Skip to content

Commit 7dd5964

Browse files
dmexdmex
committed
ExtendedTools: Improve firewall caching, memory usage, performance, sorting and enum firewall events on startup
1 parent e3835c8 commit 7dd5964

File tree

5 files changed

+576
-180
lines changed

5 files changed

+576
-180
lines changed

plugins/ExtendedTools/ExtendedTools.vcxproj

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -71,38 +71,38 @@
7171
</ImportGroup>
7272
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
7373
<Link>
74-
<AdditionalDependencies>cfgmgr32.lib;fwpuclnt.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
75-
<DelayLoadDLLs>cfgmgr32.dll;fwpuclnt.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
74+
<AdditionalDependencies>cfgmgr32.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
75+
<DelayLoadDLLs>cfgmgr32.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
7676
</Link>
7777
</ItemDefinitionGroup>
7878
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
7979
<Link>
80-
<AdditionalDependencies>cfgmgr32.lib;fwpuclnt.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
81-
<DelayLoadDLLs>cfgmgr32.dll;fwpuclnt.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
80+
<AdditionalDependencies>cfgmgr32.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
81+
<DelayLoadDLLs>cfgmgr32.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
8282
</Link>
8383
</ItemDefinitionGroup>
8484
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
8585
<Link>
86-
<AdditionalDependencies>cfgmgr32.lib;fwpuclnt.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
87-
<DelayLoadDLLs>cfgmgr32.dll;fwpuclnt.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
86+
<AdditionalDependencies>cfgmgr32.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
87+
<DelayLoadDLLs>cfgmgr32.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
8888
</Link>
8989
</ItemDefinitionGroup>
9090
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
9191
<Link>
92-
<AdditionalDependencies>cfgmgr32.lib;fwpuclnt.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
93-
<DelayLoadDLLs>cfgmgr32.dll;fwpuclnt.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
92+
<AdditionalDependencies>cfgmgr32.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
93+
<DelayLoadDLLs>cfgmgr32.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
9494
</Link>
9595
</ItemDefinitionGroup>
9696
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
9797
<Link>
98-
<AdditionalDependencies>cfgmgr32.lib;fwpuclnt.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
99-
<DelayLoadDLLs>cfgmgr32.dll;fwpuclnt.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
98+
<AdditionalDependencies>cfgmgr32.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
99+
<DelayLoadDLLs>cfgmgr32.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
100100
</Link>
101101
</ItemDefinitionGroup>
102102
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
103103
<Link>
104-
<AdditionalDependencies>cfgmgr32.lib;fwpuclnt.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
105-
<DelayLoadDLLs>cfgmgr32.dll;fwpuclnt.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
104+
<AdditionalDependencies>cfgmgr32.lib;pdh.lib;tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
105+
<DelayLoadDLLs>cfgmgr32.dll;oleaut32.dll;tdh.dll;tbs.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
106106
</Link>
107107
</ItemDefinitionGroup>
108108
<ItemGroup>

plugins/ExtendedTools/exttools.h

Lines changed: 69 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,7 @@ extern BOOLEAN EtEnableAvxSupport;
8888
#define SETTING_NAME_FW_TREE_LIST_COLUMNS (PLUGIN_NAME L".FwTreeColumns")
8989
#define SETTING_NAME_FW_TREE_LIST_SORT (PLUGIN_NAME L".FwTreeSort")
9090
#define SETTING_NAME_FW_IGNORE_PORTSCAN (PLUGIN_NAME L".FwIgnorePortScan")
91+
#define SETTING_NAME_FW_IGNORE_LOOPBACK (PLUGIN_NAME L".FwIgnoreLoopback")
9192
#define SETTING_NAME_SHOWSYSINFOGRAPH (PLUGIN_NAME L".ToolbarShowSystemInfoGraph")
9293
#define SETTING_NAME_WCT_TREE_LIST_COLUMNS (PLUGIN_NAME L".WaitChainTreeListColumns")
9394
#define SETTING_NAME_WCT_WINDOW_POSITION (PLUGIN_NAME L".WaitChainWindowPosition")
@@ -908,6 +909,7 @@ typedef enum _FW_COLUMN_TYPE
908909
FW_COLUMN_REMOTEADDRESSCLASS,
909910
FW_COLUMN_LOCALADDRESSSSCOPE,
910911
FW_COLUMN_REMOTEADDRESSSCOPE,
912+
FW_COLUMN_ORIGINALNAME,
911913
FW_COLUMN_MAXIMUM
912914
} FW_COLUMN_TYPE;
913915

@@ -998,6 +1000,10 @@ VOID EtFwMonitorUninitialize(
9981000
VOID
9991001
);
10001002

1003+
ULONG EtFwMonitorEnumEvents(
1004+
VOID
1005+
);
1006+
10011007
VOID EtInitializeFirewallTab(
10021008
VOID
10031009
);
@@ -1051,14 +1057,76 @@ VOID EtFwShowWhoisWindow(
10511057
_In_ PH_IP_ENDPOINT Endpoint
10521058
);
10531059

1054-
typedef ULONG (WINAPI* _FwpmNetEventSubscribe)(
1060+
typedef struct _SEC_WINNT_AUTH_IDENTITY_W SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
1061+
typedef struct FWPM_SESSION0_ FWPM_SESSION0;
1062+
1063+
typedef ULONG (WINAPI* _FwpmEngineOpen0)(
1064+
_In_opt_ const wchar_t* serverName,
1065+
_In_ UINT32 authnService,
1066+
_In_opt_ SEC_WINNT_AUTH_IDENTITY_W* authIdentity,
1067+
_In_opt_ const FWPM_SESSION0* session,
1068+
_Out_ HANDLE* engineHandle
1069+
);
1070+
1071+
typedef ULONG (WINAPI* _FwpmEngineClose0)(
1072+
_Inout_ HANDLE engineHandle
1073+
);
1074+
1075+
typedef VOID (WINAPI* _FwpmFreeMemory0)(
1076+
_Inout_ PVOID* p
1077+
);
1078+
1079+
typedef enum FWPM_ENGINE_OPTION_ FWPM_ENGINE_OPTION;
1080+
typedef struct FWP_VALUE0_ FWP_VALUE0;
1081+
1082+
typedef ULONG (WINAPI* _FwpmEngineSetOption0)(
1083+
_In_ HANDLE engineHandle,
1084+
_In_ FWPM_ENGINE_OPTION option,
1085+
_In_ const FWP_VALUE0* newValue
1086+
);
1087+
1088+
typedef struct FWPM_FILTER0_ FWPM_FILTER0;
1089+
1090+
typedef ULONG (WINAPI* _FwpmFilterGetById0)(
1091+
_In_ HANDLE engineHandle,
1092+
_In_ UINT64 id,
1093+
_Outptr_ FWPM_FILTER0** filter
1094+
);
1095+
1096+
typedef ULONG (WINAPI* _FwpmNetEventSubscribe4)(
10551097
_In_ HANDLE engineHandle,
10561098
_In_ PVOID subscription,
10571099
_In_ PVOID callback,
10581100
_In_opt_ PVOID context,
10591101
_Out_ HANDLE* eventsHandle
10601102
);
10611103

1104+
typedef ULONG (WINAPI* _FwpmNetEventUnsubscribe0)(
1105+
_In_ HANDLE engineHandle,
1106+
_Inout_ HANDLE eventsHandle
1107+
);
1108+
1109+
typedef struct FWPM_NET_EVENT_ENUM_TEMPLATE0_ FWPM_NET_EVENT_ENUM_TEMPLATE0;
1110+
1111+
typedef ULONG (WINAPI* _FwpmNetEventCreateEnumHandle0)(
1112+
_In_ HANDLE engineHandle,
1113+
_In_opt_ const FWPM_NET_EVENT_ENUM_TEMPLATE0* enumTemplate,
1114+
_Out_ HANDLE* enumHandle
1115+
);
1116+
1117+
typedef ULONG (WINAPI* _FwpmNetEventDestroyEnumHandle0)(
1118+
_In_ HANDLE engineHandle,
1119+
_Inout_ HANDLE enumHandle
1120+
);
1121+
1122+
typedef ULONG (WINAPI* _FwpmNetEventEnum5)(
1123+
_In_ HANDLE engineHandle,
1124+
_In_ HANDLE enumHandle,
1125+
_In_ UINT32 numEntriesRequested,
1126+
_Out_ PVOID** entries,
1127+
_Out_ UINT32* numEntriesReturned
1128+
);
1129+
10621130
// ETW Microsoft-Windows-WFP::DirectionMap
10631131
#define FWP_DIRECTION_MAP_INBOUND 0x3900
10641132
#define FWP_DIRECTION_MAP_OUTBOUND 0x3901

0 commit comments

Comments
 (0)