public static IEnumerable <COMProcessEntry> GetProcesses(IEnumerable <Process> procs, string dbghelp_path, string symbol_path, IProgress <Tuple <string, int> > progress) { List <COMProcessEntry> ret = new List <COMProcessEntry>(); NtToken.EnableDebugPrivilege(); int total_count = procs.Count(); int current_count = 0; foreach (Process p in procs) { try { if (progress != null) { progress.Report(new Tuple <string, int>(String.Format("Parsing process {0}", p.ProcessName), 100 * current_count++ / total_count)); } COMProcessEntry proc = COMProcessParser.ParseProcess(p.Id, dbghelp_path, symbol_path); if (proc != null) { ret.Add(proc); } } catch (Win32Exception) { } finally { p.Close(); } } return(ret); }
public SelectSecurityCheckForm(bool process_security) { InitializeComponent(); _process_security = process_security; _tokens = new List <SafeTokenHandle>(); Disposed += SelectSecurityCheckForm_Disposed; string username = String.Format(@"{0}\{1}", Environment.UserDomainName, Environment.UserName); textBoxPrincipal.Text = username; COMProcessParser.EnableDebugPrivilege(); foreach (Process p in Process.GetProcesses().OrderBy(p => p.Id)) { try { using (SafeProcessHandle process = SafeProcessHandle.Open(p.Id, ProcessAccessRights.QueryInformation)) { SafeTokenHandle token = process.OpenToken(); _tokens.Add(token); ListViewItem item = listViewProcesses.Items.Add(p.Id.ToString()); item.SubItems.Add(p.ProcessName); item.SubItems.Add(process.GetUser()); item.SubItems.Add(token.GetIntegrityLevel().ToString()); item.Tag = token; } } catch { } } listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); listViewProcesses.ListViewItemSorter = new ListItemComparer(0); foreach (object value in Enum.GetValues(typeof(SecurityIntegrityLevel))) { comboBoxIL.Items.Add(value); } comboBoxIL.SelectedItem = SecurityIntegrityLevel.Low; if (process_security) { textBoxPrincipal.Enabled = false; checkBoxLocalLaunch.Enabled = false; checkBoxRemoteLaunch.Enabled = false; checkBoxLocalActivate.Enabled = false; checkBoxRemoteActivate.Enabled = false; } }
internal COMIPIDEntry(COMProcessParser.IPIDEntryNativeInterface ipid, NtProcess process, ISymbolResolver resolver) { Ipid = ipid.Ipid; Iid = ipid.Iid; Flags = (IPIDFlags)ipid.Flags; Interface = ipid.Interface; Stub = ipid.Stub; var oxid = ipid.GetOxidEntry(process); Oxid = oxid.MOxid; ServerSTAHwnd = oxid.ServerSTAHwnd; StrongRefs = ipid.StrongRefs; WeakRefs = ipid.WeakRefs; PrivateRefs = ipid.PrivateRefs; if (Interface != IntPtr.Zero) { InterfaceVTable = resolver.GetModuleRelativeAddress(COMProcessParser.ReadPointer(process, Interface)); } if (Stub != IntPtr.Zero) { StubVTable = resolver.GetModuleRelativeAddress(COMProcessParser.ReadPointer(process, Stub)); } }