PSReflect-Functions

1.1

kernel32/OpenProcess.ps1

                                function OpenProcess

{

    <#

    .SYNOPSIS

    Opens an existing local process object.

    .DESCRIPTION

    To open a handle to another local process and obtain full access rights, you must enable the SeDebugPrivilege privilege.

    The handle returned by the OpenProcess function can be used in any function that requires a handle to a process, such as the wait functions, provided the appropriate access rights were requested.

    When you are finished with the handle, be sure to close it using the CloseHandle function.

    .PARAMETER ProcessId

    The identifier of the local process to be opened.

    If the specified process is the System Process (0x00000000), the function fails and the last error code is ERROR_INVALID_PARAMETER. If the specified process is the Idle process or one of the CSRSS processes, this function fails and the last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.

    .PARAMETER DesiredAccess

    The access to the process object. This access right is checked against the security descriptor for the process. This parameter can be one or more of the process access rights.

    If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the security descriptor.

    .PARAMETER InheritHandle

    If this value is TRUE, processes created by this process will inherit the handle. Otherwise, the processes do not inherit this handle.

    .NOTES

    Author: Jared Atkinson (@jaredcatkinson)

    License: BSD 3-Clause

    Required Dependencies: PSReflect

    Optional Dependencies: PROCESS_ACCESS

    (func kernel32 OpenProcess ([IntPtr]) @(

        [UInt32], #_In_ DWORD dwDesiredAccess

        [bool],   #_In_ BOOL  bInheritHandle

        [UInt32]  #_In_ DWORD dwProcessId

    ) -EntryPoint OpenProcess -SetLastError)

    .LINK

    https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx

    .LINK

    https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx

    .EXAMPLE

    #>

    [CmdletBinding()]

    param

    (

        [Parameter(Mandatory = $true)]

        [UInt32]

        $ProcessId,

        [Parameter(Mandatory = $true)]

        [ValidateSet('PROCESS_TERMINATE','PROCESS_CREATE_THREAD','PROCESS_VM_OPERATION','PROCESS_VM_READ','PROCESS_VM_WRITE','PROCESS_DUP_HANDLE','PROCESS_CREATE_PROCESS','PROCESS_SET_QUOTA','PROCESS_SET_INFORMATION','PROCESS_QUERY_INFORMATION','PROCESS_SUSPEND_RESUME','PROCESS_QUERY_LIMITED_INFORMATION','DELETE','READ_CONTROL','WRITE_DAC','WRITE_OWNER','SYNCHRONIZE','PROCESS_ALL_ACCESS')]

        [string[]]

        $DesiredAccess,

        [Parameter()]

        [bool]

        $InheritHandle = $false

    )

    # Calculate Desired Access Value

    $dwDesiredAccess = 0

    foreach($val in $DesiredAccess)

    {

        $dwDesiredAccess = $dwDesiredAccess -bor $PROCESS_ACCESS::$val

    }

    $hProcess = $Kernel32::OpenProcess($dwDesiredAccess, $InheritHandle, $ProcessId); $LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error()

    if($hProcess -eq 0) 

    {

        throw "OpenProcess Error: $(([ComponentModel.Win32Exception] $LastError).Message)"

    }

    Write-Output $hProcess

}