private void RTProtection_Button_Hook_Click(object sender, EventArgs e)
{
foreach (var item in RTProtection_checkedListBox_Processes.SelectedItems.OfType <ProcListBoxItem>().ToList())
{
Console.WriteLine(@"\\.\pipe\myNamedPipe" + item.ProcessId.ToString());
NamedPipeServer PServer1 = new NamedPipeServer(@"\\.\pipe\myNamedPipe" + item.ProcessId.ToString(), 0, RTProtection_notifyIcon, "basic", item.Name);
PServer1.Start();
__RtProtectionInst.WRAP_InjectBasicLib(item.ProcessId);
}
}
public void ApiMonThreadFunc()
{
while (__ApiMonThread_working)
{
Console.WriteLine("WRAP_RtProtectionDrv_NewProcMon");
bool res = __RtApiMonInst.WRAP_RtProtectionDrv_NewProcMon();
Console.WriteLine(res.ToString());
if (res)
{
int _ParentId = __RtApiMonInst.Get_ParentId();
int _ProcessId = __RtApiMonInst.Get_ProcessId();
int _Create = __RtApiMonInst.Get_Create();
if (_Create == 1)
{
Process newproc = Process.GetProcessById(_ProcessId);
Console.WriteLine(newproc.ProcessName);
Console.WriteLine(_ParentId);
Console.WriteLine(_ProcessId);
if (newproc.ProcessName != "cmd" &&
newproc.ProcessName != "powershell")
{
NamedPipeServer PServer1 =
new NamedPipeServer(
@"\\.\pipe\myNamedPipe" + _ProcessId.ToString(),
0,
ApiMon_notifyIcon,
"apimon",
newproc.ProcessName
);
PServer1.Start();
__RtApiMonInst.WRAP_InjectBasicLib(_ProcessId);
}
}
}
}
__RtApiMonInst.WRAP_RtProtectionDrv_UnloadDriver();
if (__RtApiMonInst.Get_loaded() == false)
{
ApiMonButton.Text = "ApiMon OFF";
}
}