public MemoryList()
{
InitializeComponent();
_highlightingContext = new HighlightingContext(listMemory);
listMemory.KeyDown += new KeyEventHandler(listMemory_KeyDown);
listMemory.MouseDown += new MouseEventHandler(listMemory_MouseDown);
listMemory.MouseUp += new MouseEventHandler(listMemory_MouseUp);
ColumnSettings.LoadSettings(Settings.Instance.MemoryListViewColumns, listMemory);
listMemory.ContextMenu = menuMemory;
GenericViewMenu.AddMenuItems(copyMemoryMenuItem.MenuItems, listMemory, null);
listMemory.ListViewItemSorter = new SortedListViewComparer(listMemory)
{
SortColumn = 1,
SortOrder = SortOrder.Ascending
};
(listMemory.ListViewItemSorter as SortedListViewComparer).CustomSorters.Add(2,
(x, y) =>
{
MemoryItem ix = (MemoryItem)x.Tag;
MemoryItem iy = (MemoryItem)y.Tag;
return(ix.Size.CompareTo(iy.Size));
});
}
public HandleList()
{
InitializeComponent();
_highlightingContext = new HighlightingContext(listHandles);
listHandles.KeyDown += this.listHandles_KeyDown;
listHandles.MouseDown += this.listHandles_MouseDown;
listHandles.MouseUp += this.listHandles_MouseUp;
listHandles.DoubleClick += this.listHandles_DoubleClick;
listHandles.SelectedIndexChanged += this.listHandles_SelectedIndexChanged;
var comparer = (SortedListViewComparer)
(listHandles.ListViewItemSorter = new SortedListViewComparer(listHandles));
comparer.ColumnSortOrder.Add(0);
comparer.ColumnSortOrder.Add(2);
comparer.ColumnSortOrder.Add(1);
listHandles.ContextMenu = menuHandle;
GenericViewMenu.AddMenuItems(copyHandleMenuItem.MenuItems, listHandles, null);
ColumnSettings.LoadSettings(Settings.Instance.HandleListViewColumns, listHandles);
//if (KProcessHacker.Instance == null)
{
protectedMenuItem.Visible = false;
inheritMenuItem.Visible = false;
}
}
public ModuleList()
{
InitializeComponent();
_highlightingContext = new HighlightingContext(listModules);
listModules.KeyDown += new KeyEventHandler(ModuleList_KeyDown);
listModules.MouseDown += new MouseEventHandler(listModules_MouseDown);
listModules.MouseUp += new MouseEventHandler(listModules_MouseUp);
listModules.DoubleClick += new EventHandler(listModules_DoubleClick);
ColumnSettings.LoadSettings(Properties.Settings.Default.ModuleListViewColumns, listModules);
listModules.ContextMenu = menuModule;
GenericViewMenu.AddMenuItems(copyModuleMenuItem.MenuItems, listModules, null);
}
public ModuleList()
{
InitializeComponent();
_highlightingContext = new HighlightingContext(listModules);
listModules.KeyDown += this.ModuleList_KeyDown;
listModules.MouseDown += this.listModules_MouseDown;
listModules.MouseUp += this.listModules_MouseUp;
listModules.DoubleClick += this.listModules_DoubleClick;
ColumnSettings.LoadSettings(Settings.Instance.ModuleListViewColumns, listModules);
listModules.ContextMenu = menuModule;
GenericViewMenu.AddMenuItems(copyModuleMenuItem.MenuItems, listModules, null);
}
public HandleFilterWindow()
{
InitializeComponent();
this.AddEscapeToClose();
this.SetTopMost();
GenericViewMenu.AddMenuItems(copyMenuItem.MenuItems, listHandles, null);
listHandles.ContextMenu = menuHandle;
var comparer = (SortedListViewComparer)(listHandles.ListViewItemSorter = new SortedListViewComparer(listHandles));
comparer.ColumnSortOrder.Add(0);
comparer.ColumnSortOrder.Add(1);
comparer.ColumnSortOrder.Add(2);
comparer.ColumnSortOrder.Add(3);
}
private void DumpHackerWindow_Load(object sender, EventArgs e)
{
treeProcesses.DumpMode = true;
treeProcesses.DumpProcesses = _processes;
treeProcesses.DumpProcessServices = _processServices;
treeProcesses.DumpServices = _services;
GenericViewMenu.AddMenuItems(copyMenuItem.MenuItems, treeProcesses.Tree);
treeProcesses.Tree.ContextMenu = menuProcess;
GenericViewMenu.AddMenuItems(copyServiceMenuItem.MenuItems, listServices.List, null);
listServices.List.ContextMenu = menuService;
this.LoadSystemInformation();
this.LoadProcesses();
this.LoadServices();
treeProcesses.UpdateItems();
listServices.UpdateItems();
}
public StructViewer(int pid, IntPtr address, StructDef struc)
{
InitializeComponent();
_struct = struc;
treeStruct.Model = _model;
treeStruct.ContextMenu = menuStruct;
GenericViewMenu.AddMenuItems(copyMenuItem.MenuItems, treeStruct);
try
{
FieldValue[] values;
_struct.Offset = address;
_struct.IOProvider = new ProcessMemoryIO(pid);
_struct.Structs = Program.Structs;
values = _struct.Read();
_model.Nodes.Add(new StructNode(new FieldValue
{
Name = "Struct",
FieldType = FieldType.StringUTF16,
Value = string.Empty
}));
foreach (FieldValue val in values)
{
this.AddNode(_model.Nodes[0], val);
}
treeStruct.Root.Children[0].IsExpanded = true;
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to view the struct", ex);
this.Error = true;
}
}
public TokenProperties(IWithToken obj)
{
InitializeComponent();
listPrivileges.SetDoubleBuffered(true);
listPrivileges.ListViewItemSorter = new SortedListViewComparer(listPrivileges);
GenericViewMenu.AddMenuItems(copyMenuItem.MenuItems, listPrivileges, null);
listPrivileges.ContextMenu = menuPrivileges;
if (obj == null)
{
return;
}
_object = obj;
try
{
using (TokenHandle thandle = _object.GetToken(TokenAccess.Query))
{
// "General"
try
{
textUser.Text = thandle.GetUser().GetFullName(true);
textUserSID.Text = thandle.GetUser().StringSid;
textOwner.Text = thandle.GetOwner().GetFullName(true);
textPrimaryGroup.Text = thandle.GetPrimaryGroup().GetFullName(true);
}
catch (Exception ex)
{
textUser.Text = "(" + ex.Message + ")";
}
try
{
textSessionID.Text = thandle.GetSessionId().ToString();
}
catch (Exception ex)
{
textSessionID.Text = "(" + ex.Message + ")";
}
try
{
var type = thandle.GetElevationType();
if (type == TokenElevationType.Default)
{
textElevated.Text = "N/A";
}
else if (type == TokenElevationType.Full)
{
textElevated.Text = "True";
}
else if (type == TokenElevationType.Limited)
{
textElevated.Text = "False";
}
}
catch (Exception ex)
{
textElevated.Text = "(" + ex.Message + ")";
}
// Determine if the token has a linked token.
if (OSVersion.HasUac)
{
try
{
TokenHandle linkedToken = thandle.GetLinkedToken();
if (linkedToken != null)
{
linkedToken.Dispose();
}
else
{
buttonLinkedToken.Visible = false;
}
}
catch
{
buttonLinkedToken.Visible = false;
}
}
else
{
buttonLinkedToken.Visible = false;
}
try
{
bool virtAllowed = thandle.IsVirtualizationAllowed();
bool virtEnabled = thandle.IsVirtualizationEnabled();
if (virtEnabled)
{
textVirtualized.Text = "Enabled";
}
else if (virtAllowed)
{
textVirtualized.Text = "Disabled";
}
else
{
textVirtualized.Text = "Not Allowed";
}
}
catch (Exception ex)
{
textVirtualized.Text = "(" + ex.Message + ")";
}
try
{
using (TokenHandle tokenSource = _object.GetToken(TokenAccess.QuerySource))
{
var source = tokenSource.GetSource();
textSourceName.Text = source.SourceName.TrimEnd('\0', '\r', '\n', ' ');
long luid = source.SourceIdentifier.QuadPart;
textSourceLUID.Text = "0x" + luid.ToString("x");
}
}
catch (Exception ex)
{
textSourceName.Text = "(" + ex.Message + ")";
}
// "Advanced"
try
{
var statistics = thandle.GetStatistics();
textTokenType.Text = statistics.TokenType.ToString();
textImpersonationLevel.Text = statistics.ImpersonationLevel.ToString();
textTokenId.Text = "0x" + statistics.TokenId.ToString();
textAuthenticationId.Text = "0x" + statistics.AuthenticationId.ToString();
textMemoryUsed.Text = Utils.FormatSize(statistics.DynamicCharged);
textMemoryAvailable.Text = Utils.FormatSize(statistics.DynamicAvailable);
}
catch (Exception ex)
{
textTokenType.Text = "(" + ex.Message + ")";
}
try
{
var groups = thandle.GetGroups();
_groups = new TokenGroupsList(groups);
foreach (var group in groups)
{
group.Dispose();
}
_groups.Dock = DockStyle.Fill;
tabGroups.Controls.Add(_groups);
}
catch (Exception ex)
{
tabGroups.Text = "(" + ex.Message + ")";
}
try
{
var privileges = thandle.GetPrivileges();
for (int i = 0; i < privileges.Length; i++)
{
this.AddPrivilege(privileges[i]);
}
}
catch (Exception ex)
{
tabPrivileges.Text = "(" + ex.Message + ")";
}
}
}
catch (Exception ex)
{
tabControl.Visible = false;
Label errorMessage = new Label();
errorMessage.Text = ex.Message;
this.Padding = new Padding(15, 10, 0, 0);
this.Controls.Add(errorMessage);
}
if (!OSVersion.HasUac)
{
labelElevated.Enabled = false;
textElevated.Enabled = false;
textElevated.Text = "";
labelVirtualization.Enabled = false;
textVirtualized.Enabled = false;
textVirtualized.Text = "";
}
if (tabControl.TabPages[Settings.Instance.TokenWindowTab] != null)
{
tabControl.SelectedTab = tabControl.TabPages[Settings.Instance.TokenWindowTab];
}
ColumnSettings.LoadSettings(Settings.Instance.PrivilegeListColumns, listPrivileges);
listPrivileges.AddShortcuts();
}
public HeapsWindow(int pid, HeapInformation[] heaps)
{
InitializeComponent();
this.AddEscapeToClose();
this.SetTopMost();
listHeaps.SetDoubleBuffered(true);
listHeaps.SetTheme("explorer");
listHeaps.AddShortcuts();
listHeaps.ContextMenu = menuHeap;
GenericViewMenu.AddMenuItems(copyMenuItem.MenuItems, listHeaps, null);
// Native threads don't work properly on XP.
if (OSVersion.IsBelowOrEqual(WindowsVersion.XP))
{
destroyMenuItem.Visible = false;
}
var comparer = new SortedListViewComparer(listHeaps);
listHeaps.ListViewItemSorter = comparer;
comparer.CustomSorters.Add(1, (l1, l2) =>
{
HeapInformation heap1 = l1.Tag as HeapInformation;
HeapInformation heap2 = l2.Tag as HeapInformation;
return(heap1.BytesAllocated.CompareTo(heap2.BytesAllocated));
});
comparer.CustomSorters.Add(2, (l1, l2) =>
{
HeapInformation heap1 = l1.Tag as HeapInformation;
HeapInformation heap2 = l2.Tag as HeapInformation;
return(heap1.BytesCommitted.CompareTo(heap2.BytesCommitted));
});
_pid = pid;
IntPtr defaultHeap = IntPtr.Zero;
try
{
using (var phandle = new ProcessHandle(
pid,
Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights))
defaultHeap = phandle.GetHeap();
}
catch (WindowsException)
{ }
long allocatedTotal = 0, committedTotal = 0;
int entriesTotal = 0, tagsTotal = 0, pseudoTagsTotal = 0;
foreach (HeapInformation heap in heaps)
{
ListViewItem litem = listHeaps.Items.Add(new ListViewItem(
new string[]
{
Utils.FormatAddress(heap.Address),
heap.BytesAllocated.ToString("N0") + " B",
heap.BytesCommitted.ToString("N0") + " B",
heap.EntryCount.ToString("N0")
//heap.TagCount.ToString("N0"),
//heap.PseudoTagCount.ToString("N0")
}));
litem.Tag = heap;
// Make the default heap bold.
if (heap.Address == defaultHeap)
{
litem.Font = new Font(litem.Font, FontStyle.Bold);
}
// Sum everything up.
allocatedTotal += heap.BytesAllocated;
committedTotal += heap.BytesCommitted;
entriesTotal += heap.EntryCount;
tagsTotal += heap.TagCount;
pseudoTagsTotal += heap.PseudoTagCount;
}
// Totals row.
listHeaps.Items.Add(new ListViewItem(
new string[]
{
"Totals",
allocatedTotal.ToString("N0") + " B",
committedTotal.ToString("N0") + " B",
entriesTotal.ToString("N0")
//tagsTotal.ToString("N0"),
//pseudoTagsTotal.ToString("N0")
})).Tag = new HeapInformation(
IntPtr.Zero, allocatedTotal, committedTotal,
tagsTotal, entriesTotal, pseudoTagsTotal
);
}