void MessageHandler_WndProc(ref Message m, ref bool Intercept)
{
if (HookTriggered == null)
{
return;
}
var InfoBoat = (COPYDATASTRUCT)Marshal.PtrToStructure(m.LParam, typeof(COPYDATASTRUCT));
var HookInfo = (AllHookMSG)Marshal.PtrToStructure(InfoBoat.lpData, typeof(AllHookMSG));
var time = new System.DateTime(1970, 1, 1).AddSeconds(HookInfo.Time).ToLocalTime().AddMilliseconds(HookInfo.MilliSecond);
var process = Process.GetProcessById((int)HookInfo.Process);
var PassData = new HookArguments();
PassData.lParam = HookInfo.lParam;
PassData.wParam = HookInfo.wParam;
PassData.nCode = HookInfo.nCode;
PassData.Process = process;
PassData.TimeStamp = time;
// Filter own copydata communication
if (HookInfo.HookType == (int)HookType.WH_CALLWNDPROC)
{
CWPSTRUCT IsWMCOPY = MarshalHelper.GetStructFromProcess <CWPSTRUCT>(process, PassData.lParam);
if (IsWMCOPY.message == (int)WindowsMessages.WM_COPYDATA)
{
return;
}
}
if (HookInfo.HookType == (int)HookType.WH_CALLWNDPROCRET)
{
CWPRETSTRUCT IsWMCOPY = MarshalHelper.GetStructFromProcess <CWPRETSTRUCT>(process, PassData.lParam);
if (IsWMCOPY.message == (int)WindowsMessages.WM_COPYDATA)
{
return;
}
}
HookTriggered(PassData, ref Intercept);
if (Intercept == true && HookType == System.Hooks.HookType.WH_GETMESSAGE)
{
var Returner = new WH_GETMESSAGE(PassData);
Returner.Message = Message.Create(Returner.Caller.MainWindowHandle, 0, IntPtr.Zero, IntPtr.Zero);
}
}
/// <summary>
/// Translates Winows message into usable format and extracts all information
/// </summary>
public WH_CALLWNDPROC(HookArguments Msg) : base(Msg)
{
if (Msg == null)
{
return;
}
this.Code = Msg.nCode;
this.wParam = Msg.wParam;
this.lParam = Msg.lParam;
this.Caller = Msg.Process;
this.Time = Msg.TimeStamp;
Attachment = MarshalHelper.GetStructFromProcess <CWPSTRUCT>(Caller, lParam);
}
public static T GetStructFromProcess <T>(Process Process, IntPtr Address) where T : struct
{
IntPtr ProcessHandle = OpenProcess(PROCESS_VM_READ, false, Process.Id);
int bytesrecieved = 0;
byte[] buffer = new byte[Marshal.SizeOf(typeof(T))];
bool Ok = ReadProcessMemory(ProcessHandle.ToInt32(), Address.ToInt32(), buffer, buffer.Length, ref bytesrecieved);
if (!Ok)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
return(MarshalHelper.DeserializeMsg <T>(buffer));
}
public static T WriteStructToProcess <T>(Process Process, IntPtr Address, T Data) where T : struct
{
IntPtr ProcessHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, false, Process.Id);
IntPtr byteswritten = IntPtr.Zero;
byte[] buffer = SerializeMessage <T>(Data);
bool Ok = WriteProcessMemory(ProcessHandle, Address, buffer, buffer.Length, out byteswritten);
if (!Ok)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
return(MarshalHelper.DeserializeMsg <T>(buffer));
}
/// <summary>
/// Translates Winows message into usable format and extracts all information
/// </summary>
public WH_GETMESSAGE(HookArguments Msg) : base(Msg)
{
if (Msg == null)
{
return;
}
this.Code = Msg.nCode;
this.wParam = Msg.wParam;
this.lParam = Msg.lParam;
this.Caller = Msg.Process;
this.Time = Msg.TimeStamp;
var message = MarshalHelper.GetStructFromProcess <MSG>(Caller, lParam);
_msg = Message.Create(message.hwnd, (int)message.message, message.wParam, message.lParam);
}
CREATESTRUCT getCreateStruct()
{
var CreateWindow = MarshalHelper.GetStructFromProcess <CREATEWND>(Caller, lParam);
return(MarshalHelper.GetStructFromProcess <CREATESTRUCT>(Caller, CreateWindow.lpcs));
}