Exemple #1
0
        public DbgProcessImpl(DbgManagerImpl owner, Dispatcher dispatcher, int pid, DbgProcessState state, bool shouldDetach)
        {
            lockObj         = new object();
            engineInfos     = new List <EngineInfo>();
            threads         = new List <DbgThread>();
            this.owner      = owner ?? throw new ArgumentNullException(nameof(owner));
            this.state      = state;
            cachedIsRunning = CalculateIsRunning_NoLock();
            Id           = pid;
            ShouldDetach = shouldDetach;

            const int dwDesiredAccess = NativeMethods.PROCESS_VM_OPERATION | NativeMethods.PROCESS_VM_READ |
                                        NativeMethods.PROCESS_VM_WRITE | NativeMethods.PROCESS_QUERY_LIMITED_INFORMATION;

            hProcess = NativeMethods.OpenProcess(dwDesiredAccess, false, pid);
            if (hProcess.IsInvalid)
            {
                throw new InvalidOperationException($"Couldn't open process {pid}, error: 0x{Marshal.GetLastWin32Error():X8}");
            }

            Bitness         = ProcessUtilities.GetBitness(hProcess.DangerousGetHandle());
            Architecture    = GetArchitecture(Bitness);
            OperatingSystem = GetOperatingSystem();
            var info = GetProcessName(pid);

            Filename  = info.filename ?? string.Empty;
            Name      = info.name ?? string.Empty;
            debugging = CalculateDebugging_NoLock();

            new DelayedIsRunningHelper(this, dispatcher, RaiseDelayedIsRunningChanged_DbgThread);
        }
Exemple #2
0
        public DbgProcessImpl(DbgManagerImpl owner, Dispatcher dispatcher, ulong pid, DbgProcessState state, bool shouldDetach)
        {
            lockObj         = new object();
            engineInfos     = new List <EngineInfo>();
            threads         = new List <DbgThread>();
            this.owner      = owner ?? throw new ArgumentNullException(nameof(owner));
            this.state      = state;
            cachedIsRunning = CalculateIsRunning_NoLock();
            Id           = pid;
            ShouldDetach = shouldDetach;

            const int dwDesiredAccess = NativeMethods.PROCESS_VM_OPERATION | NativeMethods.PROCESS_VM_READ |
                                        NativeMethods.PROCESS_VM_WRITE | NativeMethods.PROCESS_QUERY_LIMITED_INFORMATION;

            hProcess = NativeMethods.OpenProcess(dwDesiredAccess, false, (int)pid);
            if (hProcess.IsInvalid)
            {
                throw new InvalidOperationException($"Couldn't open process {pid}");
            }

            Bitness  = ProcessUtilities.GetBitness(hProcess.DangerousGetHandle());
            Machine  = GetMachine(Bitness);
            Filename = GetProcessFilename(pid) ?? string.Empty;
            Name     = Path.GetFileName(Filename);

            new DelayedIsRunningHelper(this, dispatcher, RaiseDelayedIsRunningChanged_DbgThread);
        }
Exemple #3
0
        static (string name, string title, string filename, string commandLine, string arch) GetDefaultPropertiesCore(ProcessProvider processProvider, AttachProgramOptions attachProgramOptions)
        {
            string name = null, title = null, filename = null, commandLine = null, arch = null;

            var process = processProvider.GetProcess(attachProgramOptions.ProcessId);

            if (process != null)
            {
                if (attachProgramOptions.Name == null)
                {
                    name = Path.GetFileName(attachProgramOptions.Filename ?? process.MainModule.FileName);
                }
                if (attachProgramOptions.Filename == null)
                {
                    filename = process.MainModule.FileName;
                }
                if (attachProgramOptions.CommandLine == null)
                {
                    commandLine = Win32CommandLineProvider.TryGetCommandLine(process.Handle);
                }
                if (attachProgramOptions.Title == null)
                {
                    title = process.MainWindowTitle;
                }
                if (attachProgramOptions.Architecture == null)
                {
                    switch (ProcessUtilities.GetBitness(process.Handle))
                    {
                    case 32: arch = PredefinedArchitectureNames.X86; break;

                    case 64: arch = PredefinedArchitectureNames.X64; break;

                    default: arch = "???"; break;
                    }
                }
            }

            return(name, title, filename, commandLine, arch);
        }
Exemple #4
0
        static string TryGetCommandLineCore(IntPtr hProcess)
        {
            int ptrSize = ProcessUtilities.GetBitness(hProcess) / 8;

            if (ptrSize == 8 && IntPtr.Size == 4)
            {
                return(null);               // Can't read it
            }
            ushort cmdlineLength;
            IntPtr cmdlineBuffer;
            bool   b;

            if (ptrSize == 4)
            {
                PROCESS_BASIC_INFORMATION32 pbi = default;
                int hr = NtQueryInformationProcess32(hProcess, ProcessBasicInformation, ref pbi, PROCESS_BASIC_INFORMATION32.SIZE, out int returnLength);
                if (hr != 0 || pbi.PebBaseAddress == 0)
                {
                    return(null);
                }

                IntPtr userProcessParamsAddr;
                b = ReadProcessMemory(hProcess, (byte *)pbi.PebBaseAddress + ProcessParametersOffset32, &userProcessParamsAddr, new IntPtr(ptrSize), out var bytesRead);
                if (!b || bytesRead.ToInt64() != ptrSize)
                {
                    return(null);
                }

                UNICODE_STRING32 unicodeString;
                b = ReadProcessMemory(hProcess, (byte *)userProcessParamsAddr + CommandLineOffset32, &unicodeString, new IntPtr(UNICODE_STRING32.SIZE), out bytesRead);
                if (!b || bytesRead.ToInt64() != UNICODE_STRING32.SIZE)
                {
                    return(null);
                }
                cmdlineLength = unicodeString.Length;
                cmdlineBuffer = IntPtr.Size == 4 ? new IntPtr((int)unicodeString.Buffer) : new IntPtr(unicodeString.Buffer);
            }
            else
            {
                PROCESS_BASIC_INFORMATION64 pbi = default;
                int hr = NtQueryInformationProcess64(hProcess, ProcessBasicInformation, ref pbi, PROCESS_BASIC_INFORMATION64.SIZE, out int returnLength);
                if (hr != 0 || pbi.PebBaseAddress == 0)
                {
                    return(null);
                }

                IntPtr userProcessParamsAddr;
                b = ReadProcessMemory(hProcess, (byte *)pbi.PebBaseAddress + ProcessParametersOffset64, &userProcessParamsAddr, new IntPtr(ptrSize), out var bytesRead);
                if (!b || bytesRead.ToInt64() != ptrSize)
                {
                    return(null);
                }

                UNICODE_STRING64 unicodeString;
                b = ReadProcessMemory(hProcess, (byte *)userProcessParamsAddr + CommandLineOffset64, &unicodeString, new IntPtr(UNICODE_STRING64.SIZE), out bytesRead);
                if (!b || bytesRead.ToInt64() != UNICODE_STRING64.SIZE)
                {
                    return(null);
                }
                cmdlineLength = unicodeString.Length;
                cmdlineBuffer = new IntPtr((long)unicodeString.Buffer);
            }

            if (cmdlineLength <= 0 || cmdlineBuffer == IntPtr.Zero)
            {
                return(string.Empty);
            }
            cmdlineLength &= 0xFFFE;
            var cmdLineChars = new char[cmdlineLength / 2];

            fixed(void *p = cmdLineChars)
            {
                b = ReadProcessMemory(hProcess, cmdlineBuffer.ToPointer(), p, new IntPtr(cmdlineLength), out var bytesRead);
                if (!b || bytesRead.ToInt64() != cmdlineLength)
                {
                    return(null);
                }
            }

            return(new string(cmdLineChars));
        }