Пример #1
0
        private static void SetupRegistryForFrontMan(String appImageExe, RegistryOperation oper)
        {
            if (!IsUserAdmin())
            {
                Console.WriteLine("You must be admin to do that. Run the app from the administrative console.");
                return;
            }
            // extrace image.exe if path is provided
            appImageExe = Path.GetFileName(appImageExe);
            var regkey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options", true);

            // add to image file execution path
            if (oper == RegistryOperation.INSTALL)
            {
                regkey = regkey.CreateSubKey(appImageExe);
                regkey.SetValue("Debugger", Assembly.GetExecutingAssembly().Location);
            }
            else if (oper == RegistryOperation.UNINSTALL)
            {
                regkey.DeleteSubKey(appImageExe, false);
            }
        }
Пример #2
0
        private string GetSccmToolsExe()
        {
            const string appKeyPath = @"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SccmTools.exe";
            string       valueName  = null;
            var          rootKey    = Registry.LocalMachine;

            var sccmToolsExe = RegistryOperation.GetValue(rootKey, appKeyPath, valueName) as string;

            if (!string.IsNullOrWhiteSpace(sccmToolsExe) && File.Exists(sccmToolsExe))
            {
                return(sccmToolsExe);
            }

            const string appKeyPath32 = @"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\SccmTools.exe";

            sccmToolsExe = RegistryOperation.GetValue(rootKey, appKeyPath32, valueName) as string;
            if (!string.IsNullOrWhiteSpace(sccmToolsExe) && File.Exists(sccmToolsExe))
            {
                return(sccmToolsExe);
            }

            Log.LogWarning($"Did not find SccmTools.exe by look up in Apps Paths (neither '{appKeyPath}' or '{appKeyPath32}'). SccmTools.exe do not seem to be installed. Please download and install SccmTools from https://github.com/trondr/SccmTools/releases or manually specify path to SccmTools.exe");
            return(null);
        }
Пример #3
0
        public static void SetupRegistryForProcessGovernor(ProcessGovernor procgov, string appImageExe, RegistryOperation oper)
        {
            if (!IsUserAdmin())
            {
                Console.Error.WriteLine("You must be admin to do that. Run the app from the administrative console.");
                return;
            }
            // extrace image.exe if path is provided
            appImageExe = Path.GetFileName(appImageExe);
            var regkey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options", true);

            // add to image file execution path
            if (oper == RegistryOperation.INSTALL)
            {
                regkey = regkey.CreateSubKey(appImageExe);
                regkey.SetValue("Debugger", PrepareDebuggerCommandString(procgov, appImageExe));
            }
            else if (oper == RegistryOperation.UNINSTALL)
            {
                regkey.DeleteSubKey(appImageExe, false);

                var appEnvironmentFilePath = GetAppEnvironmentFilePath(appImageExe);
                if (File.Exists(appEnvironmentFilePath))
                {
                    File.Delete(appEnvironmentFilePath);
                }
            }
        }
Пример #4
0
        public static int Main(string[] args)
        {
            ShowHeader();

            using (var procgov = new ProcessGovernor()) {
                List <string>     procargs = null;
                bool              showhelp = false, nogui = false, debug = false;
                int               pid               = 0;
                RegistryOperation registryOperation = RegistryOperation.NONE;

                var p = new OptionSet()
                {
                    { "m|maxmem=", "Max committed memory usage in bytes (accepted suffixes: K, M or G).",
                      v => { procgov.MaxProcessMemory = ParseMemoryString(v); } },
                    { "env=", "A text file with environment variables (each line in form: VAR=VAL). Applies only to newly created processes.",
                      v => LoadCustomEnvironmentVariables(procgov, v) },
                    { "c|cpu=", "If in hex (starts with 0x) it is treated as an affinity mask, otherwise it is a number of CPU cores assigned to your app.",
                      v => {
                          if (v.StartsWith("0x", StringComparison.OrdinalIgnoreCase))
                          {
                              procgov.CpuAffinityMask = long.Parse(v.Substring(2), NumberStyles.HexNumber);
                          }
                          else
                          {
                              procgov.CpuAffinityMask = CalculateAffinityMaskFromCpuCount(int.Parse(v));
                          }
                      } },
                    { "r|recursive", "Apply limits to child processes too (will wait for all processes to finish).", v => { procgov.PropagateOnChildProcesses = v != null; } },
                    { "newconsole", "Start the process in a new console window.", v => { procgov.SpawnNewConsoleWindow = v != null; } },
                    { "nogui", "Hide Process Governor console window (set always when installed as debugger).",
                      v => { nogui = v != null; } },
                    { "p|pid=", "Attach to an already running process", (int v) => pid = v },
                    { "install", "Install procgov as a debugger for a specific process using Image File Executions. " +
                      "DO NOT USE this option if the process you want to control starts child instances of itself (for example, Chrome).",
                      v => { registryOperation = RegistryOperation.INSTALL; } },
                    { "t|timeout=", "Kill the process (with -r, also all its children) if it does not finish within the specified time. " +
                      "Add suffix to define the time unit. Valid suffixes are: ms, s, m, h.",
                      (string v) => procgov.ClockTimeLimitInMilliseconds = ParseTimeStringToMilliseconds(v) },
                    { "process-utime=", "Kill the process (with -r, also applies to its children) if it exceeds the given " +
                      "user-mode execution time. Add suffix to define the time unit. Valid suffixes are: ms, s, m, h.",
                      (string v) => procgov.ProcessUserTimeLimitInMilliseconds = ParseTimeStringToMilliseconds(v) },
                    { "job-utime=", "Kill the process (with -r, also all its children) if the total user-mode execution " +
                      "time exceed the specified value. Add suffix to define the time unit. Valid suffixes are: ms, s, m, h.",
                      (string v) => procgov.JobUserTimeLimitInMilliseconds = ParseTimeStringToMilliseconds(v) },
                    { "uninstall", "Uninstall procgov for a specific process.", v => { registryOperation = RegistryOperation.UNINSTALL; } },
                    { "debugger", "Internal - do not use.",
                      v => debug = v != null },
                    { "v|verbose", "Show verbose messages in the console.", v => procgov.ShowTraceMessages = v != null },
                    { "h|help", "Show this message and exit", v => showhelp = v != null },
                    { "?", "Show this message and exit", v => showhelp = v != null }
                };

                try {
                    procargs = p.Parse(args);
                } catch (OptionException ex) {
                    Console.Error.Write("ERROR: invalid argument");
                    Console.Error.WriteLine(ex.Message);
                    Console.WriteLine();
                    showhelp = true;
                } catch (FormatException) {
                    Console.Error.WriteLine("ERROR: invalid number in one of the constraints");
                    Console.WriteLine();
                    showhelp = true;
                } catch (ArgumentException ex) {
                    Console.Error.WriteLine("ERROR: {0}", ex.Message);
                    Console.WriteLine();
                    showhelp = true;
                }

                if (!showhelp && registryOperation != RegistryOperation.NONE)
                {
                    if (procargs.Count == 0)
                    {
                        Console.Error.WriteLine("ERROR: please provide an image name for a process you would like to intercept.");
                        return(1);
                    }
                    SetupRegistryForProcessGovernor(procgov, procargs[0], registryOperation);
                    return(0);
                }

                if (!showhelp && (procargs.Count == 0 && pid == 0) || (pid > 0 && procargs.Count > 0))
                {
                    Console.Error.WriteLine("ERROR: please provide either process name or PID of the already running process");
                    Console.WriteLine();
                    showhelp = true;
                }

                if (showhelp)
                {
                    ShowHelp(p);
                    return(0);
                }

                if (nogui)
                {
                    WinWindows.NativeMethods.ShowWindow(WinWindows.NativeMethods.GetConsoleWindow(),
                                                        WinWindows.NativeMethods.SW_HIDE);
                }

                try {
                    ShowLimits(procgov);

                    if (debug)
                    {
                        return(procgov.StartProcessUnderDebuggerAndDetach(procargs));
                    }
                    if (pid > 0)
                    {
                        return(procgov.AttachToProcess(pid));
                    }
                    return(procgov.StartProcess(procargs));
                } catch (Win32Exception ex) {
                    Console.Error.WriteLine("ERROR: {0} (0x{1:X})", ex.Message, ex.ErrorCode);
                    return(1);
                } catch (Exception ex) {
                    Console.Error.WriteLine("ERROR: {0}", ex.Message);
                    return(1);
                }
            }
        }
Пример #5
0
        public static void Main(string[] args)
        {
            using (var procgov = new ProcessGovernor()) {
                List <string>     procargs = null;
                bool              showhelp = false, nogui = false, debug = false;
                int               pid               = 0;
                RegistryOperation registryOperation = RegistryOperation.NONE;

                var p = new OptionSet()
                {
                    { "m|maxmem=", "Max committed memory usage in bytes (accepted suffixes: K, M or G).",
                      v => { procgov.MaxProcessMemory = ParseMemoryString(v); } },
                    { "env=", "A text file with environment variables (each line in form: VAR=VAL). Applies only to newly created processes.",
                      v => LoadCustomEnvironmentVariables(procgov, v) },
                    { "c|cpu=", "If in hex (starts with 0x) it is treated as an affinity mask, otherwise it is a number of CPU cores assigned to your app.",
                      v => {
                          if (v.StartsWith("0x", StringComparison.OrdinalIgnoreCase))
                          {
                              procgov.CpuAffinityMask = long.Parse(v.Substring(2), NumberStyles.HexNumber);
                          }
                          else
                          {
                              procgov.CpuAffinityMask = CalculateAffinityMaskFromCpuCount(int.Parse(v));
                          }
                      } },
                    { "newconsole", "Start the process in a new console window.", v => { procgov.SpawnNewConsoleWindow = v != null; } },
                    { "nogui", "Hide Process Governor console window (set always when installed as debugger).",
                      v => { nogui = v != null; } },
                    { "p|pid=", "Attach to an already running process", (int v) => pid = v },
                    { "install", "Installs procgov as a debugger for a specific process using Image File Executions.",
                      v => { registryOperation = RegistryOperation.INSTALL; } },
                    { "uninstall", "Uninstalls procgov for a specific process.",
                      v => { registryOperation = RegistryOperation.UNINSTALL; } },
                    { "debugger", "Internal - do not use.",
                      v => { debug = v != null; } },
                    { "h|help", "Show this message and exit", v => showhelp = v != null },
                    { "?", "Show this message and exit", v => showhelp = v != null }
                };

                try {
                    procargs = p.Parse(args);
                } catch (OptionException ex) {
                    Console.Write("ERROR: invalid argument");
                    Console.WriteLine(ex.Message);
                    Console.WriteLine();
                    showhelp = true;
                } catch (FormatException) {
                    Console.WriteLine("ERROR: invalid number in one of the constraints");
                    Console.WriteLine();
                    showhelp = true;
                } catch (ArgumentException ex) {
                    Console.WriteLine("ERROR: {0}", ex.Message);
                    Console.WriteLine();
                    showhelp = true;
                }

                if (!showhelp && registryOperation != RegistryOperation.NONE)
                {
                    if (procargs.Count == 0)
                    {
                        Console.WriteLine("ERROR: please provide an image name for a process you would like to intercept.");
                        return;
                    }
                    SetupRegistryForProcessGovernor(procgov, procargs[0], registryOperation);
                    return;
                }

                if (!showhelp && (procargs.Count == 0 && pid == 0) || (pid > 0 && procargs.Count > 0))
                {
                    Console.WriteLine("ERROR: please provide either process name or PID of the already running process");
                    Console.WriteLine();
                    showhelp = true;
                }

                if (showhelp)
                {
                    ShowHelp(p);
                    return;
                }

                if (nogui)
                {
                    WinWindows.NativeMethods.ShowWindow(WinWindows.NativeMethods.GetConsoleWindow(),
                                                        WinWindows.NativeMethods.SW_HIDE);
                }

                try {
                    if (debug)
                    {
                        procgov.StartProcessUnderDebuggerAndDetach(procargs);
                    }
                    else if (pid > 0)
                    {
                        procgov.AttachToProcess(pid);
                    }
                    else
                    {
                        procgov.StartProcess(procargs);
                    }
                } catch (Win32Exception ex) {
                    Console.WriteLine("ERROR: {0} (0x{1:X})", ex.Message, ex.ErrorCode);
                } catch (Exception ex) {
                    Console.WriteLine("ERROR: {0}", ex.Message);
                }
            }
        }
Пример #6
0
        public static RegistryKey RegistryGetKey(String key, RegistryView registryView, RegistryOperation operation)
        {
            if (String.IsNullOrEmpty(key))
                throw new ArgumentNullException("key");

            RegistryKey baseRegistryKey = RegistryGetBaseKey(key);

            if (baseRegistryKey == null)
                return null;

            if (key.IndexOf('\\') == -1 || (key.IndexOf('\\') != -1 && key.IndexOf('\\') + 1 >= key.Length))
                return baseRegistryKey;

            if (SgiUtils.GetRegistryKeyDangerousHandle(baseRegistryKey) == IntPtr.Zero)
                return null;

            String subkeyName = key.Substring(key.IndexOf('\\') + 1);
            RegistryKeySecurityAndAccessRightsKey registryViewKey;

            if (registryView == RegistryView.Registry64)
                registryViewKey = RegistryKeySecurityAndAccessRightsKey.Wow6464Key;
            else if (registryView == RegistryView.Registry32)
                registryViewKey = RegistryKeySecurityAndAccessRightsKey.Wow6432Key;
            else
                registryViewKey = RegistryKeySecurityAndAccessRightsKey.None;

            Int32 subKeyHandle;
            RegistryResultDisposition disposition = RegistryResultDisposition.None;
            Int32 result;

            switch (operation)
            {
                case RegistryOperation.CreateKey:
                    result = UnsafeNativeMethods.RegCreateKeyEx(GetRegistryKeyDangerousHandle(baseRegistryKey), subkeyName, 0, IntPtr.Zero, 0,
                        (Int32)(RegistryKeySecurityAndAccessRightsKey.AllAccess | registryViewKey), IntPtr.Zero, out subKeyHandle, out disposition);
                    break;
                case RegistryOperation.OpenKey:
                    result = UnsafeNativeMethods.RegOpenKeyEx(GetRegistryKeyDangerousHandle(baseRegistryKey), subkeyName, 0,
                        (Int32)(RegistryKeySecurityAndAccessRightsKey.AllAccess | registryViewKey), out subKeyHandle);
                    break;
                default:
                    return null;
            }

            if (result != 0) // Oh noooes! Unknown error :(
                return null;

            RegistryKey registryKey = SubkeyHandleToRegistryKey((IntPtr)subKeyHandle, true, false);

            if (disposition == RegistryResultDisposition.CreatedNewKey)
                registryKey.Flush();

            // Fix name of registryKey cuz it is empty and return
            return RegistryKeyFixName(registryKey, baseRegistryKey, subkeyName);
        }