├── .gitignore
├── HijackGen.SamplePlugin
├── HijackGen.SamplePlugin.csproj
├── PluginView.xaml
├── PluginView.xaml.cs
├── PluginViewModel.cs
└── SamplePlugin.cs
├── HijackGen.sln
├── HijackGen
├── App.config
├── App.xaml
├── App.xaml.cs
├── Converters
│ └── EnumToBoolConverter.cs
├── HijackGen.csproj
├── Messengers
│ ├── CloseWindowMessage.cs
│ └── StatusBarMessage.cs
├── Models
│ ├── Enums
│ │ ├── GenerationFormat.cs
│ │ ├── GenerationType.cs
│ │ ├── PeArchitecture.cs
│ │ └── PeType.cs
│ ├── FunctionInfo.cs
│ ├── Generator.cs
│ ├── InvalidChars.cs
│ ├── PEParser.cs
│ └── Templates
│ │ ├── DllMain.txt
│ │ ├── DllMainWithHijack.txt
│ │ ├── ExternX64.txt
│ │ ├── ExternX86.txt
│ │ ├── Free.txt
│ │ ├── GetAddress.txt
│ │ ├── Init.txt
│ │ ├── Proj.txt
│ │ ├── ProjWithDef.txt
│ │ ├── Sln.txt
│ │ └── Templates.cs
├── Plugins
│ ├── ImportChecker
│ │ ├── ImportChecker.cs
│ │ ├── ImportCheckerView.xaml
│ │ ├── ImportCheckerView.xaml.cs
│ │ └── ImportCheckerViewModel.cs
│ ├── KnownDllsChecker
│ │ └── KnownDllsChecker.cs
│ ├── Plugin.cs
│ └── PluginManager.cs
├── Services
│ ├── DialogService.cs
│ ├── IDialogService.cs
│ └── Settings.cs
├── Strings
│ ├── GUIStrings.Designer.cs
│ ├── GUIStrings.resx
│ ├── GUIStrings.zh-Hans.resx
│ ├── Messages.Designer.cs
│ ├── Messages.resx
│ └── Messages.zh-Hans.resx
├── ViewModels
│ ├── AboutViewModel.cs
│ ├── GenerationViewModel.cs
│ ├── MainViewModel.cs
│ └── MenuItemViewmodel.cs
└── Views
│ ├── AboutView.xaml
│ ├── AboutView.xaml.cs
│ ├── GenerationView.xaml
│ ├── GenerationView.xaml.cs
│ ├── MainView.xaml
│ └── MainView.xaml.cs
├── LICENSE
├── README.md
└── docs
├── Def.md
├── Def_zh-CN.md
├── H.md
├── H_zh-CN.md
├── Usage.md
├── Usage_zh-CN.md
└── img
├── h-1.png
├── h-1_zh-CN.png
├── interface.png
└── usage-1.png
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Ll]og/
33 | [Ll]ogs/
34 |
35 | # Visual Studio 2015/2017 cache/options directory
36 | .vs/
37 | # Uncomment if you have tasks that create the project's static files in wwwroot
38 | #wwwroot/
39 |
40 | # Visual Studio 2017 auto generated files
41 | Generated\ Files/
42 |
43 | # MSTest test Results
44 | [Tt]est[Rr]esult*/
45 | [Bb]uild[Ll]og.*
46 |
47 | # NUnit
48 | *.VisualState.xml
49 | TestResult.xml
50 | nunit-*.xml
51 |
52 | # Build Results of an ATL Project
53 | [Dd]ebugPS/
54 | [Rr]eleasePS/
55 | dlldata.c
56 |
57 | # Benchmark Results
58 | BenchmarkDotNet.Artifacts/
59 |
60 | # .NET Core
61 | project.lock.json
62 | project.fragment.lock.json
63 | artifacts/
64 |
65 | # ASP.NET Scaffolding
66 | ScaffoldingReadMe.txt
67 |
68 | # StyleCop
69 | StyleCopReport.xml
70 |
71 | # Files built by Visual Studio
72 | *_i.c
73 | *_p.c
74 | *_h.h
75 | *.ilk
76 | *.meta
77 | *.obj
78 | *.iobj
79 | *.pch
80 | *.pdb
81 | *.ipdb
82 | *.pgc
83 | *.pgd
84 | *.rsp
85 | # but not Directory.Build.rsp, as it configures directory-level build defaults
86 | !Directory.Build.rsp
87 | *.sbr
88 | *.tlb
89 | *.tli
90 | *.tlh
91 | *.tmp
92 | *.tmp_proj
93 | *_wpftmp.csproj
94 | *.log
95 | *.tlog
96 | *.vspscc
97 | *.vssscc
98 | .builds
99 | *.pidb
100 | *.svclog
101 | *.scc
102 |
103 | # Chutzpah Test files
104 | _Chutzpah*
105 |
106 | # Visual C++ cache files
107 | ipch/
108 | *.aps
109 | *.ncb
110 | *.opendb
111 | *.opensdf
112 | *.sdf
113 | *.cachefile
114 | *.VC.db
115 | *.VC.VC.opendb
116 |
117 | # Visual Studio profiler
118 | *.psess
119 | *.vsp
120 | *.vspx
121 | *.sap
122 |
123 | # Visual Studio Trace Files
124 | *.e2e
125 |
126 | # TFS 2012 Local Workspace
127 | $tf/
128 |
129 | # Guidance Automation Toolkit
130 | *.gpState
131 |
132 | # ReSharper is a .NET coding add-in
133 | _ReSharper*/
134 | *.[Rr]e[Ss]harper
135 | *.DotSettings.user
136 |
137 | # TeamCity is a build add-in
138 | _TeamCity*
139 |
140 | # DotCover is a Code Coverage Tool
141 | *.dotCover
142 |
143 | # AxoCover is a Code Coverage Tool
144 | .axoCover/*
145 | !.axoCover/settings.json
146 |
147 | # Coverlet is a free, cross platform Code Coverage Tool
148 | coverage*.json
149 | coverage*.xml
150 | coverage*.info
151 |
152 | # Visual Studio code coverage results
153 | *.coverage
154 | *.coveragexml
155 |
156 | # NCrunch
157 | _NCrunch_*
158 | .*crunch*.local.xml
159 | nCrunchTemp_*
160 |
161 | # MightyMoose
162 | *.mm.*
163 | AutoTest.Net/
164 |
165 | # Web workbench (sass)
166 | .sass-cache/
167 |
168 | # Installshield output folder
169 | [Ee]xpress/
170 |
171 | # DocProject is a documentation generator add-in
172 | DocProject/buildhelp/
173 | DocProject/Help/*.HxT
174 | DocProject/Help/*.HxC
175 | DocProject/Help/*.hhc
176 | DocProject/Help/*.hhk
177 | DocProject/Help/*.hhp
178 | DocProject/Help/Html2
179 | DocProject/Help/html
180 |
181 | # Click-Once directory
182 | publish/
183 |
184 | # Publish Web Output
185 | *.[Pp]ublish.xml
186 | *.azurePubxml
187 | # Note: Comment the next line if you want to checkin your web deploy settings,
188 | # but database connection strings (with potential passwords) will be unencrypted
189 | *.pubxml
190 | *.publishproj
191 |
192 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
193 | # checkin your Azure Web App publish settings, but sensitive information contained
194 | # in these scripts will be unencrypted
195 | PublishScripts/
196 |
197 | # NuGet Packages
198 | *.nupkg
199 | # NuGet Symbol Packages
200 | *.snupkg
201 | # The packages folder can be ignored because of Package Restore
202 | **/[Pp]ackages/*
203 | # except build/, which is used as an MSBuild target.
204 | !**/[Pp]ackages/build/
205 | # Uncomment if necessary however generally it will be regenerated when needed
206 | #!**/[Pp]ackages/repositories.config
207 | # NuGet v3's project.json files produces more ignorable files
208 | *.nuget.props
209 | *.nuget.targets
210 |
211 | # Microsoft Azure Build Output
212 | csx/
213 | *.build.csdef
214 |
215 | # Microsoft Azure Emulator
216 | ecf/
217 | rcf/
218 |
219 | # Windows Store app package directories and files
220 | AppPackages/
221 | BundleArtifacts/
222 | Package.StoreAssociation.xml
223 | _pkginfo.txt
224 | *.appx
225 | *.appxbundle
226 | *.appxupload
227 |
228 | # Visual Studio cache files
229 | # files ending in .cache can be ignored
230 | *.[Cc]ache
231 | # but keep track of directories ending in .cache
232 | !?*.[Cc]ache/
233 |
234 | # Others
235 | ClientBin/
236 | ~$*
237 | *~
238 | *.dbmdl
239 | *.dbproj.schemaview
240 | *.jfm
241 | *.pfx
242 | *.publishsettings
243 | orleans.codegen.cs
244 |
245 | # Including strong name files can present a security risk
246 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
247 | #*.snk
248 |
249 | # Since there are multiple workflows, uncomment next line to ignore bower_components
250 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
251 | #bower_components/
252 |
253 | # RIA/Silverlight projects
254 | Generated_Code/
255 |
256 | # Backup & report files from converting an old project file
257 | # to a newer Visual Studio version. Backup files are not needed,
258 | # because we have git ;-)
259 | _UpgradeReport_Files/
260 | Backup*/
261 | UpgradeLog*.XML
262 | UpgradeLog*.htm
263 | ServiceFabricBackup/
264 | *.rptproj.bak
265 |
266 | # SQL Server files
267 | *.mdf
268 | *.ldf
269 | *.ndf
270 |
271 | # Business Intelligence projects
272 | *.rdl.data
273 | *.bim.layout
274 | *.bim_*.settings
275 | *.rptproj.rsuser
276 | *- [Bb]ackup.rdl
277 | *- [Bb]ackup ([0-9]).rdl
278 | *- [Bb]ackup ([0-9][0-9]).rdl
279 |
280 | # Microsoft Fakes
281 | FakesAssemblies/
282 |
283 | # GhostDoc plugin setting file
284 | *.GhostDoc.xml
285 |
286 | # Node.js Tools for Visual Studio
287 | .ntvs_analysis.dat
288 | node_modules/
289 |
290 | # Visual Studio 6 build log
291 | *.plg
292 |
293 | # Visual Studio 6 workspace options file
294 | *.opt
295 |
296 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
297 | *.vbw
298 |
299 | # Visual Studio 6 auto-generated project file (contains which files were open etc.)
300 | *.vbp
301 |
302 | # Visual Studio 6 workspace and project file (working project files containing files to include in project)
303 | *.dsw
304 | *.dsp
305 |
306 | # Visual Studio 6 technical files
307 | *.ncb
308 | *.aps
309 |
310 | # Visual Studio LightSwitch build output
311 | **/*.HTMLClient/GeneratedArtifacts
312 | **/*.DesktopClient/GeneratedArtifacts
313 | **/*.DesktopClient/ModelManifest.xml
314 | **/*.Server/GeneratedArtifacts
315 | **/*.Server/ModelManifest.xml
316 | _Pvt_Extensions
317 |
318 | # Paket dependency manager
319 | .paket/paket.exe
320 | paket-files/
321 |
322 | # FAKE - F# Make
323 | .fake/
324 |
325 | # CodeRush personal settings
326 | .cr/
327 |
328 | # Python Tools for Visual Studio (PTVS)
329 | __pycache__/
330 | *.pyc
331 |
332 | # Cake - Uncomment if you are using it
333 | # tools/**
334 | # !tools/packages.config
335 |
336 | # Tabs Studio
337 | *.tss
338 |
339 | # Telerik's JustMock configuration file
340 | *.jmconfig
341 |
342 | # BizTalk build output
343 | *.btp.cs
344 | *.btm.cs
345 | *.odx.cs
346 | *.xsd.cs
347 |
348 | # OpenCover UI analysis results
349 | OpenCover/
350 |
351 | # Azure Stream Analytics local run output
352 | ASALocalRun/
353 |
354 | # MSBuild Binary and Structured Log
355 | *.binlog
356 |
357 | # NVidia Nsight GPU debugger configuration file
358 | *.nvuser
359 |
360 | # MFractors (Xamarin productivity tool) working folder
361 | .mfractor/
362 |
363 | # Local History for Visual Studio
364 | .localhistory/
365 |
366 | # Visual Studio History (VSHistory) files
367 | .vshistory/
368 |
369 | # BeatPulse healthcheck temp database
370 | healthchecksdb
371 |
372 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
373 | MigrationBackup/
374 |
375 | # Ionide (cross platform F# VS Code tools) working folder
376 | .ionide/
377 |
378 | # Fody - auto-generated XML schema
379 | FodyWeavers.xsd
380 |
381 | # VS Code files for those working on multiple tools
382 | .vscode/*
383 | !.vscode/settings.json
384 | !.vscode/tasks.json
385 | !.vscode/launch.json
386 | !.vscode/extensions.json
387 | *.code-workspace
388 |
389 | # Local History for Visual Studio Code
390 | .history/
391 |
392 | # Windows Installer files from build outputs
393 | *.cab
394 | *.msi
395 | *.msix
396 | *.msm
397 | *.msp
398 |
399 | # JetBrains Rider
400 | *.sln.iml
--------------------------------------------------------------------------------
/HijackGen.SamplePlugin/HijackGen.SamplePlugin.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net9.0-windows
5 | disable
6 | true
7 | enable
8 | x64
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/HijackGen.SamplePlugin/PluginView.xaml:
--------------------------------------------------------------------------------
1 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/HijackGen.SamplePlugin/PluginView.xaml.cs:
--------------------------------------------------------------------------------
1 | using System.Windows;
2 |
3 | namespace HijackGen.SamplePlugin
4 | {
5 | public partial class PluginView : Window
6 | {
7 | public PluginView()
8 | {
9 | InitializeComponent();
10 | }
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/HijackGen.SamplePlugin/PluginViewModel.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.ViewModels;
2 |
3 | namespace HijackGen.SamplePlugin
4 | {
5 | internal class PluginViewModel(MainViewModel parentVM)
6 | {
7 | private readonly MainViewModel _parentVM = parentVM ?? throw new ArgumentNullException(nameof(parentVM));
8 |
9 | public string Message => $"Currently selected DLL: {_parentVM.DllPath}";
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/HijackGen.SamplePlugin/SamplePlugin.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.Plugins;
2 | using HijackGen.Services;
3 | using HijackGen.ViewModels;
4 |
5 | namespace HijackGen.SamplePlugin
6 | {
7 | public class SamplePlugin : Plugin
8 | {
9 | private MainViewModel _mainViewModel;
10 | private IDialogService _dialogService;
11 |
12 | public override string Name => "Sample Plugin";
13 | public override string Description => "A sample plugin for HijackGen to demonstrate plugin functionality.";
14 |
15 | public override void Initialize(MainViewModel vm, IDialogService dialogService)
16 | {
17 | _mainViewModel = vm ?? throw new ArgumentNullException(nameof(vm));
18 | _dialogService = dialogService ?? throw new ArgumentNullException(nameof(dialogService));
19 | }
20 |
21 | public override void Execute()
22 | {
23 | PluginViewModel vm = new(_mainViewModel);
24 | _dialogService.ShowDialog(typeof(PluginView), vm);
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/HijackGen.sln:
--------------------------------------------------------------------------------
1 | Microsoft Visual Studio Solution File, Format Version 12.00
2 | # Visual Studio Version 17
3 | VisualStudioVersion = 17.13.35913.81
4 | MinimumVisualStudioVersion = 10.0.40219.1
5 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HijackGen", "HijackGen\HijackGen.csproj", "{7B26ACFF-2B86-4B49-8704-349157122E58}"
6 | EndProject
7 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HijackGen.SamplePlugin", "HijackGen.SamplePlugin\HijackGen.SamplePlugin.csproj", "{F205A144-8311-4BA3-BB60-81352B2168B9}"
8 | EndProject
9 | Global
10 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
11 | Debug|Any CPU = Debug|Any CPU
12 | Release|Any CPU = Release|Any CPU
13 | EndGlobalSection
14 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
15 | {7B26ACFF-2B86-4B49-8704-349157122E58}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
16 | {7B26ACFF-2B86-4B49-8704-349157122E58}.Debug|Any CPU.Build.0 = Debug|Any CPU
17 | {7B26ACFF-2B86-4B49-8704-349157122E58}.Release|Any CPU.ActiveCfg = Release|Any CPU
18 | {7B26ACFF-2B86-4B49-8704-349157122E58}.Release|Any CPU.Build.0 = Release|Any CPU
19 | {F205A144-8311-4BA3-BB60-81352B2168B9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
20 | {F205A144-8311-4BA3-BB60-81352B2168B9}.Release|Any CPU.ActiveCfg = Release|Any CPU
21 | EndGlobalSection
22 | GlobalSection(SolutionProperties) = preSolution
23 | HideSolutionNode = FALSE
24 | EndGlobalSection
25 | GlobalSection(ExtensibilityGlobals) = postSolution
26 | SolutionGuid = {8B9CCB38-D61C-4B82-830A-7F3AB60E5D51}
27 | EndGlobalSection
28 | EndGlobal
29 |
--------------------------------------------------------------------------------
/HijackGen/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/HijackGen/App.xaml:
--------------------------------------------------------------------------------
1 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/HijackGen/App.xaml.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.Services;
2 | using HijackGen.ViewModels;
3 | using HijackGen.Views;
4 | using System.Windows;
5 |
6 | namespace HijackGen
7 | {
8 | public partial class App : Application
9 | {
10 | protected override void OnStartup(StartupEventArgs e)
11 | {
12 | #if false
13 | CultureInfo culture = new("en-US");
14 | CultureInfo.DefaultThreadCurrentCulture = culture;
15 | CultureInfo.DefaultThreadCurrentUICulture = culture;
16 |
17 | Thread.CurrentThread.CurrentCulture = culture;
18 | Thread.CurrentThread.CurrentUICulture = culture;
19 | #endif
20 | base.OnStartup(e);
21 | DialogService dialogService = new();
22 | MainViewModel mainVM = new(dialogService);
23 | MainView main = new()
24 | {
25 | DataContext = mainVM
26 | };
27 | main.Show();
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/HijackGen/Converters/EnumToBoolConverter.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Globalization;
3 | using System.Windows.Data;
4 |
5 | namespace HijackGen.Converters
6 | {
7 | internal sealed class EnumToBoolConverter : IValueConverter
8 | {
9 | public object Convert(object value, Type targetType, object parameter, CultureInfo culture)
10 | {
11 | return value.Equals(parameter);
12 | }
13 |
14 | public object ConvertBack(object value, Type targetType, object parameter, CultureInfo culture)
15 | {
16 | return (bool)value ? parameter : Binding.DoNothing;
17 | }
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/HijackGen/HijackGen.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 | net9.0-windows
4 | WinExe
5 | publish\
6 | true
7 | Disk
8 | false
9 | Foreground
10 | 7
11 | Days
12 | false
13 | false
14 | true
15 | 0
16 | 1.0.0.%2a
17 | false
18 | false
19 | true
20 | False
21 | true
22 | true
23 | Copyright © detached64 2025
24 | 2.1.1.0
25 | 2.1.1.0
26 | AnyCPU
27 | False
28 | none
29 |
30 |
31 | x64
32 | ..\bin\Debug\
33 |
34 |
35 | x64
36 | none
37 | ..\bin\Release\
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 | False
49 | Microsoft .NET Framework 4.8 %28x86 和 x64%29
50 | true
51 |
52 |
53 | False
54 | .NET Framework 3.5 SP1
55 | false
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 | True
73 | True
74 | GUIStrings.resx
75 |
76 |
77 | True
78 | True
79 | Messages.resx
80 |
81 |
82 |
83 |
84 | PublicResXFileCodeGenerator
85 | GUIStrings.Designer.cs
86 |
87 |
88 | PublicResXFileCodeGenerator
89 | Messages.Designer.cs
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
--------------------------------------------------------------------------------
/HijackGen/Messengers/CloseWindowMessage.cs:
--------------------------------------------------------------------------------
1 | namespace HijackGen.Messengers
2 | {
3 | public sealed class CloseWindowMessage;
4 | }
5 |
--------------------------------------------------------------------------------
/HijackGen/Messengers/StatusBarMessage.cs:
--------------------------------------------------------------------------------
1 | namespace HijackGen.Messengers
2 | {
3 | public sealed class StatusBarMessage(string content)
4 | {
5 | public string Content { get; } = content;
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/HijackGen/Models/Enums/GenerationFormat.cs:
--------------------------------------------------------------------------------
1 | namespace HijackGen.Models.Enums
2 | {
3 | public enum GenerationFormat
4 | {
5 | H,
6 | Def,
7 | C,
8 | Cpp,
9 | Sln
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/HijackGen/Models/Enums/GenerationType.cs:
--------------------------------------------------------------------------------
1 | namespace HijackGen.Models.Enums
2 | {
3 | public enum GenerationType
4 | {
5 | System,
6 | Custom
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/HijackGen/Models/Enums/PeArchitecture.cs:
--------------------------------------------------------------------------------
1 | namespace HijackGen.Models.Enums
2 | {
3 | public enum PeArchitecture
4 | {
5 | x86,
6 | x64
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/HijackGen/Models/Enums/PeType.cs:
--------------------------------------------------------------------------------
1 | namespace HijackGen.Models.Enums
2 | {
3 | public enum PeType
4 | {
5 | Unknown,
6 | Dll,
7 | Exe
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/HijackGen/Models/FunctionInfo.cs:
--------------------------------------------------------------------------------
1 | namespace HijackGen.Models
2 | {
3 | public abstract class FunctionInfo
4 | {
5 | public string Name { get; set; }
6 | }
7 |
8 | public sealed class DllExportInfo : FunctionInfo
9 | {
10 | public int Ordinal { get; set; }
11 | public ulong Address { get; set; }
12 | public bool HasForward { get; set; }
13 |
14 | public string ForwardName
15 | {
16 | get => HasForward ? _forwardName : null;
17 | set => _forwardName = value;
18 | }
19 | private string _forwardName;
20 | }
21 |
22 | public sealed class ExeImportInfo : FunctionInfo
23 | {
24 | public string DllName { get; set; }
25 | public ushort Hint { get; set; }
26 | public ulong IATOffset { get; set; }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/HijackGen/Models/Generator.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.Models.Enums;
2 | using HijackGen.Models.Templates;
3 | using System;
4 | using System.Collections.Generic;
5 | using System.Linq;
6 | using System.Text;
7 |
8 | namespace HijackGen.Models
9 | {
10 | public abstract class Generator : IDisposable
11 | {
12 | protected static string DllName;
13 | protected static List Infos;
14 | protected static GenerationType Type;
15 | protected static PeArchitecture Architecture;
16 |
17 | protected static string HName => $"{DllName}.h";
18 | protected static string DefName => $"{DllName}.def";
19 | protected static string CName => "dllmain.c";
20 | protected static string CppName => "dllmain.cpp";
21 | protected static string SlnName => "Hijack.sln";
22 | protected static string ProjectName => $"{DllName}.vcxproj";
23 |
24 | public static Generator Create(string dllName, List infos, GenerationType type, PeArchitecture architecture, GenerationFormat format)
25 | {
26 | DllName = dllName;
27 | Infos = infos.FindAll(item => !string.IsNullOrWhiteSpace(item.Name));
28 | Type = type;
29 | Architecture = architecture;
30 | return format switch
31 | {
32 | GenerationFormat.H => new HGenerator(),
33 | GenerationFormat.Def => new DefGenerator(),
34 | GenerationFormat.C => new CGenerator(),
35 | GenerationFormat.Cpp => new CppGenerator(),
36 | GenerationFormat.Sln => new SlnGenerator(),
37 | _ => throw new NotSupportedException(format.ToString()),
38 | };
39 | }
40 |
41 | public abstract Dictionary Generate();
42 |
43 | #region IDisposable
44 | protected bool disposed;
45 | protected virtual void Dispose(bool disposing)
46 | {
47 | if (!disposed)
48 | {
49 | Infos.Clear();
50 | Infos = null;
51 | disposed = true;
52 | }
53 | }
54 |
55 | public void Dispose()
56 | {
57 | Dispose(true);
58 | GC.SuppressFinalize(this);
59 | }
60 | #endregion
61 | }
62 |
63 | public sealed class DefGenerator : Generator
64 | {
65 | public override Dictionary Generate()
66 | {
67 | StringBuilder sb = new();
68 | sb.AppendLine("EXPORTS");
69 | foreach (DllExportInfo item in Infos)
70 | {
71 | sb.AppendLine($"{item.Name}={DllName}.{item.Name} @{item.Ordinal}");
72 | }
73 | return new Dictionary { { DefName, sb.ToString() } };
74 | }
75 | }
76 |
77 | public class HGenerator : Generator
78 | {
79 | public override Dictionary Generate()
80 | {
81 | switch (Type)
82 | {
83 | case GenerationType.System:
84 | switch (Architecture)
85 | {
86 | case PeArchitecture.x64:
87 | return GenerateX64();
88 | case PeArchitecture.x86:
89 | return GenerateX86();
90 | }
91 | break;
92 | case GenerationType.Custom:
93 | return GenerateCustom();
94 | }
95 | return null;
96 | }
97 |
98 | private Dictionary GenerateX86()
99 | {
100 | StringBuilder sb = new();
101 | // Header, includes, and linker comments
102 | sb.AppendLine(HeaderTemplates.BaseHeaders).AppendLine();
103 | foreach (DllExportInfo item in Infos)
104 | {
105 | sb.AppendFormat(HeaderTemplates.LinkerComment, item.Name, HeaderTemplates.Redirect, item.Name, item.Ordinal).AppendLine();
106 | }
107 | sb.AppendLine();
108 | // Real function & dll declarations
109 | foreach (DllExportInfo item in Infos)
110 | {
111 | sb.AppendFormat(HeaderTemplates.RealFuncX86, item.Name).AppendLine();
112 | }
113 | sb.AppendLine();
114 | sb.AppendLine(HeaderTemplates.RealDll).AppendLine();
115 | // GetAddress function
116 | sb.AppendFormat(FunctionTemplates.GetAddress, DllName).AppendLine();
117 | // Free function
118 | sb.AppendFormat(FunctionTemplates.Free).AppendLine();
119 | // Init funcion
120 | sb.AppendFormat(FunctionTemplates.Init, DllName);
121 | foreach (DllExportInfo item in Infos)
122 | {
123 | sb.Append(HeaderTemplates.Tab).AppendFormat(HeaderTemplates.InitRealFunc, item.Name).AppendLine();
124 | }
125 | sb.AppendLine("}").AppendLine();
126 | // Extern functions
127 | foreach (DllExportInfo item in Infos)
128 | {
129 | sb.AppendFormat(FunctionTemplates.ExternX86, item.Name).AppendLine();
130 | }
131 | return new Dictionary { { HName, sb.ToString() } };
132 | }
133 |
134 | private Dictionary GenerateX64()
135 | {
136 | return new Dictionary
137 | {
138 | [HName] = GenerateHX64(),
139 | [DefName] = GenerateDefX64()
140 | };
141 | }
142 |
143 | private string GenerateHX64()
144 | {
145 | StringBuilder sb = new();
146 | // Header and includes
147 | sb.AppendLine(HeaderTemplates.BaseHeaders).AppendLine();
148 | // Real function & dll declarations
149 | foreach (DllExportInfo item in Infos)
150 | {
151 | sb.AppendFormat(HeaderTemplates.RealFuncX64, item.Name).AppendLine();
152 | }
153 | sb.AppendLine();
154 | sb.AppendLine(HeaderTemplates.RealDll).AppendLine();
155 | // GetAddress function
156 | sb.AppendFormat(FunctionTemplates.GetAddress, DllName).AppendLine();
157 | // Free function
158 | sb.AppendFormat(FunctionTemplates.Free).AppendLine();
159 | // Init funcion
160 | sb.AppendFormat(FunctionTemplates.Init, DllName);
161 | foreach (DllExportInfo item in Infos)
162 | {
163 | sb.Append(HeaderTemplates.Tab).AppendFormat(HeaderTemplates.InitRealFunc, item.Name).AppendLine();
164 | }
165 | sb.AppendLine("}").AppendLine();
166 | // Extern functions
167 | foreach (DllExportInfo item in Infos)
168 | {
169 | sb.AppendFormat(FunctionTemplates.ExternX64, item.Name).AppendLine();
170 | }
171 | return sb.ToString();
172 | }
173 |
174 | private string GenerateDefX64()
175 | {
176 | StringBuilder sb = new();
177 | sb.AppendLine("LIBRARY").AppendLine("EXPORTS");
178 | foreach (DllExportInfo item in Infos)
179 | {
180 | sb.AppendLine($"{item.Name}=Redirect_{item.Name} @{item.Ordinal}");
181 | }
182 | return sb.ToString();
183 | }
184 |
185 | private Dictionary GenerateCustom()
186 | {
187 | StringBuilder sb = new();
188 | sb.AppendLine(HeaderTemplates.BaseHeaders);
189 | foreach (DllExportInfo item in Infos)
190 | {
191 | sb.AppendFormat(HeaderTemplates.LinkerComment, item.Name, DllName + ".", item.Name, item.Ordinal).AppendLine();
192 | }
193 | return new Dictionary { { HName, sb.ToString() } };
194 | }
195 | }
196 |
197 | public class CppGenerator : HGenerator
198 | {
199 | public override Dictionary Generate()
200 | {
201 | Dictionary files = base.Generate();
202 | if (files.TryGetValue(HName, out string value))
203 | {
204 | files[CppName] = GenerateCpp(value);
205 | files.Remove(HName);
206 | }
207 | return files;
208 | }
209 |
210 | private string GenerateCpp(string h_str)
211 | {
212 | StringBuilder sb = new();
213 | sb.AppendLine(h_str);
214 | //sb.AppendLine(IsSystemDll ? FunctionTemplates.DllMainWithHijack : FunctionTemplates.DllMain);
215 | sb.AppendLine(Type switch
216 | {
217 | GenerationType.System => FunctionTemplates.DllMainWithHijack,
218 | GenerationType.Custom => FunctionTemplates.DllMain,
219 | _ => throw new NotSupportedException(Type.ToString())
220 | });
221 | return sb.ToString();
222 | }
223 | }
224 |
225 | public sealed class CGenerator : CppGenerator
226 | {
227 | public override Dictionary Generate()
228 | {
229 | Dictionary files = base.Generate();
230 | if (files.TryGetValue(CppName, out string value))
231 | {
232 | files[CName] = value;
233 | files.Remove(CppName);
234 | }
235 | return files;
236 | }
237 | }
238 |
239 | public sealed class SlnGenerator : HGenerator
240 | {
241 | private const string CppProjectGUID = "{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}";
242 | private string ProjectGUID;
243 | private string SolutionGUID;
244 |
245 | public override Dictionary Generate()
246 | {
247 | Dictionary files = base.Generate().ToDictionary(kvp => $"Hijack\\{DllName}\\{kvp.Key}", kvp => kvp.Value);
248 | files[$"Hijack\\{SlnName}"] = GenerateSln();
249 | files[$"Hijack\\{DllName}\\{ProjectName}"] = GenerateProj();
250 | files[$"Hijack\\{DllName}\\{CppName}"] = GenerateCpp();
251 | return files;
252 | }
253 |
254 | private string GenerateSln()
255 | {
256 | StringBuilder sb = new();
257 | ProjectGUID = $"{{{Guid.NewGuid().ToString().ToUpper()}}}";
258 | SolutionGUID = $"{{{Guid.NewGuid().ToString().ToUpper()}}}";
259 | sb.AppendFormat(FileTemplates.Sln, CppProjectGUID, DllName, ProjectGUID, SolutionGUID);
260 | return sb.ToString();
261 | }
262 |
263 | private string GenerateProj()
264 | {
265 | StringBuilder sb = new();
266 | if (Architecture == PeArchitecture.x64 && Type == GenerationType.System)
267 | {
268 | sb.AppendFormat(FileTemplates.ProjWithDef, ProjectGUID, DllName, DefName);
269 | }
270 | else
271 | {
272 | sb.AppendFormat(FileTemplates.Proj, ProjectGUID, DllName);
273 | }
274 | return sb.ToString();
275 | }
276 |
277 | private string GenerateCpp()
278 | {
279 | StringBuilder sb = new();
280 | sb.AppendLine(HeaderTemplates.BaseHeaders);
281 | sb.AppendFormat(HeaderTemplates.CustomHeaders, DllName).AppendLine().AppendLine();
282 | sb.AppendLine(Type switch
283 | {
284 | GenerationType.System => FunctionTemplates.DllMainWithHijack,
285 | GenerationType.Custom => FunctionTemplates.DllMain,
286 | _ => throw new NotSupportedException(Type.ToString())
287 | });
288 | return sb.ToString();
289 | }
290 | }
291 | }
292 |
--------------------------------------------------------------------------------
/HijackGen/Models/InvalidChars.cs:
--------------------------------------------------------------------------------
1 | using System.IO;
2 | using System.Linq;
3 |
4 | namespace HijackGen.Models
5 | {
6 | public static class InvalidChars
7 | {
8 | private const string FilePath = "InvalidChars.txt";
9 | private readonly static char[] DefaultInvalidCharList = ['?', '@', '$'];
10 | private static bool UseDefaultThisTime = false;
11 |
12 | public static char[] InvalidCharList
13 | {
14 | get
15 | {
16 | try
17 | {
18 | if (UseDefaultThisTime)
19 | {
20 | return DefaultInvalidCharList;
21 | }
22 | else
23 | {
24 | if (!File.Exists(FilePath))
25 | {
26 | WriteDefaultChars();
27 | return DefaultInvalidCharList;
28 | }
29 | return TryGetChars() ?? DefaultInvalidCharList;
30 | }
31 | }
32 | catch
33 | {
34 | UseDefaultThisTime = true;
35 | return DefaultInvalidCharList;
36 | }
37 | }
38 | }
39 |
40 | private static char[] TryGetChars()
41 | {
42 | return [.. File.ReadAllLines(FilePath)
43 | .Where(line => line.Length >= 1)
44 | .Select(line => line[0])];
45 | }
46 |
47 | private static void WriteDefaultChars()
48 | {
49 | File.WriteAllLines(FilePath, DefaultInvalidCharList.Select(c => c.ToString()));
50 | }
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/HijackGen/Models/PEParser.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.Models.Enums;
2 | using HijackGen.Strings;
3 | using PeNet;
4 | using PeNet.Header.Pe;
5 | using System;
6 | using System.Collections.Generic;
7 | using System.IO;
8 |
9 | namespace HijackGen.Models
10 | {
11 | public abstract class PEParser;
12 |
13 | public sealed class ExportParser : PEParser, IDisposable
14 | {
15 | private readonly string SystemDir32 = "C:\\Windows\\SysWOW64\\";
16 | private readonly string SystemDir64 = "C:\\Windows\\System32\\";
17 |
18 | public ExportParser(string path)
19 | {
20 | if (string.IsNullOrWhiteSpace(path))
21 | {
22 | throw new ArgumentException(Messages.msgPleaseInputPath);
23 | }
24 | if (!File.Exists(path))
25 | {
26 | throw new FileNotFoundException(string.Format(Messages.msgNotFound, path));
27 | }
28 | PEPath = path;
29 | PE = new PeFile(path);
30 | if (!PE.IsDll)
31 | {
32 | throw new ArgumentException(string.Format(Messages.msgNotDll, path));
33 | }
34 | }
35 |
36 | private readonly string PEPath;
37 | private PeFile PE;
38 |
39 | public GenerationType GenerationType => IsSystem() ? GenerationType.System : GenerationType.Custom;
40 | public PeArchitecture Architecture => PE.Is64Bit ? PeArchitecture.x64 : PeArchitecture.x86;
41 |
42 | public List GetInfos()
43 | {
44 | List items = [];
45 | if (PE.ExportedFunctions != null)
46 | {
47 | foreach (ExportFunction export in PE.ExportedFunctions)
48 | {
49 | items.Add(new DllExportInfo
50 | {
51 | Ordinal = export.Ordinal,
52 | Address = export.Address,
53 | Name = export.Name,
54 | HasForward = export.HasForward,
55 | ForwardName = export.ForwardName
56 | });
57 | }
58 | }
59 | return items;
60 | }
61 |
62 | private bool IsSystem()
63 | {
64 | return PEPath.StartsWith(SystemDir32, StringComparison.OrdinalIgnoreCase) ||
65 | PEPath.StartsWith(SystemDir64, StringComparison.OrdinalIgnoreCase);
66 | }
67 |
68 | #region IDisposable
69 | private bool disposed = false;
70 | private void Dispose(bool disposing)
71 | {
72 | if (disposed)
73 | {
74 | return;
75 | }
76 | PE = null;
77 | disposed = true;
78 | }
79 |
80 | public void Dispose()
81 | {
82 | Dispose(true);
83 | GC.SuppressFinalize(this);
84 | }
85 | #endregion
86 | }
87 |
88 | public sealed class ImportParser : PEParser, IDisposable
89 | {
90 | private readonly string PEPath;
91 | private PeFile PE;
92 |
93 | public ImportParser(string path)
94 | {
95 | if (string.IsNullOrWhiteSpace(path))
96 | {
97 | throw new ArgumentException(Messages.msgPleaseInputPath);
98 | }
99 | if (!File.Exists(path))
100 | {
101 | throw new FileNotFoundException(string.Format(Messages.msgNotFound, path));
102 | }
103 | PEPath = path;
104 | PE = new PeFile(path);
105 | if (!PE.IsExe && !PE.IsDll)
106 | {
107 | throw new ArgumentException(Messages.msgInvalidPE);
108 | }
109 | }
110 |
111 | public List GetInfos()
112 | {
113 | List items = [];
114 | if (PE.ImportedFunctions != null)
115 | {
116 | foreach (ImportFunction import in PE.ImportedFunctions)
117 | {
118 | items.Add(new ExeImportInfo
119 | {
120 | IATOffset = import.IATOffset,
121 | Name = import.Name,
122 | DllName = import.DLL,
123 | Hint = import.Hint
124 | });
125 | }
126 | }
127 | return items;
128 | }
129 |
130 | #region IDisposable
131 | private bool disposed = false;
132 | private void Dispose(bool disposing)
133 | {
134 | if (disposed)
135 | {
136 | return;
137 | }
138 | PE = null;
139 | disposed = true;
140 | }
141 |
142 | public void Dispose()
143 | {
144 | Dispose(true);
145 | GC.SuppressFinalize(this);
146 | }
147 | #endregion
148 | }
149 | }
150 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/DllMain.txt:
--------------------------------------------------------------------------------
1 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
2 | {
3 | switch (ul_reason_for_call)
4 | {
5 | case DLL_PROCESS_ATTACH:
6 | break;
7 | case DLL_THREAD_ATTACH:
8 | break;
9 | case DLL_THREAD_DETACH:
10 | break;
11 | case DLL_PROCESS_DETACH:
12 | break;
13 | }
14 | return TRUE;
15 | }
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/DllMainWithHijack.txt:
--------------------------------------------------------------------------------
1 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
2 | {
3 | switch (ul_reason_for_call)
4 | {
5 | case DLL_PROCESS_ATTACH:
6 | InitHijack();
7 | break;
8 | case DLL_THREAD_ATTACH:
9 | break;
10 | case DLL_THREAD_DETACH:
11 | break;
12 | case DLL_PROCESS_DETACH:
13 | FreeHijack();
14 | break;
15 | }
16 | return TRUE;
17 | }
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/ExternX64.txt:
--------------------------------------------------------------------------------
1 | void Redirect_{0}() {{ Real_{0}(); }}
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/ExternX86.txt:
--------------------------------------------------------------------------------
1 | EXTERN_C __declspec(naked) void __cdecl Redirect_{0}(void)
2 | {{
3 | __asm jmp Real_{0};
4 | }}
5 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/Free.txt:
--------------------------------------------------------------------------------
1 | VOID WINAPI FreeHijack()
2 | {{
3 | if (Real_Module != NULL)
4 | FreeLibrary(Real_Module);
5 | return;
6 | }}
7 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/GetAddress.txt:
--------------------------------------------------------------------------------
1 | FARPROC WINAPI GetAddress(LPCSTR lpProcName)
2 | {{
3 | FARPROC pAddress = GetProcAddress(Real_Module, lpProcName);
4 | if (pAddress == NULL)
5 | {{
6 | MessageBoxW(NULL, L"Get address failed", L"{0}", MB_OK);
7 | ExitProcess(1);
8 | }}
9 | return pAddress;
10 | }}
11 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/Init.txt:
--------------------------------------------------------------------------------
1 | VOID WINAPI InitHijack()
2 | {{
3 | WCHAR real_dll_path[MAX_PATH];
4 | GetSystemDirectoryW(real_dll_path, MAX_PATH);
5 | lstrcatW(real_dll_path, L"\\{0}.dll");
6 |
7 | Real_Module = LoadLibraryW(real_dll_path);
8 | if (Real_Module == NULL)
9 | {{
10 | MessageBoxW(NULL, L"Load original dll failed", L"{0}", MB_OK);
11 | ExitProcess(1);
12 | }}
13 |
14 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/Proj.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 17.0
23 | Win32Proj
24 | {0}
25 | {1}
26 | 10.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | Level3
76 | true
77 | WIN32;_DEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
78 | true
79 | NotUsing
80 |
81 |
82 |
83 |
84 | Windows
85 | true
86 | false
87 |
88 |
89 |
90 |
91 | Level3
92 | true
93 | true
94 | true
95 | WIN32;NDEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
96 | true
97 | NotUsing
98 |
99 |
100 |
101 |
102 | Windows
103 | true
104 | true
105 | true
106 | false
107 |
108 |
109 |
110 |
111 | Level3
112 | true
113 | _DEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
114 | true
115 | NotUsing
116 |
117 |
118 |
119 |
120 | Windows
121 | true
122 | false
123 |
124 |
125 |
126 |
127 | Level3
128 | true
129 | true
130 | true
131 | NDEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
132 | true
133 | NotUsing
134 |
135 |
136 |
137 |
138 | Windows
139 | true
140 | true
141 | true
142 | false
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/ProjWithDef.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 17.0
23 | Win32Proj
24 | {0}
25 | {1}
26 | 10.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | Level3
76 | true
77 | WIN32;_DEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
78 | true
79 | NotUsing
80 |
81 |
82 |
83 |
84 | Windows
85 | true
86 | false
87 | {2}
88 |
89 |
90 |
91 |
92 | Level3
93 | true
94 | true
95 | true
96 | WIN32;NDEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
97 | true
98 | NotUsing
99 |
100 |
101 |
102 |
103 | Windows
104 | true
105 | true
106 | true
107 | false
108 | {2}
109 |
110 |
111 |
112 |
113 | Level3
114 | true
115 | _DEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
116 | true
117 | NotUsing
118 |
119 |
120 |
121 |
122 | Windows
123 | true
124 | false
125 | {2}
126 |
127 |
128 |
129 |
130 | Level3
131 | true
132 | true
133 | true
134 | NDEBUG;VERSION_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
135 | true
136 | NotUsing
137 |
138 |
139 |
140 |
141 | Windows
142 | true
143 | true
144 | true
145 | false
146 | {2}
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/Sln.txt:
--------------------------------------------------------------------------------
1 | Microsoft Visual Studio Solution File, Format Version 12.00
2 | # Visual Studio Version 17
3 | VisualStudioVersion = 17.13.0.0
4 | MinimumVisualStudioVersion = 10.0.40219.1
5 | Project("{0}") = "{1}", "{1}\{1}.vcxproj", "{2}"
6 | EndProject
7 | Global
8 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
9 | Debug|x64 = Debug|x64
10 | Debug|x86 = Debug|x86
11 | Release|x64 = Release|x64
12 | Release|x86 = Release|x86
13 | EndGlobalSection
14 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
15 | {2}.Debug|x64.ActiveCfg = Debug|x64
16 | {2}.Debug|x64.Build.0 = Debug|x64
17 | {2}.Debug|x86.ActiveCfg = Debug|Win32
18 | {2}.Debug|x86.Build.0 = Debug|Win32
19 | {2}.Release|x64.ActiveCfg = Release|x64
20 | {2}.Release|x64.Build.0 = Release|x64
21 | {2}.Release|x86.ActiveCfg = Release|Win32
22 | {2}.Release|x86.Build.0 = Release|Win32
23 | EndGlobalSection
24 | GlobalSection(SolutionProperties) = preSolution
25 | HideSolutionNode = FALSE
26 | EndGlobalSection
27 | GlobalSection(ExtensibilityGlobals) = postSolution
28 | SolutionGuid = {3}
29 | EndGlobalSection
30 | EndGlobal
31 |
--------------------------------------------------------------------------------
/HijackGen/Models/Templates/Templates.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.IO;
3 | using System.Reflection;
4 |
5 | namespace HijackGen.Models.Templates
6 | {
7 | public abstract class Templates
8 | {
9 | protected static string GetTemplate(string name)
10 | {
11 | using Stream stream = Assembly.GetExecutingAssembly().GetManifestResourceStream($"HijackGen.Models.Templates.{name}.txt") ?? throw new InvalidOperationException($"Template {name} not found.");
12 | using StreamReader reader = new(stream);
13 | return reader.ReadToEnd();
14 | }
15 | }
16 |
17 | public sealed class HeaderTemplates : Templates
18 | {
19 | public static readonly string Tab = " ";
20 | public static readonly string BaseHeaders =
21 | "#include ";
22 | public static readonly string SystemDllPath =
23 | $"{Environment.GetFolderPath(Environment.SpecialFolder.System)}" + @"\{0}.dll";
24 | public static readonly string Redirect =
25 | "_Redirect_";
26 | public static readonly string LinkerComment =
27 | @"#pragma comment(linker, ""/EXPORT:{0}={1}{2},@{3}"")";
28 | public static readonly string RealFuncX86 =
29 | "PVOID Real_{0} = NULL;";
30 | public static readonly string RealFuncX64 =
31 | "FARPROC Real_{0} = NULL;";
32 | public static readonly string RealDll =
33 | "HMODULE Real_Module = NULL;";
34 | public static readonly string InitRealDll =
35 | @"Real_Module = LoadLibrary(""{0}"");";
36 | public static readonly string InitRealFunc =
37 | @"Real_{0} = GetAddress(""{0}"");";
38 | public static readonly string CustomHeaders =
39 | @"#include ""{0}.h""";
40 | }
41 |
42 | public sealed class FunctionTemplates : Templates
43 | {
44 | public static readonly string GetAddress = GetTemplate("GetAddress");
45 | public static readonly string Free = GetTemplate("Free");
46 | public static readonly string Init = GetTemplate("Init");
47 | public static readonly string ExternX86 = GetTemplate("ExternX86");
48 | public static readonly string ExternX64 = GetTemplate("ExternX64");
49 | public static readonly string DllMainWithHijack = GetTemplate("DllMainWithHijack");
50 | public static readonly string DllMain = GetTemplate("DllMain");
51 | }
52 |
53 | public sealed class FileTemplates : Templates
54 | {
55 | public static readonly string Sln = GetTemplate("Sln");
56 | public static readonly string Proj = GetTemplate("Proj");
57 | public static readonly string ProjWithDef = GetTemplate("ProjWithDef");
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/HijackGen/Plugins/ImportChecker/ImportChecker.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.Services;
2 | using HijackGen.Strings;
3 | using HijackGen.ViewModels;
4 | using System;
5 |
6 | namespace HijackGen.Plugins.ImportChecker
7 | {
8 | internal sealed class ImportChecker : Plugin
9 | {
10 | private IDialogService _dialogService;
11 |
12 | public override string Name => GUIStrings.PluginNameImportChecker;
13 |
14 | public override string Description => GUIStrings.PluginDescImportChecker;
15 |
16 | public override void Initialize(MainViewModel vm, IDialogService dialogService)
17 | {
18 | _dialogService = dialogService ?? throw new ArgumentNullException(nameof(dialogService));
19 | }
20 |
21 | public override void Execute()
22 | {
23 | _dialogService.ShowDialog(typeof(ImportCheckerView), new ImportCheckerViewModel());
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/HijackGen/Plugins/ImportChecker/ImportCheckerView.xaml:
--------------------------------------------------------------------------------
1 |
13 |
14 |
17 |
18 |
19 |
20 |
21 |
22 |
28 |
34 |
35 |
40 |
53 |
54 |
57 |
60 |
63 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
--------------------------------------------------------------------------------
/HijackGen/Plugins/ImportChecker/ImportCheckerView.xaml.cs:
--------------------------------------------------------------------------------
1 | using System.Windows;
2 |
3 | namespace HijackGen.Plugins.ImportChecker
4 | {
5 | public partial class ImportCheckerView : Window
6 | {
7 | public ImportCheckerView()
8 | {
9 | InitializeComponent();
10 | }
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/HijackGen/Plugins/ImportChecker/ImportCheckerViewModel.cs:
--------------------------------------------------------------------------------
1 | using CommunityToolkit.Mvvm.ComponentModel;
2 | using CommunityToolkit.Mvvm.Input;
3 | using HijackGen.Models;
4 | using HijackGen.Services;
5 | using Microsoft.Win32;
6 | using System;
7 | using System.Collections.Generic;
8 | using System.Collections.ObjectModel;
9 | using System.IO;
10 |
11 | namespace HijackGen.Plugins.ImportChecker
12 | {
13 | internal partial class ImportCheckerViewModel : ObservableObject
14 | {
15 | internal ImportParser Parser;
16 | internal List Infos;
17 |
18 | [ObservableProperty]
19 | private string pePath;
20 |
21 | [ObservableProperty]
22 | private ObservableCollection searchedInfos;
23 |
24 | [ObservableProperty]
25 | private string searchText = string.Empty;
26 |
27 | [RelayCommand]
28 | public void OpenFile()
29 | {
30 | OpenFileDialog ofd = new()
31 | {
32 | InitialDirectory = string.IsNullOrWhiteSpace(PePath) ? Settings.DefaultDir : Path.GetDirectoryName(PePath),
33 | };
34 | if (ofd.ShowDialog() == true)
35 | {
36 | PePath = ofd.FileName;
37 | }
38 | }
39 |
40 | partial void OnPePathChanged(string value)
41 | {
42 | Parser = null;
43 | Infos = [];
44 | SearchedInfos = null;
45 | try
46 | {
47 | Parser = new(PePath);
48 | Infos = Parser.GetInfos();
49 | SearchedInfos = new ObservableCollection(Infos);
50 | }
51 | catch
52 | {
53 | return;
54 | }
55 | }
56 |
57 | partial void OnSearchTextChanged(string value)
58 | {
59 | SearchedInfos = new ObservableCollection(string.IsNullOrWhiteSpace(value) ?
60 | Infos : Infos.FindAll(x => !string.IsNullOrWhiteSpace(x.DllName) && x.DllName.Contains(SearchText, StringComparison.OrdinalIgnoreCase) ||
61 | !string.IsNullOrWhiteSpace(x.Name) && x.Name.Contains(SearchText, StringComparison.OrdinalIgnoreCase)));
62 | }
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/HijackGen/Plugins/KnownDllsChecker/KnownDllsChecker.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.Strings;
2 | using Microsoft.Win32;
3 | using System.Diagnostics;
4 |
5 | namespace HijackGen.Plugins.KnownDllsChecker
6 | {
7 | internal sealed class KnownDllsChecker : Plugin
8 | {
9 | public override string Name => GUIStrings.PluginNameKnownDllsChecker;
10 | public override string Description => GUIStrings.PluginDescKnownDllsChecker;
11 |
12 | private const string LastKeyDir = @"Software\Microsoft\Windows\CurrentVersion\Applets\Regedit";
13 | private const string LastKeyValue = "LastKey";
14 | private const string KnownDllsDir = @"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls";
15 |
16 | public override void Execute()
17 | {
18 | using (RegistryKey key = Registry.CurrentUser.CreateSubKey(LastKeyDir))
19 | {
20 | key.SetValue(LastKeyValue, KnownDllsDir, RegistryValueKind.String);
21 | }
22 | Process.Start(new ProcessStartInfo
23 | {
24 | FileName = "regedit.exe",
25 | UseShellExecute = true
26 | });
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/HijackGen/Plugins/Plugin.cs:
--------------------------------------------------------------------------------
1 | using HijackGen.Services;
2 | using HijackGen.ViewModels;
3 | using System.Windows.Media;
4 |
5 | namespace HijackGen.Plugins
6 | {
7 | public abstract class Plugin
8 | {
9 | public abstract string Name { get; }
10 | public virtual string Description => string.Empty;
11 | public virtual ImageSource Icon => null;
12 | public virtual void Initialize(MainViewModel vm, IDialogService dialogService) { }
13 | public abstract void Execute();
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/HijackGen/Plugins/PluginManager.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.IO;
5 | using System.Linq;
6 | using System.Reflection;
7 |
8 | namespace HijackGen.Plugins
9 | {
10 | internal sealed class PluginManager
11 | {
12 | public readonly List BuiltInPlugins = [];
13 | public readonly List ThirdPartyPlugins = [];
14 |
15 | private readonly string DefaultPluginDirectory = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Plugins");
16 |
17 | public void LoadBuiltInPlugins()
18 | {
19 | foreach (Type type in Assembly.GetExecutingAssembly().GetTypes()
20 | .Where(t => typeof(Plugin).IsAssignableFrom(t) && t.IsClass && !t.IsAbstract))
21 | {
22 | BuiltInPlugins.Add(Activator.CreateInstance(type) as Plugin);
23 | }
24 | }
25 |
26 | public void LoadThirdPartyPlugins()
27 | {
28 | LoadThirdPartyPlugins(DefaultPluginDirectory);
29 | }
30 |
31 | public void LoadThirdPartyPlugins(string pluginDirectory)
32 | {
33 | if (!Directory.Exists(pluginDirectory))
34 | {
35 | Debug.WriteLine($"Plugin directory does not exist: {pluginDirectory}");
36 | return;
37 | }
38 | foreach (string file in Directory.GetFiles(pluginDirectory, "*.dll", SearchOption.AllDirectories))
39 | {
40 | try
41 | {
42 | foreach (Type type in Assembly.LoadFrom(file).GetTypes()
43 | .Where(t => typeof(Plugin).IsAssignableFrom(t) && t.IsClass && !t.IsAbstract))
44 | {
45 | ThirdPartyPlugins.Add(Activator.CreateInstance(type) as Plugin);
46 | }
47 | }
48 | catch (Exception ex)
49 | {
50 | Debug.WriteLine($"Failed to load plugin from {file}: {ex.Message}");
51 | }
52 | }
53 | }
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/HijackGen/Services/DialogService.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Windows;
4 |
5 | namespace HijackGen.Services
6 | {
7 | public sealed class DialogService : IDialogService
8 | {
9 | private readonly Dictionary _openWindows = [];
10 |
11 | public void ShowDialog(Type viewType, object viewModel)
12 | {
13 | if (!typeof(Window).IsAssignableFrom(viewType))
14 | {
15 | throw new ArgumentException("The provided type must be a Window.", nameof(viewType));
16 | }
17 |
18 | Window window = (Window)Activator.CreateInstance(viewType)!;
19 | window.DataContext = viewModel;
20 | window.Owner = Application.Current.MainWindow;
21 | window.Closed += (s, e) => _openWindows.Remove(viewModel);
22 |
23 | _openWindows[viewModel] = window;
24 | window.ShowDialog();
25 | }
26 |
27 | public void CloseDialog(object viewModel)
28 | {
29 | if (_openWindows.TryGetValue(viewModel, out Window window))
30 | {
31 | window.Close();
32 | _openWindows.Remove(viewModel);
33 | }
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/HijackGen/Services/IDialogService.cs:
--------------------------------------------------------------------------------
1 | using System;
2 |
3 | namespace HijackGen.Services
4 | {
5 | public interface IDialogService
6 | {
7 | void ShowDialog(Type viewType, object viewModel);
8 | void CloseDialog(object viewModel);
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/HijackGen/Services/Settings.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Configuration;
3 | using System.Diagnostics;
4 | using System.IO;
5 |
6 | namespace HijackGen.Services
7 | {
8 | internal class Settings : ApplicationSettingsBase
9 | {
10 | public static Settings Default { get; } = (Settings)Synchronized(new Settings());
11 |
12 | public static readonly string DefaultDir = Environment.GetFolderPath(Environment.SpecialFolder.System);
13 |
14 | [UserScopedSetting]
15 | [DebuggerNonUserCode]
16 | [DefaultSettingValue("")]
17 | public string DllPath
18 | {
19 | get => (string)this[nameof(DllPath)];
20 | set => this[nameof(DllPath)] = value;
21 | }
22 |
23 | [UserScopedSetting]
24 | [DebuggerNonUserCode]
25 | [DefaultSettingValue("")]
26 | public string SaveDir
27 | {
28 | get
29 | {
30 | string dir = (string)this[nameof(SaveDir)];
31 | if (string.IsNullOrWhiteSpace(dir))
32 | {
33 | dir = Path.Combine(Path.GetDirectoryName(DllPath) ?? DefaultDir);
34 | }
35 | return dir;
36 | }
37 | set => this[nameof(SaveDir)] = value;
38 | }
39 |
40 | [UserScopedSetting]
41 | [DebuggerNonUserCode]
42 | [DefaultSettingValue("")]
43 | public string SelectedFormatName
44 | {
45 | get => (string)this[nameof(SelectedFormatName)];
46 | set => this[nameof(SelectedFormatName)] = value;
47 | }
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/HijackGen/Strings/GUIStrings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // 此代码由工具生成。
4 | // 运行时版本:4.0.30319.42000
5 | //
6 | // 对此文件的更改可能会导致不正确的行为,并且如果
7 | // 重新生成代码,这些更改将会丢失。
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace HijackGen.Strings {
12 | using System;
13 |
14 |
15 | ///
16 | /// 一个强类型的资源类,用于查找本地化的字符串等。
17 | ///
18 | // 此类是由 StronglyTypedResourceBuilder
19 | // 类通过类似于 ResGen 或 Visual Studio 的工具自动生成的。
20 | // 若要添加或移除成员,请编辑 .ResX 文件,然后重新运行 ResGen
21 | // (以 /str 作为命令选项),或重新生成 VS 项目。
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | public class GUIStrings {
26 |
27 | private static global::System.Resources.ResourceManager resourceMan;
28 |
29 | private static global::System.Globalization.CultureInfo resourceCulture;
30 |
31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 | internal GUIStrings() {
33 | }
34 |
35 | ///
36 | /// 返回此类使用的缓存的 ResourceManager 实例。
37 | ///
38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
39 | public static global::System.Resources.ResourceManager ResourceManager {
40 | get {
41 | if (object.ReferenceEquals(resourceMan, null)) {
42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("HijackGen.Strings.GUIStrings", typeof(GUIStrings).Assembly);
43 | resourceMan = temp;
44 | }
45 | return resourceMan;
46 | }
47 | }
48 |
49 | ///
50 | /// 重写当前线程的 CurrentUICulture 属性,对
51 | /// 使用此强类型资源类的所有资源查找执行重写。
52 | ///
53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
54 | public static global::System.Globalization.CultureInfo Culture {
55 | get {
56 | return resourceCulture;
57 | }
58 | set {
59 | resourceCulture = value;
60 | }
61 | }
62 |
63 | ///
64 | /// 查找类似 Cancel 的本地化字符串。
65 | ///
66 | public static string BtCancel {
67 | get {
68 | return ResourceManager.GetString("BtCancel", resourceCulture);
69 | }
70 | }
71 |
72 | ///
73 | /// 查找类似 Generate 的本地化字符串。
74 | ///
75 | public static string BtGenerate {
76 | get {
77 | return ResourceManager.GetString("BtGenerate", resourceCulture);
78 | }
79 | }
80 |
81 | ///
82 | /// 查找类似 VS Solution 的本地化字符串。
83 | ///
84 | public static string BtVSSolution {
85 | get {
86 | return ResourceManager.GetString("BtVSSolution", resourceCulture);
87 | }
88 | }
89 |
90 | ///
91 | /// 查找类似 Address 的本地化字符串。
92 | ///
93 | public static string ClmAddress {
94 | get {
95 | return ResourceManager.GetString("ClmAddress", resourceCulture);
96 | }
97 | }
98 |
99 | ///
100 | /// 查找类似 Dll Name 的本地化字符串。
101 | ///
102 | public static string ClmDllName {
103 | get {
104 | return ResourceManager.GetString("ClmDllName", resourceCulture);
105 | }
106 | }
107 |
108 | ///
109 | /// 查找类似 Forward Name 的本地化字符串。
110 | ///
111 | public static string ClmForwardName {
112 | get {
113 | return ResourceManager.GetString("ClmForwardName", resourceCulture);
114 | }
115 | }
116 |
117 | ///
118 | /// 查找类似 Has Forward 的本地化字符串。
119 | ///
120 | public static string ClmHasForward {
121 | get {
122 | return ResourceManager.GetString("ClmHasForward", resourceCulture);
123 | }
124 | }
125 |
126 | ///
127 | /// 查找类似 Hint 的本地化字符串。
128 | ///
129 | public static string ClmHint {
130 | get {
131 | return ResourceManager.GetString("ClmHint", resourceCulture);
132 | }
133 | }
134 |
135 | ///
136 | /// 查找类似 IAT Offset 的本地化字符串。
137 | ///
138 | public static string ClmIATOffset {
139 | get {
140 | return ResourceManager.GetString("ClmIATOffset", resourceCulture);
141 | }
142 | }
143 |
144 | ///
145 | /// 查找类似 Name 的本地化字符串。
146 | ///
147 | public static string ClmName {
148 | get {
149 | return ResourceManager.GetString("ClmName", resourceCulture);
150 | }
151 | }
152 |
153 | ///
154 | /// 查找类似 Ordinal 的本地化字符串。
155 | ///
156 | public static string ClmOrdinal {
157 | get {
158 | return ResourceManager.GetString("ClmOrdinal", resourceCulture);
159 | }
160 | }
161 |
162 | ///
163 | /// 查找类似 All Files 的本地化字符串。
164 | ///
165 | public static string FilterAllFiles {
166 | get {
167 | return ResourceManager.GetString("FilterAllFiles", resourceCulture);
168 | }
169 | }
170 |
171 | ///
172 | /// 查找类似 Dll files 的本地化字符串。
173 | ///
174 | public static string FilterDll {
175 | get {
176 | return ResourceManager.GetString("FilterDll", resourceCulture);
177 | }
178 | }
179 |
180 | ///
181 | /// 查找类似 About 的本地化字符串。
182 | ///
183 | public static string MnAbout {
184 | get {
185 | return ResourceManager.GetString("MnAbout", resourceCulture);
186 | }
187 | }
188 |
189 | ///
190 | /// 查找类似 Plugins 的本地化字符串。
191 | ///
192 | public static string MnPlugins {
193 | get {
194 | return ResourceManager.GetString("MnPlugins", resourceCulture);
195 | }
196 | }
197 |
198 | ///
199 | /// 查找类似 Demonstrate the import table of a PE file 的本地化字符串。
200 | ///
201 | public static string PluginDescImportChecker {
202 | get {
203 | return ResourceManager.GetString("PluginDescImportChecker", resourceCulture);
204 | }
205 | }
206 |
207 | ///
208 | /// 查找类似 Open regedit to check KnownDlls 的本地化字符串。
209 | ///
210 | public static string PluginDescKnownDllsChecker {
211 | get {
212 | return ResourceManager.GetString("PluginDescKnownDllsChecker", resourceCulture);
213 | }
214 | }
215 |
216 | ///
217 | /// 查找类似 Check Import 的本地化字符串。
218 | ///
219 | public static string PluginNameImportChecker {
220 | get {
221 | return ResourceManager.GetString("PluginNameImportChecker", resourceCulture);
222 | }
223 | }
224 |
225 | ///
226 | /// 查找类似 Check KnownDlls 的本地化字符串。
227 | ///
228 | public static string PluginNameKnownDllsChecker {
229 | get {
230 | return ResourceManager.GetString("PluginNameKnownDllsChecker", resourceCulture);
231 | }
232 | }
233 |
234 | ///
235 | /// 查找类似 Architecture 的本地化字符串。
236 | ///
237 | public static string TxtArchitecture {
238 | get {
239 | return ResourceManager.GetString("TxtArchitecture", resourceCulture);
240 | }
241 | }
242 |
243 | ///
244 | /// 查找类似 Custom Dll 的本地化字符串。
245 | ///
246 | public static string TxtCustomDll {
247 | get {
248 | return ResourceManager.GetString("TxtCustomDll", resourceCulture);
249 | }
250 | }
251 |
252 | ///
253 | /// 查找类似 Development Site 的本地化字符串。
254 | ///
255 | public static string TxtDevSite {
256 | get {
257 | return ResourceManager.GetString("TxtDevSite", resourceCulture);
258 | }
259 | }
260 |
261 | ///
262 | /// 查找类似 Dll Path 的本地化字符串。
263 | ///
264 | public static string TxtDllPath {
265 | get {
266 | return ResourceManager.GetString("TxtDllPath", resourceCulture);
267 | }
268 | }
269 |
270 | ///
271 | /// 查找类似 Dll Type 的本地化字符串。
272 | ///
273 | public static string TxtDllType {
274 | get {
275 | return ResourceManager.GetString("TxtDllType", resourceCulture);
276 | }
277 | }
278 |
279 | ///
280 | /// 查找类似 Output File Format 的本地化字符串。
281 | ///
282 | public static string TxtOutputFormat {
283 | get {
284 | return ResourceManager.GetString("TxtOutputFormat", resourceCulture);
285 | }
286 | }
287 |
288 | ///
289 | /// 查找类似 PE Path 的本地化字符串。
290 | ///
291 | public static string TxtPEPath {
292 | get {
293 | return ResourceManager.GetString("TxtPEPath", resourceCulture);
294 | }
295 | }
296 |
297 | ///
298 | /// 查找类似 Save Path 的本地化字符串。
299 | ///
300 | public static string TxtSavePath {
301 | get {
302 | return ResourceManager.GetString("TxtSavePath", resourceCulture);
303 | }
304 | }
305 |
306 | ///
307 | /// 查找类似 System Dll 的本地化字符串。
308 | ///
309 | public static string TxtSystemDll {
310 | get {
311 | return ResourceManager.GetString("TxtSystemDll", resourceCulture);
312 | }
313 | }
314 | }
315 | }
316 |
--------------------------------------------------------------------------------
/HijackGen/Strings/GUIStrings.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | Generate
122 |
123 |
124 | Dll Path
125 |
126 |
127 | About
128 |
129 |
130 | Development Site
131 |
132 |
133 | Save Path
134 |
135 |
136 | Dll Type
137 |
138 |
139 | Architecture
140 |
141 |
142 | Output File Format
143 |
144 |
145 | Cancel
146 |
147 |
148 | System Dll
149 |
150 |
151 | Custom Dll
152 |
153 |
154 | Name
155 |
156 |
157 | Forward Name
158 |
159 |
160 | Has Forward
161 |
162 |
163 | Ordinal
164 |
165 |
166 | Address
167 |
168 |
169 | IAT Offset
170 |
171 |
172 | Dll Name
173 |
174 |
175 | Hint
176 |
177 |
178 | Plugins
179 |
180 |
181 | Check KnownDlls
182 |
183 |
184 | VS Solution
185 |
186 |
187 | Open regedit to check KnownDlls
188 |
189 |
190 | PE Path
191 |
192 |
193 | Check Import
194 |
195 |
196 | Demonstrate the import table of a PE file
197 |
198 |
199 | All Files
200 |
201 |
202 | Dll files
203 |
204 |
--------------------------------------------------------------------------------
/HijackGen/Strings/GUIStrings.zh-Hans.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | 生成
122 |
123 |
124 | Dll 文件路径
125 |
126 |
127 | 关于
128 |
129 |
130 | 开源地址
131 |
132 |
133 | 保存路径
134 |
135 |
136 | Dll 类型
137 |
138 |
139 | 架构
140 |
141 |
142 | 输出文件格式
143 |
144 |
145 | 取消
146 |
147 |
148 | 系统 Dll
149 |
150 |
151 | 自定义 Dll
152 |
153 |
154 | 名称
155 |
156 |
157 | 转发名称
158 |
159 |
160 | 是否有转发名称
161 |
162 |
163 | 序号
164 |
165 |
166 | 地址
167 |
168 |
169 | IAT 偏移
170 |
171 |
172 | Dll 名称
173 |
174 |
175 | 序号
176 |
177 |
178 | 插件
179 |
180 |
181 | 查看 KnownDlls
182 |
183 |
184 | VS 解决方案
185 |
186 |
187 | 打开 regedit 查看 KnownDlls
188 |
189 |
190 | PE 文件路径
191 |
192 |
193 | 查看导入表
194 |
195 |
196 | 展示 PE 文件的导入表
197 |
198 |
199 | 所有文件
200 |
201 |
202 | Dll 文件
203 |
204 |
--------------------------------------------------------------------------------
/HijackGen/Strings/Messages.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // 此代码由工具生成。
4 | // 运行时版本:4.0.30319.42000
5 | //
6 | // 对此文件的更改可能会导致不正确的行为,并且如果
7 | // 重新生成代码,这些更改将会丢失。
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace HijackGen.Strings {
12 | using System;
13 |
14 |
15 | ///
16 | /// 一个强类型的资源类,用于查找本地化的字符串等。
17 | ///
18 | // 此类是由 StronglyTypedResourceBuilder
19 | // 类通过类似于 ResGen 或 Visual Studio 的工具自动生成的。
20 | // 若要添加或移除成员,请编辑 .ResX 文件,然后重新运行 ResGen
21 | // (以 /str 作为命令选项),或重新生成 VS 项目。
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | public class Messages {
26 |
27 | private static global::System.Resources.ResourceManager resourceMan;
28 |
29 | private static global::System.Globalization.CultureInfo resourceCulture;
30 |
31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 | internal Messages() {
33 | }
34 |
35 | ///
36 | /// 返回此类使用的缓存的 ResourceManager 实例。
37 | ///
38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
39 | public static global::System.Resources.ResourceManager ResourceManager {
40 | get {
41 | if (object.ReferenceEquals(resourceMan, null)) {
42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("HijackGen.Strings.Messages", typeof(Messages).Assembly);
43 | resourceMan = temp;
44 | }
45 | return resourceMan;
46 | }
47 | }
48 |
49 | ///
50 | /// 重写当前线程的 CurrentUICulture 属性,对
51 | /// 使用此强类型资源类的所有资源查找执行重写。
52 | ///
53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
54 | public static global::System.Globalization.CultureInfo Culture {
55 | get {
56 | return resourceCulture;
57 | }
58 | set {
59 | resourceCulture = value;
60 | }
61 | }
62 |
63 | ///
64 | /// 查找类似 BuiltIn 的本地化字符串。
65 | ///
66 | public static string msgBuiltIn {
67 | get {
68 | return ResourceManager.GetString("msgBuiltIn", resourceCulture);
69 | }
70 | }
71 |
72 | ///
73 | /// 查找类似 Attention: Some exported function names contain invalid characters, which may cause the generated .h file to be invalid. 的本地化字符串。
74 | ///
75 | public static string msgContainsInvalidChars {
76 | get {
77 | return ResourceManager.GetString("msgContainsInvalidChars", resourceCulture);
78 | }
79 | }
80 |
81 | ///
82 | /// 查找类似 {0} exported functions found. 的本地化字符串。
83 | ///
84 | public static string msgExportFound {
85 | get {
86 | return ResourceManager.GetString("msgExportFound", resourceCulture);
87 | }
88 | }
89 |
90 | ///
91 | /// 查找类似 Failed to save: {0} 的本地化字符串。
92 | ///
93 | public static string msgFailedWithMsg {
94 | get {
95 | return ResourceManager.GetString("msgFailedWithMsg", resourceCulture);
96 | }
97 | }
98 |
99 | ///
100 | /// 查找类似 Invalid PE file. 的本地化字符串。
101 | ///
102 | public static string msgInvalidPE {
103 | get {
104 | return ResourceManager.GetString("msgInvalidPE", resourceCulture);
105 | }
106 | }
107 |
108 | ///
109 | /// 查找类似 Invalid dll: {0} 的本地化字符串。
110 | ///
111 | public static string msgNotDll {
112 | get {
113 | return ResourceManager.GetString("msgNotDll", resourceCulture);
114 | }
115 | }
116 |
117 | ///
118 | /// 查找类似 File not found or access denied: {0} 的本地化字符串。
119 | ///
120 | public static string msgNotFound {
121 | get {
122 | return ResourceManager.GetString("msgNotFound", resourceCulture);
123 | }
124 | }
125 |
126 | ///
127 | /// 查找类似 Please input dll path. 的本地化字符串。
128 | ///
129 | public static string msgPleaseInputPath {
130 | get {
131 | return ResourceManager.GetString("msgPleaseInputPath", resourceCulture);
132 | }
133 | }
134 |
135 | ///
136 | /// 查找类似 Plugin execution failed: {0} 的本地化字符串。
137 | ///
138 | public static string msgPluginError {
139 | get {
140 | return ResourceManager.GetString("msgPluginError", resourceCulture);
141 | }
142 | }
143 |
144 | ///
145 | /// 查找类似 Ready 的本地化字符串。
146 | ///
147 | public static string msgReady {
148 | get {
149 | return ResourceManager.GetString("msgReady", resourceCulture);
150 | }
151 | }
152 |
153 | ///
154 | /// 查找类似 Please specify save directory 的本地化字符串。
155 | ///
156 | public static string msgSpecifyPath {
157 | get {
158 | return ResourceManager.GetString("msgSpecifyPath", resourceCulture);
159 | }
160 | }
161 |
162 | ///
163 | /// 查找类似 Saved. 的本地化字符串。
164 | ///
165 | public static string msgSuccess {
166 | get {
167 | return ResourceManager.GetString("msgSuccess", resourceCulture);
168 | }
169 | }
170 |
171 | ///
172 | /// 查找类似 ThirdParty 的本地化字符串。
173 | ///
174 | public static string msgThirdParty {
175 | get {
176 | return ResourceManager.GetString("msgThirdParty", resourceCulture);
177 | }
178 | }
179 | }
180 | }
181 |
--------------------------------------------------------------------------------
/HijackGen/Strings/Messages.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | Ready
122 |
123 |
124 | File not found or access denied: {0}
125 |
126 |
127 | Invalid dll: {0}
128 |
129 |
130 | {0} exported functions found.
131 |
132 |
133 | Saved.
134 |
135 |
136 | Failed to save: {0}
137 |
138 |
139 | Attention: Some exported function names contain invalid characters, which may cause the generated .h file to be invalid.
140 |
141 |
142 | Please specify save directory
143 |
144 |
145 | Plugin execution failed: {0}
146 |
147 |
148 | Please input dll path.
149 |
150 |
151 | Invalid PE file.
152 |
153 |
154 | BuiltIn
155 |
156 |
157 | ThirdParty
158 |
159 |
--------------------------------------------------------------------------------
/HijackGen/Strings/Messages.zh-Hans.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | 就绪
122 |
123 |
124 | 文件不存在或权限不足:{0}
125 |
126 |
127 | 非法的 Dll 文件:{0}
128 |
129 |
130 | 共找到{0}个导出函数。
131 |
132 |
133 | 保存成功。
134 |
135 |
136 | 保存失败:{0}
137 |
138 |
139 | 注意:某些导出函数的名称含有非法字符,可能导致生成的 .h 文件无效。
140 |
141 |
142 | 请指定保存路径
143 |
144 |
145 | 插件运行失败:{0}
146 |
147 |
148 | 请输入 Dll 文件路径。
149 |
150 |
151 | 非法的 PE 文件。
152 |
153 |
154 | 内置
155 |
156 |
157 | 第三方
158 |
159 |
--------------------------------------------------------------------------------
/HijackGen/ViewModels/AboutViewModel.cs:
--------------------------------------------------------------------------------
1 | using CommunityToolkit.Mvvm.ComponentModel;
2 | using CommunityToolkit.Mvvm.Input;
3 | using System.Diagnostics;
4 | using System.Reflection;
5 |
6 | namespace HijackGen.ViewModels
7 | {
8 | internal partial class AboutViewModel : ObservableObject
9 | {
10 | [ObservableProperty]
11 | public string name;
12 |
13 | [ObservableProperty]
14 | public string copyright;
15 |
16 | public AboutViewModel()
17 | {
18 | Name = $"{Assembly.GetExecutingAssembly().GetName().Name} {Assembly.GetExecutingAssembly().GetName().Version}";
19 | Copyright = Assembly.GetExecutingAssembly().GetCustomAttribute().Copyright;
20 | }
21 |
22 | [RelayCommand]
23 | private void OpenLink(string url)
24 | {
25 | Process.Start(new ProcessStartInfo
26 | {
27 | FileName = url,
28 | UseShellExecute = true
29 | });
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/HijackGen/ViewModels/GenerationViewModel.cs:
--------------------------------------------------------------------------------
1 | using CommunityToolkit.Mvvm.ComponentModel;
2 | using CommunityToolkit.Mvvm.Input;
3 | using CommunityToolkit.Mvvm.Messaging;
4 | using HijackGen.Messengers;
5 | using HijackGen.Models;
6 | using HijackGen.Models.Enums;
7 | using HijackGen.Services;
8 | using HijackGen.Strings;
9 | using Microsoft.Win32;
10 | using System;
11 | using System.Collections.Generic;
12 | using System.IO;
13 | using System.Linq;
14 | using System.Windows;
15 |
16 | namespace HijackGen.ViewModels
17 | {
18 | internal partial class GenerationViewModel : ObservableObject
19 | {
20 | private readonly MainViewModel _parentVM;
21 | private readonly IDialogService _dialogService;
22 |
23 | private readonly ExportParser Parser;
24 | private readonly List DllInfos;
25 | private bool ContainsSpecialChars => DllInfos.Any(x => !string.IsNullOrWhiteSpace(x.Name) && x.Name.IndexOfAny(InvalidChars.InvalidCharList) >= 0);
26 |
27 | public GenerationViewModel(MainViewModel parentVM, IDialogService dialogService)
28 | {
29 | _parentVM = parentVM ?? throw new ArgumentNullException(nameof(parentVM));
30 | _dialogService = dialogService ?? throw new ArgumentNullException(nameof(dialogService));
31 | Parser = parentVM.Parser;
32 | DllInfos = parentVM.Infos;
33 | SavePath = Settings.Default.SaveDir;
34 | SelectedType = Parser.GenerationType;
35 | SelectedArchitecture = Parser.Architecture;
36 | SelectedFormat = Enum.TryParse(Settings.Default.SelectedFormatName, out GenerationFormat format) ? format : GenerationFormat.Sln;
37 | }
38 |
39 | [ObservableProperty]
40 | public string savePath;
41 | [ObservableProperty]
42 | public GenerationType selectedType;
43 | [ObservableProperty]
44 | public PeArchitecture selectedArchitecture;
45 | [ObservableProperty]
46 | public GenerationFormat selectedFormat;
47 |
48 | public Visibility TextVisibility
49 | {
50 | get
51 | {
52 | if (SelectedType == GenerationType.System && SelectedFormat != GenerationFormat.Def && ContainsSpecialChars)
53 | {
54 | return Visibility.Visible;
55 | }
56 | return Visibility.Collapsed;
57 | }
58 | }
59 |
60 | [RelayCommand]
61 | public void Generate()
62 | {
63 | try
64 | {
65 | Generator gen = Generator.Create(
66 | Path.GetFileNameWithoutExtension(Settings.Default.DllPath),
67 | DllInfos,
68 | Parser.GenerationType,
69 | Parser.Architecture,
70 | SelectedFormat);
71 |
72 | foreach (KeyValuePair content in gen.Generate())
73 | {
74 | string path = Path.Combine(SavePath, content.Key);
75 | Directory.CreateDirectory(Path.GetDirectoryName(path));
76 | File.WriteAllText(path, content.Value);
77 | }
78 | WeakReferenceMessenger.Default.Send(new StatusBarMessage(Messages.msgSuccess));
79 | }
80 | catch (Exception ex)
81 | {
82 | WeakReferenceMessenger.Default.Send(new StatusBarMessage(string.Format(Messages.msgFailedWithMsg, ex.Message)));
83 | }
84 | finally
85 | {
86 | WeakReferenceMessenger.Default.Send(new CloseWindowMessage());
87 | }
88 | }
89 |
90 | [RelayCommand]
91 | public void BrowseFolder()
92 | {
93 | OpenFolderDialog ofd = new()
94 | {
95 | Title = Messages.msgSpecifyPath,
96 | Multiselect = false
97 | };
98 | if (ofd.ShowDialog() == true)
99 | {
100 | SavePath = ofd.FolderName ?? string.Empty;
101 | }
102 | }
103 |
104 | [RelayCommand]
105 | public void Close()
106 | {
107 | WeakReferenceMessenger.Default.Send(new CloseWindowMessage());
108 | }
109 |
110 | partial void OnSavePathChanged(string value)
111 | {
112 | Settings.Default.SaveDir = value;
113 | Settings.Default.Save();
114 | }
115 |
116 | partial void OnSelectedTypeChanged(GenerationType value)
117 | {
118 | OnPropertyChanged(nameof(TextVisibility));
119 | }
120 |
121 | partial void OnSelectedArchitectureChanged(PeArchitecture value)
122 | {
123 | OnPropertyChanged(nameof(TextVisibility));
124 | }
125 |
126 | partial void OnSelectedFormatChanged(GenerationFormat value)
127 | {
128 | Settings.Default.SelectedFormatName = value.ToString();
129 | Settings.Default.Save();
130 | OnPropertyChanged(nameof(TextVisibility));
131 | }
132 | }
133 | }
134 |
--------------------------------------------------------------------------------
/HijackGen/ViewModels/MainViewModel.cs:
--------------------------------------------------------------------------------
1 | using CommunityToolkit.Mvvm.ComponentModel;
2 | using CommunityToolkit.Mvvm.Input;
3 | using CommunityToolkit.Mvvm.Messaging;
4 | using HijackGen.Messengers;
5 | using HijackGen.Models;
6 | using HijackGen.Plugins;
7 | using HijackGen.Services;
8 | using HijackGen.Strings;
9 | using HijackGen.Views;
10 | using Microsoft.Win32;
11 | using System;
12 | using System.Collections.Generic;
13 | using System.Collections.ObjectModel;
14 | using System.IO;
15 |
16 | namespace HijackGen.ViewModels
17 | {
18 | public partial class MainViewModel : ObservableObject, IRecipient
19 | {
20 | private readonly IDialogService _dialogService;
21 | private readonly PluginManager _pluginManager;
22 | internal ExportParser Parser;
23 | internal List Infos;
24 |
25 | public MainViewModel(IDialogService dialogService)
26 | {
27 | _dialogService = dialogService ?? throw new ArgumentNullException(nameof(dialogService));
28 | _pluginManager = new PluginManager();
29 | MenuItems = [];
30 | LoadPlugins();
31 | WeakReferenceMessenger.Default.Register(this);
32 |
33 | DllPath = Settings.Default.DllPath;
34 | }
35 |
36 | [ObservableProperty]
37 | private string dllPath;
38 |
39 | [ObservableProperty]
40 | private ObservableCollection searchedInfos;
41 |
42 | [ObservableProperty]
43 | private string searchText = string.Empty;
44 |
45 | [ObservableProperty]
46 | private string statusText = Messages.msgReady;
47 |
48 | [ObservableProperty]
49 | private string infoText;
50 |
51 | [ObservableProperty]
52 | private bool canGenerate;
53 |
54 | [ObservableProperty]
55 | private ObservableCollection menuItems;
56 |
57 | [RelayCommand]
58 | public void ShowOptions()
59 | {
60 | if (CanGenerate)
61 | {
62 | GenerationViewModel childVM = new(this, _dialogService);
63 | _dialogService.ShowDialog(typeof(GenerationView), childVM);
64 | }
65 | }
66 |
67 | [RelayCommand]
68 | public void ShowAbout()
69 | {
70 | AboutViewModel childVM = new();
71 | _dialogService.ShowDialog(typeof(AboutView), childVM);
72 | }
73 |
74 | [RelayCommand]
75 | public void OpenFile()
76 | {
77 | OpenFileDialog ofd = new()
78 | {
79 | Filter = $"{GUIStrings.FilterDll} (*.dll)|*.dll|{GUIStrings.FilterAllFiles} (*.*)|*.*",
80 | InitialDirectory = string.IsNullOrWhiteSpace(DllPath) ? Settings.DefaultDir : Path.GetDirectoryName(DllPath),
81 | };
82 | if (ofd.ShowDialog() == true)
83 | {
84 | DllPath = ofd.FileName;
85 | }
86 | }
87 |
88 | public void Receive(StatusBarMessage message)
89 | {
90 | if (message == null)
91 | {
92 | return;
93 | }
94 | StatusText = message.Content;
95 | }
96 |
97 | private void LoadPlugins()
98 | {
99 | _pluginManager.LoadBuiltInPlugins();
100 | _pluginManager.LoadThirdPartyPlugins();
101 | AddPluginsToMenu(_pluginManager.BuiltInPlugins, Messages.msgBuiltIn);
102 | AddPluginsToMenu(_pluginManager.ThirdPartyPlugins, Messages.msgThirdParty);
103 | }
104 |
105 | private void AddPluginsToMenu(IEnumerable plugins, string type)
106 | {
107 | foreach (Plugin plugin in plugins)
108 | {
109 | MenuItems.Add(new MenuItemViewModel
110 | {
111 | Header = plugin.Name,
112 | Description = $"[{type}] {plugin.Description}",
113 | Icon = plugin.Icon,
114 | Command = new RelayCommand(() =>
115 | {
116 | try
117 | {
118 | plugin.Initialize(this, _dialogService);
119 | plugin.Execute();
120 | }
121 | catch (Exception ex)
122 | {
123 | StatusText = string.Format(Messages.msgPluginError, ex.Message);
124 | }
125 | })
126 | });
127 | }
128 | }
129 |
130 | partial void OnDllPathChanged(string value)
131 | {
132 | Settings.Default.DllPath = value;
133 | Settings.Default.Save();
134 | Parser = null;
135 | Infos = [];
136 | SearchedInfos = null;
137 | InfoText = string.Empty;
138 | try
139 | {
140 | Parser = new(DllPath);
141 | Infos = Parser.GetInfos();
142 | SearchedInfos = new ObservableCollection(Infos);
143 | }
144 | catch (Exception ex)
145 | {
146 | StatusText = ex.Message;
147 | CanGenerate = false;
148 | return;
149 | }
150 | CanGenerate = SearchedInfos.Count > 0;
151 | StatusText = string.Format(Messages.msgExportFound, SearchedInfos.Count);
152 | InfoText = $"{Parser.Architecture}";
153 | }
154 |
155 | partial void OnSearchTextChanged(string value)
156 | {
157 | SearchedInfos = new ObservableCollection(string.IsNullOrWhiteSpace(value) ?
158 | Infos : Infos.FindAll(x => x.Ordinal.ToString().Contains(SearchText, StringComparison.OrdinalIgnoreCase) ||
159 | !string.IsNullOrWhiteSpace(x.Name) && x.Name.Contains(SearchText, StringComparison.OrdinalIgnoreCase) ||
160 | x.HasForward.ToString().Contains(SearchText, StringComparison.OrdinalIgnoreCase) ||
161 | x.HasForward && !string.IsNullOrWhiteSpace(x.ForwardName) && x.ForwardName.Contains(SearchText, StringComparison.OrdinalIgnoreCase)));
162 | }
163 | }
164 | }
165 |
--------------------------------------------------------------------------------
/HijackGen/ViewModels/MenuItemViewmodel.cs:
--------------------------------------------------------------------------------
1 | using System.ComponentModel;
2 | using System.Windows.Input;
3 | using System.Windows.Media;
4 |
5 | namespace HijackGen.ViewModels
6 | {
7 | public class MenuItemViewModel : INotifyPropertyChanged
8 | {
9 | public string Header { get; set; }
10 | public string Description { get; set; }
11 | public ImageSource Icon { get; set; }
12 | public ICommand Command { get; set; }
13 |
14 | public event PropertyChangedEventHandler PropertyChanged;
15 | protected virtual void OnPropertyChanged(string propertyName)
16 | {
17 | PropertyChanged?.Invoke(this, new PropertyChangedEventArgs(propertyName));
18 | }
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/HijackGen/Views/AboutView.xaml:
--------------------------------------------------------------------------------
1 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
25 |
28 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/HijackGen/Views/AboutView.xaml.cs:
--------------------------------------------------------------------------------
1 | using System.Windows;
2 |
3 | namespace HijackGen.Views
4 | {
5 | public partial class AboutView : Window
6 | {
7 | public AboutView()
8 | {
9 | InitializeComponent();
10 | }
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/HijackGen/Views/GenerationView.xaml:
--------------------------------------------------------------------------------
1 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
27 |
28 |
29 |
30 |
31 |
32 |
39 |
46 |
47 |
50 |
51 |
52 |
53 |
54 |
55 |
62 |
69 |
70 |
71 |
74 |
75 |
76 |
77 |
78 |
79 |
86 |
93 |
94 |
95 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
116 |
125 |
134 |
144 |
154 |
155 |
156 |
161 |
162 |
163 |
164 |
165 |
166 |
173 |
180 |
181 |
182 |
183 |
--------------------------------------------------------------------------------
/HijackGen/Views/GenerationView.xaml.cs:
--------------------------------------------------------------------------------
1 | using CommunityToolkit.Mvvm.Messaging;
2 | using HijackGen.Messengers;
3 | using System.Windows;
4 |
5 | namespace HijackGen.Views
6 | {
7 | public partial class GenerationView : Window
8 | {
9 | public GenerationView()
10 | {
11 | InitializeComponent();
12 | WeakReferenceMessenger.Default.Register(this, (_, _) => Close());
13 | }
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/HijackGen/Views/MainView.xaml:
--------------------------------------------------------------------------------
1 |
16 |
17 |
30 |
31 |
34 |
37 |
38 |
39 |
40 |
41 |
44 |
45 |
46 |
47 |
48 |
49 |
56 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
72 |
73 |
78 |
79 |
80 |
93 |
94 |
97 |
100 |
103 |
106 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
--------------------------------------------------------------------------------
/HijackGen/Views/MainView.xaml.cs:
--------------------------------------------------------------------------------
1 | using System.Windows;
2 |
3 | namespace HijackGen.Views
4 | {
5 | public partial class MainView : Window
6 | {
7 | public MainView()
8 | {
9 | InitializeComponent();
10 | }
11 |
12 | private void Window_DragEnter(object sender, DragEventArgs e)
13 | {
14 | if (e.Data.GetDataPresent(DataFormats.FileDrop))
15 | {
16 | e.Effects = DragDropEffects.Copy;
17 | }
18 | else
19 | {
20 | e.Effects = DragDropEffects.None;
21 | }
22 | }
23 |
24 | private void Window_Drop(object sender, DragEventArgs e)
25 | {
26 | string[] files = (string[])e.Data.GetData(DataFormats.FileDrop);
27 | if (files.Length > 0)
28 | {
29 | this.TxtDllPath.Text = files[0];
30 | }
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2025 detached64
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
6 |
7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
8 |
9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # HijackGen
2 |
3 | A simple tool to generate dll source code for dll hijacking.
4 |
5 | 
6 |
7 | ## Features
8 |
9 | * Support x86 and x64 PE files.
10 | * Support generating x86 and x64 dll source code.
11 | * Support dll proxying.
12 | * Support invalid characters detection in function names.
13 | * Support custom invalid characters by editing `InvalidChars.txt`.
14 |
15 | ## Usage
16 |
17 | [English](./docs/Usage.md) | [中文](./docs/Usage_zh-CN.md)
18 |
19 | ## Release
20 |
21 | You can download the latest release from the [Releases](https://github.com/detached64/HijackGen/releases/latest) page.
22 |
23 | If you do not have the .NET 9 runtime installed, you can download it from the [.NET download page](https://dotnet.microsoft.com/download/dotnet/9.0) or just download the self-contained version.
24 |
25 | ## Build
26 |
27 | ```bash
28 | dotnet publish -c Release -r win-x64 -p:PublishSingleFile=true --self-contained false
29 | ```
30 |
31 | ## Reference
32 |
33 | * [PeNet](https://github.com/secana/PeNet)
34 |
35 | * [dll-hijack-by-proxying](https://github.com/tothi/dll-hijack-by-proxying)
36 |
37 | * [AheadLib-x86-x64](https://github.com/strivexjun/AheadLib-x86-x64)
38 |
--------------------------------------------------------------------------------
/docs/Def.md:
--------------------------------------------------------------------------------
1 | # Dll Hijacking with .def
2 |
3 | ## Environment
4 |
5 | * MinGW-w64
6 |
7 | ## Preparation
8 |
9 | * Put the dll file to be hijacked in the target directory (if not), and rename it, for example:
10 | * Copy `C:\Windows\SysWOW64\user32.dll` to the `C:\Users\user\Desktop\test` directory, and rename it to `user32_org.dll`
11 | * Rename `C:\Users\user\Desktop\test\my.dll` to `my_org.dll`
12 |
13 | ## Hijack 32-bit dll
14 |
15 | 1. Download this project, select the **renamed** dll, such as `user32_org.dll`.
16 | 2. Click the `Generate .def` button to generate the def file to the target directory.
17 | 3. Put the prepared c/cpp source file in the target directory.
18 | 4. Open cmd in the target directory, enter `i686-w64-mingw32-gcc -shared -o user32.dll user32.c user32_org.def -s`, to generate the hijacked dll file.
19 | Note: If it is a cpp file, use `i686-w64-mingw32-g++`
20 |
21 | ## Hijack 64-bit dll
22 |
23 | 1. Same as above
24 | 2. Same as above
25 | 3. Same as above
26 | 4. Open cmd in the target directory, enter `x86_64-w64-mingw32-gcc -shared -o user32.dll user32.c user32_org.def -s`, to generate the hijacked dll file.
--------------------------------------------------------------------------------
/docs/Def_zh-CN.md:
--------------------------------------------------------------------------------
1 | # 如何利用 def 文件实现 dll 劫持
2 |
3 | ## 环境
4 |
5 | * MinGW-w64
6 |
7 | ## 准备工作
8 |
9 | * 把需要劫持的 dll 文件放在目标目录下 (如无),并重命名,例如:
10 | * `C:\Windows\SysWOW64\user32.dll` 复制到 `C:\Users\user\Desktop\test` 目录下,并重命名为 `user32_org.dll`
11 | * `C:\Users\user\Desktop\test\my.dll` 重命名为 `my_org.dll`
12 |
13 | ## 劫持 32 位 dll
14 |
15 | 1. 下载本项目,选择**重命名过**的 dll,例如 `user32_org.dll`。
16 | 2. 点击 `生成 def 文件` 按钮,生成 def 文件到目标目录下。
17 | 3. 把准备好的 c/cpp 源文件放到目标目录下。
18 | 4. 在目标目录打开 cmd,输入 `i686-w64-mingw32-gcc -shared -o user32.dll user32.c user32_org.def -s`,生成劫持 dll 文件。
19 | 注:如果是 cpp 文件,使用 `i686-w64-mingw32-g++`
20 |
21 | ## 劫持 64 位 dll
22 |
23 | 1. 同上
24 | 2. 同上
25 | 3. 同上
26 | 4. 在目标目录打开 cmd,输入 `x86_64-w64-mingw32-gcc -shared -o user32.dll user32.c user32_org.def -s`,生成劫持 dll 文件。
--------------------------------------------------------------------------------
/docs/H.md:
--------------------------------------------------------------------------------
1 | # Dll Hijacking with .h
2 |
3 | ## Environment
4 |
5 | - Visual Studio 2022
6 |
7 | ## Hijack system dll
8 |
9 | Note: This method does not apply to functions exported with special characters such as `?`, `@`, `$`. Please use other methods.
10 |
11 | ### Hijack 32-bit dll
12 |
13 | 1. Create an empty dll project, for example `version`.
14 | 2. Download this project and select the dll to hijack, for example `C:\Windows\SysWOW64\version.dll`.
15 | 3. Click the `Generate .h` button, select `x86`, and generate the h file to the project directory.
16 | 4. Add `#include "version.h"` in `dllmain.cpp`.
17 | 5. Call the `InitHijack` and `FreeHijack` functions to implement the hijacking.
18 | 6. Compile the project, generate the dll file, and copy it to the target directory.
19 |
20 | ### Hijack 64-bit dll
21 |
22 | 1. Create an empty dll project, for example `version`.
23 | 2. Download this project and select the dll to hijack, for example `C:\Windows\System32\version.dll`.
24 | 3. Click the `Generate .h` button, select `x64`, and check `Generate .def simultaneously`, generate the h file and def file to the project directory.
25 | 4. Add `#include "version.h"` in `dllmain.cpp`.
26 | 5. Right-click the project, select `Properties`, `Configuration Properties`, `Linker`, `Input`, `Module Definition File`, and add `version.def`.
27 | 
28 | 6. Call the `InitHijack` and `FreeHijack` functions to implement the hijacking.
29 | 7. Compile the project, generate the dll file, and copy it to the target directory.
30 |
31 | ## Hijack custom dll
32 |
33 | This method is also known as `dll proxy`, suitable for hijacking any dll, especially in scenarios where the original dll should exist.
34 |
35 | 1. Create an empty dll project.
36 | 2. Rename the dll to be hijacked, for example:
37 | - Rename `C:\Users\user\Desktop\test\my.dll` to `my_org.dll`
38 | 3. Download this project, select the **renamed** dll, click the `Generate .h` button, select `Custom dll`, and generate the h file to the project directory.
39 | 4. Include the generated h file in `dllmain.cpp`.
40 | 5. Compile the project, generate the dll file, rename it to `my.dll`, and copy it to the target directory.
41 | Note: The original dll `my_org.dll` must be in the same directory as the hijacked dll `my.dll`.
42 |
--------------------------------------------------------------------------------
/docs/H_zh-CN.md:
--------------------------------------------------------------------------------
1 | # 如何利用 h 文件实现 dll 劫持
2 |
3 | ## 环境
4 |
5 | - Visual Studio 2022
6 |
7 | ## 劫持系统 dll
8 |
9 | 注:此方法不适用于导出含 `?`,`@`,`$` 等特殊字符的函数。请使用其他方法。
10 |
11 | ### 劫持 32 位 dll
12 |
13 | 1. 新建一个空 dll 项目,例如 `version`。
14 | 2. 下载本项目,选择要劫持的 dll,例如 `C:\Windows\SysWOW64\version.dll`。
15 | 3. 点击 `生成 h 文件` 按钮,选择 `x86`,生成 h 文件到项目目录下。
16 | 4. 在 `dllmain.cpp` 中添加 `#include "version.h"`。
17 | 5. 调用 `InitHijack` 和 `FreeHijack` 函数实现劫持。
18 | 6. 编译项目,生成 dll 文件,复制到目标目录下。
19 |
20 | ### 劫持 64 位 dll
21 |
22 | 1. 新建一个空 dll 项目,例如 `version`。
23 | 2. 下载本项目,选择要劫持的 dll,例如 `C:\Windows\System32\version.dll`。
24 | 3. 点击 `生成 h 文件` 按钮,选择 `x64`,并勾选 `同时生成def文件`,生成 h 文件和 def 文件到项目目录下。
25 | 4. 在 `dllmain.cpp` 中添加 `#include "version.h"`。
26 | 5. 右键项目,选择 `属性`,`配置属性`,`链接器`,`输入`,`模块定义文件`,添加 `version.def`。
27 | 
28 | 6. 调用 `InitHijack` 和 `FreeHijack` 函数实现劫持。
29 | 7. 编译项目,生成 dll 文件,复制到目标目录下。
30 |
31 | ## 劫持自定义 dll
32 |
33 | 此方法也被称为 `dll proxy`,适用于劫持任何 dll,尤其适合需要原始 dll 存在的场景。
34 |
35 | 1. 新建一个空 dll 项目。
36 | 2. 重命名要劫持的 dll ,例如:
37 | - `C:\Users\user\Desktop\test\my.dll` 重命名为 `my_org.dll`
38 | 3. 下载本项目,选择**重命名后**的 dll,点击 `生成 h 文件` 按钮,选择 `自定义dll`,生成 h 文件到项目目录下。
39 | 4. 在 `dllmain.cpp` 中 `include` 生成的 h 文件。
40 | 5. 编译项目,生成 dll 文件,重命名为 `my.dll`,复制到目标目录下。
41 | 注:原始的 dll `my_org.dll` 必须和劫持的 dll `my.dll` 在同一目录下。
42 |
--------------------------------------------------------------------------------
/docs/Usage.md:
--------------------------------------------------------------------------------
1 | # Usage
2 |
3 | - [Dll Hijacking with .def](Def.md)
4 | - [Dll Hijacking with .h](H.md)
5 |
6 | ## Knowledge
7 |
8 | - 32-bit system dlls are in `C:\Windows\SysWOW64`, 64-bit system dlls are in `C:\Windows\System32`.
9 | - When a 32-bit program accesses the `C:\Windows\System32` directory, the system will automatically redirect to the `C:\Windows\SysWOW64` directory; 64-bit programs do not have similar redirection.
10 | - The current bitness of the dll will be displayed in the lower right corner of the program.
11 | 
12 |
--------------------------------------------------------------------------------
/docs/Usage_zh-CN.md:
--------------------------------------------------------------------------------
1 | # 用法
2 |
3 | - [利用 def 文件实现 dll 劫持](Def_zh-CN.md)
4 | - [利用 h 文件实现 dll 劫持](H_zh-CN.md)
5 |
6 | ## 知识
7 |
8 | - 32 位系统 dll 在 `C:\Windows\SysWOW64` 目录下,64 位系统 dll 在 `C:\Windows\System32` 目录下。
9 | - 当 32 位程序访问 `C:\Windows\System32` 目录时,系统会自动重定向到 `C:\Windows\SysWOW64` 目录;64 位程序无类似重定向。
10 | - 程序右下角会显示当前 dll 的位数。
11 | 
12 |
--------------------------------------------------------------------------------
/docs/img/h-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/detached64/HijackGen/61c6dbbd6b29514a6ed8ce568656805e275adc1e/docs/img/h-1.png
--------------------------------------------------------------------------------
/docs/img/h-1_zh-CN.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/detached64/HijackGen/61c6dbbd6b29514a6ed8ce568656805e275adc1e/docs/img/h-1_zh-CN.png
--------------------------------------------------------------------------------
/docs/img/interface.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/detached64/HijackGen/61c6dbbd6b29514a6ed8ce568656805e275adc1e/docs/img/interface.png
--------------------------------------------------------------------------------
/docs/img/usage-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/detached64/HijackGen/61c6dbbd6b29514a6ed8ce568656805e275adc1e/docs/img/usage-1.png
--------------------------------------------------------------------------------