/// <summary>Enumerates all pipes started by the ReClass.NET PipeServer.</summary> /// <param name="callbackProcess">The callback which gets called for every process.</param> public void EnumerateProcesses(EnumerateProcessCallback callbackProcess) { if (callbackProcess == null) { return; } foreach (var pipe in GetPipes()) { var platform = new DirectoryInfo(pipe).Parent?.Name ?? string.Empty; #if RECLASSNET64 if (platform.ToLower() == "x64") #else if (platform.ToLower() == "x86") #endif { var data = new EnumerateProcessData { Id = (IntPtr)pipe.GetHashCode(), Name = Path.GetFileName(pipe), Path = pipe }; callbackProcess(ref data); } } }
/// <summary>Opens a file browser dialog and reports the selected file.</summary> /// <param name="callbackProcess">The callback which gets called for the selected file.</param> public void EnumerateProcesses(EnumerateProcessCallback callbackProcess) { if (callbackProcess == null) { return; } using (var ofd = new OpenFileDialog()) { ofd.Filter = "All|*.*"; if (ofd.ShowDialog() == DialogResult.OK) { currentFile = ofd.FileName; var data = new EnumerateProcessData { Id = (IntPtr)currentFile.GetHashCode(), Name = Path.GetFileName(currentFile), Path = currentFile }; callbackProcess(ref data); } } }
public void EnumerateProcesses(EnumerateProcessCallback callbackProcess) { Process[] processes = Process.GetProcesses(); for (int i = 0; i < processes.Length; i++) { var Process = processes[i]; if (Process.Id == 0 || Process.Id == 4) { continue; } var Data = new EnumerateProcessData(); Data.Id = new IntPtr(Process.Id); try { Data.Name = Process.MainModule.ModuleName; Data.Path = Process.MainModule.FileName; } catch (Exception) { bool Fallback = Driver.GetProcessInfo(Process.Id, ref Data); if (!Fallback) { Data.Name = Process.ProcessName; } } callbackProcess.Invoke(ref Data); } }
/// <summary>Opens a file browser dialog and reports the selected file.</summary> /// <param name="callbackProcess">The callback which gets called for the selected file.</param> public void EnumerateProcesses(EnumerateProcessCallback callbackProcess) { if (callbackProcess == null) { return; } using (var ofd = new OpenFileDialog()) { ofd.Filter = "All|*.*"; if (ofd.ShowDialog() == DialogResult.OK) { currentFile = ofd.FileName; var data = new EnumerateProcessData { Id = (IntPtr)currentFile.GetHashCode(), Name = Path.GetFileName(currentFile), Path = currentFile }; // Parse index file into dictionary string IndexFilePath = Path.GetFullPath(currentFile); IndexFilePath += ".idx"; Console.WriteLine(IndexFilePath); parseIndexFile(IndexFilePath); callbackProcess(ref data); } } }
/// <summary>Enumerates all pipes started by the ReClass.NET PipeServer.</summary> /// <param name="callbackProcess">The callback which gets called for every process.</param> public void EnumerateProcesses(EnumerateProcessCallback callbackProcess) { if (callbackProcess == null) { return; } lock (sync) { processToClientMapping.Clear(); var validClients = new List <MessageClient>(); foreach (var pipePath in GetPipes()) { var client = GetOrCreateClientForPipe(pipePath); try { client.Send(new EnumerateProcessHandlesRequest()); var abusedProcessName = Path.GetFileName(pipePath); while (true) { var message = client.Receive(); if (message is StatusResponse) { break; } if (message is EnumerateProcessHandlesResponse phr) { var mapping = new ProcessClientMapping(phr.RemoteId, client); processToClientMapping.Add(mapping.GetHashCode(), mapping); var targetProcessName = Path.GetFileName(phr.Path); var data = new EnumerateProcessData { Id = (IntPtr)mapping.GetHashCode(), Name = $"{abusedProcessName} -> {targetProcessName}", Path = phr.Path }; callbackProcess(ref data); } } validClients.Add(client); } catch (Exception ex) { host.Logger.Log(ex); } } foreach (var dormant in clients.Values.Except(validClients)) { dormant.Dispose(); } clients.RemoveWhere(kv => !validClients.Contains(kv.Value)); } }
public bool GetProcessInfo(int ProcessId, ref EnumerateProcessData Data) { if (!IsLoaded()) { return(false); } KERNEL_PROCESS_PEB_INFO Request = new KERNEL_PROCESS_PEB_INFO(); Request.ProcessId = ProcessId; int BufferSize = Marshal.SizeOf(Request); IntPtr Buffer = Marshal.AllocHGlobal(BufferSize); Marshal.StructureToPtr(Request, Buffer, false); bool Result = DeviceIoControl(Handle, IO_PROCESS_PEB_INFO, Buffer, BufferSize, Buffer, BufferSize, out _, IntPtr.Zero); KERNEL_PROCESS_PEB_INFO Response = (KERNEL_PROCESS_PEB_INFO)Marshal.PtrToStructure(Buffer, typeof(KERNEL_PROCESS_PEB_INFO)); if (Result) { IntPtr PebAddress = Response.PebAddress; OutputDebugString("Process PEB is empty."); if (PebAddress == IntPtr.Zero) { return(false); } if (Response.IsWow64) { OutputDebugString("Getting 32bit process PEB " + PebAddress.ToString("X")); var Peb32 = ReadMemory <PEB32>(ProcessId, PebAddress); if (Peb32.Ldr == 0) { OutputDebugString("Process LDR is not initialised"); return(false); } var Ldr = ReadMemory <PEB_LDR_DATA32>(ProcessId, new IntPtr(Peb32.Ldr)); IntPtr Head = new IntPtr(Ldr.InLoadOrderModuleList.Flink); var Entry = ReadMemory <LDR_DATA_TABLE_ENTRY32>(ProcessId, Head); if (Entry.SizeOfImage == 0 || Entry.DllBase == 0) { return(false); } var FullDllName = ReadUnicodeString(ProcessId, new IntPtr(Entry.FullDllName.Buffer), Entry.FullDllName.Length); var BaseDllName = ReadUnicodeString(ProcessId, new IntPtr(Entry.BaseDllName.Buffer), Entry.BaseDllName.Length); Data.Name = BaseDllName; Data.Path = FullDllName; } else { OutputDebugString("Getting 64bit process PEB " + PebAddress.ToString("X")); var Peb = ReadMemory <PEB>(ProcessId, PebAddress); if (Peb.Ldr == IntPtr.Zero) { OutputDebugString("Process LDR is not initialised"); return(false); } OutputDebugString("Process LDR at: " + Peb.Ldr.ToString("X")); var Ldr = ReadMemory <PEB_LDR_DATA>(ProcessId, Peb.Ldr); IntPtr Head = Ldr.InLoadOrderModuleList.Flink; var Entry = ReadMemory <LDR_DATA_TABLE_ENTRY>(ProcessId, Head); if (Entry.SizeOfImage == 0 || Entry.DllBase == IntPtr.Zero) { return(false); } var FullDllName = ReadUnicodeString(ProcessId, Entry.FullDllName.Buffer, Entry.FullDllName.Length); var BaseDllName = ReadUnicodeString(ProcessId, Entry.BaseDllName.Buffer, Entry.BaseDllName.Length); Data.Name = BaseDllName; Data.Path = FullDllName; } } Marshal.FreeHGlobal(Buffer); return(Result); }