Exemplo n.º 1
0
        private void openDllSelector_Click(object sender, EventArgs e)
        {
            moduleWindowTargetProcess = ProcessList.SelectedItems[0].Tag as ProcessListItem;
            ModuleWindow mw = new ModuleWindow()
            {
                StartPosition = FormStartPosition.CenterParent
            };

            mw.ShowDialog();
        }
Exemplo n.º 2
0
        public string GetName(Guid processId)
        {
            if (!managedProcesses.ContainsKey(processId))
            {
                return(null);
            }

            ProcessListItem item = managedProcesses[processId];

            return(item.Configuration.Name);
        }
Exemplo n.º 3
0
        public bool Restart(Guid processId)
        {
            if (!managedProcesses.ContainsKey(processId))
            {
                return(false);
            }

            ProcessListItem item = managedProcesses[processId];

            Stop(processId);
            item.Process.WaitForExit();
            return(Start(processId));
        }
Exemplo n.º 4
0
        private void dumpMainModule_Click(object sender, EventArgs e)
        {
            logsTextBox.AppendText(@"[*] Dumping main module..." + Environment.NewLine);
            if (c.HasValidHandle())
            {
                ProcessListItem targetProcess = ProcessList.SelectedItems[0].Tag as ProcessListItem;

                if (targetProcess == null)
                {
                    return;
                }

                Task.Run(() =>
                {
                    if (new Dumper(c).DumpProcess(targetProcess, out PEFile peFile))
                    {
                        Invoke(new Action(() =>
                        {
                            using (SaveFileDialog sfd = new SaveFileDialog())
                            {
                                sfd.FileName = targetProcess.ProcessName.Replace(".exe", "_dump.exe");
                                sfd.Filter   = @"Executable File (.exe)|*.exe";

                                if (sfd.ShowDialog() == DialogResult.OK)
                                {
                                    peFile.SaveToDisk(sfd.FileName);
                                    logsTextBox.AppendText(@"[+] Saved dump to disk!" + Environment.NewLine);
                                    logsTextBox.AppendText(@"[+] Successfully dumped " + targetProcess.ProcessName + "!" + Environment.NewLine);
                                }
                                else
                                {
                                    logsTextBox.AppendText(@"[!] Dumping aborted!" + Environment.NewLine);
                                }
                            }
                        }));
                    }
                    else
                    {
                        Invoke(new Action(() =>
                        {
                            logsTextBox.AppendText(@"[-] Unknown error with Dumper!" + Environment.NewLine);
                            MessageBox.Show(@"Unable to dump target process !", @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }));
                    }
                });
            }
            else
            {
                //MessageBox.Show("Unable to communicate with driver ! Make sure it is loaded.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }
Exemplo n.º 5
0
        private void StartedProcess_Exited(ProcessListItem item, EventArgs e)
        {
            processOutputService.AddInternalOutput(item.Configuration.ID, $"Process exited with code: {item.Process.ExitCode}");

            item.Process.CancelErrorRead();
            item.Process.CancelOutputRead();

            if (!item.ExitSignaled && item.Configuration.AutoRestart && item.Process.ExitCode != 0)
            {
                Task.Delay(1000).ContinueWith(task => Start(item.Configuration.ID));
            }

            item.ExitSignaled = false;
        }
Exemplo n.º 6
0
 public TaskManagerViewModel(Action <ProcessPriorityClass?> selectRadio)
 {
     _selectRadio       = selectRadio;
     ProcessList        = new ObservableCollection <ProcessListItem>(Process.GetProcesses().Select(p => new ProcessListItem(p)));
     SelectedProcess    = ProcessList[0];
     PriorityChanged    = new PriorityChanged(this);
     RefreshList        = new RefreshList(this);
     DeleteProcess      = new DeleteProcess();
     RunProcess         = new RunProcess();
     UpdateSpeedChanged = new UpdateSpeedChanged(async(r) =>
     {
         _refreshRate = r;
         await StartRefresh();
     });
 }
Exemplo n.º 7
0
        public bool DumpProcess(ProcessListItem processListItem, out PEFile outputFile)
        {
            IntPtr           basePointer = (IntPtr)processListItem.MainModuleBase;
            IMAGE_DOS_HEADER dosHeader   = ReadProcessStruct <IMAGE_DOS_HEADER>(processListItem.ProcessId, basePointer);

            outputFile = default;

            if (dosHeader.IsValid)
            {
                IntPtr peHeaderPointer = basePointer + dosHeader.e_lfanew;

                IntPtr dosStubPointer = basePointer + Marshal.SizeOf <IMAGE_DOS_HEADER>();
                byte[] dosStub        = ReadProcessBytes(processListItem.ProcessId, dosStubPointer, dosHeader.e_lfanew - Marshal.SizeOf <IMAGE_DOS_HEADER>());

                var peFile = !processListItem.ImageType ?
                             Dump64BitPE(processListItem.ProcessId, dosHeader, dosStub, peHeaderPointer) :
                             Dump32BitPE(processListItem.ProcessId, dosHeader, dosStub, peHeaderPointer);

                if (peFile != default(PEFile))
                {
                    IntPtr sectionHeaderPointer = peHeaderPointer + peFile.GetFirstSectionHeaderOffset();

                    for (int i = 0; i < peFile.Sections.Length; i++)
                    {
                        IMAGE_SECTION_HEADER sectionHeader = ReadProcessStruct <IMAGE_SECTION_HEADER>(processListItem.ProcessId, sectionHeaderPointer);
                        peFile.Sections[i] = new PESection
                        {
                            Header      = PESection.PESectionHeader.FromNativeStruct(sectionHeader),
                            InitialSize = (int)sectionHeader.VirtualSize
                        };

                        ReadSectionContent(processListItem.ProcessId, new IntPtr(basePointer.ToInt64() + sectionHeader.VirtualAddress), peFile.Sections[i]);
                        sectionHeaderPointer += Marshal.SizeOf <IMAGE_SECTION_HEADER>();
                    }

                    //Logger.Log("Aligning Sections...");
                    peFile.AlignSectionHeaders();

                    //Logger.Log("Fixing PE Header...");
                    peFile.FixPEHeader();

                    //Logger.Log("Dump Completed !");
                    outputFile = peFile;
                    return(true);
                }
            }
            return(false);
        }
Exemplo n.º 8
0
        public bool FdGetProcessList(out ProcessListItem[] result)
        {
            result = Array.Empty <ProcessListItem>();

            ulong processListSize = FdGetProcessListSize();

            if (processListSize <= 0)
            {
                return(false);
            }

            IntPtr processListPtr            = MarshalUtility.AllocZeroFilled((int)processListSize);
            KERNEL_PROCESS_LIST_REQUEST kplr = new KERNEL_PROCESS_LIST_REQUEST
            {
                ProcessListPtr  = (ulong)processListPtr.ToInt64(),
                ProcessListSize = processListSize
            };
            IntPtr kplrPointer = MarshalUtility.CopyStructToMemory(kplr);
            int    klprSize    = Marshal.SizeOf <KERNEL_PROCESS_LIST_REQUEST>();

            if (DeviceIoControl(hDriver, IO_PROCESS_LIST_REQUEST, kplrPointer, klprSize, kplrPointer, klprSize, IntPtr.Zero, IntPtr.Zero))
            {
                kplr = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_REQUEST>(kplrPointer);

                if (kplr.ProcessListCount > 0)
                {
                    byte[] managedBuffer = new byte[processListSize];
                    Marshal.Copy(processListPtr, managedBuffer, 0, (int)processListSize);
                    Marshal.FreeHGlobal(processListPtr);

                    result = new ProcessListItem[kplr.ProcessListCount];

                    using (BinaryReader reader = new BinaryReader(new MemoryStream(managedBuffer)))
                    {
                        for (int i = 0; i < result.Length; i++)
                        {
                            result[i] = ProcessListItem.FromByteStream(reader);
                        }
                    }
                    return(true);
                }
            }

            return(false);
        }
Exemplo n.º 9
0
 public void SelectedItemChanged(object sender, SelectedCellsChangedEventArgs e)
 {
     if (e.AddedCells.Count == 0)
     {
         return;
     }
     SelectedProcess = e.AddedCells[0].Item as ProcessListItem;
     try
     {
         if (SelectedProcess != null && SelectedProcess.Proc.HasExited)
         {
             ProcessList.Remove(SelectedProcess);
             return;
         }
     }
     catch { }
     DisplayDetails();
 }
Exemplo n.º 10
0
        public bool Stop(Guid processId)
        {
            if (!managedProcesses.ContainsKey(processId))
            {
                return(false);
            }

            ProcessListItem item = managedProcesses[processId];

            if (item.Process == null || item.Process.HasExited)
            {
                return(false);
            }

            item.ExitSignaled = true;
            item.Process.Kill();
            return(true);
        }
Exemplo n.º 11
0
        public bool SendInput(Guid processId, string data)
        {
            if (!managedProcesses.ContainsKey(processId))
            {
                return(false);
            }

            ProcessListItem item = managedProcesses[processId];

            if (item.Process == null || item.Process.HasExited)
            {
                return(false);
            }

            // TODO: try/catch?
            item.Process.StandardInput.WriteLine(data);
            return(true);
        }
Exemplo n.º 12
0
        public void DoRefresh()
        {
            //Remove Old Processes
            var processesToRemove = new List <ProcessListItem>();

            foreach (var processListItem in ProcessList)
            {
                try
                {
                    if (processListItem.Proc.HasExited)
                    {
                        processesToRemove.Add(processListItem);
                    }
                }
                catch
                {
                }
            }
            Application.Current.Dispatcher?.Invoke(() => processesToRemove.ForEach(p => ProcessList.Remove(p)));

            //Add new Processes
            var currentProcesses = Process.GetProcesses();
            var processesToAdd   = new List <ProcessListItem>();

            foreach (var process in currentProcesses)
            {
                if (!ProcessList.Select(p => p.Id).Contains(process.Id))
                {
                    processesToAdd.Add(new ProcessListItem(process));
                }
            }
            Application.Current.Dispatcher?.Invoke(() => processesToAdd.ForEach(p => ProcessList.Add(p)));

            //Update Selected Process
            if (!ProcessList.Contains(SelectedProcess))
            {
                SelectedProcess = ProcessList[0];
            }
            Application.Current.Dispatcher?.Invoke(DisplayDetails);
        }
Exemplo n.º 13
0
 public DetailedProcessInfo(ProcessListItem process)
 {
     InitializeComponent();
     FillInData(new DetailedProcessInfoModel(process));
 }
Exemplo n.º 14
0
 protected override void OnMouseClick(MouseEventArgs e)
 {
     if (!AllowSelect) return;
     foreach (ListItem item in Items) {
         Rectangle rect = new Rectangle(item.Location, item.Size);
         rect.Offset(0, -mCurrentY);
         if (rect.Contains(e.Location)) {
             SelectedItem = (ProcessListItem)item;
         }
     }
     Invalidate();
     base.OnMouseClick(e);
 }
Exemplo n.º 15
0
 public void AddItem(ProcessListItem item)
 {
     mItems.Add(item);
     item.IconSize = mIconSize;
     Invalidate();
 }
Exemplo n.º 16
0
        public bool Start(Guid processId)
        {
            if (!managedProcesses.ContainsKey(processId))
            {
                return(false);
            }

            ProcessListItem item          = managedProcesses[processId];
            ManagedProcess  configuration = item.Configuration;

            if (item.Process != null)
            {
                if (!item.Process.HasExited)
                {
                    return(false);
                }
            }
            else
            {
                ProcessStartInfo startInfo = new ProcessStartInfo(configuration.FileName);

                if (!string.IsNullOrWhiteSpace(configuration.Args))
                {
                    startInfo.Arguments = configuration.Args;
                }

                if (!string.IsNullOrWhiteSpace(configuration.WorkingDirectory))
                {
                    startInfo.WorkingDirectory = configuration.WorkingDirectory;
                }

                if (!string.IsNullOrWhiteSpace(configuration.Username) && !string.IsNullOrWhiteSpace(configuration.Password))
                {
                    startInfo.UserName            = configuration.Username;
                    startInfo.PasswordInClearText = configuration.Password;
                }

                startInfo.CreateNoWindow  = true;
                startInfo.UseShellExecute = false;

                startInfo.StandardErrorEncoding  = Encoding.UTF8;
                startInfo.StandardInputEncoding  = Encoding.UTF8;
                startInfo.StandardOutputEncoding = Encoding.UTF8;

                startInfo.RedirectStandardError  = true;
                startInfo.RedirectStandardInput  = true;
                startInfo.RedirectStandardOutput = true;

                Process startedProcess = new Process();
                startedProcess.StartInfo = startInfo;

                startedProcess.OutputDataReceived += (source, ea) => processOutputService.AddStandardOutput(configuration.ID, ea.Data);
                startedProcess.ErrorDataReceived  += (source, ea) => processOutputService.AddErrorOutput(configuration.ID, ea.Data);

                startedProcess.EnableRaisingEvents = true;
                startedProcess.Exited += (source, ea) => StartedProcess_Exited(item, ea);

                item.Process = startedProcess;
            }

            bool result;

            try
            {
                result = item.Process.Start();
                if (result)
                {
                    item.Process.StandardInput.AutoFlush = true;

                    item.Process.BeginErrorReadLine();
                    item.Process.BeginOutputReadLine();
                }
            }
            catch (Exception ex)
            {
                result = false;
                processOutputService.AddInternalOutput(configuration.ID, $"Process failed to start with exception: {ex.Message} ({ex.GetType().FullName})");
            }

            return(result);
        }