private void SetupProcessEntry(COMProcessEntry obj) { m_process = obj; textBoxProcessExecutablePath.Text = obj.ExecutablePath; textBoxProcessProcessId.Text = obj.Pid.ToString(); textBoxProcessAppId.Text = GetGuidValue(obj.AppId); textBoxProcessAccessPermissions.Text = GetStringValue(obj.AccessPermissions); btnProcessViewAccessPermissions.Enabled = !String.IsNullOrWhiteSpace(obj.AccessPermissions); textBoxProcessLrpcPermissions.Text = GetStringValue(obj.LRpcPermissions); textBoxProcessUser.Text = GetStringValue(obj.User); textBoxProcessSecurity.Text = String.Format("Capabilities: {0}, Authn Level: {1}, Imp Level: {2}", obj.Capabilities, obj.AuthnLevel, obj.ImpLevel); textBoxProcessStaHwnd.Text = String.Format("0x{0:X}", obj.STAMainHWnd.ToInt64()); foreach (COMIPIDEntry ipid in obj.Ipids) { ListViewItem item = listViewProcessIPids.Items.Add(ipid.Ipid.ToString()); item.SubItems.Add(m_registry.MapIidToInterface(ipid.Iid).Name); item.SubItems.Add(ipid.Flags.ToString()); item.Tag = ipid; } listViewProcessIPids.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewProcessIPids.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); listViewProcessIPids.ListViewItemSorter = new ListItemComparer(0); tabControlProperties.TabPages.Add(tabPageProcess); if (m_registry.AppIDs.ContainsKey(obj.AppId)) { SetupAppIdEntry((COMAppIDEntry)m_registry.AppIDs[obj.AppId]); } }
public static IEnumerable <COMProcessEntry> GetProcesses(IEnumerable <Process> procs, string dbghelp_path, string symbol_path, IProgress <Tuple <string, int> > progress) { List <COMProcessEntry> ret = new List <COMProcessEntry>(); NtToken.EnableDebugPrivilege(); int total_count = procs.Count(); int current_count = 0; foreach (Process p in procs) { try { if (progress != null) { progress.Report(new Tuple <string, int>(String.Format("Parsing process {0}", p.ProcessName), 100 * current_count++ / total_count)); } COMProcessEntry proc = COMProcessParser.ParseProcess(p.Id, dbghelp_path, symbol_path); if (proc != null) { ret.Add(proc); } } catch (Win32Exception) { } finally { p.Close(); } } return(ret); }
private void SetupProcessEntry(COMProcessEntry obj) { m_process = obj; textBoxProcessExecutablePath.Text = obj.ExecutablePath; textBoxProcessProcessId.Text = obj.Pid.ToString(); textBoxProcessAppId.Text = GetGuidValue(obj.AppId); textBoxProcessAccessPermissions.Text = GetStringValue(obj.AccessPermissions); btnProcessViewAccessPermissions.Enabled = !String.IsNullOrWhiteSpace(obj.AccessPermissions); textBoxProcessLrpcPermissions.Text = GetStringValue(obj.LRpcPermissions); textBoxProcessUser.Text = GetStringValue(obj.User); textBoxProcessSecurity.Text = String.Format("Capabilities: {0}, Authn Level: {1}, Imp Level: {2}", obj.Capabilities, obj.AuthnLevel, obj.ImpLevel); textBoxProcessStaHwnd.Text = String.Format("0x{0:X}", obj.STAMainHWnd.ToInt64()); SetupIpidEntries(obj.Ipids, false); listViewProcessIPids.ListViewItemSorter = new ListItemComparer(0); tabControlProperties.TabPages.Add(tabPageProcess); if (m_registry.AppIDs.ContainsKey(obj.AppId)) { SetupAppIdEntry((COMAppIDEntry)m_registry.AppIDs[obj.AppId]); } }
private void SetupProcessEntry(COMProcessEntry obj) { m_process = obj; textBoxProcessExecutablePath.Text = obj.ExecutablePath; textBoxProcessProcessId.Text = obj.ProcessId.ToString(); textBoxProcessAppId.Text = GetGuidValue(obj.AppId); textBoxProcessAccessPermissions.Text = GetStringValue(obj.AccessPermissions); btnProcessViewAccessPermissions.Enabled = !String.IsNullOrWhiteSpace(obj.AccessPermissions); textBoxProcessLrpcPermissions.Text = GetStringValue(obj.LRpcPermissions); textBoxProcessUser.Text = GetStringValue(obj.User); textBoxProcessSecurity.Text = String.Format("Capabilities: {0}, Authn Level: {1}, Imp Level: {2}, Unmarshal Policy: {3}", obj.Capabilities, obj.AuthnLevel, obj.ImpLevel, obj.UnmarshalPolicy); textBoxProcessStaHwnd.Text = String.Format("0x{0:X}", obj.STAMainHWnd.ToInt64()); SetupIpidEntries(obj.Ipids, false); listViewProcessIPids.ListViewItemSorter = new ListItemComparer(0); lblProcess64bit.Text = COMUtilities.FormatBitness(obj.Is64Bit); tabControlProperties.TabPages.Add(tabPageProcess); if (m_registry.AppIDs.ContainsKey(obj.AppId)) { SetupAppIdEntry((COMAppIDEntry)m_registry.AppIDs[obj.AppId]); } if (obj.Classes.Any()) { tabControlProperties.TabPages.Add(tabPageRegisteredClasses); foreach (var c in obj.Classes) { COMCLSIDEntry clsid = m_registry.MapClsidToEntry(c.Clsid); ListViewItem item = listViewRegisteredClasses.Items.Add(c.Clsid.FormatGuid()); item.SubItems.Add(clsid.Name); item.SubItems.Add(c.VTable); item.SubItems.Add(c.RegFlags.ToString()); item.SubItems.Add(c.Apartment.ToString()); item.SubItems.Add(c.Context.ToString()); item.Tag = c; } listViewRegisteredClasses.ListViewItemSorter = new ListItemComparer(0); listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewRegisteredClasses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); } }