public void UpdateProcessList(ProcessAccessRights desired_access, bool require_token)
{
NtToken.EnableDebugPrivilege();
ClearListView();
using (var ps = NtProcess.GetProcesses(ProcessAccessRights.QueryLimitedInformation | desired_access, true).ToDisposableList())
{
foreach (var p in ps.OrderBy(p => p.ProcessId))
{
using (var result = NtToken.OpenProcessToken(p, TokenAccessRights.Query, false))
{
if (!result.IsSuccess && require_token)
{
continue;
}
ListViewItem item = listViewProcesses.Items.Add(p.ProcessId.ToString());
item.SubItems.Add(p.Name);
item.SubItems.Add(COMUtilities.FormatBitness(p.Is64Bit));
if (result.IsSuccess)
{
NtToken token = result.Result;
item.SubItems.Add(p.User.Name);
item.SubItems.Add(token.IntegrityLevel.ToString());
}
item.Tag = _processes.AddResource(p.Duplicate());
}
}
}
listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
listViewProcesses.ListViewItemSorter = new ListItemComparer(0);
}
private void SetupProcessEntry(COMProcessEntry obj)
{
m_process = obj;
textBoxProcessExecutablePath.Text = obj.ExecutablePath;
textBoxProcessProcessId.Text = obj.ProcessId.ToString();
textBoxProcessAppId.Text = GetGuidValue(obj.AppId);
textBoxProcessAccessPermissions.Text = GetStringValue(obj.AccessPermissions);
btnProcessViewAccessPermissions.Enabled = !String.IsNullOrWhiteSpace(obj.AccessPermissions);
textBoxProcessLrpcPermissions.Text = GetStringValue(obj.LRpcPermissions);
textBoxProcessUser.Text = GetStringValue(obj.User);
textBoxProcessSecurity.Text = String.Format("Capabilities: {0}, Authn Level: {1}, Imp Level: {2}, Unmarshal Policy: {3}",
obj.Capabilities, obj.AuthnLevel, obj.ImpLevel, obj.UnmarshalPolicy);
textBoxProcessStaHwnd.Text = String.Format("0x{0:X}", obj.STAMainHWnd.ToInt64());
SetupIpidEntries(obj.Ipids, false);
listViewProcessIPids.ListViewItemSorter = new ListItemComparer(0);
lblProcess64bit.Text = COMUtilities.FormatBitness(obj.Is64Bit);
tabControlProperties.TabPages.Add(tabPageProcess);
if (m_registry.AppIDs.ContainsKey(obj.AppId))
{
SetupAppIdEntry((COMAppIDEntry)m_registry.AppIDs[obj.AppId]);
}
if (obj.Classes.Any())
{
tabControlProperties.TabPages.Add(tabPageRegisteredClasses);
foreach (var c in obj.Classes)
{
COMCLSIDEntry clsid = m_registry.MapClsidToEntry(c.Clsid);
ListViewItem item = listViewRegisteredClasses.Items.Add(c.Clsid.FormatGuid());
item.SubItems.Add(clsid.Name);
item.SubItems.Add(c.VTable);
item.SubItems.Add(c.RegFlags.ToString());
item.SubItems.Add(c.Apartment.ToString());
item.SubItems.Add(c.Context.ToString());
item.Tag = c;
}
listViewRegisteredClasses.ListViewItemSorter = new ListItemComparer(0);
listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
}