Example #1
0
        private void buttonOK_Click(object sender, EventArgs e)
        {
            this.Cursor = Cursors.WaitCursor;
            Application.DoEvents();

            try
            {
                System.Diagnostics.ProcessStartInfo info = new System.Diagnostics.ProcessStartInfo();

                info.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
                info.FileName    = Application.StartupPath + "\\Assistant.exe";
                info.Arguments   = "-w";

                System.Diagnostics.Process.Start(info);
            }
            catch
            { }

            try
            {
                string binPath;
                string mailslotName;
                bool   omitUserAndType = false;

                if (_pid != -1)
                {
                    omitUserAndType = true;
                }

                mailslotName = "ProcessHackerAssistant" + Utils.CreateRandomString(8);
                binPath      = "\"" + Application.StartupPath + "\\Assistant.exe\" " +
                               (omitUserAndType ? "" :
                                ("-u \"" + comboUsername.Text + "\" -t " + comboType.SelectedItem.ToString().ToLower() + " ")) +
                               (_pid != -1 ? ("-P " + _pid.ToString() + " ") : "") + "-p \"" +
                               textPassword.Text.Replace("\"", "\\\"") + "\" -s " + textSessionID.Text + " -c \"" +
                               textCmdLine.Text.Replace("\"", "\\\"") + "\" -E " + mailslotName;

                if (Program.ElevationType == TokenElevationType.Limited)
                {
                    var result = Program.StartProcessHackerAdminWait(
                        "-e -type processhacker -action runas -obj \"" + binPath.Replace("\"", "\\\"") +
                        "\" -mailslot " + mailslotName +
                        " -hwnd " + this.Handle.ToString(), this.Handle, 5000);

                    if (result == WaitResult.Object0)
                    {
                        this.Close();
                    }
                }
                else
                {
                    string serviceName = Utils.CreateRandomString(8);

                    using (var manager = new ServiceManagerHandle(ScManagerAccess.CreateService))
                    {
                        using (var service = manager.CreateService(
                                   serviceName,
                                   serviceName + " (Process Hacker Assistant)",
                                   ServiceType.Win32OwnProcess,
                                   ServiceStartType.DemandStart,
                                   ServiceErrorControl.Ignore,
                                   binPath,
                                   "",
                                   "LocalSystem",
                                   null))
                        {
                            // Create a mailslot so we can receive the error code for Assistant.
                            using (var mhandle = MailslotHandle.Create(
                                       FileAccess.GenericRead, @"\Device\Mailslot\" + mailslotName, 0, 5000)
                                   )
                            {
                                try { service.Start(); }
                                catch { }
                                service.Delete();

                                Win32Error errorCode = (Win32Error)mhandle.Read(4).ToInt32();

                                if (errorCode != Win32Error.Success)
                                {
                                    throw new WindowsException(errorCode);
                                }
                            }
                        }
                    }

                    this.Close();
                }
            }
            catch (Exception ex)
            {
                PhUtils.ShowException("Unable to start the program", ex);
            }

            this.Cursor = Cursors.Default;
        }
Example #2
0
        public static void Run(IDictionary <string, string> args)
        {
            try
            {
                ThemingScope.Activate();
            }
            catch
            { }

            if (!args.ContainsKey("-type"))
            {
                throw new Exception("-type switch required.");
            }

            string type = args["-type"].ToLowerInvariant();

            if (!args.ContainsKey("-obj"))
            {
                throw new Exception("-obj switch required.");
            }

            string obj = args["-obj"];

            if (!args.ContainsKey("-action"))
            {
                throw new Exception("-action switch required.");
            }

            string action = args["-action"].ToLowerInvariant();

            WindowFromHandle window = new WindowFromHandle(IntPtr.Zero);

            if (args.ContainsKey("-hwnd"))
            {
                window = new WindowFromHandle(new IntPtr(int.Parse(args["-hwnd"])));
            }

            try
            {
                switch (type)
                {
                case "processhacker":
                {
                    switch (action)
                    {
                    case "runas":
                    {
                        using (var manager = new ServiceManagerHandle(ScManagerAccess.CreateService))
                        {
                            Random r           = new Random((int)(DateTime.Now.ToFileTime() & 0xffffffff));
                            string serviceName = "";

                            for (int i = 0; i < 8; i++)
                            {
                                serviceName += (char)('A' + r.Next(25));
                            }

                            using (var service = manager.CreateService(
                                       serviceName,
                                       serviceName + " (Process Hacker Assistant)",
                                       ServiceType.Win32OwnProcess,
                                       ServiceStartType.DemandStart,
                                       ServiceErrorControl.Ignore,
                                       obj,
                                       "",
                                       "LocalSystem",
                                       null))
                            {
                                // Create a mailslot so we can receive the error code for Assistant.
                                using (var mhandle = MailslotHandle.Create(
                                           FileAccess.GenericRead, @"\Device\Mailslot\" + args["-mailslot"], 0, 5000)
                                       )
                                {
                                    try { service.Start(); }
                                    catch { }
                                    service.Delete();

                                    Win32Error errorCode = (Win32Error)mhandle.Read(4).ToInt32();

                                    if (errorCode != Win32Error.Success)
                                    {
                                        throw new WindowsException(errorCode);
                                    }
                                }
                            }
                        }
                    }
                    break;

                    default:
                        throw new Exception("Unknown action '" + action + "'");
                    }
                }
                break;

                case "process":
                {
                    var      processes  = Windows.GetProcesses();
                    string[] pidStrings = obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
                    int[]    pids       = new int[pidStrings.Length];
                    string[] names      = new string[pidStrings.Length];

                    for (int i = 0; i < pidStrings.Length; i++)
                    {
                        pids[i]  = int.Parse(pidStrings[i]);
                        names[i] = processes[pids[i]].Name;
                    }

                    switch (action)
                    {
                    case "terminate":
                        ProcessActions.Terminate(window, pids, names, true);
                        break;

                    case "suspend":
                        ProcessActions.Suspend(window, pids, names, true);
                        break;

                    case "resume":
                        ProcessActions.Resume(window, pids, names, true);
                        break;

                    case "reduceworkingset":
                        ProcessActions.ReduceWorkingSet(window, pids, names, false);
                        break;

                    default:
                        throw new Exception("Unknown action '" + action + "'");
                    }
                }
                break;

                case "thread":
                {
                    foreach (string tid in obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
                    {
                        switch (action)
                        {
                        case "terminate":
                        {
                            try
                            {
                                using (var thandle =
                                           new ThreadHandle(int.Parse(tid), ThreadAccess.Terminate))
                                    thandle.Terminate();
                            }
                            catch (Exception ex)
                            {
                                DialogResult result = MessageBox.Show(window,
                                                                      "Could not terminate thread with ID " + tid + ":\n\n" +
                                                                      ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);

                                if (result == DialogResult.Cancel)
                                {
                                    return;
                                }
                            }
                        }
                        break;

                        case "suspend":
                        {
                            try
                            {
                                using (var thandle =
                                           new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
                                    thandle.Suspend();
                            }
                            catch (Exception ex)
                            {
                                DialogResult result = MessageBox.Show(window,
                                                                      "Could not suspend thread with ID " + tid + ":\n\n" +
                                                                      ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);

                                if (result == DialogResult.Cancel)
                                {
                                    return;
                                }
                            }
                        }
                        break;

                        case "resume":
                        {
                            try
                            {
                                using (var thandle =
                                           new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
                                    thandle.Resume();
                            }
                            catch (Exception ex)
                            {
                                DialogResult result = MessageBox.Show(window,
                                                                      "Could not resume thread with ID " + tid + ":\n\n" +
                                                                      ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);

                                if (result == DialogResult.Cancel)
                                {
                                    return;
                                }
                            }
                        }
                        break;

                        default:
                            throw new Exception("Unknown action '" + action + "'");
                        }
                    }
                }
                break;

                case "service":
                {
                    switch (action)
                    {
                    case "start":
                    {
                        ServiceActions.Start(window, obj, false);
                    }
                    break;

                    case "continue":
                    {
                        ServiceActions.Continue(window, obj, false);
                    }
                    break;

                    case "pause":
                    {
                        ServiceActions.Pause(window, obj, false);
                    }
                    break;

                    case "stop":
                    {
                        ServiceActions.Stop(window, obj, false);
                    }
                    break;

                    case "delete":
                    {
                        ServiceActions.Delete(window, obj, true);
                    }
                    break;

                    case "config":
                    {
                        using (ServiceHandle service = new ServiceHandle(obj, ServiceAccess.ChangeConfig))
                        {
                            ServiceType serviceType;

                            if (args["-servicetype"] == "Win32OwnProcess, InteractiveProcess")
                            {
                                serviceType = ServiceType.Win32OwnProcess | ServiceType.InteractiveProcess;
                            }
                            else if (args["-servicetype"] == "Win32ShareProcess, InteractiveProcess")
                            {
                                serviceType = ServiceType.Win32ShareProcess | ServiceType.InteractiveProcess;
                            }
                            else
                            {
                                serviceType = (ServiceType)Enum.Parse(typeof(ServiceType), args["-servicetype"]);
                            }

                            var startType = (ServiceStartType)
                                            Enum.Parse(typeof(ServiceStartType), args["-servicestarttype"]);
                            var errorControl = (ServiceErrorControl)
                                               Enum.Parse(typeof(ServiceErrorControl), args["-serviceerrorcontrol"]);

                            string binaryPath     = null;
                            string loadOrderGroup = null;
                            string userAccount    = null;
                            string password       = null;

                            if (args.ContainsKey("-servicebinarypath"))
                            {
                                binaryPath = args["-servicebinarypath"];
                            }
                            if (args.ContainsKey("-serviceloadordergroup"))
                            {
                                loadOrderGroup = args["-serviceloadordergroup"];
                            }
                            if (args.ContainsKey("-serviceuseraccount"))
                            {
                                userAccount = args["-serviceuseraccount"];
                            }
                            if (args.ContainsKey("-servicepassword"))
                            {
                                password = args["-servicepassword"];
                            }

                            if (!Win32.ChangeServiceConfig(service,
                                                           serviceType, startType, errorControl,
                                                           binaryPath, loadOrderGroup, IntPtr.Zero, null, userAccount, password, null))
                            {
                                Win32.Throw();
                            }
                        }
                    }
                    break;

                    default:
                        throw new Exception("Unknown action '" + action + "'");
                    }
                }
                break;

                case "session":
                {
                    int sessionId = int.Parse(obj);

                    switch (action)
                    {
                    case "disconnect":
                    {
                        SessionActions.Disconnect(window, sessionId, false);
                    }
                    break;

                    case "logoff":
                    {
                        SessionActions.Logoff(window, sessionId, false);
                    }
                    break;

                    default:
                        throw new Exception("Unknown action '" + action + "'");
                    }
                }
                break;

                default:
                    throw new Exception("Unknown object type '" + type + "'");
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(window, ex.Message, "Process Hacker", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }