public void Run(RemoteHooking.IContext InContext, string serverName) { try { myClientInstance.SendCommand(Command.ClientVersion, myDateStamp); myCloseSocketHook = LocalHook.Create(LocalHook.GetProcAddress("WSOCK32.dll", "closesocket"), myCloseSocketDelegate, null); mySocketHook = LocalHook.Create(LocalHook.GetProcAddress("WSOCK32.dll", "socket"), mySocketDelegate, null); myCloseSocketHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); mySocketHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); IntPtr functionPtr = Marshal.GetFunctionPointerForDelegate(myRecvDelegate); myClientInstance.SendCommand(Command.FunctionPointer, functionPtr.ToInt32(), 0); functionPtr = Marshal.GetFunctionPointerForDelegate(mySendDelegate); myClientInstance.SendCommand(Command.FunctionPointer, functionPtr.ToInt32(), 1); MessageHook.Initialize(myClientInstance); } catch (Exception X) { string message = "<Exception : " + X.Message + "> <Stack trace: " + X.StackTrace + ">"; myClientInstance.SendCommand(Command.Exception, message); return; } while (true) { Thread.Sleep(1000); } }
public void SetupDetour() { var form = new Form(); var scd = new SwapChainDescription { BufferCount = 1, ModeDescription = new ModeDescription { Format = DXGI_FORMAT_R8G8B8A8_UNORM }, Usage = DXGI_USAGE_RENDER_TARGET_OUTPUT, OutputHandle = form.Handle, SampleDescription = new SampleDescription { Count = 1 }, IsWindowed = true }; unsafe { var pSwapChain = IntPtr.Zero; var pDevice = IntPtr.Zero; var pImmediateContext = IntPtr.Zero; var ret = D3D11CreateDeviceAndSwapChain((void *)IntPtr.Zero, D3D_DRIVER_TYPE_HARDWARE, (void *)IntPtr.Zero, 0, (void *)IntPtr.Zero, 0, D3D11_SDK_VERSION, &scd, &pSwapChain, &pDevice, (void *)IntPtr.Zero, &pImmediateContext); var func = Misc.GetVTableFunction(pSwapChain, DXGISwapChainPresent); presentDelegateOrig = Misc.GetDelegate <PresentF>(func); presentDelegate = new PresentF(MyPresent); presentHook = LocalHook.Create(func, presentDelegate, null); presentHook.ThreadACL.SetExclusiveACL(new int[] { }); } form.Dispose(); }
// // Setup internal static IEnumerable <LocalHook> InstallHooks() { return(new[] { LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new CreateFileWDlg(CreateFile_Hooked), SMInject.Instance ), LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "SetFilePointer"), new SetFilePointerDlg(SetFilePointer_Hooked), SMInject.Instance ), LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "WriteFile"), new WriteFileDlg(WriteFile_Hooked), SMInject.Instance ), LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CloseHandle"), new CloseHandleDlg(CloseHandle_Hooked), SMInject.Instance ) }); }
public void Run(RemoteHooking.IContext contect, string channelName) { Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); // Install hooks // CreateFile https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new CreateFile_Delegate(CreateFile_Hook), this ); // Activate hooks on all threads except the current thread. CreateFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); Interface.ReportMessage("Hook 'CreateFile' has been installed"); RemoteHooking.WakeUpProcess(); try { // Loop until the loader closes (i.e. IPC fails) while (true) { Thread.Sleep(500); string[] queued = null; lock (_messageQueue) { queued = _messageQueue.ToArray(); _messageQueue.Clear(); } if (queued != null && queued.Length > 0) { Interface.ReportMessages(queued); } else { Interface.Ping(); } } } catch { // Ping() or ReportMessages() will raise an exception if host is unreachable. } // Remove hooks CreateFileHook.Dispose(); // Finalize cleanup of hooks LocalHook.Release(); }
public void Run( RemoteHooking.IContext InContext, String InChannelName) { // install hook... try { CreateKeywordHook = LocalHook.Create( LocalHook.GetProcAddress("python27.dll", "PyEval_CallObjectWithKeywords"), new DCallKeywords(CallKeywords_Hooked), this); CreateKeywordHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); CreateGetModuleHandleAHook = LocalHook.Create(LocalHook.GetProcAddress("kernel32", "GetModuleHandleA"), new DGetModuleHandleA(GetModuleHandleHooked), this); CreateGetModuleHandleAHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); } catch (Exception ExtInfo) { Interface.ReportException(ExtInfo); return; } Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); RemoteHooking.WakeUpProcess(); // wait for host process termination... try { while (true) { Thread.Sleep(500); // transmit newly monitored file accesses... if (Queue.Count > 0) { String[] Package = null; lock (Queue) { Package = Queue.ToArray(); Queue.Clear(); } } else { Interface.Ping(); } } } catch { // Ping() will raise an exception if host is unreachable } }
public void Run( RemoteHooking.IContext InContext, String InChannelName) { // install hook... try { /* CreateFileHook = LocalHook.Create( * LocalHook.GetProcAddress("kernel32.dll", "MoveFileExW"), * new HookStgCreateStorageEx(StgCreateStorageEx_Hooked), * this);*/ CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("ole32.dll", "StgCreateStorageEx"), new HookStgCreateStorageEx(StgCreateStorageEx_Hooked), this); CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); } catch (Exception ExtInfo) { Interface.ReportException(ExtInfo); return; } Interface.IsInstalled(RemoteHooking.GetCurrentThreadId()); RemoteHooking.WakeUpProcess(); // wait for host process termination... try { while (true) { Thread.Sleep(500); // transmit newly monitored file accesses... if (Queue.Count > 0) { String[] Package = null; lock (Queue) { Package = Queue.ToArray(); Queue.Clear(); } // Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package); } else { // Interface.Ping(RemoteHooking.GetCurrentThreadId()); } } } catch { // Ping() will raise an exception if host is unreachable } }
public void Run(RemoteHooking.IContext context, string channelName) { server.IsInstalled(RemoteHooking.GetCurrentProcessId()); List <LocalHook> hooks = new List <LocalHook>() { LocalHook.Create( new IntPtr(ENGINE_UPDATE_HOOK_TARGET_ADDRESS), new VoidDelegate(PollInputOverride), this), }; foreach (var hook in hooks) { hook.ThreadACL.SetExclusiveACL(new int[] { 0 }); } InputEmulator.KeyConfig.TryLoadConfig(); server.ReportString($"DivaHook successfully established\n"); server.ReportString($"Do not close this application..."); RemoteHooking.WakeUpProcess(); try { while (true) { System.Threading.Thread.Sleep(500); string[] queued = null; lock (messageQueue) { queued = messageQueue.ToArray(); messageQueue.Clear(); } if (queued != null && queued.Length > 0) { server.ReportMessages(queued); } else { server.Ping(); } } } catch (Exception ex) { server.ReportException(ex); } foreach (var hook in hooks) { hook.Dispose(); } LocalHook.Release(); }
/// <summary> /// Installs an API hook based on the specified data. /// </summary> /// <param name="targetEntryPoint">The target entry point that should be hooked.</param> /// <param name="hookHandler">A handler with the same signature as the original entry point.</param> /// <param name="callback">An uninterpreted callback.</param> private void InstallHook(IntPtr targetEntryPoint, Delegate hookHandler, object callback) { var localHook = LocalHook.Create(targetEntryPoint, hookHandler, callback); localHook.ThreadACL.SetExclusiveACL(new int[0]); lock (_syncRoot) _installedHooks.Add(localHook); }
public WinsockHook(IntPtr address, Settings settings) { this._settings = settings; _name = string.Format("WinsockHook_{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new WinsockConnectDelegate(WinsockConnectDetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
public RegistryHook(IntPtr address, string prodKey) { _prodKey = prodKey; _name = string.Format("RegQueryValueExAHook_{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new RegQueryValueExADelegate(RegQueryValueExADetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
public static LocalHook CreateHook(String moduleName, String functionName, Delegate callback, Object sender) { LocalHook hook = LocalHook.Create(LocalHook.GetProcAddress(moduleName, functionName), callback, sender); hook.ThreadACL.SetExclusiveACL(new Int32[0]); return(hook); }
public MiniDumpWriteDumpHook(IntPtr address) { _name = string.Format("MiniDumpWriteDumpHook_{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new MiniDumpWriteDumpDelegate(MiniDumpWriteDumpDetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
public IsDebuggerPresentHook(IntPtr address) { _name = string.Format("EnumProcessesHook_{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new IsDebuggerPresentDelegate(IsDebuggerPresentDetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
public LoadLibraryWHook(IntPtr address) { _name = string.Format("LibraryCallHook_{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new LibraryCallDelegate(LoadLibraryWDetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
public AppdataHook(IntPtr address, string userLogin) { this._userLogin = userLogin; _name = string.Format("AppDataHook_{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new SHGetFolderPathDelegate(SHGetFolderPathDetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
protected static LocalHook CreateHook(string dll, string method, Delegate hookImpl) { var procAddress = LocalHook.GetProcAddress(dll, method); var hook = LocalHook.Create(procAddress, hookImpl, null); hook.ThreadACL.SetExclusiveACL(new int[0]); return(hook); }
public static object HookLuaFun(string moduleName, string funName, Delegate luaFun) { IntPtr handle = LocalHook.GetProcAddress(moduleName, funName); var newstateHook = LocalHook.Create(handle, luaFun, null); newstateHook.ThreadACL.SetExclusiveACL(new int[1]); return(newstateHook.Callback); }
public MemoryHook(IntPtr address, ulong totalPhys) { this._totalPhys = totalPhys; _name = string.Format("MemoryHook{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new GlobalMemoryStatusDelegate(GlobalMemoryStatusDetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
public override void Hook() { if (_d3d11VTblAddresses == null) { _d3d11VTblAddresses = new List <IntPtr>(); _dxgiSwapChainVTblAddresses = new List <IntPtr>(); #region Get Device and SwapChain method addresses // Create temporary device + swapchain and determine method addresses SlimDX.Direct3D11.Device device; SwapChain swapChain; using (SlimDX.Windows.RenderForm renderForm = new SlimDX.Windows.RenderForm()) { SlimDX.Result result = SlimDX.Direct3D11.Device.CreateWithSwapChain( DriverType.Hardware, DeviceCreationFlags.None, DXGI.CreateSwapChainDescription(renderForm.Handle), out device, out swapChain); if (result.IsSuccess) { this.DebugMessage("Hook: Device created"); using (device) { _d3d11VTblAddresses.AddRange(GetVTblAddresses(device.ComPointer, D3D11_DEVICE_METHOD_COUNT)); using (swapChain) { _dxgiSwapChainVTblAddresses.AddRange(GetVTblAddresses(swapChain.ComPointer, DXGI.DXGI_SWAPCHAIN_METHOD_COUNT)); } } } } #endregion } // We will capture the backbuffer here DXGISwapChain_PresentHook = LocalHook.Create( _dxgiSwapChainVTblAddresses[(int)DXGI.DXGISwapChainVTbl.Present], new DXGISwapChain_PresentDelegate(PresentHook), this); // We will capture target/window resizes here DXGISwapChain_ResizeTargetHook = LocalHook.Create( _dxgiSwapChainVTblAddresses[(int)DXGI.DXGISwapChainVTbl.ResizeTarget], new DXGISwapChain_ResizeTargetDelegate(ResizeTargetHook), this); /* * Don't forget that all hooks will start deactivated... * The following ensures that all threads are intercepted: * Note: you must do this for each hook. */ DXGISwapChain_PresentHook.ThreadACL.SetExclusiveACL(new Int32[1]); DXGISwapChain_ResizeTargetHook.ThreadACL.SetExclusiveACL(new Int32[1]); }
/// <summary> /// Installs hook. /// </summary> /// <param name="link">Link to call back interface i.e. to the method which will be called by makeCallBack method from the hook handler</param> public void installHook(InterceptorCallBackInterface link) { hook = LocalHook.Create( LocalHook.GetProcAddress(api_full_name.library_name, api_full_name.api_name), createHookDelegate(), link); Console.WriteLine("Installing hook: " + api_full_name); hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }
public void Run(RemoteHooking.IContext inContext, String inChannelName) { // install hook... try { _runningDirectory = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); IntPtr createFileProcAddress = LocalHook.GetProcAddress("kernel32.dll", "CreateFileA"); _createFileLocalHook = LocalHook.Create( createFileProcAddress, new CreateFileDelegate(CreateFileHookMethod), this); _createFileLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); IntPtr mmioOpenProcAddress = LocalHook.GetProcAddress("WINMM.dll", "mmioOpenW"); _mmioOpenLocalHook = LocalHook.Create( mmioOpenProcAddress, new MmioOpenDelegate(MmioOpenHookMethod), this); _mmioOpenLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); IntPtr getDriveTypeProcAddress = LocalHook.GetProcAddress("kernel32.dll", "GetDriveTypeA"); _getDriveTypeLocalHook = LocalHook.Create( getDriveTypeProcAddress, new GetDriveTypeDelegate(GetDriveTypeHookMethod), this); _getDriveTypeLocalHook.ThreadACL.SetExclusiveACL(new int[] { 0 }); } catch (Exception exception) { _ipcInterface.ReportException(exception); return; } _ipcInterface.NotifySucessfulInstallation(RemoteHooking.GetCurrentProcessId()); RemoteHooking.WakeUpProcess(); // wait until we are not needed anymore... try { while (true) { _ipcInterface.OnHooking(); } } catch { // Ping() will raise an exception if host is unreachable } }
private LocalHook HookVbaBeep() { var processAddress = LocalHook.GetProcAddress(_vbeApi.DllName, "rtcBeep"); var callbackDelegate = new VbaBeepDelegate(VbaBeepCallback); var hook = LocalHook.Create(processAddress, callbackDelegate, null); hook.ThreadACL.SetInclusiveACL(new[] { 0 }); return(hook); }
void Hook <T>(string name, T callback) where T : Delegate { var address = resolver.Resolve(name); var hook = LocalHook.Create(address, callback, null); hook.ThreadACL.SetExclusiveACL(Array.Empty <int>()); Hooks.Add(name, hook); Console.WriteLine($"Hooked {name}"); }
private void PatchInvalidPtrCheck() { invalidPtrCheckPatch = LocalHook.Create( IntPtr.Zero + Offset.Function.InvalidPtrCheck, new CommandCallback.InvalidPtrCheck(commandHandler.InvalidPtrCheckPatch), this); invalidPtrCheckPatch.ThreadACL.SetExclusiveACL(new Int32[] { }); }
private void CreateHook() { if (Hook != null) { return; } Hook = LocalHook.Create(FunctionToHook, NewFunction, Owner); }
internal FunctionHook(MemoryAddress address, string name, T original, T hook) { Address = address; Name = name; Original = original; Hook = hook; _hook = LocalHook.Create(address, hook, this); }
public void Run( RemoteHooking.IContext InContext, String InArg1) { try { CreateFileHook = LocalHook.Create( LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"), new DCreateFile(CreateFile_Hooked), this); /* * Don't forget that all hooks will start deaktivated... * The following ensures that all threads are intercepted: */ CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[1]); } catch (Exception e) { /* * Now we should notice our host process about this error... */ Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e); return; } // wait for host process termination... try { while (Interface.Ping(RemoteHooking.GetCurrentProcessId())) { Thread.Sleep(500); // transmit newly monitored file accesses... lock (Queue) { if (Queue.Count > 0) { String[] Package = null; Package = Queue.ToArray(); Queue.Clear(); Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package); } } } } catch { // NET Remoting will raise an exception if host is unreachable } }
public bool CreateHook<T>(GameFunction<T> function, T hook) where T : Delegate { if (hook == null) return false; Hooks[hook] = LocalHook.Create(function.Pointer, hook, function); Hooks[hook].ThreadACL.SetExclusiveACL(new[] { 0 }); return true; }
/// <summary> /// Initializes a new instance of the <see cref="Hook{T}"/> class. /// Hook is not activated until Enable() method is called. /// </summary> /// <param name="address">A memory address to install a hook.</param> /// <param name="detour">Callback function. Delegate must have a same original function prototype.</param> public Hook(IntPtr address, T detour) { this.hookInfo = LocalHook.Create(address, detour, null); // Installs a hook here this.address = address; this.original = Marshal.GetDelegateForFunctionPointer <T>(this.hookInfo.HookBypassAddress); HookInfo.TrackedHooks.Add(new HookInfo() { Delegate = detour, Hook = this, Assembly = Assembly.GetCallingAssembly() }); }
public NetworkAdapterHook(IntPtr address, string guid, string mac, string ipaddress) { _guid = guid; _mac = mac; _address = ipaddress; _name = string.Format("GetAdaptersInfoHook_{0:X}", address.ToInt32()); _hook = LocalHook.Create(address, new GetAdaptersInfoDelegate(GetAdaptersInfoDetour), this); _hook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); }