private bool FixOverlappingModifications(IntPtr scanAddress, int size) { Int32 scanStart = scanAddress.ToInt32(); Int32 scanEnd = scanAddress.ToInt32() + size; Int32 modStart = Offset.Function.InvalidPtrCheck; /* * detoured x86 functions have first 5 bytes changed to * JMP/CALL opcode and 4 bytes of jump address * * i.e. for JMP * 0xE9 AddressByte[0] AddressByte[1] AddressByte[2] AddressByte[3] * */ Int32 modEnd = Offset.Function.InvalidPtrCheck + 5; if (scanEnd > modStart) { if (scanEnd < modEnd || scanStart < modEnd) { hc.PrintMessage($"Warden[{DateTime.Now}] Preventing scan at 0x{scanStart:X}, size {size}. Unhooking..."); commandHandler.DestroyLuaEventFrameHandler_W(); invalidPtrCheckPatch.Dispose(); LocalHook.Release(); return(true); } } return(false); }
private bool VirtualProtectPatchHandler(IntPtr lpAddress, UIntPtr dwSize, SystemWin32.MemoryProtection flNewProtect, ref uint lpflOldProtect) { if (flNewProtect == SystemWin32.MemoryProtection.PAGE_EXECUTE_READ) { IntPtr wardenMemoryScan = FindWardenSignature(lpAddress.GetUIntPtr(), dwSize.ToUInt32(), WardenScanMemoryCode); if (wardenMemoryScan != IntPtr.Zero) { hc.PrintMessage($"Found Warden Memory Scan function at 0x{wardenMemoryScan.ToInt32():X}, offset from base module: 0x{(wardenMemoryScan.ToInt32() - lpAddress.ToInt32()):X}"); wardenScanPatch?.Dispose(); PatchWardenScan(wardenMemoryScan); } IntPtr wardenPageCheck = FindWardenSignature(lpAddress.GetUIntPtr(), dwSize.ToUInt32(), WardenPageCheckCode); if (wardenPageCheck != IntPtr.Zero) { hc.PrintMessage($"Found Warden Page Check code at 0x{wardenPageCheck.ToInt32():X}, offset from base module: 0x{(wardenPageCheck.ToInt32() - lpAddress.ToInt32()):X}"); wardenPageCheckPatch?.Dispose(); wardenPageCheckPatch = new PageCheckHook(memory, PageCheckPatchHandler, wardenPageCheck); } if (wardenMemoryScan != IntPtr.Zero || wardenPageCheck != IntPtr.Zero) { hc.PrintMessage($"Warden base module starts at 0x{lpAddress.ToInt32():X}, size {dwSize.ToUInt32()}"); } } return(originalVirtualProtect(lpAddress, dwSize, flNewProtect, ref lpflOldProtect)); }
public void SetHookState(bool request) { if (request) { if (ShellExecuteExHook != null) { SetHookState(false); } ShellExecuteExHook = LocalHook.Create( LocalHook.GetProcAddress("shell32.dll", "ShellExecuteExW"), new DShellExecuteEx(ShellExecuteEx_Hooked), this); ShowWindowHook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "ShowWindow"), new DShowWindow(ShowWindow_Hooked), this); ResetHookAcl(HookManager.HookingThreadIds.ToArray()); } else { if (ShellExecuteExHook != null) { ShellExecuteExHook.Dispose(); ShellExecuteExHook = null; } if (ShowWindowHook != null) { ShowWindowHook.Dispose(); ShowWindowHook = null; } } }
/// <summary> /// Just ensures that the surface we created is cleaned up. /// </summary> public override void Cleanup() { try { if (Direct3DDevice_EndSceneHook != null) { Direct3DDevice_EndSceneHook.Dispose(); Direct3DDevice_EndSceneHook = null; } if (Direct3DDevice_ResetHook != null) { Direct3DDevice_ResetHook.Dispose(); Direct3DDevice_ResetHook = null; } lock (_lockRenderTarget) { if (_renderTarget != null) { _renderTarget.Dispose(); _renderTarget = null; } Request = null; } } catch { } }
public void Run( RemoteHooking.IContext InContext, String InChannelName) { // install hook... Hook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "SetWindowTextW"), new DSetWindowText(SetWindowText_Hooked), this); Hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); try { while (true) { Thread.Sleep(500); } } catch (Exception e) { Interface.ReportException(e); } Hook.Dispose(); LocalHook.Release(); }
public void Run(RemoteHooking.IContext context, GlobalConfig config) { LocalHook endScenePatch = null; try { endScenePatch = LocalHook.Create( IntPtr.Zero + Offset.Function.EndScene, new CommandCallback.EndScene(commandHandler.EndScenePatch), this); endScenePatch.ThreadACL.SetExclusiveACL(new Int32[] { }); } catch (Exception e) { ctrlInterface.hostControl.PrintMessage(e.ToString()); } /* keep the remote from unloading */ while (remoteMainOn) { Thread.Sleep(5000); } commandHandler?.Dispose(); endScenePatch?.Dispose(); wardenBuster?.Dispose(); }
public void Run(IContext context, string channelName, int redirectionPort) { _interface.NotifyInstalled(Process.GetCurrentProcess().ProcessName); try { _connectHook = LocalHook.Create( LocalHook.GetProcAddress("Ws2_32.dll", "connect"), new WinsockConnectDelegate(_onConnect), this); _connectHook.ThreadACL.SetExclusiveACL(new[] { 0 }); } catch (Exception ex) { _interface.Error(ex); } WakeUpProcess(); try { while (true) { Thread.Sleep(500); _interface.Ping(); } } catch { _connectHook.Dispose(); LocalHook.Release(); } }
public static void Main(string[] args) { var exeToLaunch = ArgumentGetter.Instance.GetValueFromArguments(args, "ExeToLaunch"); exeToLaunch = string.Format(exeToLaunch, Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), #if DEBUG "Debug" #else "Release" #endif ); var exeArguments = ArgumentGetter.Instance.GetValueFromArguments(args, "ExeArguments"); LocalHook hook = null; _noHook = ArgumentGetter.Instance.GetValueFromArguments(args, "NoHook") == "true"; if (!_noHook) { object createProcessWHooker; var type = EventHandlerInjector.AttachHandlerToEventDynamically(_dllWithHook, "CreateProcessWHooker", "MethodHookedEvent", typeof(Program), "CreateProcessWHooker_ProcessCreated", null, out createProcessWHooker); var memberInfo = type.GetMethod("CreateHook"); Debug.Assert(memberInfo != null, "memberInfo != null"); hook = (LocalHook)memberInfo.Invoke(createProcessWHooker, new object[0]); } DoCreateProcessW(exeToLaunch, exeArguments); Console.Write("\nPress <enter> to uninstall hook and exit."); Console.ReadLine(); hook?.Dispose(); Console.ReadLine(); }
public override void Cleanup() { try { if (DXGISwapChain_PresentHook != null) { DXGISwapChain_PresentHook.Dispose(); DXGISwapChain_PresentHook = null; } if (DXGISwapChain_ResizeTargetHook != null) { DXGISwapChain_ResizeTargetHook.Dispose(); DXGISwapChain_ResizeTargetHook = null; } if (_overlayEngine != null) { _overlayEngine.Dispose(); _overlayEngine = null; } //this.Request = null; } catch { } }
public void Run(RemoteHooking.IContext contect, string channelName) { Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); // Install hooks // CreateFile https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new CreateFile_Delegate(CreateFile_Hook), this ); // Activate hooks on all threads except the current thread. CreateFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); Interface.ReportMessage("Hook 'CreateFile' has been installed"); RemoteHooking.WakeUpProcess(); try { // Loop until the loader closes (i.e. IPC fails) while (true) { Thread.Sleep(500); string[] queued = null; lock (_messageQueue) { queued = _messageQueue.ToArray(); _messageQueue.Clear(); } if (queued != null && queued.Length > 0) { Interface.ReportMessages(queued); } else { Interface.Ping(); } } } catch { // Ping() or ReportMessages() will raise an exception if host is unreachable. } // Remove hooks CreateFileHook.Dispose(); // Finalize cleanup of hooks LocalHook.Release(); }
public void Dispose() { invalidPtrCheckPatch.Dispose(); virtualProtectPatch.Dispose(); wardenScanPatch.Dispose(); wardenPageCheckPatch.Dispose(); LocalHook.Release(); }
public virtual void Dispose() { if (Hook != null) { Hook.Dispose(); Hook = null; } }
public static void Uninstall() { if (load_dll_hook != null) { load_dll_hook.Dispose(); load_dll_hook = null; } if (luaL_newstate_hook != null) { luaL_newstate_hook.Dispose(); luaL_newstate_hook = null; } if (lua_close_hook != null) { lua_close_hook.Dispose(); lua_close_hook = null; } if (luaL_ref_hook != null) { luaL_ref_hook.Dispose(); luaL_ref_hook = null; } if (luaL_unref_hook != null) { luaL_unref_hook.Dispose(); luaL_unref_hook = null; } if (luaL_loadbuffer_hook != null) { luaL_loadbuffer_hook.Dispose(); luaL_loadbuffer_hook = null; } if (toluaL_ref_hook != null) { toluaL_ref_hook.Dispose(); toluaL_ref_hook = null; } if (toluaL_unref_hook != null) { toluaL_unref_hook.Dispose(); toluaL_unref_hook = null; } if (lua_error_hook != null) { lua_error_hook.Dispose(); lua_error_hook = null; } }
public void Dispose() { // Dispose of the EasyHook handle. transferHook.Dispose(); // Dispose of our GC handles, this will allow the delegates to be collected. produceHandle.Free(); getTypeHandle.Free(); constructorHandle.Free(); }
public void Run(RemoteHooking.IContext context, string channelName) { server.IsInjected(RemoteHooking.GetCurrentProcessId()); server.ReportMessage("Setting up hook..."); loadScriptHook = LocalHook.Create( IntPtr.Add(baseAddr, 0xBBF000), new LoadScript_delegate(LoadScript_hook), this ); loadScriptHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); var addr = IntPtr.Add(baseAddr, 0xBBF000); messageQueue.Enqueue(string.Format("Added hook to {0:X}!", (int)addr)); try { while (true) { System.Threading.Thread.Sleep(500); string[] queue; lock (messageQueue) { queue = messageQueue.ToArray(); messageQueue.Clear(); } foreach (string message in queue) { server.ReportMessage(message); } server.Ping(); } } catch { loadScriptHook.Dispose(); } loadScriptHook.Dispose(); }
public void Dispose() { if (_hook == null) { return; } _hook.Dispose(); _hook = null; }
public void Dispose() { //Dispose hook if (hook != null) { log.Info("Disposing hook"); hook.Dispose(); hook = null; } }
public static void Release() { _getItemTooltipDescriptionHook.Dispose(); LocalHook.Release(); foreach (var buffer in CachedBufferAddrs.Values) { Marshal.FreeHGlobal(buffer); } }
void RealDispose() { if (_disposed) { return; } _disposed = true; _hook?.Dispose(); }
public void Cleanup() { // Remove hooks GetControllerStateHook.Dispose(); GetControllerStateWithPoseHook.Dispose(); PollNextEventHook.Dispose(); PollNextEventWithPoseHook.Dispose(); // Finalise cleanup of hooks LocalHook.Release(); }
public void Dispose() { if (_disposed) { return; } _hook?.Dispose(); _timer?.Dispose(); _disposed = true; }
public void Run(RemoteHooking.IContext context, string channelName) { _pid = RemoteHooking.GetCurrentProcessId(); _processName = Path.GetFileName(Process.GetProcessById(_pid).MainModule.FileName); _server.SetPid(_pid); Log($"Injected Focus Steal Blocker Hook into process {GetProcessDescription()}"); LocalHook setForegroundWindowHook = LocalHook.Create( LocalHook.GetProcAddress("User32.dll", "SetForegroundWindow"), new SetForegroundWindow_Delegate(SetForegroundWindow_Hook), this); setForegroundWindowHook.ThreadACL.SetExclusiveACL(new[] { 0 }); Log($"SetForegroundWindow hook installed for {GetProcessDescription()}"); RemoteHooking.WakeUpProcess(); try { while (_server != null && !_server.ShouldAbort()) { Thread.Sleep(500); string[] queued; lock (_messageQueue) { queued = _messageQueue.ToArray(); _messageQueue.Clear(); } if (queued.Length > 0) { foreach (string message in queued) { Log(message); } } } } catch (Exception ex) { Log(ex.ToString()); } // Remove hooks setForegroundWindowHook.Dispose(); // Finalise cleanup of hooks LocalHook.Release(); }
/// <summary> /// Cancel SuperMemo's splash screen then unload the hook /// </summary> /// <param name="inHwnd">The window handle</param> /// <param name="inNCmdShow">The display mode</param> /// <returns></returns> private bool ShowWindow_Hooked(IntPtr inHwnd, int inNCmdShow) { if (inNCmdShow == SwShowNormal) { _showWindowHook.Dispose(); _showWindowHook = null; return(true); } return(Win32.ShowWindow(inHwnd, inNCmdShow)); }
public override void Cleanup() { try { DXGISwapChain_PresentHook.Dispose(); DXGISwapChain_ResizeTargetHook.Dispose(); this.Request = null; } catch { } }
internal static void InstallHooks() { if (_hooksInstalled) { return; } var sbr = new ScrollBarRenderer(); var ttr = new ToolTipRenderer(); var tvr = new TreeViewRenderer(); _themeRenderers[sbr.HTheme] = sbr; _themeRenderers[ttr.HTheme] = ttr; _themeRenderers[tvr.HTheme] = tvr; try { (_getSysColorHook, GetSysColorOriginal) = InstallHook <GetSysColorDelegate>( "user32.dll", "GetSysColor", GetSysColor); (_getSysColorBrushHook, GetSysColorBrushOriginal) = InstallHook <GetSysColorBrushDelegate>( "user32.dll", "GetSysColorBrush", GetSysColorBrush); } catch { // If we fail, oh well, just keep the classic-mode colors then... better than nothing _getSysColorHook?.Dispose(); _getSysColorBrushHook?.Dispose(); } try { (_drawThemeBackgroundHook, DrawThemeBackgroundOriginal) = InstallHook <DrawThemeBackgroundDelegate>( "uxtheme.dll", "DrawThemeBackground", DrawThemeBackgroundHook); (_getThemeColorHook, GetThemeColorOriginal) = InstallHook <GetThemeColorDelegate>( "uxtheme.dll", "GetThemeColor", GetThemeColorHook); } catch { _drawThemeBackgroundHook?.Dispose(); _getThemeColorHook?.Dispose(); } _hooksInstalled = true; }
/// <summary> /// This method should be called from the hook handlers. It routes transfer unit to the place of futher processing. /// </summary> /// <param name="tu"></param> protected void makeCallBack(TransferUnit tu) { try { callback_interface.dataHasBeenIntercepted(tu); } catch (Exception) { Console.WriteLine("Error in callback. Disposing hook <" + this.api_full_name.library_name + "." + this.api_full_name.api_name + ">"); //Console.WriteLine("-----------------------------------------------------------------------"); //Console.WriteLine(e); //Console.WriteLine("-----------------------------------------------------------------------"); hook.Dispose(); } }
public void Uninstall() { if (MessageBoxWHook != null) { MessageBoxWHook.Dispose(); MessageBoxWHook = null; } if (MessageBoxAHook != null) { MessageBoxAHook.Dispose(); MessageBoxAHook = null; } }
protected virtual void Dispose(bool disposing) { if (disposed) { return; } if (disposing) { hook.Dispose(); } disposed = true; }
public void Dispose() { localHook.ThreadACL.SetInclusiveACL(new int[] { 0 }); localHook.Dispose(); localHook = null; swapChain.Dispose(); swapChain = null; device.Dispose(); device = null; DestroyWindow(hwnd); hwnd = IntPtr.Zero; }
public static void Uninstall() { _colorHook?.Dispose(); _brushHook?.Dispose(); _themeColorHook?.Dispose(); _themeBrushHook?.Dispose(); _getThemeColorHook?.Dispose(); _messageBoxAHook?.Dispose(); _messageBoxWHook?.Dispose(); _openThemeDataHook?.Dispose(); _openThemeDataExHook?.Dispose(); _closeThemeDataHook?.Dispose(); _drawThemeBackgroundHook?.Dispose(); _drawThemeBackgroundExHook?.Dispose(); }