示例#1
0
 private static void DoAccessLogging(IHookHolderAndCallback injection, IntPtr ObjectAttributes)
 {
     try
     {
         OBJECT_ATTRIBUTES oa         = (OBJECT_ATTRIBUTES)Marshal.PtrToStructure(ObjectAttributes, typeof(OBJECT_ATTRIBUTES));
         string            lpFileName = GetFileName(oa);
         DoAccessLogging(injection, lpFileName);
     }
     catch { }
 }
示例#2
0
 // This function is exception-safe and does not throw any exceptions
 internal static void DefaultLogging(IHookHolderAndCallback hhac, FunctionIdentity identity,
                                     string format, params object[] args)
 {
     try
     {
         DebugLogger.WriteLine(Thread.CurrentThread.ManagedThreadId.ToString("D2") + " " +
                               identity.Function + " " + format, args);
     }
     catch (Exception) { }
 }
示例#3
0
 private static void DoAccessLogging(IHookHolderAndCallback injection, string lpFileName)
 {
     try
     {
         FileAccessLogger fileAccessLogger = ((Injection)injection).FileAccessLogger;
         if (fileAccessLogger != null)
         {
             fileAccessLogger.FileAccessed(lpFileName);
         }
     }
     catch { }
 }
示例#4
0
        /// <summary>Installs hook and associates it with the specified injection object
        /// returns object which needs to be kept alive to keep hook installed.</summary>
        internal LocalHook Install(IHookHolderAndCallback hhac)
        {
            LocalHook result = LocalHook.Create(LocalHook.GetProcAddress(identity_.Dll, identity_.Function),
                                                hookHandler_, hhac);

            // Don't forget that all hooks will start deactivated...
            // The following ensures that all threads are intercepted:
            // by default we exclude _no_ threads (empty array).
            int[] ACL = new int[] { };
            if (hookCategory_ != Win32Api.CATEGORY_REGISTRY)
            {
                ACL = threadsWithRegistryHooksOnly_.ToArray();
            }
            result.ThreadACL.SetExclusiveACL(ACL);
            return(result);
        }
示例#5
0
        internal ReturnType Call()
        {
            try
            {
                hhac_ = (IHookHolderAndCallback)HookRuntimeInfo.Callback;

                using (hb_ = new HookBarrier(
                           hhac_.LookUp(HookRuntimeInfo.Handle)))
                {
                    try
                    {
                        if (!hb_.Injected || LOGGING_ONLY)
                        {
                            return(CallNative());
                        }

                        if (LOG_BEGIN)
                        {
                            Logging("Begin");
                        }
                        if (hb_.CurrentFunc.HookCategory == Win32Api.CATEGORY_REGISTRY)
                        {
                            registryCalls_++;
                        }
                        ReturnType result    = operation_(this);
                        uint       errorCode = Win32Api.GetLastError();
                        Logging(String.Format("{0} Result: {1} LastError: {2}", format_, result, errorCode));
                        Win32Api.SetLastError(errorCode);
                        return(result);
                    }
                    catch (Win32Exception re)
                    {
                        Logging(format_ + " RegistryException: " + re.ErrorCode.ToString());
                        return(errorHandler_(re.ErrorCode));
                    }
                    catch (Exception ex)
                    {
                        Logging(format_ + " Exception: " + ex.ToString());
                        return(errorHandler_((int)Win32Api.Error.ERROR_ACCESS_DENIED));
                    }
                }
            }
            catch
            {
                return(errorHandler_((int)Win32Api.Error.ERROR_ACCESS_DENIED));
            }
        }
示例#6
0
 /// <summary>
 /// Install hooks associated with the injection object. This means that injection object
 /// will be passed as the <see cref="HookRuntimeInfo.Callback"/> into each hook call.
 /// </summary>
 public InstalledHooks(IHookHolderAndCallback hookHolderAndCallback, Hooks funcs)
 {
     foreach (Hook hf in funcs.List)
     {
         // We must save refence to LocalHook object otherwise garbage collector destroys the object.
         try
         {
             dict_.Add(hf.Install(hookHolderAndCallback), hf);
         }
         // We ignore errors if hook installation failed - assuming this function
         // does not exist on the current OS
         catch (MissingMethodException)
         { }
         // Same thing about dlls which do not exist under some OSes like kernelbase.dll
         catch (DllNotFoundException)
         { }
     }
 }
示例#7
0
 internal static void NoLogging(IHookHolderAndCallback hhac, FunctionIdentity identity,
                                string format, params object[] args)
 {
 }