private void RefreshProcesses()
{
Dictionary <int, SystemProcess> processes = Windows.GetProcesses();
listProcesses.BeginUpdate();
listProcesses.Items.Clear();
var generic_process = imageList.Images["generic_process"];
imageList.Images.Clear();
imageList.Images.Add("generic_process", generic_process);
foreach (var process in processes.Values)
{
string userName = string.Empty;
string fileName = null;
try
{
using (ProcessHandle phandle = new ProcessHandle(process.Process.ProcessId, OSVersion.MinProcessQueryInfoAccess))
{
using (TokenHandle thandle = phandle.GetToken(TokenAccess.Query))
using (Sid sid = thandle.User)
userName = sid.GetFullName(true);
fileName = phandle.ImageFileName;
}
}
catch
{ }
ListViewItem item = new ListViewItem(new string[]
{
process.Process.ProcessId == 0 ? "System Idle Process" : process.Name,
process.Process.ProcessId.ToString(),
userName
});
if (!string.IsNullOrEmpty(fileName))
{
Icon fileIcon = FileUtils.GetFileIcon(fileName);
if (fileIcon != null)
{
imageList.Images.Add(process.Process.ProcessId.ToString(), fileIcon);
item.ImageKey = process.Process.ProcessId.ToString();
}
}
if (string.IsNullOrEmpty(item.ImageKey))
{
item.ImageKey = "generic_process";
}
listProcesses.Items.Add(item);
}
listProcesses.EndUpdate();
}
private static void DumpProcessToken(MemoryObject processMo, int pid)
{
using (var tokenMo = processMo.CreateChild("Token"))
{
using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights))
{
BinaryWriter bw = new BinaryWriter(tokenMo.GetWriteStream());
using (var thandle = phandle.GetToken(TokenAccess.Query))
{
Sid user = thandle.GetUser();
bw.Write("UserName", user.GetFullName(true));
bw.Write("UserStringSid", user.StringSid);
bw.Write("OwnerName", thandle.GetOwner().GetFullName(true));
bw.Write("PrimaryGroupName", thandle.GetPrimaryGroup().GetFullName(true));
bw.Write("SessionId", thandle.GetSessionId());
if (OSVersion.HasUac)
{
bw.Write("Elevated", thandle.IsElevated());
bw.Write("VirtualizationAllowed", thandle.IsVirtualizationAllowed());
bw.Write("VirtualizationEnabled", thandle.IsVirtualizationEnabled());
}
var statistics = thandle.GetStatistics();
bw.Write("Type", (int)statistics.TokenType);
bw.Write("ImpersonationLevel", (int)statistics.ImpersonationLevel);
bw.Write("Luid", statistics.TokenId.QuadPart);
bw.Write("AuthenticationLuid", statistics.AuthenticationId.QuadPart);
bw.Write("MemoryUsed", statistics.DynamicCharged);
bw.Write("MemoryAvailable", statistics.DynamicAvailable);
var groups = thandle.GetGroups();
using (var groupsMo = tokenMo.CreateChild("Groups"))
{
BinaryWriter bw2 = new BinaryWriter(groupsMo.GetWriteStream());
for (int i = 0; i < groups.Length; i++)
{
bw2.WriteListEntry(
groups[i].GetFullName(true) + ";" + ((int)groups[i].Attributes).ToString("x")
);
}
bw2.Close();
}
var privileges = thandle.GetPrivileges();
using (var privilegesMo = tokenMo.CreateChild("Privileges"))
{
BinaryWriter bw2 = new BinaryWriter(privilegesMo.GetWriteStream());
for (int i = 0; i < privileges.Length; i++)
{
bw2.WriteListEntry(
privileges[i].Name + ";" +
privileges[i].DisplayName + ";" +
((int)privileges[i].Attributes).ToString("x")
);
}
bw2.Close();
}
}
try
{
using (var thandle = phandle.GetToken(TokenAccess.QuerySource))
{
var source = thandle.GetSource();
bw.Write("SourceName", source.SourceName.TrimEnd('\0', '\r', '\n', ' '));
bw.Write("SourceLuid", source.SourceIdentifier.QuadPart);
}
}
catch
{ }
bw.Close();
}
}
}