private void RefreshProcesses() { Dictionary <int, SystemProcess> processes = Windows.GetProcesses(); listProcesses.BeginUpdate(); listProcesses.Items.Clear(); var generic_process = imageList.Images["generic_process"]; imageList.Images.Clear(); imageList.Images.Add("generic_process", generic_process); foreach (var process in processes.Values) { string userName = string.Empty; string fileName = null; try { using (ProcessHandle phandle = new ProcessHandle(process.Process.ProcessId, OSVersion.MinProcessQueryInfoAccess)) { using (TokenHandle thandle = phandle.GetToken(TokenAccess.Query)) using (Sid sid = thandle.User) userName = sid.GetFullName(true); fileName = phandle.ImageFileName; } } catch { } ListViewItem item = new ListViewItem(new string[] { process.Process.ProcessId == 0 ? "System Idle Process" : process.Name, process.Process.ProcessId.ToString(), userName }); if (!string.IsNullOrEmpty(fileName)) { Icon fileIcon = FileUtils.GetFileIcon(fileName); if (fileIcon != null) { imageList.Images.Add(process.Process.ProcessId.ToString(), fileIcon); item.ImageKey = process.Process.ProcessId.ToString(); } } if (string.IsNullOrEmpty(item.ImageKey)) { item.ImageKey = "generic_process"; } listProcesses.Items.Add(item); } listProcesses.EndUpdate(); }
private static void DumpProcessToken(MemoryObject processMo, int pid) { using (var tokenMo = processMo.CreateChild("Token")) { using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights)) { BinaryWriter bw = new BinaryWriter(tokenMo.GetWriteStream()); using (var thandle = phandle.GetToken(TokenAccess.Query)) { Sid user = thandle.GetUser(); bw.Write("UserName", user.GetFullName(true)); bw.Write("UserStringSid", user.StringSid); bw.Write("OwnerName", thandle.GetOwner().GetFullName(true)); bw.Write("PrimaryGroupName", thandle.GetPrimaryGroup().GetFullName(true)); bw.Write("SessionId", thandle.GetSessionId()); if (OSVersion.HasUac) { bw.Write("Elevated", thandle.IsElevated()); bw.Write("VirtualizationAllowed", thandle.IsVirtualizationAllowed()); bw.Write("VirtualizationEnabled", thandle.IsVirtualizationEnabled()); } var statistics = thandle.GetStatistics(); bw.Write("Type", (int)statistics.TokenType); bw.Write("ImpersonationLevel", (int)statistics.ImpersonationLevel); bw.Write("Luid", statistics.TokenId.QuadPart); bw.Write("AuthenticationLuid", statistics.AuthenticationId.QuadPart); bw.Write("MemoryUsed", statistics.DynamicCharged); bw.Write("MemoryAvailable", statistics.DynamicAvailable); var groups = thandle.GetGroups(); using (var groupsMo = tokenMo.CreateChild("Groups")) { BinaryWriter bw2 = new BinaryWriter(groupsMo.GetWriteStream()); for (int i = 0; i < groups.Length; i++) { bw2.WriteListEntry( groups[i].GetFullName(true) + ";" + ((int)groups[i].Attributes).ToString("x") ); } bw2.Close(); } var privileges = thandle.GetPrivileges(); using (var privilegesMo = tokenMo.CreateChild("Privileges")) { BinaryWriter bw2 = new BinaryWriter(privilegesMo.GetWriteStream()); for (int i = 0; i < privileges.Length; i++) { bw2.WriteListEntry( privileges[i].Name + ";" + privileges[i].DisplayName + ";" + ((int)privileges[i].Attributes).ToString("x") ); } bw2.Close(); } } try { using (var thandle = phandle.GetToken(TokenAccess.QuerySource)) { var source = thandle.GetSource(); bw.Write("SourceName", source.SourceName.TrimEnd('\0', '\r', '\n', ' ')); bw.Write("SourceLuid", source.SourceIdentifier.QuadPart); } } catch { } bw.Close(); } } }