public static Boolean passHookDataByPipe(HOOKDAT oHookDat)
{
lock (lockDataOperation)
{
try
{
NamedPipeClientStream pipe = new NamedPipeClientStream("localhost", sDataPipe, PipeDirection.InOut);
try
{
// Can we connect to the pipe?
pipe.Connect(50); // Unclear if we need a small buffer time here
pipe.ReadMode = PipeTransmissionMode.Message;
// Turn object into byte array
Byte[] bStruct = ObjectToByteArray(oHookDat);
// Write data
Byte[] ecnHookDat = arrayToAESArray(bStruct);
pipe.Write(ecnHookDat, 0, ecnHookDat.Length);
pipe.Close();
return(true);
}
catch
{
pipe.Close();
return(false);
}
} catch
{
return(false);
}
}
}
public static HOOKDAT AESUnKeyObject(Byte[] bPipeData)
{
// Result object
HOOKDAT oHook = new HOOKDAT();
// Decrypt
Byte[][] aSHAKeyMatt = ComputeSha256KeyMat(sAESKey);
Byte[] bDecrypt = DecryptArrayFromAES256(bPipeData, aSHAKeyMatt[0], aSHAKeyMatt[1]);
if (bDecrypt.Length > 0)
{
try
{
oHook = ByteArrayToObject(bDecrypt);
} catch
{
oHook.iType = 2;
}
}
else
{
oHook.iType = 3;
}
return(oHook);
}
public static HOOKDAT ByteArrayToObject(Byte[] arrBytes)
{
//--- Array structure
// [UInt32 Type]--[UInt32 Size]--[UTF8 sFuncName]--[UInt32 Size]--[Byte[] Hook data]
//---
// Result object
HOOKDAT oHookDat = new HOOKDAT();
// Populate object
oHookDat.iType = BitConverter.ToUInt32(arrBytes, 0);
UInt32 iFuncNameSize = BitConverter.ToUInt32(arrBytes, 4);
oHookDat.sHookFunc = Encoding.UTF8.GetString(arrBytes, 8, (Int32)iFuncNameSize);
UInt32 iDataSize = BitConverter.ToUInt32(arrBytes, 8 + (Int32)iFuncNameSize);
if (oHookDat.iType == 0)
{
oHookDat.sHookData = Encoding.UTF8.GetString(arrBytes, 12 + (Int32)iFuncNameSize, (Int32)iDataSize);
}
else
{
oHookDat.bHookData = new Byte[iDataSize];
Array.Copy(arrBytes, 12 + (Int32)iFuncNameSize, oHookDat.bHookData, 0, iDataSize);
}
return(oHookDat);
}
public static void ListenNamedPipe(Int32 iSeconds)
{
// Set up a timer
Stopwatch tTimer = new Stopwatch();
tTimer.Start();
Console.WriteLine("\n[+] Creating Bates pipe listener..");
Console.WriteLine(@" |_ \\.\pipe\" + sDataPipe);
Console.WriteLine(" |_ " + iSeconds + "s timer");
Console.WriteLine(" |_ Waiting for client");
// Loop
while (tTimer.Elapsed.TotalSeconds < iSeconds)
{
var oPipe = new NamedPipeServerStream(sDataPipe, PipeDirection.InOut, NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Message);
oPipe.WaitForConnection();
Byte[] messageBytes = ReadMessage(oPipe);
// Process data
HOOKDAT oHook = AESUnKeyObject(messageBytes);
if (oHook.iType == 2 || oHook.iType == 3)
{
if (oHook.iType == 2)
{
Console.WriteLine("\n[!] Failed to decrypt pipe data..");
}
else
{
Console.WriteLine("\n[!] Invalid data..");
}
}
else
{
Console.WriteLine("\n[+] Dendron client connected");
Console.WriteLine(" |_ Function : " + oHook.sHookFunc);
if (oHook.iType == 0)
{
Console.WriteLine(" |_ Data Type : String");
Console.WriteLine(" |_ Data : \n\n" + oHook.sHookData);
}
else
{
Console.WriteLine(" |_ Data Type : Byte[]");
Console.WriteLine(" |_ Data : \n\n" + HexDump(oHook.bHookData));
}
}
}
}
public static Byte[] ObjectToByteArray(HOOKDAT oHookDat)
{
//--- Array structure
// [UInt32 Type]--[UInt32 Size]--[UTF8 sFuncName]--[UInt32 Size]--[Byte[] Hook data]
//---
// Create elements
Byte[] bType = BitConverter.GetBytes(oHookDat.iType);
Byte[] bSFunc = Encoding.UTF8.GetBytes(oHookDat.sHookFunc);
Byte[] bISFunc = BitConverter.GetBytes((UInt32)bSFunc.Length);
Byte[] bData;
Byte[] bIData;
if (oHookDat.iType == 0)
{
bData = Encoding.UTF8.GetBytes(oHookDat.sHookData);
bIData = BitConverter.GetBytes((UInt32)bData.Length);
}
else
{
bData = oHookDat.bHookData;
bIData = BitConverter.GetBytes((UInt32)bData.Length);
}
// Make array
UInt32 iArrLen = (UInt32)(bType.Length + bSFunc.Length + bISFunc.Length + bData.Length + bIData.Length);
Byte[] bResArray = new byte[iArrLen];
// Populate array
// --> Kind of ugly but ¯\_(ツ)_/¯
Buffer.BlockCopy(bType, 0, bResArray, 0, bType.Length);
Buffer.BlockCopy(bISFunc, 0, bResArray, bType.Length, bISFunc.Length);
Buffer.BlockCopy(bSFunc, 0, bResArray, bType.Length + bISFunc.Length, bSFunc.Length);
Buffer.BlockCopy(bIData, 0, bResArray, bType.Length + bISFunc.Length + bSFunc.Length, bIData.Length);
Buffer.BlockCopy(bData, 0, bResArray, bType.Length + bISFunc.Length + bSFunc.Length + bIData.Length, bData.Length);
return(bResArray);
}
