コード例 #1
0
ファイル: WardenBuster.cs プロジェクト: zgbjmy2009/SpellFire 
        private bool FixOverlappingModifications(IntPtr scanAddress, int size)
        {
            Int32 scanStart = scanAddress.ToInt32();
            Int32 scanEnd   = scanAddress.ToInt32() + size;

            Int32 modStart = Offset.Function.InvalidPtrCheck;

            /*
             *      detoured x86 functions have first 5 bytes changed to
             *      JMP/CALL opcode and 4 bytes of jump address
             *
             *      i.e. for JMP
             *      0xE9 AddressByte[0] AddressByte[1] AddressByte[2] AddressByte[3]
             *
             */
            Int32 modEnd = Offset.Function.InvalidPtrCheck + 5;

            if (scanEnd > modStart)
            {
                if (scanEnd < modEnd || scanStart < modEnd)
                {
                    hc.PrintMessage($"Warden[{DateTime.Now}] Preventing scan at 0x{scanStart:X}, size {size}. Unhooking...");

                    commandHandler.DestroyLuaEventFrameHandler_W();
                    invalidPtrCheckPatch.Dispose();
                    LocalHook.Release();
                    return(true);
                }
            }

            return(false);
        }
コード例 #2
0
ファイル: WardenBuster.cs プロジェクト: KKovs/SpellFire 
        private bool VirtualProtectPatchHandler(IntPtr lpAddress, UIntPtr dwSize, SystemWin32.MemoryProtection flNewProtect,
                                                ref uint lpflOldProtect)
        {
            if (flNewProtect == SystemWin32.MemoryProtection.PAGE_EXECUTE_READ)
            {
                IntPtr wardenMemoryScan =
                    FindWardenSignature(lpAddress.GetUIntPtr(), dwSize.ToUInt32(), WardenScanMemoryCode);
                if (wardenMemoryScan != IntPtr.Zero)
                {
                    hc.PrintMessage($"Found Warden Memory Scan function at 0x{wardenMemoryScan.ToInt32():X}, offset from base module: 0x{(wardenMemoryScan.ToInt32() - lpAddress.ToInt32()):X}");

                    wardenScanPatch?.Dispose();
                    PatchWardenScan(wardenMemoryScan);
                }

                IntPtr wardenPageCheck = FindWardenSignature(lpAddress.GetUIntPtr(), dwSize.ToUInt32(), WardenPageCheckCode);
                if (wardenPageCheck != IntPtr.Zero)
                {
                    hc.PrintMessage($"Found Warden Page Check code at 0x{wardenPageCheck.ToInt32():X}, offset from base module: 0x{(wardenPageCheck.ToInt32() - lpAddress.ToInt32()):X}");
                    wardenPageCheckPatch?.Dispose();
                    wardenPageCheckPatch = new PageCheckHook(memory, PageCheckPatchHandler, wardenPageCheck);
                }

                if (wardenMemoryScan != IntPtr.Zero || wardenPageCheck != IntPtr.Zero)
                {
                    hc.PrintMessage($"Warden base module starts at 0x{lpAddress.ToInt32():X}, size {dwSize.ToUInt32()}");
                }
            }


            return(originalVirtualProtect(lpAddress, dwSize, flNewProtect, ref lpflOldProtect));
        }
コード例 #3
0
        public void SetHookState(bool request)
        {
            if (request)
            {
                if (ShellExecuteExHook != null)
                {
                    SetHookState(false);
                }

                ShellExecuteExHook = LocalHook.Create(
                    LocalHook.GetProcAddress("shell32.dll", "ShellExecuteExW"),
                    new DShellExecuteEx(ShellExecuteEx_Hooked), this);

                ShowWindowHook = LocalHook.Create(
                    LocalHook.GetProcAddress("user32.dll", "ShowWindow"),
                    new DShowWindow(ShowWindow_Hooked), this);

                ResetHookAcl(HookManager.HookingThreadIds.ToArray());
            }
            else
            {
                if (ShellExecuteExHook != null)
                {
                    ShellExecuteExHook.Dispose();
                    ShellExecuteExHook = null;
                }
                if (ShowWindowHook != null)
                {
                    ShowWindowHook.Dispose();
                    ShowWindowHook = null;
                }
            }
        }
コード例 #4
0
        /// <summary>
        /// Just ensures that the surface we created is cleaned up.
        /// </summary>
        public override void Cleanup()
        {
            try
            {
                if (Direct3DDevice_EndSceneHook != null)
                {
                    Direct3DDevice_EndSceneHook.Dispose();
                    Direct3DDevice_EndSceneHook = null;
                }
                if (Direct3DDevice_ResetHook != null)
                {
                    Direct3DDevice_ResetHook.Dispose();
                    Direct3DDevice_ResetHook = null;
                }

                lock (_lockRenderTarget)
                {
                    if (_renderTarget != null)
                    {
                        _renderTarget.Dispose();
                        _renderTarget = null;
                    }

                    Request = null;
                }
            }
            catch
            {
            }
        }
コード例 #5
0
ファイル: Class1.cs プロジェクト: laomms/RemoteHookCSharp 
        public void Run(
            RemoteHooking.IContext InContext,
            String InChannelName)
        {
            // install hook...
            Hook = LocalHook.Create(
                LocalHook.GetProcAddress("user32.dll", "SetWindowTextW"),
                new DSetWindowText(SetWindowText_Hooked),
                this);

            Hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

            try
            {
                while (true)
                {
                    Thread.Sleep(500);
                }
            }
            catch (Exception e)
            {
                Interface.ReportException(e);
            }

            Hook.Dispose();
            LocalHook.Release();
        }
コード例 #6
0
        public void Run(RemoteHooking.IContext context, GlobalConfig config)
        {
            LocalHook endScenePatch = null;

            try
            {
                endScenePatch = LocalHook.Create(
                    IntPtr.Zero + Offset.Function.EndScene,
                    new CommandCallback.EndScene(commandHandler.EndScenePatch),
                    this);

                endScenePatch.ThreadACL.SetExclusiveACL(new Int32[] { });
            }
            catch (Exception e)
            {
                ctrlInterface.hostControl.PrintMessage(e.ToString());
            }

            /* keep the remote from unloading */
            while (remoteMainOn)
            {
                Thread.Sleep(5000);
            }

            commandHandler?.Dispose();
            endScenePatch?.Dispose();
            wardenBuster?.Dispose();
        }
コード例 #7
0
        public void Run(IContext context, string channelName, int redirectionPort)
        {
            _interface.NotifyInstalled(Process.GetCurrentProcess().ProcessName);

            try
            {
                _connectHook = LocalHook.Create(
                    LocalHook.GetProcAddress("Ws2_32.dll", "connect"),
                    new WinsockConnectDelegate(_onConnect), this);

                _connectHook.ThreadACL.SetExclusiveACL(new[] { 0 });
            }
            catch (Exception ex) { _interface.Error(ex); }

            WakeUpProcess();

            try
            {
                while (true)
                {
                    Thread.Sleep(500);
                    _interface.Ping();
                }
            }
            catch
            {
                _connectHook.Dispose();

                LocalHook.Release();
            }
        }
コード例 #8
0
ファイル: Program.cs プロジェクト: mazalet/UseEasyHook 
        public static void Main(string[] args)
        {
            var exeToLaunch = ArgumentGetter.Instance.GetValueFromArguments(args, "ExeToLaunch");

            exeToLaunch = string.Format(exeToLaunch, Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location),
#if DEBUG
                                        "Debug"
#else
                                        "Release"
#endif
                                        );
            var       exeArguments = ArgumentGetter.Instance.GetValueFromArguments(args, "ExeArguments");
            LocalHook hook         = null;
            _noHook = ArgumentGetter.Instance.GetValueFromArguments(args, "NoHook") == "true";
            if (!_noHook)
            {
                object createProcessWHooker;
                var    type = EventHandlerInjector.AttachHandlerToEventDynamically(_dllWithHook, "CreateProcessWHooker", "MethodHookedEvent", typeof(Program),
                                                                                   "CreateProcessWHooker_ProcessCreated", null, out createProcessWHooker);
                var memberInfo = type.GetMethod("CreateHook");
                Debug.Assert(memberInfo != null, "memberInfo != null");
                hook = (LocalHook)memberInfo.Invoke(createProcessWHooker, new object[0]);
            }

            DoCreateProcessW(exeToLaunch, exeArguments);

            Console.Write("\nPress <enter> to uninstall hook and exit.");
            Console.ReadLine();
            hook?.Dispose();
            Console.ReadLine();
        }
コード例 #9
0
        public override void Cleanup()
        {
            try
            {
                if (DXGISwapChain_PresentHook != null)
                {
                    DXGISwapChain_PresentHook.Dispose();
                    DXGISwapChain_PresentHook = null;
                }
                if (DXGISwapChain_ResizeTargetHook != null)
                {
                    DXGISwapChain_ResizeTargetHook.Dispose();
                    DXGISwapChain_ResizeTargetHook = null;
                }

                if (_overlayEngine != null)
                {
                    _overlayEngine.Dispose();
                    _overlayEngine = null;
                }

                //this.Request = null;
            }
            catch
            {
            }
        }
コード例 #10
0
ファイル: EntryPoint.cs プロジェクト: Shynd/OHook 
        public void Run(RemoteHooking.IContext contect, string channelName)
        {
            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

            // Install hooks

            // CreateFile https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
            CreateFileHook = LocalHook.Create(
                LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
                new CreateFile_Delegate(CreateFile_Hook),
                this
                );


            // Activate hooks on all threads except the current thread.
            CreateFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 });


            Interface.ReportMessage("Hook 'CreateFile' has been installed");

            RemoteHooking.WakeUpProcess();

            try
            {
                // Loop until the loader closes (i.e. IPC fails)
                while (true)
                {
                    Thread.Sleep(500);

                    string[] queued = null;

                    lock (_messageQueue)
                    {
                        queued = _messageQueue.ToArray();
                        _messageQueue.Clear();
                    }

                    if (queued != null && queued.Length > 0)
                    {
                        Interface.ReportMessages(queued);
                    }
                    else
                    {
                        Interface.Ping();
                    }
                }
            }
            catch
            {
                // Ping() or ReportMessages() will raise an exception if host is unreachable.
            }

            // Remove hooks
            CreateFileHook.Dispose();


            // Finalize cleanup of hooks
            LocalHook.Release();
        }
コード例 #11
0
ファイル: WardenBuster.cs プロジェクト: zgbjmy2009/SpellFire 
 public void Dispose()
 {
     invalidPtrCheckPatch.Dispose();
     virtualProtectPatch.Dispose();
     wardenScanPatch.Dispose();
     wardenPageCheckPatch.Dispose();
     LocalHook.Release();
 }
コード例 #12
0
ファイル: HookerBase.cs プロジェクト: mazalet/UseEasyHook 
 public virtual void Dispose()
 {
     if (Hook != null)
     {
         Hook.Dispose();
         Hook = null;
     }
 }
コード例 #13
0
        public static void Uninstall()
        {
            if (load_dll_hook != null)
            {
                load_dll_hook.Dispose();
                load_dll_hook = null;
            }

            if (luaL_newstate_hook != null)
            {
                luaL_newstate_hook.Dispose();
                luaL_newstate_hook = null;
            }

            if (lua_close_hook != null)
            {
                lua_close_hook.Dispose();
                lua_close_hook = null;
            }

            if (luaL_ref_hook != null)
            {
                luaL_ref_hook.Dispose();
                luaL_ref_hook = null;
            }

            if (luaL_unref_hook != null)
            {
                luaL_unref_hook.Dispose();
                luaL_unref_hook = null;
            }

            if (luaL_loadbuffer_hook != null)
            {
                luaL_loadbuffer_hook.Dispose();
                luaL_loadbuffer_hook = null;
            }

            if (toluaL_ref_hook != null)
            {
                toluaL_ref_hook.Dispose();
                toluaL_ref_hook = null;
            }

            if (toluaL_unref_hook != null)
            {
                toluaL_unref_hook.Dispose();
                toluaL_unref_hook = null;
            }

            if (lua_error_hook != null)
            {
                lua_error_hook.Dispose();
                lua_error_hook = null;
            }
        }
コード例 #14
0
    public void Dispose()
    {
        // Dispose of the EasyHook handle.
        transferHook.Dispose();

        // Dispose of our GC handles, this will allow the delegates to be collected.
        produceHandle.Free();
        getTypeHandle.Free();
        constructorHandle.Free();
    }
コード例 #15
0
        public void Run(RemoteHooking.IContext context, string channelName)
        {
            server.IsInjected(RemoteHooking.GetCurrentProcessId());

            server.ReportMessage("Setting up hook...");
            loadScriptHook = LocalHook.Create(
                IntPtr.Add(baseAddr, 0xBBF000),
                new LoadScript_delegate(LoadScript_hook),
                this
                );

            loadScriptHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
            var addr = IntPtr.Add(baseAddr, 0xBBF000);

            messageQueue.Enqueue(string.Format("Added hook to {0:X}!", (int)addr));

            try
            {
                while (true)
                {
                    System.Threading.Thread.Sleep(500);
                    string[] queue;

                    lock (messageQueue)
                    {
                        queue = messageQueue.ToArray();
                        messageQueue.Clear();
                    }

                    foreach (string message in queue)
                    {
                        server.ReportMessage(message);
                    }
                    server.Ping();
                }
            }
            catch
            {
                loadScriptHook.Dispose();
            }

            loadScriptHook.Dispose();
        }
コード例 #16
0
        public void Dispose()
        {
            if (_hook == null)
            {
                return;
            }

            _hook.Dispose();
            _hook = null;
        }
コード例 #17
0
 public void Dispose()
 {
     //Dispose hook
     if (hook != null)
     {
         log.Info("Disposing hook");
         hook.Dispose();
         hook = null;
     }
 }
コード例 #18
0
ファイル: Hook.cs プロジェクト: seojoonha/Naldthal 
        public static void Release()
        {
            _getItemTooltipDescriptionHook.Dispose();
            LocalHook.Release();

            foreach (var buffer in CachedBufferAddrs.Values)
            {
                Marshal.FreeHGlobal(buffer);
            }
        }
コード例 #19
0
        void RealDispose()
        {
            if (_disposed)
            {
                return;
            }

            _disposed = true;

            _hook?.Dispose();
        }
コード例 #20
0
        public void Cleanup()
        {
            // Remove hooks
            GetControllerStateHook.Dispose();
            GetControllerStateWithPoseHook.Dispose();
            PollNextEventHook.Dispose();
            PollNextEventWithPoseHook.Dispose();

            // Finalise cleanup of hooks
            LocalHook.Release();
        }
コード例 #21
0
        public void Dispose()
        {
            if (_disposed)
            {
                return;
            }

            _hook?.Dispose();
            _timer?.Dispose();
            _disposed = true;
        }
コード例 #22
0
        public void Run(RemoteHooking.IContext context, string channelName)
        {
            _pid         = RemoteHooking.GetCurrentProcessId();
            _processName = Path.GetFileName(Process.GetProcessById(_pid).MainModule.FileName);

            _server.SetPid(_pid);

            Log($"Injected Focus Steal Blocker Hook into process {GetProcessDescription()}");

            LocalHook setForegroundWindowHook = LocalHook.Create(
                LocalHook.GetProcAddress("User32.dll", "SetForegroundWindow"),
                new SetForegroundWindow_Delegate(SetForegroundWindow_Hook),
                this);

            setForegroundWindowHook.ThreadACL.SetExclusiveACL(new[] { 0 });

            Log($"SetForegroundWindow hook installed for {GetProcessDescription()}");

            RemoteHooking.WakeUpProcess();

            try
            {
                while (_server != null && !_server.ShouldAbort())
                {
                    Thread.Sleep(500);

                    string[] queued;

                    lock (_messageQueue)
                    {
                        queued = _messageQueue.ToArray();
                        _messageQueue.Clear();
                    }

                    if (queued.Length > 0)
                    {
                        foreach (string message in queued)
                        {
                            Log(message);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                Log(ex.ToString());
            }

            // Remove hooks
            setForegroundWindowHook.Dispose();

            // Finalise cleanup of hooks
            LocalHook.Release();
        }
コード例 #23
0
        /// <summary>
        /// Cancel SuperMemo's splash screen then unload the hook
        /// </summary>
        /// <param name="inHwnd">The window handle</param>
        /// <param name="inNCmdShow">The display mode</param>
        /// <returns></returns>
        private bool ShowWindow_Hooked(IntPtr inHwnd, int inNCmdShow)
        {
            if (inNCmdShow == SwShowNormal)
            {
                _showWindowHook.Dispose();
                _showWindowHook = null;

                return(true);
            }

            return(Win32.ShowWindow(inHwnd, inNCmdShow));
        }
コード例 #24
0
 public override void Cleanup()
 {
     try
     {
         DXGISwapChain_PresentHook.Dispose();
         DXGISwapChain_ResizeTargetHook.Dispose();
         this.Request = null;
     }
     catch
     {
     }
 }
コード例 #25
0
        internal static void InstallHooks()
        {
            if (_hooksInstalled)
            {
                return;
            }

            var sbr = new ScrollBarRenderer();
            var ttr = new ToolTipRenderer();
            var tvr = new TreeViewRenderer();

            _themeRenderers[sbr.HTheme] = sbr;
            _themeRenderers[ttr.HTheme] = ttr;
            _themeRenderers[tvr.HTheme] = tvr;

            try
            {
                (_getSysColorHook, GetSysColorOriginal) = InstallHook <GetSysColorDelegate>(
                    "user32.dll",
                    "GetSysColor",
                    GetSysColor);

                (_getSysColorBrushHook, GetSysColorBrushOriginal) = InstallHook <GetSysColorBrushDelegate>(
                    "user32.dll",
                    "GetSysColorBrush",
                    GetSysColorBrush);
            }
            catch
            {
                // If we fail, oh well, just keep the classic-mode colors then... better than nothing
                _getSysColorHook?.Dispose();
                _getSysColorBrushHook?.Dispose();
            }
            try
            {
                (_drawThemeBackgroundHook, DrawThemeBackgroundOriginal) = InstallHook <DrawThemeBackgroundDelegate>(
                    "uxtheme.dll",
                    "DrawThemeBackground",
                    DrawThemeBackgroundHook);

                (_getThemeColorHook, GetThemeColorOriginal) = InstallHook <GetThemeColorDelegate>(
                    "uxtheme.dll",
                    "GetThemeColor",
                    GetThemeColorHook);
            }
            catch
            {
                _drawThemeBackgroundHook?.Dispose();
                _getThemeColorHook?.Dispose();
            }

            _hooksInstalled = true;
        }
コード例 #26
0
 /// <summary>
 /// This method should be called from the hook handlers. It routes transfer unit to the place of futher processing.
 /// </summary>
 /// <param name="tu"></param>
 protected void makeCallBack(TransferUnit tu)
 {
     try {
         callback_interface.dataHasBeenIntercepted(tu);
     } catch (Exception) {
         Console.WriteLine("Error in callback. Disposing hook <" + this.api_full_name.library_name + "." + this.api_full_name.api_name + ">");
         //Console.WriteLine("-----------------------------------------------------------------------");
         //Console.WriteLine(e);
         //Console.WriteLine("-----------------------------------------------------------------------");
         hook.Dispose();
     }
 }
コード例 #27
0
 public void Uninstall()
 {
     if (MessageBoxWHook != null)
     {
         MessageBoxWHook.Dispose();
         MessageBoxWHook = null;
     }
     if (MessageBoxAHook != null)
     {
         MessageBoxAHook.Dispose();
         MessageBoxAHook = null;
     }
 }
コード例 #28
0
        protected virtual void Dispose(bool disposing)
        {
            if (disposed)
            {
                return;
            }

            if (disposing)
            {
                hook.Dispose();
            }

            disposed = true;
        }
コード例 #29
0
        public void Dispose()
        {
            localHook.ThreadACL.SetInclusiveACL(new int[] { 0 });
            localHook.Dispose();
            localHook = null;

            swapChain.Dispose();
            swapChain = null;

            device.Dispose();
            device = null;

            DestroyWindow(hwnd);
            hwnd = IntPtr.Zero;
        }
コード例 #30
0
        public static void Uninstall()
        {
            _colorHook?.Dispose();
            _brushHook?.Dispose();
            _themeColorHook?.Dispose();
            _themeBrushHook?.Dispose();
            _getThemeColorHook?.Dispose();
            _messageBoxAHook?.Dispose();
            _messageBoxWHook?.Dispose();

            _openThemeDataHook?.Dispose();
            _openThemeDataExHook?.Dispose();
            _closeThemeDataHook?.Dispose();
            _drawThemeBackgroundHook?.Dispose();
            _drawThemeBackgroundExHook?.Dispose();
        }