public FormInterface()
{
InitializeComponent();
UI = this;
//Initialize process creation watcher
procWatcher = new ProcessWatcher();
}
public HookManager(NktProcess process)
{
this.process = process;
this.ID = process.Id;
this.UI = FormInterface.GetInstance();
this.pw = ProcessWatcher.GetInstance();
intelligence = new IntelliMod(process);
}
private void WhitelistManager_FormClosed(object sender, FormClosedEventArgs e)
{
FormInterface.GetInstance().whiteListButton.Enabled = true;
}
//Installs the required hooks
public void InstallHooks()
{
try
{
Debug.WriteLine("Installing hooks in " + process.Name);
//Install each function hook
InstallFunctionHook("advapi32.dll!RegCreateKeyExA");
InstallFunctionHook("advapi32.dll!RegCreateKeyExW");
InstallFunctionHook("advapi32.dll!CryptAcquireContextA");
InstallFunctionHook("advapi32.dll!CryptAcquireContextW");
InstallFunctionHook("advapi32.dll!CryptImportKey");
InstallFunctionHook("advapi32.dll!CryptGenKey");
InstallFunctionHook("advapi32.dll!CryptEncrypt");
InstallFunctionHook("advapi32.dll!CryptExportKey");
InstallFunctionHook("advapi32.dll!CryptDestroyKey");
InstallFunctionHook("kernel32.dll!GetComputerNameA");
InstallFunctionHook("kernel32.dll!GetComputerNameW");
InstallFunctionHook("kernel32.dll!GetComputerNameExA");
InstallFunctionHook("kernel32.dll!GetComputerNameExW");
InstallFunctionHook("kernel32.dll!SuspendThread");
InstallFunctionHook("kernel32.dll!CreateRemoteThread");
InstallFunctionHook("kernel32.dll!CreateRemoteThreadEx");
InstallFunctionHook("kernel32.dll!CreateFileA");
InstallFunctionHook("kernel32.dll!CreateFileW");
InstallFunctionHook("kernel32.dll!FindFirstFileA");
InstallFunctionHook("kernel32.dll!FindFirstFileW");
InstallFunctionHook("kernel32.dll!FindFirstFileExA");
InstallFunctionHook("kernel32.dll!FindFirstFileExW");
//Consider adding WriteFileEx
InstallFunctionHook("kernel32.dll!WriteFile");
InstallFunctionHook("kernel32.dll!DeleteFileA");
InstallFunctionHook("kernel32.dll!DeleteFileW");
InstallFunctionHook("kernel32.dll!WinExec");
InstallFunctionHook("kernel32.dll!CreateProcessA");
InstallFunctionHook("kernel32.dll!CreateProcessW");
//Display the new process on the UI
string text = process.Name + ' ' + process.PlatformBits;
string[] row = { process.Id.ToString() };
FormInterface.listViewAddItemRange(UI.processListView, text, row, process.Id.ToString());
Debug.WriteLine("Success");
}
catch (NullReferenceException)
{
Debug.WriteLine("Hooking failed: Process no longer exists");
}
}