public void UpdateProcessList(ProcessAccessRights desired_access, bool require_token) { NtToken.EnableDebugPrivilege(); ClearListView(); using (var ps = NtProcess.GetProcesses(ProcessAccessRights.QueryLimitedInformation | desired_access, true).ToDisposableList()) { foreach (var p in ps.OrderBy(p => p.ProcessId)) { using (var result = NtToken.OpenProcessToken(p, TokenAccessRights.Query, false)) { if (!result.IsSuccess && require_token) { continue; } ListViewItem item = listViewProcesses.Items.Add(p.ProcessId.ToString()); item.SubItems.Add(p.Name); item.SubItems.Add(COMUtilities.FormatBitness(p.Is64Bit)); if (result.IsSuccess) { NtToken token = result.Result; item.SubItems.Add(p.User.Name); item.SubItems.Add(token.IntegrityLevel.ToString()); } item.Tag = _processes.AddResource(p.Duplicate()); } } } listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); listViewProcesses.ListViewItemSorter = new ListItemComparer(0); }
private void SetupProcessEntry(COMProcessEntry obj) { m_process = obj; textBoxProcessExecutablePath.Text = obj.ExecutablePath; textBoxProcessProcessId.Text = obj.ProcessId.ToString(); textBoxProcessAppId.Text = GetGuidValue(obj.AppId); textBoxProcessAccessPermissions.Text = GetStringValue(obj.AccessPermissions); btnProcessViewAccessPermissions.Enabled = !String.IsNullOrWhiteSpace(obj.AccessPermissions); textBoxProcessLrpcPermissions.Text = GetStringValue(obj.LRpcPermissions); textBoxProcessUser.Text = GetStringValue(obj.User); textBoxProcessSecurity.Text = String.Format("Capabilities: {0}, Authn Level: {1}, Imp Level: {2}, Unmarshal Policy: {3}", obj.Capabilities, obj.AuthnLevel, obj.ImpLevel, obj.UnmarshalPolicy); textBoxProcessStaHwnd.Text = String.Format("0x{0:X}", obj.STAMainHWnd.ToInt64()); SetupIpidEntries(obj.Ipids, false); listViewProcessIPids.ListViewItemSorter = new ListItemComparer(0); lblProcess64bit.Text = COMUtilities.FormatBitness(obj.Is64Bit); tabControlProperties.TabPages.Add(tabPageProcess); if (m_registry.AppIDs.ContainsKey(obj.AppId)) { SetupAppIdEntry((COMAppIDEntry)m_registry.AppIDs[obj.AppId]); } if (obj.Classes.Any()) { tabControlProperties.TabPages.Add(tabPageRegisteredClasses); foreach (var c in obj.Classes) { COMCLSIDEntry clsid = m_registry.MapClsidToEntry(c.Clsid); ListViewItem item = listViewRegisteredClasses.Items.Add(c.Clsid.FormatGuid()); item.SubItems.Add(clsid.Name); item.SubItems.Add(c.VTable); item.SubItems.Add(c.RegFlags.ToString()); item.SubItems.Add(c.Apartment.ToString()); item.SubItems.Add(c.Context.ToString()); item.Tag = c; } listViewRegisteredClasses.ListViewItemSorter = new ListItemComparer(0); listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); } }