public void ShowProperties(ProcessItem item) { DumpProcessWindow dpw = new DumpProcessWindow( this, item, _processesMo.GetChild(item.Pid.ToString("x")) ); dpw.Show(); }
private void LoadProperties() { var names = _processMo.ChildNames; if (names.Contains("LargeIcon")) { using (var largeIcon = _processMo.GetChild("LargeIcon")) pictureIcon.Image = Dump.GetIcon(largeIcon).ToBitmap(); } else { pictureIcon.Image = Properties.Resources.Process.ToBitmap(); } if (_item.VersionInfo != null) { textFileDescription.Text = _item.VersionInfo.FileDescription; textFileCompany.Text = _item.VersionInfo.CompanyName; textFileVersion.Text = _item.VersionInfo.FileVersion; } else { textFileDescription.Text = _item.Name; textFileCompany.Text = string.Empty; textFileVersion.Text = string.Empty; } textFileName.Text = _item.FileName; if (_item.VerifyResult == VerifyResult.Trusted) { if (!string.IsNullOrEmpty(_item.VerifySignerName)) { textFileCompany.Text = _item.VerifySignerName + " (verified)"; } else { textFileCompany.Text += " (verified)"; } } textStartTime.Text = _item.CreateTime.ToString(); textCmdLine.Text = _item.CmdLine; if (_item.HasParent) { if (_hw.Processes.ContainsKey(_item.ParentPid)) { textParent.Text = _hw.Processes[_item.ParentPid].Name + " (" + _item.ParentPid.ToString() + ")"; } else { textParent.Text = "Non-existent Process (" + _item.ParentPid.ToString() + ")"; buttonInspectParent.Enabled = false; } } else if (_item.ParentPid == -1) { textParent.Text = "No Parent Process"; buttonInspectParent.Enabled = false; } else { textParent.Text = "Non-existent Process (" + _item.ParentPid.ToString() + ")"; buttonInspectParent.Enabled = false; } using (var general = _processMo.GetChild("General")) { var dict = Dump.GetDictionary(general); if (dict.ContainsKey("CurrentDirectory")) { textCurrentDirectory.Text = dict["CurrentDirectory"]; } if (dict.ContainsKey("DepStatus")) { DepStatus status = (DepStatus)Dump.ParseInt32(dict["DepStatus"]); if ((status & DepStatus.Enabled) != 0) { textDEP.Text = "Enabled"; } else { textDEP.Text = "Disabled"; } if ((status & DepStatus.Permanent) != 0) { textDEP.Text += ", Permanent"; } if ((status & DepStatus.AtlThunkEmulationDisabled) != 0) { textDEP.Text += ", DEP-ATL thunk emulation disabled"; } } if (_hw.Architecture == OSArch.Amd64) { labelProcessType.Visible = true; labelProcessTypeValue.Visible = true; labelProcessTypeValue.Text = _item.IsWow64 ? "32-bit" : "64-bit"; } else { labelProcessType.Visible = false; labelProcessTypeValue.Visible = false; } } }
public void ShowProperties(IWin32Window owner, ServiceItem item) { DumpServiceWindow dsw = new DumpServiceWindow(item, _servicesMo.GetChild(item.Status.ServiceName)); dsw.ShowDialog(owner); }
private void LoadProcess(MemoryObject mo) { var names = mo.GetChildNames(); ProcessItem pitem; if (!names.Contains("General")) { return; } IDictionary <string, string> generalDict; using (var general = mo.GetChild("General")) generalDict = Dump.GetDictionary(general); pitem = new ProcessItem(); pitem.Pid = Dump.ParseInt32(generalDict["ProcessId"]); pitem.Name = generalDict["Name"]; pitem.ParentPid = Dump.ParseInt32(generalDict["ParentPid"]); if (generalDict.ContainsKey("HasParent")) { pitem.HasParent = Dump.ParseBool(generalDict["HasParent"]); } if (generalDict.ContainsKey("StartTime")) { pitem.CreateTime = Dump.ParseDateTime(generalDict["StartTime"]); } if (generalDict.ContainsKey("SessionId")) { pitem.SessionId = Dump.ParseInt32(generalDict["SessionId"]); } if (generalDict.ContainsKey("FileName")) { pitem.FileName = generalDict["FileName"]; } if (generalDict.ContainsKey("FileDescription")) { pitem.VersionInfo = new ImageVersionInfo(); pitem.VersionInfo.FileDescription = generalDict["FileDescription"]; pitem.VersionInfo.CompanyName = generalDict["FileCompanyName"]; pitem.VersionInfo.FileVersion = generalDict["FileVersion"]; pitem.VersionInfo.FileName = pitem.FileName; } if (generalDict.ContainsKey("CommandLine")) { pitem.CmdLine = generalDict["CommandLine"]; } if (generalDict.ContainsKey("IsPosix")) { pitem.IsPosix = Dump.ParseBool(generalDict["IsPosix"]); } if (generalDict.ContainsKey("IsWow64")) { pitem.IsWow64 = Dump.ParseBool(generalDict["IsWow64"]); } if (generalDict.ContainsKey("IsBeingDebugged")) { pitem.IsBeingDebugged = Dump.ParseBool(generalDict["IsBeingDebugged"]); } if (generalDict.ContainsKey("UserName")) { pitem.Username = generalDict["UserName"]; } if (generalDict.ContainsKey("ElevationType")) { pitem.ElevationType = (TokenElevationType)Dump.ParseInt32(generalDict["ElevationType"]); } if (generalDict.ContainsKey("CpuUsage")) { pitem.CpuUsage = float.Parse(generalDict["CpuUsage"]); } if (generalDict.ContainsKey("JobName")) { pitem.JobName = generalDict["JobName"]; } if (generalDict.ContainsKey("IsInJob")) { pitem.IsInJob = Dump.ParseBool(generalDict["IsInJob"]); } if (generalDict.ContainsKey("IsInSignificantJob")) { pitem.IsInSignificantJob = Dump.ParseBool(generalDict["IsInSignificantJob"]); } if (generalDict.ContainsKey("Integrity")) { pitem.Integrity = generalDict["Integrity"]; } if (generalDict.ContainsKey("IntegrityLevel")) { pitem.IntegrityLevel = Dump.ParseInt32(generalDict["IntegrityLevel"]); } if (generalDict.ContainsKey("IsDotNet")) { pitem.IsDotNet = Dump.ParseBool(generalDict["IsDotNet"]); } if (generalDict.ContainsKey("IsPacked")) { pitem.IsPacked = Dump.ParseBool(generalDict["IsPacked"]); } if (generalDict.ContainsKey("VerifyResult")) { pitem.VerifyResult = (VerifyResult)Dump.ParseInt32(generalDict["VerifyResult"]); } if (generalDict.ContainsKey("VerifySignerName")) { pitem.VerifySignerName = generalDict["VerifySignerName"]; } if (generalDict.ContainsKey("ImportFunctions")) { pitem.ImportFunctions = Dump.ParseInt32(generalDict["ImportFunctions"]); } if (generalDict.ContainsKey("ImportModules")) { pitem.ImportModules = Dump.ParseInt32(generalDict["ImportModules"]); } if (names.Contains("SmallIcon")) { using (var smallIcon = mo.GetChild("SmallIcon")) pitem.Icon = Dump.GetIcon(smallIcon); } if (names.Contains("VmCounters")) { using (var vmCounters = mo.GetChild("VmCounters")) pitem.Process.VirtualMemoryCounters = Dump.GetStruct <VmCountersEx64>(vmCounters).ToVmCountersEx(); } if (names.Contains("IoCounters")) { using (var ioCounters = mo.GetChild("IoCounters")) pitem.Process.IoCounters = Dump.GetStruct <IoCounters>(ioCounters); } _processes.Add(pitem.Pid, pitem); treeProcesses.AddItem(pitem); }