private static void DoAccessLogging(IHookHolderAndCallback injection, IntPtr ObjectAttributes)
{
try
{
OBJECT_ATTRIBUTES oa = (OBJECT_ATTRIBUTES)Marshal.PtrToStructure(ObjectAttributes, typeof(OBJECT_ATTRIBUTES));
string lpFileName = GetFileName(oa);
DoAccessLogging(injection, lpFileName);
}
catch { }
}
// This function is exception-safe and does not throw any exceptions
internal static void DefaultLogging(IHookHolderAndCallback hhac, FunctionIdentity identity,
string format, params object[] args)
{
try
{
DebugLogger.WriteLine(Thread.CurrentThread.ManagedThreadId.ToString("D2") + " " +
identity.Function + " " + format, args);
}
catch (Exception) { }
}
private static void DoAccessLogging(IHookHolderAndCallback injection, string lpFileName)
{
try
{
FileAccessLogger fileAccessLogger = ((Injection)injection).FileAccessLogger;
if (fileAccessLogger != null)
{
fileAccessLogger.FileAccessed(lpFileName);
}
}
catch { }
}
/// <summary>Installs hook and associates it with the specified injection object
/// returns object which needs to be kept alive to keep hook installed.</summary>
internal LocalHook Install(IHookHolderAndCallback hhac)
{
LocalHook result = LocalHook.Create(LocalHook.GetProcAddress(identity_.Dll, identity_.Function),
hookHandler_, hhac);
// Don't forget that all hooks will start deactivated...
// The following ensures that all threads are intercepted:
// by default we exclude _no_ threads (empty array).
int[] ACL = new int[] { };
if (hookCategory_ != Win32Api.CATEGORY_REGISTRY)
{
ACL = threadsWithRegistryHooksOnly_.ToArray();
}
result.ThreadACL.SetExclusiveACL(ACL);
return(result);
}
internal ReturnType Call()
{
try
{
hhac_ = (IHookHolderAndCallback)HookRuntimeInfo.Callback;
using (hb_ = new HookBarrier(
hhac_.LookUp(HookRuntimeInfo.Handle)))
{
try
{
if (!hb_.Injected || LOGGING_ONLY)
{
return(CallNative());
}
if (LOG_BEGIN)
{
Logging("Begin");
}
if (hb_.CurrentFunc.HookCategory == Win32Api.CATEGORY_REGISTRY)
{
registryCalls_++;
}
ReturnType result = operation_(this);
uint errorCode = Win32Api.GetLastError();
Logging(String.Format("{0} Result: {1} LastError: {2}", format_, result, errorCode));
Win32Api.SetLastError(errorCode);
return(result);
}
catch (Win32Exception re)
{
Logging(format_ + " RegistryException: " + re.ErrorCode.ToString());
return(errorHandler_(re.ErrorCode));
}
catch (Exception ex)
{
Logging(format_ + " Exception: " + ex.ToString());
return(errorHandler_((int)Win32Api.Error.ERROR_ACCESS_DENIED));
}
}
}
catch
{
return(errorHandler_((int)Win32Api.Error.ERROR_ACCESS_DENIED));
}
}
/// <summary>
/// Install hooks associated with the injection object. This means that injection object
/// will be passed as the <see cref="HookRuntimeInfo.Callback"/> into each hook call.
/// </summary>
public InstalledHooks(IHookHolderAndCallback hookHolderAndCallback, Hooks funcs)
{
foreach (Hook hf in funcs.List)
{
// We must save refence to LocalHook object otherwise garbage collector destroys the object.
try
{
dict_.Add(hf.Install(hookHolderAndCallback), hf);
}
// We ignore errors if hook installation failed - assuming this function
// does not exist on the current OS
catch (MissingMethodException)
{ }
// Same thing about dlls which do not exist under some OSes like kernelbase.dll
catch (DllNotFoundException)
{ }
}
}
internal static void NoLogging(IHookHolderAndCallback hhac, FunctionIdentity identity,
string format, params object[] args)
{
}