public static void Launch(ManagedApplicationInfo processInfo, string assembly, string className,
string methodName, string text)
{
var location = Assembly.GetExecutingAssembly().Location;
var directory = Path.GetDirectoryName(location) ?? string.Empty;
var injectorLauncherExe = Path.Combine(directory, $"Snoop.InjectorLauncher.{GetSuffix(processInfo)}.exe");
if (File.Exists(injectorLauncherExe) == false)
{
var message = $@"Could not find the injector launcher ""{injectorLauncherExe}"".
Snoop requires this component, which is part of the Snoop project, to do it's job.
- If you compiled snoop yourself, you should compile all required components.
- If you downloaded snoop you should not omit any files contained in the archive you downloaded and make sure that no anti virus deleted the file.";
throw new FileNotFoundException(message, injectorLauncherExe);
}
var startInfo = new ProcessStartInfo(injectorLauncherExe, $"--t { processInfo.ProcessId} --a {assembly} --c {className} --m {methodName} --h {processInfo.HWnd.ToInt32()} --v ")
{
UseShellExecute = false,
CreateNoWindow = true,
Verb = processInfo.IsOwningProcessElevated
? "runas"
: null
};
using (var process = Process.Start(startInfo))
{
process?.WaitForExit();
}
}
public string Inspect(ManagedApplicationInfo applicationInfo)
{
var binding = new NetNamedPipeBinding();
var channelFactory = new ChannelFactory<IProcessService>(binding, ProcessServiceAddress);
IProcessService processService = channelFactory.CreateChannel();
return processService.Inspect(applicationInfo);
}
public string Inspect(ManagedApplicationInfo applicationInfo)
{
var binding = new NetNamedPipeBinding();
var channelFactory = new ChannelFactory <IProcessService>(binding, ProcessServiceAddress);
IProcessService processService = channelFactory.CreateChannel();
return(processService.Inspect(applicationInfo));
}
private static string GetSuffix(ManagedApplicationInfo windowInfo)
{
if (windowInfo.Bitness == 32)
{
return("x86");
}
return("x64");
}
public string Inspect(ManagedApplicationInfo applicationInfo)
{
#if NETCORE
var binding = new NetTcpBinding();
var channelFactory = new ChannelFactory <IProcessService>(binding, new EndpointAddress(ProcessServiceAddress));
#else
var binding = new NetNamedPipeBinding();
var channelFactory = new ChannelFactory <IProcessService>(binding, ProcessServiceNet35Address);
#endif
IProcessService processService = channelFactory.CreateChannel();
return(processService.Inspect(applicationInfo));
}
public List <ManagedApplicationInfo> GetManagedApplications()
{
_validProcessIdCache.Clear();
var managedApplications = new List <ManagedApplicationInfo>();
var checkedProcessIds = new List <int>();
foreach (var hWnd in EnumerateWindows())
{
int processId;
NativeMethods.GetWindowThreadProcessId(hWnd, out processId);
if (checkedProcessIds.Contains(processId))
{
continue;
}
if (processId == _currentProcessId)
{
continue;
}
//Process p = GetProcess(hWnd);)
string runtimeVersion;
int bitness;
bool IsNetCore;
if (GetIsManagedApplication(hWnd, processId, out runtimeVersion, out bitness, out IsNetCore))
{
IntPtr mainWindowHandle = new MainWindowFinder().FindMainWindow(processId);
string windowText = GetWindowText(mainWindowHandle);
if (mainWindowHandle == hWnd)
{
var process = Process.GetProcessById(processId);
if (!process.ProcessName.Contains("devenv") && !process.ProcessName.Contains("PresentationHost") &&
!process.ProcessName.ToLower().Contains("inspector"))
{
var applicationInfo = new ManagedApplicationInfo(windowText, hWnd, processId, runtimeVersion, bitness, IsNetCore);
applicationInfo.IsOwningProcessElevated = NativeMethods.IsProcessElevated(process);
managedApplications.Add(applicationInfo);
checkedProcessIds.Add(processId);
}
}
}
}
return(managedApplications);
}
public string Inspect(ManagedApplicationInfo applicationInfo)
{
using (var process = Process.GetProcessById(applicationInfo.ProcessId))
{
if (PlatformHelper.Is64BitProcess && PlatformHelper.IsWow64Process(process.Handle))
{
// This is a 64-bit process, so we use the 32-bit process helper to inspect the app
_process32Service.Inspect(applicationInfo);
}
else
{
// The application to inspect has the same type 32/64 bit as we do
InspectInternal(applicationInfo);
}
}
return(null);
}
public string Inspect(ManagedApplicationInfo applicationInfo)
{
try
{
using (var process = Process.GetProcessById(applicationInfo.ProcessId))
{
if (PlatformHelper.Is64BitProcess && PlatformHelper.IsWow64Process(process.Handle))
{
// This is a 64-bit process, so we use the 32-bit process helper to inspect the app
_process32Service.Inspect(applicationInfo);
}
else
{
// The application to inspect has the same type 32/64 bit as we do
InspectInternal(applicationInfo);
}
}
return null;
}
catch (Win32Exception exception)
{
return exception.Message;
}
}
private void InspectInternal(ManagedApplicationInfo applicationInfo)
{
int processId;
var threadId = (uint)NativeMethods.GetWindowThreadProcessId(applicationInfo.HWnd, out processId);
using (var process = Process.GetProcessById(processId))
{
string version = applicationInfo.RuntimeVersion.Contains("4") ? "40" : "35";
string hookName = string.Format("Hook{0}_{1}.dll", applicationInfo.Bitness, version);
IntPtr hInstance = NativeMethods.LoadLibrary(hookName);
if (hInstance == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
string methodIdentifier = string.Concat(Assembly.GetExecutingAssembly().Location,
"$ChristianMoser.WpfInspector.Hook.Inspector$Inject");
int bufLen = (methodIdentifier.Length + 1) * Marshal.SizeOf(typeof(char));
IntPtr hProcess = NativeMethods.OpenProcess(NativeMethods.ProcessAccessFlags.All, false, processId);
IntPtr remoteAdress = NativeMethods.VirtualAllocEx(hProcess, IntPtr.Zero, (uint)bufLen,
NativeMethods.AllocationType.Commit,
NativeMethods.MemoryProtection.ReadWrite);
if (remoteAdress != IntPtr.Zero)
{
IntPtr address = Marshal.StringToHGlobalUni(methodIdentifier);
uint size = (uint)(sizeof(char) * methodIdentifier.Length);
int bytesWritten;
NativeMethods.WriteProcessMemory(hProcess, remoteAdress, address, size, out bytesWritten);
if (bytesWritten == 0)
{
throw Marshal.GetExceptionForHR(Marshal.GetLastWin32Error());
}
UIntPtr procAdress = NativeMethods.GetProcAddress(hInstance, "MessageHookProc");
if (procAdress == UIntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
_hookHandle = NativeMethods.SetWindowsHookEx(NativeMethods.HookType.WH_CALLWNDPROC, procAdress, hInstance, threadId);
if (_hookHandle != IntPtr.Zero)
{
NativeMethods.SendMessage(applicationInfo.HWnd, _wmInspect, remoteAdress, IntPtr.Zero);
NativeMethods.UnhookWindowsHookEx(_hookHandle);
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
NativeMethods.VirtualFreeEx(process.Handle, remoteAdress, bufLen, NativeMethods.AllocationType.Release);
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
NativeMethods.FreeLibrary(hInstance);
}
}
private void InspectInternal(ManagedApplicationInfo applicationInfo)
{
InjectorLauncher.Launch(applicationInfo, "Inspector", "ChristianMoser.WpfInspector.Hook.Inspector", "Inject", "d");
}
public List<ManagedApplicationInfo> GetManagedApplications()
{
_validProcessIdCache.Clear();
var managedApplications = new List<ManagedApplicationInfo>();
var checkedProcessIds = new List<int>();
foreach (var hWnd in EnumerateWindows())
{
int processId;
NativeMethods.GetWindowThreadProcessId(hWnd, out processId);
if (checkedProcessIds.Contains(processId))
{
continue;
}
if (processId == _currentProcessId)
continue;
//Process p = GetProcess(hWnd);)
string runtimeVersion;
int bitness;
if (GetIsManagedApplication(hWnd, processId, out runtimeVersion, out bitness) )
{
IntPtr mainWindowHandle = new MainWindowFinder().FindMainWindow(processId);
string windowText = GetWindowText(mainWindowHandle);
if (mainWindowHandle == hWnd)
{
var process = Process.GetProcessById(processId);
if (!process.ProcessName.Contains("devenv") && !process.ProcessName.Contains("PresentationHost")
&& !process.ProcessName.ToLower().Contains("inspector"))
{
var applicationInfo = new ManagedApplicationInfo(windowText, hWnd, processId, runtimeVersion, bitness);
managedApplications.Add(applicationInfo);
checkedProcessIds.Add(processId);
}
}
}
}
return managedApplications;
}
private void InspectInternal(ManagedApplicationInfo applicationInfo)
{
int processId;
var threadId = (uint)NativeMethods.GetWindowThreadProcessId(applicationInfo.HWnd, out processId);
using (var process = Process.GetProcessById(processId))
{
string version = applicationInfo.RuntimeVersion.Contains("4") ? "40" : "35";
string hookName = string.Format("Hook{0}_{1}.dll", applicationInfo.Bitness, version);
IntPtr hInstance = NativeMethods.LoadLibrary(hookName);
if (hInstance == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
string methodIdentifier = string.Concat(Assembly.GetExecutingAssembly().Location,
"$ChristianMoser.WpfInspector.Hook.Inspector$Inject");
int bufLen = (methodIdentifier.Length + 1) * Marshal.SizeOf(typeof(char));
IntPtr hProcess = NativeMethods.OpenProcess(NativeMethods.ProcessAccessFlags.All, false, processId);
IntPtr remoteAdress = NativeMethods.VirtualAllocEx(hProcess, IntPtr.Zero, (uint)bufLen,
NativeMethods.AllocationType.Commit,
NativeMethods.MemoryProtection.ReadWrite);
if (remoteAdress != IntPtr.Zero)
{
IntPtr address = Marshal.StringToHGlobalUni(methodIdentifier);
uint size = (uint)(sizeof(char) * methodIdentifier.Length);
int bytesWritten;
NativeMethods.WriteProcessMemory(hProcess, remoteAdress, address, size, out bytesWritten);
if (bytesWritten == 0)
{
throw Marshal.GetExceptionForHR(Marshal.GetLastWin32Error());
}
UIntPtr procAdress = NativeMethods.GetProcAddress(hInstance, "MessageHookProc");
if (procAdress == UIntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
_hookHandle = NativeMethods.SetWindowsHookEx(NativeMethods.HookType.WH_CALLWNDPROC, procAdress, hInstance, threadId);
if (_hookHandle != IntPtr.Zero)
{
NativeMethods.SendMessage(applicationInfo.HWnd, _wmInspect, remoteAdress, IntPtr.Zero);
NativeMethods.UnhookWindowsHookEx(_hookHandle);
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
NativeMethods.VirtualFreeEx(process.Handle, remoteAdress, bufLen, NativeMethods.AllocationType.Release);
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
NativeMethods.FreeLibrary(hInstance);
}
}
public string Inspect(ManagedApplicationInfo applicationInfo)
{
return ServiceLocator.Resolve<InspectionService>().Inspect(applicationInfo);
}
