v0.2

Removed Process Hacker source code fragments, plugin now requires PH
2.36
Fixed bug when process wouldn't launch because of "Allow only one
instance" option

Author: TETYYS

Emergency.vcxproj

@@ -79,6 +79,9 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <GenerateManifest>false</GenerateManifest>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -117,7 +120,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Windows</SubSystem>
       <TargetMachine>MachineX64</TargetMachine>
-      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
+      <OutputFile>D:\VGDB\PH\processhacker-code\2.x\trunk\bin\Release64\plugins\MalHide.dll</OutputFile>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -129,13 +132,13 @@
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DebugInformationFormat>None</DebugInformationFormat>
       <CallingConvention>StdCall</CallingConvention>
     </ClCompile>
     <Link>
       <AdditionalDependencies>ProcessHacker.lib;ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalLibraryDirectories>..\..\lib\i386;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
       <SubSystem>Windows</SubSystem>
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
@@ -145,6 +148,8 @@
       </IgnoreAllDefaultLibraries>
       <AdditionalOptions>
       </AdditionalOptions>
+      <DelayLoadDLLs>
+      </DelayLoadDLLs>
     </Link>
     <ProjectReference>
       <UseLibraryDependencyInputs>true</UseLibraryDependencyInputs>
@@ -176,18 +181,9 @@
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="main.c" />
-    <ClCompile Include="phf\clapi.c" />
-    <ClCompile Include="phf\runas.c" />
-    <ClCompile Include="phf\svcapi.c" />
-    <ClCompile Include="phf\svcapiport.c" />
-    <ClCompile Include="phf\svcclient.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="main.h" />
-    <ClInclude Include="phf\phsvc.h" />
-    <ClInclude Include="phf\phsvcapi.h" />
-    <ClInclude Include="phf\phsvccl.h" />
-    <ClInclude Include="phf\runas.h" />
     <ClInclude Include="resource.h" />
   </ItemGroup>
   <ItemGroup>

Emergency.vcxproj.filters

@@ -2,43 +2,11 @@
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup>
     <ClCompile Include="main.c" />
-    <ClCompile Include="phf\clapi.c">
-      <Filter>PH fragments</Filter>
-    </ClCompile>
-    <ClCompile Include="phf\svcapi.c">
-      <Filter>PH fragments</Filter>
-    </ClCompile>
-    <ClCompile Include="phf\svcapiport.c">
-      <Filter>PH fragments</Filter>
-    </ClCompile>
-    <ClCompile Include="phf\svcclient.c">
-      <Filter>PH fragments</Filter>
-    </ClCompile>
-    <ClCompile Include="phf\runas.c">
-      <Filter>PH fragments</Filter>
-    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="main.h" />
-    <ClInclude Include="phf\phsvc.h">
-      <Filter>PH fragments</Filter>
-    </ClInclude>
-    <ClInclude Include="phf\phsvcapi.h">
-      <Filter>PH fragments</Filter>
-    </ClInclude>
-    <ClInclude Include="phf\phsvccl.h">
-      <Filter>PH fragments</Filter>
-    </ClInclude>
-    <ClInclude Include="phf\runas.h">
-      <Filter>PH fragments</Filter>
-    </ClInclude>
     <ClInclude Include="resource.h" />
   </ItemGroup>
-  <ItemGroup>
-    <Filter Include="PH fragments">
-      <UniqueIdentifier>{121fa5fa-6d66-4cdb-97b9-11c30967a4dd}</UniqueIdentifier>
-    </Filter>
-  </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="Emergency.rc" />
   </ItemGroup>

README.md

@@ -1,2 +1,9 @@
 # ph-emergency
 Plugin for Process Hacker 2. Brings up PH in emergency situations
+
+[Forum thread](http://wj32.org/processhacker/forums/viewtopic.php?f=18&p=6187)
+
+# Requirements: 
+- > Windows XP
+- Process Hacker 2.36
+- Elevated Process Hacker running in background

main.c

@@ -1,6 +1,5 @@
 #include "main.h"
 #include <phdk.h>
-#include "phf\runas.h"
 #include "resource.h"
 
 LOGICAL DllMain(
@@ -23,8 +22,17 @@ LOGICAL DllMain(
 		info->DisplayName = L"Emergency";
 		info->Author = L"TETYYS";
 		info->Description = L"Brings up ProcessHacker in emergency situations";
+		info->Url = L"http://wj32.org/processhacker/forums/viewtopic.php?f=18&t=1954";
 		info->HasOptions = TRUE;
 
+		ULONG major, minor;
+		PhGetPhVersionNumbers(&major, &minor, NULL, NULL);
+		if (major < 2 || minor < 36) {
+			PhShowMessage(NULL, MB_ICONERROR, L"%s%d%d%d%s", L"Your Process Hacker version is not supported by Emergency plugin, please update Process Hacker or plugin will stay disabled. (Requires revision 2.36)");
+			info->HasOptions = FALSE;
+			return FALSE;
+		}
+
 		Switching = FALSE;
 
 		{
@@ -198,7 +206,9 @@ INT_PTR CALLBACK OptionsDlgProc(
 			break;
 		case IDOK:
 		{
-			PhSetStringSetting(DESKTOP_SETTING, PHA_GET_DLGITEM_TEXT(hwndDlg, IDC_DESKTOP)->Buffer);
+			PPH_STRING setting = PhGetWindowText(GetDlgItem(hwndDlg, IDC_DESKTOP)); {
+				PhSetStringSetting(DESKTOP_SETTING, setting->Buffer);
+			} PhDereferenceObject(setting);
 			EndDialog(hwndDlg, IDOK);
 		}
 			break;
@@ -249,7 +259,7 @@ LRESULT CALLBACK LowLevelKeyboardProc(
 	_In_ LPARAM lParam
 	)
 {
-	ULONG identifier = wParam;
+	WPARAM identifier = wParam;
 	KBDLLHOOKSTRUCT *kbd = (KBDLLHOOKSTRUCT*)lParam;
 	BOOL enabled;
 
@@ -280,19 +290,17 @@ LRESULT CALLBACK LowLevelKeyboardProc(
 		Switching = TRUE;
 		// GO GO GO!
 
-		WCHAR fullPath[MAX_PATH];
-		GetModuleFileName(NULL, fullPath, MAX_PATH);
-
 		ULONG sessId;
 		PhGetProcessSessionId(GetCurrentProcess(), &sessId);
-
-		/*EmergencyDesktopFull = ;
-		ULONG_PTR index = PhFindCharInString(EmergencyDesktopFull, 0, L'\\') + 1;
-		EmergencyDesktop = PhSubstring(EmergencyDesktopFull, index, EmergencyDesktopFull->Length - index);*/
+		
 		PPH_STRING desktopFull = PhGetStringSetting(DESKTOP_SETTING);
 		ULONG_PTR index = PhFindCharInString(desktopFull, 0, L'\\') + 1;
 		PPH_STRING desktop = PhSubstring(desktopFull, index, desktopFull->Length - index);
-		PPH_STRING cmd = PhFormatString(L"--EmergencySwitch %s", desktop->Buffer);
+
+		PPH_STRING cmd;
+		PPH_STRING app = PhGetApplicationFileName(); {
+			cmd = PhFormatString(L"\"%s\" -newinstance --EmergencySwitch %s", app->Buffer, desktop->Buffer);
+		} PhDereferenceObject(app);
 
 		if (!DesktopExists(desktop)) {
 			if (CreateDesktop(desktop->Buffer, NULL, NULL, 0, DESKTOP_ALL_ACCESS, NULL) == NULL) {
@@ -303,12 +311,12 @@ LRESULT CALLBACK LowLevelKeyboardProc(
 				PhDereferenceObject(cmd);
 				goto nextHook;
 			}
+			// do NOT close the desktop!
 		}
-
-		PhExecuteRunAsCommand2(NULL, fullPath, cmd->Buffer, L"NT AUTHORITY\\SYSTEM", PhGetStringOrEmpty(NULL), LOGON32_LOGON_SERVICE, NULL, sessId, desktopFull->Buffer, FALSE);
-		// do NOT close the desktop!
-
 		PhDereferenceObject(desktop);
+
+		PhExecuteRunAsCommand2(NULL, cmd->Buffer, L"NT AUTHORITY\\SYSTEM", PhGetStringOrEmpty(NULL), LOGON32_LOGON_SERVICE, NULL, sessId, desktopFull->Buffer, FALSE);
+		
 		PhDereferenceObject(desktopFull);
 		PhDereferenceObject(cmd);
 		Sleep(2000);