public static ISymbolResolver GetProxyParserSymbolResolver()
{
if (!Properties.Settings.Default.ProxyParserResolveSymbols)
{
return(null);
}
string dbghelp = Environment.Is64BitProcess ? Properties.Settings.Default.DbgHelpPath64 : Properties.Settings.Default.DbgHelpPath32;
if (string.IsNullOrWhiteSpace(dbghelp))
{
return(null);
}
return(SymbolResolver.Create(NtProcess.Current, dbghelp, Properties.Settings.Default.SymbolPath));
}
public static COMProcessEntry ParseProcess(int pid, string dbghelp_path, string symbol_path)
{
using (var result = NtProcess.Open(pid, ProcessAccessRights.VmRead | ProcessAccessRights.QueryInformation, false))
{
if (!result.IsSuccess)
{
return(null);
}
NtProcess process = result.Result;
if (process.Is64Bit && !Environment.Is64BitProcess)
{
return(null);
}
using (ISymbolResolver resolver = SymbolResolver.Create(process, dbghelp_path, symbol_path))
{
Sid user = process.User;
return(new COMProcessEntry(
pid,
GetProcessFileName(process),
ParseIPIDEntries(process, resolver),
process.Is64Bit,
GetProcessAppId(process, resolver),
GetProcessAccessSecurityDescriptor(process, resolver),
GetLrpcSecurityDescriptor(process, resolver),
user.Name,
user.ToString(),
ReadString(process, resolver, "gwszLRPCEndPoint"),
ReadEnum <EOLE_AUTHENTICATION_CAPABILITIES>(process, resolver, "gCapabilities"),
ReadEnum <RPC_AUTHN_LEVEL>(process, resolver, "gAuthnLevel"),
ReadEnum <RPC_IMP_LEVEL>(process, resolver, "gImpLevel"),
ReadPointer(process, resolver, "gAccessControl"),
ReadPointer(process, resolver, "ghwndOleMainThread")));
}
}
}