public static void Launch(ManagedApplicationInfo processInfo, string assembly, string className, string methodName, string text) { var location = Assembly.GetExecutingAssembly().Location; var directory = Path.GetDirectoryName(location) ?? string.Empty; var injectorLauncherExe = Path.Combine(directory, $"Snoop.InjectorLauncher.{GetSuffix(processInfo)}.exe"); if (File.Exists(injectorLauncherExe) == false) { var message = $@"Could not find the injector launcher ""{injectorLauncherExe}"". Snoop requires this component, which is part of the Snoop project, to do it's job. - If you compiled snoop yourself, you should compile all required components. - If you downloaded snoop you should not omit any files contained in the archive you downloaded and make sure that no anti virus deleted the file."; throw new FileNotFoundException(message, injectorLauncherExe); } var startInfo = new ProcessStartInfo(injectorLauncherExe, $"--t { processInfo.ProcessId} --a {assembly} --c {className} --m {methodName} --h {processInfo.HWnd.ToInt32()} --v ") { UseShellExecute = false, CreateNoWindow = true, Verb = processInfo.IsOwningProcessElevated ? "runas" : null }; using (var process = Process.Start(startInfo)) { process?.WaitForExit(); } }
public string Inspect(ManagedApplicationInfo applicationInfo) { var binding = new NetNamedPipeBinding(); var channelFactory = new ChannelFactory<IProcessService>(binding, ProcessServiceAddress); IProcessService processService = channelFactory.CreateChannel(); return processService.Inspect(applicationInfo); }
public string Inspect(ManagedApplicationInfo applicationInfo) { var binding = new NetNamedPipeBinding(); var channelFactory = new ChannelFactory <IProcessService>(binding, ProcessServiceAddress); IProcessService processService = channelFactory.CreateChannel(); return(processService.Inspect(applicationInfo)); }
private static string GetSuffix(ManagedApplicationInfo windowInfo) { if (windowInfo.Bitness == 32) { return("x86"); } return("x64"); }
public string Inspect(ManagedApplicationInfo applicationInfo) { #if NETCORE var binding = new NetTcpBinding(); var channelFactory = new ChannelFactory <IProcessService>(binding, new EndpointAddress(ProcessServiceAddress)); #else var binding = new NetNamedPipeBinding(); var channelFactory = new ChannelFactory <IProcessService>(binding, ProcessServiceNet35Address); #endif IProcessService processService = channelFactory.CreateChannel(); return(processService.Inspect(applicationInfo)); }
public List <ManagedApplicationInfo> GetManagedApplications() { _validProcessIdCache.Clear(); var managedApplications = new List <ManagedApplicationInfo>(); var checkedProcessIds = new List <int>(); foreach (var hWnd in EnumerateWindows()) { int processId; NativeMethods.GetWindowThreadProcessId(hWnd, out processId); if (checkedProcessIds.Contains(processId)) { continue; } if (processId == _currentProcessId) { continue; } //Process p = GetProcess(hWnd);) string runtimeVersion; int bitness; bool IsNetCore; if (GetIsManagedApplication(hWnd, processId, out runtimeVersion, out bitness, out IsNetCore)) { IntPtr mainWindowHandle = new MainWindowFinder().FindMainWindow(processId); string windowText = GetWindowText(mainWindowHandle); if (mainWindowHandle == hWnd) { var process = Process.GetProcessById(processId); if (!process.ProcessName.Contains("devenv") && !process.ProcessName.Contains("PresentationHost") && !process.ProcessName.ToLower().Contains("inspector")) { var applicationInfo = new ManagedApplicationInfo(windowText, hWnd, processId, runtimeVersion, bitness, IsNetCore); applicationInfo.IsOwningProcessElevated = NativeMethods.IsProcessElevated(process); managedApplications.Add(applicationInfo); checkedProcessIds.Add(processId); } } } } return(managedApplications); }
public string Inspect(ManagedApplicationInfo applicationInfo) { using (var process = Process.GetProcessById(applicationInfo.ProcessId)) { if (PlatformHelper.Is64BitProcess && PlatformHelper.IsWow64Process(process.Handle)) { // This is a 64-bit process, so we use the 32-bit process helper to inspect the app _process32Service.Inspect(applicationInfo); } else { // The application to inspect has the same type 32/64 bit as we do InspectInternal(applicationInfo); } } return(null); }
public string Inspect(ManagedApplicationInfo applicationInfo) { try { using (var process = Process.GetProcessById(applicationInfo.ProcessId)) { if (PlatformHelper.Is64BitProcess && PlatformHelper.IsWow64Process(process.Handle)) { // This is a 64-bit process, so we use the 32-bit process helper to inspect the app _process32Service.Inspect(applicationInfo); } else { // The application to inspect has the same type 32/64 bit as we do InspectInternal(applicationInfo); } } return null; } catch (Win32Exception exception) { return exception.Message; } }
private void InspectInternal(ManagedApplicationInfo applicationInfo) { int processId; var threadId = (uint)NativeMethods.GetWindowThreadProcessId(applicationInfo.HWnd, out processId); using (var process = Process.GetProcessById(processId)) { string version = applicationInfo.RuntimeVersion.Contains("4") ? "40" : "35"; string hookName = string.Format("Hook{0}_{1}.dll", applicationInfo.Bitness, version); IntPtr hInstance = NativeMethods.LoadLibrary(hookName); if (hInstance == IntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } string methodIdentifier = string.Concat(Assembly.GetExecutingAssembly().Location, "$ChristianMoser.WpfInspector.Hook.Inspector$Inject"); int bufLen = (methodIdentifier.Length + 1) * Marshal.SizeOf(typeof(char)); IntPtr hProcess = NativeMethods.OpenProcess(NativeMethods.ProcessAccessFlags.All, false, processId); IntPtr remoteAdress = NativeMethods.VirtualAllocEx(hProcess, IntPtr.Zero, (uint)bufLen, NativeMethods.AllocationType.Commit, NativeMethods.MemoryProtection.ReadWrite); if (remoteAdress != IntPtr.Zero) { IntPtr address = Marshal.StringToHGlobalUni(methodIdentifier); uint size = (uint)(sizeof(char) * methodIdentifier.Length); int bytesWritten; NativeMethods.WriteProcessMemory(hProcess, remoteAdress, address, size, out bytesWritten); if (bytesWritten == 0) { throw Marshal.GetExceptionForHR(Marshal.GetLastWin32Error()); } UIntPtr procAdress = NativeMethods.GetProcAddress(hInstance, "MessageHookProc"); if (procAdress == UIntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } _hookHandle = NativeMethods.SetWindowsHookEx(NativeMethods.HookType.WH_CALLWNDPROC, procAdress, hInstance, threadId); if (_hookHandle != IntPtr.Zero) { NativeMethods.SendMessage(applicationInfo.HWnd, _wmInspect, remoteAdress, IntPtr.Zero); NativeMethods.UnhookWindowsHookEx(_hookHandle); } else { throw new Win32Exception(Marshal.GetLastWin32Error()); } NativeMethods.VirtualFreeEx(process.Handle, remoteAdress, bufLen, NativeMethods.AllocationType.Release); } else { throw new Win32Exception(Marshal.GetLastWin32Error()); } NativeMethods.FreeLibrary(hInstance); } }
private void InspectInternal(ManagedApplicationInfo applicationInfo) { InjectorLauncher.Launch(applicationInfo, "Inspector", "ChristianMoser.WpfInspector.Hook.Inspector", "Inject", "d"); }
public List<ManagedApplicationInfo> GetManagedApplications() { _validProcessIdCache.Clear(); var managedApplications = new List<ManagedApplicationInfo>(); var checkedProcessIds = new List<int>(); foreach (var hWnd in EnumerateWindows()) { int processId; NativeMethods.GetWindowThreadProcessId(hWnd, out processId); if (checkedProcessIds.Contains(processId)) { continue; } if (processId == _currentProcessId) continue; //Process p = GetProcess(hWnd);) string runtimeVersion; int bitness; if (GetIsManagedApplication(hWnd, processId, out runtimeVersion, out bitness) ) { IntPtr mainWindowHandle = new MainWindowFinder().FindMainWindow(processId); string windowText = GetWindowText(mainWindowHandle); if (mainWindowHandle == hWnd) { var process = Process.GetProcessById(processId); if (!process.ProcessName.Contains("devenv") && !process.ProcessName.Contains("PresentationHost") && !process.ProcessName.ToLower().Contains("inspector")) { var applicationInfo = new ManagedApplicationInfo(windowText, hWnd, processId, runtimeVersion, bitness); managedApplications.Add(applicationInfo); checkedProcessIds.Add(processId); } } } } return managedApplications; }
public string Inspect(ManagedApplicationInfo applicationInfo) { return ServiceLocator.Resolve<InspectionService>().Inspect(applicationInfo); }