private static ProcessInfoViewModel BuildProcessInfo(Process process)
{
var result = new ProcessInfoViewModel(process.Id);
PopulateInfo(result, process);
return(result);
}
public static void PopulateInfo(ProcessInfoViewModel processInfo, Process process)
{
processInfo.ProcessId = process.Id;
processInfo.Name = process.ProcessName;
processInfo.SessionId = process.SessionId;
processInfo.IsX64 = CheckProcessBit(process, out string error);
processInfo.Error = error;
processInfo.Modules = GetProcessModuleInfos(process, processInfo);
processInfo.IsNetProcess = CheckDotNetProcess(processInfo);
}
private static IList <ProcessModuleInfo> GetProcessModuleInfos(ProcessInfoViewModel result)
{
if (result.Handle == null)
{
return(new List <ProcessModuleInfo>());
}
var modules = ProcessNativeMethods.GetProcessModules(result.Handle.Value);
return(modules.Select(m => new ProcessModuleInfo {
Name = m
}).ToList());
}
private static ProcessInfoViewModel BuildProcessInfo(ManagementObject mgmtObj)
{
var result = new ProcessInfoViewModel();
foreach (var property in mgmtObj.Properties)
{
switch (property.Name)
{
case nameof(ProcessInfoViewModel.CommandLine):
result.CommandLine = property.Value?.ToString();
break;
case nameof(ProcessInfoViewModel.ProcessId):
result.ProcessId = property.Value.ToNullableInt().GetValueOrDefault();
break;
case nameof(ProcessInfoViewModel.SessionId):
result.SessionId = property.Value.ToNullableInt();
break;
case nameof(ProcessInfoViewModel.Name):
result.Name = property.Value?.ToString();
break;
case nameof(ProcessInfoViewModel.Description):
result.Description = property.Value?.ToString();
break;
case nameof(ProcessInfoViewModel.ExecutablePath):
result.ExecutablePath = property.Value?.ToString();
break;
}
}
if (result.ProcessId != null)
{
result.IsX64 = CheckProcessBit(result.ProcessId.Value, out string error);
result.Error = error;
}
return(result);
}
public static void SetIsDotNetFlag(ProcessInfoViewModel processInfo)
{
if (processInfo == null || processInfo.IsNetProcess != null)
{
return;
}
try
{
processInfo.Handle = Process.GetProcessById(processInfo.ProcessId.Value).Handle;
}
catch
{
processInfo.IsNetProcess = false;
return;
}
if (processInfo.Handle != null)
{
processInfo.Modules = GetProcessModuleInfos(processInfo);
processInfo.IsNetProcess = CheckDotNetProcess(processInfo);
}
}
public ProcessInfoUC(ProcessModel processModel)
{
InitializeComponent();
DataContext = new ProcessInfoViewModel(processModel);
}
private static bool CheckDotNetProcess(ProcessInfoViewModel process)
{
return(process.Modules.Any(m => m.Name.Contains("clr.dll")));
}
private static IList <ProcessModuleInfo> GetProcessModuleInfos(Process process, ProcessInfoViewModel processInfoViewModel)
{
var isX64 = processInfoViewModel.IsX64;
if (isX64 == null)
{
return(new List <ProcessModuleInfo>());
}
try
{
if ((Environment.Is64BitProcess && isX64 == true) || (!Environment.Is64BitProcess && isX64 == false))
{
return(process.Modules.OfType <ProcessModule>()
.Select(m => new ProcessModuleInfo {
Name = m.ModuleName
})
.ToList());
}
else
{
var modules = new List <ProcessModuleInfo>();
var proc = InjectorHelper.GetLaunchProcess(InjectAction.ProcessInfo, isX64.Value, process.Id);
proc.Start();
while (!proc.StandardOutput.EndOfStream)
{
string line = proc.StandardOutput.ReadLine();
modules.Add(new ProcessModuleInfo {
Name = line
});
}
return(modules);
}
}
catch (Exception ex)
{
processInfoViewModel.Error = ex.Message;
return(new List <ProcessModuleInfo>());
}
}
