static void Main(string[] args)
{
spyMgr = new NktSpyMgr();
if (spyMgr.Initialize() < 0)
{
Console.WriteLine("ERROR: Cannot initialize Deviare engine");
return;
}
spyMgr.OnCreateProcessCall += new DNktSpyMgrEvents_OnCreateProcessCallEventHandler(spyMgr_OnCreateProcessCall);
spyMgr.OnLoadLibraryCall += new DNktSpyMgrEvents_OnLoadLibraryCallEventHandler(spyMgr_OnLoadLibraryCall);
KillRunningInternetExplorerInstances();
if (LaunchAndHookInternetExplorer() == false)
{
Console.WriteLine("ERROR: Unable to launch Microsoft Internet Explorer");
return;
}
Console.Write("Close IE or press any key to quit...");
while (procIE.get_IsActive(100) != false)
{
if (Console.KeyAvailable != false)
{
Console.ReadKey(true);
break;
}
}
Console.WriteLine("");
}
void InitializeDeviare()
{
spyMgr.LicenseKey = @"PGluZm8+PHByb2ROYW1lPmRldmlhcmU8L3Byb2ROYW1lPjx1c2VyTmFtZT5IaXNoYW0gR2FsYWw8
L3VzZXJOYW1lPjx1c2VyRU1haWw+SGlzaGFtLmdhbGFsQGZjaS5hdS5lZHUuZWc8L3VzZXJFTWFp
bD48bGljVHlwZT5lZHVjYXRpb25hbDwvbGljVHlwZT48bGljQ291bnQ+MTwvbGljQ291bnQ+PGV4
cERhdGU+MjAxNjAxMjY8L2V4cERhdGU+PGJ1eURhdGU+MjAxNTAxMjY8L2J1eURhdGU+PC9pbmZv
Pg==|a+PI/2JGEpdWe/AssUkIDODT4CXMUokcW2138BJoKXmBuAPmr/ecRV1Lo8Rp+OUJE2rL2np
qV7tx2xWFhyIIWajViZAOjj27/xT8zQRJsMBtE0jl610WxEpwWX7GM7LbQbxxkCPvaqIusopKCqF
x3yIbTcSKUN8WMWHsHtXU4wjL2N/2rOIjDRLu9Qpwk6QdxPDRpOCb5fSCb/cZWdPlznGO0Mpi4Ke
BiJiEni3Z/LGwlsNOhOP0w2ZCito2iO1llutAbYXAzyDG+qbc6+NmOIPBL9PAHz+KkyATlEW3MfL
7BjRSuCRGplwc+QRrNql4kKbDu3f1CXKURnNIUy/PFQ==";
spyMgr.Initialize();
hookCollection = spyMgr.CreateHooksCollection();
flags |= eNktHookFlags.flgAutoHookChildProcess;
flags |= eNktHookFlags.flgAutoHookActive;
flags |= eNktHookFlags.flgOnlyPostCall;
HookManager.Reports.Clear();
foreach (string function in HookManager.Handlers.Keys)
{
NktHook hook = spyMgr.CreateHook(function, (int)(flags));
hookCollection.Add(hook);
}
spyMgr.OnFunctionCalled += (h, p, c) => { HookManager.Handlers[h.FunctionName](h, p, c); };
InitializedEvent.Set();
}
static void Main(string[] args)
{
Int32 notepadPID;
spyMgr = new NktSpyMgr();
if (spyMgr.Initialize() < 0)
{
Console.WriteLine("Cannot initialize Deviare");
return;
}
notepadPID = LaunchNotepadAndGetPid();
if (notepadPID == 0)
{
Console.WriteLine("Cannot launch notepad.");
return;
}
//in first place, hook DllGetClassObject of the target dll/ocx
hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
hookDllGetClassObj.Attach(notepadPID, true);
hookDllGetClassObj.Hook(true);
hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;
Console.WriteLine("Press ESCAPE key to quit...");
while (Console.ReadKey(true).KeyChar != 27);
}
static void Main(string[] args)
{
Int32 notepadPID;
spyMgr = new NktSpyMgr();
if (spyMgr.Initialize() < 0)
{
Console.WriteLine("Cannot initialize Deviare");
return;
}
notepadPID = LaunchNotepadAndGetPid();
if (notepadPID == 0)
{
Console.WriteLine("Cannot launch notepad.");
return;
}
//in first place, hook DllGetClassObject of the target dll/ocx
hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
hookDllGetClassObj.Attach(notepadPID, true);
hookDllGetClassObj.Hook(true);
hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;
Console.WriteLine("Press ESCAPE key to quit...");
while (Console.ReadKey(true).KeyChar != 27)
{
;
}
}
public void WorkThreadFunction()
{
_spyMgr = new NktSpyMgr();
_spyMgr.LicenseKey = Properties.Resources.License;
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
}
public void Initialize()
{
if (_spyMgr.Initialize() != 0)
{
throw new SpyMgrInitializationException();
}
}
public void WorkThreadFunction()
{
_spyMgr = new NktSpyMgr();
_spyMgr.LicenseKey = Properties.Resources.License;
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
}
public Form1()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
}
public Form1()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
}
public Form1()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
_process = _spyMgr.CreateProcess(@"C:\Program Files\Microsoft Games\Chess\Chess.exe", true, out continueevent);
}
public ProcessWatcher()
{
pWatcher = this;
this.UI = FormInterface.GetInstance();
//Initialize spy manager
spyMgr = new NktSpyMgr();
spyMgr.Initialize();
//Keeps all the hookmanagers with their process IDs
hManagers = new Dictionary <int, HookManager>();
}
public Form1()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
_process = _spyMgr.CreateProcess(@"C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Samples\C++\Direct3D\Bin\x86\SkinnedMesh.exe", true, out continueevent);
}
public bool InitializeSpyMgr()
{
int res = spyMgr.Initialize();
if (res == 0)
{
spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
return(true);
}
return(false);
}
private void InitializeDeviare()
{
_manager.Initialize();
_manager.OnProcessStarted += HandleStartedProcess;
_manager.OnProcessTerminated += HandleTerminatedProcess;
_manager.OnFunctionCalled += HandleFuncionCall;
_manager.OnHookStateChanged += HandleHookStateChanged;
_manager.OnAgentLoad += HandleAgentLoad;
_deviareInitializedEvent.Set();
}
public PrintLogger()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
GetProcess("spoolsv.exe");
if (_process == null)
{
MessageBox.Show("Please start \"spoolsv.exe\" before!", "Error");
Environment.Exit(0);
}
}
public PrintLogger()
{
InitializeComponent();
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
GetProcess("spoolsv.exe");
if (_process == null)
{
MessageBox.Show("Please start \"spoolsv.exe\" before!", "Error");
Environment.Exit(0);
}
}
public WriteFileHooker(string proccessName)
{
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
_spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnWriteFileCalled);
GetProcess(proccessName);
if (_process == null)
{
//TODO: 没有监听进程时怎么办
//Environment.Exit(0);
throw new Exception("没找到进程" + proccessName);
}
NktHook hook = _spyMgr.CreateHook("Kernel32.dll!WriteFile", (int)(eNktHookFlags.flgOnlyPostCall & eNktHookFlags.flgRestrictAutoHookToSameExecutable));
hook.Hook(true);
hook.Attach(_process, true);
processHandle = WinApi.OpenProcess(WinEnum.PROCESS_WM_READ | WinEnum.PROCESS_DUP_HANDLE, false, _process.Id);
}
public DvPrinter()
{
_spyMgr = new NktSpyMgr();
_spyMgr.Initialize();
}
