private void SetDepStatusKph()
{
DepStatus depStatus = DepStatus.Enabled;
if (comboStatus.SelectedItem.ToString() == "Disabled")
{
depStatus = 0;
}
else if (comboStatus.SelectedItem.ToString() == "Enabled")
{
depStatus = DepStatus.Enabled;
}
else if (comboStatus.SelectedItem.ToString() == "Enabled, DEP-ATL thunk emulation disabled")
{
depStatus = DepStatus.Enabled | DepStatus.AtlThunkEmulationDisabled;
}
else
{
PhUtils.ShowError("Invalid value.");
return;
}
if (checkPermanent.Checked)
{
depStatus |= DepStatus.Permanent;
}
try
{
using (var phandle = new ProcessHandle(_pid, Program.MinProcessQueryRights))
phandle.SetDepStatus(depStatus);
this.DialogResult = DialogResult.OK;
this.Close();
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to set the DEP status", ex);
}
}
private void LoadProperties()
{
var names = _processMo.ChildNames;
if (names.Contains("LargeIcon"))
{
using (var largeIcon = _processMo.GetChild("LargeIcon"))
pictureIcon.Image = Dump.GetIcon(largeIcon).ToBitmap();
}
else
{
pictureIcon.Image = Properties.Resources.Process.ToBitmap();
}
if (_item.VersionInfo != null)
{
textFileDescription.Text = _item.VersionInfo.FileDescription;
textFileCompany.Text = _item.VersionInfo.CompanyName;
textFileVersion.Text = _item.VersionInfo.FileVersion;
}
else
{
textFileDescription.Text = _item.Name;
textFileCompany.Text = string.Empty;
textFileVersion.Text = string.Empty;
}
textFileName.Text = _item.FileName;
if (_item.VerifyResult == VerifyResult.Trusted)
{
if (!string.IsNullOrEmpty(_item.VerifySignerName))
{
textFileCompany.Text = _item.VerifySignerName + " (verified)";
}
else
{
textFileCompany.Text += " (verified)";
}
}
textStartTime.Text = _item.CreateTime.ToString();
textCmdLine.Text = _item.CmdLine;
if (_item.HasParent)
{
if (_hw.Processes.ContainsKey(_item.ParentPid))
{
textParent.Text =
_hw.Processes[_item.ParentPid].Name + " (" + _item.ParentPid.ToString() + ")";
}
else
{
textParent.Text = "Non-existent Process (" + _item.ParentPid.ToString() + ")";
buttonInspectParent.Enabled = false;
}
}
else if (_item.ParentPid == -1)
{
textParent.Text = "No Parent Process";
buttonInspectParent.Enabled = false;
}
else
{
textParent.Text = "Non-existent Process (" + _item.ParentPid.ToString() + ")";
buttonInspectParent.Enabled = false;
}
using (var general = _processMo.GetChild("General"))
{
var dict = Dump.GetDictionary(general);
if (dict.ContainsKey("CurrentDirectory"))
{
textCurrentDirectory.Text = dict["CurrentDirectory"];
}
if (dict.ContainsKey("DepStatus"))
{
DepStatus status = (DepStatus)Dump.ParseInt32(dict["DepStatus"]);
if ((status & DepStatus.Enabled) != 0)
{
textDEP.Text = "Enabled";
}
else
{
textDEP.Text = "Disabled";
}
if ((status & DepStatus.Permanent) != 0)
{
textDEP.Text += ", Permanent";
}
if ((status & DepStatus.AtlThunkEmulationDisabled) != 0)
{
textDEP.Text += ", DEP-ATL thunk emulation disabled";
}
}
if (_hw.Architecture == OSArch.Amd64)
{
labelProcessType.Visible = true;
labelProcessTypeValue.Visible = true;
labelProcessTypeValue.Text = _item.IsWow64 ? "32-bit" : "64-bit";
}
else
{
labelProcessType.Visible = false;
labelProcessTypeValue.Visible = false;
}
}
}