这是另外一个类 public class FileMonInterface : MarshalByRefObject { public void IsInstalled(Int32 InClientPID) { Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID); } public void OnCreateFile(Int32 InClientPID, String[] InFileNames) { for (int i = 0; i < InFileNames.Length; i++) { Console.WriteLine(InFileNames[i]); } } public void ReportException(Exception InInfo) { Console.WriteLine("The target process has reported an error:\r\n" + InInfo.ToString()); } public void Ping() {
{
public void IsInstalled(Int32 InClientPID)
{
Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);
} public void OnCreateFile(Int32 InClientPID, String[] InFileNames)
{
for (int i = 0; i < InFileNames.Length; i++)
{
Console.WriteLine(InFileNames[i]);
}
} public void ReportException(Exception InInfo)
{
Console.WriteLine("The target process has reported an error:\r\n" + InInfo.ToString());
} public void Ping()
{
}
}
static String ChannelName = null; static void Main(string[] args)
{
Int32 TargetPID = 1740; //if ((args.Length != 1) || !Int32.TryParse(args[0], out TargetPID))
//{
// Console.WriteLine();
// Console.WriteLine("Usage: FileMon %PID%");
// Console.WriteLine(); // return;
//} try
{
try
{
Config.Register(
"A FileMon like demo application.",
"FileMon.exe",
"FileMonInject.dll");
}
catch (ApplicationException ex)
{
MessageBox.Show("This is an administrative task!"+ex.Message, "Permission denied...", MessageBoxButtons.OK); System.Diagnostics.Process.GetCurrentProcess().Kill();
} RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);
RemoteHooking.Inject(
TargetPID,
"FileMonInject.dll",
"FileMonInject.dll",
ChannelName);
Console.ReadLine();
}
catch (Exception ExtInfo)
{
Console.WriteLine("There was an error while connecting to target:\r\n{0}", ExtInfo.ToString());
}
}
byte[] sendBytes = new byte[len];
Marshal.Copy(ff, sendBytes, 0, sendBytes.Length); string recvString = byteToHexStr(sendBytes);
This.Queue.Push(recvString);