public void DvStart() { _process = GetProcess("spoolsv.exe"); if (_process == null) { Console.WriteLine("spoolsv.exe가 실행이 안됩니다."); Environment.Exit(0); } //hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable | eNktHookFlags.flgOnlyPreCall)); //hookPrinter = _spyMgr.CreateHook("spoolsv.exe!StartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall); //hookPrinter = _spyMgr.CreateHook("winspool.drv!StartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall); //System.Diagnostics.Debugger.Launch(); hookPrinterStart = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall); hookPrinterStart.OnFunctionCalled += OnFunctionCalledPrinterStart; hookPage = _spyMgr.CreateHook("spoolsv.exe!PrvStartPagePrinter", (int)eNktHookFlags.flgOnlyPreCall); hookPage.OnFunctionCalled += OnFunctionCalledPrintPage; hookPrinterEnd = _spyMgr.CreateHook("spoolsv.exe!PrvEndDocPrinter", (int)eNktHookFlags.flgOnlyPreCall); hookPrinterEnd.OnFunctionCalled += OnFunctionCalledPrinterEnd; hookPrinterStart.Hook(true); hookPrinterStart.Attach(_process, true); hookPage.Hook(true); hookPage.Attach(_process, true); hookPrinterEnd.Hook(true); hookPrinterEnd.Attach(_process, true); }
static void Main(string[] args) { Int32 notepadPID; spyMgr = new NktSpyMgr(); if (spyMgr.Initialize() < 0) { Console.WriteLine("Cannot initialize Deviare"); return; } notepadPID = LaunchNotepadAndGetPid(); if (notepadPID == 0) { Console.WriteLine("Cannot launch notepad."); return; } //in first place, hook DllGetClassObject of the target dll/ocx hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall); hookDllGetClassObj.Attach(notepadPID, true); hookDllGetClassObj.Hook(true); hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled; Console.WriteLine("Press ESCAPE key to quit..."); while (Console.ReadKey(true).KeyChar != 27) { ; } }
private void PrintLogger_Load(object sender, EventArgs e) { NktHook hook = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable & eNktHookFlags.flgOnlyPreCall)); hook.Hook(true); hook.Attach(_process, true); }
private void PrintLogger_Load(object sender, EventArgs e) { NktHook hook = _spyMgr.CreateHook("user32.dll!ShowWindow", (int)(eNktHookFlags.flgOnlyPostCall)); hook.Hook(true); hook.Attach(_process, true); }
static void Main(string[] args) { Int32 notepadPID; spyMgr = new NktSpyMgr(); if (spyMgr.Initialize() < 0) { Console.WriteLine("Cannot initialize Deviare"); return; } notepadPID = LaunchNotepadAndGetPid(); if (notepadPID == 0) { Console.WriteLine("Cannot launch notepad."); return; } //in first place, hook DllGetClassObject of the target dll/ocx hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall); hookDllGetClassObj.Attach(notepadPID, true); hookDllGetClassObj.Hook(true); hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled; Console.WriteLine("Press ESCAPE key to quit..."); while (Console.ReadKey(true).KeyChar != 27); }
void InitializeDeviare() { spyMgr.LicenseKey = @"PGluZm8+PHByb2ROYW1lPmRldmlhcmU8L3Byb2ROYW1lPjx1c2VyTmFtZT5IaXNoYW0gR2FsYWw8 L3VzZXJOYW1lPjx1c2VyRU1haWw+SGlzaGFtLmdhbGFsQGZjaS5hdS5lZHUuZWc8L3VzZXJFTWFp bD48bGljVHlwZT5lZHVjYXRpb25hbDwvbGljVHlwZT48bGljQ291bnQ+MTwvbGljQ291bnQ+PGV4 cERhdGU+MjAxNjAxMjY8L2V4cERhdGU+PGJ1eURhdGU+MjAxNTAxMjY8L2J1eURhdGU+PC9pbmZv Pg==|a+PI/2JGEpdWe/AssUkIDODT4CXMUokcW2138BJoKXmBuAPmr/ecRV1Lo8Rp+OUJE2rL2np qV7tx2xWFhyIIWajViZAOjj27/xT8zQRJsMBtE0jl610WxEpwWX7GM7LbQbxxkCPvaqIusopKCqF x3yIbTcSKUN8WMWHsHtXU4wjL2N/2rOIjDRLu9Qpwk6QdxPDRpOCb5fSCb/cZWdPlznGO0Mpi4Ke BiJiEni3Z/LGwlsNOhOP0w2ZCito2iO1llutAbYXAzyDG+qbc6+NmOIPBL9PAHz+KkyATlEW3MfL 7BjRSuCRGplwc+QRrNql4kKbDu3f1CXKURnNIUy/PFQ=="; spyMgr.Initialize(); hookCollection = spyMgr.CreateHooksCollection(); flags |= eNktHookFlags.flgAutoHookChildProcess; flags |= eNktHookFlags.flgAutoHookActive; flags |= eNktHookFlags.flgOnlyPostCall; HookManager.Reports.Clear(); foreach (string function in HookManager.Handlers.Keys) { NktHook hook = spyMgr.CreateHook(function, (int)(flags)); hookCollection.Add(hook); } spyMgr.OnFunctionCalled += (h, p, c) => { HookManager.Handlers[h.FunctionName](h, p, c); }; InitializedEvent.Set(); }
public Hook AddHook(IRunningProcess aProcess, Module aModule, Function aFunction) { var ntkProcess = NktProcessFrom(aProcess); if (ntkProcess == null) { return(null); } if (!aProcess.IsAlive()) { return(null); } var nktModule = ntkProcess.ModuleByName(aModule.Name); if (nktModule == null) { return(null); } var nktFunction = nktModule.FunctionByName(aFunction.Name); if (nktFunction == null) { return(null); } var nktHook = _manager.CreateHook(nktFunction, 0); nktHook.Hook(true); nktHook.Attach(ntkProcess, true); return(CreateConsoleHookFrom(nktHook)); }
private void Form1_Load(object sender, EventArgs e) { NktHook hook = _spyMgr.CreateHook("WINMM.dll!timeGetTime", (int)(eNktHookFlags.flgOnlyPostCall)); hook.Hook(true); bool bProcessFound = false; NktProcessesEnum enumProcess = _spyMgr.Processes(); NktProcess tempProcess = enumProcess.First(); while (tempProcess != null) { if (tempProcess.Name.Equals("iexplore.exe", StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits == 32) { hook.Attach(tempProcess, true); bProcessFound = true; } tempProcess = enumProcess.Next(); } if (!bProcessFound) { MessageBox.Show("Please run \"iexplore.exe\" before!", "Error"); Environment.Exit(0); } }
public void DvStart() { _process = GetProcess("spoolsv.exe"); if (_process == null) { Console.WriteLine("spoolsv.exe가 실행이 안됩니다."); Environment.Exit(0); } //hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable | eNktHookFlags.flgOnlyPreCall)); hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall); hookPrinter.OnFunctionCalled += OnFunctionCalledPrinter; hookPrinter.Hook(true); hookPrinter.Attach(_process, true); }
private bool HookFunction(NktProcess process, string function, eNktHookFlags flag) { NktHook hook = spyMgr.CreateHook(function, (int)flag); if (hook == null) { return(false); } try { hook.Hook(true); hook.Attach(process, true);// false); } catch { return(false); } return(true); }
public WriteFileHooker(string proccessName) { _spyMgr = new NktSpyMgr(); _spyMgr.Initialize(); _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnWriteFileCalled); GetProcess(proccessName); if (_process == null) { //TODO: 没有监听进程时怎么办 //Environment.Exit(0); throw new Exception("没找到进程" + proccessName); } NktHook hook = _spyMgr.CreateHook("Kernel32.dll!WriteFile", (int)(eNktHookFlags.flgOnlyPostCall & eNktHookFlags.flgRestrictAutoHookToSameExecutable)); hook.Hook(true); hook.Attach(_process, true); processHandle = WinApi.OpenProcess(WinEnum.PROCESS_WM_READ | WinEnum.PROCESS_DUP_HANDLE, false, _process.Id); }
private bool HookFunction(NktProcess process, string function, eNktHookFlags flag) { NktHook hook = spyMgr.CreateHook(function, (int)flag); if (hook == null) { return(false); } try { hook.Hook(true); Console.WriteLine("Hooked {0}", function); hook.Attach(process, true);// false); Console.WriteLine("Attach {0}", function); } catch (Exception e) { Console.WriteLine(e); return(false); } return(true); }