C# (CSharp) NativeMethods.PROCESS_BASIC_INFORMATION Examples

Programming Language: C# (CSharp)

Class/Type: NativeMethods.PROCESS_BASIC_INFORMATION

Examples at hotexamples.com: 5

C# (CSharp) NativeMethods.PROCESS_BASIC_INFORMATION - 5 examples found. These are the top rated real world C# (CSharp) examples of NativeMethods.PROCESS_BASIC_INFORMATION extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: ProcessEnvironment.cs Project: sofianhn/kudu

        private static IntPtr GetPebNative(IntPtr hProcess)
        {
            var pbi     = new NativeMethods.PROCESS_BASIC_INFORMATION();
            int res_len = 0;
            int pbiSize = Marshal.SizeOf(pbi);

            NativeMethods.NtQueryInformationProcess(
                hProcess,
                NativeMethods.ProcessBasicInformation,
                ref pbi,
                pbiSize,
                ref res_len);

            if (res_len != pbiSize)
            {
                throw new Win32Exception("Unable to query process information.");
            }

            return(pbi.PebBaseAddress);
        }

Example #2

Show file

File: Win32Process.cs Project: notsonormal/AstoundingDock

        public static Process GetParentProcess(IntPtr handle)
        {
            NativeMethods.PROCESS_BASIC_INFORMATION pbi = new NativeMethods.PROCESS_BASIC_INFORMATION();

            int pSize;
            int status = NativeMethods.NtQueryInformationProcess(
                handle, NativeMethods.PROCESSINFOCLASS.ProcessBasicInformation,
                ref pbi, Marshal.SizeOf(pbi), out pSize);

            if (status != 0)
                throw new Win32Exception(status);

            try
            {
                return Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32());
            }
            catch (ArgumentException)
            {
                return null; // Not found
            }
        }

Example #3

Show file

File: Win32Process.cs Project: PocketAppZ/AstoundingDock

        public static Process GetParentProcess(IntPtr handle)
        {
            NativeMethods.PROCESS_BASIC_INFORMATION pbi = new NativeMethods.PROCESS_BASIC_INFORMATION();

            int pSize;
            int status = NativeMethods.NtQueryInformationProcess(
                handle, NativeMethods.PROCESSINFOCLASS.ProcessBasicInformation,
                ref pbi, Marshal.SizeOf(pbi), out pSize);

            if (status != 0)
            {
                throw new Win32Exception(status);
            }

            try
            {
                return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
            }
            catch (ArgumentException)
            {
                return(null); // Not found
            }
        }

Example #4

Show file

File: ProcessEnvironment.cs Project: 40a/kudu

        private static IntPtr GetPebNative(IntPtr hProcess)
        {
            var pbi = new NativeMethods.PROCESS_BASIC_INFORMATION();
            int res_len = 0;
            int pbiSize = Marshal.SizeOf(pbi);
            NativeMethods.NtQueryInformationProcess(
                hProcess,
                NativeMethods.ProcessBasicInformation,
                ref pbi,
                pbiSize,
                ref res_len);

            if (res_len != pbiSize)
            {
                throw new Win32Exception("Unable to query process information.");
            }

            return pbi.PebBaseAddress;
        }

Example #5

Show file

        public static string GetCommandLineOfProcess(int processId)
        {
            var pid = processId;

            var pbi = new NativeMethods.PROCESS_BASIC_INFORMATION();

            IntPtr proc = NativeMethods.OpenProcess
                          (
                PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid
                          );

            if (proc == IntPtr.Zero)
            {
                return("");
            }

            if (NativeMethods.NtQueryInformationProcess(proc, 0, ref pbi, pbi.Size, IntPtr.Zero) == 0)
            {
                var buff = new byte[IntPtr.Size];
                if (NativeMethods.ReadProcessMemory
                    (
                        proc,
                        (IntPtr)(pbi.PebBaseAddress.ToInt32() + 0x10),
                        buff,
                        IntPtr.Size, out _
                    ))
                {
                    var buffPtr     = BitConverter.ToInt32(buff, 0);
                    var commandLine = new byte[Marshal.SizeOf(typeof(NativeMethods.UNICODE_STRING))];

                    if
                    (
                        NativeMethods.ReadProcessMemory
                        (
                            proc, (IntPtr)(buffPtr + 0x40),
                            commandLine,
                            Marshal.SizeOf(typeof(NativeMethods.UNICODE_STRING)), out _
                        )
                    )
                    {
                        var ucsData = ByteArrayToStructure <NativeMethods.UNICODE_STRING>(commandLine);
                        var parms   = new byte[ucsData.Length];
                        if
                        (
                            NativeMethods.ReadProcessMemory
                            (
                                proc, ucsData.buffer, parms,
                                ucsData.Length, out _
                            )
                        )
                        {
                            return(Encoding.Unicode.GetString(parms));
                        }
                    }
                }
            }

            NativeMethods.CloseHandle(proc);

            return("");
        }