public void Run(RemoteHooking.IContext context, string imagePath, string iconPath)
{
this.imagePath = imagePath;
this.iconPath = iconPath;
try
{
using (var hook1 = LocalHook.Create(LocalHook.GetProcAddress("wininet.dll", "InternetOpenUrlA"), new InternetOpenUrlADelegate(InternetOpenUrlAHook), null))
using (var hook2 = LocalHook.Create(LocalHook.GetProcAddress("wininet.dll", "HttpQueryInfoA"), new HttpQueryInfoADelegate(HttpQueryInfoAHook), null))
using (var hook3 = LocalHook.Create(LocalHook.GetProcAddress("wininet.dll", "InternetCloseHandle"), new InternetCloseHandleDelegate(InternetCloseHandleHook), null))
{
hook1.ThreadACL.SetExclusiveACL(new[] { 0 });
hook2.ThreadACL.SetExclusiveACL(new[] { 0 });
hook3.ThreadACL.SetExclusiveACL(new[] { 0 });
RemoteHooking.WakeUpProcess();
Thread.Sleep(Timeout.Infinite);
}
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("Error: Failed to install hooks in LxRun.");
Console.WriteLine(e);
Console.ResetColor();
Environment.Exit(-1);
}
}
public void Run(RemoteHooking.IContext inContext, string inChannelName, string[] dllsToLoad)
{
try
{
Stopwatch stopwatch = Stopwatch.StartNew();
Interface.Log($"== {OtherUtils.GetAssemblyProductName()} v{OtherUtils.GetAssemblyVersion()} ==");
Interface.Log($"Using {OtherUtils.ApiProductName} v{OtherUtils.ApiVersion}");
GlobalHooks.InitGlobalHooks(Interface);
Loader = new Loader(Interface);
Loader.LoadMods(dllsToLoad);
// Make sure the game is fully loaded
while (Marshal.ReadByte((IntPtr)0x500380) < 9)
{
}
Loader.InitMods();
stopwatch.Stop();
Interface.Log($"Done. ({stopwatch.Elapsed.TotalSeconds:F3}s)");
RemoteHooking.WakeUpProcess();
while (true)
{
Thread.Sleep(1000);
}
}
catch (Exception e)
{
Interface.HandleError(e);
}
}
public void Run(RemoteHooking.IContext context,
string channelName)
{
_server.Ping();
var postMessageHook = LocalHook.Create(
LocalHook.GetProcAddress("user32.dll", "PostMessageW"),
new PostMessageDelegate(PostMessageHook),
this);
postMessageHook.ThreadACL.SetExclusiveACL(new[] { 0 });
RemoteHooking.WakeUpProcess();
try
{
while (true)
{
Thread.Sleep(1000);
_server.Ping();
}
}
finally
{
postMessageHook?.Dispose();
LocalHook.Release();
}
}
public void Run(RemoteHooking.IContext context, string channelName)
{
var createProcessHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateProcessW"), new NativeDelegates.CreateProcessDelegate(OnCreateProcessHook), this);
createProcessHook.ThreadACL.SetExclusiveACL(new[] { 0 });
RemoteHooking.WakeUpProcess();
try
{
while (true)
{
// Periodically send status to the server
Server.RaisePingRequested(channelName);
Thread.Sleep(1000);
}
}
catch
{
// ignored
}
createProcessHook.Dispose();
LocalHook.Release();
}
// =====================
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
InterceptDNSHook = LocalHook.Create(
LocalHook.GetProcAddress("WS2_32.dll", "GetAddrInfoW"),
new DInterceptDNS(InterceptDNS_Hooked),
this);
InterceptDNSHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored messages ...
if (Queue1.Count > 0)
{
String[] Package = null;
lock (Queue1)
{
Package = Queue1.ToArray();
Queue1.Clear();
}
Interface.OnInterceptDNS(RemoteHooking.GetCurrentProcessId(), Package);
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
finally
{
}
}
/// <summary>
/// Sets up the API hooks and maintains them.
/// </summary>
/// <param name="inContext">Hooking context information.</param>
/// <param name="implentationDir">The base directory of the implementation containing this executable.</param>
/// <param name="registryFilter">A set of filter rules to registry access.</param>
/// <param name="relaunchControl">Stores information about how commands within an implementation can be relaunched. Used for Windows 7 taskbar pinning.</param>
public void Run(RemoteHooking.IContext inContext, string implentationDir, RegistryFilter registryFilter, RelaunchControl relaunchControl)
{
try
{
SetupHooks();
}
#region Error handling
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
string errorLogFile = Path.Combine(Path.GetTempPath(), "Zero Install Hooking Error Log.txt");
File.WriteAllText(errorLogFile, ex.ToString());
EventLog.WriteEntry("Zero Install", ex.ToString(), EventLogEntryType.Error);
return;
}
#endregion
finally
{
RemoteHooking.WakeUpProcess();
}
while (true)
{
Thread.Sleep(500);
}
}
public void Run(RemoteHooking.IContext context, string channelName)
{
server.IsClientInstalled(RemoteHooking.GetCurrentProcessId());
var shellExecuteHook = LocalHook.Create(
LocalHook.GetProcAddress("shell32.dll", "ShellExecuteExW"),
new ShellExecuteExDelegate(ShellExecuteExHook),
this);
shellExecuteHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
RemoteHooking.WakeUpProcess();
server.ReportMessage("Injected to osu! process");
try
{
// Loop until closes (i.e. IPC fails)
while (true)
{
System.Threading.Thread.Sleep(500);
server.Ping();
}
}
catch
{
// Ping() or ReportMessages() will raise an exception if host is unreachable
}
shellExecuteHook.Dispose();
LocalHook.Release();
}
/// <summary>
/// Initializes a new instance of the <see cref="NetworkHook" /> class.
/// </summary>
public NetworkHook(HookClientBase hookClient)
{
// Do not disable networking for now
return;
this.HookClient = hookClient;
try
{
this.RecvHook = HookServer.CreateHook("ws2_32.dll", "recv", new RecvDelegate(this.RecvEx), this);
this.SendHook = HookServer.CreateHook("ws2_32.dll", "send", new SendDelegate(this.SendEx), this);
this.RecvFromHook = HookServer.CreateHook("ws2_32.dll", "recvfrom", new RecvFromDelegate(this.RecvFromEx), this);
this.SendToHook = HookServer.CreateHook("ws2_32.dll", "sendto", new SendToDelegate(this.SendToEx), this);
this.WSARecvHook = HookServer.CreateHook("ws2_32.dll", "WSARecv", new WSARecvDelegate(this.WsaRecvEx), this);
this.WSASendHook = HookServer.CreateHook("ws2_32.dll", "WSASend", new WSASendDelegate(this.WsaSendEx), this);
RemoteHooking.WakeUpProcess();
this.HookClient.Log("Networking Disabled in Process");
}
catch (Exception ex)
{
this.HookClient.Log("Error activating network hooks", ex.ToString());
}
}
/// <summary>
/// Initializes a new instance of the <see cref="NetworkHook" /> class.
/// </summary>
public NetworkHook(HookClientBase hookClient)
{
// Do not disable networking for now
return;
this.HookClient = hookClient;
try
{
this.RecvHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "recv"), new DRecv(MyRecv), this);
this.SendHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "send"), new DSend(MySend), this);
// this.RecvFromHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "recvfrom"), new DRecvFrom(MyRecvFrom), this);
// this.SendToHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "sendto"), new DSendTo(MySendTo), this);
// this.WSARecvHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "WSARecv"), new DWSARecv(MyWsaRecv), this);
// this.WSASendHook = LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "WSASend"), new DWSASend(MyWsaSend), this);
RecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
SendHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// RecvFromHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// SendToHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// WSARecvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
// WSASendHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
RemoteHooking.WakeUpProcess();
this.HookClient.Log("Networking Disabled in Process");
}
catch (Exception ex)
{
this.HookClient.Log("Error activating network hooks", ex.ToString());
}
}
public void Run(RemoteHooking.IContext InContext, string InChannelName)
{
try
{
_writeFileHook = LocalHook.Create(LocalHook.GetProcAddress("KernelBase.dll", "WriteFile"),
new TWriteFile(HkWriteFile), this);
_writeFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception exception)
{
_interface.ErrorHandler(exception);
}
try
{
RemoteHooking.WakeUpProcess();
}
catch (Exception exception)
{
_interface.ErrorHandler(exception);
}
while (true)
{
Thread.Sleep(1000);
}
}
public MainForm()
{
InitializeComponent();
HookManager.Instance.InitHooks();
RemoteHooking.WakeUpProcess();
HookManager.OnMessage += ThreadSafeAddlog;
}
public void Run(RemoteHooking.IContext context, string channelName)
{
ClientCallbackProxy.SessionClosed += OnSessionClosed;
ResetEvent = new ManualResetEvent(false);
ResetEvent.Reset();
Proxy = new ClientCallbackProxy();
Server.GrantProxy(Proxy);
try {
BeginHook();
RemoteHooking.WakeUpProcess();
StartCheckHostIsAliveThread();
ResetEvent.WaitOne();
StopCheckHostIsAliveThread();
}
catch (Exception ex) {
Server.Debug(ex.ToString());
}
finally {
ChannelServices.UnregisterChannel(ClientServerChannel);
EndHook();
Thread.Sleep(250);
}
}
public void Run(RemoteHooking.IContext context, string channelName, string dataJsonPath)
{
try
{
Debug.WriteLine("[NT] Payload loaded.");
Hook.Install();
RemoteHooking.WakeUpProcess();
Hook.Join();
}
catch (RemotingException)
{
Debug.WriteLine("[NT] Bridge is broken.");
}
catch (Exception ex)
{
_bridge.Error(ex);
}
finally
{
Hook.Release();
Debug.WriteLine("[NT] Payload unloaded.");
}
}
public void Run(RemoteHooking.IContext context,
string channelName,
SoftwallRule[] softwallRules)
{
try
{
swapBuffersHook = LocalHook.Create(
LocalHook.GetProcAddress(gdiDll, "SwapBuffers"),
new SwapBuffersHandler(OnSwapBuffers),
this);
mallocHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "malloc"),
new MallocHandler(OnMalloc),
this);
callocHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "calloc"),
new CallocHandler(OnCalloc),
this);
reallocHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "realloc"),
new ReallocHandler(OnRealloc),
this);
freeHook = LocalHook.Create(
LocalHook.GetProcAddress(vcrDll, "free"),
new FreeHandler(OnFree),
this);
Int32[] excludedThreads = new Int32[] { RemoteHooking.GetCurrentThreadId() };
foreach (LocalHook hook in new LocalHook[] { swapBuffersHook, mallocHook, callocHook, reallocHook, freeHook })
{
hook.ThreadACL.SetExclusiveACL(excludedThreads);
}
}
catch (Exception ex)
{
MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
RemoteHooking.WakeUpProcess();
int myPid = RemoteHooking.GetCurrentProcessId();
try
{
manager.Ping(myPid);
while (true)
{
Thread.Sleep(500);
ProcessAllocations();
manager.Ping(myPid);
}
}
catch (Exception ex)
{
MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
MessageBox.Show("Terminating", "oHeapAgent", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
public void Run(RemoteHooking.IContext iContext,
string channel)
{
//GetPuppetFilesFunc = getPuppetFilesFunc;
/*获取目标函数的句柄*/
IntPtr createFileWPtr = LocalHook.GetProcAddress("kernel32.dll", "CreateFileW");
IntPtr findFirstFileWPtr = LocalHook.GetProcAddress("kernel32.dll", "FindFirstFileW");
IntPtr findNextFileWPtr = LocalHook.GetProcAddress("kernel32.dll", "FindNextFileW");
IntPtr findClosePtr = LocalHook.GetProcAddress("kernel32.dll", "FindClose");
IntPtr getFileAttributesPtr = LocalHook.GetProcAddress("kernel32.dll", "GetFileAttributesW");
IntPtr setFileAttributesPtr = LocalHook.GetProcAddress("kernel32.dll", "SetFileAttributesW");
/*创建钩子*/
_openHook = LocalHook.Create(createFileWPtr, new DCreateFileW(CreateFileCallBack), this);
_findFirstFileHook = LocalHook.Create(findFirstFileWPtr, new DFindFirstFileW(FindFirstFileCallBack), this);
_findNextFileHook = LocalHook.Create(findNextFileWPtr, new DFindNextFileW(FindNextFileCallBack), this);
_findCloseHook = LocalHook.Create(findClosePtr, new DFindClose(FindCloseCallBack), this);
_getFileAttributesHook = LocalHook.Create(getFileAttributesPtr, new DGetFileAttributesW(GetFileAttributesCallBack), this);
_setFileAttributesHook = LocalHook.Create(setFileAttributesPtr, new DSetFileAttributesW(SetFileAttributesCallBack), this);
/*设置ACL,我不知道有什么用*/
_openHook.ThreadACL.SetExclusiveACL(new int[1]);
_findFirstFileHook.ThreadACL.SetExclusiveACL(new int[1]);
_findNextFileHook.ThreadACL.SetExclusiveACL(new int[1]);
_findCloseHook.ThreadACL.SetExclusiveACL(new int[1]);
_getFileAttributesHook.ThreadACL.SetInclusiveACL(new int[1]);
_setFileAttributesHook.ThreadACL.SetInclusiveACL(new int[1]);
RemoteHooking.WakeUpProcess();
while (true)
{
Thread.Sleep(500);
}
}
public void Run(RemoteHooking.IContext context, string channelName)
{
Stealther stealther = null;
try
{
Server.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
if (DetectDirectXVersion())
{
device.InstallHook();
}
stealther = new Stealther();
}
catch (Exception e)
{
Server.ReportException(e);
}
while (Server.RunLibrary)
{
Thread.Sleep(500);
}
stealther?.Dispose();
device?.UninstallHook();
LocalHook.Release();
Server.DebugMessage("Hooks uninstalled, you can close app!");
}
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
/* CreateFileHook = LocalHook.Create(
* LocalHook.GetProcAddress("kernel32.dll", "MoveFileExW"),
* new HookStgCreateStorageEx(StgCreateStorageEx_Hooked),
* this);*/
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("ole32.dll", "StgCreateStorageEx"),
new HookStgCreateStorageEx(StgCreateStorageEx_Hooked),
this);
CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentThreadId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
// Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
}
else
{
// Interface.Ping(RemoteHooking.GetCurrentThreadId());
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
CreateKeywordHook = LocalHook.Create(
LocalHook.GetProcAddress("python27.dll", "PyEval_CallObjectWithKeywords"),
new DCallKeywords(CallKeywords_Hooked),
this);
CreateKeywordHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
CreateGetModuleHandleAHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32", "GetModuleHandleA"), new DGetModuleHandleA(GetModuleHandleHooked), this);
CreateGetModuleHandleAHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
public void Run(RemoteHooking.IContext contect, string channelName)
{
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
// Install hooks
// CreateFile https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
new CreateFile_Delegate(CreateFile_Hook),
this
);
// Activate hooks on all threads except the current thread.
CreateFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
Interface.ReportMessage("Hook 'CreateFile' has been installed");
RemoteHooking.WakeUpProcess();
try
{
// Loop until the loader closes (i.e. IPC fails)
while (true)
{
Thread.Sleep(500);
string[] queued = null;
lock (_messageQueue)
{
queued = _messageQueue.ToArray();
_messageQueue.Clear();
}
if (queued != null && queued.Length > 0)
{
Interface.ReportMessages(queued);
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() or ReportMessages() will raise an exception if host is unreachable.
}
// Remove hooks
CreateFileHook.Dispose();
// Finalize cleanup of hooks
LocalHook.Release();
}
public void Run(RemoteHooking.IContext context, string channelName)
{
server.IsInstalled(RemoteHooking.GetCurrentProcessId());
List <LocalHook> hooks = new List <LocalHook>()
{
LocalHook.Create(
new IntPtr(ENGINE_UPDATE_HOOK_TARGET_ADDRESS),
new VoidDelegate(PollInputOverride),
this),
};
foreach (var hook in hooks)
{
hook.ThreadACL.SetExclusiveACL(new int[] { 0 });
}
InputEmulator.KeyConfig.TryLoadConfig();
server.ReportString($"DivaHook successfully established\n");
server.ReportString($"Do not close this application...");
RemoteHooking.WakeUpProcess();
try
{
while (true)
{
System.Threading.Thread.Sleep(500);
string[] queued = null;
lock (messageQueue)
{
queued = messageQueue.ToArray();
messageQueue.Clear();
}
if (queued != null && queued.Length > 0)
{
server.ReportMessages(queued);
}
else
{
server.Ping();
}
}
}
catch (Exception ex)
{
server.ReportException(ex);
}
foreach (var hook in hooks)
{
hook.Dispose();
}
LocalHook.Release();
}
public void Run(RemoteHooking.IContext inContext, string inChannelName)
{
if (InstallHook())
{
RemoteHooking.WakeUpProcess();
WaitForHostProcessTermination();
}
}
public void Run(
RemoteHooking.IContext inContext,
string inChannelName)
{
MessageBox.Show(Assembly.GetExecutingAssembly().Location);
// install hook...
try
{
CreateHook();
}
catch (Exception extInfo)
{
Interface.ReportException(extInfo);
return;
}
try
{
var thread = new Thread(NotifyInstalled);
thread.Start();
RemoteHooking.WakeUpProcess();
}
catch (Exception e)
{
Tracer.WriteLine(e);
}
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
if (!NotifyImmedialety)
{
SignalMethodHooked();
}
else
{
// transmit newly monitored file accesses...
Interface.Ping();
}
}
}
catch (Exception ex)
{
try
{
Interface.ReportException(ex); //will raise an exception if host is unreachable
}
catch (Exception e)
{
Tracer.WriteLine(e);
}
}
}
public void Run(RemoteHooking.IContext inContext, String inChannelName)
{
// install hook...
try
{
_runningDirectory = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
IntPtr createFileProcAddress = LocalHook.GetProcAddress("kernel32.dll", "CreateFileA");
_createFileLocalHook = LocalHook.Create(
createFileProcAddress,
new CreateFileDelegate(CreateFileHookMethod),
this);
_createFileLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
IntPtr mmioOpenProcAddress = LocalHook.GetProcAddress("WINMM.dll", "mmioOpenW");
_mmioOpenLocalHook = LocalHook.Create(
mmioOpenProcAddress,
new MmioOpenDelegate(MmioOpenHookMethod),
this);
_mmioOpenLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
IntPtr getDriveTypeProcAddress = LocalHook.GetProcAddress("kernel32.dll", "GetDriveTypeA");
_getDriveTypeLocalHook = LocalHook.Create(
getDriveTypeProcAddress,
new GetDriveTypeDelegate(GetDriveTypeHookMethod),
this);
_getDriveTypeLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
}
catch (Exception exception)
{
_ipcInterface.ReportException(exception);
return;
}
_ipcInterface.NotifySucessfulInstallation(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait until we are not needed anymore...
try
{
while (true)
{
_ipcInterface.OnHooking();
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
/// <summary>
/// Before the <see cref="StartSandbox.EasyHookWrapper.Inject"/> method is called (which calls
/// <see cref="EasyHook.RemoteHooking.Inject"/> in turn), the target process is assummed to be
/// just created in suspended mode. When the <see cref="Run"/> method finishes initialization
/// of the injected code, it calls this method to resume the suspended process.
/// </summary>
/// <param name="threadId"></param>
private void WakeUpProcess(uint threadId)
{
//This is required just when the library was injected with RemoteHooking.CreateAndInject(). This call resume the process.
//If the library was injected into this process with RemoteHooking.Inject() then the below call does nothing.
RemoteHooking.WakeUpProcess(); // useless when we use RemoteHooking.Inject().
// Resumes process (its main thread) in all other cases.
Utils.WakeUpThread(threadId);
}
public void Run(
RemoteHooking.IContext InContext,
String channelName,
String entryPoint,
String dll,
String returnType,
String scriptBlock,
String modulePath,
String additionalCode,
bool eventLog)
{
try
{
Log(String.Format("Executing Set-Hook -Local -EntryPoint '{0}' -Dll '{1}' -ReturnType '{2}' -ScriptBlock '{3}' ", entryPoint, dll, returnType, scriptBlock), eventLog);
using (var ps = PowerShell.Create())
{
ps.Runspace = Runspace;
ps.AddCommand("Import-Module");
ps.AddArgument(modulePath);
ps.Invoke();
ps.Commands.Clear();
ps.AddCommand("Set-Hook");
ps.AddParameter("EntryPoint", entryPoint);
ps.AddParameter("Dll", dll);
ps.AddParameter("ReturnType", returnType);
ps.AddParameter("AdditionalCode", additionalCode);
var sb = ScriptBlock.Create(scriptBlock);
ps.AddParameter("ScriptBlock", sb);
ps.Invoke();
foreach (var record in ps.Streams.Error)
{
Log("Caught exception " + record.Exception.Message, eventLog);
}
}
RemoteHooking.WakeUpProcess();
new System.Threading.ManualResetEvent(false).WaitOne();
}
catch (Exception e)
{
Log("Caught exception " + e.Message, eventLog);
try
{
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e);
}
catch
{
}
return;
}
}
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
//FileApis.InstallHook();
//ProcApis.InstallHook();
//RegApis.InstallHook();
NetApis.InstallHook();
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
Interface.Output(DateTime.Now, RemoteHooking.GetCurrentProcessId(), Package);
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
public unsafe void Run(RemoteHooking.IContext context, string channelName)
{
HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "WSARecv"), new Ws2_32.WSARecv_Delegate(WSARecv_Hook), this));
HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "send"), new Ws2_32.send_Delegate(send_Hook), this));
HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "connect"), new Ws2_32.connect_Delegate(connect_Hook), this));
HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "closesocket"), new Ws2_32.closesocket_Delegate(closesocket_Hook), this));
RemoteHooking.WakeUpProcess();
Application.Run(MainForm.Instance);
HooksController.RemoveAllHooks();
LocalHook.Release();
}
public void Run(RemoteHooking.IContext context, string channelName, string pluginsPath, string configPath, string targetExecutable)
{
try
{
var catalog = new DirectoryCatalog(pluginsPath);
var container = new CompositionContainer(catalog);
container.ComposeParts(this);
foreach (var plugin in HookPlugins)
{
plugin.Hook(targetExecutable, configPath, pluginsPath, Interface);
}
}
catch (Exception e)
{
Interface.ReportException(e);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
/*
* if (_queue.Count > 0)
* {
* String[] Package = null;
*
* lock (_queue)
* {
* Package = _queue.ToArray();
*
* _queue.Clear();
* }
* }
* else
*/
Interface.Ping();
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
public void Run(RemoteHooking.IContext context, string channelName)
{
_pid = RemoteHooking.GetCurrentProcessId();
_processName = Path.GetFileName(Process.GetProcessById(_pid).MainModule.FileName);
_server.SetPid(_pid);
Log($"Injected Focus Steal Blocker Hook into process {GetProcessDescription()}");
LocalHook setForegroundWindowHook = LocalHook.Create(
LocalHook.GetProcAddress("User32.dll", "SetForegroundWindow"),
new SetForegroundWindow_Delegate(SetForegroundWindow_Hook),
this);
setForegroundWindowHook.ThreadACL.SetExclusiveACL(new[] { 0 });
Log($"SetForegroundWindow hook installed for {GetProcessDescription()}");
RemoteHooking.WakeUpProcess();
try
{
while (_server != null && !_server.ShouldAbort())
{
Thread.Sleep(500);
string[] queued;
lock (_messageQueue)
{
queued = _messageQueue.ToArray();
_messageQueue.Clear();
}
if (queued.Length > 0)
{
foreach (string message in queued)
{
Log(message);
}
}
}
}
catch (Exception ex)
{
Log(ex.ToString());
}
// Remove hooks
setForegroundWindowHook.Dispose();
// Finalise cleanup of hooks
LocalHook.Release();
}
public void Run(EasyHook.RemoteHooking.IContext InContext)
{
MarketHook marketHook = new MarketHook();
LocationHook locationHook = new LocationHook();
RemoteHooking.WakeUpProcess();
while (true)
{
System.Threading.Thread.Sleep(1000);
}
}