protected override Attribute LookForAnnotation(MemberInfo method)
{
Attribute annotation = base.LookForAnnotation(method);
if (annotation != null)
{
return(annotation);
}
NoProxyAttribute noProxy = AnnotationUtil.GetAnnotation <NoProxyAttribute>(method, false);
if (noProxy != null)
{
return(noProxy);
}
ProcessAttribute process = AnnotationUtil.GetAnnotation <ProcessAttribute>(method, false);
if (process != null)
{
return(process);
}
FindAttribute find = AnnotationUtil.GetAnnotation <FindAttribute>(method, false);
if (find != null)
{
return(find);
}
MergeAttribute merge = AnnotationUtil.GetAnnotation <MergeAttribute>(method, false);
if (merge != null)
{
return(merge);
}
return(AnnotationUtil.GetAnnotation <RemoveAttribute>(method, false));
}
private ProcessAttribute GetProcess(string processName)
{
ProcessAttribute pp = new ProcessAttribute();
Process[] processes = Process.GetProcessesByName(processName);
//exist
if (processes.Length > 0)
{
foreach (Process p in processes)
{
pp.PID = p.Id;
PerformanceCounter ramUse = new PerformanceCounter("Process", "Working Set - Private", p.ProcessName);
pp.MemoryUsed = Math.Round(ramUse.NextValue() / 1024 / 1024, 1);
pp.StartTime = p.StartTime;
pp.ProcessTotalTime = p.TotalProcessorTime;
}
return(pp);
}
//not exist
else
{
return(null);
}
}
static void Main()
{
SetTokenPriv.EnablePrivilege();
//using var _ = new ApplicationPrivilege(new[] {
// TokenPrivilegeValue.SeAssignPrimaryTokenPrivilege,
// TokenPrivilegeValue.SeTakeOwnershipPrivilege,
// TokenPrivilegeValue.SeLoadDriverPrivilege,
// TokenPrivilegeValue.SeSecurityPrivilege,
// TokenPrivilegeValue.SeTcbPrivilege,
// TokenPrivilegeValue.SeBackupPrivilege,
// TokenPrivilegeValue.SeRestorePrivilege,
//});
//WaitForDebugger();
using var evt = NtEvent.Create(null, EventType.NotificationEvent, false);
using var job = NtJob.CreateServerSilo(SiloObjectRootDirectoryControlFlags.All, @"C:\Windows", evt, false);
using (var root = NtDirectory.Open(job.SiloRootDirectory)) {
Console.WriteLine(root);
SetupRootDirectory(root);
}
//Debugger.Break();
//NotifySM(job, 7);
//ProcessExtensions.GetSessionUserToken(out var tok);
var config = new NtProcessCreateConfig {
ImagePath = @"\SystemRoot\System32\cmd.exe",
ConfigImagePath = @"C:\Windows\System32\cmd.exe",
CurrentDirectory = @"C:\Windows\System32",
WindowTitle = "Demo",
ParentProcess = NtProcess.Current,
TerminateOnDispose = true,
ThreadFlags = ThreadCreateFlags.Suspended,
};
config.AddAttribute(ProcessAttribute.JobList(new[] { job }));
using var proc = NtProcess.Create(config);
proc.Thread.Resume();
proc.Process.Wait().ToNtException();
Console.WriteLine($"status: {proc.Process.ExitNtStatus}");
}
private ProcessAttribute GetServiceInfo(ServiceController scTemp)
{
ProcessAttribute pp = new ProcessAttribute();
ManagementObject service = new ManagementObject(@"Win32_service.Name='" + scTemp.ServiceName + "'");
object o = service.GetPropertyValue("ProcessId");
int processId = (int)((UInt32)o);
pp.PID = processId;
//Services -> Process
Process toMonitor = Process.GetProcessById(processId);
PerformanceCounter ramUse = new PerformanceCounter("Process", "Working Set - Private", toMonitor.ProcessName);
pp.MemoryUsed = Math.Round(ramUse.NextValue() / 1024 / 1024, 1);
pp.StartTime = toMonitor.StartTime;
pp.ProcessTotalTime = toMonitor.TotalProcessorTime;
return(pp);
}
