예제 #1
0
        private void btnProcess_Click(object sender, EventArgs e)
        {
            openFileDialog1 = new OpenFileDialog();
            openFileDialog1.ShowDialog();

            _process = _spyMgr.CreateProcess(openFileDialog1.FileName, checkSuspended.Checked, out ContinueEvent);
        }
예제 #2
0
        public Form1()
        {
            InitializeComponent();

            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);

            _process = _spyMgr.CreateProcess(@"C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Samples\C++\Direct3D\Bin\x86\SkinnedMesh.exe", true, out continueevent);
        }
예제 #3
0
        public Form1()
        {
            InitializeComponent();

            _spyMgr = new NktSpyMgr();
            _spyMgr.Initialize();
            _spyMgr.OnFunctionCalled += new DNktSpyMgrEvents_OnFunctionCalledEventHandler(OnFunctionCalled);

            _process = _spyMgr.CreateProcess(@"C:\Program Files\Microsoft Games\Chess\Chess.exe", true, out continueevent);
        }
예제 #4
0
        private static bool LaunchAndHookInternetExplorer()
        {
            object continueEvent;
            string sExeName;

            sExeName = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles);
            sExeName = "\"" + sExeName + "\\Internet Explorer\\iexplore.exe\" http://www.google.com";
            procIE   = spyMgr.CreateProcess(sExeName, true, out continueEvent);
            if (procIE == null)
            {
                return(false);
            }

            spyMgr.LoadAgent(procIE);

            spyMgr.ResumeProcess(procIE, continueEvent);
            return(true);
        }
예제 #5
0
        public void Start(ProcessToBeHookedOnStart aProcess, Action <IRunningProcess> onBeforeProcessStarts)
        {
            object continueEvent;
            var    newSuspendedProcess = _manager.CreateProcess(aProcess.Path, true, out continueEvent);

            var processWasCreatedSuccessfully = newSuspendedProcess != null && Convert.ToUInt64(continueEvent.ToString()) != 0;

            if (!processWasCreatedSuccessfully)
            {
                return;
            }

            var processToBeRun = CreateConsoleProcessFrom(newSuspendedProcess);

            onBeforeProcessStarts(processToBeRun);

            _manager.ResumeProcess(newSuspendedProcess, continueEvent);
        }
예제 #6
0
        public List <APIUnit> InterceptAPIs(string path, int durationSeconds)
        {
            Begin();
            object     o;
            NktProcess nktProcess = spyMgr.CreateProcess(path, true, out o);

            if (nktProcess != null)
            {
                lstIDs.Add(nktProcess.Id);
                HookManager.Modules.Add(nktProcess.Name.ToUpper());
                hookCollection.Attach(nktProcess, true);
                spyMgr.OnProcessStarted    += spyMgr_OnProcessStarted;
                spyMgr.OnProcessTerminated += spyMgr_OnProcessTerminated;
                spyMgr.ResumeProcess(nktProcess, o);
                EndAfter(durationSeconds);
                spyMgr.OnProcessStarted    -= spyMgr_OnProcessStarted;
                spyMgr.OnProcessTerminated -= spyMgr_OnProcessTerminated;
            }
            return(HookManager.Reports.ToList());
        }