Exemplo n.º 1
0
        private static IntPtr GetPeb32(IntPtr hProcess)
        {
            if (System.Environment.Is64BitProcess)
            {
                var ptr     = IntPtr.Zero;
                int res_len = 0;
                int pbiSize = IntPtr.Size;
                ProcessNativeMethods.NtQueryInformationProcess(
                    hProcess,
                    ProcessNativeMethods.ProcessWow64Information,
                    ref ptr,
                    pbiSize,
                    ref res_len);

                if (res_len != pbiSize)
                {
                    throw new Win32Exception("Unable to query process information.");
                }

                return(ptr);
            }
            else
            {
                return(GetPebNative(hProcess));
            }
        }
        public static Process GetParentProcess(this Process process)
        {
            IntPtr processHandle;

            if (!process.TryGetProcessHandle(out processHandle))
            {
                return(null);
            }

            var pbi = new ProcessNativeMethods.ProcessInformation();

            try
            {
                int returnLength;
                int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
                if (status != 0)
                {
                    throw new Win32Exception(status);
                }

                return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
            }
            catch
            {
                return(null);
            }
        }
Exemplo n.º 3
0
        /// <summary>
        /// Get parent process.
        /// </summary>
        public static Process GetParentProcess(this Process process, ITracer tracer)
        {
            IntPtr processHandle;

            if (!process.TryGetProcessHandle(out processHandle))
            {
                return(null);
            }

            var pbi = new ProcessNativeMethods.ProcessInformation();

            try
            {
                int returnLength;
                int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
                if (status != 0)
                {
                    throw new Win32Exception(status);
                }

                return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
            }
            catch (Exception ex)
            {
                if (!process.ProcessName.Equals("w3wp", StringComparison.OrdinalIgnoreCase))
                {
                    tracer.Trace("GetParentProcess of {0}({1}) failed with {2}", process.ProcessName, process.Id, ex);
                }
                return(null);
            }
        }
Exemplo n.º 4
0
        /// <summary>
        /// Get parent process.
        /// </summary>
        public static Process GetParentProcess(this Process process, ITracer tracer)
        {
            try
            {
                if (!OSDetector.IsOnWindows())
                {
                    return(process.GetParentProcessLinux(tracer));
                }

                IntPtr processHandle;
                if (!process.TryGetProcessHandle(out processHandle))
                {
                    return(null);
                }

                var pbi = new ProcessNativeMethods.ProcessInformation();
                int returnLength;
                int status = ProcessNativeMethods.NtQueryInformationProcess(processHandle, 0, ref pbi, Marshal.SizeOf(pbi), out returnLength);
                if (status != 0)
                {
                    throw new Win32Exception(status);
                }

                return(Process.GetProcessById(pbi.InheritedFromUniqueProcessId.ToInt32()));
            }
            catch (Exception ex)
            {
                var processName = process.SafeGetProcessName() ?? "(null)";
                if (!processName.Equals("w3wp", StringComparison.OrdinalIgnoreCase))
                {
                    tracer.TraceError(ex, "GetParentProcess of {0}({1}) failed.", processName, process.Id);
                }
                return(null);
            }
        }
Exemplo n.º 5
0
        private static IntPtr GetPebNative(IntPtr hProcess)
        {
            var pbi     = new ProcessNativeMethods.ProcessInformation();
            int res_len = 0;
            int pbiSize = Marshal.SizeOf(pbi);

            ProcessNativeMethods.NtQueryInformationProcess(
                hProcess,
                ProcessNativeMethods.ProcessBasicInformation,
                ref pbi,
                pbiSize,
                out res_len);

            if (res_len != pbiSize)
            {
                throw new Win32Exception("Unable to query process information.");
            }

            return(pbi.PebBaseAddress);
        }