//NativeHooksLoader t1clr = new NativeHooksLoader();
public Main(RemoteHooking.IContext InContext, MessageFromInjector message)
{
ConsolePrinter.writeMessage("Console allocated");
//AssemblyName an = AssemblyName.GetAssemblyName("z:\\HookingProjects\\APIMonitoring\\Debug\\AlmostNativeHooks.dll");
//AssemblyName an_1 = AssemblyName.GetAssemblyName("z:\\HookingProjects\\APIMonitoring\\Debug\\msvcm90d.dll");
//System.Reflection.Assembly.Load(an_1);
//assembly_1=System.Reflection.Assembly.Load(an);
tu_sender = new TransferUnitSender_New(message.channel_name);
}
/// <summary>
/// This method sets inclusive mask for thread interception if list of threads to intercept provided.
/// Otherwise it sets mask to intercept all.
/// </summary>
/// <param name="message">Message from injector that might contain list of threads to intercept</param>
private void maskThreadsToIntercept(MessageFromInjector message)
{
if (message.thread_ids != null)
{
LocalHook.GlobalThreadACL.SetInclusiveACL(message.thread_ids);
}
else
{
ConsolePrinter.writeMessage("No threads to mask");
LocalHook.GlobalThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
}
public void injectLibrary(Process p, int TID)
{
MessageFromInjector message = new MessageFromInjector();
message.channel_name = ChannelName;
List <int> thread_ids = new List <int>();
foreach (ProcessThread t in p.Threads)
{
thread_ids.Add(t.Id);
}
message.thread_ids = thread_ids.ToArray();
RemoteHooking.Inject(p.Id, (Int32)TID, "APIMonInject.dll", null, message);
}
private void injectLibraryAsService(Process p, string library_location)
{
MessageFromInjector message = new MessageFromInjector();
message.channel_name = ChannelName;
List <int> thread_ids = new List <int>();
foreach (ProcessThread t in p.Threads)
{
thread_ids.Add(t.Id);
}
message.thread_ids = thread_ids.ToArray();
Console.WriteLine("Injecting through service");
RemoteHooking.ExecuteAsService <RemoteHooking>("Inject", new Object[] { p.Id, library_location, null, message });
}
///// <summary>
///// Starts process and injects library with redirection of standard input, output and error to handles provided
///// </summary>
///// <param name="what_to_start"></param>
///// <param name="command_line_parameters"></param>
///// <returns>process ID of newly created process</returns>
//public Process startProcessAndInject(string what_to_start, string command_line_parameters, IntPtr stdIn, IntPtr stdOut, IntPtr stdErr)
//{
// int process_id;
// MessageFromInjector message = new MessageFromInjector();
// message.channel_name = ChannelName;
// RemoteHooking.CreateAndInjectEx(what_to_start, command_line_parameters, getMainModuleDirectory() + "APIMonInject.dll", null, out process_id,
// stdIn, stdOut, stdErr, message);
// return System.Diagnostics.Process.GetProcessById(process_id);
//}
/// <summary>
/// Starts process and injects library
/// </summary>
/// <param name="what_to_start"></param>
/// <param name="command_line_parameters"></param>
/// <returns>process ID of newly created process</returns>
public Process startProcessAndInject(ProgramStartDescription tp)
{
int process_id;
MessageFromInjector message = new MessageFromInjector();
message.channel_name = ChannelName;
RemoteHooking.CreateAndInject(tp.image_path, tp.command_line, (int)AliasProcessCreationFlags.CREATE_NEW_CONSOLE, getMainModuleDirectory() + "APIMonInject.dll", null, out process_id, message);
return(System.Diagnostics.Process.GetProcessById(process_id));
//Process notePad = new Process();
//notePad.StartInfo.FileName = tp.image_path;
//notePad.StartInfo.Arguments = tp.command_line;
//notePad.Start();
//return notePad;
}
public void Run(RemoteHooking.IContext InContext, MessageFromInjector message)
{
//test connection
tu_sender.ping();
maskThreadsToIntercept(message);
//set hooks
try {
APIFullName[] to_intercept = tu_sender.getApiCallsToIntercept();
HashSet <string> libraries = new HashSet <string>();
foreach (APIFullName api in to_intercept)
{
libraries.Add(api.library_name);
}
foreach (string library_name in libraries)
{
APIMonLib.Hooks.kernel32.dll.Kernel32Support.LoadLibraryW(library_name);
}
HookRegistry.setHooks(to_intercept, this);
//t1clr.installNativeHooks();
} catch (Exception ExtInfo) {
tu_sender.sendException(new RemoteHookingException(ExtInfo));
return;
}
//Report
ConsolePrinter.writeMessage("Hooks have been installed.");
try
{
tu_sender.sendTextMessage("Hooks have been installed at process PID=" + RemoteHooking.GetCurrentProcessId());
}
catch
{
}
//Here any attempt to send something will actually be performed by injected .NET. So we might wait and blacklist all requests.
ConsolePrinter.writeMessage("");
ConsolePrinter.writeMessage("Delay before waking the process ");
int START_DELAY_S = 4;
for (int hh = START_DELAY_S; hh >= 0; hh--)
{
ConsolePrinter.writeMessage(" " + hh);
Thread.Sleep(1000);
}
//enable sending of transfer units
ConsolePrinter.writeMessage("Enable sending of TransferUnits");
tu_sender.enableTransferUnitSend();
ConsolePrinter.writeMessage("Waking the process now...");
RemoteHooking.WakeUpProcess();
foreach (System.Diagnostics.ProcessThread thread in Process.GetCurrentProcess().Threads)
{
Console.WriteLine("Thread " + thread.Id + " is " + thread.ThreadState);
}
ConsolePrinter.writeMessage("After waking the process");
try
{
try
{
tu_sender.sendTextMessage("Inject report: Entering processing stage PID=" + RemoteHooking.GetCurrentProcessId());
tu_sender.blockUntilFinishedProcessing();
}
catch (Exception ex)
{
tu_sender.sendException(new RemoteHookingException("Something wrong with send request processing", ex));
}
}
catch
{
ConsolePrinter.writeMessage("Problem with remote receiver.");
// we can't do anything.
}
}
