Ejemplo n.º 1
0
        private void PrepareCapture(Process[] processes)
        {
            progress.ProgressUpdate("Preparing capture", 100);

            fileMapping = CreateFileMapping(0xFFFFFFFFu, IntPtr.Zero,
                                            enumProtect.PAGE_READWRITE,
                                            0, (uint)Marshal.SizeOf(typeof(Capture)),
                                            "oSpyCapture");
            if (Marshal.GetLastWin32Error() == ERROR_ALREADY_EXISTS)
            {
                throw new Error("Is another instance of oSpy or one or more processes previously monitored still alive?");
            }

            cfgPtr = MapViewOfFile(fileMapping, enumFileMap.FILE_MAP_WRITE, 0, 0, (uint)Marshal.SizeOf(typeof(Capture)));

            // Create a temporary directory for the capture
            do
            {
                tmpDir = String.Format("{0}{1}", Path.GetTempPath(), Path.GetRandomFileName());
            }while (Directory.Exists(tmpDir));

            Directory.CreateDirectory(tmpDir);

            // Write the temporary directory to shared memory
            char[] tmpDirChars = tmpDir.ToCharArray();
            IntPtr ptr         = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogPath").ToInt64());

            Marshal.Copy(tmpDirChars, 0, ptr, tmpDirChars.Length);

            // And make it NUL-terminated
            Marshal.WriteInt16(ptr, tmpDirChars.Length * Marshal.SizeOf(typeof(UInt16)), 0);

            // Initialize LogIndex and LogSize
            logIndexPtr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogIndex").ToInt64());
            logSizePtr  = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogSize").ToInt64());

            Marshal.WriteInt32(logIndexPtr, 0);
            Marshal.WriteInt32(logSizePtr, 0);

            // Initialize softwall rules
            SoftwallRule[] rules = new SoftwallRule[0];

            Marshal.WriteInt32(cfgPtr, Marshal.OffsetOf(typeof(Capture), "NumSoftwallRules").ToInt32(), rules.Length);

            ptr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "SoftwallRules").ToInt64());
            foreach (SoftwallRule rule in rules)
            {
                Marshal.StructureToPtr(rule, ptr, false);

                ptr = (IntPtr)(ptr.ToInt64() + Marshal.SizeOf(typeof(SoftwallRule)));
            }

            // Copy configuration XML
            string configPath = Path.GetDirectoryName(Process.GetCurrentProcess().MainModule.FileName) + "\\config.xml";

            File.Copy(configPath, String.Format("{0}\\config.xml", tmpDir));
        }
Ejemplo n.º 2
0
        public SoftwallRule[] GetRules()
        {
            DataRowCollection rows = softwallDataSet.Tables[0].Rows;

            List<SoftwallRule> rules = new List<SoftwallRule>(rows.Count);
            foreach (DataRow row in rows)
            {
                SoftwallRule rule = new SoftwallRule();

                rule.conditions = 0;

                object obj = row["ProcessName"];
                if (!(obj is DBNull))
                {
                    rule.conditions |= Manager.SOFTWALL_CONDITION_PROCESS_NAME;
                    rule.process_name = obj as string;
                }

                obj = row["FunctionName"];
                if (!(obj is DBNull))
                {
                    rule.conditions |= Manager.SOFTWALL_CONDITION_FUNCTION_NAME;
                    rule.function_name = obj as string;
                }

                obj = row["ReturnAddress"];
                if (!(obj is DBNull))
                {
                    rule.conditions |= Manager.SOFTWALL_CONDITION_RETURN_ADDRESS;
                    rule.return_address = (UInt32) obj;
                }

                obj = row["LocalAddress"];
                if (!(obj is DBNull))
                {
                    rule.conditions |= Manager.SOFTWALL_CONDITION_LOCAL_ADDRESS;
                    rule.local_address = IPAddrFromStr(obj as string);
                }

                obj = row["LocalPort"];
                if (!(obj is DBNull))
                {
                    rule.conditions |= Manager.SOFTWALL_CONDITION_LOCAL_PORT;
                    rule.local_port = PortToBigEndian((UInt16) obj);
                }

                obj = row["RemoteAddress"];
                if (!(obj is DBNull))
                {
                    rule.conditions |= Manager.SOFTWALL_CONDITION_REMOTE_ADDRESS;
                    rule.remote_address = IPAddrFromStr(obj as string);
                }

                obj = row["RemotePort"];
                if (!(obj is DBNull))
                {
                    rule.conditions |= Manager.SOFTWALL_CONDITION_REMOTE_PORT;
                    rule.remote_port = PortToBigEndian((UInt16) obj);
                }

                rule.retval = (Int32) row["ReturnValue"];
                rule.last_error = (UInt32) row["LastError"];

                rules.Add(rule);
            }

            return rules.ToArray();
        }
Ejemplo n.º 3
0
        public void Run(RemoteHooking.IContext context,
                        string channelName,
                        SoftwallRule[] softwallRules)
        {
            try
            {
                swapBuffersHook = LocalHook.Create(
                    LocalHook.GetProcAddress(gdiDll, "SwapBuffers"),
                    new SwapBuffersHandler(OnSwapBuffers),
                    this);
                mallocHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "malloc"),
                    new MallocHandler(OnMalloc),
                    this);
                callocHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "calloc"),
                    new CallocHandler(OnCalloc),
                    this);
                reallocHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "realloc"),
                    new ReallocHandler(OnRealloc),
                    this);
                freeHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "free"),
                    new FreeHandler(OnFree),
                    this);

                Int32[] excludedThreads = new Int32[] { RemoteHooking.GetCurrentThreadId() };
                foreach (LocalHook hook in new LocalHook[] { swapBuffersHook, mallocHook, callocHook, reallocHook, freeHook })
                {
                    hook.ThreadACL.SetExclusiveACL(excludedThreads);
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }

            RemoteHooking.WakeUpProcess();

            int myPid = RemoteHooking.GetCurrentProcessId();

            try
            {
                manager.Ping(myPid);

                while (true)
                {
                    Thread.Sleep(500);
                    ProcessAllocations();
                    manager.Ping(myPid);
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }

            MessageBox.Show("Terminating", "oHeapAgent", MessageBoxButtons.OK, MessageBoxIcon.Information);
        }
Ejemplo n.º 4
0
        public Controller(RemoteHooking.IContext context,
                          string channelName,
                          SoftwallRule[] softwallRules)
        {
            string url = "ipc://" + channelName + "/" + channelName;
            manager = Activator.GetObject(typeof(IManager), url) as IManager;
            eventCoordinator = new EventCoordinator();

            levelTlsKey = TlsAlloc();
        }
Ejemplo n.º 5
0
        private void PrepareCapture(Process[] processes)
        {
            progress.ProgressUpdate("Preparing capture", 100);

            fileMapping = CreateFileMapping(0xFFFFFFFFu, IntPtr.Zero,
                                            enumProtect.PAGE_READWRITE,
                                            0, (uint)Marshal.SizeOf(typeof(Capture)),
                                            "oSpyCapture");
            if (Marshal.GetLastWin32Error() == ERROR_ALREADY_EXISTS)
                throw new Error("Is another instance of oSpy or one or more processes previously monitored still alive?");

            cfgPtr = MapViewOfFile(fileMapping, enumFileMap.FILE_MAP_WRITE, 0, 0, (uint)Marshal.SizeOf(typeof(Capture)));

            // Create a temporary directory for the capture
            do
            {
                tmpDir = String.Format("{0}{1}", Path.GetTempPath(), Path.GetRandomFileName());
            }
            while (Directory.Exists(tmpDir));

            Directory.CreateDirectory(tmpDir);

            // Write the temporary directory to shared memory
            char[] tmpDirChars = tmpDir.ToCharArray();
            IntPtr ptr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogPath").ToInt64());
            Marshal.Copy(tmpDirChars, 0, ptr, tmpDirChars.Length);

            // And make it NUL-terminated
            Marshal.WriteInt16(ptr, tmpDirChars.Length * Marshal.SizeOf(typeof(UInt16)), 0);

            // Initialize LogIndex and LogSize
            logIndexPtr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogIndex").ToInt64());
            logSizePtr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogSize").ToInt64());

            Marshal.WriteInt32(logIndexPtr, 0);
            Marshal.WriteInt32(logSizePtr, 0);

            // Initialize softwall rules
            SoftwallRule[] rules = new SoftwallRule[0];

            Marshal.WriteInt32(cfgPtr, Marshal.OffsetOf(typeof(Capture), "NumSoftwallRules").ToInt32(), rules.Length);

            ptr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "SoftwallRules").ToInt64());
            foreach (SoftwallRule rule in rules)
            {
                Marshal.StructureToPtr(rule, ptr, false);

                ptr = (IntPtr)(ptr.ToInt64() + Marshal.SizeOf(typeof(SoftwallRule)));
            }

            // Copy configuration XML
            string configPath = Path.GetDirectoryName(Process.GetCurrentProcess().MainModule.FileName) + "\\config.xml";
            File.Copy(configPath, String.Format("{0}\\config.xml", tmpDir));
        }