src/modules/FileLocksmith/FileLocksmithLibInterop/NtdllExtensions.h

#pragma once

#include "pch.h"

#include "NtdllBase.h"

class NtdllExtensions : protected Ntdll
{
private:
    constexpr static size_t DefaultResultBufferSize = 64 * 1024;
    constexpr static size_t MaxResultBufferSize = 1024 * 1024 * 1024;

    constexpr static int ObjectNameInformation = 1;
    constexpr static int SystemHandleInformation = 16;

    struct MemoryLoopResult
    {
        NTSTATUS status = 0;
        std::vector<BYTE> memory;
    };

    // Calls NtQuerySystemInformation and returns a buffer containing the result.
    MemoryLoopResult NtQuerySystemInformationMemoryLoop(ULONG SystemInformationClass);

    std::wstring file_handle_to_kernel_name(HANDLE file_handle, std::vector<BYTE>& buffer);

public:
    struct ProcessInfo
    {
        DWORD pid;
        std::wstring name;
        std::vector<std::wstring> modules;
    };

    struct HandleInfo
    {
        DWORD pid;
        USHORT handle;
        std::wstring type_name;
        std::wstring kernel_file_name;
    };

    std::wstring file_handle_to_kernel_name(HANDLE file_handle);

    std::wstring path_to_kernel_name(LPCWSTR path);

    std::vector<HandleInfo> handles() noexcept;

    // Returns the list of all processes.
    // On failure, returns an empty vector.
    std::vector<ProcessInfo> processes() noexcept;
};
[New PowerToy] File Locksmith (#20930) * Imported offline solution * Make solution compile * Add Windows sample, doesn't work? * Added new project to implement the dll * Remove unneeded header * Implemented IUnknown part of ExplorerCommand * Implemented IExplorerCommand methods * Implemented ClassFactory * Implemented DLL register/unregister * Implemented other DLL exports, not working? * Implemented IShellExtInit inferface * Implemented IContextMenu, it works! * Implement command data fetching * Make sample project compile on VS 2022 * Add plan * Implement Lib as separate project * Implemented IPC, not tested * Console UI project skeleton * Implemented basic console UI * Implemented piping, there are bugs * Prototype works * Remove old project * Added GUI project skeleton * Mitigate issue with WinUI3 * Added a control for displaying results * Add button * Implement core functions in lib project * Call new library function from console main * Implement showing results * Improve UI * Implemented subdirectory search * Remove useless code * Set window size * UI adjustments * Implement killing process * Rename variable * Add lib project to main solution * Add Ext and GUI projects to solution * Tweak packages for GUI project * Add a settings page * Add a few resource strings * Add one more resources string * VS keeps trying to correct this * Add references to File Locksmith in /,github * Implement some parts of FileLocksmithModule * Change output directory * Change target name and add to runner * Add logger * Started implementing settings backend * Fix log folder * Settings work * Add some basic tracing * Attempt at adding resources * Remove junk files * Added missing defines * Replaced some constants with resources Something's not working * Move resources to the Ext project * Remove experiment * Add binaries for signing * Improve tracing * Remove old Settings calls * Show something when there are no results * Change window title * Move computation to another thread, improve UX * Increase font size for default text * Remove entries for killed processes * Show user name * Remove nonrecursive implementation * Implement back end for getting file names * Show list of files, UI tweaks * Remove useless includes * Implement back end for getting full process path * Dark title bar on dark themes * Using Expander, other UI adjustments * Show "No results" after killing all processes * Show progress ring * Update configuration mapping * Revert "Update configuration mapping" This reverts commit d8e13206f3c7de3c6dbf880299bfff3bf9f27a37. * Fixed solution configuration, ARM64 should build * Backend for refreshing * Variable window size * Add refresh button * New WinUI3 C# project for FL * Started porting functionality * Add Interop project * Move IPC to Ext project * Ported native functions to Interop * Ported finding processes * Ported most of Main Window functionality * Display paths of files * Implement killing processes * Use resource string for "End Task" * Remove entries for terminated processes * Show User name * Set default window size * Make the new UI the default * Reading paths from stdin, completed port to C# * Fix small bug * Moving to MVVM * Adding Labs * Merge branch 'ivan/file-locksmith' of https://github.com/microsoft/PowerToys into ivan/file-locksmith Removing one parent commit for cleaner history Co-Authored-By: Niels Laute <niels.laute@live.nl> * Reintroducing features * Moving UI strings to resources file * Restored functionality * Add missing dlls * Add FIle Locksmith to publish.cmd * Rebase fixes * Try updating nuget.config * Fix copy-paste blunder * Add File Locksmith UI for publishing * Add .pubxml file in FileLocksmith * Change build output folder * Fix installer build issues Remove old projects from solution so MSBuild doesn't build them. Downgrade target framework to what most other projects are using. Fix publishing profile and project runtimes. Remove unused CsWinRT references. * [CI] Add clear to nuget packages * Fix module reference counting * Fix nuget for release CI * Fix version and signing * Fix path for resources * Fix incorrect results when running 2 instances * Fix default nuget source * Windows 10 icon and fallback for UI * Code clean-up and spaces instead of tabs * Add gif showcasing FL * Add screenshot of File Locksmith for Settings * Add new files to the installer * Add OOBE page * Showing selected paths in the header * Tweak path list * Added new, wider gif * Add GPO * Add some logs * [CI]Get CommunityToolkit.Labs from BigPark feed * [CI]Use azure package feed for Nuget in release * [CI]Another try for the labs source * Revert changes to feed * Use RestoreAdditionalProjectSources * Add tooltip to file list * Change tooltip to not trim the lines * Add Tips and tricks section mentioning elevated * Add some more logs messages. * Grammar fix * Add to bug report tool * Fix UI virtualization not working * Disable virtualization to avoid crashes * Get better virtualization * Add dialog instead of tooltip to show list of items * No results refresh icon is now a button too * Use managed methods for handling processes * Remove registry code from Ext. * Support drives too Co-authored-by: Niels Laute <niels.laute@live.nl> Co-authored-by: Jaime Bernardo <jaime@janeasystems.com> 2022-10-28 15:51:21 +02:00			`#pragma once`

			`#include "pch.h"`

			`#include "NtdllBase.h"`

			`class NtdllExtensions : protected Ntdll`
			`{`
			`private:`
			`constexpr static size_t DefaultResultBufferSize = 64 * 1024;`
			`constexpr static size_t MaxResultBufferSize = 1024 * 1024 * 1024;`

			`constexpr static int ObjectNameInformation = 1;`
			`constexpr static int SystemHandleInformation = 16;`

			`struct MemoryLoopResult`
			`{`
			`NTSTATUS status = 0;`
			`std::vector<BYTE> memory;`
			`};`

			`// Calls NtQuerySystemInformation and returns a buffer containing the result.`
			`MemoryLoopResult NtQuerySystemInformationMemoryLoop(ULONG SystemInformationClass);`

			`std::wstring file_handle_to_kernel_name(HANDLE file_handle, std::vector<BYTE>& buffer);`

			`public:`
			`struct ProcessInfo`
			`{`
			`DWORD pid;`
			`std::wstring name;`
			`std::vector<std::wstring> modules;`
			`};`

			`struct HandleInfo`
			`{`
			`DWORD pid;`
			`USHORT handle;`
			`std::wstring type_name;`
			`std::wstring kernel_file_name;`
			`};`

			`std::wstring file_handle_to_kernel_name(HANDLE file_handle);`

			`std::wstring path_to_kernel_name(LPCWSTR path);`

			`std::vector<HandleInfo> handles() noexcept;`

			`// Returns the list of all processes.`
			`// On failure, returns an empty vector.`
			`std::vector<ProcessInfo> processes() noexcept;`
			`};`