예제 #1
0
        static void Main(string[] args)
        {
            spyMgr = new NktSpyMgr();
            if (spyMgr.Initialize() < 0)
            {
                Console.WriteLine("ERROR: Cannot initialize Deviare engine");
                return;
            }
            spyMgr.OnCreateProcessCall += new DNktSpyMgrEvents_OnCreateProcessCallEventHandler(spyMgr_OnCreateProcessCall);
            spyMgr.OnLoadLibraryCall   += new DNktSpyMgrEvents_OnLoadLibraryCallEventHandler(spyMgr_OnLoadLibraryCall);

            KillRunningInternetExplorerInstances();

            if (LaunchAndHookInternetExplorer() == false)
            {
                Console.WriteLine("ERROR: Unable to launch Microsoft Internet Explorer");
                return;
            }

            Console.Write("Close IE or press any key to quit...");
            while (procIE.get_IsActive(100) != false)
            {
                if (Console.KeyAvailable != false)
                {
                    Console.ReadKey(true);
                    break;
                }
            }
            Console.WriteLine("");
        }
예제 #2
0
        public HookEngine(bool blockQuery)
        {
            _blockQuery = blockQuery;

            _spyMgr = new Nektra.Deviare2.NktSpyMgr();
            string asmPath = AppDomain.CurrentDomain.BaseDirectory;
            string licFullPath = asmPath + "\\license.txt";

            Console.WriteLine("--- Checking {0}...", licFullPath);

            string licKey = "";
            if (!LoadLicenseKey(licFullPath, ref licKey))
            {
                Console.WriteLine("(!) Cannot load license from file.");
            }
            else
            {
                Console.WriteLine("--- Using Deviare license file.");
                _spyMgr.LicenseKey = licKey;
            }

            Console.WriteLine("--- Setting database path to {0}", asmPath);
            _spyMgr.DatabasePath = asmPath;

            if ( System.IO.File.Exists(asmPath + "\\deviare32.db") == false
                || System.IO.File.Exists(asmPath + "\\deviare64.db") == false)
            {
                throw new DeviareDBNotFoundException();
            }
        }
예제 #3
0
 public void WorkThreadFunction()
 {
     _spyMgr            = new NktSpyMgr();
     _spyMgr.LicenseKey = Properties.Resources.License;
     _spyMgr.Initialize();
     _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
 }
예제 #4
0
파일: Program.cs 프로젝트: zelorun/Deviare2
        static void Main(string[] args)
        {
            Int32 notepadPID;

            spyMgr = new NktSpyMgr();
            if (spyMgr.Initialize() < 0)
            {
                Console.WriteLine("Cannot initialize Deviare");
                return;
            }

            notepadPID = LaunchNotepadAndGetPid();
            if (notepadPID == 0)
            {
                Console.WriteLine("Cannot launch notepad.");
                return;
            }

            //in first place, hook DllGetClassObject of the target dll/ocx
            hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
            hookDllGetClassObj.Attach(notepadPID, true);
            hookDllGetClassObj.Hook(true);
            hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;

            Console.WriteLine("Press ESCAPE key to quit...");
            while (Console.ReadKey(true).KeyChar != 27)
            {
                ;
            }
        }
예제 #5
0
        public HookEngine(bool blockQuery)
        {
            _blockQuery = blockQuery;

            _spyMgr = new Nektra.Deviare2.NktSpyMgr();
            string asmPath     = AppDomain.CurrentDomain.BaseDirectory;
            string licFullPath = asmPath + "\\license.txt";

            Console.WriteLine("--- Checking {0}...", licFullPath);

            string licKey = "";

            if (!LoadLicenseKey(licFullPath, ref licKey))
            {
                Console.WriteLine("(!) Cannot load license from file.");
            }
            else
            {
                Console.WriteLine("--- Using Deviare license file.");
                _spyMgr.LicenseKey = licKey;
            }

            Console.WriteLine("--- Setting database path to {0}", asmPath);
            _spyMgr.DatabasePath = asmPath;

            if (System.IO.File.Exists(asmPath + "\\deviare32.db") == false ||
                System.IO.File.Exists(asmPath + "\\deviare64.db") == false)
            {
                throw new DeviareDBNotFoundException();
            }
        }
예제 #6
0
 public void WorkThreadFunction()
 {
     _spyMgr = new NktSpyMgr();
     _spyMgr.LicenseKey = Properties.Resources.License;
     _spyMgr.Initialize();
     _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
 }
예제 #7
0
파일: Program.cs 프로젝트: subTee/Deviare2
        static void Main(string[] args)
        {
            Int32 notepadPID;

            spyMgr = new NktSpyMgr();
            if (spyMgr.Initialize() < 0)
            {
                Console.WriteLine("Cannot initialize Deviare");
                return;
            }

            notepadPID = LaunchNotepadAndGetPid();
            if (notepadPID == 0)
            {
                Console.WriteLine("Cannot launch notepad.");
                return;
            }

            //in first place, hook DllGetClassObject of the target dll/ocx
            hookDllGetClassObj = spyMgr.CreateHook("shell32.dll!DllGetClassObject", (int)eNktHookFlags.flgOnlyPostCall);
            hookDllGetClassObj.Attach(notepadPID, true);
            hookDllGetClassObj.Hook(true);
            hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;

            Console.WriteLine("Press ESCAPE key to quit...");
            while (Console.ReadKey(true).KeyChar != 27);
        }
        public Form1()
        {
            InitializeComponent();

            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
        }
예제 #9
0
        public Form1()
        {
            InitializeComponent();

            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
        }
        public HookingManager()
        {
            string current_directory = Directory.GetCurrentDirectory();
            this._custom_handler_path = Path.Combine(current_directory, this._custom_handler_relative_path);

            this._spyMgr = new NktSpyMgr();
            this._spyMgr.Initialize();
            this._spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(_spyMgr_OnFunctionCalled);
        }
예제 #11
0
        public SpyManager(NktSpyMgr aSpyMgr)
        {
            _manager = aSpyMgr;
            InitializeHooksByProcesses();
            _cachedDbModulesByPlatformBits = new EntityDictionary <int, int, Module[]>(platformBits => platformBits, RetrieveModulesFromDB);

            InitializeSpyManager();
            StartDeviareWorker();
        }
예제 #12
0
        public SpyManager(NktSpyMgr aSpyMgr)
        {
            _manager = aSpyMgr;
            InitializeHooksByProcesses();
            _cachedDbModulesByPlatformBits = new EntityDictionary<int, int, Module[]>(platformBits => platformBits, RetrieveModulesFromDB);

            InitializeSpyManager();
            StartDeviareWorker();
        }
예제 #13
0
 public SpyManager()
 {
     spyMgr            = new NktSpyMgr();
     lstIDs            = new List <int>();
     processTerminated = new AutoResetEvent(false);
     InitializedEvent  = new ManualResetEvent(false);
     shutdownEvent     = new ManualResetEvent(false);
     Init();
     InitializedEvent.WaitOne();
 }
예제 #14
0
        public Form1()
        {
            InitializeComponent();

            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);

            _process = _spyMgr.CreateProcess(@"C:\Program Files\Microsoft Games\Chess\Chess.exe", true, out continueevent);
        }
예제 #15
0
        public Form1()
        {
            InitializeComponent();

            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);

            _process = _spyMgr.CreateProcess(@"C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Samples\C++\Direct3D\Bin\x86\SkinnedMesh.exe", true, out continueevent);
        }
        public HookingManager()
        {
            string current_directory = Directory.GetCurrentDirectory();

            this._custom_handler_path = Path.Combine(current_directory, this._custom_handler_relative_path);

            this._spyMgr = new NktSpyMgr();
            this._spyMgr.Initialize();
            this._spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(_spyMgr_OnFunctionCalled);
        }
예제 #17
0
 public ProcessWatcher()
 {
     pWatcher = this;
     this.UI  = FormInterface.GetInstance();
     //Initialize spy manager
     spyMgr = new NktSpyMgr();
     spyMgr.Initialize();
     //Keeps all the hookmanagers with their process IDs
     hManagers = new Dictionary <int, HookManager>();
 }
예제 #18
0
 public PrintLogger()
 {
     InitializeComponent();
     _spyMgr = new NktSpyMgr();
     _spyMgr.Initialize();
     _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);
     GetProcess("spoolsv.exe");
     if (_process == null)
     {
         MessageBox.Show("Please start \"spoolsv.exe\" before!", "Error");
         Environment.Exit(0);
     }
 }
예제 #19
0
        public PrintLogger()
        {
            InitializeComponent();

            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);

            GetProcess("spoolsv.exe");
            if (_process == null)
            {
                MessageBox.Show("Please start \"spoolsv.exe\" before!", "Error");
                Environment.Exit(0);
            }
        }
예제 #20
0
        public WriteFileHooker(string proccessName)
        {
            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnWriteFileCalled);

            GetProcess(proccessName);
            if (_process == null)
            {
                //TODO: 没有监听进程时怎么办
                //Environment.Exit(0);
                throw new Exception("没找到进程" + proccessName);
            }

            NktHook hook = _spyMgr.CreateHook("Kernel32.dll!WriteFile", (int)(eNktHookFlags.flgOnlyPostCall & eNktHookFlags.flgRestrictAutoHookToSameExecutable));

            hook.Hook(true);
            hook.Attach(_process, true);

            processHandle = WinApi.OpenProcess(WinEnum.PROCESS_WM_READ | WinEnum.PROCESS_DUP_HANDLE, false, _process.Id);
        }
예제 #21
0
 public DvPrinter()
 {
     _spyMgr = new NktSpyMgr();
     _spyMgr.Initialize();
 }
예제 #22
0
 public static int GetLastErrorCode(this NktSpyMgr nktSpyMgr)
 {
     return(GetLastErrorCode());
 }