internal void LoadProcessByProcessId(int pid)
{
try
{
ConfigureSymbols();
var processes = COMUtilities.LoadProcesses(new int[] { pid }, this, m_registry);
if (!processes.Any())
{
throw new ArgumentException(string.Format("Process {0} has not initialized COM, or is inaccessible", pid));
}
HostControl(new PropertiesControl(m_registry, string.Format("Process {0}", pid), processes.First()));
}
catch (Exception ex)
{
Program.ShowError(this, ex);
}
}
private void menuFileOpenViewer_Click(object sender, EventArgs e)
{
try
{
if (Environment.Is64BitProcess)
{
Process.Start(COMUtilities.Get32bitExePath()).Close();
}
else
{
Process.Start(COMUtilities.GetExePath()).Close();
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private async void toObjectToolStripMenuItem_Click(object sender, EventArgs e)
{
COMIPIDEntry ipid = GetSelectedIpid();
if (ipid != null)
{
try
{
await EntryPoint.GetMainForm(m_registry).OpenObjectInformation(
COMUtilities.UnmarshalObject(ipid.ToObjref()),
String.Format("IPID {0}", ipid.Ipid));
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
}
private void SetupIPIDEntry(COMIPIDEntry obj)
{
textBoxIPID.Text = obj.Ipid.FormatGuid();
textBoxIPIDIID.Text = obj.Iid.FormatGuid();
textBoxIPIDIIDName.Text = m_registry.MapIidToInterface(obj.Iid).Name;
textBoxIPIDFlags.Text = obj.Flags.ToString();
textBoxIPIDInterface.Text = String.Format("0x{0:X}", obj.Interface.ToInt64());
textBoxIPIDInterfaceVTable.Text = GetStringValue(obj.InterfaceVTable);
textBoxIPIDStub.Text = String.Format("0x{0:X}", obj.Stub.ToInt64());
textBoxIPIDStubVTable.Text = GetStringValue(obj.StubVTable);
textBoxIPIDOXID.Text = obj.Oxid.FormatGuid();
textBoxIPIDReferences.Text = String.Format("Strong: {0}, Weak: {1}, Private: {2}",
obj.StrongRefs, obj.WeakRefs, obj.PrivateRefs);
textBoxIPIDProcessId.Text = COMUtilities.GetProcessIdFromIPid(obj.Ipid).ToString();
textBoxIPIDApartment.Text = COMUtilities.GetApartmentIdStringFromIPid(obj.Ipid);
textBoxIPIDStaHwnd.Text = String.Format("0x{0:X}", obj.ServerSTAHwnd.ToInt64());
tabControlProperties.TabPages.Add(tabPageIPID);
}
public SymbolResolver(string dbghelp_path, SafeProcessHandle process, string symbol_path)
{
_process = process.DangerousGetHandle();
_dbghelp_lib = COMUtilities.SafeLoadLibrary(dbghelp_path);
GetFunc(ref _sym_init);
GetFunc(ref _sym_cleanup);
GetFunc(ref _sym_from_name);
GetFunc(ref _sym_set_options);
GetFunc(ref _sym_enum_modules);
GetFunc(ref _sym_from_addr);
GetFunc(ref _sym_get_module_info);
GetFunc(ref _sym_load_module);
_sym_set_options(SymOptions.INCLUDE_32BIT_MODULES | SymOptions.UNDNAME | SymOptions.DEFERRED_LOADS);
if (!_sym_init(_process, symbol_path, true))
{
// If SymInitialize failed then we'll have to bootstrap modules manually.
if (!_sym_init(_process, symbol_path, false))
{
throw new Win32Exception();
}
IntPtr[] modules = new IntPtr[1024];
int return_length;
if (EnumProcessModulesEx(process, modules, modules.Length * IntPtr.Size, out return_length,
process.Is64Bit ? EnumProcessModulesFilter.LIST_MODULES_64BIT : EnumProcessModulesFilter.LIST_MODULES_32BIT))
{
foreach (IntPtr module in modules.Take(return_length / IntPtr.Size))
{
StringBuilder dllpath = new StringBuilder(260);
if (GetModuleFileNameEx(process, module, dllpath, dllpath.Capacity) > 0)
{
if (_sym_load_module(_process, IntPtr.Zero, dllpath.ToString(),
Path.GetFileNameWithoutExtension(dllpath.ToString()), module.ToInt64(), 0) == 0)
{
System.Diagnostics.Debug.WriteLine(String.Format("Couldn't load {0}", dllpath));
}
}
}
}
}
}
public AutoSaveLoadConfiguration()
{
if (Environment.Is64BitProcess)
{
AutoLoad = Properties.Settings.Default.EnableLoadOnStart64;
AutoSave = Properties.Settings.Default.EnableSaveOnExit64;
DatabasePath = Properties.Settings.Default.DatabasePath64;
}
else
{
AutoLoad = Properties.Settings.Default.EnableLoadOnStart32;
AutoSave = Properties.Settings.Default.EnableSaveOnExit32;
DatabasePath = Properties.Settings.Default.DatabasePath32;
}
if (string.IsNullOrWhiteSpace(DatabasePath))
{
DatabasePath = COMUtilities.GetAutoSaveLoadPath();
}
}
internal COMCLSIDElevationEntry(RegistryKey key, RegistryKey vso_key, bool auto_approval)
{
Enabled = COMUtilities.ReadIntFromKey(key, null, "Enabled") != 0;
IconReference = COMUtilities.ReadStringFromKey(key, null, "IconReference");
HashSet <Guid> vsos = new HashSet <Guid>();
if (vso_key != null)
{
foreach (string value in vso_key.GetValueNames())
{
if (COMUtilities.IsValidGUID(value))
{
vsos.Add(new Guid(value));
}
}
}
AutoApproval = auto_approval;
VirtualServerObjects = new List <Guid>(vsos).AsReadOnly();
}
private void menuViewStorage_Click(object sender, EventArgs e)
{
try
{
using (OpenFileDialog dlg = new OpenFileDialog())
{
dlg.Filter = "All Files (*.*)|*.*";
if (dlg.ShowDialog(this) == DialogResult.OK)
{
IStorage stg = COMUtilities.StgOpenStorage(dlg.FileName, null, STGM.READ | STGM.SHARE_DENY_WRITE, IntPtr.Zero, 0);
HostControl(new StorageViewer(stg, Path.GetFileName(dlg.FileName)));
}
}
}
catch (Exception ex)
{
Program.ShowError(this, ex, true);
}
}
internal void LoadIPid(Guid ipid)
{
try
{
ConfigureSymbols();
var proc = COMUtilities.LoadProcesses(new int[] { COMUtilities.GetProcessIdFromIPid(ipid) }, this).FirstOrDefault();
if (proc != null)
{
COMIPIDEntry ipid_entry = proc.Ipids.Where(e => e.Ipid == ipid).FirstOrDefault();
if (ipid_entry != null)
{
HostControl(new PropertiesControl(m_registry, string.Format("IPID: {0}", ipid.FormatGuid()), ipid_entry));
}
}
}
catch (Exception ex)
{
Program.ShowError(this, ex);
}
}
static string TypeToText(Type t)
{
StringBuilder builder = new StringBuilder();
builder.AppendFormat("Name: {0}", t.Name).AppendLine();
builder.AppendFormat("IID: {0}", t.GUID).AppendLine();
builder.AppendLine("{");
foreach (MemberInfo mi in t.GetMembers())
{
String name = COMUtilities.MemberInfoToString(mi);
if (!String.IsNullOrWhiteSpace(name))
{
builder.Append(" ");
builder.AppendLine(name);
}
}
builder.AppendLine("}");
return(builder.ToString());
}
internal COMCLSIDElevationEntry(RegistryKey key, RegistryKey vso_key, bool auto_approval)
{
Enabled = COMUtilities.ReadInt(key, null, "Enabled") != 0;
IconReference = COMUtilities.ReadString(key, null, "IconReference");
HashSet <Guid> vsos = new HashSet <Guid>();
if (vso_key != null)
{
foreach (string value in vso_key.GetValueNames())
{
Guid guid;
if (Guid.TryParse(value, out guid))
{
vsos.Add(guid);
}
}
}
AutoApproval = auto_approval;
VirtualServerObjects = new List <Guid>(vsos).AsReadOnly();
}
private void LoadFromKey(RegistryKey key)
{
var custom_properties = new Dictionary <string, string>();
using (var prop_key = key.OpenSubKeySafe("CustomProperties"))
{
if (prop_key != null)
{
foreach (var value_name in prop_key.GetValueNames())
{
custom_properties[value_name] = prop_key.GetValue(value_name).ToString();
}
}
}
CustomProperties = custom_properties;
Description = COMUtilities.ReadString(key, null, "Description");
DisplayName = COMUtilities.ReadString(key, null, "DisplayName");
Icon = COMUtilities.ReadString(key, null, "Icon");
Vendor = COMUtilities.ReadString(key, null, "Vendor");
}
private void menuStorageNewStorage_Click(object sender, EventArgs e)
{
try
{
using (SaveFileDialog dlg = new SaveFileDialog())
{
dlg.Filter = STORAGE_FILTER;
if (dlg.ShowDialog(this) == DialogResult.OK)
{
Guid iid = typeof(IStorage).GUID;
IStorage stg = COMUtilities.StgCreateStorageEx(dlg.FileName,
STGM.SHARE_EXCLUSIVE | STGM.READWRITE, STGFMT.Storage, 0, null, IntPtr.Zero, ref iid);
HostControl(new StorageViewer(stg, Path.GetFileName(dlg.FileName), false));
}
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex, true);
}
}
private async void menuObjectFromMarshalledStream_Click(object sender, EventArgs e)
{
using (OpenFileDialog dlg = new OpenFileDialog())
{
dlg.Filter = "All Files (*.*)|*.*";
if (dlg.ShowDialog(this) == DialogResult.OK)
{
try
{
byte[] data = File.ReadAllBytes(dlg.FileName);
object comObj = COMUtilities.UnmarshalObject(data);
await OpenObjectInformation(comObj, String.Format("Unmarshalled {0}", Path.GetFileName(dlg.FileName)));
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString(), "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
private void LoadProcesses <TKey>(Func <COMProcessEntry, TKey> orderby_selector)
{
if (!Properties.Settings.Default.SymbolsConfigured)
{
if (MessageBox.Show(this, "Symbol support has not been configured, would you like to do that now?",
"Configure Symbols", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
using (ConfigureSymbolsForm frm = new ConfigureSymbolsForm())
{
frm.ShowDialog(this);
}
}
}
IEnumerable <COMProcessEntry> processes = COMUtilities.LoadProcesses(this);
if (processes != null && processes.Count() > 0)
{
OpenView(COMRegistryViewer.DisplayMode.Processes, processes.OrderBy(orderby_selector));
}
}
private void LoadFromKey(RegistryKey key)
{
Clsid = COMUtilities.ReadGuidFromKey(key, null, "CLSID");
ActivationType = (ActivationType)COMUtilities.ReadIntFromKey(key, null, "ActivationType");
TrustLevel = (TrustLevel)COMUtilities.ReadIntFromKey(key, null, "TrustLevel");
Threading = COMUtilities.ReadIntFromKey(key, null, "Threading");
DllPath = COMUtilities.ReadStringFromKey(key, null, "DllPath");
Server = COMUtilities.ReadStringFromKey(key, null, "Server");
Permissions = string.Empty;
byte[] permissions = key.GetValue("Permissions", new byte[0]) as byte[];
if (permissions != null && permissions.Length > 0)
{
try
{
Permissions = COMSecurity.GetStringSDForSD(permissions);
}
catch (Win32Exception)
{
}
}
}
public object CreateClassFactory(string server)
{
IntPtr obj;
Guid iid = COMInterfaceEntry.IID_IUnknown;
Guid clsid = Clsid;
COSERVERINFO server_info = server != null ? new COSERVERINFO(server) : null;
int hr = COMUtilities.CoGetClassObject(ref clsid, server_info != null ? CLSCTX.REMOTE_SERVER
: CreateContext, server_info, ref iid, out obj);
if (hr != 0)
{
Marshal.ThrowExceptionForHR(hr);
}
object ret = Marshal.GetObjectForIUnknown(obj);
Marshal.Release(obj);
return(ret);
}
private IMoniker ParseMoniker(IBindCtx bind_context, string moniker_string)
{
if (moniker_string == "new")
{
Guid IID_IUnknown = COMInterfaceEntry.IID_IUnknown;
IntPtr unk;
int hr = COMUtilities.CoCreateInstance(ref CLSID_NewMoniker, IntPtr.Zero, CLSCTX.INPROC_SERVER, ref IID_IUnknown, out unk);
if (hr != 0)
{
Marshal.ThrowExceptionForHR(hr);
}
try
{
return((IMoniker)Marshal.GetObjectForIUnknown(unk));
}
finally
{
Marshal.Release(unk);
}
}
else
{
if (moniker_string.StartsWith("file:", StringComparison.OrdinalIgnoreCase) ||
moniker_string.StartsWith("http:", StringComparison.OrdinalIgnoreCase) ||
moniker_string.StartsWith("https:", StringComparison.OrdinalIgnoreCase))
{
IMoniker moniker;
int hr = COMUtilities.CreateURLMonikerEx(null, moniker_string, out moniker, CreateUrlMonikerFlags.Uniform);
if (hr != 0)
{
Marshal.ThrowExceptionForHR(hr);
}
return(moniker);
}
int eaten = 0;
return(COMUtilities.MkParseDisplayName(bind_context, moniker_string, out eaten));
}
}
void LoadROT(bool trusted_only)
{
IBindCtx bindCtx;
listViewROT.Items.Clear();
try
{
bindCtx = COMUtilities.CreateBindCtx(trusted_only ? 1U : 0U);
IRunningObjectTable rot;
IEnumMoniker enumMoniker;
IMoniker[] moniker = new IMoniker[1];
bindCtx.GetRunningObjectTable(out rot);
rot.EnumRunning(out enumMoniker);
while (enumMoniker.Next(1, moniker, IntPtr.Zero) == 0)
{
string strDisplayName;
moniker[0].GetDisplayName(bindCtx, null, out strDisplayName);
Guid clsid = COMUtilities.GetObjectClass(moniker[0]);
ListViewItem item = listViewROT.Items.Add(strDisplayName);
item.Tag = new MonikerInfo(strDisplayName, clsid, moniker[0]);
if (m_registry.Clsids.ContainsKey(clsid))
{
item.SubItems.Add(m_registry.Clsids[clsid].Name);
}
else
{
item.SubItems.Add(clsid.FormatGuid());
}
}
}
catch (Exception e)
{
EntryPoint.ShowError(this, e);
}
listViewROT.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
}
private void btnSaveStream_Click(object sender, EventArgs e)
{
using (SaveFileDialog dlg = new SaveFileDialog())
{
dlg.Filter = "All Files (*.*)|*.*";
if (dlg.ShowDialog(this) == DialogResult.OK)
{
try
{
using (Stream stm = File.Open(dlg.FileName, FileMode.Create, FileAccess.ReadWrite))
{
COMUtilities.OleSaveToStream(m_pObject, stm);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
private void menuFileOpenPowershell_Click(object sender, EventArgs e)
{
try
{
string temp_file = Path.GetTempFileName();
m_registry.Save(temp_file);
string startup_script = Path.Combine(COMUtilities.GetAppDirectory(), "Startup-Module.ps1");
if (!File.Exists(startup_script))
{
throw new ArgumentException("PowerShell startup script is missing");
}
using (Process.Start("powershell.exe", $"-NoExit -ExecutionPolicy Bypass -File \"{startup_script}\" \"{temp_file}\" -DeleteFile"))
{
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void menuStorageOpenStorage_Click(object sender, EventArgs e)
{
try
{
using (OpenFileDialog dlg = new OpenFileDialog())
{
dlg.ShowReadOnly = true;
dlg.ReadOnlyChecked = true;
dlg.Filter = STORAGE_FILTER;
if (dlg.ShowDialog(this) == DialogResult.OK)
{
IStorage stg = COMUtilities.StgOpenStorage(dlg.FileName, null, GetStorageAccess(dlg.ReadOnlyChecked), IntPtr.Zero, 0);
HostControl(new StorageViewer(stg, Path.GetFileName(dlg.FileName), dlg.ReadOnlyChecked));
}
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex, true);
}
}
private void viewTypeLibraryToolStripMenuItem_Click(object sender, EventArgs e)
{
TreeNode node = treeComRegistry.SelectedNode;
if (node != null)
{
COMTypeLibVersionEntry ent = node.Tag as COMTypeLibVersionEntry;
if (ent == null)
{
COMCLSIDEntry clsid = node.Tag as COMCLSIDEntry;
COMProgIDEntry progid = node.Tag as COMProgIDEntry;
if (progid != null)
{
clsid = m_reg.MapClsidToEntry(progid.Clsid);
}
if (clsid != null && m_reg.Typelibs.ContainsKey(clsid.TypeLib))
{
ent = m_reg.Typelibs[clsid.TypeLib].Versions.First();
}
}
if (ent != null)
{
try
{
Assembly typeLibary = COMUtilities.LoadTypeLib(ent.NativePath);
TypeLibControl view = new TypeLibControl(ent, typeLibary);
Program.GetMainForm().HostControl(view);
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString(), "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
public static extern void SHCreateStreamOnFile(string pszFile, COMUtilities.STGM grfMode, out IntPtr ppStm);
