예제 #1
0
        public void Run(
            RemoteHooking.IContext InContext,
            String InArg1)
        {
            try
            {
                LocalHook.BeginUpdate(false);
                {
                    CreateFileHook = LocalHook.Create(
                        LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
                        new DCreateFile(CreateFile_Hooked),
                        this);
                }
                LocalHook.EndUpdate();

                /*
                 * Don't forget that all hooks will start deaktivated...
                 * The following ensures that all threads are intercepted:
                 */
                CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[1]);
            }
            catch (Exception e)
            {
                /*
                 *  Now we should notice our host process about this error...
                 */
                Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e);

                return;
            }


            // wait for host process termination...
            try
            {
                while (Interface.Ping(RemoteHooking.GetCurrentProcessId()))
                {
                    Thread.Sleep(500);

                    // transmit newly monitored file accesses...
                    if (Queue.Count > 0)
                    {
                        String[] Package = null;

                        lock (Queue)
                        {
                            Package = Queue.ToArray();

                            Queue.Clear();
                        }

                        Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
                    }
                }
            }
            catch
            {
                // NET Remoting will raise an exception if host is unreachable
            }
        }
예제 #2
0
        public unsafe void Run(
            RemoteHooking.IContext InContext,
            String InArg1)
        {
            try
            {
                sendHook = LocalHook.Create(
                    LocalHook.GetProcAddress("ws2_32.dll", "send"),
                    new Dsend(send_Hooked),
                    this);

                recvHook = LocalHook.Create(
                    LocalHook.GetProcAddress("ws2_32.dll", "recv"),
                    new Drecv(recv_Hooked),
                    this);

                WSASendHook = LocalHook.Create(
                    LocalHook.GetProcAddress("ws2_32.dll", "WSASend"),
                    new DWSASend(WSASend_Hooked),
                    this);

                /*
                 * Don't forget that all hooks will start deaktivated...
                 * The following ensures that all threads are intercepted:
                 */
                sendHook.ThreadACL.SetExclusiveACL(new Int32[1]);
                recvHook.ThreadACL.SetExclusiveACL(new Int32[1]);
                WSASendHook.ThreadACL.SetExclusiveACL(new Int32[1]);
            }
            catch (Exception e)
            {
                /*
                 *  Now we should notice our host process about this error...
                 */
                Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e);

                return;
            }


            // wait for host process termination...
            try
            {
                while (Interface.Ping(RemoteHooking.GetCurrentProcessId()))
                {
                    Thread.Sleep(500);

                    // transmit newly monitored file accesses...
                    lock (QueueSend)
                    {
                        if (QueueSend.Count > 0)
                        {
                            String[] Package = null;

                            Package = QueueSend.ToArray();

                            QueueSend.Clear();

                            Interface.OnSend(RemoteHooking.GetCurrentProcessId(), Package);
                        }
                    }

                    lock (QueueRecv)
                    {
                        if (QueueRecv.Count > 0)
                        {
                            String[] Package = null;

                            Package = QueueRecv.ToArray();

                            QueueRecv.Clear();

                            Interface.OnRecv(RemoteHooking.GetCurrentProcessId(), Package);
                        }
                    }

                    lock (QueueWSASend)
                    {
                        if (QueueWSASend.Count > 0)
                        {
                            String[] Package = null;
                            Package = QueueWSASend.ToArray();
                            QueueWSASend.Clear();
                            Interface.OnWSASend(RemoteHooking.GetCurrentProcessId(), Package);
                        }
                    }
                }
            }
            catch
            {
                // NET Remoting will raise an exception if host is unreachable
            }
        }