public void DvStart()
{
_process = GetProcess("spoolsv.exe");
if (_process == null)
{
Console.WriteLine("spoolsv.exe가 실행이 안됩니다.");
Environment.Exit(0);
}
//hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable | eNktHookFlags.flgOnlyPreCall));
//hookPrinter = _spyMgr.CreateHook("spoolsv.exe!StartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);
//hookPrinter = _spyMgr.CreateHook("winspool.drv!StartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);
//System.Diagnostics.Debugger.Launch();
hookPrinterStart = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);
hookPrinterStart.OnFunctionCalled += OnFunctionCalledPrinterStart;
hookPage = _spyMgr.CreateHook("spoolsv.exe!PrvStartPagePrinter", (int)eNktHookFlags.flgOnlyPreCall);
hookPage.OnFunctionCalled += OnFunctionCalledPrintPage;
hookPrinterEnd = _spyMgr.CreateHook("spoolsv.exe!PrvEndDocPrinter", (int)eNktHookFlags.flgOnlyPreCall);
hookPrinterEnd.OnFunctionCalled += OnFunctionCalledPrinterEnd;
hookPrinterStart.Hook(true);
hookPrinterStart.Attach(_process, true);
hookPage.Hook(true);
hookPage.Attach(_process, true);
hookPrinterEnd.Hook(true);
hookPrinterEnd.Attach(_process, true);
}
static void Main(string[] args)
{
Int32 notepadPID;
spyMgr = new NktSpyMgr();
if (spyMgr.Initialize() < 0)
{
Console.WriteLine("Cannot initialize Deviare");
return;
}
notepadPID = LaunchNotepadAndGetPid();
if (notepadPID == 0)
{
Console.WriteLine("Cannot launch notepad.");
return;
}
//in first place, hook DllGetClassObject of the target dll/ocx
hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
hookDllGetClassObj.Attach(notepadPID, true);
hookDllGetClassObj.Hook(true);
hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;
Console.WriteLine("Press ESCAPE key to quit...");
while (Console.ReadKey(true).KeyChar != 27)
{
;
}
}
private void PrintLogger_Load(object sender, EventArgs e)
{
NktHook hook = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable & eNktHookFlags.flgOnlyPreCall));
hook.Hook(true);
hook.Attach(_process, true);
}
private void PrintLogger_Load(object sender, EventArgs e)
{
NktHook hook = _spyMgr.CreateHook("user32.dll!ShowWindow", (int)(eNktHookFlags.flgOnlyPostCall));
hook.Hook(true);
hook.Attach(_process, true);
}
static void Main(string[] args)
{
Int32 notepadPID;
spyMgr = new NktSpyMgr();
if (spyMgr.Initialize() < 0)
{
Console.WriteLine("Cannot initialize Deviare");
return;
}
notepadPID = LaunchNotepadAndGetPid();
if (notepadPID == 0)
{
Console.WriteLine("Cannot launch notepad.");
return;
}
//in first place, hook DllGetClassObject of the target dll/ocx
hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
hookDllGetClassObj.Attach(notepadPID, true);
hookDllGetClassObj.Hook(true);
hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;
Console.WriteLine("Press ESCAPE key to quit...");
while (Console.ReadKey(true).KeyChar != 27);
}
void InitializeDeviare()
{
spyMgr.LicenseKey = @"PGluZm8+PHByb2ROYW1lPmRldmlhcmU8L3Byb2ROYW1lPjx1c2VyTmFtZT5IaXNoYW0gR2FsYWw8
L3VzZXJOYW1lPjx1c2VyRU1haWw+SGlzaGFtLmdhbGFsQGZjaS5hdS5lZHUuZWc8L3VzZXJFTWFp
bD48bGljVHlwZT5lZHVjYXRpb25hbDwvbGljVHlwZT48bGljQ291bnQ+MTwvbGljQ291bnQ+PGV4
cERhdGU+MjAxNjAxMjY8L2V4cERhdGU+PGJ1eURhdGU+MjAxNTAxMjY8L2J1eURhdGU+PC9pbmZv
Pg==|a+PI/2JGEpdWe/AssUkIDODT4CXMUokcW2138BJoKXmBuAPmr/ecRV1Lo8Rp+OUJE2rL2np
qV7tx2xWFhyIIWajViZAOjj27/xT8zQRJsMBtE0jl610WxEpwWX7GM7LbQbxxkCPvaqIusopKCqF
x3yIbTcSKUN8WMWHsHtXU4wjL2N/2rOIjDRLu9Qpwk6QdxPDRpOCb5fSCb/cZWdPlznGO0Mpi4Ke
BiJiEni3Z/LGwlsNOhOP0w2ZCito2iO1llutAbYXAzyDG+qbc6+NmOIPBL9PAHz+KkyATlEW3MfL
7BjRSuCRGplwc+QRrNql4kKbDu3f1CXKURnNIUy/PFQ==";
spyMgr.Initialize();
hookCollection = spyMgr.CreateHooksCollection();
flags |= eNktHookFlags.flgAutoHookChildProcess;
flags |= eNktHookFlags.flgAutoHookActive;
flags |= eNktHookFlags.flgOnlyPostCall;
HookManager.Reports.Clear();
foreach (string function in HookManager.Handlers.Keys)
{
NktHook hook = spyMgr.CreateHook(function, (int)(flags));
hookCollection.Add(hook);
}
spyMgr.OnFunctionCalled += (h, p, c) => { HookManager.Handlers[h.FunctionName](h, p, c); };
InitializedEvent.Set();
}
public Hook AddHook(IRunningProcess aProcess, Module aModule, Function aFunction)
{
var ntkProcess = NktProcessFrom(aProcess);
if (ntkProcess == null)
{
return(null);
}
if (!aProcess.IsAlive())
{
return(null);
}
var nktModule = ntkProcess.ModuleByName(aModule.Name);
if (nktModule == null)
{
return(null);
}
var nktFunction = nktModule.FunctionByName(aFunction.Name);
if (nktFunction == null)
{
return(null);
}
var nktHook = _manager.CreateHook(nktFunction, 0);
nktHook.Hook(true);
nktHook.Attach(ntkProcess, true);
return(CreateConsoleHookFrom(nktHook));
}
private void Form1_Load(object sender, EventArgs e)
{
NktHook hook = _spyMgr.CreateHook("WINMM.dll!timeGetTime", (int)(eNktHookFlags.flgOnlyPostCall));
hook.Hook(true);
bool bProcessFound = false;
NktProcessesEnum enumProcess = _spyMgr.Processes();
NktProcess tempProcess = enumProcess.First();
while (tempProcess != null)
{
if (tempProcess.Name.Equals("iexplore.exe", StringComparison.InvariantCultureIgnoreCase) && tempProcess.PlatformBits == 32)
{
hook.Attach(tempProcess, true);
bProcessFound = true;
}
tempProcess = enumProcess.Next();
}
if (!bProcessFound)
{
MessageBox.Show("Please run \"iexplore.exe\" before!", "Error");
Environment.Exit(0);
}
}
public void DvStart()
{
_process = GetProcess("spoolsv.exe");
if (_process == null)
{
Console.WriteLine("spoolsv.exe가 실행이 안됩니다.");
Environment.Exit(0);
}
//hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)(eNktHookFlags.flgRestrictAutoHookToSameExecutable | eNktHookFlags.flgOnlyPreCall));
hookPrinter = _spyMgr.CreateHook("spoolsv.exe!PrvStartDocPrinterW", (int)eNktHookFlags.flgOnlyPreCall);
hookPrinter.OnFunctionCalled += OnFunctionCalledPrinter;
hookPrinter.Hook(true);
hookPrinter.Attach(_process, true);
}
private bool HookFunction(NktProcess process, string function, eNktHookFlags flag)
{
NktHook hook = spyMgr.CreateHook(function, (int)flag);
if (hook == null)
{
return(false);
}
try
{
hook.Hook(true);
hook.Attach(process, true);// false);
}
catch
{
return(false);
}
return(true);
}
public WriteFileHooker(string proccessName)
{
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnWriteFileCalled);
GetProcess(proccessName);
if (_process == null)
{
//TODO: 没有监听进程时怎么办
//Environment.Exit(0);
throw new Exception("没找到进程" + proccessName);
}
NktHook hook = _spyMgr.CreateHook("Kernel32.dll!WriteFile", (int)(eNktHookFlags.flgOnlyPostCall & eNktHookFlags.flgRestrictAutoHookToSameExecutable));
hook.Hook(true);
hook.Attach(_process, true);
processHandle = WinApi.OpenProcess(WinEnum.PROCESS_WM_READ | WinEnum.PROCESS_DUP_HANDLE, false, _process.Id);
}
private bool HookFunction(NktProcess process, string function, eNktHookFlags flag)
{
NktHook hook = spyMgr.CreateHook(function, (int)flag);
if (hook == null)
{
return(false);
}
try
{
hook.Hook(true);
Console.WriteLine("Hooked {0}", function);
hook.Attach(process, true);// false);
Console.WriteLine("Attach {0}", function);
}
catch (Exception e)
{
Console.WriteLine(e);
return(false);
}
return(true);
}