search

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
https://systeminformer.sourceforge.io
MIT License
10.53k stars 1.36k forks source link

Show "??" entry in Object Manager #2074

Open alabuzhev opened 1 month ago

alabuzhev commented 1 month ago

Description of the feature, modification, idea or suggestion

Tools - System - Object Manager shows the content of "\" by calling NtQueryDirectoryObject recursively. This approach overlooks one particular directory - ?? (a.k.a. "local \DosDevices"), which is not returned when querying the root directory, unlike the global version of \DosDevices (GLOBAL??). This directory typically contains a symbolic link to Global, network drives, subst drives and whatever else the user defined with DefineDosDevice.

This information is also available under \Sessions\<SESSION_ID>\DosDevices\<LOGON_SESSION_ID>, but getting there is more cumbersome and requires Administrator rights.

Proposed implementation details (optional)

It can be added manually (I'm not familiar with the code, so apologies if something is horribly wrong):

diff --git a/plugins/ExtendedTools/objmgr.c b/plugins/ExtendedTools/objmgr.c
index 229e7b279..efb1b83d6 100644
--- a/plugins/ExtendedTools/objmgr.c
+++ b/plugins/ExtendedTools/objmgr.c
@@ -14,6 +14,8 @@
 #include <hndlinfo.h>

 static PH_STRINGREF EtObjectManagerRootDirectoryObject = PH_STRINGREF_INIT(L"\\"); // RtlNtPathSeperatorString
+static PH_STRINGREF EtObjectManagerUserDirectoryObject = PH_STRINGREF_INIT(L"??");
+static PH_STRINGREF DirectoryObjectType = PH_STRINGREF_INIT(L"Directory");
 static HWND EtObjectManagerDialogHandle = NULL;
 static HANDLE EtObjectManagerDialogThreadHandle = NULL;
 static PH_EVENT EtObjectManagerDialogInitializedEvent = PH_EVENT_INIT;
@@ -875,6 +877,14 @@ INT_PTR CALLBACK WinObjDlgProc(
                 EtObjectManagerRootDirectoryObject
                 );

+            DIRECTORY_ENUM_CONTEXT enumContext;
+
+            enumContext.TreeViewHandle = context->TreeViewHandle;
+            enumContext.RootTreeItem = context->RootTreeObject;
+            enumContext.DirectoryPath = EtObjectManagerRootDirectoryObject;
+
+            EtEnumDirectoryObjectsCallback(&EtObjectManagerUserDirectoryObject, &DirectoryObjectType, &enumContext);
+
             PhInitializeWindowTheme(hwndDlg, !!PhGetIntegerSetting(L"EnableThemeSupport"));

             SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)context->TreeViewHandle, TRUE);

The result:

image

Links: https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/local-and-global-ms-dos-device-names https://www.osronline.com/article.cfm%5Earticle=381.htm https://superuser.com/questions/884347/win32-and-the-global-namespace https://stackoverflow.com/questions/4686897/sessions-window-stations-and-desktops