OnlineChecks: Update VirusTotal menu text, Fix memory leak

dmex · dmex · commit 8e51abdf839f · 2017-01-08T00:03:06.000+11:00
diff --git a/plugins/OnlineChecks/main.c b/plugins/OnlineChecks/main.c
@@ -233,8 +233,8 @@ VOID NTAPI MainMenuInitializingCallback(
     onlineMenuItem = PhPluginCreateEMenuItem(PluginInstance, 0, 0, L"Online Checks", NULL);
     PhInsertEMenuItem(onlineMenuItem, enableMenuItem = PhPluginCreateEMenuItem(PluginInstance, 0, ENABLE_SERVICE_VIRUSTOTAL, L"Enable VirusTotal scanning", NULL), -1);
     PhInsertEMenuItem(onlineMenuItem, PhPluginCreateEMenuItem(PluginInstance, PH_EMENU_SEPARATOR, 0, NULL, NULL), -1);
-    PhInsertEMenuItem(onlineMenuItem, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_VIRUSTOTAL_QUEUE, L"Upload unknown files to VirusTotal...", NULL), -1);
     PhInsertEMenuItem(onlineMenuItem, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_VIRUSTOTAL_UPLOAD_FILE, L"Upload file to VirusTotal...", NULL), -1);
+    PhInsertEMenuItem(onlineMenuItem, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_VIRUSTOTAL_QUEUE, L"Upload unknown files to VirusTotal...", NULL), -1);
     PhInsertEMenuItem(menuInfo->Menu, onlineMenuItem, -1);
 
     if (VirusTotalScanningEnabled)
@@ -449,7 +449,7 @@ VOID NTAPI TreeNewMessageCallback(
 
             if (!VirusTotalScanningEnabled)
             {
-                static PH_STRINGREF disabledText = PH_STRINGREF_INIT(L"VirusTotal disabled");
+                static PH_STRINGREF disabledText = PH_STRINGREF_INIT(L"Scanning disabled");
 
                 GetTextExtentPoint32(
                     customDraw->Dc,
diff --git a/plugins/OnlineChecks/onlnchk.h b/plugins/OnlineChecks/onlnchk.h
@@ -56,10 +56,6 @@
 
 extern PPH_PLUGIN PluginInstance;
 
-VOID ShowOptionsDialog(
-    _In_opt_ HWND Parent
-    );
-
 typedef struct _SERVICE_INFO
 {
     ULONG Id;
@@ -152,6 +148,10 @@ typedef struct _UPLOAD_CONTEXT
     PPH_STRING LastAnalysisAgo;
 } UPLOAD_CONTEXT, *PUPLOAD_CONTEXT;
 
+VOID ShowOptionsDialog(
+    _In_opt_ HWND Parent
+    );
+
 NTSTATUS UploadFileThreadStart(
     _In_ PVOID Parameter
     );
@@ -224,7 +224,7 @@ NTSTATUS HashFileAndResetPosition(
     _In_ HANDLE FileHandle,
     _In_ PLARGE_INTEGER FileSize,
     _In_ PH_HASH_ALGORITHM Algorithm,
-    _Out_ PVOID Hash
+    _Out_ PPH_STRING *HashString
     );
 
 typedef struct _VIRUSTOTAL_API_RESULT
diff --git a/plugins/OnlineChecks/upload.c b/plugins/OnlineChecks/upload.c
@@ -260,20 +260,21 @@ NTSTATUS HashFileAndResetPosition(
     _In_ HANDLE FileHandle,
     _In_ PLARGE_INTEGER FileSize,
     _In_ PH_HASH_ALGORITHM Algorithm,
-    _Out_ PVOID Hash
+    _Out_ PPH_STRING *HashString
     )
 {
     NTSTATUS status;
     IO_STATUS_BLOCK iosb;
     PH_HASH_CONTEXT hashContext;
+    PPH_STRING hashString;
     ULONG64 bytesRemaining;
     FILE_POSITION_INFORMATION positionInfo;
     LONG priority;
-    IO_PRIORITY_HINT ioPriority;
     LONG newpriority;
+    IO_PRIORITY_HINT ioPriority;
     IO_PRIORITY_HINT newioPriority;
     UCHAR buffer[PAGE_SIZE];
-
+    
     bytesRemaining = FileSize->QuadPart;
 
     PhInitializeHash(&hashContext, Algorithm);
@@ -311,19 +312,26 @@ NTSTATUS HashFileAndResetPosition(
 
     if (NT_SUCCESS(status))
     {
+        UCHAR hash[32];
+
         switch (Algorithm)
         {
         case Md5HashAlgorithm:
-            PhFinalHash(&hashContext, Hash, 16, NULL);
+            PhFinalHash(&hashContext, hash, 16, NULL);
+            hashString = PhBufferToHexString(hash, 16);
             break;
         case Sha1HashAlgorithm:
-            PhFinalHash(&hashContext, Hash, 20, NULL);
+            PhFinalHash(&hashContext, hash, 20, NULL);
+            hashString = PhBufferToHexString(hash, 20);
             break;
         case Sha256HashAlgorithm:
-            PhFinalHash(&hashContext, Hash, 32, NULL);
+            PhFinalHash(&hashContext, hash, 32, NULL);
+            hashString = PhBufferToHexString(hash, 32);
             break;
         }
 
+        *HashString = hashString;
+
         positionInfo.CurrentByteOffset.QuadPart = 0;
         status = NtSetInformationFile(
             FileHandle,
@@ -1032,16 +1040,14 @@ NTSTATUS UploadCheckThreadStart(
         {
             PSTR uploadUrl = NULL;
             PSTR quote = NULL;
-            UCHAR hash[32];
             PVOID rootJsonObject;
 
-            if (!NT_SUCCESS(status = HashFileAndResetPosition(fileHandle, &fileSize64, Sha256HashAlgorithm, hash)))
+            if (!NT_SUCCESS(status = HashFileAndResetPosition(fileHandle, &fileSize64, Sha256HashAlgorithm, &hashString)))
             {
                 RaiseUploadError(context, L"Unable to hash the file", RtlNtStatusToDosError(status));
                 goto CleanupExit;
             }
 
-            hashString = PhBufferToHexString(hash, 32);
             subObjectName = PhConcatStrings2(L"/file/upload/?sha256=", hashString->Buffer);
 
             if (PhIsNullOrEmptyString(context->KeyString))
diff --git a/plugins/OnlineChecks/virustotal.c b/plugins/OnlineChecks/virustotal.c
@@ -89,8 +89,10 @@ PVIRUSTOTAL_FILE_HASH_ENTRY VirusTotalAddCacheResult(
     result = PhAllocate(sizeof(VIRUSTOTAL_FILE_HASH_ENTRY));
     memset(result, 0, sizeof(VIRUSTOTAL_FILE_HASH_ENTRY));
 
+    PhReferenceObject(FileName);
+    result->FileName = FileName;
+    result->FileNameAnsi = PhConvertUtf16ToMultiByte(PhGetString(FileName));
     result->Extension = Extension;
-    result->FileName = PhDuplicateString(FileName);
 
     PhAcquireQueuedLockExclusive(&ProcessListLock);
     PhAddItemList(VirusTotalList, result);
@@ -226,7 +228,7 @@ VOID VirusTotalBuildJsonArray(
 {
     HANDLE fileHandle;
     FILE_NETWORK_OPEN_INFORMATION fileAttributeInfo;
-    UCHAR hash[32];
+    PPH_STRING hashString = NULL;
 
     if (NT_SUCCESS(PhQueryFullAttributesFileWin32(
         Entry->FileName->Buffer,
@@ -250,20 +252,19 @@ VOID VirusTotalBuildJsonArray(
             fileHandle,
             &fileAttributeInfo.EndOfFile,
             Sha256HashAlgorithm,
-            hash
+            &hashString
             )))
         {
             PVOID entry;
-            
-            Entry->FileHash = PhBufferToHexString(hash, 32);
-            Entry->FileHashAnsi = PhConvertUtf16ToMultiByte(PhGetStringOrEmpty(Entry->FileHash));
-            Entry->FileNameAnsi = PhConvertUtf16ToMultiByte(PhGetStringOrEmpty(Entry->FileName));
+
+            Entry->FileHash = hashString;
+            Entry->FileHashAnsi = PhConvertUtf16ToMultiByte(Entry->FileHash->Buffer);
 
             entry = CreateJsonObject();
             JsonAddObject(entry, "autostart_location", "");
             JsonAddObject(entry, "autostart_entry", "");
-            JsonAddObject(entry, "hash", Entry->FileHashAnsi ? Entry->FileHashAnsi->Buffer : "");
-            JsonAddObject(entry, "image_path", Entry->FileNameAnsi ? Entry->FileNameAnsi->Buffer : "");
+            JsonAddObject(entry, "hash", Entry->FileHashAnsi->Buffer);
+            JsonAddObject(entry, "image_path", Entry->FileNameAnsi->Buffer);
             JsonAddObject(entry, "creation_datetime", Entry->CreationTime ? Entry->CreationTime->Buffer : "");
             JsonArrayAddObject(JsonArray, entry);
         }
@@ -290,7 +291,9 @@ PSTR VirusTotalSendHttpRequest(
     phVersion = PhGetPhVersion();
     userAgent = PhConcatStrings2(L"ProcessHacker_", phVersion->Buffer);
 
+#ifdef _DEBUG
     WinHttpGetIEProxyConfigForCurrentUser(&proxyConfig);
+#endif
 
     if (!(httpSessionHandle = WinHttpOpen(
         userAgent->Buffer,
@@ -438,7 +441,9 @@ PVIRUSTOTAL_FILE_REPORT_RESULT VirusTotalSendHttpFileReportRequest(
     phVersion = PhGetPhVersion();
     userAgent = PhConcatStrings2(L"ProcessHacker_", phVersion->Buffer);
 
+#ifdef _DEBUG
     WinHttpGetIEProxyConfigForCurrentUser(&proxyConfig);
+#endif
 
     if (!(httpSessionHandle = WinHttpOpen(
         userAgent->Buffer,
