public void GetAppName()
{
string fileName = "";
string name = "";
uint pid = 0;
User32.GetWindowThreadProcessId(Window, out pid);
uint capacity = 1024;
Kernel32.SafeHPROCESS process = Kernel32.OpenProcess(ACCESS_MASK.GENERIC_READ, false, pid);
StringBuilder stringBuilder = new StringBuilder((int)capacity);
bool success = Kernel32.QueryFullProcessImageName(process, Kernel32.PROCESS_NAME.PROCESS_NAME_WIN32, stringBuilder, ref capacity);
if (!success)
{
fileName = string.Empty;
}
fileName = stringBuilder.ToString();
switch (fileName)
{
case "C:\\Windows\\System32\\ApplicationFrameHost.exe":
case "":
name = GetWindowTitle();
break;
default:
FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo(fileName);
name = myFileVersionInfo.FileDescription;
break;
}
AppName = name;
}
public bool OpenProcess()
{
Process[] processes = Process.GetProcessesByName(_processName);
if (processes.Length != 1)
{
return(false);
}
// Required rights : 0x0010 | 0x0400 | 0x0020 | 0x0008
_process = Kernel32.OpenProcess(ACCESS_MASK.GENERIC_ALL, true, (uint)processes[0].Id);
if (processes[0].MainModule == null)
{
throw new Exception("Process main module is null.");
}
_processLocation = processes[0].MainModule.FileName;
return(true);
}
// Inject the dll with by creating a remote thread on LoadLibraryW
public void Inject(Process p)
{
Kernel32.SafeHPROCESS proc = Kernel32.OpenProcess(new ACCESS_MASK(Kernel32.ProcessAccess.PROCESS_ALL_ACCESS), false, (uint)p.Id);
if (!proc.IsNull && !proc.IsInvalid)
{
IntPtr loadLib = Kernel32.GetProcAddress(Kernel32.LoadLibrary("kernel32.dll"), "LoadLibraryW");
if (loadLib == IntPtr.Zero)
{
Console.WriteLine("LoadLibaryW not found");
return;
}
byte[] DllPathBytes = DllPath.GetBytes(true, CharSet.Unicode); // Unicode for wide chars
IntPtr alloc = Kernel32.VirtualAllocEx(proc, IntPtr.Zero, DllPathBytes.Length, Kernel32.MEM_ALLOCATION_TYPE.MEM_COMMIT, Kernel32.MEM_PROTECTION.PAGE_EXECUTE_READWRITE);
if (alloc == IntPtr.Zero)
{
Console.WriteLine("Couldn't allocate");
return;
}
if (!Kernel32.WriteProcessMemory(proc, alloc, DllPathBytes, DllPathBytes.Length, out _))
{
Console.WriteLine("Couldn't write " + Kernel32.GetLastError());
return;
}
Kernel32.SafeHTHREAD thread = Kernel32.CreateRemoteThread(proc, null, 0, loadLib, alloc, 0, out _);
if (!thread.IsNull && !thread.IsInvalid)
{
Console.WriteLine("Injected!");
Kernel32.WaitForSingleObject(thread, Kernel32.INFINITE); // Wait until the dll is injected, so the path can be freed later
thread.Close();
}
Kernel32.VirtualFreeEx(proc, alloc, 0, Kernel32.MEM_ALLOCATION_TYPE.MEM_RELEASE); // Free path from the target's memory (alloc's existence is ensured above)
}
proc.Close();
}
public static WindowInformation GetUWPWindowInformation(string PackageFamilyName, uint?WithPID = null)
{
WindowInformation Info = null;
User32.EnumWindowsProc Callback = new User32.EnumWindowsProc((HWND hWnd, IntPtr lParam) =>
{
StringBuilder SbClassName = new StringBuilder(260);
if (User32.GetClassName(hWnd, SbClassName, SbClassName.Capacity) > 0)
{
string ClassName = SbClassName.ToString();
// Minimized : "Windows.UI.Core.CoreWindow" top window
// Normal : "Windows.UI.Core.CoreWindow" child of "ApplicationFrameWindow"
if (ClassName == "ApplicationFrameWindow")
{
if (Shell32.SHGetPropertyStoreForWindow(hWnd, new Guid("{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}"), out object PropertyStore).Succeeded)
{
Ole32.PROPVARIANT Prop = new Ole32.PROPVARIANT();
((PropSys.IPropertyStore)PropertyStore).GetValue(Ole32.PROPERTYKEY.System.AppUserModel.ID, Prop);
string AUMID = Prop.pwszVal;
if (!string.IsNullOrEmpty(AUMID) && AUMID.Contains(PackageFamilyName))
{
WindowState State = WindowState.Normal;
if (User32.GetWindowRect(hWnd, out RECT CurrentRect))
{
IntPtr RectWorkAreaPtr = Marshal.AllocHGlobal(Marshal.SizeOf <RECT>());
try
{
if (User32.SystemParametersInfo(User32.SPI.SPI_GETWORKAREA, 0, RectWorkAreaPtr, User32.SPIF.None))
{
RECT WorkAreaRect = Marshal.PtrToStructure <RECT>(RectWorkAreaPtr);
//If Window rect is out of SPI_GETWORKAREA, it means it's maximized;
if (CurrentRect.left < WorkAreaRect.left && CurrentRect.top < WorkAreaRect.top && CurrentRect.right > WorkAreaRect.right && CurrentRect.bottom > WorkAreaRect.bottom)
{
State = WindowState.Maximized;
}
}
}
finally
{
Marshal.FreeHGlobal(RectWorkAreaPtr);
}
}
HWND hWndFind = User32.FindWindowEx(hWnd, IntPtr.Zero, "Windows.UI.Core.CoreWindow", null);
if (!hWndFind.IsNull)
{
if (User32.GetWindowThreadProcessId(hWndFind, out uint PID) > 0)
{
if (WithPID != null && WithPID.Value != PID)
{
return(true);
}
using (Kernel32.SafeHPROCESS ProcessHandle = Kernel32.OpenProcess(new ACCESS_MASK(0x1000), false, PID))
{
if (!ProcessHandle.IsInvalid && !ProcessHandle.IsNull)
{
uint Size = 260;
StringBuilder PackageFamilyNameBuilder = new StringBuilder((int)Size);
if (Kernel32.GetPackageFamilyName(ProcessHandle, ref Size, PackageFamilyNameBuilder).Succeeded)
{
if (PackageFamilyNameBuilder.ToString() == PackageFamilyName && User32.IsWindowVisible(hWnd))
{
Size = 260;
StringBuilder ProcessImageName = new StringBuilder((int)Size);
if (Kernel32.QueryFullProcessImageName(ProcessHandle, 0, ProcessImageName, ref Size))
{
Info = new WindowInformation(ProcessImageName.ToString(), PID, State, hWnd);
}
else
{
Info = new WindowInformation(string.Empty, PID, State, hWnd);
}
return(false);
}
}
}
}
}
}
}
}
}
}
return(true);
});
User32.EnumWindows(Callback, IntPtr.Zero);
return(Info);
}
