public void Run( RemoteHooking.IContext InContext, String InArg1) { try { LocalHook.BeginUpdate(false); { CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new DCreateFile(CreateFile_Hooked), this); } LocalHook.EndUpdate(); /* * Don't forget that all hooks will start deaktivated... * The following ensures that all threads are intercepted: */ CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[1]); } catch (Exception e) { /* * Now we should notice our host process about this error... */ Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e); return; } // wait for host process termination... try { while (Interface.Ping(RemoteHooking.GetCurrentProcessId())) { Thread.Sleep(500); // transmit newly monitored file accesses... if (Queue.Count > 0) { String[] Package = null; lock (Queue) { Package = Queue.ToArray(); Queue.Clear(); } Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package); } } } catch { // NET Remoting will raise an exception if host is unreachable } }
public unsafe void Run( RemoteHooking.IContext InContext, String InArg1) { try { sendHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "send"), new Dsend(send_Hooked), this); recvHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "recv"), new Drecv(recv_Hooked), this); WSASendHook = LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "WSASend"), new DWSASend(WSASend_Hooked), this); /* * Don't forget that all hooks will start deaktivated... * The following ensures that all threads are intercepted: */ sendHook.ThreadACL.SetExclusiveACL(new Int32[1]); recvHook.ThreadACL.SetExclusiveACL(new Int32[1]); WSASendHook.ThreadACL.SetExclusiveACL(new Int32[1]); } catch (Exception e) { /* * Now we should notice our host process about this error... */ Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e); return; } // wait for host process termination... try { while (Interface.Ping(RemoteHooking.GetCurrentProcessId())) { Thread.Sleep(500); // transmit newly monitored file accesses... lock (QueueSend) { if (QueueSend.Count > 0) { String[] Package = null; Package = QueueSend.ToArray(); QueueSend.Clear(); Interface.OnSend(RemoteHooking.GetCurrentProcessId(), Package); } } lock (QueueRecv) { if (QueueRecv.Count > 0) { String[] Package = null; Package = QueueRecv.ToArray(); QueueRecv.Clear(); Interface.OnRecv(RemoteHooking.GetCurrentProcessId(), Package); } } lock (QueueWSASend) { if (QueueWSASend.Count > 0) { String[] Package = null; Package = QueueWSASend.ToArray(); QueueWSASend.Clear(); Interface.OnWSASend(RemoteHooking.GetCurrentProcessId(), Package); } } } } catch { // NET Remoting will raise an exception if host is unreachable } }