Click or drag to resize

RemoteHookingExecuteAsServiceTClass Method

Will execute the given static method under system privileges.

Namespace:  EasyHook
Assembly:  EasyHook (in EasyHook.dll) Version: 2.7.6684.0 (2.7.6684.0)
Syntax
Copy
public static Object ExecuteAsService<TClass>(
	string InMethodName,
	params Object[] InParams
)

Parameters

InMethodName
Type: SystemString
A public static method exposed by the given public class.
InParams
Type: SystemObject
A list of serializable parameters being passed to your static method.

Type Parameters

TClass
A class containing the given static method.

Return Value

Type: Object
The same value your method is returning or null if a void method is called.
Exceptions
ExceptionCondition
AccessViolationException The current user is not an administrator.
Remarks

For some tasks it is necessary to have unrestricted access to the windows API. For example if you want to enumerate all running processes in all sessions. But keep in mind that you only can access these information within the given static method and only if it is called through this service.

To accomplish this task, your assembly is loaded into a system service which executes the given static method in a remoted manner. This implies that the return type shall be marked with SerializableAttribute. All handles or other process specific things obtained in the service, will be invalid in your application after the call is completed! Also the service will use a new instance of your class, so you should only rely on the given parameters and avoid using any external variables.. Your method shall be threaded as isolated!

The next thing to mention is that all assemblies required for executing the method shall either be in the GAC or in the directory of the related EasyHook-Library. Otherwise the service won't be able to use your assembly!

All unhandled exceptions will be rethrown by the local ExecuteAsServiceTClass(String, Object).

Examples
Copy
private static void OnProcessUpdate(Object InCallback)
{
    ProcessTimer.Change(Timeout.Infinite, Timeout.Infinite);

    try
    {
        ProcessInfo[] Array = (ProcessInfo[])RemoteHooking.ExecuteAsService<Form1>("EnumProcesses");
        SortedDictionary<String, ProcessInfo> Result = new SortedDictionary<string, ProcessInfo>();

        // sort by name...
        lock (ProcessList)
        {
            ActivePIDList.Clear();

            for (int i = 0; i < Array.Length; i++)
            {
                Result.Add(System.IO.Path.GetFileName(Array[i].FileName) + "____" + i, Array[i]);

                ActivePIDList.Add(Array[i].Id);
            }

            Result.Values.CopyTo(Array, 0);

            ProcessList.Clear();

            ProcessList.AddRange(Array);
        }
    }
    catch (AccessViolationException)
    {
        MessageBox.Show("This is an administrative task!", "Permission denied...", MessageBoxButtons.OK);

        Process.GetCurrentProcess().Kill();
    }
    finally
    {
        ProcessTimer.Change(5000, 5000);
    }
}

[Serializable]
public class ProcessInfo
{
    public String FileName;
    public Int32 Id;
    public Boolean Is64Bit;
    public String User;
}

public static ProcessInfo[] EnumProcesses()
{
    List<ProcessInfo> Result = new List<ProcessInfo>();
    Process[] ProcList = Process.GetProcesses();

    for (int i = 0; i < ProcList.Length; i++)
    {
        Process Proc = ProcList[i];

        try
        {
            ProcessInfo Info = new ProcessInfo();

            Info.FileName = Proc.MainModule.FileName;
            Info.Id = Proc.Id;
            Info.Is64Bit = RemoteHooking.IsX64Process(Proc.Id);
            Info.User = RemoteHooking.GetProcessIdentity(Proc.Id).Name;

            Result.Add(Info);
        }
        catch
        {
        }
    }

    return Result.ToArray();
}
See Also