SilkyFowl · February 23, 2025 06:14
diff --git a/Add-ProcessInfo.ps1 b/Add-ProcessInfo.ps1
 # IsWow64Process2 function (wow64apiset.h) - Win32 apps | Microsoft Docs
 # https://docs.microsoft.com/ja-jp/windows/win32/api/wow64apiset/nf-wow64apiset-iswow64process2
 $Signature = @"
 [DllImport("kernel32.dll", SetLastError = true)]
 public static extern bool IsWow64Process2(
    IntPtr process,
    out ushort processMachine,
    out ushort nativeMachine
 );
 "@
 Add-Type -MemberDefinition $Signature -Name "PInvoke" -Namespace Win32

 # Image File Machine Constants
 # https://docs.microsoft.com/en-us/windows/win32/sysinfo/image-file-machine-constants
 enum ImageFileMachine {
    UNKNOWN = [UInt32]0
    TARGET_HOST = [UInt32]0x0001
    I386 = [UInt32]0x014c
    R3000 = [UInt32]0x0162
    R4000 = [UInt32]0x0166
    R10000 = [UInt32]0x0168
    WCEMIPSV2 = [UInt32]0x0169
    ALPHA = [UInt32]0x0184
    SH3 = [UInt32]0x01a2
    SH3DSP = [UInt32]0x01a3
    SH3E = [UInt32]0x01a4
    SH4 = [UInt32]0x01a6
    SH5 = [UInt32]0x01a8
    ARM = [UInt32]0x01c0
    THUMB = [UInt32]0x01c2
    ARMNT = [UInt32]0x01c4
    AM33 = [UInt32]0x01d3
    POWERPC = [UInt32]0x01F0
    POWERPCFP = [UInt32]0x01f1
    IA64 = [UInt32]0x0200
    MIPS16 = [UInt32]0x0266
    ALPHA64 = [UInt32]0x0284
    MIPSFPU = [UInt32]0x0366
    MIPSFPU16 = [UInt32]0x0466
    AXP64 = [UInt32]0x0284
    TRICORE = [UInt32]0x0520
    CEF = [UInt32]0x0CEF
    EBC = [UInt32]0x0EBC
    AMD64 = [UInt32]0x8664
    M32R = [UInt32]0x9041
    ARM64 = [UInt32]0xAA64
    CEE = [UInt32]0xC0EE
 }


 # 利用例
 # About Ref
 # https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_ref?view=powershell-7
 # 結果を受け取るためのNullの変数を用意
 $processMachine = $null
 $nativeMachine = $null

 # プロセス取得
 $procs = Get-Process

 # 1プロセスだけ判定
 $result = [Win32.PInvoke]::IsWow64Process2(
    $procs.Where{ $_.Handle }[0].Handle,
    [ref]$processMachine,
    [ref]$nativeMachine
 )

 # processMachineが[ImageFileMachine]::UNKNOWNであるかで判定可能
 if($result -and ($processMachine -eq [ImageFileMachine]::UNKNOWN)) {
    '64bit'
 } else{
    '32bit'
 }


 # System.Diagnostics.Processにプロパティを追加
 # Update-TypeDataを設定する際、該当する型であるかはPstypenamesプロパティで判断する
 $HashArguments = @{
    Typename   = 'System.Diagnostics.Process'
    MemberType = 'ScriptProperty'
    MemberName = 'IsWowProcessInfo'
    Value      = {
        $info = if ($null -ne $this.Handle) {
            $processMachine = $null
            $nativeMachine = $null
            [void][Win32.PInvoke]::IsWow64Process2($this.Handle, [ref]$processMachine, [ref]$nativeMachine)
            [PSCustomObject]@{
                platform       = if($processMachine -eq [ImageFileMachine]::UNKNOWN) {'64bit'} else{'32bit'}
                processMachine = [ImageFileMachine]$processMachine
                nativeMachine  = [ImageFileMachine]$nativeMachine
            }
        } else {
            # アクセスするための権限がなかった場合の処理
            # 監視者権限で実行すると大半はアクセス可能になる。ただしシステムなど、一部プロセスはアクセスが拒否されたままになる。
            [PSCustomObject]@{
                platform       = 'アクセス拒否'
                processMachine = 'アクセス拒否'
                nativeMachine  = 'アクセス拒否'
            }
        }
        Write-Output $info
    }
 }
 Update-TypeData @HashArguments

 # Update-TypeDataに成功したら場合、このように利用可能。
 ps | select -Property Id,ProcessName,MainWindowTitle  -ExpandProperty IsWowProcessInfo | sort ProcessName | ft

 # platform processMachine nativeMachine    Id ProcessName               MainWindowTitle
 # -------- -------------- -------------    -- -----------               ---------------
 # アクセス拒否   アクセス拒否         アクセス拒否         5680 AppleMobileDeviceService
 # 64bit    UNKNOWN        AMD64         16420 ApplicationFrameHost      Raven for Twitter
 # 32bit    I386           AMD64           256 ATFSVR31
 # 32bit    I386           AMD64         16520 ATOK31DV
 # 32bit    I386           AMD64         10432 ATOK31IB
 # 32bit    I386           AMD64         17332 ATOK31OM
 # アクセス拒否   アクセス拒否         アクセス拒否        11384 audiodg
 # 64bit    UNKNOWN        AMD64         30904 Code
 # 64bit    UNKNOWN        AMD64         30832 Code
 # 64bit    UNKNOWN        AMD64         30028 Code
 # 64bit    UNKNOWN        AMD64         28216 Code
 # 64bit    UNKNOWN        AMD64         27848 Code
 # 64bit    UNKNOWN        AMD64         27712 Code
 # 64bit    UNKNOWN        AMD64         26716 Code                      Add-ProcessInfo.ps1 - practice - Visual Studio Code
	# IsWow64Process2 function (wow64apiset.h) - Win32 apps \| Microsoft Docs
	# https://docs.microsoft.com/ja-jp/windows/win32/api/wow64apiset/nf-wow64apiset-iswow64process2
	$Signature = @"
	[DllImport("kernel32.dll", SetLastError = true)]
	public static extern bool IsWow64Process2(
	IntPtr process,
	out ushort processMachine,
	out ushort nativeMachine
	);
	"@
	Add-Type -MemberDefinition $Signature -Name "PInvoke" -Namespace Win32

	# Image File Machine Constants
	# https://docs.microsoft.com/en-us/windows/win32/sysinfo/image-file-machine-constants
	enum ImageFileMachine {
	UNKNOWN = [UInt32]0
	TARGET_HOST = [UInt32]0x0001
	I386 = [UInt32]0x014c
	R3000 = [UInt32]0x0162
	R4000 = [UInt32]0x0166
	R10000 = [UInt32]0x0168
	WCEMIPSV2 = [UInt32]0x0169
	ALPHA = [UInt32]0x0184
	SH3 = [UInt32]0x01a2
	SH3DSP = [UInt32]0x01a3
	SH3E = [UInt32]0x01a4
	SH4 = [UInt32]0x01a6
	SH5 = [UInt32]0x01a8
	ARM = [UInt32]0x01c0
	THUMB = [UInt32]0x01c2
	ARMNT = [UInt32]0x01c4
	AM33 = [UInt32]0x01d3
	POWERPC = [UInt32]0x01F0
	POWERPCFP = [UInt32]0x01f1
	IA64 = [UInt32]0x0200
	MIPS16 = [UInt32]0x0266
	ALPHA64 = [UInt32]0x0284
	MIPSFPU = [UInt32]0x0366
	MIPSFPU16 = [UInt32]0x0466
	AXP64 = [UInt32]0x0284
	TRICORE = [UInt32]0x0520
	CEF = [UInt32]0x0CEF
	EBC = [UInt32]0x0EBC
	AMD64 = [UInt32]0x8664
	M32R = [UInt32]0x9041
	ARM64 = [UInt32]0xAA64
	CEE = [UInt32]0xC0EE
	}


	# 利用例
	# About Ref
	# https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_ref?view=powershell-7
	# 結果を受け取るためのNullの変数を用意
	$processMachine = $null
	$nativeMachine = $null

	# プロセス取得
	$procs = Get-Process

	# 1プロセスだけ判定
	$result = [Win32.PInvoke]::IsWow64Process2(
	$procs.Where{ $_.Handle }[0].Handle,
	[ref]$processMachine,
	[ref]$nativeMachine
	)

	# processMachineが[ImageFileMachine]::UNKNOWNであるかで判定可能
	if($result -and ($processMachine -eq [ImageFileMachine]::UNKNOWN)) {
	'64bit'
	} else{
	'32bit'
	}


	# System.Diagnostics.Processにプロパティを追加
	# Update-TypeDataを設定する際、該当する型であるかはPstypenamesプロパティで判断する
	$HashArguments = @{
	Typename = 'System.Diagnostics.Process'
	MemberType = 'ScriptProperty'
	MemberName = 'IsWowProcessInfo'
	Value = {
	$info = if ($null -ne $this.Handle) {
	$processMachine = $null
	$nativeMachine = $null
	[void][Win32.PInvoke]::IsWow64Process2($this.Handle, [ref]$processMachine, [ref]$nativeMachine)
	[PSCustomObject]@{
	platform = if($processMachine -eq [ImageFileMachine]::UNKNOWN) {'64bit'} else{'32bit'}
	processMachine = [ImageFileMachine]$processMachine
	nativeMachine = [ImageFileMachine]$nativeMachine
	}
	} else {
	# アクセスするための権限がなかった場合の処理
	# 監視者権限で実行すると大半はアクセス可能になる。ただしシステムなど、一部プロセスはアクセスが拒否されたままになる。
	[PSCustomObject]@{
	platform = 'アクセス拒否'
	processMachine = 'アクセス拒否'
	nativeMachine = 'アクセス拒否'
	}
	}
	Write-Output $info
	}
	}
	Update-TypeData @HashArguments

	# Update-TypeDataに成功したら場合、このように利用可能。
	ps \| select -Property Id,ProcessName,MainWindowTitle -ExpandProperty IsWowProcessInfo \| sort ProcessName \| ft

	# platform processMachine nativeMachine Id ProcessName MainWindowTitle
	# -------- -------------- ------------- -- ----------- ---------------
	# アクセス拒否アクセス拒否アクセス拒否 5680 AppleMobileDeviceService
	# 64bit UNKNOWN AMD64 16420 ApplicationFrameHost Raven for Twitter
	# 32bit I386 AMD64 256 ATFSVR31
	# 32bit I386 AMD64 16520 ATOK31DV
	# 32bit I386 AMD64 10432 ATOK31IB
	# 32bit I386 AMD64 17332 ATOK31OM
	# アクセス拒否アクセス拒否アクセス拒否 11384 audiodg
	# 64bit UNKNOWN AMD64 30904 Code
	# 64bit UNKNOWN AMD64 30832 Code
	# 64bit UNKNOWN AMD64 30028 Code
	# 64bit UNKNOWN AMD64 28216 Code
	# 64bit UNKNOWN AMD64 27848 Code
	# 64bit UNKNOWN AMD64 27712 Code
	# 64bit UNKNOWN AMD64 26716 Code Add-ProcessInfo.ps1 - practice - Visual Studio Code