LocalHook wcsrchrHook; // [DllImport("ShLwApi.dll", SetLastError = true,

1. LocalHook wcsrchrHook;
2.  
3.  
4. // [DllImport("ShLwApi.dll", SetLastError = true, CharSet = CharSet.Unicode)]
5. [DllImport("ntdll.dll", CharSet = CharSet.Auto)]
6. static extern int wcsrchr(
7. [MarshalAs(UnmanagedType.LPWStr)]
8. string FileName,
9. int BufferLength,
10. [MarshalAs(UnmanagedType.LPWStr)]
11. string lBuffer,
12. ref IntPtr FilePart,
13. ref int InputPathType);
14.  
15.  
16. [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Auto)]
17. public delegate int Twcsrchr(
18. [MarshalAs(UnmanagedType.LPWStr)]
19. string FileName,
20. int BufferLength,
21. [MarshalAs(UnmanagedType.LPWStr)]
22. string lBuffer,
23. ref IntPtr FilePart,
24. ref int InputPathType);
25.  
26.  
27. public Class1(RemoteHooking.IContext InContext, String InChannelName)
28. {
29.  
30. try
31. {
32. Interface = RemoteHooking.IpcConnectClient<RemoteMon>(InChannelName);
33. ChannelName = InChannelName;
34. Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
35. }
36. catch (Exception ex)
37. {
38. Interface.ErrorHandler(ex);
39. }
40. }
41. public int Run(RemoteHooking.IContext InContext, String InChannelName)
42. {
43. try
44. {
45.  
46. wcsrchrHook = LocalHook.Create(LocalHook.GetProcAddress("ntdll.dll", "RtlGetFullPathName_UEx"), new Twcsrchr(hkwcsrchr), this);
47. // wcsrchrHook = LocalHook.Create(LocalHook.GetProcAddress("Ntdll.dll", "RtlGetFullPathName_UEx"), new Twcsrchr(hkwcsrchr), this);
48. wcsrchrHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
49. // wcsrchrHook.ThreadACL.SetInclusiveACL(new Int32[] { 0 });
50.  
51. }
52. catch (Exception ex)
53. {
54. Interface.ErrorHandler(ex);
55. }
56. try
57. {
58. RemoteHooking.WakeUpProcess();
59. }
60. catch (Exception ex)
61. {
62. Interface.ErrorHandler(ex);
63. }
64. while (true)
65. {
66.  
67. Thread.Sleep(1000);
68. }
69. }
70.  
71. static int hkwcsrchr(
72. [MarshalAs(UnmanagedType.LPWStr)]
73. string FileName,
74. int BufferLength,
75. [MarshalAs(UnmanagedType.LPWStr)]
76. string lBuffer,
77. ref IntPtr FilePart,
78. ref int InputPathType)
79. {
80. try
81. {
82. int result = 0;
83.  
84. ((Class1)HookRuntimeInfo.Callback).Interface.OpenFile(FileName.ToString());
85. // ((ShellExecuteE)HookRuntimeInfo.Callback).Interface.OpenFile("Был открыт файл:" + lpExecInfo.File.ToString());
86.  
87. // return wcsrchr(flags, key,pszAssoc,pszExtra,phkeyOut);
88. return result = wcsrchr(FileName, BufferLength, lBuffer, ref FilePart, ref InputPathType);
89. }
90. catch (Exception ex)
91. {
92. //((ShellExecuteE)HookRuntimeInfo.Callback).Interface.ErrorHandler(ex);
93. // return wcsrchr(flags, key, pszAssoc, pszExtra, phkeyOut);
94. return wcsrchr(FileName, BufferLength, lBuffer, ref FilePart, ref InputPathType);
95. }
96. }
97. // Функция инъекции
98. RemoteHooking.Inject(processid, InjectionOptions.DoNotRequireStrongName, currdir + "ClassLibrary1.dll", currdir + "ClassLibrary1.dll", new Object[] { ChannelName });