C# (CSharp) AbstractHookDescription Examples

Programming Language: C# (CSharp)

Examples at hotexamples.com: 3

C# (CSharp) AbstractHookDescription - 3 examples found. These are the top rated real world C# (CSharp) examples of AbstractHookDescription extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

extractBufferAsString(2)

Example #1

Show file

        // this is where we are intercepting all file accesses!
        private UInt32 ZwReadFile_Hooked(IntPtr FileHandle, IntPtr Event, IntPtr ApcRoutine, IntPtr ApcContext, IntPtr IoStatusBlock, IntPtr Buffer, Int32 Length, IntPtr ByteOffset, IntPtr Key)
        {
            preprocessHook();

            UInt32 result = NtDllSupport.ZwReadFile(FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, Buffer, Length, ByteOffset, Key);

            if (result == NtDllSupport.STATUS_SUCCESS)
            {
                int bytes_read = 0;
                unsafe {
                    NtDllSupport.IO_STATUS_BLOCK *io_status_block = (NtDllSupport.IO_STATUS_BLOCK *)IoStatusBlock.ToPointer();
                    bytes_read = io_status_block->Information;
                }
                string buffer = AbstractHookDescription.extractBufferAsString(Buffer, bytes_read > BUFFER_LIMIT ? BUFFER_LIMIT : bytes_read);

                TransferUnit transfer_unit = createTransferUnit();
                transfer_unit["FileHandle"] = FileHandle.ToInt32();
                transfer_unit["buffer"]     = buffer;
                transfer_unit["BytesRead"]  = bytes_read;

                makeCallBack(transfer_unit);
            }

            return(result);
        }

Example #2

Show file

        // this is where we are intercepting all file accesses!
        public int WSASend_Hooked(IntPtr socket_handle, IntPtr lpBuffers, Int32 dwBufferCount, ref Int32 lpNumberOfBytesSent, int flags, IntPtr lpOverlapped, IntPtr lpCompletionRoutine)
        {
            preprocessHook();

            WS2_32Support.WSABUF[] buffers = new WS2_32Support.WSABUF[dwBufferCount];
            unsafe {
                WS2_32Support.WSABUF *lpbuffer = (WS2_32Support.WSABUF *)lpBuffers.ToPointer();
                for (int i = 0; i < dwBufferCount; i++)
                {
                    buffers[i] = lpbuffer[i];
                }
            }
            string z = "";

            for (int i = 0; i < dwBufferCount; i++)
            {
                z += AbstractHookDescription.extractBufferAsString(buffers[i].buf, (int)(buffers[i].len < BUFFER_SAMPLE_LENGTH ? buffers[i].len : buffers[i].len));
            }
            z.Replace("\r\n", " ");
            //Console.WriteLine(z);
            Console.WriteLine("ws2_32.WSASend intercepted");
            Func <int, string, string> gen = null;

            gen = (num, symb) => num == 0 ? "" : gen(num - 1, symb) + symb;
            //Console.WriteLine(gen(10, "<") + gen(10, ">"));

            TransferUnit transfer_unit = createTransferUnit();

            transfer_unit[Color.Handle] = socket_handle.ToInt32();
            transfer_unit[Color.Buffer] = z;

            //call original API
            int result = WS2_32Support.WSASend(socket_handle, lpBuffers, dwBufferCount, ref lpNumberOfBytesSent, flags, lpOverlapped, lpCompletionRoutine);

            if (result != WS2_32Support.SOCKET_ERROR)
            {
                makeCallBack(transfer_unit);
            }
            return(result);
        }

Example #3

Show file

File: ApiPlace.cs Project: pandyer/APIMon

 public ApiPlace(AbstractHookDescription hd) : this(hd.api_full_name)
 {
 }