private void LoadHandles(MemoryObject mo)
{
var dict = Dump.GetDictionary(mo);
HandleItem item = new HandleItem();
if (!dict.ContainsKey("Handle"))
{
return;
}
item.Handle.ProcessId = _item.Pid;
item.Handle.Flags = (HandleFlags)Dump.ParseInt32(dict["Flags"]);
item.Handle.Handle = (short)Dump.ParseInt32(dict["Handle"]);
// Not really needed, just fill it in ignoring 32-bit vs 64-bit
// differences.
item.Handle.Object = (Dump.ParseInt64(dict["Object"]) & 0xffffffff).ToIntPtr();
item.Handle.GrantedAccess = Dump.ParseInt32(dict["GrantedAccess"]);
if (dict.ContainsKey("TypeName"))
{
item.ObjectInfo.TypeName = dict["TypeName"];
item.ObjectInfo.BestName = dict["ObjectName"];
}
if (Settings.Instance.HideHandlesWithNoName)
{
if (string.IsNullOrEmpty(item.ObjectInfo.BestName))
{
return;
}
}
listHandles.AddItem(item);
}
private void LoadToken()
{
var token = _processMo.GetChild("Token");
if (token == null)
{
return;
}
var dict = Dump.GetDictionary(token);
if (!dict.ContainsKey("UserName"))
{
return;
}
string elevated =
dict.ContainsKey("Elevated") ?
Dump.ParseBool(dict["Elevated"]).ToString() :
"N/A";
string virtualization =
dict.ContainsKey("VirtualizationAllowed") ?
(Dump.ParseBool(dict["VirtualizationAllowed"]) ?
(Dump.ParseBool(dict["VirtualizationEnabled"]) ? "Enabled" : "Disabled") :
"Not Allowed") : "N/A";
_tokenProps.DumpSetTextToken(
dict["UserName"],
dict["UserStringSid"],
dict["OwnerName"],
dict["PrimaryGroupName"],
Dump.ParseInt32(dict["SessionId"]).ToString(),
elevated,
virtualization
);
if (dict.ContainsKey("SourceName"))
{
_tokenProps.DumpSetTextSource(
dict["SourceName"],
"0x" + Dump.ParseInt64(dict["SourceLuid"]).ToString("x")
);
}
_tokenProps.DumpSetTextAdvanced(
((TokenType)Dump.ParseInt32(dict["Type"])).ToString(),
((SecurityImpersonationLevel)Dump.ParseInt32(dict["ImpersonationLevel"])).ToString(),
"0x" + Dump.ParseInt64(dict["Luid"]).ToString("x"),
"0x" + Dump.ParseInt64(dict["AuthenticationLuid"]).ToString("x"),
Utils.FormatSize(Dump.ParseInt32(dict["MemoryUsed"])),
Utils.FormatSize(Dump.ParseInt32(dict["MemoryAvailable"]))
);
using (var groups = token.GetChild("Groups"))
{
var groupsList = Dump.GetList(groups);
foreach (var group in groupsList)
{
var split = group.Split(';');
_tokenProps.DumpAddGroup(split[0], (SidAttributes)Dump.ParseInt32(split[1]));
}
}
using (var privileges = token.GetChild("Privileges"))
{
var privilegesList = Dump.GetList(privileges);
foreach (var privilege in privilegesList)
{
var split = privilege.Split(';');
_tokenProps.DumpAddPrivilege(
split[0],
split[1],
(SePrivilegeAttributes)Dump.ParseInt32(split[2])
);
}
}
token.Dispose();
}