public void GetAppName() { string fileName = ""; string name = ""; uint pid = 0; User32.GetWindowThreadProcessId(Window, out pid); uint capacity = 1024; Kernel32.SafeHPROCESS process = Kernel32.OpenProcess(ACCESS_MASK.GENERIC_READ, false, pid); StringBuilder stringBuilder = new StringBuilder((int)capacity); bool success = Kernel32.QueryFullProcessImageName(process, Kernel32.PROCESS_NAME.PROCESS_NAME_WIN32, stringBuilder, ref capacity); if (!success) { fileName = string.Empty; } fileName = stringBuilder.ToString(); switch (fileName) { case "C:\\Windows\\System32\\ApplicationFrameHost.exe": case "": name = GetWindowTitle(); break; default: FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo(fileName); name = myFileVersionInfo.FileDescription; break; } AppName = name; }
public bool OpenProcess() { Process[] processes = Process.GetProcessesByName(_processName); if (processes.Length != 1) { return(false); } // Required rights : 0x0010 | 0x0400 | 0x0020 | 0x0008 _process = Kernel32.OpenProcess(ACCESS_MASK.GENERIC_ALL, true, (uint)processes[0].Id); if (processes[0].MainModule == null) { throw new Exception("Process main module is null."); } _processLocation = processes[0].MainModule.FileName; return(true); }
// Inject the dll with by creating a remote thread on LoadLibraryW public void Inject(Process p) { Kernel32.SafeHPROCESS proc = Kernel32.OpenProcess(new ACCESS_MASK(Kernel32.ProcessAccess.PROCESS_ALL_ACCESS), false, (uint)p.Id); if (!proc.IsNull && !proc.IsInvalid) { IntPtr loadLib = Kernel32.GetProcAddress(Kernel32.LoadLibrary("kernel32.dll"), "LoadLibraryW"); if (loadLib == IntPtr.Zero) { Console.WriteLine("LoadLibaryW not found"); return; } byte[] DllPathBytes = DllPath.GetBytes(true, CharSet.Unicode); // Unicode for wide chars IntPtr alloc = Kernel32.VirtualAllocEx(proc, IntPtr.Zero, DllPathBytes.Length, Kernel32.MEM_ALLOCATION_TYPE.MEM_COMMIT, Kernel32.MEM_PROTECTION.PAGE_EXECUTE_READWRITE); if (alloc == IntPtr.Zero) { Console.WriteLine("Couldn't allocate"); return; } if (!Kernel32.WriteProcessMemory(proc, alloc, DllPathBytes, DllPathBytes.Length, out _)) { Console.WriteLine("Couldn't write " + Kernel32.GetLastError()); return; } Kernel32.SafeHTHREAD thread = Kernel32.CreateRemoteThread(proc, null, 0, loadLib, alloc, 0, out _); if (!thread.IsNull && !thread.IsInvalid) { Console.WriteLine("Injected!"); Kernel32.WaitForSingleObject(thread, Kernel32.INFINITE); // Wait until the dll is injected, so the path can be freed later thread.Close(); } Kernel32.VirtualFreeEx(proc, alloc, 0, Kernel32.MEM_ALLOCATION_TYPE.MEM_RELEASE); // Free path from the target's memory (alloc's existence is ensured above) } proc.Close(); }
public static WindowInformation GetUWPWindowInformation(string PackageFamilyName, uint?WithPID = null) { WindowInformation Info = null; User32.EnumWindowsProc Callback = new User32.EnumWindowsProc((HWND hWnd, IntPtr lParam) => { StringBuilder SbClassName = new StringBuilder(260); if (User32.GetClassName(hWnd, SbClassName, SbClassName.Capacity) > 0) { string ClassName = SbClassName.ToString(); // Minimized : "Windows.UI.Core.CoreWindow" top window // Normal : "Windows.UI.Core.CoreWindow" child of "ApplicationFrameWindow" if (ClassName == "ApplicationFrameWindow") { if (Shell32.SHGetPropertyStoreForWindow(hWnd, new Guid("{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}"), out object PropertyStore).Succeeded) { Ole32.PROPVARIANT Prop = new Ole32.PROPVARIANT(); ((PropSys.IPropertyStore)PropertyStore).GetValue(Ole32.PROPERTYKEY.System.AppUserModel.ID, Prop); string AUMID = Prop.pwszVal; if (!string.IsNullOrEmpty(AUMID) && AUMID.Contains(PackageFamilyName)) { WindowState State = WindowState.Normal; if (User32.GetWindowRect(hWnd, out RECT CurrentRect)) { IntPtr RectWorkAreaPtr = Marshal.AllocHGlobal(Marshal.SizeOf <RECT>()); try { if (User32.SystemParametersInfo(User32.SPI.SPI_GETWORKAREA, 0, RectWorkAreaPtr, User32.SPIF.None)) { RECT WorkAreaRect = Marshal.PtrToStructure <RECT>(RectWorkAreaPtr); //If Window rect is out of SPI_GETWORKAREA, it means it's maximized; if (CurrentRect.left < WorkAreaRect.left && CurrentRect.top < WorkAreaRect.top && CurrentRect.right > WorkAreaRect.right && CurrentRect.bottom > WorkAreaRect.bottom) { State = WindowState.Maximized; } } } finally { Marshal.FreeHGlobal(RectWorkAreaPtr); } } HWND hWndFind = User32.FindWindowEx(hWnd, IntPtr.Zero, "Windows.UI.Core.CoreWindow", null); if (!hWndFind.IsNull) { if (User32.GetWindowThreadProcessId(hWndFind, out uint PID) > 0) { if (WithPID != null && WithPID.Value != PID) { return(true); } using (Kernel32.SafeHPROCESS ProcessHandle = Kernel32.OpenProcess(new ACCESS_MASK(0x1000), false, PID)) { if (!ProcessHandle.IsInvalid && !ProcessHandle.IsNull) { uint Size = 260; StringBuilder PackageFamilyNameBuilder = new StringBuilder((int)Size); if (Kernel32.GetPackageFamilyName(ProcessHandle, ref Size, PackageFamilyNameBuilder).Succeeded) { if (PackageFamilyNameBuilder.ToString() == PackageFamilyName && User32.IsWindowVisible(hWnd)) { Size = 260; StringBuilder ProcessImageName = new StringBuilder((int)Size); if (Kernel32.QueryFullProcessImageName(ProcessHandle, 0, ProcessImageName, ref Size)) { Info = new WindowInformation(ProcessImageName.ToString(), PID, State, hWnd); } else { Info = new WindowInformation(string.Empty, PID, State, hWnd); } return(false); } } } } } } } } } } return(true); }); User32.EnumWindows(Callback, IntPtr.Zero); return(Info); }