示例#1
0
 private void RTProtection_Button_Hook_Click(object sender, EventArgs e)
 {
     foreach (var item in RTProtection_checkedListBox_Processes.SelectedItems.OfType <ProcListBoxItem>().ToList())
     {
         Console.WriteLine(@"\\.\pipe\myNamedPipe" + item.ProcessId.ToString());
         NamedPipeServer PServer1 = new NamedPipeServer(@"\\.\pipe\myNamedPipe" + item.ProcessId.ToString(), 0, RTProtection_notifyIcon, "basic", item.Name);
         PServer1.Start();
         __RtProtectionInst.WRAP_InjectBasicLib(item.ProcessId);
     }
 }
示例#2
0
        public void ApiMonThreadFunc()
        {
            while (__ApiMonThread_working)
            {
                Console.WriteLine("WRAP_RtProtectionDrv_NewProcMon");
                bool res = __RtApiMonInst.WRAP_RtProtectionDrv_NewProcMon();
                Console.WriteLine(res.ToString());
                if (res)
                {
                    int _ParentId  = __RtApiMonInst.Get_ParentId();
                    int _ProcessId = __RtApiMonInst.Get_ProcessId();
                    int _Create    = __RtApiMonInst.Get_Create();
                    if (_Create == 1)
                    {
                        Process newproc = Process.GetProcessById(_ProcessId);
                        Console.WriteLine(newproc.ProcessName);
                        Console.WriteLine(_ParentId);
                        Console.WriteLine(_ProcessId);

                        if (newproc.ProcessName != "cmd" &&
                            newproc.ProcessName != "powershell")
                        {
                            NamedPipeServer PServer1 =
                                new NamedPipeServer(
                                    @"\\.\pipe\myNamedPipe" + _ProcessId.ToString(),
                                    0,
                                    ApiMon_notifyIcon,
                                    "apimon",
                                    newproc.ProcessName
                                    );
                            PServer1.Start();
                            __RtApiMonInst.WRAP_InjectBasicLib(_ProcessId);
                        }
                    }
                }
            }
            __RtApiMonInst.WRAP_RtProtectionDrv_UnloadDriver();
            if (__RtApiMonInst.Get_loaded() == false)
            {
                ApiMonButton.Text = "ApiMon OFF";
            }
        }