Here is my collection of tricks that allow a program to retrieve peculiar details about the system even from a restricted environment of a low-privileged AppContainer.
- Listing all processes (PID, image name, file location)
- Listing threads per-process (TID, GUI flag)
- Listing loaded modules per-process (filename, sometimes base address, might be incomplete)
- Listing services within each svchost process
See the releases page to experiment with it yourself.
Here you can see a complete list of processes on the system from a low-privileged AppContainer sandbox. For every process you can also list all of its threads.
