public static COMProcessEntry ParseProcess(int pid, string dbghelp_path, string symbol_path) { using (SafeProcessHandle process = SafeProcessHandle.Open(pid, ProcessAccessRights.VmRead | ProcessAccessRights.QueryInformation)) { if (process.IsInvalid) { return(null); } if (process.Is64Bit && !Environment.Is64BitProcess) { return(null); } using (SymbolResolver resolver = new SymbolResolver(dbghelp_path, process, symbol_path)) { return(new COMProcessEntry( pid, GetProcessFileName(process), ParseIPIDEntries(process, resolver), process.Is64Bit, GetProcessAppId(process, resolver), GetProcessAccessSecurityDescriptor(process, resolver), GetLrpcSecurityDescriptor(process, resolver), process.GetUser(), process.GetUserSid(), ReadString(process, resolver, "gwszLRPCEndPoint"), ReadEnum <EOLE_AUTHENTICATION_CAPABILITIES>(process, resolver, "gCapabilities"), ReadEnum <RPC_AUTHN_LEVEL>(process, resolver, "gAuthnLevel"), ReadEnum <RPC_IMP_LEVEL>(process, resolver, "gImpLevel"), ReadPointer(process, resolver, "gAccessControl"), ReadPointer(process, resolver, "ghwndOleMainThread"))); } } }
public SelectSecurityCheckForm(bool process_security) { InitializeComponent(); _process_security = process_security; _tokens = new List <SafeTokenHandle>(); Disposed += SelectSecurityCheckForm_Disposed; string username = String.Format(@"{0}\{1}", Environment.UserDomainName, Environment.UserName); textBoxPrincipal.Text = username; COMProcessParser.EnableDebugPrivilege(); foreach (Process p in Process.GetProcesses().OrderBy(p => p.Id)) { try { using (SafeProcessHandle process = SafeProcessHandle.Open(p.Id, ProcessAccessRights.QueryInformation)) { SafeTokenHandle token = process.OpenToken(); _tokens.Add(token); ListViewItem item = listViewProcesses.Items.Add(p.Id.ToString()); item.SubItems.Add(p.ProcessName); item.SubItems.Add(process.GetUser()); item.SubItems.Add(token.GetIntegrityLevel().ToString()); item.Tag = token; } } catch { } } listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); listViewProcesses.ListViewItemSorter = new ListItemComparer(0); foreach (object value in Enum.GetValues(typeof(SecurityIntegrityLevel))) { comboBoxIL.Items.Add(value); } comboBoxIL.SelectedItem = SecurityIntegrityLevel.Low; if (process_security) { textBoxPrincipal.Enabled = false; checkBoxLocalLaunch.Enabled = false; checkBoxRemoteLaunch.Enabled = false; checkBoxLocalActivate.Enabled = false; checkBoxRemoteActivate.Enabled = false; } }