public static extern IntPtr OpenProcess( ProcessAccessFlags processAccess, bool bInheritHandle, int processId);
/// <summary> /// Opens an existing local process object. /// </summary> /// <param name="access"></param> /// <param name="inheritHandle"></param> /// <param name="processId"></param> /// <returns></returns> public static IntPtr OpenProcess(ProcessAccessFlags access, bool inheritHandle, uint processId) { IntPtr handle = UnmanagedOpenProcess(access, inheritHandle, processId); if (handle == null) { throw new Win32Exception(); } return handle; }
internal static IntPtr OpenProcess(ProcessAccessFlags dwDesiredAcess, bool bInheritHandle, int dwProcessId) { IntPtr p = NativeMethods.Internal.OpenProcess(dwDesiredAcess, bInheritHandle, dwProcessId); if (p == IntPtr.Zero) { int errorCoder = Marshal.GetLastWin32Error(); if (errorCoder != 0) throw new Win32Exception(errorCoder); } return p; }
// Reads native process info from a 64/32-bit process in the case where the target architecture // of this process is the same as that of the target process. private bool LoadProcessInfoNative(SafeProcessHandle handle, ProcessAccessFlags flags) { ProcessBasicInformation basicInfo = new ProcessBasicInformation(); int size; int status = NativeMethods.NtQueryInformationProcess( handle, ProcessInfoClass.BasicInformation, ref basicInfo, MarshalUtility.UnmanagedStructSize<ProcessBasicInformation>(), out size); _parentProcessId = basicInfo.ParentProcessId.ToInt32(); // If we can't load the ProcessBasicInfo, then we can't really do anything. if (status != NtStatus.Success || basicInfo.PebBaseAddress == IntPtr.Zero) return false; if (flags.HasFlag(ProcessAccessFlags.VmRead)) { // Follows a pointer from the PROCESS_BASIC_INFORMATION structure in the target process's // address space to read the PEB. Peb peb = MarshalUtility.ReadUnmanagedStructFromProcess<Peb>( handle, basicInfo.PebBaseAddress); _isBeingDebugged = peb.IsBeingDebugged; if (peb.ProcessParameters != IntPtr.Zero) { // Follows a pointer from the PEB structure in the target process's address space to read // the RTL_USER_PROCESS_PARAMS. RtlUserProcessParameters processParameters = new RtlUserProcessParameters(); processParameters = MarshalUtility.ReadUnmanagedStructFromProcess<RtlUserProcessParameters>( handle, peb.ProcessParameters); _commandLine = MarshalUtility.ReadStringUniFromProcess( handle, processParameters.CommandLine.Buffer, processParameters.CommandLine.Length / 2); } } return true; }
public SafeProcessHandle OpenHandle(ProcessAccessFlags flags) { return Win32.OpenProcessHandle(flags, false, Process.Id); }
public static AutoDispose<IntPtr> OpenProcessHandle(ProcessAccessFlags processAccess, bool bInheritHandle, uint processId) { var handle = OpenProcess(processAccess, bInheritHandle, processId); if (handle == IntPtr.Zero || handle == INVALID_HANDLE_VALUE) { return null; } return new AutoDispose<IntPtr>(handle, (target) => CloseHandle(target)); }
internal static extern SafeProcessHandle OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessID);
public static extern SafeProcessHandle OpenProcess(ProcessAccessFlags processAccess, bool bInheritHandle, int processId);
// Reads native process info from a 64-bit process in the case where this function is executing // in a 32-bit process. private bool LoadProcessInfoWow64(SafeProcessHandle handle, ProcessAccessFlags flags) { ulong pebSize = (ulong)MarshalUtility.UnmanagedStructSize <PebWow64>(); ulong processParamsSize = (ulong)MarshalUtility.UnmanagedStructSize <RtlUserProcessParametersWow64>(); // Read PROCESS_BASIC_INFORMATION up to and including the pointer to PEB structure. int processInfoSize = MarshalUtility.UnmanagedStructSize <ProcessBasicInformationWow64>(); ProcessBasicInformationWow64 pbi = new ProcessBasicInformationWow64(); int result = NativeMethods.NtWow64QueryInformationProcess64( handle, ProcessInfoClass.BasicInformation, ref pbi, processInfoSize, out processInfoSize); if (result != 0) { return(false); } _parentProcessId = (int)pbi.ParentProcessId; Debug.Assert((int)pbi.UniqueProcessId == _processId); if (flags.HasFlag(ProcessAccessFlags.VmRead)) { IntPtr pebBuffer = IntPtr.Zero; IntPtr processParametersBuffer = IntPtr.Zero; IntPtr commandLineBuffer = IntPtr.Zero; try { pebBuffer = Marshal.AllocHGlobal((int)pebSize); // Read PEB up to and including the pointer to RTL_USER_PROCESS_PARAMETERS // structure. result = NativeMethods.NtWow64ReadVirtualMemory64( handle, pbi.PebBaseAddress, pebBuffer, pebSize, out pebSize); if (result != 0) { return(false); } PebWow64 peb = (PebWow64)Marshal.PtrToStructure(pebBuffer, typeof(PebWow64)); _isBeingDebugged = peb.IsBeingDebugged; processParametersBuffer = Marshal.AllocHGlobal((int)processParamsSize); result = NativeMethods.NtWow64ReadVirtualMemory64( handle, peb.ProcessParameters, processParametersBuffer, processParamsSize, out processParamsSize); if (result != 0) { return(false); } RtlUserProcessParametersWow64 processParameters = (RtlUserProcessParametersWow64) Marshal.PtrToStructure( processParametersBuffer, typeof(RtlUserProcessParametersWow64)); ulong commandLineBufferSize = (ulong)processParameters.CommandLine.MaximumLength; commandLineBuffer = Marshal.AllocHGlobal((int)commandLineBufferSize); result = NativeMethods.NtWow64ReadVirtualMemory64( handle, processParameters.CommandLine.Buffer, commandLineBuffer, commandLineBufferSize, out commandLineBufferSize); if (result != 0) { return(false); } _commandLine = Marshal.PtrToStringUni(commandLineBuffer); } finally { if (pebBuffer != IntPtr.Zero) { Marshal.FreeHGlobal(pebBuffer); } if (commandLineBuffer != IntPtr.Zero) { Marshal.FreeHGlobal(commandLineBuffer); } if (processParametersBuffer != IntPtr.Zero) { Marshal.FreeHGlobal(processParametersBuffer); } } } return(true); }
public static SafeProcessHandle OpenProcess(int pid, ProcessAccessFlags access) { return(new SafeProcessHandle(NativeMethods.OpenProcess(access, false, pid))); }
internal static extern IntPtr OpenProcess(ProcessAccessFlags accessMask, bool bInheritHandle, int processId);
public static IntPtr OpenProcess(Process proc, ProcessAccessFlags flags) => OpenProcess(flags, false, proc.Id);
public static IntPtr OpenProcess(Process process, ProcessAccessFlags flags) { var handle = OpenProcess(flags, false, process.Id); return(handle == IntPtr.Zero ? throw new Exception(string.Format("Failed to open process ({0}).", GetLastError())) : handle); }
// Reads native process info from a 64-bit process in the case where this function is executing // in a 32-bit process. private bool LoadProcessInfoWow64(SafeProcessHandle handle, ProcessAccessFlags flags) { ulong pebSize = (ulong)MarshalUtility.UnmanagedStructSize<PebWow64>(); ulong processParamsSize = (ulong)MarshalUtility.UnmanagedStructSize<RtlUserProcessParametersWow64>(); // Read PROCESS_BASIC_INFORMATION up to and including the pointer to PEB structure. int processInfoSize = MarshalUtility.UnmanagedStructSize<ProcessBasicInformationWow64>(); ProcessBasicInformationWow64 pbi = new ProcessBasicInformationWow64(); int result = NativeMethods.NtWow64QueryInformationProcess64( handle, ProcessInfoClass.BasicInformation, ref pbi, processInfoSize, out processInfoSize); if (result != 0) return false; _parentProcessId = (int)pbi.ParentProcessId; Debug.Assert((int)pbi.UniqueProcessId == _processId); if (flags.HasFlag(ProcessAccessFlags.VmRead)) { IntPtr pebBuffer = IntPtr.Zero; IntPtr processParametersBuffer = IntPtr.Zero; IntPtr commandLineBuffer = IntPtr.Zero; try { pebBuffer = Marshal.AllocHGlobal((int)pebSize); // Read PEB up to and including the pointer to RTL_USER_PROCESS_PARAMETERS // structure. result = NativeMethods.NtWow64ReadVirtualMemory64( handle, pbi.PebBaseAddress, pebBuffer, pebSize, out pebSize); if (result != 0) return false; PebWow64 peb = (PebWow64)Marshal.PtrToStructure(pebBuffer, typeof(PebWow64)); _isBeingDebugged = peb.IsBeingDebugged; processParametersBuffer = Marshal.AllocHGlobal((int)processParamsSize); result = NativeMethods.NtWow64ReadVirtualMemory64( handle, peb.ProcessParameters, processParametersBuffer, processParamsSize, out processParamsSize); if (result != 0) return false; RtlUserProcessParametersWow64 processParameters = (RtlUserProcessParametersWow64) Marshal.PtrToStructure( processParametersBuffer, typeof(RtlUserProcessParametersWow64)); ulong commandLineBufferSize = (ulong)processParameters.CommandLine.MaximumLength; commandLineBuffer = Marshal.AllocHGlobal((int)commandLineBufferSize); result = NativeMethods.NtWow64ReadVirtualMemory64( handle, processParameters.CommandLine.Buffer, commandLineBuffer, commandLineBufferSize, out commandLineBufferSize); if (result != 0) return false; _commandLine = Marshal.PtrToStringUni(commandLineBuffer); } finally { if (pebBuffer != IntPtr.Zero) Marshal.FreeHGlobal(pebBuffer); if (commandLineBuffer != IntPtr.Zero) Marshal.FreeHGlobal(commandLineBuffer); if (processParametersBuffer != IntPtr.Zero) Marshal.FreeHGlobal(processParametersBuffer); } } return true; }
private static extern IntPtr OpenProcess(ProcessAccessFlags processAccess, bool bInheritHandle, uint processId);
public static extern SafeMemoryHandle OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public static extern System.IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, System.UInt32 dwProcessId);
public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessId);
public static extern SafeProcessHandle OpenProcess( [MarshalAs(UnmanagedType.U4)] ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public static extern SafeProcessHandle OpenProcess( ProcessAccessFlags processAccess, bool bInheritHandle, int processId );
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, UInt32 dwProcessID);
/// <summary> /// Opens a handle to a process /// </summary> /// <param name="id">ID of the process</param> /// <param name="flags">ProcessAccessFlags to use</param> /// <returns>A handle to the process</returns> public SafeMemoryHandle OpenHandle(ProcessAccessFlags flags) { return NativeMethods.OpenProcess(flags, false, _process.Id); }
public static ProcessHandle OpenProcess(Process proc, ProcessAccessFlags flags) { return(OpenProcess(flags, false, proc.Id)); }
private static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, ProcessAccessFlags flNewProtect, out uint lpflOldProtect);
public static IntPtr OpenProcessHandle(Process process, ProcessAccessFlags flags) { return(OpenProcess(flags, false, process.Id)); }
private static IntPtr OpenProcess(Process proc, ProcessAccessFlags flags) => OpenProcess(flags, false, proc.Id);
private static extern IntPtr OpenProcess(ProcessAccessFlags desiredAccess, [MarshalAs(UnmanagedType.Bool)] bool inheritHandle, int processId);
internal static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public static SafeProcessHandle OpenProcessHandle(ProcessAccessFlags desiredAccess, bool inheritHandle, int processId) { var handle = OpenProcess(desiredAccess, inheritHandle, processId); var error = GetLastError(); if (handle == IntPtr.Zero) throw new Exception(String.Format( "Failed to open process: Error {0:x8}", error )); return new SafeProcessHandle(handle); }
internal static void OpenProcess(int pId, ProcessAccessFlags ProcessAccess = ProcessAccessFlags.All) { ProcessHandle = NativeMethods.OpenProcess(ProcessAccess, false, pId); HandleIT(); }
private SafeProcessHandle OpenProcessHandle(out ProcessAccessFlags flags) { // Try to open a handle to the process with the highest level of privilege, but if we can't // do that then fallback to requesting access with a lower privilege level. flags = ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VmRead; SafeProcessHandle handle; handle = NativeMethods.OpenProcess(flags, false, _processId); if (!handle.IsInvalid) return handle; flags = ProcessAccessFlags.QueryLimitedInformation; handle = NativeMethods.OpenProcess(flags, false, _processId); if (handle.IsInvalid) flags = ProcessAccessFlags.None; return handle; }
public static extern IntPtr OpenProcess(ProcessAccessFlags processAccess, bool bInheritHandle, int processId);
private static extern IntPtr UnmanagedOpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
public static IntPtr OpenProcess(Process process, ProcessAccessFlags flags) { return OpenProcess(flags, false, process.Id); }
public static extern bool SetPrivilege(HANDLE token, ProcessAccessFlags Privilege, bool EnablePrivilege);
/// <summary> /// Opens an existing local process object. /// </summary> /// <param name="accessFlags">The access level to the process object.</param> /// <param name="processId">The identifier of the local process to be opened.</param> /// <returns>An open handle to the specified process.</returns> public static SafeMemoryHandle OpenProcess(ProcessAccessFlags accessFlags, int processId) { // Get an handle from the remote process var handle = NativeMethods.OpenProcess(accessFlags, false, processId); // Check whether the handle is valid if (!handle.IsInvalid && !handle.IsClosed) return handle; // Else the handle isn't valid, throws an exception throw new Win32Exception(string.Format("Couldn't open the process {0}.", processId)); }
internal static extern IntPtr OpenProcess(ProcessAccessFlags desiredAccess, bool inheritHandle, int processId);
static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public SafeProcessHandle OpenHandle(ProcessAccessFlags flags) { return(Win32.OpenProcessHandle(flags, false, Process.Id)); }