Ejemplo n.º 1
0
        public void UpdateProcessList(ProcessAccessRights desired_access, bool require_token)
        {
            NtToken.EnableDebugPrivilege();
            ClearListView();
            using (var ps = NtProcess.GetProcesses(ProcessAccessRights.QueryLimitedInformation | desired_access, true).ToDisposableList())
            {
                foreach (var p in ps.OrderBy(p => p.ProcessId))
                {
                    using (var result = NtToken.OpenProcessToken(p, TokenAccessRights.Query, false))
                    {
                        if (!result.IsSuccess && require_token)
                        {
                            continue;
                        }

                        ListViewItem item = listViewProcesses.Items.Add(p.ProcessId.ToString());
                        item.SubItems.Add(p.Name);
                        item.SubItems.Add(COMUtilities.FormatBitness(p.Is64Bit));
                        if (result.IsSuccess)
                        {
                            NtToken token = result.Result;
                            item.SubItems.Add(p.User.Name);
                            item.SubItems.Add(token.IntegrityLevel.ToString());
                        }
                        item.Tag = _processes.AddResource(p.Duplicate());
                    }
                }
            }
            listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
            listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
            listViewProcesses.ListViewItemSorter = new ListItemComparer(0);
        }
Ejemplo n.º 2
0
 private void SetupProcessEntry(COMProcessEntry obj)
 {
     m_process = obj;
     textBoxProcessExecutablePath.Text       = obj.ExecutablePath;
     textBoxProcessProcessId.Text            = obj.ProcessId.ToString();
     textBoxProcessAppId.Text                = GetGuidValue(obj.AppId);
     textBoxProcessAccessPermissions.Text    = GetStringValue(obj.AccessPermissions);
     btnProcessViewAccessPermissions.Enabled = !String.IsNullOrWhiteSpace(obj.AccessPermissions);
     textBoxProcessLrpcPermissions.Text      = GetStringValue(obj.LRpcPermissions);
     textBoxProcessUser.Text     = GetStringValue(obj.User);
     textBoxProcessSecurity.Text = String.Format("Capabilities: {0}, Authn Level: {1}, Imp Level: {2}, Unmarshal Policy: {3}",
                                                 obj.Capabilities, obj.AuthnLevel, obj.ImpLevel, obj.UnmarshalPolicy);
     textBoxProcessStaHwnd.Text = String.Format("0x{0:X}", obj.STAMainHWnd.ToInt64());
     SetupIpidEntries(obj.Ipids, false);
     listViewProcessIPids.ListViewItemSorter = new ListItemComparer(0);
     lblProcess64bit.Text = COMUtilities.FormatBitness(obj.Is64Bit);
     tabControlProperties.TabPages.Add(tabPageProcess);
     if (m_registry.AppIDs.ContainsKey(obj.AppId))
     {
         SetupAppIdEntry((COMAppIDEntry)m_registry.AppIDs[obj.AppId]);
     }
     if (obj.Classes.Any())
     {
         tabControlProperties.TabPages.Add(tabPageRegisteredClasses);
         foreach (var c in obj.Classes)
         {
             COMCLSIDEntry clsid = m_registry.MapClsidToEntry(c.Clsid);
             ListViewItem  item  = listViewRegisteredClasses.Items.Add(c.Clsid.FormatGuid());
             item.SubItems.Add(clsid.Name);
             item.SubItems.Add(c.VTable);
             item.SubItems.Add(c.RegFlags.ToString());
             item.SubItems.Add(c.Apartment.ToString());
             item.SubItems.Add(c.Context.ToString());
             item.Tag = c;
         }
         listViewRegisteredClasses.ListViewItemSorter = new ListItemComparer(0);
         listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
         listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
     }
 }