private void ShowUser(AccessTokenHandle hToken)
{
var user = AccessTokenUser.FromTokenHandle(hToken);
console.WriteLine("[USERNAME]");
console.WriteLine("");
console.WriteLine(user.ToOutputString());
console.WriteLine("");
}
public static void ListProcesses()
{
var processes = TMProcess.GetAllProcesses();
foreach (var p in processes)
{
try
{
var pHandle = TMProcessHandle.FromProcess(p, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(pHandle, TokenAccess.TOKEN_QUERY);
var userInfo = AccessTokenUser.FromTokenHandle(hToken);
Console.WriteLine($"{p.ProcessId}, {p.ProcessName}, {userInfo.Username}");
} catch (Exception)
{
continue;
}
}
}
public AccessTokenInformation(AccessTokenHandle handle)
{
try
{
this._groups = AccessTokenGroups.FromTokenHandle(handle);
}
catch { }
try
{
this._logonSid = AccessTokenLogonSid.FromTokenHandle(handle);
}
catch { }
try
{
this._owner = AccessTokenOwner.FromTokenHandle(handle);
}
catch { }
try
{
this._primaryGroup = AccessTokenPrimaryGroup.FromTokenHandle(handle);
}
catch { }
try
{
this._primaryGroup = AccessTokenPrimaryGroup.FromTokenHandle(handle);
}
catch { }
try
{
this._privileges = AccessTokenPrivileges.FromTokenHandle(handle);
}
catch { }
try
{
this._sessionId = AccessTokenSessionId.FromTokenHandle(handle);
}
catch { }
try
{
this._user = AccessTokenUser.FromTokenHandle(handle);
}
catch { }
}
private static string GetAccessTokenInfo(AccessTokenHandle hToken)
{
StringBuilder info = new StringBuilder();
var user = AccessTokenUser.FromTokenHandle(hToken);
var groups = AccessTokenGroups.FromTokenHandle(hToken);
var privileges = AccessTokenPrivileges.FromTokenHandle(hToken);
info.Append("[USERNAME]\n");
info.Append("\n");
info.Append($"{user.Domain}\\{user.Username}\n");
info.Append("\n");
info.Append("[GROUPS]");
info.Append("\n");
foreach (var group in groups.GetGroupEnumerator())
{
info.Append($"{group.Domain}\\{group.Name}\n");
}
info.Append("\n");
info.Append("[PRIVILEGES]");
info.Append("\n");
info.Append(privileges.ToOutputString());
info.Append("\n");
return(info.ToString());
}
public void Execute()
{
if (options.ListTokens)
{
var processes = TMProcess.GetAllProcesses();
this.InnerPrintProcesses(processes);
}
if (this.options.Privilege != null)
{
var processes = TMProcess.GetAllProcesses();
var found = new List <TMProcess>();
foreach (var proc in processes)
{
try
{
var hProc = TMProcessHandle.FromProcess(proc, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_QUERY);
var privileges = AccessTokenPrivileges.FromTokenHandle(hToken);
foreach (var priv in privileges.GetPrivileges())
{
if (priv.Name.ToLower().Contains(this.options.Privilege.ToLower()))
{
if (this.options.Disabled)
{
if (priv.IsDisabled())
{
found.Add(proc);
}
}
else
{
if (priv.IsEnabled())
{
found.Add(proc);
}
}
}
}
}
catch (Exception e)
{
console.Error("Failed to retrieve privilege information: " + e.Message);
}
}
this.InnerPrintProcesses(found);
}
if (this.options.Term != null && this.options.Term != "")
{
var processes = TMProcess.GetProcessByName(this.options.Term);
this.InnerPrintProcesses(processes);
}
if (this.options.User != null && this.options.User != "")
{
var processes = TMProcess.GetAllProcesses();
var found = new List <TMProcess>();
foreach (var proc in processes)
{
try
{
var hProc = TMProcessHandle.FromProcess(proc, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_QUERY);
var user = AccessTokenUser.FromTokenHandle(hToken);
if (user.Username.ToLower().Contains(this.options.User.ToLower()))
{
found.Add(proc);
}
}
catch
{
}
}
this.InnerPrintProcesses(found);
}
}
private void InnerPrintProcesses(List <TMProcess> processes)
{
List <Tuple <string, string, string, string> > processesInfo = new List <Tuple <string, string, string, string> >();
foreach (var p in processes)
{
var sessionId = "";
string username = "";
try
{
var pHandle = TMProcessHandle.FromProcess(p, ProcessAccessFlags.QueryInformation);
var tHandle = AccessTokenHandle.FromProcessHandle(pHandle, TokenAccess.TOKEN_QUERY);
var userInfo = AccessTokenUser.FromTokenHandle(tHandle);
var sessionInfo = AccessTokenSessionId.FromTokenHandle(tHandle);
username = userInfo.Domain + "\\" + userInfo.Username;
sessionId = sessionInfo.SessionId.ToString();
}
catch (Exception)
{
}
processesInfo.Add(new Tuple <string, string, string, string>(p.ProcessId.ToString(), p.ProcessName, username, sessionId));
}
StringBuilder output = new StringBuilder();
int padding = 2;
int maxName = 0;
int maxPid = 0;
int maxUser = 0;
int maxSession = 0;
foreach (var p in processesInfo)
{
maxPid = Math.Max(maxPid, p.Item1.Length);
maxName = Math.Max(maxName, p.Item2.Length);
maxUser = Math.Max(maxUser, p.Item3.Length);
maxSession = Math.Max(maxSession, p.Item4.Length);
}
string name = "PROCESS";
string pid = "PID";
string user = "******";
string session = "SESSION";
output.Append(pid + "," + generateSpaces(maxPid + padding - pid.Length));
output.Append(name + "," + generateSpaces(maxName + padding - name.Length));
output.Append(user + generateSpaces(maxUser + padding - user.Length));
output.Append(session + "\n");
var sorted = processesInfo.OrderBy(x => x.Item1).ToList();
foreach (var p in sorted)
{
string line = "";
line += p.Item1 + ",";
line += generateSpaces(maxPid + padding - p.Item1.Length);
line += p.Item2 + ",";
line += generateSpaces(maxName + padding - p.Item2.Length);
line += p.Item3;
line += generateSpaces(maxUser + padding - p.Item3.Length);
line += p.Item4;
output.Append(line + "\n");
}
console.Write(output.ToString());
}
