Add tray notifications and logging for modified services

Author: dmex

ProcessHacker/include/mainwnd.h

@@ -215,8 +215,9 @@ typedef struct _PH_MAIN_TAB_PAGE
 #define PH_NOTIFY_SERVICE_DELETE 0x8
 #define PH_NOTIFY_SERVICE_START 0x10
 #define PH_NOTIFY_SERVICE_STOP 0x20
-#define PH_NOTIFY_MAXIMUM 0x40
-#define PH_NOTIFY_VALID_MASK 0x3f
+#define PH_NOTIFY_SERVICE_MODIFIED 0x40
+#define PH_NOTIFY_MAXIMUM 0x80
+#define PH_NOTIFY_VALID_MASK 0x7f
 // end_phapppub
 
 BOOLEAN PhMainWndInitialization(

ProcessHacker/include/phapp.h

@@ -161,9 +161,10 @@ struct _PH_PLUGIN *PhFindPlugin2(
 #define PH_LOG_ENTRY_SERVICE_STOP 6
 #define PH_LOG_ENTRY_SERVICE_CONTINUE 7
 #define PH_LOG_ENTRY_SERVICE_PAUSE 8
-#define PH_LOG_ENTRY_SERVICE_LAST 8
+#define PH_LOG_ENTRY_SERVICE_MODIFIED 9
+#define PH_LOG_ENTRY_SERVICE_LAST 10
 
-#define PH_LOG_ENTRY_MESSAGE 9 // phapppub
+#define PH_LOG_ENTRY_MESSAGE 100 // phapppub
 
 typedef struct _PH_LOG_ENTRY *PPH_LOG_ENTRY; // phapppub
 

ProcessHacker/log.c

@@ -383,6 +383,24 @@ PPH_STRING PhFormatLogEntry(
             //    );
             return PhpFormatLogEntryToBuffer(format, RTL_NUMBER_OF(format));
         }
+    case PH_LOG_ENTRY_SERVICE_MODIFIED:
+        {
+            PH_FORMAT format[5];
+
+            // Service modified: %s (%s)
+            PhInitFormatS(&format[0], L"Service modified: ");
+            PhInitFormatSR(&format[1], Entry->Service.Name->sr);
+            PhInitFormatS(&format[2], L" (");
+            PhInitFormatSR(&format[3], Entry->Service.DisplayName->sr);
+            PhInitFormatC(&format[4], L')');
+
+            //return PhFormatString(
+            //    L"Service modified: %s (%s)",
+            //    Entry->Service.Name->Buffer,
+            //    Entry->Service.DisplayName->Buffer
+            //    );
+            return PhpFormatLogEntryToBuffer(format, RTL_NUMBER_OF(format));
+        }
     case PH_LOG_ENTRY_MESSAGE:
         PhReferenceObject(Entry->Message);
         return Entry->Message;

ProcessHacker/mainwnd.c

@@ -765,6 +765,7 @@ VOID PhMwpOnCommand(
     case ID_NOTIFICATIONS_STARTEDSERVICES:
     case ID_NOTIFICATIONS_STOPPEDSERVICES:
     case ID_NOTIFICATIONS_DELETEDSERVICES:
+    case ID_NOTIFICATIONS_MODIFIEDSERVICES:
         {
             PhMwpExecuteNotificationMenuCommand(WindowHandle, Id);
         }
@@ -2637,6 +2638,7 @@ PPH_EMENU PhpCreateNotificationMenu(
     PhInsertEMenuItem(menuItem, PhCreateEMenuItem(0, ID_NOTIFICATIONS_STARTEDSERVICES, L"St&arted services", NULL, NULL), ULONG_MAX);
     PhInsertEMenuItem(menuItem, PhCreateEMenuItem(0, ID_NOTIFICATIONS_STOPPEDSERVICES, L"St&opped services", NULL, NULL), ULONG_MAX);
     PhInsertEMenuItem(menuItem, PhCreateEMenuItem(0, ID_NOTIFICATIONS_DELETEDSERVICES, L"&Deleted services", NULL, NULL), ULONG_MAX);
+    PhInsertEMenuItem(menuItem, PhCreateEMenuItem(0, ID_NOTIFICATIONS_MODIFIEDSERVICES, L"&Modified services", NULL, NULL), ULONG_MAX);
 
     for (i = PH_NOTIFY_MINIMUM; i != PH_NOTIFY_MAXIMUM; i <<= 1)
     {
@@ -2662,6 +2664,9 @@ PPH_EMENU PhpCreateNotificationMenu(
             case PH_NOTIFY_SERVICE_STOP:
                 id = ID_NOTIFICATIONS_STOPPEDSERVICES;
                 break;
+            case PH_NOTIFY_SERVICE_MODIFIED:
+                id = ID_NOTIFICATIONS_MODIFIEDSERVICES;
+                break;
             }
 
             PhSetFlagsEMenuItem(menuItem, id, PH_EMENU_CHECKED, PH_EMENU_CHECKED);
@@ -2690,6 +2695,7 @@ BOOLEAN PhMwpExecuteNotificationMenuCommand(
     case ID_NOTIFICATIONS_STARTEDSERVICES:
     case ID_NOTIFICATIONS_STOPPEDSERVICES:
     case ID_NOTIFICATIONS_DELETEDSERVICES:
+    case ID_NOTIFICATIONS_MODIFIEDSERVICES:
         {
             ULONG bit;
 
@@ -2713,6 +2719,9 @@ BOOLEAN PhMwpExecuteNotificationMenuCommand(
             case ID_NOTIFICATIONS_DELETEDSERVICES:
                 bit = PH_NOTIFY_SERVICE_DELETE;
                 break;
+            case ID_NOTIFICATIONS_MODIFIEDSERVICES:
+                bit = PH_NOTIFY_SERVICE_MODIFIED;
+                break;
             }
 
             PhMwpNotifyIconNotifyMask ^= bit;

ProcessHacker/mwpgsrv.c

@@ -3,7 +3,7 @@
  *   Main window: Services tab
  *
  * Copyright (C) 2009-2016 wj32
- * Copyright (C) 2017-2020 dmex
+ * Copyright (C) 2017-2021 dmex
  *
  * This file is part of Process Hacker.
  *
@@ -501,7 +501,8 @@ VOID PhMwpOnServiceAdded(
 }
 
 VOID PhMwpOnServiceModified(
-    _In_ PPH_SERVICE_MODIFIED_DATA ServiceModifiedData
+    _In_ PPH_SERVICE_MODIFIED_DATA ServiceModifiedData,
+    _In_ ULONG RunId
     )
 {
     PH_SERVICE_CHANGE serviceChange;
@@ -529,14 +530,15 @@ VOID PhMwpOnServiceModified(
         logEntryType = PH_LOG_ENTRY_SERVICE_PAUSE;
         break;
     default:
-        logEntryType = 0;
+        // HACK: We can't use JustProcessed here, so use the RunId instead. (dmex)
+        logEntryType = (RunId && RunId > 2) ? PH_LOG_ENTRY_SERVICE_MODIFIED : 0;
         break;
     }
 
     if (logEntryType != 0)
         PhLogServiceEntry(logEntryType, ServiceModifiedData->Service->Name, ServiceModifiedData->Service->DisplayName);
 
-    if (PhMwpNotifyIconNotifyMask & (PH_NOTIFY_SERVICE_START | PH_NOTIFY_SERVICE_STOP))
+    if (PhMwpNotifyIconNotifyMask & (PH_NOTIFY_SERVICE_START | PH_NOTIFY_SERVICE_STOP | PH_NOTIFY_SERVICE_MODIFIED))
     {
         PPH_SERVICE_ITEM serviceItem;
 
@@ -600,6 +602,35 @@ VOID PhMwpOnServiceModified(
                 }
             }
         }
+        else if (serviceChange == -1 && PhMwpNotifyIconNotifyMask & PH_NOTIFY_SERVICE_MODIFIED && (RunId && RunId > 2))
+        {
+            if (!PhPluginsEnabled || !PhMwpPluginNotifyEvent(PH_NOTIFY_SERVICE_MODIFIED, serviceItem))
+            {
+                PH_FORMAT format[5];
+                WCHAR formatBuffer[260];
+
+                PhMwpClearLastNotificationDetails();
+                PhMwpLastNotificationType = PH_NOTIFY_SERVICE_MODIFIED;
+                PhSwapReference(&PhMwpLastNotificationDetails.ServiceName, serviceItem->Name);
+
+                // The service %s (%s) has been modified.
+                PhInitFormatS(&format[0], L"The service ");
+                PhInitFormatSR(&format[1], serviceItem->Name->sr);
+                PhInitFormatS(&format[2], L" (");
+                PhInitFormatSR(&format[3], serviceItem->DisplayName->sr);
+                PhInitFormatS(&format[4], L") was modified");
+
+                if (PhFormatToBuffer(format, RTL_NUMBER_OF(format), formatBuffer, sizeof(formatBuffer), NULL))
+                {
+                    PhShowIconNotification(L"Service modified", formatBuffer);
+                }
+                else
+                {
+                    PhShowIconNotification(L"Service modified",
+                        PH_AUTO_T(PH_STRING, PhFormat(format, RTL_NUMBER_OF(format), 0))->Buffer);
+                }
+            }
+        }
     }
 }
 
@@ -667,7 +698,7 @@ VOID PhMwpOnServicesUpdated(
                 PhMwpOnServiceAdded(serviceItem, events[i].RunId);
                 break;
             case ProviderModifiedEvent:
-                PhMwpOnServiceModified((PPH_SERVICE_MODIFIED_DATA)serviceItem);
+                PhMwpOnServiceModified((PPH_SERVICE_MODIFIED_DATA)serviceItem, events[i].RunId);
                 break;
             case ProviderRemovedEvent:
                 PhMwpOnServiceRemoved(serviceItem);

ProcessHacker/resource.h

@@ -680,6 +680,7 @@
 #define ID_NOTIFICATIONS_STARTEDSERVICES 40183
 #define ID_NOTIFICATIONS_STOPPEDSERVICES 40184
 #define ID_NOTIFICATIONS_DELETEDSERVICES 40185
+#define ID_NOTIFICATIONS_MODIFIEDSERVICES 40186
 #define ID_MISCELLANEOUS_GDIHANDLES     40188
 #define ID_MISCELLANEOUS_HEAPS          40189
 #define ID_ESC_EXIT                     40190

plugins/ExtendedNotifications/main.c

@@ -396,6 +396,7 @@ VOID NTAPI NotifyEventCallback(
     case PH_NOTIFY_SERVICE_DELETE:
     case PH_NOTIFY_SERVICE_START:
     case PH_NOTIFY_SERVICE_STOP:
+    case PH_NOTIFY_SERVICE_MODIFIED:
         serviceItem = notifyEvent->Parameter;
 
         MatchFilterList(ServiceFilterList, serviceItem->Name, &filterType);