Permalink
Browse files

couple fixes on Window handle and process injection

  • Loading branch information...
1 parent acaa081 commit 731c3f6e5510025609a51020adbad23705005ae7 @DinisCruz DinisCruz committed Nov 30, 2012
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<H2>
- <SourceCode>//var topPanel = panel.clear().add_Panel();
+ <SourceCode>//var topPanel = panel.clear().add_Panel();
var topPanel = "Util - Inject O2 into Other processes v2.0".popupWindow(1200,600);
topPanel.insert_LogViewer();
@@ -11,7 +11,7 @@ var tabPanel = topPanel.insert_Right().add_TabControl();
var selectedProcessTab = tabPanel.add_Tab("Selected Process details").add_Panel();
//var modulesTreeView = tabPanel.add_Tab("Selected Process Modules List").add_TreeView_with_PropertyGrid().sort();
-var modulesTreeView = selectedProcessTab.insert_Below("Selected Process Modules List").add_TreeView_with_PropertyGrid(false).sort();
+var modulesTreeView = selectedProcessTab.insert_Below("Selected Process Modules List").add_TreeView_with_PropertyGrid(false).sort();
var processScreenshot = modulesTreeView.insert_Left(100).add_PictureBox();
//processesTreeView.splitContainer().splitterDistance(300);
//modulesTreeView.splitContainer().splitterDistance(300);
@@ -37,10 +37,10 @@ processesTreeView.afterSelect&lt;Process&gt;(
modulesTreeView.clear();
selectedProcessTab.parent&lt;TabPage&gt;().set_Text("Selected process: {0} (id: {1})".format(process.ProcessName, process.Id));
//modulesTreeView.parent&lt;GroupBox&gt;()
- O2Thread.mtaThread(
- ()=&gt;{
- processScreenshot.load(selectedProcess.screenshot_MainWindow() as Image);
- selectedProcessTab.add_FlowLayoutPanel_with_DetectedModules(process);
+ O2Thread.mtaThread(
+ ()=&gt;{
+ processScreenshot.load(selectedProcess.handle().window_ScreenShot() as Image);
+ selectedProcessTab.add_FlowLayoutPanel_with_DetectedModules(process);
});
try
{
@@ -60,7 +60,7 @@ processesTreeView.afterSelect&lt;Process&gt;(
modulesTreeView.pink()
.add_Node("Can't access Module list").treeView()
.add_Node("Exception: {0}".format(ex.Message.info()));
- }
+ }
});
@@ -85,15 +85,15 @@ Action injectO2IntoProcess =
o2Injector.injectIntoProcess(selectedProcess, x64_CheckBox.value(), runtime40_CheckBox.value());
};
-processesTreeView.insert_Below_ToolStrip()
- .add_Button("Refresh", "view_refresh".formImage(), ()=&gt; refreshProcessList())
- .add_Button("Process Properties", "btSettings_Image".formImage(), ()=&gt; processesTreeView.selected().Tag.showInfo())
- .add_Button("Bring to front", "preferences_desktop_locale".formImage(), ()=&gt; selectedProcess.process_MainWindow_BringToFront())
+processesTreeView.insert_Below_ToolStrip()
+ .add_Button("Refresh", "view_refresh".formImage(), ()=&gt; refreshProcessList()).toolStrip()
+ .add_Button("Process Properties", "btSettings_Image".formImage(), ()=&gt; processesTreeView.selected().Tag.showInfo()).toolStrip()
+ .add_Button("Bring to front", "preferences_desktop_locale".formImage(), ()=&gt; selectedProcess.process_MainWindow_BringToFront()).toolStrip()
.add_Button("Stop Process", "process_stop".formImage(), () =&gt; { selectedProcess.stop(); refreshProcessList();});
selectedProcessTab.insert_ToolStrip()
- .add_Button("Inject O2 into Process","btExecuteSelectedMethod_Image".formImage(), ()=&gt;injectO2IntoProcess())
+ .add_Button("Inject O2 into Process","btExecuteSelectedMethod_Image".formImage(), ()=&gt;injectO2IntoProcess()).toolStrip()
.add_CheckBox("x64",ref x64_CheckBox)
.add_CheckBox(".Net 40 runtime",ref runtime40_CheckBox);
@@ -58,16 +58,29 @@ public static class API_Win32_Handle_Hijack_ExtensionMethods
};
Action hijack =
- ()=>{
+ ()=>{
restore();
var handle = targetHandle.get_Text().toInt().intPtr();
- var newParent = hijackedWindow.handle();
+ var newParent = hijackedWindow.clear().handle();
"Hijacking {0} into window {1}".info(handle, newParent);
hijackedHandle = handle;
hijackedParent = parentHandle.get_Text().toInt().intPtr();
handle.setParent(newParent);
};
-
+ Action screenShot =
+ ()=>{
+ restore();
+ try
+ {
+ var handle = targetHandle.get_Text().toInt().intPtr();
+ var bitmap = handle.window_ScreenShot();
+ hijackedWindow.clear().add_PictureBox().layout_Zoom().show(bitmap);
+ }
+ catch(Exception ex)
+ {
+ ex.log();
+ }
+ };
Action<IntPtr> setTarget =
(handle)=>{
targetHandle.set_Text(handle.str());
@@ -82,6 +95,7 @@ public static class API_Win32_Handle_Hijack_ExtensionMethods
.append_Label("Parent:").top(10).append_TextBox(ref parentHandle)
.append_Link("Hijack", ()=> hijack()).top(10)
.append_Link("Restore", ()=> restore())
+ .append_Link("Screenshot", ()=> screenShot())
.append_PictureBox(ref pictureBox)
// .append_TextBox(ref test).set_Text("Hijack me").top(10)
.append_Label(ref className).topAdd(2);
@@ -94,12 +108,28 @@ public static class API_Win32_Handle_Hijack_ExtensionMethods
// setTarget(test.handle());
- pictureBox.layout_Zoom();
+ pictureBox.layout_Zoom();
hostPanel.onClosed(
()=>{
"On Closed".info();
restore();
});
+ var groupBox = hijackedWindow.parent();;
+ var originalText = groupBox.get_Text();
+ groupBox.DoubleClick+=(sender,e)=>
+ {
+ var collapsed = groupBox.splitContainer().Panel1Collapsed;
+ if (collapsed)
+ {
+ groupBox.splitContainer().panel1Collapsed(false);
+ groupBox.set_Text(originalText);
+ }
+ else
+ {
+ groupBox.splitContainer().panel1Collapsed(true);
+ groupBox.set_Text("X");
+ }
+ };
return hostPanel;
}
}
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<H2>
+ <SourceCode>//var topPanel = panel.add_Panel(true);
+var topPanel = "PoC - View Handle History".popupWindow();
+var pictureBox = topPanel.add_PictureBox().layout_Zoom();
+var treeView = pictureBox.insert_Left(200).add_TreeView()
+ .afterSelect&lt;IntPtr&gt;(
+ (intPtr)=&gt;{
+ try
+ {
+ pictureBox.show(intPtr.window_ScreenShot());
+ intPtr.str().clipboardText_Set();
+ }
+ catch(Exception ex)
+ {
+ ex.log();
+ }
+ //pictureBox.show();
+ })
+ .beforeExpand&lt;IntPtr&gt;(
+ (treeNode, intPtr)=&gt;{
+ treeNode.add_Node("Parent: " + intPtr.parent().str(), intPtr.parent(), intPtr.parent().parent().notNull());
+ treeNode.add_Node("Child Windows")
+ .add_Nodes(intPtr.child_Windows_with_CurrentParent(),
+ (ip)=&gt; "{0} : {1}".format(ip, ip.className(), intPtr,true));
+ });
+
+topPanel.insert_Above(20).add_Label("Handle: ")
+ .append_TextBox("")
+ .onTextChange(
+ (text)=&gt;{
+ var handle = text.toInt().intPtr();
+ treeView.clear();
+ treeView.add_Node(handle.str(), handle, true);
+ //treeView.add_Node("Child Windows").add_Nodes(handle.child_Windows());
+ });
+
+//O2Ref:tmp909E.tmp.dll</SourceCode>
+ <ReferencedAssemblies />
+</H2>
@@ -4,13 +4,13 @@
var topPanel = "Util - Win32 Window Handle Hijack (Multiple Guis)".popupWindow(1000,500);
var parentForm = topPanel.parentForm();
-parentForm.insert_Right().add_Handle_HijackGui()
+parentForm.insert_Right().add_Handle_HijackGui()
.insert_Below().add_Handle_HijackGui();
topPanel.add_Handle_HijackGui()
.insert_Below().add_Handle_HijackGui();
Application.Run();
-//O2File:API_Win32_Handle_Hijack.cs
+//O2File:API_Win32_Handle_Hijack.cs
//O2Package:target.ico</SourceCode>
<ReferencedAssemblies />
</H2>
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<H2>
- <SourceCode>//O2Tag:SkipGlobalCompilation
-
+ <SourceCode>//O2Tag:SkipGlobalCompilation
+
Action&lt;string&gt; openScanFile =
(scanFileToLoad)=&gt;{
if (scanFileToLoad.fileExists())

0 comments on commit 731c3f6

Please sign in to comment.