private void RefreshProcesses()
        {
            Dictionary <int, SystemProcess> processes = Windows.GetProcesses();

            listProcesses.BeginUpdate();
            listProcesses.Items.Clear();

            var generic_process = imageList.Images["generic_process"];

            imageList.Images.Clear();
            imageList.Images.Add("generic_process", generic_process);

            foreach (var process in processes.Values)
            {
                string userName = string.Empty;
                string fileName = null;

                try
                {
                    using (ProcessHandle phandle = new ProcessHandle(process.Process.ProcessId, OSVersion.MinProcessQueryInfoAccess))
                    {
                        using (TokenHandle thandle = phandle.GetToken(TokenAccess.Query))
                            using (Sid sid = thandle.User)
                                userName = sid.GetFullName(true);

                        fileName = phandle.ImageFileName;
                    }
                }
                catch
                { }

                ListViewItem item = new ListViewItem(new string[]
                {
                    process.Process.ProcessId == 0 ? "System Idle Process" : process.Name,
                    process.Process.ProcessId.ToString(),
                    userName
                });

                if (!string.IsNullOrEmpty(fileName))
                {
                    Icon fileIcon = FileUtils.GetFileIcon(fileName);

                    if (fileIcon != null)
                    {
                        imageList.Images.Add(process.Process.ProcessId.ToString(), fileIcon);
                        item.ImageKey = process.Process.ProcessId.ToString();
                    }
                }

                if (string.IsNullOrEmpty(item.ImageKey))
                {
                    item.ImageKey = "generic_process";
                }

                listProcesses.Items.Add(item);
            }

            listProcesses.EndUpdate();
        }
Exemple #2
0
        private static void DumpProcessToken(MemoryObject processMo, int pid)
        {
            using (var tokenMo = processMo.CreateChild("Token"))
            {
                using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights))
                {
                    BinaryWriter bw = new BinaryWriter(tokenMo.GetWriteStream());

                    using (var thandle = phandle.GetToken(TokenAccess.Query))
                    {
                        Sid user = thandle.GetUser();

                        bw.Write("UserName", user.GetFullName(true));
                        bw.Write("UserStringSid", user.StringSid);
                        bw.Write("OwnerName", thandle.GetOwner().GetFullName(true));
                        bw.Write("PrimaryGroupName", thandle.GetPrimaryGroup().GetFullName(true));
                        bw.Write("SessionId", thandle.GetSessionId());

                        if (OSVersion.HasUac)
                        {
                            bw.Write("Elevated", thandle.IsElevated());
                            bw.Write("VirtualizationAllowed", thandle.IsVirtualizationAllowed());
                            bw.Write("VirtualizationEnabled", thandle.IsVirtualizationEnabled());
                        }

                        var statistics = thandle.GetStatistics();

                        bw.Write("Type", (int)statistics.TokenType);
                        bw.Write("ImpersonationLevel", (int)statistics.ImpersonationLevel);
                        bw.Write("Luid", statistics.TokenId.QuadPart);
                        bw.Write("AuthenticationLuid", statistics.AuthenticationId.QuadPart);
                        bw.Write("MemoryUsed", statistics.DynamicCharged);
                        bw.Write("MemoryAvailable", statistics.DynamicAvailable);

                        var groups = thandle.GetGroups();

                        using (var groupsMo = tokenMo.CreateChild("Groups"))
                        {
                            BinaryWriter bw2 = new BinaryWriter(groupsMo.GetWriteStream());

                            for (int i = 0; i < groups.Length; i++)
                            {
                                bw2.WriteListEntry(
                                    groups[i].GetFullName(true) + ";" + ((int)groups[i].Attributes).ToString("x")
                                    );
                            }

                            bw2.Close();
                        }

                        var privileges = thandle.GetPrivileges();

                        using (var privilegesMo = tokenMo.CreateChild("Privileges"))
                        {
                            BinaryWriter bw2 = new BinaryWriter(privilegesMo.GetWriteStream());

                            for (int i = 0; i < privileges.Length; i++)
                            {
                                bw2.WriteListEntry(
                                    privileges[i].Name + ";" +
                                    privileges[i].DisplayName + ";" +
                                    ((int)privileges[i].Attributes).ToString("x")
                                    );
                            }

                            bw2.Close();
                        }
                    }

                    try
                    {
                        using (var thandle = phandle.GetToken(TokenAccess.QuerySource))
                        {
                            var source = thandle.GetSource();

                            bw.Write("SourceName", source.SourceName.TrimEnd('\0', '\r', '\n', ' '));
                            bw.Write("SourceLuid", source.SourceIdentifier.QuadPart);
                        }
                    }
                    catch
                    { }

                    bw.Close();
                }
            }
        }