static void DumpProcessEntry(NtProcess entry, HashSet <string> mitigation_filter, bool all_mitigations, bool print_command_line) { try { NtProcessMitigations mitigations = entry.Mitigations; Console.WriteLine("Process Mitigations: {0,8} - {1}", entry.ProcessId, entry.GetImageFilePath(false)); if (print_command_line) { Console.WriteLine("Command Line: {0}", GetCommandLine(entry)); } IEnumerable <PropertyInfo> props = _props.Values.Where(p => mitigation_filter.Count == 0 || mitigation_filter.Contains(p.Name)); foreach (PropertyInfo prop in props.OrderBy(p => p.Name)) { object value = prop.GetValue(mitigations); if (!all_mitigations && (value is bool)) { if (!(bool)value) { continue; } } FormatEntry(prop.Name, prop.GetValue(mitigations)); } Console.WriteLine(); } catch (NtException) { // Can end up here if the process is exiting. } }
static bool HasPropertySet(NtProcessMitigations mitigations, IEnumerable<string> props) { foreach (string propname in props) { if (_props.ContainsKey(propname)) { if ((bool)_props[propname].GetValue(mitigations)) { return true; } } } return false; }
static bool HasPropertySet(NtProcessMitigations mitigations, IEnumerable <string> props) { foreach (string propname in props) { if (_props.ContainsKey(propname)) { if ((bool)_props[propname].GetValue(mitigations)) { return(true); } } } return(false); }