private static bool Is32BitProcessOn64BitSystem()
{
if (!IsWindows)
{
return(false);
}
try
{
using (var processHandle = new Interop.Windows.SafeProcessHandle(Process.GetCurrentProcess()))
{
var isWow64 = false;
var success = Interop.Windows.IsWow64Process(
processHandle,
ref isWow64
);
if (success)
{
return(isWow64);
}
}
}
catch (Exception e)
{
Logger.GetInstance(typeof(Platform)).Error("Can not detect if process is 32-bit on 64-bit Windows: " + e.Message);
}
return(false);
}
internal static string GetPlatformProcessPathById(int processId)
{
string processPath;
using (var clientProcess = Process.GetProcessById(processId))
{
try
{
processPath = clientProcess.MainModule.FileName;
}
catch (Win32Exception)
{
using (var processHandle = new Interop.Windows.SafeProcessHandle(clientProcess))
{
var fullPath = new StringBuilder(256);
Interop.Windows.GetModuleFileNameExW(
processHandle,
IntPtr.Zero,
fullPath,
(uint)fullPath.Capacity
);
processPath = fullPath.ToString();
}
}
}
return(processPath);
}
internal static string GetPlatformProcessPathById(int processId)
{
try
{
using (var clientProcess = Process.GetProcessById(processId))
{
try
{
return(clientProcess.MainModule?.FileName);
}
catch (Win32Exception)
{
using (var processHandle = new Interop.Windows.SafeProcessHandle(clientProcess, false))
{
var bufferSize = 256;
while (true)
{
var fullPath = new StringBuilder(bufferSize);
var success = Interop.Windows.QueryFullProcessImageNameW(
processHandle,
0,
fullPath,
ref bufferSize
);
if (success)
{
return(fullPath.ToString(0, bufferSize));
}
var win32Error = Marshal.GetLastWin32Error();
if (win32Error != (int)Interop.Windows.Error.InsufficientBuffer)
{
Logger.GetInstance(typeof(Windows)).Error("Can not get Windows process path, error code: " + win32Error);
break;
}
if (bufferSize > 1024 * 30)
{
Logger.GetInstance(typeof(Windows)).Error("Can not get Windows process path under length of " + bufferSize);
break;
}
bufferSize *= 2;
}
return(null);
}
}
}
}
catch (ArgumentException)
{
// skip
}
return(null);
}
internal static void ExitInPlatform(ExitType exitType)
{
using (var processHandle = new Interop.Windows.SafeProcessHandle(Process.GetCurrentProcess()))
{
Interop.Windows.SafeTokenHandle tokenHandle;
var success = Interop.Windows.OpenProcessToken(
processHandle,
Interop.Windows.TokenAccessRight.AdjustPrivileges | Interop.Windows.TokenAccessRight.Query,
out tokenHandle
);
if (!success)
{
Logger.GetInstance(typeof(Platform)).Error("Can not open process token, error code: " + Marshal.GetLastWin32Error());
return;
}
Interop.Windows.TokenPrivileges tokenPrivileges;
tokenPrivileges.Count = 1;
tokenPrivileges.Luid = 0;
tokenPrivileges.Attr = Interop.Windows.SePrivilege.Enabled;
success = Interop.Windows.LookupPrivilegeValueW(
null,
Interop.Windows.SeShutdownName,
ref tokenPrivileges.Luid
);
if (!success)
{
Logger.GetInstance(typeof(Platform)).Error("Can not lookup privilege value, error code: " + Marshal.GetLastWin32Error());
return;
}
success = Interop.Windows.AdjustTokenPrivileges(
tokenHandle,
false,
ref tokenPrivileges,
0,
IntPtr.Zero,
IntPtr.Zero
);
if (!success)
{
Logger.GetInstance(typeof(Platform)).Error("Can not adjust token privileges, error code: " + Marshal.GetLastWin32Error());
return;
}
success = Interop.Windows.ExitWindowsEx(
ConvertWindowsExitTypeFrom(exitType),
(uint)Interop.Windows.ShutdownReason.Unknown
);
if (!success)
{
Logger.GetInstance(typeof(Platform)).Error("Can not exit Windows, error code: " + Marshal.GetLastWin32Error());
}
}
}
public static ProcessArch DetectProcessArch()
{
if (!IsWindows)
{
return(ProcessArch.Unknown);
}
try
{
using (var processHandle = new Interop.Windows.SafeProcessHandle(Process.GetCurrentProcess()))
{
var processMachine = Interop.Windows.ImageFileMachine.Unknown;
var nativeMachine = Interop.Windows.ImageFileMachine.Unknown;
var success = Interop.Windows.IsWow64Process2(
processHandle,
ref processMachine,
ref nativeMachine
);
if (success)
{
Logger.GetInstance(typeof(Platform)).Info("processMachine: " + processMachine);
Logger.GetInstance(typeof(Platform)).Info("nativeMachine: " + nativeMachine);
if (processMachine != Interop.Windows.ImageFileMachine.Unknown)
{
return(ConvertFrom(processMachine));
}
return(ConvertFrom(nativeMachine));
}
}
}
catch (EntryPointNotFoundException)
{
Logger.GetInstance(typeof(Platform)).Warn("Can not use IsWow64Process2 to detect process architecture");
}
catch (Exception e)
{
Logger.GetInstance(typeof(Platform)).Error("Can not detect process architecture: " + e.Message);
}
return(IntPtr.Size == 8 ? ProcessArch.X64 : ProcessArch.X86);
}
internal static bool IsCurrentUserProcessInPlatform(Process process)
{
var tokenInformation = IntPtr.Zero;
try
{
string currentUserSid;
using (var windowsIdentity = WindowsIdentity.GetCurrent())
{
currentUserSid = windowsIdentity.User?.ToString() ?? string.Empty;
}
if (string.IsNullOrWhiteSpace(currentUserSid))
{
Logger.GetInstance(typeof(Windows)).Error("Can not get current user sid");
return(false);
}
using (var processHandle = new Interop.Windows.SafeProcessHandle(process, false))
{
Interop.Windows.SafeTokenHandle tokenHandle;
var success = Interop.Windows.OpenProcessToken(
processHandle,
Interop.Windows.TokenAccessRight.Query | Interop.Windows.TokenAccessRight.Duplicate,
out tokenHandle
);
if (!success)
{
Logger.GetInstance(typeof(Windows)).Error($"Can not open process token. error code: {Marshal.GetLastWin32Error()}");
}
var tokenInformationSize = 0U;
success = Interop.Windows.GetTokenInformation(
tokenHandle,
Interop.Windows.TokenInformationClass.User,
tokenInformation,
tokenInformationSize,
out tokenInformationSize
);
if (!success)
{
var win32Error = Marshal.GetLastWin32Error();
if (win32Error != (int)Interop.Windows.Error.InsufficientBuffer)
{
Logger.GetInstance(typeof(Windows)).Error($"Can not get process token information size. error code: {win32Error}");
return(false);
}
}
tokenInformation = Marshal.AllocHGlobal((int)tokenInformationSize);
success = Interop.Windows.GetTokenInformation(
tokenHandle,
Interop.Windows.TokenInformationClass.User,
tokenInformation,
tokenInformationSize,
out tokenInformationSize
);
if (!success)
{
Logger.GetInstance(typeof(Windows)).Error($"Can not get process token information. error code: {Marshal.GetLastWin32Error()}");
return(false);
}
var tokenUser = (Interop.Windows.TokenUser)Marshal.PtrToStructure(
tokenInformation,
typeof(Interop.Windows.TokenUser)
);
var processUserSid = string.Empty;
success = Interop.Windows.ConvertSidToStringSidW(tokenUser.User.Sid, ref processUserSid);
if (!success)
{
Logger.GetInstance(typeof(Windows)).Error($"Can not convert sid to string sid, error code: {Marshal.GetLastWin32Error()}");
return(false);
}
if (currentUserSid.Equals(processUserSid))
{
return(true);
}
Logger.GetInstance(typeof(Windows)).Debug($"Process user SID: [{processUserSid}] is different from current user SID: [{currentUserSid}]");
return(false);
}
}
catch (Exception e)
{
Logger.GetInstance(typeof(Windows)).Error($"Can not check if process is running under current user. {e.Message}");
}
finally
{
if (tokenInformation != IntPtr.Zero)
{
Marshal.FreeHGlobal(tokenInformation);
}
}
return(false);
}