public static WTS_PROCESS_INFO[] WTSEnumerateProcesses(IntPtr WTS_CURRENT_SERVER_HANDLE, TerminalServer Data)
{
IntPtr pProcessInfo = IntPtr.Zero;
int processCount = 0;
if (!WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE, 0, 1, ref pProcessInfo, ref processCount))
{
return(null);
}
const int NO_ERROR = 0;
const int ERROR_INSUFFICIENT_BUFFER = 122;
int err = NO_ERROR;
IntPtr pMemory = pProcessInfo;
WTS_PROCESS_INFO[] processInfos = new WTS_PROCESS_INFO[processCount];
for (int i = 0; i < processCount; i++)
{
processInfos[i] = (WTS_PROCESS_INFO)Marshal.PtrToStructure(pProcessInfo, typeof(WTS_PROCESS_INFO));
pProcessInfo = (IntPtr)((int)pProcessInfo + Marshal.SizeOf(processInfos[i]));
SessionProcess p = new SessionProcess();
p.ProcessID = processInfos[i].ProcessID;
p.ProcessName = Marshal.PtrToStringAnsi(processInfos[i].ProcessName);
if (processInfos[i].UserSid != IntPtr.Zero)
{
byte[] Sid = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
Marshal.Copy(processInfos[i].UserSid, Sid, 0, 14);
System.Text.StringBuilder name = new StringBuilder();
uint cchName = (uint)name.Capacity;
SID_NAME_USE sidUse;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint)referencedDomainName.Capacity;
if (LookupAccountSid(Data.ServerName, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
err = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
name.EnsureCapacity((int)cchName);
referencedDomainName.EnsureCapacity((int)cchReferencedDomainName);
err = NO_ERROR;
if (!LookupAccountSid(null, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
err = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
}
}
p.UserType = sidUse.ToString();
p.User = name.ToString();
}
}
//string userSID = Marshal.PtrToStringAuto(processInfos[i].UserSid);
p.SessionID = processInfos[i].SessionID;
//LookupAccountSid(Data.ServerName,
//p.User = Marshal.PtrToStringAnsi(processInfos[i].UserSid);
foreach (Session s in Data.Sessions)
{
if (s.SessionID == p.SessionID)
{
if (s.Processes == null)
{
s.Processes = new List <SessionProcess>();
}
s.Processes.Add(p);
break;
}
}
}
WTSFreeMemory(pMemory);
return(processInfos);
}
private static void GetProcessInfos(TerminalServer terminalServer)
{
try
{
IntPtr pProcessInfo = IntPtr.Zero;
int processCount = 0;
IntPtr useProcessesExStructure = new IntPtr(1);
if (WTSEnumerateProcessesExW(terminalServer.ServerPointer, ref useProcessesExStructure, WTS_ANY_SESSION, ref pProcessInfo, ref processCount))
{
const int NO_ERROR = 0;
const int ERROR_INSUFFICIENT_BUFFER = 122;
WTS_PROCESS_INFO_EX[] processInfos = new WTS_PROCESS_INFO_EX[processCount];
for (int i = 0; i < processCount; i++)
{
processInfos[i] = (WTS_PROCESS_INFO_EX)Marshal.PtrToStructure(pProcessInfo, typeof(WTS_PROCESS_INFO_EX));
SessionProcess p = new SessionProcess
{
SessionID = processInfos[i].SessionID,
ProcessID = processInfos[i].ProcessID,
ProcessName = processInfos[i].ProcessName,
NumberOfThreads = processInfos[i].NumberOfThreads,
HandleCount = processInfos[i].HandleCount,
PagefileUsage = (processInfos[i].PagefileUsage / 1024.0 / 1024.0).ToString("##0.## MB"),
PeakPagefileUsage = (processInfos[i].PeakPagefileUsage / 1024.0 / 1024.0).ToString("##0.## MB"),
WorkingSetSize = (processInfos[i].WorkingSetSize / 1024.0 / 1024.0).ToString("##0.## MB"),
PeakWorkingSetSize = (processInfos[i].PeakWorkingSetSize / 1024.0 / 1024.0).ToString("##0.## MB"),
KernelTime = processInfos[i].KernelTime,
UserTime = processInfos[i].UserTime
};
if (processInfos[i].UserSid != IntPtr.Zero)
{
byte[] Sid = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
Marshal.Copy(processInfos[i].UserSid, Sid, 0, 14);
StringBuilder name = new StringBuilder();
uint cchName = (uint)name.Capacity;
SID_NAME_USE sidUse;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint)referencedDomainName.Capacity;
if (LookupAccountSid(terminalServer.ServerName, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
int err = Marshal.GetLastWin32Error();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
name.EnsureCapacity((int)cchName);
referencedDomainName.EnsureCapacity((int)cchReferencedDomainName);
err = NO_ERROR;
if (!LookupAccountSid(null, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
err = Marshal.GetLastWin32Error();
}
}
p.Sid = sidUse.ToString();
p.User = name.ToString();
}
}
terminalServer.Sessions.FirstOrDefault(s => s.SessionId == p.SessionID).Processes.Add(p);
pProcessInfo = (IntPtr)((int)pProcessInfo + Marshal.SizeOf(processInfos[i]));
}
}
if (pProcessInfo != IntPtr.Zero)
{
WTSFreeMemory(pProcessInfo);
}
}
catch (Exception ex)
{
Log.Info("Error enumerating remote processes for RDP sessions.", ex);
terminalServer.Errors.Add(ex.Message + "\r\n" + Marshal.GetLastWin32Error());
}
}
private static WTS_PROCESS_INFO[] WTSEnumerateProcesses(IntPtr WTS_CURRENT_SERVER_HANDLE, TerminalServer Data)
{
IntPtr pProcessInfo = IntPtr.Zero;
int processCount = 0;
if (!WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE, 0, 1, ref pProcessInfo, ref processCount))
return null;
const int NO_ERROR = 0;
const int ERROR_INSUFFICIENT_BUFFER = 122;
IntPtr pMemory = pProcessInfo;
WTS_PROCESS_INFO[] processInfos = new WTS_PROCESS_INFO[processCount];
for (int i = 0; i < processCount; i++)
{
processInfos[i] = (WTS_PROCESS_INFO) Marshal.PtrToStructure(pProcessInfo, typeof (WTS_PROCESS_INFO));
pProcessInfo = (IntPtr) ((int) pProcessInfo + Marshal.SizeOf(processInfos[i]));
SessionProcess p = new SessionProcess
{
ProcessID = processInfos[i].ProcessID,
ProcessName =
Marshal.PtrToStringAnsi(processInfos[i].ProcessName)
};
if (processInfos[i].UserSid != IntPtr.Zero)
{
byte[] Sid = new byte[] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
Marshal.Copy(processInfos[i].UserSid, Sid, 0, 14);
StringBuilder name = new StringBuilder();
uint cchName = (uint) name.Capacity;
SID_NAME_USE sidUse;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint) referencedDomainName.Capacity;
if (LookupAccountSid(Data.ServerName, Sid, name, ref cchName, referencedDomainName,
ref cchReferencedDomainName, out sidUse))
{
int err = Marshal.GetLastWin32Error();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
name.EnsureCapacity((int) cchName);
referencedDomainName.EnsureCapacity((int) cchReferencedDomainName);
err = NO_ERROR;
if (
!LookupAccountSid(null, Sid, name, ref cchName, referencedDomainName,
ref cchReferencedDomainName, out sidUse))
err = Marshal.GetLastWin32Error();
}
p.UserType = sidUse.ToString();
p.User = name.ToString();
}
}
p.SessionID = processInfos[i].SessionID;
foreach (Session s in Data.Sessions)
{
if (s.SessionId == p.SessionID)
{
if (s.Processes == null) s.Processes = new List<SessionProcess>();
s.Processes.Add(p);
break;
}
}
}
WTSFreeMemory(pMemory);
return processInfos;
}
private static void GetProcessInfos(TerminalServer terminalServer)
{
try
{
IntPtr pProcessInfo = IntPtr.Zero;
int processCount = 0;
IntPtr useProcessesExStructure = new IntPtr(1);
if (WTSEnumerateProcessesEx(terminalServer.ServerPointer, ref useProcessesExStructure, WTS_ANY_SESSION, ref pProcessInfo, ref processCount))
{
const int NO_ERROR = 0;
const int ERROR_INSUFFICIENT_BUFFER = 122;
WTS_PROCESS_INFO_EX[] processInfos = new WTS_PROCESS_INFO_EX[processCount];
for (int i = 0; i < processCount; i++)
{
processInfos[i] = (WTS_PROCESS_INFO_EX) Marshal.PtrToStructure(pProcessInfo, typeof (WTS_PROCESS_INFO_EX));
SessionProcess p = new SessionProcess
{
SessionID = processInfos[i].SessionID,
ProcessID = processInfos[i].ProcessID,
ProcessName = Marshal.PtrToStringAnsi(processInfos[i].ProcessName),
NumberOfThreads = processInfos[i].NumberOfThreads,
HandleCount = processInfos[i].HandleCount,
PagefileUsage = processInfos[i].PagefileUsage,
PeakPagefileUsage = processInfos[i].PeakPagefileUsage,
WorkingSetSize = processInfos[i].WorkingSetSize,
PeakWorkingSetSize = processInfos[i].PeakWorkingSetSize,
KernelTime = processInfos[i].KernelTime,
UserTime = processInfos[i].UserTime
};
if (processInfos[i].UserSid != IntPtr.Zero)
{
byte[] Sid = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
Marshal.Copy(processInfos[i].UserSid, Sid, 0, 14);
StringBuilder name = new StringBuilder();
uint cchName = (uint) name.Capacity;
SID_NAME_USE sidUse;
StringBuilder referencedDomainName = new StringBuilder();
uint cchReferencedDomainName = (uint) referencedDomainName.Capacity;
if (LookupAccountSid(terminalServer.ServerName, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
{
int err = Marshal.GetLastWin32Error();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
name.EnsureCapacity((int) cchName);
referencedDomainName.EnsureCapacity((int) cchReferencedDomainName);
err = NO_ERROR;
if (!LookupAccountSid(null, Sid, name, ref cchName, referencedDomainName, ref cchReferencedDomainName, out sidUse))
err = Marshal.GetLastWin32Error();
}
p.Sid = sidUse.ToString();
p.User = name.ToString();
}
}
terminalServer.Sessions.FirstOrDefault(s => s.SessionId == p.SessionID).Processes.Add(p);
pProcessInfo = (IntPtr) ((int) pProcessInfo + Marshal.SizeOf(processInfos[i]));
}
}
if (pProcessInfo != IntPtr.Zero)
WTSFreeMemory(pProcessInfo);
}
catch (Exception ex)
{
Log.Info("Error enumerating remote processes for RDP sessions.", ex);
terminalServer.Errors.Add(ex.Message + "\r\n" + Marshal.GetLastWin32Error());
}
}
