public void Run(
RemoteHooking.IContext InContext,
String InArg1)
{
try
{
LocalHook.BeginUpdate(false);
{
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
new DCreateFile(CreateFile_Hooked),
this);
}
LocalHook.EndUpdate();
/*
* Don't forget that all hooks will start deaktivated...
* The following ensures that all threads are intercepted:
*/
CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
catch (Exception e)
{
/*
* Now we should notice our host process about this error...
*/
Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e);
return;
}
// wait for host process termination...
try
{
while (Interface.Ping(RemoteHooking.GetCurrentProcessId()))
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
}
}
}
catch
{
// NET Remoting will raise an exception if host is unreachable
}
}
public static void Run()
{
DMethodA MethodADelegate = new DMethodA(MethodA);
DMethodB MethodBDelegate = new DMethodB(MethodB);
GC.KeepAlive(MethodADelegate);
GC.KeepAlive(MethodBDelegate);
LHTestMethodA = Marshal.GetFunctionPointerForDelegate(MethodADelegate);
LHTestMethodB = Marshal.GetFunctionPointerForDelegate(MethodBDelegate);
// install hooks
LocalHook[] MyHooks = new LocalHook[6];
Int32 Index = 0;
LocalHook.BeginUpdate(true);
{
LocalHook.BeginUpdate(true);
{
LocalHook.BeginUpdate(true);
{
MyHooks[Index++] = LocalHook.Create(
LHTestMethodA,
LHTestHookA,
Index);
MyHooks[Index++] = LocalHook.Create(
LHTestMethodB,
LHTestHookB,
Index);
}
LocalHook.CancelUpdate();
MyHooks[Index++] = LocalHook.Create(
LHTestMethodA,
LHTestHookA,
Index);
MyHooks[Index++] = LocalHook.Create(
LHTestMethodB,
LHTestHookB,
Index);
}
LocalHook.CancelUpdate();
MyHooks[Index++] = LocalHook.Create(
LHTestMethodA,
LHTestHookA,
Index);
MyHooks[Index++] = LocalHook.Create(
LHTestMethodB,
LHTestHookB,
Index);
}
LocalHook.EndUpdate();
// we want to intercept all threads...
MyHooks[4].ThreadACL.SetExclusiveACL(null);
MyHooks[5].ThreadACL.SetExclusiveACL(null);
LHTestMethodADelegate = (DMethodA)Marshal.GetDelegateForFunctionPointer(LHTestMethodA, typeof(DMethodA));
LHTestMethodBDelegate = (DMethodB)Marshal.GetDelegateForFunctionPointer(LHTestMethodB, typeof(DMethodB));
/*
* This is just to make sure that all related objects are referenced.
* At the beginning there were several objects like delegates that have
* been collected during execution! The NET-Framework will produce bugchecks
* in such cases...
*/
GC.Collect();
GC.WaitForPendingFinalizers();
GC.Collect();
IntPtr t = Marshal.GetFunctionPointerForDelegate(LHTestHookA);
Int64 t1 = System.Diagnostics.Stopwatch.GetTimestamp();
for (int i = 0; i < LHTestThreadCount; i++)
{
new Thread(new ThreadStart(LHTestThread)).Start();
}
LHTestCompleted.WaitOne();
t1 = ((System.Diagnostics.Stopwatch.GetTimestamp() - t1) * 1000) / System.Diagnostics.Stopwatch.Frequency;
// verify results
if ((LHTestCounterMA != LHTestCounterMAH) || (LHTestCounterMAH != LHTestCounterMB) ||
(LHTestCounterMB != LHTestCounterMBH) || (LHTestCounterMB != LHTestThreadCount * 10000))
{
throw new Exception("LocalHook test failed.");
}
Console.WriteLine("Localhook test passed in {0} ms.", t1);
}
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
LocalHook.BeginUpdate(true);
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
new DCreateFile(CreateFile_Hooked),
this);
LocalHook.EndUpdate();
CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
}
else
{
Interface.Ping();
}
}
}
catch
{
// Ping() will raise an exception if host is unreachable
}
}
