public void Run(RemoteHooking.IContext InContext, String InChannelName)
{
// install hook...
try
{
recvHook = LocalHook.Create(
LocalHook.GetProcAddress("Ws2_32.dll", "recv"),
new Drecv(recv_Hooked),
this);
recvHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
sendHook = LocalHook.Create(
LocalHook.GetProcAddress("Ws2_32.dll", "send"),
new Dsend(send_Hooked),
this);
sendHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
remoteInterface.ExceptionHandler(ExtInfo);
return;
}
remoteInterface.IsInstalled(RemoteHooking.GetCurrentProcessId());
try
{
RemoteHooking.WakeUpProcess();
}
catch (Exception ex)
{
remoteInterface.ExceptionHandler(ex);
}
while (true)
{
Thread.Sleep(1000);
}
}
public void Run(RemoteHooking.IContext InContext, String InChannelName)
{
try
{
Interface = RemoteHooking.IpcConnectClient <RemoteMon>(InChannelName);
ChannelName = InChannelName;
}
catch (Exception ex)
{
throw ex;
}
try
{
MessageBoxExWHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "MessageBoxExW"), new WindowsAPI.TMessageBoxEx(MessageBoxEx_Hooked), this);
MessageBoxExWHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
MessageBoxExAHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "MessageBoxExA"), new WindowsAPI.TMessageBoxEx(MessageBoxEx_Hooked), this);
MessageBoxExAHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
MessageBoxWHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "MessageBoxW"), new WindowsAPI.TMessageBox(MessageBox_Hooked), this);
MessageBoxWHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
MessageBoxAHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "MessageBoxA"), new WindowsAPI.TMessageBox(MessageBox_Hooked), this);
MessageBoxAHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
CreateFileHookW = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new WindowsAPI.TCreateFile(CreateFile_Hooked), this);
CreateFileHookW.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
CreateFileHookA = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateFileA"), new WindowsAPI.TCreateFile(CreateFile_Hooked), this);
CreateFileHookA.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
CreateProcessHookW = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateProcessW"), new WindowsAPI.TCreateProcess(CreateProcess_Hooked), this);
CreateProcessHookW.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
CreateProcessHookA = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateProcessA"), new WindowsAPI.TCreateProcess(CreateProcess_Hooked), this);
CreateProcessHookA.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
WriteFileHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "WriteFile"), new WindowsAPI.TWriteFile(WriteFile_Hooked), this);
WriteFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
WriteFileHookEx = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "WriteFileEx"), new WindowsAPI.TWriteFileEx(WriteFileEx_Hooked), this);
WriteFileHookEx.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
SetWindowsHookExWHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "SetWindowsHookExW"), new WindowsAPI.TSetWindowsHookEx(SetWindowsHookEx_Hooked), this);
SetWindowsHookExWHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
SetWindowsHookExAHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "SetWindowsHookExA"), new WindowsAPI.TSetWindowsHookEx(SetWindowsHookEx_Hooked), this);
SetWindowsHookExAHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
BitBltHook = LocalHook.Create(LocalHook.GetProcAddress("gdi32.dll", "BitBlt"), new WindowsAPI.TBitBlt(BitBlt_Hooked), this);
BitBltHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
throw ExtInfo;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
while (true)
{
Thread.Sleep(1000);
}
}
public Main(IContext InContext, String InChannelName) {
Interface = IpcConnectCLient<RemoteMon>(InChannelName);
channelName = InChannelName;
Interface.IsInstalled(GetCurrentProcessId());
}