private static void SetupRegistryForFrontMan(String appImageExe, RegistryOperation oper)
{
if (!IsUserAdmin())
{
Console.WriteLine("You must be admin to do that. Run the app from the administrative console.");
return;
}
// extrace image.exe if path is provided
appImageExe = Path.GetFileName(appImageExe);
var regkey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options", true);
// add to image file execution path
if (oper == RegistryOperation.INSTALL)
{
regkey = regkey.CreateSubKey(appImageExe);
regkey.SetValue("Debugger", Assembly.GetExecutingAssembly().Location);
}
else if (oper == RegistryOperation.UNINSTALL)
{
regkey.DeleteSubKey(appImageExe, false);
}
}
private string GetSccmToolsExe()
{
const string appKeyPath = @"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SccmTools.exe";
string valueName = null;
var rootKey = Registry.LocalMachine;
var sccmToolsExe = RegistryOperation.GetValue(rootKey, appKeyPath, valueName) as string;
if (!string.IsNullOrWhiteSpace(sccmToolsExe) && File.Exists(sccmToolsExe))
{
return(sccmToolsExe);
}
const string appKeyPath32 = @"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\SccmTools.exe";
sccmToolsExe = RegistryOperation.GetValue(rootKey, appKeyPath32, valueName) as string;
if (!string.IsNullOrWhiteSpace(sccmToolsExe) && File.Exists(sccmToolsExe))
{
return(sccmToolsExe);
}
Log.LogWarning($"Did not find SccmTools.exe by look up in Apps Paths (neither '{appKeyPath}' or '{appKeyPath32}'). SccmTools.exe do not seem to be installed. Please download and install SccmTools from https://github.com/trondr/SccmTools/releases or manually specify path to SccmTools.exe");
return(null);
}
public static void SetupRegistryForProcessGovernor(ProcessGovernor procgov, string appImageExe, RegistryOperation oper)
{
if (!IsUserAdmin())
{
Console.Error.WriteLine("You must be admin to do that. Run the app from the administrative console.");
return;
}
// extrace image.exe if path is provided
appImageExe = Path.GetFileName(appImageExe);
var regkey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options", true);
// add to image file execution path
if (oper == RegistryOperation.INSTALL)
{
regkey = regkey.CreateSubKey(appImageExe);
regkey.SetValue("Debugger", PrepareDebuggerCommandString(procgov, appImageExe));
}
else if (oper == RegistryOperation.UNINSTALL)
{
regkey.DeleteSubKey(appImageExe, false);
var appEnvironmentFilePath = GetAppEnvironmentFilePath(appImageExe);
if (File.Exists(appEnvironmentFilePath))
{
File.Delete(appEnvironmentFilePath);
}
}
}
public static int Main(string[] args)
{
ShowHeader();
using (var procgov = new ProcessGovernor()) {
List <string> procargs = null;
bool showhelp = false, nogui = false, debug = false;
int pid = 0;
RegistryOperation registryOperation = RegistryOperation.NONE;
var p = new OptionSet()
{
{ "m|maxmem=", "Max committed memory usage in bytes (accepted suffixes: K, M or G).",
v => { procgov.MaxProcessMemory = ParseMemoryString(v); } },
{ "env=", "A text file with environment variables (each line in form: VAR=VAL). Applies only to newly created processes.",
v => LoadCustomEnvironmentVariables(procgov, v) },
{ "c|cpu=", "If in hex (starts with 0x) it is treated as an affinity mask, otherwise it is a number of CPU cores assigned to your app.",
v => {
if (v.StartsWith("0x", StringComparison.OrdinalIgnoreCase))
{
procgov.CpuAffinityMask = long.Parse(v.Substring(2), NumberStyles.HexNumber);
}
else
{
procgov.CpuAffinityMask = CalculateAffinityMaskFromCpuCount(int.Parse(v));
}
} },
{ "r|recursive", "Apply limits to child processes too (will wait for all processes to finish).", v => { procgov.PropagateOnChildProcesses = v != null; } },
{ "newconsole", "Start the process in a new console window.", v => { procgov.SpawnNewConsoleWindow = v != null; } },
{ "nogui", "Hide Process Governor console window (set always when installed as debugger).",
v => { nogui = v != null; } },
{ "p|pid=", "Attach to an already running process", (int v) => pid = v },
{ "install", "Install procgov as a debugger for a specific process using Image File Executions. " +
"DO NOT USE this option if the process you want to control starts child instances of itself (for example, Chrome).",
v => { registryOperation = RegistryOperation.INSTALL; } },
{ "t|timeout=", "Kill the process (with -r, also all its children) if it does not finish within the specified time. " +
"Add suffix to define the time unit. Valid suffixes are: ms, s, m, h.",
(string v) => procgov.ClockTimeLimitInMilliseconds = ParseTimeStringToMilliseconds(v) },
{ "process-utime=", "Kill the process (with -r, also applies to its children) if it exceeds the given " +
"user-mode execution time. Add suffix to define the time unit. Valid suffixes are: ms, s, m, h.",
(string v) => procgov.ProcessUserTimeLimitInMilliseconds = ParseTimeStringToMilliseconds(v) },
{ "job-utime=", "Kill the process (with -r, also all its children) if the total user-mode execution " +
"time exceed the specified value. Add suffix to define the time unit. Valid suffixes are: ms, s, m, h.",
(string v) => procgov.JobUserTimeLimitInMilliseconds = ParseTimeStringToMilliseconds(v) },
{ "uninstall", "Uninstall procgov for a specific process.", v => { registryOperation = RegistryOperation.UNINSTALL; } },
{ "debugger", "Internal - do not use.",
v => debug = v != null },
{ "v|verbose", "Show verbose messages in the console.", v => procgov.ShowTraceMessages = v != null },
{ "h|help", "Show this message and exit", v => showhelp = v != null },
{ "?", "Show this message and exit", v => showhelp = v != null }
};
try {
procargs = p.Parse(args);
} catch (OptionException ex) {
Console.Error.Write("ERROR: invalid argument");
Console.Error.WriteLine(ex.Message);
Console.WriteLine();
showhelp = true;
} catch (FormatException) {
Console.Error.WriteLine("ERROR: invalid number in one of the constraints");
Console.WriteLine();
showhelp = true;
} catch (ArgumentException ex) {
Console.Error.WriteLine("ERROR: {0}", ex.Message);
Console.WriteLine();
showhelp = true;
}
if (!showhelp && registryOperation != RegistryOperation.NONE)
{
if (procargs.Count == 0)
{
Console.Error.WriteLine("ERROR: please provide an image name for a process you would like to intercept.");
return(1);
}
SetupRegistryForProcessGovernor(procgov, procargs[0], registryOperation);
return(0);
}
if (!showhelp && (procargs.Count == 0 && pid == 0) || (pid > 0 && procargs.Count > 0))
{
Console.Error.WriteLine("ERROR: please provide either process name or PID of the already running process");
Console.WriteLine();
showhelp = true;
}
if (showhelp)
{
ShowHelp(p);
return(0);
}
if (nogui)
{
WinWindows.NativeMethods.ShowWindow(WinWindows.NativeMethods.GetConsoleWindow(),
WinWindows.NativeMethods.SW_HIDE);
}
try {
ShowLimits(procgov);
if (debug)
{
return(procgov.StartProcessUnderDebuggerAndDetach(procargs));
}
if (pid > 0)
{
return(procgov.AttachToProcess(pid));
}
return(procgov.StartProcess(procargs));
} catch (Win32Exception ex) {
Console.Error.WriteLine("ERROR: {0} (0x{1:X})", ex.Message, ex.ErrorCode);
return(1);
} catch (Exception ex) {
Console.Error.WriteLine("ERROR: {0}", ex.Message);
return(1);
}
}
}
public static void Main(string[] args)
{
using (var procgov = new ProcessGovernor()) {
List <string> procargs = null;
bool showhelp = false, nogui = false, debug = false;
int pid = 0;
RegistryOperation registryOperation = RegistryOperation.NONE;
var p = new OptionSet()
{
{ "m|maxmem=", "Max committed memory usage in bytes (accepted suffixes: K, M or G).",
v => { procgov.MaxProcessMemory = ParseMemoryString(v); } },
{ "env=", "A text file with environment variables (each line in form: VAR=VAL). Applies only to newly created processes.",
v => LoadCustomEnvironmentVariables(procgov, v) },
{ "c|cpu=", "If in hex (starts with 0x) it is treated as an affinity mask, otherwise it is a number of CPU cores assigned to your app.",
v => {
if (v.StartsWith("0x", StringComparison.OrdinalIgnoreCase))
{
procgov.CpuAffinityMask = long.Parse(v.Substring(2), NumberStyles.HexNumber);
}
else
{
procgov.CpuAffinityMask = CalculateAffinityMaskFromCpuCount(int.Parse(v));
}
} },
{ "newconsole", "Start the process in a new console window.", v => { procgov.SpawnNewConsoleWindow = v != null; } },
{ "nogui", "Hide Process Governor console window (set always when installed as debugger).",
v => { nogui = v != null; } },
{ "p|pid=", "Attach to an already running process", (int v) => pid = v },
{ "install", "Installs procgov as a debugger for a specific process using Image File Executions.",
v => { registryOperation = RegistryOperation.INSTALL; } },
{ "uninstall", "Uninstalls procgov for a specific process.",
v => { registryOperation = RegistryOperation.UNINSTALL; } },
{ "debugger", "Internal - do not use.",
v => { debug = v != null; } },
{ "h|help", "Show this message and exit", v => showhelp = v != null },
{ "?", "Show this message and exit", v => showhelp = v != null }
};
try {
procargs = p.Parse(args);
} catch (OptionException ex) {
Console.Write("ERROR: invalid argument");
Console.WriteLine(ex.Message);
Console.WriteLine();
showhelp = true;
} catch (FormatException) {
Console.WriteLine("ERROR: invalid number in one of the constraints");
Console.WriteLine();
showhelp = true;
} catch (ArgumentException ex) {
Console.WriteLine("ERROR: {0}", ex.Message);
Console.WriteLine();
showhelp = true;
}
if (!showhelp && registryOperation != RegistryOperation.NONE)
{
if (procargs.Count == 0)
{
Console.WriteLine("ERROR: please provide an image name for a process you would like to intercept.");
return;
}
SetupRegistryForProcessGovernor(procgov, procargs[0], registryOperation);
return;
}
if (!showhelp && (procargs.Count == 0 && pid == 0) || (pid > 0 && procargs.Count > 0))
{
Console.WriteLine("ERROR: please provide either process name or PID of the already running process");
Console.WriteLine();
showhelp = true;
}
if (showhelp)
{
ShowHelp(p);
return;
}
if (nogui)
{
WinWindows.NativeMethods.ShowWindow(WinWindows.NativeMethods.GetConsoleWindow(),
WinWindows.NativeMethods.SW_HIDE);
}
try {
if (debug)
{
procgov.StartProcessUnderDebuggerAndDetach(procargs);
}
else if (pid > 0)
{
procgov.AttachToProcess(pid);
}
else
{
procgov.StartProcess(procargs);
}
} catch (Win32Exception ex) {
Console.WriteLine("ERROR: {0} (0x{1:X})", ex.Message, ex.ErrorCode);
} catch (Exception ex) {
Console.WriteLine("ERROR: {0}", ex.Message);
}
}
}
public static RegistryKey RegistryGetKey(String key, RegistryView registryView, RegistryOperation operation)
{
if (String.IsNullOrEmpty(key))
throw new ArgumentNullException("key");
RegistryKey baseRegistryKey = RegistryGetBaseKey(key);
if (baseRegistryKey == null)
return null;
if (key.IndexOf('\\') == -1 || (key.IndexOf('\\') != -1 && key.IndexOf('\\') + 1 >= key.Length))
return baseRegistryKey;
if (SgiUtils.GetRegistryKeyDangerousHandle(baseRegistryKey) == IntPtr.Zero)
return null;
String subkeyName = key.Substring(key.IndexOf('\\') + 1);
RegistryKeySecurityAndAccessRightsKey registryViewKey;
if (registryView == RegistryView.Registry64)
registryViewKey = RegistryKeySecurityAndAccessRightsKey.Wow6464Key;
else if (registryView == RegistryView.Registry32)
registryViewKey = RegistryKeySecurityAndAccessRightsKey.Wow6432Key;
else
registryViewKey = RegistryKeySecurityAndAccessRightsKey.None;
Int32 subKeyHandle;
RegistryResultDisposition disposition = RegistryResultDisposition.None;
Int32 result;
switch (operation)
{
case RegistryOperation.CreateKey:
result = UnsafeNativeMethods.RegCreateKeyEx(GetRegistryKeyDangerousHandle(baseRegistryKey), subkeyName, 0, IntPtr.Zero, 0,
(Int32)(RegistryKeySecurityAndAccessRightsKey.AllAccess | registryViewKey), IntPtr.Zero, out subKeyHandle, out disposition);
break;
case RegistryOperation.OpenKey:
result = UnsafeNativeMethods.RegOpenKeyEx(GetRegistryKeyDangerousHandle(baseRegistryKey), subkeyName, 0,
(Int32)(RegistryKeySecurityAndAccessRightsKey.AllAccess | registryViewKey), out subKeyHandle);
break;
default:
return null;
}
if (result != 0) // Oh noooes! Unknown error :(
return null;
RegistryKey registryKey = SubkeyHandleToRegistryKey((IntPtr)subKeyHandle, true, false);
if (disposition == RegistryResultDisposition.CreatedNewKey)
registryKey.Flush();
// Fix name of registryKey cuz it is empty and return
return RegistryKeyFixName(registryKey, baseRegistryKey, subkeyName);
}