public void Run(RemoteHooking.IContext InContext, String InChannelName) { try { // Call Host Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); LocalHook.EnableRIPRelocation(); // no idea what this does DebugAddresses(); LoadAddresses(); LoadOriginalFunctions(); hooks = new List <LocalHook>(); hooks.Add(LocalHook.Create(OutPacketInitAddress, new DOutPacketInit(form.OutPacketInitHooked), this)); hooks.Add(LocalHook.Create(EncodeByteAddress, new DEncodeByte(form.EncodeByteHooked), this)); hooks.Add(LocalHook.Create(EncodeShortAddress, new DEncodeShort(form.EncodeShortHooked), this)); hooks.Add(LocalHook.Create(EncodeIntAddress, new DEncodeInt(form.EncodeIntHooked), this)); hooks.Add(LocalHook.Create(EncodeBufferAddress, new DEncodeBuffer(form.EncodeBufferHooked), this)); hooks.Add(LocalHook.Create(EncodeStringAddress, new DEncodeString(form.EncodeStringHooked), this)); if (SendPacketAddress.ToInt32() > 0) { //hooks.Add(LocalHook.Create(SendPacketAddress, new DSendPacket(form.SendPacketHooked), this)); } hooks.Add(LocalHook.Create(DecodeByteAddress, new DDecodeByte(form.DecodeByteHooked), this)); hooks.Add(LocalHook.Create(DecodeShortAddress, new DDecodeShort(form.DecodeShortHooked), this)); hooks.Add(LocalHook.Create(DecodeIntAddress, new DDecodeInt(form.DecodeIntHooked), this)); hooks.Add(LocalHook.Create(DecodeBufferAddress, new DDecodeBuffer(form.DecodeBufferHooked), this)); hooks.Add(LocalHook.Create(DecodeStringAddress, new DDecodeString(form.DecodeStringHooked), this)); //hooks.Add(LocalHook.Create(DecryptDataAddress, new DDecryptData(form.DecryptDataHooked), this)); hooks.ForEach(hook => hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 })); Interface.WriteConsole("Initialized Hooks: " + hooks.Count); form.ShowDialog(); } catch (Exception e) { Interface.WriteConsole("ERROR: " + e); } }
public static void Run() { DMethodA MethodADelegate = new DMethodA(MethodA); DMethodB MethodBDelegate = new DMethodB(MethodB); GC.KeepAlive(MethodADelegate); GC.KeepAlive(MethodBDelegate); LHTestMethodA = Marshal.GetFunctionPointerForDelegate(MethodADelegate); LHTestMethodB = Marshal.GetFunctionPointerForDelegate(MethodBDelegate); LocalHook.EnableRIPRelocation(); // install hooks LocalHook[] MyHooks = new LocalHook[] { LocalHook.Create( LHTestMethodA, LHTestHookA, 1), LocalHook.Create( LHTestMethodB, LHTestHookB, 2), }; LHTestMethodADelegate = (DMethodA)Marshal.GetDelegateForFunctionPointer(LHTestMethodA, typeof(DMethodA)); LHTestMethodBDelegate = (DMethodB)Marshal.GetDelegateForFunctionPointer(LHTestMethodB, typeof(DMethodB)); // we want to intercept all threads... MyHooks[0].ThreadACL.SetInclusiveACL(new Int32[1]); MyHooks[1].ThreadACL.SetInclusiveACL(new Int32[1]); // LHTestMethodBDelegate.Invoke(0, 0, ""); MyHooks[0].ThreadACL.SetExclusiveACL(new Int32[1]); MyHooks[1].ThreadACL.SetExclusiveACL(new Int32[1]); // LHTestMethodBDelegate.Invoke(0, 0, ""); /* * This is just to make sure that all related objects are referenced. * At the beginning there were several objects like delegates that have * been collected during execution! The NET-Framework will produce bugchecks * in such cases... */ GC.Collect(); GC.WaitForPendingFinalizers(); GC.Collect(); IntPtr t = Marshal.GetFunctionPointerForDelegate(LHTestHookA); Int64 t1 = System.Diagnostics.Stopwatch.GetTimestamp(); for (int i = 0; i < LHTestThreadCount; i++) { new Thread(new ThreadStart(LHTestThread)).Start(); } LHTestCompleted.WaitOne(); t1 = ((System.Diagnostics.Stopwatch.GetTimestamp() - t1) * 1000) / System.Diagnostics.Stopwatch.Frequency; // verify results if ((LHTestCounterMA != LHTestCounterMAH) || (LHTestCounterMAH != LHTestCounterMB) || (LHTestCounterMB != LHTestCounterMBH) || (LHTestCounterMB != LHTestThreadCount * 10000)) { throw new Exception("LocalHook test failed."); } Console.WriteLine("Localhook test passed in {0} ms.", t1); }