private void openDllSelector_Click(object sender, EventArgs e) { moduleWindowTargetProcess = ProcessList.SelectedItems[0].Tag as ProcessListItem; ModuleWindow mw = new ModuleWindow() { StartPosition = FormStartPosition.CenterParent }; mw.ShowDialog(); }
public string GetName(Guid processId) { if (!managedProcesses.ContainsKey(processId)) { return(null); } ProcessListItem item = managedProcesses[processId]; return(item.Configuration.Name); }
public bool Restart(Guid processId) { if (!managedProcesses.ContainsKey(processId)) { return(false); } ProcessListItem item = managedProcesses[processId]; Stop(processId); item.Process.WaitForExit(); return(Start(processId)); }
private void dumpMainModule_Click(object sender, EventArgs e) { logsTextBox.AppendText(@"[*] Dumping main module..." + Environment.NewLine); if (c.HasValidHandle()) { ProcessListItem targetProcess = ProcessList.SelectedItems[0].Tag as ProcessListItem; if (targetProcess == null) { return; } Task.Run(() => { if (new Dumper(c).DumpProcess(targetProcess, out PEFile peFile)) { Invoke(new Action(() => { using (SaveFileDialog sfd = new SaveFileDialog()) { sfd.FileName = targetProcess.ProcessName.Replace(".exe", "_dump.exe"); sfd.Filter = @"Executable File (.exe)|*.exe"; if (sfd.ShowDialog() == DialogResult.OK) { peFile.SaveToDisk(sfd.FileName); logsTextBox.AppendText(@"[+] Saved dump to disk!" + Environment.NewLine); logsTextBox.AppendText(@"[+] Successfully dumped " + targetProcess.ProcessName + "!" + Environment.NewLine); } else { logsTextBox.AppendText(@"[!] Dumping aborted!" + Environment.NewLine); } } })); } else { Invoke(new Action(() => { logsTextBox.AppendText(@"[-] Unknown error with Dumper!" + Environment.NewLine); MessageBox.Show(@"Unable to dump target process !", @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error); })); } }); } else { //MessageBox.Show("Unable to communicate with driver ! Make sure it is loaded.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
private void StartedProcess_Exited(ProcessListItem item, EventArgs e) { processOutputService.AddInternalOutput(item.Configuration.ID, $"Process exited with code: {item.Process.ExitCode}"); item.Process.CancelErrorRead(); item.Process.CancelOutputRead(); if (!item.ExitSignaled && item.Configuration.AutoRestart && item.Process.ExitCode != 0) { Task.Delay(1000).ContinueWith(task => Start(item.Configuration.ID)); } item.ExitSignaled = false; }
public TaskManagerViewModel(Action <ProcessPriorityClass?> selectRadio) { _selectRadio = selectRadio; ProcessList = new ObservableCollection <ProcessListItem>(Process.GetProcesses().Select(p => new ProcessListItem(p))); SelectedProcess = ProcessList[0]; PriorityChanged = new PriorityChanged(this); RefreshList = new RefreshList(this); DeleteProcess = new DeleteProcess(); RunProcess = new RunProcess(); UpdateSpeedChanged = new UpdateSpeedChanged(async(r) => { _refreshRate = r; await StartRefresh(); }); }
public bool DumpProcess(ProcessListItem processListItem, out PEFile outputFile) { IntPtr basePointer = (IntPtr)processListItem.MainModuleBase; IMAGE_DOS_HEADER dosHeader = ReadProcessStruct <IMAGE_DOS_HEADER>(processListItem.ProcessId, basePointer); outputFile = default; if (dosHeader.IsValid) { IntPtr peHeaderPointer = basePointer + dosHeader.e_lfanew; IntPtr dosStubPointer = basePointer + Marshal.SizeOf <IMAGE_DOS_HEADER>(); byte[] dosStub = ReadProcessBytes(processListItem.ProcessId, dosStubPointer, dosHeader.e_lfanew - Marshal.SizeOf <IMAGE_DOS_HEADER>()); var peFile = !processListItem.ImageType ? Dump64BitPE(processListItem.ProcessId, dosHeader, dosStub, peHeaderPointer) : Dump32BitPE(processListItem.ProcessId, dosHeader, dosStub, peHeaderPointer); if (peFile != default(PEFile)) { IntPtr sectionHeaderPointer = peHeaderPointer + peFile.GetFirstSectionHeaderOffset(); for (int i = 0; i < peFile.Sections.Length; i++) { IMAGE_SECTION_HEADER sectionHeader = ReadProcessStruct <IMAGE_SECTION_HEADER>(processListItem.ProcessId, sectionHeaderPointer); peFile.Sections[i] = new PESection { Header = PESection.PESectionHeader.FromNativeStruct(sectionHeader), InitialSize = (int)sectionHeader.VirtualSize }; ReadSectionContent(processListItem.ProcessId, new IntPtr(basePointer.ToInt64() + sectionHeader.VirtualAddress), peFile.Sections[i]); sectionHeaderPointer += Marshal.SizeOf <IMAGE_SECTION_HEADER>(); } //Logger.Log("Aligning Sections..."); peFile.AlignSectionHeaders(); //Logger.Log("Fixing PE Header..."); peFile.FixPEHeader(); //Logger.Log("Dump Completed !"); outputFile = peFile; return(true); } } return(false); }
public bool FdGetProcessList(out ProcessListItem[] result) { result = Array.Empty <ProcessListItem>(); ulong processListSize = FdGetProcessListSize(); if (processListSize <= 0) { return(false); } IntPtr processListPtr = MarshalUtility.AllocZeroFilled((int)processListSize); KERNEL_PROCESS_LIST_REQUEST kplr = new KERNEL_PROCESS_LIST_REQUEST { ProcessListPtr = (ulong)processListPtr.ToInt64(), ProcessListSize = processListSize }; IntPtr kplrPointer = MarshalUtility.CopyStructToMemory(kplr); int klprSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_REQUEST>(); if (DeviceIoControl(hDriver, IO_PROCESS_LIST_REQUEST, kplrPointer, klprSize, kplrPointer, klprSize, IntPtr.Zero, IntPtr.Zero)) { kplr = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_REQUEST>(kplrPointer); if (kplr.ProcessListCount > 0) { byte[] managedBuffer = new byte[processListSize]; Marshal.Copy(processListPtr, managedBuffer, 0, (int)processListSize); Marshal.FreeHGlobal(processListPtr); result = new ProcessListItem[kplr.ProcessListCount]; using (BinaryReader reader = new BinaryReader(new MemoryStream(managedBuffer))) { for (int i = 0; i < result.Length; i++) { result[i] = ProcessListItem.FromByteStream(reader); } } return(true); } } return(false); }
public void SelectedItemChanged(object sender, SelectedCellsChangedEventArgs e) { if (e.AddedCells.Count == 0) { return; } SelectedProcess = e.AddedCells[0].Item as ProcessListItem; try { if (SelectedProcess != null && SelectedProcess.Proc.HasExited) { ProcessList.Remove(SelectedProcess); return; } } catch { } DisplayDetails(); }
public bool Stop(Guid processId) { if (!managedProcesses.ContainsKey(processId)) { return(false); } ProcessListItem item = managedProcesses[processId]; if (item.Process == null || item.Process.HasExited) { return(false); } item.ExitSignaled = true; item.Process.Kill(); return(true); }
public bool SendInput(Guid processId, string data) { if (!managedProcesses.ContainsKey(processId)) { return(false); } ProcessListItem item = managedProcesses[processId]; if (item.Process == null || item.Process.HasExited) { return(false); } // TODO: try/catch? item.Process.StandardInput.WriteLine(data); return(true); }
public void DoRefresh() { //Remove Old Processes var processesToRemove = new List <ProcessListItem>(); foreach (var processListItem in ProcessList) { try { if (processListItem.Proc.HasExited) { processesToRemove.Add(processListItem); } } catch { } } Application.Current.Dispatcher?.Invoke(() => processesToRemove.ForEach(p => ProcessList.Remove(p))); //Add new Processes var currentProcesses = Process.GetProcesses(); var processesToAdd = new List <ProcessListItem>(); foreach (var process in currentProcesses) { if (!ProcessList.Select(p => p.Id).Contains(process.Id)) { processesToAdd.Add(new ProcessListItem(process)); } } Application.Current.Dispatcher?.Invoke(() => processesToAdd.ForEach(p => ProcessList.Add(p))); //Update Selected Process if (!ProcessList.Contains(SelectedProcess)) { SelectedProcess = ProcessList[0]; } Application.Current.Dispatcher?.Invoke(DisplayDetails); }
public DetailedProcessInfo(ProcessListItem process) { InitializeComponent(); FillInData(new DetailedProcessInfoModel(process)); }
protected override void OnMouseClick(MouseEventArgs e) { if (!AllowSelect) return; foreach (ListItem item in Items) { Rectangle rect = new Rectangle(item.Location, item.Size); rect.Offset(0, -mCurrentY); if (rect.Contains(e.Location)) { SelectedItem = (ProcessListItem)item; } } Invalidate(); base.OnMouseClick(e); }
public void AddItem(ProcessListItem item) { mItems.Add(item); item.IconSize = mIconSize; Invalidate(); }
public bool Start(Guid processId) { if (!managedProcesses.ContainsKey(processId)) { return(false); } ProcessListItem item = managedProcesses[processId]; ManagedProcess configuration = item.Configuration; if (item.Process != null) { if (!item.Process.HasExited) { return(false); } } else { ProcessStartInfo startInfo = new ProcessStartInfo(configuration.FileName); if (!string.IsNullOrWhiteSpace(configuration.Args)) { startInfo.Arguments = configuration.Args; } if (!string.IsNullOrWhiteSpace(configuration.WorkingDirectory)) { startInfo.WorkingDirectory = configuration.WorkingDirectory; } if (!string.IsNullOrWhiteSpace(configuration.Username) && !string.IsNullOrWhiteSpace(configuration.Password)) { startInfo.UserName = configuration.Username; startInfo.PasswordInClearText = configuration.Password; } startInfo.CreateNoWindow = true; startInfo.UseShellExecute = false; startInfo.StandardErrorEncoding = Encoding.UTF8; startInfo.StandardInputEncoding = Encoding.UTF8; startInfo.StandardOutputEncoding = Encoding.UTF8; startInfo.RedirectStandardError = true; startInfo.RedirectStandardInput = true; startInfo.RedirectStandardOutput = true; Process startedProcess = new Process(); startedProcess.StartInfo = startInfo; startedProcess.OutputDataReceived += (source, ea) => processOutputService.AddStandardOutput(configuration.ID, ea.Data); startedProcess.ErrorDataReceived += (source, ea) => processOutputService.AddErrorOutput(configuration.ID, ea.Data); startedProcess.EnableRaisingEvents = true; startedProcess.Exited += (source, ea) => StartedProcess_Exited(item, ea); item.Process = startedProcess; } bool result; try { result = item.Process.Start(); if (result) { item.Process.StandardInput.AutoFlush = true; item.Process.BeginErrorReadLine(); item.Process.BeginOutputReadLine(); } } catch (Exception ex) { result = false; processOutputService.AddInternalOutput(configuration.ID, $"Process failed to start with exception: {ex.Message} ({ex.GetType().FullName})"); } return(result); }