private bool ProtectQuery(int pid, out bool allowKernelMode, out ProcessAccess processAccess, out ThreadAccess threadAccess)
{
try
{
using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights))
KProcessHacker.Instance.ProtectQuery(phandle, out allowKernelMode, out processAccess, out threadAccess);
return true;
}
catch
{
allowKernelMode = true;
processAccess = 0;
threadAccess = 0;
return false;
}
}
static OSVersion()
{
System.Version version = Environment.OSVersion.Version;
if (version.Major == 5 && version.Minor == 1)
_windowsVersion = WindowsVersion.XP;
else if (version.Major == 5 && version.Minor == 2)
_windowsVersion = WindowsVersion.Server2003;
else if (version.Major == 6 && version.Minor == 0)
_windowsVersion = WindowsVersion.Vista;
else if (version.Major == 6 && version.Minor == 1)
_windowsVersion = WindowsVersion.Seven;
else if ((version.Major == 6 && version.Minor > 1) || version.Major > 6)
_windowsVersion = WindowsVersion.Unreleased;
if (IsBelow(WindowsVersion.Vista))
{
_hasSetAccessToken = true;
}
if (IsAboveOrEqual(WindowsVersion.Vista))
{
_minProcessQueryInfoAccess = ProcessAccess.QueryLimitedInformation;
_minThreadQueryInfoAccess = ThreadAccess.QueryLimitedInformation;
_minThreadSetInfoAccess = ThreadAccess.SetLimitedInformation;
_hasCycleTime = true;
_hasProtectedProcesses = true;
_hasPsSuspendResumeProcess = true;
_hasQueryLimitedInformation = true;
_hasTaskDialogs = true;
_hasUac = true;
_hasWin32ImageFileName = true;
}
if (IsAboveOrEqual(WindowsVersion.Seven))
{
_hasExtendedTaskbar = true;
}
}
static OSVersion()
{
System.Version version = Environment.OSVersion.Version;
if (version.Major == 5 && version.Minor == 0)
_windowsVersion = WindowsVersion.TwoThousand;
else if (version.Major == 5 && version.Minor == 1)
_windowsVersion = WindowsVersion.XP;
else if (version.Major == 5 && version.Minor == 2)
_windowsVersion = WindowsVersion.Server2003;
else if (version.Major == 6 && version.Minor == 0)
_windowsVersion = WindowsVersion.Vista;
else if (version.Major == 6 && version.Minor == 1)
_windowsVersion = WindowsVersion.Seven;
else
_windowsVersion = WindowsVersion.Unknown;
if (_windowsVersion != WindowsVersion.Unknown)
{
if (IsAboveOrEqual(WindowsVersion.XP))
{
_hasThemes = true;
}
if (IsBelow(WindowsVersion.Vista))
{
_hasSetAccessToken = true;
}
if (IsAboveOrEqual(WindowsVersion.Vista))
{
_minProcessQueryInfoAccess = ProcessAccess.QueryLimitedInformation;
_minThreadQueryInfoAccess = ThreadAccess.QueryLimitedInformation;
_minThreadSetInfoAccess = ThreadAccess.SetLimitedInformation;
_hasCycleTime = true;
_hasIoPriority = true;
_hasPagePriority = true;
_hasProtectedProcesses = true;
_hasPsSuspendResumeProcess = true;
_hasQueryLimitedInformation = true;
_hasTaskDialogs = true;
_hasUac = true;
_hasWin32ImageFileName = true;
}
if (IsAboveOrEqual(WindowsVersion.Seven))
{
_hasExtendedTaskbar = true;
}
}
_versionString = Environment.OSVersion.VersionString;
}
public static AutoDispose<IntPtr> OpenThreadHandle(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId)
{
IntPtr handle = OpenThread(dwDesiredAccess, bInheritHandle, dwThreadId);
if (handle == IntPtr.Zero || handle == INVALID_HANDLE_VALUE)
{
return null;
}
return new AutoDispose<IntPtr>(handle, (target) => CloseHandle(target));
}
internal static extern SafeAccessTokenHandle OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
public void ProtectAdd(ProcessHandle processHandle, bool allowKernelMode, ProcessAccess ProcessAllowMask, ThreadAccess ThreadAllowMask)
{
byte* inData = stackalloc byte[16];
*(int*)inData = processHandle;
*(int*)(inData + 0x4) = allowKernelMode ? 1 : 0;
*(int*)(inData + 0x8) = (int)ProcessAllowMask;
*(int*)(inData + 0xc) = (int)ThreadAllowMask;
_fileHandle.IoControl(CtlCode(Control.ProtectAdd), inData, 16, null, 0);
}
private static extern SafeWin32Handle OpenThread(ThreadAccess dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwThreadId);
public void ProtectAdd(ProcessHandle processHandle, bool allowKernelMode, ProcessAccess ProcessAllowMask, ThreadAccess ThreadAllowMask)
{
byte *inData = stackalloc byte[16];
*(int *)inData = processHandle;
*(int *)(inData + 0x4) = allowKernelMode ? 1 : 0;
*(int *)(inData + 0x8) = (int)ProcessAllowMask;
*(int *)(inData + 0xc) = (int)ThreadAllowMask;
_fileHandle.IoControl(CtlCode(Control.ProtectAdd), inData, 16, null, 0);
}
public void ProtectQuery(ProcessHandle processHandle, out bool AllowKernelMode, out ProcessAccess ProcessAllowMask, out ThreadAccess ThreadAllowMask)
{
byte * inData = stackalloc byte[16];
int allowKernelMode;
ProcessAccess processAllowMask;
ThreadAccess threadAllowMask;
*(int *)inData = processHandle;
*(int *)(inData + 0x4) = (int)&allowKernelMode;
*(int *)(inData + 0x8) = (int)&processAllowMask;
*(int *)(inData + 0xc) = (int)&threadAllowMask;
_fileHandle.IoControl(CtlCode(Control.ProtectQuery), inData, 16, null, 0);
AllowKernelMode = allowKernelMode != 0;
ProcessAllowMask = processAllowMask;
ThreadAllowMask = threadAllowMask;
}
public static IntPtr Thread_GetHandle(int ThreadID, ThreadAccess DesiredAccess)
{
return OpenThread(DesiredAccess, false, ThreadID);
}
internal static extern SafeThreadHandle OpenThread(ThreadAccess desiredAccess, bool inheritHandle, int threadId);
public static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
uint dwThreadId);
public static extern IntPtr OpenThread(ThreadAccess threadAccess, bool inheritHandle, uint threadId);
internal static extern SafeWin32Handle OpenThread(ThreadAccess dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwThreadId);
public void ProtectQuery(ProcessHandle processHandle, out bool AllowKernelMode, out ProcessAccess ProcessAllowMask, out ThreadAccess ThreadAllowMask)
{
byte* inData = stackalloc byte[16];
int allowKernelMode;
ProcessAccess processAllowMask;
ThreadAccess threadAllowMask;
*(int*)inData = processHandle;
*(int*)(inData + 0x4) = (int)&allowKernelMode;
*(int*)(inData + 0x8) = (int)&processAllowMask;
*(int*)(inData + 0xc) = (int)&threadAllowMask;
_fileHandle.IoControl(CtlCode(Control.ProtectQuery), inData, 16, null, 0);
AllowKernelMode = allowKernelMode != 0;
ProcessAllowMask = processAllowMask;
ThreadAllowMask = threadAllowMask;
}
private bool ProtectQuery(int pid, out bool allowKernelMode, out ProcessAccess processAccess, out ThreadAccess threadAccess)
{
try
{
using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights))
KProcessHacker.Instance.ProtectQuery(phandle, out allowKernelMode, out processAccess, out threadAccess);
return(true);
}
catch
{
allowKernelMode = true;
processAccess = 0;
threadAccess = 0;
return(false);
}
}
public int KphOpenThread(int tid, ThreadAccess desiredAccess)
{
byte* inData = stackalloc byte[8];
byte* outData = stackalloc byte[4];
*(int*)inData = tid;
*(uint*)(inData + 4) = (uint)desiredAccess;
_fileHandle.IoControl(CtlCode(Control.KphOpenThread), inData, 8, outData, 4);
return *(int*)outData;
}
private static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, System.UInt32 dwThreadId);
public static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
uint dwThreadId);
public static extern IntPtr OpenThread(
ThreadAccess dwDesiredAccess,
bool bInheritHandle,
uint dwThreadId);
public static void Main(string[] args)
{
Dictionary<string, string> pArgs = null;
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
if (Environment.Version.Major < 2)
{
PhUtils.ShowError("You must have .NET Framework 2.0 or higher to use Process Hacker.");
Environment.Exit(1);
}
Application.ThreadException += new ThreadExceptionEventHandler(Application_ThreadException);
AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(CurrentDomain_UnhandledException);
Application.SetUnhandledExceptionMode(UnhandledExceptionMode.CatchException, true);
try
{
pArgs = ParseArgs(args);
}
catch
{
ShowCommandLineUsage();
pArgs = new Dictionary<string, string>();
}
if (pArgs.ContainsKey("-h") || pArgs.ContainsKey("-help") || pArgs.ContainsKey("-?"))
{
ShowCommandLineUsage();
return;
}
if (pArgs.ContainsKey("-recovered"))
{
ProcessHackerRestartRecovery.ApplicationRestartRecoveryManager.RecoverLastSession();
}
if (pArgs.ContainsKey("-elevate"))
{
StartProcessHackerAdmin();
return;
}
try
{
if (pArgs.ContainsKey("-nokph"))
NoKph = true;
if (Properties.Settings.Default.AllowOnlyOneInstance &&
!(pArgs.ContainsKey("-e") || pArgs.ContainsKey("-o") ||
pArgs.ContainsKey("-pw") || pArgs.ContainsKey("-pt"))
)
CheckForPreviousInstance();
}
catch
{ }
try
{
if (Properties.Settings.Default.NeedsUpgrade)
{
try
{
Properties.Settings.Default.Upgrade();
}
catch (Exception ex)
{
Logging.Log(ex);
PhUtils.ShowWarning("Process Hacker could not upgrade its settings from a previous version.");
}
Properties.Settings.Default.NeedsUpgrade = false;
}
}
catch
{ }
VerifySettings();
ThreadPool.SetMinThreads(1, 1);
ThreadPool.SetMaxThreads(2, 2);
WorkQueue.GlobalWorkQueue.MaxWorkerThreads = 3;
try
{
GlobalMutex = new ProcessHacker.Native.Threading.Mutant(GlobalMutexName);
}
catch (Exception ex)
{
Logging.Log(ex);
}
try
{
using (var thandle = ProcessHandle.GetCurrent().GetToken())
{
try { thandle.SetPrivilege("SeDebugPrivilege", SePrivilegeAttributes.Enabled); }
catch { }
try { thandle.SetPrivilege("SeIncreaseBasePriorityPrivilege", SePrivilegeAttributes.Enabled); }
catch { }
try { thandle.SetPrivilege("SeLoadDriverPrivilege", SePrivilegeAttributes.Enabled); }
catch { }
try { thandle.SetPrivilege("SeRestorePrivilege", SePrivilegeAttributes.Enabled); }
catch { }
try { thandle.SetPrivilege("SeShutdownPrivilege", SePrivilegeAttributes.Enabled); }
catch { }
try { thandle.SetPrivilege("SeTakeOwnershipPrivilege", SePrivilegeAttributes.Enabled); }
catch { }
if (OSVersion.HasUac)
{
try { ElevationType = thandle.GetElevationType(); }
catch { ElevationType = TokenElevationType.Full; }
if (ElevationType == TokenElevationType.Default &&
!(new WindowsPrincipal(WindowsIdentity.GetCurrent())).
IsInRole(WindowsBuiltInRole.Administrator))
ElevationType = TokenElevationType.Limited;
else if (ElevationType == TokenElevationType.Default)
ElevationType = TokenElevationType.Full;
}
else
{
ElevationType = TokenElevationType.Full;
}
}
}
catch (Exception ex)
{
Logging.Log(ex);
}
try
{
if (
IntPtr.Size == 4 &&
Properties.Settings.Default.EnableKPH &&
!NoKph &&
!pArgs.ContainsKey("-installkph") && !pArgs.ContainsKey("-uninstallkph")
)
KProcessHacker.Instance = new KProcessHacker("KProcessHacker");
}
catch
{ }
MinProcessQueryRights = OSVersion.MinProcessQueryInfoAccess;
MinThreadQueryRights = OSVersion.MinThreadQueryInfoAccess;
if (KProcessHacker.Instance != null)
{
MinProcessGetHandleInformationRights = MinProcessQueryRights;
MinProcessReadMemoryRights = MinProcessQueryRights;
MinProcessWriteMemoryRights = MinProcessQueryRights;
}
try
{
CurrentUsername = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
}
catch (Exception ex)
{
Logging.Log(ex);
}
try
{
CurrentProcessId = Win32.GetCurrentProcessId();
CurrentSessionId = Win32.GetProcessSessionId(Win32.GetCurrentProcessId());
System.Threading.Thread.CurrentThread.Priority = ThreadPriority.Highest;
}
catch (Exception ex)
{
Logging.Log(ex);
}
if (ProcessCommandLine(pArgs))
return;
Win32.FileIconInit(true);
LoadProviders();
Windows.GetProcessName = (pid) =>
ProcessProvider.Dictionary.ContainsKey(pid) ?
ProcessProvider.Dictionary[pid].Name :
null;
SharedWaiter = new ProcessHacker.Native.Threading.Waiter();
new HackerWindow();
Application.Run();
}
private static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, System.UInt32 dwThreadId);
public static void Main(string[] args)
{
Dictionary<string, string> pArgs;
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
if (Environment.Version.Major < 2)
{
PhUtils.ShowError("You must have .NET Framework 2.0 or higher to use Process Hacker.");
Environment.Exit(1);
}
// Check OS support.
if (OSVersion.IsBelow(WindowsVersion.TwoThousand) || OSVersion.IsAbove(WindowsVersion.Eight))
{
PhUtils.ShowWarning("Your operating system is not supported by Process Hacker.");
}
#if !DEBUG
// Setup exception handling at first opportunity.
Application.ThreadException += new ThreadExceptionEventHandler(Application_ThreadException);
AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(CurrentDomain_UnhandledException);
Application.SetUnhandledExceptionMode(UnhandledExceptionMode.CatchException, true);
#endif
try
{
pArgs = ParseArgs(args);
}
catch
{
ShowCommandLineUsage();
pArgs = new Dictionary<string, string>();
}
try
{
if (
// Only load KPH if it's enabled.
Settings.Instance.EnableKPH && !NoKph &&
// Don't load KPH if we're going to install/uninstall it.
!pArgs.ContainsKey("-installkph") && !pArgs.ContainsKey("-uninstallkph")
)
KProcessHacker2.Instance = new KProcessHacker2();
}
catch
{ }
if (pArgs.ContainsKey("-h") || pArgs.ContainsKey("-help") || pArgs.ContainsKey("-?"))
{
ShowCommandLineUsage();
return;
}
if (pArgs.ContainsKey("-elevate"))
{
// Propagate arguments.
pArgs.Remove("-elevate");
StartProcessHackerAdmin(Utils.JoinCommandLine(pArgs), null);
return;
}
LoadSettings(!pArgs.ContainsKey("-nosettings"), pArgs.ContainsKey("-settings") ? pArgs["-settings"] : null);
try
{
if (pArgs.ContainsKey("-nokph"))
NoKph = true;
if (Settings.Instance.AllowOnlyOneInstance &&
!(pArgs.ContainsKey("-e") || pArgs.ContainsKey("-o") ||
pArgs.ContainsKey("-pw") || pArgs.ContainsKey("-pt"))
)
ActivatePreviousInstance();
}
catch
{ }
WorkQueue.GlobalWorkQueue.MaxWorkerThreads = Environment.ProcessorCount;
// Create or open the Process Hacker mutex, used only by the installer.
try
{
GlobalMutex = new ProcessHacker.Native.Threading.Mutant(GlobalMutexName);
}
catch (Exception ex)
{
Logging.Log(ex);
}
try
{
using (TokenHandle thandle = ProcessHandle.Current.GetToken())
{
thandle.TrySetPrivilege("SeDebugPrivilege", SePrivilegeAttributes.Enabled);
thandle.TrySetPrivilege("SeIncreaseBasePriorityPrivilege", SePrivilegeAttributes.Enabled);
thandle.TrySetPrivilege("SeLoadDriverPrivilege", SePrivilegeAttributes.Enabled);
thandle.TrySetPrivilege("SeRestorePrivilege", SePrivilegeAttributes.Enabled);
thandle.TrySetPrivilege("SeShutdownPrivilege", SePrivilegeAttributes.Enabled);
thandle.TrySetPrivilege("SeTakeOwnershipPrivilege", SePrivilegeAttributes.Enabled);
if (OSVersion.HasUac)
{
try { ElevationType = thandle.ElevationType; }
catch { ElevationType = TokenElevationType.Full; }
if (ElevationType == TokenElevationType.Default &&
!(new WindowsPrincipal(WindowsIdentity.GetCurrent())).
IsInRole(WindowsBuiltInRole.Administrator))
ElevationType = TokenElevationType.Limited;
else if (ElevationType == TokenElevationType.Default)
ElevationType = TokenElevationType.Full;
}
else
{
ElevationType = TokenElevationType.Full;
}
}
}
catch (Exception ex)
{
Logging.Log(ex);
}
MinProcessQueryRights = OSVersion.MinProcessQueryInfoAccess;
MinThreadQueryRights = OSVersion.MinThreadQueryInfoAccess;
//if (KProcessHacker2.Instance != null)
//{
// MinProcessGetHandleInformationRights = MinProcessQueryRights;
// MinProcessReadMemoryRights = MinProcessQueryRights;
// MinProcessWriteMemoryRights = MinProcessQueryRights;
//}
try
{
CurrentUsername = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
}
catch (Exception ex)
{
Logging.Log(ex);
}
try
{
CurrentProcessId = Win32.GetCurrentProcessId();
CurrentSessionId = Win32.GetProcessSessionId(Win32.GetCurrentProcessId());
Thread.CurrentThread.Priority = ThreadPriority.Highest;
}
catch (Exception ex)
{
Logging.Log(ex);
}
if (ProcessCommandLine(pArgs))
return;
Win32.FileIconInit(true);
LoadProviders();
Windows.GetProcessName = pid =>
ProcessProvider.Dictionary.ContainsKey(pid) ?
ProcessProvider.Dictionary[pid].Name :
null;
// Create the shared waiter.
SharedWaiter = new ProcessHacker.Native.Threading.Waiter();
HackerWindow = new HackerWindow();
Application.Run();
}
public static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint ThreadId);
private static extern IntPtr OpenThread(
ThreadAccess dwDesiredAccess,
bool bInheritHandle,
uint dwThreadId);
internal static extern nuint OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
