private bool ProtectQuery(int pid, out bool allowKernelMode, out ProcessAccess processAccess, out ThreadAccess threadAccess) { try { using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights)) KProcessHacker.Instance.ProtectQuery(phandle, out allowKernelMode, out processAccess, out threadAccess); return true; } catch { allowKernelMode = true; processAccess = 0; threadAccess = 0; return false; } }
static OSVersion() { System.Version version = Environment.OSVersion.Version; if (version.Major == 5 && version.Minor == 1) _windowsVersion = WindowsVersion.XP; else if (version.Major == 5 && version.Minor == 2) _windowsVersion = WindowsVersion.Server2003; else if (version.Major == 6 && version.Minor == 0) _windowsVersion = WindowsVersion.Vista; else if (version.Major == 6 && version.Minor == 1) _windowsVersion = WindowsVersion.Seven; else if ((version.Major == 6 && version.Minor > 1) || version.Major > 6) _windowsVersion = WindowsVersion.Unreleased; if (IsBelow(WindowsVersion.Vista)) { _hasSetAccessToken = true; } if (IsAboveOrEqual(WindowsVersion.Vista)) { _minProcessQueryInfoAccess = ProcessAccess.QueryLimitedInformation; _minThreadQueryInfoAccess = ThreadAccess.QueryLimitedInformation; _minThreadSetInfoAccess = ThreadAccess.SetLimitedInformation; _hasCycleTime = true; _hasProtectedProcesses = true; _hasPsSuspendResumeProcess = true; _hasQueryLimitedInformation = true; _hasTaskDialogs = true; _hasUac = true; _hasWin32ImageFileName = true; } if (IsAboveOrEqual(WindowsVersion.Seven)) { _hasExtendedTaskbar = true; } }
static OSVersion() { System.Version version = Environment.OSVersion.Version; if (version.Major == 5 && version.Minor == 0) _windowsVersion = WindowsVersion.TwoThousand; else if (version.Major == 5 && version.Minor == 1) _windowsVersion = WindowsVersion.XP; else if (version.Major == 5 && version.Minor == 2) _windowsVersion = WindowsVersion.Server2003; else if (version.Major == 6 && version.Minor == 0) _windowsVersion = WindowsVersion.Vista; else if (version.Major == 6 && version.Minor == 1) _windowsVersion = WindowsVersion.Seven; else _windowsVersion = WindowsVersion.Unknown; if (_windowsVersion != WindowsVersion.Unknown) { if (IsAboveOrEqual(WindowsVersion.XP)) { _hasThemes = true; } if (IsBelow(WindowsVersion.Vista)) { _hasSetAccessToken = true; } if (IsAboveOrEqual(WindowsVersion.Vista)) { _minProcessQueryInfoAccess = ProcessAccess.QueryLimitedInformation; _minThreadQueryInfoAccess = ThreadAccess.QueryLimitedInformation; _minThreadSetInfoAccess = ThreadAccess.SetLimitedInformation; _hasCycleTime = true; _hasIoPriority = true; _hasPagePriority = true; _hasProtectedProcesses = true; _hasPsSuspendResumeProcess = true; _hasQueryLimitedInformation = true; _hasTaskDialogs = true; _hasUac = true; _hasWin32ImageFileName = true; } if (IsAboveOrEqual(WindowsVersion.Seven)) { _hasExtendedTaskbar = true; } } _versionString = Environment.OSVersion.VersionString; }
public static AutoDispose<IntPtr> OpenThreadHandle(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId) { IntPtr handle = OpenThread(dwDesiredAccess, bInheritHandle, dwThreadId); if (handle == IntPtr.Zero || handle == INVALID_HANDLE_VALUE) { return null; } return new AutoDispose<IntPtr>(handle, (target) => CloseHandle(target)); }
internal static extern SafeAccessTokenHandle OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
public void ProtectAdd(ProcessHandle processHandle, bool allowKernelMode, ProcessAccess ProcessAllowMask, ThreadAccess ThreadAllowMask) { byte* inData = stackalloc byte[16]; *(int*)inData = processHandle; *(int*)(inData + 0x4) = allowKernelMode ? 1 : 0; *(int*)(inData + 0x8) = (int)ProcessAllowMask; *(int*)(inData + 0xc) = (int)ThreadAllowMask; _fileHandle.IoControl(CtlCode(Control.ProtectAdd), inData, 16, null, 0); }
private static extern SafeWin32Handle OpenThread(ThreadAccess dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwThreadId);
public void ProtectAdd(ProcessHandle processHandle, bool allowKernelMode, ProcessAccess ProcessAllowMask, ThreadAccess ThreadAllowMask) { byte *inData = stackalloc byte[16]; *(int *)inData = processHandle; *(int *)(inData + 0x4) = allowKernelMode ? 1 : 0; *(int *)(inData + 0x8) = (int)ProcessAllowMask; *(int *)(inData + 0xc) = (int)ThreadAllowMask; _fileHandle.IoControl(CtlCode(Control.ProtectAdd), inData, 16, null, 0); }
public void ProtectQuery(ProcessHandle processHandle, out bool AllowKernelMode, out ProcessAccess ProcessAllowMask, out ThreadAccess ThreadAllowMask) { byte * inData = stackalloc byte[16]; int allowKernelMode; ProcessAccess processAllowMask; ThreadAccess threadAllowMask; *(int *)inData = processHandle; *(int *)(inData + 0x4) = (int)&allowKernelMode; *(int *)(inData + 0x8) = (int)&processAllowMask; *(int *)(inData + 0xc) = (int)&threadAllowMask; _fileHandle.IoControl(CtlCode(Control.ProtectQuery), inData, 16, null, 0); AllowKernelMode = allowKernelMode != 0; ProcessAllowMask = processAllowMask; ThreadAllowMask = threadAllowMask; }
public static IntPtr Thread_GetHandle(int ThreadID, ThreadAccess DesiredAccess) { return OpenThread(DesiredAccess, false, ThreadID); }
internal static extern SafeThreadHandle OpenThread(ThreadAccess desiredAccess, bool inheritHandle, int threadId);
public static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwThreadId);
public static extern IntPtr OpenThread(ThreadAccess threadAccess, bool inheritHandle, uint threadId);
internal static extern SafeWin32Handle OpenThread(ThreadAccess dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwThreadId);
public void ProtectQuery(ProcessHandle processHandle, out bool AllowKernelMode, out ProcessAccess ProcessAllowMask, out ThreadAccess ThreadAllowMask) { byte* inData = stackalloc byte[16]; int allowKernelMode; ProcessAccess processAllowMask; ThreadAccess threadAllowMask; *(int*)inData = processHandle; *(int*)(inData + 0x4) = (int)&allowKernelMode; *(int*)(inData + 0x8) = (int)&processAllowMask; *(int*)(inData + 0xc) = (int)&threadAllowMask; _fileHandle.IoControl(CtlCode(Control.ProtectQuery), inData, 16, null, 0); AllowKernelMode = allowKernelMode != 0; ProcessAllowMask = processAllowMask; ThreadAllowMask = threadAllowMask; }
private bool ProtectQuery(int pid, out bool allowKernelMode, out ProcessAccess processAccess, out ThreadAccess threadAccess) { try { using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights)) KProcessHacker.Instance.ProtectQuery(phandle, out allowKernelMode, out processAccess, out threadAccess); return(true); } catch { allowKernelMode = true; processAccess = 0; threadAccess = 0; return(false); } }
public int KphOpenThread(int tid, ThreadAccess desiredAccess) { byte* inData = stackalloc byte[8]; byte* outData = stackalloc byte[4]; *(int*)inData = tid; *(uint*)(inData + 4) = (uint)desiredAccess; _fileHandle.IoControl(CtlCode(Control.KphOpenThread), inData, 8, outData, 4); return *(int*)outData; }
private static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, System.UInt32 dwThreadId);
public static extern IntPtr OpenThread( ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
public static void Main(string[] args) { Dictionary<string, string> pArgs = null; Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); if (Environment.Version.Major < 2) { PhUtils.ShowError("You must have .NET Framework 2.0 or higher to use Process Hacker."); Environment.Exit(1); } Application.ThreadException += new ThreadExceptionEventHandler(Application_ThreadException); AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(CurrentDomain_UnhandledException); Application.SetUnhandledExceptionMode(UnhandledExceptionMode.CatchException, true); try { pArgs = ParseArgs(args); } catch { ShowCommandLineUsage(); pArgs = new Dictionary<string, string>(); } if (pArgs.ContainsKey("-h") || pArgs.ContainsKey("-help") || pArgs.ContainsKey("-?")) { ShowCommandLineUsage(); return; } if (pArgs.ContainsKey("-recovered")) { ProcessHackerRestartRecovery.ApplicationRestartRecoveryManager.RecoverLastSession(); } if (pArgs.ContainsKey("-elevate")) { StartProcessHackerAdmin(); return; } try { if (pArgs.ContainsKey("-nokph")) NoKph = true; if (Properties.Settings.Default.AllowOnlyOneInstance && !(pArgs.ContainsKey("-e") || pArgs.ContainsKey("-o") || pArgs.ContainsKey("-pw") || pArgs.ContainsKey("-pt")) ) CheckForPreviousInstance(); } catch { } try { if (Properties.Settings.Default.NeedsUpgrade) { try { Properties.Settings.Default.Upgrade(); } catch (Exception ex) { Logging.Log(ex); PhUtils.ShowWarning("Process Hacker could not upgrade its settings from a previous version."); } Properties.Settings.Default.NeedsUpgrade = false; } } catch { } VerifySettings(); ThreadPool.SetMinThreads(1, 1); ThreadPool.SetMaxThreads(2, 2); WorkQueue.GlobalWorkQueue.MaxWorkerThreads = 3; try { GlobalMutex = new ProcessHacker.Native.Threading.Mutant(GlobalMutexName); } catch (Exception ex) { Logging.Log(ex); } try { using (var thandle = ProcessHandle.GetCurrent().GetToken()) { try { thandle.SetPrivilege("SeDebugPrivilege", SePrivilegeAttributes.Enabled); } catch { } try { thandle.SetPrivilege("SeIncreaseBasePriorityPrivilege", SePrivilegeAttributes.Enabled); } catch { } try { thandle.SetPrivilege("SeLoadDriverPrivilege", SePrivilegeAttributes.Enabled); } catch { } try { thandle.SetPrivilege("SeRestorePrivilege", SePrivilegeAttributes.Enabled); } catch { } try { thandle.SetPrivilege("SeShutdownPrivilege", SePrivilegeAttributes.Enabled); } catch { } try { thandle.SetPrivilege("SeTakeOwnershipPrivilege", SePrivilegeAttributes.Enabled); } catch { } if (OSVersion.HasUac) { try { ElevationType = thandle.GetElevationType(); } catch { ElevationType = TokenElevationType.Full; } if (ElevationType == TokenElevationType.Default && !(new WindowsPrincipal(WindowsIdentity.GetCurrent())). IsInRole(WindowsBuiltInRole.Administrator)) ElevationType = TokenElevationType.Limited; else if (ElevationType == TokenElevationType.Default) ElevationType = TokenElevationType.Full; } else { ElevationType = TokenElevationType.Full; } } } catch (Exception ex) { Logging.Log(ex); } try { if ( IntPtr.Size == 4 && Properties.Settings.Default.EnableKPH && !NoKph && !pArgs.ContainsKey("-installkph") && !pArgs.ContainsKey("-uninstallkph") ) KProcessHacker.Instance = new KProcessHacker("KProcessHacker"); } catch { } MinProcessQueryRights = OSVersion.MinProcessQueryInfoAccess; MinThreadQueryRights = OSVersion.MinThreadQueryInfoAccess; if (KProcessHacker.Instance != null) { MinProcessGetHandleInformationRights = MinProcessQueryRights; MinProcessReadMemoryRights = MinProcessQueryRights; MinProcessWriteMemoryRights = MinProcessQueryRights; } try { CurrentUsername = System.Security.Principal.WindowsIdentity.GetCurrent().Name; } catch (Exception ex) { Logging.Log(ex); } try { CurrentProcessId = Win32.GetCurrentProcessId(); CurrentSessionId = Win32.GetProcessSessionId(Win32.GetCurrentProcessId()); System.Threading.Thread.CurrentThread.Priority = ThreadPriority.Highest; } catch (Exception ex) { Logging.Log(ex); } if (ProcessCommandLine(pArgs)) return; Win32.FileIconInit(true); LoadProviders(); Windows.GetProcessName = (pid) => ProcessProvider.Dictionary.ContainsKey(pid) ? ProcessProvider.Dictionary[pid].Name : null; SharedWaiter = new ProcessHacker.Native.Threading.Waiter(); new HackerWindow(); Application.Run(); }
public static void Main(string[] args) { Dictionary<string, string> pArgs; Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); if (Environment.Version.Major < 2) { PhUtils.ShowError("You must have .NET Framework 2.0 or higher to use Process Hacker."); Environment.Exit(1); } // Check OS support. if (OSVersion.IsBelow(WindowsVersion.TwoThousand) || OSVersion.IsAbove(WindowsVersion.Eight)) { PhUtils.ShowWarning("Your operating system is not supported by Process Hacker."); } #if !DEBUG // Setup exception handling at first opportunity. Application.ThreadException += new ThreadExceptionEventHandler(Application_ThreadException); AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(CurrentDomain_UnhandledException); Application.SetUnhandledExceptionMode(UnhandledExceptionMode.CatchException, true); #endif try { pArgs = ParseArgs(args); } catch { ShowCommandLineUsage(); pArgs = new Dictionary<string, string>(); } try { if ( // Only load KPH if it's enabled. Settings.Instance.EnableKPH && !NoKph && // Don't load KPH if we're going to install/uninstall it. !pArgs.ContainsKey("-installkph") && !pArgs.ContainsKey("-uninstallkph") ) KProcessHacker2.Instance = new KProcessHacker2(); } catch { } if (pArgs.ContainsKey("-h") || pArgs.ContainsKey("-help") || pArgs.ContainsKey("-?")) { ShowCommandLineUsage(); return; } if (pArgs.ContainsKey("-elevate")) { // Propagate arguments. pArgs.Remove("-elevate"); StartProcessHackerAdmin(Utils.JoinCommandLine(pArgs), null); return; } LoadSettings(!pArgs.ContainsKey("-nosettings"), pArgs.ContainsKey("-settings") ? pArgs["-settings"] : null); try { if (pArgs.ContainsKey("-nokph")) NoKph = true; if (Settings.Instance.AllowOnlyOneInstance && !(pArgs.ContainsKey("-e") || pArgs.ContainsKey("-o") || pArgs.ContainsKey("-pw") || pArgs.ContainsKey("-pt")) ) ActivatePreviousInstance(); } catch { } WorkQueue.GlobalWorkQueue.MaxWorkerThreads = Environment.ProcessorCount; // Create or open the Process Hacker mutex, used only by the installer. try { GlobalMutex = new ProcessHacker.Native.Threading.Mutant(GlobalMutexName); } catch (Exception ex) { Logging.Log(ex); } try { using (TokenHandle thandle = ProcessHandle.Current.GetToken()) { thandle.TrySetPrivilege("SeDebugPrivilege", SePrivilegeAttributes.Enabled); thandle.TrySetPrivilege("SeIncreaseBasePriorityPrivilege", SePrivilegeAttributes.Enabled); thandle.TrySetPrivilege("SeLoadDriverPrivilege", SePrivilegeAttributes.Enabled); thandle.TrySetPrivilege("SeRestorePrivilege", SePrivilegeAttributes.Enabled); thandle.TrySetPrivilege("SeShutdownPrivilege", SePrivilegeAttributes.Enabled); thandle.TrySetPrivilege("SeTakeOwnershipPrivilege", SePrivilegeAttributes.Enabled); if (OSVersion.HasUac) { try { ElevationType = thandle.ElevationType; } catch { ElevationType = TokenElevationType.Full; } if (ElevationType == TokenElevationType.Default && !(new WindowsPrincipal(WindowsIdentity.GetCurrent())). IsInRole(WindowsBuiltInRole.Administrator)) ElevationType = TokenElevationType.Limited; else if (ElevationType == TokenElevationType.Default) ElevationType = TokenElevationType.Full; } else { ElevationType = TokenElevationType.Full; } } } catch (Exception ex) { Logging.Log(ex); } MinProcessQueryRights = OSVersion.MinProcessQueryInfoAccess; MinThreadQueryRights = OSVersion.MinThreadQueryInfoAccess; //if (KProcessHacker2.Instance != null) //{ // MinProcessGetHandleInformationRights = MinProcessQueryRights; // MinProcessReadMemoryRights = MinProcessQueryRights; // MinProcessWriteMemoryRights = MinProcessQueryRights; //} try { CurrentUsername = System.Security.Principal.WindowsIdentity.GetCurrent().Name; } catch (Exception ex) { Logging.Log(ex); } try { CurrentProcessId = Win32.GetCurrentProcessId(); CurrentSessionId = Win32.GetProcessSessionId(Win32.GetCurrentProcessId()); Thread.CurrentThread.Priority = ThreadPriority.Highest; } catch (Exception ex) { Logging.Log(ex); } if (ProcessCommandLine(pArgs)) return; Win32.FileIconInit(true); LoadProviders(); Windows.GetProcessName = pid => ProcessProvider.Dictionary.ContainsKey(pid) ? ProcessProvider.Dictionary[pid].Name : null; // Create the shared waiter. SharedWaiter = new ProcessHacker.Native.Threading.Waiter(); HackerWindow = new HackerWindow(); Application.Run(); }
public static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint ThreadId);
private static extern IntPtr OpenThread( ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
internal static extern nuint OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);