예제 #1
0
        /// <summary>
        /// Get parent process.
        /// </summary>
        public static Process GetParentProcess(this Process process, ITracer tracer)
        {
            if (!OSDetector.IsOnWindows())
            {
                return(process.GetParentProcessLinux(tracer));
            }

            IntPtr processHandle;

            if (!process.TryGetProcessHandle(out processHandle))
            {
                return(null);
            }

            var pbi = new ProcessNativeMethods.ProcessInformation();

            try
            {
                int returnLength;
                int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
                if (status != 0)
                {
                    throw new Win32Exception(status);
                }

                return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
            }
            catch (Exception ex)
            {
                var processName = process.SafeGetProcessName() ?? "(null)";
                if (!processName.Equals("w3wp", StringComparison.OrdinalIgnoreCase))
                {
                    tracer.TraceError(ex, "GetParentProcess of {0}({1}) failed.", processName, process.Id);
                }
                return(null);
            }
        }
예제 #2
0
        private static bool HasReadAccess(IntPtr hProcess, IntPtr address, out int size)
        {
            size = 0;

            var    memInfo = new ProcessNativeMethods.MEMORY_BASIC_INFORMATION();
            IntPtr result  = ProcessNativeMethods.VirtualQueryEx(
                hProcess,
                address,
                ref memInfo,
                (IntPtr)Marshal.SizeOf(memInfo));

            if (result == IntPtr.Zero)
            {
                return(false);
            }

            if (memInfo.Protect == ProcessNativeMethods.PAGE_NOACCESS || memInfo.Protect == ProcessNativeMethods.PAGE_EXECUTE)
            {
                return(false);
            }

            try
            {
                size = Convert.ToInt32(memInfo.RegionSize.ToInt64() - (address.ToInt64() - memInfo.BaseAddress.ToInt64()));
            }
            catch (OverflowException)
            {
                return(false);
            }

            if (size <= 0)
            {
                return(false);
            }

            return(true);
        }
예제 #3
0
        /// <summary>
        /// Get parent process.
        /// </summary>
        public static Process GetParentProcess(this Process process, ITracer tracer)
        {
            var pbi = new ProcessNativeMethods.ProcessInformation();

            try
            {
                int returnLength;
                int status = ProcessNativeMethods.NtQueryInformationProcess(process.Handle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
                if (status != 0)
                {
                    throw new Win32Exception(status);
                }

                return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
            }
            catch (Exception ex)
            {
                if (!process.ProcessName.Equals("w3wp", StringComparison.OrdinalIgnoreCase))
                {
                    tracer.Trace("GetParentProcess of {0}({1}) failed with {2}", process.ProcessName, process.Id, ex);
                }
                return(null);
            }
        }