT_PTR CALLBACK PhpLogDlgProc(
FILE: SystemInformer/main.c
function INT (line 50) | INT WINAPI wWinMain(
function LONG (line 218) | LONG PhMainMessageLoop(
function VOID (line 296) | VOID PhRegisterDialog(
function VOID (line 317) | VOID PhUnregisterDialog(
function PPH_MESSAGE_LOOP_FILTER_ENTRY (line 345) | PPH_MESSAGE_LOOP_FILTER_ENTRY PhRegisterMessageLoopFilter(
function VOID (line 372) | VOID PhUnregisterMessageLoopFilter(
type PHP_PREVIOUS_MAIN_WINDOW_CONTEXT (line 395) | typedef struct _PHP_PREVIOUS_MAIN_WINDOW_CONTEXT
function CALLBACK (line 413) | CALLBACK PhPreviousInstanceWindowEnumProc(
function VOID (line 486) | static VOID PhForegroundPreviousInstance(
function VOID (line 554) | VOID PhInitializePreviousInstance(
function NTAPI (line 610) | NTAPI PhpPreviousInstancesCallback(
function VOID (line 657) | VOID PhActivatePreviousInstance(
function VOID (line 728) | VOID PhInitializeCommonControls(
function NTSTATUS (line 760) | NTSTATUS PhInitializeDirectoryPolicy(
type PH_TRIAGE_DUMP_TYPE (line 799) | typedef enum _PH_TRIAGE_DUMP_TYPE
function VOID (line 812) | VOID PhpCreateUnhandledExceptionCrashDump(
function LONG (line 910) | LONG CALLBACK PhpUnhandledExceptionCallback(
function NTSTATUS (line 1069) | NTSTATUS PhInitializeExceptionPolicy(
function NTSTATUS (line 1096) | NTSTATUS PhInitializeNamespacePolicy(
function NTSTATUS (line 1153) | NTSTATUS PhInitializeComPolicy(
function NTSTATUS (line 1242) | NTSTATUS PhInitializeExecutionPolicy(
function NTSTATUS (line 1269) | NTSTATUS PhInitializeMitigationPolicy(
function VOID (line 1312) | VOID PhInitializeDesktopPolicy(
function VOID (line 1387) | VOID PhEnableTerminationPolicy(
function NTSTATUS (line 1418) | NTSTATUS PhInitializeTimerPolicy(
function NTSTATUS (line 1436) | NTSTATUS PhInitializeAppSystem(
function VOID (line 1459) | VOID PhInitializeAppSettings(
type PH_COMMAND_ARG (line 1759) | typedef enum _PH_COMMAND_ARG
function NTAPI (line 1802) | NTAPI PhpCommandLineOptionCallback(
function VOID (line 1954) | VOID PhpProcessStartupParameters(
function VOID (line 2047) | VOID PhpEnablePrivileges(
FILE: SystemInformer/mainwnd.c
type PH_MWP_KPH (line 43) | typedef struct _PH_MWP_KPH
function BOOLEAN (line 89) | BOOLEAN PhMainWndInitialization(
function LRESULT (line 178) | LRESULT CALLBACK PhMwpWndProc(
function RTL_ATOM (line 292) | RTL_ATOM PhMwpInitializeWindowClass(
function PPH_STRING (line 321) | PPH_STRING PhMwpInitializeWindowTitle(
function VOID (line 376) | VOID PhMwpInitializeProviders(
function VOID (line 415) | VOID PhMwpShowWindow(
function VOID (line 486) | VOID PhMwpApplyUpdateInterval(
function VOID (line 501) | VOID PhMwpInitializeMetrics(
function VOID (line 517) | VOID PhMwpInitializeControls(
function PhMwpLoadStage1Worker (line 628) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 693) | VOID PhMwpOnDestroy(
function VOID (line 726) | VOID PhMwpOnEndSession(
function VOID (line 757) | VOID PhMwpOnSettingChange(
function PhpOpenServiceControlManager (line 800) | _Function_class_(PH_OPEN_OBJECT)
function PhpCloseServiceControlManager (line 826) | _Function_class_(PH_CLOSE_OBJECT)
function PhpOpenSecurityDummyHandle (line 846) | _Function_class_(PH_OPEN_OBJECT)
function PhpOpenComDummyAccessPermissionsHandle (line 866) | _Function_class_(PH_OPEN_OBJECT)
function PhpOpenComDummyAccessRestrictionsHandle (line 886) | _Function_class_(PH_OPEN_OBJECT)
function PhpOpenComDummyLaunchPermissionsHandle (line 907) | _Function_class_(PH_OPEN_OBJECT)
function PhpOpenComDummyLaunchRestrictionsHandle (line 928) | _Function_class_(PH_OPEN_OBJECT)
function PhpOpenSecurityDesktopHandle (line 947) | _Function_class_(PH_OPEN_OBJECT)
function PhpCloseSecurityDesktopHandle (line 978) | _Function_class_(PH_CLOSE_OBJECT)
function PhpOpenSecurityStationHandle (line 998) | _Function_class_(PH_OPEN_OBJECT)
function PhpCloseSecurityStationHandle (line 1028) | _Function_class_(PH_CLOSE_OBJECT)
function VOID (line 1047) | static VOID PhpMwpOnDumpCommand(
function VOID (line 1151) | VOID PhMwpOnCommand(
function VOID (line 2645) | VOID PhMwpOnShowWindow(
function BOOLEAN (line 2667) | BOOLEAN PhMwpOnSysCommand(
function VOID (line 2709) | VOID PhMwpOnMenuCommand(
function VOID (line 2742) | VOID PhMwpOnInitMenuPopup(
function VOID (line 2804) | VOID PhMwpOnSize(
function VOID (line 2830) | VOID PhMwpOnSizing(
function VOID (line 2843) | VOID PhMwpOnSetFocus(
function VOID (line 2886) | VOID PhMwpOnTimer(
function PhMwpOnNotify (line 2903) | _Success_(return)
function VOID (line 2928) | VOID PhMwpOnDeviceChanged(
function VOID (line 2969) | VOID PhMwpOnDpiChanged(
function LRESULT (line 3013) | LRESULT PhMwpOnUserMessage(
function VOID (line 3158) | VOID PhMwpLoadSettings(
function VOID (line 3209) | VOID PhMwpSaveSettings(
function VOID (line 3235) | VOID PhMwpSaveWindowState(
function VOID (line 3257) | VOID PhMwpUpdateLayoutPadding(
function VOID (line 3275) | VOID PhMwpApplyLayoutPadding(
function VOID (line 3291) | VOID PhMwpLayout(
function VOID (line 3346) | VOID PhMwpSetupComputerMenu(
function BOOLEAN (line 3374) | BOOLEAN PhMwpExecuteComputerCommand(
function BOOLEAN (line 3443) | BOOLEAN PhMwpIsWindowOverlapped(
function VOID (line 3479) | VOID PhMwpActivateWindow(
function PPH_EMENU (line 3509) | PPH_EMENU PhpCreateComputerMenu(
function PPH_EMENU (line 3560) | PPH_EMENU PhpCreateSystemMenu(
function PPH_EMENU (line 3586) | PPH_EMENU PhpCreateViewMenu(
function PPH_EMENU (line 3634) | PPH_EMENU PhpCreateToolsMenu(
function PPH_EMENU (line 3676) | PPH_EMENU PhpCreateUsersMenu(
function PPH_EMENU (line 3702) | PPH_EMENU PhpCreateHelpMenu(
function PPH_EMENU (line 3720) | PPH_EMENU PhpCreateMainMenu(
function VOID (line 3784) | VOID PhMwpInitializeMainMenu(
function VOID (line 3815) | VOID PhMwpDispatchMenuCommand(
function PPH_EMENU (line 3964) | PPH_EMENU PhpCreateNotificationMenu(
function BOOLEAN (line 4031) | BOOLEAN PhMwpExecuteNotificationMenuCommand(
function PPH_EMENU (line 4102) | PPH_EMENU PhpCreateNotificationSettingsMenu(
function BOOLEAN (line 4146) | BOOLEAN PhMwpExecuteNotificationSettingsMenuCommand(
function PPH_EMENU (line 4210) | PPH_EMENU PhpCreateIconMenu(
function VOID (line 4236) | VOID PhMwpInitializeSubMenu(
function VOID (line 4385) | VOID PhMwpInitializeSectionMenuItems(
function VOID (line 4412) | VOID PhMwpLayoutTabControl(
function VOID (line 4452) | VOID PhMwpNotifyTabControl(
function VOID (line 4470) | VOID PhMwpSelectionChangedTabControl(
function PPH_MAIN_TAB_PAGE (line 4547) | PPH_MAIN_TAB_PAGE PhMwpCreatePage(
function VOID (line 4581) | VOID PhMwpSelectPage(
function PPH_MAIN_TAB_PAGE (line 4598) | PPH_MAIN_TAB_PAGE PhMwpFindPage(
function PPH_MAIN_TAB_PAGE (line 4623) | PPH_MAIN_TAB_PAGE PhMwpCreateInternalPage(
function VOID (line 4646) | VOID PhMwpNotifyAllPages(
function IconProcessesCpuUsageCompare (line 4672) | static int __cdecl IconProcessesCpuUsageCompare(
function IconProcessesNameCompare (line 4690) | static int __cdecl IconProcessesNameCompare(
function VOID (line 4707) | VOID PhAddMiniProcessMenuItems(
function BOOLEAN (line 4772) | BOOLEAN PhHandleMiniProcessMenuItem(
function VOID (line 4867) | VOID PhMwpAddIconProcesses(
function VOID (line 4976) | VOID PhShowIconContextMenu(
function VOID (line 5068) | VOID PhShowIconNotification(
function HRESULT (line 5086) | HRESULT PhShowIconNotificationEx(
function VOID (line 5103) | VOID PhShowDetailsForIconNotification(
function VOID (line 5154) | VOID PhMwpClearLastNotificationDetails(
function VOID (line 5178) | VOID PhMwpInvokeShowMemoryEditorDialog(
function VOID (line 5203) | VOID PhMwpInvokeShowMemoryResultsDialog(
function VOID (line 5226) | VOID PhMwpInvokeUpdateWindowFont(
function VOID (line 5264) | VOID PhMwpInvokeUpdateWindowFontMonospace(
function VOID (line 5300) | VOID PhMwpInvokePrepareEarlyExit(
function VOID (line 5313) | VOID PhMwpInvokeActivateWindow(
function VOID (line 5325) | VOID PhMwpInvokeSelectTabPage(
function VOID (line 5342) | VOID PhMwpInvokeSelectServiceItem(
function VOID (line 5362) | VOID PhMwpInvokeSelectNetworkItem(
function BOOLEAN (line 5384) | BOOLEAN PhMwpPluginNotifyEvent(
function NTSTATUS (line 5415) | NTSTATUS PhInvokeOnMainThread(
function VOID (line 5455) | VOID PhProcessInvokeQueue(
function PVOID (line 5495) | PVOID PhPluginInvokeWindowCallback(
function PVOID (line 5706) | PVOID PhPluginCreateTabPage(
FILE: SystemInformer/mdump.c
type PH_PROCESS_MINIDUMP_CONTEXT (line 28) | typedef struct _PH_PROCESS_MINIDUMP_CONTEXT
function PPH_STRING (line 77) | PPH_STRING PhpProcessMiniDumpGetFileName(
function PhpProcessMiniDumpContextDeleteProcedure (line 123) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PPH_PROCESS_MINIDUMP_CONTEXT (line 158) | PPH_PROCESS_MINIDUMP_CONTEXT PhpCreateProcessMiniDumpContext(
function VOID (line 176) | VOID PhUiCreateDumpFileProcess(
function BOOL (line 262) | static BOOL CALLBACK PhpProcessMiniDumpCallback(
function PhpProcessMiniDumpThreadStart (line 418) | _Function_class_(USER_THREAD_START_ROUTINE)
function INT_PTR (line 555) | INT_PTR CALLBACK PhpProcessMiniDumpDlgProc(
function HRESULT (line 659) | HRESULT CALLBACK PhpProcessMiniDumpErrorPageCallbackProc(
function LRESULT (line 670) | LRESULT CALLBACK PhpProcessMiniDumpTaskDialogSubclassProc(
function HRESULT (line 737) | HRESULT CALLBACK PhpProcessMiniDumpTaskDialogCallbackProc(
function PhpProcessMiniDumpTaskDialogThread (line 800) | _Function_class_(USER_THREAD_START_ROUTINE)
type PH_MINIDUMP_OPTION_ENTRY (line 827) | typedef struct _PH_MINIDUMP_OPTION_ENTRY
function INT_PTR (line 833) | INT_PTR CALLBACK PhpProcDumpDlgProc(
function VOID (line 933) | VOID PhShowCreateDumpFileProcessDialog(
FILE: SystemInformer/memedit.c
type MEMORY_EDITOR_CONTEXT (line 21) | typedef struct _MEMORY_EDITOR_CONTEXT
function VOID (line 63) | VOID PhShowMemoryEditorDialog(
function INT (line 188) | INT NTAPI PhpMemoryEditorCompareFunction(
function INT_PTR (line 199) | INT_PTR CALLBACK PhpMemoryEditorDlgProc(
FILE: SystemInformer/memlist.c
function VOID (line 47) | VOID PhInitializeMemoryList(
function VOID (line 93) | VOID PhpClearMemoryList(
function VOID (line 108) | VOID PhDeleteMemoryList(
function VOID (line 122) | VOID PhLoadSettingsMemoryList(
function VOID (line 141) | VOID PhSaveSettingsMemoryList(
function VOID (line 158) | VOID PhSetOptionsMemoryList(
function VOID (line 192) | VOID PhpDestroyMemoryNode(
function PPH_MEMORY_NODE (line 228) | PPH_MEMORY_NODE PhpAddAllocationBaseNode(
function PPH_MEMORY_NODE (line 268) | PPH_MEMORY_NODE PhpAddRegionNode(
function VOID (line 297) | VOID PhpCopyMemoryRegionTypeInfo(
function VOID (line 317) | VOID PhReplaceMemoryList(
function VOID (line 400) | VOID PhRemoveMemoryNode(
function VOID (line 427) | VOID PhUpdateMemoryNode(
function VOID (line 438) | VOID PhInvalidateAllMemoryNodes(
function VOID (line 464) | VOID PhInvalidateAllMemoryBaseAddressNodes(
function VOID (line 500) | VOID PhExpandAllMemoryNodes(
function PPH_STRING (line 538) | PPH_STRING PhGetMemoryRegionUseText(
function VOID (line 622) | VOID PhpUpdateMemoryNodeUseText(
function VOID (line 630) | VOID PhpUpdateMemoryRegionTypeExText(
function PPH_STRING (line 641) | PPH_STRING PhpFormatSizeIfNonZero(
function PhpMemoryTreeNewPostSortFunction (line 671) | _Function_class_(PH_CM_POST_SORT_FUNCTION)
function BEGIN_SORT_FUNCTION (line 685) | BEGIN_SORT_FUNCTION(BaseAddress)
function END_SORT_FUNCTION (line 689) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 698) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 704) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 710) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 718) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 724) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 730) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 736) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 742) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 748) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 754) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 760) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 769) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 775) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 784) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 792) | END_SORT_FUNCTION
function NTAPI (line 800) | NTAPI PhpMemoryTreeNewCallback(
function PPH_MEMORY_NODE (line 1229) | PPH_MEMORY_NODE PhGetSelectedMemoryNode(
function VOID (line 1257) | VOID PhGetSelectedMemoryNodes(
function VOID (line 1291) | VOID PhDeselectAllMemoryNodes(
FILE: SystemInformer/memlists.c
function VOID (line 36) | VOID PhShowMemoryListsDialog(
function NTAPI (line 66) | NTAPI ProcessesUpdatedCallback(
function VOID (line 77) | static VOID PhpUpdateMemoryListInfo(
type VOID (line 161) | typedef
type PH_MEMORY_LIST_COMMAND_CALLBACK (line 169) | typedef PH_MEMORY_LIST_COMMAND_CALLBACK *PPH_MEMORY_LIST_COMMAND_CALLBACK;
function PPH_STRING (line 171) | PPH_STRING PhpCreateCommandStatusString(
function NTSTATUS (line 199) | NTSTATUS PhpMemoryListCommandCommon(
function NTAPI (line 237) | NTAPI PhpEmptyWorkingSetsCommand(
function NTAPI (line 253) | NTAPI PhpFlushModifiedListCommand(
function NTAPI (line 269) | NTAPI PhpPurgeStandbyListCommand(
function NTAPI (line 285) | NTAPI PhpPurgeLowPriorityStandbyListCommand(
function NTAPI (line 301) | NTAPI PhpCombineMemoryListsCommand(
function NTAPI (line 337) | NTAPI PhpEmptyCompressionStoreCommand(
function NTAPI (line 370) | NTAPI PhpEmptyRegistryCacheCommand(
function NTAPI (line 388) | NTAPI PhpEmptySystemFileCacheCommand(
function NTAPI (line 428) | NTAPI PhpFlushModifiedFileCacheCommand(
type PH_MEMORY_LIST_COMMAND_ENTRY (line 445) | typedef struct _PH_MEMORY_LIST_COMMAND_ENTRY
type PH_MEMORY_LIST_COMMAND_CONTEXT (line 464) | typedef struct _PH_MEMORY_LIST_COMMAND_CONTEXT
function NTAPI (line 478) | NTAPI PhMemoryListCommandThread(
function HRESULT (line 517) | HRESULT CALLBACK PhMemoryListCommandDialogCallbackProc(
function VOID (line 612) | VOID PhMemoryListCommandDialog(
function VOID (line 648) | VOID PhShowMemoryListCommand(
function INT_PTR (line 732) | INT_PTR CALLBACK PhpMemoryListsDlgProc(
FILE: SystemInformer/memmod.c
type PH_IMAGE_MODIFIED_DIALOG_CONTEXT (line 20) | typedef struct _PH_IMAGE_MODIFIED_DIALOG_CONTEXT
type PH_IMAGE_MAPPED_BASE_ENTRY (line 45) | typedef struct _PH_IMAGE_MAPPED_BASE_ENTRY
type PH_IMAGE_MAPPED_FAILURE_ENTRY (line 52) | typedef struct _PH_IMAGE_MAPPED_FAILURE_ENTRY
function NTAPI (line 69) | NTAPI PhEnumImagesForTamperingCallback(
function NTAPI (line 132) | NTAPI PhpEnumVirtualMemoryAttributesCallback(
type SYMBOL_LOOKUP_RESULT (line 165) | typedef struct _SYMBOL_LOOKUP_RESULT
function VOID (line 174) | VOID PhpCleanupPageModifiedLists(
function VOID (line 220) | VOID PhpLimitedSymbolReferenceContext(
function VOID (line 227) | VOID PhpLimitedSymbolDereferenceContext(
function NTSTATUS (line 246) | static NTSTATUS PhpLimitedSymbolProviderLookupFunction(
function VOID (line 315) | static VOID PhpLimitedSymbolProviderQueueSymbolLookup(
function VOID (line 335) | static VOID PhpProcessSymbolLookupResults(
function PPH_STRING (line 374) | static PPH_STRING PhpLimitedSymbolProviderGetBasicSymbol(
function NTSTATUS (line 413) | NTSTATUS PhCheckProcessImagesForTampering(
function PhPageModifiedSymbolProviderEventCallback (line 491) | _Function_class_(PH_CALLBACK_FUNCTION)
function INT_PTR (line 521) | INT_PTR CALLBACK PhPageModifiedDlgProc(
function VOID (line 760) | VOID PhShowImagePageModifiedDialog(
FILE: SystemInformer/memprot.c
type MEMORY_PROTECT_CONTEXT (line 16) | typedef struct _MEMORY_PROTECT_CONTEXT
function VOID (line 29) | VOID PhShowMemoryProtectDialog(
function INT_PTR (line 49) | INT_PTR CALLBACK PhpMemoryProtectDlgProc(
FILE: SystemInformer/memprv.c
function VOID (line 30) | VOID PhGetMemoryProtectionString(
function PCPH_STRINGREF (line 89) | PCPH_STRINGREF PhGetMemoryStateString(
function PCPH_STRINGREF (line 111) | PCPH_STRINGREF PhGetMemoryTypeString(
function PCPH_STRINGREF (line 155) | PCPH_STRINGREF PhGetSigningLevelString(
function PCPH_STRINGREF (line 188) | PCPH_STRINGREF PhGetMemoryPagePriorityString(
function PPH_STRING (line 207) | PPH_STRING PhGetMemoryRegionTypeExString(
function PPH_MEMORY_ITEM (line 255) | PPH_MEMORY_ITEM PhCreateMemoryItem(
function PhpMemoryItemDeleteProcedure (line 274) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function NTAPI (line 294) | NTAPI PhpMemoryItemCompareFunction(
function VOID (line 305) | VOID PhDeleteMemoryItemList(
function PPH_MEMORY_ITEM (line 323) | PPH_MEMORY_ITEM PhLookupMemoryItemList(
function PPH_MEMORY_ITEM (line 351) | static PPH_MEMORY_ITEM PhpSplitMemoryItem(
function PPH_MEMORY_ITEM (line 411) | PPH_MEMORY_ITEM PhpSetMemoryRegionType(
function VOID (line 456) | VOID PhpUpdateHeapRegions(
function NTSTATUS (line 598) | NTSTATUS PhpUpdateMemoryRegionTypes(
function NTSTATUS (line 1311) | NTSTATUS PhpUpdateMemoryWsCounters(
function NTSTATUS (line 1400) | NTSTATUS PhpUpdateMemoryWsCountersOld(
function NTSTATUS (line 1442) | NTSTATUS PhQueryMemoryItemList(
FILE: SystemInformer/memrslt.c
type MEMORY_RESULTS_CONTEXT (line 27) | typedef struct _MEMORY_RESULTS_CONTEXT
function PPH_STRING (line 37) | static PPH_STRING PhpGetStringForSelectedResults(
function VOID (line 73) | static VOID FilterResults(
function INT_PTR (line 211) | INT_PTR CALLBACK PhpMemoryResultsDlgProc(
function VOID (line 721) | VOID PhShowMemoryResultsDialog(
FILE: SystemInformer/memsrch.c
type MEMORY_STRING_CONTEXT (line 29) | typedef struct _MEMORY_STRING_CONTEXT
type MEMORY_STRING_SEARCH_CONTEXT (line 57) | typedef struct _MEMORY_STRING_SEARCH_CONTEXT
function PVOID (line 93) | PVOID PhAllocateForMemorySearch(
function VOID (line 140) | VOID PhFreeForMemorySearch(
function PVOID (line 157) | PVOID PhCreateMemoryResult(
function VOID (line 180) | VOID PhReferenceMemoryResult(
function VOID (line 187) | VOID PhDereferenceMemoryResult(
function VOID (line 200) | VOID PhDereferenceMemoryResults(
function NTSTATUS (line 211) | NTSTATUS NTAPI PhpMemoryStringSearchNextBuffer(
function NTAPI (line 292) | NTAPI PhpMemoryStringSearchCallback(
function VOID (line 317) | VOID PhSearchMemoryString(
function VOID (line 340) | VOID PhShowMemoryStringDialog(
function INT_PTR (line 394) | INT_PTR CALLBACK PhpMemoryStringDlgProc(
function VOID (line 492) | static VOID NTAPI PhpMemoryStringResultCallback(
function PhpMemoryStringThreadStart (line 503) | _Function_class_(USER_THREAD_START_ROUTINE)
function LRESULT (line 535) | LRESULT CALLBACK PhpMemoryStringTaskDialogSubclassProc(
function HRESULT (line 576) | HRESULT CALLBACK PhpMemoryStringTaskDialogCallback(
function BOOLEAN (line 637) | BOOLEAN PhpShowMemoryStringProgressDialog(
FILE: SystemInformer/memsrcht.c
type PH_MEMSTRINGS_SETTINGS (line 34) | typedef struct _PH_MEMSTRINGS_SETTINGS
type PH_MEMSTRINGS_CONTEXT (line 56) | typedef struct _PH_MEMSTRINGS_CONTEXT
type PH_MEMSTRINGS_TREE_COLUMN_ITEM (line 92) | typedef enum _PH_MEMSTRINGS_TREE_COLUMN_ITEM
type PH_MEMSTRINGS_NODE (line 105) | typedef struct _PH_MEMSTRINGS_NODE
type PH_MEMSTRINGS_SEARCH_CONTEXT (line 126) | typedef struct _PH_MEMSTRINGS_SEARCH_CONTEXT
function NTSTATUS (line 152) | NTSTATUS NTAPI PhpMemoryStringSearchTreeNextBuffer(
function NTAPI (line 241) | NTAPI PhpMemoryStringSearchTreeCallback(
function PhpMemorySearchStringsThread (line 289) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 328) | VOID PhpMemoryStringsCheckBackOff(
function VOID (line 351) | VOID PhpMemoryStringsAddTreeNode(
function VOID (line 370) | VOID PhpAddPendingMemoryStringsNodes(
function VOID (line 397) | VOID PhpLoadSettingsMemoryStrings(
function VOID (line 415) | VOID PhpSaveSettingsMemoryStrings(
function VOID (line 433) | VOID PhpInvalidateMemoryStringsAddresses(
function BOOLEAN (line 459) | BOOLEAN PhpGetSelectedMemoryStringsNodes(
function VOID (line 491) | VOID PhpCopyFilteredMemoryStringsNodes(
function PhpMemoryStringsTreeFilterCallback (line 515) | _Function_class_(PH_TN_FILTER_FUNCTION)
function NTAPI (line 538) | NTAPI PvpStringsSearchControlCallback(
function VOID (line 555) | VOID PhpDeleteMemoryStringsNodeList(
function VOID (line 568) | VOID PhpDeleteMemoryStringsTree(
function VOID (line 600) | VOID PhpSearchMemoryStrings(
function PhpMemoryStringsTreeNewPostSortFunction (line 656) | _Function_class_(PH_CM_POST_SORT_FUNCTION)
function BEGIN_SORT_FUNCTION (line 670) | BEGIN_SORT_FUNCTION(Index)
function END_SORT_FUNCTION (line 674) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 680) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 686) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 692) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 698) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 704) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 710) | END_SORT_FUNCTION
function NTAPI (line 718) | NTAPI PhpMemoryStringsTreeNewCallback(
function VOID (line 895) | VOID PhpInitializeMemoryStringsTree(
function INT_PTR (line 931) | INT_PTR CALLBACK PhpMemoryStringsMinimumLengthDlgProc(
function ULONG (line 1011) | ULONG PhpMemoryStringsMinimumLengthDialog(
function VOID (line 1031) | VOID PhpMemoryStringsSetWindowTitle(
function VOID (line 1052) | VOID PhpShowMemoryEditor(
function INT_PTR (line 1093) | INT_PTR CALLBACK PhpMemoryStringsDlgProc(
function NTAPI (line 1527) | NTAPI PhpShowMemoryStringDialogThreadStart(
function BOOLEAN (line 1568) | BOOLEAN PhpShowMemoryStringTreeDialog(
function VOID (line 1608) | VOID PhShowMemoryStringTreeDialog(
FILE: SystemInformer/miniinfo.c
function VOID (line 58) | VOID PhPinMiniInformation(
function LRESULT (line 196) | LRESULT CALLBACK PhMipContainerWndProc(
function INT_PTR (line 252) | INT_PTR CALLBACK PhMipMiniInfoDialogProc(
function RTL_ATOM (line 315) | RTL_ATOM PhMipContainerInitializeWindowClass(
function VOID (line 336) | VOID PhMipContainerOnShowWindow(
function VOID (line 390) | VOID PhMipContainerOnActivate(
function VOID (line 405) | VOID PhMipContainerOnSize(
function VOID (line 416) | VOID PhMipContainerOnSizing(
function VOID (line 424) | VOID PhMipContainerOnExitSizeMove(
function BOOLEAN (line 431) | BOOLEAN PhMipContainerOnEraseBkgnd(
function VOID (line 438) | VOID PhMipContainerOnTimer(
function VOID (line 451) | VOID PhMipOnInitDialog(
function VOID (line 484) | VOID PhMipOnShowWindow(
function VOID (line 516) | VOID PhMipOnCommand(
function PhMipOnNotify (line 549) | _Success_(return)
function PhMipOnCtlColorXxx (line 558) | _Success_(return)
function BOOLEAN (line 569) | BOOLEAN PhMipOnDrawItem(
function VOID (line 577) | VOID PhMipOnUserMessage(
function BOOLEAN (line 603) | BOOLEAN PhMipMessageLoopFilter(
function NTAPI (line 654) | NTAPI PhMipUpdateHandler(
function PH_MIP_ADJUST_PIN_RESULT (line 663) | PH_MIP_ADJUST_PIN_RESULT PhMipAdjustPin(
function VOID (line 691) | VOID PhMipCalculateWindowRectangle(
function VOID (line 763) | VOID PhMipInitializeParameters(
function PhMipCreateSection (line 811) | _Function_class_(PH_MINIINFO_CREATE_SECTION)
function VOID (line 832) | VOID PhMipDestroySection(
function PhMipFindSection (line 842) | _Function_class_(PH_MINIINFO_FIND_SECTION)
function PPH_MINIINFO_SECTION (line 861) | PPH_MINIINFO_SECTION PhMipCreateInternalSection(
function VOID (line 877) | VOID PhMipCreateSectionDialog(
function VOID (line 903) | VOID PhMipChangeSection(
function VOID (line 934) | VOID PhMipSetSectionText(
function VOID (line 945) | VOID PhMipUpdateSectionText(
function VOID (line 961) | VOID PhMipLayout(
function VOID (line 1020) | VOID PhMipBeginChildControlPin(
function VOID (line 1027) | VOID PhMipEndChildControlPin(
function VOID (line 1035) | VOID PhMipRefresh(
function VOID (line 1045) | VOID PhMipToggleRefreshAutomatically(
function VOID (line 1053) | VOID PhMipSetPinned(
function VOID (line 1069) | VOID PhMipShowSectionMenu(
function PPH_EMENU (line 1108) | PPH_EMENU PhpMipCreateMenu(
function VOID (line 1135) | VOID PhMipShowOptionsMenu(
function LRESULT (line 1203) | LRESULT CALLBACK PhMipSectionControlHookWndProc(
function PPH_MINIINFO_LIST_SECTION (line 1233) | PPH_MINIINFO_LIST_SECTION PhMipCreateListSection(
function PPH_MINIINFO_LIST_SECTION (line 1256) | PPH_MINIINFO_LIST_SECTION PhMipCreateInternalListSection(
function BOOLEAN (line 1270) | BOOLEAN PhMipListSectionCallback(
function INT_PTR (line 1332) | INT_PTR CALLBACK PhMipListSectionDialogProc(
function VOID (line 1411) | VOID PhMipListSectionSortFunction(
function VOID (line 1426) | VOID PhMipTickListSection(
function VOID (line 1470) | VOID PhMipClearListSection(
function LONG (line 1489) | LONG PhMipCalculateRowHeight(
function PPH_MIP_GROUP_NODE (line 1506) | PPH_MIP_GROUP_NODE PhMipAddGroupNode(
function VOID (line 1539) | VOID PhMipDestroyGroupNode(
function BOOLEAN (line 1547) | BOOLEAN PhMipListSectionTreeNewCallback(
function PPH_STRING (line 1917) | PPH_STRING PhMipGetGroupNodeTooltip(
function PPH_MIP_GROUP_NODE (line 1931) | PPH_MIP_GROUP_NODE PhMipGetSelectedGroupNode(
function VOID (line 1949) | VOID PhMipShowListSectionContextMenu(
function VOID (line 2027) | VOID PhMipHandleListSectionCommand(
function BOOLEAN (line 2071) | BOOLEAN PhMipCpuListSectionCallback(
function PhMipCpuListSectionProcessCompareFunction (line 2175) | int __cdecl PhMipCpuListSectionProcessCompareFunction(
function PhMipCpuListSectionNodeCompareFunction (line 2192) | int __cdecl PhMipCpuListSectionNodeCompareFunction(
function BOOLEAN (line 2203) | BOOLEAN PhMipCommitListSectionCallback(
function PhMipCommitListSectionProcessCompareFunction (line 2290) | int __cdecl PhMipCommitListSectionProcessCompareFunction(
function PhMipCommitListSectionNodeCompareFunction (line 2301) | int __cdecl PhMipCommitListSectionNodeCompareFunction(
function BOOLEAN (line 2312) | BOOLEAN PhMipPhysicalListSectionCallback(
function PhMipPhysicalListSectionProcessCompareFunction (line 2401) | int __cdecl PhMipPhysicalListSectionProcessCompareFunction(
function PhMipPhysicalListSectionNodeCompareFunction (line 2412) | int __cdecl PhMipPhysicalListSectionNodeCompareFunction(
function BOOLEAN (line 2423) | BOOLEAN PhMipIoListSectionCallback(
function PhMipIoListSectionProcessCompareFunction (line 2520) | int __cdecl PhMipIoListSectionProcessCompareFunction(
function PhMipIoListSectionNodeCompareFunction (line 2541) | int __cdecl PhMipIoListSectionNodeCompareFunction(
FILE: SystemInformer/modlist.c
function VOID (line 62) | VOID PhInitializeModuleList(
function VOID (line 129) | VOID PhDeleteModuleList(
function PhpModuleNodeHashtableEqualFunction (line 147) | _Function_class_(PH_HASHTABLE_EQUAL_FUNCTION)
function PhpModuleNodeHashtableHashFunction (line 159) | _Function_class_(PH_HASHTABLE_HASH_FUNCTION)
function VOID (line 167) | VOID PhLoadSettingsModuleList(
function VOID (line 186) | VOID PhSaveSettingsModuleList(
function VOID (line 203) | VOID PhSetOptionsModuleList(
function PPH_MODULE_NODE (line 258) | PPH_MODULE_NODE PhCreateModuleNode(
function PPH_MODULE_NODE (line 303) | PPH_MODULE_NODE PhAddModuleNode(
function PPH_MODULE_NODE (line 336) | PPH_MODULE_NODE PhFindModuleNode(
function VOID (line 358) | VOID PhRemoveModuleNode(
function VOID (line 383) | VOID PhpDestroyModuleNode(
function VOID (line 433) | VOID PhpRemoveModuleNode(
function VOID (line 450) | VOID PhUpdateModuleNode(
function VOID (line 463) | VOID PhInvalidateAllModuleNodes(
function VOID (line 480) | VOID PhInvalidateAllModuleBaseAddressNodes(
function VOID (line 512) | VOID PhExpandAllModuleNodes(
function VOID (line 535) | VOID PhTickModuleNodes(
function PhpModuleTreeNewPostSortFunction (line 567) | _Function_class_(PH_CM_POST_SORT_FUNCTION)
function BEGIN_SORT_FUNCTION (line 585) | BEGIN_SORT_FUNCTION(TriState)
function END_SORT_FUNCTION (line 600) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 606) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 612) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 618) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 624) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 630) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 636) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 642) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 648) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 654) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 660) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 671) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 680) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 686) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 704) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 710) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 716) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 722) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 728) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 734) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 740) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 749) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 755) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 761) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 767) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 773) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 779) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 785) | END_SORT_FUNCTION
function NTAPI (line 795) | NTAPI PhpModuleTreeNewCallback(
function PPH_MODULE_ITEM (line 1512) | PPH_MODULE_ITEM PhGetSelectedModuleItem(
function VOID (line 1533) | VOID PhGetSelectedModuleItems(
function VOID (line 1556) | VOID PhDeselectAllModuleNodes(
function BOOLEAN (line 1566) | BOOLEAN PhShouldShowModuleCoherency(
FILE: SystemInformer/modprv.c
type PH_MODULE_QUERY_DATA (line 28) | typedef struct _PH_MODULE_QUERY_DATA
function PPH_MODULE_PROVIDER (line 81) | PPH_MODULE_PROVIDER PhCreateModuleProvider(
function PhpModuleProviderDeleteProcedure (line 221) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function PPH_MODULE_ITEM (line 265) | PPH_MODULE_ITEM PhCreateModuleItem(
function PhpModuleItemDeleteProcedure (line 289) | _Function_class_(PH_TYPE_DELETE_PROCEDURE)
function NTAPI (line 306) | NTAPI PhpModuleHashtableEqualFunction(
function NTAPI (line 328) | NTAPI PhpModuleHashtableHashFunction(
function PPH_MODULE_ITEM (line 339) | PPH_MODULE_ITEM PhReferenceModuleItemEx(
function PPH_MODULE_ITEM (line 377) | PPH_MODULE_ITEM PhReferenceModuleItem(
function VOID (line 390) | VOID PhDereferenceAllModuleItems(
function VOID (line 407) | VOID PhpRemoveModuleItem(
function PhModuleItemReadVirtualMemoryCallback (line 416) | _Function_class_(PH_READ_VIRTUAL_MEMORY_CALLBACK)
function PhpModuleQueryWorker (line 434) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 691) | VOID PhpQueueModuleQuery(
function NTAPI (line 716) | NTAPI PhpEnumModulesCallback(
function PhModuleProviderUpdate (line 733) | _Function_class_(PH_PROVIDER_FUNCTION)
function PCPH_STRINGREF (line 1038) | PCPH_STRINGREF PhGetModuleTypeName(
function PCPH_STRINGREF (line 1072) | PCPH_STRINGREF PhGetModuleLoadReasonTypeName(
function PCPH_STRINGREF (line 1099) | PCPH_STRINGREF PhGetModuleEnclaveTypeName(
function VOID (line 1118) | static VOID PhModuleAddEnclaveModule(
type PHP_ENUM_ENCLAVE_MODULES_CONTEXT (line 1159) | typedef struct _PHP_ENUM_ENCLAVE_MODULES_CONTEXT
function BOOLEAN (line 1165) | static BOOLEAN NTAPI PhModuleEnumEnclaveModulesCallback(
function BOOLEAN (line 1188) | static BOOLEAN NTAPI PhModuleEnumEnclavesCallback(
function NTSTATUS (line 1211) | NTSTATUS PhEnumGenericEnclaveModules(
function PhModuleEnclaveListInitialize (line 1236) | _Function_class_(USER_THREAD_START_ROUTINE)
FILE: SystemInformer/mtgndlg.c
type MITIGATION_POLICY_ENTRY (line 17) | typedef struct _MITIGATION_POLICY_ENTRY
type MITIGATION_POLICY_CONTEXT (line 24) | typedef struct _MITIGATION_POLICY_CONTEXT
function VOID (line 38) | VOID PhShowProcessMitigationPolicyDialog(
function INT_PTR (line 144) | INT_PTR CALLBACK PhpProcessMitigationPolicyDlgProc(
FILE: SystemInformer/mwpgdev.c
function BOOLEAN (line 25) | BOOLEAN PhpShouldNotifyForDevice(
function PPH_STRING (line 42) | PPH_STRING PhpNotifyDeviceGetString(
function VOID (line 63) | VOID PhpNotifyForDevice(
function NTAPI (line 100) | NTAPI PhpDeviceProviderCallbackHandler(
function VOID (line 129) | VOID PhMwpInitializeDeviceNotifications(
FILE: SystemInformer/mwpgnet.c
function PhMwpNetworkPageCallback (line 37) | _Function_class_(PH_MAIN_TAB_PAGE_CALLBACK)
function VOID (line 163) | VOID PhMwpNeedNetworkTreeList(
function VOID (line 175) | VOID PhMwpToggleNetworkWaitingConnectionTreeFilter(
function PhMwpNetworkTreeFilter (line 194) | _Function_class_(PH_TN_FILTER_FUNCTION)
function VOID (line 210) | VOID PhMwpInitializeNetworkMenu(
function VOID (line 264) | VOID PhShowNetworkContextMenu(
function NTAPI (line 328) | NTAPI PhMwpNetworkItemAddedHandler(
function NTAPI (line 340) | NTAPI PhMwpNetworkItemModifiedHandler(
function NTAPI (line 351) | NTAPI PhMwpNetworkItemRemovedHandler(
function NTAPI (line 362) | NTAPI PhMwpNetworkItemsUpdatedHandler(
function VOID (line 370) | VOID PhMwpOnNetworkItemsUpdated(
FILE: SystemInformer/mwpgproc.c
function PhMwpProcessesPageCallback (line 48) | _Function_class_(PH_MAIN_TAB_PAGE_CALLBACK)
function VOID (line 222) | VOID PhMwpShowProcessProperties(
function VOID (line 240) | VOID PhMwpToggleCurrentUserProcessTreeFilter(
function PhMwpCurrentUserProcessTreeFilter (line 263) | _Function_class_(PH_TN_FILTER_FUNCTION)
function VOID (line 280) | VOID PhMwpToggleSignedProcessTreeFilter(
function VOID (line 314) | VOID PhMwpToggleMicrosoftProcessTreeFilter(
function PhMwpSignedProcessTreeFilter (line 337) | _Function_class_(PH_TN_FILTER_FUNCTION)
function PhMwpMicrosoftProcessTreeFilter (line 351) | _Function_class_(PH_TN_FILTER_FUNCTION)
function BOOLEAN (line 383) | BOOLEAN PhMwpExecuteProcessPriorityClassCommand(
function BOOLEAN (line 421) | BOOLEAN PhMwpExecuteProcessIoPriorityCommand(
function VOID (line 453) | VOID PhMwpSetProcessMenuPriorityChecks(
function VOID (line 601) | VOID PhMwpInitializeProcessMenu(
function PPH_EMENU (line 871) | PPH_EMENU PhpCreateProcessMenu(
function VOID (line 989) | VOID PhShowProcessContextMenu(
function NTAPI (line 1051) | NTAPI PhMwpProcessAddedHandler(
function NTAPI (line 1065) | NTAPI PhMwpProcessModifiedHandler(
function NTAPI (line 1076) | NTAPI PhMwpProcessRemovedHandler(
function NTAPI (line 1089) | NTAPI PhMwpProcessesUpdatedHandler(
function VOID (line 1097) | VOID PhMwpOnProcessAdded(
function VOID (line 1180) | VOID PhMwpOnProcessModified(
function VOID (line 1190) | VOID PhMwpOnProcessRemoved(
function VOID (line 1254) | VOID PhMwpOnProcessesUpdated(
FILE: SystemInformer/mwpgsrv.c
function PhMwpServicesPageCallback (line 37) | _Function_class_(PH_MAIN_TAB_PAGE_CALLBACK)
function VOID (line 153) | VOID PhMwpNeedServiceTreeList(
function VOID (line 164) | VOID PhMwpToggleDriverServiceTreeFilter(
function VOID (line 183) | VOID PhMwpToggleMicrosoftServiceTreeFilter(
function PhMwpDriverServiceTreeFilter (line 202) | _Function_class_(PH_TN_FILTER_FUNCTION)
function PhMwpMicrosoftServiceTreeFilter (line 216) | _Function_class_(PH_TN_FILTER_FUNCTION)
function VOID (line 230) | VOID PhMwpInitializeServiceMenu(
function VOID (line 307) | VOID PhShowServiceContextMenu(
function VOID (line 377) | VOID PhServiceListInsertContextMenu(
function NTAPI (line 413) | NTAPI PhMwpServiceAddedHandler(
function NTAPI (line 425) | NTAPI PhMwpServiceModifiedHandler(
function NTAPI (line 439) | NTAPI PhMwpServiceRemovedHandler(
function NTAPI (line 450) | NTAPI PhMwpServicesUpdatedHandler(
function VOID (line 458) | VOID PhMwpOnServiceAdded(
function VOID (line 506) | VOID PhMwpOnServiceModified(
function VOID (line 641) | VOID PhMwpOnServiceRemoved(
function VOID (line 680) | VOID PhMwpOnServicesUpdated(
FILE: SystemInformer/netlist.c
function VOID (line 85) | VOID PhNetworkTreeListInitialization(
function PhpNetworkNodeHashtableEqualFunction (line 98) | _Function_class_(PH_HASHTABLE_EQUAL_FUNCTION)
function PhpNetworkNodeHashtableHashFunction (line 110) | _Function_class_(PH_HASHTABLE_HASH_FUNCTION)
function VOID (line 118) | VOID PhInitializeNetworkTreeList(
function VOID (line 162) | VOID PhLoadSettingsNetworkTreeUpdateMask(
function VOID (line 189) | VOID PhLoadSettingsNetworkTreeList(
function VOID (line 210) | VOID PhSaveSettingsNetworkTreeList(
function VOID (line 224) | VOID PhReloadSettingsNetworkTreeList(
function PPH_TN_FILTER_SUPPORT (line 236) | PPH_TN_FILTER_SUPPORT PhGetFilterSupportNetworkTreeList(
function PPH_NETWORK_NODE (line 243) | PPH_NETWORK_NODE PhAddNetworkNode(
function PPH_NETWORK_NODE (line 290) | PPH_NETWORK_NODE PhFindNetworkNode(
function VOID (line 311) | VOID PhRemoveNetworkNode(
function VOID (line 335) | VOID PhpRemoveNetworkNode(
function VOID (line 360) | VOID PhUpdateNetworkNode(
function VOID (line 371) | VOID PhTickNetworkNodes(
function PhpNetworkTreeNewPostSortFunction (line 404) | _Function_class_(PH_CM_POST_SORT_FUNCTION)
function BEGIN_SORT_FUNCTION (line 418) | BEGIN_SORT_FUNCTION(Process)
function END_SORT_FUNCTION (line 422) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 428) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 468) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 474) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 480) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 520) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 526) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 532) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 538) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 544) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 550) | END_SORT_FUNCTION
function END_SORT_FUNCTION (line 556) | END_SORT_FUNCTION
function NTAPI (line 564) | NTAPI PhpNetworkTreeNewCallback(
function VOID (line 946) | VOID PhpUpdateNetworkItemProcessName(
function VOID (line 977) | VOID PhpUpdateNetworkItemProcessId(
function PPH_NETWORK_ITEM (line 1003) | PPH_NETWORK_ITEM PhGetSelectedNetworkItem(
function VOID (line 1024) | VOID PhGetSelectedNetworkItems(
function VOID (line 1046) | VOID PhDeselectAllNetworkNodes(
function BOOLEAN (line 1053) | BOOLEAN PhSelectAndEnsureVisibleNetworkNode(
function VOID (line 1076) | VOID PhInvalidateAllNetworkNodes(
function VOID (line 1091) | VOID PhInvalidateAllNetworkNodesHostnames(
function VOID (line 1123) | VOID PhCopyNetworkList(
function VOID (line 1134) | VOID PhWriteNetworkList(
function PPH_LIST (line 1157) | PPH_LIST PhDuplicateNetworkNodeList(
FILE: SystemInformer/netprv.c
type PH_NETWORK_CONNECTION (line 27) | typedef struct _PH_NETWORK_CONNECTION
type PH_NETWORK_ITEM_QUERY_DATA (line 40) | typedef struct _PH_NETWORK_ITEM_QUERY_DATA
type PHP_RESOLVE_CACHE_ITEM (line 50) | typedef struct _PHP_RESOLVE_CACHE_ITEM
function BOOLEAN (line 109) | BOOLEAN PhNetworkProviderInitialization(
function PPH_NETWORK_ITEM (line 133) | PPH_NETWORK_ITEM PhCreateNetworkItem(
function NTAPI (line 150) | NTAPI PhpNetworkItemDeleteProcedure(
function PhpNetworkHashtableEqualFunction (line 179) | _Function_class_(PH_HASHTABLE_EQUAL_FUNCTION)
function NTAPI (line 196) | NTAPI PhpNetworkHashtableHashFunction(
function PPH_NETWORK_ITEM (line 209) | PPH_NETWORK_ITEM PhReferenceNetworkItem(
function VOID (line 256) | VOID PhEnumNetworkItems(
function VOID (line 303) | VOID PhEnumNetworkItemsByProcessId(
function VOID (line 357) | VOID PhpRemoveNetworkItem(
function NTAPI (line 366) | NTAPI PhpResolveCacheHashtableEqualFunction(
function NTAPI (line 378) | NTAPI PhpResolveCacheHashtableHashFunction(
function PPHP_RESOLVE_CACHE_ITEM (line 387) | PPHP_RESOLVE_CACHE_ITEM PhpLookupResolveCacheItem(
function PPH_STRING (line 479) | PPH_STRING PhpGetDnsReverseNameFromAddress(
function PPH_STRING (line 581) | PPH_STRING PhGetHostNameFromAddressEx(
function VOID (line 670) | VOID PhFlushNetworkItemResolveCache(
function PhpNetworkItemQueryWorker (line 705) | _Function_class_(USER_THREAD_START_ROUTINE)
function VOID (line 758) | VOID PhpQueueNetworkItemQuery(
function VOID (line 794) | VOID PhNetworkItemResolveHostname(
function VOID (line 852) | VOID PhNetworkItemInvalidateHostname(
function VOID (line 874) | VOID PhpUpdateNetworkItemOwner(
function VOID (line 890) | VOID PhFlushNetworkQueryData(
function PhNetworkProviderUpdate (line 927) | _Function_class_(PH_PROVIDER_FUNCTION)
function PHVSOCKET_LISTENERS (line 1282) | PHVSOCKET_LISTENERS PhpGetHvSocketListeners(
function PHVSOCKET_CONNECTIONS (line 1315) | PHVSOCKET_CONNECTIONS PhpGetHvSocketConnections(
function VOID (line 1348) | VOID PhpCollectHvSocket(
function BOOLEAN (line 1460) | static BOOLEAN NTAPI PhpHvEnumComputeSystemCallback(
function VOID (line 1489) | VOID PhpGetHvSocket(
function PhGetNetworkConnections (line 1529) | _Success_(return)
function PCPH_STRINGREF (line 1930) | PCPH_STRINGREF PhGetProtocolTypeName(
function PCPH_STRINGREF (line 1949) | PCPH_STRINGREF PhGetTcpStateName(
FILE: SystemInformer/netstk.c
type NETWORK_STACK_CONTEXT (line 16) | typedef struct NETWORK_STACK_CONTEXT
function BOOLEAN (line 34) | static BOOLEAN LoadSymbolsEnumGenericModulesCallback(
function VOID (line 62) | VOID PhShowNetworkStackDialog(
function INT_PTR (line 111) | INT_PTR CALLBACK PhpNetworkStackDlgProc(
FILE: SystemInformer/netsup.c
type NSI_STORE (line 23) | typedef enum _NSI_STORE
type NSI_SET_ACTION (line 32) | typedef enum _NSI_SET_ACTION
type NSI_TCP_INFORMATION_CLASS (line 44) | typedef enum _NSI_TCP_INFORMATION_CLASS
type NSI_IF_INFORMATION_CLASS (line 89) | typedef enum _NSI_IF_INFORMATION_CLASS
type NSI_SET_TCP_ENTRY (line 97) | typedef struct _NSI_SET_TCP_ENTRY
type NSI_IOCTL_GET_PARAMETER (line 175) | typedef struct _NSI_IOCTL_GET_PARAMETER
type NSI_IOCTL_SET_ALL_PARAMETERS (line 194) | typedef struct _NSI_IOCTL_SET_ALL_PARAMETERS
function NTSTATUS (line 212) | NTSTATUS PhNsiGetParameter(
function NTSTATUS (line 312) | NTSTATUS PhNsiSetAllParameters(
function NTSTATUS (line 411) | NTSTATUS PhSetTcpEntry(
function NTSTATUS (line 457) | NTSTATUS PhConvertInterfaceIndexToLuid(
FILE: SystemInformer/notifico.c
function VOID (line 57) | VOID PhNfLoadStage1(
function VOID (line 69) | VOID PhNfLoadSettings(
function VOID (line 124) | VOID PhNfSaveSettings(
function VOID (line 179) | VOID PhNfLoadGuids(
function VOID (line 245) | VOID PhNfCreateIconThreadDelayed(
function PPH_NF_ICON (line 294) | PPH_NF_ICON PhNfRegisterIcon(
function PPH_NF_ICON (line 325) | PPH_NF_ICON PhNfPluginRegisterIcon(
function VOID (line 347) | VOID PhNfLoadStage2(
function VOID (line 403) | VOID PhNfUninitialization(
function VOID (line 434) | VOID PhNfForwardMessage(
function VOID (line 603) | VOID PhNfSetVisibleIcon(
function VOID (line 648) | VOID NTAPI PhpToastCallback(
function HRESULT (line 658) | HRESULT PhpShowToastNotification(
function BOOLEAN (line 746) | BOOLEAN PhNfpShowBalloonTip(
function BOOLEAN (line 795) | BOOLEAN PhNfShowBalloonTip(
function HRESULT (line 822) | HRESULT PhNfShowBalloonTipEx(
function HICON (line 846) | HICON PhNfBitmapToIcon(
function PPH_NF_ICON (line 880) | PPH_NF_ICON PhNfGetIconById(
function PPH_NF_ICON (line 895) | PPH_NF_ICON PhNfFindIcon(
function BOOLEAN (line 917) | BOOLEAN PhNfIconsEnabled(
function VOID (line 951) | VOID PhNfNotifyMiniInfoPinned(
function HICON (line 975) | HICON PhNfGetApplicationIcon(
function HICON (line 998) | HICON PhNfpGetBlackIcon(
function VOID (line 1035) | VOID PhDrawTrayIconText(
function HFONT (line 1100) | HFONT PhNfGetTrayIconFont(
function BOOLEAN (line 1138) | BOOLEAN PhNfpAddNotifyIcon(
function BOOLEAN (line 1178) | BOOLEAN PhNfpRemoveNotifyIcon(
function BOOLEAN (line 1200) | BOOLEAN PhNfpModifyNotifyIcon(
function VOID (line 1273) | VOID PhNfTrayIconFlushWorkQueueData(
function PhNfpTrayIconUpdateThread (line 1327) | _Function_class_(USER_THREAD_START_ROUTINE)
function PhNfpProcessesUpdatedHandler (line 1392) | _Function_class_(PH_CALLBACK_FUNCTION)
function VOID (line 1412) | VOID PhNfpUpdateRegisteredIcon(
function PhNfpBeginBitmap (line 1469) | _Function_class_(PH_NF_BEGIN_BITMAP)
function PhNfpBeginBitmap2 (line 1482) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpCpuHistoryIconUpdateCallback (line 1559) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpIoHistoryIconUpdateCallback (line 1659) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpCommitHistoryIconUpdateCallback (line 1775) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpPhysicalHistoryIconUpdateCallback (line 1856) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpCpuUsageIconUpdateCallback (line 1939) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpCpuUsageTextIconUpdateCallback (line 2087) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpIoUsageTextIconUpdateCallback (line 2180) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpCommitTextIconUpdateCallback (line 2283) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpPhysicalUsageTextIconUpdateCallback (line 2363) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpPlainIconUpdateCallback (line 2446) | _Function_class_(PH_NF_ICON_UPDATE_CALLBACK)
function PhNfpGetShowMiniInfoSectionData (line 2468) | _Success_(return)
function VOID (line 2529) | VOID PhNfpIconClickActivateTimerProc(
function VOID (line 2542) | VOID PhNfpDisableHover(
function VOID (line 2550) | VOID PhNfpIconRestoreHoverTimerProc(
function VOID (line 2561) | VOID PhNfpIconDisablePopupHoverWin11Workaround(
function VOID (line 2574) | VOID PhNfpIconShowPopupHoverTimerProc(
FILE: SystemInformer/notiftoast.cpp
type PH (line 38) | namespace PH
function GetModuleProcAddress (line 54) | bool GetModuleProcAddress(
function _Must_inspect_result_ (line 80) | _Must_inspect_result_
class ToastEventHandler (line 109) | class ToastEventHandler final : public RuntimeClass<RuntimeClassFlags<...
method HRESULT (line 116) | HRESULT RuntimeClassInitialize(
method SetActivatedToken (line 141) | void SetActivatedToken(const EventRegistrationToken& Token)
method SetDismissedToken (line 146) | void SetDismissedToken(const EventRegistrationToken& Token)
method SetFailedToken (line 151) | void SetFailedToken(const EventRegistrationToken& Token)
class Toast (line 170) | class Toast
method Toast (line 176) | Toast() = default;
function _Must_inspect_result_ (line 198) | _Must_inspect_result_
function HRESULT (line 326) | HRESULT PH::Toast::Show() const
function HRESULT (line 335) | HRESULT STDMETHODCALLTYPE PH::ToastEventHandler::Invoke(
function HRESULT (line 375) | HRESULT STDMETHODCALLTYPE PH::ToastEventHandler::Invoke(
function HRESULT (line 393) | HRESULT STDMETHODCALLTYPE PH::ToastEventHandler::Invoke(
function _Must_inspect_result_ (line 432) | _Must_inspect_result_
function VOID (line 451) | VOID PhUninitializeToastRuntime()
function _Must_inspect_result_ (line 498) | _Must_inspect_result_
function _Must_inspect_result_ (line 517) | _Must_inspect_result_
FILE: SystemInformer/ntobjprp.c
type COMMON_PAGE_CONTEXT (line 22) | typedef struct _COMMON_PAGE_CONTEXT
function HPROPSHEETPAGE (line 78) | HPROPSHEETPAGE PhpCommonCreatePage(
function INT (line 113) | INT CALLBACK PhpCommonPropPageProc(
function FORCEINLINE (line 135) | FORCEINLINE PCOMMON_PAGE_CONTEXT PhpCommonPageHeader(
function HPROPSHEETPAGE (line 145) | HPROPSHEETPAGE PhCreateEventPage(
function VOID (line 160) | static VOID PhpRefreshEventPageInfo(
function INT_PTR (line 199) | INT_PTR CALLBACK PhpEventPageProc(
function HPROPSHEETPAGE (line 268) | HPROPSHEETPAGE PhCreateEventPairPage(
function INT_PTR (line 283) | INT_PTR CALLBACK PhpEventPairPageProc(
function HPROPSHEETPAGE (line 345) | HPROPSHEETPAGE PhCreateSemaphorePage(
function VOID (line 360) | static VOID PhpRefreshSemaphorePageInfo(
function INT_PTR (line 390) | INT_PTR CALLBACK PhpSemaphorePageProc(
function HPROPSHEETPAGE (line 460) | HPROPSHEETPAGE PhCreateTimerPage(
function VOID (line 475) | static VOID PhpRefreshTimerPageInfo(
function INT_PTR (line 503) | INT_PTR CALLBACK PhpTimerPageProc(
type MAPPINGS_PAGE_CONTEXT (line 564) | typedef struct _MAPPINGS_PAGE_CONTEXT
function VOID (line 575) | VOID PhpEnumerateMappingsEntries(
function VOID (line 662) | VOID PhpShowProcessForMapping(
function INT_PTR (line 685) | INT_PTR CALLBACK PhpMappingsPageProc(
function HPROPSHEETPAGE (line 794) | HPROPSHEETPAGE PhCreateMappingsPage(
type PHP_AFD_SOCKET_PAGE_CONTEXT (line 820) | typedef struct _PHP_AFD_SOCKET_PAGE_CONTEXT
type PHP_AFD_SOCKET_GROUP (line 829) | typedef enum _PHP_AFD_SOCKET_GROUP
type PHP_AFD_SOCKET_ITEM (line 843) | typedef enum _PHP_AFD_SOCKET_ITEM
function VOID (line 980) | VOID PhAddSocketListViewItem(
function VOID (line 990) | VOID PhSetSocketListViewItem(
function VOID (line 1004) | VOID PhSetSocketListViewItemBoolean(
function VOID (line 1013) | VOID PhSetSocketListViewItemBytes(
function VOID (line 1026) | VOID PhSetSocketListViewItemDecimal(
function VOID (line 1039) | VOID PhSetSocketListViewItemTimeSpan(
function VOID (line 1058) | VOID PhSetSocketListViewItemTimeAgo(
function HPROPSHEETPAGE (line 1084) | HPROPSHEETPAGE PhCreateAfdSocketPage(
function VOID (line 1110) | static VOID PhpRefreshAfdSocketPageInfo(
function INT_PTR (line 1899) | INT_PTR CALLBACK PhpAfdSocketPageProc(
FILE: SystemInformer/options.c
function VOID (line 149) | VOID PhShowOptionsDialog(
function HTREEITEM (line 180) | static HTREEITEM PhpTreeViewInsertItem(
function VOID (line 199) | static VOID PhpOptionsShowHideTreeViewItem(
function VOID (line 247) | static VOID PhReloadGeneralSection(
function VOID (line 258) | static VOID PhpOptionsSetImageList(
function INT_PTR (line 292) | INT_PTR CALLBACK PhOptionsDialogProc(
function VOID (line 545) | VOID PhOptionsOnSize(
function PhOptionsCreateSection (line 557) | _Function_class_(PH_OPTIONS_CREATE_SECTION)
function PPH_OPTIONS_SECTION (line 581) | PPH_OPTIONS_SECTION PhOptionsCreateSectionAdvanced(
function VOID (line 603)
Copy disabled (too large)
Download .json
Condensed preview — 1190 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (16,372K chars).
[
{
"path": ".editorconfig",
"chars": 210,
"preview": "root = true\n\n[*.{c,c++,cc,cpp,cppm,cxx,h,h++,hh,hpp,hxx,inl,ipp,ixx,tlh,tli}]\ncharset = utf-8\nend_of_line = crlf\nindent_"
},
{
"path": ".gitattributes",
"chars": 2080,
"preview": "# Auto detect text files\n* text=auto working-tree-encoding=UTF-8\n\n# Custom for Visual Studio\n*.cs diff=csharp"
},
{
"path": ".github/CODEOWNERS",
"chars": 579,
"preview": "# Below is a list of System Informer team members' GitHub handles who are\n# suggested reviewers for contributions to thi"
},
{
"path": ".github/FUNDING.yml",
"chars": 69,
"preview": "# These are supported funding model platforms\n\ngithub: [dmex, jxy-s]\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.yml",
"chars": 967,
"preview": "name: 'Bug report'\ndescription: Report bugs or other issues\nbody:\n - type: textarea\n attributes:\n label: Brief "
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"chars": 496,
"preview": "blank_issues_enabled: true\ncontact_links:\n - name: General Questions\n url: https://github.com/winsiderss/systeminfor"
},
{
"path": ".github/ISSUE_TEMPLATE/feature_request.yml",
"chars": 458,
"preview": "name: \"Feature request\"\ndescription: Suggest features, modifications or ideas\ntype: \"Feature\"\nlabels: [\"enhancement\"]\nbo"
},
{
"path": ".github/workflows/cla.yml",
"chars": 1197,
"preview": "name: \"CLA Assistant\"\non:\n issue_comment:\n types: [created]\n pull_request_target:\n types: [opened,closed,synchro"
},
{
"path": ".github/workflows/cmake.yml",
"chars": 1712,
"preview": "name: 'cmake-continuous-integration'\n\non:\n workflow_dispatch:\n push:\n branches: ['master']\n pull_request:\n bran"
},
{
"path": ".github/workflows/msbuild.yml",
"chars": 3910,
"preview": "name: 'continuous-integration'\n\non:\n workflow_dispatch:\n push:\n branches: ['master']\n pull_request:\n branches: "
},
{
"path": ".github/workflows/scan.yml",
"chars": 6941,
"preview": "name: 'CodeQL Analysis'\n\non:\n workflow_dispatch:\n schedule:\n - cron: '0 0 * * 0'\n\njobs:\n analyze_driver:\n name:"
},
{
"path": ".gitignore",
"chars": 1582,
"preview": "#################\n## Visual Studio\n#################\n\n# User-specific files\n*.suo\n*.user\n*.key\n*.sig\n*.orig\n\n# Build res"
},
{
"path": ".vscode/launch.json",
"chars": 624,
"preview": "{\n \"version\": \"0.2.0\",\n \"configurations\": [\n {\n \"name\": \"Launch SystemInformer (Debug64)\",\n "
},
{
"path": ".vscode/tasks.json",
"chars": 3219,
"preview": "{\n \"version\": \"2.0.0\",\n \"tasks\": [\n {\n \"label\": \"Build SystemInformer (Debug64)\",\n \"t"
},
{
"path": ".vsconfig",
"chars": 559,
"preview": "{\n \"version\": \"1.0\",\n \"components\": [\n \"Microsoft.Component.MSBuild\",\n \"Microsoft.VisualStudio.Component.Git\",\n "
},
{
"path": "CHANGELOG.txt",
"chars": 25865,
"preview": "Process Hacker\n\n3.0\n * HIGHLIGHTS:\n * New Process Hacker setup.\n * New process properties handle search.\n * Added "
},
{
"path": "CLA.md",
"chars": 6775,
"preview": "# Contribution License Agreement\n\nThis Contribution License Agreement (“Agreement”) is agreed to by the party signing (“"
},
{
"path": "CMakeLists.txt",
"chars": 1520,
"preview": "#\n# Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n#\n# This file is part of System Informe"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 3373,
"preview": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, w"
},
{
"path": "CONTRIBUTING.md",
"chars": 26,
"preview": "# Contribution Guidelines\n"
},
{
"path": "COPYRIGHT.txt",
"chars": 5709,
"preview": "== System Informer ==\nSystem Informer is licensed. A full copy of the license is provided in LICENSE.txt.\n\n Copyright"
},
{
"path": "Common.Kernel.props",
"chars": 7377,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project>\n <PropertyGroup Label=\"Global\">\n <CodeAnalysisTreatWarningsAsErrors"
},
{
"path": "Common.Kernel.ruleset",
"chars": 566,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<RuleSet Name=\"Rules for KSystemInformer\" Description=\"Code analysis rules for K"
},
{
"path": "Common.User.props",
"chars": 19894,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"Current\" xmlns=\"http://schemas.microsoft.com/developer/msb"
},
{
"path": "Directory.Build.props",
"chars": 1752,
"preview": "<Project>\n <PropertyGroup>\n <SystemInformerRoot>$(MSBuildThisFileDirectory)</SystemInformerRoot>\n </PropertyGroup>\n"
},
{
"path": "HACKING.md",
"chars": 9463,
"preview": "## Conventions\n\n### Names\n* Functions, function parameters, and global variables use CamelCase.\n* Local variables use lo"
},
{
"path": "KSystemInformer/Directory.Build.props",
"chars": 252,
"preview": "<Project>\n <!-- Merge with parent Directory.Build.props -->\n <Import Project=\"$([MSBuild]::GetPathOfFileAbove('Directo"
},
{
"path": "KSystemInformer/KSystemInformer.inf",
"chars": 1264,
"preview": ";\n; Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n;\n; This file is part of System Informe"
},
{
"path": "KSystemInformer/KSystemInformer.sln",
"chars": 4224,
"preview": "\nMicrosoft Visual Studio Solution File, Format Version 12.00\n# Visual Studio Version 17\nVisualStudioVersion = 17.7.3402"
},
{
"path": "KSystemInformer/KSystemInformer.slnx",
"chars": 582,
"preview": "<Solution>\n <Configurations>\n <Platform Name=\"ARM64\" />\n <Platform Name=\"x64\" />\n </Configurations>\n <Project P"
},
{
"path": "KSystemInformer/KSystemInformer.vcxproj",
"chars": 4440,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"Current\" xmlns=\"http://schemas.mic"
},
{
"path": "KSystemInformer/KSystemInformer.vcxproj.filters",
"chars": 5325,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"Current\" xmlns=\"http://schemas.microsoft.com/developer/ms"
},
{
"path": "KSystemInformer/README.md",
"chars": 2816,
"preview": "# System Informer Kernel\n\n- optimizes retrieval of information from the system\n- enables broader inspection into the sys"
},
{
"path": "KSystemInformer/alloc.c",
"chars": 17324,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/alpc.c",
"chars": 22965,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/back_trace.c",
"chars": 18585,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/cid_table.c",
"chars": 19412,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/cid_tracking.c",
"chars": 70945,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/comms.c",
"chars": 71898,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/comms_handlers.c",
"chars": 54849,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/device.c",
"chars": 9364,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/driver.c",
"chars": 6908,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/dyndata.c",
"chars": 17912,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/dynimp.c",
"chars": 6375,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/file.c",
"chars": 12246,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/hash.c",
"chars": 53869,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/imgcoherency.c",
"chars": 6041,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/include/comms.h",
"chars": 4639,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/include/informer.h",
"chars": 3945,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/include/informer_filep.h",
"chars": 2816,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/include/kph.h",
"chars": 73657,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/include/ntfill.h",
"chars": 67147,
"preview": "/*\n * This file is part of System Informer.\n *\n * Authors:\n *\n * jxy-s 2022-2026\n *\n */\n\n#pragma once\n\ntypedef str"
},
{
"path": "KSystemInformer/include/pooltags.h",
"chars": 3472,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/include/trace.h",
"chars": 1714,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer.c",
"chars": 23556,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_debug.c",
"chars": 8153,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_file.c",
"chars": 15214,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_filenc.c",
"chars": 25102,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_fileop.c",
"chars": 89459,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_image.c",
"chars": 12199,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_object.c",
"chars": 32139,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_process.c",
"chars": 19866,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_registry.c",
"chars": 74441,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/informer_thread.c",
"chars": 11487,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/knowndll.c",
"chars": 5771,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/kphobject.c",
"chars": 15212,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/kphthread.c",
"chars": 7622,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/ksidll.c",
"chars": 15442,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/ksidll.def",
"chars": 328,
"preview": "LIBRARY ksi.dll\nEXPORTS\n DllInitialize PRIVATE\n DllUnload PRIVATE\n KsiIniti"
},
{
"path": "KSystemInformer/ksidll.vcxproj",
"chars": 2630,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"Current\" xmlns=\"http://schemas.mic"
},
{
"path": "KSystemInformer/lsa.c",
"chars": 8981,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/main.c",
"chars": 10944,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/object.c",
"chars": 77915,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/parameters.c",
"chars": 4613,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/process.c",
"chars": 31302,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/protection.c",
"chars": 69026,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/ratelmt.c",
"chars": 4726,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/resource.rc",
"chars": 2310,
"preview": "// Microsoft Visual C++ generated resource script.\n//\n#pragma code_page(65001)\n\n#include <windows.h>\n#include <sistatus."
},
{
"path": "KSystemInformer/ringbuff.c",
"chars": 19818,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/session_token.c",
"chars": 21910,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/system.c",
"chars": 4976,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/thread.c",
"chars": 24336,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/umaccess.c",
"chars": 13211,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/util.c",
"chars": 63636,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/verify.c",
"chars": 30389,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "KSystemInformer/vm.c",
"chars": 27090,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "LICENSE.txt",
"chars": 1091,
"preview": "MIT License\n\nCopyright (c) 2022 Winsider Seminars & Solutions, Inc.\n\nPermission is hereby granted, free of charge, to an"
},
{
"path": "README.md",
"chars": 4806,
"preview": "<p align=\"center\">\n <a href=\"https://systeminformer.com\">\n <img src=\"https://github.com/winsiderss/systeminfor"
},
{
"path": "README.txt",
"chars": 1371,
"preview": "System Informer is a powerful free and open source process viewer.\n\n## Getting started\n\nSimply run SystemInformer.exe to"
},
{
"path": "SECURITY.md",
"chars": 1565,
"preview": "# Security Policies and Procedures\n\nThis document outlines security procedures and general policies for the System\nInfor"
},
{
"path": "SystemInformer/CMakeLists.txt",
"chars": 5026,
"preview": "#\n# Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n#\n# This file is part of System Informe"
},
{
"path": "SystemInformer/Directory.Build.props",
"chars": 250,
"preview": "<Project>\n <!-- Merge with parent Directory.Build.props -->\n <Import Project=\"$([MSBuild]::GetPathOfFileAbove('Directo"
},
{
"path": "SystemInformer/SystemInformer.def",
"chars": 30653,
"preview": ";/*\n; * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n; *\n; * This file is part of System"
},
{
"path": "SystemInformer/SystemInformer.def.h",
"chars": 82804,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/SystemInformer.manifest",
"chars": 2404,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersi"
},
{
"path": "SystemInformer/SystemInformer.rc",
"chars": 98277,
"preview": "// Microsoft Visual C++ generated resource script.\n//\n#pragma code_page(65001)\n\n#include \"resource.h\"\n\n#define APSTUDIO_"
},
{
"path": "SystemInformer/SystemInformer.vcxproj",
"chars": 25970,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"Current\" xmlns=\"http://schemas.micr"
},
{
"path": "SystemInformer/SystemInformer.vcxproj.filters",
"chars": 19885,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"Current\" xmlns=\"http://schemas.microsoft.com/developer/ms"
},
{
"path": "SystemInformer/about.c",
"chars": 10097,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/actions.c",
"chars": 199776,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/admintask.c",
"chars": 12996,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/affinity.c",
"chars": 29615,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/anawait.c",
"chars": 33153,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/appsup.c",
"chars": 80946,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/chcol.c",
"chars": 26757,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/chdlg.c",
"chars": 24168,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/chproc.c",
"chars": 10824,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/colmgr.c",
"chars": 24134,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/colsetmgr.c",
"chars": 20465,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/dbgcon.c",
"chars": 52330,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/delayhook.c",
"chars": 70059,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/delayload.c",
"chars": 5453,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/devprv.c",
"chars": 173476,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/extmgr.c",
"chars": 6643,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/findobj.c",
"chars": 63378,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/gdihndl.c",
"chars": 15259,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/heapinfo.c",
"chars": 58500,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/hidnproc.c",
"chars": 54899,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/hndllist.c",
"chars": 28114,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/hndlmenu.c",
"chars": 14795,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/hndlprp.c",
"chars": 123186,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/hndlprv.c",
"chars": 21120,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/hndlstat.c",
"chars": 9404,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/actions.h",
"chars": 9737,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/appsup.h",
"chars": 13820,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/colmgr.h",
"chars": 2746,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/colsetmgr.h",
"chars": 860,
"preview": "#ifndef PH_COLSETMGR_H\n#define PH_COLSETMGR_H\n\ntypedef struct _PH_COLUMN_SET_ENTRY\n{\n PPH_STRING Name;\n PPH_STRING"
},
{
"path": "SystemInformer/include/devprv.h",
"chars": 14699,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/extmgr.h",
"chars": 1314,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/extmgri.h",
"chars": 1764,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/heapstruct.h",
"chars": 8673,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/hidnproc.h",
"chars": 1853,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/hndllist.h",
"chars": 3983,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/hndlmenu.h",
"chars": 1014,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/hndlprv.h",
"chars": 2056,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/informer.h",
"chars": 1446,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/ksisup.h",
"chars": 2168,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/mainwnd.h",
"chars": 13443,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/mainwndp.h",
"chars": 13311,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/memlist.h",
"chars": 4435,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/memprv.h",
"chars": 5004,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/memsrch.h",
"chars": 1508,
"preview": "#ifndef PH_MEMSRCH_H\n#define PH_MEMSRCH_H\n\ntypedef struct _PH_MEMORY_RESULT\n{\n LONG RefCount;\n PVOID Address;\n "
},
{
"path": "SystemInformer/include/miniinfo.h",
"chars": 7355,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/miniinfop.h",
"chars": 8787,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/modlist.h",
"chars": 5876,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/modprv.h",
"chars": 3434,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/netlist.h",
"chars": 2575,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/netprv.h",
"chars": 4547,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/notifico.h",
"chars": 5309,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/notificop.h",
"chars": 5326,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/notiftoast.h",
"chars": 859,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phapp.h",
"chars": 17772,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phappres.h",
"chars": 1029,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phfwddef.h",
"chars": 1437,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phplug.h",
"chars": 29814,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phsettings.h",
"chars": 39104,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phsvc.h",
"chars": 5368,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phsvcapi.h",
"chars": 9331,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phsvccl.h",
"chars": 3834,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/phuisup.h",
"chars": 6170,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/procgrp.h",
"chars": 1024,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/procmtgn.h",
"chars": 2753,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/procprp.h",
"chars": 3539,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/procprpp.h",
"chars": 17194,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/procprv.h",
"chars": 13686,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/proctree.h",
"chars": 12027,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/srvlist.h",
"chars": 2819,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/srvprv.h",
"chars": 3240,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/sysinfo.h",
"chars": 4836,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/sysinfop.h",
"chars": 10189,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/thrdlist.h",
"chars": 7540,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/include/thrdprv.h",
"chars": 3934,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/infodlg.c",
"chars": 7327,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/informer.c",
"chars": 21886,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/itemtips.c",
"chars": 31334,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/jobprp.c",
"chars": 27095,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/kdump.c",
"chars": 13834,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/ksidbg.c",
"chars": 59158,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/ksisup.c",
"chars": 80211,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/ksyscall.c",
"chars": 10666,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/log.c",
"chars": 14536,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/logwnd.c",
"chars": 15624,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/main.c",
"chars": 70922,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/mainwnd.c",
"chars": 184914,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/mdump.c",
"chars": 28643,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memedit.c",
"chars": 20305,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memlist.c",
"chars": 47296,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memlists.c",
"chars": 28122,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memmod.c",
"chars": 24420,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memprot.c",
"chars": 4781,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memprv.c",
"chars": 58251,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memrslt.c",
"chars": 29150,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memsrch.c",
"chars": 18279,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/memsrcht.c",
"chars": 52482,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/miniinfo.c",
"chars": 79475,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/modlist.c",
"chars": 59991,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/modprv.c",
"chars": 42391,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/mtgndlg.c",
"chars": 12570,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/mwpgdev.c",
"chars": 3587,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
},
{
"path": "SystemInformer/mwpgnet.c",
"chars": 12351,
"preview": "/*\n * Copyright (c) 2022 Winsider Seminars & Solutions, Inc. All rights reserved.\n *\n * This file is part of System Inf"
}
]
// ... and 990 more files (download for full content)
About this extraction
This page contains the full source code of the winsiderss/systeminformer GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 1190 files (44.0 MB), approximately 4.0M tokens, and a symbol index with 9333 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.