private static void OnCreateProcessCall(int procId, int childPid, int mainThreadId, bool is64BitProcess) { if (procId == iePid) { //only process main IE child processes try { Console.Write("Child IE process #" + childPid.ToString() + " launched. Hooking... "); lock (processesList) { processesList.Add(childPid, ""); } remoteBridge.Hook(childPid, eNktHookFlags.flgDebugPrintInterfaces); remoteBridge.WatchComInterface(childPid, CLSID_HTMLDocument, IID_IUnknown); Console.WriteLine("OK"); } catch (Exception ex) { Console.WriteLine("ERROR"); Console.WriteLine(ex.ToString()); return; } } }
static void Main(string[] args) { object continueEvent; //Console.Write("Press any key to continue... "); //Console.ReadKey(true); //Console.WriteLine("OK"); processesList = new SortedList<Int32, string>(); remoteBridge = new NktRemoteBridge(); if (remoteBridge == null) { Console.Write("Error: NktRemoteBridge not registered."); return; } remoteBridge.OnCreateProcessCall += new DNktRemoteBridgeEvents_OnCreateProcessCallEventHandler(OnCreateProcessCall); remoteBridge.OnComInterfaceCreated += new DNktRemoteBridgeEvents_OnComInterfaceCreatedEventHandler(OnComInterfaceCreated); remoteBridge.OnProcessUnhooked += new DNktRemoteBridgeEvents_OnProcessUnhookedEventHandler(OnProcessUnhooked); try { string s; s = Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE", "", null) as string; if (s == null) { Console.WriteLine("failed."); return; } Console.Write("Launching & hooking IEXPLORE.EXE... "); s = "\"" + s + "\" http://www.bbc.co.uk"; iePid = remoteBridge.CreateProcess(s, true, out continueEvent); if (iePid == 0) { Console.WriteLine("failed."); return; } lock (processesList) { processesList.Add(iePid, ""); } remoteBridge.Hook(iePid, eNktHookFlags.flgDebugPrintInterfaces); remoteBridge.WatchComInterface(iePid, CLSID_HTMLDocument, IID_IUnknown); remoteBridge.ResumeProcess(iePid, continueEvent); Console.WriteLine("OK"); } catch (Exception ex) { Console.WriteLine("ERROR"); Console.WriteLine(ex.ToString()); return; } while (true) { bool b; lock (processesList) { b = (processesList.Count > 0); } if (b == false) { Console.WriteLine("Hooked process has ended. Quitting."); break; } if (Console.KeyAvailable == false) { System.Threading.Thread.Sleep(10); continue; } Char ch = Console.ReadKey(true).KeyChar; if (ch == 27) break; } return; }
static void Main(string[] args) { object continueEvent; //Console.Write("Press any key to continue... "); //Console.ReadKey(true); //Console.WriteLine("OK"); processesList = new SortedList <Int32, string>(); remoteBridge = new NktRemoteBridge(); if (remoteBridge == null) { Console.Write("Error: NktRemoteBridge not registered."); return; } remoteBridge.OnCreateProcessCall += new DNktRemoteBridgeEvents_OnCreateProcessCallEventHandler(OnCreateProcessCall); remoteBridge.OnComInterfaceCreated += new DNktRemoteBridgeEvents_OnComInterfaceCreatedEventHandler(OnComInterfaceCreated); remoteBridge.OnProcessUnhooked += new DNktRemoteBridgeEvents_OnProcessUnhookedEventHandler(OnProcessUnhooked); try { string s; s = Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE", "", null) as string; if (s == null) { Console.WriteLine("failed."); return; } Console.Write("Launching & hooking IEXPLORE.EXE... "); s = "\"" + s + "\" http://www.bbc.co.uk"; iePid = remoteBridge.CreateProcess(s, true, out continueEvent); if (iePid == 0) { Console.WriteLine("failed."); return; } lock (processesList) { processesList.Add(iePid, ""); } remoteBridge.Hook(iePid, eNktHookFlags.flgDebugPrintInterfaces); remoteBridge.WatchComInterface(iePid, CLSID_HTMLDocument, IID_IUnknown); remoteBridge.ResumeProcess(iePid, continueEvent); Console.WriteLine("OK"); } catch (Exception ex) { Console.WriteLine("ERROR"); Console.WriteLine(ex.ToString()); return; } while (true) { bool b; lock (processesList) { b = (processesList.Count > 0); } if (b == false) { Console.WriteLine("Hooked process has ended. Quitting."); break; } if (Console.KeyAvailable == false) { System.Threading.Thread.Sleep(10); continue; } Char ch = Console.ReadKey(true).KeyChar; if (ch == 27) { break; } } return; }
//static string IID_IUnknown = "{00000000-0000-0000-C000-000000000046}"; static void Main(string[] args) { NktRemoteBridge remoteBridge; object continueEv; Process procNotepad; if (Environment.OSVersion.Version.Major < 6) { Console.Write("Error: This application requires Windows Vista or later to work."); return; } remoteBridge = new NktRemoteBridge(); if (remoteBridge == null) { Console.Write("Error: NktRemoteBridge not registered."); return; } try { int pid; Console.Write("Launching NOTEPAD.EXE... "); pid = remoteBridge.CreateProcess("notepad.exe", (DoDelayedHook(args) != false) ? false : true, out continueEv); if (pid == 0) { Console.WriteLine("failed."); return; } procNotepad = Process.GetProcessById(pid); Console.WriteLine("OK"); } catch (Exception ex) { Console.WriteLine("failed."); Console.WriteLine(ex.ToString()); return; } //---------------- try { Console.Write("Injecting... "); remoteBridge.Hook(procNotepad.Id, eNktHookFlags.flgDebugPrintInterfaces); if (continueEv != null) remoteBridge.ResumeProcess(procNotepad.Id, continueEv); remoteBridge.WatchComInterface(procNotepad.Id, ShellCLSIDGuid.FileOpenDialog, ShellIIDGuid.IFileDialog); Console.WriteLine("OK"); } catch (Exception ex) { Console.WriteLine("failed."); Console.WriteLine(ex.ToString()); return; } //---------------- Console.WriteLine("Ready."); Console.WriteLine("Usage:"); Console.WriteLine(" This demo launches a Windows' Notepad application and scans 'File Open' dialog boxes."); Console.WriteLine(" When a file open dialog box is created, you can take the following actions:"); Console.WriteLine(" 1) Press the 'F' key to retrieve the typed file name in the dialog box."); Console.WriteLine(" 2) Press the 'C' key to close the dialog box window using the OK button."); Console.WriteLine(" 3) Press 'ESC' key to quit this demo!"); while (true) { if (procNotepad.HasExited != false) { Console.WriteLine("Hooked process has ended. Quitting."); break; } if (Console.KeyAvailable == false) { System.Threading.Thread.Sleep(10); continue; } Char ch = Console.ReadKey(true).KeyChar; if (ch == 27) break; switch (ch) { case 'f': case 'F': DoGetOpenFileDialogFilename(remoteBridge, procNotepad); break; case 'c': case 'C': DoCloseOpenFileDialog(remoteBridge, procNotepad); break; } } return; }