/// <summary> /// 读内存字节集 /// </summary> /// <param name="ProcessID">进程ID,-1为自进程</param> /// <param name="Address">地址 无符号整数型</param> /// <param name="Size">读取长度 0为智能读取</param> /// <returns>返回字节数组,失败返回空字节集</returns> public static byte[] ReadMemByteArray(int ProcessID, uint Address, int Size) { //声明变量 int a, t_size = 0; IntPtr handle = new IntPtr(); ReadWriteAPI.MemAttribute mematt = new ReadWriteAPI.MemAttribute(); t_size = Size; if (ProcessID == -1) //-1读取自进程 { handle = ProcessAPI.GetCurrentProcess(); } else { handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄 } if (t_size == 0) //大小为0智能读取 { ReadWriteAPI.VirtualQueryEx(handle, Address, mematt, 28); t_size = mematt.Size + mematt.RegBaseAdd - (int)Address; } byte[] temp = new byte[t_size]; a = ReadWriteAPI.ReadProcessMemory(handle, Address, temp, t_size, 0); ProcessAPI.CloseHandle(handle); //关闭对象 if (a != 0) { return(temp); } else { byte[] falsedata = new byte[1]; //失败返回空字节集 return(falsedata); } }
public static int ClrExcute(string paramstr) { try { //加载DLL LoadDlls(); if (ProcessAPI.GetProcessModule(Process.GetCurrentProcess().Id).Any(m => m.ModuleName == "ClrLoader.dll")) { CMethod2(); } else { //c# 调用c++函数 CMethod(); //c++调用c#函数 SetCallback(_cCallback); } JsonConvert.DeserializeObject("{}"); Console.ReadKey(); } catch (Exception ex) { Console.WriteLine(ex); } return(1); }
/// <summary> /// 读内存整数型 /// </summary> /// <param name="ProcessID">进程ID,-1为自进程</param> /// <param name="Address">地址 无符号整数型</param> /// <returns>返回读取值,失败返回-1</returns> public static int ReadMemInt(int ProcessID, uint Address) { //声明变量 int a = 0; byte[] temp = new byte[4]; IntPtr handle = new IntPtr(); if (ProcessID == -1) //-1读取自进程 { handle = ProcessAPI.GetCurrentProcess(); } else { handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄 } a = ReadWriteAPI.ReadProcessMemory(handle, Address, temp, 4, 0); ProcessAPI.CloseHandle(handle); //关闭对象 if (a == 0) { return(-1); //读取失败返回-1 } else { return(BitConverter.ToInt32(temp, 0)); } }
/// <summary> /// 写内存整数型 /// </summary> /// <param name="ProcessID">进程ID,-1为自进程</param> /// <param name="Address">地址 无符号整数型</param> /// <param name="Data">写入数据</param> /// <returns>返回是否成功</returns> public static bool WriteMemInt(int ProcessID, uint Address, int Data) { //声明变量 int a = 0; IntPtr handle = new IntPtr(); byte[] temp = new byte[4]; temp = BitConverter.GetBytes(Data); if (ProcessID == -1) //-1为自进程 { handle = ProcessAPI.GetCurrentProcess(); } else { handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄 } a = ReadWriteAPI.WriteProcessMemory(handle, Address, temp, 4, 0); ProcessAPI.CloseHandle(handle); //关闭对象 if (a == 0) //返回bool型 { return(false); } else { return(true); } }
/// <summary> /// 写内存字节集 /// </summary> /// <param name="ProcessID">进程ID,-1为自进程</param> /// <param name="Address">地址 无符号整数型</param> /// <param name="Data">写入数据 字节数组型</param> /// <param name="Size">写入长度 0为完整长度</param> /// <returns>返回是否成功</returns> public static bool WriteMemByteArray(int ProcessID, uint Address, byte[] Data, int Size) { //声明变量 int a = 0; IntPtr handle = new IntPtr(); if (ProcessID == -1) //-1为自进程 { handle = ProcessAPI.GetCurrentProcess(); } else { handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄 } if (Size == 0) { a = ReadWriteAPI.WriteProcessMemory(handle, Address, Data, Data.Length, 0); } else { a = ReadWriteAPI.WriteProcessMemory(handle, Address, Data, Size, 0); } ProcessAPI.CloseHandle(handle); //关闭对象 if (a == 0) //返回bool型 { return(false); } else { return(true); } }
private void NetDetailForm_Load(object sender, EventArgs e) { #region 启动任务 IP = GetIP(); Task.Factory.StartNew(() => { try { while (!this.IsDisposed) { GetNetProcess(); this.dataGridView1.Invoke(new Action(() => { foreach (var p in netProcesses) { bool inView = false; for (int i = 0; i < dataGridView1.Rows.Count; i++) { if (dataGridView1.Rows[i].Cells["Column3"].Value.ToString() == p.ProcessID.ToString()) { inView = true; dataGridView1.Rows[i].Cells["Column4"].Value = ByteConvertTool.Fmt(p.UpLoad) + "/s"; dataGridView1.Rows[i].Cells["Column7"].Value = ByteConvertTool.Fmt(p.UpLoadCount); dataGridView1.Rows[i].Cells["Column5"].Value = ByteConvertTool.Fmt(p.DownLoad) + "/s"; dataGridView1.Rows[i].Cells["Column8"].Value = ByteConvertTool.Fmt(p.DownLoadCount); dataGridView1.Rows[i].Cells["Column6"].Value = ByteConvertTool.Fmt(p.UpLoadCount + p.DownLoadCount); } } if (!inView) { dataGridView1.Rows.Add(new object[] { p.ProcessICon, ProcessAPI.GetProcessNameByPID(p.ProcessID), p.ProcessID.ToString(), ByteConvertTool.Fmt(p.UpLoad) + "/s", ByteConvertTool.Fmt(p.UpLoadCount), ByteConvertTool.Fmt(p.DownLoad) + "/s", ByteConvertTool.Fmt(p.DownLoadCount), ByteConvertTool.Fmt(p.UpLoadCount + p.DownLoadCount) }); } } })); CalcBagFlow(); this.status.Invoke(new Action(() => { status.Text = string.Format("信息:IP:{0},上传流量:{1},下载流量:{2}", IP, ByteConvertTool.Fmt(NetWorkService.NowSent), ByteConvertTool.Fmt(NetWorkService.NowReceived)); status.Text += string.Format(",单位时间:{0}分钟,上传流量:{1},下载流量:{2},下次刷新时间:{3}", NetWorkService.ThresholdTime, ByteConvertTool.Fmt(NetWorkService.UnitSent), ByteConvertTool.Fmt(NetWorkService.UnitReceived), NetWorkService.CalcTime.ToString("yyyy-MM-dd HH:mm:ss")); })); Thread.Sleep(1000); } } catch { } }); CaptureInit(); Task.Factory.StartNew(() => { try { _rs.Capture(); } catch { } }); #endregion }
/// <summary> /// 读内存整数型2 /// </summary> /// <param name="ProcessID">进程ID</param> /// <param name="Address">地址</param> /// <param name="Offsets">偏移量 整数数组</param> /// <returns>返回读取值,失败返回-1</returns> public static int ReadMemInt2(int ProcessID, uint Address, uint[] Offsets) { //声明变量 int t_data = 0; uint t_add = Address; IntPtr handle = new IntPtr(); if (ProcessID == -1) //-1读取自进程 { handle = ProcessAPI.GetCurrentProcess(); } else { handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄 } for (int i = 0; i < Offsets.Length; i++) { t_data = ReadMemInt(ProcessID, t_add); t_add = (uint)t_data + Offsets[i]; } t_data = ReadMemInt(ProcessID, t_add); ProcessAPI.CloseHandle(handle); //关闭对象 if (t_data == 0) { return(-1); //失败返回-1 } else { return(t_data); } }
static void Main(string[] args) { var strPid = args.Length > 0 ? args[0] : null; if (int.TryParse(strPid, out int pid)) { RemoteExcuteAPI.InjectDLL(pid, InjectNativeDll); ProcessAPI.LoadLibrary(InjectNativeDll); var module = ProcessAPI.GetProcessModule(Process.GetCurrentProcess().Id).First(m => m.ModuleName == InjectNativeDll); var startProc = ProcessAPI.GetProcAddress(module.BaseAddress, "Start") - (int)module.BaseAddress; var remotModule = ProcessAPI.GetProcessModule(pid).First(m => m.ModuleName == InjectNativeDll); RemoteExcuteAPI.ExcuteRemoteFunction(pid, remotModule.BaseAddress + (int)startProc, Encoding.Unicode.GetBytes(Directory.GetCurrentDirectory() + "\\" + InjectSharpDll)); } }
private void endProcessToolStripMenuItem_Click(object sender, EventArgs e) { if (MessageBox.Show(this, "确定要关闭此进程吗?", "SocketsViewer", MessageBoxButtons.YesNo, MessageBoxIcon.Asterisk, MessageBoxDefaultButton.Button2) == DialogResult.Yes) { try { var row = dataGridView1.Rows[dataGridView1.SelectedCells[0].RowIndex]; var pid = int.Parse(row.Cells[0].Value.ToString()); ProcessAPI.GetProcessByPID(pid).Kill(); dataGridView1.Rows.Remove(row); } catch { } } }
public static void SendProConnRecord(ProConnRecordBag rec) { try { rec.Name = ProcessAPI.GetProcessNameByPID(int.Parse(rec.Name)); if (!string.IsNullOrWhiteSpace(rec.Name) && rec.Name.ToLower() != "idle") { string rsJson = JsonTool.ToStr(rec); string path = R.Paths.BasePath + @"ProConnRec"; if (!Directory.Exists(path)) { Directory.CreateDirectory(path); } //Write(string.Format(path + @"\{0}-{1}.txt", DateTime.Now.ToString("yyyyMMddHHmmss"), rec.Name), rsJson); SendHelper.Send("43", rsJson); } } catch { } }
static void Main(string[] args) { var pid = Process.GetProcessesByName("DemoWinFormApp").First().Id; if (!File.Exists(InjectNativeDll)) { Console.WriteLine($"{InjectNativeDll} not exists!"); return; } ProcessAPI.LoadLibrary(InjectNativeDll); var module = ProcessAPI.GetProcessModule(Process.GetCurrentProcess().Id).FirstOrDefault(m => m.ModuleName == InjectNativeDll); if (module == null) { Console.WriteLine("locale native dll load failed!"); return; } var startProc = ProcessAPI.GetProcAddress(module.BaseAddress, "LoadClrLibrary") - (int)module.BaseAddress; RemoteExcuteAPI.InjectDLL(pid, Directory.GetCurrentDirectory() + "\\" + InjectNativeDll); WindowsApi.ProcessModule remotModule = null; for (int i = 0; i < 10 && remotModule == null; i++) { remotModule = ProcessAPI.GetProcessModule(pid).FirstOrDefault(m => m.ModuleName == InjectNativeDll); if (remotModule == null) { Thread.Sleep(100); } } if (remotModule == null) { Console.WriteLine("remote native dll load failed!"); return; } if (!RemoteExcuteAPI.ExcuteRemoteFunction(pid, remotModule.BaseAddress + (int)startProc, GetParamAddress)) { Console.WriteLine("excute remote function failed!"); } }
private static void AddTCPNetProcess(TcpRow item) { try { var _netProcess = netProcesses.FirstOrDefault(x => x.ProcessID == item.owningPid); if (_netProcess == null) { _netProcess = new NetProcess() { ProcessID = item.owningPid }; netProcesses.Add(_netProcess); } if (_netProcess.Ports.FirstOrDefault(x => x.Port == item.LocalPort) == null) { _netProcess.ProcessICon = ProcessAPI.GetIcon(item.owningPid, true); } _netProcess.Ports.Add(GetTcpProcessPort(item)); } catch (Exception e) { } }
private void AddUDPNetProcess(UdpRow item) { try { var _netProcess = netProcesses.FirstOrDefault(x => x.ProcessID == item.owningPid); if (_netProcess == null) { _netProcess = new NetProcess() { ProcessID = item.owningPid, ProcessName = ProcessAPI.GetProcessNameByPID(item.owningPid) }; netProcesses.Add(_netProcess); } if (_netProcess.Ports.FirstOrDefault(x => x.Port == item.LocalPort) == null) { _netProcess.ProcessICon = ProcessAPI.GetIcon(item.owningPid, true); _netProcess.Ports.Add(GetUDPProcessPort(item)); } } catch (Exception e) { } }
private static void AddTCPNetPro(TcpRow item, List <NetProcess> proList) { try { var _netProcess = proList.FirstOrDefault(x => x.ProcessID == item.owningPid); if (_netProcess == null) { _netProcess = new NetProcess() { ProcessID = item.owningPid, ProcessName = ProcessAPI.GetProcessNameByPID(item.owningPid) }; proList.Add(_netProcess); } if (_netProcess.Ports.FirstOrDefault(x => x.Port == item.LocalPort) == null) { _netProcess.ProcessICon = ProcessAPI.GetIcon(item.owningPid, true); } _netProcess.Ports.Add(GetTcpProPort(item)); } catch (Exception e) { } }
public HttpResponseMessage Get(string name, int incoming_date) { ProcessAPI api = new ProcessAPI(); return(api.getAllCodes(name, incoming_date)); }
public MulticoreProcess(ProcessAPI.Linux.Process p) { process = p; }
private void button1_Click(object sender, EventArgs e) { button1.Enabled = false; var pName = textBox1.Text; var lIp = textBox2.Text; var lPort = textBox3.Text; var rIp = textBox4.Text; var rPort = textBox5.Text; var tps = NetProcessAPI.GetAllTcpConnections(); var ups = NetProcessAPI.GetAllUdpConnections(); dataGridView1.Rows.Clear(); foreach (var p in tps) { if (!string.IsNullOrEmpty(pName) && ProcessAPI.GetProcessNameByPID(p.owningPid).IndexOf(pName, StringComparison.OrdinalIgnoreCase) == -1) { continue; } if (!string.IsNullOrEmpty(lIp) && p.LocalAddress.ToString() != lIp) { continue; } if (!string.IsNullOrEmpty(lPort) && p.LocalPort.ToString() != lPort) { continue; } if (!string.IsNullOrEmpty(rIp) && p.RemoteAddress.ToString() != rIp) { continue; } if (!string.IsNullOrEmpty(rPort) && p.RemotePort.ToString() != rPort) { continue; } dataGridView1.Rows.Add(new object[] { p.owningPid.ToString(), ProcessAPI.GetIcon(p.owningPid, true), ProcessAPI.GetProcessNameByPID(p.owningPid), "TCP", p.LocalAddress.ToString(), p.LocalPort.ToString(), p.RemoteAddress.ToString(), p.RemotePort.ToString() }); } if (!string.IsNullOrEmpty(rIp) || !string.IsNullOrEmpty(rPort)) { button1.Enabled = true; return; } foreach (var p in ups) { if (!string.IsNullOrEmpty(pName) && ProcessAPI.GetProcessNameByPID(p.owningPid).IndexOf(pName, StringComparison.OrdinalIgnoreCase) == -1) { continue; } if (!string.IsNullOrEmpty(lIp) && p.LocalAddress.ToString() != lIp) { continue; } if (!string.IsNullOrEmpty(lPort) && p.LocalPort.ToString() != lPort) { continue; } dataGridView1.Rows.Add(new object[] { p.owningPid.ToString(), ProcessAPI.GetIcon(p.owningPid, true), ProcessAPI.GetProcessNameByPID(p.owningPid), "UDP", p.LocalAddress.ToString(), p.LocalPort.ToString(), "", "" }); } for (int i = 0; i < this.dataGridView1.Rows.Count; i++) { DataGridViewRow r = this.dataGridView1.Rows[i]; r.HeaderCell.Value = string.Format("{0}", i + 1); } this.dataGridView1.Refresh(); button1.Enabled = true; }
private void button1_Click(object sender, EventArgs e) { dataGridView1.Rows.Clear(); //tcp if (this.comboBox1.SelectedText == "" || this.comboBox1.SelectedText == "全部" || this.comboBox1.SelectedText == "TCP") { var processNames = new List <string>(); var allConns = NetProcessAPI.GetAllTcpConnections(); //pid if (!string.IsNullOrEmpty(this.textBox1.Text)) { var t = this.textBox1.Text.Split(','); foreach (var p in t) { if (Int64.TryParse(p.Trim(), out long pid)) { allConns = allConns.Where(x => x.owningPid == pid).ToArray(); } else { processNames.Add(p.Trim()); } } } //local port if (!string.IsNullOrEmpty(this.textBox2.Text)) { var t = this.textBox2.Text.Split(','); foreach (var p in t) { if (Int32.TryParse(p.Trim(), out int port)) { allConns = allConns.Where(x => x.LocalPort == port).ToArray(); } } } //remote port if (!string.IsNullOrEmpty(this.textBox3.Text)) { var t = this.textBox3.Text.Split(','); foreach (var p in t) { if (Int32.TryParse(p.Trim(), out int port)) { allConns = allConns.Where(x => x.RemotePort == port).ToArray(); } } } if (allConns.Any()) { foreach (var p in allConns) { var pname = ProcessAPI.GetProcessNameByPID(p.owningPid); if (!processNames.Any() || processNames.Any(x => x.ToLower().Contains(pname.ToLower()))) { var icon = ProcessAPI.GetIcon(p.owningPid, true); dataGridView1.Rows.Add(new object[] { icon, pname + " " + p.owningPid, "TCP", p.LocalAddress.ToString(), p.LocalPort.ToString(), p.RemoteAddress.ToString(), p.RemotePort.ToString(), p.state.ToString() }); } } } } //udp if (this.comboBox1.SelectedText == "" || this.comboBox1.SelectedText == "全部" || this.comboBox1.SelectedText == "UDP") { var allUconns = NetProcessAPI.GetAllUdpConnections(); var processNames = new List <string>(); //pid if (!string.IsNullOrEmpty(this.textBox1.Text)) { var t = this.textBox1.Text.Split(','); foreach (var p in t) { if (Int64.TryParse(p.Trim(), out long pid)) { allUconns = allUconns.Where(x => x.owningPid == pid).ToArray(); } else { processNames.Add(p.Trim()); } } } //local port if (!string.IsNullOrEmpty(this.textBox2.Text)) { var t = this.textBox2.Text.Split(','); foreach (var p in t) { if (Int32.TryParse(p.Trim(), out int port)) { allUconns = allUconns.Where(x => x.LocalPort == port).ToArray(); } } } if (allUconns != null) { foreach (var p in allUconns) { var pname = ProcessAPI.GetProcessNameByPID(p.owningPid); if (!processNames.Any() || processNames.Any(x => pname.ToLower().Contains(x.ToLower()))) { var icon = ProcessAPI.GetIcon(p.owningPid, true); dataGridView1.Rows.Add(new object[] { icon, pname + " " + p.owningPid, "UDP", p.LocalAddress.ToString(), p.LocalPort.ToString(), "-", "-", "-" }); } } } } }