public void SpawnTrinket(IProcess targetProcess, TrinketSpawnConfiguration trinketSpawnConfiguration) { var components = new List<TrinketComponent>(); if (trinketSpawnConfiguration.IsDebugEnabled) { components.Add(new DebugComponent()); } if (trinketSpawnConfiguration.IsFileSystemHookingEnabled) { components.Add(new FilesystemComponent(trinketSpawnConfiguration.IsFileSystemOverridingEnabled)); } if (trinketSpawnConfiguration.Name != null) { components.Add(new NameComponent(trinketSpawnConfiguration.Name)); } if (trinketSpawnConfiguration.IsLoggingEnabled) { components.Add(new VerboseLoggerComponent()); } if (trinketSpawnConfiguration.IsCommandingEnabled) { components.Add(new CommandListComponent(trinketSpawnConfiguration.CommandList)); } if (trinketSpawnConfiguration.IsProcessSuspensionEnabled) { components.Add(new ProcessSuspensionComponent(trinketSpawnConfiguration.SuspendedProcessNames)); } var targetProcessId = targetProcess.Id; var startupConfiguration = new TrinketStartupConfigurationImpl(targetProcessId, components); using (var ms = streamFactory.CreateMemoryStream()) { pofSerializer.Serialize(ms.Writer, startupConfiguration); exeggutorService.SpawnHatchling( kTrinketEggName, new SpawnConfiguration { Arguments = ms.ToArray(), InstanceName = kTrinketEggName + "_" + targetProcessId, StartFlags = HatchlingStartFlags.StartAsynchronously }); } }
public void SpawnTrinket(IProcess targetProcess, TrinketSpawnConfiguration trinketSpawnConfiguration) { var components = new List <TrinketComponent>(); if (trinketSpawnConfiguration.IsDebugEnabled) { components.Add(new DebugComponent()); } if (trinketSpawnConfiguration.IsFileSystemHookingEnabled) { components.Add(new FilesystemComponent(trinketSpawnConfiguration.IsFileSystemOverridingEnabled)); } if (trinketSpawnConfiguration.Name != null) { components.Add(new NameComponent(trinketSpawnConfiguration.Name)); } if (trinketSpawnConfiguration.IsLoggingEnabled) { components.Add(new VerboseLoggerComponent()); } if (trinketSpawnConfiguration.IsCommandingEnabled) { components.Add(new CommandListComponent(trinketSpawnConfiguration.CommandList)); } if (trinketSpawnConfiguration.IsProcessSuspensionEnabled) { components.Add(new ProcessSuspensionComponent(trinketSpawnConfiguration.SuspendedProcessNames)); } var targetProcessId = targetProcess.Id; var startupConfiguration = new TrinketStartupConfigurationImpl(targetProcessId, components); using (var ms = streamFactory.CreateMemoryStream()) { pofSerializer.Serialize(ms.Writer, startupConfiguration); exeggutorService.SpawnHatchling( kTrinketEggName, new SpawnConfiguration { Arguments = ms.ToArray(), InstanceName = kTrinketEggName + "_" + targetProcessId, StartFlags = HatchlingStartFlags.StartAsynchronously }); } }