public DbgProcessImpl(DbgManagerImpl owner, Dispatcher dispatcher, int pid, DbgProcessState state, bool shouldDetach) { lockObj = new object(); engineInfos = new List <EngineInfo>(); threads = new List <DbgThread>(); this.owner = owner ?? throw new ArgumentNullException(nameof(owner)); this.state = state; cachedIsRunning = CalculateIsRunning_NoLock(); Id = pid; ShouldDetach = shouldDetach; const int dwDesiredAccess = NativeMethods.PROCESS_VM_OPERATION | NativeMethods.PROCESS_VM_READ | NativeMethods.PROCESS_VM_WRITE | NativeMethods.PROCESS_QUERY_LIMITED_INFORMATION; hProcess = NativeMethods.OpenProcess(dwDesiredAccess, false, pid); if (hProcess.IsInvalid) { throw new InvalidOperationException($"Couldn't open process {pid}, error: 0x{Marshal.GetLastWin32Error():X8}"); } Bitness = ProcessUtilities.GetBitness(hProcess.DangerousGetHandle()); Architecture = GetArchitecture(Bitness); OperatingSystem = GetOperatingSystem(); var info = GetProcessName(pid); Filename = info.filename ?? string.Empty; Name = info.name ?? string.Empty; debugging = CalculateDebugging_NoLock(); new DelayedIsRunningHelper(this, dispatcher, RaiseDelayedIsRunningChanged_DbgThread); }
public DbgProcessImpl(DbgManagerImpl owner, Dispatcher dispatcher, ulong pid, DbgProcessState state, bool shouldDetach) { lockObj = new object(); engineInfos = new List <EngineInfo>(); threads = new List <DbgThread>(); this.owner = owner ?? throw new ArgumentNullException(nameof(owner)); this.state = state; cachedIsRunning = CalculateIsRunning_NoLock(); Id = pid; ShouldDetach = shouldDetach; const int dwDesiredAccess = NativeMethods.PROCESS_VM_OPERATION | NativeMethods.PROCESS_VM_READ | NativeMethods.PROCESS_VM_WRITE | NativeMethods.PROCESS_QUERY_LIMITED_INFORMATION; hProcess = NativeMethods.OpenProcess(dwDesiredAccess, false, (int)pid); if (hProcess.IsInvalid) { throw new InvalidOperationException($"Couldn't open process {pid}"); } Bitness = ProcessUtilities.GetBitness(hProcess.DangerousGetHandle()); Machine = GetMachine(Bitness); Filename = GetProcessFilename(pid) ?? string.Empty; Name = Path.GetFileName(Filename); new DelayedIsRunningHelper(this, dispatcher, RaiseDelayedIsRunningChanged_DbgThread); }
static (string name, string title, string filename, string commandLine, string arch) GetDefaultPropertiesCore(ProcessProvider processProvider, AttachProgramOptions attachProgramOptions) { string name = null, title = null, filename = null, commandLine = null, arch = null; var process = processProvider.GetProcess(attachProgramOptions.ProcessId); if (process != null) { if (attachProgramOptions.Name == null) { name = Path.GetFileName(attachProgramOptions.Filename ?? process.MainModule.FileName); } if (attachProgramOptions.Filename == null) { filename = process.MainModule.FileName; } if (attachProgramOptions.CommandLine == null) { commandLine = Win32CommandLineProvider.TryGetCommandLine(process.Handle); } if (attachProgramOptions.Title == null) { title = process.MainWindowTitle; } if (attachProgramOptions.Architecture == null) { switch (ProcessUtilities.GetBitness(process.Handle)) { case 32: arch = PredefinedArchitectureNames.X86; break; case 64: arch = PredefinedArchitectureNames.X64; break; default: arch = "???"; break; } } } return(name, title, filename, commandLine, arch); }
static string TryGetCommandLineCore(IntPtr hProcess) { int ptrSize = ProcessUtilities.GetBitness(hProcess) / 8; if (ptrSize == 8 && IntPtr.Size == 4) { return(null); // Can't read it } ushort cmdlineLength; IntPtr cmdlineBuffer; bool b; if (ptrSize == 4) { PROCESS_BASIC_INFORMATION32 pbi = default; int hr = NtQueryInformationProcess32(hProcess, ProcessBasicInformation, ref pbi, PROCESS_BASIC_INFORMATION32.SIZE, out int returnLength); if (hr != 0 || pbi.PebBaseAddress == 0) { return(null); } IntPtr userProcessParamsAddr; b = ReadProcessMemory(hProcess, (byte *)pbi.PebBaseAddress + ProcessParametersOffset32, &userProcessParamsAddr, new IntPtr(ptrSize), out var bytesRead); if (!b || bytesRead.ToInt64() != ptrSize) { return(null); } UNICODE_STRING32 unicodeString; b = ReadProcessMemory(hProcess, (byte *)userProcessParamsAddr + CommandLineOffset32, &unicodeString, new IntPtr(UNICODE_STRING32.SIZE), out bytesRead); if (!b || bytesRead.ToInt64() != UNICODE_STRING32.SIZE) { return(null); } cmdlineLength = unicodeString.Length; cmdlineBuffer = IntPtr.Size == 4 ? new IntPtr((int)unicodeString.Buffer) : new IntPtr(unicodeString.Buffer); } else { PROCESS_BASIC_INFORMATION64 pbi = default; int hr = NtQueryInformationProcess64(hProcess, ProcessBasicInformation, ref pbi, PROCESS_BASIC_INFORMATION64.SIZE, out int returnLength); if (hr != 0 || pbi.PebBaseAddress == 0) { return(null); } IntPtr userProcessParamsAddr; b = ReadProcessMemory(hProcess, (byte *)pbi.PebBaseAddress + ProcessParametersOffset64, &userProcessParamsAddr, new IntPtr(ptrSize), out var bytesRead); if (!b || bytesRead.ToInt64() != ptrSize) { return(null); } UNICODE_STRING64 unicodeString; b = ReadProcessMemory(hProcess, (byte *)userProcessParamsAddr + CommandLineOffset64, &unicodeString, new IntPtr(UNICODE_STRING64.SIZE), out bytesRead); if (!b || bytesRead.ToInt64() != UNICODE_STRING64.SIZE) { return(null); } cmdlineLength = unicodeString.Length; cmdlineBuffer = new IntPtr((long)unicodeString.Buffer); } if (cmdlineLength <= 0 || cmdlineBuffer == IntPtr.Zero) { return(string.Empty); } cmdlineLength &= 0xFFFE; var cmdLineChars = new char[cmdlineLength / 2]; fixed(void *p = cmdLineChars) { b = ReadProcessMemory(hProcess, cmdlineBuffer.ToPointer(), p, new IntPtr(cmdlineLength), out var bytesRead); if (!b || bytesRead.ToInt64() != cmdlineLength) { return(null); } } return(new string(cmdLineChars)); }