Ejemplo n.º 1
0
        async void ProcessWatcher_ProcessStarted(object sender, ProcessStartedEventArgument e)
        {
            if (!SuspiciousProcesses.Contains(e.ProcessName))
            {
                return;
            }

            logger.Information($"Injecting keyboard override library into process {e.ProcessName}.");

            var injectedLibraryName = GetInjectedLibraryName();

            string channelName = null;

            RemoteHooking.IpcCreateServer(
                ref channelName,
                WellKnownObjectMode.SingleCall,
                communicator,
                WellKnownSidType.WorldSid);

            await Task.Delay(1000);

            RemoteHooking.Inject(
                e.ProcessId,
                injectedLibraryName,
                injectedLibraryName,
                channelName);

            logger.Information($"Keyboard override library successfully injected.");
        }
Ejemplo n.º 2
0
        async void ProcessWatcher_ProcessStarted(object sender, ProcessStartedEventArgument e)
        {
            if (!SuspiciousProcesses.Contains(e.ProcessName))
            {
                return;
            }

            logger.Information($"Injecting keyboard override library into process {e.ProcessName}.");

            var injectedLibraryName = GetInjectedLibraryName();

            string channelName = null;

            RemoteHooking.IpcCreateServer(
                ref channelName,
                WellKnownObjectMode.SingleCall,
                communicator,
                WellKnownSidType.WorldSid);

            const InjectionOptions injectionOptions =
                InjectionOptions.DoNotRequireStrongName &
                InjectionOptions.NoService &
                InjectionOptions.NoWOW64Bypass;

            RemoteHooking.Inject(
                e.ProcessId,
                injectionOptions,
                injectedLibraryName,
                injectedLibraryName,
                channelName);

            logger.Information($"Keyboard override library successfully injected.");
        }
Ejemplo n.º 3
0
        async void ProcessWatcher_ProcessStarted(object sender, ProcessStartedEventArgument e)
        {
            if (!SuspiciousProcesses.Contains(e.ProcessName))
            {
                return;
            }

            logger.Information($"Injecting keyboard override library into process {e.ProcessName}.exe.");

            try
            {
                var injectedLibraryName = GetInjectedLibraryName();

                string channelName = null;
                RemoteHooking.IpcCreateServer(
                    ref channelName,
                    WellKnownObjectMode.SingleCall,
                    communicator,
                    WellKnownSidType.WorldSid);

                const InjectionOptions injectionOptions =
                    InjectionOptions.DoNotRequireStrongName &
                    InjectionOptions.NoService &
                    InjectionOptions.NoWOW64Bypass;

                RemoteHooking.Inject(
                    e.ProcessId,
                    injectionOptions,
                    injectedLibraryName,
                    injectedLibraryName,
                    channelName);

                logger.Information($"Keyboard override library successfully injected.");
            }
            catch (DllNotFoundException ex)
            {
                logger.Error(ex, "Could not load a dependency required for keyboard dominance watching.");
            }
            catch (Exception ex)
            {
                logger.Error(ex, "An error occured while trying to watch for keyboard dominance.");
            }
        }
Ejemplo n.º 4
0
 protected virtual void OnProcessStarted(ProcessStartedEventArgument e)
 {
     ProcessStarted?.Invoke(this, e);
 }