public void OpenProcess(Process process, ProcessAccessRights access = DEFAULT_PROCESS_ACCESS)
{
if (process == null)
{
throw new Exception("Process pointer is null-reference");
}
if (Process != null)
{
CloseProcess();
}
_processPtr = OpenProcess((uint)access, false, (uint)process.Id);
Process = process;
}
public ProcessMemoryEditor(Process process, ProcessAccessRights access = DEFAULT_PROCESS_ACCESS)
: this()
{
OpenProcess(process, access);
}
public IProcess OpenProcess(int processId, ProcessAccessRights desiredAccess = ProcessAccessRights.AllAccess, bool inheritHandle = false)
{
var handle = ProcessHandle.OpenProcess(processId, desiredAccess, inheritHandle);
return new Process(handle);
}
public static extern NtStatus NtCreateProcessEx(out SafeKernelObjectHandle ProcessHandle, ProcessAccessRights DesiredAccess,
ObjectAttributes ObjectAttributes, SafeHandle InheritFromProcessHandle, ProcessCreateFlags Flags, SafeHandle SectionHandle,
SafeHandle DebugPort, SafeHandle ExceptionPort, int Unused);
public static extern NtStatus NtCreateProcess(out SafeKernelObjectHandle ProcessHandle, ProcessAccessRights DesiredAccess,
ObjectAttributes ObjectAttributes, IntPtr InheritFromProcessHandle, [MarshalAs(UnmanagedType.U1)] bool InheritHandles,
IntPtr SectionHandle, IntPtr DebugPort, IntPtr ExceptionPort);
/// <summary>
/// Constructor.
/// </summary>
public GetNtProcessCmdlet()
{
Access = ProcessAccessRights.MaximumAllowed;
ProcessId = -1;
}
public static ProcessHandle OpenProcess(int processId, ProcessAccessRights desiredAccess = ProcessAccessRights.AllAccess, bool inheritHandle = false)
{
ProcessHandle handle = NativeMethods.OpenProcess(desiredAccess, inheritHandle, processId);
if (handle.IsInvalid)
{
ErrorHelper.ThrowCustomWin32Exception();
}
return handle;
}
public void AddAuditRule(IdentityReference identityReference, ProcessAccessRights accessMask, AuditFlags flags)
{
AddAuditRule(new ProcessAuditRule(identityReference, accessMask, flags));
}
internal static extern SafeProcessHandle OpenProcess(
[In] ProcessAccessRights dwDesiredAccess,
[In, MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
[In] int dwProcessId);
public static extern NtStatus NtOpenProcess(
out SafeKernelObjectHandle ProcessHandle,
ProcessAccessRights DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
[In] ClientId ClientId
);
private async void ExecuteRefreshCommand(object parameter)
{
Log("[MainWindowViewModel] - ExecuteRefresh Entered\r\n");
IsRefreshing = true;
Status = "Refreshing processes";
ObservableCollection <MonoProcess> processes = new ObservableCollection <MonoProcess>();
Log("[MainWindowViewModel] - Setting Process Access Rights:\r\n\tPROCESS_QUERY_INFORMATION\r\n\tPROCESS_VM_READ\r\n");
Log("[MainWindowViewModel] - Checking Processes for Mono\r\n");
await Task.Run(() =>
{
int cp = Process.GetCurrentProcess().Id;
foreach (Process p in Process.GetProcesses())
{
try
{
var t = GetProcessUser(p);
if (t != null)
{
if (p.Id == cp)
{
continue;
}
const ProcessAccessRights flags = ProcessAccessRights.PROCESS_QUERY_INFORMATION |
ProcessAccessRights.PROCESS_VM_READ;
IntPtr handle;
Log($"\tOpening {p.ProcessName}.exe - ");
if ((handle = Native.OpenProcess(flags, false, p.Id)) != IntPtr.Zero)
{
Log($"OK\r\n");
if (ProcessUtils.GetMonoModule(handle, out IntPtr mono))
{
Log($"\t\tMono found in process: {p.ProcessName}.exe\r\n");
processes.Add(new MonoProcess
{
MonoModule = mono,
Id = p.Id,
Name = p.ProcessName
});
break; //Add J.E
}
Native.CloseHandle(handle);
}
}
}
catch (InjectorException ie)
{
Log($"\tERROR looking at {p.ProcessName}.exe: {ie.Message}\r\n");
}
}
});
Processes = processes;
if (Processes.Count > 0)
{
Status = "Processes refreshed";
SelectedProcess = Processes[0];
}
else
{
Status = "No Mono processess found!";
File.AppendAllText(AppDomain.CurrentDomain.BaseDirectory + "\\DebugLog.txt", "No Mono processess found:\r\n");
}
IsRefreshing = false;
}
public static extern IntPtr OpenProcess(ProcessAccessRights processAccess, bool bInheritHandle, int processId);
/// <summary>
/// Constructor.
/// </summary>
public GetNtProcessCmdlet()
{
Access = ProcessAccessRights.MaximumAllowed;
ProcessId = -1;
}
public static extern SafeProcessHandle OpenProcess(
ProcessAccessRights dwDesiredAccess,
bool bInheritHandle,
uint dwProcessId);
private static extern IntPtr OpenProcess(ProcessAccessRights access, bool inherit, uint processId);
public static IntPtr OpenProcess(ProcessAccessRights dwDesiredAccess, bool bInheritHandle, int dwProcessId) => OpenProcess((uint)dwDesiredAccess, bInheritHandle, dwProcessId);
public void AddAccessRule(IdentityReference identityReference, ProcessAccessRights accessMask, AccessControlType type)
{
AddAccessRule(new ProcessAccessRule(identityReference, accessMask, type));
}
private static extern IntPtr OpenProcess(ProcessAccessRights dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
public ProcessAuditRule(IdentityReference identity, ProcessAccessRights accessRights, AuditFlags type)
: base(identity, (int)accessRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
private NtProcess OpenSpecificProcess(ProcessAccessRights desired_access)
{
return(Current ? GetCurrentProcess(desired_access) : NtProcess.Open(ProcessId, desired_access));
}
public static extern ProcessHandle OpenProcess(ProcessAccessRights desiredAccess, bool inheritHandle, int processId);
public static extern ProcessHandle OpenProcess(ProcessAccessRights desiredAccess, bool inheritHandle, int processId);
