//[UnmanagedFunctionPointer(CallingConvention.Cdecl, // CharSet = CharSet.Unicode, // SetLastError = true)] //unsafe delegate Int64 MessagePrintf_Delegate(void* a1, int ba2, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder message, int a3); //MessagePrintf_Delegate originalMethod = null; //MessagePrintf_Delegate originalMethodByPass = null; //unsafe Int64 MyMessagePrintf(void* a1, int a2, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder message, int a3) //{ // Native.MessageBeep((uint)Native.BeepType.Asterisk); // //lock (this._messageQueue) // //{ // // if (this._messageQueue.Count < 1000) // // { // // // Add message to send to FileMonitor // // this._messageQueue.Enqueue(message.ToString()); // // } // //} // _server.ReportMessage(0, "procaddress:" + message.ToString()); // return originalMethod(a1, a2, message, a3); //} #endregion unsafe IntPtr FindThePrintFunction(Native.ModuleInformation moduleInformation, byte[] signature) { byte *baseAddr = (byte *)moduleInformation.lpBaseOfDll; uint dllSize = moduleInformation.SizeOfImage; uint i = 0; for (; i < dllSize; i++) { for (int j = 0; j < (sizeof(byte) * signature.Length); j++) { if (*(baseAddr + j) != signature[j]) { break; } if (j == (sizeof(byte) * signature.Length) - 1) { return((IntPtr)baseAddr); } } baseAddr++; } _server.ReportMessage(0, "failed!!"); return(IntPtr.Zero); }
unsafe public void Run(EasyHook.RemoteHooking.IContext context, string channelName) { string s = dllpurpose; int id = EasyHook.RemoteHooking.GetCurrentProcessId(); _server.HookIsInstalled(id); EasyHook.LocalHook chatMessageFunctionHook = null; try { Native.ModuleInformation moduleInformation = new Native.ModuleInformation(); var size = Convert.ToUInt32(Marshal.SizeOf(typeof(Native.ModuleInformation))); Native.GetModuleInformation(Process.GetCurrentProcess().Handle, Native.GetModuleHandle("client.dll"), out moduleInformation, size); var pointer = FindThePrintFunction(moduleInformation, messageSignature); originalMethod = Marshal.GetDelegateForFunctionPointer <DotaChatFunction_Delegate>(pointer); chatMessageFunctionHook = EasyHook.LocalHook.Create( pointer, new DotaChatFunction_Delegate(MyDotaChatFunction), this); chatMessageFunctionHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); originalMethodByPass = Marshal.GetDelegateForFunctionPointer <DotaChatFunction_Delegate>(chatMessageFunctionHook.HookBypassAddress); _server.ReportMessage(id, "Local Hook Installation complete."); try { // Loop until FileMonitor closes (i.e. IPC fails) while (true) { System.Threading.Thread.Sleep(500); string[] queued = null; lock (_messageQueue) { queued = _messageQueue.ToArray(); _messageQueue.Clear(); } // Send newly monitored file accesses to FileMonitor if (queued != null && queued.Length > 0) { _server.ReportChatMessages(queued); } else { _server.Ping(); } } } catch (Exception ex) { // Ping() or ReportMessages() will raise an exception if host is unreachable try { _server.ReportException(ex); } catch { } } } catch (Exception ex) { _server.ReportException(ex); } finally { try { if (chatMessageFunctionHook != null) { chatMessageFunctionHook.Dispose(); } EasyHook.LocalHook.Release(); } catch (Exception ex) { _server.ReportException(ex); } } }