public void DetourInternalFunction2()
{
_GetCurrentNlsCacheCalled = false;
using (var hook = LocalHook.Create(
LocalHook.GetProcAddress("kernelbase.dll", "GetCurrentNlsCache"),
new GetCurrentNlsCacheDelegate(GetCurrentNlsCacheHook),
this))
{
hook.ThreadACL.SetInclusiveACL(new int[] { 0 });
GetCurrentNlsCacheFunction = (GetCurrentNlsCacheDelegate)
Marshal.GetDelegateForFunctionPointer(
hook.HookBypassAddress,
typeof(GetCurrentNlsCacheDelegate));
string stringA = "HelloWorld";
string stringB = "Hello";
int comparisonResult = CompareStringW(
LOCALE_USER_DEFAULT,
NORM_LINGUISTIC_CASING,
stringA,
stringA.Length,
stringB,
stringB.Length);
Assert.Equal(CSTR_GREATER_THAN, comparisonResult);
Assert.True(_GetCurrentNlsCacheCalled);
}
}
public void Invalid_LocalHook_Create_Detour_Delegate_Throws_ArgumentNUllException()
{
Assert.Throws <ArgumentNullException>(() => LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
null,
this));
}
/// <summary>
/// Creates a hook. Hooking address is inferred by calling to GetProcAddress() function. Hook is not activated until Enable() method is called.
/// </summary>
/// <param name="moduleName">A name of the module currently loaded in the memory. (e.g. ws2_32.dll)</param>
/// <param name="exportName">A name of the exported function name (e.g. send)</param>
/// <param name="detour">Callback function. Delegate must have a same original function prototype.</param>
/// <param name="callbackParam">A callback object which can be accessed within the detour.</param>
/// <returns></returns>
public static Hook <T> FromSymbol(string moduleName, string exportName, Delegate detour, object callbackParam = null)
{
// Get a function address from the symbol name.
var address = LocalHook.GetProcAddress(moduleName, exportName);
return(new Hook <T>(address, detour, callbackParam));
}
public override void Initialize()
{
Form form = new Form();
IntPtr intPtr = Direct3DCreate9(32u);
if (intPtr == IntPtr.Zero)
{
throw new Exception("Failed to create D3D.");
}
D3D9.Struct0 @struct = new D3D9.Struct0
{
bool_0 = true,
uint_6 = 1u,
uint_2 = 0u
};
D3D9.Delegate4 @delegate = (D3D9.Delegate4)Marshal.GetDelegateForFunctionPointer(Marshal.ReadIntPtr(Marshal.ReadIntPtr(intPtr), 64), typeof(D3D9.Delegate4));
IntPtr intPtr2;
if (@delegate(intPtr, 0u, 1u, form.Handle, 32u, ref @struct, out intPtr2) < 0)
{
throw new Exception("Failed to create device.");
}
this.EndScenePointer = Marshal.ReadIntPtr(Marshal.ReadIntPtr(intPtr2), 168);
D3D9.Delegate3 delegate2 = (D3D9.Delegate3)Marshal.GetDelegateForFunctionPointer(Marshal.ReadIntPtr(Marshal.ReadIntPtr(intPtr2), 8), typeof(D3D9.Delegate3));
D3D9.Delegate3 delegate3 = (D3D9.Delegate3)Marshal.GetDelegateForFunctionPointer(Marshal.ReadIntPtr(Marshal.ReadIntPtr(intPtr), 8), typeof(D3D9.Delegate3));
delegate2(intPtr2);
delegate3(intPtr);
form.Dispose();
this.delegate2_0 = (D3D9.Delegate2)Marshal.GetDelegateForFunctionPointer(this.EndScenePointer, typeof(D3D9.Delegate2));
this.localHook_0 = LocalHook.Create(this.EndScenePointer, new D3D9.Delegate2(this.method_0), this);
int[] exclusiveACL = new int[1];
localHook_0.ThreadACL.SetExclusiveACL(exclusiveACL);
}
public override void Cleanup()
{
try
{
if (DXGISwapChain_PresentHook != null)
{
DXGISwapChain_PresentHook.Dispose();
DXGISwapChain_PresentHook = null;
}
if (DXGISwapChain_ResizeTargetHook != null)
{
DXGISwapChain_ResizeTargetHook.Dispose();
DXGISwapChain_ResizeTargetHook = null;
}
if (_overlayEngine != null)
{
_overlayEngine.Dispose();
_overlayEngine = null;
}
//this.Request = null;
}
catch
{
}
}
public BeepInterceptor(IVbeNativeApi vbeApi)
{
_vbeApi = vbeApi;
_hook = HookVbaBeep();
_timer = new Timer();
_timer.Elapsed += TimerElapsed;
}
public void Run(IContext context, string channelName, int redirectionPort)
{
_interface.NotifyInstalled(Process.GetCurrentProcess().ProcessName);
try
{
_connectHook = LocalHook.Create(
LocalHook.GetProcAddress("Ws2_32.dll", "connect"),
new WinsockConnectDelegate(_onConnect), this);
_connectHook.ThreadACL.SetExclusiveACL(new[] { 0 });
}
catch (Exception ex) { _interface.Error(ex); }
WakeUpProcess();
try
{
while (true)
{
Thread.Sleep(500);
_interface.Ping();
}
}
catch
{
_connectHook.Dispose();
LocalHook.Release();
}
}
public void CreateHook(IntPtr origFunc, Delegate newFunc)
{
LocalHook hook = LocalHook.Create(origFunc, newFunc, this);
hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
_hooks.Add(hook);
}
public void Run(RemoteHooking.IContext context, string channelName)
{
server.IsClientInstalled(RemoteHooking.GetCurrentProcessId());
var shellExecuteHook = LocalHook.Create(
LocalHook.GetProcAddress("shell32.dll", "ShellExecuteExW"),
new ShellExecuteExDelegate(ShellExecuteExHook),
this);
shellExecuteHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
RemoteHooking.WakeUpProcess();
server.ReportMessage("Injected to osu! process");
try
{
// Loop until closes (i.e. IPC fails)
while (true)
{
System.Threading.Thread.Sleep(500);
server.Ping();
}
}
catch
{
// Ping() or ReportMessages() will raise an exception if host is unreachable
}
shellExecuteHook.Dispose();
LocalHook.Release();
}
// =====================
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
InterceptDNSHook = LocalHook.Create(
LocalHook.GetProcAddress("WS2_32.dll", "GetAddrInfoW"),
new DInterceptDNS(InterceptDNS_Hooked),
this);
InterceptDNSHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored messages ...
if (Queue1.Count > 0)
{
String[] Package = null;
lock (Queue1)
{
Package = Queue1.ToArray();
Queue1.Clear();
}
Interface.OnInterceptDNS(RemoteHooking.GetCurrentProcessId(), Package);
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
finally
{
}
}
public void Run(
RemoteHooking.IContext aInContext,
String aInArg1)
{
_interface.Ping(RemoteHooking.GetCurrentProcessId(), "Payload installed. Running payload loop.");
foreach (var xinputVersion in Enum.GetValues(typeof(XInputVersion)))
{
try
{
_interface.Ping(RemoteHooking.GetCurrentProcessId(), $"Trying to hook {xinputVersion}.dll");
_xinputSetStateHookObj = LocalHook.Create(
LocalHook.GetProcAddress($"{xinputVersion}.dll", "XInputSetState"),
new XInputSetStateDelegate(XInputSetStateHookFunc),
null);
_hookedVersion = (XInputVersion)xinputVersion;
_interface.Ping(RemoteHooking.GetCurrentProcessId(), $"Hooked {xinputVersion}.dll");
break;
}
catch
{
// noop
_interface.Ping(RemoteHooking.GetCurrentProcessId(), $"Hooking {xinputVersion}.dll failed");
}
}
if (_xinputSetStateHookObj == null)
{
_interface.ReportError(RemoteHooking.GetCurrentProcessId(), new Exception("No viable DLL to hook, payload exiting"));
return;
}
// Set hook for all threads.
_xinputSetStateHookObj.ThreadACL.SetExclusiveACL(new Int32[1]);
try
{
while (_interface.Ping(RemoteHooking.GetCurrentProcessId(), ""))
{
Thread.Sleep(1);
if (_messageQueue.Count > 0)
{
lock (_messageQueue)
{
_interface.Report(RemoteHooking.GetCurrentProcessId(), _messageQueue);
_messageQueue.Clear();
}
}
if (_ex != null)
{
_interface.ReportError(RemoteHooking.GetCurrentProcessId(), _ex);
break;
}
}
}
catch (Exception e)
{
_interface.ReportError(RemoteHooking.GetCurrentProcessId(), e);
}
_interface.Ping(RemoteHooking.GetCurrentProcessId(), "Exiting payload loop");
_interface.Exit();
}
private bool FixOverlappingModifications(IntPtr scanAddress, int size)
{
Int32 scanStart = scanAddress.ToInt32();
Int32 scanEnd = scanAddress.ToInt32() + size;
Int32 modStart = Offset.Function.InvalidPtrCheck;
/*
* detoured x86 functions have first 5 bytes changed to
* JMP/CALL opcode and 4 bytes of jump address
*
* i.e. for JMP
* 0xE9 AddressByte[0] AddressByte[1] AddressByte[2] AddressByte[3]
*
*/
Int32 modEnd = Offset.Function.InvalidPtrCheck + 5;
if (scanEnd > modStart)
{
if (scanEnd < modEnd || scanStart < modEnd)
{
hc.PrintMessage($"Warden[{DateTime.Now}] Preventing scan at 0x{scanStart:X}, size {size}. Unhooking...");
commandHandler.DestroyLuaEventFrameHandler_W();
invalidPtrCheckPatch.Dispose();
LocalHook.Release();
return(true);
}
}
return(false);
}
private void BeginHook()
{
Server.Debug("Begin hook");
Hook = LocalHook.Create(LocalHook.GetProcAddress("opengl32.dll", "wglSwapBuffers"), new SwapBuffersDelegate(OnSwapBuffers), this);
Hook.ThreadACL.SetExclusiveACL(new[] { 0 });
Server.Debug("End hook");
}
public void DetourInternalFunction()
{
using (var hook = LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "InternalAddAtom"),
new InternalAddAtomDelegate(InternalAddAtomHook),
this))
{
InternalAddAtomFunction = (InternalAddAtomDelegate)
Marshal.GetDelegateForFunctionPointer(
hook.HookBypassAddress,
typeof(InternalAddAtomDelegate));
hook.ThreadACL.SetInclusiveACL(new int[] { 0 });
_internalAddAtomCalled = false;
string atomName = "TestLocalAtomName";
ushort atomId = AddAtomW(atomName);
Assert.NotEqual(0, atomId);
Assert.True(_internalAddAtomCalled);
StringBuilder atomBuffer = new StringBuilder(MaxPathLength);
uint bufLength = GetAtomNameW(atomId, atomBuffer, MaxPathLength);
string retrievedAtomName = atomBuffer.ToString();
Assert.Equal((uint)atomName.Length, bufLength);
Assert.Equal(retrievedAtomName.Length, atomName.Length);
Assert.Equal(retrievedAtomName, atomName);
Assert.Equal <ushort>(0, DeleteAtom(atomId));
}
}
protected void InjectDelegate(Delegate callbackDelegate, IntPtr procAddress)
{
var hook = LocalHook.Create(procAddress, callbackDelegate, null);
hook.ThreadACL.SetInclusiveACL(new[] { 0 });
_hooks.Add(hook);
}
public void Run(RemoteHooking.IContext context, string channelName, EntryPointParameters parameter)
{
try
{
using (var extractArchiveHook = LocalHook.Create(LocalHook.GetProcAddress("mia.lib", "ExtractArchive"),
new ExtractArchiveFnPtr(ExtractArchive_Hooked),
this))
{
// Don't forget that all hooks will start deactivated.
// The following ensures that all threads are intercepted:
extractArchiveHook.ThreadACL.SetExclusiveACL(new int[1]);
_remoteObject.TriggerInjectionEvent(RemoteHooking.GetCurrentProcessId());
_remoteObject.TriggerMessageEvent(parameter.Message);
while (true)
{
Thread.Sleep(TimeSpan.FromMilliseconds(100));
_remoteObject.TriggerPingEvent();
}
}
}
catch (Exception e)
{
// We should notice our host process about this error
_remoteObject.TriggerExceptionEvent(e);
}
finally
{
_remoteObject.TriggerExitEvent();
}
}
/// <summary>
/// Initializes a new instance of the <see cref="NetworkHook" /> class.
/// </summary>
public NetworkHook(HookClientBase hookClient)
{
// Do not disable networking for now
return;
this.HookClient = hookClient;
try
{
this.RecvHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "recv"), new DRecv(MyRecv), this);
this.SendHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "send"), new DSend(MySend), this);
// this.RecvFromHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "recvfrom"), new DRecvFrom(MyRecvFrom), this);
// this.SendToHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "sendto"), new DSendTo(MySendTo), this);
// this.WSARecvHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "WSARecv"), new DWSARecv(MyWsaRecv), this);
// this.WSASendHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "WSASend"), new DWSASend(MyWsaSend), this);
RecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
SendHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// RecvFromHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// SendToHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// WSARecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// WSASendHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
RemoteHooking.WakeUpProcess();
this.HookClient.Log("Networking Disabled in Process");
}
catch (Exception ex)
{
this.HookClient.Log("Error activating network hooks", ex.ToString());
}
}
public void Run(RemoteHooking.IContext context, GlobalConfig config)
{
LocalHook endScenePatch = null;
try
{
endScenePatch = LocalHook.Create(
IntPtr.Zero + Offset.Function.EndScene,
new CommandCallback.EndScene(commandHandler.EndScenePatch),
this);
endScenePatch.ThreadACL.SetExclusiveACL(new Int32[] { });
}
catch (Exception e)
{
ctrlInterface.hostControl.PrintMessage(e.ToString());
}
/* keep the remote from unloading */
while (remoteMainOn)
{
Thread.Sleep(5000);
}
commandHandler?.Dispose();
endScenePatch?.Dispose();
wardenBuster?.Dispose();
}
public void Run(RemoteHooking.IContext iContext,
string channel)
{
//GetPuppetFilesFunc = getPuppetFilesFunc;
/*获取目标函数的句柄*/
IntPtr createFileWPtr = LocalHook.GetProcAddress("kernel32.dll", "CreateFileW");
IntPtr findFirstFileWPtr = LocalHook.GetProcAddress("kernel32.dll", "FindFirstFileW");
IntPtr findNextFileWPtr = LocalHook.GetProcAddress("kernel32.dll", "FindNextFileW");
IntPtr findClosePtr = LocalHook.GetProcAddress("kernel32.dll", "FindClose");
IntPtr getFileAttributesPtr = LocalHook.GetProcAddress("kernel32.dll", "GetFileAttributesW");
IntPtr setFileAttributesPtr = LocalHook.GetProcAddress("kernel32.dll", "SetFileAttributesW");
/*创建钩子*/
_openHook = LocalHook.Create(createFileWPtr, new DCreateFileW(CreateFileCallBack), this);
_findFirstFileHook = LocalHook.Create(findFirstFileWPtr, new DFindFirstFileW(FindFirstFileCallBack), this);
_findNextFileHook = LocalHook.Create(findNextFileWPtr, new DFindNextFileW(FindNextFileCallBack), this);
_findCloseHook = LocalHook.Create(findClosePtr, new DFindClose(FindCloseCallBack), this);
_getFileAttributesHook = LocalHook.Create(getFileAttributesPtr, new DGetFileAttributesW(GetFileAttributesCallBack), this);
_setFileAttributesHook = LocalHook.Create(setFileAttributesPtr, new DSetFileAttributesW(SetFileAttributesCallBack), this);
/*设置ACL,我不知道有什么用*/
_openHook.ThreadACL.SetExclusiveACL(new int[1]);
_findFirstFileHook.ThreadACL.SetExclusiveACL(new int[1]);
_findNextFileHook.ThreadACL.SetExclusiveACL(new int[1]);
_findCloseHook.ThreadACL.SetExclusiveACL(new int[1]);
_getFileAttributesHook.ThreadACL.SetInclusiveACL(new int[1]);
_setFileAttributesHook.ThreadACL.SetInclusiveACL(new int[1]);
RemoteHooking.WakeUpProcess();
while (true)
{
Thread.Sleep(500);
}
}
private void AddHook(string libName, string entryPoint, Delegate newProcedure)
{
try
{
var localHook = LocalHook.Create(LocalHook.GetProcAddress(libName, entryPoint), newProcedure, null);
// Exclude current thread (EasyHook)
localHook.ThreadACL.SetExclusiveACL(new[] { 0 });
lock (Hooks)
{
Hooks.Add(localHook);
}
DebugMessage(
nameof(AddHook),
"`{0}` @ `{1}` hooked successfully.",
entryPoint,
libName
);
}
catch (Exception e)
{
DebugMessage(nameof(AddHook), e.ToString());
DebugMessage(
nameof(AddHook),
"Failed to hook `{0}` @ `{1}`.",
entryPoint,
libName
);
}
}
public void Run(RemoteHooking.IContext context, string channelName)
{
Stealther stealther = null;
try
{
Server.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
if (DetectDirectXVersion())
{
device.InstallHook();
}
stealther = new Stealther();
}
catch (Exception e)
{
Server.ReportException(e);
}
while (Server.RunLibrary)
{
Thread.Sleep(500);
}
stealther?.Dispose();
device?.UninstallHook();
LocalHook.Release();
Server.DebugMessage("Hooks uninstalled, you can close app!");
}
public AntiDebug()
{
this.debuggerPresentHook = new Hook <IsDebuggerPresentDelegate>(LocalHook.GetProcAddress("Kernel32", "IsDebuggerPresent"),
new IsDebuggerPresentDelegate(IsDebuggerPresentDetour));
Log.Verbose("IsDebuggerPresent address {IsDebuggerPresent}", this.debuggerPresentHook.Address);
}
/// <summary>
/// Creates a hook. Hooking address is inferred by calling to GetProcAddress() function.
/// Hook is not activated until Enable() method is called.
/// </summary>
/// <param name="moduleName">A name of the module currently loaded in the memory. (e.g. ws2_32.dll).</param>
/// <param name="exportName">A name of the exported function name (e.g. send).</param>
/// <param name="detour">Callback function. Delegate must have a same original function prototype.</param>
/// <returns>The hook with the supplied parameters.</returns>
public static Hook <T> FromSymbol(string moduleName, string exportName, T detour)
{
// Get a function address from the symbol name.
var address = LocalHook.GetProcAddress(moduleName, exportName);
return(new Hook <T>(address, detour));
}
//
// Setup
private IEnumerable <LocalHook> InstallIOHooks()
{
TargetFilePaths = new HashSet <string>(SMA.GetTargetFilePaths().Select(s => s.ToLowerInvariant()));
return(new[]
{
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
new Win32.CreateFileWDlg(CreateFile_Hooked),
this
),
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "SetFilePointer"),
new Win32.SetFilePointerDlg(SetFilePointer_Hooked),
this
),
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "WriteFile"),
new Win32.WriteFileDlg(WriteFile_Hooked),
this
),
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CloseHandle"),
new Win32.CloseHandleDlg(CloseHandle_Hooked),
this
)
});
}
/// <summary>
///
/// </summary>
public void Hook()
{
id3dDeviceFunctionAddresses = new List <IntPtr>();
using (Direct3D d3d = new Direct3D())
{
using (var renderForm = new System.Windows.Forms.Form())
{
using (deviceGlobal = new Device(d3d, 0, DeviceType.NullReference, IntPtr.Zero, CreateFlags.HardwareVertexProcessing, new PresentParameters()
{
BackBufferWidth = 1, BackBufferHeight = 1, DeviceWindowHandle = renderForm.Handle
}))
{
id3dDeviceFunctionAddresses.AddRange(GetVTblAddresses(deviceGlobal.NativePointer, D3D9_DEVICE_METHOD_COUNT));
}
}
}
Direct3DDevice_EndSceneHook = LocalHook.Create(id3dDeviceFunctionAddresses[(int)Direct3DDevice9FunctionOrdinals.EndScene], new Direct3D9Device_EndSceneDelegate(EndSceneHook), this);
Direct3DDevice_EndSceneHook.ThreadACL.SetExclusiveACL(new Int32[1]);
Direct3DDevice_IndexPrimitiveHook = LocalHook.Create(id3dDeviceFunctionAddresses[(int)Direct3DDevice9FunctionOrdinals.DrawIndexedPrimitive], new Direct3D9Device_IndexPrimitiveDelegate(DrawIndexedPrimitiveHook), this);
Direct3DDevice_IndexPrimitiveHook.ThreadACL.SetExclusiveACL(new Int32[1]);
Interface.Text("DEBUG: Hooking game.." + RemoteHooking.GetCurrentProcessId().ToString());
}
// Cleans up after us.
public void Cleanup()
{
try
{
lock (_lockRenderTarget)
{
if (_renderTarget != null)
{
// Dispose the render target.
_renderTarget.Dispose();
_renderTarget = null;
}
// Dispose the hooks.
Direct3DDevice_EndSceneHook.Dispose();
Direct3DDevice_EndSceneHook = null;
Direct3DDevice_ResetHook.Dispose();
Direct3DDevice_ResetHook = null;
// Clear the messages.
Messages.Clear();
Messages = null;
}
}
catch
{
}
}
public void ShouldEnableHookWithProperty()
{
using (var hook = HookFactory.CreateHook <GetVersionDelegate>(
LocalHook.GetProcAddress("kernel32.dll", "GetVersion"),
GetVersionDetour, this))
{
// Enable the hook for all threads
hook.Enabled = true;
Assert.Equal <uint>(0, GetVersion());
Assert.Equal <uint>(0, hook.Target());
// Disable the hook for all threads
hook.Enabled = false;
Assert.NotEqual <uint>(0, GetVersion());
Assert.NotEqual <uint>(0, hook.Target());
Assert.NotEqual <uint>(0, hook.Original());
// Enable the hook for the current thread
hook.ThreadACL.SetInclusiveACL(new int[1]);
Assert.Equal <uint>(0, GetVersion());
Assert.Equal <uint>(0, hook.Target());
Assert.NotEqual <uint>(0, hook.Original());
// Disable the hook for the current thread
hook.ThreadACL.SetExclusiveACL(new int[1]);
Assert.NotEqual <uint>(0, GetVersion());
Assert.NotEqual <uint>(0, hook.Target());
}
}
private void HookAll()
{
try {
foreach (var bundle in
from plugin in _plugins
let pluginName = GetPluginName(plugin)
from hook in plugin.GetApiHooks()
let hookProxy = new ServerInterfaceHookProxy(pluginName, hook.Module, hook.Symbol)
let hooked = hook.DelegateFetcher(hookProxy)
let localhook = LocalHook.Create(
LocalHook.GetProcAddress(hook.Module, hook.Symbol),
hooked,
hookProxy)
select new {
localhook,
hook,
pluginName
})
{
bundle.localhook.ThreadACL.SetExclusiveACL(new int[1]);
_localHooks.Add(bundle.localhook);
PacketsCache.Add(
new ServerInterface.HookLogPacket(
"Hooked",
bundle.pluginName,
bundle.hook.Module,
bundle.hook.Symbol));
}
} catch (Exception e) {
HandleException(e);
}
}
/// <summary>
/// Initialize hooks for our file I/O functions.
/// </summary>
/// <param name="context"></param>
public void Run(IContext context)
{
_readFileHook = HookFactory.CreateHook <ReadFileDelegate>(LocalHook.GetProcAddress(Interop.Libraries.Kernel32, "ReadFile"), Detour_ReadFile, this);
_writeFileHook = HookFactory.CreateHook <WriteFileDelegate>(LocalHook.GetProcAddress(Interop.Libraries.Kernel32, "WriteFile"), Detour_WriteFile, this);
DisplayFileAccess().GetAwaiter().GetResult();
}
public override void InstallHook()
{
sendHook = LocalHook.Create(
LocalHook.GetProcAddress("Ws2_32.dll", "send"),
new Dsend(send_Hooked),
this.Injector);
sendHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
sendtoHook = LocalHook.Create(
LocalHook.GetProcAddress("Ws2_32.dll", "sendto"),
new Dsendto(sendto_Hooked),
this.Injector);
sendtoHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
recvHook = LocalHook.Create(
LocalHook.GetProcAddress("Ws2_32.dll", "recv"),
new Drecv(recv_Hooked),
this.Injector);
recvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
recvFunc = LocalHook.GetProcDelegate <Drecv>("Ws2_32.dll", "recv");
recvfromHook = LocalHook.Create(
LocalHook.GetProcAddress("Ws2_32.dll", "recvfrom"),
new Drecvfrom(recvfrom_Hooked),
this.Injector);
recvfromHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
recvfromFunc = LocalHook.GetProcDelegate <Drecvfrom>("Ws2_32.dll", "recvfrom");
}
