RemoteHooking Class |
Provides all things related to library injection, inter-process-communication (IPC) and
helper routines for common remote tasks.
Inheritance HierarchyNamespace: EasyHook
Assembly: EasyHook (in EasyHook.dll) Version: 2.7.6684.0 (2.7.6684.0)
SyntaxThe RemoteHooking type exposes the following members.
Properties| Name | Description | |
|---|---|---|
  | IsAdministrator | true if we are running with administrative privileges, false otherwise.
|
| IsX64System |
Returns true if the operating system is 64-Bit Windows, false otherwise.
|
Methods| Name | Description | |
|---|---|---|
 | CreateAndInject(String, String, Int32, String, String, Int32, Object) |
Creates a new process which is started suspended until you call WakeUpProcess
from within your injected library Run() method. This allows you to hook the target
BEFORE any of its usual code is executed. In situations where a target has debugging and
hook preventions, you will get a chance to block those mechanisms for example...
|
| CreateAndInject(String, String, Int32, InjectionOptions, String, String, Int32, Object) |
Creates a new process which is started suspended until you call WakeUpProcess
from within your injected library Run() method. This allows you to hook the target
BEFORE any of its usual code is executed. In situations where a target has debugging and
hook preventions, you will get a chance to block those mechanisms for example...
|
| Equals | (Inherited from Object.) |
 | ExecuteAsServiceTClass |
Will execute the given static method under system privileges.
|
 | Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
| GetCurrentProcessId |
Returns the current native system process ID.
|
| GetCurrentThreadId |
Returns the current native system thread ID.
|
| GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
| GetProcessIdentity |
Returns the WindowsIdentity of the user the target process belongs to.
You need PROCESS_QUERY_INFORMATION access to the target.
|
| GetType | Gets the Type of the current instance. (Inherited from Object.) |
| Inject(Int32, String, String, Object) |
See Inject(Int32, InjectionOptions, String, String, Object) for more information.
|
| Inject(Int32, InjectionOptions, String, String, Object) |
Injects the given user library into the target process. No memory leaks are left
in the target, even if injection fails for unknown reasons.
|
| InstallDriver |
Loads the given driver into the kernel and immediately marks it for deletion.
The installed driver will be registered with the service control manager under the
InDriverName you specify.
Please note that you should use IsX64System to find out which
driver to load. Even if your process is running on 32-Bit this does not mean,
that the OS kernel is running on 32-Bit!
|
| InstallSupportDriver |
Installs the EasyHook support driver. After this step you may use
InstallDriver(String, String) to install your kernel mode hooking component.
|
| IpcConnectClientTRemoteObject |
Connects to a globally reachable, managed IPC port.
|
| IpcCreateServerTRemoteObject(String, WellKnownObjectMode, WellKnownSidType) |
Creates a globally reachable, managed IPC-Port.
|
| IpcCreateServerTRemoteObject(String, WellKnownObjectMode, TRemoteObject, WellKnownSidType) |
Creates a globally reachable, managed IPC-Port.
|
| IsX64Process |
Determines if the target process is 64-bit or not. This will work only
if the current process has PROCESS_QUERY_INFORMATION access to the target.
|
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
| ToString | Returns a string that represents the current object. (Inherited from Object.) |
| WakeUpProcess |
If the library was injected with CreateAndInject(String, String, Int32, InjectionOptions, String, String, Int32, Object), this will
finally start the current process. You should call this method in the library
Run() method after all hooks have been installed.
|
Remarks
The following demonstrates how to use RemoteHooking and Config:
using System; using System.Collections.Generic; using System.Runtime.Remoting; using System.Text; using System.IO; using EasyHook; namespace FileMon { public class FileMonInterface : MarshalByRefObject { public void IsInstalled(Int32 InClientPID) { Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID); } public void OnCreateFile(Int32 InClientPID, String[] InFileNames) { for (int i = 0; i < InFileNames.Length; i++) { Console.WriteLine(InFileNames[i]); } } public void ReportException(Exception InInfo) { Console.WriteLine("The target process has reported an error:\r\n" + InInfo.ToString()); } public void Ping() { } } class Program { static String ChannelName = null; static void Main(string[] args) { try { Config.Register( "A FileMon like demo application.", "FileMon.exe", "FileMonInject.dll"); RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall); RemoteHooking.Inject( Int32.Parse(args[0]), "FileMonInject.dll", "FileMonInject.dll", ChannelName); Console.ReadLine(); } catch (Exception ExtInfo) { Console.WriteLine("There was an error while connecting to target:\r\n{0}", ExtInfo.ToString()); } } } }
See Also