private bool HookProcess(string proccessName) { NktProcessesEnum enumProcess = _spyMgr.Processes(); NktProcess tempProcess = enumProcess.First(); while (tempProcess != null) { if (tempProcess.Name.Equals(proccessName, StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits > 0 && tempProcess.PlatformBits <= IntPtr.Size * 8) { _process = tempProcess; NktModule module = _process.ModuleByName("mshtml.dll"); if (module != null) { IntPtr EA = (IntPtr) new IntPtr(module.BaseAddress.ToInt32() + _RVA.ToInt32()); NktHook hook = _spyMgr.CreateHookForAddress(EA, "mshtml.dll!CStyleSheet::Notify", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable | eNktHookFlags.flgOnlyPreCall | eNktHookFlags.flgDontCheckAddress)); hook.Attach(_process, true); hook.Hook(true); } } tempProcess = enumProcess.Next(); } _process = null; return(false); }
private void Form1_Load(object sender, EventArgs e) { NktHook hook = _spyMgr.CreateHook("WINMM.dll!timeGetTime", (int)(eNktHookFlags.flgOnlyPostCall)); hook.Hook(true); bool bProcessFound = false; NktProcessesEnum enumProcess = _spyMgr.Processes(); NktProcess tempProcess = enumProcess.First(); while (tempProcess != null) { if (tempProcess.Name.Equals("iexplore.exe", StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits == 32) { hook.Attach(tempProcess, true); bProcessFound = true; } tempProcess = enumProcess.Next(); } if (!bProcessFound) { MessageBox.Show("Please run \"iexplore.exe\" before!", "Error"); Environment.Exit(0); } }
public void FindSqlService() { NktProcessesEnum pEnum = _spyMgr.Processes(); _sqlServerProcess = pEnum.GetByName("sqlservr.exe"); if (_sqlServerProcess == null) { throw new SqlServiceNotFoundException(); } }
private NktProcess GetProcess(string proccessName) { NktProcessesEnum enumProcess = _spyMgr.Processes(); NktProcess tempProcess = enumProcess.First(); while (tempProcess != null) { if (tempProcess.Name.Equals(proccessName, StringComparison.InvariantCultureIgnoreCase)) { return(tempProcess); } tempProcess = enumProcess.Next(); } return(null); }
public bool HookProcess(string proccessName) { NktProcessesEnum enumProcess = spyMgr.Processes(); NktProcess tempProcess = enumProcess.First(); while (tempProcess != null) { if (tempProcess.Name.Equals(proccessName, StringComparison.InvariantCultureIgnoreCase)) { Console.WriteLine("Found process {0}", proccessName); return(HookProcess(tempProcess)); } tempProcess = enumProcess.Next(); } return(false); }
private bool GetProcess(string proccessName) { NktProcessesEnum enumProcess = _spyMgr.Processes(); NktProcess tempProcess = enumProcess.First(); while (tempProcess != null) { if (tempProcess.Name.Equals(proccessName, StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits > 0 && tempProcess.PlatformBits <= IntPtr.Size * 8) { _process = tempProcess; return(true); } tempProcess = enumProcess.Next(); } _process = null; return(false); }
public void Hook(bool use_deviare_custom_hook_plugin) { this._use_deviare_custom_hook_plugin = use_deviare_custom_hook_plugin; string[] functions = { "kernel32.dll!MapViewOfFile" }; Nektra.Deviare2.eNktHookFlags flags = 0; flags |= eNktHookFlags.flgAutoHookChildProcess; flags |= eNktHookFlags.flgOnlyPostCall; if (_use_deviare_custom_hook_plugin) { flags |= eNktHookFlags.flgAsyncCallbacks; } foreach (var function in functions) { NktHook a_hook = this._spyMgr.CreateHook(function, (int)flags); if (this._use_deviare_custom_hook_plugin) { a_hook.AddCustomHandler(this._custom_handler_path, (int)Nektra.Deviare2.eNktHookCustomHandlerFlags.flgChDontCallIfLoaderLocked); } a_hook.Hook(true); hooks.Add(a_hook); } NktProcessesEnum processes = this._spyMgr.Processes(); NktProcess process = processes.First(); while (process != null) { if (process.Name.Equals("notepad.exe", StringComparison.InvariantCultureIgnoreCase)) { foreach (var hook in hooks) { hook.Attach(process, true); } } Debug.WriteLine(String.Format("process.Name = {0} process.PlatformBits = {1}", process.Name, process.PlatformBits)); process = processes.Next(); } }
private bool GetProcess(string proccessName) { NktProcessesEnum enumProcess = _spyMgr.Processes(); NktProcess tempProcess = enumProcess.First(); while (tempProcess != null) { //Console.Out.WriteLine(tempProcess.Name); if (tempProcess.Name.Contains(proccessName) && tempProcess.PlatformBits > 0 && tempProcess.PlatformBits <= IntPtr.Size * 8) { _process = tempProcess; return(true); } tempProcess = enumProcess.Next(); } _process = null; return(false); }
public static NktProcess[] CollectAll(this NktProcessesEnum aProcessesEnumerator) { return(NktEnumExtensions.CollectAll(() => aProcessesEnumerator.Count, index => aProcessesEnumerator.GetAt(index))); }