Ejemplo n.º 1
0
        /// <summary>
        /// Get process image file path
        /// </summary>
        /// <param name="native">True to return the native image path, false for a Win32 style path</param>
        /// <returns>The process image file path</returns>
        public string GetImageFilePath(bool native)
        {
            ProcessInfoClass info_class = native ? ProcessInfoClass.ProcessImageFileName : ProcessInfoClass.ProcessImageFileNameWin32;
            int      return_length      = 0;
            NtStatus status             = NtSystemCalls.NtQueryInformationProcess(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length);

            if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH)
            {
                status.ToNtException();
            }
            using (SafeStructureInOutBuffer <UnicodeStringOut> buf = new SafeStructureInOutBuffer <UnicodeStringOut>(return_length, false))
            {
                NtSystemCalls.NtQueryInformationProcess(Handle, info_class, buf, buf.Length, out return_length).ToNtException();
                return(buf.Result.ToString());
            }
        }
Ejemplo n.º 2
0
        private SafeStructureInOutBuffer <T> Query <T>(ProcessInfoClass info_class) where T : new()
        {
            int      return_length = 0;
            NtStatus status        = NtSystemCalls.NtQueryInformationProcess(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length);

            if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH && status != NtStatus.STATUS_BUFFER_TOO_SMALL)
            {
                throw new NtException(status);
            }

            SafeStructureInOutBuffer <T> buffer = new SafeStructureInOutBuffer <T>(return_length, false);

            try
            {
                NtSystemCalls.NtQueryInformationProcess(Handle, info_class, buffer, buffer.Length, out return_length).ToNtException();
                return(buffer);
            }
            catch
            {
                buffer.Close();
                throw;
            }
        }
Ejemplo n.º 3
0
 public static extern int NtWow64QueryInformationProcess64(SafeProcessHandle hProcess, ProcessInfoClass pic, ref ProcessBasicInformationWow64 pbi, int cb, out int pSize);
Ejemplo n.º 4
0
 internal static extern NtStatus NtQueryInformationProcess(IntPtr hProcess, ProcessInfoClass processInfoClass,
                                                           out ProcessExtendedBasicInformation processExtendedBasicInformation, int inputSize, out int resultSize);
Ejemplo n.º 5
0
 internal static extern NtStatus NtQueryInformationProcess([In] IntPtr processHandle, [In] ProcessInfoClass processInformationClass, out IntPtr processInformation, [In] int processInformationLength, out int returnLength);
Ejemplo n.º 6
0
 public static extern int NtWow64QueryInformationProcess64(SafeProcessHandle hProcess, ProcessInfoClass pic, ref ProcessBasicInformationWow64 pbi, int cb, out int pSize);
Ejemplo n.º 7
0
 internal static extern int NtQueryInformationProcess(IntPtr hProcess, ProcessInfoClass pic, ref ProcessBasicInformation pbi, int cb, out int pSize);
Ejemplo n.º 8
0
 public static extern NtStatus NtSetInformationProcess(SafeKernelObjectHandle ProcessHandle,
                                                       ProcessInfoClass ProcessInformationClass,
                                                       SafeHGlobalBuffer ProcessInformation,
                                                       int ProcessInformationLength);
Ejemplo n.º 9
0
 public static extern NtStatus NtQueryInformationProcess(SafeKernelObjectHandle ProcessHandle,
                                                         ProcessInfoClass ProcessInformationClass,
                                                         SafeHGlobalBuffer ProcessInformation,
                                                         int ProcessInformationLength,
                                                         [Out] out int ReturnLength
                                                         );
Ejemplo n.º 10
0
 public unsafe static extern NTStatus NtQueryInformationProcess(
     SafeProcessHandle ProcessHandle,
     ProcessInfoClass ProcessInformationClass,
     void *ProcessInformation,
     uint ProcessInformationLength,
     uint *ReturnLength);