Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- LocalHook wcsrchrHook;
- // [DllImport("ShLwApi.dll", SetLastError = true, CharSet = CharSet.Unicode)]
- [DllImport("ntdll.dll", CharSet = CharSet.Auto)]
- static extern int wcsrchr(
- [MarshalAs(UnmanagedType.LPWStr)]
- string FileName,
- int BufferLength,
- [MarshalAs(UnmanagedType.LPWStr)]
- string lBuffer,
- ref IntPtr FilePart,
- ref int InputPathType);
- [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto)]
- public delegate int Twcsrchr(
- [MarshalAs(UnmanagedType.LPWStr)]
- string FileName,
- int BufferLength,
- [MarshalAs(UnmanagedType.LPWStr)]
- string lBuffer,
- ref IntPtr FilePart,
- ref int InputPathType);
- public Class1(RemoteHooking.IContext InContext, String InChannelName)
- {
- try
- {
- Interface = RemoteHooking.IpcConnectClient<RemoteMon>(InChannelName);
- ChannelName = InChannelName;
- Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
- }
- catch (Exception ex)
- {
- Interface.ErrorHandler(ex);
- }
- }
- public int Run(RemoteHooking.IContext InContext, String InChannelName)
- {
- try
- {
- wcsrchrHook = LocalHook.Create(LocalHook.GetProcAddress("ntdll.dll", "RtlGetFullPathName_UEx"), new Twcsrchr(hkwcsrchr), this);
- // wcsrchrHook = LocalHook.Create(LocalHook.GetProcAddress("Ntdll.dll", "RtlGetFullPathName_UEx"), new Twcsrchr(hkwcsrchr), this);
- wcsrchrHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
- // wcsrchrHook.ThreadACL.SetInclusiveACL(new Int32[] { 0 });
- }
- catch (Exception ex)
- {
- Interface.ErrorHandler(ex);
- }
- try
- {
- RemoteHooking.WakeUpProcess();
- }
- catch (Exception ex)
- {
- Interface.ErrorHandler(ex);
- }
- while (true)
- {
- Thread.Sleep(1000);
- }
- }
- static int hkwcsrchr(
- [MarshalAs(UnmanagedType.LPWStr)]
- string FileName,
- int BufferLength,
- [MarshalAs(UnmanagedType.LPWStr)]
- string lBuffer,
- ref IntPtr FilePart,
- ref int InputPathType)
- {
- try
- {
- int result = 0;
- ((Class1)HookRuntimeInfo.Callback).Interface.OpenFile(FileName.ToString());
- // ((ShellExecuteE)HookRuntimeInfo.Callback).Interface.OpenFile("Был открыт файл:" + lpExecInfo.File.ToString());
- // return wcsrchr(flags, key,pszAssoc,pszExtra,phkeyOut);
- return result = wcsrchr(FileName, BufferLength, lBuffer, ref FilePart, ref InputPathType);
- }
- catch (Exception ex)
- {
- //((ShellExecuteE)HookRuntimeInfo.Callback).Interface.ErrorHandler(ex);
- // return wcsrchr(flags, key, pszAssoc, pszExtra, phkeyOut);
- return wcsrchr(FileName, BufferLength, lBuffer, ref FilePart, ref InputPathType);
- }
- }
- // Функция инъекции
- RemoteHooking.Inject(processid, InjectionOptions.DoNotRequireStrongName, currdir + "ClassLibrary1.dll", currdir + "ClassLibrary1.dll", new Object[] { ChannelName });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement