public static COMProcessEntry ParseProcess(int pid, string dbghelp_path, string symbol_path)
{
using (SafeProcessHandle process = SafeProcessHandle.Open(pid, ProcessAccessRights.VmRead | ProcessAccessRights.QueryInformation))
{
if (process.IsInvalid)
{
return(null);
}
if (process.Is64Bit && !Environment.Is64BitProcess)
{
return(null);
}
using (SymbolResolver resolver = new SymbolResolver(dbghelp_path, process, symbol_path))
{
return(new COMProcessEntry(
pid,
GetProcessFileName(process),
ParseIPIDEntries(process, resolver),
process.Is64Bit,
GetProcessAppId(process, resolver),
GetProcessAccessSecurityDescriptor(process, resolver),
GetLrpcSecurityDescriptor(process, resolver),
process.GetUser(),
process.GetUserSid(),
ReadString(process, resolver, "gwszLRPCEndPoint"),
ReadEnum <EOLE_AUTHENTICATION_CAPABILITIES>(process, resolver, "gCapabilities"),
ReadEnum <RPC_AUTHN_LEVEL>(process, resolver, "gAuthnLevel"),
ReadEnum <RPC_IMP_LEVEL>(process, resolver, "gImpLevel"),
ReadPointer(process, resolver, "gAccessControl"),
ReadPointer(process, resolver, "ghwndOleMainThread")));
}
}
}
public SelectSecurityCheckForm(bool process_security)
{
InitializeComponent();
_process_security = process_security;
_tokens = new List <SafeTokenHandle>();
Disposed += SelectSecurityCheckForm_Disposed;
string username = String.Format(@"{0}\{1}", Environment.UserDomainName, Environment.UserName);
textBoxPrincipal.Text = username;
COMProcessParser.EnableDebugPrivilege();
foreach (Process p in Process.GetProcesses().OrderBy(p => p.Id))
{
try
{
using (SafeProcessHandle process = SafeProcessHandle.Open(p.Id, ProcessAccessRights.QueryInformation))
{
SafeTokenHandle token = process.OpenToken();
_tokens.Add(token);
ListViewItem item = listViewProcesses.Items.Add(p.Id.ToString());
item.SubItems.Add(p.ProcessName);
item.SubItems.Add(process.GetUser());
item.SubItems.Add(token.GetIntegrityLevel().ToString());
item.Tag = token;
}
}
catch
{
}
}
listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewProcesses.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
listViewProcesses.ListViewItemSorter = new ListItemComparer(0);
foreach (object value in Enum.GetValues(typeof(SecurityIntegrityLevel)))
{
comboBoxIL.Items.Add(value);
}
comboBoxIL.SelectedItem = SecurityIntegrityLevel.Low;
if (process_security)
{
textBoxPrincipal.Enabled = false;
checkBoxLocalLaunch.Enabled = false;
checkBoxRemoteLaunch.Enabled = false;
checkBoxLocalActivate.Enabled = false;
checkBoxRemoteActivate.Enabled = false;
}
}