├── .gitignore
├── Directory.Build.props
├── Directory.Build.targets
├── LICENSE
├── README.md
├── corehook-plugins.sln
└── src
├── Common
└── src
│ └── Interop
│ └── Windows
│ ├── Interop.BOOL.cs
│ ├── Interop.Libraries.cs
│ ├── Interop.UNICODE_STRING.cs
│ ├── NtDll
│ └── Interop.NtQuerySystemInformation.cs
│ ├── Winsock
│ ├── Interop.WSARecv.cs
│ ├── Interop.WSASend.cs
│ ├── Interop.recv.cs
│ ├── Interop.recvfrom.cs
│ ├── Interop.send.cs
│ ├── Interop.sendto.cs
│ └── WSABuffer.cs
│ └── kernel32
│ ├── Interop.GetFinalPathNameByHandle.cs
│ ├── Interop.GetTickCount.cs
│ ├── Interop.GetTickCount64.cs
│ ├── Interop.QueryPerformanceCounter.cs
│ ├── Interop.ReadFile_IntPtr.cs
│ ├── Interop.SleepEx.cs
│ └── Interop.WriteFile_IntPtr.cs
└── Windows
├── FileIO
├── FileIO.cs
└── FileIO.csproj
├── HideProcess
├── HideProcess.cs
└── HideProcess.csproj
├── SocketHook
├── SocketHook.cs
└── SocketHook.csproj
└── SpeedHack
├── SpeedHack.cs
└── SpeedHack.csproj
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | x64/
19 | x86/
20 | bld/
21 | [Bb]in/
22 | [Oo]bj/
23 | [Ll]og/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | project.fragment.lock.json
46 | artifacts/
47 |
48 | *_i.c
49 | *_p.c
50 | *_i.h
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.tmp_proj
65 | *.log
66 | *.vspscc
67 | *.vssscc
68 | .builds
69 | *.pidb
70 | *.svclog
71 | *.scc
72 |
73 | # Chutzpah Test files
74 | _Chutzpah*
75 |
76 | # Visual C++ cache files
77 | ipch/
78 | *.aps
79 | *.ncb
80 | *.opendb
81 | *.opensdf
82 | *.sdf
83 | *.cachefile
84 | *.VC.db
85 | *.VC.VC.opendb
86 |
87 | # Visual Studio profiler
88 | *.psess
89 | *.vsp
90 | *.vspx
91 | *.sap
92 |
93 | # TFS 2012 Local Workspace
94 | $tf/
95 |
96 | # Guidance Automation Toolkit
97 | *.gpState
98 |
99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | *.DotSettings.user
103 |
104 | # JustCode is a .NET coding add-in
105 | .JustCode
106 |
107 | # TeamCity is a build add-in
108 | _TeamCity*
109 |
110 | # DotCover is a Code Coverage Tool
111 | *.dotCover
112 |
113 | # NCrunch
114 | _NCrunch_*
115 | .*crunch*.local.xml
116 | nCrunchTemp_*
117 |
118 | # MightyMoose
119 | *.mm.*
120 | AutoTest.Net/
121 |
122 | # Web workbench (sass)
123 | .sass-cache/
124 |
125 | # Installshield output folder
126 | [Ee]xpress/
127 |
128 | # DocProject is a documentation generator add-in
129 | DocProject/buildhelp/
130 | DocProject/Help/*.HxT
131 | DocProject/Help/*.HxC
132 | DocProject/Help/*.hhc
133 | DocProject/Help/*.hhk
134 | DocProject/Help/*.hhp
135 | DocProject/Help/Html2
136 | DocProject/Help/html
137 |
138 | # Click-Once directory
139 | publish/
140 |
141 | # Publish Web Output
142 | *.[Pp]ublish.xml
143 | *.azurePubxml
144 | # TODO: Comment the next line if you want to checkin your web deploy settings
145 | # but database connection strings (with potential passwords) will be unencrypted
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
150 | # checkin your Azure Web App publish settings, but sensitive information contained
151 | # in these scripts will be unencrypted
152 | PublishScripts/
153 |
154 | # NuGet Packages
155 | *.nupkg
156 | # The packages folder can be ignored because of Package Restore
157 | **/packages/*
158 | # except build/, which is used as an MSBuild target.
159 | !**/packages/build/
160 | # Uncomment if necessary however generally it will be regenerated when needed
161 | #!**/packages/repositories.config
162 | # NuGet v3's project.json files produces more ignoreable files
163 | *.nuget.props
164 | *.nuget.targets
165 |
166 | # Microsoft Azure Build Output
167 | csx/
168 | *.build.csdef
169 |
170 | # Microsoft Azure Emulator
171 | ecf/
172 | rcf/
173 |
174 | # Windows Store app package directories and files
175 | AppPackages/
176 | BundleArtifacts/
177 | Package.StoreAssociation.xml
178 | _pkginfo.txt
179 |
180 | # Visual Studio cache files
181 | # files ending in .cache can be ignored
182 | *.[Cc]ache
183 | # but keep track of directories ending in .cache
184 | !*.[Cc]ache/
185 |
186 | # Others
187 | ClientBin/
188 | ~$*
189 | *~
190 | *.dbmdl
191 | *.dbproj.schemaview
192 | *.jfm
193 | *.pfx
194 | *.publishsettings
195 | node_modules/
196 | orleans.codegen.cs
197 |
198 | # Since there are multiple workflows, uncomment next line to ignore bower_components
199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
200 | #bower_components/
201 |
202 | # RIA/Silverlight projects
203 | Generated_Code/
204 |
205 | # Backup & report files from converting an old project file
206 | # to a newer Visual Studio version. Backup files are not needed,
207 | # because we have git ;-)
208 | _UpgradeReport_Files/
209 | Backup*/
210 | UpgradeLog*.XML
211 | UpgradeLog*.htm
212 |
213 | # SQL Server files
214 | *.mdf
215 | *.ldf
216 |
217 | # Business Intelligence projects
218 | *.rdl.data
219 | *.bim.layout
220 | *.bim_*.settings
221 |
222 | # Microsoft Fakes
223 | FakesAssemblies/
224 |
225 | # GhostDoc plugin setting file
226 | *.GhostDoc.xml
227 |
228 | # Node.js Tools for Visual Studio
229 | .ntvs_analysis.dat
230 |
231 | # Visual Studio 6 build log
232 | *.plg
233 |
234 | # Visual Studio 6 workspace options file
235 | *.opt
236 |
237 | # Visual Studio LightSwitch build output
238 | **/*.HTMLClient/GeneratedArtifacts
239 | **/*.DesktopClient/GeneratedArtifacts
240 | **/*.DesktopClient/ModelManifest.xml
241 | **/*.Server/GeneratedArtifacts
242 | **/*.Server/ModelManifest.xml
243 | _Pvt_Extensions
244 |
245 | # Paket dependency manager
246 | .paket/paket.exe
247 | paket-files/
248 |
249 | # FAKE - F# Make
250 | .fake/
251 |
252 | # JetBrains Rider
253 | .idea/
254 | *.sln.iml
255 |
256 | # CodeRush
257 | .cr/
258 |
259 | # Python Tools for Visual Studio (PTVS)
260 | __pycache__/
261 | *.pyc
--------------------------------------------------------------------------------
/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Debug
5 | Release
6 | $(MSBuildThisFileDirectory)
7 | $(ProjectDir)src\
8 | $(SourceDir)Common\src
9 | $(ProjectDir)bin/
10 |
11 |
--------------------------------------------------------------------------------
/Directory.Build.targets:
--------------------------------------------------------------------------------
1 |
2 |
7 | $(MSBuildProgramFiles32)\dotnet\dotnet
8 | $(ProgramW6432)\dotnet\dotnet
9 |
10 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 Thierry Bizimungu
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CoreHook Plugins
2 | Example managed and unmanaged plugins for [CoreHook](https://github.com/unknownv2/CoreHook).
3 |
--------------------------------------------------------------------------------
/corehook-plugins.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28010.2050
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HideProcess", "src\Windows\HideProcess\HideProcess.csproj", "{160EFE71-8550-47C7-B2DD-044BBEF5BC40}"
7 | EndProject
8 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SpeedHack", "src\Windows\SpeedHack\SpeedHack.csproj", "{C4078A9E-D7A5-45AE-96D9-D7582E0302B3}"
9 | EndProject
10 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SocketHook", "src\Windows\SocketHook\SocketHook.csproj", "{5290068B-9BD0-4DF7-B5F9-8821FE617B24}"
11 | EndProject
12 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FileIO", "src\Windows\FileIO\FileIO.csproj", "{359E55C1-9CF8-47A8-9DC5-3B33028864BF}"
13 | EndProject
14 | Global
15 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
16 | Debug|Any CPU = Debug|Any CPU
17 | Release|Any CPU = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {160EFE71-8550-47C7-B2DD-044BBEF5BC40}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
21 | {160EFE71-8550-47C7-B2DD-044BBEF5BC40}.Debug|Any CPU.Build.0 = Debug|Any CPU
22 | {160EFE71-8550-47C7-B2DD-044BBEF5BC40}.Release|Any CPU.ActiveCfg = Release|Any CPU
23 | {160EFE71-8550-47C7-B2DD-044BBEF5BC40}.Release|Any CPU.Build.0 = Release|Any CPU
24 | {C4078A9E-D7A5-45AE-96D9-D7582E0302B3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
25 | {C4078A9E-D7A5-45AE-96D9-D7582E0302B3}.Debug|Any CPU.Build.0 = Debug|Any CPU
26 | {C4078A9E-D7A5-45AE-96D9-D7582E0302B3}.Release|Any CPU.ActiveCfg = Release|Any CPU
27 | {C4078A9E-D7A5-45AE-96D9-D7582E0302B3}.Release|Any CPU.Build.0 = Release|Any CPU
28 | {5290068B-9BD0-4DF7-B5F9-8821FE617B24}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
29 | {5290068B-9BD0-4DF7-B5F9-8821FE617B24}.Debug|Any CPU.Build.0 = Debug|Any CPU
30 | {5290068B-9BD0-4DF7-B5F9-8821FE617B24}.Release|Any CPU.ActiveCfg = Release|Any CPU
31 | {5290068B-9BD0-4DF7-B5F9-8821FE617B24}.Release|Any CPU.Build.0 = Release|Any CPU
32 | {359E55C1-9CF8-47A8-9DC5-3B33028864BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
33 | {359E55C1-9CF8-47A8-9DC5-3B33028864BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
34 | {359E55C1-9CF8-47A8-9DC5-3B33028864BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
35 | {359E55C1-9CF8-47A8-9DC5-3B33028864BF}.Release|Any CPU.Build.0 = Release|Any CPU
36 | EndGlobalSection
37 | GlobalSection(SolutionProperties) = preSolution
38 | HideSolutionNode = FALSE
39 | EndGlobalSection
40 | GlobalSection(ExtensibilityGlobals) = postSolution
41 | SolutionGuid = {7FB35390-5E37-4DE2-9A42-49FB4F9E7B7D}
42 | EndGlobalSection
43 | EndGlobal
44 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Interop.BOOL.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | internal partial class Interop
6 | {
7 | ///
8 | /// Blittable version of Windows BOOL type. It is convenient in situations where
9 | /// manual marshalling is required, or to avoid overhead of regular bool marshalling.
10 | ///
11 | ///
12 | /// Some Windows APIs return arbitrary integer values although the return type is defined
13 | /// as BOOL. It is best to never compare BOOL to TRUE. Always use bResult != BOOL.FALSE
14 | /// or bResult == BOOL.FALSE .
15 | ///
16 | internal enum BOOL : int
17 | {
18 | FALSE = 0,
19 | TRUE = 1,
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Interop.Libraries.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | internal static partial class Interop
6 | {
7 | internal static partial class Libraries
8 | {
9 | internal const string Advapi32 = "advapi32.dll";
10 | internal const string BCrypt = "BCrypt.dll";
11 | internal const string CoreComm_L1_1_1 = "api-ms-win-core-comm-l1-1-1.dll";
12 | internal const string Crypt32 = "crypt32.dll";
13 | internal const string Error_L1 = "api-ms-win-core-winrt-error-l1-1-0.dll";
14 | internal const string HttpApi = "httpapi.dll";
15 | internal const string IpHlpApi = "iphlpapi.dll";
16 | internal const string Kernel32 = "kernel32.dll";
17 | internal const string Memory_L1_3 = "api-ms-win-core-memory-l1-1-3.dll";
18 | internal const string Mswsock = "mswsock.dll";
19 | internal const string NCrypt = "ncrypt.dll";
20 | internal const string NtDll = "ntdll.dll";
21 | internal const string Odbc32 = "odbc32.dll";
22 | internal const string OleAut32 = "oleaut32.dll";
23 | internal const string PerfCounter = "perfcounter.dll";
24 | internal const string RoBuffer = "api-ms-win-core-winrt-robuffer-l1-1-0.dll";
25 | internal const string Secur32 = "secur32.dll";
26 | internal const string Shell32 = "shell32.dll";
27 | internal const string SspiCli = "sspicli.dll";
28 | internal const string User32 = "user32.dll";
29 | internal const string Version = "version.dll";
30 | internal const string WebSocket = "websocket.dll";
31 | internal const string WinHttp = "winhttp.dll";
32 | internal const string Ws2_32 = "ws2_32.dll";
33 | internal const string Wtsapi32 = "wtsapi32.dll";
34 | internal const string CompressionNative = "clrcompression.dll";
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Interop.UNICODE_STRING.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Runtime.InteropServices;
7 |
8 | internal static partial class Interop
9 | {
10 | // https://msdn.microsoft.com/en-us/library/windows/desktop/aa380518.aspx
11 | // https://msdn.microsoft.com/en-us/library/windows/hardware/ff564879.aspx
12 | [StructLayout(LayoutKind.Sequential)]
13 | internal struct UNICODE_STRING
14 | {
15 | ///
16 | /// Length, in bytes, not including the the null, if any.
17 | ///
18 | internal ushort Length;
19 |
20 | ///
21 | /// Max size of the buffer in bytes
22 | ///
23 | internal ushort MaximumLength;
24 | internal IntPtr Buffer;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/NtDll/Interop.NtQuerySystemInformation.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Runtime.InteropServices;
7 |
8 | internal partial class Interop
9 | {
10 | internal partial class NtDll
11 | {
12 | [DllImport(Libraries.NtDll, CharSet = CharSet.Unicode)]
13 | internal static extern int NtQuerySystemInformation(int query, IntPtr dataPtr, int size, out int returnedSize);
14 |
15 | internal const int NtQuerySystemProcessInformation = 5;
16 | internal const uint STATUS_INFO_LENGTH_MISMATCH = 0xC0000004;
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Winsock/Interop.WSARecv.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Diagnostics;
7 | using System.Net.Sockets;
8 | using System.Runtime.InteropServices;
9 | using System.Threading;
10 |
11 | internal static partial class Interop
12 | {
13 | internal static partial class Winsock
14 | {
15 | [DllImport(Interop.Libraries.Ws2_32, SetLastError = true)]
16 | internal static unsafe extern SocketError WSARecv(
17 | IntPtr socketHandle,
18 | WSABuffer* buffer,
19 | int bufferCount,
20 | out int bytesTransferred,
21 | ref SocketFlags socketFlags,
22 | NativeOverlapped* overlapped,
23 | IntPtr completionRoutine);
24 |
25 | internal static unsafe SocketError WSARecv(
26 | IntPtr socketHandle,
27 | ref WSABuffer buffer,
28 | int bufferCount,
29 | out int bytesTransferred,
30 | ref SocketFlags socketFlags,
31 | NativeOverlapped* overlapped,
32 | IntPtr completionRoutine)
33 | {
34 | // We intentionally do NOT copy this back after the function completes:
35 | // We don't want to cause a race in async scenarios.
36 | // The WSABuffer struct should be unchanged anyway.
37 | WSABuffer localBuffer = buffer;
38 | return WSARecv(socketHandle, &localBuffer, bufferCount, out bytesTransferred, ref socketFlags, overlapped, completionRoutine);
39 | }
40 |
41 | internal static unsafe SocketError WSARecv(
42 | IntPtr socketHandle,
43 | WSABuffer[] buffers,
44 | int bufferCount,
45 | out int bytesTransferred,
46 | ref SocketFlags socketFlags,
47 | NativeOverlapped* overlapped,
48 | IntPtr completionRoutine)
49 | {
50 | Debug.Assert(buffers != null && buffers.Length > 0 );
51 | fixed (WSABuffer* buffersPtr = &buffers[0])
52 | {
53 | return WSARecv(socketHandle, buffersPtr, bufferCount, out bytesTransferred, ref socketFlags, overlapped, completionRoutine);
54 | }
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Winsock/Interop.WSASend.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Diagnostics;
7 | using System.Net.Sockets;
8 | using System.Runtime.InteropServices;
9 | using System.Threading;
10 |
11 | internal static partial class Interop
12 | {
13 | internal static partial class Winsock
14 | {
15 | [DllImport(Interop.Libraries.Ws2_32, SetLastError = true)]
16 | internal static extern unsafe SocketError WSASend(
17 | IntPtr socketHandle,
18 | WSABuffer* buffers,
19 | int bufferCount,
20 | out int bytesTransferred,
21 | SocketFlags socketFlags,
22 | NativeOverlapped* overlapped,
23 | IntPtr completionRoutine);
24 |
25 | internal static unsafe SocketError WSASend(
26 | IntPtr socketHandle,
27 | ref WSABuffer buffer,
28 | int bufferCount,
29 | out int bytesTransferred,
30 | SocketFlags socketFlags,
31 | NativeOverlapped* overlapped,
32 | IntPtr completionRoutine)
33 | {
34 | // We intentionally do NOT copy this back after the function completes:
35 | // We don't want to cause a race in async scenarios.
36 | // The WSABuffer struct should be unchanged anyway.
37 | WSABuffer localBuffer = buffer;
38 | return WSASend(socketHandle, &localBuffer, bufferCount, out bytesTransferred, socketFlags, overlapped, completionRoutine);
39 | }
40 |
41 | internal static unsafe SocketError WSASend(
42 | IntPtr socketHandle,
43 | WSABuffer[] buffers,
44 | int bufferCount,
45 | out int bytesTransferred,
46 | SocketFlags socketFlags,
47 | NativeOverlapped* overlapped,
48 | IntPtr completionRoutine)
49 | {
50 | Debug.Assert(buffers != null && buffers.Length > 0);
51 | fixed (WSABuffer* buffersPtr = &buffers[0])
52 | {
53 | return WSASend(socketHandle, buffersPtr, bufferCount, out bytesTransferred, socketFlags, overlapped, completionRoutine);
54 | }
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Winsock/Interop.recv.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Runtime.InteropServices;
7 | using System.Net.Sockets;
8 |
9 | internal static partial class Interop
10 | {
11 | internal static partial class Winsock
12 | {
13 | // This method is always blocking, so it uses an IntPtr.
14 | [DllImport(Interop.Libraries.Ws2_32, SetLastError = true)]
15 | internal static extern unsafe int recv(
16 | [In] IntPtr socketHandle,
17 | [In] byte* pinnedBuffer,
18 | [In] int len,
19 | [In] SocketFlags socketFlags);
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Winsock/Interop.recvfrom.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Runtime.InteropServices;
7 | using System.Net.Sockets;
8 |
9 | internal static partial class Interop
10 | {
11 | internal static partial class Winsock
12 | {
13 | // This method is always blocking, so it uses an IntPtr.
14 | [DllImport(Interop.Libraries.Ws2_32, SetLastError = true)]
15 | internal static extern unsafe int recvfrom(
16 | [In] IntPtr socketHandle,
17 | [In] byte* pinnedBuffer,
18 | [In] int len,
19 | [In] SocketFlags socketFlags,
20 | [Out] byte[] socketAddress,
21 | [In, Out] ref int socketAddressSize);
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Winsock/Interop.send.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Runtime.InteropServices;
7 | using System.Net.Sockets;
8 |
9 | internal static partial class Interop
10 | {
11 | internal static partial class Winsock
12 | {
13 | // This method is always blocking, so it uses an IntPtr.
14 | [DllImport(Interop.Libraries.Ws2_32, SetLastError = true)]
15 | internal static extern unsafe int send(
16 | [In] IntPtr socketHandle,
17 | [In] byte* pinnedBuffer,
18 | [In] int len,
19 | [In] SocketFlags socketFlags);
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Winsock/Interop.sendto.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System;
6 | using System.Runtime.InteropServices;
7 | using System.Net.Sockets;
8 |
9 | internal static partial class Interop
10 | {
11 | internal static partial class Winsock
12 | {
13 | // This method is always blocking, so it uses an IntPtr.
14 | [DllImport(Interop.Libraries.Ws2_32, SetLastError = true)]
15 | internal static extern unsafe int sendto(
16 | [In] IntPtr socketHandle,
17 | [In] byte* pinnedBuffer,
18 | [In] int len,
19 | [In] SocketFlags socketFlags,
20 | [In] byte[] socketAddress,
21 | [In] int socketAddressSize);
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/Winsock/WSABuffer.cs:
--------------------------------------------------------------------------------
1 | // Licensed to the .NET Foundation under one or more agreements.
2 | // The .NET Foundation licenses this file to you under the MIT license.
3 | // See the LICENSE file in the project root for more information.
4 |
5 | using System.Runtime.InteropServices;
6 |
7 | namespace System.Net.Sockets
8 | {
9 | [StructLayout(LayoutKind.Sequential)]
10 | internal struct WSABuffer
11 | {
12 | internal int Length; // Length of Buffer
13 | internal IntPtr Pointer;// Pointer to Buffer
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/kernel32/Interop.GetFinalPathNameByHandle.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 | using System.Text;
4 |
5 | internal partial class Interop
6 | {
7 | internal partial class Kernel32
8 | {
9 | [DllImport(Libraries.Kernel32, SetLastError = true)]
10 | internal static extern uint GetFinalPathNameByHandle(
11 | IntPtr file,
12 | [Out] char[] filePath,
13 | uint filePathSize,
14 | uint flags);
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/kernel32/Interop.GetTickCount.cs:
--------------------------------------------------------------------------------
1 |
2 | using System;
3 | using System.Runtime.InteropServices;
4 |
5 | internal partial class Interop
6 | {
7 | internal partial class Kernel32
8 | {
9 | [DllImport(Libraries.Kernel32)]
10 | internal static extern uint GetTickCount();
11 | }
12 | }
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/kernel32/Interop.GetTickCount64.cs:
--------------------------------------------------------------------------------
1 |
2 | using System;
3 | using System.Runtime.InteropServices;
4 |
5 | internal partial class Interop
6 | {
7 | internal partial class Kernel32
8 | {
9 | [DllImport(Libraries.Kernel32)]
10 | internal static extern ulong GetTickCount64();
11 | }
12 | }
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/kernel32/Interop.QueryPerformanceCounter.cs:
--------------------------------------------------------------------------------
1 |
2 | // Licensed to the .NET Foundation under one or more agreements.
3 | // The .NET Foundation licenses this file to you under the MIT license.
4 | // See the LICENSE file in the project root for more information.
5 |
6 | using System;
7 | using System.Runtime.InteropServices;
8 |
9 | internal partial class Interop
10 | {
11 | internal partial class Kernel32
12 | {
13 | [DllImport(Libraries.Kernel32)]
14 | internal static extern BOOL QueryPerformanceCounter(out long performanceCount);
15 | }
16 | }
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/kernel32/Interop.ReadFile_IntPtr.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | internal partial class Interop
5 | {
6 | internal partial class Kernel32
7 | {
8 | [DllImport(Libraries.Kernel32, SetLastError = true)]
9 | internal static extern int ReadFile(
10 | IntPtr handle,
11 | IntPtr bytes,
12 | int numBytesToRead,
13 | out int numBytesRead,
14 | IntPtr mustBeZero);
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/kernel32/Interop.SleepEx.cs:
--------------------------------------------------------------------------------
1 |
2 | using System;
3 | using System.Runtime.InteropServices;
4 |
5 | internal partial class Interop
6 | {
7 | internal partial class Kernel32
8 | {
9 | [DllImport(Libraries.Kernel32)]
10 | internal static extern uint SleepEx(uint milliSeconds, BOOL alertable);
11 | }
12 | }
--------------------------------------------------------------------------------
/src/Common/src/Interop/Windows/kernel32/Interop.WriteFile_IntPtr.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | internal partial class Interop
5 | {
6 | internal partial class Kernel32
7 | {
8 | [DllImport(Libraries.Kernel32, SetLastError = true)]
9 | internal static extern int WriteFile(
10 | IntPtr handle,
11 | IntPtr bytes,
12 | int numBytesToWrite,
13 | out int numBytesWritten,
14 | IntPtr overlapped);
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/src/Windows/FileIO/FileIO.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Runtime.InteropServices;
4 | using System.Threading;
5 | using System.Threading.Tasks;
6 | using CoreHook;
7 |
8 | namespace FileIO
9 | {
10 | public class FileIO : IEntryPoint
11 | {
12 | ///
13 | /// List of files that have been read or written to, with a counter to keep track of the number of accesses.
14 | ///
15 | private Dictionary FileList = new Dictionary();
16 |
17 | ///
18 | /// The max length of a file path on Windows.
19 | ///
20 | public uint MaxPathLength = 260;
21 |
22 | ///
23 | /// Hook handle for the kernel32.dll!ReadFile function.
24 | ///
25 | private IHook _readFileHook;
26 | ///
27 | /// Hook handle for the kernel32.dll!WriteFile function.
28 | ///
29 | private IHook _writeFileHook;
30 |
31 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
32 | internal delegate int ReadFileDelegate(IntPtr handle,
33 | IntPtr bytes,
34 | int numBytesToRead,
35 | out int numBytesRead,
36 | IntPtr mustBeZero);
37 |
38 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
39 | internal delegate int WriteFileDelegate(IntPtr handle,
40 | IntPtr bytes,
41 | int numBytesToWrite,
42 | out int numBytesWritten,
43 | IntPtr overlapped);
44 |
45 | public FileIO(IContext context) { }
46 |
47 | ///
48 | /// Initialize hooks for our file I/O functions.
49 | ///
50 | ///
51 | public void Run(IContext context)
52 | {
53 | _readFileHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Kernel32, "ReadFile"), Detour_ReadFile, this);
54 | _writeFileHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Kernel32, "WriteFile"), Detour_WriteFile, this);
55 |
56 | DisplayFileAccess().GetAwaiter().GetResult();
57 | }
58 |
59 | private async Task DisplayFileAccess()
60 | {
61 | // Ensure we are running in a new thread
62 | await Task.Yield();
63 |
64 | // Enable detours for all threads except the current thread
65 | _readFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
66 | _writeFileHook.ThreadACL.SetExclusiveACL(new int[] { 0 });
67 |
68 | try
69 | {
70 | while (true)
71 | {
72 | Thread.Sleep(500);
73 |
74 | lock (FileList)
75 | {
76 | if (FileList.Count > 0)
77 | {
78 | foreach (var file in FileList)
79 | {
80 | Console.WriteLine($"{file.Key} was accessed {file.Value} time(s).");
81 | }
82 | }
83 | }
84 | }
85 | }
86 | catch
87 | {
88 |
89 | }
90 | }
91 |
92 | private int Detour_ReadFile(
93 | IntPtr handle,
94 | IntPtr bytes,
95 | int numBytesToRead,
96 | out int numBytesRead,
97 | IntPtr mustBeZero)
98 | {
99 | FileIO This = (FileIO)HookRuntimeInfo.Callback;
100 | if (This != null)
101 | {
102 | // Get the file name from the handle and increment the access count
103 | char[] filePath = new char[This.MaxPathLength];
104 | uint filePathLength = Interop.Kernel32.GetFinalPathNameByHandle(handle, filePath, This.MaxPathLength, 0);
105 |
106 | // Check file name and increment the access count if valid
107 | IncrementFileAccessCount(This.FileList, new string(filePath, 0, (int)filePathLength));
108 | }
109 | return Interop.Kernel32.ReadFile(handle, bytes, numBytesToRead, out numBytesRead, mustBeZero);
110 | }
111 |
112 | private int Detour_WriteFile(IntPtr handle,
113 | IntPtr bytes,
114 | int numBytesToWrite,
115 | out int numBytesWritten,
116 | IntPtr overlapped)
117 | {
118 | FileIO This = (FileIO)HookRuntimeInfo.Callback;
119 | if (This != null)
120 | {
121 | // Get the file name from the handle
122 | char[] filePath = new char[This.MaxPathLength];
123 | uint filePathLength = Interop.Kernel32.GetFinalPathNameByHandle(handle, filePath, This.MaxPathLength, 0);
124 |
125 | // Check file name and increment the access count if valid
126 | IncrementFileAccessCount(This.FileList, new string(filePath, 0, (int)filePathLength));
127 | }
128 | return Interop.Kernel32.WriteFile(handle, bytes, numBytesToWrite, out numBytesWritten, overlapped);
129 | }
130 |
131 | ///
132 | /// Increase the number of times a file was accessed from an I/O function.
133 | ///
134 | /// The list of files and their current access count.
135 | /// The name of the file being accessed.
136 | private void IncrementFileAccessCount(Dictionary fileList, string fileName)
137 | {
138 | if (!string.IsNullOrWhiteSpace(fileName))
139 | {
140 | lock (fileList)
141 | {
142 | fileList[fileName] = fileList.ContainsKey(fileName) ? fileList[fileName] + 1 : 1;
143 | }
144 | }
145 | }
146 | }
147 | }
148 |
--------------------------------------------------------------------------------
/src/Windows/FileIO/FileIO.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netstandard2.0
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 | Common\Interop\Windows\Interop.Libraries.cs
13 |
14 |
15 | Common\Interop\Windows\kernel32\Interop.ReadFile_IntPtr.cs
16 |
17 |
18 | Common\Interop\Windows\kernel32\Interop.WriteFile_IntPtr.cs
19 |
20 |
21 | Common\Interop\Windows\kernel32\Interop.GetFinalPathNameByHandle.cs
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/src/Windows/HideProcess/HideProcess.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 | using CoreHook;
4 |
5 | namespace HideProcess
6 | {
7 | public class HideProcess : IEntryPoint
8 | {
9 | // Process structures and GetProcessShortName code from:
10 | // https://github.com/dotnet/corefx/blob/master/src/System.Diagnostics.Process/src/System/Diagnostics/ProcessManager.Windows.cs
11 |
12 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
13 | internal delegate int NtQuerySystemInformationDelegate(int query, IntPtr dataPtr, int size, out int returnedSize);
14 |
15 | [StructLayout(LayoutKind.Sequential)]
16 | internal unsafe struct SystemProcessInformation
17 | {
18 | internal uint NextEntryOffset;
19 | internal uint NumberOfThreads;
20 | private fixed byte Reserved1[48];
21 | internal Interop.UNICODE_STRING ImageName;
22 | internal int BasePriority;
23 | internal IntPtr UniqueProcessId;
24 | private UIntPtr Reserved2;
25 | internal uint HandleCount;
26 | internal uint SessionId;
27 | private UIntPtr Reserved3;
28 | internal UIntPtr PeakVirtualSize; // SIZE_T
29 | internal UIntPtr VirtualSize;
30 | private uint Reserved4;
31 | internal UIntPtr PeakWorkingSetSize; // SIZE_T
32 | internal UIntPtr WorkingSetSize; // SIZE_T
33 | private UIntPtr Reserved5;
34 | internal UIntPtr QuotaPagedPoolUsage; // SIZE_T
35 | private UIntPtr Reserved6;
36 | internal UIntPtr QuotaNonPagedPoolUsage; // SIZE_T
37 | internal UIntPtr PagefileUsage; // SIZE_T
38 | internal UIntPtr PeakPagefileUsage; // SIZE_T
39 | internal UIntPtr PrivatePageCount; // SIZE_T
40 | private fixed long Reserved7[6];
41 | }
42 |
43 | ///
44 | /// Handle for the ntdll.dll!NtQuerySystemInformation function hook.
45 | ///
46 | private IHook _querySysInfo;
47 |
48 | ///
49 | /// The name of the process to hide, for example: notepad.
50 | ///
51 | internal string ProcessName;
52 |
53 | public HideProcess(IContext context, string arg1) { }
54 |
55 | public void Run(IContext context, string processName)
56 | {
57 | // Save the process name to filter out of the list in NtQuerySystemInformation
58 | ProcessName = processName;
59 |
60 | // Detour the ntdll.dll!NtQuerySystemInformation function
61 |
62 | _querySysInfo = LocalHook.Create(
63 | LocalHook.GetProcAddress(Interop.Libraries.NtDll, "NtQuerySystemInformation"),
64 | new NtQuerySystemInformationDelegate(Detour_NtQuerySystemInformation),
65 | this);
66 |
67 | // Activate the detour for all threads
68 | _querySysInfo.Enabled = true;
69 | }
70 |
71 | ///
72 | /// Remove a process from the list returned by NtQuerySystemInformation.
73 | ///
74 | ///
75 | ///
76 | ///
77 | ///
78 | ///
79 | internal static unsafe int Detour_NtQuerySystemInformation(int query, IntPtr dataPtr, int size, out int returnedSize)
80 | {
81 | HideProcess This = (HideProcess)HookRuntimeInfo.Callback;
82 |
83 | var status = Interop.NtDll.NtQuerySystemInformation(query, dataPtr, size, out returnedSize);
84 |
85 | if (status == 0 && query == Interop.NtDll.NtQuerySystemProcessInformation && dataPtr != IntPtr.Zero && This != null)
86 | {
87 | long totalOffset = 0;
88 | while (true)
89 | {
90 | IntPtr currentPtr = (IntPtr)((long)dataPtr + totalOffset);
91 | ref SystemProcessInformation pi = ref *(SystemProcessInformation*)currentPtr;
92 | ref SystemProcessInformation nextPi = ref *(SystemProcessInformation*)(IntPtr)((long)currentPtr + pi.NextEntryOffset);
93 |
94 | if (nextPi.ImageName.Buffer != IntPtr.Zero)
95 | {
96 | string processName = GetProcessShortName(
97 | Marshal.PtrToStringUni(nextPi.ImageName.Buffer,
98 | nextPi.ImageName.Length / sizeof(char)));
99 |
100 | if (processName.Contains(This.ProcessName))
101 | {
102 | if (nextPi.NextEntryOffset == 0)
103 | {
104 | pi.NextEntryOffset = 0;
105 | }
106 | else
107 | {
108 | pi.NextEntryOffset += nextPi.NextEntryOffset;
109 | }
110 | nextPi = pi;
111 | }
112 | }
113 | if (pi.NextEntryOffset == 0)
114 | {
115 | break;
116 | }
117 | totalOffset += pi.NextEntryOffset;
118 | }
119 | }
120 | return status;
121 | }
122 |
123 | ///
124 | /// Get the name of a process.
125 | ///
126 | /// The image path name.
127 | /// The process name
128 | private static string GetProcessShortName(string name)
129 | {
130 | if(string.IsNullOrWhiteSpace(name))
131 | {
132 | return string.Empty;
133 | }
134 |
135 | int slash = -1;
136 | int period = -1;
137 |
138 | for(int i = 0; i < name.Length; ++i)
139 | {
140 | if(name[i] == '\\')
141 | {
142 | slash = i;
143 | }
144 | else if(name[i] == '.')
145 | {
146 | period = i;
147 | }
148 | }
149 | if(period == -1)
150 | {
151 | // Set index to the end of the string
152 | period = name.Length - 1;
153 | }
154 | else
155 | {
156 | string extension = name.Substring(period);
157 |
158 | // Remove the '.exe' extension from the process name,
159 | // otherwise remove the extension
160 | if(string.Equals(".exe", extension, StringComparison.OrdinalIgnoreCase))
161 | {
162 | // Set index to the character before the period
163 | period--;
164 | }
165 | else
166 | {
167 | // Set the index to the end of the string
168 | period = name.Length - 1;
169 | }
170 | }
171 |
172 | if(slash == -1)
173 | {
174 | // Set index to the start of the string
175 | slash = 0;
176 | }
177 | else
178 | {
179 | // Set to the index of the next character
180 | // after the slash
181 | slash++;
182 | }
183 |
184 | return name.Substring(slash, period - slash + 1);
185 | }
186 | }
187 | }
188 |
--------------------------------------------------------------------------------
/src/Windows/HideProcess/HideProcess.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netstandard2.0
5 | 7.3
6 |
7 |
8 |
9 | true
10 |
11 |
12 |
13 | true
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 | Common\Interop\Windows\Interop.Libraries.cs
22 |
23 |
24 | Common\Interop\Windows\Interop.UNICODE_STRING.cs
25 |
26 |
27 | Common\Interop\Windows\NtDll\Interop.NtQuerySystemInformation.cs
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/src/Windows/SocketHook/SocketHook.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Net.Sockets;
3 | using System.Runtime.InteropServices;
4 | using System.Threading;
5 | using System.Threading.Tasks;
6 | using CoreHook;
7 |
8 | namespace SocketHook
9 | {
10 | public class SocketHook : IEntryPoint
11 | {
12 | private IHook _wsaSendHook;
13 | private IHook _wsaRecvHook;
14 | private IHook _recvHook;
15 | private IHook _sendHook;
16 | private IHook _recvfromHook;
17 | private IHook _sendtoHook;
18 |
19 | ///
20 | /// Keep track of the number of times WSASend was called,
21 | /// regardless of return value.
22 | ///
23 | private long _wsaSendBufferCount;
24 |
25 | public SocketHook(IContext context) { }
26 |
27 | ///
28 | /// First method called during plugin load.
29 | /// Can be used to create hooks and initialize
30 | /// variables.
31 | ///
32 | /// Contains any standard information required for each plugin.
33 | public unsafe void Run(IContext context)
34 | {
35 | // Create network function hooks
36 | _wsaRecvHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Ws2_32, "WSARecv"), Detour_WSARecv, this);
37 | _wsaSendHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Ws2_32, "WSASend"), Detour_WsaSend, this);
38 | _recvHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Ws2_32, "recv"), Detour_recv, this);
39 | _sendHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Ws2_32, "send"), Detour_send, this);
40 | _recvfromHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Ws2_32, "recvfrom"), Detour_recvfrom, this);
41 | _sendtoHook = HookFactory.CreateHook(LocalHook.GetProcAddress(Interop.Libraries.Ws2_32, "sendto"), Detour_sendto, this);
42 |
43 | // Enable hooks for all threads
44 | _wsaSendHook.Enabled = true;
45 | _wsaRecvHook.Enabled = true;
46 | _recvHook.Enabled = true;
47 | _sendHook.Enabled = true;
48 | _recvfromHook.Enabled = true;
49 | _sendtoHook.Enabled = true;
50 |
51 | ProcessPackets().GetAwaiter().GetResult();
52 | }
53 |
54 | private async Task ProcessPackets()
55 | {
56 | // Ensure we are running in a new thread
57 | await Task.Yield();
58 | try
59 | {
60 | while (true)
61 | {
62 | Thread.Sleep(500);
63 | if (_wsaSendBufferCount > 0)
64 | {
65 | Console.WriteLine($"Sent data using WSASend {_wsaSendBufferCount} time(s).");
66 | }
67 | }
68 | }
69 | catch
70 | {
71 |
72 | }
73 | }
74 |
75 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
76 | private unsafe delegate SocketError WSASendDelegate(
77 | IntPtr socketHandle,
78 | WSABuffer* buffers,
79 | int bufferCount,
80 | out int bytesTransferred,
81 | SocketFlags socketFlags,
82 | NativeOverlapped* overlapped,
83 | IntPtr completionRoutine);
84 |
85 | private unsafe SocketError Detour_WsaSend(
86 | IntPtr socketHandle,
87 | WSABuffer* buffers,
88 | int bufferCount,
89 | out int bytesTransferred,
90 | SocketFlags socketFlags,
91 | NativeOverlapped* overlapped,
92 | IntPtr completionRoutine)
93 | {
94 | SocketHook This = (SocketHook)HookRuntimeInfo.Callback;
95 | if (This != null)
96 | {
97 | // Increment WSASend send count
98 | This._wsaSendBufferCount++;
99 | }
100 | return Interop.Winsock.WSASend(socketHandle, buffers, bufferCount, out bytesTransferred, socketFlags, overlapped, completionRoutine);
101 | }
102 |
103 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
104 | private unsafe delegate SocketError WSARecvDelegate(
105 | IntPtr socketHandle,
106 | ref WSABuffer buffer,
107 | int bufferCount,
108 | out int bytesTransferred,
109 | ref SocketFlags socketFlags,
110 | NativeOverlapped* overlapped,
111 | IntPtr completionRoutine);
112 |
113 | private static unsafe SocketError Detour_WSARecv(
114 | IntPtr socketHandle,
115 | ref WSABuffer buffer,
116 | int bufferCount,
117 | out int bytesTransferred,
118 | ref SocketFlags socketFlags,
119 | NativeOverlapped* overlapped,
120 | IntPtr completionRoutine)
121 | {
122 | WSABuffer localBuffer = buffer;
123 | return Interop.Winsock.WSARecv(socketHandle, &localBuffer, bufferCount, out bytesTransferred, ref socketFlags, overlapped, completionRoutine);
124 | }
125 |
126 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
127 | internal unsafe delegate int RecvDelegate(
128 | [In] IntPtr socketHandle,
129 | [In] byte* pinnedBuffer,
130 | [In] int len,
131 | [In] SocketFlags socketFlags);
132 |
133 | private unsafe int Detour_recv(
134 | [In] IntPtr socketHandle,
135 | [In] byte* pinnedBuffer,
136 | [In] int len,
137 | [In] SocketFlags socketFlags)
138 | {
139 | return Interop.Winsock.recv(socketHandle, pinnedBuffer, len, socketFlags);
140 | }
141 |
142 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
143 | internal unsafe delegate int SendDelegaqte(
144 | [In] IntPtr socketHandle,
145 | [In] byte* pinnedBuffer,
146 | [In] int len,
147 | [In] SocketFlags socketFlags);
148 |
149 | private unsafe int Detour_send(
150 | [In] IntPtr socketHandle,
151 | [In] byte* pinnedBuffer,
152 | [In] int len,
153 | [In] SocketFlags socketFlags)
154 | {
155 | return Interop.Winsock.send(socketHandle, pinnedBuffer, len, socketFlags);
156 | }
157 |
158 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
159 | internal unsafe delegate int RecvfromDelegate(
160 | [In] IntPtr socketHandle,
161 | [In] byte* pinnedBuffer,
162 | [In] int len,
163 | [In] SocketFlags socketFlags,
164 | [Out] byte[] socketAddress,
165 | [In, Out] ref int socketAddressSize);
166 |
167 | private unsafe int Detour_recvfrom(
168 | [In] IntPtr socketHandle,
169 | [In] byte* pinnedBuffer,
170 | [In] int len,
171 | [In] SocketFlags socketFlags,
172 | [Out] byte[] socketAddress,
173 | [In, Out] ref int socketAddressSize)
174 | {
175 | return Interop.Winsock.recvfrom(socketHandle, pinnedBuffer, len, socketFlags, socketAddress, ref socketAddressSize);
176 | }
177 |
178 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
179 | internal unsafe delegate int SendtoDelegate(
180 | [In] IntPtr socketHandle,
181 | [In] byte* pinnedBuffer,
182 | [In] int len,
183 | [In] SocketFlags socketFlags,
184 | [In] byte[] socketAddress,
185 | [In] int socketAddressSize);
186 |
187 | private unsafe int Detour_sendto(
188 | [In] IntPtr socketHandle,
189 | [In] byte* pinnedBuffer,
190 | [In] int len,
191 | [In] SocketFlags socketFlags,
192 | [In] byte[] socketAddress,
193 | [In] int socketAddressSize)
194 | {
195 | return Interop.Winsock.sendto(socketHandle, pinnedBuffer, len, socketFlags, socketAddress, socketAddressSize);
196 | }
197 | }
198 | }
199 |
--------------------------------------------------------------------------------
/src/Windows/SocketHook/SocketHook.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netstandard2.0
5 |
6 |
7 |
8 | true
9 |
10 |
11 |
12 | true
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 | Common\Interop\Windows\Interop.Libraries.cs
21 |
22 |
23 | Common\Interop\Windows\Winsock\Interop.WSASend.cs
24 |
25 |
26 | Common\Interop\Windows\Winsock\Interop.WSARecv.cs
27 |
28 |
29 | Common\Interop\Windows\Winsock\Interop.recv.cs
30 |
31 |
32 | Common\Interop\Windows\Winsock\Interop.recvfrom.cs
33 |
34 |
35 | Common\Interop\Windows\Winsock\Interop.send.cs
36 |
37 |
38 | Common\Interop\Windows\Winsock\Interop.sendto.cs
39 |
40 |
41 | Common\Interop\Windows\Winsock\WSABuffer.cs
42 |
43 |
44 |
45 |
--------------------------------------------------------------------------------
/src/Windows/SpeedHack/SpeedHack.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 | using CoreHook;
4 |
5 | namespace SpeedHack
6 | {
7 | public class SpeedHack : IEntryPoint
8 | {
9 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
10 | private delegate uint GetTickCountDelegate();
11 |
12 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
13 | private delegate ulong GetTickCount64Delegate();
14 |
15 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
16 | private delegate Interop.BOOL QueryPerformanceCounterDelegate(out long performanceCount);
17 |
18 | [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)]
19 | private delegate uint SleepExDelegate(uint milliSeconds, Interop.BOOL alertable);
20 |
21 | private IHook _getTickCount;
22 | private IHook _getTickCount64;
23 | private IHook _queryPerformanceCounter;
24 | private IHook _sleepEx;
25 |
26 | private float _acceleration;
27 |
28 | // Initial time from GetTickCount
29 | private uint _baseTime;
30 | // Initial time from GetTickCount64
31 | private ulong _baseTime64;
32 | // Intial value of the performance counter
33 | private long _basePerformanceCount;
34 |
35 | public SpeedHack(IContext context, float arg1) { }
36 |
37 | public void Run(IContext context, float acceleration)
38 | {
39 | _acceleration = acceleration;
40 |
41 | // Get current counts to use as a base for modification
42 | _baseTime = Interop.Kernel32.GetTickCount();
43 | _baseTime64 = Interop.Kernel32.GetTickCount64();
44 | Interop.Kernel32.QueryPerformanceCounter(out _basePerformanceCount);
45 |
46 | // Create detours for implementing the speed hack
47 | _getTickCount = LocalHook.Create(
48 | LocalHook.GetProcAddress("kernel32.dll", "GetTickCount"),
49 | new GetTickCountDelegate(Detour_GetTickCount),
50 | this);
51 |
52 | _getTickCount64 = LocalHook.Create(
53 | LocalHook.GetProcAddress("kernel32.dll", "GetTickCount64"),
54 | new GetTickCount64Delegate(Detour_GetTickCount64),
55 | this);
56 |
57 | _queryPerformanceCounter = LocalHook.Create(
58 | LocalHook.GetProcAddress("kernel32.dll", "QueryPerformanceCounter"),
59 | new QueryPerformanceCounterDelegate(Detour_QueryPerformanceCounter),
60 | this);
61 |
62 | _sleepEx = LocalHook.Create(
63 | LocalHook.GetProcAddress("kernel32.dll", "SleepEx"),
64 | new SleepExDelegate(Detour_SleepEx),
65 | this);
66 |
67 | // Enable for all threads except the current thread.
68 | _getTickCount.ThreadACL.SetExclusiveACL(new int[] { 0 });
69 | _getTickCount64.ThreadACL.SetExclusiveACL(new int[] { 0 });
70 | _queryPerformanceCounter.ThreadACL.SetExclusiveACL(new int[] { 0 });
71 | _sleepEx.ThreadACL.SetExclusiveACL(new int[] { 0 });
72 | }
73 |
74 | private uint Detour_GetTickCount()
75 | {
76 | SpeedHack This = (SpeedHack)HookRuntimeInfo.Callback;
77 | var tickCount = Interop.Kernel32.GetTickCount();
78 | return (uint)(This._baseTime + ((tickCount - This._baseTime)) * This._acceleration);
79 | }
80 |
81 | private ulong Detour_GetTickCount64()
82 | {
83 | SpeedHack This = (SpeedHack)HookRuntimeInfo.Callback;
84 | var tickCount = Interop.Kernel32.GetTickCount64();
85 | return (ulong)(This._baseTime64 + ((tickCount - This._baseTime64)) * This._acceleration);
86 | }
87 |
88 | private Interop.BOOL Detour_QueryPerformanceCounter(out long performanceCount)
89 | {
90 | SpeedHack This = (SpeedHack)HookRuntimeInfo.Callback;
91 |
92 | var result = Interop.Kernel32.QueryPerformanceCounter(out long realPerformanceCount);
93 | performanceCount = (long)(This._basePerformanceCount + ((realPerformanceCount - This._basePerformanceCount)) * This._acceleration);
94 | return result;
95 | }
96 |
97 | private uint Detour_SleepEx(uint milliSeconds, Interop.BOOL alertable)
98 | {
99 | SpeedHack This = (SpeedHack)HookRuntimeInfo.Callback;
100 | return Interop.Kernel32.SleepEx((uint)(milliSeconds / This._acceleration), alertable);
101 | }
102 | }
103 | }
104 |
--------------------------------------------------------------------------------
/src/Windows/SpeedHack/SpeedHack.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | netstandard2.0
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 | Common\Interop\Windows\Interop.Libraries.cs
13 |
14 |
15 | Common\Interop\Windows\kernel32\Interop.GetTickCount.cs
16 |
17 |
18 | Common\Interop\Windows\kernel32\Interop.GetTickCount64.cs
19 |
20 |
21 | Common\Interop\Windows\kernel32\Interop.QueryPerformanceCounter.cs
22 |
23 |
24 | Common\Interop\Windows\kernel32\Interop.SleepEx.cs
25 |
26 |
27 | Common\Interop\Windows\Interop.BOOL.cs
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------