public static extern IntPtr OpenProcess(
ProcessAccessFlags processAccess,
bool bInheritHandle,
int processId);
/// <summary>
/// Opens an existing local process object.
/// </summary>
/// <param name="access"></param>
/// <param name="inheritHandle"></param>
/// <param name="processId"></param>
/// <returns></returns>
public static IntPtr OpenProcess(ProcessAccessFlags access, bool inheritHandle, uint processId)
{
IntPtr handle = UnmanagedOpenProcess(access, inheritHandle, processId);
if (handle == null)
{
throw new Win32Exception();
}
return handle;
}
internal static IntPtr OpenProcess(ProcessAccessFlags dwDesiredAcess, bool bInheritHandle, int dwProcessId)
{
IntPtr p = NativeMethods.Internal.OpenProcess(dwDesiredAcess, bInheritHandle, dwProcessId);
if (p == IntPtr.Zero)
{
int errorCoder = Marshal.GetLastWin32Error();
if (errorCoder != 0)
throw new Win32Exception(errorCoder);
}
return p;
}
// Reads native process info from a 64/32-bit process in the case where the target architecture
// of this process is the same as that of the target process.
private bool LoadProcessInfoNative(SafeProcessHandle handle, ProcessAccessFlags flags) {
ProcessBasicInformation basicInfo = new ProcessBasicInformation();
int size;
int status = NativeMethods.NtQueryInformationProcess(
handle,
ProcessInfoClass.BasicInformation,
ref basicInfo,
MarshalUtility.UnmanagedStructSize<ProcessBasicInformation>(),
out size);
_parentProcessId = basicInfo.ParentProcessId.ToInt32();
// If we can't load the ProcessBasicInfo, then we can't really do anything.
if (status != NtStatus.Success || basicInfo.PebBaseAddress == IntPtr.Zero)
return false;
if (flags.HasFlag(ProcessAccessFlags.VmRead)) {
// Follows a pointer from the PROCESS_BASIC_INFORMATION structure in the target process's
// address space to read the PEB.
Peb peb = MarshalUtility.ReadUnmanagedStructFromProcess<Peb>(
handle,
basicInfo.PebBaseAddress);
_isBeingDebugged = peb.IsBeingDebugged;
if (peb.ProcessParameters != IntPtr.Zero) {
// Follows a pointer from the PEB structure in the target process's address space to read
// the RTL_USER_PROCESS_PARAMS.
RtlUserProcessParameters processParameters = new RtlUserProcessParameters();
processParameters = MarshalUtility.ReadUnmanagedStructFromProcess<RtlUserProcessParameters>(
handle,
peb.ProcessParameters);
_commandLine = MarshalUtility.ReadStringUniFromProcess(
handle,
processParameters.CommandLine.Buffer,
processParameters.CommandLine.Length / 2);
}
}
return true;
}
public SafeProcessHandle OpenHandle(ProcessAccessFlags flags)
{
return Win32.OpenProcessHandle(flags, false, Process.Id);
}
public static AutoDispose<IntPtr> OpenProcessHandle(ProcessAccessFlags processAccess, bool bInheritHandle, uint processId)
{
var handle = OpenProcess(processAccess, bInheritHandle, processId);
if (handle == IntPtr.Zero || handle == INVALID_HANDLE_VALUE)
{
return null;
}
return new AutoDispose<IntPtr>(handle, (target) => CloseHandle(target));
}
internal static extern SafeProcessHandle OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessID);
public static extern SafeProcessHandle OpenProcess(ProcessAccessFlags processAccess, bool bInheritHandle, int processId);
// Reads native process info from a 64-bit process in the case where this function is executing
// in a 32-bit process.
private bool LoadProcessInfoWow64(SafeProcessHandle handle, ProcessAccessFlags flags)
{
ulong pebSize = (ulong)MarshalUtility.UnmanagedStructSize <PebWow64>();
ulong processParamsSize =
(ulong)MarshalUtility.UnmanagedStructSize <RtlUserProcessParametersWow64>();
// Read PROCESS_BASIC_INFORMATION up to and including the pointer to PEB structure.
int processInfoSize =
MarshalUtility.UnmanagedStructSize <ProcessBasicInformationWow64>();
ProcessBasicInformationWow64 pbi = new ProcessBasicInformationWow64();
int result = NativeMethods.NtWow64QueryInformationProcess64(
handle,
ProcessInfoClass.BasicInformation,
ref pbi,
processInfoSize,
out processInfoSize);
if (result != 0)
{
return(false);
}
_parentProcessId = (int)pbi.ParentProcessId;
Debug.Assert((int)pbi.UniqueProcessId == _processId);
if (flags.HasFlag(ProcessAccessFlags.VmRead))
{
IntPtr pebBuffer = IntPtr.Zero;
IntPtr processParametersBuffer = IntPtr.Zero;
IntPtr commandLineBuffer = IntPtr.Zero;
try {
pebBuffer = Marshal.AllocHGlobal((int)pebSize);
// Read PEB up to and including the pointer to RTL_USER_PROCESS_PARAMETERS
// structure.
result = NativeMethods.NtWow64ReadVirtualMemory64(
handle,
pbi.PebBaseAddress,
pebBuffer,
pebSize,
out pebSize);
if (result != 0)
{
return(false);
}
PebWow64 peb = (PebWow64)Marshal.PtrToStructure(pebBuffer, typeof(PebWow64));
_isBeingDebugged = peb.IsBeingDebugged;
processParametersBuffer = Marshal.AllocHGlobal((int)processParamsSize);
result = NativeMethods.NtWow64ReadVirtualMemory64(
handle,
peb.ProcessParameters,
processParametersBuffer,
processParamsSize,
out processParamsSize);
if (result != 0)
{
return(false);
}
RtlUserProcessParametersWow64 processParameters = (RtlUserProcessParametersWow64)
Marshal.PtrToStructure(
processParametersBuffer,
typeof(RtlUserProcessParametersWow64));
ulong commandLineBufferSize = (ulong)processParameters.CommandLine.MaximumLength;
commandLineBuffer = Marshal.AllocHGlobal((int)commandLineBufferSize);
result = NativeMethods.NtWow64ReadVirtualMemory64(
handle,
processParameters.CommandLine.Buffer,
commandLineBuffer,
commandLineBufferSize,
out commandLineBufferSize);
if (result != 0)
{
return(false);
}
_commandLine = Marshal.PtrToStringUni(commandLineBuffer);
} finally {
if (pebBuffer != IntPtr.Zero)
{
Marshal.FreeHGlobal(pebBuffer);
}
if (commandLineBuffer != IntPtr.Zero)
{
Marshal.FreeHGlobal(commandLineBuffer);
}
if (processParametersBuffer != IntPtr.Zero)
{
Marshal.FreeHGlobal(processParametersBuffer);
}
}
}
return(true);
}
public static SafeProcessHandle OpenProcess(int pid, ProcessAccessFlags access)
{
return(new SafeProcessHandle(NativeMethods.OpenProcess(access, false, pid)));
}
internal static extern IntPtr OpenProcess(ProcessAccessFlags accessMask, bool bInheritHandle, int processId);
public static IntPtr OpenProcess(Process proc, ProcessAccessFlags flags) => OpenProcess(flags, false, proc.Id);
public static IntPtr OpenProcess(Process process, ProcessAccessFlags flags)
{
var handle = OpenProcess(flags, false, process.Id);
return(handle == IntPtr.Zero ? throw new Exception(string.Format("Failed to open process ({0}).", GetLastError())) : handle);
}
// Reads native process info from a 64-bit process in the case where this function is executing
// in a 32-bit process.
private bool LoadProcessInfoWow64(SafeProcessHandle handle, ProcessAccessFlags flags)
{
ulong pebSize = (ulong)MarshalUtility.UnmanagedStructSize<PebWow64>();
ulong processParamsSize =
(ulong)MarshalUtility.UnmanagedStructSize<RtlUserProcessParametersWow64>();
// Read PROCESS_BASIC_INFORMATION up to and including the pointer to PEB structure.
int processInfoSize =
MarshalUtility.UnmanagedStructSize<ProcessBasicInformationWow64>();
ProcessBasicInformationWow64 pbi = new ProcessBasicInformationWow64();
int result = NativeMethods.NtWow64QueryInformationProcess64(
handle,
ProcessInfoClass.BasicInformation,
ref pbi,
processInfoSize,
out processInfoSize);
if (result != 0)
return false;
_parentProcessId = (int)pbi.ParentProcessId;
Debug.Assert((int)pbi.UniqueProcessId == _processId);
if (flags.HasFlag(ProcessAccessFlags.VmRead)) {
IntPtr pebBuffer = IntPtr.Zero;
IntPtr processParametersBuffer = IntPtr.Zero;
IntPtr commandLineBuffer = IntPtr.Zero;
try {
pebBuffer = Marshal.AllocHGlobal((int)pebSize);
// Read PEB up to and including the pointer to RTL_USER_PROCESS_PARAMETERS
// structure.
result = NativeMethods.NtWow64ReadVirtualMemory64(
handle,
pbi.PebBaseAddress,
pebBuffer,
pebSize,
out pebSize);
if (result != 0)
return false;
PebWow64 peb = (PebWow64)Marshal.PtrToStructure(pebBuffer, typeof(PebWow64));
_isBeingDebugged = peb.IsBeingDebugged;
processParametersBuffer = Marshal.AllocHGlobal((int)processParamsSize);
result = NativeMethods.NtWow64ReadVirtualMemory64(
handle,
peb.ProcessParameters,
processParametersBuffer,
processParamsSize,
out processParamsSize);
if (result != 0)
return false;
RtlUserProcessParametersWow64 processParameters = (RtlUserProcessParametersWow64)
Marshal.PtrToStructure(
processParametersBuffer,
typeof(RtlUserProcessParametersWow64));
ulong commandLineBufferSize = (ulong)processParameters.CommandLine.MaximumLength;
commandLineBuffer = Marshal.AllocHGlobal((int)commandLineBufferSize);
result = NativeMethods.NtWow64ReadVirtualMemory64(
handle,
processParameters.CommandLine.Buffer,
commandLineBuffer,
commandLineBufferSize,
out commandLineBufferSize);
if (result != 0)
return false;
_commandLine = Marshal.PtrToStringUni(commandLineBuffer);
} finally {
if (pebBuffer != IntPtr.Zero)
Marshal.FreeHGlobal(pebBuffer);
if (commandLineBuffer != IntPtr.Zero)
Marshal.FreeHGlobal(commandLineBuffer);
if (processParametersBuffer != IntPtr.Zero)
Marshal.FreeHGlobal(processParametersBuffer);
}
}
return true;
}
private static extern IntPtr OpenProcess(ProcessAccessFlags processAccess, bool bInheritHandle, uint processId);
public static extern SafeMemoryHandle OpenProcess(ProcessAccessFlags dwDesiredAccess,
[MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public static extern System.IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, System.UInt32 dwProcessId);
public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle,
int dwProcessId);
public static extern SafeProcessHandle OpenProcess(
[MarshalAs(UnmanagedType.U4)] ProcessAccessFlags dwDesiredAccess,
[MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
int dwProcessId);
public static extern SafeProcessHandle OpenProcess(
ProcessAccessFlags processAccess,
bool bInheritHandle,
int processId
);
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess,
[MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, UInt32 dwProcessID);
/// <summary>
/// Opens a handle to a process
/// </summary>
/// <param name="id">ID of the process</param>
/// <param name="flags">ProcessAccessFlags to use</param>
/// <returns>A handle to the process</returns>
public SafeMemoryHandle OpenHandle(ProcessAccessFlags flags)
{
return NativeMethods.OpenProcess(flags, false, _process.Id);
}
public static ProcessHandle OpenProcess(Process proc, ProcessAccessFlags flags)
{
return(OpenProcess(flags, false, proc.Id));
}
private static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize,
ProcessAccessFlags flNewProtect, out uint lpflOldProtect);
public static IntPtr OpenProcessHandle(Process process, ProcessAccessFlags flags)
{
return(OpenProcess(flags, false, process.Id));
}
private static IntPtr OpenProcess(Process proc, ProcessAccessFlags flags) => OpenProcess(flags, false, proc.Id);
private static extern IntPtr OpenProcess(ProcessAccessFlags desiredAccess,
[MarshalAs(UnmanagedType.Bool)] bool inheritHandle, int processId);
private static extern IntPtr OpenProcess(ProcessAccessFlags processAccess, bool bInheritHandle, uint processId);
internal static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public static SafeProcessHandle OpenProcessHandle(ProcessAccessFlags desiredAccess, bool inheritHandle, int processId)
{
var handle = OpenProcess(desiredAccess, inheritHandle, processId);
var error = GetLastError();
if (handle == IntPtr.Zero)
throw new Exception(String.Format(
"Failed to open process: Error {0:x8}", error
));
return new SafeProcessHandle(handle);
}
internal static void OpenProcess(int pId, ProcessAccessFlags ProcessAccess = ProcessAccessFlags.All)
{
ProcessHandle = NativeMethods.OpenProcess(ProcessAccess, false, pId);
HandleIT();
}
private SafeProcessHandle OpenProcessHandle(out ProcessAccessFlags flags)
{
// Try to open a handle to the process with the highest level of privilege, but if we can't
// do that then fallback to requesting access with a lower privilege level.
flags = ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VmRead;
SafeProcessHandle handle;
handle = NativeMethods.OpenProcess(flags, false, _processId);
if (!handle.IsInvalid)
return handle;
flags = ProcessAccessFlags.QueryLimitedInformation;
handle = NativeMethods.OpenProcess(flags, false, _processId);
if (handle.IsInvalid)
flags = ProcessAccessFlags.None;
return handle;
}
public static extern IntPtr OpenProcess(ProcessAccessFlags processAccess, bool bInheritHandle, int processId);
private static extern IntPtr UnmanagedOpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
public static IntPtr OpenProcess(Process process, ProcessAccessFlags flags)
{
return OpenProcess(flags, false, process.Id);
}
public static extern bool SetPrivilege(HANDLE token, ProcessAccessFlags Privilege, bool EnablePrivilege);
/// <summary>
/// Opens an existing local process object.
/// </summary>
/// <param name="accessFlags">The access level to the process object.</param>
/// <param name="processId">The identifier of the local process to be opened.</param>
/// <returns>An open handle to the specified process.</returns>
public static SafeMemoryHandle OpenProcess(ProcessAccessFlags accessFlags, int processId)
{
// Get an handle from the remote process
var handle = NativeMethods.OpenProcess(accessFlags, false, processId);
// Check whether the handle is valid
if (!handle.IsInvalid && !handle.IsClosed)
return handle;
// Else the handle isn't valid, throws an exception
throw new Win32Exception(string.Format("Couldn't open the process {0}.", processId));
}
internal static extern IntPtr OpenProcess(ProcessAccessFlags desiredAccess, bool inheritHandle, int processId);
static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public SafeProcessHandle OpenHandle(ProcessAccessFlags flags)
{
return(Win32.OpenProcessHandle(flags, false, Process.Id));
}
