private void StubForm_FormClosing(object sender, FormClosingEventArgs e)
{
if (!ProcessWatch.CloseTarget(false))
{
e.Cancel = true;
}
}
private void BtnRefreshDomains_Click(object sender, EventArgs e)
{
if (VanguardCore.vanguardConnected)
{
ProcessWatch.UpdateDomains();
}
}
private void btnRehook_Click(object sender, EventArgs e)
{
string currentTarget = S.GET <StubForm>().tbAutoAttach.Text;
try
{
ProcessWatch.CloseTarget();
Thread.Sleep(2000); //Give the process 2 seconds
var inProcesses = Process.GetProcesses();
var listProcesses = new List <Process>(inProcesses);
Process p = listProcesses.FirstOrDefault(it => it.ProcessName == currentTarget);
//fetch new process here
if (p == null)
{
return;
}
//re-hook
ProcessWatch.LoadTarget(p);
}
catch (Exception ex)
{
MessageBox.Show($"Failed to Re-hook process {currentTarget}\n\n{ex}");
}
}
private void BtnReleaseTarget_Click(object sender, EventArgs e)
{
if (!ProcessWatch.CloseTarget())
{
return;
}
DisableTargetInterface();
}
private void BtnTargetSettings_MouseDown(object sender, MouseEventArgs e)
{
if (e.Button == MouseButtons.Left)
{
Control c = (Control)sender;
Point locate = new Point(c.Location.X + e.Location.X, ((Control)sender).Location.Y + e.Location.Y);
ContextMenuStrip columnsMenu = new ContextMenuStrip();
((ToolStripMenuItem)columnsMenu.Items.Add("Use AutoHook", null, (ob, ev) =>
{
ProcessWatch.AutoHookTimer.Enabled = !ProcessWatch.AutoHookTimer.Enabled;
tbAutoAttach.Enabled = ProcessWatch.AutoHookTimer.Enabled;
})).Checked = ProcessWatch.AutoHookTimer.Enabled;
((ToolStripMenuItem)columnsMenu.Items.Add("Use Filtering", null, (ob, ev) =>
{
ProcessWatch.UseFiltering = !ProcessWatch.UseFiltering;
Params.SetParam("USEFILTERING", ProcessWatch.UseFiltering.ToString());
if (VanguardCore.vanguardConnected)
{
ProcessWatch.UpdateDomains();
}
})).Checked = ProcessWatch.UseFiltering;
/*
* ((ToolStripMenuItem)columnsMenu.Items.Add("Use Exception Handler Override", null, (ob, ev) =>
* {
*
* ProcessWatch.UseExceptionHandler = !ProcessWatch.UseExceptionHandler;
* Params.SetParam("USEEXCEPTIONHANDLER", ProcessWatch.UseExceptionHandler.ToString());
*
*
* })).Checked = ProcessWatch.UseExceptionHandler;
*/
((ToolStripMenuItem)columnsMenu.Items.Add("Use Blacklist", null, (ob, ev) =>
{
ProcessWatch.UseBlacklist = !ProcessWatch.UseBlacklist;
Params.SetParam("USEBLACKLIST", ProcessWatch.UseBlacklist.ToString());
})).Checked = ProcessWatch.UseBlacklist;
((ToolStripMenuItem)columnsMenu.Items.Add("Suspend Process on Corrupt", null, (ob, ev) =>
{
ProcessWatch.SuspendProcess = !ProcessWatch.SuspendProcess;
Params.SetParam("SUSPENDPROCESS", ProcessWatch.SuspendProcess.ToString());
})).Checked = ProcessWatch.SuspendProcess;
columnsMenu.Items.Add(new ToolStripSeparator());
columnsMenu.Items.Add("Select Memory Protection Modes to Corrupt", null, (ob, ev) =>
{
S.GET <MemoryProtectionSelector>().ShowDialog();
});
columnsMenu.Show(this, locate);
}
}
private void StubForm_Load(object sender, EventArgs e)
{
Colors.SetRTCColor(Color.FromArgb(149, 120, 161), this);
tbFilterText.DeselectAll();
tbAutoAttach.DeselectAll();
Focus();
ProcessWatch.Start();
}
private void BtnBrowseTarget_Click(object sender, EventArgs e)
{
if (!ProcessWatch.LoadTarget())
{
return;
}
if (!VanguardCore.vanguardConnected)
{
VanguardCore.Start();
}
EnableTargetInterface();
}
private void HookProcessForm_Load(object sender, EventArgs e)
{
Colors.SetRTCColor(Color.FromArgb(149, 120, 161), this);
lvProcesses.Columns.Add("Process", lvProcesses.Width - 20);
var inProcesses = Process.GetProcesses();
lvProcesses.SmallImageList = ProcessWatch.ProcessIcons;
lvProcesses.HeaderStyle = ColumnHeaderStyle.None;
Bitmap emptybmp = new Bitmap(32, 32);
using (Graphics gr = Graphics.FromImage(emptybmp))
{
gr.Clear(Color.Transparent);
}
foreach (var process in inProcesses.OrderBy(it => $"{it.ProcessName}:{it.Id}"))
{
try
{
if (!ProcessWatch.IsExecutableNameBlacklisted(process.ProcessName))
{
if (!ProcessWatch.ProcessIcons.Images.ContainsKey(process.ProcessName))
{
var icon = process.GetIcon();
if (icon == null)
{
ProcessWatch.ProcessIcons.Images.Add(process.ProcessName, emptybmp);
}
else
{
ProcessWatch.ProcessIcons.Images.Add(process.ProcessName, icon);
}
}
lvProcesses.Items.Add(new ListViewItem($"{process.ProcessName} : {process.Id}", process.ProcessName)
{
Tag = process
});
}
}
catch (Win32Exception ex)
{
var name = process?.ProcessName ?? "UNKNOWN";
Console.WriteLine($"Couldn't access process {name}. Error {ex.Message}");
}
}
}
public void EnableTargetInterface()
{
var diff = lbTarget.Location.X - btnBrowseTarget.Location.X;
originalLbTargetLocation = lbTarget.Location;
lbTarget.Location = btnBrowseTarget.Location;
lbTarget.Visible = true;
btnBrowseTarget.Visible = false;
originalLbTargetSize = lbTarget.Size;
lbTarget.Size = new Size(lbTarget.Size.Width + diff, lbTarget.Size.Height);
btnUnloadTarget.Visible = true;
btnRefreshDomains.Visible = true;
ProcessWatch.EnableInterface();
}
private void MemoryProtectionSelector_Closing(object sender, FormClosingEventArgs e)
{
if (!tablePanel.Controls.Cast <CheckBox>().Any(item => item.Checked))
{
e.Cancel = true;
MessageBox.Show("Select at least one type of memory protection");
return;
}
ProcessExtensions.MemProtection a = ProcessExtensions.MemProtection.Memory_ZeroAccess;
foreach (CheckBox cb in tablePanel.Controls.Cast <CheckBox>().Where(item => item.Checked))
{
a = a | (ProcessExtensions.MemProtection)Enum.Parse(typeof(ProcessExtensions.MemProtection), cb.Text);
}
ProcessWatch.ProtectMode = a;
Params.SetParam("PROTECTIONMODE", ((uint)a).ToString());
ProcessWatch.UpdateDomains();
}
private void btnSendList_Click(object sender, EventArgs e)
{
if (lvProcesses.SelectedItems.Count == 0)
{
MessageBox.Show("There's no process selected");
return;
}
RequestedProcess = (Process)lvProcesses.SelectedItems[0].Tag;
var name = RequestedProcess?.ProcessName ?? "UNKNOWN";
try
{
if (RequestedProcess?.HasExited ?? true)
{
MessageBox.Show($"Couldn't access process {name}. The process has already exited");
RequestedProcess = null;
DialogResult = DialogResult.Abort;
Close();
}
if (ProcessWatch.IsProcessBlacklisted(RequestedProcess))
{
MessageBox.Show($"Couldn't access process {name}. The process is blacklisted!");
RequestedProcess = null;
DialogResult = DialogResult.Abort;
Close();
}
}
catch (Win32Exception ex)
{
MessageBox.Show($"Couldn't access process {name}. Error {ex.Message}");
RequestedProcess = null;
DialogResult = DialogResult.Abort;
Close();
}
DialogResult = DialogResult.OK;
Close();
}