private void AddProcessBeingHookedWithoutConfirmation(IRunningProcess aProcess) { lock (_processesBeingHookedLock) { _processesBeingHookedWithoutConfirmation.Add(aProcess); } }
private void RemoveProcessBeingHookedWithoutConfirmation(IRunningProcess aProcess) { lock (_processesBeingHookedLock) { _processesBeingHookedWithoutConfirmation.Remove(aProcess); } }
//private EntityDictionary<IRunningProcess, int, Module[]> _modulesCache; public IEnumerable <Module> HookableModulesFor(IRunningProcess aProcess) { //if (_modulesCache == null) //{ // _modulesCache = new EntityDictionary<IRunningProcess, int, Module[]>(process => process.Id, // process => // { // var nktProcess = NktProcessFrom(aProcess); // return nktProcess.Modules().CollectAll().Select(module => Module.From(module, aProcess, this)).ToArray(); // } //); //} //return _modulesCache.ValueOrInitialize(aProcess); IEnumerable <Module> modules; try { var nktProcess = NktProcessFrom(aProcess); modules = nktProcess.Modules().CollectAll().Select(module => Module.From(module, aProcess, this)).ToArray(); } catch { modules = Enumerable.Empty <Module>(); } return(modules); }
public Hook[] HooksFor(IRunningProcess aProcess) { lock (_syncLock) { return(_hooks.ValueOrInitialize(aProcess).ToArray()); } }
public bool IsHooked(IRunningProcess aProcess) { lock (_syncLock) { return(_hooks.ValueOrInitialize(aProcess).Count > 0); } }
public Hook AddHook(IRunningProcess aProcess, Module aModule, Function aFunction) { var ntkProcess = NktProcessFrom(aProcess); if (ntkProcess == null) { return(null); } if (!aProcess.IsAlive()) { return(null); } var nktModule = ntkProcess.ModuleByName(aModule.Name); if (nktModule == null) { return(null); } var nktFunction = nktModule.FunctionByName(aFunction.Name); if (nktFunction == null) { return(null); } var nktHook = _manager.CreateHook(nktFunction, 0); nktHook.Hook(true); nktHook.Attach(ntkProcess, true); return(CreateConsoleHookFrom(nktHook)); }
public void DisplaySelectedProcessesModulesIfWasAdded(IRunningProcess aProcess) { if (_selectedProcesses.Contains(aProcess)) { DisplaySelectedProcessesModulesKeepingSelection(); } }
public bool IsHooked(IRunningProcess aProcess) { lock(_syncLock) { return _hooks.ValueOrInitialize(aProcess).Count > 0; } }
private void HookStateChangedHandler(Hook hook, IRunningProcess aProcess, eNktHookState previousState, eNktHookState currentState) { var aStateChangeInfo = new HookStateChangeInfo(hook, aProcess, previousState, currentState); var aHook = aStateChangeInfo.Hook; if (aStateChangeInfo.CurrentState == eNktHookState.stRemoved) { _view.RemoveHook(aHook); _view.RemoveHookEnabled = false; _view.RemoveAllHooksEnabled = _spyManager.AtLeastOneHookWasCreated; _view.ExportHookingSettings = _spyManager.AtLeastOneHookWasCreated; } else { _view.DisplayHookStatus(aStateChangeInfo); } if (!aProcess.IsHooked()) { _view.DisplayRecentlyUnhookedProcess(aProcess); } else if (aProcess.AtLeastOneHookIsActive()) { _view.DisplayRecentlyHookedProcessAsActive(aProcess); } else { _view.DisplayRecentlyHookedProcessAsInactive(aProcess); } _view.RefreshModulesView(); }
public Hook[] HooksFor(IRunningProcess aProcess) { lock (_syncLock) { return _hooks.ValueOrInitialize(aProcess).ToArray(); } }
public bool AtLeastOneHookIsActiveOn(IRunningProcess aProcess) { lock (_syncLock) { return _activeHooks.ValueOrInitialize(aProcess).Count > 0; } }
public void Update(Hook aHook, IRunningProcess aProcess, eNktHookState currentState, eNktHookState previousState) { var module = aProcess.ModuleByName(aHook.ModuleName); lock (_syncLock) { if (currentState == eNktHookState.stRemoved) { _hooks.ValueOrInitialize(aProcess).Remove(aHook); _activeHooks.ValueOrInitialize(aProcess).Remove(aHook.Id); if (previousState == eNktHookState.stActive) { _hookCountByModule.Update(aProcess, moduleDictionary => { moduleDictionary.Update(module, oldCount => -- oldCount); return(moduleDictionary); }); } } else { _hooks.ValueOrInitialize(aProcess).Add(aHook); if (currentState == eNktHookState.stActive) { _activeHooks.ValueOrInitialize(aProcess).Add(aHook.Id); _hookCountByModule.Update(aProcess, moduleDictionary => { moduleDictionary.Update(module, oldCount => ++ oldCount); return(moduleDictionary); }); } } } }
public HookStateChangeInfo(Hook aHook, IRunningProcess aProcess, eNktHookState previousState, eNktHookState currentState) { Process = aProcess; PreviousState = previousState; CurrentState = currentState; Hook = aHook; }
public bool AtLeastOneHookIsActiveOn(IRunningProcess aProcess) { lock (_syncLock) { return(_activeHooks.ValueOrInitialize(aProcess).Count > 0); } }
private bool ProcessIsNotBeingHooked(IRunningProcess aProcess) { lock (_processesBeingHookedLock) { return(!_processesBeingHookedWithoutConfirmation.Contains(aProcess)); } }
public void LoadHooksWithoutConfirmationOn(IRunningProcess aProcess) { AddProcessBeingHookedWithoutConfirmation(aProcess); RecreateHooksFromRulesOn(new[] {aProcess}); RemoveProcessBeingHookedWithoutConfirmation(aProcess); }
public IdleTimeModule(IEplanHelper eplanHelper, IModuleConfiguration moduleConfiguration, IRunningProcess runningProcess) { this.eplanHelper = eplanHelper; this.moduleConfiguration = moduleConfiguration; this.runningProcess = runningProcess; }
public void LoadHooksWithoutConfirmationOn(IRunningProcess aProcess) { AddProcessBeingHookedWithoutConfirmation(aProcess); RecreateHooksFromRulesOn(new[] { aProcess }); RemoveProcessBeingHookedWithoutConfirmation(aProcess); }
public void ApplyHookOn(Hook hook, IRunningProcess process) { var rule = new HookingRule(process.Name, hook.ModuleName, hook.FunctionName); RecreateHookFromRuleOn(new List <IRunningProcess> { process }, rule); }
private void AgentLoadHandler(IRunningProcess aProcess, int anErrorCode) { if (anErrorCode == 0) { return; } _view.ShowAgentLoadingError(aProcess, anErrorCode); }
public void UpdateProcessToSelectionIfItsGroupIsSelected(IRunningProcess aProcess) { var firstSelectedProcess = _selectedProcesses.FirstOrDefault(); if (firstSelectedProcess != null && firstSelectedProcess.Name.Equals(aProcess.Name)) { _selectedProcesses = _selectedProcesses.Union(new[] { aProcess }); } }
private void ProcessAddedHook(IRunningProcess aProcess, Module aModule, Function aFunction, Hook aHook) { _hookingSettings.Add(aProcess.Name, aModule.Name, aFunction.Name); DisplayHook(aProcess, aModule, aFunction, aHook); _view.RemoveAllHooksEnabled = true; _view.ExportHookingSettings = true; _view.RemoveHookEnabled = true; }
public bool IsHookActiveOn(Hook aHook, IRunningProcess aProcess) { var nktHook = NktHookFor(aHook); if (nktHook == null) { return(false); } return(nktHook.State(aProcess.Id) == eNktHookState.stActive); }
private void ProcessTerminatedHandler(IRunningProcess aProcess) { if (!ProcessFilter.ForInvalidProcesses(_platformBits).IsValid(aProcess)) { return; } RemoveRunningProcess(aProcess); RemoveProcessHooks(aProcess); }
private void RemoveRunningProcess(IRunningProcess aProcess) { _view.RemoveRunningProcess(aProcess); if (!_selectedProcesses.Contains(aProcess)) { return; } RemoveRunningProcessFromSelection(aProcess); }
public void RemoveAllHooksOf(IRunningProcess aProcess) { lock (_syncLock) { _hooks.Remove(aProcess); _activeHooks.Remove(aProcess); _hookCountByModule.Update(aProcess, moduleDictionary => { moduleDictionary.Clear(); return(moduleDictionary); }); } }
public void ShowAgentLoadingError(IRunningProcess aProcess, int anErrorCode) { if (!aProcess.IsAlive(10)) { return; } string errorMessage = string.Format("Deviare Agent load error. Process: {0} ({1}). Error code: 0x{2:X}", aProcess.Name, aProcess.Id, anErrorCode); MessageBox.Show(errorMessage); }
public void RemoveRunningProcessFromSelection(IRunningProcess aProcess) { _selectedProcesses.ForEach(p => p.IfRunning(proc => { if (proc.Id != aProcess.Id) { return; } var newProcessSelection = _selectedProcesses.ToList(); newProcessSelection.Remove(proc); SelectedProcessesChanged(newProcessSelection); }) ); }
private void Add(IRunningProcess aProcess, Module aModule, Function aFunction, Hook aHook) { lock (_dataLock) { if (_hookNodes.ContainsKey(aHook)) return; var aProcessNode = _nodes.ValueOrInitialize(aProcess); var aModuleNode = aProcessNode.ModuleNodeFor(aModule); var aHookNode = aModuleNode.AddHook(aHook, aFunction); _hookNodes[aHook] = aHookNode; _model.Nodes.Add(aProcessNode); } }
private void ProcessStartedHandler(IRunningProcess aProcess) { if (!ProcessFilter.ForInvalidProcesses(_platformBits).IsValid(aProcess)) { return; } _view.DisplayNewRunningProcess(aProcess); _view.RemoveProcessToBeHookedOnStart(aProcess); UpdateProcessToSelectionIfItsGroupIsSelected(aProcess); DisplaySelectedProcessesModulesIfWasAdded(aProcess); _hookLoader.LoadHooksOn(new [] { aProcess }); }
public void DisplayHook(Hook hook, IRunningProcess process, HookStateChangeInfo pepe) { if (!process.IsAlive()) { return; } lock (_dataLock) { process.Do(hook, (p, m, f) => { Add(process, m, f, hook); _hookNodes[hook].UpdateState(pepe.CurrentState); }); } }
public IEnumerable <IRunningProcess> SelectProcessesToApplyHookingRules(IEnumerable <IProcess> toHookOnStart, IEnumerable <IRunningProcess> unhooked, IEnumerable <IRunningProcess> hookedInactive, IEnumerable <IRunningProcess> hookedActive) { var selectedProcesses = new IRunningProcess[0]; var job = new UpdateUIJob(this, () => selectedProcesses = ProcessSelectionForm.Show(toHookOnStart, unhooked, hookedInactive, hookedActive)); job.Perform(); return(selectedProcesses); }
public Function[] HookableFunctionsFor(Module aModule, IRunningProcess aProcess) { IEnumerable <Function> functions; try { var nktProcess = NktProcessFrom(aProcess); var nktModule = nktProcess.ModuleByName(aModule.Name); functions = Function.From(nktModule.ExportedFunctions().CollectAll()); } catch { functions = Enumerable.Empty <Function>(); } return(functions.ToArray()); }
public Module ModuleByName(IRunningProcess aProcess, string aModuleName) { var nktProcess = NktProcessFrom(aProcess); if (nktProcess == null) { return(null); } var aModule = nktProcess.ModuleByName(aModuleName); if (aModule == null) { return(null); } return(Module.From(aModule, aProcess, this)); }
private void Add(IRunningProcess aProcess, Module aModule, Function aFunction, Hook aHook) { lock (_dataLock) { if (_hookNodes.ContainsKey(aHook)) { return; } var aProcessNode = _nodes.ValueOrInitialize(aProcess); var aModuleNode = aProcessNode.ModuleNodeFor(aModule); var aHookNode = aModuleNode.AddHook(aHook, aFunction); _hookNodes[aHook] = aHookNode; _model.Nodes.Add(aProcessNode); } }
public void UpdateProcessToSelectionIfItsGroupIsSelected(IRunningProcess aProcess) { var firstSelectedProcess = _selectedProcesses.FirstOrDefault(); if (firstSelectedProcess != null && firstSelectedProcess.Name.Equals(aProcess.Name)) _selectedProcesses = _selectedProcesses.Union(new[] { aProcess }); }
private void ProcessTerminatedHandler(IRunningProcess aProcess) { if (!ProcessFilter.ForInvalidProcesses(_platformBits).IsValid(aProcess)) return; RemoveRunningProcess(aProcess); RemoveProcessHooks(aProcess); }
private void RemoveRunningProcess(IRunningProcess aProcess) { _view.RemoveRunningProcess(aProcess); if (!_selectedProcesses.Contains(aProcess)) return; RemoveRunningProcessFromSelection(aProcess); }
public IEnumerable<IRunningProcess> SelectProcessesToApplyHookingRules(IEnumerable<IProcess> toHookOnStart, IEnumerable<IRunningProcess> unhooked, IEnumerable<IRunningProcess> hookedInactive, IEnumerable<IRunningProcess> hookedActive) { var selectedProcesses = new IRunningProcess[0]; var job = new UpdateUIJob(this, () => selectedProcesses = ProcessSelectionForm.Show(toHookOnStart, unhooked, hookedInactive, hookedActive)); job.Perform(); return selectedProcesses; }
private void ProcessStartedHandler(IRunningProcess aProcess) { if (!ProcessFilter.ForInvalidProcesses(_platformBits).IsValid(aProcess)) return; _view.DisplayNewRunningProcess(aProcess); _view.RemoveProcessToBeHookedOnStart(aProcess); UpdateProcessToSelectionIfItsGroupIsSelected(aProcess); DisplaySelectedProcessesModulesIfWasAdded(aProcess); _hookLoader.LoadHooksOn(new [] {aProcess}); }
public void AddHookForRunningProcess(IRunningProcess aProcess, Module aModule, Function aFunction) { aProcess.Hook(aModule, aFunction, hook => ProcessAddedHook(aProcess, aModule, aFunction, hook)); }
private void DisplayHook(IRunningProcess aProcess, Module aModule, Function aFunction, Hook aHook) { _view.DisplayHook(aProcess, aModule, aFunction, aHook); }
public void Update(Hook aHook, IRunningProcess aProcess, eNktHookState currentState, eNktHookState previousState) { var module = aProcess.ModuleByName(aHook.ModuleName); lock (_syncLock) { if (currentState == eNktHookState.stRemoved) { _hooks.ValueOrInitialize(aProcess).Remove(aHook); _activeHooks.ValueOrInitialize(aProcess).Remove(aHook.Id); if (previousState == eNktHookState.stActive) _hookCountByModule.Update(aProcess, moduleDictionary => { moduleDictionary.Update(module, oldCount => --oldCount); return moduleDictionary; }); } else { _hooks.ValueOrInitialize(aProcess).Add(aHook); if (currentState == eNktHookState.stActive) { _activeHooks.ValueOrInitialize(aProcess).Add(aHook.Id); _hookCountByModule.Update(aProcess, moduleDictionary => { moduleDictionary.Update(module, oldCount => ++oldCount); return moduleDictionary; }); } } } }
public void DisplayHook(Hook hook, IRunningProcess process, HookStateChangeInfo pepe) { if (!process.IsAlive()) return; lock (_dataLock) { process.Do(hook, (p, m, f) => { Add(process, m, f, hook); _hookNodes[hook].UpdateState(pepe.CurrentState); }); } }
public RunningModule(string path, string name, IntPtr baseAddress, IRunningProcess process, ISpyManager aSpyManager) : base(path, name, baseAddress) { _process = process; _spyManager = aSpyManager; }
public bool Test(IRunningProcess aProcess) { return _isValidProcess(aProcess); }
public int HooksCountFor(IRunningProcess aProcess, Module aModule) { return _hookCountByModule.ValueOrInitialize(aProcess).ValueOrInitialize(aModule); }
private void AgentLoadHandler(IRunningProcess aProcess, int anErrorCode) { if (anErrorCode == 0) return; _view.ShowAgentLoadingError(aProcess, anErrorCode); }
public void RemoveAllHooksOf(IRunningProcess aProcess) { lock (_syncLock) { _hooks.Remove(aProcess); _activeHooks.Remove(aProcess); _hookCountByModule.Update(aProcess, moduleDictionary => { moduleDictionary.Clear(); return moduleDictionary; }); } }
public void RemoveRunningProcessFromSelection(IRunningProcess aProcess) { _selectedProcesses.ForEach(p => p.IfRunning(proc => { if (proc.Id != aProcess.Id) return; var newProcessSelection = _selectedProcesses.ToList(); newProcessSelection.Remove(proc); SelectedProcessesChanged(newProcessSelection); }) ); }
public bool IsValid(IRunningProcess aProcess) { return _filters.All(filter => filter.Test(aProcess)); }
public void DisplaySelectedProcessesModulesIfWasAdded(IRunningProcess aProcess) { if (_selectedProcesses.Contains(aProcess)) DisplaySelectedProcessesModulesKeepingSelection(); }
private bool ProcessIsNotBeingHooked(IRunningProcess aProcess) { lock (_processesBeingHookedLock) { return !_processesBeingHookedWithoutConfirmation.Contains(aProcess); } }
public bool IsActiveOn(IRunningProcess aProcess) { return _spyManager.IsHookActiveOn(this, aProcess); }
private void HookStateChangedHandler(Hook hook, IRunningProcess aProcess, eNktHookState previousState, eNktHookState currentState) { var aStateChangeInfo = new HookStateChangeInfo(hook, aProcess, previousState, currentState); var aHook = aStateChangeInfo.Hook; if (aStateChangeInfo.CurrentState == eNktHookState.stRemoved) { _view.RemoveHook(aHook); _view.RemoveHookEnabled = false; _view.RemoveAllHooksEnabled = _spyManager.AtLeastOneHookWasCreated; _view.ExportHookingSettings = _spyManager.AtLeastOneHookWasCreated; } else _view.DisplayHookStatus(aStateChangeInfo); if (!aProcess.IsHooked()) _view.DisplayRecentlyUnhookedProcess(aProcess); else if (aProcess.AtLeastOneHookIsActive()) _view.DisplayRecentlyHookedProcessAsActive(aProcess); else _view.DisplayRecentlyHookedProcessAsInactive(aProcess); _view.RefreshModulesView(); }
public void ShowAgentLoadingError(IRunningProcess aProcess, int anErrorCode) { if (!aProcess.IsAlive(10)) return; string errorMessage = string.Format("Deviare Agent load error. Process: {0} ({1}). Error code: 0x{2:X}", aProcess.Name, aProcess.Id, anErrorCode); MessageBox.Show(errorMessage); }
public static Module From(NktModule module, IRunningProcess aProcess, ISpyManager aSpyManager) { return new RunningModule(module.Path, module.Name, module.BaseAddress, aProcess, aSpyManager); }
public void DisplayHook(IRunningProcess aProcess, Module aModule, Function aFunction, Hook aHook) { }