/// <summary>
/// Gets a list of running processes on the system.
/// </summary>
/// <returns>List of ProcessResults.</returns>
public static SharpSploitResultList <ProcessResult> GetProcessList()
{
var processorArchitecture = GetArchitecture();
Process[] processes = Process.GetProcesses().OrderBy(P => P.Id).ToArray();
SharpSploitResultList <ProcessResult> results = new SharpSploitResultList <ProcessResult>();
foreach (Process process in processes)
{
int processId = process.Id;
int parentProcessId = GetParentProcess(process);
string processName = process.ProcessName;
string processPath = string.Empty;
int sessionId = process.SessionId;
string processOwner = GetProcessOwner(process);
Win32.Kernel32.Platform processArch = Win32.Kernel32.Platform.Unknown;
if (parentProcessId != 0)
{
try
{
processPath = process.MainModule.FileName;
}
catch (System.ComponentModel.Win32Exception) { }
}
if (processorArchitecture == Win32.Kernel32.Platform.x64)
{
processArch = IsWow64(process) ? Win32.Kernel32.Platform.x86 : Win32.Kernel32.Platform.x64;
}
else if (processorArchitecture == Win32.Kernel32.Platform.x86)
{
processArch = Win32.Kernel32.Platform.x86;
}
else if (processorArchitecture == Win32.Kernel32.Platform.IA64)
{
processArch = Win32.Kernel32.Platform.x86;
}
results.Add(new ProcessResult
{
Pid = processId,
Ppid = parentProcessId,
Name = processName,
Path = processPath,
SessionID = sessionId,
Owner = processOwner,
Architecture = processArch
});
}
return(results);
}
public ProcessResult(int Pid = 0, int Ppid = 0, string Name = "", string Path = "", int Sessionid = 0, string Owner = "", Win32.Kernel32.Platform Architecture = Win32.Kernel32.Platform.Unknown)
{
this.Pid = Pid;
this.Ppid = Ppid;
this.Name = Name;
this.Path = Path;
this.SessionID = Sessionid;
this.Owner = Owner;
this.Architecture = Architecture;
}