예제 #1
0
        private bool ProcessSendTo(FunctionWrapper f)
        {
            Core.ProcessFunctions.sendto fSendto = new Core.ProcessFunctions.sendto(f);
            byte[] buffer = fSendto.GetBuffer();

            DynamicFileByteProvider dynamicFileByteProvider;

            mStream = new MemoryStream();
            mStream.Write(buffer, 0, buffer.Length);
            mStream.Seek(0, SeekOrigin.Begin);
            dynamicFileByteProvider = new DynamicFileByteProvider(mStream);
            hexBox.Invoke(new MethodInvoker(delegate
            {
                hexBox.ByteProvider = dynamicFileByteProvider;
            }));
            Search(0);

            return(true);
        }
예제 #2
0
        /// <summary>
        /// Se encarga de forwardear una funcion cuando no se está interceptando. Tambien aplica los filtros de match and replace
        /// </summary>
        private void AutoForwardFunction()
        {
            /* Prepares the function to apply 'matchs and replaces' */

            if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Send".ToLower())
            {
                Core.ProcessFunctions.send s = new Core.ProcessFunctions.send(Program.data.currentFunction);
                byte[] sendBuffer            = s.GetBuffer();

                if (sendBuffer != null && sendBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.send.PrepareFunction(Program.data.currentFunction, sendBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Recv".ToLower())
            {
                Core.ProcessFunctions.recv r = new Core.ProcessFunctions.recv(Program.data.currentFunction);
                byte[] recvBuffer            = r.GetBuffer();

                if (recvBuffer != null && recvBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!SendTo".ToLower())
            {
                Core.ProcessFunctions.sendto st = new Core.ProcessFunctions.sendto(Program.data.currentFunction);
                byte[] sendToBuffer             = st.GetBuffer();

                if (sendToBuffer != null && sendToBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, sendToBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!RecvFrom".ToLower())
            {
                Core.ProcessFunctions.recvfrom rf = new Core.ProcessFunctions.recvfrom(Program.data.currentFunction);
                byte[] recvFromBuffer             = rf.GetBuffer();

                if (recvFromBuffer != null && recvFromBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvFromBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASend".ToLower())
            {
                Core.ProcessFunctions.WSAsend wsas = new Core.ProcessFunctions.WSAsend(Program.data.currentFunction);
                byte[] wsasBuffer = wsas.GetBuffer();

                if (wsasBuffer != null && wsasBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.WSAsend.PrepareFunction(Program.data.currentFunction, wsasBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASendTo".ToLower())
            {
                Core.ProcessFunctions.WSAsendto wsast = new Core.ProcessFunctions.WSAsendto(Program.data.currentFunction);
                byte[] wsasendToBuffer = wsast.GetBuffer();

                if (wsasendToBuffer != null && wsasendToBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, wsasendToBuffer);
                }
            }

            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecv".ToLower())
            {
                Core.ProcessFunctions.WSArecv wsar = new Core.ProcessFunctions.WSArecv(Program.data.currentFunction);
                byte[] wsarBuffer = wsar.GetBuffer();

                if (wsarBuffer != null && wsarBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, wsarBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!EncryptMessage".ToLower())
            {
                Core.ProcessFunctions.EncryptMessage encMessage = new Core.ProcessFunctions.EncryptMessage(Program.data.currentFunction);
                byte[] encMessageBuffer = encMessage.GetBuffer();

                if (encMessageBuffer != null && encMessageBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, encMessageBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!DecryptMessage".ToLower())
            {
                Core.ProcessFunctions.DecryptMessage decMessage = new Core.ProcessFunctions.DecryptMessage(Program.data.currentFunction);
                byte[] decMessageBuffer = decMessage.GetBuffer();

                if (decMessageBuffer != null && decMessageBuffer.Length > 0)
                {
                    Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, decMessageBuffer);
                }
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecvFrom".ToLower())
            {
                throw new Exception("not implemented");
            }
            else
            {
                throw new Exception("Unknow handler");
            }

            Program.data.currentFunction.status = wrappers.FunctionWrapper.Status.Forwarded;
            //Program.data.AceptingNewFunctions = true;
        }
예제 #3
0
파일: FormMain.cs 프로젝트: CaineQT/hookme
        /// <summary>
        /// Se encarga de forwardear una funcion cuando no se está interceptando. Tambien aplica los filtros de match and replace
        /// </summary>
        private void AutoForwardFunction()
        {
            /* Prepares the function to apply 'matchs and replaces' */

            if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Send".ToLower())
            {
                Core.ProcessFunctions.send s = new Core.ProcessFunctions.send(Program.data.currentFunction);
                byte[] sendBuffer = s.GetBuffer();

                if (sendBuffer != null && sendBuffer.Length > 0)
                    Program.data.currentFunction = Core.ProcessFunctions.send.PrepareFunction(Program.data.currentFunction, sendBuffer);
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Recv".ToLower())
            {
                Core.ProcessFunctions.recv r = new Core.ProcessFunctions.recv(Program.data.currentFunction);
                byte[] recvBuffer = r.GetBuffer();

                if (recvBuffer != null && recvBuffer.Length>0)
                    Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvBuffer);
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!SendTo".ToLower())
            {
                Core.ProcessFunctions.sendto st = new Core.ProcessFunctions.sendto(Program.data.currentFunction);
                byte[] sendToBuffer = st.GetBuffer();

                if (sendToBuffer != null && sendToBuffer.Length > 0)
                    Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, sendToBuffer);
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!RecvFrom".ToLower())
            {
                Core.ProcessFunctions.recvfrom rf = new Core.ProcessFunctions.recvfrom(Program.data.currentFunction);
                byte[] recvFromBuffer = rf.GetBuffer();

                if (recvFromBuffer != null && recvFromBuffer.Length > 0)
                    Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvFromBuffer);                
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASend".ToLower())
            {

                Core.ProcessFunctions.WSAsend wsas = new Core.ProcessFunctions.WSAsend(Program.data.currentFunction);
                byte[] wsasBuffer = wsas.GetBuffer();

                if (wsasBuffer != null && wsasBuffer.Length > 0)
                    Program.data.currentFunction = Core.ProcessFunctions.WSAsend.PrepareFunction(Program.data.currentFunction, wsasBuffer); 
            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASendTo".ToLower())
                throw new Exception("not implemented");
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecv".ToLower())
            {

                Core.ProcessFunctions.WSArecv wsar = new Core.ProcessFunctions.WSArecv(Program.data.currentFunction);
                byte[] wsarBuffer = wsar.GetBuffer();

                if (wsarBuffer != null && wsarBuffer.Length > 0)
                    Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, wsarBuffer);

            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!EncryptMessage".ToLower())
            {

                Core.ProcessFunctions.EncryptMessage encMessage = new Core.ProcessFunctions.EncryptMessage(Program.data.currentFunction);
                byte[] encMessageBuffer = encMessage.GetBuffer();

                if (encMessageBuffer != null && encMessageBuffer.Length > 0)
                    Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, encMessageBuffer);

            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!DecryptMessage".ToLower())
            {

                Core.ProcessFunctions.DecryptMessage decMessage = new Core.ProcessFunctions.DecryptMessage(Program.data.currentFunction);
                byte[] decMessageBuffer = decMessage.GetBuffer();

                if (decMessageBuffer != null && decMessageBuffer.Length > 0)
                    Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, decMessageBuffer);

            }
            else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecvFrom".ToLower())
                throw new Exception("not implemented");
            else
                throw new Exception("Unknow handler");

            Program.data.currentFunction.status = wrappers.FunctionWrapper.Status.Forwarded;
            //Program.data.AceptingNewFunctions = true;
        }
예제 #4
0
파일: FormMain.cs 프로젝트: CaineQT/hookme
        private bool ProcessSendTo(FunctionWrapper f)
        {
            Core.ProcessFunctions.sendto fSendto = new Core.ProcessFunctions.sendto(f);
            byte[] buffer = fSendto.GetBuffer();

            DynamicFileByteProvider dynamicFileByteProvider;
            mStream = new MemoryStream();
            mStream.Write(buffer, 0, buffer.Length);
            mStream.Seek(0, SeekOrigin.Begin);
            dynamicFileByteProvider = new DynamicFileByteProvider(mStream);
            hexBox.Invoke(new MethodInvoker(delegate
            {
                hexBox.ByteProvider = dynamicFileByteProvider;
            }));
            Search(0);

            return true;
        }