private void PrepareCapture(Process[] processes)
{
progress.ProgressUpdate("Preparing capture", 100);
fileMapping = CreateFileMapping(0xFFFFFFFFu, IntPtr.Zero,
enumProtect.PAGE_READWRITE,
0, (uint)Marshal.SizeOf(typeof(Capture)),
"oSpyCapture");
if (Marshal.GetLastWin32Error() == ERROR_ALREADY_EXISTS)
{
throw new Error("Is another instance of oSpy or one or more processes previously monitored still alive?");
}
cfgPtr = MapViewOfFile(fileMapping, enumFileMap.FILE_MAP_WRITE, 0, 0, (uint)Marshal.SizeOf(typeof(Capture)));
// Create a temporary directory for the capture
do
{
tmpDir = String.Format("{0}{1}", Path.GetTempPath(), Path.GetRandomFileName());
}while (Directory.Exists(tmpDir));
Directory.CreateDirectory(tmpDir);
// Write the temporary directory to shared memory
char[] tmpDirChars = tmpDir.ToCharArray();
IntPtr ptr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogPath").ToInt64());
Marshal.Copy(tmpDirChars, 0, ptr, tmpDirChars.Length);
// And make it NUL-terminated
Marshal.WriteInt16(ptr, tmpDirChars.Length * Marshal.SizeOf(typeof(UInt16)), 0);
// Initialize LogIndex and LogSize
logIndexPtr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogIndex").ToInt64());
logSizePtr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogSize").ToInt64());
Marshal.WriteInt32(logIndexPtr, 0);
Marshal.WriteInt32(logSizePtr, 0);
// Initialize softwall rules
SoftwallRule[] rules = new SoftwallRule[0];
Marshal.WriteInt32(cfgPtr, Marshal.OffsetOf(typeof(Capture), "NumSoftwallRules").ToInt32(), rules.Length);
ptr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "SoftwallRules").ToInt64());
foreach (SoftwallRule rule in rules)
{
Marshal.StructureToPtr(rule, ptr, false);
ptr = (IntPtr)(ptr.ToInt64() + Marshal.SizeOf(typeof(SoftwallRule)));
}
// Copy configuration XML
string configPath = Path.GetDirectoryName(Process.GetCurrentProcess().MainModule.FileName) + "\\config.xml";
File.Copy(configPath, String.Format("{0}\\config.xml", tmpDir));
}
public SoftwallRule[] GetRules()
{
DataRowCollection rows = softwallDataSet.Tables[0].Rows;
List<SoftwallRule> rules = new List<SoftwallRule>(rows.Count);
foreach (DataRow row in rows)
{
SoftwallRule rule = new SoftwallRule();
rule.conditions = 0;
object obj = row["ProcessName"];
if (!(obj is DBNull))
{
rule.conditions |= Manager.SOFTWALL_CONDITION_PROCESS_NAME;
rule.process_name = obj as string;
}
obj = row["FunctionName"];
if (!(obj is DBNull))
{
rule.conditions |= Manager.SOFTWALL_CONDITION_FUNCTION_NAME;
rule.function_name = obj as string;
}
obj = row["ReturnAddress"];
if (!(obj is DBNull))
{
rule.conditions |= Manager.SOFTWALL_CONDITION_RETURN_ADDRESS;
rule.return_address = (UInt32) obj;
}
obj = row["LocalAddress"];
if (!(obj is DBNull))
{
rule.conditions |= Manager.SOFTWALL_CONDITION_LOCAL_ADDRESS;
rule.local_address = IPAddrFromStr(obj as string);
}
obj = row["LocalPort"];
if (!(obj is DBNull))
{
rule.conditions |= Manager.SOFTWALL_CONDITION_LOCAL_PORT;
rule.local_port = PortToBigEndian((UInt16) obj);
}
obj = row["RemoteAddress"];
if (!(obj is DBNull))
{
rule.conditions |= Manager.SOFTWALL_CONDITION_REMOTE_ADDRESS;
rule.remote_address = IPAddrFromStr(obj as string);
}
obj = row["RemotePort"];
if (!(obj is DBNull))
{
rule.conditions |= Manager.SOFTWALL_CONDITION_REMOTE_PORT;
rule.remote_port = PortToBigEndian((UInt16) obj);
}
rule.retval = (Int32) row["ReturnValue"];
rule.last_error = (UInt32) row["LastError"];
rules.Add(rule);
}
return rules.ToArray();
}
public void Run(RemoteHooking.IContext context,
string channelName,
SoftwallRule[] softwallRules)
{
try
{
swapBuffersHook = LocalHook.Create(
LocalHook.GetProcAddress(gdiDll, "SwapBuffers"),
new SwapBuffersHandler(OnSwapBuffers),
this);
mallocHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "malloc"),
new MallocHandler(OnMalloc),
this);
callocHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "calloc"),
new CallocHandler(OnCalloc),
this);
reallocHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "realloc"),
new ReallocHandler(OnRealloc),
this);
freeHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "free"),
new FreeHandler(OnFree),
this);
Int32[] excludedThreads = new Int32[] { RemoteHooking.GetCurrentThreadId() };
foreach (LocalHook hook in new LocalHook[] { swapBuffersHook, mallocHook, callocHook, reallocHook, freeHook })
{
hook.ThreadACL.SetExclusiveACL(excludedThreads);
}
}
catch (Exception ex)
{
MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
RemoteHooking.WakeUpProcess();
int myPid = RemoteHooking.GetCurrentProcessId();
try
{
manager.Ping(myPid);
while (true)
{
Thread.Sleep(500);
ProcessAllocations();
manager.Ping(myPid);
}
}
catch (Exception ex)
{
MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
MessageBox.Show("Terminating", "oHeapAgent", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
public Controller(RemoteHooking.IContext context,
string channelName,
SoftwallRule[] softwallRules)
{
string url = "ipc://" + channelName + "/" + channelName;
manager = Activator.GetObject(typeof(IManager), url) as IManager;
eventCoordinator = new EventCoordinator();
levelTlsKey = TlsAlloc();
}
private void PrepareCapture(Process[] processes)
{
progress.ProgressUpdate("Preparing capture", 100);
fileMapping = CreateFileMapping(0xFFFFFFFFu, IntPtr.Zero,
enumProtect.PAGE_READWRITE,
0, (uint)Marshal.SizeOf(typeof(Capture)),
"oSpyCapture");
if (Marshal.GetLastWin32Error() == ERROR_ALREADY_EXISTS)
throw new Error("Is another instance of oSpy or one or more processes previously monitored still alive?");
cfgPtr = MapViewOfFile(fileMapping, enumFileMap.FILE_MAP_WRITE, 0, 0, (uint)Marshal.SizeOf(typeof(Capture)));
// Create a temporary directory for the capture
do
{
tmpDir = String.Format("{0}{1}", Path.GetTempPath(), Path.GetRandomFileName());
}
while (Directory.Exists(tmpDir));
Directory.CreateDirectory(tmpDir);
// Write the temporary directory to shared memory
char[] tmpDirChars = tmpDir.ToCharArray();
IntPtr ptr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogPath").ToInt64());
Marshal.Copy(tmpDirChars, 0, ptr, tmpDirChars.Length);
// And make it NUL-terminated
Marshal.WriteInt16(ptr, tmpDirChars.Length * Marshal.SizeOf(typeof(UInt16)), 0);
// Initialize LogIndex and LogSize
logIndexPtr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogIndex").ToInt64());
logSizePtr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "LogSize").ToInt64());
Marshal.WriteInt32(logIndexPtr, 0);
Marshal.WriteInt32(logSizePtr, 0);
// Initialize softwall rules
SoftwallRule[] rules = new SoftwallRule[0];
Marshal.WriteInt32(cfgPtr, Marshal.OffsetOf(typeof(Capture), "NumSoftwallRules").ToInt32(), rules.Length);
ptr = (IntPtr)(cfgPtr.ToInt64() + Marshal.OffsetOf(typeof(Capture), "SoftwallRules").ToInt64());
foreach (SoftwallRule rule in rules)
{
Marshal.StructureToPtr(rule, ptr, false);
ptr = (IntPtr)(ptr.ToInt64() + Marshal.SizeOf(typeof(SoftwallRule)));
}
// Copy configuration XML
string configPath = Path.GetDirectoryName(Process.GetCurrentProcess().MainModule.FileName) + "\\config.xml";
File.Copy(configPath, String.Format("{0}\\config.xml", tmpDir));
}
