Styris
/
ameck
0
0
Fork 0
Code Issues 1 Pull Requests 0 Projects 0 Releases 2 Wiki Activity
Tool for checking the integrity of an AME installation
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
151 KiB
Tree: 9c160d0426
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9c160d0426'
${ noResults }
ameck/Program.cs

629 lines
24 KiB
Raw Normal View History

Initial commit
1 year ago
 
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Diagnostics;
  4. using System.IO;
  5. using System.Linq;
  6. using System.Threading;
  7. using System.Runtime.InteropServices;
  8. using System.ServiceProcess;
  9. using System.Text;
  10. using System.Threading.Tasks;
  11. using Microsoft.Win32;
  12. 

  13. namespace ame_integrity_check
  14. {
  15.     public enum Type
  16.     {
  17.         File = 1,
  18.         Directory = 2,
  19.         Process = 3,
  20.         Service = 4
  21.     }
  22.     internal class Scanner : IDisposable
  23.     {
  24.         private int result = 1;
  25.         private bool allFound = true;
  26.         private bool found = false;
  27.         private bool errorOverride = false;
  28.         public Task<bool> displayTask;
  29.         
  30.         public void Dispose() => GC.SuppressFinalize(this);
  31. 

  32.         public async Task<bool> DisplayQuery(string text, int time = 150)
  33.         {
  34.             Out.WriteCustomString(text, 3, 11);
  35.             
  36.             string maxSpaces = "      ";
  37.             for (int i = 1; i < 6; i++) {
  38.                 Console.SetCursorPosition(59, Console.CursorTop);
  39.                 var spaces = maxSpaces.Remove(0, i);
  40.                 
  41.                 Console.Write($"[ {spaces.PadLeft(spaces.Length + i, '*')} ]");
  42.                 Thread.Sleep(time);
  43.             }
  44.             
  45.             return true;
  46.         }
  47. 

  48.         private static void SetQueryStatus(string status, ConsoleColor color)
  49.         {
  50.             Console.SetCursorPosition(64 - status.Length, Console.CursorTop);
  51.             Console.Write(" [ ");
  52.             Out.WriteCustomString(status, 3, 0, foregroundColor: color);
  53.             Console.WriteLine(" ]");
  54.         }
  55.         
  56.         public async void Query(Type type, string item, bool finalize = false, bool modifyResult = true)
  57.         {
  58.             item = Environment.ExpandEnvironmentVariables(item);
  59.             bool foundItem = false;
  60.             try {
  61.                 switch (type) {
  62.                     case Type.File:
  63.                         if (item.Contains("*"))
  64.                         {
  65.                             var lastToken = item.LastIndexOf("\\");
  66.                             var parentPath = item.Remove(lastToken).TrimEnd('\\');
  67. 

  68.                             if (parentPath.Contains("*")) throw new ArgumentException("Parent directories to a given file filter cannot contain wildcards.");
  69.                             var filter = item.Substring(lastToken + 1);
  70. 

  71.                             foundItem = Directory.GetFiles(parentPath, filter).Any();
  72.                             break;
  73.                         }
  74.                         
  75.                         foundItem = File.Exists(item);
  76.                         break;
  77.                     case Type.Directory:
  78.                         if (item.Contains("*"))
  79.                         {
  80.                             var lastToken = item.LastIndexOf("\\");
  81.                             var parentPath = item.Remove(lastToken).TrimEnd('\\');
  82.                             
  83.                             if (parentPath.Contains("*")) throw new ArgumentException("Parent directories to a given file filter cannot contain wildcards.");
  84.                             var filter = item.Substring(lastToken + 1);
  85. 

  86.                             foundItem = Directory.GetDirectories(parentPath, filter).Any();
  87.                             break;
  88.                         }
  89.                         
  90.                         foundItem = Directory.Exists(item);
  91.                         break;
  92.                     case Type.Process:
  93.                         foundItem = Process.GetProcessesByName(item).Any();
  94.                         break;
  95.                     case Type.Service:
  96.                         foundItem = ServiceController.GetServices().Any(x => x.ServiceName.Equals("wuauserv", StringComparison.CurrentCultureIgnoreCase));
  97.                         break;
  98.                     default:
  99.                         foundItem = false;
  100.                         break;
  101.                 }
  102.             } catch (Exception e) {
  103.                 errorOverride = true;
  104.             }
  105. 

  106.             if (foundItem) found = true;
  107. 

  108.             if (!finalize) return;
  109. 

  110.             await displayTask;
  111.             
  112.             if (errorOverride) {
  113.                 errorOverride = false;
  114.                 SetQueryStatus("ERROR", ConsoleColor.DarkRed);
  115.                 found = false;
  116.                 return;
  117.             }
  118.             
  119.             if (!found) {
  120.                 if (modifyResult) allFound = false;
  121.                 SetQueryStatus("Absent", ConsoleColor.Green);
  122.             } else {
  123.                 result = 2;
  124.                 if (allFound) result = 3;
  125. 

  126.                 SetQueryStatus("Present", ConsoleColor.DarkRed);
  127.             }
  128.             found = false;
  129.         }
  130. 

  131.         public void DisplayResult()
  132.         {
  133.             switch (result) {
  134.                 case 1:
  135.                     Out.WriteCustomString("\n\nAME Integrity validated", 1, foregroundColor: ConsoleColor.Green);
  136.                     break;
  137.                 case 2:
  138.                     Out.WriteCustomString("\n\nAME integrity compromised, contact the team for help.", 1, foregroundColor: ConsoleColor.Red);
  139.                     break;
  140.                 case 3:
  141.                     Out.WriteCustomString("\n\nYour system is not ameliorated.", 1, foregroundColor: ConsoleColor.Red);
  142.                     break;
  143.             }
  144.         }
  145.     }
  146.     
  147.     internal static class Program
  148.     {
  149.         public static string PreviousTitle;
  150.         public static int PreviousBufferHeight;
  151.         public static int PreviousBufferWidth;
  152.         public static int PreviousSizeHeight;
  153.         public static int PreviousSizeWidth;
  154. 

  155.         public const double Ver = 0.9;
  156.         
  157.         public static void Main(string[] args)
  158.         {
  159.             PreviousSizeHeight = Console.WindowHeight;
  160.             PreviousSizeWidth = Console.WindowWidth;
  161.             PreviousBufferHeight = Console.BufferHeight;
  162.             PreviousBufferWidth = Console.BufferWidth;
  163. 

  164.             Console.SetWindowSize(80, 26);
  165.             Console.SetBufferSize(80, 26);
  166.             Console.SetWindowSize(80, 26);
  167.             
  168.             Console.Clear();
  169. 

  170.             Console.CursorVisible = false;
  171.             PreviousTitle = Console.Title;
  172.             Console.Title = "AME Integrity Check";
  173.             
  174.             try { Out.DisableResize(); } catch (Exception) { }
  175.             try { Out.DisableQuickEdit(); } catch (Exception) { }
  176. 

  177.             Console.CancelKeyPress += Exit;
  178. 

  179.             Out.WriteCustomString("\n__________________________________________________________" +
  180.                                   $"\n\n| AME Integrity Check v{Ver} |\n\n", 1);
  181.             
  182.             displayStart:
  183.             
  184.             Menu mainMenu = new Menu() {
  185.                 Choices = {"Check AME Integrity", "Get Support", "", "Exit"},
  186.                 EndString = "\n__________________________________________________________\n",
  187.                 Statement = "Use the arrows keys to navigate"
  188.             };
  189.             
  190.             var choice = mainMenu.Load();
  191.             switch (choice) {
  192.                 case 0:
  193.                     RunCheck();
  194.                     Out.ResetPane();
  195.                     goto displayStart;
  196.                 case 1:
  197.                     Process.Start("https://t.me/joinchat/CR-xFBGQKVt7HPZKgZfbxg");
  198.                     Out.ResetPane();
  199.                     goto displayStart;
  200.                 case 2:
  201.                     PrepProcessExit();
  202.                     Environment.Exit(0);
  203.                     break;
  204.                 default:
  205.                     PrepProcessExit();
  206.                     Environment.Exit(1);
  207.                     break;
  208.             }
  209.         }
  210. 

  211.         private static bool detected = false;
  212.         private static int result = 1;
  213.         private static void RunCheck()
  214.         {
  215.             Out.ResetPane();
  216. 

  217.             bool legacy = false;
  218.             
  219.             var registryKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion");
  220.             int winVer = 1;
  221.             if (registryKey != null) winVer = Int32.Parse(registryKey.GetValue("CurrentBuildNumber").ToString());
  222.             if (winVer < 19044) legacy = true;
  223. 

  224.             using (var scanner = new Scanner())
  225.             {
  226.                 scanner.displayTask = scanner.DisplayQuery("Checking for Windows Defender activity...", 250);
  227.                 scanner.Query(Type.Process, "MsMpEng", true);
  228.                 
  229.                 scanner.displayTask = scanner.DisplayQuery("Checking Windows Defender files...", 200);
  230.                 if (!legacy) {
  231.                     scanner.Query(Type.Directory, "%ProgramFiles%\\Windows Defender");
  232.                     scanner.Query(Type.Directory, "%ProgramData%\\Microsoft\\Windows Defender", true);
  233.                 }
  234.                 else scanner.Query(Type.Directory, "%ProgramFiles%\\Windows Defender", true);
  235. 

  236.                 if (!legacy) {
  237.                     scanner.displayTask = scanner.DisplayQuery("Checking Windows Update service...", 350);
  238.                     scanner.Query(Type.Service, "wuauserv", true);
  239.                 }
  240. 

  241.                 scanner.displayTask = scanner.DisplayQuery("Checking Windows Update files...", 220);
  242.                 scanner.Query(Type.File, "%WINDIR%\\System32\\wuaueng.dll");
  243.                 scanner.Query(Type.File, "%WINDIR%\\System32\\wuapi.dll", true);
  244.                 
  245.                 scanner.displayTask = scanner.DisplayQuery("Checking Microsoft Edge...", 200);
  246.                 scanner.Query(Type.Directory, "%ProgramFiles(x86)%\\Microsoft\\EdgeCore");
  247.                 scanner.Query(Type.Directory, "%WINDIR%\\SystemApps\\*MicrosoftEdge*", true);
  248.                 
  249.                 scanner.displayTask = scanner.DisplayQuery("Checking for Microsoft Store activity...", 200);
  250.                 scanner.Query(Type.Process, "WinStore.App", true, false);
  251.                 
  252.                 scanner.displayTask = scanner.DisplayQuery("Checking Windows SmartScreen...");
  253.                 scanner.Query(Type.Process, "smartscreen");
  254.                 scanner.Query(Type.File, "%WINDIR%\\System32\\smartscreen.exe", true);
  255.                 
  256.                 scanner.displayTask = scanner.DisplayQuery("Checking SIH Client...");
  257.                 scanner.Query(Type.File, "%WINDIR%\\System32\\SIHClient.exe", true);
  258.                 
  259.                 scanner.displayTask = scanner.DisplayQuery("Checking Storage Sense...", 300);
  260.                 scanner.Query(Type.File, "%WINDIR%\\System32\\StorSvc.dll", true);
  261.                 
  262.                 scanner.DisplayResult();
  263.             }
  264. 

  265.             Out.WriteCustomString("__________________________________________________________\n\n\nPress any key to return to the Menu: ", 3, 11);
  266.             
  267.             ClearBuffer();
  268.             
  269.             Console.CursorVisible = true;
  270.             Console.ReadKey(false);
  271.             Console.CursorVisible = false;
  272.         }
  273. 

  274.         private static bool anyNotPresent;
  275. 

  276.         private static void ClearBuffer()
  277.         {
  278.             var posCacheTop = Console.CursorTop;
  279.             var posCacheLeft = Console.CursorLeft;
  280. 

  281.             while (Console.KeyAvailable) {
  282.                 Console.ReadKey(false);
  283.             }
  284.             Console.SetCursorPosition(posCacheLeft, posCacheTop);
  285.             Console.Write("".PadLeft(Console.WindowHeight, ' '));
  286.             Console.SetCursorPosition(posCacheLeft, posCacheTop);
  287.         }
  288.         private static void Exit(object sender, ConsoleCancelEventArgs args)
  289.         {
  290.             PrepProcessExit();
  291.             Environment.Exit(0);
  292.         }
  293.         
  294.         private static void PrepProcessExit()
  295.         {
  296.             var parent = ParentProcess.ProcessName;
  297.             if (parent.Equals("Explorer", StringComparison.CurrentCultureIgnoreCase)) return;
  298. 

  299.             try { Out.EnableResize(); } catch (Exception) { }
  300.             try { Out.EnableQuickEdit(); } catch (Exception) { }
  301.             
  302.             Console.CursorVisible = true;
  303.             Console.Clear();
  304.             Console.Title = PreviousTitle;
  305.             
  306.             Console.SetWindowSize(PreviousSizeWidth, PreviousSizeHeight);
  307.             Console.SetBufferSize(PreviousBufferWidth, PreviousBufferHeight);
  308.         }
  309.     }
  310. 

  311. 

  312.     internal static class Out
  313.     {
  314.         public static void ResetPane(int fromTop = 6)
  315.         {
  316.             Console.SetCursorPosition(Console.CursorLeft, fromTop - 1);
  317.             var length = Console.WindowHeight - fromTop - 1;
  318. 

  319.             for (int i = 0; i < length; i++) {
  320.                 Console.Write("".PadRight(Console.WindowWidth, ' '));
  321.             }
  322.             Console.SetCursorPosition(0, fromTop);
  323.         }
  324.         public static void WriteCustomString(string text, int type, int offset = 11, ConsoleColor foregroundColor = ConsoleColor.DarkYellow, ConsoleColor backgroundColor = ConsoleColor.DarkYellow)
  325.         {
  326.             bool resetColor = false;
  327.             
  328.             ConsoleColor foregroundCache = Console.ForegroundColor;
  329.             ConsoleColor backgroundCache = Console.BackgroundColor;
  330.             
  331.             if (foregroundColor == ConsoleColor.DarkYellow) {
  332.                 foregroundColor = Console.ForegroundColor;
  333.             }
  334.             if (backgroundColor == ConsoleColor.DarkYellow) {
  335.                 backgroundColor = Console.BackgroundColor;
  336.             }
  337.             
  338.             if (Console.ForegroundColor != foregroundColor) {
  339.                 resetColor = true;
  340. 

  341.                 Console.ForegroundColor = foregroundColor;
  342.             }
  343.             if (Console.BackgroundColor != backgroundColor) {
  344.                 resetColor = true;
  345. 

  346.                 Console.BackgroundColor = backgroundColor;
  347.             }
  348. 

  349.             switch (type) {
  350.                 case 1:
  351.                     // Indented and centered

  352.                     Console.WriteLine(CenterString(text, offset));
  353.                     break;
  354.                 case 2:
  355.                     Console.WriteLine(text.Insert(0, new string(' ', offset)));
  356.                     break;
  357.                 case 3:
  358.                     var loopOnce = false;
  359.                     foreach (string line in text.Split('\n')) {
  360.                         if (line == "") {
  361.                             Console.WriteLine();
  362.                             continue;
  363.                         }
  364.                         Console.Write(line.Insert(0, new string(' ', offset)));
  365.                     }
  366. 

  367.                     break;
  368.                 default:
  369.                     break;
  370.             }
  371. 

  372.             if (resetColor) {
  373.                 Console.ForegroundColor = foregroundCache;
  374.                 Console.BackgroundColor = backgroundCache;
  375.             }
  376.         }
  377. 

  378.         private static string CenterString(string text, int offset = 11, int width = 58)
  379.         {
  380.             StringBuilder subLines = new StringBuilder();
  381.             string newLine = "";
  382.             
  383.             foreach (string line in text.Split('\n')) {
  384.                 if (!subLines.ToString().Equals("")) newLine = "\n";
  385.                 
  386.                 if (line == "" && !subLines.ToString().Equals("")) {
  387.                     subLines.Append("\n");
  388.                     continue;
  389.                 }
  390.                 
  391.                 var space = "";
  392.                 if (!(line.Length % 2).Equals(0) && line.Length != width) {
  393.                     space = " ";
  394.                 }
  395.                 
  396.                 if (line.Length > width) {
  397.                     for (int index = 0; index < line.Length; index += (width - 10)) {
  398.                         if (!subLines.ToString().Equals("")) newLine = "\n";
  399.                         
  400.                         var subLine = line.Substring(index, Math.Min(width - 10, line.Length - index));
  401.                         subLine = subLine.Trim(' ');
  402. 

  403.                         var subCentered = CenterString(subLine, offset, width);
  404.                         subLines.Append(newLine + subCentered);
  405.                     }
  406.                     continue;
  407.                 }
  408. 

  409.                 var leadingLength = (width - line.Length) / 2;
  410.                 subLines.Append(newLine + space + line.PadLeft(line.Length + leadingLength, ' ').Insert(0, new string(' ', offset)));
  411.             }
  412. 

  413.             return subLines.ToString();
  414.         }
  415.         
  416.         private const int MF_BYCOMMAND = 0x00000000;
  417.         public const int SC_CLOSE = 0xF060;
  418.         public const int SC_MINIMIZE = 0xF020;
  419.         public const int SC_MAXIMIZE = 0xF030;
  420.         public const int SC_SIZE = 0xF000;//resize

  421. 

  422.         [DllImport("user32.dll")]
  423.         public static extern int DeleteMenu(IntPtr hMenu, int nPosition, int wFlags);
  424. 

  425.         [DllImport("user32.dll")]
  426.         private static extern IntPtr GetSystemMenu(IntPtr hWnd, bool bRevert);
  427. 

  428.         [DllImport("kernel32.dll", ExactSpelling = true)]
  429.         private static extern IntPtr GetConsoleWindow();
  430. 

  431.         public static void DisableResize()
  432.         {
  433.             IntPtr handle = GetConsoleWindow();
  434.             IntPtr sysMenu = GetSystemMenu(handle, false);
  435. 

  436.             if (handle != IntPtr.Zero)
  437.             {
  438.                 //DeleteMenu(sysMenu, SC_CLOSE, MF_BYCOMMAND);

  439.                 //DeleteMenu(sysMenu, SC_MINIMIZE, MF_BYCOMMAND);

  440.                 DeleteMenu(sysMenu, SC_MAXIMIZE, MF_BYCOMMAND);
  441.                 DeleteMenu(sysMenu, SC_SIZE, MF_BYCOMMAND);//resize

  442.             }
  443.         }
  444.         public static void EnableResize()
  445.         {
  446.             IntPtr handle = GetConsoleWindow();
  447.             GetSystemMenu(handle, true);
  448.         }
  449.         
  450.         const uint CHECK_QUICK_EDIT = 0x0040;
  451.         const int ENABLE_QUICK_EDIT = 0x40 | 0x80;
  452.         
  453.         // STD_INPUT_HANDLE (DWORD): -10 is the standard input device.

  454.         const int STD_INPUT_HANDLE = -10;
  455. 

  456.         [DllImport("kernel32.dll", SetLastError = true)]
  457.         static extern IntPtr GetStdHandle(int nStdHandle);
  458. 

  459.         [DllImport("kernel32.dll")]
  460.         static extern bool GetConsoleMode(IntPtr hConsoleHandle, out uint lpMode);
  461. 

  462.         [DllImport("kernel32.dll")]
  463.         static extern bool SetConsoleMode(IntPtr hConsoleHandle, uint dwMode);
  464. 

  465.         internal static void DisableQuickEdit() {
  466. 

  467.             IntPtr consoleHandle = GetStdHandle(STD_INPUT_HANDLE);
  468. 

  469.             // get current console mode

  470.             uint consoleMode;
  471.             GetConsoleMode(consoleHandle, out consoleMode);
  472.             
  473.             // set the new mode

  474.             SetConsoleMode(consoleHandle, consoleMode &= ~CHECK_QUICK_EDIT);
  475.         }
  476.         internal static void EnableQuickEdit() {
  477.             IntPtr consoleHandle = GetStdHandle(STD_INPUT_HANDLE);
  478. 

  479.             // get current console mode

  480.             uint consoleMode;
  481.             GetConsoleMode(consoleHandle, out consoleMode);
  482.             
  483.             // set the new mode

  484.             SetConsoleMode(consoleHandle, consoleMode|(ENABLE_QUICK_EDIT));
  485.         }
  486.     }
  487.     internal class Menu
  488.     {
  489.         public List<string> Choices;
  490.         public string EndString;
  491.         public string Statement;
  492.         
  493.         public int Offset;
  494. 

  495. 

  496.         public Menu(int offset = 16, string endString = null)
  497.         {
  498.             Choices = new List<string>();
  499. 

  500.             EndString = endString;
  501.             Offset = offset;
  502.         }
  503. 

  504.         public int Load()
  505.         {
  506.             int max = -1;
  507.             var posCache = Console.CursorTop;
  508. 

  509.             bool loopedOnce = false;
  510.             foreach (string choice in Choices) {
  511.                 Console.SetCursorPosition(Offset - 2, Console.CursorTop);
  512.                 if (!loopedOnce) {
  513.                     Out.WriteCustomString("> " + choice, 2, 0, foregroundColor: ConsoleColor.Green);
  514.                     loopedOnce = true;
  515.                 } else {
  516.                     Out.WriteCustomString(choice, 2, 2);
  517.                 }
  518.                 
  519.                 max += 1;
  520.             }
  521.             
  522.             if (EndString != null) Out.WriteCustomString(EndString, 1);
  523.             if (Statement != null) Out.WriteCustomString(Statement, 2);
  524.             
  525.             int index = 0;
  526.             ConsoleKey keyPressed;
  527.             
  528.             Console.SetCursorPosition(Offset, posCache);
  529. 

  530.             while ((keyPressed = Console.ReadKey(true).Key) != ConsoleKey.Enter) {
  531.                 if (keyPressed == ConsoleKey.DownArrow) {
  532.                     if (index >= max) continue;
  533.                     Console.SetCursorPosition(Offset - 2, Console.CursorTop);
  534.                     Out.WriteCustomString(Choices[index], 3, 2);
  535. 

  536.                     if (!String.IsNullOrEmpty(Choices[index + 1])) {
  537.                         index += 1;
  538.                         Console.SetCursorPosition(Offset - 2, Console.CursorTop + 1);
  539.                         Out.WriteCustomString("> " + Choices[index], 3, 0, foregroundColor: ConsoleColor.Green);
  540.                     } else {
  541.                         index += 2;
  542.                         Console.SetCursorPosition(Offset - 2, Console.CursorTop + 2);
  543.                         Out.WriteCustomString("> " + Choices[index], 3, 0, foregroundColor: ConsoleColor.Green);
  544.                     }
  545.                 }
  546.                 if (keyPressed == ConsoleKey.UpArrow) {
  547.                     if (!(index > 0)) continue;
  548.                     Console.SetCursorPosition(Offset - 2, Console.CursorTop);
  549.                     Out.WriteCustomString(Choices[index], 3, 2);
  550.                     
  551.                     if (!String.IsNullOrEmpty(Choices[index - 1])) {
  552.                         index -= 1;
  553.                         Console.SetCursorPosition(Offset - 2, Console.CursorTop - 1);
  554.                         Out.WriteCustomString("> " + Choices[index], 3, 0, foregroundColor: ConsoleColor.Green);
  555.                     } else {
  556.                         index -= 2;
  557.                         Console.SetCursorPosition(Offset - 2, Console.CursorTop - 2);
  558.                         Out.WriteCustomString("> " + Choices[index], 3, 0, foregroundColor: ConsoleColor.Green);
  559.                     }
  560.                 }
  561.             }
  562.             return index;
  563.         }
  564.     }
  565.     public static class ParentProcess
  566.     {
  567.         public static string ProcessName
  568.         {
  569.             get { return GetParentProcess().ProcessName; }
  570.         }
  571. 

  572.         private static Process GetParentProcess()
  573.         {
  574.             int iParentPid = 0;
  575.             int iCurrentPid = Process.GetCurrentProcess().Id;
  576.  
  577.             IntPtr oHnd = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  578.  
  579.             if (oHnd == IntPtr.Zero)
  580.                 return null;
  581.  
  582.             PROCESSENTRY32 oProcInfo = new PROCESSENTRY32();
  583.  
  584.             oProcInfo.dwSize =
  585.             (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(PROCESSENTRY32));
  586.  
  587.             if (Process32First(oHnd, ref oProcInfo) == false)
  588.                 return null;
  589.  
  590.             do
  591.             {
  592.                 if (iCurrentPid == oProcInfo.th32ProcessID)
  593.                     iParentPid = (int)oProcInfo.th32ParentProcessID;
  594.             }
  595.             while (iParentPid == 0 && Process32Next(oHnd, ref oProcInfo));
  596.  
  597.             if (iParentPid > 0)
  598.                 return Process.GetProcessById(iParentPid);
  599.             else
  600.                 return null;
  601.         }
  602.  
  603.         static uint TH32CS_SNAPPROCESS = 2;
  604.  
  605.         [StructLayout(LayoutKind.Sequential)]
  606.         public struct PROCESSENTRY32
  607.         {
  608.             public uint dwSize;
  609.             public uint cntUsage;
  610.             public uint th32ProcessID;
  611.             public IntPtr th32DefaultHeapID;
  612.             public uint th32ModuleID;
  613.             public uint cntThreads;
  614.             public uint th32ParentProcessID;
  615.             public int pcPriClassBase;
  616.             public uint dwFlags;
  617.             [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
  618.             public string szExeFile;
  619.         };
  620.  
  621.         [DllImport("kernel32.dll", SetLastError = true)]
  622.         static extern IntPtr CreateToolhelp32Snapshot(uint dwFlags, uint th32ProcessID);
  623.  
  624.         [DllImport("kernel32.dll")]
  625.         static extern bool Process32First(IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
  626.  
  627.         [DllImport("kernel32.dll")]
  628.         static extern bool Process32Next(IntPtr hSnapshot, ref PROCESSENTRY32 lppe);
  629.     }
  630. }