public void Execute()
{
if (this.options.ProcessID != -1 || this.options.SessionId != -1)
{
this.InnerCreateProcess(this.options.ProcessID, this.options.SessionId);
}
else if (this.options.System)
{
var processes = TMProcess.GetProcessByName("lsass");
if (processes.Count == 0)
{
console.Error("Failed to find LSASS process. That is weird.");
return;
}
else if (processes.Count > 1)
{
console.Error("Found multiple LSASS processes. That is weird.");
return;
}
else
{
var lsassProcess = processes.First();
InnerCreateProcess(lsassProcess.ProcessId, -1);
}
}
}
public static int RunStartProcess(StartProcessOptions opts)
{
var co = new ConsoleOutput(opts);
Logger.SetGlobalOutput(co);
var startProcess = new StartProcess(opts, co);
try
{
startProcess.Execute();
return(0);
}
catch (Exception e)
{
co.Error(e.Message);
return(1);
}
}
public void Execute()
{
if (options.ListTokens)
{
var processes = TMProcess.GetAllProcesses();
this.InnerPrintProcesses(processes);
}
if (this.options.Privilege != null)
{
var processes = TMProcess.GetAllProcesses();
var found = new List <TMProcess>();
foreach (var proc in processes)
{
try
{
var hProc = TMProcessHandle.FromProcess(proc, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_QUERY);
var privileges = AccessTokenPrivileges.FromTokenHandle(hToken);
foreach (var priv in privileges.GetPrivileges())
{
if (priv.Name.ToLower().Contains(this.options.Privilege.ToLower()))
{
if (this.options.Disabled)
{
if (priv.IsDisabled())
{
found.Add(proc);
}
}
else
{
if (priv.IsEnabled())
{
found.Add(proc);
}
}
}
}
}
catch (Exception e)
{
console.Error("Failed to retrieve privilege information: " + e.Message);
}
}
this.InnerPrintProcesses(found);
}
if (this.options.Term != null && this.options.Term != "")
{
var processes = TMProcess.GetProcessByName(this.options.Term);
this.InnerPrintProcesses(processes);
}
if (this.options.User != null && this.options.User != "")
{
var processes = TMProcess.GetAllProcesses();
var found = new List <TMProcess>();
foreach (var proc in processes)
{
try
{
var hProc = TMProcessHandle.FromProcess(proc, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_QUERY);
var user = AccessTokenUser.FromTokenHandle(hToken);
if (user.Username.ToLower().Contains(this.options.User.ToLower()))
{
found.Add(proc);
}
}
catch
{
}
}
this.InnerPrintProcesses(found);
}
}