Created
June 16, 2021 20:50
-
-
Save Meigs2/4dc57aaf2462b59f1545671050840b4c to your computer and use it in GitHub Desktop.
Easyhook not working
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace TestLauncherApp | |
| { | |
| class Program | |
| { | |
| [StructLayout(LayoutKind.Sequential)] | |
| internal struct STARTUPINFO | |
| { | |
| uint cb; | |
| IntPtr lpReserved; | |
| IntPtr lpDesktop; | |
| IntPtr lpTitle; | |
| uint dwX; | |
| uint dwY; | |
| uint dwXSize; | |
| uint dwYSize; | |
| uint dwXCountChars; | |
| uint dwYCountChars; | |
| uint dwFillAttributes; | |
| uint dwFlags; | |
| ushort wShowWindow; | |
| ushort cbReserved; | |
| IntPtr lpReserved2; | |
| IntPtr hStdInput; | |
| IntPtr hStdOutput; | |
| IntPtr hStdErr; | |
| } | |
| [StructLayout(LayoutKind.Sequential)] | |
| internal struct PROCESS_INFORMATION | |
| { | |
| public IntPtr hProcess; | |
| public IntPtr hThread; | |
| public int dwProcessId; | |
| public int dwThreadId; | |
| } | |
| [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)] | |
| private static extern bool CreateProcess(IntPtr lpApplicationName, string lpCommandLine, IntPtr lpProcAttribs, IntPtr lpThreadAttribs, bool bInheritHandles, uint dwCreateFlags, IntPtr lpEnvironment, IntPtr lpCurrentDir, [In] ref STARTUPINFO lpStartinfo, out PROCESS_INFORMATION lpProcInformation); | |
| [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)] | |
| delegate bool CreateProcess_Delegate(IntPtr lpApplicationName, string lpCommandLine, IntPtr lpProcAttribs, IntPtr lpThreadAttribs, bool bInheritHandles, uint dwCreateFlags, IntPtr lpEnvironment, IntPtr lpCurrentDir, [In] ref STARTUPINFO lpStartinfo, out PROCESS_INFORMATION lpProcInformation); | |
| bool CreateProcess_Hook(IntPtr lpApplicationName, string lpCommandLine, IntPtr lpProcAttribs, IntPtr lpThreadAttribs, bool bInheritHandles, uint dwCreateFlags, IntPtr lpEnvironment, IntPtr lpCurrentDir, [In] ref STARTUPINFO lpStartinfo, out PROCESS_INFORMATION lpProcInformation) | |
| { | |
| bool result = false; | |
| result = CreateProcess(lpApplicationName, lpCommandLine, lpProcAttribs, lpThreadAttribs, bInheritHandles, | |
| dwCreateFlags, lpEnvironment, lpCurrentDir, ref lpStartinfo, out lpProcInformation); | |
| try | |
| { | |
| // Add message to send to FileMonitor | |
| Console.WriteLine("IT WOKRED!!!!!!"); | |
| } | |
| catch | |
| { | |
| // swallow exceptions so that any issues caused by this code do not crash target process | |
| } | |
| return result; | |
| } | |
| static void Main(string[] args) | |
| { | |
| var p = new Program(); | |
| p.SetupHook(); | |
| var lpStartupInfo = new STARTUPINFO(); | |
| var lpProcessInformation = new PROCESS_INFORMATION(); | |
| uint flags = 0x00000000;// | DetachedProcess | CreateNoWindow; | |
| CreateProcess((IntPtr)0, @"notepad.exe", (IntPtr)0, (IntPtr)0, | |
| false, flags, (IntPtr)0, (IntPtr)0, ref lpStartupInfo, out lpProcessInformation); | |
| Console.WriteLine(Marshal.GetLastWin32Error()); | |
| } | |
| private void SetupHook() | |
| { | |
| var createProcessHook = EasyHook.LocalHook.Create( | |
| EasyHook.LocalHook.GetProcAddress("kernel32.dll", "CreateProcessA"), | |
| new CreateProcess_Delegate(CreateProcess_Hook), | |
| this); | |
| createProcessHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); | |
| Console.WriteLine("Hook Installed"); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment