Exemplo n.º 1
0
        public Main(RemoteHooking.IContext InContext, ProcessDto procDto, SystemState state, string InChannelName)
        {
            try
            {
                _functions = new List<FunctionInjected>();

                switch (state)
                {
                    case SystemState.Scanning:
                        _behaviorWrapper = RemoteHooking.IpcConnectClient<BehaviorsWrapper<FunctionBehaviorForXml>>(InChannelName);
                        break;
                    case SystemState.Locking:
                        _behaviorWrapper = RemoteHooking.IpcConnectClient<BehaviorsWrapper<FunctionBehaviorForNLog>>(InChannelName);
                        break;
                }

                foreach (var functionBehavior in _behaviorWrapper.Functions)
                {
                    _functions.Add(functionBehavior.CreateAttachedTypeOfFunctionInjected(procDto));
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.Message, procDto.ProcName);
            }
        }
        private void Intersept(ProcessDto processDto, SystemState state)
        {
            try
            {
                switch (state)
                {
                    case SystemState.Scanning:
                        RemoteHooking.IpcCreateServer<BehaviorsWrapper<FunctionBehaviorForXml>>(ref ChannelName, WellKnownObjectMode.SingleCall, WellKnownSidType.WorldSid);
                        break;
                    case SystemState.Locking:
                        RemoteHooking.IpcCreateServer<BehaviorsWrapper<FunctionBehaviorForNLog>>(ref ChannelName, WellKnownObjectMode.SingleCall, WellKnownSidType.WorldSid);
                        break;
                }

                var str = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "LibraryInjected.dll");

                RemoteHooking.Inject(processDto.ProcId, str, str, (object)processDto, (object)state, (object)ChannelName);
                Logger.Info($"Injected to process {processDto.ProcId}", processDto.ProcName);

            }
            catch (Exception ex)
            {
                Logger.Error($"There was an error while connecting to target:\r\n{(object) ex.ToString()}", processDto.ProcName);
            }
        }
 public InterseptDll(SystemState state, ProcessDto processDto)
 {
     if (processDto.ProcId == -1)
     {
         Logger.Error("No process exists with that name!", processDto.ProcName);
         return;
     }
     Intersept(processDto, state);
 }
        public DeleteFileFunctionInjected(FunctionBehavior behavior, ProcessDto processDto)
        {
            _behavior = behavior;

            _processDto = processDto;

            _hook = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "DeleteFileW"), new DDeleteFile(DeleteFile_Hooked), this);

            _hook.ThreadACL.SetExclusiveACL(new int[0]);
        }
        public static void CreateNewInjectProcess(SystemState state, ProcessDto processDto)
        {
            if (ChildDomains.ContainsKey(processDto.ProcName))
            {
                AppDomain.Unload(ChildDomains[processDto.ProcName]);
                ChildDomains.Remove(processDto.ProcName);
            }
            ChildDomains.Add(processDto.ProcName, AppDomain.CreateDomain(processDto.ProcName));

            ChildDomains[processDto.ProcName].CreateInstanceFromAndUnwrap(AppDomain.CurrentDomain.BaseDirectory + "InterceptedModule.dll", "InterceptedModule.InterseptDll", false, BindingFlags.CreateInstance, null, new[] {(object) state, (object) processDto}, CultureInfo.InvariantCulture, null);
        }
        public static FunctionInjected CreateAttachedTypeOfFunctionInjected(this FunctionBehavior functionBehavior, ProcessDto processDto)
        {
            FunctionInjected result = null;

            var attributes = functionBehavior.GetType().GetCustomAttributes<AttachedTypeAttribute>(false).ToArray();

            if (attributes.Any(x => x.TypeMustCreate.IsSubclassOf(typeof (FunctionInjected))))
            {
                result = (FunctionInjected)Activator.CreateInstance(attributes.First().TypeMustCreate, functionBehavior, processDto);
            }

            return result;
        }
Exemplo n.º 7
0
        public void Run(RemoteHooking.IContext InContext, ProcessDto procDto, SystemState state, string InChannelName)
        {
            try
            {
                RemoteHooking.WakeUpProcess();

                while (true)
                {

                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.Message, procDto.ProcName);
            }
        }