EasyHook Creating a remote file monitor

▼魔方 西西 提交于 2019-11-27 16:55:45

In this tutorial we will create a remote file monitor using EasyHook. We will cover how to:

使用EasyHook创建一个全局文件监控程序,包括

 
  1. Inject a managed assembly into an existing target process based on the process Id
  2. 将托管程序集(dll)注入到已存在的进程ID
  3. Inject a managed assembly into a newly created (and suspended) process using path to executable
  4. 将托管程序集(dll)注入到新创建(并且挂起)的进程(通过该进程运行的路径注入)
  5. Create local hooks within the remote process to monitor 3 file operations (CreateFile, ReadFile and WriteFile)
  6. 通过远程程序创建本地hook,完成CreateFile, ReadFile 和WriteFile3种操作
  7. Report file accesses back to the main console application using .NET inter-process communication (IPC)

For this tutorial we will be creating a solution with two projects:

  • FileMonitor: a C# console application; and
  • FileMonitorHook: a C# class library that contains the hook logic and the IPC interface. This assembly is our injection payload.
标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!