public void Run(
RemoteHooking.IContext InContext,
String InArg1)
{
try
{
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "GetRawInputData"),
new DGetRawInputData(GetRawInputData_hook),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "GetRawInputDeviceInfoW"),
new DGetRawInputDeviceInfo(GetRawInputDeviceInfo_hook),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "GetRawInputDeviceList"),
new DGetRawInputDeviceList(GetRawInputDeviceList_hook),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "RegisterRawInputDevices"),
new DRegisterRawInputDevices(RegisterRawInputDevices_hook),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("hid.dll", "HidP_GetCaps"),
new DHidP_GetCaps(HidP_GetCaps_hook),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("hid.dll", "HidP_GetUsages"),
new DHidP_GetUsages(HidP_GetUsages_hook),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("hid.dll", "HidP_GetValueCaps"),
new DHidP_GetValueCaps(HidP_GetValueCaps_hook),
this));
/*
* Don't forget that all hooks will start deaktivated...
* The following ensures that all threads are intercepted:
*/
foreach (LocalHook hook in Hooks)
{
hook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
}
catch (Exception e)
{
/*
* Now we should notice our host process about this error...
*/
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), Assembly.GetExecutingAssembly().GetName().Name, e);
return;
}
// wait for host process termination...
try
{
while (Interface.Ping(RemoteHooking.GetCurrentProcessId()))
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
lock (Queue)
{
if (Queue.Count > 0)
{
String[] Package = null;
Package = Queue.ToArray();
Queue.Clear();
Interface.OnFunctionsCalled(RemoteHooking.GetCurrentProcessId(), Package);
}
}
}
}
catch
{
// NET Remoting will raise an exception if host is unreachable
}
}
public void Run(
RemoteHooking.IContext InContext,
String InArg1)
{
bool succeed = false;
try
{
//xinput1_3.dll
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputEnable"),
new DXInputEnable(XInputEnable_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputGetBatteryInformation"),
new DXInputGetBatteryInformation(XInputGetBatteryInformation_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputGetCapabilities"),
new DXInputGetCapabilities(XInputGetCapabilities_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputGetDSoundAudioDeviceGuids"),
new DXInputGetDSoundAudioDeviceGuids(XInputGetDSoundAudioDeviceGuids_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputGetKeystroke"),
new DXInputGetKeystroke(XInputGetKeystroke_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputGetState"),
new DXInputGetState(XInputGetState_Hooked),
this));
/* Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputGetStateEx"),
* new DXInputGetStateEx(XInputGetStateEx_Hooked),
* this));*/
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputSetState"),
new DXInputSetState(XInputSetState_Hooked),
this));
/* Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_3.dll", "XInputSetStateEx"),
* new DXInputSetStateEx(XInputSetStateEx_Hooked),
* this));*/
/*
* Don't forget that all hooks will start deaktivated...
* The following ensures that all threads are intercepted:
*/
foreach (LocalHook hook in Hooks)
{
hook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
succeed = true;
}
catch (Exception e)
{
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), "xinput1_3.dll", e);
Hooks.Clear();
}
try
{
if (!succeed)
{
//xinput1_1.dll
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_1.dll", "XInputEnable"),
new DXInputEnable(XInputEnable_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_1.dll", "XInputGetCapabilities"),
new DXInputGetCapabilities(XInputGetCapabilities_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_1.dll", "XInputGetDSoundAudioDeviceGuids"),
new DXInputGetDSoundAudioDeviceGuids(XInputGetDSoundAudioDeviceGuids_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_1.dll", "XInputGetState"),
new DXInputGetState(XInputGetState_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_1.dll", "XInputSetState"),
new DXInputSetState(XInputSetState_Hooked),
this));
foreach (LocalHook hook in Hooks)
{
hook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
succeed = true;
}
}
catch (Exception e)
{
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), "xinput1_1.dll", e);
Hooks.Clear();
}
try
{
if (!succeed)
{
//xinput1_2.dll
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_2.dll", "XInputEnable"),
new DXInputEnable(XInputEnable_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_2.dll", "XInputGetCapabilities"),
new DXInputGetCapabilities(XInputGetCapabilities_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_2.dll", "XInputGetDSoundAudioDeviceGuids"),
new DXInputGetDSoundAudioDeviceGuids(XInputGetDSoundAudioDeviceGuids_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_2.dll", "XInputGetState"),
new DXInputGetState(XInputGetState_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_2.dll", "XInputSetState"),
new DXInputSetState(XInputSetState_Hooked),
this));
foreach (LocalHook hook in Hooks)
{
hook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
succeed = true;
}
}
catch (Exception e)
{
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), "xinput1_2.dll", e);
Hooks.Clear();
}
try
{
if (!succeed)
{
//xinput1_4.dll
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_4.dll", "XInputEnable"),
new DXInputEnable(XInputEnable_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_4.dll", "XInputGetBatteryInformation"),
new DXInputGetBatteryInformation(XInputGetBatteryInformation_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_4.dll", "XInputGetCapabilities"),
new DXInputGetCapabilities(XInputGetCapabilities_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_4.dll", "XInputGetDSoundAudioDeviceGuids"),
new DXInputGetDSoundAudioDeviceGuids(XInputGetDSoundAudioDeviceGuids_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_4.dll", "XInputGetKeystroke"),
new DXInputGetKeystroke(XInputGetKeystroke_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_4.dll", "XInputGetState"),
new DXInputGetState(XInputGetState_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput1_4.dll", "XInputSetState"),
new DXInputSetState(XInputSetState_Hooked),
this));
foreach (LocalHook hook in Hooks)
{
hook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
succeed = true;
}
}
catch (Exception e)
{
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), "xinput1_4.dll", e);
Hooks.Clear();
}
try
{
if (!succeed)
{
//xinput9_1_0.dll
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput9_1_0.dll", "XInputGetCapabilities"),
new DXInputGetCapabilities(XInputGetCapabilities_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput9_1_0.dll", "XInputGetDSoundAudioDeviceGuids"),
new DXInputGetDSoundAudioDeviceGuids(XInputGetDSoundAudioDeviceGuids_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput9_1_0.dll", "XInputGetState"),
new DXInputGetState(XInputGetState_Hooked),
this));
Hooks.Add(LocalHook.Create(LocalHook.GetProcAddress("xinput9_1_0.dll", "XInputSetState"),
new DXInputSetState(XInputSetState_Hooked),
this));
foreach (LocalHook hook in Hooks)
{
hook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
succeed = true;
}
}
catch (Exception e)
{
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), Assembly.GetExecutingAssembly().GetName().Name, e);
}
if (!succeed)
{
return;
}
// wait for host process termination...
try
{
while (Interface.Ping(RemoteHooking.GetCurrentProcessId()))
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
lock (Queue)
{
if (Queue.Count > 0)
{
String[] Package = null;
Package = Queue.ToArray();
Queue.Clear();
Interface.OnFunctionsCalled(RemoteHooking.GetCurrentProcessId(), Package);
}
}
}
}
catch
{
// NET Remoting will raise an exception if host is unreachable
}
}