static void PrintResults(string moduleName, TEST_FUNC_HOOKS_RESULT[] results) { int errorCount = 0; int containAddress = 0; int noRedirect = 0; foreach (var item in results) { if (!String.IsNullOrEmpty(item.Error)) errorCount++; else if (IsDisamSame(item.EntryDisasm, item.RelocDisasm)) containAddress++; else noRedirect++; } Console.WriteLine(String.Format("{0,-25}{1,15}{2,12}{3,12}{4,15}", moduleName, errorCount, containAddress, noRedirect, (errorCount + containAddress + noRedirect))); }
static void Main(string[] args) { int targetPID = 0; bool is64 = false; System.Diagnostics.Process p = null; if ((args.Length != 1) || !Int32.TryParse(args[0], out targetPID)) { Console.WriteLine(); Console.WriteLine("Usage: TestFuncHooks [processId]"); Console.WriteLine(); if (EasyHook.RemoteHooking.IsX64Process(EasyHook.RemoteHooking.GetCurrentProcessId())) { Console.WriteLine("Current process is 64-bit"); is64 = true; } else { Console.WriteLine("Current process is 32-bit"); } Console.Write("Please enter the target PID (blank for current process): "); if (!Int32.TryParse(Console.ReadLine(), out targetPID)) { targetPID = EasyHook.RemoteHooking.GetCurrentProcessId(); Console.WriteLine("Using current process: " + targetPID); TryGetProcessById(targetPID, out p); } else if (!TryGetProcessById(targetPID, out p)) { Console.WriteLine("Unable to open process: " + targetPID); Console.WriteLine("Press any key to exit"); Console.ReadKey(true); return; } } Console.WriteLine(); if (is64 != EasyHook.RemoteHooking.IsX64Process(p.Id)) { Console.WriteLine("Target process must be " + (is64 ? "64-bit" : "32-bit") + " like current process"); Console.WriteLine("Press any key to exit"); Console.ReadKey(true); return; } Console.WriteLine("Test hooking of DLL exports within process: " + targetPID + " - " + p.ProcessName); Console.WriteLine("-------------------------------------------------------------------------------"); Console.WriteLine(String.Format("{0,-25}{1,15}{2,12}{3,12}{4,15}", "Module", "Unsupported", "Modified", "Unchanged", "Total")); Console.WriteLine("-------------------------------------------------------------------------------"); TEST_FUNC_HOOKS_RESULT[] results; IntPtr resultsPtr = IntPtr.Zero; int resultCount = 0; TEST_FUNC_HOOKS_OPTIONS options = new TEST_FUNC_HOOKS_OPTIONS(); #region 64-bit if (EasyHook.RemoteHooking.IsX64Process(EasyHook.RemoteHooking.GetCurrentProcessId())) { if (!Directory.Exists("EntryPoints64")) { Directory.CreateDirectory("EntryPoints64"); } foreach (System.Diagnostics.ProcessModule module in p.Modules) { options.FilterByName = null; options.Filename = @"EntryPoints64\_" + Path.GetFileNameWithoutExtension(module.FileName) + ".txt"; var moduleName = Path.GetFileName(module.FileName); NativeAPI_Pub_x64.TestFuncHooks(targetPID, moduleName, options, out resultsPtr, out resultCount); if (resultCount > 0) { results = new TEST_FUNC_HOOKS_RESULT[resultCount]; for (var i = 0; i < resultCount; i++) { results[i] = (TEST_FUNC_HOOKS_RESULT)Marshal.PtrToStructure(new IntPtr(resultsPtr.ToInt64() + i * Marshal.SizeOf(typeof(TEST_FUNC_HOOKS_RESULT))), typeof(TEST_FUNC_HOOKS_RESULT)); } NativeAPI_Pub_x64.ReleaseTestFuncHookResults(resultsPtr, resultCount); PrintResults(moduleName, results); } } } #endregion #region 32-bit else { if (!Directory.Exists("EntryPoints32")) { Directory.CreateDirectory("EntryPoints32"); } foreach (System.Diagnostics.ProcessModule module in p.Modules) { options.FilterByName = null; options.Filename = @"EntryPoints32\_" + Path.GetFileNameWithoutExtension(module.FileName) + ".txt"; var moduleName = Path.GetFileName(module.FileName); NativeAPI_Pub_x86.TestFuncHooks(targetPID, moduleName, options, out resultsPtr, out resultCount); if (resultCount > 0) { results = new TEST_FUNC_HOOKS_RESULT[resultCount]; for (var i = 0; i < resultCount; i++) { results[i] = (TEST_FUNC_HOOKS_RESULT)Marshal.PtrToStructure(new IntPtr(resultsPtr.ToInt32() + i * Marshal.SizeOf(typeof(TEST_FUNC_HOOKS_RESULT))), typeof(TEST_FUNC_HOOKS_RESULT)); } NativeAPI_Pub_x86.ReleaseTestFuncHookResults(resultsPtr, resultCount); PrintResults(moduleName, results); } } } #endregion Console.WriteLine("-------------------------------------------------------------------------------"); Console.WriteLine(" Unsupported = # methods not hookable by EasyHook"); Console.WriteLine(" Modified = # methods hookable by modifying one or more instructions"); Console.WriteLine(" Unchanged = # methods hookable by copying instructions unchanged"); Console.WriteLine("-------------------------------------------------------------------------------"); Console.WriteLine("Complete - press any key to exit"); Console.ReadKey(true); }
static void Main(string[] args) { int targetPID = 0; bool is64 = false; System.Diagnostics.Process p = null; if ((args.Length != 1) || !Int32.TryParse(args[0], out targetPID)) { Console.WriteLine(); Console.WriteLine("Usage: TestFuncHooks [processId]"); Console.WriteLine(); if (EasyHook.RemoteHooking.IsX64Process(EasyHook.RemoteHooking.GetCurrentProcessId())) { Console.WriteLine("Current process is 64-bit"); is64 = true; } else Console.WriteLine("Current process is 32-bit"); Console.Write("Please enter the target PID (blank for current process): "); if (!Int32.TryParse(Console.ReadLine(), out targetPID)) { targetPID = EasyHook.RemoteHooking.GetCurrentProcessId(); Console.WriteLine("Using current process: " + targetPID); TryGetProcessById(targetPID, out p); } else if (!TryGetProcessById(targetPID, out p)) { Console.WriteLine("Unable to open process: " + targetPID); Console.WriteLine("Press any key to exit"); Console.ReadKey(true); return; } } Console.WriteLine(); if (is64 != EasyHook.RemoteHooking.IsX64Process(p.Id)) { Console.WriteLine("Target process must be " + (is64 ? "64-bit" : "32-bit") + " like current process"); Console.WriteLine("Press any key to exit"); Console.ReadKey(true); return; } Console.WriteLine("Test hooking of DLL exports within process: " + targetPID + " - " + p.ProcessName); Console.WriteLine("-------------------------------------------------------------------------------"); Console.WriteLine(String.Format("{0,-25}{1,15}{2,12}{3,12}{4,15}", "Module", "Unsupported", "Modified", "Unchanged", "Total")); Console.WriteLine("-------------------------------------------------------------------------------"); TEST_FUNC_HOOKS_RESULT[] results; IntPtr resultsPtr = IntPtr.Zero; int resultCount = 0; TEST_FUNC_HOOKS_OPTIONS options = new TEST_FUNC_HOOKS_OPTIONS(); #region 64-bit if (EasyHook.RemoteHooking.IsX64Process(EasyHook.RemoteHooking.GetCurrentProcessId())) { if (!Directory.Exists("EntryPoints64")) { Directory.CreateDirectory("EntryPoints64"); } foreach (System.Diagnostics.ProcessModule module in p.Modules) { options.FilterByName = null; options.Filename = @"EntryPoints64\_" + Path.GetFileNameWithoutExtension(module.FileName) + ".txt"; var moduleName = Path.GetFileName(module.FileName); NativeAPI_Pub_x64.TestFuncHooks(targetPID, moduleName, options, out resultsPtr, out resultCount); if (resultCount > 0) { results = new TEST_FUNC_HOOKS_RESULT[resultCount]; for (var i = 0; i < resultCount; i++) { results[i] = (TEST_FUNC_HOOKS_RESULT)Marshal.PtrToStructure(new IntPtr(resultsPtr.ToInt64() + i * Marshal.SizeOf(typeof(TEST_FUNC_HOOKS_RESULT))), typeof(TEST_FUNC_HOOKS_RESULT)); } NativeAPI_Pub_x64.ReleaseTestFuncHookResults(resultsPtr, resultCount); PrintResults(moduleName, results); } } } #endregion #region 32-bit else { if (!Directory.Exists("EntryPoints32")) { Directory.CreateDirectory("EntryPoints32"); } foreach (System.Diagnostics.ProcessModule module in p.Modules) { options.FilterByName = null; options.Filename = @"EntryPoints32\_" + Path.GetFileNameWithoutExtension(module.FileName) + ".txt"; var moduleName = Path.GetFileName(module.FileName); NativeAPI_Pub_x86.TestFuncHooks(targetPID, moduleName, options, out resultsPtr, out resultCount); if (resultCount > 0) { results = new TEST_FUNC_HOOKS_RESULT[resultCount]; for (var i = 0; i < resultCount; i++) { results[i] = (TEST_FUNC_HOOKS_RESULT)Marshal.PtrToStructure(new IntPtr(resultsPtr.ToInt32() + i * Marshal.SizeOf(typeof(TEST_FUNC_HOOKS_RESULT))), typeof(TEST_FUNC_HOOKS_RESULT)); } NativeAPI_Pub_x86.ReleaseTestFuncHookResults(resultsPtr, resultCount); PrintResults(moduleName, results); } } } #endregion Console.WriteLine("-------------------------------------------------------------------------------"); Console.WriteLine(" Unsupported = # methods not hookable by EasyHook"); Console.WriteLine(" Modified = # methods hookable by modifying one or more instructions"); Console.WriteLine(" Unchanged = # methods hookable by copying instructions unchanged"); Console.WriteLine("-------------------------------------------------------------------------------"); Console.WriteLine("Complete - press any key to exit"); Console.ReadKey(true); }