public DbgProcessImpl(DbgManagerImpl owner, Dispatcher dispatcher, int pid, DbgProcessState state, bool shouldDetach)
{
lockObj = new object();
engineInfos = new List <EngineInfo>();
threads = new List <DbgThread>();
this.owner = owner ?? throw new ArgumentNullException(nameof(owner));
this.state = state;
cachedIsRunning = CalculateIsRunning_NoLock();
Id = pid;
ShouldDetach = shouldDetach;
const int dwDesiredAccess = NativeMethods.PROCESS_VM_OPERATION | NativeMethods.PROCESS_VM_READ |
NativeMethods.PROCESS_VM_WRITE | NativeMethods.PROCESS_QUERY_LIMITED_INFORMATION;
hProcess = NativeMethods.OpenProcess(dwDesiredAccess, false, pid);
if (hProcess.IsInvalid)
{
throw new InvalidOperationException($"Couldn't open process {pid}, error: 0x{Marshal.GetLastWin32Error():X8}");
}
Bitness = ProcessUtilities.GetBitness(hProcess.DangerousGetHandle());
Architecture = GetArchitecture(Bitness);
OperatingSystem = GetOperatingSystem();
var info = GetProcessName(pid);
Filename = info.filename ?? string.Empty;
Name = info.name ?? string.Empty;
debugging = CalculateDebugging_NoLock();
new DelayedIsRunningHelper(this, dispatcher, RaiseDelayedIsRunningChanged_DbgThread);
}
public DbgProcessImpl(DbgManagerImpl owner, Dispatcher dispatcher, ulong pid, DbgProcessState state, bool shouldDetach)
{
lockObj = new object();
engineInfos = new List <EngineInfo>();
threads = new List <DbgThread>();
this.owner = owner ?? throw new ArgumentNullException(nameof(owner));
this.state = state;
cachedIsRunning = CalculateIsRunning_NoLock();
Id = pid;
ShouldDetach = shouldDetach;
const int dwDesiredAccess = NativeMethods.PROCESS_VM_OPERATION | NativeMethods.PROCESS_VM_READ |
NativeMethods.PROCESS_VM_WRITE | NativeMethods.PROCESS_QUERY_LIMITED_INFORMATION;
hProcess = NativeMethods.OpenProcess(dwDesiredAccess, false, (int)pid);
if (hProcess.IsInvalid)
{
throw new InvalidOperationException($"Couldn't open process {pid}");
}
Bitness = ProcessUtilities.GetBitness(hProcess.DangerousGetHandle());
Machine = GetMachine(Bitness);
Filename = GetProcessFilename(pid) ?? string.Empty;
Name = Path.GetFileName(Filename);
new DelayedIsRunningHelper(this, dispatcher, RaiseDelayedIsRunningChanged_DbgThread);
}
static (string name, string title, string filename, string commandLine, string arch) GetDefaultPropertiesCore(ProcessProvider processProvider, AttachProgramOptions attachProgramOptions)
{
string name = null, title = null, filename = null, commandLine = null, arch = null;
var process = processProvider.GetProcess(attachProgramOptions.ProcessId);
if (process != null)
{
if (attachProgramOptions.Name == null)
{
name = Path.GetFileName(attachProgramOptions.Filename ?? process.MainModule.FileName);
}
if (attachProgramOptions.Filename == null)
{
filename = process.MainModule.FileName;
}
if (attachProgramOptions.CommandLine == null)
{
commandLine = Win32CommandLineProvider.TryGetCommandLine(process.Handle);
}
if (attachProgramOptions.Title == null)
{
title = process.MainWindowTitle;
}
if (attachProgramOptions.Architecture == null)
{
switch (ProcessUtilities.GetBitness(process.Handle))
{
case 32: arch = PredefinedArchitectureNames.X86; break;
case 64: arch = PredefinedArchitectureNames.X64; break;
default: arch = "???"; break;
}
}
}
return(name, title, filename, commandLine, arch);
}
static string TryGetCommandLineCore(IntPtr hProcess)
{
int ptrSize = ProcessUtilities.GetBitness(hProcess) / 8;
if (ptrSize == 8 && IntPtr.Size == 4)
{
return(null); // Can't read it
}
ushort cmdlineLength;
IntPtr cmdlineBuffer;
bool b;
if (ptrSize == 4)
{
PROCESS_BASIC_INFORMATION32 pbi = default;
int hr = NtQueryInformationProcess32(hProcess, ProcessBasicInformation, ref pbi, PROCESS_BASIC_INFORMATION32.SIZE, out int returnLength);
if (hr != 0 || pbi.PebBaseAddress == 0)
{
return(null);
}
IntPtr userProcessParamsAddr;
b = ReadProcessMemory(hProcess, (byte *)pbi.PebBaseAddress + ProcessParametersOffset32, &userProcessParamsAddr, new IntPtr(ptrSize), out var bytesRead);
if (!b || bytesRead.ToInt64() != ptrSize)
{
return(null);
}
UNICODE_STRING32 unicodeString;
b = ReadProcessMemory(hProcess, (byte *)userProcessParamsAddr + CommandLineOffset32, &unicodeString, new IntPtr(UNICODE_STRING32.SIZE), out bytesRead);
if (!b || bytesRead.ToInt64() != UNICODE_STRING32.SIZE)
{
return(null);
}
cmdlineLength = unicodeString.Length;
cmdlineBuffer = IntPtr.Size == 4 ? new IntPtr((int)unicodeString.Buffer) : new IntPtr(unicodeString.Buffer);
}
else
{
PROCESS_BASIC_INFORMATION64 pbi = default;
int hr = NtQueryInformationProcess64(hProcess, ProcessBasicInformation, ref pbi, PROCESS_BASIC_INFORMATION64.SIZE, out int returnLength);
if (hr != 0 || pbi.PebBaseAddress == 0)
{
return(null);
}
IntPtr userProcessParamsAddr;
b = ReadProcessMemory(hProcess, (byte *)pbi.PebBaseAddress + ProcessParametersOffset64, &userProcessParamsAddr, new IntPtr(ptrSize), out var bytesRead);
if (!b || bytesRead.ToInt64() != ptrSize)
{
return(null);
}
UNICODE_STRING64 unicodeString;
b = ReadProcessMemory(hProcess, (byte *)userProcessParamsAddr + CommandLineOffset64, &unicodeString, new IntPtr(UNICODE_STRING64.SIZE), out bytesRead);
if (!b || bytesRead.ToInt64() != UNICODE_STRING64.SIZE)
{
return(null);
}
cmdlineLength = unicodeString.Length;
cmdlineBuffer = new IntPtr((long)unicodeString.Buffer);
}
if (cmdlineLength <= 0 || cmdlineBuffer == IntPtr.Zero)
{
return(string.Empty);
}
cmdlineLength &= 0xFFFE;
var cmdLineChars = new char[cmdlineLength / 2];
fixed(void *p = cmdLineChars)
{
b = ReadProcessMemory(hProcess, cmdlineBuffer.ToPointer(), p, new IntPtr(cmdlineLength), out var bytesRead);
if (!b || bytesRead.ToInt64() != cmdlineLength)
{
return(null);
}
}
return(new string(cmdLineChars));
}
