Esempio n. 1
0
        //[UnmanagedFunctionPointer(CallingConvention.Cdecl,
        //        CharSet = CharSet.Unicode,
        //        SetLastError = true)]
        //unsafe delegate Int64 MessagePrintf_Delegate(void* a1, int ba2, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder message, int a3);

        //MessagePrintf_Delegate originalMethod = null;
        //MessagePrintf_Delegate originalMethodByPass = null;

        //unsafe Int64 MyMessagePrintf(void* a1, int a2, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder message, int a3)
        //{
        //    Native.MessageBeep((uint)Native.BeepType.Asterisk);
        //    //lock (this._messageQueue)
        //    //{
        //    //    if (this._messageQueue.Count < 1000)
        //    //    {
        //    //        // Add message to send to FileMonitor
        //    //        this._messageQueue.Enqueue(message.ToString());
        //    //    }
        //    //}
        //    _server.ReportMessage(0, "procaddress:" + message.ToString());
        //    return originalMethod(a1, a2, message, a3);
        //}


        #endregion


        unsafe IntPtr FindThePrintFunction(Native.ModuleInformation moduleInformation, byte[] signature)
        {
            byte *baseAddr = (byte *)moduleInformation.lpBaseOfDll;
            uint  dllSize  = moduleInformation.SizeOfImage;
            uint  i        = 0;

            for (; i < dllSize; i++)
            {
                for (int j = 0; j < (sizeof(byte) * signature.Length); j++)
                {
                    if (*(baseAddr + j) != signature[j])
                    {
                        break;
                    }

                    if (j == (sizeof(byte) * signature.Length) - 1)
                    {
                        return((IntPtr)baseAddr);
                    }
                }
                baseAddr++;
            }
            _server.ReportMessage(0, "failed!!");
            return(IntPtr.Zero);
        }
Esempio n. 2
0
        unsafe public void Run(EasyHook.RemoteHooking.IContext context, string channelName)
        {
            string s  = dllpurpose;
            int    id = EasyHook.RemoteHooking.GetCurrentProcessId();

            _server.HookIsInstalled(id);
            EasyHook.LocalHook chatMessageFunctionHook = null;
            try
            {
                Native.ModuleInformation moduleInformation = new Native.ModuleInformation();
                var size = Convert.ToUInt32(Marshal.SizeOf(typeof(Native.ModuleInformation)));
                Native.GetModuleInformation(Process.GetCurrentProcess().Handle, Native.GetModuleHandle("client.dll"), out moduleInformation, size);
                var pointer = FindThePrintFunction(moduleInformation, messageSignature);
                originalMethod = Marshal.GetDelegateForFunctionPointer <DotaChatFunction_Delegate>(pointer);

                chatMessageFunctionHook = EasyHook.LocalHook.Create(
                    pointer,
                    new DotaChatFunction_Delegate(MyDotaChatFunction),
                    this);
                chatMessageFunctionHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
                originalMethodByPass = Marshal.GetDelegateForFunctionPointer <DotaChatFunction_Delegate>(chatMessageFunctionHook.HookBypassAddress);


                _server.ReportMessage(id, "Local Hook Installation complete.");

                try
                {
                    // Loop until FileMonitor closes (i.e. IPC fails)
                    while (true)
                    {
                        System.Threading.Thread.Sleep(500);

                        string[] queued = null;

                        lock (_messageQueue)
                        {
                            queued = _messageQueue.ToArray();
                            _messageQueue.Clear();
                        }

                        // Send newly monitored file accesses to FileMonitor
                        if (queued != null && queued.Length > 0)
                        {
                            _server.ReportChatMessages(queued);
                        }
                        else
                        {
                            _server.Ping();
                        }
                    }
                }
                catch (Exception ex)
                {
                    // Ping() or ReportMessages() will raise an exception if host is unreachable
                    try
                    {
                        _server.ReportException(ex);
                    }
                    catch
                    {
                    }
                }
            }
            catch (Exception ex)
            {
                _server.ReportException(ex);
            }
            finally
            {
                try
                {
                    if (chatMessageFunctionHook != null)
                    {
                        chatMessageFunctionHook.Dispose();
                    }

                    EasyHook.LocalHook.Release();
                }
                catch (Exception ex)
                {
                    _server.ReportException(ex);
                }
            }
        }