private void WalkCallStack()
{
try
{
// Clear the existing frames.
listViewCallStack.BeginUpdate();
listViewCallStack.Items.Clear();
bool suspended;
try
{
_thandle.Suspend();
suspended = true;
}
catch
{
suspended = false;
}
try
{
// Process the kernel-mode stack (if KPH is present).
//if (KProcessHacker.Instance != null)
{
//this.WalkKernelStack();
}
// Process the user-mode stack.
// If we're on 64-bit and the process is running
// under WOW64, get the 32-bit stack as well.
_thandle.WalkStack(_phandle, this.WalkStackCallback);
if (OSVersion.Architecture == OSArch.Amd64 && _phandle.IsWow64)
{
_thandle.WalkStack(_phandle, this.WalkStackCallback, OSArch.I386);
}
}
finally
{
if (suspended)
{
_thandle.Resume();
}
}
}
catch (Exception ex)
{
Logging.Log(ex);
}
finally
{
listViewCallStack.EndUpdate();
}
}
private void resumeThreadMenuItem_Click(object sender, EventArgs e)
{
//if (Properties.Settings.Default.WarnDangerous && PhUtils.IsDangerousPid(_pid))
//{
// DialogResult result = MessageBox.Show("The process with PID " + _pid + " is a system process. Are you" +
// " sure you want to resume the selected thread(s)?", "Process Hacker", MessageBoxButtons.YesNo,
// MessageBoxIcon.Exclamation, MessageBoxDefaultButton.Button2);
// if (result == DialogResult.No)
// return;
//}
if (Program.ElevationType == TokenElevationType.Limited &&
KProcessHacker.Instance == null &&
Settings.Instance.ElevationLevel != (int)ElevationLevel.Never)
{
try
{
foreach (ListViewItem item in listThreads.SelectedItems)
{
using (var thandle = new ThreadHandle(int.Parse(item.SubItems[0].Text),
ThreadAccess.SuspendResume))
{ }
}
}
catch
{
string objects = "";
foreach (ListViewItem item in listThreads.SelectedItems)
objects += item.SubItems[0].Text + ",";
Program.StartProcessHackerAdmin("-e -type thread -action resume -obj \"" +
objects + "\" -hwnd " + this.Handle.ToString(), null, this.Handle);
return;
}
}
foreach (ListViewItem item in listThreads.SelectedItems)
{
try
{
using (var thandle = new ThreadHandle(Int32.Parse(item.SubItems[0].Text),
ThreadAccess.SuspendResume))
thandle.Resume();
}
catch (Exception ex)
{
if (!PhUtils.ShowContinueMessage(
"Unable to resume the thread with ID " + item.SubItems[0].Text,
ex
))
return;
}
}
}
public static void Run(IDictionary<string, string> args)
{
try
{
ThemingScope.Activate();
}
catch
{ }
if (!args.ContainsKey("-type"))
throw new Exception("-type switch required.");
string type = args["-type"].ToLower();
if (!args.ContainsKey("-obj"))
throw new Exception("-obj switch required.");
string obj = args["-obj"];
if (!args.ContainsKey("-action"))
throw new Exception("-action switch required.");
string action = args["-action"].ToLower();
WindowFromHandle window = new WindowFromHandle(IntPtr.Zero);
if (args.ContainsKey("-hwnd"))
window = new WindowFromHandle(new IntPtr(int.Parse(args["-hwnd"])));
try
{
switch (type)
{
case "processhacker":
{
switch (action)
{
case "runas":
{
using (var manager = new ServiceManagerHandle(ScManagerAccess.CreateService))
{
Random r = new Random((int)(DateTime.Now.ToFileTime() & 0xffffffff));
string serviceName = "";
for (int i = 0; i < 8; i++)
serviceName += (char)('A' + r.Next(25));
using (var service = manager.CreateService(
serviceName,
serviceName + " (Process Hacker Assistant)",
ServiceType.Win32OwnProcess,
ServiceStartType.DemandStart,
ServiceErrorControl.Ignore,
obj,
"",
"LocalSystem",
null))
{
// Create a mailslot so we can receive the error code for Assistant.
using (var mhandle = MailslotHandle.Create(
FileAccess.GenericRead, @"\Device\Mailslot\" + args["-mailslot"], 0, 5000)
)
{
try { service.Start(); }
catch { }
service.Delete();
Win32Error errorCode = (Win32Error)mhandle.Read(4).ToInt32();
if (errorCode != Win32Error.Success)
throw new WindowsException(errorCode);
}
}
}
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
case "process":
{
var processes = Windows.GetProcesses();
string[] pidStrings = obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
int[] pids = new int[pidStrings.Length];
string[] names = new string[pidStrings.Length];
for (int i = 0; i < pidStrings.Length; i++)
{
pids[i] = int.Parse(pidStrings[i]);
names[i] = processes[pids[i]].Name;
}
switch (action)
{
case "terminate":
ProcessActions.Terminate(window, pids, names, true);
break;
case "suspend":
ProcessActions.Suspend(window, pids, names, true);
break;
case "resume":
ProcessActions.Resume(window, pids, names, true);
break;
case "reduceworkingset":
ProcessActions.ReduceWorkingSet(window, pids, names, false);
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
case "thread":
{
foreach (string tid in obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
switch (action)
{
case "terminate":
{
try
{
using (var thandle =
new ThreadHandle(int.Parse(tid), ThreadAccess.Terminate))
thandle.Terminate();
}
catch (Exception ex)
{
DialogResult result = MessageBox.Show(window,
"Could not terminate thread with ID " + tid + ":\n\n" +
ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
if (result == DialogResult.Cancel)
return;
}
}
break;
case "suspend":
{
try
{
using (var thandle =
new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
thandle.Suspend();
}
catch (Exception ex)
{
DialogResult result = MessageBox.Show(window,
"Could not suspend thread with ID " + tid + ":\n\n" +
ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
if (result == DialogResult.Cancel)
return;
}
}
break;
case "resume":
{
try
{
using (var thandle =
new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
thandle.Resume();
}
catch (Exception ex)
{
DialogResult result = MessageBox.Show(window,
"Could not resume thread with ID " + tid + ":\n\n" +
ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
if (result == DialogResult.Cancel)
return;
}
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
}
break;
case "service":
{
switch (action)
{
case "start":
{
ServiceActions.Start(window, obj, false);
}
break;
case "continue":
{
ServiceActions.Continue(window, obj, false);
}
break;
case "pause":
{
ServiceActions.Pause(window, obj, false);
}
break;
case "stop":
{
ServiceActions.Stop(window, obj, false);
}
break;
case "delete":
{
ServiceActions.Delete(window, obj, true);
}
break;
case "config":
{
using (ServiceHandle service = new ServiceHandle(obj, ServiceAccess.ChangeConfig))
{
ServiceType serviceType;
if (args["-servicetype"] == "Win32OwnProcess, InteractiveProcess")
serviceType = ServiceType.Win32OwnProcess | ServiceType.InteractiveProcess;
else if (args["-servicetype"] == "Win32ShareProcess, InteractiveProcess")
serviceType = ServiceType.Win32ShareProcess | ServiceType.InteractiveProcess;
else
serviceType = (ServiceType)Enum.Parse(typeof(ServiceType), args["-servicetype"]);
var startType = (ServiceStartType)
Enum.Parse(typeof(ServiceStartType), args["-servicestarttype"]);
var errorControl = (ServiceErrorControl)
Enum.Parse(typeof(ServiceErrorControl), args["-serviceerrorcontrol"]);
string binaryPath = null;
string loadOrderGroup = null;
string userAccount = null;
string password = null;
if (args.ContainsKey("-servicebinarypath"))
binaryPath = args["-servicebinarypath"];
if (args.ContainsKey("-serviceloadordergroup"))
loadOrderGroup = args["-serviceloadordergroup"];
if (args.ContainsKey("-serviceuseraccount"))
userAccount = args["-serviceuseraccount"];
if (args.ContainsKey("-servicepassword"))
password = args["-servicepassword"];
if (!Win32.ChangeServiceConfig(service,
serviceType, startType, errorControl,
binaryPath, loadOrderGroup, IntPtr.Zero, null, userAccount, password, null))
Win32.ThrowLastError();
}
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
case "session":
{
int sessionId = int.Parse(obj);
switch (action)
{
case "disconnect":
{
SessionActions.Disconnect(window, sessionId, false);
}
break;
case "logoff":
{
SessionActions.Logoff(window, sessionId, false);
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
default:
throw new Exception("Unknown object type '" + type + "'");
}
}
catch (Exception ex)
{
MessageBox.Show(window, ex.Message, "Process Hacker", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public static void Run(IDictionary <string, string> args)
{
try
{
ThemingScope.Activate();
}
catch
{ }
if (!args.ContainsKey("-type"))
{
throw new Exception("-type switch required.");
}
string type = args["-type"].ToLowerInvariant();
if (!args.ContainsKey("-obj"))
{
throw new Exception("-obj switch required.");
}
string obj = args["-obj"];
if (!args.ContainsKey("-action"))
{
throw new Exception("-action switch required.");
}
string action = args["-action"].ToLowerInvariant();
WindowFromHandle window = new WindowFromHandle(IntPtr.Zero);
if (args.ContainsKey("-hwnd"))
{
window = new WindowFromHandle(new IntPtr(int.Parse(args["-hwnd"])));
}
try
{
switch (type)
{
case "processhacker":
{
switch (action)
{
case "runas":
{
using (var manager = new ServiceManagerHandle(ScManagerAccess.CreateService))
{
Random r = new Random((int)(DateTime.Now.ToFileTime() & 0xffffffff));
string serviceName = "";
for (int i = 0; i < 8; i++)
{
serviceName += (char)('A' + r.Next(25));
}
using (var service = manager.CreateService(
serviceName,
serviceName + " (Process Hacker Assistant)",
ServiceType.Win32OwnProcess,
ServiceStartType.DemandStart,
ServiceErrorControl.Ignore,
obj,
"",
"LocalSystem",
null))
{
// Create a mailslot so we can receive the error code for Assistant.
using (var mhandle = MailslotHandle.Create(
FileAccess.GenericRead, @"\Device\Mailslot\" + args["-mailslot"], 0, 5000)
)
{
try { service.Start(); }
catch { }
service.Delete();
Win32Error errorCode = (Win32Error)mhandle.Read(4).ToInt32();
if (errorCode != Win32Error.Success)
{
throw new WindowsException(errorCode);
}
}
}
}
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
case "process":
{
var processes = Windows.GetProcesses();
string[] pidStrings = obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
int[] pids = new int[pidStrings.Length];
string[] names = new string[pidStrings.Length];
for (int i = 0; i < pidStrings.Length; i++)
{
pids[i] = int.Parse(pidStrings[i]);
names[i] = processes[pids[i]].Name;
}
switch (action)
{
case "terminate":
ProcessActions.Terminate(window, pids, names, true);
break;
case "suspend":
ProcessActions.Suspend(window, pids, names, true);
break;
case "resume":
ProcessActions.Resume(window, pids, names, true);
break;
case "reduceworkingset":
ProcessActions.ReduceWorkingSet(window, pids, names, false);
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
case "thread":
{
foreach (string tid in obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
switch (action)
{
case "terminate":
{
try
{
using (var thandle =
new ThreadHandle(int.Parse(tid), ThreadAccess.Terminate))
thandle.Terminate();
}
catch (Exception ex)
{
DialogResult result = MessageBox.Show(window,
"Could not terminate thread with ID " + tid + ":\n\n" +
ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
if (result == DialogResult.Cancel)
{
return;
}
}
}
break;
case "suspend":
{
try
{
using (var thandle =
new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
thandle.Suspend();
}
catch (Exception ex)
{
DialogResult result = MessageBox.Show(window,
"Could not suspend thread with ID " + tid + ":\n\n" +
ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
if (result == DialogResult.Cancel)
{
return;
}
}
}
break;
case "resume":
{
try
{
using (var thandle =
new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
thandle.Resume();
}
catch (Exception ex)
{
DialogResult result = MessageBox.Show(window,
"Could not resume thread with ID " + tid + ":\n\n" +
ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
if (result == DialogResult.Cancel)
{
return;
}
}
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
}
break;
case "service":
{
switch (action)
{
case "start":
{
ServiceActions.Start(window, obj, false);
}
break;
case "continue":
{
ServiceActions.Continue(window, obj, false);
}
break;
case "pause":
{
ServiceActions.Pause(window, obj, false);
}
break;
case "stop":
{
ServiceActions.Stop(window, obj, false);
}
break;
case "delete":
{
ServiceActions.Delete(window, obj, true);
}
break;
case "config":
{
using (ServiceHandle service = new ServiceHandle(obj, ServiceAccess.ChangeConfig))
{
ServiceType serviceType;
if (args["-servicetype"] == "Win32OwnProcess, InteractiveProcess")
{
serviceType = ServiceType.Win32OwnProcess | ServiceType.InteractiveProcess;
}
else if (args["-servicetype"] == "Win32ShareProcess, InteractiveProcess")
{
serviceType = ServiceType.Win32ShareProcess | ServiceType.InteractiveProcess;
}
else
{
serviceType = (ServiceType)Enum.Parse(typeof(ServiceType), args["-servicetype"]);
}
var startType = (ServiceStartType)
Enum.Parse(typeof(ServiceStartType), args["-servicestarttype"]);
var errorControl = (ServiceErrorControl)
Enum.Parse(typeof(ServiceErrorControl), args["-serviceerrorcontrol"]);
string binaryPath = null;
string loadOrderGroup = null;
string userAccount = null;
string password = null;
if (args.ContainsKey("-servicebinarypath"))
{
binaryPath = args["-servicebinarypath"];
}
if (args.ContainsKey("-serviceloadordergroup"))
{
loadOrderGroup = args["-serviceloadordergroup"];
}
if (args.ContainsKey("-serviceuseraccount"))
{
userAccount = args["-serviceuseraccount"];
}
if (args.ContainsKey("-servicepassword"))
{
password = args["-servicepassword"];
}
if (!Win32.ChangeServiceConfig(service,
serviceType, startType, errorControl,
binaryPath, loadOrderGroup, IntPtr.Zero, null, userAccount, password, null))
{
Win32.Throw();
}
}
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
case "session":
{
int sessionId = int.Parse(obj);
switch (action)
{
case "disconnect":
{
SessionActions.Disconnect(window, sessionId, false);
}
break;
case "logoff":
{
SessionActions.Logoff(window, sessionId, false);
}
break;
default:
throw new Exception("Unknown action '" + action + "'");
}
}
break;
default:
throw new Exception("Unknown object type '" + type + "'");
}
}
catch (Exception ex)
{
MessageBox.Show(window, ex.Message, "Process Hacker", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public uint Resume()
{
return(_handle.Resume());
}
private void resumeThreadMenuItem_Click(object sender, EventArgs e)
{
if (Program.ElevationType == TokenElevationType.Limited &&
KProcessHacker.Instance == null &&
Properties.Settings.Default.ElevationLevel != (int)ElevationLevel.Never)
{
try
{
foreach (ListViewItem item in listThreads.SelectedItems)
{
using (var thandle = new ThreadHandle(int.Parse(item.SubItems[0].Text),
ThreadAccess.SuspendResume))
{ }
}
}
catch
{
string objects = "";
foreach (ListViewItem item in listThreads.SelectedItems)
objects += item.SubItems[0].Text + ",";
Program.StartProcessHackerAdmin("-e -type thread -action resume -obj \"" +
objects + "\" -hwnd " + this.Handle.ToString(), null, this.Handle);
return;
}
}
foreach (ListViewItem item in listThreads.SelectedItems)
{
try
{
using (var thandle = new ThreadHandle(Int32.Parse(item.SubItems[0].Text),
ThreadAccess.SuspendResume))
thandle.Resume();
}
catch (Exception ex)
{
if (!PhUtils.ShowContinueMessage(
"Unable to resume the thread with ID " + item.SubItems[0].Text,
ex
))
return;
}
}
}