private void lvwProcesses_MouseDoubleClick(object sender, EventArgs e)
{
ListView.SelectedListViewItemCollection itemCollection = lvwProcesses.SelectedItems;
if (itemCollection.Count == 0)
{
return; // No item selected
}
var pid = itemCollection[0].SubItems[1].Text;
Process target = _procInfos.First(p => p.Process.Id == Convert.ToInt32(pid)).Process;
string err;
Inject.DoInject(target, Settings.DLL, out err);
if (err != "")
{
MessageBox.Show(err);
}
else
{
Settings.LastProcessInjected = target.ProcessName;
DllCommunication.SetTargetPid(target.Id);
DllCommunication.StartPacketReaderMMF();
Program.mainForm.Text = "OSPE - PID: " + target.Id + " - " + target.ProcessName;
Program.mainForm.processInyectedId = target.Id;
Program.mainForm.ActionStartStopFiltering(false);
Program.mainForm.ActionStopCapture();
Program.mainForm.ActionStartStopScript(false);
Close();
}
}
private void PauseCapture()
{
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_STOPCAPTURE);
PacketManager.StopCapture();
_isCapturing = false;
_isPaused = true;
}
private void StartCapture()
{
if (!_isPaused)
{
ClearPacketLists();
}
_isPaused = false;
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_STARTCAPTURE);
PacketManager.StartCapture();
_isCapturing = true;
}
/// <summary>
/// Injects the last process created (with higher StartTime) which has the same name of the latest injected process (using Select Process)
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void InjectLastProcess()
{
if (!CheckDllFile() || Settings.LastProcessInjected == "")
{
return;
}
var procs = Process.GetProcessesByName(Settings.LastProcessInjected);
if (procs.Length == 0)
{
return;
}
var lastProc = procs[0];
for (int i = 1; i < procs.Length; i++)
{
if (procs[i - 1].StartTime.CompareTo(procs[i].StartTime) < 0)
{
lastProc = procs[i];
}
}
string err;
Inject.DoInject(lastProc, Settings.DLL, out err);
if (err != "")
{
MessageBox.Show(err);
}
else
{
DllCommunication.SetTargetPid(lastProc.Id);
DllCommunication.StartPacketReaderMMF();
this.Text = "OSPE - PID: " + lastProc.Id + " - " + lastProc.ProcessName;
this.processInyectedId = lastProc.Id;
ActionStartStopFiltering(false);
ActionStopCapture();
ActionStartStopScript(false);
}
}
public static void PacketReceived(PacketInfo packetInfo, ref byte[] data /*, ref ServerCommand serverResponse*/)
{
Packet.Directions direction;
int ID;
TotalSize += packetInfo.Size;
switch (packetInfo.FunctionID)
{
case Functions.CODE_RECV:
case Functions.CODE_RECVFROM:
case Functions.CODE_WS2RECV:
case Functions.CODE_WS2RECVFROM:
case Functions.CODE_WSARECV:
case Functions.CODE_WSARECVFROM:
case Functions.CODE_PR_RECV:
case Functions.CODE_PR_READ:
case Functions.CODE_SSLDECRYPTPACKET:
case Functions.CODE_DECRYPTMESSAGE:
case Functions.CODE_SSL_READ:
direction = Packet.Directions.In;
TotalSizeReceived += packetInfo.Size;
break;
case Functions.CODE_SEND:
case Functions.CODE_SENDTO:
case Functions.CODE_WS2SEND:
case Functions.CODE_WS2SENDTO:
case Functions.CODE_WSASEND:
case Functions.CODE_WSASENDTO:
case Functions.CODE_PR_SEND:
case Functions.CODE_PR_WRITE:
case Functions.CODE_SSLENCRYPTPACKET:
case Functions.CODE_ENCRYPTMESSAGE:
case Functions.CODE_SSL_WRITE:
direction = Packet.Directions.Out;
TotalSizeSent += packetInfo.Size;
break;
default:
throw new IndexOutOfRangeException();
}
var functionFlag = FilterManager.GetFilterActionFlagForFunction(packetInfo.FunctionID);
// If a matching breakpoint type filter is active, we open a new window to edit the data
if (IsFilteringActived && FilterManager.CheckPacketBreak(data, packetInfo.Size, functionFlag))
{
var pckt = new Packet(packetInfo.FunctionID, packetInfo.SocketId, packetInfo.LocalIp, packetInfo.LocalPort, packetInfo.RemoteIp, packetInfo.RemotePort, data, direction);
var showPacketForm = new ShowPacketForm(0, pckt, true);
showPacketForm.ShowDialog();
if (showPacketForm.DialogResult == System.Windows.Forms.DialogResult.OK)
{
data = showPacketForm.NewPacketData;
packetInfo.Size = showPacketForm.NewPacketSize;
}
// Send the new data to the DLL
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_SETPACKET, data, packetInfo.Size);
}
if (!IsCaptureEnabled) // Capture disabled, return
{
return;
}
// Don't log Functions, Ips, or Ports that are not activated in the program's settings menu
if (!LogFunctions.HasFlag(FilterManager.GetFilterActionFlagForFunction(packetInfo.FunctionID)))
{
return;
}
if ((Settings.LocalIpChecked && packetInfo.LocalIp != (uint)Settings.LocalIp) ||
(Settings.LocalPortChecked && packetInfo.LocalPort != Settings.LocalPort) ||
(Settings.RemoteIpChecked && packetInfo.RemoteIp != (uint)Settings.RemoteIp) ||
(Settings.RemotePortChecked && packetInfo.RemotePort != Settings.RemotePort))
{
return;
}
IsModifiedList = true;
var packet = new Packet(packetInfo.FunctionID, packetInfo.SocketId, packetInfo.LocalIp, packetInfo.LocalPort, packetInfo.RemoteIp, packetInfo.RemotePort, data, direction);
lock (LockingVar)
{
ID = PacketList.Count;
PacketList.Add(packet);
Program.mainForm.AddPacket(packet);
}
if (IsFilteringActived && FilterManager.CheckPacketWatch(data, packetInfo.Size, functionFlag))
{
Watch.Add(ID);
}
// Don't log ignored packets
if (IsFilteringActived && FilterManager.CheckPacketIgnore(data, packetInfo.Size, functionFlag))
{
return;
}
Both.Add(ID);
switch (direction)
{
case Packet.Directions.In:
Received.Add(ID);
break;
case Packet.Directions.Out:
Sent.Add(ID);
break;
}
SmartRefresh();
}
private void StopScript()
{
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_UNLOADDLLEX);
_isScriptActive = false;
}
private void StartScript()
{
InjectDllEx();
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_LOADDLLEX);
_isScriptActive = true;
}
private void StopFiltering()
{
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_STOPFILTERING);
PacketManager.StopFiltering();
_isFiltering = false;
}
private void StartFiltering()
{
DllCommunication.WriteCommandToCmdMMF(ServerCodes.SCODE_STARTFILTERING);
PacketManager.StartFiltering();
_isFiltering = true;
}