private static int ExecDiskSpd(string command, out string xml)
{
const string diskSpdExe = "diskspd.exe";
ConsoleEx.WriteLine($"Running : {diskSpdExe} {command}");
return(ProcessEx.Execute(diskSpdExe, command, out xml));
}
protected int Command(string parameters, int limit, out string output, out string error)
{
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
parameters = parameters.Trim();
Log.Logger.Information("Executing {ToolType} : {Parameters}", GetToolType(), parameters);
string path = GetToolPath();
int exitCode = ProcessEx.Execute(path, parameters, false, limit, out output, out error);
return(exitCode);
}
/// <summary>
/// Detaches r77 from the specified process.
/// <para>Detach32.exe or Detach64.exe is invoked to call the detach function pointer found in the r77 header.</para>
/// </summary>
/// <param name="process">The process to detach.</param>
/// <returns>
/// An enumerable of <see cref="LogMessage" /> entries to be displayed in the log view.
/// </returns>
public static IEnumerable <LogMessage> Detach(ProcessView process)
{
string detachPath = GetFilePath(process.Is64Bit == true ? "Detach64.exe" : "Detach32.exe", out LogMessage detachPathLogMessage);
if (detachPath == null)
{
yield return(detachPathLogMessage);
yield break;
}
if (!Win32.IsProcessRunning(process.Id))
{
yield return(new LogMessage
(
LogMessageType.Warning,
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ") is no longer running.")
));
yield break;
}
if (ProcessEx.Execute(detachPath, process.Id.ToString()) == 0)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogTextItem("Detached from"),
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ").")
));
}
else
{
yield return(new LogMessage
(
LogMessageType.Warning,
new LogTextItem("Detaching of"),
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ") failed.")
));
}
}
public bool BootstrapDownload()
{
// Only supported on Windows
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
return(false);
}
// Make sure that the Tools folder exists
if (!Directory.Exists(Tools.GetToolsRoot()))
{
Log.Logger.Warning("Creating missing Tools folder : \"{ToolsRoot}\"", Tools.GetToolsRoot());
if (!FileEx.CreateDirectory(Tools.GetToolsRoot()))
{
return(false);
}
}
// Download 7zr.exe in the tools root folder
// https://www.7-zip.org/a/7zr.exe
Log.Logger.Information("Downloading \"7zr.exe\" ...");
string sevenZr = Tools.CombineToolPath("7zr.exe");
const string sevenZrUrl = "https://www.7-zip.org/a/7zr.exe";
if (!Download.DownloadFile(new Uri(sevenZrUrl), sevenZr))
{
return(false);
}
// Get the latest version of 7z
if (!GetLatestVersionWindows(out MediaToolInfo mediaToolInfo))
{
return(false);
}
// Download the lastest version in the tools root folder
Log.Logger.Information("Downloading \"{FileName}\" ...", mediaToolInfo.FileName);
string updateFile = Tools.CombineToolPath(mediaToolInfo.FileName);
if (!Download.DownloadFile(new Uri(mediaToolInfo.Url), updateFile))
{
return(false);
}
// Follow the pattern from Update()
// Use 7zr.exe to extract the archive to the tools folder
Log.Logger.Information("Extracting {UpdateFile} ...", updateFile);
string extractPath = Tools.CombineToolPath(Path.GetFileNameWithoutExtension(updateFile));
string commandline = $"x -aoa -spe -y \"{updateFile}\" -o\"{extractPath}\"";
int exitCode = ProcessEx.Execute(sevenZr, commandline);
if (exitCode != 0)
{
Log.Logger.Error("Failed to extract archive : ExitCode: {ExitCode}", exitCode);
return(false);
}
// Delete the tool destination directory
string toolPath = GetToolFolder();
if (!FileEx.DeleteDirectory(toolPath, true))
{
return(false);
}
// Rename the folder
// E.g. 7z1805-extra to .\Tools\7Zip
return(FileEx.RenameFolder(extractPath, toolPath));
}
private void BuildGraph(Dictionary <string, Collection <string> > dependencies)
{
// Build the GraphViz command file
StringBuilder dot = new StringBuilder();
dot.AppendLine("digraph g {");
dot.AppendLine("rankdir = LR;");
dot.AppendLine("shape = box;");
dot.AppendLine("bgcolor = white;");
//dot.AppendLine("nodesep = .25;");
dot.AppendLine("node [color=black,fontname=Arial,fontsize=12,fontcolor=black,shape=box,fill=white];");
dot.AppendLine("edge [color=Blue, style=solid]");
dot.AppendLine("rankdir = LR");
int colorCount = 0;
foreach (string key in dependencies.Keys)
{
string assembly = key.Replace(".", string.Empty);
foreach (string dependency in dependencies[key])
{
string dependent = dependency.Replace(".", string.Empty);
if (!_colorWheel.ContainsKey(dependency))
{
_colorWheel.Add(dependency, colorCount++);
}
string colorName = ColorWheel.Select(_colorWheel[dependency]);
dot.Append(string.Format("{0} -> {1} [color={2}];", assembly, dependent, colorName));
dot.Append(Environment.NewLine);
}
}
dot.Append("}");
dot.Append(Environment.NewLine);
// Save the GraphViz command file to the local user's app directory
if (!Directory.Exists(_localAppDirectory))
{
Directory.CreateDirectory(_localAppDirectory);
}
string dotFile = Path.Combine(_localAppDirectory, Path.GetRandomFileName());
File.WriteAllText(dotFile, dot.ToString());
string dotPath = Path.Combine(Path.GetDirectoryName(Application.ExecutablePath), "GraphViz");
string dotExe = Path.Combine(dotPath, "dot.exe");
FireOnUpdateStatus("Creating dependency graph");
FireOnUpdateProcessing(true);
using (ProcessEx processEx = new ProcessEx(dotExe, string.Format("-Tbmp -O {0}", dotFile), new TimeSpan(0, 0, 30)))
{
processEx.StartInfo.UseShellExecute = false;
processEx.WaitForCmdExit = true;
processEx.Execute();
string graphFile = dotFile + ".bmp";
if (OnGraphCreated != null && File.Exists(graphFile))
{
OnGraphCreated(this, new StringEventArgs(graphFile));
}
}
FireOnUpdateStatus("Complete");
FireOnUpdateProcessing(false);
}
/// <summary>
/// Detaches r77 from all running processes.
/// <para>Both Detach32.exe and Detach64.exe are invoked using the "-all" commandline.</para>
/// </summary>
/// <returns>
/// An enumerable of <see cref="LogMessage" /> entries to be displayed in the log view.
/// </returns>
public static IEnumerable <LogMessage> DetachAll()
{
int injectedCount = GetInjectedCount();
if (injectedCount == 0)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogTextItem("No processes are injected.")
));
yield break;
}
string detach32Path = GetFilePath("Detach32.exe", out LogMessage detach32PathLogMessage);
if (detach32Path == null)
{
yield return(detach32PathLogMessage);
yield break;
}
string detach64Path = null;
if (Environment.Is64BitOperatingSystem)
{
detach64Path = GetFilePath("Detach64.exe", out LogMessage detach64PathLogMessage);
if (detach64Path == null)
{
yield return(detach64PathLogMessage);
yield break;
}
}
if (ProcessEx.Execute(detach32Path, "-all") != 0)
{
yield return(new LogMessage
(
LogMessageType.Error,
new LogFileItem(Path.GetFileName(detach32Path)),
new LogTextItem("returned an error code.")
));
}
if (detach64Path != null && ProcessEx.Execute(detach64Path, "-all") != 0)
{
yield return(new LogMessage
(
LogMessageType.Error,
new LogFileItem(Path.GetFileName(detach64Path)),
new LogTextItem("returned an error code.")
));
}
int newInjectedCount = GetInjectedCount();
if (newInjectedCount < injectedCount)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogTextItem("Detached from " + (injectedCount - newInjectedCount) + " processes.")
));
}
if (newInjectedCount > 0)
{
yield return(new LogMessage
(
LogMessageType.Warning,
new LogTextItem(newInjectedCount + " processes could not be detached.")
));
}
}
/// <summary>
/// Injects the specified process with the r77 DLL using reflective DLL injection.
/// <para>Inject32.exe or Inject64.exe is invoked to perform injection.</para>
/// </summary>
/// <param name="process">The process to inject.</param>
/// <returns>
/// An enumerable of <see cref="LogMessage" /> entries to be displayed in the log view.
/// </returns>
public static IEnumerable <LogMessage> Inject(ProcessView process)
{
string injectPath = GetFilePath(process.Is64Bit == true ? "Inject64.exe" : "Inject32.exe", out LogMessage injectPathLogMessage);
if (injectPath == null)
{
yield return(injectPathLogMessage);
yield break;
}
string dllPath = GetFilePath(process.Is64Bit == true ? "r77-x64.dll" : "r77-x86.dll", out LogMessage dllPathLogMessage);
if (dllPath == null)
{
yield return(dllPathLogMessage);
yield break;
}
if (!Win32.IsProcessRunning(process.Id))
{
yield return(new LogMessage
(
LogMessageType.Warning,
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ") is no longer running.")
));
yield break;
}
if (ProcessEx.Execute(injectPath, process.Id + " \"" + dllPath + "\"") == 0)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogTextItem("Injected"),
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ").")
));
}
else
{
string reason;
if (process.Name.StartsWith(Config.HidePrefix))
{
reason = "The filename starts with '" + Config.HidePrefix + "'.";
}
else if (process.IsR77Service)
{
reason = "The process is the r77 service process.";
}
else if (process.IsHelper)
{
reason = "The process is a helper process.";
}
else if (process.IntegrityLevel < ProcessIntegrityLevel.Medium)
{
reason = "Sandboxes are not supported";
}
else
{
reason = Path.GetFileName(injectPath) + " returned an error code.";
}
yield return(new LogMessage
(
LogMessageType.Warning,
new LogTextItem("Injection of"),
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ") failed."),
new LogDetailsItem(reason)
));
}
}
/// <summary>
/// Injects all processes with the r77 DLL using reflective DLL injection.
/// <para>Both Inject32.exe and Inject64.exe are invoked using the "-all" commandline.</para>
/// </summary>
/// <returns>
/// An enumerable of <see cref="LogMessage" /> entries to be displayed in the log view.
/// </returns>
public static IEnumerable <LogMessage> InjectAll()
{
int injectedCount = GetInjectedCount();
string inject32Path = GetFilePath("Inject32.exe", out LogMessage inject32PathLogMessage);
if (inject32Path == null)
{
yield return(inject32PathLogMessage);
yield break;
}
string inject64Path = null;
if (Environment.Is64BitOperatingSystem)
{
inject64Path = GetFilePath("Inject64.exe", out LogMessage inject64PathLogMessage);
if (inject64Path == null)
{
yield return(inject64PathLogMessage);
yield break;
}
}
string dll32Path = GetFilePath("r77-x86.dll", out LogMessage dll32PathLogMessage);
if (dll32Path == null)
{
yield return(dll32PathLogMessage);
yield break;
}
string dll64Path = null;
if (Environment.Is64BitOperatingSystem)
{
dll64Path = GetFilePath("r77-x64.dll", out LogMessage dll64PathLogMessage);
if (dll64Path == null)
{
yield return(dll64PathLogMessage);
yield break;
}
}
if (ProcessEx.Execute(inject32Path, "-all \"" + dll32Path + "\"") != 0)
{
yield return(new LogMessage
(
LogMessageType.Error,
new LogFileItem(Path.GetFileName(inject32Path)),
new LogTextItem("returned an error code.")
));
}
if (inject64Path != null && dll64Path != null && ProcessEx.Execute(inject64Path, "-all \"" + dll64Path + "\"") != 0)
{
yield return(new LogMessage
(
LogMessageType.Error,
new LogFileItem(Path.GetFileName(inject64Path)),
new LogTextItem("returned an error code.")
));
}
int newInjectedCount = GetInjectedCount();
if (newInjectedCount == injectedCount)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogTextItem("No processes were injected")
));
}
else if (newInjectedCount > injectedCount)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogTextItem("Injected " + (newInjectedCount - injectedCount) + " processes.")
));
}
}
/// <summary>
/// Hides a process ID by entering the PID into the r77 configuration system.
/// </summary>
/// <param name="process">The process to hide by ID.</param>
/// <returns>
/// An enumerable of <see cref="LogMessage" /> entries to be displayed in the log view.
/// </returns>
public static IEnumerable <LogMessage> Hide(ProcessView process)
{
bool success = false;
using (RegistryKey key = OpenConfigKey())
{
if (key != null)
{
WriteProcessId(key);
success = true;
}
else
{
string helperPath = GetFilePath("Helper32.exe", out LogMessage helperPathLogMessage);
if (helperPath == null)
{
yield return(helperPathLogMessage);
yield break;
}
if (CSharp.Try(() => ProcessEx.Execute(helperPath, "-config", true), 1) == 0)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogTextItem("Registry key"),
new LogFileItem(@"HKEY_LOCAL_MACHINE\SOFTWARE\" + Config.HidePrefix + "config"),
new LogTextItem("created.")
));
using (RegistryKey key2 = OpenConfigKey())
{
if (key2 != null)
{
WriteProcessId(key2);
success = true;
}
}
}
else
{
yield return(new LogMessage
(
LogMessageType.Error,
new LogTextItem("Registry key"),
new LogFileItem(@"HKEY_LOCAL_MACHINE\SOFTWARE\" + Config.HidePrefix + "config"),
new LogTextItem("not found. If r77 is not installed, this key requires to be created using elevated privileges. After creation, the DACL is set to allow full access by any user.")
));
yield break;
}
}
}
if (success)
{
yield return(new LogMessage
(
LogMessageType.Information,
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ") is marked as hidden.")
));
if (process.Name.StartsWith(Config.HidePrefix))
{
yield return(new LogMessage
(
LogMessageType.Warning,
new LogFileItem(process.Name),
new LogTextItem("(PID " + process.Id + ") is already hidden by prefix. Hiding the process by ID is unnecessary.")
));
}
if (GetInjectedCount() == 0)
{
yield return(new LogMessage
(
LogMessageType.Warning,
new LogTextItem("r77 needs to be installed, or at least injected in a task manager for process hiding to have effect.")
));
}
}
RegistryKey OpenConfigKey()
{
return(RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(@"SOFTWARE\" + Config.HidePrefix + @"config", true));
}
void WriteProcessId(RegistryKey configKey)
{
using (RegistryKey pidKey = configKey.CreateSubKey("pid"))
{
pidKey.SetValue("TestConsole_HiddenPID_" + process.Id, process.Id, RegistryValueKind.DWord);
}
}
}
