private void mnuViewModules_Click(object sender, EventArgs e) { if (lvwProcesses.SelectedIndices.Count == 0) { return; } ListViewItem.ListViewSubItem processNameItem; processNameItem = lvwProcesses.GetFirstSubItem(chProcessName.Index); if (Environment.Is64BitProcess && processNameItem.BackColor == Cache.DotNetColor && processNameItem.Text.EndsWith(_resources.GetString("Str32Bit"), StringComparison.Ordinal)) { MessageBoxStub.Show(_resources.GetString("StrViewModulesSwitchTo32Bit"), MessageBoxIcon.Error); } else { ModulesForm modulesForm; #pragma warning disable IDE0067 modulesForm = new ModulesForm(uint.Parse(lvwProcesses.GetFirstSubItem(chProcessId.Index).Text), processNameItem.Text, processNameItem.BackColor == Cache.DotNetColor, _dumperCore); #pragma warning restore IDE0067 modulesForm.FormClosed += (v1, v2) => modulesForm.Dispose(); modulesForm.Show(); } }
private void DumpModule(IntPtr moduleHandle, ImageLayout imageLayout, string filePath) { using var dumper = DumperFactory.GetDumper(_process.Id, _dumperType.Value); bool result = dumper.DumpModule(moduleHandle, imageLayout, filePath); MessageBoxStub.Show(result ? $"Dump module successfully. Image was saved in:{Environment.NewLine}{filePath}" : "Fail to dump module.", result ? MessageBoxIcon.Information : MessageBoxIcon.Error); }
private void DumpModule(IntPtr moduleHandle, string filePath) { bool result; result = DumperFactory.GetDumper(_processId, _dumperCore.Value).DumpModule(moduleHandle, filePath); MessageBoxStub.Show(result ? $"{_resources.GetString("StrDumpModuleSuccessfully")}{Environment.NewLine}{filePath}" : _resources.GetString("StrFailToDumpModule"), result ? MessageBoxIcon.Information : MessageBoxIcon.Error); }
private void DumpModule(IntPtr moduleHandle, ImageLayout imageLayout, string filePath) { bool result; using (IDumper dumper = DumperFactory.GetDumper(_process.Id, _dumperType.Value)) result = dumper.DumpModule(moduleHandle, imageLayout, filePath); MessageBoxStub.Show(result ? $"{_resources.GetString("StrDumpModuleSuccessfully")}{Environment.NewLine}{filePath}" : _resources.GetString("StrFailToDumpModule"), result ? MessageBoxIcon.Information : MessageBoxIcon.Error); }
private void DumpProcess(uint processId, string directoryPath) { if (!Directory.Exists(directoryPath)) { Directory.CreateDirectory(directoryPath); } using (var dumper = DumperFactory.GetDumper(processId, _dumperType)) MessageBoxStub.Show($"{dumper.DumpProcess(directoryPath)} {_resources.GetString("StrDumpFilesSuccess")}{Environment.NewLine}{directoryPath}", MessageBoxIcon.Information); }
private void btInject_Click(object sender, EventArgs e) { string typeName; if (!File.Exists(_assemblyPath)) { return; } if (cmbEntryPoint.SelectedItem == null) { return; } if (chkWaitReturn.Checked) { btInject.Enabled = false; Text += "等待中..."; new Thread(() => { int ret; typeName = _entryPoint.FullName.Substring(_entryPoint.FullName.IndexOf(' ') + 1); typeName = typeName.Substring(0, typeName.IndexOf(':')); if (Injector.InjectManaged(_processId, _assemblyPath, typeName, _entryPoint.Name, _argument, out ret)) { Invoke((Action)(() => MessageBoxStub.Show($"注入成功\n返回值: {ret.ToString()}", MessageBoxIcon.Information))); } else { Invoke((Action)(() => MessageBoxStub.Show("注入失败", MessageBoxIcon.Error))); } Invoke((Action)(() => { btInject.Enabled = true; Text = Text.Substring(0, Text.Length - 6); })); }) { IsBackground = true }.Start(); } else { typeName = _entryPoint.FullName.Substring(_entryPoint.FullName.IndexOf(' ')); typeName = typeName.Substring(0, typeName.IndexOf(':')); if (Injector.InjectManaged(_processId, _assemblyPath, typeName, _entryPoint.Name, _argument)) { MessageBoxStub.Show($"注入成功", MessageBoxIcon.Information); } else { MessageBoxStub.Show("注入失败", MessageBoxIcon.Error); } } }
private static void ShowDetailException(Exception ex) { StringBuilder message; message = new StringBuilder(); message.AppendLine("Message:\n" + ex.Message); message.AppendLine("Source:\n" + ex.Source); message.AppendLine("StackTrace:\n" + ex.StackTrace); message.AppendLine("TargetSite:\n" + ex.TargetSite.ToString()); MessageBoxStub.Show(message.ToString(), MessageBoxIcon.Error); }
private void btInject_Click(object sender, EventArgs e) { string typeName; if (!File.Exists(_assemblyPath)) { return; } if (cmbEntryPoint.SelectedItem == null) { return; } typeName = _entryPoint.FullName.Substring(_entryPoint.FullName.IndexOf(' ') + 1); typeName = typeName.Substring(0, typeName.IndexOf(':')); if (chkWaitReturn.Checked) { btInject.Enabled = false; Text += _resources.GetString("StrWaiting"); new Thread(() => { int ret; if (Injector.InjectManaged(_processId, _assemblyPath, typeName, _entryPoint.Name, _argument, out ret)) { Invoke((Action)(() => MessageBoxStub.Show($"{_resources.GetString("StrInjectSuccessfully")}\n{_resources.GetString("StrReturnValue")} {ret.ToString()}", MessageBoxIcon.Information))); } else { Invoke((Action)(() => MessageBoxStub.Show(_resources.GetString("StrFailToInject"), MessageBoxIcon.Error))); } Invoke((Action)(() => { btInject.Enabled = true; Text = Text.Substring(0, Text.Length - 6); })); }) { IsBackground = true }.Start(); } else { if (Injector.InjectManaged(_processId, _assemblyPath, typeName, _entryPoint.Name, _argument)) { MessageBoxStub.Show(_resources.GetString("StrInjectSuccessfully"), MessageBoxIcon.Information); } else { MessageBoxStub.Show(_resources.GetString("StrFailToInject"), MessageBoxIcon.Error); } } }
private void mnuViewModules_Click(object sender, EventArgs e) { if (lvwProcesses.SelectedIndices.Count == 0) { return; } if (Environment.Is64BitProcess && lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor && lvwProcesses.SelectedItems[0].Text.EndsWith("(32 位)", StringComparison.Ordinal)) { MessageBoxStub.Show("要查看32位.Net进程的模块请切换到32位模式", MessageBoxIcon.Error); } else { new ModulesForm(uint.Parse(lvwProcesses.SelectedItems[0].SubItems[1].Text), lvwProcesses.SelectedItems[0].Text, lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor, _dumperCore).Show(); } }
private void mnuViewModules_Click(object sender, EventArgs e) { if (lvwProcesses.SelectedIndices.Count == 0) { return; } if (Environment.Is64BitProcess && lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor && lvwProcesses.SelectedItems[0].Text.EndsWith(_resources.GetString("Str32Bit"), StringComparison.Ordinal)) { MessageBoxStub.Show(_resources.GetString("StrViewModulesSwitchTo32Bit"), MessageBoxIcon.Error); } else { new ModulesForm(uint.Parse(lvwProcesses.SelectedItems[0].SubItems[1].Text), lvwProcesses.SelectedItems[0].Text, lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor, _dumperCore).Show(); } }
private void mnuViewModules_Click(object sender, EventArgs e) { if (lvwProcesses.SelectedIndices.Count == 0) { return; } var processNameItem = lvwProcesses.GetFirstSelectedSubItem(chProcessName.Index); if (Environment.Is64BitProcess && processNameItem.BackColor == Cache.DotNetColor && processNameItem.Text.EndsWith(_resources.GetString("Str32Bit"), StringComparison.Ordinal)) { MessageBoxStub.Show(_resources.GetString("StrViewModulesSwitchTo32Bit"), MessageBoxIcon.Error); } else { var modulesForm = new ModulesForm(uint.Parse(lvwProcesses.GetFirstSelectedSubItem(chProcessId.Index).Text), processNameItem.Text, processNameItem.BackColor == Cache.DotNetColor, _dumperType); modulesForm.Show(); } }
private void mnuDebugPrivilege_Click(object sender, EventArgs e) { if (!_isAdministrator) { MessageBoxStub.Show("请以管理员模式启动" + Application.ProductName, MessageBoxIcon.Error); return; } if (FastWin32Settings.EnableDebugPrivilege()) { mnuDebugPrivilege.Checked = true; mnuDebugPrivilege.Enabled = false; Text = Text.Substring(0, Text.Length - 1) + ", SeDebugPrivilege)"; MessageBoxStub.Show("成功", MessageBoxIcon.Information); } else { MessageBoxStub.Show("失败,请关闭杀软后重试", MessageBoxIcon.Error); } }
private void mnuDebugPrivilege_Click(object sender, EventArgs e) { if (!_isAdministrator) { MessageBoxStub.Show(_resources.GetString("StrRunAsAdmin") + Application.ProductName, MessageBoxIcon.Error); return; } if (FastWin32Settings.EnableDebugPrivilege()) { mnuDebugPrivilege.Checked = true; mnuDebugPrivilege.Enabled = false; Text = Text.Substring(0, Text.Length - 1) + ", SeDebugPrivilege)"; MessageBoxStub.Show(_resources.GetString("StrSuccess"), MessageBoxIcon.Information); } else { MessageBoxStub.Show(_resources.GetString("StrFailed"), MessageBoxIcon.Error); } }
private void LoadAssembly() { MethodSig methodSig; try { _manifestModule = ModuleDefMD.Load(_assemblyPath); } catch { MessageBoxStub.Show(_resources.GetString("StrInvalidAssembly"), MessageBoxIcon.Error); _manifestModule = null; return; } cmbEntryPoint.Items.Clear(); foreach (TypeDef typeDef in _manifestModule.GetTypes()) { foreach (MethodDef methodDef in typeDef.Methods) { if (!methodDef.IsStatic) { continue; } if (methodDef.IsGetter || methodDef.IsSetter) { continue; } methodSig = (MethodSig)methodDef.Signature; if (methodSig.Params.Count != 1 || methodSig.Params[0].FullName != "System.String") { continue; } if (methodSig.RetType.FullName != "System.Int32") { continue; } cmbEntryPoint.Items.Add(methodDef); } } if (cmbEntryPoint.Items.Count == 1) { cmbEntryPoint.SelectedIndex = 0; } }
private void mnuGotoLocation_Click(object sender, EventArgs e) { if (lvwModules.SelectedIndices.Count == 0) { return; } string filePath = lvwModules.SelectedItems[0].SubItems[3].Text; if (filePath == "模块仅在内存中") { MessageBoxStub.Show("模块仅在内存中,可以在转储之后查看", MessageBoxIcon.Error); } else { if (!Environment.Is64BitProcess && Cache.Is64BitOperatingSystem) { MessageBoxStub.Show("文件位置被重定向,资源管理器中显示的不一定是真实位置", MessageBoxIcon.Information); } Process.Start("explorer.exe", @"/select, " + filePath); } }
private void mnuDebugPrivilege_Click(object sender, EventArgs e) { if (_hasSeDebugPrivilege) { return; } if (!IsAdministrator) { MessageBoxStub.Show(_resources.GetString("StrRunAsAdmin") + Application.ProductName, MessageBoxIcon.Error); return; } try { Process.EnterDebugMode(); _hasSeDebugPrivilege = true; mnuDebugPrivilege.Checked = true; mnuDebugPrivilege.Enabled = false; Text = Text.Substring(0, Text.Length - 1) + ", SeDebugPrivilege)"; MessageBoxStub.Show(_resources.GetString("StrSuccess"), MessageBoxIcon.Information); } catch { MessageBoxStub.Show(_resources.GetString("StrFailed"), MessageBoxIcon.Error); } }
private void RefreshModuleList() { lvwModules.Items.Clear(); ListViewItem listViewItem; if (!mnuOnlyDotNetModule.Checked) { var moduleEntry32 = MODULEENTRY32.Default; var snapshotHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, _process.Id); if (snapshotHandle == INVALID_HANDLE_VALUE) { return; } if (!Module32First(snapshotHandle, ref moduleEntry32)) { return; } do { listViewItem = new ListViewItem(moduleEntry32.szModule); // Name listViewItem.SubItems.Add(string.Empty); // Domain Name listViewItem.SubItems.Add(string.Empty); // CLR Version listViewItem.SubItems.Add("0x" + moduleEntry32.modBaseAddr.ToString(Cache.Is64BitProcess ? "X16" : "X8")); // BaseAddress listViewItem.SubItems.Add("0x" + moduleEntry32.modBaseSize.ToString("X8")); // Size listViewItem.SubItems.Add(moduleEntry32.szExePath); // Path lvwModules.Items.Add(listViewItem); } while (Module32Next(snapshotHandle, ref moduleEntry32)); } if (_isDotNetProcess) { try { using (var dataTarget = DataTarget.AttachToProcess((int)_process.Id, 1000, AttachFlag.Passive)) { dataTarget.SymbolLocator = DummySymbolLocator.Instance; foreach (var clrModule in dataTarget.ClrVersions.Select(t => t.CreateRuntime()).SelectMany(t => t.AppDomains).SelectMany(t => t.Modules)) { string name = clrModule.Name; bool inMemory; if (!string.IsNullOrEmpty(name)) { inMemory = name.Contains(","); } else { name = "EmptyName"; inMemory = true; } string moduleName = !inMemory?Path.GetFileName(name) : name.Split(',')[0]; listViewItem = new ListViewItem(moduleName); // Name listViewItem.SubItems.Add(string.Join(", ", clrModule.AppDomains.Select(t => t.Name))); // Domain Name listViewItem.SubItems.Add(clrModule.Runtime.ClrInfo.Version.ToString()); // CLR Version listViewItem.SubItems.Add("0x" + clrModule.ImageBase.ToString(Cache.Is64BitProcess ? "X16" : "X8")); // BaseAddress listViewItem.SubItems.Add("0x" + clrModule.Size.ToString("X8")); // Size listViewItem.SubItems.Add(!inMemory ? name : "InMemory"); // Path listViewItem.BackColor = Cache.DotNetColor; lvwModules.Items.Add(listViewItem); } } } catch { MessageBoxStub.Show(_resources.GetString("StrFailToGetDotNetModules"), MessageBoxIcon.Error); } } lvwModules.AutoResizeColumns(false); }
private void DumpProcess(uint processId, string directoryPath) { using (IDumper dumper = DumperFactory.GetDumper(processId, _dumperType.Value)) MessageBoxStub.Show($"{dumper.DumpProcess(directoryPath).ToString()} {_resources.GetString("StrDumpFilesSuccess")}{Environment.NewLine}{directoryPath}", MessageBoxIcon.Information); }
private void DumpProcess(uint processId, string directoryPath) => MessageBoxStub.Show($"{DumperFactory.GetDumper(processId, _dumperCore.Value).DumpProcess(directoryPath).ToString()} 个文件被转储在:{Environment.NewLine}{directoryPath}", MessageBoxIcon.Information);
private void RefreshModuleList() { lvwModules.Items.Clear(); ListViewItem listViewItem; if (!mnuOnlyDotNetModule.Checked) { var moduleEntry32 = MODULEENTRY32.Default; var snapshotHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, _process.Id); if (snapshotHandle == INVALID_HANDLE_VALUE) { return; } if (!Module32First(snapshotHandle, ref moduleEntry32)) { return; } do { listViewItem = new ListViewItem(moduleEntry32.szModule); // Name listViewItem.SubItems.Add(string.Empty); // Domain Name listViewItem.SubItems.Add(string.Empty); // CLR Version listViewItem.SubItems.Add(Utils.FormatPointer(moduleEntry32.modBaseAddr)); // BaseAddress listViewItem.SubItems.Add(Utils.FormatHex(moduleEntry32.modBaseSize)); // Size listViewItem.SubItems.Add(moduleEntry32.szExePath); // Path lvwModules.Items.Add(listViewItem); } while (Module32Next(snapshotHandle, ref moduleEntry32)); } if (_isDotNetProcess) { try { using var dataTarget = DataTarget.AttachToProcess((int)_process.Id, false); foreach (var clrModule in dataTarget.ClrVersions.Select(t => t.CreateRuntime()).SelectMany(t => t.AppDomains).SelectMany(t => t.Modules)) { if (clrModule.ImageBase == 0) { continue; } string name = clrModule.Name; bool inMemory; if (!string.IsNullOrEmpty(name)) { inMemory = name.Contains(","); } else { name = "<<EmptyName>>"; inMemory = true; } string moduleName = !inMemory?Path.GetFileName(name) : name.Split(',')[0]; listViewItem = new ListViewItem(moduleName); // Name listViewItem.SubItems.Add(clrModule.AppDomain.Name); // Domain Name listViewItem.SubItems.Add($"v{clrModule.AppDomain.Runtime.ClrInfo.Version}"); // CLR Version listViewItem.SubItems.Add(Utils.FormatPointer(clrModule.ImageBase)); // BaseAddress listViewItem.SubItems.Add(Utils.FormatHex((uint)clrModule.Size)); // Size listViewItem.SubItems.Add(!inMemory ? name : "InMemory"); // Path listViewItem.BackColor = Utils.DotNetColor; lvwModules.Items.Add(listViewItem); } } catch { MessageBoxStub.Show("Fail to get .NET modules", MessageBoxIcon.Error); } } lvwModules.AutoResizeColumns(false); }