C# (CSharp) OleViewDotNet COMProcessParser Examples

Programming Language: C# (CSharp)

Namespace/Package Name: OleViewDotNet

Class/Type: COMProcessParser

Examples at hotexamples.com: 3

C# (CSharp) OleViewDotNet COMProcessParser - 3 examples found. These are the top rated real world C# (CSharp) examples of OleViewDotNet.COMProcessParser extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

EnableDebugPrivilege(1)

ParseProcess(1)

ReadPointer(1)

Example #1

Show file

File: COMProcessParser.cs Project: IntelDevSecQA/oleviewdotnet

        public static IEnumerable <COMProcessEntry> GetProcesses(IEnumerable <Process> procs, string dbghelp_path, string symbol_path, IProgress <Tuple <string, int> > progress)
        {
            List <COMProcessEntry> ret = new List <COMProcessEntry>();

            NtToken.EnableDebugPrivilege();
            int total_count   = procs.Count();
            int current_count = 0;

            foreach (Process p in procs)
            {
                try
                {
                    if (progress != null)
                    {
                        progress.Report(new Tuple <string, int>(String.Format("Parsing process {0}", p.ProcessName),
                                                                100 * current_count++ / total_count));
                    }
                    COMProcessEntry proc = COMProcessParser.ParseProcess(p.Id,
                                                                         dbghelp_path, symbol_path);
                    if (proc != null)
                    {
                        ret.Add(proc);
                    }
                }
                catch (Win32Exception)
                {
                }
                finally
                {
                    p.Close();
                }
            }

            return(ret);
        }

Example #2

Show file

        public SelectSecurityCheckForm(bool process_security)
        {
            InitializeComponent();
            _process_security = process_security;
            _tokens           = new List <SafeTokenHandle>();
            Disposed         += SelectSecurityCheckForm_Disposed;
            string username = String.Format(@"{0}\{1}", Environment.UserDomainName, Environment.UserName);

            textBoxPrincipal.Text = username;
            COMProcessParser.EnableDebugPrivilege();

            foreach (Process p in Process.GetProcesses().OrderBy(p => p.Id))
            {
                try
                {
                    using (SafeProcessHandle process = SafeProcessHandle.Open(p.Id, ProcessAccessRights.QueryInformation))
                    {
                        SafeTokenHandle token = process.OpenToken();
                        _tokens.Add(token);
                        ListViewItem item = listViewProcesses.Items.Add(p.Id.ToString());
                        item.SubItems.Add(p.ProcessName);
                        item.SubItems.Add(process.GetUser());
                        item.SubItems.Add(token.GetIntegrityLevel().ToString());
                        item.Tag = token;
                    }
                }
                catch
                {
                }
            }
            listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
            listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
            listViewProcesses.ListViewItemSorter = new ListItemComparer(0);

            foreach (object value in Enum.GetValues(typeof(SecurityIntegrityLevel)))
            {
                comboBoxIL.Items.Add(value);
            }
            comboBoxIL.SelectedItem = SecurityIntegrityLevel.Low;
            if (process_security)
            {
                textBoxPrincipal.Enabled       = false;
                checkBoxLocalLaunch.Enabled    = false;
                checkBoxRemoteLaunch.Enabled   = false;
                checkBoxLocalActivate.Enabled  = false;
                checkBoxRemoteActivate.Enabled = false;
            }
        }

Example #3

Show file

File: COMProcessParser.cs Project: IntelDevSecQA/oleviewdotnet

        internal COMIPIDEntry(COMProcessParser.IPIDEntryNativeInterface ipid, NtProcess process, ISymbolResolver resolver)
        {
            Ipid      = ipid.Ipid;
            Iid       = ipid.Iid;
            Flags     = (IPIDFlags)ipid.Flags;
            Interface = ipid.Interface;
            Stub      = ipid.Stub;
            var oxid = ipid.GetOxidEntry(process);

            Oxid          = oxid.MOxid;
            ServerSTAHwnd = oxid.ServerSTAHwnd;
            StrongRefs    = ipid.StrongRefs;
            WeakRefs      = ipid.WeakRefs;
            PrivateRefs   = ipid.PrivateRefs;
            if (Interface != IntPtr.Zero)
            {
                InterfaceVTable = resolver.GetModuleRelativeAddress(COMProcessParser.ReadPointer(process, Interface));
            }
            if (Stub != IntPtr.Zero)
            {
                StubVTable = resolver.GetModuleRelativeAddress(COMProcessParser.ReadPointer(process, Stub));
            }
        }