Things-AppContainer-Knows

Here is my collection of tricks that allow a program to retrieve peculiar details about the system even from a restricted environment of a low-privileged AppContainer.

Features

Listing all processes (PID, image name, file location)
Listing threads per-process (TID, GUI flag)
Listing loaded modules per-process (filename, sometimes base address, might be incomplete)
Listing services within each svchost process

See the releases page to experiment with it yourself.

Screenshots

Here you can see a complete list of processes on the system from a low-privileged AppContainer sandbox. For every process you can also list all of its threads.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
NtUtils @ add8a7f		NtUtils @ add8a7f
UI		UI
VclEx @ ba6a33a		VclEx @ ba6a33a
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
AppContainerKnows.dpr		AppContainerKnows.dpr
AppContainerKnows.dproj		AppContainerKnows.dproj
LdrSnapshot.pas		LdrSnapshot.pas
PsSnapshot.pas		PsSnapshot.pas
Readme.md		Readme.md
TdSnapshot.pas		TdSnapshot.pas
WorkerThreads.pas		WorkerThreads.pas

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NtUtils @ add8a7f

NtUtils @ add8a7f

UI

UI

VclEx @ ba6a33a

VclEx @ ba6a33a

.gitattributes

.gitattributes

.gitignore

.gitignore

.gitmodules

.gitmodules

AppContainerKnows.dpr

AppContainerKnows.dpr

AppContainerKnows.dproj

AppContainerKnows.dproj

LdrSnapshot.pas

LdrSnapshot.pas

PsSnapshot.pas

PsSnapshot.pas

Readme.md

Readme.md

TdSnapshot.pas

TdSnapshot.pas

WorkerThreads.pas

WorkerThreads.pas

Repository files navigation

Things-AppContainer-Knows

Features

Screenshots

About

Releases 2

Packages

Languages

diversenok/Things-AppContainer-Knows

Folders and files

Latest commit

History

Repository files navigation

Things-AppContainer-Knows

Features

Screenshots

About

Topics

Resources

Stars

Watchers

Forks

Languages