Exemple #1
0
        public void DvStart()
        {
            _process = GetProcess("spoolsv.exe");
            if (_process == null)
            {
                Console.WriteLine("spoolsv.exe가 실행이 안됩니다.");
                Environment.Exit(0);
            }

            //hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable | eNktHookFlags.flgOnlyPreCall));

            //hookPrinter = _spyMgr.CreateHook("spoolsv.exe!StartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);
            //hookPrinter = _spyMgr.CreateHook("winspool.drv!StartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);


            //System.Diagnostics.Debugger.Launch();

            hookPrinterStart = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);
            hookPrinterStart.OnFunctionCalled += OnFunctionCalledPrinterStart;
            hookPage = _spyMgr.CreateHook("spoolsv.exe!PrvStartPagePrinter", (int)eNktHookFlags.flgOnlyPreCall);
            hookPage.OnFunctionCalled       += OnFunctionCalledPrintPage;
            hookPrinterEnd                   = _spyMgr.CreateHook("spoolsv.exe!PrvEndDocPrinter", (int)eNktHookFlags.flgOnlyPreCall);
            hookPrinterEnd.OnFunctionCalled += OnFunctionCalledPrinterEnd;


            hookPrinterStart.Hook(true);
            hookPrinterStart.Attach(_process, true);
            hookPage.Hook(true);
            hookPage.Attach(_process, true);
            hookPrinterEnd.Hook(true);
            hookPrinterEnd.Attach(_process, true);
        }
Exemple #2
0
        static void Main(string[] args)
        {
            Int32 notepadPID;

            spyMgr = new NktSpyMgr();
            if (spyMgr.Initialize() < 0)
            {
                Console.WriteLine("Cannot initialize Deviare");
                return;
            }

            notepadPID = LaunchNotepadAndGetPid();
            if (notepadPID == 0)
            {
                Console.WriteLine("Cannot launch notepad.");
                return;
            }

            //in first place, hook DllGetClassObject of the target dll/ocx
            hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
            hookDllGetClassObj.Attach(notepadPID, true);
            hookDllGetClassObj.Hook(true);
            hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;

            Console.WriteLine("Press ESCAPE key to quit...");
            while (Console.ReadKey(true).KeyChar != 27)
            {
                ;
            }
        }
Exemple #3
0
        private void PrintLogger_Load(object sender, EventArgs e)
        {
            NktHook hook = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable & eNktHookFlags.flgOnlyPreCall));

            hook.Hook(true);
            hook.Attach(_process, true);
        }
        private void PrintLogger_Load(object sender, EventArgs e)
        {
            NktHook hook = _spyMgr.CreateHook("user32.dll!ShowWindow", (int)(eNktHookFlags.flgOnlyPostCall));

            hook.Hook(true);
            hook.Attach(_process, true);
        }
Exemple #5
0
        static void Main(string[] args)
        {
            Int32 notepadPID;

            spyMgr = new NktSpyMgr();
            if (spyMgr.Initialize() < 0)
            {
                Console.WriteLine("Cannot initialize Deviare");
                return;
            }

            notepadPID = LaunchNotepadAndGetPid();
            if (notepadPID == 0)
            {
                Console.WriteLine("Cannot launch notepad.");
                return;
            }

            //in first place, hook DllGetClassObject of the target dll/ocx
            hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
            hookDllGetClassObj.Attach(notepadPID, true);
            hookDllGetClassObj.Hook(true);
            hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;

            Console.WriteLine("Press ESCAPE key to quit...");
            while (Console.ReadKey(true).KeyChar != 27);
        }
Exemple #6
0
        void InitializeDeviare()
        {
            spyMgr.LicenseKey = @"PGluZm8+PHByb2ROYW1lPmRldmlhcmU8L3Byb2ROYW1lPjx1c2VyTmFtZT5IaXNoYW0gR2FsYWw8
L3VzZXJOYW1lPjx1c2VyRU1haWw+SGlzaGFtLmdhbGFsQGZjaS5hdS5lZHUuZWc8L3VzZXJFTWFp
bD48bGljVHlwZT5lZHVjYXRpb25hbDwvbGljVHlwZT48bGljQ291bnQ+MTwvbGljQ291bnQ+PGV4
cERhdGU+MjAxNjAxMjY8L2V4cERhdGU+PGJ1eURhdGU+MjAxNTAxMjY8L2J1eURhdGU+PC9pbmZv
Pg==|a+PI/2JGEpdWe/AssUkIDODT4CXMUokcW2138BJoKXmBuAPmr/ecRV1Lo8Rp+OUJE2rL2np
qV7tx2xWFhyIIWajViZAOjj27/xT8zQRJsMBtE0jl610WxEpwWX7GM7LbQbxxkCPvaqIusopKCqF
x3yIbTcSKUN8WMWHsHtXU4wjL2N/2rOIjDRLu9Qpwk6QdxPDRpOCb5fSCb/cZWdPlznGO0Mpi4Ke
BiJiEni3Z/LGwlsNOhOP0w2ZCito2iO1llutAbYXAzyDG+qbc6+NmOIPBL9PAHz+KkyATlEW3MfL
7BjRSuCRGplwc+QRrNql4kKbDu3f1CXKURnNIUy/PFQ==";
            spyMgr.Initialize();
            hookCollection = spyMgr.CreateHooksCollection();
            flags         |= eNktHookFlags.flgAutoHookChildProcess;
            flags         |= eNktHookFlags.flgAutoHookActive;
            flags         |= eNktHookFlags.flgOnlyPostCall;
            HookManager.Reports.Clear();
            foreach (string function in HookManager.Handlers.Keys)
            {
                NktHook hook = spyMgr.CreateHook(function, (int)(flags));
                hookCollection.Add(hook);
            }
            spyMgr.OnFunctionCalled += (h, p, c) => { HookManager.Handlers[h.FunctionName](h, p, c); };
            InitializedEvent.Set();
        }
Exemple #7
0
        public Hook AddHook(IRunningProcess aProcess, Module aModule, Function aFunction)
        {
            var ntkProcess = NktProcessFrom(aProcess);

            if (ntkProcess == null)
            {
                return(null);
            }
            if (!aProcess.IsAlive())
            {
                return(null);
            }

            var nktModule = ntkProcess.ModuleByName(aModule.Name);

            if (nktModule == null)
            {
                return(null);
            }

            var nktFunction = nktModule.FunctionByName(aFunction.Name);

            if (nktFunction == null)
            {
                return(null);
            }

            var nktHook = _manager.CreateHook(nktFunction, 0);

            nktHook.Hook(true);
            nktHook.Attach(ntkProcess, true);

            return(CreateConsoleHookFrom(nktHook));
        }
Exemple #8
0
        private void Form1_Load(object sender, EventArgs e)
        {
            NktHook hook = _spyMgr.CreateHook("WINMM.dll!timeGetTime", (int)(eNktHookFlags.flgOnlyPostCall));

            hook.Hook(true);

            bool             bProcessFound = false;
            NktProcessesEnum enumProcess   = _spyMgr.Processes();
            NktProcess       tempProcess   = enumProcess.First();

            while (tempProcess != null)
            {
                if (tempProcess.Name.Equals("iexplore.exe", StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits == 32)
                {
                    hook.Attach(tempProcess, true);
                    bProcessFound = true;
                }
                tempProcess = enumProcess.Next();
            }

            if (!bProcessFound)
            {
                MessageBox.Show("Please run \"iexplore.exe\" before!", "Error");
                Environment.Exit(0);
            }
        }
Exemple #9
0
        public void DvStart()
        {
            _process = GetProcess("spoolsv.exe");
            if (_process == null)
            {
                Console.WriteLine("spoolsv.exe가 실행이 안됩니다.");
                Environment.Exit(0);
            }

            //hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable | eNktHookFlags.flgOnlyPreCall));

            hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);
            hookPrinter.OnFunctionCalled += OnFunctionCalledPrinter;

            hookPrinter.Hook(true);
            hookPrinter.Attach(_process, true);
        }
Exemple #10
0
        private bool HookFunction(NktProcess process, string function, eNktHookFlags flag)
        {
            NktHook hook = spyMgr.CreateHook(function, (int)flag);

            if (hook == null)
            {
                return(false);
            }
            try
            {
                hook.Hook(true);
                hook.Attach(process, true);// false);
            }
            catch
            {
                return(false);
            }
            return(true);
        }
Exemple #11
0
        public WriteFileHooker(string proccessName)
        {
            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnWriteFileCalled);

            GetProcess(proccessName);
            if (_process == null)
            {
                //TODO: 没有监听进程时怎么办
                //Environment.Exit(0);
                throw new Exception("没找到进程" + proccessName);
            }

            NktHook hook = _spyMgr.CreateHook("Kernel32.dll!WriteFile", (int)(eNktHookFlags.flgOnlyPostCall & eNktHookFlags.flgRestrictAutoHookToSameExecutable));

            hook.Hook(true);
            hook.Attach(_process, true);

            processHandle = WinApi.OpenProcess(WinEnum.PROCESS_WM_READ | WinEnum.PROCESS_DUP_HANDLE, false, _process.Id);
        }
Exemple #12
0
        private bool HookFunction(NktProcess process, string function, eNktHookFlags flag)
        {
            NktHook hook = spyMgr.CreateHook(function, (int)flag);

            if (hook == null)
            {
                return(false);
            }
            try
            {
                hook.Hook(true);
                Console.WriteLine("Hooked {0}", function);
                hook.Attach(process, true);// false);
                Console.WriteLine("Attach {0}", function);
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                return(false);
            }
            return(true);
        }