easyhook

I managed to write a semiworking EasyHook example that hooks recv function. I wrote a form, added a WebBrowser component, and started the application. The problem is, I get the HTTP packets, but if there's a socket, it seems that recv stops "hooking". The problem is, with an external application, Spystudio, I can get them hooking recv. So, what am I missing? using System; using System.Collections.Generic; using System.Data; using System.Runtime.InteropServices; using System.Threading; using System.Text; using System.Windows.Forms; using System.Diagnostics; using System.IO; using System.Runtime

How can both the IPC client and IPC server call the shared remoting interface (the class inheriting MarshalByRefObject) to communicate, without having to put the interface class inside in the injecting application? For example, if I put the interface class in the injected library project that gets injected into my target process, my injecting application cannot reference that interface. Edit: I have answered the question below. Jason As of EasyHook Commit 66751 (tied to EasyHook 2.7 alpha), it doesn't seem possible to get the instance of the remoting interface in both the client (that process

In this tutorial we will create a remote file monitor using EasyHook. We will cover how to: 使用EasyHook创建一个全局文件监控程序，包括 Inject a managed assembly into an existing target process based on the process Id 将托管程序集(dll)注入到已存在的进程ID Inject a managed assembly into a newly created (and suspended) process using path to executable 将托管程序集(dll)注入到新创建（并且挂起）的进程（通过该进程运行的路径注入） Create local hooks within the remote process to monitor 3 file operations (CreateFile, ReadFile and WriteFile) 通过远程程序创建本地hook，完成CreateFile, ReadFile 和WriteFile3种操作 Report file accesses back to the main console application using .NET inter