コード例 #1
0
 private void StubForm_FormClosing(object sender, FormClosingEventArgs e)
 {
     if (!ProcessWatch.CloseTarget(false))
     {
         e.Cancel = true;
     }
 }
コード例 #2
0
 private void BtnRefreshDomains_Click(object sender, EventArgs e)
 {
     if (VanguardCore.vanguardConnected)
     {
         ProcessWatch.UpdateDomains();
     }
 }
コード例 #3
0
        private void btnRehook_Click(object sender, EventArgs e)
        {
            string currentTarget = S.GET <StubForm>().tbAutoAttach.Text;

            try
            {
                ProcessWatch.CloseTarget();

                Thread.Sleep(2000); //Give the process 2 seconds

                var     inProcesses   = Process.GetProcesses();
                var     listProcesses = new List <Process>(inProcesses);
                Process p             = listProcesses.FirstOrDefault(it => it.ProcessName == currentTarget);

                //fetch new process here

                if (p == null)
                {
                    return;
                }

                //re-hook
                ProcessWatch.LoadTarget(p);
            }
            catch (Exception ex)
            {
                MessageBox.Show($"Failed to Re-hook process {currentTarget}\n\n{ex}");
            }
        }
コード例 #4
0
 private void BtnReleaseTarget_Click(object sender, EventArgs e)
 {
     if (!ProcessWatch.CloseTarget())
     {
         return;
     }
     DisableTargetInterface();
 }
コード例 #5
0
        private void BtnTargetSettings_MouseDown(object sender, MouseEventArgs e)
        {
            if (e.Button == MouseButtons.Left)
            {
                Control c      = (Control)sender;
                Point   locate = new Point(c.Location.X + e.Location.X, ((Control)sender).Location.Y + e.Location.Y);

                ContextMenuStrip columnsMenu = new ContextMenuStrip();

                ((ToolStripMenuItem)columnsMenu.Items.Add("Use AutoHook", null, (ob, ev) =>
                {
                    ProcessWatch.AutoHookTimer.Enabled = !ProcessWatch.AutoHookTimer.Enabled;
                    tbAutoAttach.Enabled = ProcessWatch.AutoHookTimer.Enabled;
                })).Checked = ProcessWatch.AutoHookTimer.Enabled;

                ((ToolStripMenuItem)columnsMenu.Items.Add("Use Filtering", null, (ob, ev) =>
                {
                    ProcessWatch.UseFiltering = !ProcessWatch.UseFiltering;
                    Params.SetParam("USEFILTERING", ProcessWatch.UseFiltering.ToString());

                    if (VanguardCore.vanguardConnected)
                    {
                        ProcessWatch.UpdateDomains();
                    }
                })).Checked = ProcessWatch.UseFiltering;

                /*
                 * ((ToolStripMenuItem)columnsMenu.Items.Add("Use Exception Handler Override", null, (ob, ev) =>
                 * {
                 *
                 *  ProcessWatch.UseExceptionHandler = !ProcessWatch.UseExceptionHandler;
                 *  Params.SetParam("USEEXCEPTIONHANDLER", ProcessWatch.UseExceptionHandler.ToString());
                 *
                 *
                 * })).Checked = ProcessWatch.UseExceptionHandler;
                 */
                ((ToolStripMenuItem)columnsMenu.Items.Add("Use Blacklist", null, (ob, ev) =>
                {
                    ProcessWatch.UseBlacklist = !ProcessWatch.UseBlacklist;
                    Params.SetParam("USEBLACKLIST", ProcessWatch.UseBlacklist.ToString());
                })).Checked = ProcessWatch.UseBlacklist;
                ((ToolStripMenuItem)columnsMenu.Items.Add("Suspend Process on Corrupt", null, (ob, ev) =>
                {
                    ProcessWatch.SuspendProcess = !ProcessWatch.SuspendProcess;
                    Params.SetParam("SUSPENDPROCESS", ProcessWatch.SuspendProcess.ToString());
                })).Checked = ProcessWatch.SuspendProcess;

                columnsMenu.Items.Add(new ToolStripSeparator());
                columnsMenu.Items.Add("Select Memory Protection Modes to Corrupt", null, (ob, ev) =>
                {
                    S.GET <MemoryProtectionSelector>().ShowDialog();
                });

                columnsMenu.Show(this, locate);
            }
        }
コード例 #6
0
        private void StubForm_Load(object sender, EventArgs e)
        {
            Colors.SetRTCColor(Color.FromArgb(149, 120, 161), this);

            tbFilterText.DeselectAll();
            tbAutoAttach.DeselectAll();
            Focus();

            ProcessWatch.Start();
        }
コード例 #7
0
        private void BtnBrowseTarget_Click(object sender, EventArgs e)
        {
            if (!ProcessWatch.LoadTarget())
            {
                return;
            }

            if (!VanguardCore.vanguardConnected)
            {
                VanguardCore.Start();
            }

            EnableTargetInterface();
        }
コード例 #8
0
        private void HookProcessForm_Load(object sender, EventArgs e)
        {
            Colors.SetRTCColor(Color.FromArgb(149, 120, 161), this);
            lvProcesses.Columns.Add("Process", lvProcesses.Width - 20);

            var inProcesses = Process.GetProcesses();

            lvProcesses.SmallImageList = ProcessWatch.ProcessIcons;
            lvProcesses.HeaderStyle    = ColumnHeaderStyle.None;

            Bitmap emptybmp = new Bitmap(32, 32);

            using (Graphics gr = Graphics.FromImage(emptybmp))
            {
                gr.Clear(Color.Transparent);
            }

            foreach (var process in inProcesses.OrderBy(it => $"{it.ProcessName}:{it.Id}"))
            {
                try
                {
                    if (!ProcessWatch.IsExecutableNameBlacklisted(process.ProcessName))
                    {
                        if (!ProcessWatch.ProcessIcons.Images.ContainsKey(process.ProcessName))
                        {
                            var icon = process.GetIcon();
                            if (icon == null)
                            {
                                ProcessWatch.ProcessIcons.Images.Add(process.ProcessName, emptybmp);
                            }
                            else
                            {
                                ProcessWatch.ProcessIcons.Images.Add(process.ProcessName, icon);
                            }
                        }

                        lvProcesses.Items.Add(new ListViewItem($"{process.ProcessName} : {process.Id}", process.ProcessName)
                        {
                            Tag = process
                        });
                    }
                }
                catch (Win32Exception ex)
                {
                    var name = process?.ProcessName ?? "UNKNOWN";
                    Console.WriteLine($"Couldn't access process {name}. Error {ex.Message}");
                }
            }
        }
コード例 #9
0
        public void EnableTargetInterface()
        {
            var diff = lbTarget.Location.X - btnBrowseTarget.Location.X;

            originalLbTargetLocation = lbTarget.Location;
            lbTarget.Location        = btnBrowseTarget.Location;
            lbTarget.Visible         = true;

            btnBrowseTarget.Visible   = false;
            originalLbTargetSize      = lbTarget.Size;
            lbTarget.Size             = new Size(lbTarget.Size.Width + diff, lbTarget.Size.Height);
            btnUnloadTarget.Visible   = true;
            btnRefreshDomains.Visible = true;

            ProcessWatch.EnableInterface();
        }
コード例 #10
0
        private void MemoryProtectionSelector_Closing(object sender, FormClosingEventArgs e)
        {
            if (!tablePanel.Controls.Cast <CheckBox>().Any(item => item.Checked))
            {
                e.Cancel = true;
                MessageBox.Show("Select at least one type of memory protection");
                return;
            }

            ProcessExtensions.MemProtection a = ProcessExtensions.MemProtection.Memory_ZeroAccess;
            foreach (CheckBox cb in tablePanel.Controls.Cast <CheckBox>().Where(item => item.Checked))
            {
                a = a | (ProcessExtensions.MemProtection)Enum.Parse(typeof(ProcessExtensions.MemProtection), cb.Text);
            }

            ProcessWatch.ProtectMode = a;
            Params.SetParam("PROTECTIONMODE", ((uint)a).ToString());
            ProcessWatch.UpdateDomains();
        }
コード例 #11
0
        private void btnSendList_Click(object sender, EventArgs e)
        {
            if (lvProcesses.SelectedItems.Count == 0)
            {
                MessageBox.Show("There's no process selected");
                return;
            }

            RequestedProcess = (Process)lvProcesses.SelectedItems[0].Tag;
            var name = RequestedProcess?.ProcessName ?? "UNKNOWN";

            try
            {
                if (RequestedProcess?.HasExited ?? true)
                {
                    MessageBox.Show($"Couldn't access process {name}. The process has already exited");
                    RequestedProcess = null;
                    DialogResult     = DialogResult.Abort;
                    Close();
                }

                if (ProcessWatch.IsProcessBlacklisted(RequestedProcess))
                {
                    MessageBox.Show($"Couldn't access process {name}. The process is blacklisted!");
                    RequestedProcess = null;
                    DialogResult     = DialogResult.Abort;
                    Close();
                }
            }
            catch (Win32Exception ex)
            {
                MessageBox.Show($"Couldn't access process {name}. Error {ex.Message}");
                RequestedProcess = null;
                DialogResult     = DialogResult.Abort;
                Close();
            }

            DialogResult = DialogResult.OK;
            Close();
        }