C# How to output to GUI when data is coming via an interface via MarshalByRefObject?
Posted
by Tom
on Stack Overflow
See other posts from Stack Overflow
or by Tom
Published on 2010-05-27T22:00:11Z
Indexed on
2010/05/27
22:01 UTC
Read the original article
Hit count: 131
Hey, can someone please show me how i can write the output of OnCreateFile to a GUI? I thought the GUI would have to be declared at the bottom in the main function, so how do i then refer to it within OnCreateFile?
using System;
using System.Collections.Generic;
using System.Runtime.Remoting;
using System.Text;
using System.Diagnostics;
using System.IO;
using EasyHook;
using System.Drawing;
using System.Windows.Forms;
namespace FileMon
{
public class FileMonInterface : MarshalByRefObject
{
public void IsInstalled(Int32 InClientPID)
{
//Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);
}
public void OnCreateFile(Int32 InClientPID, String[] InFileNames)
{
for (int i = 0; i < InFileNames.Length; i++)
{
String[] s = InFileNames[i].ToString().Split('\t');
if (s[0].ToString().Contains("ROpen"))
{
//Console.WriteLine(DateTime.Now.Hour+":"+DateTime.Now.Minute+":"+DateTime.Now.Second+"."+DateTime.Now.Millisecond + "\t" + s[0] + "\t" + getProcessName(int.Parse(s[1])) + "\t" + getRootHive(s[2]));
Program.ff.enterText(DateTime.Now.Hour + ":" + DateTime.Now.Minute + ":" + DateTime.Now.Second + "." + DateTime.Now.Millisecond + "\t" + s[0] + "\t" + getProcessName(int.Parse(s[1])) + "\t" + getRootHive(s[2]));
}
else if (s[0].ToString().Contains("RQuery"))
{
Console.WriteLine(DateTime.Now.Hour + ":" + DateTime.Now.Minute + ":" + DateTime.Now.Second + "." + DateTime.Now.Millisecond + "\t" + s[0] + "\t" + getProcessName(int.Parse(s[1])) + "\t" + getRootHive(s[2]));
}
else if (s[0].ToString().Contains("RDelete"))
{
Console.WriteLine(DateTime.Now.Hour + ":" + DateTime.Now.Minute + ":" + DateTime.Now.Second + "." + DateTime.Now.Millisecond + "\t" + s[0] + "\t" + getProcessName(int.Parse(s[0])) + "\t" + getRootHive(s[1]));
}
else if (s[0].ToString().Contains("FCreate"))
{
//Console.WriteLine(DateTime.Now.Hour+":"+DateTime.Now.Minute+":"+DateTime.Now.Second+"."+DateTime.Now.Millisecond + "\t" + s[0] + "\t" + getProcessName(int.Parse(s[1])) + "\t" + s[2]);
}
}
}
public void ReportException(Exception InInfo)
{
Console.WriteLine("The target process has reported an error:\r\n" + InInfo.ToString());
}
public void Ping()
{
}
public String getProcessName(int ID)
{
String name = "";
Process[] process = Process.GetProcesses();
for (int i = 0; i < process.Length; i++)
{
if (process[i].Id == ID)
{
name = process[i].ProcessName;
}
}
return name;
}
public String getRootHive(String hKey)
{
int r = hKey.CompareTo("2147483648");
int r1 = hKey.CompareTo("2147483649");
int r2 = hKey.CompareTo("2147483650");
int r3 = hKey.CompareTo("2147483651");
int r4 = hKey.CompareTo("2147483653");
if (r == 0)
{
return "HKEY_CLASSES_ROOT";
}
else if (r1 == 0)
{
return "HKEY_CURRENT_USER";
}
else if (r2 == 0)
{
return "HKEY_LOCAL_MACHINE";
}
else if (r3 == 0)
{
return "HKEY_USERS";
}
else if (r4 == 0)
{
return "HKEY_CURRENT_CONFIG";
}
else return hKey.ToString();
}
}
class Program : System.Windows.Forms.Form
{
static String ChannelName = null;
public static Form1 ff;
Program() // ADD THIS CONSTRUCTOR
{
InitializeComponent();
}
static void Main()
{
try
{
Config.Register("A FileMon like demo application.", "FileMon.exe", "FileMonInject.dll");
RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);
Process[] p = Process.GetProcesses();
for (int i = 0; i < p.Length; i++)
{
try
{
RemoteHooking.Inject(p[i].Id, "FileMonInject.dll", "FileMonInject.dll", ChannelName);
}
catch (Exception e)
{
}
}
}
catch (Exception ExtInfo)
{
Console.WriteLine("There was an error while connecting to target:\r\n{0}", ExtInfo.ToString());
}
}
}
}
© Stack Overflow or respective owner
