Esempio n. 1
0
        private static bool LaunchAndHookInternetExplorer()
        {
            object continueEvent;
            string sExeName;

            sExeName = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
            sExeName = "\"" + sExeName + "\\Internet Explorer\\iexplore.exe\" http://www.google.com";
            procIE   = spyMgr.CreateProcess(sExeName, true, out continueEvent);
            if (procIE == null)
            {
                return(false);
            }

            spyMgr.LoadAgent(procIE);

            spyMgr.ResumeProcess(procIE, continueEvent);
            return(true);
        }
Esempio n. 2
0
        public void Start(ProcessToBeHookedOnStart aProcess, Action <IRunningProcess> onBeforeProcessStarts)
        {
            object continueEvent;
            var    newSuspendedProcess = _manager.CreateProcess(aProcess.Path, true, out continueEvent);

            var processWasCreatedSuccessfully = newSuspendedProcess != null && Convert.ToUInt64(continueEvent.ToString()) != 0;

            if (!processWasCreatedSuccessfully)
            {
                return;
            }

            var processToBeRun = CreateConsoleProcessFrom(newSuspendedProcess);

            onBeforeProcessStarts(processToBeRun);

            _manager.ResumeProcess(newSuspendedProcess, continueEvent);
        }
Esempio n. 3
0
        private void btnHook_Click(object sender, EventArgs e)
        {
            VTBL vtbl = VTableList.ElementAt(listBoxVTBL.SelectedIndex);

            for (int a = 0; a < vtbl.ValuesList.Count; a++)
            {
                NktHook hook = _spyMgr.CreateHookForAddress(_process, (IntPtr)vtbl.ValuesList.ElementAt(a), "",
                                                            (int)
                                                            (eNktHookFlags.flgOnlyPreCall |
                                                             eNktHookFlags.flgDontCheckAddress));
                hook.Hook(true);
            }


            if (checkSuspended.Checked)
            {
                _spyMgr.ResumeProcess(_process, ContinueEvent);
            }
        }
Esempio n. 4
0
        public List <APIUnit> InterceptAPIs(string path, int durationSeconds)
        {
            Begin();
            object     o;
            NktProcess nktProcess = spyMgr.CreateProcess(path, true, out o);

            if (nktProcess != null)
            {
                lstIDs.Add(nktProcess.Id);
                HookManager.Modules.Add(nktProcess.Name.ToUpper());
                hookCollection.Attach(nktProcess, true);
                spyMgr.OnProcessStarted    += spyMgr_OnProcessStarted;
                spyMgr.OnProcessTerminated += spyMgr_OnProcessTerminated;
                spyMgr.ResumeProcess(nktProcess, o);
                EndAfter(durationSeconds);
                spyMgr.OnProcessStarted    -= spyMgr_OnProcessStarted;
                spyMgr.OnProcessTerminated -= spyMgr_OnProcessTerminated;
            }
            return(HookManager.Reports.ToList());
        }