private void CleanupHooks() { try { foreach (var lh in LocalHooks) { lh?.Dispose(); } _showWindowHook?.Dispose(); LocalHook.Release(); } catch (Exception ex) { try { OnException(ex); } catch { // ignored } } }
private static void Release(Type entryPoint) { if (entryPoint != null) { LocalHook.Release(); } }
public void Run(RemoteHooking.IContext context, string channelName) { var postMessageHook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "PostMessageW"), new PostMessageDelegate(PostMessageHook), this); postMessageHook.ThreadACL.SetExclusiveACL(new[] { 0 }); //RemoteHooking.WakeUpProcess(); _server.Ping(); try { while (true) { Thread.Sleep(1000); _server.Ping(); } } finally { postMessageHook?.Dispose(); LocalHook.Release(); } }
public void Run( RemoteHooking.IContext InContext, String InChannelName) { // install hook... Hook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "SetWindowTextW"), new DSetWindowText(SetWindowText_Hooked), this); Hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); try { while (true) { Thread.Sleep(500); } } catch (Exception e) { Interface.ReportException(e); } Hook.Dispose(); LocalHook.Release(); }
public void Run(RemoteHooking.IContext context, string channelName) { server.IsClientInstalled(RemoteHooking.GetCurrentProcessId()); var shellExecuteHook = LocalHook.Create( LocalHook.GetProcAddress("shell32.dll", "ShellExecuteExW"), new ShellExecuteExDelegate(ShellExecuteExHook), this); shellExecuteHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); RemoteHooking.WakeUpProcess(); server.ReportMessage("Injected to osu! process"); try { // Loop until closes (i.e. IPC fails) while (true) { System.Threading.Thread.Sleep(500); server.Ping(); } } catch { // Ping() or ReportMessages() will raise an exception if host is unreachable } shellExecuteHook.Dispose(); LocalHook.Release(); }
private bool FixOverlappingModifications(IntPtr scanAddress, int size) { Int32 scanStart = scanAddress.ToInt32(); Int32 scanEnd = scanAddress.ToInt32() + size; Int32 modStart = Offset.Function.InvalidPtrCheck; /* * detoured x86 functions have first 5 bytes changed to * JMP/CALL opcode and 4 bytes of jump address * * i.e. for JMP * 0xE9 AddressByte[0] AddressByte[1] AddressByte[2] AddressByte[3] * */ Int32 modEnd = Offset.Function.InvalidPtrCheck + 5; if (scanEnd > modStart) { if (scanEnd < modEnd || scanStart < modEnd) { hc.PrintMessage($"Warden[{DateTime.Now}] Preventing scan at 0x{scanStart:X}, size {size}. Unhooking..."); commandHandler.DestroyLuaEventFrameHandler_W(); invalidPtrCheckPatch.Dispose(); LocalHook.Release(); return(true); } } return(false); }
public void Run(IContext context, string channelName, int redirectionPort) { _interface.NotifyInstalled(Process.GetCurrentProcess().ProcessName); try { _connectHook = LocalHook.Create( LocalHook.GetProcAddress("Ws2_32.dll", "connect"), new WinsockConnectDelegate(_onConnect), this); _connectHook.ThreadACL.SetExclusiveACL(new[] { 0 }); } catch (Exception ex) { _interface.Error(ex); } WakeUpProcess(); try { while (true) { Thread.Sleep(500); _interface.Ping(); } } catch { _connectHook.Dispose(); LocalHook.Release(); } }
public void Run(RemoteHooking.IContext context, string channelName) { Stealther stealther = null; try { Server.IsInstalled(RemoteHooking.GetCurrentProcessId()); RemoteHooking.WakeUpProcess(); if (DetectDirectXVersion()) { device.InstallHook(); } stealther = new Stealther(); } catch (Exception e) { Server.ReportException(e); } while (Server.RunLibrary) { Thread.Sleep(500); } stealther?.Dispose(); device?.UninstallHook(); LocalHook.Release(); Server.DebugMessage("Hooks uninstalled, you can close app!"); }
#pragma warning disable IDE0060 // Remove unused parameter // ReSharper disable once UnusedMember.Global // ReSharper disable UnusedParameter.Global /// <summary> /// Run immediately after injection. /// Will be run in its own thread (I think), but under the target executable. /// /// The parameters for Run and the Constructor must be the same. /// </summary> /// <param name="context">Some context information about the environment in which this method is invoked.</param> /// <param name="channelName">The IPC Channel Name for communication.</param> /// <param name="lcGoLProcessId">The LCGoL Process Id.</param> public void Run(IContext context, string channelName, int lcGoLProcessId) { // Report Installed _server.IsInstalled(GetCurrentProcessId()); // Get d3d9 device addresses var d3d9FunctionAddresses = GetD3D9VTableAddresses(); // Install Hook(s) to EndScene. var endSceneHook = LocalHook.Create( d3d9FunctionAddresses[(int)Direct3DDevice9FunctionOrdinals.EndScene], // EndScene Function Address new EndSceneDelegate(EndSceneHook), // Our delegate/function to hook this ); // Activate hooks endSceneHook.ThreadACL.SetExclusiveACL(new int[1]); // Report Hooks Installed _server.ReportMessage("EndScene Hook Installed"); _server.ReportMessage($"Context's Process: {_injectorProcess.Id}:{_injectorProcess.GetApplicationName()}"); _server.ReportMessage($"LCGOL Process: {_lcgolProcess.Id}:{_lcgolProcess.GetApplicationName()}"); // Main Thread Loop PerformMainThreadLoop(); // Stop Injection if main thread ends endSceneHook.Dispose(); LocalHook.Release(); }
public void Run(RemoteHooking.IContext context, string channelName) { var createProcessHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateProcessW"), new NativeDelegates.CreateProcessDelegate(OnCreateProcessHook), this); createProcessHook.ThreadACL.SetExclusiveACL(new[] { 0 }); RemoteHooking.WakeUpProcess(); try { while (true) { // Periodically send status to the server Server.RaisePingRequested(channelName); Thread.Sleep(1000); } } catch { // ignored } createProcessHook.Dispose(); LocalHook.Release(); }
public void Run(RemoteHooking.IContext context, string channelName) { server.IsInstalled(RemoteHooking.GetCurrentProcessId()); List <LocalHook> hooks = new List <LocalHook>() { LocalHook.Create( new IntPtr(ENGINE_UPDATE_HOOK_TARGET_ADDRESS), new VoidDelegate(PollInputOverride), this), }; foreach (var hook in hooks) { hook.ThreadACL.SetExclusiveACL(new int[] { 0 }); } InputEmulator.KeyConfig.TryLoadConfig(); server.ReportString($"DivaHook successfully established\n"); server.ReportString($"Do not close this application..."); RemoteHooking.WakeUpProcess(); try { while (true) { System.Threading.Thread.Sleep(500); string[] queued = null; lock (messageQueue) { queued = messageQueue.ToArray(); messageQueue.Clear(); } if (queued != null && queued.Length > 0) { server.ReportMessages(queued); } else { server.Ping(); } } } catch (Exception ex) { server.ReportException(ex); } foreach (var hook in hooks) { hook.Dispose(); } LocalHook.Release(); }
public void Run(RemoteHooking.IContext contect, string channelName) { Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); // Install hooks // CreateFile https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new CreateFile_Delegate(CreateFile_Hook), this ); // Activate hooks on all threads except the current thread. CreateFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); Interface.ReportMessage("Hook 'CreateFile' has been installed"); RemoteHooking.WakeUpProcess(); try { // Loop until the loader closes (i.e. IPC fails) while (true) { Thread.Sleep(500); string[] queued = null; lock (_messageQueue) { queued = _messageQueue.ToArray(); _messageQueue.Clear(); } if (queued != null && queued.Length > 0) { Interface.ReportMessages(queued); } else { Interface.Ping(); } } } catch { // Ping() or ReportMessages() will raise an exception if host is unreachable. } // Remove hooks CreateFileHook.Dispose(); // Finalize cleanup of hooks LocalHook.Release(); }
public void Dispose() { invalidPtrCheckPatch.Dispose(); virtualProtectPatch.Dispose(); wardenScanPatch.Dispose(); wardenPageCheckPatch.Dispose(); LocalHook.Release(); }
private void UnHookAll() { foreach (var localHook in _localHooks) { localHook.Dispose(); } _localHooks.Clear(); LocalHook.Release(); }
static void Main(string[] args) { //LHTest.Run(); RHTest.Run(); LocalHook.Release(); Console.ReadKey(); }
private void EndHook() { if (Hook != null) { LocalHook.Release(); Hook.Dispose(); Hook = null; Proxy = null; } }
public void Dispose() { // Remove hooks hooker.Dispose(); // Finalise cleanup of hooks LocalHook.Release(); logger.Debug("Resources has benn released."); }
public static void Release() { _getItemTooltipDescriptionHook.Dispose(); LocalHook.Release(); foreach (var buffer in CachedBufferAddrs.Values) { Marshal.FreeHGlobal(buffer); } }
public void Cleanup() { // Remove hooks GetControllerStateHook.Dispose(); GetControllerStateWithPoseHook.Dispose(); PollNextEventHook.Dispose(); PollNextEventWithPoseHook.Dispose(); // Finalise cleanup of hooks LocalHook.Release(); }
public void Run(RemoteHooking.IContext context, string channelName) { _pid = RemoteHooking.GetCurrentProcessId(); _processName = Path.GetFileName(Process.GetProcessById(_pid).MainModule.FileName); _server.SetPid(_pid); Log($"Injected Focus Steal Blocker Hook into process {GetProcessDescription()}"); LocalHook setForegroundWindowHook = LocalHook.Create( LocalHook.GetProcAddress("User32.dll", "SetForegroundWindow"), new SetForegroundWindow_Delegate(SetForegroundWindow_Hook), this); setForegroundWindowHook.ThreadACL.SetExclusiveACL(new[] { 0 }); Log($"SetForegroundWindow hook installed for {GetProcessDescription()}"); RemoteHooking.WakeUpProcess(); try { while (_server != null && !_server.ShouldAbort()) { Thread.Sleep(500); string[] queued; lock (_messageQueue) { queued = _messageQueue.ToArray(); _messageQueue.Clear(); } if (queued.Length > 0) { foreach (string message in queued) { Log(message); } } } } catch (Exception ex) { Log(ex.ToString()); } // Remove hooks setForegroundWindowHook.Dispose(); // Finalise cleanup of hooks LocalHook.Release(); }
public unsafe void Run(RemoteHooking.IContext context, string channelName) { HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "WSARecv"), new Ws2_32.WSARecv_Delegate(WSARecv_Hook), this)); HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "send"), new Ws2_32.send_Delegate(send_Hook), this)); HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "connect"), new Ws2_32.connect_Delegate(connect_Hook), this)); HooksController.InstallHook(LocalHook.Create(LocalHook.GetProcAddress("ws2_32.dll", "closesocket"), new Ws2_32.closesocket_Delegate(closesocket_Hook), this)); RemoteHooking.WakeUpProcess(); Application.Run(MainForm.Instance); HooksController.RemoveAllHooks(); LocalHook.Release(); }
public void Dispose() { // Remove hooks hooker?.Dispose(); // Finalise cleanup of hooks LocalHook.Release(); server.OnClosed -= proxy.Close; logger.Debug("资源已成功释放."); }
bool TryHookTransfer(string typeName, out LocalHook hook) { if (ProgramDatabase.TryGetAddressForSymbol($"?VirtualRedirectTransfer@{typeName}@@UEAAXAEAVGenerateTypeTreeTransfer@@@Z", out var original) && ProgramDatabase.TryGetAddressForSymbol($"??$Transfer@VGenerateTypeTreeTransfer@@@{typeName}@@IEAAXAEAVGenerateTypeTreeTransfer@@@Z", out var transfer)) { LocalHook.Release(); hook = LocalHook.CreateUnmanaged(original, transfer, IntPtr.Zero); hook.ThreadACL.SetInclusiveACL(new[] { 0 }); return(true); } hook = null; return(false); }
/// <summary> /// The main entry point for our logic once injected within the target process. /// This is where the hooks will be created, and a loop will be entered until host process exits. /// EasyHook requires a matching Run method for the constructor /// </summary> /// <param name="context">The RemoteHooking context</param> /// <param name="channelName">The name of the IPC channel</param> public void Run( EasyHook.RemoteHooking.IContext context, string channelName) { _server.IsInstalled(RemoteHooking.GetCurrentProcessId()); var doDragDropHook = LocalHook.Create(LocalHook.GetProcAddress("Ole32.dll", "DoDragDrop"), new DoDrag_Hook(DoDragDrop_Hook), this); // Activate hooks on all threads except the current thread doDragDropHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); _server.ReportMessage(RemoteHooking.GetCurrentProcessId(), "DoDragDrop hook installed"); try { while (true) { System.Threading.Thread.Sleep(500); string[] queued = null; lock (_messageQueue) { queued = _messageQueue.ToArray(); _messageQueue.Clear(); } if (queued != null && queued.Length > 0) { _server.ReportMessages(RemoteHooking.GetCurrentProcessId(), queued); } else { _server.Ping(); } } } catch { // Ping() or ReportMessages() will raise an exception if host is unreachable } // Remove hooks doDragDropHook.Dispose(); // Finalise cleanup of hooks LocalHook.Release(); }
public void Run(RemoteHooking.IContext context, string channelName) { #if DEBUG // Instant launch debugger on debug build (does cause crash when the process is not already running) Debugger.Launch(); #endif Process = Process.GetProcessById(RemoteHooking.GetCurrentProcessId()); if (HookBase == null) { throw new Exception("HookBase must be set"); } // Install Core.VisualRenderType = _visualRenderType; Core.Install(Process, HookBase); InitializeAction?.Invoke(); try { //MSG msg; while (KeepRunning /*&& WinApi.GetMessage(out msg, IntPtr.Zero, 0, 0) != 0*/) { // When debugging, exit the dll when the debugging had stopped, this is not applicable for a release build #if DEBUG if (!Debugger.IsAttached && _debuggerHadBeenAttached) { KeepRunning = false; } if (Debugger.IsAttached && !_debuggerHadBeenAttached) { _debuggerHadBeenAttached = true; } #endif //WinApi.TranslateMessage(ref msg); //WinApi.DispatchMessage(ref msg); Thread.Sleep(500); } } catch (Exception ex) { // ignored } Core.Uninstall(); // Finalise cleanup of hooks LocalHook.Release(); }
/// <summary> /// Invoked inside of the VB6 executable. /// </summary> /// <param name="context"></param> /// <param name="channelName"></param> public void Run(RemoteHooking.IContext context, string channelName) { var messageBeep = LocalHook.Create( LocalHook.GetProcAddress(USER32_DLL, nameof(MessageBeep)), new DMessageBeep(MessageBeepHook), this); messageBeep.ThreadACL.SetExclusiveACL(new[] { 0 }); var coInitializeEx = LocalHook.Create( LocalHook.GetProcAddress(OLE32_DLL, nameof(CoInitializeEx)), new DCoInitializeEx(CoInitializeExHook), this); coInitializeEx.ThreadACL.SetExclusiveACL(new[] { 0 }); var exitProcess = LocalHook.Create( LocalHook.GetProcAddress(KERNEL32_DLL, nameof(ExitProcess)), new DExitProcess(ExitProcessHook), this); exitProcess.ThreadACL.SetExclusiveACL(new[] { 0 }); RemoteHooking.WakeUpProcess(); try { // wait for process exit while (true) { Thread.Sleep(500); executor.Ping(); } } catch { // server failed to respond } messageBeep.Dispose(); LocalHook.Release(); }
public unsafe void Run(RemoteHooking.IContext _, string __) { _server.LogInfo("Injection succedded..."); LocalHook?createRequestHook = null; LocalHook?getAdressInfoHook = null; try { _server.LogInfo("Installing hooks..."); createRequestHook = LocalHook.Create( LocalHook.GetProcAddress("libcef.dll", nameof(cef_urlrequest_create)), new cef_urlrequest_create_delegate(cef_urlrequest_create_hook), this); getAdressInfoHook = LocalHook.Create( LocalHook.GetProcAddress("WS2_32.dll", nameof(getaddrinfo)), new getaddrinfo_delegate(get_addr_info_hook), this); // activate hooks (exclude current thread) createRequestHook?.ThreadACL.SetExclusiveACL(new int[] { 0 }); getAdressInfoHook?.ThreadACL.SetExclusiveACL(new int[] { 0 }); _server.LogInfo("Hooks installed"); while (true) { Thread.Sleep(5000); _server.Ping(); } } catch (Exception e) { TryLogException(e); } finally { createRequestHook?.Dispose(); getAdressInfoHook?.Dispose(); LocalHook.Release(); } }
private void CleanupHooks() { try { foreach (var lh in LocalHooks) { lh?.Dispose(); } LocalHook.Release(); } catch (Exception ex) { try { SMA?.OnException(ex); } catch { // ignored } } }
public void Run(RemoteHooking.IContext context, string channelName) { _server.IsInstalled(RemoteHooking.GetCurrentProcessId()); var CreateProcessHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateProcessW"), new CreateProcessW_Delegate(CreateProcessW_Hooked), this); CreateProcessHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); _server.ReportMessage("CreateProcess hooks installed"); RemoteHooking.WakeUpProcess(); try { while (true) { } } catch { } CreateProcessHook.Dispose(); LocalHook.Release(); }
public void Run( RemoteHooking.IContext InContext, String InChannelName) { // install hook... try { antiGC.Add(LocalHook.Create( LocalHook.GetProcAddress("advapi32.dll", "CryptEncrypt"), new DCryptEncrypt(CryptEncrypt_Hooked), this)); antiGC.Last().ThreadACL.SetExclusiveACL(new Int32[] { 0 }); antiGC.Add(LocalHook.Create( LocalHook.GetProcAddress("advapi32.dll", "CryptDecrypt"), new DCryptDecrypt(CryptDecrypt_Hooked), this)); antiGC.Last().ThreadACL.SetExclusiveACL(new Int32[] { 0 }); antiGC.Add(LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "WSASend"), new DWSASend(WSASend_Hooked), this)); antiGC.Last().ThreadACL.SetExclusiveACL(new Int32[] { 0 }); antiGC.Add(LocalHook.Create( LocalHook.GetProcAddress("ws2_32.dll", "WSARecv"), new DWSARecv(WSARecv_Hooked), this)); antiGC.Last().ThreadACL.SetExclusiveACL(new Int32[] { 0 }); antiGC.Add(LocalHook.Create( LocalHook.GetProcAddress("Kernel32.dll", "WriteFile"), new DWriteFile(WriteFile_Hooked), this)); antiGC.Last().ThreadACL.SetExclusiveACL(new Int32[] { 0 }); } catch (Exception ExtInfo) { Interface.ReportException(ExtInfo); return; } Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); RemoteHooking.WakeUpProcess(); // wait for host process termination... try { while (true) { Thread.Sleep(500); try { var pck = Interface.PollInjectionQueue(); if (pck != null && ccpSock != IntPtr.Zero && lastHkey != IntPtr.Zero) { var exlen = 256; // Extra space for in place crypt + length header var wsabuf = Marshal.AllocHGlobal(pck.Length + exlen); IntPtr plen = Marshal.AllocHGlobal(4); Marshal.WriteInt32(plen, pck.Length); var wsaData = IntPtr.Add(wsabuf, 4); // Add space for length header Marshal.Copy(pck, 0, wsaData, pck.Length); CryptEncrypt(lastHkey, IntPtr.Zero, 1, 0, wsaData, plen, (uint)(pck.Length + exlen - 4)); var len = Marshal.ReadInt32(plen); Marshal.WriteInt32(wsabuf, Marshal.ReadInt32(plen)); // Wtf MS, no Marshal.Copy for IntPtr 2 IntPtr? int sent = send(ccpSock, wsabuf, len + 4, 0); Interface.log("Sent " + sent + " bytes"); Marshal.FreeHGlobal(plen); Marshal.FreeHGlobal(wsabuf); } } catch (Exception ExtInfo) { Interface.ReportException(ExtInfo); } Interface.Ping(); } } catch //(Exception ExtInfo) { //System.Windows.Forms.MessageBox.Show(ExtInfo.ToString()); // Ping() will raise an exception if host is unreachable } foreach (var o in antiGC) { o.Dispose(); } LocalHook.Release(); }