public void Run( RemoteHooking.IContext InContext, String InArg1) { try { LocalHook.BeginUpdate(false); { CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new DCreateFile(CreateFile_Hooked), this); } LocalHook.EndUpdate(); /* * Don't forget that all hooks will start deaktivated... * The following ensures that all threads are intercepted: */ CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[1]); } catch (Exception e) { /* * Now we should notice our host process about this error... */ Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e); return; } // wait for host process termination... try { while (Interface.Ping(RemoteHooking.GetCurrentProcessId())) { Thread.Sleep(500); // transmit newly monitored file accesses... if (Queue.Count > 0) { String[] Package = null; lock (Queue) { Package = Queue.ToArray(); Queue.Clear(); } Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package); } } } catch { // NET Remoting will raise an exception if host is unreachable } }
public static void Run() { DMethodA MethodADelegate = new DMethodA(MethodA); DMethodB MethodBDelegate = new DMethodB(MethodB); GC.KeepAlive(MethodADelegate); GC.KeepAlive(MethodBDelegate); LHTestMethodA = Marshal.GetFunctionPointerForDelegate(MethodADelegate); LHTestMethodB = Marshal.GetFunctionPointerForDelegate(MethodBDelegate); // install hooks LocalHook[] MyHooks = new LocalHook[6]; Int32 Index = 0; LocalHook.BeginUpdate(true); { LocalHook.BeginUpdate(true); { LocalHook.BeginUpdate(true); { MyHooks[Index++] = LocalHook.Create( LHTestMethodA, LHTestHookA, Index); MyHooks[Index++] = LocalHook.Create( LHTestMethodB, LHTestHookB, Index); } LocalHook.CancelUpdate(); MyHooks[Index++] = LocalHook.Create( LHTestMethodA, LHTestHookA, Index); MyHooks[Index++] = LocalHook.Create( LHTestMethodB, LHTestHookB, Index); } LocalHook.CancelUpdate(); MyHooks[Index++] = LocalHook.Create( LHTestMethodA, LHTestHookA, Index); MyHooks[Index++] = LocalHook.Create( LHTestMethodB, LHTestHookB, Index); } LocalHook.EndUpdate(); // we want to intercept all threads... MyHooks[4].ThreadACL.SetExclusiveACL(null); MyHooks[5].ThreadACL.SetExclusiveACL(null); LHTestMethodADelegate = (DMethodA)Marshal.GetDelegateForFunctionPointer(LHTestMethodA, typeof(DMethodA)); LHTestMethodBDelegate = (DMethodB)Marshal.GetDelegateForFunctionPointer(LHTestMethodB, typeof(DMethodB)); /* * This is just to make sure that all related objects are referenced. * At the beginning there were several objects like delegates that have * been collected during execution! The NET-Framework will produce bugchecks * in such cases... */ GC.Collect(); GC.WaitForPendingFinalizers(); GC.Collect(); IntPtr t = Marshal.GetFunctionPointerForDelegate(LHTestHookA); Int64 t1 = System.Diagnostics.Stopwatch.GetTimestamp(); for (int i = 0; i < LHTestThreadCount; i++) { new Thread(new ThreadStart(LHTestThread)).Start(); } LHTestCompleted.WaitOne(); t1 = ((System.Diagnostics.Stopwatch.GetTimestamp() - t1) * 1000) / System.Diagnostics.Stopwatch.Frequency; // verify results if ((LHTestCounterMA != LHTestCounterMAH) || (LHTestCounterMAH != LHTestCounterMB) || (LHTestCounterMB != LHTestCounterMBH) || (LHTestCounterMB != LHTestThreadCount * 10000)) { throw new Exception("LocalHook test failed."); } Console.WriteLine("Localhook test passed in {0} ms.", t1); }
public void Run( RemoteHooking.IContext InContext, String InChannelName) { // install hook... try { LocalHook.BeginUpdate(true); CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new DCreateFile(CreateFile_Hooked), this); LocalHook.EndUpdate(); CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); } catch (Exception ExtInfo) { Interface.ReportException(ExtInfo); return; } Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); RemoteHooking.WakeUpProcess(); // wait for host process termination... try { while (true) { Thread.Sleep(500); // transmit newly monitored file accesses... if (Queue.Count > 0) { String[] Package = null; lock (Queue) { Package = Queue.ToArray(); Queue.Clear(); } Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package); } else { Interface.Ping(); } } } catch { // Ping() will raise an exception if host is unreachable } }