public HookInjection( RemoteHooking.IContext InContext, String InChannelName, String entryPoint, String dll, String returnType, String scriptBlock, String modulePath, String additionalCode, bool eventLog) { Log("Opening hook interface channel...", eventLog); Interface = RemoteHooking.IpcConnectClient <HookInterface>(InChannelName); try { Runspace = RunspaceFactory.CreateRunspace(); Runspace.Open(); //Runspace.SessionStateProxy.SetVariable("HookInterface", Interface); } catch (Exception ex) { Log("Failed to open PowerShell runspace." + ex.Message, eventLog); Interface.ReportError(RemoteHooking.GetCurrentProcessId(), ex); } }
public HookInjection( RemoteHooking.IContext InContext, String InChannelName, String entryPoint, String dll, String returnType, String scriptBlock, String modulePath, String additionalCode, bool eventLog) { Log("Opening hook interface channel...", eventLog); Interface = RemoteHooking.IpcConnectClient<HookInterface>(InChannelName); try { Runspace = RunspaceFactory.CreateRunspace(); Runspace.Open(); //Runspace.SessionStateProxy.SetVariable("HookInterface", Interface); } catch (Exception ex) { Log("Failed to open PowerShell runspace." + ex.Message, eventLog); Interface.ReportError(RemoteHooking.GetCurrentProcessId(), ex); } }
public void Run( RemoteHooking.IContext InContext, String channelName, String entryPoint, String dll, String returnType, String scriptBlock, String modulePath, String additionalCode, bool eventLog) { try { Log(String.Format("Executing Set-Hook -Local -EntryPoint '{0}' -Dll '{1}' -ReturnType '{2}' -ScriptBlock '{3}' ", entryPoint, dll, returnType, scriptBlock), eventLog); using (var ps = PowerShell.Create()) { ps.Runspace = Runspace; ps.AddCommand("Import-Module"); ps.AddArgument(modulePath); ps.Invoke(); ps.Commands.Clear(); ps.AddCommand("Set-Hook"); ps.AddParameter("EntryPoint", entryPoint); ps.AddParameter("Dll", dll); ps.AddParameter("ReturnType", returnType); ps.AddParameter("AdditionalCode", additionalCode); var sb = ScriptBlock.Create(scriptBlock); ps.AddParameter("ScriptBlock", sb); ps.Invoke(); foreach (var record in ps.Streams.Error) { Log("Caught exception " + record.Exception.Message, eventLog); } } RemoteHooking.WakeUpProcess(); new System.Threading.ManualResetEvent(false).WaitOne(); } catch (Exception e) { Log("Caught exception " + e.Message, eventLog); try { Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e); } catch { } return; } }