我将Easyhook用于我的项目,以在计算机中挂接进程。现在,我正在尝试它,并尝试实现显示为here的FileMon示例。
当前,我正在尝试创建FileMonInject.dll,但是当我尝试通过c#开发人员控制台对其进行编译时,但是当我尝试对其进行编译时却显示错误:
错误CS0246:找不到类型或名称空间名称'EasyHook'(您是否缺少using指令或程序集引用?)
我在两个文件中都包含了对Easyhook的引用(FileMon和FileMonInject是分开的),并且没有语法错误。我尝试清理,重建,选择在项目文件夹中找到的其他EasyHook.dll文件。我什至尝试将.Net Framework从3.5 Client Profile更改为4,但没有任何效果。
这是我的代码:
using System;
using System.Collections.Generic;
using System.Runtime.Remoting;
using System.Text;
using EasyHook;
using System.Threading;
using System.Runtime.InteropServices;
namespace FileMon
{
public class FileMonInterface : MarshalByRefObject
{
public void IsInstalled(Int32 InClientPID)
{
Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);
}
public void OnCreateFile(Int32 InClientPID, String[] InFileNames)
{
for (int i = 0; i < InFileNames.Length; i++)
{
Console.WriteLine(InFileNames[i]);
}
}
public void ReportException(Exception InInfo)
{
Console.WriteLine("The target process has reported" +
" an error:\r\n" + InInfo.ToString());
}
public void Ping()
{
}
}
class Program
{
static String ChannelName = null;
static void Main(string[] args)
{
Config.Register(
"A FileMon like demo application.",
"FileMon.exe",
"FileMonInject.dll");
RemoteHooking.IpcCreateServer<FileMonInterface>(
ref ChannelName, WellKnownObjectMode.SingleCall);
Console.WriteLine("before inject");
try
{
RemoteHooking.Inject(
Int32.Parse("12644"), // Int32.Parse(args[0]),
@"C:\Users\u101040.DESHALIT\source\repos\FileMon\FileMon\NetFX4.0\FileMonInject.dll",
@"C:\Users\u101040.DESHALIT\source\repos\FileMon\FileMon\NetFX4.0\FileMonInject.dll",
ChannelName);
Console.WriteLine("after inject");
Console.ReadLine();
}
catch (Exception ExtInfo)
{
Console.WriteLine("There was an error while connecting " +
"to target:\r\n{0}", ExtInfo.ToString());
Console.ReadLine();
}
}
}
}
using System;
using System.Collections.Generic;
using System.Text;
using System.Threading;
using System.Runtime.InteropServices;
using EasyHook;
namespace FileMonInject
{
public class FileMonInterface : MarshalByRefObject
{
public void IsInstalled(Int32 InClientPID)
{
Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);
}
public void OnCreateFile(Int32 InClientPID, String[] InFileNames)
{
for (int i = 0; i < InFileNames.Length; i++)
{
Console.WriteLine(InFileNames[i]);
}
}
public void ReportException(Exception InInfo)
{
Console.WriteLine("The target process has reported" +
" an error:\r\n" + InInfo.ToString());
}
public void Ping()
{
}
}
public class Main : EasyHook.IEntryPoint
{
FileMonInterface Interface;
LocalHook CreateFileHook;
Stack<String> Queue = new Stack<String>();
public Main(
RemoteHooking.IContext InContext,
String InChannelName)
{
// connect to host...
Interface =
RemoteHooking.IpcConnectClient<FileMonInterface>(InChannelName);
}
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
try
{
CreateFileHook = LocalHook.Create(
LocalHook.GetProcAddress("kernel32.dll", "CreateFileW"),
new DCreateFile(CreateFile_Hooked),
this);
CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
Console.WriteLine("in 1");
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
Console.WriteLine("in 2");
return;
}
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
// wait for host process termination...
try
{
while (true)
{
Thread.Sleep(500);
// transmit newly monitored file accesses...
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
}
else
Interface.Ping();
}
}
catch
{
// NET Remoting will raise an exception if host is unreachable
Console.WriteLine("in 4");
}
}
[UnmanagedFunctionPointer(CallingConvention.StdCall,
CharSet = CharSet.Unicode,
SetLastError = true)]
delegate IntPtr DCreateFile(
String InFileName,
UInt32 InDesiredAccess,
UInt32 InShareMode,
IntPtr InSecurityAttributes,
UInt32 InCreationDisposition,
UInt32 InFlagsAndAttributes,
IntPtr InTemplateFile);
// just use a P-Invoke implementation to get native API access
// from C# (this step is not necessary for C++.NET)
[DllImport("kernel32.dll",
CharSet = CharSet.Unicode,
SetLastError = true,
CallingConvention = CallingConvention.StdCall)]
static extern IntPtr CreateFile(
String InFileName,
UInt32 InDesiredAccess,
UInt32 InShareMode,
IntPtr InSecurityAttributes,
UInt32 InCreationDisposition,
UInt32 InFlagsAndAttributes,
IntPtr InTemplateFile);
// this is where we are intercepting all file accesses!
static IntPtr CreateFile_Hooked(
String InFileName,
UInt32 InDesiredAccess,
UInt32 InShareMode,
IntPtr InSecurityAttributes,
UInt32 InCreationDisposition,
UInt32 InFlagsAndAttributes,
IntPtr InTemplateFile)
{
try
{
Main This = (Main)HookRuntimeInfo.Callback;
lock (This.Queue)
{
This.Queue.Push(InFileName);
}
Console.WriteLine("in 5");
}
catch
{
Console.WriteLine("in 6");
}
// call original API...
return CreateFile(
InFileName,
InDesiredAccess,
InShareMode,
InSecurityAttributes,
InCreationDisposition,
InFlagsAndAttributes,
InTemplateFile);
}
}
}
有什么建议吗?