public void TestModuleCollectionBehavior() { ProcessModule[] mArray = Process.GetCurrentProcess().Modules.Cast<ProcessModule>().ToArray(); // Constructor ProcessModuleCollection moduleCollection = new ProcessModuleCollection(mArray); // Count Assert.Equal(mArray.Count(), moduleCollection.Count); // get_item, Contains, IndexOf for (int i = 0; i < mArray.Count(); i++) { Assert.Equal(mArray[i], moduleCollection[i]); Assert.True(moduleCollection.Contains(mArray[i])); Assert.Equal(i, moduleCollection.IndexOf(mArray[i])); } // CopyTo ProcessModule[] moduleArray = new ProcessModule[moduleCollection.Count + 1]; moduleCollection.CopyTo(moduleArray, 1); for (int i = 0; i < mArray.Count(); i++) { Assert.Equal(mArray[i], moduleArray[i + 1]); } Assert.Throws<ArgumentOutOfRangeException>(() => moduleCollection.CopyTo(moduleArray, -1)); // Explicit interface implementations Assert.False(((ICollection)moduleCollection).IsSynchronized); Assert.NotNull(((ICollection)moduleCollection).SyncRoot); moduleArray = new ProcessModule[moduleCollection.Count]; ((ICollection)moduleCollection).CopyTo(moduleArray, 0); Assert.Equal(moduleCollection.Cast<ProcessModule>().ToArray(), moduleArray); // GetEnumerator IEnumerator enumerator = moduleCollection.GetEnumerator(); Assert.Throws<InvalidOperationException>(() => enumerator.Current); for (int i = 0; i < moduleCollection.Count; i++) { enumerator.MoveNext(); Assert.Equal(moduleCollection[i], enumerator.Current); } }
public ProcessInfo(string name, string pid, string window, ProcessModuleCollection processModuleCollection, ProcessThreadCollection processThreadCollection, string mainModule) // конструктор с параметрами - должен пополняться по мере увеличения кол-ва необходимых полей { Name = name; PID = pid; //Window = window; MainModule = mainModule; ProcessModuleCollection = processModuleCollection; ProcessThreadCollection = processThreadCollection; foreach (ProcessModule module in processModuleCollection) // создаем список модулей, которые используются процессом { _modulesNames.Add(module.FileName); } foreach (ProcessThread thread in processThreadCollection) { _threadNames.Add(thread.Id.ToString()); } }
/// <summary> /// Closes the handle to the open process (or does nothing if a process has not been opened). /// </summary> public void CloseProcess() { if (m_hProcess != IntPtr.Zero) { Imports.CloseHandle(m_hProcess); } m_hProcess = IntPtr.Zero; m_hWnd = IntPtr.Zero; m_ProcessId = 0; m_MainModule = null; m_Modules = null; m_bProcessOpen = false; Asm.SetProcessHandle(IntPtr.Zero); }
public void ModulesAreDisposedWhenProcessIsDisposed() { Process process = CreateDefaultProcess(); ProcessModuleCollection modulesCollection = process.Modules; int expectedCount = 0; int disposedCount = 0; foreach (ProcessModule processModule in modulesCollection) { expectedCount += 1; processModule.Disposed += (_, __) => disposedCount += 1; } process.Dispose(); Assert.Equal(expectedCount, disposedCount); }
public void TestModuleProperties() { ProcessModuleCollection modules = Process.GetCurrentProcess().Modules; Assert.True(modules.Count > 0); foreach (ProcessModule module in modules) { Assert.NotNull(module); Assert.NotNull(module.FileName); Assert.NotEmpty(module.FileName); Assert.InRange(module.BaseAddress.ToInt64(), long.MinValue, long.MaxValue); Assert.InRange(module.EntryPointAddress.ToInt64(), long.MinValue, long.MaxValue); Assert.InRange(module.ModuleMemorySize, 0, long.MaxValue); } }
public bool Open(int ProcessId) { if (ProcessId == 0) { return(false); } if (ProcessId == m_ProcessId) { return(true); } if (m_bProcessOpen) { this.CloseProcess(); } if (SetDebugPrivileges) { System.Diagnostics.Process.EnterDebugMode(); } m_bProcessOpen = (m_hProcess = SProcess.OpenProcess(ProcessId)) != IntPtr.Zero; if (m_bProcessOpen) { m_ProcessId = ProcessId; m_hWnd = SWindow.FindWindowByProcessId(ProcessId); m_Modules = Process.GetProcessById(m_ProcessId).Modules; m_MainModule = m_Modules[0]; if (Asm == null) { Asm = new ManagedFasm(m_hProcess); } else { Asm.SetProcessHandle(m_hProcess); } } return(m_bProcessOpen); }
/// <summary> /// Opens a process and its main thread for interaction. /// </summary> /// <param name="ProcessId">Process Id of process with which we wish to interact.</param> /// <returns>Returns true on success, false on failure.</returns> public bool Open(int ProcessId) { if (ProcessId == 0) { return(false); } if (ProcessId == mProcessId) { return(true); } if (mProcessOpen) { this.CloseProcess(); } if (SetDebugPrivileges) { System.Diagnostics.Process.EnterDebugMode(); } mProcessOpen = (mProcess = ProcessHelper.OpenProcess(ProcessId)) != IntPtr.Zero; if (mProcessOpen) { mProcessId = ProcessId; mWnd = WindowHelper.FindWindowByProcessId(ProcessId); mModules = Process.GetProcessById(mProcessId).Modules; mMainModule = mModules[0]; #if FASM_MANAGED if (Asm == null) { Asm = new FasmManaged.ManagedFasm(mProcess); } else { Asm.SetProcessHandle(mProcess); } #endif } return(mProcessOpen); }
//static ProcessMemoryReader pReader = new ProcessMemoryReader(); private static void NewOpenProcess() { Int32 ProcID = Convert.ToInt32(TrainerForm.eqgameID); //if (ProcID == 0) // return; Process procs = Process.GetProcessById(ProcID); //if (procs == null) // return; pHandle = OpenProcess(0x1F0FFF, false, ProcID); IntPtr hProcess = (IntPtr)OpenProcess(0x1F0FFF, 1, ProcID); ProcessModuleCollection modules = procs.Modules; mainModule = procs.MainModule; //pReader.ReadProcess = procs; //pReader.OpenProcess(); }
/// <summary> /// Helper for getting the base address of a module loaded by the current process. This base /// address could be passed to GetProcAddress/LdrGetProcedureAddress or it could be used for /// manual export parsing. This function uses the .NET System.Diagnostics.Process class. /// </summary> /// <author>Ruben Boonen (@FuzzySec)</author> /// <param name="DLLName">The name of the DLL (e.g. "ntdll.dll").</param> /// <returns>IntPtr base address of the loaded module or IntPtr.Zero if the module is not found.</returns> public static IntPtr GetLoadedModuleAddress(string DLLName) { if (cached_lookups.ContainsKey(DLLName)) { return(cached_lookups[DLLName]); } ProcessModuleCollection ProcModules = Process.GetCurrentProcess().Modules; foreach (ProcessModule Mod in ProcModules) { if (Mod.FileName.ToLower().EndsWith(DLLName.ToLower())) { return(cached_lookups[DLLName] = Mod.BaseAddress); } } return(IntPtr.Zero); }
public static void SaveAllModules(ProcessModuleCollection modules) { FolderBrowserDialog folderialog = new FolderBrowserDialog(); folderialog.Description = "Choose save location for Modules"; if (folderialog.ShowDialog() == DialogResult.OK) { string folderpath = folderialog.SelectedPath; if (folderpath != null) { Console.WriteLine("Reached here"); foreach (ProcessModule module in modules) { File.Copy(module.FileName, folderpath + "/" + module.ModuleName); } MessageBox.Show(null, "Successfuly Saved All modules to " + folderpath + "Saved Modules", "Saved"); } } }
private void RefreshModules() { if (_modules == null) { _modules = new HashSet <CurrentProcessModule>(); } try { ProcessModuleCollection processModules = _process.Modules; for (int i = 0; i < processModules.Count; i++) { _modules.Add(new CurrentProcessModule(processModules[i])); } } catch (Exception) { } }
public static ProcessModuleCollection SafeGetModules(this Process process) { List <ProcessModule> listModules = new List <ProcessModule>(); ProcessModuleCollection modules = new ProcessModuleCollection(listModules.ToArray()); try { modules = process.Modules; } catch (InvalidOperationException) { } catch (PlatformNotSupportedException) { } catch (NotSupportedException) { } catch (Win32Exception wex) { Console.WriteLine($"Couldn't get modules for {process.ProcessName}: {wex.Message}"); } // return either the modules or an empty collection return(modules); }
public static UInt32 GetDllAddress(Process p, string ModuleName) { ProcessModuleCollection modules = activeProcess.Modules; ProcessModule dllBaseAdressIWant = null; foreach (ProcessModule i in modules) { if (i.ModuleName == ModuleName) { dllBaseAdressIWant = i; } } if (dllBaseAdressIWant == null) { throw new Exception("DLL address not found!"); } return((UInt32)dllBaseAdressIWant.BaseAddress.ToInt32()); }
private void readMoudeles() { while (true) { try { if (Process.GetProcessById(_Id).Threads != null) { ProcessModuleCollection mo = Process.GetProcessById(_Id).Modules; _modules = new ObservableCollection <Module>(); updateModules(mo); } } catch (Exception ex) { } Thread.Sleep(2000); } }
/// <summary> /// Gets the module. /// </summary> /// <param name="moduleName">Name of the module.</param> /// <returns></returns> public UInt32 GetModule(string moduleName) { try { ProcessModuleCollection modules = System.Diagnostics.Process.GetProcessById(ProcessId).Modules; for (int i = 0; i < modules.Count; i++) { if (modules[i].ModuleName.ToLower() == moduleName.ToLower()) { return((uint)modules[i].BaseAddress); } } } catch (Exception e) { Logging.WriteError("GetModule(string moduleName): " + e); } return(0); }
private void frmModules_Load(object sender, System.EventArgs e) { // Takes the string of modules built up by the btnModules_Click event procedure in // frmTaskManager and displays into the user in the RichTextBox Process ProcessInfo = Process.GetProcessById(ProcessID); ProcessModuleCollection modl = ProcessInfo.Modules; StringBuilder strMod = new StringBuilder(); foreach (ProcessModule proMod in modl) { strMod.Append("Module Name: " + proMod.ModuleName + Environment.NewLine); } rchText.Text = strMod.ToString(); }
public static void dlls(int pid) { try { Process pp = Process.GetProcessById(pid); ProcessModuleCollection pepe = pp.Modules; foreach (ProcessModule processModule in pepe) { Console.WriteLine(processModule.ModuleName); } } catch (ArgumentException) { } catch (System.ComponentModel.Win32Exception) { Console.WriteLine("No puedes obtener esa informacion"); } }
/// <summary> /// gets the current working processes (doesnt work) /// </summary> /// <param name="strFile"></param> private void getFileProcesses(string strFile) { ArrayList myProcessArray = new ArrayList(); Process myProcess; myProcessArray.Clear(); Process[] processes = Process.GetProcesses(); int i = 0; for (i = 0; i <= processes.GetUpperBound(0) - 1; i++) { myProcess = processes[i]; //if (!myProcess.HasExited) //This will cause an "Access is denied" error if (myProcess.Threads.Count > 0) { try { ProcessModuleCollection modules = myProcess.Modules; int j = 0; for (j = 0; j <= modules.Count - 1; j++) { if ((modules[j].FileName.ToLower().CompareTo(strFile.ToLower()) == 0)) { myProcessArray.Add(myProcess); break; // TODO: might not be correct. Was : Exit For } } } catch (Exception exception) { //MsgBox(("Error : " & exception.Message)) } } } GuiPreferences.Instance.setLog(myProcessArray.Count.ToString()); foreach (Process p in myProcessArray) { GuiPreferences.Instance.setLog(p.ProcessName); } }
static void Main(string[] args) { if (args.Length >= 2) { string targetProcName = args[0]; string excludeTag = args[1]; if (args.Length == 3 && args[2].Equals("debug")) { debug = true; } Process[] localByName = Process.GetProcessesByName(targetProcName); foreach (Process proc in localByName) { bool kill = true; log($"Id: {proc.Id} Title: {proc.MainWindowTitle} Process Name: {proc.ProcessName} {proc.MainModule.FileName} {proc.Modules.Count}"); ProcessModuleCollection procModuleCollection = proc.Modules; for (int i = 0; i < procModuleCollection.Count; i++) { ProcessModule procModule = procModuleCollection[i]; log($"-The moduleName is {procModule.ModuleName} {procModule.FileName}"); if (procModule.ModuleName.Contains(excludeTag) || procModule.FileName.Contains(excludeTag)) { kill = false; log($"-Excluding because is using module {procModule.ModuleName} at {procModule.FileName}"); } } if (kill) { log($"Killing Id: {proc.Id} Title: {proc.MainWindowTitle} Process Name: {proc.ProcessName}"); proc.Kill(); } else { log($"NOT Killing Id: {proc.Id} Title: {proc.MainWindowTitle} Process Name: {proc.ProcessName}"); } } } else { Console.Out.WriteLine("Please supply two arguments, the first is the process to find, and the second the keywords to exclude"); } }
public static PROC_VALIDATION ValidateProc(Int32 ProcId) { PROC_VALIDATION Pv = new PROC_VALIDATION(); try { Process Proc = Process.GetProcessById(ProcId); ProcessModuleCollection ProcModColl = Proc.Modules; foreach (ProcessModule Module in ProcModColl) { if (Module.FileName.EndsWith("ntdll.dll")) { Pv.pNtllBase = Module.BaseAddress; break; } } Pv.isvalid = true; Pv.sName = Proc.ProcessName; Pv.hProc = GetProcessHandle(ProcId); ulong isWow64 = 0; uint RetLen = 0; IntPtr pSysCall = Generic.GetSyscallStub("NtQueryInformationProcess"); NtQueryInformationProcess fSyscallNtQueryInformationProcess = (NtQueryInformationProcess)Marshal.GetDelegateForFunctionPointer(pSysCall, typeof(NtQueryInformationProcess)); fSyscallNtQueryInformationProcess(Pv.hProc, 26, ref isWow64, Marshal.SizeOf(isWow64), ref RetLen); if (isWow64 == 0) { Pv.isWow64 = false; } else { Pv.isWow64 = true; } } catch { Pv.isvalid = false; } return(Pv); }
// Fucntion that lists the modules for a user selected process public static void ModList(string pidString) { int pid; // Ensure the input is an integer try { pid = Convert.ToInt32(pidString); } // If not got to the help and alert the user catch (Exception ex) { Console.WriteLine("Input not an integer. Please try again"); help(); pid = 0; } try { // Get the process requested by the user pid input Process process = Process.GetProcessById(pid); ProcessModule procMod; // Get the module collection of the process ProcessModuleCollection processModuleColl = process.Modules; // For each module in the collection write the modules to console for (int i = 0; i < processModuleColl.Count; i++) { procMod = processModuleColl[i]; // Write the module name and base address in hex Console.WriteLine("File Name: {0} Base Address: 0x{1}", procMod.FileName, procMod.BaseAddress.ToString("X")); } } // If it fails alert the user and go to the help catch (Exception ex) { Console.WriteLine("No Process Found with that Process ID. \nError: {0}", ex); help(); } }
/// <summary> /// Closes the handle to the open process (or does nothing if a process has not been opened). /// </summary> public void CloseProcess() { if (mProcess != IntPtr.Zero) { Imports.CloseHandle(mProcess); } mProcess = IntPtr.Zero; mWnd = IntPtr.Zero; mProcessId = 0; mMainModule = null; mModules = null; mProcessOpen = false; #if FASM_MANAGED Asm.SetProcessHandle(IntPtr.Zero); #endif }
public Tuple <IntPtr, int> GetImageBase() { string name = process.ProcessName; try { ProcessModuleCollection modules = process.Modules; foreach (ProcessModule module in modules) { if (module.ModuleName.StartsWith(name, StringComparison.OrdinalIgnoreCase)) { return(new Tuple <IntPtr, int>(module.BaseAddress, module.ModuleMemorySize)); } } } catch (Win32Exception) { } return(new Tuple <IntPtr, int>(IntPtr.Zero, 0)); }
public static void EnumModulesForPID(int pId) { Process proc = null; try { proc = Process.GetProcessById(pId); } catch (ArgumentException ex) { Console.WriteLine("Invalid Argument"); return; } Console.WriteLine("Here are the modules loaded for {0}:", proc.ProcessName); ProcessModuleCollection procModCollection = proc.Modules; foreach (ProcessModule module in procModCollection) { Console.WriteLine("Module Name: {0}", module.ModuleName); } }
public static void Initialize() { Client = 0; Engine = 0; if (_processHandle != IntPtr.Zero) { CloseHandle(_processHandle); } Process process; do { Process[] list; do { Thread.Sleep(1000); list = Process.GetProcessesByName("csgo"); } while (list.Length == 0); process = list[0]; ProcessModuleCollection modules = process.Modules; Thread.Sleep(1000); foreach (ProcessModule module in modules) { if (module.ModuleName.Equals("client.dll")) { Client = (int)module.BaseAddress; } else if (module.ModuleName.Equals("engine.dll")) { Engine = (int)module.BaseAddress; } } } while (Client == 0 || Engine == 0); _processHandle = OpenProcess(ProcessAccessFlags.VirtualMemoryRead, false, process.Id); OffsetUpdater.UpdateOffsets(); }
private void PinfoBtn_Click(object sender, EventArgs e) { string str = textBox2.Text; int pid = -1; bool parsed = Int32.TryParse(str, out pid); pinfoTxt.Clear(); if (!parsed) { pinfoTxt.AppendText("Error, invalid PID"); } else { try { Process target = Process.GetProcessById(pid); pinfoTxt.AppendText("Name: " + target.ProcessName + Environment.NewLine); pinfoTxt.AppendText("PID: " + target.Id + Environment.NewLine); pinfoTxt.AppendText("Window Title: " + target.MainWindowTitle + Environment.NewLine); pinfoTxt.AppendText("Threads: " + Environment.NewLine); ProcessThreadCollection threads = target.Threads; foreach (ProcessThread thread in threads) { pinfoTxt.AppendText("\t" + thread.Id + "\t\t" + thread.StartTime + Environment.NewLine); } pinfoTxt.AppendText(Environment.NewLine); pinfoTxt.AppendText("Modules: " + Environment.NewLine); ProcessModuleCollection modules = target.Modules; foreach (ProcessModule module in modules) { pinfoTxt.AppendText("\t" + module.ModuleName + "\t\t" + module.FileName + Environment.NewLine); } } catch (ArgumentException ex) { pinfoTxt.AppendText("Error, non existent PID"); } } }
private bool GetModuleInfo(uint PID, string ModuleName, out MODULEENTRY32 ModuleInfo) { ModuleInfo = default(MODULEENTRY32); //Take a snapshot of the module list IntPtr hModuleList = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, PID); if (hModuleList == IntPtr.Zero) { return(false); } try { MODULEENTRY32 me32 = new MODULEENTRY32(); me32.dwSize = (uint)Marshal.SizeOf(typeof(MODULEENTRY32)); //Set cursor at the start and grab the info if (!Module32First(hModuleList, ref me32)) { return(false); } ProcessModuleCollection progMods = System.Diagnostics.Process.GetProcessById((int)m_pid).Modules; foreach (ProcessModule module in progMods) { if (module.ModuleName == ReadProcess.MainModule.ModuleName) { ModuleInfo = me32; return(true); } Module32Next(hModuleList, ref me32); } } finally { //gets fired even if return is used ProcessMemoryReaderApi.CloseHandle(hModuleList); } return(false); }
private void button2_Click(object sender, EventArgs e) { p = null; if (ComprobarPID(textBox2.Text)) { if (ExistProcess(ref p) && p != null) { textBox1.Text = String.Format("{0, -25} | {1, -10} | {2, -30} |\r\n", "NAME", "PID", "MAINWINDOW TITLE"); InfoProcess(p); try { ProcessThreadCollection threads = p.Threads; textBox1.Text += String.Format("\r\nSUBPROCESS\r\n{0, -10} | {1, -19} |\r\n", "PID", "START TIME"); foreach (ProcessThread t in threads) { textBox1.Text += String.Format("{0, -10} | {1, -19} |\r\n", t.Id, t.StartTime); } ProcessModuleCollection modules = p.Modules; textBox1.Text += String.Format("\r\n\r\n{0, -30}| {1, -50} |\r\n", "MODULE NAME", "FILE NAME"); foreach (ProcessModule m in modules) { textBox1.Text += String.Format("{0, -30}| {1, -50} |\r\n", m.ModuleName.Length > 30? m.ModuleName.Substring(0, 27) + "..." : m.ModuleName, m.FileName.Length > 50 ? m.FileName.Substring(0, 47) + "..." : m.FileName); } } catch (Win32Exception) { label2.Text = "Access denied"; } } else { textBox1.Text = ""; label2.Text = "PID not found"; } } }
static IntPtr GetBase(SysProcess handle, string module = null) { ProcessModuleCollection modules = handle.Modules; if (module != null) { for (int i = 0; i <= modules.Count - 1; i++) { if (modules[i].ModuleName == module) { return((IntPtr)modules[i].BaseAddress); } } Console.WriteLine("Module Not Found"); } else { return((IntPtr)handle.MainModule.BaseAddress); } return((IntPtr)0); }
/// <summary> /// Список модулей конкретного процесса. /// </summary> /// <param name="pId">Идентификатор процесса</param> static void EnumModsForPid(int pId) { Process process = null; try { process = Process.GetProcessById(pId); Console.WriteLine("Here are the loaded modules for {0}", process.ProcessName); ProcessModuleCollection modules = process.Modules; foreach (ProcessModule processModule in modules) { string info = string.Format("-> Mod Name: {0}", processModule.ModuleName); Console.WriteLine(info); } } catch (Exception ex) { Console.WriteLine(ex.Message); return; } }
// Token: 0x06000009 RID: 9 RVA: 0x00002430 File Offset: 0x00000630 private void AntiModuleInjection() { while (this._running) { ProcessModuleCollection modules = Process.GetCurrentProcess().Modules; for (int i = 0; i < modules.Count; i++) { bool flag = i == 0; if (!flag) { bool flag2 = modules[i].FileVersionInfo.FileMajorPart < 4; if (flag2) { this.Freeze(); } } } this._moduleInjectionFlag.Set(); Thread.Sleep(this.Timeout); } }