private IWatchableProcess GetWatchableProcess(EventArrivedEventArgs eventArgs)
{
var @object = (ManagementBaseObject)eventArgs.NewEvent.Properties["TargetInstance"].Value;
var pid = (uint)@object.Properties["ProcessID"].Value;
var builder = new StringBuilder(MaxPathLength + 1);
var filePath = InjectionDriver.GetProcessFilePath(pid, builder, builder.Capacity)
? builder.ToString()
: null;
_logger.Log(LogLevel.Debug, $"wmi event received, file path: {filePath}, pid: {pid}");
lock (_lock)
{
return(_watchableProcesses.FirstOrDefault(process => string.Equals(process.FilePath, filePath, StringComparison.OrdinalIgnoreCase)));
}
}
private static bool?StartProcess(string applicationFilePath)
{
if (applicationFilePath.IsNullOrEmpty() || InjectionDriver.IsProcessRunning(applicationFilePath))
{
return(null);
}
using (var process = CreateProcess(applicationFilePath))
{
try
{
return(process.Start());
}
catch (Win32Exception)
{
return(false);
}
}
}
public bool IsProcessRunning(string applicationFilePath)
{
return(InjectionDriver.IsProcessRunning(applicationFilePath));
}
public bool IsProxyLoaded(string applicationFilePath, string proxyFilePath)
{
return(InjectionDriver.IsProxyLoaded(applicationFilePath, proxyFilePath));
}
public InjectionResult Inject(string applicationFilePath, string proxyFilePath)
{
return(new InjectionResult(InjectionDriver.Inject(applicationFilePath, proxyFilePath)));
}
