Пример #1
0
        // this is where we are intercepting all file accesses!
        static IntPtr CreateFile_Hooked(
            String InFileName,
            UInt32 InDesiredAccess,
            UInt32 InShareMode,
            IntPtr InSecurityAttributes,
            UInt32 InCreationDisposition,
            UInt32 InFlagsAndAttributes,
            IntPtr InTemplateFile)
        {
            try
            {
                Main This = (Main)HookRuntimeInfo.Callback;

                lock (This.Queue)
                {
                    This.Queue.Push("[" + RemoteHooking.GetCurrentProcessId() + ":" +
                                    RemoteHooking.GetCurrentThreadId() + "]: \"" + InFileName + "\"");
                }
            }
            catch
            {
            }

            // call original API...
            return(CreateFile(
                       InFileName,
                       InDesiredAccess,
                       InShareMode,
                       InSecurityAttributes,
                       InCreationDisposition,
                       InFlagsAndAttributes,
                       InTemplateFile));
        }
Пример #2
0
        public Main(RemoteHooking.IContext InContext, string serverName)
        {
            mySendClientQueue     = new Queue <Packet>();
            mySendClientLock      = new object();
            mySendServerQueue     = new Queue <Packet>();
            mySendServerLock      = new object();
            myRecvFilter          = new PacketFilter();
            mySendFilter          = new PacketFilter();
            myRecvDelegate        = new dSendRecv(ReceiveHook);
            mySendDelegate        = new dSendRecv(SendHook);
            myPID                 = RemoteHooking.GetCurrentProcessId();
            myThreadID            = RemoteHooking.GetCurrentThreadId();
            myDateStamp           = GetDateStamp();
            myServerSendBuffer    = Marshal.AllocHGlobal(65536);
            myClientSendBuffer    = Marshal.AllocHGlobal(65536);
            myServerBufferAddress = BitConverter.GetBytes(myServerSendBuffer.ToInt32());
            myClientBufferAddress = BitConverter.GetBytes(myClientSendBuffer.ToInt32());

            myClientInstance = new ClientInstance(serverName, true);
            myClientInstance.SendCommand(Command.ClientID, myPID);
            myClientInstance.SendPacketEvent       += new dSendPacket(myClientInstance_sendPacketEvent);
            myClientInstance.PingEvent             += new dPing(myClientInstance_pingEvent);
            myClientInstance.AddRecvFilterEvent    += new dAddRecvFilter(myClientInstance_addRecvFilterEvent);
            myClientInstance.AddSendFilterEvent    += new dAddSendFilter(myClientInstance_addSendFilterEvent);
            myClientInstance.RemoveRecvFilterEvent += new dRemoveRecvFilter(myClientInstance_removeRecvFilterEvent);
            myClientInstance.RemoveSendFilterEvent += new dRemoveSendFilter(myClientInstance_removeSendFilterEvent);
            myClientInstance.ClearRecvFilterEvent  += new dClearRecvFilter(myClientInstance_clearRecvFilterEvent);
            myClientInstance.ClearSendFilterEvent  += new dClearSendFilter(myClientInstance_clearSendFilterEvent);

            myClientInstance.SendCommand(Command.Message, "ClientHook Main()");
        }
Пример #3
0
        public void Run(RemoteHooking.IContext context,
                        string channelName,
                        SoftwallRule[] softwallRules)
        {
            try
            {
                swapBuffersHook = LocalHook.Create(
                    LocalHook.GetProcAddress(gdiDll, "SwapBuffers"),
                    new SwapBuffersHandler(OnSwapBuffers),
                    this);
                mallocHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "malloc"),
                    new MallocHandler(OnMalloc),
                    this);
                callocHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "calloc"),
                    new CallocHandler(OnCalloc),
                    this);
                reallocHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "realloc"),
                    new ReallocHandler(OnRealloc),
                    this);
                freeHook = LocalHook.Create(
                    LocalHook.GetProcAddress(vcrDll, "free"),
                    new FreeHandler(OnFree),
                    this);

                Int32[] excludedThreads = new Int32[] { RemoteHooking.GetCurrentThreadId() };
                foreach (LocalHook hook in new LocalHook[] { swapBuffersHook, mallocHook, callocHook, reallocHook, freeHook })
                {
                    hook.ThreadACL.SetExclusiveACL(excludedThreads);
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }

            RemoteHooking.WakeUpProcess();

            int myPid = RemoteHooking.GetCurrentProcessId();

            try
            {
                manager.Ping(myPid);

                while (true)
                {
                    Thread.Sleep(500);
                    ProcessAllocations();
                    manager.Ping(myPid);
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("Exception: " + ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }

            MessageBox.Show("Terminating", "oHeapAgent", MessageBoxButtons.OK, MessageBoxIcon.Information);
        }
Пример #4
0
        static IntPtr StgCreateStorageEx_Hooked([MarshalAs(UnmanagedType.LPWStr)][In]  string pwcsName, [In] STGM grfMode,
                                                [In] STGFMT stgfmt, [In] FileFlagsAndAttributes grfAttrs, [In] IntPtr pStgOptions, [In] IntPtr pSecurityDescriptor, [In][MarshalAs(UnmanagedType.LPStruct)] Guid riid,
                                                [Out][MarshalAs(UnmanagedType.IUnknown, IidParameterIndex = 6)] out object ppObjectOpen)
        {
            try
            {
                Main This = (Main)HookRuntimeInfo.Callback;

                lock (This.Queue)
                {
                    This.Interface.OnCreateFile(RemoteHooking.GetCurrentThreadId(), new[] { pwcsName });

                    /*This.Queue.Push("[" + RemoteHooking.GetCurrentProcessId() + ":" +
                     *  RemoteHooking.GetCurrentThreadId() + "]: \"" + InFileName + "\"");
                     * InFileName = InFileName.Replace("C", "D");*/
                }
            }
            catch
            {
            }

            return(StgCreateStorageEx(
                       pwcsName, grfMode, stgfmt, grfAttrs,
                       pStgOptions, pSecurityDescriptor,
                       riid,
                       out ppObjectOpen));
        }
Пример #5
0
        public void Run(
            RemoteHooking.IContext InContext,
            String InChannelName)
        {
            // install hook...
            try
            {
                /*  CreateFileHook = LocalHook.Create(
                 *    LocalHook.GetProcAddress("kernel32.dll", "MoveFileExW"),
                 *    new HookStgCreateStorageEx(StgCreateStorageEx_Hooked),
                 *    this);*/
                CreateFileHook = LocalHook.Create(
                    LocalHook.GetProcAddress("ole32.dll", "StgCreateStorageEx"),
                    new HookStgCreateStorageEx(StgCreateStorageEx_Hooked),
                    this);
                CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
            }
            catch (Exception ExtInfo)
            {
                Interface.ReportException(ExtInfo);

                return;
            }

            Interface.IsInstalled(RemoteHooking.GetCurrentThreadId());

            RemoteHooking.WakeUpProcess();
            // wait for host process termination...
            try
            {
                while (true)
                {
                    Thread.Sleep(500);

                    // transmit newly monitored file accesses...
                    if (Queue.Count > 0)
                    {
                        String[] Package = null;

                        lock (Queue)
                        {
                            Package = Queue.ToArray();

                            Queue.Clear();
                        }

                        //  Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
                    }
                    else
                    {
                        //  Interface.Ping(RemoteHooking.GetCurrentThreadId());
                    }
                }
            }
            catch
            {
                // Ping() will raise an exception if host is unreachable
            }
        }
Пример #6
0
        public static String FormatMessage(DateTime time, String api, String msg)
        {
            //[TIME][PID:TID]:"API":"MSG"
            String str = "[" + time.ToString() + "][" + RemoteHooking.GetCurrentProcessId() + ":" +
                         RemoteHooking.GetCurrentThreadId() + "]: \"" + api + "\":\"" +
                         msg + "\"";

            return(str);
        }
Пример #7
0
        /// <summary>
        /// Create new TransferUnit and fill out process Id and thread Id fields
        /// </summary>
        /// <returns>new transfer unit</returns>
        protected TransferUnit createTransferUnit()
        {
            TransferUnit t = new TransferUnit();

            t.PID         = RemoteHooking.GetCurrentProcessId();
            t.TID         = RemoteHooking.GetCurrentThreadId();
            t.apiCallName = api_full_name;
            lock (hook_sequence_number_sync) {
                t.Hook_sequence_number = hook_sequence_number++;
            }
            return(t);
        }
Пример #8
0
        // this is where we are intercepting all file accesses!
        static Int32 send_Hooked(Int32 s, String buf, Int32 len, Int32 flags)
        {
            try
            {
                Main This = (Main)HookRuntimeInfo.Callback;

                lock (This.Queue)
                {
                    This.Queue.Push("[" + RemoteHooking.GetCurrentProcessId() + ":" +
                                    RemoteHooking.GetCurrentThreadId() + "]: \"" + buf + "\"");
                }
            }
            catch
            {
            }

            // call original API...
            return(send(s, buf, len, flags));
        }
Пример #9
0
 public override void NotifyMethodHooked(params Tuple <string, object>[] args)
 {
     lock (Queue)
     {
         var message = "";
         foreach (var tuple in args)
         {
             if (!string.IsNullOrEmpty(message))
             {
                 message += ", ";
             }
             message += $"{tuple.Item1}={tuple.Item2}";
         }
         Queue.Push(
             $"{GetType().FullName}-[{RemoteHooking.GetCurrentProcessId()}:{RemoteHooking.GetCurrentThreadId()}]: \"{message}\"");
     }
     if (NotifyImmedialety)
     {
         SignalMethodHooked();
     }
 }
Пример #10
0
        public Main(RemoteHooking.IContext InContext, string serverName)
        {
            mySocketReady         = false;
            myRecvFilter          = new bool[256];
            mySendFilter          = new bool[256];
            mySocket              = 0;
            myRecvDelegate        = new dSendRecv(ReceiveHook);
            mySendDelegate        = new dSendRecv(SendHook);
            mySocketDelegate      = new dSocket(SocketHook);
            myCloseSocketDelegate = new dCloseSocket(SocketCloseHook);
            myClientSendLock      = new object();
            myPID       = RemoteHooking.GetCurrentProcessId();
            myThreadID  = RemoteHooking.GetCurrentThreadId();
            myDateStamp = GetDateStamp();
            if (myDateStamp >= 1183740939)
            {
                myNewStylePackets = true;
            }
            else
            {
                myNewStylePackets = false;
            }
            myServerSendBuffer    = Marshal.AllocHGlobal(65536);
            myClientSendBuffer    = Marshal.AllocHGlobal(65536);
            myServerBufferAddress = BitConverter.GetBytes(myServerSendBuffer.ToInt32());
            myClientBufferAddress = BitConverter.GetBytes(myClientSendBuffer.ToInt32());

            myClientInstance = new ClientInstance(serverName, true);
            myClientInstance.SendCommand(Command.ClientID, myPID);
            myClientInstance.SendPacketEvent       += new dSendPacket(myClientInstance_sendPacketEvent);
            myClientInstance.PingEvent             += new dPing(myClientInstance_pingEvent);
            myClientInstance.AddRecvFilterEvent    += new dAddRecvFilter(myClientInstance_addRecvFilterEvent);
            myClientInstance.AddSendFilterEvent    += new dAddSendFilter(myClientInstance_addSendFilterEvent);
            myClientInstance.RemoveRecvFilterEvent += new dRemoveRecvFilter(myClientInstance_removeRecvFilterEvent);
            myClientInstance.RemoveSendFilterEvent += new dRemoveSendFilter(myClientInstance_removeSendFilterEvent);
            myClientInstance.ClearRecvFilterEvent  += new dClearRecvFilter(myClientInstance_clearRecvFilterEvent);
            myClientInstance.ClearSendFilterEvent  += new dClearSendFilter(myClientInstance_clearSendFilterEvent);
            BuildDefaultPacketFilters();
        }
Пример #11
0
        public void Run(RemoteHooking.IContext context, RuntimeParams parms)
        {
            System.Threading.Thread.CurrentThread.CurrentCulture = new System.Globalization.CultureInfo("en-US", false);
            try {
                RuntimeProfile profile;
                using (var fs = new FileStream(parms.ProfileFile, FileMode.Open))
                {
                    profile = Iros._7th.Util.DeserializeBinary <RuntimeProfile>(fs);
                }

                File.Delete(parms.ProfileFile);

                if (!String.IsNullOrWhiteSpace(profile.LogFile))
                {
                    try {
                        try { File.Delete(profile.LogFile); } catch { } // ensure old log is deleted since new run

                        DebugLogger.Init(profile.LogFile);
                        DebugLogger.IsDetailedLogging = profile.Options.HasFlag(RuntimeOptions.DetailedLog);

                        DebugLogger.WriteLine("Logging debug output to " + profile.LogFile);
                    } catch (Exception ex) {
                        DebugLogger.WriteLine("Failed to log debug output: " + ex.ToString());
                    }
                }

                DebugLogger.WriteLine($"Wrap run... Host: {context.HostPID}  PID: {RemoteHooking.GetCurrentProcessId()}  TID: {RemoteHooking.GetCurrentThreadId()}   Path: {profile.ModPath}  Capture: {String.Join(", ", profile.MonitorPaths)}");
                //_overrides = new Overrides(basepath);
                _profile = profile;
                for (int i = _profile.MonitorPaths.Count - 1; i >= 0; i--)
                {
                    if (!_profile.MonitorPaths[i].EndsWith(System.IO.Path.DirectorySeparatorChar.ToString()))
                    {
                        _profile.MonitorPaths[i] += System.IO.Path.DirectorySeparatorChar;
                    }
                    if (String.IsNullOrWhiteSpace(_profile.MonitorPaths[i]))
                    {
                        _profile.MonitorPaths.RemoveAt(i);
                    }
                }

                foreach (var item in profile.Mods)
                {
                    DebugLogger.WriteLine($"  Mod: {item.BaseFolder} has {item.Conditionals.Count} conditionals");
                    DebugLogger.WriteLine("     Additional paths: " + String.Join(", ", item.ExtraFolders));
                    item.Startup();
                }

                _hCreateFileW = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new DCreateFile(HCreateFileW), this);
                _hCreateFileW.ThreadACL.SetExclusiveACL(new[] { 0 });

                //_hCreateFileA = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateFileA"), new DCreateFileA(HCreateFileA), this);
                //_hCreateFileA.ThreadACL.SetExclusiveACL(new[] { 0 });

                //int init = Init7W();
                //_hReadFile = LocalHook.CreateUnmanaged(LocalHook.GetProcAddress("kernel32.dll", "ReadFile"), LocalHook.GetProcAddress("7thWrapperNLib.dll", "ReadFile7W"), IntPtr.Zero);
                _hReadFile = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "ReadFile"), new DReadFile(HReadFile), this);
                _hReadFile.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hWriteFile = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "WriteFile"), new DWriteFile(HWriteFile), this);
                _hWriteFile.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hFindFirstFile = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "FindFirstFileW"), new DFindFirstFileW(HFindFirstFile), this);
                _hFindFirstFile.ThreadACL.SetExclusiveACL(new[] { 0 });

                //_hFindFirstFileA = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "FindFirstFileA"), new DFindFirstFileA(HFindFirstFileA), this);
                //_hFindFirstFile.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hSetFilePointer = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "SetFilePointer"), new DSetFilePointer(HSetFilePointer), this);
                _hSetFilePointer.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hSetFilePointerEx = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "SetFilePointerEx"), new DSetFilePointerEx(HSetFilePointerEx), this);
                _hSetFilePointerEx.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hCloseHandle = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CloseHandle"), new DCloseHandle(HCloseHandle), this);
                _hCloseHandle.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hGetFileType = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "GetFileType"), new DGetFileType(HGetFileType), this);
                _hGetFileType.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hGetFileInformationByHandle = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "GetFileInformationByHandle"), new DGetFileInformationByHandle(HGetFileInformationByHandle), this);
                _hGetFileInformationByHandle.ThreadACL.SetExclusiveACL(new[] { 0 });

                //_hReadFileEx = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "ReadFileEx"), new DReadFileEx(HReadFileEx), this);
                //_hReadFileEx.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hDuplicateHandle = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "DuplicateHandle"), new DDuplicateHandle(HDuplicateHandle), this);
                _hDuplicateHandle.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hCreateProcessW = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "CreateProcessW"), new DCreateProcessW(HCreateProcessW), this);
                _hCreateProcessW.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hGetFileSize = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "GetFileSize"), new DGetFileSize(HGetFileSize), this);
                _hGetFileSize.ThreadACL.SetExclusiveACL(new[] { 0 });

                _hGetFileSizeEx = LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll", "GetFileSizeEx"), new DGetFileSizeEx(HGetFileSizeEx), this);
                _hGetFileSizeEx.ThreadACL.SetExclusiveACL(new[] { 0 });

                if (profile.MonitorVars != null)
                {
                    new System.Threading.Thread(MonitorThread)
                    {
                        IsBackground = true
                    }
                }
                .Start(profile);
                //System.Threading.Thread.Sleep(10000);
                RemoteHooking.WakeUpProcess();

                System.Threading.Thread.Sleep(1000);
                foreach (string LL in profile.Mods.SelectMany(m => m.GetLoadLibraries()))
                {
                    DebugLogger.WriteLine($"Loading library DLL {LL}");
                    LoadLibrary(LL);
                }
                foreach (var mod in profile.Mods)
                {
                    foreach (string LA in mod.GetLoadAssemblies())
                    {
                        DebugLogger.WriteLine($"Loading assembly DLL {LA}");
                        var asm = System.Reflection.Assembly.LoadFrom(LA);
                        try {
                            string path = mod.BaseFolder;
                            asm.GetType("_7thHeaven.Main")
                            .GetMethod("Init", new[] { typeof(RuntimeMod) })
                            .Invoke(null, new object[] { mod });
                        } catch { }
                    }
                }

                foreach (var mod in profile.Mods)
                {
                    foreach (string file in mod.GetPathOverrideNames("hext"))
                    {
                        foreach (var of in mod.GetOverrides("hext\\" + file))
                        {
                            System.IO.Stream s;
                            if (of.Archive == null)
                            {
                                s = new System.IO.FileStream(of.File, FileMode.Open, FileAccess.Read);
                            }
                            else
                            {
                                s = of.Archive.GetData(of.File);
                            }
                            DebugLogger.WriteLine($"Applying hext patch {file} from mod {mod.BaseFolder}");
                            try {
                                HexPatch.Apply(s);
                            } catch (Exception ex) {
                                DebugLogger.WriteLine("Error applying patch: " + ex.Message);
                            }
                        }
                    }
                }
            } catch (Exception e) {
Пример #12
0
        // this is where we are intercepting all file accesses!
        static int InterceptDNS_Hooked(
            [In] string nodename,
            [In] string servicename,
            [In] ref AddressInfoW hints,
            [Out] out IntPtr ptrResults
            )
        {
            int result_status = 0;

            try
            {
                Main This = (Main)HookRuntimeInfo.Callback;

                lock (Queue1)
                {
                    Queue1.Push("[" + RemoteHooking.GetCurrentProcessId() + ":" +
                                RemoteHooking.GetCurrentThreadId() + "]: \"" + nodename + "\"");
                }
            }
            catch
            {
            }

            // call original API or our custom DNS lookup

            if (nodename != "")
            {
                // LogMessage("InterceptDNS_Hooked: nodename: " + nodename + ".");
                // UseCustomDNSForDomain is "all" or a domain like ".abc" with a leading dot.
                // App settings aren't seen here, so hardwired:
                string UseCustomDNSForDomain = ".altnet";
                if (UseCustomDNSForDomain.Equals("all"))
                {
                    result_status = AltNetGetAddrInfoW(
                        nodename,
                        servicename,
                        ref hints,
                        out ptrResults);
                    return(result_status);
                }
                else if (nodename.IndexOf(UseCustomDNSForDomain) == nodename.Length - UseCustomDNSForDomain.Length)
                {
                    // LogMessage("===START ALTNET DOMAIN LOOKUP==================");
                    LogMessage(nodename + " will use custom DNS lookup.");

                    // .altnet domain, do our own lookup.
                    // The results crash Firefox, but not if set to IntPtr.Zero ...

                    result_status = AltNetGetAddrInfoW(
                        nodename,
                        servicename,
                        ref hints,
                        out ptrResults);
                    return(result_status);
                }
                else
                {
                    result_status = GetAddrInfoW(
                        nodename,
                        servicename,
                        ref hints,
                        out ptrResults);
                    return(result_status);
                }
            }
            else
            {
                LogMessage("InterceptDNS_Hooked: nodename is empty.");
                result_status = GetAddrInfoW(
                    nodename,
                    servicename,
                    ref hints,
                    out ptrResults);
                return(result_status);
            }
        }
        private int getDateFormatWInterceptor(
            uint locale,
            uint dwFlags,
            SystemTime lpDate,
            string lpFormat,
            StringBuilder lpDateStr,
            int sbSize)
        {
            try
            {
                if (_interface != null)
                {
                    _interface.Converted();
                }

                return(DateFormatInterceptor.ModifyDateFormat(locale, dwFlags, lpDate, lpFormat, lpDateStr, sbSize));
            }
            catch (Exception ex)
            {
                if (_interface != null)
                {
                    _interface.ReportException(ex);
                }
                if (_interface != null && lpDate != null)
                {
                    _interface.SendMessage(string.Format("GetDateFormatW ->locale:{0}, dwFlags:{1}, lpFormat:{2}, sbSize:{3}, lpDate.Year:{4}, lpDate.Month:{5}, lpDate.Day:{6} lpDate.Minute:{7}, lpDateStr:{8}, CurrentProcessId:{9}, CurrentThreadId:{10}",
                                                         locale, dwFlags, lpFormat, sbSize, lpDate.Year, lpDate.Month,
                                                         lpDate.Day, lpDate.Minute, lpDateStr, RemoteHooking.GetCurrentProcessId(), RemoteHooking.GetCurrentThreadId()));
                }
                // call the original API...
                return(NativeMethods.GetDateFormatW(locale, dwFlags, lpDate, lpFormat, lpDateStr, sbSize));
            }
        }
Пример #14
0
        bool CreateProcessW_Hooked([MarshalAsAttribute(UnmanagedType.LPWStr)] string lpApplicationName, IntPtr lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, [MarshalAsAttribute(UnmanagedType.Bool)] bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAsAttribute(UnmanagedType.LPWStr)] string lpCurrentDirectory, ref STARTUPINFOW lpStartupInfo, [OutAttribute()] out PROCESS_INFORMATION lpProcessInformation)
        {
            bool result = false;

            result = CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, ref lpStartupInfo, out lpProcessInformation);

            try
            {
                _server.ReportMessage(string.Format("[{0}:{1}]: CreateProcess ({2} created name) \"{3}\"",
                                                    RemoteHooking.GetCurrentProcessId(), RemoteHooking.GetCurrentThreadId()
                                                    , lpApplicationName, lpStartupInfo.wShowWindow));
            }
            catch
            {
            }

            return(result);
        }
Пример #15
0
        IntPtr CreateFile_Hook(
            string fileName,
            UInt32 desiredAccess,
            UInt32 shareMode,
            IntPtr securityAttributes,
            UInt32 creationDisposition,
            UInt32 flagsAndAttributes,
            IntPtr templateFile)
        {
            try
            {
                lock (_messageQueue)
                {
                    if (_messageQueue.Count < 1000)
                    {
                        var mode = string.Empty;
                        switch (creationDisposition)
                        {
                        case 1:
                            mode = "CREATE_NEW";
                            break;

                        case 2:
                            mode = "CREATE_ALWAYS";
                            break;

                        case 3:
                            mode = "OPEN_ALWAYS";
                            break;

                        case 4:
                            mode = "OPEN_EXISTING";
                            break;

                        case 5:
                            mode = "TRUNCATE_EXISTING";
                            break;
                        }

                        // Add message to send to loader
                        _messageQueue.Enqueue(
                            string.Format("[{0}:{1}]: CREATE ({2}) \"{3}\"",
                                          RemoteHooking.GetCurrentProcessId(), RemoteHooking.GetCurrentThreadId(),
                                          mode, fileName));
                    }
                }
            }
            catch
            {
                // Swallow exceptions so that any issues caused by this code does not crash the target process.
            }

            // Modify filename IF the file is in the songs folder
            if (fileName.Contains(@"\Songs\") && (fileName.Contains(".png") || fileName.Contains(".jpg") || fileName.Contains(".jpeg")))
            {
                if (!string.IsNullOrEmpty(Interface.BackgroundImage))
                {
                    //_messageQueue.Enqueue("Changed BG for beatmap!");
                    var bg = fileName.Split('\\').Last();
                    Interface.ReportMessage("Changed beatmap background '" + bg + "'");
                    fileName = Interface.BackgroundImage;
                }
            }

            return(CreateFileW(
                       fileName,
                       desiredAccess,
                       shareMode,
                       securityAttributes,
                       creationDisposition,
                       flagsAndAttributes,
                       templateFile
                       ));
        }