//NativeHooksLoader t1clr = new NativeHooksLoader(); public Main(RemoteHooking.IContext InContext, MessageFromInjector message) { ConsolePrinter.writeMessage("Console allocated"); //AssemblyName an = AssemblyName.GetAssemblyName("z:\\HookingProjects\\APIMonitoring\\Debug\\AlmostNativeHooks.dll"); //AssemblyName an_1 = AssemblyName.GetAssemblyName("z:\\HookingProjects\\APIMonitoring\\Debug\\msvcm90d.dll"); //System.Reflection.Assembly.Load(an_1); //assembly_1=System.Reflection.Assembly.Load(an); tu_sender = new TransferUnitSender_New(message.channel_name); }
/// <summary> /// This method sets inclusive mask for thread interception if list of threads to intercept provided. /// Otherwise it sets mask to intercept all. /// </summary> /// <param name="message">Message from injector that might contain list of threads to intercept</param> private void maskThreadsToIntercept(MessageFromInjector message) { if (message.thread_ids != null) { LocalHook.GlobalThreadACL.SetInclusiveACL(message.thread_ids); } else { ConsolePrinter.writeMessage("No threads to mask"); LocalHook.GlobalThreadACL.SetExclusiveACL(new Int32[] { 0 }); } }
public void injectLibrary(Process p, int TID) { MessageFromInjector message = new MessageFromInjector(); message.channel_name = ChannelName; List <int> thread_ids = new List <int>(); foreach (ProcessThread t in p.Threads) { thread_ids.Add(t.Id); } message.thread_ids = thread_ids.ToArray(); RemoteHooking.Inject(p.Id, (Int32)TID, "APIMonInject.dll", null, message); }
private void injectLibraryAsService(Process p, string library_location) { MessageFromInjector message = new MessageFromInjector(); message.channel_name = ChannelName; List <int> thread_ids = new List <int>(); foreach (ProcessThread t in p.Threads) { thread_ids.Add(t.Id); } message.thread_ids = thread_ids.ToArray(); Console.WriteLine("Injecting through service"); RemoteHooking.ExecuteAsService <RemoteHooking>("Inject", new Object[] { p.Id, library_location, null, message }); }
///// <summary> ///// Starts process and injects library with redirection of standard input, output and error to handles provided ///// </summary> ///// <param name="what_to_start"></param> ///// <param name="command_line_parameters"></param> ///// <returns>process ID of newly created process</returns> //public Process startProcessAndInject(string what_to_start, string command_line_parameters, IntPtr stdIn, IntPtr stdOut, IntPtr stdErr) //{ // int process_id; // MessageFromInjector message = new MessageFromInjector(); // message.channel_name = ChannelName; // RemoteHooking.CreateAndInjectEx(what_to_start, command_line_parameters, getMainModuleDirectory() + "APIMonInject.dll", null, out process_id, // stdIn, stdOut, stdErr, message); // return System.Diagnostics.Process.GetProcessById(process_id); //} /// <summary> /// Starts process and injects library /// </summary> /// <param name="what_to_start"></param> /// <param name="command_line_parameters"></param> /// <returns>process ID of newly created process</returns> public Process startProcessAndInject(ProgramStartDescription tp) { int process_id; MessageFromInjector message = new MessageFromInjector(); message.channel_name = ChannelName; RemoteHooking.CreateAndInject(tp.image_path, tp.command_line, (int)AliasProcessCreationFlags.CREATE_NEW_CONSOLE, getMainModuleDirectory() + "APIMonInject.dll", null, out process_id, message); return(System.Diagnostics.Process.GetProcessById(process_id)); //Process notePad = new Process(); //notePad.StartInfo.FileName = tp.image_path; //notePad.StartInfo.Arguments = tp.command_line; //notePad.Start(); //return notePad; }
public void Run(RemoteHooking.IContext InContext, MessageFromInjector message) { //test connection tu_sender.ping(); maskThreadsToIntercept(message); //set hooks try { APIFullName[] to_intercept = tu_sender.getApiCallsToIntercept(); HashSet <string> libraries = new HashSet <string>(); foreach (APIFullName api in to_intercept) { libraries.Add(api.library_name); } foreach (string library_name in libraries) { APIMonLib.Hooks.kernel32.dll.Kernel32Support.LoadLibraryW(library_name); } HookRegistry.setHooks(to_intercept, this); //t1clr.installNativeHooks(); } catch (Exception ExtInfo) { tu_sender.sendException(new RemoteHookingException(ExtInfo)); return; } //Report ConsolePrinter.writeMessage("Hooks have been installed."); try { tu_sender.sendTextMessage("Hooks have been installed at process PID=" + RemoteHooking.GetCurrentProcessId()); } catch { } //Here any attempt to send something will actually be performed by injected .NET. So we might wait and blacklist all requests. ConsolePrinter.writeMessage(""); ConsolePrinter.writeMessage("Delay before waking the process "); int START_DELAY_S = 4; for (int hh = START_DELAY_S; hh >= 0; hh--) { ConsolePrinter.writeMessage(" " + hh); Thread.Sleep(1000); } //enable sending of transfer units ConsolePrinter.writeMessage("Enable sending of TransferUnits"); tu_sender.enableTransferUnitSend(); ConsolePrinter.writeMessage("Waking the process now..."); RemoteHooking.WakeUpProcess(); foreach (System.Diagnostics.ProcessThread thread in Process.GetCurrentProcess().Threads) { Console.WriteLine("Thread " + thread.Id + " is " + thread.ThreadState); } ConsolePrinter.writeMessage("After waking the process"); try { try { tu_sender.sendTextMessage("Inject report: Entering processing stage PID=" + RemoteHooking.GetCurrentProcessId()); tu_sender.blockUntilFinishedProcessing(); } catch (Exception ex) { tu_sender.sendException(new RemoteHookingException("Something wrong with send request processing", ex)); } } catch { ConsolePrinter.writeMessage("Problem with remote receiver."); // we can't do anything. } }