Click here to Skip to main content
16,011,578 members
Search within:


Hooking with Easy Hook (example problem)
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
Hi
I download sorce code from

EasyHook - The reinvention of Windows API hooking[^]

program.cs Of FileMon Project is:

C#
using System;
using System.Collections.Generic;
using System.Runtime.Remoting;
using System.Text;
using System.IO;
using EasyHook;
using System.Windows.Forms;
namespace FileMon
{
    public class FileMonInterface : MarshalByRefObject
    {
        public void IsInstalled(Int32 InClientPID)
        {
            Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);
        }
        public void OnCreateFile(Int32 InClientPID, String[] InFileNames)
        {
            for (int i = 0; i < InFileNames.Length; i++)
            {
                Console.WriteLine(InFileNames[i]);
            }
        }
        public void ReportException(Exception InInfo)
        {
            Console.WriteLine("The target process has reported an error:\r\n" + InInfo.ToString());
        }
        public void Ping()
        {
        }
    }
    class Program
    {
        static String ChannelName = null;
        static void Main(string[] args)
        {
            /* Int32 TargetPID = 0;
             if ((args.Length != 1) || !Int32.TryParse(args[0], out TargetPID))
             {
                 Console.WriteLine();
                 Console.WriteLine("Usage: FileMon %PID%");
                 Console.WriteLine();
                 return;
             }
             try
             {*/
            try
            {
                Config.Register(
                    "A FileMon like demo application.",
                    "FileMon.exe",
                    "FileMonInject.dll");
                RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);
                RemoteHooking.Inject(
              Int32.Parse(args[0]),
             "FileMonInject.dll",
               "FileMonInject.dll",
               ChannelName);
                Console.ReadLine();
            }
            /*catch (ApplicationException)
            {
                MessageBox.Show("This is an administrative task!", "Permission denied...", MessageBoxButtons.OK);
                System.Diagnostics.Process.GetCurrentProcess().Kill();
            }
            RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);
            RemoteHooking.Inject(
                TargetPID,
                "FileMonInject.dll",
                "FileMonInject.dll",
                ChannelName);
            Console.ReadLine();
        }*/
            catch (Exception ExtInfo)
            {
                Console.WriteLine("There was an error while connecting to target:\r\n{0}", ExtInfo.ToString());
            }
        }
    }
}




and Main.cs of FileMonInject Project is :
C#
using System;
using System;
using System.Collections.Generic;
using System.Text;
using System.Threading;
using System.Runtime.InteropServices;
using EasyHook;

namespace FileMonInject
{
    public class Main : EasyHook.IEntryPoint
    {
        FileMon.FileMonInterface Interface;
        LocalHook CreateFileHook;
        Stack<string> Queue = new Stack<string>();

        public Main(
            RemoteHooking.IContext InContext,
            String InChannelName)
        {
            // connect to host...
            Interface = RemoteHooking.IpcConnectClient<filemon.filemoninterface>(InChannelName);

            Interface.Ping();
        }

        public void Run(
            RemoteHooking.IContext InContext,
            String InChannelName)
        {
            // install hook...
            try
            {

                CreateFileHook = LocalHook.Create(
                    LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
                    new DCreateFile(CreateFile_Hooked),
                    this);

                CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
            }
            catch (Exception ExtInfo)
            {
                Interface.ReportException(ExtInfo);

                return;
            }

            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());

            RemoteHooking.WakeUpProcess();

            // wait for host process termination...
            try
            {
                while (true)
                {
                    Thread.Sleep(500);

                    // transmit newly monitored file accesses...
                    if (Queue.Count > 0)
                    {
                        String[] Package = null;

                        lock (Queue)
                        {
                            Package = Queue.ToArray();

                            Queue.Clear();
                        }

                        Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
                    }
                    else
                        Interface.Ping();
                }
            }
            catch
            {
                // Ping() will raise an exception if host is unreachable
            }
        }

        [UnmanagedFunctionPointer(CallingConvention.StdCall,
            CharSet = CharSet.Unicode,
            SetLastError = true)]
        delegate IntPtr DCreateFile(
            String InFileName,
            UInt32 InDesiredAccess,
            UInt32 InShareMode,
            IntPtr InSecurityAttributes,
            UInt32 InCreationDisposition,
            UInt32 InFlagsAndAttributes,
            IntPtr InTemplateFile);

        // just use a P-Invoke implementation to get native API access from C# (this step is not necessary for C++.NET)
        [DllImport("kernel32.dll",
            CharSet = CharSet.Unicode,
            SetLastError = true,
            CallingConvention = CallingConvention.StdCall)]
        static extern IntPtr CreateFile(
            String InFileName,
            UInt32 InDesiredAccess,
            UInt32 InShareMode,
            IntPtr InSecurityAttributes,
            UInt32 InCreationDisposition,
            UInt32 InFlagsAndAttributes,
            IntPtr InTemplateFile);

        // this is where we are intercepting all file accesses!
        static IntPtr CreateFile_Hooked(
            String InFileName,
            UInt32 InDesiredAccess,
            UInt32 InShareMode,
            IntPtr InSecurityAttributes,
            UInt32 InCreationDisposition,
            UInt32 InFlagsAndAttributes,
            IntPtr InTemplateFile)
        {
            
            try
            {
                Main This = (Main)HookRuntimeInfo.Callback;

                lock (This.Queue)
                {
                    This.Queue.Push("[" + RemoteHooking.GetCurrentProcessId() + ":" + 
                        RemoteHooking.GetCurrentThreadId() +  "]: \"" + InFileName + "\"");
                }
            }
            catch
            {
            }

            // call original API...
            return CreateFile(
                InFileName,
                InDesiredAccess,
                InShareMode,
                InSecurityAttributes,
                InCreationDisposition,
                InFlagsAndAttributes,
                InTemplateFile);
        }
    }
}</filemon.filemoninterface></string></string>


I added FileMon Project to FileMonInject Project
and copied Easyhook.dll to x64

and then I run this project

but I see this message :

there was an error while connecting to target :
System.ApplicationEception : Unable to run internal command---->
.......
.......
.......
(very tall text that i can write it here)

and then the black window closed so fast

Please help me how I can solve it
Posted
Add a Solution
Comments
BobJanova 8-Aug-11 10:24am    
You should ask questions about a particular article on that article, so the author will see it and might be able to help you.

1 solution

Don't post this under Questions & Answers - if you got the code from an article, then there is a "new message" button at the bottom of that article, which causes an email to be sent to the author. They are then alerted that you wish to speak to them.
Posting this here relies on them "dropping by" and realising it is for them.

Temporarily though, go to the Program.cs file, find the Main method, and add (as the last executable line in the method)
Console.ReadLine();
The app should then stop and wait for you to press enter, and you can read the error message.
 
Share this answer
 
Posted
Comments
mahtab68 9-Aug-11 0:47am    
oh I'm sorry about that ,
And thanks to your solution
:)
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Easy hook and how it works
windows hooking problem
Hook .NET core during runtime
Losing keyboard hook after connection to access
I'm having a problem with my trampoline hook function
Hooking the desktop window's WndProc
C# hook all input message from user to windows
Keyboard hooking problem
Hooking Problem in Win7
Thread Problem. "Hook"

Advertise
Privacy
Cookies
Terms of Use
Last Updated 8 Aug 2011
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-07-22:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900