public void Run(RemoteHooking.IContext InContext, string serverName)
{
try
{
myClientInstance.SendCommand(Command.ClientVersion, myDateStamp);
myCloseSocketHook = LocalHook.Create(LocalHook.GetProcAddress("WSOCK32.dll", "closesocket"), myCloseSocketDelegate, null);
mySocketHook = LocalHook.Create(LocalHook.GetProcAddress("WSOCK32.dll", "socket"), mySocketDelegate, null);
myCloseSocketHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
mySocketHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
IntPtr functionPtr = Marshal.GetFunctionPointerForDelegate(myRecvDelegate);
myClientInstance.SendCommand(Command.FunctionPointer, functionPtr.ToInt32(), 0);
functionPtr = Marshal.GetFunctionPointerForDelegate(mySendDelegate);
myClientInstance.SendCommand(Command.FunctionPointer, functionPtr.ToInt32(), 1);
MessageHook.Initialize(myClientInstance);
}
catch (Exception X)
{
string message = "<Exception : " + X.Message + "> <Stack trace: " + X.StackTrace + ">";
myClientInstance.SendCommand(Command.Exception, message);
return;
}
while (true)
{
Thread.Sleep(1000);
}
}
public void SetupDetour()
{
var form = new Form();
var scd = new SwapChainDescription {
BufferCount = 1,
ModeDescription = new ModeDescription {
Format = DXGI_FORMAT_R8G8B8A8_UNORM
},
Usage = DXGI_USAGE_RENDER_TARGET_OUTPUT,
OutputHandle = form.Handle,
SampleDescription = new SampleDescription {
Count = 1
},
IsWindowed = true
};
unsafe
{
var pSwapChain = IntPtr.Zero;
var pDevice = IntPtr.Zero;
var pImmediateContext = IntPtr.Zero;
var ret = D3D11CreateDeviceAndSwapChain((void *)IntPtr.Zero, D3D_DRIVER_TYPE_HARDWARE,
(void *)IntPtr.Zero, 0, (void *)IntPtr.Zero, 0, D3D11_SDK_VERSION, &scd, &pSwapChain, &pDevice,
(void *)IntPtr.Zero, &pImmediateContext);
var func = Misc.GetVTableFunction(pSwapChain, DXGISwapChainPresent);
presentDelegateOrig = Misc.GetDelegate <PresentF>(func);
presentDelegate = new PresentF(MyPresent);
presentHook = LocalHook.Create(func, presentDelegate, null);
presentHook.ThreadACL.SetExclusiveACL(new int[] { });
}
form.Dispose();
}
//
// Setup
internal static IEnumerable <LocalHook> InstallHooks()
{
return(new[]
{
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll",
"CreateFileW"),
new CreateFileWDlg(CreateFile_Hooked),
SMInject.Instance
),
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll",
"SetFilePointer"),
new SetFilePointerDlg(SetFilePointer_Hooked),
SMInject.Instance
),
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll",
"WriteFile"),
new WriteFileDlg(WriteFile_Hooked),
SMInject.Instance
),
LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll",
"CloseHandle"),
new CloseHandleDlg(CloseHandle_Hooked),
SMInject.Instance
)
});
}
public void Run(RemoteHooking.IContext contect, string channelName)
{
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
// Install hooks
// CreateFile https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
new CreateFile_Delegate(CreateFile_Hook),
this
);
// Activate hooks on all threads except the current thread.
CreateFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
Interface.ReportMessage("Hook 'CreateFile' has been installed");
RemoteHooking.WakeUpProcess();
try
{
// Loop until the loader closes (i.e. IPC fails)
while (true)
{
Thread.Sleep(500);
string[] queued = null;
lock (_messageQueue)
{
queued = _messageQueue.ToArray();
_messageQueue.Clear();
}
if (queued != null && queued.Length > 0)
{
Interface.ReportMessages(queued);
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() or ReportMessages() will raise an exception if host is unreachable.
}
// Remove hooks
CreateFileHook.Dispose();
// Finalize cleanup of hooks
LocalHook.Release();
}
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
CreateKeywordHook = LocalHook.Create(
LocalHook.GetProcAddress("python27.dll", "PyEval_CallObjectWithKeywords"),
new DCallKeywords(CallKeywords_Hooked),
this);
CreateKeywordHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
CreateGetModuleHandleAHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32", "GetModuleHandleA"), new DGetModuleHandleA(GetModuleHandleHooked), this);
CreateGetModuleHandleAHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
/* CreateFileHook = LocalHook.Create(
* LocalHook.GetProcAddress("kernel32.dll", "MoveFileExW"),
* new HookStgCreateStorageEx(StgCreateStorageEx_Hooked),
* this);*/
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("ole32.dll", "StgCreateStorageEx"),
new HookStgCreateStorageEx(StgCreateStorageEx_Hooked),
this);
CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentThreadId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
// Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
}
else
{
// Interface.Ping(RemoteHooking.GetCurrentThreadId());
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
public void Run(RemoteHooking.IContext context, string channelName)
{
server.IsInstalled(RemoteHooking.GetCurrentProcessId());
List <LocalHook> hooks = new List <LocalHook>()
{
LocalHook.Create(
new IntPtr(ENGINE_UPDATE_HOOK_TARGET_ADDRESS),
new VoidDelegate(PollInputOverride),
this),
};
foreach (var hook in hooks)
{
hook.ThreadACL.SetExclusiveACL(new int[] { 0 });
}
InputEmulator.KeyConfig.TryLoadConfig();
server.ReportString($"DivaHook successfully established\n");
server.ReportString($"Do not close this application...");
RemoteHooking.WakeUpProcess();
try
{
while (true)
{
System.Threading.Thread.Sleep(500);
string[] queued = null;
lock (messageQueue)
{
queued = messageQueue.ToArray();
messageQueue.Clear();
}
if (queued != null && queued.Length > 0)
{
server.ReportMessages(queued);
}
else
{
server.Ping();
}
}
}
catch (Exception ex)
{
server.ReportException(ex);
}
foreach (var hook in hooks)
{
hook.Dispose();
}
LocalHook.Release();
}
/// <summary>
/// Installs an API hook based on the specified data.
/// </summary>
/// <param name="targetEntryPoint">The target entry point that should be hooked.</param>
/// <param name="hookHandler">A handler with the same signature as the original entry point.</param>
/// <param name="callback">An uninterpreted callback.</param>
private void InstallHook(IntPtr targetEntryPoint, Delegate hookHandler, object callback)
{
var localHook = LocalHook.Create(targetEntryPoint, hookHandler, callback);
localHook.ThreadACL.SetExclusiveACL(new int[0]);
lock (_syncRoot)
_installedHooks.Add(localHook);
}
public WinsockHook(IntPtr address, Settings settings)
{
this._settings = settings;
_name = string.Format("WinsockHook_{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new WinsockConnectDelegate(WinsockConnectDetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
public RegistryHook(IntPtr address, string prodKey)
{
_prodKey = prodKey;
_name = string.Format("RegQueryValueExAHook_{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new RegQueryValueExADelegate(RegQueryValueExADetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
public static LocalHook CreateHook(String moduleName, String functionName, Delegate callback, Object sender)
{
LocalHook hook = LocalHook.Create(LocalHook.GetProcAddress(moduleName, functionName), callback, sender);
hook.ThreadACL.SetExclusiveACL(new Int32[0]);
return(hook);
}
public MiniDumpWriteDumpHook(IntPtr address)
{
_name = string.Format("MiniDumpWriteDumpHook_{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new MiniDumpWriteDumpDelegate(MiniDumpWriteDumpDetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
public IsDebuggerPresentHook(IntPtr address)
{
_name = string.Format("EnumProcessesHook_{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new IsDebuggerPresentDelegate(IsDebuggerPresentDetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
public LoadLibraryWHook(IntPtr address)
{
_name = string.Format("LibraryCallHook_{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new LibraryCallDelegate(LoadLibraryWDetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
public AppdataHook(IntPtr address, string userLogin)
{
this._userLogin = userLogin;
_name = string.Format("AppDataHook_{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new SHGetFolderPathDelegate(SHGetFolderPathDetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
protected static LocalHook CreateHook(string dll, string method, Delegate hookImpl)
{
var procAddress = LocalHook.GetProcAddress(dll, method);
var hook = LocalHook.Create(procAddress, hookImpl, null);
hook.ThreadACL.SetExclusiveACL(new int[0]);
return(hook);
}
public static object HookLuaFun(string moduleName, string funName, Delegate luaFun)
{
IntPtr handle = LocalHook.GetProcAddress(moduleName, funName);
var newstateHook = LocalHook.Create(handle, luaFun, null);
newstateHook.ThreadACL.SetExclusiveACL(new int[1]);
return(newstateHook.Callback);
}
public MemoryHook(IntPtr address, ulong totalPhys)
{
this._totalPhys = totalPhys;
_name = string.Format("MemoryHook{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new GlobalMemoryStatusDelegate(GlobalMemoryStatusDetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
public override void Hook()
{
if (_d3d11VTblAddresses == null)
{
_d3d11VTblAddresses = new List <IntPtr>();
_dxgiSwapChainVTblAddresses = new List <IntPtr>();
#region Get Device and SwapChain method addresses
// Create temporary device + swapchain and determine method addresses
SlimDX.Direct3D11.Device device;
SwapChain swapChain;
using (SlimDX.Windows.RenderForm renderForm = new SlimDX.Windows.RenderForm())
{
SlimDX.Result result = SlimDX.Direct3D11.Device.CreateWithSwapChain(
DriverType.Hardware,
DeviceCreationFlags.None,
DXGI.CreateSwapChainDescription(renderForm.Handle),
out device,
out swapChain);
if (result.IsSuccess)
{
this.DebugMessage("Hook: Device created");
using (device)
{
_d3d11VTblAddresses.AddRange(GetVTblAddresses(device.ComPointer, D3D11_DEVICE_METHOD_COUNT));
using (swapChain)
{
_dxgiSwapChainVTblAddresses.AddRange(GetVTblAddresses(swapChain.ComPointer, DXGI.DXGI_SWAPCHAIN_METHOD_COUNT));
}
}
}
}
#endregion
}
// We will capture the backbuffer here
DXGISwapChain_PresentHook = LocalHook.Create(
_dxgiSwapChainVTblAddresses[(int)DXGI.DXGISwapChainVTbl.Present],
new DXGISwapChain_PresentDelegate(PresentHook),
this);
// We will capture target/window resizes here
DXGISwapChain_ResizeTargetHook = LocalHook.Create(
_dxgiSwapChainVTblAddresses[(int)DXGI.DXGISwapChainVTbl.ResizeTarget],
new DXGISwapChain_ResizeTargetDelegate(ResizeTargetHook),
this);
/*
* Don't forget that all hooks will start deactivated...
* The following ensures that all threads are intercepted:
* Note: you must do this for each hook.
*/
DXGISwapChain_PresentHook.ThreadACL.SetExclusiveACL(new Int32[1]);
DXGISwapChain_ResizeTargetHook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
/// <summary>
/// Installs hook.
/// </summary>
/// <param name="link">Link to call back interface i.e. to the method which will be called by makeCallBack method from the hook handler</param>
public void installHook(InterceptorCallBackInterface link)
{
hook = LocalHook.Create(
LocalHook.GetProcAddress(api_full_name.library_name, api_full_name.api_name),
createHookDelegate(),
link);
Console.WriteLine("Installing hook: " + api_full_name);
hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
public void Run(RemoteHooking.IContext inContext, String inChannelName)
{
// install hook...
try
{
_runningDirectory = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
IntPtr createFileProcAddress = LocalHook.GetProcAddress("kernel32.dll", "CreateFileA");
_createFileLocalHook = LocalHook.Create(
createFileProcAddress,
new CreateFileDelegate(CreateFileHookMethod),
this);
_createFileLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
IntPtr mmioOpenProcAddress = LocalHook.GetProcAddress("WINMM.dll", "mmioOpenW");
_mmioOpenLocalHook = LocalHook.Create(
mmioOpenProcAddress,
new MmioOpenDelegate(MmioOpenHookMethod),
this);
_mmioOpenLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
IntPtr getDriveTypeProcAddress = LocalHook.GetProcAddress("kernel32.dll", "GetDriveTypeA");
_getDriveTypeLocalHook = LocalHook.Create(
getDriveTypeProcAddress,
new GetDriveTypeDelegate(GetDriveTypeHookMethod),
this);
_getDriveTypeLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
}
catch (Exception exception)
{
_ipcInterface.ReportException(exception);
return;
}
_ipcInterface.NotifySucessfulInstallation(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait until we are not needed anymore...
try
{
while (true)
{
_ipcInterface.OnHooking();
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
private LocalHook HookVbaBeep()
{
var processAddress = LocalHook.GetProcAddress(_vbeApi.DllName, "rtcBeep");
var callbackDelegate = new VbaBeepDelegate(VbaBeepCallback);
var hook = LocalHook.Create(processAddress, callbackDelegate, null);
hook.ThreadACL.SetInclusiveACL(new[] { 0 });
return(hook);
}
void Hook <T>(string name, T callback) where T : Delegate
{
var address = resolver.Resolve(name);
var hook = LocalHook.Create(address, callback, null);
hook.ThreadACL.SetExclusiveACL(Array.Empty <int>());
Hooks.Add(name, hook);
Console.WriteLine($"Hooked {name}");
}
private void PatchInvalidPtrCheck()
{
invalidPtrCheckPatch = LocalHook.Create(
IntPtr.Zero + Offset.Function.InvalidPtrCheck,
new CommandCallback.InvalidPtrCheck(commandHandler.InvalidPtrCheckPatch),
this);
invalidPtrCheckPatch.ThreadACL.SetExclusiveACL(new Int32[] { });
}
private void CreateHook()
{
if (Hook != null)
{
return;
}
Hook = LocalHook.Create(FunctionToHook, NewFunction, Owner);
}
internal FunctionHook(MemoryAddress address, string name, T original, T hook)
{
Address = address;
Name = name;
Original = original;
Hook = hook;
_hook = LocalHook.Create(address, hook, this);
}
public void Run(
RemoteHooking.IContext InContext,
String InArg1)
{
try
{
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
new DCreateFile(CreateFile_Hooked),
this);
/*
* Don't forget that all hooks will start deaktivated...
* The following ensures that all threads are intercepted:
*/
CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
catch (Exception e)
{
/*
* Now we should notice our host process about this error...
*/
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e);
return;
}
// wait for host process termination...
try
{
while (Interface.Ping(RemoteHooking.GetCurrentProcessId()))
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
lock (Queue)
{
if (Queue.Count > 0)
{
String[] Package = null;
Package = Queue.ToArray();
Queue.Clear();
Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
}
}
}
}
catch
{
// NET Remoting will raise an exception if host is unreachable
}
}
public bool CreateHook<T>(GameFunction<T> function, T hook) where T : Delegate
{
if (hook == null)
return false;
Hooks[hook] = LocalHook.Create(function.Pointer, hook, function);
Hooks[hook].ThreadACL.SetExclusiveACL(new[] { 0 });
return true;
}
/// <summary>
/// Initializes a new instance of the <see cref="Hook{T}"/> class.
/// Hook is not activated until Enable() method is called.
/// </summary>
/// <param name="address">A memory address to install a hook.</param>
/// <param name="detour">Callback function. Delegate must have a same original function prototype.</param>
public Hook(IntPtr address, T detour)
{
this.hookInfo = LocalHook.Create(address, detour, null); // Installs a hook here
this.address = address;
this.original = Marshal.GetDelegateForFunctionPointer <T>(this.hookInfo.HookBypassAddress);
HookInfo.TrackedHooks.Add(new HookInfo()
{
Delegate = detour, Hook = this, Assembly = Assembly.GetCallingAssembly()
});
}
public NetworkAdapterHook(IntPtr address, string guid, string mac, string ipaddress)
{
_guid = guid;
_mac = mac;
_address = ipaddress;
_name = string.Format("GetAdaptersInfoHook_{0:X}", address.ToInt32());
_hook = LocalHook.Create(address, new GetAdaptersInfoDelegate(GetAdaptersInfoDetour), this);
_hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
