示例#1
0
        private static bool ProcessCommandLine(Dictionary<string, string> pArgs)
        {
            if (pArgs.ContainsKey("-assistant"))
            {
                Assistant.Main(pArgs);

                return true;
            }

            if (pArgs.ContainsKey("-e"))
            {
                try
                {
                    ExtendedCmd.Run(pArgs);
                }
                catch (Exception ex)
                {
                    PhUtils.ShowException("Unable to complete the operation", ex);
                }

                return true;
            }

            if (pArgs.ContainsKey("-installkph"))
            {
                try
                {
                    using (ServiceManagerHandle scm = new ServiceManagerHandle(ScManagerAccess.CreateService))
                    {
                        using (ServiceHandle shandle = scm.CreateService(
                            "KProcessHacker2",
                            "KProcessHacker2",
                            ServiceType.KernelDriver,
                            ServiceStartType.SystemStart,
                            ServiceErrorControl.Ignore,
                            Application.StartupPath + "\\kprocesshacker.sys",
                            null,
                            null,
                            null
                            ))
                        {
                            shandle.Start();
                        }
                    }
                }
                catch (WindowsException ex)
                {
                    // Need to pass status back.
                    Environment.Exit((int)ex.ErrorCode);
                }

                return true;
            }

            if (pArgs.ContainsKey("-uninstallkph"))
            {
                try
                {
                    using (ServiceHandle shandle = new ServiceHandle("KProcessHacker2", ServiceAccess.Stop | (ServiceAccess)StandardRights.Delete))
                    {
                        try { shandle.Control(ServiceControl.Stop); }
                        catch { }

                        shandle.Delete();
                    }
                }
                catch (WindowsException ex)
                {
                    // Need to pass status back.
                    Environment.Exit((int)ex.ErrorCode);
                }

                return true;
            }

            if (pArgs.ContainsKey("-ip"))
                InspectPid = int.Parse(pArgs["-ip"]);

            if (pArgs.ContainsKey("-pw"))
            {
                int pid = int.Parse(pArgs["-pw"]);

                PrimaryProviderThread = new ProviderThread(Settings.Instance.RefreshInterval);
                SecondaryProviderThread = new ProviderThread(Settings.Instance.RefreshInterval);

                ProcessProvider = new ProcessSystemProvider();
                ServiceProvider = new ServiceProvider();
                PrimaryProviderThread.Add(ProcessProvider);
                PrimaryProviderThread.Add(ServiceProvider);
                ProcessProvider.Boost();
                ServiceProvider.Boost();
                ProcessProvider.Enabled = true;
                ServiceProvider.Enabled = true;

                Win32.LoadLibrary(Settings.Instance.DbgHelpPath);

                if (!ProcessProvider.Dictionary.ContainsKey(pid))
                {
                    PhUtils.ShowError("The process (PID " + pid.ToString() + ") does not exist.");
                    Environment.Exit(0);
                    return true;
                }

                ProcessWindow pw = new ProcessWindow(ProcessProvider.Dictionary[pid]);

                Application.Run(pw);

                PrimaryProviderThread.Dispose();
                ProcessProvider.Dispose();
                ServiceProvider.Dispose();

                Environment.Exit(0);

                return true;
            }

            if (pArgs.ContainsKey("-pt"))
            {
                int pid = int.Parse(pArgs["-pt"]);

                try
                {
                    using (var phandle = new ProcessHandle(pid, Program.MinProcessQueryRights))
                        Application.Run(new TokenWindow(phandle));
                }
                catch (Exception ex)
                {
                    PhUtils.ShowException("Unable to show token properties", ex);
                }

                return true;
            }

            if (pArgs.ContainsKey("-o"))
            {
                OptionsWindow options = new OptionsWindow(true)
                {
                    StartPosition = FormStartPosition.CenterScreen
                };
                IWin32Window window;

                if (pArgs.ContainsKey("-hwnd"))
                    window = new WindowFromHandle(new IntPtr(int.Parse(pArgs["-hwnd"])));
                else
                    window = new WindowFromHandle(IntPtr.Zero);

                if (pArgs.ContainsKey("-rect"))
                {
                    Rectangle rect = Utils.GetRectangle(pArgs["-rect"]);

                    options.Location = new Point(rect.X + 20, rect.Y + 20);
                    options.StartPosition = FormStartPosition.Manual;
                }

                options.SelectedTab = options.TabPages["tabAdvanced"];
                options.ShowDialog(window);

                return true;
            }

            if (pArgs.ContainsKey(string.Empty))
                if (pArgs[string.Empty].Replace("\"", string.Empty).Trim().EndsWith("taskmgr.exe", StringComparison.OrdinalIgnoreCase))
                    StartVisible = true;

            if (pArgs.ContainsKey("-m"))
                StartHidden = true;
            if (pArgs.ContainsKey("-v"))
                StartVisible = true;

            if (pArgs.ContainsKey("-a"))
            {
                try { Unhook(); }
                catch { }
                try { NProcessHacker.KphHookInit(); }
                catch { }
            }

            if (pArgs.ContainsKey("-t"))
            {
                if (pArgs["-t"] == "0")
                    SelectTab = "Processes";
                else if (pArgs["-t"] == "1")
                    SelectTab = "Services";
                else if (pArgs["-t"] == "2")
                    SelectTab = "Network";
            }

            return false;
        }
示例#2
0
        public static void Run(IDictionary<string, string> args)
        {
            try
            {
                ThemingScope.Activate();
            }
            catch
            { }

            if (!args.ContainsKey("-type"))
                throw new Exception("-type switch required.");

            string type = args["-type"].ToLower();

            if (!args.ContainsKey("-obj"))
                throw new Exception("-obj switch required.");

            string obj = args["-obj"];

            if (!args.ContainsKey("-action"))
                throw new Exception("-action switch required.");

            string action = args["-action"].ToLower();

            WindowFromHandle window = new WindowFromHandle(IntPtr.Zero);

            if (args.ContainsKey("-hwnd"))
                window = new WindowFromHandle(new IntPtr(int.Parse(args["-hwnd"])));

            try
            {
                switch (type)
                {
                    case "processhacker":
                        {
                            switch (action)
                            {
                                case "runas":
                                    {
                                        using (var manager = new ServiceManagerHandle(ScManagerAccess.CreateService))
                                        {
                                            Random r = new Random((int)(DateTime.Now.ToFileTime() & 0xffffffff));
                                            string serviceName = "";

                                            for (int i = 0; i < 8; i++)
                                                serviceName += (char)('A' + r.Next(25));

                                            using (var service = manager.CreateService(
                                                serviceName,
                                                serviceName + " (Process Hacker Assistant)",
                                                ServiceType.Win32OwnProcess,
                                                ServiceStartType.DemandStart,
                                                ServiceErrorControl.Ignore,
                                                obj,
                                                "",
                                                "LocalSystem",
                                                null))
                                            { 
                                                // Create a mailslot so we can receive the error code for Assistant.
                                                using (var mhandle = MailslotHandle.Create(
                                                    FileAccess.GenericRead, @"\Device\Mailslot\" + args["-mailslot"], 0, 5000)
                                                    )
                                                {
                                                    try { service.Start(); }
                                                    catch { }
                                                    service.Delete();

                                                    Win32Error errorCode = (Win32Error)mhandle.Read(4).ToInt32();

                                                    if (errorCode != Win32Error.Success)
                                                        throw new WindowsException(errorCode);
                                                }
                                            }
                                        }
                                    }
                                    break;
                                default:
                                    throw new Exception("Unknown action '" + action + "'");
                            }
                        }
                        break;

                    case "process":
                        {
                            var processes = Windows.GetProcesses();
                            string[] pidStrings = obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
                            int[] pids = new int[pidStrings.Length];
                            string[] names = new string[pidStrings.Length];

                            for (int i = 0; i < pidStrings.Length; i++)
                            {
                                pids[i] = int.Parse(pidStrings[i]);
                                names[i] = processes[pids[i]].Name;
                            }

                            switch (action)
                            {
                                case "terminate":
                                    ProcessActions.Terminate(window, pids, names, true);
                                    break;
                                case "suspend":
                                    ProcessActions.Suspend(window, pids, names, true);
                                    break;
                                case "resume":
                                    ProcessActions.Resume(window, pids, names, true);
                                    break;
                                case "reduceworkingset":
                                    ProcessActions.ReduceWorkingSet(window, pids, names, false);
                                    break;
                                default:
                                    throw new Exception("Unknown action '" + action + "'");
                            }
                        }
                        break;

                    case "thread":
                        {
                            foreach (string tid in obj.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
                            {
                                switch (action)
                                {
                                    case "terminate":
                                        {
                                            try
                                            {
                                                using (var thandle =
                                                    new ThreadHandle(int.Parse(tid), ThreadAccess.Terminate))
                                                    thandle.Terminate();
                                            }
                                            catch (Exception ex)
                                            {
                                                DialogResult result = MessageBox.Show(window,
                                                    "Could not terminate thread with ID " + tid + ":\n\n" +
                                                    ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);

                                                if (result == DialogResult.Cancel)
                                                    return;
                                            }
                                        }
                                        break;
                                    case "suspend":
                                        {
                                            try
                                            {
                                                using (var thandle =
                                                    new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
                                                    thandle.Suspend();
                                            }
                                            catch (Exception ex)
                                            {
                                                DialogResult result = MessageBox.Show(window,
                                                    "Could not suspend thread with ID " + tid + ":\n\n" +
                                                    ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);

                                                if (result == DialogResult.Cancel)
                                                    return;
                                            }
                                        }
                                        break;
                                    case "resume":
                                        {
                                            try
                                            {
                                                using (var thandle =
                                                    new ThreadHandle(int.Parse(tid), ThreadAccess.SuspendResume))
                                                    thandle.Resume();
                                            }
                                            catch (Exception ex)
                                            {
                                                DialogResult result = MessageBox.Show(window,
                                                    "Could not resume thread with ID " + tid + ":\n\n" +
                                                    ex.Message, "Process Hacker", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);

                                                if (result == DialogResult.Cancel)
                                                    return;
                                            }
                                        }
                                        break;
                                    default:
                                        throw new Exception("Unknown action '" + action + "'");
                                }
                            }
                        }
                        break;

                    case "service":
                        {
                            switch (action)
                            {
                                case "start":
                                    {
                                        ServiceActions.Start(window, obj, false);
                                    }
                                    break;
                                case "continue":
                                    {
                                        ServiceActions.Continue(window, obj, false);
                                    }
                                    break;
                                case "pause":
                                    {
                                        ServiceActions.Pause(window, obj, false);
                                    }
                                    break;
                                case "stop":
                                    {
                                        ServiceActions.Stop(window, obj, false);
                                    }
                                    break;
                                case "delete":
                                    {
                                        ServiceActions.Delete(window, obj, true);
                                    }
                                    break;
                                case "config":
                                    {
                                        using (ServiceHandle service = new ServiceHandle(obj, ServiceAccess.ChangeConfig))
                                        {
                                            ServiceType serviceType;

                                            if (args["-servicetype"] == "Win32OwnProcess, InteractiveProcess")
                                                serviceType = ServiceType.Win32OwnProcess | ServiceType.InteractiveProcess;
                                            else if (args["-servicetype"] == "Win32ShareProcess, InteractiveProcess")
                                                serviceType = ServiceType.Win32ShareProcess | ServiceType.InteractiveProcess;
                                            else
                                                serviceType = (ServiceType)Enum.Parse(typeof(ServiceType), args["-servicetype"]);

                                            var startType = (ServiceStartType)
                                                Enum.Parse(typeof(ServiceStartType), args["-servicestarttype"]);
                                            var errorControl = (ServiceErrorControl)
                                                Enum.Parse(typeof(ServiceErrorControl), args["-serviceerrorcontrol"]);

                                            string binaryPath = null;
                                            string loadOrderGroup = null;
                                            string userAccount = null;
                                            string password = null;

                                            if (args.ContainsKey("-servicebinarypath"))
                                                binaryPath = args["-servicebinarypath"];
                                            if (args.ContainsKey("-serviceloadordergroup"))
                                                loadOrderGroup = args["-serviceloadordergroup"];
                                            if (args.ContainsKey("-serviceuseraccount"))
                                                userAccount = args["-serviceuseraccount"];
                                            if (args.ContainsKey("-servicepassword"))
                                                password = args["-servicepassword"];

                                            if (!Win32.ChangeServiceConfig(service,
                                                serviceType, startType, errorControl,
                                                binaryPath, loadOrderGroup, IntPtr.Zero, null, userAccount, password, null))
                                                Win32.ThrowLastError();
                                        }
                                    }
                                    break;
                                default:
                                    throw new Exception("Unknown action '" + action + "'");
                            }
                        }
                        break;

                    case "session":
                        {
                            int sessionId = int.Parse(obj);

                            switch (action)
                            {
                                case "disconnect":
                                    {
                                        SessionActions.Disconnect(window, sessionId, false);
                                    }
                                    break;
                                case "logoff":
                                    {
                                        SessionActions.Logoff(window, sessionId, false);
                                    }
                                    break;
                                default:
                                    throw new Exception("Unknown action '" + action + "'");
                            }
                        }
                        break;

                    default:
                        throw new Exception("Unknown object type '" + type + "'");
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(window, ex.Message, "Process Hacker", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }