本文整理汇总了C#中ProcessHandle.GetBasicInformation方法的典型用法代码示例。如果您正苦于以下问题:C# ProcessHandle.GetBasicInformation方法的具体用法?C# ProcessHandle.GetBasicInformation怎么用?C# ProcessHandle.GetBasicInformation使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ProcessHandle
的用法示例。
在下文中一共展示了ProcessHandle.GetBasicInformation方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: AddProcessItem
private void AddProcessItem(
ProcessHandle phandle,
int pid,
ref int totalCount, ref int hiddenCount, ref int terminatedCount,
Func<int, bool> exists
)
{
string fileName = phandle.GetImageFileName();
if (fileName != null)
fileName = FileUtils.GetFileName(fileName);
if (pid == 0)
pid = phandle.GetBasicInformation().UniqueProcessId.ToInt32();
var item = listProcesses.Items.Add(new ListViewItem(new string[]
{
fileName,
pid.ToString()
}));
DateTime exitTime = DateTime.FromFileTime(0);
try { exitTime = phandle.GetExitTime(); }
catch { }
if (exitTime.ToFileTime() != 0)
{
item.BackColor = Color.DarkGray;
item.ForeColor = Color.White;
terminatedCount++;
}
else
{
totalCount++;
if (!exists(pid))
{
item.BackColor = Color.Red;
item.ForeColor = Color.White;
hiddenCount++;
}
}
}
示例2: UpdateProcessProperties
//.........这里部分代码省略.........
{
labelProcessTypeValue.Text = phandle.IsWow64 ? "32-bit" : "64-bit";
}
}
catch (Exception ex)
{
labelProcessTypeValue.Text = "(" + ex.Message + ")";
}
}
if (_pid <= 0)
return;
if (_processItem.CmdLine != null)
textCmdLine.Text = _processItem.CmdLine.Replace("\0", string.Empty);
try
{
DateTime startTime = DateTime.FromFileTime(_processItem.Process.CreateTime);
textStartTime.Text = Utils.FormatRelativeDateTime(startTime) +
" (" + startTime.ToString() + ")";
}
catch (Exception ex)
{
textStartTime.Text = "(" + ex.Message + ")";
}
// The System process doesn't have a current directory or PEB address.
if (_pid > 4)
{
try
{
using (ProcessHandle phandle
= new ProcessHandle(_pid, Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights))
{
fileCurrentDirectory.Text =
phandle.GetPebString(PebOffset.CurrentDirectoryPath);
}
fileCurrentDirectory.Enabled = true;
}
catch (Exception ex)
{
fileCurrentDirectory.Text = "(" + ex.Message + ")";
fileCurrentDirectory.Enabled = false;
}
try
{
using (ProcessHandle phandle = new ProcessHandle(_pid, Program.MinProcessQueryRights))
{
textPEBAddress.Text = Utils.FormatAddress(phandle.GetBasicInformation().PebBaseAddress);
}
}
catch (Exception ex)
{
textPEBAddress.Text = "(" + ex.Message + ")";
buttonInspectPEB.Enabled = false;
}
}
else
{
fileCurrentDirectory.Enabled = false;
buttonInspectPEB.Enabled = false;
}
if (_processItem.HasParent)
{
if (Program.ProcessProvider.Dictionary.ContainsKey(_processItem.ParentPid))
{
textParent.Text =
Program.ProcessProvider.Dictionary[_processItem.ParentPid].Name +
" (" + _processItem.ParentPid.ToString() + ")";
}
else
{
textParent.Text = "Non-existent Process (" + _processItem.ParentPid.ToString() + ")";
buttonInspectParent.Enabled = false;
}
}
else if (_processItem.ParentPid == -1)
{
// this process doesn't actually have a parent
textParent.Text = "No Parent Process";
buttonInspectParent.Enabled = false;
}
else
{
// This process had a parent and it's dead, but
// another running process has the same PID as
// its parent. We checked their creation times
// back in ProcessSystemProvider.cs.
textParent.Text = "Non-existent Process (" + _processItem.ParentPid.ToString() + ")";
buttonInspectParent.Enabled = false;
}
this.UpdateProtected();
this.UpdateDepStatus();
}
示例3: UpdateProcessProperties
//.........这里部分代码省略.........
try
{
using (ProcessHandle phandle = new ProcessHandle(_pid, Program.MinProcessQueryRights))
{
labelProcessTypeValue.Text = phandle.IsWow64() ? "32-bit" : "64-bit";
}
}
catch (Exception ex)
{
labelProcessTypeValue.Text = "(" + ex.Message + ")";
}
}
if (_pid <= 0)
return;
if (_processItem.CmdLine != null)
textCmdLine.Text = _processItem.CmdLine.Replace("\0", "");
try
{
DateTime startTime = DateTime.FromFileTime(_processItem.Process.CreateTime);
textStartTime.Text = Utils.FormatRelativeDateTime(startTime) +
" (" + startTime.ToString() + ")";
}
catch (Exception ex)
{
textStartTime.Text = "(" + ex.Message + ")";
}
if (_pid > 4)
{
try
{
using (ProcessHandle phandle
= new ProcessHandle(_pid, Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights))
{
fileCurrentDirectory.Text =
phandle.GetPebString(PebOffset.CurrentDirectoryPath);
}
fileCurrentDirectory.Enabled = true;
}
catch (Exception ex)
{
fileCurrentDirectory.Text = "(" + ex.Message + ")";
fileCurrentDirectory.Enabled = false;
}
try
{
using (ProcessHandle phandle = new ProcessHandle(_pid, Program.MinProcessQueryRights))
{
textPEBAddress.Text = Utils.FormatAddress(phandle.GetBasicInformation().PebBaseAddress);
}
}
catch (Exception ex)
{
textPEBAddress.Text = "(" + ex.Message + ")";
buttonInspectPEB.Enabled = false;
}
}
else
{
fileCurrentDirectory.Enabled = false;
buttonInspectPEB.Enabled = false;
}
if (_processItem.HasParent)
{
if (Program.ProcessProvider.Dictionary.ContainsKey(_processItem.ParentPid))
{
textParent.Text =
Program.ProcessProvider.Dictionary[_processItem.ParentPid].Name +
" (" + _processItem.ParentPid.ToString() + ")";
}
else
{
textParent.Text = "Non-existent Process (" + _processItem.ParentPid.ToString() + ")";
buttonInspectParent.Enabled = false;
}
}
else if (_processItem.ParentPid == -1)
{
textParent.Text = "No Parent Process";
buttonInspectParent.Enabled = false;
}
else
{
textParent.Text = "Non-existent Process (" + _processItem.ParentPid.ToString() + ")";
buttonInspectParent.Enabled = false;
}
this.UpdateProtected();
this.UpdateDepStatus();
}
示例4: buttonInspectPEB_Click
private void buttonInspectPEB_Click(object sender, EventArgs e)
{
try
{
if (!Program.Structs.ContainsKey("PEB"))
throw new Exception("The struct 'PEB' has not been loaded. Make sure structs.txt was loaded successfully.");
using (ProcessHandle phandle = new ProcessHandle(_pid, Program.MinProcessQueryRights))
{
IntPtr baseAddress = phandle.GetBasicInformation().PebBaseAddress;
Program.HackerWindow.BeginInvoke(new MethodInvoker(() =>
{
StructWindow sw = new StructWindow(_pid, baseAddress, Program.Structs["PEB"]);
try
{
sw.Show();
sw.Activate();
}
catch
{ }
}));
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to inspect the PEB", ex);
}
}
示例5: AddProcessItem
private void AddProcessItem(
ProcessHandle phandle,
int pid,
ref int totalCount, ref int hiddenCount, ref int terminatedCount,
Func<int, bool> exists
)
{
string fileName = phandle.ImageFileName;
if (!string.IsNullOrEmpty(fileName))
fileName = FileUtils.GetFileName(fileName);
if (pid == 0)
pid = phandle.GetBasicInformation().UniqueProcessId.ToInt32();
ListViewItem item = listProcesses.Items.Add(new ListViewItem(new string[]
{
fileName,
pid.ToString()
}));
// Check if the process has terminated. This is possible because
// a process can be terminated while its object is still being
// referenced.
DateTime exitTime = DateTime.FromFileTime(0);
try { exitTime = phandle.GetExitTime(); }
catch { }
if (exitTime.ToFileTime() != 0)
{
item.BackColor = Color.DarkGray;
item.ForeColor = Color.White;
terminatedCount++;
}
else
{
totalCount++;
if (!exists(pid))
{
item.BackColor = Color.Red;
item.ForeColor = Color.White;
hiddenCount++;
}
}
}