memsrcht show memory editor on double click

Author: DartVanya

SystemInformer/memsrcht.c

@@ -138,6 +138,11 @@ BOOLEAN PhpShowMemoryStringTreeDialog(
     _In_opt_ PPH_LIST PrevNodeList
     );
 
+VOID PhpShowMemoryEditor(
+    PPH_MEMSTRINGS_CONTEXT context,
+    PPH_MEMSTRINGS_NODE node
+    );
+
 _Function_class_(PH_STRING_SEARCH_NEXT_BUFFER)
 _Must_inspect_result_
 NTSTATUS NTAPI PhpMemoryStringSearchTreeNextBuffer(
@@ -809,7 +814,14 @@ BOOLEAN NTAPI PhpMemoryStringsTreeNewCallback(
         }
         return TRUE;
     case TreeNewNodeExpanding:
+        return TRUE;
     case TreeNewLeftDoubleClick:
+        {
+            PPH_TREENEW_MOUSE_EVENT mouseEvent = Parameter1;
+            node = (PPH_MEMSTRINGS_NODE)mouseEvent->Node;
+
+            PhpShowMemoryEditor(context, node);
+        }
         return TRUE;
     case TreeNewContextMenu:
         {
@@ -996,6 +1008,47 @@ VOID PhpMemoryStringsSetWindowTitle(
     SetWindowTextW(Context->WindowHandle, title->Buffer);
 }
 
+VOID PhpShowMemoryEditor(
+    PPH_MEMSTRINGS_CONTEXT context,
+    PPH_MEMSTRINGS_NODE node
+    )
+{
+    NTSTATUS status;
+    MEMORY_BASIC_INFORMATION basicInfo;
+    PPH_SHOW_MEMORY_EDITOR showMemoryEditor;
+    PVOID address;
+    SIZE_T length;
+
+    address = node->Address;
+    if (node->Unicode)
+        length = node->String->Length;
+    else
+        length = node->String->Length / 2;
+
+    if (NT_SUCCESS(status = NtQueryVirtualMemory(
+        context->ProcessHandle,
+        address,
+        MemoryBasicInformation,
+        &basicInfo,
+        sizeof(basicInfo),
+        NULL
+        )))
+    {
+        showMemoryEditor = PhAllocateZero(sizeof(PH_SHOW_MEMORY_EDITOR));
+        showMemoryEditor->ProcessId = context->ProcessItem->ProcessId;
+        showMemoryEditor->BaseAddress = basicInfo.BaseAddress;
+        showMemoryEditor->RegionSize = basicInfo.RegionSize;
+        showMemoryEditor->SelectOffset = (ULONG)((ULONG_PTR)address - (ULONG_PTR)basicInfo.BaseAddress);
+        showMemoryEditor->SelectLength = (ULONG)length;
+
+        SystemInformer_ShowMemoryEditor(showMemoryEditor);
+    }
+    else
+    {
+        PhShowStatus(context->WindowHandle, L"Unable to edit memory", status, 0);
+    }
+}
+
 INT_PTR CALLBACK PhpMemoryStringsDlgProc(
     _In_ HWND hwndDlg,
     _In_ UINT uMsg,
@@ -1193,12 +1246,12 @@ INT_PTR CALLBACK PhpMemoryStringsDlgProc(
 
                 menu = PhCreateEMenu();
 
-                readWrite = PhCreateEMenuItem(0, 1, L"Read/Write memory", NULL, NULL);
-
+                readWrite = PhCreateEMenuItem(0, IDC_SHOW, L"Read/Write memory", NULL, NULL);
+                readWrite->Flags |= PH_EMENU_DEFAULT;
                 PhInsertEMenuItem(menu, readWrite, ULONG_MAX);
                 PhInsertEMenuItem(menu, PhCreateEMenuSeparator(), ULONG_MAX);
-                PhInsertEMenuItem(menu, PhCreateEMenuItem(0, 100, L"Copy", NULL, NULL), ULONG_MAX);
-                PhInsertCopyCellEMenuItem(menu, 100, context->TreeNewHandle, contextMenuEvent->Column);
+                PhInsertEMenuItem(menu, PhCreateEMenuItem(0, IDC_COPY, L"Copy", NULL, NULL), ULONG_MAX);
+                PhInsertCopyCellEMenuItem(menu, IDC_COPY, context->TreeNewHandle, contextMenuEvent->Column);
 
                 if (numberOfNodes != 1)
                     readWrite->Flags |= PH_EMENU_DISABLED;
@@ -1214,52 +1267,24 @@ INT_PTR CALLBACK PhpMemoryStringsDlgProc(
 
                 if (selectedItem && selectedItem->Id != ULONG_MAX && !PhHandleCopyCellEMenuItem(selectedItem))
                 {
-                    if (selectedItem->Id == 1)
+                    switch (selectedItem->Id)
                     {
-                        NTSTATUS status;
-                        MEMORY_BASIC_INFORMATION basicInfo;
-                        PPH_SHOW_MEMORY_EDITOR showMemoryEditor;
-                        PVOID address;
-                        SIZE_T length;
-
-                        assert(numberOfNodes == 1);
-
-                        address = stringsNodes[0]->Address;
-                        if (stringsNodes[0]->Unicode)
-                            length = stringsNodes[0]->String->Length;
-                        else
-                            length = stringsNodes[0]->String->Length / 2;
-
-                        if (NT_SUCCESS(status = NtQueryVirtualMemory(
-                            context->ProcessHandle,
-                            address,
-                            MemoryBasicInformation,
-                            &basicInfo,
-                            sizeof(basicInfo),
-                            NULL
-                            )))
+                    case IDC_SHOW:
                         {
-                            showMemoryEditor = PhAllocateZero(sizeof(PH_SHOW_MEMORY_EDITOR));
-                            showMemoryEditor->ProcessId = context->ProcessItem->ProcessId;
-                            showMemoryEditor->BaseAddress = basicInfo.BaseAddress;
-                            showMemoryEditor->RegionSize = basicInfo.RegionSize;
-                            showMemoryEditor->SelectOffset = (ULONG)((ULONG_PTR)address - (ULONG_PTR)basicInfo.BaseAddress);
-                            showMemoryEditor->SelectLength = (ULONG)length;
-
-                            SystemInformer_ShowMemoryEditor(showMemoryEditor);
+                            assert(numberOfNodes == 1);
+
+                            PhpShowMemoryEditor(context, stringsNodes[0]);
                         }
-                        else
+                        break;
+                    case IDC_COPY:
                         {
-                            PhShowStatus(hwndDlg, L"Unable to edit memory", status, 0);
-                        }
-                    }
-                    else if (selectedItem->Id == 100)
-                    {
-                        PPH_STRING text;
+                            PPH_STRING text;
 
-                        text = PhGetTreeNewText(context->TreeNewHandle, 0);
-                        PhSetClipboardString(context->TreeNewHandle, &text->sr);
-                        PhDereferenceObject(text);
+                            text = PhGetTreeNewText(context->TreeNewHandle, 0);
+                            PhSetClipboardString(context->TreeNewHandle, &text->sr);
+                            PhDereferenceObject(text);
+                        }
+                        break;
                     }
                 }
 
@@ -1300,7 +1325,7 @@ INT_PTR CALLBACK PhpMemoryStringsDlgProc(
                     mapped = PhCreateEMenuItem(0, 6, L"Mapped", NULL, NULL);
                     minimumLength = PhCreateEMenuItem(0, 7, L"Minimum length...", NULL, NULL);
                     zeroPad = PhCreateEMenuItem(0, 8, L"Zero pad addresses", NULL, NULL);
-                    refresh = PhCreateEMenuItem(0, 9, L"Refresh", NULL, NULL);
+                    refresh = PhCreateEMenuItem(0, 9, L"Refresh\bF5", NULL, NULL);
 
                     menu = PhCreateEMenu();
                     PhInsertEMenuItem(menu, ansi, ULONG_MAX);
@@ -1418,6 +1443,16 @@ INT_PTR CALLBACK PhpMemoryStringsDlgProc(
                 break;
             }
         }
+    case WM_KEYDOWN:
+        {
+            switch (wParam)
+            {
+            case VK_F5:
+                PhpSearchMemoryStrings(context);
+                return TRUE;
+            }
+        }
+        break;
     case WM_CTLCOLORBTN:
     case WM_CTLCOLORDLG:
     case WM_CTLCOLORSTATIC:
@@ -1461,6 +1496,11 @@ NTSTATUS NTAPI PhpShowMemoryStringDialogThreadStart(
         if (result == INT_ERROR)
             break;
 
+        if (message.message == WM_KEYDOWN)
+        {
+            CallWindowProc(PhpMemoryStringsDlgProc, windowHandle, message.message, message.wParam, message.lParam);
+        }
+
         if (!IsDialogMessage(windowHandle, &message))
         {
             TranslateMessage(&message);

plugins/ExtendedTools/objprp.c

@@ -1369,6 +1369,8 @@ VOID EtpCloseObjectHandles(
 {
     HANDLE oldHandle;
     NTSTATUS status;
+    ULONG64 count;
+    WCHAR string[PH_INT64_STR_LEN_1];
 
     for (ULONG i = 0; i < NumberOfItems; i++)
     {
@@ -1380,6 +1382,13 @@ VOID EtpCloseObjectHandles(
                 ListviewItems[i]->ProcessId,
                 ListviewItems[i]->HandleItem->Handle)) == STATUS_INVALID_HANDLE)
             {
+                PhStringToUInt64(&PhaGetDlgItemText(Context->WindowHandle, IDC_OBJ_HANDLESTOTAL)->sr, 0, &count);
+                PhPrintUInt32(string, (ULONG)count - 1);
+                PhSetDialogItemText(Context->WindowHandle, IDC_OBJ_HANDLESTOTAL, string);
+                PhStringToUInt64(&PhaGetDlgItemText(Context->WindowHandle, ListviewItems[i]->OwnHandle ? IDC_OBJ_HANDLESBYOBJECT : IDC_OBJ_HANDLESBYNAME)->sr, 0, &count);
+                PhPrintUInt32(string, (ULONG)count - 1);
+                PhSetDialogItemText(Context->WindowHandle, ListviewItems[i]->OwnHandle ? IDC_OBJ_HANDLESBYOBJECT : IDC_OBJ_HANDLESBYNAME, string);
+
                 PhRemoveListViewItem(Context->ListViewHandle, PhFindListViewItemByParam(Context->ListViewHandle, INT_ERROR, ListviewItems[i]));
                 PhClearReference(&ListviewItems[i]->HandleItem);
                 PhFree(ListviewItems[i]);