STRLCPY/DotDumper

Release of version 1.0
ThisIsLibra committed 2 years ago

7c67b868

1 parent 8e6165b7

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Showing first 19 files as there are too many

■ ■ ■ ■ ■ ■

DotDumper/ArgumentHandler.cs

1	+	using System;
2	+	using System.IO;
3	+	using System.Reflection;
4	+
5	+	namespace DotDumper
6	+	{
7	+	/// <summary>
8	+	/// This class handles user-provided arguments by parsing them, and updating the fields in the Config class when need be. At last, a check is performed to ensure that the required arguments are provided.
9	+	/// </summary>
10	+	class ArgumentHandler
11	+	{
12	+	#region Argument markers and descriptions
13	+	/// <summary>
14	+	/// The marker for the sample path (equals "-file")
15	+	/// </summary>
16	+	public const string SamplePathMarker = "-file";
17	+
18	+	/// <summary>
19	+	/// The description for the sample path
20	+	/// </summary>
21	+	public const string SamplePathDescription = "The complete path to the file to launch. This is the only mandatory argument, if the provided file has\n\t\tan entry point";
22	+
23	+	/// <summary>
24	+	/// The marker for the logging folder name (equals "-log")
25	+	/// </summary>
26	+	public const string LoggingFolderNameMarker = "-log";
27	+
28	+	/// <summary>
29	+	/// The description of the logging folder name
30	+	/// </summary>
31	+	public const string LoggingFolderNameDescription = "The name of the folder to place artifacts in, which will be placed within the same folder as the given sample.\n\t\tIf this argument is missing, the sample's file name will be used.";
32	+
33	+	/// <summary>
34	+	/// The marker for the deprecated function inclusion/exclusion
35	+	/// </summary>
36	+	public const string DeprecatedFunctionMarker = "-deprecated";
37	+
38	+	/// <summary>
39	+	/// The description for the deprecated function inclusion/exclusion
40	+	/// </summary>
41	+	public const string DeprecatedFunctionDescription = "Hook deprecated functions, needs to be true or false. The default value is true";
42	+
43	+	/// <summary>
44	+	/// The marker for the argument which decides if the loaded hooks should be displayed
45	+	/// </summary>
46	+	public const string LogHooksMarker = "-displayHooks";
47	+
48	+	/// <summary>
49	+	/// The description for the logging of all loaded hooks
50	+	/// </summary>
51	+	public const string LogHooksDescription = "Print all hooked functions upon startup, needs to be true or false. The default value is true";
52	+
53	+	/// <summary>
54	+	/// The race condition marker, which indicates an overwrite of the delay on the race condition timer
55	+	/// </summary>
56	+	public const string RaceConditionDueTimeMarker = "-raceTime";
57	+
58	+	/// <summary>
59	+	/// The decription of the race condition delay argument
60	+	/// </summary>
61	+	public const string RaceConditionDueTimeDescription = "The amount of milliseconds that are between the hook and re-hook of Invoke-related functions.\n\t\tThe default value is 20";
62	+
63	+	/// <summary>
64	+	/// Decides if the entry point of the binary should be ignored
65	+	/// </summary>
66	+	public const string OverrideEntryPointMarker = "-overrideEntry";
67	+
68	+	/// <summary>
69	+	/// The description of the override functionality
70	+	/// </summary>
71	+	public const string OverrideEntryPointDescription = "Defines if the default entry point should be overridden, needs to be true or false. The default value\n\t\tis false. The use of -fqcn and -functionName is mandatory with this argument, whereas -args and\n\t\t-argc are optional (though both -args and -argc need to be used together when they are used).";
72	+
73	+	/// <summary>
74	+	/// The marker for the fully qualified class name (including the namespace)
75	+	/// </summary>
76	+	public const string DllFullyQualifiedClassNameMarker = "-fqcn";
77	+
78	+	/// <summary>
79	+	/// The description of the fully qualified class name (including the namespace)
80	+	/// </summary>
81	+	public const string DllFullyQualifiedClassDescription = "The fully qualified class, including namespace, to find the function in. Only used when overriding\n\t\tthe entry point. Needs to be used together with -functionName.";
82	+
83	+	/// <summary>
84	+	/// The marker for the function name
85	+	/// </summary>
86	+	public const string DllFunctionNameMarker = "-functionName";
87	+
88	+	/// <summary>
89	+	/// The description for the function name's description
90	+	/// </summary>
91	+	public const string DllFunctionNameDescription = "The function name to call, excluding types and parameters, within the fully qualified class.\n\t\tOnly used when overriding the entry point. Needs to be used together with -fqcn.";
92	+
93	+	/// <summary>
94	+	/// The marker for the arguments
95	+	/// </summary>
96	+	public const string PayloadArgumentsMarker = "-args";
97	+
98	+	/// <summary>
99	+	/// The description for the arguments
100	+	/// </summary>
101	+	public const string PayloadArgumentsDescription = "The arguments for the function, providing the type and value at once, split by a pipe,\n\t\tsuch as int\|7, double\|3.14, or string\|myValue\n\t\tThe following types are supported: bool, byte, sbyte, char, decimal, double, float, int, uint, long,\n\t\tulong, short, ushort, string, as well as arrays of each of those types. Arrays are indicated using \"[]\"\n\t\tdirectly after the type, such as \"string[]\". The values are to be split using commas.\n\t\tAn example: string[]\|string1,string2,string3\n\t\tNull is also possible, but note that this value (or lack thereof) should not be capitalised.\n\t\tNeeds to be used together with -argc.";
102	+
103	+	/// <summary>
104	+	/// The index of the first argument in the provided array of DotDumper arguments by the user
105	+	/// </summary>
106	+	private static int PayloadArgumentsIndex = -1;
107	+
108	+	/// <summary>
109	+	/// The marker for the argument count
110	+	/// </summary>
111	+	public const string PayloadArgumentCountMarker = "-argc";
112	+
113	+	/// <summary>
114	+	/// The description for the argument count
115	+	/// </summary>
116	+	public const string PayloadArgumentCountDescription = "The number of arguments that are provided, as an integer. Needs to be used together with -args.";
117	+
118	+	/// <summary>
119	+	/// The amount of arguments, as provided by the user
120	+	/// </summary>
121	+	private static int PayloadArgumentCount = -1;
122	+
123	+	/// <summary>
124	+	/// The marker to decide if sleep calls should be skipped
125	+	/// </summary>
126	+	public const string SleepSkipMarker = "-sleepSkip";
127	+
128	+	/// <summary>
129	+	/// The description for the sleep skip functionality
130	+	/// </summary>
131	+	public const string SleepSkipDescription = "Defines if Thread.Sleep calls need to be skipped, needs to be true or false. The default value is true.";
132	+
133	+	/// <summary>
134	+	/// The marker to decide if logs should be printed to the console
135	+	/// </summary>
136	+	public const string ConsolePrintingMarker = "-console";
137	+
138	+	/// <summary>
139	+	/// The description for the optional console logging functionality
140	+	/// </summary>
141	+	public const string ConsolePrintingDescription = "Defines if the logging should be printed to the console window or not. The default value is true.";
142	+
143	+	/// <summary>
144	+	/// The help marker
145	+	/// </summary>
146	+	public const string HelpMarker = "-help";
147	+
148	+	/// <summary>
149	+	/// The description of the help marker
150	+	/// </summary>
151	+	public const string HelpDescription = "Prints the help menu. This cannot be used in combination with other options, as they will be ignored.";
152	+	#endregion
153	+
154	+	/// <summary>
155	+	/// A helper function to combine a marker and a description, including the required newlines and tabs
156	+	/// </summary>
157	+	/// <param name="marker">The marker to combine with the description</param>
158	+	/// <param name="description">The description to combine with the marker</param>
159	+	/// <returns>The combined marker and description</returns>
160	+	private static string CombineMarkerAndDescription(string marker, string description)
161	+	{
162	+	return marker + "\n" +
163	+	"\t\t" + description + "\n";
164	+	}
165	+
166	+	/// <summary>
167	+	/// A helper function to get the complete help message as a single string
168	+	/// </summary>
169	+	/// <returns>The complete help message</returns>
170	+	private static string GetHelpMessage()
171	+	{
172	+	//Initialises the program's version, and a note that all arguments are case sensitive
173	+	string help = Program.VERSION + "\n" +
174	+	"Note that all arguments are cases sensitive!\n";
175	+
176	+	//Adds all the markers and their descriptions into the help message
177	+	help += CombineMarkerAndDescription(SamplePathMarker, SamplePathDescription);
178	+	help += CombineMarkerAndDescription(LoggingFolderNameMarker, LoggingFolderNameDescription);
179	+	help += CombineMarkerAndDescription(DeprecatedFunctionMarker, DeprecatedFunctionDescription);
180	+	help += CombineMarkerAndDescription(LogHooksMarker, LogHooksDescription);
181	+	help += CombineMarkerAndDescription(RaceConditionDueTimeMarker, RaceConditionDueTimeDescription);
182	+	help += CombineMarkerAndDescription(OverrideEntryPointMarker, OverrideEntryPointDescription);
183	+	help += CombineMarkerAndDescription(DllFullyQualifiedClassNameMarker, DllFullyQualifiedClassDescription);
184	+	help += CombineMarkerAndDescription(DllFunctionNameMarker, DllFunctionNameDescription);
185	+	help += CombineMarkerAndDescription(PayloadArgumentsMarker, PayloadArgumentsDescription);
186	+	help += CombineMarkerAndDescription(PayloadArgumentCountMarker, PayloadArgumentCountDescription);
187	+	help += CombineMarkerAndDescription(SleepSkipMarker, SleepSkipDescription);
188	+	help += CombineMarkerAndDescription(ConsolePrintingMarker, ConsolePrintingDescription);
189	+	help += CombineMarkerAndDescription(HelpMarker, HelpDescription);
190	+
191	+	//Adds the well known message to keep the console open, if it wasn't launched via a terminal
192	+	help += "\nPress any key to exit...";
193	+
194	+	//Return the complete message
195	+	return help;
196	+	}
197	+
198	+	/// <summary>
199	+	/// Checks if the help marker is used as an argument at any point, or if the given array is null or empty. If any of the mentioned conditions is met, the help menu is printed, after which DotDumper will await for the user to press any key, leading to DotDumper's shutdown.
200	+	/// </summary>
201	+	/// <param name="args">The args array to check for the help parameter</param>
202	+	private static void CheckHelp(string[] args)
203	+	{
204	+	//Declare the variable which will incidate if the help marker has been found
205	+	bool help = false;
206	+
207	+	//If the provided argument is null or empty, the help menu must be shown, as one at least needs to provide a file to DotDumper
208	+	if (args == null \|\| args.Length == 0)
209	+	{
210	+	help = true;
211	+	}
212	+	else
213	+	{
214	+	//If it is not null nor empty, iterate over all arguments
215	+	for (int i = 0; i < args.Length; i++)
216	+	{
217	+	//Check if the current argument equals the helpmarker
218	+	if (args[i].Equals(HelpMarker))
219	+	{
220	+	//Set the help variable to true
221	+	help = true;
222	+	//Break the loop, as the help marker has been found
223	+	break;
224	+	}
225	+	}
226	+	}
227	+
228	+	//If the help variable is true
229	+	if (help)
230	+	{
231	+	//Get and write the help message
232	+	Console.WriteLine(GetHelpMessage());
233	+	//Wait for any user input
234	+	Console.ReadKey();
235	+	//Exit
236	+	Environment.Exit(0);
237	+	}
238	+	//If the variable is false, nothing has to be done
239	+	}
240	+
241	+	/// <summary>
242	+	/// Parses the arguments and sets the config fields that need to be updated based on the arguments. The checks afterwards ensure that only correct combinations of arguments are allowed, or an error is thrown.
243	+	/// </summary>
244	+	/// <param name="args"></param>
245	+	public static void ParseArguments(string[] args)
246	+	{
247	+	//Check if the help marker is provided. If so, this function does not return
248	+	CheckHelp(args);
249	+
250	+	//Open the try block to handle wrong argument exceptions
251	+	try
252	+	{
253	+	//Declare i prior to the loop, as it is also used outside of the loop in some cases
254	+	int i;
255	+	for (i = 0; i < args.Length; i++)
256	+	{
257	+	//Get the current argument, in lower case
258	+	string arg = args[i];
259	+
260	+	//Check if the next index exists, as the marker is always accompanied by at least one argument
261	+	if (NextIndexExists(args, i))
262	+	{
263	+	//Get the value of the next index, which is known to exist at this point
264	+	string value = args[i + 1];
265	+
266	+	//Handle all marker options (aside from the help one, which was handled before the try block)
267	+	if (IsEqual(arg, SamplePathMarker))
268	+	{
269	+
270	+	//Check if the sample is located in the current working directory
271	+	string filePath = Directory.GetCurrentDirectory() + @"\" + value;
272	+	if (File.Exists(filePath))
273	+	{
274	+	Config.SamplePath = filePath;
275	+	continue;
276	+	}
277	+
278	+	//Check if the sample is located in the same folder as DotDumper
279	+	filePath = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location) + @"\" + value;
280	+	if (File.Exists(filePath))
281	+	{
282	+	Config.SamplePath = filePath;
283	+	continue;
284	+	}
285	+
286	+	//Check if a full path is given, but only after the two other defined directions have been checked, as the Assembly object can only be loaded with a full path, not a relative one
287	+	if (File.Exists(value))
288	+	{
289	+	Config.SamplePath = value;
290	+	continue;
291	+	}
292	+
293	+	//Throw an error if none of the above options results in a match with a file on the user's file system
294	+	throw new Exception("The provided sample path at \"" + value + "\" does not exist, and cannot be found in the current working directory nor in DotDumper's folder!");
295	+	}
296	+	else if (IsEqual(arg, LoggingFolderNameMarker))
297	+	{
298	+	Config.LoggerFolder = value;
299	+	}
300	+	else if (IsEqual(arg, DeprecatedFunctionMarker))
301	+	{
302	+	try
303	+	{
304	+	Config.IncludeDeprecatedFunctions = Convert.ToBoolean(value);
305	+	}
306	+	catch (Exception ex)
307	+	{
308	+	throw new Exception("The boolean to determine if deprecated functions should also be hooked is not a valid boolean: \"" + value + "\"!");
309	+	}
310	+	}
311	+	else if (IsEqual(arg, LogHooksMarker))
312	+	{
313	+	try
314	+	{
315	+	Config.LogHooks = Convert.ToBoolean(value);
316	+	}
317	+	catch (Exception ex)
318	+	{
319	+	throw new Exception("The boolean to determine if the hooks should be logged is not a valid boolean: \"" + value + "\"!");
320	+	}
321	+	}
322	+	else if (IsEqual(arg, RaceConditionDueTimeMarker))
323	+	{
324	+	try
325	+	{
326	+	int raceConditionTime = Convert.ToInt32(value);
327	+	if (raceConditionTime <= 0)
328	+	{
329	+	throw new Exception();
330	+	}
331	+	Config.RaceConditionDueTime = raceConditionTime;
332	+	}
333	+	catch (Exception ex)
334	+	{
335	+	throw new Exception("The integer to determine the duration of the time the timer should wait before rehooking invoke related functions is not a valid integer with a size of more than zero: \"" + value + "\"!");
336	+	}
337	+	}
338	+	else if (IsEqual(arg, OverrideEntryPointMarker))
339	+	{
340	+	try
341	+	{
342	+	Config.OverrideEntryPoint = Convert.ToBoolean(value);
343	+	}
344	+	catch (Exception ex)
345	+	{
346	+	throw new Exception("The boolean to determine if a user-specified entry point should be used is not a valid boolean: \"" + value + "\"!");
347	+	}
348	+	}
349	+	else if (IsEqual(arg, DllFullyQualifiedClassNameMarker))
350	+	{
351	+	Config.DllFullyQualifiedClassName = value;
352	+	}
353	+	else if (IsEqual(arg, DllFunctionNameMarker))
354	+	{
355	+	Config.DllFunctionName = value;
356	+	}
357	+	else if (IsEqual(arg, PayloadArgumentsMarker))
358	+	{
359	+	PayloadArgumentsIndex = i + 1;
360	+	}
361	+	else if (IsEqual(arg, PayloadArgumentCountMarker))
362	+	{
363	+	try
364	+	{
365	+	int argCount = Convert.ToInt32(value);
366	+	if (argCount <= 0)
367	+	{
368	+	throw new Exception();
369	+	}
370	+	PayloadArgumentCount = argCount;
371	+	}
372	+	catch (Exception ex)
373	+	{
374	+	throw new Exception("The integer that indicates the amount of arguments the function requires is not a valid integer that is bigger than one: \"" + value + "\"!");
375	+	}
376	+	}
377	+	else if (IsEqual(arg, SleepSkipMarker))
378	+	{
379	+	try
380	+	{
381	+	Config.SleepSkip = Convert.ToBoolean(value);
382	+	}
383	+	catch (Exception ex)
384	+	{
385	+	throw new Exception("The boolean to determine if sleep calls need to be skipped is not a valid boolean: \"" + value + "\"!");
386	+	}
387	+	}
388	+	else if (IsEqual(arg, ConsolePrintingMarker))
389	+	{
390	+	try
391	+	{
392	+	Config.PrintLogsToConsole = Convert.ToBoolean(value);
393	+	}
394	+	catch (Exception ex)
395	+	{
396	+	throw new Exception("The boolean to determine if logs need to be printed to the console window is not a valid boolean: \"" + value + "\"!");
397	+	}
398	+	}
399	+	}
400	+	}
401	+
402	+	#region Mandatory value checks
403	+	//If no sample was provided, an error is thrown
404	+	if (Config.SamplePath == null)
405	+	{
406	+	throw new Exception("No file has been provided!");
407	+	}
408	+	//If the name of the logger folder is not provided, the name of the given sample is used. The sample exists and is not null, as previous checks already ensured that
409	+	if (Config.LoggerFolder == null)
410	+	{
411	+	SetLoggerFolderName();
412	+	}
413	+	#endregion
414	+
415	+	#region Optional value checks
416	+	//If the entry point should be overridden
417	+	if (Config.OverrideEntryPoint == true)
418	+	{
419	+	//The fully qualified class name needs to be present
420	+	if (Config.DllFullyQualifiedClassName == null)
421	+	{
422	+	throw new Exception("The default entry point is to be overridden, but the fully qualified class name that is to be used, is null!");
423	+	}
424	+	//As well as the function name
425	+	if (Config.DllFunctionName == null)
426	+	{
427	+	throw new Exception("The default entry point is to be overridden, but the function name that is to be used, is null!");
428	+	}
429	+	//Arguments are optional, and can also be used for an entry point, which is why they are outside this if-block
430	+	}
431	+
432	+	//If the index and count are not equal to their initial value of -1, it means that they were both provided
433	+	if (PayloadArgumentsIndex > 0 && PayloadArgumentCount > 0)
434	+	{
435	+	//Given that they are both provided, they need to be handled
436	+	SetDllArguments(args, PayloadArgumentsIndex, PayloadArgumentCount);
437	+	}
438	+	else //In case one or both of these values is still equal to -1
439	+	{
440	+	//If the payload count is missing, an error is thrown
441	+	if (PayloadArgumentCount > 0)
442	+	{
443	+	throw new Exception("No argument count was found, even though arguments were specified!");
444	+	}
445	+	else if (PayloadArgumentsIndex > 0) //If the payload count is more than zero, it means that the index is missing, for which an error needs to be thrown
446	+	{
447	+	throw new Exception("No arguments were found, even though an argument count was specified!");
448	+	}
449	+	}
450	+	#endregion
451	+	}
452	+	catch (Exception ex) //Any thrown exception is caught, printed to the standard output, after which DotDumper waits for any key to exit
453	+	{
454	+	Console.WriteLine("[ERROR] " + ex.Message);
455	+	Console.ReadKey();
456	+	Environment.Exit(0);
457	+	}
458	+	}
459	+
460	+	/// <summary>
461	+	/// Sets the logger folder name to the given file name, appending "_DotDumper" to it until the folder does not exist
462	+	/// </summary>
463	+	private static void SetLoggerFolderName()
464	+	{
465	+	string loggerFolder = Path.GetFileNameWithoutExtension(Config.SamplePath);
466	+	while (true)
467	+	{
468	+	if (Directory.Exists(loggerFolder) == false && File.Exists(loggerFolder) == false)
469	+	{
470	+	break;
471	+	}
472	+	else
473	+	{
474	+	loggerFolder += "_DotDumper";
475	+	}
476	+	}
477	+
478	+	Config.LoggerFolder = loggerFolder;
479	+	}
480	+
481	+	/// <summary>
482	+	/// Tries to fetch the next index from the array, based on the provided array and index
483	+	/// </summary>
484	+	/// <param name="args">The array to use</param>
485	+	/// <param name="index">The index to check if there is a next element</param>
486	+	/// <returns>True if a next element exists, false if not</returns>
487	+	private static bool NextIndexExists(string[] args, int index)
488	+	{
489	+	try
490	+	{
491	+	string element = args[index + 1];
492	+	return true;
493	+	}
494	+	catch (Exception ex)
495	+	{
496	+	return false;
497	+	}
498	+	}
499	+
500	+	/// <summary>
501	+	/// Sets the DllArguments field in the config, based on the provided parameters.
502	+	/// </summary>
503	+	/// <param name="args">The complete set of parameters that DotDumper received</param>
504	+	/// <param name="payloadArgumentsIndex">The index at which the first argument is found</param>
505	+	/// <param name="payloadArgumentCount">The amount of arguments that are provided by the user</param>
506	+	private static void SetDllArguments(string[] args, int payloadArgumentsIndex, int payloadArgumentCount)
507	+	{
508	+	//The object array that will contain all arguments
509	+	object[] dllArgs = new object[payloadArgumentCount];
510	+
511	+	//The string array that contains the split array for each of the provided types
512	+	string[] arrayValues;
513	+
514	+	//Iterate as many times as there are arguments
515	+	for (int i = 0; i < payloadArgumentCount; i++)
516	+	{
517	+	//Get the index to fetch data from the args array
518	+	int index = payloadArgumentsIndex + i;
519	+	//Get and split the data
520	+	string[] splitted = args[index].Split('\|');
521	+	//If there are more or less than two fields, something is wrong, thus an error is thrown
522	+	if (splitted.Length != 2)
523	+	{
524	+	throw new Exception("The provided type-value combination is invalid: \"" + args[index] + "\"!");
525	+	}
526	+	//Get the type from the array, as a lowercase string (so a typo wont influence the outcome here)
527	+	string type = splitted[0].ToLowerInvariant();
528	+	//Get the value of the given argument
529	+	string value = splitted[1];
530	+
531	+	Console.WriteLine("type: " + type);
532	+	Console.WriteLine("value: " + value);
533	+
534	+	//Handle any type of supported variables
535	+	switch (type)
536	+	{
537	+	case "bool":
538	+	dllArgs[i] = Convert.ToBoolean(value);
539	+	break;
540	+	case "bool[]":
541	+	arrayValues = HandleArray(value);
542	+	bool[] bools = new bool[arrayValues.Length];
543	+	for (int count = 0; count < arrayValues.Length; count++)
544	+	{
545	+	bools[count] = Convert.ToBoolean(arrayValues[count]);
546	+	}
547	+	dllArgs[i] = bools;
548	+	break;
549	+	case "byte":
550	+	dllArgs[i] = Convert.ToByte(value);
551	+	break;
552	+	case "byte[]":
553	+	arrayValues = HandleArray(value);
554	+	byte[] bytes = new byte[arrayValues.Length];
555	+	for (int count = 0; count < arrayValues.Length; count++)
556	+	{
557	+	bytes[count] = Convert.ToByte(arrayValues[count]);
558	+	}
559	+	dllArgs[i] = bytes;
560	+	break;
561	+	case "sbyte":
562	+	dllArgs[i] = Convert.ToSByte(value);
563	+	break;
564	+	case "sbyte[]":
565	+	arrayValues = HandleArray(value);
566	+	sbyte[] sbytes = new sbyte[arrayValues.Length];
567	+	for (int count = 0; count < arrayValues.Length; count++)
568	+	{
569	+	sbytes[count] = Convert.ToSByte(arrayValues[count]);
570	+	}
571	+	dllArgs[i] = sbytes;
572	+	break;
573	+	case "char":
574	+	dllArgs[i] = Convert.ToChar(value);
575	+	break;
576	+	case "char[]":
577	+	arrayValues = HandleArray(value);
578	+	char[] chars = new char[arrayValues.Length];
579	+	for (int count = 0; count < arrayValues.Length; count++)
580	+	{
581	+	chars[count] = Convert.ToChar(arrayValues[count]);
582	+	}
583	+	dllArgs[i] = chars;
584	+	break;
585	+	case "decimal":
586	+	dllArgs[i] = Convert.ToDecimal(value);
587	+	break;
588	+	case "decimal[]":
589	+	arrayValues = HandleArray(value);
590	+	decimal[] decimals = new decimal[arrayValues.Length];
591	+	for (int count = 0; count < arrayValues.Length; count++)
592	+	{
593	+	decimals[count] = Convert.ToDecimal(arrayValues[count]);
594	+	}
595	+	dllArgs[i] = decimals;
596	+	break;
597	+	case "double":
598	+	dllArgs[i] = Convert.ToDouble(value);
599	+	break;
600	+	case "double[]":
601	+	arrayValues = HandleArray(value);
602	+	double[] doubles = new double[arrayValues.Length];
603	+	for (int count = 0; count < arrayValues.Length; count++)
604	+	{
605	+	doubles[count] = Convert.ToDouble(arrayValues[count]);
606	+	}
607	+	dllArgs[i] = doubles;
608	+	break;
609	+	case "float":
610	+	dllArgs[i] = Convert.ToSingle(value);
611	+	break;
612	+	case "float[]":
613	+	arrayValues = HandleArray(value);
614	+	float[] floats = new float[arrayValues.Length];
615	+	for (int count = 0; count < arrayValues.Length; count++)
616	+	{
617	+	floats[count] = Convert.ToSingle(arrayValues[count]);
618	+	}
619	+	dllArgs[i] = floats;
620	+	break;
621	+	case "int":
622	+	dllArgs[i] = Convert.ToInt32(value);
623	+	break;
624	+	case "int[]":
625	+	arrayValues = HandleArray(value);
626	+	int[] integers = new int[arrayValues.Length];
627	+	for (int count = 0; count < arrayValues.Length; count++)
628	+	{
629	+	integers[count] = Convert.ToInt32(arrayValues[count]);
630	+	}
631	+	dllArgs[i] = integers;
632	+	break;
633	+	case "uint":
634	+	dllArgs[i] = Convert.ToUInt32(value);
635	+	break;
636	+	case "uint[]":
637	+	arrayValues = HandleArray(value);
638	+	uint[] unsignedIntegers = new uint[arrayValues.Length];
639	+	for (int count = 0; count < arrayValues.Length; count++)
640	+	{
641	+	unsignedIntegers[count] = Convert.ToUInt32(arrayValues[count]);
642	+	}
643	+	dllArgs[i] = unsignedIntegers;
644	+	break;
645	+	case "long":
646	+	dllArgs[i] = Convert.ToInt64(value);
647	+	break;
648	+	case "long[]":
649	+	arrayValues = HandleArray(value);
650	+	long[] longs = new long[arrayValues.Length];
651	+	for (int count = 0; count < arrayValues.Length; count++)
652	+	{
653	+	longs[count] = Convert.ToInt64(arrayValues[count]);
654	+	}
655	+	dllArgs[i] = longs;
656	+	break;
657	+	case "ulong":
658	+	dllArgs[i] = Convert.ToUInt64(value);
659	+	break;
660	+	case "ulong[]":
661	+	arrayValues = HandleArray(value);
662	+	ulong[] unsignedLongs = new ulong[arrayValues.Length];
663	+	for (int count = 0; count < arrayValues.Length; count++)
664	+	{
665	+	unsignedLongs[count] = Convert.ToUInt64(arrayValues[count]);
666	+	}
667	+	dllArgs[i] = unsignedLongs;
668	+	break;
669	+	case "short":
670	+	dllArgs[i] = Convert.ToInt16(value);
671	+	break;
672	+	case "short[]":
673	+	arrayValues = HandleArray(value);
674	+	short[] shorts = new short[arrayValues.Length];
675	+	for (int count = 0; count < arrayValues.Length; count++)
676	+	{
677	+	shorts[count] = Convert.ToInt16(arrayValues[count]);
678	+	}
679	+	dllArgs[i] = shorts;
680	+	break;
681	+	case "ushort":
682	+	dllArgs[i] = Convert.ToUInt16(value);
683	+	break;
684	+	case "ushort[]":
685	+	arrayValues = HandleArray(value);
686	+	ushort[] unsignedShorts = new ushort[arrayValues.Length];
687	+	for (int count = 0; count < arrayValues.Length; count++)
688	+	{
689	+	unsignedShorts[count] = Convert.ToUInt16(arrayValues[count]);
690	+	}
691	+	dllArgs[i] = unsignedShorts;
692	+	break;
693	+	case "string":
694	+	dllArgs[i] = value;
695	+	break;
696	+	case "string[]":
697	+	dllArgs[i] = HandleArray(value);
698	+	break;
699	+	case "null":
700	+	dllArgs[i] = null;
701	+	break;
702	+	default:
703	+	throw new Exception("The given type is not supported: \"" + type + "\"");
704	+	}
705	+	}
706	+	//Once all arguments have been parsed without errors, the field in the Config class is set, and the function returns
707	+	Config.DllArguments = dllArgs;
708	+	}
709	+
710	+	/// <summary>
711	+	/// A helper function to split an array. This function is created to be able to quickly replace the split value if need be
712	+	/// </summary>
713	+	/// <param name="value">The value to split, using a comma as the splitter</param>
714	+	/// <returns>The split string as a string array</returns>
715	+	private static string[] HandleArray(string value)
716	+	{
717	+	return value.Split(',');
718	+	}
719	+
720	+	/// <summary>
721	+	/// A helper function to check if two given strings are equal, regardless of the used casing in either string
722	+	/// </summary>
723	+	/// <param name="string1">The first string to compare</param>
724	+	/// <param name="string2">The second string to compare</param>
725	+	/// <returns>True if the strings are equal (regardless of the used casing), false if not</returns>
726	+	private static bool IsEqual(string string1, string string2)
727	+	{
728	+	if (string1.Equals(string2, StringComparison.InvariantCultureIgnoreCase))
729	+	{
730	+	return true;
731	+	}
732	+	return false;
733	+	}
734	+	}
735	+	}

■ ■ ■ ■ ■ ■

DotDumper/Config.cs

1	+	namespace DotDumper
2	+	{
3	+	/// <summary>
4	+	/// This class contains the default configuration values. Fields are overwritten with user-provided arguments if present.
5	+	/// </summary>
6	+	class Config
7	+	{
8	+	/// <summary>
9	+	/// The complete path to the sample that is to be executed. The default value is null.
10	+	/// </summary>
11	+	public static string SamplePath = null;
12	+
13	+	/// <summary>
14	+	/// The name of the folder that is to be used to place all artifacts in. This folder always resides within DotDumper.exe's folder. The default value is null.
15	+	/// </summary>
16	+	public static string LoggerFolder = null;
17	+
18	+	/// <summary>
19	+	/// True if deprecated functions should also be hooked (when a hook is present for such a function that is), false if not. The default value is true.
20	+	/// </summary>
21	+	public static bool IncludeDeprecatedFunctions = true;
22	+
23	+	/// <summary>
24	+	/// True if the hooks should be printed in string form during DotDumper's startup, false if not. The default value is true.
25	+	/// </summary>
26	+	public static bool LogHooks = true;
27	+
28	+	/// <summary>
29	+	/// The amount of milliseconds that the timer waits before calling the callback function for the rehook. The default value is 20.
30	+	/// </summary>
31	+	public static int RaceConditionDueTime = 20;
32	+
33	+	/// <summary>
34	+	/// Defines if the entry point (if present) should be overriden. A sample without an entrypoint should still be overridden! The default value is false.
35	+	/// </summary>
36	+	public static bool OverrideEntryPoint = false;
37	+
38	+	/// <summary>
39	+	/// The fully qualified class name, including the namespace(s). The default value is null.
40	+	/// </summary>
41	+	public static string DllFullyQualifiedClassName = null;
42	+
43	+	/// <summary>
44	+	/// The name of the public function in the given fully qualified class name. The default value is null.
45	+	/// </summary>
46	+	public static string DllFunctionName = null;
47	+
48	+	/// <summary>
49	+	/// The provided arguments for the given function (or the entry point). The default value is null.
50	+	/// </summary>
51	+	public static object[] DllArguments = null;
52	+
53	+	/// <summary>
54	+	/// True if calls to Thread.Sleep should be skipped, false if not. The default value is true.
55	+	/// </summary>
56	+	public static bool SleepSkip = true;
57	+
58	+	/// <summary>
59	+	/// True if the logs should be printed to the console, false if not. The default value is true.
60	+	/// </summary>
61	+	public static bool PrintLogsToConsole = true;
62	+	}
63	+	}
64	+

■ ■ ■ ■ ■ ■

DotDumper/DotDumper.csproj

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
4	+	<PropertyGroup>
5	+	<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
6	+	<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
7	+	<ProjectGuid>{97B3A6FF-A6EC-488A-8206-9820DC1F109B}</ProjectGuid>
8	+	<OutputType>Exe</OutputType>
9	+	<RootNamespace>DotDumper</RootNamespace>
10	+	<AssemblyName>DotDumper</AssemblyName>
11	+	<TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
12	+	<FileAlignment>512</FileAlignment>
13	+	<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
14	+	<Deterministic>true</Deterministic>
15	+	<TargetFrameworkProfile />
16	+	</PropertyGroup>
17	+	<PropertyGroup Condition=" '$(Configuration)\|$(Platform)' == 'Debug\|AnyCPU' ">
18	+	<PlatformTarget>AnyCPU</PlatformTarget>
19	+	<DebugSymbols>true</DebugSymbols>
20	+	<DebugType>full</DebugType>
21	+	<Optimize>false</Optimize>
22	+	<OutputPath>bin\Debug\</OutputPath>
23	+	<DefineConstants>DEBUG;TRACE</DefineConstants>
24	+	<ErrorReport>prompt</ErrorReport>
25	+	<WarningLevel>4</WarningLevel>
26	+	<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
27	+	</PropertyGroup>
28	+	<PropertyGroup Condition=" '$(Configuration)\|$(Platform)' == 'Release\|AnyCPU' ">
29	+	<PlatformTarget>AnyCPU</PlatformTarget>
30	+	<DebugType>pdbonly</DebugType>
31	+	<Optimize>true</Optimize>
32	+	<OutputPath>bin\Release\</OutputPath>
33	+	<DefineConstants>TRACE</DefineConstants>
34	+	<ErrorReport>prompt</ErrorReport>
35	+	<WarningLevel>4</WarningLevel>
36	+	<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
37	+	</PropertyGroup>
38	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)' == 'Debug\|x64'">
39	+	<DebugSymbols>true</DebugSymbols>
40	+	<OutputPath>bin\x64\Debug\</OutputPath>
41	+	<DefineConstants>DEBUG;TRACE</DefineConstants>
42	+	<DebugType>full</DebugType>
43	+	<PlatformTarget>x64</PlatformTarget>
44	+	<ErrorReport>prompt</ErrorReport>
45	+	<CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
46	+	<Prefer32Bit>true</Prefer32Bit>
47	+	<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
48	+	</PropertyGroup>
49	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)' == 'Release\|x64'">
50	+	<OutputPath>bin\x64\Release\</OutputPath>
51	+	<DefineConstants>TRACE</DefineConstants>
52	+	<Optimize>true</Optimize>
53	+	<DebugType>pdbonly</DebugType>
54	+	<PlatformTarget>x64</PlatformTarget>
55	+	<ErrorReport>prompt</ErrorReport>
56	+	<CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
57	+	<Prefer32Bit>true</Prefer32Bit>
58	+	<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
59	+	</PropertyGroup>
60	+	<ItemGroup>
61	+	<Reference Include="Microsoft.VisualBasic" />
62	+	<Reference Include="System" />
63	+	<Reference Include="System.Core" />
64	+	<Reference Include="System.Diagnostics.Process, Version=4.1.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
65	+	<HintPath>..\packages\System.Diagnostics.Process.4.3.0\lib\net461\System.Diagnostics.Process.dll</HintPath>
66	+	<Private>True</Private>
67	+	<Private>True</Private>
68	+	</Reference>
69	+	<Reference Include="System.Drawing" />
70	+	<Reference Include="System.Web.Extensions" />
71	+	<Reference Include="System.Xml.Linq" />
72	+	<Reference Include="System.Data.DataSetExtensions" />
73	+	<Reference Include="Microsoft.CSharp" />
74	+	<Reference Include="System.Data" />
75	+	<Reference Include="System.Net.Http" />
76	+	<Reference Include="System.Xml" />
77	+	</ItemGroup>
78	+	<ItemGroup>
79	+	<Compile Include="ArgumentHandler.cs" />
80	+	<Compile Include="Config.cs" />
81	+	<Compile Include="Helpers\ArgumentHelper.cs" />
82	+	<Compile Include="Helpers\AssemblyMapper.cs" />
83	+	<Compile Include="Helpers\LogEntryHelper.cs" />
84	+	<Compile Include="Helpers\Serialise.cs" />
85	+	<Compile Include="Helpers\MissedAssemblyDumper.cs" />
86	+	<Compile Include="Helpers\StagnationHandler.cs" />
87	+	<Compile Include="HookHandlers\Activator\ActivatorHooks.cs" />
88	+	<Compile Include="HookHandlers\Assembly\AssemblyHooks.cs" />
89	+	<Compile Include="HookHandlers\Console\ConsoleHooks.cs" />
90	+	<Compile Include="HookHandlers\Console\ConsoleHooksHelper.cs" />
91	+	<Compile Include="HookHandlers\Convert\ConvertHooks.cs" />
92	+	<Compile Include="HookHandlers\Convert\ConvertHooksHelper.cs" />
93	+	<Compile Include="HookHandlers\Environment\EnvironmentHooks.cs" />
94	+	<Compile Include="HookHandlers\File\FileHooks.cs" />
95	+	<Compile Include="HookHandlers\File\FileHooksHelper.cs" />
96	+	<Compile Include="HookHandlers\MethodBase\MethodBaseHooks.cs" />
97	+	<Compile Include="HookHandlers\MethodBase\MethodBaseHooksHelper.cs" />
98	+	<Compile Include="HookHandlers\Path\PathHooks.cs" />
99	+	<Compile Include="HookHandlers\Path\PathHooksHelper.cs" />
100	+	<Compile Include="HookHandlers\Process\ProcessHooks.cs" />
101	+	<Compile Include="HookHandlers\Process\ProcessHooksHelper.cs" />
102	+	<Compile Include="HookHandlers\ResourceManager\ResourceManagerHooks.cs" />
103	+	<Compile Include="HookHandlers\ResourceManager\ResourceManagerHooksHelper.cs" />
104	+	<Compile Include="HookHandlers\Thread\ThreadHooks.cs" />
105	+	<Compile Include="HookHandlers\Thread\ThreadHooksHelper.cs" />
106	+	<Compile Include="HookHandlers\Type\TypeHooks.cs" />
107	+	<Compile Include="HookHandlers\Type\TypeHooksHelper.cs" />
108	+	<Compile Include="Hooks\Hook.cs" />
109	+	<Compile Include="Helpers\Hashes.cs" />
110	+	<Compile Include="HookHandlers\Assembly\AssemblyHooksHelper.cs" />
111	+	<Compile Include="HookHandlers\GenericHookHelper.cs" />
112	+	<Compile Include="Hooks\HookManager.cs" />
113	+	<Compile Include="Hooks\OriginalManagedFunctions.cs" />
114	+	<Compile Include="Logger.cs" />
115	+	<Compile Include="Models\Argument.cs" />
116	+	<Compile Include="Models\AssemblyObject.cs" />
117	+	<Compile Include="Models\Hash.cs" />
118	+	<Compile Include="Models\LogEntry.cs" />
119	+	<Compile Include="Models\UnmanagedMethodInfo.cs" />
120	+	<Compile Include="Program.cs" />
121	+	<Compile Include="Properties\AssemblyInfo.cs" />
122	+	<Compile Include="Helpers\RaceConditionHandler.cs" />
123	+	</ItemGroup>
124	+	<ItemGroup>
125	+	<None Include="app.config" />
126	+	<None Include="packages.config" />
127	+	</ItemGroup>
128	+	<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
129	+	</Project>

■ ■ ■ ■ ■ ■

DotDumper/Helpers/ArgumentHelper.cs

1	+	using System;
2	+	using System.Collections;
3	+	using System.Collections.Generic;
4	+	using System.Linq;
5	+	using System.Reflection;
6	+	using System.Text;
7	+	using DotDumper.HookHandlers;
8	+	using DotDumper.Models;
9	+
10	+	namespace DotDumper.Helpers
11	+	{
12	+	/// <summary>
13	+	/// This class is used to save and handle arguments from functions
14	+	/// </summary>
15	+	class ArgumentHelper
16	+	{
17	+	/// <summary>
18	+	/// Verifies if a given hash object occurs in the given list of hashes. Existance of the same hash is based on the included SHA-256 hash in the hash object, regardless of the casing. As such, two different objects based on the same file will be seen as duplicates in the same way as the same object will be seen as a duplicate when it is provided as an argument whilst also being in the list.
19	+	/// </summary>
20	+	/// <param name="hashes">The list of hashes, which will be used to check if the given hash is present in this list</param>
21	+	/// <param name="hash">The hash to check if it is present in the given list</param>
22	+	/// <returns>True if the list contains the hash, false if not</returns>
23	+	public static bool ContainsHash(List<Hash> hashes, Hash hash)
24	+	{
25	+	//Iterate over all given hashes
26	+	foreach (Hash currentHash in hashes)
27	+	{
28	+	//If the currently iterated hash equals the given hash, regardless of the casing
29	+	if (currentHash.Sha256.Equals(hash.Sha256, StringComparison.InvariantCultureIgnoreCase))
30	+	{
31	+	//Return true
32	+	return true;
33	+	}
34	+	}
35	+	//If no matches were found while the iteration completed, return false
36	+	return false;
37	+	}
38	+
39	+	/// <summary>
40	+	/// This function saves the value of the given object. The way it is saved depends on the type and the size of the given object. Anything larger than 100 bytes is written to disk. Values are represented in textual form when possible, but some types (i.e. an Assembly object) is always saved to disk, regardless of its size.
41	+	/// </summary>
42	+	/// <param name="input">The object to save</param>
43	+	/// <returns>A tuple with a string (the textual representation of the given input, which can be a reference to a file), and a list of hashes (which can be empty) for all files that were saved to the disk. This list can be empty, but will never be null</returns>
44	+	public static Tuple<string, List<Hash>> SaveValue(object input)
45	+	{
46	+	List<Hash> relatedFileHashes = new List<Hash>();
47	+	string value = "";
48	+	if (input is bool
49	+	\|\| input is byte
50	+	\|\| input is sbyte
51	+	\|\| input is char
52	+	\|\| input is decimal
53	+	\|\| input is double
54	+	\|\| input is float
55	+	\|\| input is int
56	+	\|\| input is uint
57	+	\|\| input is long
58	+	\|\| input is ulong
59	+	\|\| input is short
60	+	\|\| input is ushort
61	+	\|\| input is string)
62	+	{
63	+	if (input.ToString().Length > 100)
64	+	{
65	+	//Save the file
66	+	Tuple<string, Hash> result = GenericHookHelper.SaveFile(input.ToString());
67	+	if (ContainsHash(relatedFileHashes, result.Item2) == false)
68	+	{
69	+	relatedFileHashes.Add(result.Item2);
70	+	}
71	+	value += "";
72	+	}
73	+	else
74	+	{
75	+	value += input;
76	+	}
77	+	}
78	+	else if (input is Assembly)
79	+	{
80	+	Assembly assembly = (Assembly)input;
81	+	byte[] rawAssembly = GenericHookHelper.GetAsByteArray(assembly);
82	+	//Save the file, which returns the path to the file, where the file name is the SHA-256 hash of the given content
83	+	Tuple<string, Hash> result = GenericHookHelper.SaveFile(rawAssembly);
84	+	if (ContainsHash(relatedFileHashes, result.Item2) == false)
85	+	{
86	+	relatedFileHashes.Add(result.Item2);
87	+	}
88	+	if (MissedAssemblyDumper.AssemblyHashes.Contains(result.Item2.Sha256) == false)
89	+	{
90	+	MissedAssemblyDumper.AssemblyHashes.Add(result.Item2.Sha256);
91	+	}
92	+	value = "";
93	+	}
94	+	else if (input is IList)
95	+	{
96	+	Tuple<string, List<Hash>> result = HandleCollection(input);
97	+	value = result.Item1;
98	+	foreach (Hash hash in result.Item2)
99	+	{
100	+	if (ContainsHash(relatedFileHashes, hash) == false)
101	+	{
102	+	relatedFileHashes.Add(hash);
103	+	}
104	+	}
105	+	}
106	+	else if (input == null)
107	+	{
108	+	value = "null";
109	+	}
110	+	else
111	+	{
112	+	value = input.ToString();
113	+	}
114	+	return Tuple.Create(value, relatedFileHashes);
115	+	}
116	+
117	+	/// <summary>
118	+	/// Creats an argument object, based on the given input and the name of the argument
119	+	/// </summary>
120	+	/// <param name="input">The value of the argument, of which the type is derrived</param>
121	+	/// <param name="argumentName">The name of the argument</param>
122	+	/// <returns>An argument object that corresponds with the given arguments</returns>
123	+	public static Argument Create(object input, string argumentName)
124	+	{
125	+	Tuple<string, List<Hash>> result = SaveValue(input);
126	+	string argType = "null";
127	+	string argValue = "null";
128	+	if (input != null)
129	+	{
130	+	argType = input.GetType().FullName;
131	+	}
132	+	if (result.Item1 != null)
133	+	{
134	+	argValue = result.Item1;
135	+	}
136	+	return new Argument(argType, argumentName, argValue, result.Item2);
137	+	}
138	+
139	+	/// <summary>
140	+	/// Creates a list of argument objects based on the given method, along with their values
141	+	/// </summary>
142	+	/// <param name="method">The method to fetch the arguments from</param>
143	+	/// <param name="parameterValues">The values of the parameters (in order of the method's parameters)</param>
144	+	/// <returns>A list of argument objects based on the two given arguments</returns>
145	+	public static List<Argument> Create(MethodBase method, object[] parameterValues)
146	+	{
147	+	List<Argument> arguments = new List<Argument>();
148	+
149	+	if (method != null && parameterValues != null)
150	+	{
151	+	ParameterInfo[] parameterInfos = method.GetParameters();
152	+	for (int i = 0; i < parameterInfos.Length; i++)
153	+	{
154	+	object parameter;
155	+	if (parameterValues.Length <= i)
156	+	{
157	+	parameter = null;
158	+	}
159	+	else
160	+	{
161	+	parameter = parameterValues[i];
162	+	}
163	+
164	+	string type = "null";
165	+	string name = "null";
166	+	if (parameterInfos[i] != null)
167	+	{
168	+	type = parameterInfos[i].ParameterType.FullName;
169	+	name = parameterInfos[i].Name;
170	+	}
171	+
172	+	Tuple<string, List<Hash>> result = SaveValue(parameter);
173	+	string value = "null";
174	+	if (result.Item1 != null)
175	+	{
176	+	value = result.Item1;
177	+	}
178	+	Argument argument = new Argument(type, name, value, result.Item2);
179	+	arguments.Add(argument);
180	+	}
181	+	}
182	+	return arguments;
183	+	}
184	+
185	+	/// <summary>
186	+	/// Handles a collection, either by converting it into a string, or by saving it to the disk and returning the location as if it were the value, together with a brief explanation).
187	+	/// </summary>
188	+	/// <param name="collection">The collection to handle</param>
189	+	/// <returns>The handled collection in the form of a string (as Item1 in the tuple), as well as a list of file hashes of related files (if any, as Item2 in the tuple)</returns>
190	+	private static Tuple<string, List<Hash>> HandleCollection(object collection)
191	+	{
192	+	//Initialise the list of related files
193	+	List<Hash> files = new List<Hash>();
194	+	//Initialise the data variable
195	+	string data = "{ ";
196	+
197	+	//Any type of collection with a length of more than 100 indices is saved to disk, as converting and printing large arrays can consume a lot of time
198	+	if (((IList)collection).Count > 100)
199	+	{
200	+	List<byte> bytes = new List<byte>();
201	+
202	+	for (int i = 0; i < ((IList)collection).Count; i++)
203	+	{
204	+	if (((IList)collection) is char[])
205	+	{
206	+	char c = (char)((IList)collection)[i];
207	+	byte[] temp = Encoding.UTF8.GetBytes("" + c);
208	+	bytes.AddRange(temp);
209	+	}
210	+	else if (((IList)collection) is string[])
211	+	{
212	+	string s = (string)((IList)collection)[i];
213	+	byte[] temp = Encoding.UTF8.GetBytes(s);
214	+	bytes.AddRange(temp);
215	+	}
216	+	else if (((IList)collection) is bool[])
217	+	{
218	+	bool b = (bool)((IList)collection)[i];
219	+	if (b)
220	+	{
221	+	bytes.Add(1);
222	+	}
223	+	else
224	+	{
225	+	bytes.Add(0);
226	+	}
227	+	}
228	+	else if (((IList)collection) is byte[])
229	+	{
230	+	bytes.Add((byte)((IList)collection)[i]);
231	+	}
232	+	else if (((IList)collection) is sbyte[])
233	+	{
234	+	byte myByte = (byte)((IList)collection)[i];
235	+	bytes.Add(myByte);
236	+	}
237	+	else if (((IList)collection) is decimal[])
238	+	{
239	+	//TODO store numbers properly, if done as dotnet memory streams no loss occurs, and no significant latency is added
240	+	}
241	+	else if (((IList)collection) is double[])
242	+	{
243	+
244	+	}
245	+	else if (((IList)collection) is float[])
246	+	{
247	+
248	+	}
249	+	else if (((IList)collection) is int[])
250	+	{
251	+
252	+	}
253	+	else if (((IList)collection) is uint[])
254	+	{
255	+
256	+	}
257	+	else if (((IList)collection) is long[])
258	+	{
259	+
260	+	}
261	+	else if (((IList)collection) is ulong[])
262	+	{
263	+
264	+	}
265	+	else if (((IList)collection) is short[])
266	+	{
267	+
268	+	}
269	+	else if (((IList)collection) is ushort[])
270	+	{
271	+
272	+	}
273	+	else if (((IList)collection) is object[])
274	+	{
275	+	bytes.AddRange(Encoding.UTF8.GetBytes(((IList)collection)[i].ToString()));
276	+	}
277	+	}
278	+
279	+	//Save the file, which returns a tuple with the path to the file, and a hash object with the MD-5, SHA-1, and SHA-256 hash of the file, where the file name is the SHA-256 hash of the given content
280	+	Tuple<string, Hash> result = GenericHookHelper.SaveFile(bytes.ToArray());
281	+	//Tuple<string, Hash> result = GenericHookHelper.SaveFile(Encoding.UTF8.GetBytes(output));
282	+	//Add it to the list of files
283	+	if (ContainsHash(files, result.Item2) == false)
284	+	{
285	+	files.Add(result.Item2);
286	+	}
287	+	//Inform the user that the data is stored in a file
288	+	data += "DotDumper::" + result.Item2.Sha256 + " "; //Note: the last two characters are removed once the function returns
289	+	}
290	+	else //Handle collections that are less than 100 indices in size
291	+	{
292	+	//If the type is an object collection, it needs to be handled in a specific way
293	+	if (collection is object[] \|\| collection is IList<object>)
294	+	{
295	+	if (collection is IList<object>)
296	+	{
297	+	collection = ((IList<object>)collection).ToArray();
298	+	}
299	+
300	+	if (((object[])collection).Length == 0)
301	+	{
302	+	data += "DotDumper::empty "; //Note: the last two characters are removed once the function returns
303	+	}
304	+	else
305	+	{
306	+	foreach (object subParameter in (object[])collection)
307	+	{
308	+	if (subParameter is object[] \|\| subParameter is IList<object>)
309	+	{
310	+	//Recursive call if the array contains an array
311	+	Tuple<string, List<Hash>> result = HandleCollection(subParameter);
312	+	//Get the data from the tuple, and append it to this one
313	+	data += result.Item1;
314	+	//Add all file hashes to the current file list
315	+	foreach (Hash hash in result.Item2)
316	+	{
317	+	if (ContainsHash(files, hash) == false)
318	+	{
319	+	files.Add(hash);
320	+	}
321	+	}
322	+	}
323	+	else if (subParameter == null)
324	+	{
325	+	data += "null";
326	+	}
327	+	else
328	+	{
329	+	string subParameterType = subParameter.GetType().FullName;
330	+	data += subParameterType + " " + subParameter;
331	+	}
332	+	data += ", ";
333	+	}
334	+	}
335	+	}
336	+	else
337	+	{
338	+	foreach (var subParameter in (IList)collection)
339	+	{
340	+	if (subParameter == null)
341	+	{
342	+	data += "null";
343	+	}
344	+	else
345	+	{
346	+	data += subParameter;
347	+	}
348	+	data += ", ";
349	+	}
350	+	}
351	+	}
352	+	//Remove the last comma and space, after which a curly bracket is appended
353	+	data = data.Substring(0, data.Length - 2) + " }";
354	+	//Return the value as a tuple
355	+	return Tuple.Create(data, files);
356	+	}
357	+	}
358	+	}
359	+

■ ■ ■ ■ ■ ■

DotDumper/Helpers/AssemblyMapper.cs

1	+	using System;
2	+	using System.Collections.Generic;
3	+	using System.Reflection;
4	+	using DotDumper.HookHandlers;
5	+	using DotDumper.Hooks;
6	+	using DotDumper.Models;
7	+
8	+	namespace DotDumper.Helpers
9	+	{
10	+	/// <summary>
11	+	/// This class is used to map a (line of a) stack trace to an assembly object
12	+	/// </summary>
13	+	class AssemblyMapper
14	+	{
15	+	/// <summary>
16	+	/// Gets the function's signature as a string, formatted as "Full.Class.Path.With.Function(ArgumentType argumentName)". An example is "System.Reflection.Assembly.Load(Byte[] rawAssembly)".
17	+	/// </summary>
18	+	/// <returns>The hook's full name as a string, i.e. "System.Reflection.Assembly.Load(Byte[] rawAssembly)"</returns>
19	+	private static string GetMethod(MethodInfo method)
20	+	{
21	+	string output = method.DeclaringType + "." + method.Name + "(";
22	+	foreach (ParameterInfo parameterInfo in method.GetParameters())
23	+	{
24	+	output += parameterInfo.ParameterType.Name + " " + parameterInfo.Name + ", ";
25	+	}
26	+	if (method.GetParameters().Length > 0)
27	+	{
28	+	output = output.Substring(0, output.Length - 2);
29	+	}
30	+	output += ")";
31	+
32	+	return output;
33	+	}
34	+
35	+	/// <summary>
36	+	/// Creates the mapping as a dictionary where the keys equal a function signature as a string, and an assembly object as the value
37	+	/// </summary>
38	+	/// <returns>The mapping to use when matching a (line of a) stack trace</returns>
39	+	public static Dictionary<string, Assembly> CreateMapping()
40	+	{
41	+	HookManager.UnHookAll();
42	+	Dictionary<string, Assembly> mapping = new Dictionary<string, Assembly>();
43	+	Assembly[] assemblies = AppDomain.CurrentDomain.GetAssemblies();
44	+	foreach (Assembly assembly in assemblies)
45	+	{
46	+	//Omit framework related objects, as well as DotDumper itself
47	+	if (assembly.GlobalAssemblyCache \|\|
48	+	assembly.GetName().FullName.ToLowerInvariant().Contains("dotdumper"))
49	+	{
50	+	continue;
51	+	}
52	+	Type[] types = assembly.GetTypes();
53	+	foreach (Type type in types)
54	+	{
55	+	//Gets all declared (omitting inherited functions to avoid duplicates) public, non-public, normal, and static functions
56	+	MethodInfo[] methodInfos = type.GetMethods(BindingFlags.DeclaredOnly \| BindingFlags.Public \| BindingFlags.NonPublic \| BindingFlags.Static \| BindingFlags.Instance);
57	+	foreach (MethodInfo methodInfo in methodInfos)
58	+	{
59	+	if (methodInfo.DeclaringType.Assembly == assembly)
60	+	{
61	+	string functionSignature = GetMethod(methodInfo);
62	+	if (mapping.ContainsKey(functionSignature) == false)
63	+	{
64	+	mapping.Add(functionSignature, assembly);
65	+	}
66	+
67	+	}
68	+	}
69	+	}
70	+	}
71	+	HookManager.HookAll();
72	+	return mapping;
73	+	}
74	+
75	+	/// <summary>
76	+	/// Get the assembly object where the referenced function of the stack trace line resides. If it is not found, null is returned!
77	+	/// </summary>
78	+	/// <param name="stackTraceLine">The raw stack trace line to match</param>
79	+	/// <returns>The assembly object if it can be found, null if it cannot be found</returns>
80	+	public static Assembly ProcessStackTraceLine(string stackTraceLine)
81	+	{
82	+	//Create the mapping, ensuring it is as up to date as possible
83	+	Dictionary<string, Assembly> mapping = CreateMapping();
84	+	//Remove leading and trailing whitespace
85	+	stackTraceLine = stackTraceLine.Trim();
86	+	//Skip "at " from the line in the beginning
87	+	stackTraceLine = stackTraceLine.Substring(3);
88	+	//Declare the corresponding Assembly object
89	+	Assembly assembly = null;
90	+	//Get the Assembly object from the mapping, which returns null if it is not present
91	+	mapping.TryGetValue(stackTraceLine, out assembly);
92	+	//Return the Assembly object (or null, if it couldn't be found)
93	+	return assembly;
94	+	}
95	+
96	+	/// <summary>
97	+	/// Process a list of stack traces to get a list of assembly objects (concatenated as a string in their simple form) that are used, in the same order, excluding duplicates. A duplicate is when two stack trace lines originate from the same assembly object.
98	+	/// </summary>
99	+	/// <param name="stackTraceLines">The stack trace lines to use</param>
100	+	/// <returns>A string representation of the linked assembly objects, excluding duplicates, in the same order as the given list</returns>
101	+	public static string ProcessStackTraceOld(List<string> stackTraceLines)
102	+	{
103	+	string output = "";
104	+
105	+	string currentItem = "";
106	+	string lastItem = "";
107	+
108	+	foreach (string stackTraceLine in stackTraceLines)
109	+	{
110	+	Assembly assembly = ProcessStackTraceLine(stackTraceLine);
111	+	if (assembly != null)
112	+	{
113	+	currentItem = assembly.FullName;
114	+	}
115	+	else
116	+	{
117	+	currentItem = "[DotDumper or DotNet Framework related assembly]";
118	+	}
119	+
120	+
121	+	if (currentItem.Equals(lastItem, StringComparison.InvariantCultureIgnoreCase) == false)
122	+	{
123	+	output += currentItem + "\n";
124	+	lastItem = currentItem;
125	+	}
126	+	}
127	+	return output;
128	+	}
129	+
130	+	/// <summary>
131	+	/// Process a list of stack traces to get a list of assembly objects (concatenated as a string in their simple form) that are used, in the same order, excluding duplicates. A duplicate is when two stack trace lines originate from the same assembly object.
132	+	/// </summary>
133	+	/// <param name="stackTraceLines">The stack trace lines to use</param>
134	+	/// <returns>A string representation of the linked assembly objects, excluding duplicates, in the same order as the given list</returns>
135	+	public static Tuple<Assembly, List<AssemblyObject>> ProcessStackTrace(List<string> stackTraceLines)
136	+	{
137	+	List<AssemblyObject> assemblyObjects = new List<AssemblyObject>();
138	+	Assembly originatingAssembly = null;
139	+	foreach (string stackTraceLine in stackTraceLines)
140	+	{
141	+	Assembly assembly = ProcessStackTraceLine(stackTraceLine);
142	+	//Default values, if the assembly is part of the GAC or if it refers to DotDumper
143	+	string name = "[DotDumper or DotNet Framework related assembly]";
144	+	string hash = "[none]";
145	+
146	+	//If the response from the function is not null, an object matches
147	+	if (assembly != null)
148	+	{
149	+	//Set the hash and the name for the given assembly object
150	+	hash = Hashes.Sha256(GenericHookHelper.GetAsByteArray(assembly));
151	+	name = assembly.GetName().Name;
152	+	//Set the originating assembly as the first non-GAC non-DotDumper assembly
153	+	if (originatingAssembly == null)
154	+	{
155	+	originatingAssembly = assembly;
156	+	}
157	+	}
158	+
159	+	//Check if this object is not the same as the last in the list
160	+	if (assemblyObjects.Count == 0)
161	+	{
162	+	AssemblyObject assemblyObject = new AssemblyObject(hash, name);
163	+	assemblyObjects.Add(assemblyObject);
164	+	}
165	+	else
166	+	{
167	+	if (assemblyObjects[assemblyObjects.Count - 1].Hash.Equals(hash, StringComparison.InvariantCultureIgnoreCase) == false)
168	+	{
169	+	AssemblyObject assemblyObject = new AssemblyObject(hash, name);
170	+	assemblyObjects.Add(assemblyObject);
171	+	}
172	+	}
173	+
174	+
175	+	}
176	+	return Tuple.Create(originatingAssembly, assemblyObjects);
177	+	}
178	+
179	+	/// <summary>
180	+	/// Checks if a the most recent call of a given list of strack trace lines is coming from a stage of a sample, or from DotDumper, or a GAC module
181	+	/// </summary>
182	+	/// <param name="stackTraceLines">The stack trace to use</param>
183	+	/// <returns>True if the most recent call is coming from a sample stage, false if it is coming from DotDumper, or a GAC module</returns>
184	+	public static bool IsComingFromSample(List<string> stackTraceLines)
185	+	{
186	+	//Get the last call from the trace, as this is the origin of the hook location
187	+	//Use the last call from the trace to check if it matches any key in the mapping
188	+	Assembly assembly = ProcessStackTraceLine(stackTraceLines[0]);
189	+	if (assembly == null)
190	+	{
191	+	//Null means it didn't match a binary, since it is part of the framework's core, or DotDumper internally
192	+	return false;
193	+	}
194	+	{
195	+	//Not null means it matched with one of the binaries
196	+	return true;
197	+	}
198	+	}
199	+	}
200	+	}
201	+

■ ■ ■ ■ ■ ■

DotDumper/Helpers/Hashes.cs

1	+	using System.Security.Cryptography;
2	+
3	+	namespace DotDumper.Helpers
4	+	{
5	+	/// <summary>
6	+	/// This class contains functions to hash a byte array, after which the hash is returned as a string
7	+	/// </summary>
8	+	class Hashes
9	+	{
10	+	/// <summary>
11	+	/// Calculates the MD-5 hash of the given byte array
12	+	/// </summary>
13	+	/// <param name="data">The data to hash</param>
14	+	/// <returns>The MD-5 hash as a string</returns>
15	+	public static string Md5(byte[] data)
16	+	{
17	+	MD5 md5 = MD5.Create();
18	+	return CalculateHash(md5, data);
19	+	}
20	+
21	+	/// <summary>
22	+	/// Calculates the SHA-1 hash of the given byte array
23	+	/// </summary>
24	+	/// <param name="data">The data to hash</param>
25	+	/// <returns>The SHA-1 hash as a string</returns>
26	+	public static string Sha1(byte[] data)
27	+	{
28	+	SHA1 sha1 = SHA1.Create();
29	+	return CalculateHash(sha1, data);
30	+	}
31	+
32	+	/// <summary>
33	+	/// Calculates the SHA-256 hash of the given byte array
34	+	/// </summary>
35	+	/// <param name="data">The data to hash</param>
36	+	/// <returns>The SHA-256 hash as a string</returns>
37	+	public static string Sha256(byte[] data)
38	+	{
39	+	SHA256 sha256 = SHA256.Create();
40	+	return CalculateHash(sha256, data);
41	+	}
42	+
43	+	/// <summary>
44	+	/// This function calculates the hash of the given data, using the given hashing algorithm
45	+	/// </summary>
46	+	/// <param name="hashAlgorithm">The hashing algorithm to use</param>
47	+	/// <param name="data">The data to hash</param>
48	+	/// <returns>The hash of the data as a string, based on the given hash algorithm</returns>
49	+	private static string CalculateHash(HashAlgorithm hashAlgorithm, byte[] data)
50	+	{
51	+	byte[] rawHash = hashAlgorithm.ComputeHash(data);
52	+
53	+	string hash = "";
54	+
55	+	for (int i = 0; i < rawHash.Length; i++)
56	+	{
57	+	hash += rawHash[i].ToString("x2");
58	+	}
59	+
60	+	return hash;
61	+	}
62	+	}
63	+	}
64	+

■ ■ ■ ■ ■ ■

DotDumper/Helpers/LogEntryHelper.cs

1	+	using System;
2	+	using System.Collections.Generic;
3	+	using System.Reflection;
4	+	using DotDumper.HookHandlers;
5	+	using DotDumper.Hooks;
6	+	using DotDumper.Models;
7	+
8	+	namespace DotDumper.Helpers
9	+	{
10	+	/// <summary>
11	+	/// This class is used to create DotDumper.Model.LogEntry objects based on as few parameters as possible
12	+	/// </summary>
13	+	class LogEntryHelper
14	+	{
15	+	/// <summary>
16	+	/// Creates a log entry object based on the given exception, with the given stack trace offset from the caller's position
17	+	/// </summary>
18	+	/// <param name="stackTraceOffset">The amount of layers away from the original call flow, based on the caller's position</param>
19	+	/// <param name="ex">The exception to base the log entry object on</param>
20	+	/// <returns></returns>
21	+	public static LogEntry Create(int stackTraceOffset, Exception ex)
22	+	{
23	+	stackTraceOffset++;
24	+	LogEntry entry = Create(stackTraceOffset, ex.TargetSite, null, ex);
25	+	return entry;
26	+	}
27	+
28	+	/// <summary>
29	+	/// Creates a log entry based on the given stack trace offset (from the caller's position), method, the method values, and the return value of said method
30	+	/// </summary>
31	+	/// <param name="stackTraceOffset">The amount of layers away from the original call flow, based on the caller's position</param>
32	+	/// <param name="method">The method that is of importance to log</param>
33	+	/// <param name="parameterValues">The values of said method's parameters</param>
34	+	/// <param name="returnValue">The return value of the function (use null if it's a void)</param>
35	+	/// <returns></returns>
36	+	public static LogEntry Create(int stackTraceOffset, MethodBase method, object[] parameterValues, object returnValue)
37	+	{
38	+	//Gets a list of arguments based on the given function
39	+	List<Argument> functionArguments = ArgumentHelper.Create(method, parameterValues);
40	+	//Initialises a list of related files
41	+	List<Hash> relatedFileHashes = new List<Hash>();
42	+
43	+	//Iterate over all extracted arguments
44	+	foreach (Argument argument in functionArguments)
45	+	{
46	+	//Iterate over all hashes
47	+	foreach (Hash hash in argument.RelatedFileHashes)
48	+	{
49	+	//If there is no such hash in the list, add it. Otherwise, ignore it
50	+	if (ArgumentHelper.ContainsHash(relatedFileHashes, hash) == false)
51	+	{
52	+	relatedFileHashes.Add(hash);
53	+	}
54	+	}
55	+	}
56	+
57	+	//Increment the stack trace offset, since this is another function deep into the trace
58	+	stackTraceOffset++;
59	+	//Get the stack trace
60	+	List<string> stackTrace = GenericHookHelper.GetStackTraceRaw(stackTraceOffset);
61	+
62	+	//Get the assembly and assembly object information based on the stack trace
63	+	Tuple<Assembly, List<AssemblyObject>> result = AssemblyMapper.ProcessStackTrace(stackTrace);
64	+
65	+	//Declare the originating assembly variable
66	+	Assembly originatingAssembly = null;
67	+
68	+	/*
69	+	* If the first tuple item (being the Assembly object) is null, the call is coming from either the DotNet Framework, or from DotDumper's code base.
70	+	* If the value is not-null, it is assigned.
71	+	*/
72	+	if (result.Item1 == null)
73	+	{
74	+	HookManager.UnHookAll();
75	+	originatingAssembly = Assembly.GetAssembly(typeof(Program));
76	+	HookManager.HookAll();
77	+	}
78	+	else
79	+	{
80	+	originatingAssembly = result.Item1;
81	+	}
82	+
83	+
84	+	//Get the name from the originating assembly
85	+	string originatingAssemblyName = originatingAssembly.GetName().Name;
86	+
87	+	//Get the raw assembly as an unboxed byte array
88	+	byte[] rawAssembly = GenericHookHelper.GetAsByteArray(originatingAssembly);
89	+
90	+	//Get the MD-5, SHA-1, and SHA-256 hashes based on the given raw assembly byte array
91	+	string md5 = Hashes.Md5(rawAssembly);
92	+	string sha1 = Hashes.Sha1(rawAssembly);
93	+	string sha256 = Hashes.Sha256(rawAssembly);
94	+	//Create a hash object to store the values in
95	+	Hash originatingAssemblyHash = new Hash(md5, sha1, sha256);
96	+
97	+	//Get the originating assembly version
98	+	string originatingAssemblyVersion = originatingAssembly.GetName().Version.ToString();
99	+
100	+	//Get the originating assembly resource names
101	+	List<string> originatingAssemblyResourceNames = new List<string>(originatingAssembly.GetManifestResourceNames());
102	+
103	+	//Get the call order, which is the second item from the tuple
104	+	List<AssemblyObject> assemblyCallOrder = result.Item2;
105	+
106	+	//Declare and assign a value to the parent assembly hash string
107	+	string parentAssemblyHash = "[none]";
108	+
109	+	//Iterate over all assembly objects in the call order
110	+	foreach (AssemblyObject assemblyObject in assemblyCallOrder)
111	+	{
112	+	//If the hash is not equal to none nor to the current originating hash, it is set as the parent
113	+	if (assemblyObject.Hash.Equals("[none]", StringComparison.InvariantCultureIgnoreCase) == false
114	+	&& assemblyObject.Hash.Equals(originatingAssemblyHash.Sha256, StringComparison.InvariantCultureIgnoreCase) == false)
115	+	{
116	+	parentAssemblyHash = assemblyObject.Hash;
117	+	//There is no need to continue the iteration, since only the first parent is stored (and the rest is visible in the call order)
118	+	break;
119	+	}
120	+	}
121	+
122	+	//Get the function name
123	+	string functionName = Serialise.Method(method);
124	+
125	+	//The return value is stored in an argument object, with a hardcoded name
126	+	Argument returnValueArg = ArgumentHelper.Create(returnValue, "ReturnValue");
127	+
128	+	//The return value can also be related to a file
129	+	foreach (Hash hash in returnValueArg.RelatedFileHashes)
130	+	{
131	+	//Iterate over all the hashes, and add the ones that aren't in the list yet
132	+	if (ArgumentHelper.ContainsHash(relatedFileHashes, hash) == false)
133	+	{
134	+	relatedFileHashes.Add(hash);
135	+	}
136	+	}
137	+
138	+	//Return a new LogEntry object based on all the gathered information
139	+	return new LogEntry(originatingAssemblyName, originatingAssemblyHash, originatingAssemblyVersion, originatingAssemblyResourceNames, parentAssemblyHash, relatedFileHashes, functionName, functionArguments, returnValueArg, stackTrace, assemblyCallOrder);
140	+	}
141	+	}
142	+	}
143	+

■ ■ ■ ■ ■ ■

DotDumper/Helpers/MissedAssemblyDumper.cs

1	+	using System;
2	+	using System.Collections.Generic;
3	+	using System.Reflection;
4	+	using DotDumper.HookHandlers;
5	+	using DotDumper.Hooks;
6	+	using DotDumper.Models;
7	+
8	+	namespace DotDumper.Helpers
9	+	{
10	+	/// <summary>
11	+	/// This class is used to dump missed assembly objects from memory to the disk
12	+	/// </summary>
13	+	class MissedAssemblyDumper
14	+	{
15	+	/// <summary>
16	+	/// SHA-256 hashes of raw Assembly objects (their byte[] representation) that have been written to the disk during the execution of this run of DotDumper
17	+	/// </summary>
18	+	public static List<string> AssemblyHashes { get; set; }
19	+
20	+	/// <summary>
21	+	/// The static constructor of the class ensures the class scoped list is always initialised prior to its usage
22	+	/// </summary>
23	+	static MissedAssemblyDumper()
24	+	{
25	+	//Initialise the list
26	+	AssemblyHashes = new List<string>();
27	+	}
28	+
29	+	/// <summary>
30	+	/// Dumps all loaded assemblies that haven't been dumped before and are not part of the Global Assembly Cache (GAC). This function removes all hooks, dumps the missing data, after which all hooks are set again.
31	+	/// </summary>
32	+	public static void Dump()
33	+	{
34	+	//Temporarily remove all hooks
35	+	HookManager.UnHookAll();
36	+
37	+	//If the original assembly is not null, it can be added to the list of hashes, this avoids the sample to show up as a "missed" assembly object
38	+	if (GenericHookHelper.OriginalAssembly != null)
39	+	{
40	+	//Get the raw bytes
41	+	byte[] sample = GenericHookHelper.GetAsByteArray(GenericHookHelper.OriginalAssembly);
42	+	//Unhook all hooks, as these are set after the previous call
43	+	HookManager.UnHookAll();
44	+	//Get the SHA-256 hash
45	+	string sampleSha256 = Hashes.Sha256(sample);
46	+	//Check if the list does not contain this item
47	+	if (AssemblyHashes.Contains(sampleSha256) == false)
48	+	{
49	+	//Add the hash to the list
50	+	AssemblyHashes.Add(sampleSha256);
51	+	}
52	+	}
53	+
54	+	//Declare and initialise the list for the saved assemblies
55	+	List<Hash> savedAssemblies = new List<Hash>();
56	+
57	+	//Get all the assemblies in the current domain
58	+	Assembly[] assemblies = AppDomain.CurrentDomain.GetAssemblies();
59	+	//Iterate over all assemblies within the current domain
60	+	foreach (Assembly assembly in assemblies)
61	+	{
62	+	//Omit framework related objects, as well as DotDumper itself
63	+	if (assembly.GlobalAssemblyCache \|\|
64	+	assembly.GetName().FullName.ToLowerInvariant().Contains("dotdumper"))
65	+	{
66	+	continue;
67	+	}
68	+	try
69	+	{
70	+	//Get the raw bytes of the assembly
71	+	byte[] rawAssembly = GenericHookHelper.GetAsByteArray(assembly);
72	+	//Unhook all hooks, as these are set via the previous call
73	+	HookManager.UnHookAll();
74	+	//Get the SHA-256 hash of the given assembly object's bytes
75	+	string sha256 = Hashes.Sha256(rawAssembly);
76	+
77	+	//Only save assemblies that haven't been saved before during this run
78	+	if (AssemblyHashes.Contains(sha256) == false)
79	+	{
80	+	//Save the file, and store the SHA-256 hash in the list of processed assembly objects, and store the Hash object in the saved assemblies list
81	+	Tuple<string, Hash> result = GenericHookHelper.SaveFile(rawAssembly);
82	+	HookManager.UnHookAll();
83	+	savedAssemblies.Add(result.Item2);
84	+	AssemblyHashes.Add(result.Item2.Sha256);
85	+	}
86	+	}
87	+	catch (Exception ex)
88	+	{
89	+	//Ignore errors when trying to save an assembly object in its raw form. In some cases, DotNet Framework related assembly objects cause errors when attempting to save them, i.e. when they are dynamically generated
90	+	}
91	+	}
92	+
93	+	//If at least 1 assembly has been saved (and was thus missed), this should be logged
94	+	if (savedAssemblies.Count > 0)
95	+	{
96	+	//Create a nearly empty log entry object with the relevant information
97	+	LogEntry entry = new LogEntry(null, null, null, null, null, savedAssemblies, "periodic assembly dumping", null, null, null, null);
98	+	//Log the entry to all relevant logs
99	+	GenericHookHelper._Logger.Log(entry, false, false);
100	+	}
101	+	//Set all hooks prior to returning to the caller
102	+	HookManager.HookAll();
103	+	}
104	+	}
105	+	}
106	+

■ ■ ■ ■ ■ ■

DotDumper/Helpers/RaceConditionHandler.cs

1	+	using System.Threading;
2	+	using DotDumper.Hooks;
3	+	using System;
4	+	using System.Collections.Generic;
5	+
6	+	namespace DotDumper.Helpers
7	+	{
8	+	/// <summary>
9	+	/// This class handles the race condition that allows to rehook invoke related functions during their execution
10	+	/// </summary>
11	+	class RaceConditionHandler
12	+	{
13	+	/// <summary>
14	+	/// The dictionary that contains all timers (as multiple can be created via multiple threads), where a GUID is the key, and the timer object is the value
15	+	/// </summary>
16	+	private static readonly Dictionary<string, Timer> timers = new Dictionary<string, Timer>();
17	+
18	+	/// <summary>
19	+	/// This function unhooks the given hook based on its name, after which it waits 20 milliseconds. It then calls the timer callback function, which rehooks the given hook. The timer callback is only called once, after which the Timer object is destroyed.
20	+	/// </summary>
21	+	/// <param name="hookName">The function to unhook and rehook</param>
22	+	public static void StartTimer(string hookName)
23	+	{
24	+	//Create a string with the GUID and the hook name, split by a pipe
25	+	string data = hookName + "\|" + Guid.NewGuid().ToString();
26	+	//Unhook the hook
27	+	HookManager.UnHookByHookName(hookName);
28	+	//Create a timer object which calls the callback function once, after a 20 ms delay, using the data string as an argument
29	+	Timer timer = new Timer(TimerCallback, data, Config.RaceConditionDueTime, Timeout.Infinite); //Timeout.Infinite (aka -1) means no repeated calls, see https://docs.microsoft.com/en-us/dotnet/api/system.threading.timeout.infinite
30	+	//Add the timer to the dictionary
31	+	timers.Add(data, timer);
32	+
33	+	}
34	+
35	+	/// <summary>
36	+	/// The callback function for the timer that rehooks the unhooked function
37	+	/// </summary>
38	+	/// <param name="o">The function argument has to be an argument, but it is actually a string array in this case. The format should be "my-guid\|hookName"</param>
39	+	private static void TimerCallback(object o)
40	+	{
41	+	//Split the string into the GUID and function name respectively
42	+	string[] array = ((string)o).Split('\|');
43	+	//Set the hook again
44	+	HookManager.HookByHookName(array[0]);
45	+	//Get the GUID
46	+	string guid = array[1];
47	+	//Remove the GUID from the dictionary
48	+	timers.Remove(guid);
49	+	}
50	+	}
51	+	}
52	+

■ ■ ■ ■ ■ ■

DotDumper/Helpers/Serialise.cs

1	+	using System.IO;
2	+	using System.Reflection;
3	+	using System.Web.Script.Serialization;
4	+	using System.Xml.Serialization;
5	+	using DotDumper.Hooks;
6	+
7	+	namespace DotDumper.Helpers
8	+	{
9	+	/// <summary>
10	+	/// This class is used to convert a given object to JSON using the built-in JavaScriptSerializer object
11	+	/// </summary>
12	+	class Serialise
13	+	{
14	+	/// <summary>
15	+	/// Converts the given object into its JSON equivalent
16	+	/// </summary>
17	+	/// <param name="input">The object to obtain the JSON equivalent from</param>
18	+	/// <returns>The JSON equivalent of the given object</returns>
19	+	public static string ToJson(object input)
20	+	{
21	+	//If the input is null, return null in string format
22	+	if (input == null)
23	+	{
24	+	return "null";
25	+	}
26	+	//Remove all hooks
27	+	HookManager.UnHookAll();
28	+	//Initialise a serialiser object
29	+	JavaScriptSerializer serialiser = new JavaScriptSerializer();
30	+	//Serialise the input
31	+	string result = serialiser.Serialize(input);
32	+	//Restore all hooks
33	+	HookManager.HookAll();
34	+	//Return the result
35	+	return result;
36	+	}
37	+
38	+	/// <summary>
39	+	/// Converts the given object into its XML equivalent
40	+	/// </summary>
41	+	/// <param name="input">The object to obtain the XML equivalent from</param>
42	+	/// <returns>The XML equivalent of the given object</returns>
43	+	public static string ToXml(object input)
44	+	{
45	+	//If the input is null, return null in string format
46	+	if (input == null)
47	+	{
48	+	return "null";
49	+	}
50	+	//Remove all hooks
51	+	HookManager.UnHookAll();
52	+	//Initialise the serialiser objects
53	+	StringWriter stringWriter = new StringWriter();
54	+	XmlSerializer serialiser = new XmlSerializer(input.GetType());
55	+	//Serialise the input
56	+	serialiser.Serialize(stringWriter, input);
57	+	string result = stringWriter.ToString();
58	+	//Restore all hooks
59	+	HookManager.HookAll();
60	+	//Return the result
61	+	return result;
62	+
63	+	}
64	+
65	+	/// <summary>
66	+	/// Gets the given method as a string, formatted as "Full.ReturnType Full.Class.Path.With.Function(Complete.Argument.Type argumentName)". An example is "System.Reflection.Assembly System.Reflection.Assembly.Load(System.Byte[] rawAssembly)".
67	+	/// </summary>
68	+	/// <returns>The method's full name as a string, i.e. "System.Reflection.Assembly System.Reflection.Assembly.Load(System.Byte[] rawAssembly)"</returns>
69	+	public static string Method(MethodBase method)
70	+	{
71	+	//Declare and initialise the output variable
72	+	string output = "";
73	+	//If the input is null, the output is set to null in string form, which is then returned
74	+	if (method == null)
75	+	{
76	+	return "null";
77	+	}
78	+	//If the method is a MethodInfo instance (rather than the MethodBase object that is expected in the function's argument), which is possible as the MethodInfo object inherits the MethodBase class, the return type is accessible, and is subsequently used in the output
79	+	if (method is MethodInfo)
80	+	{
81	+	output += ((MethodInfo)method).ReturnType.FullName + " ";
82	+	}
83	+	//Get the declaring type, the functino name, and open the arguments bracket
84	+	output += method.DeclaringType + "." + method.Name + "(";
85	+
86	+	//Iterate over all parameters
87	+	foreach (ParameterInfo parameterInfo in method.GetParameters())
88	+	{
89	+	//Get the parameter type and name, and include a comma for the potential following argument
90	+	output += parameterInfo.ParameterType + " " + parameterInfo.Name + ", ";
91	+	}
92	+
93	+	//If there is at least 1 argument, and all argumguments have been iterated over
94	+	if (method.GetParameters().Length > 0)
95	+	{
96	+	//The last two characters are to be removed, which equal the comma and a space, as there is no following argument
97	+	output = output.Substring(0, output.Length - 2);
98	+	}
99	+	//The closing bracket is then added
100	+	output += ")";
101	+
102	+	//And finally the output is returned
103	+	return output;
104	+	}
105	+	}
106	+	}
107	+

■ ■ ■ ■ ■ ■

DotDumper/Helpers/StagnationHandler.cs

1	+	using System;
2	+	using DotDumper.HookHandlers;
3	+	using System.Runtime.InteropServices;
4	+	using DotDumper.Hooks;
5	+	using DotDumper.Models;
6	+
7	+	namespace DotDumper.Helpers
8	+	{
9	+	/// <summary>
10	+	/// A class which contains the stagnation timer's callback function. This function is called with an interval that is defined upon the timer's creation (see program.cs in the project's root).
11	+	/// If a third interval of the given time span passes without an increase logged messages, the callback function ensures that DotDumper is shut down. This is done to escape situations where
12	+	/// process injection took place (often with native functions) and DotDumper erroneously waits for the function to return (even though it wont until the malware stops its own execution).
13	+	/// When using a sandbox, this cuts down the runtime to the point where it only runs if DotDumper is actually active, thus saving time.
14	+	/// </summary>
15	+	class StagnationHandler
16	+	{
17	+	/// <summary>
18	+	/// The amount of logs that were logged by the logger
19	+	/// </summary>
20	+	private static int _Count = 0;
21	+
22	+	/// <summary>
23	+	/// The stage of the handler, where 0 is the start, and 2 is the moment to trigger the termination clause. The stage is increased with 1 every time the callback function is called and the amount of logs (as saved in count) is equal to the amount of logs the logger saved.
24	+	/// </summary>
25	+	private static int _Stage = 0;
26	+
27	+	/// <summary>
28	+	/// The stagnation handler timer's callback function, which is called at every interval of the timer
29	+	/// </summary>
30	+	/// <param name="o">Optional parameters, as specified by the interface, but not used by this instance of the timer</param>
31	+	public static void TimerCallback(object o)
32	+	{
33	+	//If the logging count and the current count are equal, raise the stage variable. The condition where the logging is empty is not a real case, as the reflective loading of the sample already creates a single log.
34	+	if (GenericHookHelper._Logger.Count == _Count)
35	+	{
36	+	_Stage++;
37	+	}
38	+	else //If the values are not equal, the local count variable is made equal to the amount of logs that were written, and the stage is set back to 0
39	+	{
40	+	_Count = GenericHookHelper._Logger.Count;
41	+	_Stage = 0;
42	+	}
43	+
44	+	//If the stage is equal to, or more than, two, it means that the timer has called this callback twice without the creation of a single log
45	+	if (_Stage >= 2)
46	+	{
47	+	//If the DEBUG variable set to false, it means it is running in a normal environment
48	+	if (Program.DEBUG == false)
49	+	{
50	+	//Remove all hooks
51	+	HookManager.UnHookAll();
52	+	//Create a new exception with a message
53	+	Exception ex = new Exception("DotDumper stagnated, and is shutting down!");
54	+	//Create a new log entry with the exception
55	+	LogEntry entry = LogEntryHelper.Create(0, ex);
56	+	//Log the entry
57	+	GenericHookHelper._Logger.Log(entry, true, true);
58	+	//Remove all hooks
59	+	HookManager.UnHookAll();
60	+	//Set the time a year ahead, forcing the sandbox to time out
61	+	SetTime();
62	+	//Exit normally, which is called directly as all hooks are removed
63	+	Environment.Exit(0);
64	+	}
65	+	}
66	+	}
67	+
68	+	/// <summary>
69	+	/// Sets the system date and time to a year in the future, forcing the sandbox to time out of its runtime
70	+	/// </summary>
71	+	public static void SetTime()
72	+	{
73	+	DateTime dateTime = DateTime.Now;
74	+	//Set the time to next year, forcing the sandbox to time out
75	+	SystemTime updatedTime = new SystemTime();
76	+	updatedTime.Year = (ushort)(dateTime.Year + 1);
77	+	updatedTime.Month = (ushort)12;
78	+	updatedTime.Day = (ushort)30;
79	+	updatedTime.Hour = (ushort)12;
80	+	updatedTime.Minute = (ushort)00;
81	+	updatedTime.Second = (ushort)0;
82	+
83	+	Win32SetSystemTime(ref updatedTime);
84	+	}
85	+
86	+	/// <summary>
87	+	/// The native import of the SetSystemTime function from kernel32.dll
88	+	/// </summary>
89	+	/// <param name="sysTime">A reference to an instance of the SystemTime struct</param>
90	+	/// <returns>True if set correctly, false if not</returns>
91	+	[DllImport("kernel32.dll", EntryPoint = "SetSystemTime", SetLastError = true)]
92	+	public extern static bool Win32SetSystemTime(ref SystemTime sysTime);
93	+
94	+	/// <summary>
95	+	/// The struct definition for the SystemTime struct
96	+	/// </summary>
97	+	public struct SystemTime
98	+	{
99	+	public ushort Year;
100	+	public ushort Month;
101	+	public ushort DayOfWeek;
102	+	public ushort Day;
103	+	public ushort Hour;
104	+	public ushort Minute;
105	+	public ushort Second;
106	+	public ushort Millisecond;
107	+	};
108	+	}
109	+	}
110	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Activator/ActivatorHooks.cs

1	+	using System;
2	+	using System.Configuration.Assemblies;
3	+	using System.Globalization;
4	+	using System.Reflection;
5	+	using System.Runtime.CompilerServices;
6	+	using System.Runtime.Remoting;
7	+	using System.Security.Policy;
8	+	using DotDumper.Hooks;
9	+
10	+	namespace DotDumper.HookHandlers
11	+	{
12	+	class ActivatorHooks
13	+	{
14	+	[MethodImpl(MethodImplOptions.NoInlining)]
15	+	public static ObjectHandle CreateComInstanceFromHookStringStringByteArrayAssemblyHashAlgorithm(string assemblyName, string typeName, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
16	+	{
17	+	//Declare the local variable to store the object in
18	+	ObjectHandle result;
19	+
20	+	//Enable the thread safe lock, as a launched program can be multi-threaded
21	+	lock (GenericHookHelper.SyncLock)
22	+	{
23	+	//Sets the title for the log
24	+	string functionName = "Activator.CreateComInstanceFrom(string assemblyName, string typeName, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)";
25	+
26	+	HookManager.UnHookByHookName("CreateComInstanceFromHookStringStringByteArrayAssemblyHashAlgorithm");
27	+	//Call the original function
28	+	result = Activator.CreateComInstanceFrom(assemblyName, typeName, hashValue, hashAlgorithm);
29	+	HookManager.HookByHookName("CreateComInstanceFromHookStringStringByteArrayAssemblyHashAlgorithm");
30	+
31	+	//Write the aggregated data to the log and the console
32	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateComInstanceFromStringStringByteArrayAssemblyHashAlgorithm(), new object[] { assemblyName, typeName, hashValue, hashAlgorithm }, result);
33	+	}
34	+
35	+	//Return the process object to the caller
36	+	return result;
37	+	}
38	+
39	+	[MethodImpl(MethodImplOptions.NoInlining)]
40	+	public static ObjectHandle CreateComInstanceFromHookStringString(string assemblyName, string typeName)
41	+	{
42	+	//Declare the local variable to store the object in
43	+	ObjectHandle result;
44	+
45	+	//Enable the thread safe lock, as a launched program can be multi-threaded
46	+	lock (GenericHookHelper.SyncLock)
47	+	{
48	+	//Within the DotNet framework, another CreateComInstance function is used, which is also hooked. To avoid duplicate entries in the logging, both are unhooked and rehooked
49	+	HookManager.UnHookByHookName("CreateComInstanceFromHookStringString");
50	+	HookManager.UnHookByHookName("CreateComInstanceFromHookStringStringByteArrayAssemblyHashAlgorithm");
51	+	//Call the original function
52	+	result = Activator.CreateComInstanceFrom(assemblyName, typeName);
53	+	HookManager.HookByHookName("CreateComInstanceFromHookStringString");
54	+	HookManager.HookByHookName("CreateComInstanceFromHookStringStringByteArrayAssemblyHashAlgorithm");
55	+
56	+	//Write the aggregated data to the log and the console
57	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateComInstanceFromStringString(), new object[] { assemblyName, typeName }, result);
58	+	}
59	+
60	+	//Return the process object to the caller
61	+	return result;
62	+	}
63	+
64	+	[MethodImpl(MethodImplOptions.NoInlining)]
65	+	public static object CreateInstanceHookType(Type type)
66	+	{
67	+	//Declare the local variable to store the object in
68	+	object result;
69	+
70	+	//Enable the thread safe lock, as a launched program can be multi-threaded
71	+	lock (GenericHookHelper.SyncLock)
72	+	{
73	+	//Double unhook due to DotNet internal wrappers, thereby avoiding double logging
74	+	HookManager.UnHookByHookName("CreateInstanceHookType");
75	+	HookManager.UnHookByHookName("CreateInstanceHookTypeBool");
76	+	//Call the original function
77	+	result = Activator.CreateInstance(type);
78	+	HookManager.HookByHookName("CreateInstanceHookType");
79	+	HookManager.HookByHookName("CreateInstanceHookTypeBool");
80	+
81	+	//Write the aggregated data to the log and the console
82	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceTypeBool(), new object[] { type }, result);
83	+	}
84	+
85	+	//Return the process object to the caller
86	+	return result;
87	+	}
88	+
89	+	[MethodImpl(MethodImplOptions.NoInlining)]
90	+	public static object CreateInstanceHookTypeBool(Type type, bool nonPublic)
91	+	{
92	+	//Declare the local variable to store the object in
93	+	object result;
94	+
95	+	//Enable the thread safe lock, as a launched program can be multi-threaded
96	+	lock (GenericHookHelper.SyncLock)
97	+	{
98	+	//Sets the title for the log
99	+	string functionName = "Activator.CreateInstance(Type type, bool nonPublic)";
100	+	//Process the given data via the helper class
101	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
102	+	HookManager.UnHookByHookName("CreateInstanceHookTypeBool");
103	+	//Call the original function
104	+	result = Activator.CreateInstance(type, nonPublic);
105	+	HookManager.HookByHookName("CreateInstanceHookTypeBool");
106	+
107	+	//Write the aggregated data to the log and the console
108	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceTypeBool(), new object[] { type, nonPublic }, result);
109	+	}
110	+
111	+	//Return the process object to the caller
112	+	return result;
113	+	}
114	+
115	+	[MethodImpl(MethodImplOptions.NoInlining)]
116	+	public static ObjectHandle CreateInstanceHookActivationContext(ActivationContext activationContext)
117	+	{
118	+	//Declare the local variable to store the object in
119	+	ObjectHandle result;
120	+
121	+	//Enable the thread safe lock, as a launched program can be multi-threaded
122	+	lock (GenericHookHelper.SyncLock)
123	+	{
124	+	//Sets the title for the log
125	+	string functionName = "Activator.CreateInstance(ActivationContext activationContext)";
126	+	//Process the given data via the helper class
127	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
128	+	HookManager.UnHookByHookName("CreateInstanceHookActivationContext");
129	+	//Call the original function
130	+	result = Activator.CreateInstance(activationContext);
131	+	HookManager.HookByHookName("CreateInstanceHookActivationContext");
132	+
133	+	//Write the aggregated data to the log and the console
134	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceActivationContext(), new object[] { activationContext }, result);
135	+	}
136	+
137	+	//Return the process object to the caller
138	+	return result;
139	+	}
140	+
141	+	[MethodImpl(MethodImplOptions.NoInlining)]
142	+	public static object CreateInstanceHookTypeObjectArray(Type type, params object[] args)
143	+	{
144	+	//Declare the local variable to store the object in
145	+	object result;
146	+
147	+	//Enable the thread safe lock, as a launched program can be multi-threaded
148	+	lock (GenericHookHelper.SyncLock)
149	+	{
150	+	//Double unhook due to
151	+	HookManager.UnHookByHookName("CreateInstanceHookTypeObjectArray");
152	+	HookManager.UnHookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
153	+	//Call the original function
154	+	result = Activator.CreateInstance(type, args);
155	+	HookManager.HookByHookName("CreateInstanceHookTypeObjectArray");
156	+	HookManager.HookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
157	+
158	+	//Write the aggregated data to the log and the console
159	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceActivationContext(), new object[] { type, args }, result);
160	+	}
161	+
162	+	//Return the process object to the caller
163	+	return result;
164	+	}
165	+
166	+	[MethodImpl(MethodImplOptions.NoInlining)]
167	+	public static object CreateInstanceHookStringString(string assemblyName, string typeName)
168	+	{
169	+	//Declare the local variable to store the object in
170	+	object result;
171	+
172	+	//Enable the thread safe lock, as a launched program can be multi-threaded
173	+	lock (GenericHookHelper.SyncLock)
174	+	{
175	+	//Sets the title for the log
176	+	string functionName = "Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)";
177	+	//Process the given data via the helper class
178	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
179	+	HookManager.UnHookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
180	+	//Call the original function
181	+	result = Activator.CreateInstance(assemblyName, typeName);
182	+	HookManager.HookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
183	+
184	+	//Write the aggregated data to the log and the console
185	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceStringString(), new object[] { assemblyName, typeName }, result);
186	+	}
187	+
188	+	//Return the process object to the caller
189	+	return result;
190	+	}
191	+
192	+	[MethodImpl(MethodImplOptions.NoInlining)]
193	+	public static object CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfo(Type type, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture)
194	+	{
195	+	//Declare the local variable to store the object in
196	+	object result;
197	+
198	+	//Enable the thread safe lock, as a launched program can be multi-threaded
199	+	lock (GenericHookHelper.SyncLock)
200	+	{
201	+	//Double unhook due to an internal wrapper within the DotNet framework
202	+	HookManager.UnHookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfo");
203	+	HookManager.UnHookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
204	+	//Call the original function
205	+	result = Activator.CreateInstance(type, bindingAttr, binder, args, culture);
206	+	HookManager.HookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfo");
207	+	HookManager.HookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
208	+
209	+	//Write the aggregated data to the log and the console
210	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceActivationContext(), new object[] { type, bindingAttr, binder, args, culture }, result);
211	+	}
212	+
213	+	//Return the process object to the caller
214	+	return result;
215	+	}
216	+
217	+	[MethodImpl(MethodImplOptions.NoInlining)]
218	+	public static object CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray(Type type, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)
219	+	{
220	+	//Declare the local variable to store the object in
221	+	object result;
222	+
223	+	//Enable the thread safe lock, as a launched program can be multi-threaded
224	+	lock (GenericHookHelper.SyncLock)
225	+	{
226	+	//Sets the title for the log
227	+	string functionName = "Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)";
228	+	//Process the given data via the helper class
229	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
230	+	HookManager.UnHookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
231	+	//Call the original function
232	+	result = Activator.CreateInstance(type, bindingAttr, binder, args, culture, activationAttributes);
233	+	HookManager.HookByHookName("CreateInstanceHookTypeBindingFlagsBinderObjectArrayCultureInfoObjectArray");
234	+
235	+	//Write the aggregated data to the log and the console
236	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceActivationContext(), new object[] { type, bindingAttr, binder, args, culture, activationAttributes }, result);
237	+	}
238	+
239	+	//Return the process object to the caller
240	+	return result;
241	+	}
242	+
243	+	[MethodImpl(MethodImplOptions.NoInlining)]
244	+	public static ObjectHandle CreateInstanceHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray(string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)
245	+	{
246	+	//Declare the local variable to store the object in
247	+	ObjectHandle result;
248	+
249	+	//Enable the thread safe lock, as a launched program can be multi-threaded
250	+	lock (GenericHookHelper.SyncLock)
251	+	{
252	+	//Sets the title for the log
253	+	string functionName = "Activator.CreateInstance(string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)";
254	+	//Process the given data via the helper class
255	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
256	+	HookManager.UnHookByHookName("CreateInstanceHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray");
257	+	//Call the original function
258	+	result = Activator.CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes);
259	+	HookManager.HookByHookName("CreateInstanceHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray");
260	+
261	+	//Write the aggregated data to the log and the console
262	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray(), new object[] { assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes }, result);
263	+	}
264	+
265	+	//Return the process object to the caller
266	+	return result;
267	+	}
268	+
269	+	[MethodImpl(MethodImplOptions.NoInlining)]
270	+	public static ObjectHandle CreateInstanceHookActivationContextStringArray(ActivationContext activationContext, string[] activationCustomData)
271	+	{
272	+	//Declare the local variable to store the object in
273	+	ObjectHandle result;
274	+
275	+	//Enable the thread safe lock, as a launched program can be multi-threaded
276	+	lock (GenericHookHelper.SyncLock)
277	+	{
278	+	//Sets the title for the log
279	+	string functionName = "Activator.CreateInstance(ActivationContext activationContext, string[] activationCustomData)";
280	+	//Process the given data via the helper class
281	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
282	+	HookManager.UnHookByHookName("CreateInstanceHookActivationContextStringArray");
283	+	//Call the original function
284	+	result = Activator.CreateInstance(activationContext, activationCustomData);
285	+	HookManager.HookByHookName("CreateInstanceHookActivationContextStringArray");
286	+
287	+	//Write the aggregated data to the log and the console
288	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceActivationContextStringArray(), new object[] { activationContext, activationCustomData }, result);
289	+	}
290	+
291	+	//Return the process object to the caller
292	+	return result;
293	+	}
294	+
295	+	[MethodImpl(MethodImplOptions.NoInlining)]
296	+	public static ObjectHandle CreateInstanceHookStringStringObjectArray(string assemblyName, string typeName, object[] activationAttributes)
297	+	{
298	+	//Declare the local variable to store the object in
299	+	ObjectHandle result;
300	+
301	+	//Enable the thread safe lock, as a launched program can be multi-threaded
302	+	lock (GenericHookHelper.SyncLock)
303	+	{
304	+	//Sets the title for the log
305	+	string functionName = "Activator.CreateInstance(string assemblyName, string typeName, object[] activationAttributes)";
306	+	//Process the given data via the helper class
307	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
308	+	HookManager.UnHookByHookName("CreateInstanceHookStringStringObjectArray");
309	+	//Call the original function
310	+	result = Activator.CreateInstance(assemblyName, typeName, activationAttributes);
311	+	HookManager.HookByHookName("CreateInstanceHookStringStringObjectArray");
312	+
313	+	//Write the aggregated data to the log and the console
314	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceStringStringObjectArray(), new object[] { assemblyName, typeName, activationAttributes }, result);
315	+	}
316	+
317	+	//Return the process object to the caller
318	+	return result;
319	+	}
320	+
321	+	[MethodImpl(MethodImplOptions.NoInlining)]
322	+	public static ObjectHandle CreateInstanceHookAppDomainStringString(AppDomain domain, string assemblyName, string typeName)
323	+	{
324	+	//Declare the local variable to store the object in
325	+	ObjectHandle result;
326	+
327	+	//Enable the thread safe lock, as a launched program can be multi-threaded
328	+	lock (GenericHookHelper.SyncLock)
329	+	{
330	+	//Sets the title for the log
331	+	string functionName = "Activator.CreateInstance(AppDomain domain, string assemblyName, string typeName)";
332	+	//Process the given data via the helper class
333	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
334	+	HookManager.UnHookByHookName("CreateInstanceHookAppDomainStringString");
335	+	//Call the original function
336	+	result = Activator.CreateInstance(domain, assemblyName, typeName);
337	+	HookManager.HookByHookName("CreateInstanceHookAppDomainStringString");
338	+
339	+	//Write the aggregated data to the log and the console
340	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceAppDomainStringString(), new object[] { domain, assemblyName, typeName }, result);
341	+	}
342	+
343	+	//Return the process object to the caller
344	+	return result;
345	+	}
346	+
347	+	[MethodImpl(MethodImplOptions.NoInlining)]
348	+	public static ObjectHandle CreateInstanceHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityInfo)
349	+	{
350	+	//Declare the local variable to store the object in
351	+	ObjectHandle result;
352	+
353	+	//Enable the thread safe lock, as a launched program can be multi-threaded
354	+	lock (GenericHookHelper.SyncLock)
355	+	{
356	+	//Sets the title for the log
357	+	string functionName = "Activator.CreateInstance(string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityInfo)";
358	+	//Process the given data via the helper class
359	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
360	+	HookManager.UnHookByHookName("CreateInstanceHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
361	+	//Call the original function
362	+	result = Activator.CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityInfo);
363	+	HookManager.HookByHookName("CreateInstanceHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
364	+
365	+	//Write the aggregated data to the log and the console
366	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(), new object[] { assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityInfo }, result);
367	+	}
368	+
369	+	//Return the process object to the caller
370	+	return result;
371	+	}
372	+
373	+	[MethodImpl(MethodImplOptions.NoInlining)]
374	+	public static ObjectHandle CreateInstanceHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray(AppDomain domain, string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)
375	+	{
376	+	//Declare the local variable to store the object in
377	+	ObjectHandle result;
378	+
379	+	//Enable the thread safe lock, as a launched program can be multi-threaded
380	+	lock (GenericHookHelper.SyncLock)
381	+	{
382	+	//Sets the title for the log
383	+	string functionName = "Activator.CreateInstance(AppDomain domain, string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)";
384	+	//Process the given data via the helper class
385	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
386	+	HookManager.UnHookByHookName("CreateInstanceHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray");
387	+	//Call the original function
388	+	result = Activator.CreateInstance(domain, assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes);
389	+	HookManager.HookByHookName("CreateInstanceHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray");
390	+
391	+	//Write the aggregated data to the log and the console
392	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray(), new object[] { domain, assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes }, result);
393	+	}
394	+
395	+	//Return the process object to the caller
396	+	return result;
397	+	}
398	+
399	+	[MethodImpl(MethodImplOptions.NoInlining)]
400	+	public static ObjectHandle CreateInstanceHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(AppDomain domain, string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityAttributes)
401	+	{
402	+	//Declare the local variable to store the object in
403	+	ObjectHandle result;
404	+
405	+	//Enable the thread safe lock, as a launched program can be multi-threaded
406	+	lock (GenericHookHelper.SyncLock)
407	+	{
408	+	//Sets the title for the log
409	+	string functionName = "Activator.CreateInstance(AppDomain domain, string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityAttributes)";
410	+	//Process the given data via the helper class
411	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
412	+	HookManager.UnHookByHookName("CreateInstanceHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
413	+	//Call the original function
414	+	result = Activator.CreateInstance(domain, assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes);
415	+	HookManager.HookByHookName("CreateInstanceHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
416	+
417	+	//Write the aggregated data to the log and the console
418	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(), new object[] { domain, assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes }, result);
419	+	}
420	+
421	+	//Return the process object to the caller
422	+	return result;
423	+	}
424	+
425	+	[MethodImpl(MethodImplOptions.NoInlining)]
426	+	public static ObjectHandle CreateInstanceFromHookAppDomainStringString(AppDomain domain, string assemblyFile, string typeName)
427	+	{
428	+	//Declare the local variable to store the object in
429	+	ObjectHandle result;
430	+
431	+	//Enable the thread safe lock, as a launched program can be multi-threaded
432	+	lock (GenericHookHelper.SyncLock)
433	+	{
434	+	//Sets the title for the log
435	+	string functionName = "Activator.CreateInstanceFrom(AppDomain domain, string assemblyName, string typeName)";
436	+	//Process the given data via the helper class
437	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
438	+	HookManager.UnHookByHookName("CreateInstanceFromHookAppDomainStringString");
439	+	//Call the original function
440	+	result = Activator.CreateInstanceFrom(domain, assemblyFile, typeName);
441	+	HookManager.HookByHookName("CreateInstanceFromHookAppDomainStringString");
442	+
443	+	//Write the aggregated data to the log and the console
444	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceFromAppDomainStringString(), new object[] { domain, assemblyFile, typeName }, result);
445	+	}
446	+
447	+	//Return the process object to the caller
448	+	return result;
449	+	}
450	+
451	+	[MethodImpl(MethodImplOptions.NoInlining)]
452	+	public static ObjectHandle CreateInstanceFromHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityInfo)
453	+	{
454	+	//Declare the local variable to store the object in
455	+	ObjectHandle result;
456	+
457	+	//Enable the thread safe lock, as a launched program can be multi-threaded
458	+	lock (GenericHookHelper.SyncLock)
459	+	{
460	+	//Sets the title for the log
461	+	string functionName = "Activator.CreateInstanceFrom(string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityInfo)";
462	+	//Process the given data via the helper class
463	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
464	+	HookManager.UnHookByHookName("CreateInstanceFromHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
465	+	//Call the original function
466	+	result = Activator.CreateInstanceFrom(assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityInfo);
467	+	HookManager.HookByHookName("CreateInstanceFromHookStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
468	+
469	+	//Write the aggregated data to the log and the console
470	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceFromStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(), new object[] { assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityInfo }, result);
471	+	}
472	+
473	+	//Return the process object to the caller
474	+	return result;
475	+	}
476	+
477	+	[MethodImpl(MethodImplOptions.NoInlining)]
478	+	public static ObjectHandle CreateInstanceFromHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray(AppDomain domain, string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)
479	+	{
480	+	//Declare the local variable to store the object in
481	+	ObjectHandle result;
482	+
483	+	//Enable the thread safe lock, as a launched program can be multi-threaded
484	+	lock (GenericHookHelper.SyncLock)
485	+	{
486	+	//Sets the title for the log
487	+	string functionName = "Activator.CreateInstanceFrom(AppDomain domain, string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)";
488	+	//Process the given data via the helper class
489	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
490	+	HookManager.UnHookByHookName("CreateInstanceFromHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray");
491	+	//Call the original function
492	+	result = Activator.CreateInstanceFrom(domain, assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes);
493	+	HookManager.HookByHookName("CreateInstanceFromHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray");
494	+
495	+	//Write the aggregated data to the log and the console
496	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceFromAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArray(), new object[] { domain, assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes }, result);
497	+	}
498	+
499	+	//Return the process object to the caller
500	+	return result;
501	+	}
502	+
503	+	[MethodImpl(MethodImplOptions.NoInlining)]
504	+	public static ObjectHandle CreateInstanceFromHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(AppDomain domain, string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityAttributes)
505	+	{
506	+	//Declare the local variable to store the object in
507	+	ObjectHandle result;
508	+
509	+	//Enable the thread safe lock, as a launched program can be multi-threaded
510	+	lock (GenericHookHelper.SyncLock)
511	+	{
512	+	//Sets the title for the log
513	+	string functionName = "Activator.CreateInstanceFrom(AppDomain domain, string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityAttributes)";
514	+	//Process the given data via the helper class
515	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
516	+	HookManager.UnHookByHookName("CreateInstanceFromHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
517	+	//Call the original function
518	+	result = Activator.CreateInstanceFrom(domain, assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes);
519	+	HookManager.HookByHookName("CreateInstanceFromHookAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence");
520	+
521	+	//Write the aggregated data to the log and the console
522	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceFromAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(), new object[] { domain, assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes }, result);
523	+	}
524	+
525	+	//Return the process object to the caller
526	+	return result;
527	+	}
528	+
529	+	[MethodImpl(MethodImplOptions.NoInlining)]
530	+	public static ObjectHandle CreateInstanceFromHookStringString(string assemblyFile, string typeName)
531	+	{
532	+	//Declare the local variable to store the object in
533	+	ObjectHandle result;
534	+
535	+	//Enable the thread safe lock, as a launched program can be multi-threaded
536	+	lock (GenericHookHelper.SyncLock)
537	+	{
538	+	//Multi unhooking due to DotNet wrapper calls
539	+	HookManager.UnHookByHookName("CreateInstanceFromHookStringString");
540	+	HookManager.UnHookByHookName("CreateInstanceFromHookStringStringObjectArray");
541	+	HookManager.UnHookByHookName("CreateInstanceFromHookStringStringBoolBindingFlagsBinderObjectArrayCultureInfoObjectArray");
542	+	//Call the original function
543	+	result = Activator.CreateInstanceFrom(assemblyFile, typeName);
544	+	HookManager.HookByHookName("CreateInstanceFromHookStringString");
545	+	HookManager.HookByHookName("CreateInstanceFromHookStringStringObjectArray");
546	+	HookManager.HookByHookName("CreateInstanceFromHookStringStringBoolBindingFlagsBinderObjectArrayCultureInfoObjectArray");
547	+
548	+	//Write the aggregated data to the log and the console
549	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceFromStringString(), new object[] { assemblyFile, typeName }, result);
550	+	}
551	+
552	+	//Return the process object to the caller
553	+	return result;
554	+	}
555	+
556	+	[MethodImpl(MethodImplOptions.NoInlining)]
557	+	public static ObjectHandle CreateInstanceFromHookStringStringObjectArray(string assemblyFile, string typeName, object[] activationAttributes)
558	+	{
559	+	//Declare the local variable to store the object in
560	+	ObjectHandle result;
561	+
562	+	//Enable the thread safe lock, as a launched program can be multi-threaded
563	+	lock (GenericHookHelper.SyncLock)
564	+	{
565	+	//Sets the title for the log
566	+	string functionName = "Activator.CreateInstanceFrom(AppDomain domain, string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes, Evidence securityAttributes)";
567	+	//Process the given data via the helper class
568	+	//MethodBaseHooksHelper.Invoke(methodBase, functionName, parameters);
569	+	HookManager.UnHookByHookName("CreateInstanceFromHookStringStringObjectArray");
570	+	HookManager.UnHookByHookName("CreateInstanceFromHookStringStringBoolBindingFlagsBinderObjectArrayCultureInfoObjectArray");
571	+	//Call the original function
572	+	result = Activator.CreateInstanceFrom(assemblyFile, typeName, activationAttributes);
573	+	HookManager.HookByHookName("CreateInstanceFromHookStringStringObjectArray");
574	+	HookManager.HookByHookName("CreateInstanceFromHookStringStringBoolBindingFlagsBinderObjectArrayCultureInfoObjectArray");
575	+
576	+	//Write the aggregated data to the log and the console
577	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceFromAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(), new object[] { assemblyFile, typeName, activationAttributes }, result);
578	+	}
579	+
580	+	//Return the process object to the caller
581	+	return result;
582	+	}
583	+
584	+	[MethodImpl(MethodImplOptions.NoInlining)]
585	+	public static ObjectHandle CreateInstanceFromHookStringStringBoolBindingFlagsBinderObjectArrayCultureInfoObjectArray(string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes)
586	+	{
587	+	//Declare the local variable to store the object in
588	+	ObjectHandle result;
589	+
590	+	//Enable the thread safe lock, as a launched program can be multi-threaded
591	+	lock (GenericHookHelper.SyncLock)
592	+	{
593	+	//Multi unhook due to internal wrappers in the DotNet framework
594	+	HookManager.UnHookByHookName("CreateInstanceFromHookStringStringBoolBindingFlagsBinderObjectArrayCultureInfoObjectArray");
595	+	//Call the original function
596	+	result = Activator.CreateInstanceFrom(assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes);
597	+	HookManager.HookByHookName("CreateInstanceFromHookStringStringBoolBindingFlagsBinderObjectArrayCultureInfoObjectArray");
598	+
599	+	//Write the aggregated data to the log and the console
600	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.ActivatorCreateInstanceFromAppDomainStringStringBooleanBindingFlagsBinderObjectArrayCultureInfoObjectArrayEvidence(), new object[] { assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes }, result);
601	+	}
602	+
603	+	//Return the process object to the caller
604	+	return result;
605	+	}
606	+	}
607	+	}
608	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Assembly/AssemblyHooks.cs

1	+	using System.Configuration.Assemblies;
2	+	using System.Reflection;
3	+	using System.Runtime.CompilerServices;
4	+	using System.Security;
5	+	using System.Security.Policy;
6	+	using DotDumper.Hooks;
7	+
8	+	namespace DotDumper.HookHandlers
9	+	{
10	+	class AssemblyHooks
11	+	{
12	+	[MethodImpl(MethodImplOptions.NoInlining)]
13	+	public static Assembly GetEntryAssemblyHook()
14	+	{
15	+	return GenericHookHelper.OriginalAssembly;
16	+	}
17	+
18	+	[MethodImpl(MethodImplOptions.NoInlining)]
19	+	public static Assembly GetExecutingAssemblyHook()
20	+	{
21	+	return GenericHookHelper.OriginalAssembly;
22	+	}
23	+
24	+	[MethodImpl(MethodImplOptions.NoInlining)]
25	+	public static Assembly LoadHookByteArray(byte[] rawAssembly)
26	+	{
27	+	//Declare the local variable to store the assembly in
28	+	Assembly assembly;
29	+
30	+	//Enable the thread safe lock, as a launched program can be multi-threaded
31	+	lock (GenericHookHelper.SyncLock)
32	+	{
33	+	//Disable the placed hook
34	+	HookManager.UnHookByHookName("LoadHookByteArray");
35	+	//Call the original function
36	+	assembly = Assembly.Load(rawAssembly);
37	+	//Restore the hook
38	+	HookManager.HookByHookName("LoadHookByteArray");
39	+
40	+
41	+	//Sets the title for the log
42	+	string functionName = "Assembly.Load(byte[] rawAssembly)";
43	+	//Write the aggregated data to the log and the console
44	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadByteArray(), new object[] { rawAssembly }, assembly);
45	+	}
46	+
47	+	//Return the assembly to the caller
48	+	return assembly;
49	+	}
50	+
51	+	[MethodImpl(MethodImplOptions.NoInlining)]
52	+	public static Assembly LoadHookString(string assemblyString)
53	+	{
54	+	//Declare the local variable to store the assembly in
55	+	Assembly assembly;
56	+
57	+	//Enable the thread safe lock, as a launched program can be multi-threaded
58	+	lock (GenericHookHelper.SyncLock)
59	+	{
60	+	//Disable the placed hook
61	+	HookManager.UnHookByHookName("LoadHookString");
62	+	//Call the original function
63	+	assembly = Assembly.Load(assemblyString);
64	+	//Restore the hook
65	+	HookManager.HookByHookName("LoadHookString");
66	+
67	+	//Sets the title for the log
68	+	string functionName = "Assembly.Load(string assemblyString)";
69	+	//Write the aggregated data to the log and the console
70	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadString(), new object[] { assemblyString }, assembly);
71	+	}
72	+
73	+	//Return the assembly to the caller
74	+	return assembly;
75	+	}
76	+
77	+	[MethodImpl(MethodImplOptions.NoInlining)]
78	+	public static Assembly LoadHookStringEvidence(string assemblyString, Evidence assemblySecurity)
79	+	{
80	+	//Declare the local variable to store the assembly in
81	+	Assembly assembly;
82	+
83	+	//Enable the thread safe lock, as a launched program can be multi-threaded
84	+	lock (GenericHookHelper.SyncLock)
85	+	{
86	+	//Disable the placed hook
87	+	HookManager.UnHookByHookName("LoadHookStringEvidence");
88	+	//Call the original function
89	+	assembly = Assembly.Load(assemblyString, assemblySecurity);
90	+	//Restore the hook
91	+	HookManager.HookByHookName("LoadHookStringEvidence");
92	+
93	+	//Sets the title for the log
94	+	string functionName = "Assembly.Load(String assemblyString, Evidence assemblySecurity)";
95	+	//Write the aggregated data to the log and the console
96	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadStringEvidence(), new object[] { assemblyString, assemblySecurity }, assembly);
97	+	}
98	+
99	+	//Return the assembly to the caller
100	+	return assembly;
101	+	}
102	+
103	+	[MethodImpl(MethodImplOptions.NoInlining)]
104	+	public static Assembly LoadHookByteArrayByteArrayEvidence(byte[] rawAssembly, byte[] rawSymbolStore, Evidence securityEvidence)
105	+	{
106	+	//Declare the local variable to store the assembly in
107	+	Assembly assembly;
108	+
109	+	//Enable the thread safe lock, as a launched program can be multi-threaded
110	+	lock (GenericHookHelper.SyncLock)
111	+	{
112	+	//Disable the placed hook
113	+	HookManager.UnHookByHookName("LoadHookByteArrayByteArrayEvidence");
114	+	//Call the original function
115	+	assembly = Assembly.Load(rawAssembly, rawSymbolStore, securityEvidence);
116	+	//Restore the hook
117	+	HookManager.HookByHookName("LoadHookByteArrayByteArrayEvidence");
118	+
119	+	//Sets the title for the log
120	+	string functionName = "Assembly.Load(byte[] rawAssembly, byte[] rawSymbolStore, Evidence securityEvidence)";
121	+	//Write the aggregated data to the log and the console
122	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadByteArrayByteArrayEvidence(), new object[] { rawAssembly, rawSymbolStore, securityEvidence }, assembly);
123	+	}
124	+
125	+	//Return the assembly to the caller
126	+	return assembly;
127	+	}
128	+
129	+	[MethodImpl(MethodImplOptions.NoInlining)]
130	+	public static Assembly LoadHookAssemblyName(AssemblyName assemblyRef)
131	+	{
132	+	//Declare the local variable to store the assembly in
133	+	Assembly assembly;
134	+
135	+	//Enable the thread safe lock, as a launched program can be multi-threaded
136	+	lock (GenericHookHelper.SyncLock)
137	+	{
138	+	//Disable the placed hook
139	+	HookManager.UnHookByHookName("LoadHookAssemblyName");
140	+	//Call the original function
141	+	assembly = Assembly.Load(assemblyRef);
142	+	//Restore the hook
143	+	HookManager.HookByHookName("LoadHookAssemblyName");
144	+
145	+	//Sets the title for the log
146	+	string functionName = "Assembly.Load(AssemblyName assemblyRef)";
147	+	//Write the aggregated data to the log and the console
148	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadAssemblyName(), new object[] { assemblyRef }, assembly);
149	+	}
150	+
151	+	//Return the assembly to the caller
152	+	return assembly;
153	+	}
154	+
155	+	[MethodImpl(MethodImplOptions.NoInlining)]
156	+	public static Assembly LoadHookAssemblyNameEvidence(AssemblyName assemblyRef, Evidence assemblySecurity)
157	+	{
158	+	//Declare the local variable to store the assembly in
159	+	Assembly assembly;
160	+
161	+	//Enable the thread safe lock, as a launched program can be multi-threaded
162	+	lock (GenericHookHelper.SyncLock)
163	+	{
164	+	//Disable the placed hook
165	+	HookManager.UnHookByHookName("LoadHookAssemblyNameEvidence");
166	+	//Call the original function
167	+	assembly = Assembly.Load(assemblyRef, assemblySecurity);
168	+	//Restore the hook
169	+	HookManager.HookByHookName("LoadHookAssemblyNameEvidence");
170	+
171	+	//Sets the title for the log
172	+	string functionName = "Assembly.Load(AssemblyName assemblyRef, Evidence assemblySecurity)";
173	+	//Write the aggregated data to the log and the console
174	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadAssemblyNameEvidence(), new object[] { assemblyRef, assemblySecurity }, assembly);
175	+	}
176	+
177	+	//Return the assembly to the caller
178	+	return assembly;
179	+	}
180	+
181	+	[MethodImpl(MethodImplOptions.NoInlining)]
182	+	public static Assembly LoadHookByteArrayByteArraySecurityContextSource(byte[] rawAssembly, byte[] rawSymbolStore, SecurityContextSource securityContextSource)
183	+	{
184	+	//Declare the local variable to store the assembly in
185	+	Assembly assembly;
186	+
187	+	//Enable the thread safe lock, as a launched program can be multi-threaded
188	+	lock (GenericHookHelper.SyncLock)
189	+	{
190	+	//Disable the placed hook
191	+	HookManager.UnHookByHookName("LoadHookByteArrayByteArraySecurityContextSource");
192	+	//Call the original function
193	+	assembly = Assembly.Load(rawAssembly, rawSymbolStore, securityContextSource);
194	+	//Restore the hook
195	+	HookManager.HookByHookName("LoadHookByteArrayByteArraySecurityContextSource");
196	+
197	+	//Sets the title for the log
198	+	string functionName = "Assembly.Load(byte[] rawAssembly, byte[] rawSymbolStore, SecurityContextSource securityContextSource)";
199	+	//Write the aggregated data to the log and the console
200	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadByteArrayByteArraySecurityContextSource(), new object[] { rawAssembly, rawSymbolStore, securityContextSource }, assembly);
201	+	}
202	+
203	+	//Return the assembly to the caller
204	+	return assembly;
205	+	}
206	+
207	+	[MethodImpl(MethodImplOptions.NoInlining)]
208	+	public static Assembly LoadHookByteArrayByteArray(byte[] rawAssembly, byte[] rawSymbolStore)
209	+	{
210	+	//Declare the local variable to store the assembly in
211	+	Assembly assembly;
212	+
213	+	//Enable the thread safe lock, as a launched program can be multi-threaded
214	+	lock (GenericHookHelper.SyncLock)
215	+	{
216	+	//Disable the placed hook
217	+	HookManager.UnHookByHookName("LoadHookByteArrayByteArray");
218	+	//Call the original function
219	+	assembly = Assembly.Load(rawAssembly, rawSymbolStore);
220	+	//Restore the hook
221	+	HookManager.HookByHookName("LoadHookByteArrayByteArray");
222	+
223	+	//Sets the title for the log
224	+	string functionName = "Assembly.Load(byte[] rawAssembly, byte[] rawSymbolStore)";
225	+	//Write the aggregated data to the log and the console
226	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadByteArrayByteArray(), new object[] { rawAssembly, rawSymbolStore }, assembly);
227	+	}
228	+
229	+	//Return the assembly to the caller
230	+	return assembly;
231	+	}
232	+
233	+	[MethodImpl(MethodImplOptions.NoInlining)]
234	+	public static Assembly LoadFileHookString(string path)
235	+	{
236	+	//Declare the local variable to store the assembly in
237	+	Assembly assembly;
238	+
239	+	//Enable the thread safe lock, as a launched program can be multi-threaded
240	+	lock (GenericHookHelper.SyncLock)
241	+	{
242	+	//Disable the placed hook
243	+	HookManager.UnHookByHookName("LoadFileHookString");
244	+	//Call the original function
245	+	assembly = Assembly.LoadFile(path);
246	+	//Restore the hook
247	+	HookManager.HookByHookName("LoadFileHookString");
248	+
249	+	//Sets the title for the log
250	+	string functionName = "Assembly.LoadFile(string path)";
251	+	//Write the aggregated data to the log and the console
252	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadFileString(), new object[] { path }, assembly);
253	+	}
254	+
255	+	//Return the assembly to the caller
256	+	return assembly;
257	+	}
258	+
259	+	[MethodImpl(MethodImplOptions.NoInlining)]
260	+	public static Assembly LoadFileHookStringEvidence(string path, Evidence securityEvidence)
261	+	{
262	+	//Declare the local variable to store the assembly in
263	+	Assembly assembly;
264	+
265	+	//Enable the thread safe lock, as a launched program can be multi-threaded
266	+	lock (GenericHookHelper.SyncLock)
267	+	{
268	+	//Disable the placed hook
269	+	HookManager.UnHookByHookName("LoadFileHookStringEvidence");
270	+	//Call the original function
271	+	assembly = Assembly.LoadFile(path, securityEvidence);
272	+	//Restore the hook
273	+	HookManager.HookByHookName("LoadFileHookStringEvidence");
274	+
275	+	//Sets the title for the log
276	+	string functionName = "Assembly.LoadFile(string path, Evidence securityEvidence)";
277	+	//Write the aggregated data to the log and the console
278	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadFileStringEvidence(), new object[] { path, securityEvidence }, assembly);
279	+	}
280	+
281	+	//Return the assembly to the caller
282	+	return assembly;
283	+	}
284	+
285	+
286	+	[MethodImpl(MethodImplOptions.NoInlining)]
287	+	public static Assembly LoadFromHookString(string assemblyFile)
288	+	{
289	+	//Declare the local variable to store the assembly in
290	+	Assembly assembly;
291	+
292	+	//Enable the thread safe lock, as a launched program can be multi-threaded
293	+	lock (GenericHookHelper.SyncLock)
294	+	{
295	+	//Disable the placed hook
296	+	HookManager.UnHookByHookName("LoadFromHookString");
297	+	//Call the original function
298	+	assembly = Assembly.LoadFrom(assemblyFile);
299	+	//Restore the hook
300	+	HookManager.HookByHookName("LoadFromHookString");
301	+
302	+	//Sets the title for the log
303	+	string functionName = "Assembly.LoadFrom(string assemblyFile)";
304	+	//Write the aggregated data to the log and the console
305	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadFromString(), new object[] { assemblyFile }, assembly);
306	+	}
307	+
308	+	//Return the assembly to the caller
309	+	return assembly;
310	+	}
311	+
312	+	[MethodImpl(MethodImplOptions.NoInlining)]
313	+	public static Assembly LoadFromHookStringEvidence(string assemblyFile, Evidence securityEvidence)
314	+	{
315	+	//Declare the local variable to store the assembly in
316	+	Assembly assembly;
317	+
318	+	//Enable the thread safe lock, as a launched program can be multi-threaded
319	+	lock (GenericHookHelper.SyncLock)
320	+	{
321	+	//Disable the placed hook
322	+	HookManager.UnHookByHookName("LoadFromHookStringEvidence");
323	+	//Call the original function
324	+	assembly = Assembly.LoadFrom(assemblyFile, securityEvidence);
325	+	//Restore the hook
326	+	HookManager.HookByHookName("LoadFromHookStringEvidence");
327	+
328	+	//Sets the title for the log
329	+	string functionName = "Assembly.LoadFrom(string assemblyFile, Evidence securityEvidence)";
330	+	//Write the aggregated data to the log and the console
331	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadFromStringEvidence(), new object[] { assemblyFile, securityEvidence }, assembly);
332	+	}
333	+
334	+	//Return the assembly to the caller
335	+	return assembly;
336	+	}
337	+
338	+
339	+	[MethodImpl(MethodImplOptions.NoInlining)]
340	+	public static Assembly LoadFromHookStringEvidenceByteArrayAssemblyHashAlgorithm(string assemblyFile, Evidence securityEvidence, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
341	+	{
342	+	//Declare the local variable to store the assembly in
343	+	Assembly assembly;
344	+
345	+	//Enable the thread safe lock, as a launched program can be multi-threaded
346	+	lock (GenericHookHelper.SyncLock)
347	+	{
348	+	//Disable the placed hook
349	+	HookManager.UnHookByHookName("LoadFromHookStringEvidenceByteArrayAssemblyHashAlgorithm");
350	+	//Call the original function
351	+	assembly = Assembly.LoadFrom(assemblyFile, securityEvidence, hashValue, hashAlgorithm);
352	+	//Restore the hook
353	+	HookManager.HookByHookName("LoadFromHookStringEvidenceByteArrayAssemblyHashAlgorithm");
354	+
355	+	//Sets the title for the log
356	+	string functionName = "Assembly.LoadFrom(string assemblyFile, Evidence securityEvidence, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)";
357	+	//Write the aggregated data to the log and the console
358	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadFromStringEvidenceByteArrayAssemblyHashAlgorithm(), new object[] { assemblyFile, securityEvidence, hashValue, hashAlgorithm }, assembly);
359	+	}
360	+
361	+	//Return the assembly to the caller
362	+	return assembly;
363	+	}
364	+
365	+	[MethodImpl(MethodImplOptions.NoInlining)]
366	+	public static Assembly LoadFromHookStringByteArrayAssemblyHashAlgorithm(string assemblyFile, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)
367	+	{
368	+	//Declare the local variable to store the assembly in
369	+	Assembly assembly;
370	+
371	+	//Enable the thread safe lock, as a launched program can be multi-threaded
372	+	lock (GenericHookHelper.SyncLock)
373	+	{
374	+	//Disable the placed hook
375	+	HookManager.UnHookByHookName("LoadFromHookStringByteArrayAssemblyHashAlgorithm");
376	+	//Call the original function
377	+	assembly = Assembly.LoadFrom(assemblyFile, hashValue, hashAlgorithm);
378	+	//Restore the hook
379	+	HookManager.HookByHookName("LoadFromHookStringByteArrayAssemblyHashAlgorithm");
380	+
381	+	//Sets the title for the log
382	+	string functionName = "Assembly.LoadFrom(string assemblyFile, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm)";
383	+	//Write the aggregated data to the log and the console
384	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadFromStringByteArrayAssemblyHashAlgorithm(), new object[] { assemblyFile, hashValue, hashAlgorithm }, assembly);
385	+	}
386	+
387	+	//Return the assembly to the caller
388	+	return assembly;
389	+	}
390	+
391	+	[MethodImpl(MethodImplOptions.NoInlining)]
392	+	public static Assembly LoadWithPartialNameHookStringEvidence(string partialName, Evidence securityEvidence)
393	+	{
394	+	//Declare the local variable to store the assembly in
395	+	Assembly assembly;
396	+
397	+	//Enable the thread safe lock, as a launched program can be multi-threaded
398	+	lock (GenericHookHelper.SyncLock)
399	+	{
400	+	//Disable the placed hook
401	+	HookManager.UnHookByHookName("LoadWithPartialNameHookStringEvidence");
402	+	//Call the original function
403	+	assembly = Assembly.LoadWithPartialName(partialName, securityEvidence);
404	+	//Restore the hook
405	+	HookManager.HookByHookName("LoadWithPartialNameHookStringEvidence");
406	+
407	+	//Sets the title for the log
408	+	string functionName = "Assembly.LoadWithPartialName(string partialName, Evidence securityEvidence)";
409	+	//Write the aggregated data to the log and the console
410	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadWithPartialNameStringEvidence(), new object[] { partialName, securityEvidence }, assembly);
411	+	}
412	+
413	+	//Return the assembly to the caller
414	+	return assembly;
415	+	}
416	+
417	+	[MethodImpl(MethodImplOptions.NoInlining)]
418	+	public static Assembly LoadWithPartialNameHookString(string partialName)
419	+	{
420	+	//Declare the local variable to store the assembly in
421	+	Assembly assembly;
422	+
423	+	//Enable the thread safe lock, as a launched program can be multi-threaded
424	+	lock (GenericHookHelper.SyncLock)
425	+	{
426	+	//Disable the placed hook
427	+	HookManager.UnHookByHookName("LoadWithPartialNameHookString");
428	+	//Call the original function
429	+	assembly = Assembly.LoadWithPartialName(partialName);
430	+	//Restore the hook
431	+	HookManager.HookByHookName("LoadWithPartialNameHookString");
432	+
433	+	//Sets the title for the log
434	+	string functionName = "Assembly.LoadWithPartialName(string partialName)";
435	+	//Write the aggregated data to the log and the console
436	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyLoadWithPartialNameString(), new object[] { partialName }, assembly);
437	+	}
438	+
439	+	//Return the assembly to the caller
440	+	return assembly;
441	+	}
442	+
443	+	[MethodImpl(MethodImplOptions.NoInlining)]
444	+	public static Assembly ReflectionOnlyLoadHookString(string assemblyString)
445	+	{
446	+	//Declare the local variable to store the assembly in
447	+	Assembly assembly;
448	+
449	+	//Enable the thread safe lock, as a launched program can be multi-threaded
450	+	lock (GenericHookHelper.SyncLock)
451	+	{
452	+	//Disable the placed hook
453	+	HookManager.UnHookByHookName("ReflectionOnlyLoadHookString");
454	+	//Call the original function
455	+	assembly = Assembly.ReflectionOnlyLoad(assemblyString);
456	+	//Restore the hook
457	+	HookManager.HookByHookName("ReflectionOnlyLoadHookString");
458	+
459	+	//Sets the title for the log
460	+	string functionName = "Assembly.ReflectionOnlyLoad(string assemblyString)";
461	+	//Write the aggregated data to the log and the console
462	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyReflectionOnlyLoadString(), new object[] { assemblyString }, assembly);
463	+	}
464	+
465	+	//Return the assembly to the caller
466	+	return assembly;
467	+	}
468	+
469	+	[MethodImpl(MethodImplOptions.NoInlining)]
470	+	public static Assembly ReflectionOnlyLoadHookByteArray(byte[] rawAssembly)
471	+	{
472	+	//Declare the local variable to store the assembly in
473	+	Assembly assembly;
474	+
475	+	//Enable the thread safe lock, as a launched program can be multi-threaded
476	+	lock (GenericHookHelper.SyncLock)
477	+	{
478	+	//Disable the placed hook
479	+	HookManager.UnHookByHookName("ReflectionOnlyLoadHookByteArray");
480	+	//Call the original function
481	+	assembly = Assembly.ReflectionOnlyLoad(rawAssembly);
482	+	//Restore the hook
483	+	HookManager.HookByHookName("ReflectionOnlyLoadHookByteArray");
484	+
485	+	//Sets the title for the log
486	+	string functionName = "Assembly.ReflectionOnlyLoad(byte[] rawAssembly)";
487	+	//Write the aggregated data to the log and the console
488	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyReflectionOnlyLoadByteArray(), new object[] { rawAssembly }, assembly);
489	+	}
490	+
491	+	//Return the assembly to the caller
492	+	return assembly;
493	+	}
494	+
495	+	[MethodImpl(MethodImplOptions.NoInlining)]
496	+	public static Assembly ReflectionOnlyLoadFromHookString(string assemblyFile)
497	+	{
498	+	//Declare the local variable to store the assembly in
499	+	Assembly assembly;
500	+
501	+	//Enable the thread safe lock, as a launched program can be multi-threaded
502	+	lock (GenericHookHelper.SyncLock)
503	+	{
504	+	//Disable the placed hook
505	+	HookManager.UnHookByHookName("ReflectionOnlyLoadFromHookString");
506	+	//Call the original function
507	+	assembly = Assembly.ReflectionOnlyLoadFrom(assemblyFile);
508	+	//Restore the hook
509	+	HookManager.HookByHookName("ReflectionOnlyLoadFromHookString");
510	+
511	+	//Sets the title for the log
512	+	string functionName = "Assembly.ReflectionOnlyLoadFrom(string assemblyFile)";
513	+	//Write the aggregated data to the log and the console
514	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyReflectionOnlyLoadFromString(), new object[] { assemblyFile }, assembly);
515	+	}
516	+
517	+	//Return the assembly to the caller
518	+	return assembly;
519	+	}
520	+
521	+	[MethodImpl(MethodImplOptions.NoInlining)]
522	+	public static Assembly UnsafeLoadFromHookString(string assemblyFile)
523	+	{
524	+	//Declare the local variable to store the assembly in
525	+	Assembly assembly;
526	+
527	+	//Enable the thread safe lock, as a launched program can be multi-threaded
528	+	lock (GenericHookHelper.SyncLock)
529	+	{
530	+	//Disable the placed hook
531	+	HookManager.UnHookByHookName("UnsafeLoadFromHookString");
532	+	//Call the original function
533	+	assembly = Assembly.UnsafeLoadFrom(assemblyFile);
534	+	//Restore the hook
535	+	HookManager.HookByHookName("UnsafeLoadFromHookString");
536	+
537	+	//Sets the title for the log
538	+	string functionName = "Assembly.UnsafeLoadFrom(string assemblyFile)";
539	+	//Write the aggregated data to the log and the console
540	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.AssemblyUnsafeLoadFromString(), new object[] { assemblyFile }, assembly);
541	+	}
542	+
543	+	//Return the assembly to the caller
544	+	return assembly;
545	+	}
546	+	}
547	+	}
548	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Assembly/AssemblyHooksHelper.cs

1	+	using System.Reflection;
2	+	using DotDumper.Helpers;
3	+
4	+	namespace DotDumper.HookHandlers
5	+	{
6	+	class AssemblyHooksHelper
7	+	{
8	+
9	+	private static void Process(string functionName, byte[] rawAssembly, Assembly assembly, int stackTraceOffset)
10	+	{
11	+	////Increment the offset by one, as this function is one layer deeper
12	+	//stackTraceOffset++;
13	+
14	+	////Save the module to the disk, whilst returning the full path to the module
15	+	//string path = GenericHookHelper.SaveFile(rawAssembly);
16	+
17	+	////Add the module dump to the log, including the full path
18	+	//string message = "Wrote " + rawAssembly.Length + " bytes to \"" + path + "\"\n\n";
19	+
20	+	////Get and append the stacktrace related information to the log
21	+	//message += GenericHookHelper.GetStackTraceAndAssemblyMapping(stackTraceOffset);
22	+
23	+	////Get information about the raw assembly
24	+	//string rawAssemblyInfo = GetRawAssemblyInfo(rawAssembly);
25	+	////Append the raw assembly information to the log
26	+	//message += rawAssemblyInfo;
27	+
28	+	//if (assembly != null)
29	+	//{
30	+	// //Get information from the assembly
31	+	// string assemblyInfo = GetAssemblyInfo(assembly);
32	+	// //Append the assembly information to the log
33	+	// message += assemblyInfo;
34	+	//}
35	+
36	+	////Add the hash of the newly loaded assembly to the known list
37	+	////This addition needs to be done prior to the logging, as the logger calls the periodic dump check
38	+	//MissedAssemblyDumper.AssemblyHashes.Add(Hashes.Sha256(rawAssembly));
39	+
40	+	////Write the aggregated data to the log and the console
41	+	////GenericHookHelper._Logger.Log(stackTraceOffset, OriginalFunctions.AssemblyLoadByteArray(), new object[] { rawAssembly }, assembly);
42	+	}
43	+
44	+	public static void Process(string functionName, byte[] rawAssembly, Assembly assembly)
45	+	{
46	+	Process(functionName, rawAssembly, assembly, 2);
47	+	}
48	+
49	+	public static void Process(string functionName, Assembly assembly)
50	+	{
51	+	byte[] rawAssembly = GenericHookHelper.GetAsByteArray(assembly);
52	+	Process(functionName, rawAssembly, assembly, 2);
53	+	}
54	+
55	+	public static void ProcessLateBinding(string functionName, byte[] rawAssembly)
56	+	{
57	+	Process(functionName, rawAssembly, null, 2);
58	+	}
59	+
60	+	private static string GetRawAssemblyInfo(byte[] rawAssembly)
61	+	{
62	+	string output = "---Raw assembly information---\n";
63	+
64	+	string size = "" + rawAssembly.Length;
65	+	string hashcode = "" + rawAssembly.GetHashCode();
66	+	string md5 = Hashes.Md5(rawAssembly);
67	+	string sha1 = Hashes.Sha1(rawAssembly);
68	+	string sha256 = Hashes.Sha256(rawAssembly);
69	+
70	+	output += "Size in bytes: " + size + "\n";
71	+	output += "Hashcode: " + hashcode + "\n";
72	+	output += "MD-5: " + md5 + "\n";
73	+	output += "SHA-1: " + sha1 + "\n";
74	+	output += "SHA-256: " + sha256 + "\n";
75	+	output += "\n";
76	+	return output;
77	+	}
78	+
79	+	private static string GetAssemblyInfo(Assembly assembly)
80	+	{
81	+	string output = "---Assembly information---\n";
82	+
83	+	output += "Entry point: ";
84	+	if (assembly.EntryPoint != null)
85	+	{
86	+	output += assembly.EntryPoint.DeclaringType + "." + assembly.EntryPoint.Name + "(";
87	+	ParameterInfo[] parameterInfos = assembly.EntryPoint.GetParameters();
88	+	for (int i = 0; i < parameterInfos.Length; i++)
89	+	{
90	+	string type = parameterInfos[i].ParameterType.ToString();
91	+	string name = parameterInfos[i].Name;
92	+	output += type + " " + name;
93	+	if (i != parameterInfos.Length - 1)
94	+	{
95	+	output += ", ";
96	+	}
97	+	}
98	+	output += ")";
99	+	}
100	+	else
101	+	{
102	+	output += "unknown";
103	+	}
104	+	output += "\n";
105	+
106	+
107	+	AssemblyName assemblyName = assembly.GetName();
108	+
109	+	output += "Full name: " + assemblyName.FullName + "\n";
110	+
111	+	output += "Targeted CPU architecture: " + assemblyName.ProcessorArchitecture.ToString() + "\n";
112	+
113	+	AssemblyName[] referencedAssemblies = assembly.GetReferencedAssemblies();
114	+	output += "Referenced assemblies:";
115	+	if (referencedAssemblies.Length == 0)
116	+	{
117	+	output += " none\n";
118	+	}
119	+	else
120	+	{
121	+	output += "\n";
122	+	foreach (AssemblyName asn in referencedAssemblies)
123	+	{
124	+	output += "\t" + asn.FullName + "\n";
125	+	}
126	+	}
127	+
128	+	output += "Targeted CLR version: " + assembly.ImageRuntimeVersion + "\n";
129	+
130	+	string[] resourceNames = assembly.GetManifestResourceNames();
131	+	output += "Embedded resource names:";
132	+
133	+	if (resourceNames.Length == 0)
134	+	{
135	+	output += " none\n";
136	+	}
137	+	else
138	+	{
139	+	output += "\n";
140	+	foreach (string resource in resourceNames)
141	+	{
142	+	output += "\t" + resource + "\n";
143	+	}
144	+	}
145	+	output += "\n";
146	+	return output;
147	+	}
148	+	}
149	+	}
150	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Console/ConsoleHooks.cs

1	+	using System.Runtime.CompilerServices;
2	+	using DotDumper.Hooks;
3	+
4	+	namespace DotDumper.HookHandlers
5	+	{
6	+	class ConsoleHooks
7	+	{
8	+	[MethodImpl(MethodImplOptions.NoInlining)]
9	+	public static void WriteHookString(string value)
10	+	{
11	+	//Enable the thread safe lock, as a launched program can be multi-threaded
12	+	lock (GenericHookHelper.SyncLock)
13	+	{
14	+	//Sets the title for the log
15	+	string functionName = "Console.Write(string value)";
16	+	//Create the message, where both the type and value are printed
17	+	string message = "Value: " + value;
18	+	//Write the aggregated data to the log and the console
19	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteString(), new object[] { value }, null);
20	+	}
21	+	}
22	+
23	+	[MethodImpl(MethodImplOptions.NoInlining)]
24	+	public static void WriteHookObject(object value)
25	+	{
26	+	//Enable the thread safe lock, as a launched program can be multi-threaded
27	+	lock (GenericHookHelper.SyncLock)
28	+	{
29	+	//Sets the title for the log
30	+	string functionName = "Console.Write(object value)";
31	+	//Create the message, where both the type and value are printed
32	+	string message = "Type: " + value.GetType().FullName + "\n" +
33	+	"Value: " + value;
34	+	//Write the aggregated data to the log and the console
35	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteObject(), new object[] { value }, null);
36	+	}
37	+	}
38	+
39	+	[MethodImpl(MethodImplOptions.NoInlining)]
40	+	public static void WriteHookUlong(ulong value)
41	+	{
42	+	//Enable the thread safe lock, as a launched program can be multi-threaded
43	+	lock (GenericHookHelper.SyncLock)
44	+	{
45	+	//Sets the title for the log
46	+	string functionName = "Console.Write(ulong value)";
47	+	//Create the message, where both the type and value are printed
48	+	string message = "Value: " + value;
49	+	//Write the aggregated data to the log and the console
50	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteUlong(), new object[] { value }, null);
51	+	}
52	+	}
53	+
54	+	[MethodImpl(MethodImplOptions.NoInlining)]
55	+	public static void WriteHookLong(long value)
56	+	{
57	+	//Enable the thread safe lock, as a launched program can be multi-threaded
58	+	lock (GenericHookHelper.SyncLock)
59	+	{
60	+	//Sets the title for the log
61	+	string functionName = "Console.Write(long value)";
62	+	//Create the message, where both the type and value are printed
63	+	string message = "Value: " + value;
64	+	//Write the aggregated data to the log and the console
65	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLong(), new object[] { value }, null);
66	+	}
67	+	}
68	+
69	+	[MethodImpl(MethodImplOptions.NoInlining)]
70	+	public static void WriteHookInt(int value)
71	+	{
72	+	//Enable the thread safe lock, as a launched program can be multi-threaded
73	+	lock (GenericHookHelper.SyncLock)
74	+	{
75	+	//Sets the title for the log
76	+	string functionName = "Console.Write(int value)";
77	+	//Create the message, where both the type and value are printed
78	+	string message = "Value: " + value;
79	+	//Write the aggregated data to the log and the console
80	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteInt(), new object[] { value }, null);
81	+	}
82	+	}
83	+
84	+	[MethodImpl(MethodImplOptions.NoInlining)]
85	+	public static void WriteHookUint(uint value)
86	+	{
87	+	//Enable the thread safe lock, as a launched program can be multi-threaded
88	+	lock (GenericHookHelper.SyncLock)
89	+	{
90	+	//Sets the title for the log
91	+	string functionName = "Console.Write(uint value)";
92	+	//Create the message, where both the type and value are printed
93	+	string message = "Value: " + value;
94	+	//Write the aggregated data to the log and the console
95	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteUint(), new object[] { value }, null);
96	+	}
97	+	}
98	+
99	+	[MethodImpl(MethodImplOptions.NoInlining)]
100	+	public static void WriteHookBool(bool value)
101	+	{
102	+	//Enable the thread safe lock, as a launched program can be multi-threaded
103	+	lock (GenericHookHelper.SyncLock)
104	+	{
105	+	//Sets the title for the log
106	+	string functionName = "Console.Write(bool value)";
107	+	//Create the message, where both the type and value are printed
108	+	string message = "Value: " + value;
109	+	//Write the aggregated data to the log and the console
110	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteBool(), new object[] { value }, null);
111	+	}
112	+	}
113	+
114	+	[MethodImpl(MethodImplOptions.NoInlining)]
115	+	public static void WriteHookChar(char value)
116	+	{
117	+	//Enable the thread safe lock, as a launched program can be multi-threaded
118	+	lock (GenericHookHelper.SyncLock)
119	+	{
120	+	//Sets the title for the log
121	+	string functionName = "Console.Write(char value)";
122	+	//Create the message, where both the type and value are printed
123	+	string message = "Value: " + value;
124	+	//Write the aggregated data to the log and the console
125	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteChar(), new object[] { value }, null);
126	+	}
127	+	}
128	+
129	+	[MethodImpl(MethodImplOptions.NoInlining)]
130	+	public static void WriteHookDecimal(decimal value)
131	+	{
132	+	//Enable the thread safe lock, as a launched program can be multi-threaded
133	+	lock (GenericHookHelper.SyncLock)
134	+	{
135	+	//Sets the title for the log
136	+	string functionName = "Console.Write(decimal value)";
137	+	//Create the message, where both the type and value are printed
138	+	string message = "Value: " + value;
139	+	//Write the aggregated data to the log and the console
140	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteDecimal(), new object[] { value }, null);
141	+	}
142	+	}
143	+
144	+	[MethodImpl(MethodImplOptions.NoInlining)]
145	+	public static void WriteHookFloat(float value)
146	+	{
147	+	//Enable the thread safe lock, as a launched program can be multi-threaded
148	+	lock (GenericHookHelper.SyncLock)
149	+	{
150	+	//Sets the title for the log
151	+	string functionName = "Console.Write(float value)";
152	+	//Create the message, where both the type and value are printed
153	+	string message = "Value: " + value;
154	+	//Write the aggregated data to the log and the console
155	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteFloat(), new object[] { value }, null);
156	+	}
157	+	}
158	+
159	+	[MethodImpl(MethodImplOptions.NoInlining)]
160	+	public static void WriteHookDouble(double value)
161	+	{
162	+	//Enable the thread safe lock, as a launched program can be multi-threaded
163	+	lock (GenericHookHelper.SyncLock)
164	+	{
165	+	//Sets the title for the log
166	+	string functionName = "Console.Write(double value)";
167	+	//Create the message, where both the type and value are printed
168	+	string message = "Value: " + value;
169	+	//Write the aggregated data to the log and the console
170	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteDouble(), new object[] { value }, null);
171	+	}
172	+	}
173	+
174	+	[MethodImpl(MethodImplOptions.NoInlining)]
175	+	public static void WriteHookStringObject(string format, object arg0)
176	+	{
177	+	//Enable the thread safe lock, as a launched program can be multi-threaded
178	+	lock (GenericHookHelper.SyncLock)
179	+	{
180	+	//Sets the title for the log
181	+	string functionName = "Console.Write(string format, object arg0)";
182	+	//Create the message, where both the type and value are printed
183	+	string message = "Raw string: " + format + "\n" +
184	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0;
185	+	//Write the aggregated data to the log and the console
186	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteStringObject(), new object[] { format, arg0 }, null);
187	+	}
188	+	}
189	+
190	+	[MethodImpl(MethodImplOptions.NoInlining)]
191	+	public static void WriteHookStringObjectObject(string format, object arg0, object arg1)
192	+	{
193	+	//Enable the thread safe lock, as a launched program can be multi-threaded
194	+	lock (GenericHookHelper.SyncLock)
195	+	{
196	+	//Sets the title for the log
197	+	string functionName = "Console.Write(string format, object arg0, object arg1)";
198	+	//Create the message, where both the type and value are printed
199	+	string message = "Raw string: " + format + "\n" +
200	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0 + "\n" +
201	+	"Format argument (of type " + arg1.GetType().FullName + "): " + arg1;
202	+	//Write the aggregated data to the log and the console
203	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteStringObjectObject(), new object[] { format, arg0, arg1 }, null);
204	+	}
205	+	}
206	+
207	+	[MethodImpl(MethodImplOptions.NoInlining)]
208	+	public static void WriteHookStringObjectObjectObject(string format, object arg0, object arg1, object arg2)
209	+	{
210	+	//Enable the thread safe lock, as a launched program can be multi-threaded
211	+	lock (GenericHookHelper.SyncLock)
212	+	{
213	+	//Sets the title for the log
214	+	string functionName = "Console.Write(string format, object arg0, object arg1, object arg2)";
215	+	//Create the message, where both the type and value are printed
216	+	string message = "Raw string: " + format + "\n" +
217	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0 + "\n" +
218	+	"Format argument (of type " + arg1.GetType().FullName + "): " + arg1 +
219	+	"Format argument (of type " + arg2.GetType().FullName + "): " + arg2;
220	+	//Write the aggregated data to the log and the console
221	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteStringObjectObjectObject(), new object[] { format, arg0, arg1, arg2 }, null);
222	+	}
223	+	}
224	+
225	+	[MethodImpl(MethodImplOptions.NoInlining)]
226	+	public static void WriteHookStringObjectObjectObjectObject(string format, object arg0, object arg1, object arg2, object arg3)
227	+	{
228	+	//Enable the thread safe lock, as a launched program can be multi-threaded
229	+	lock (GenericHookHelper.SyncLock)
230	+	{
231	+	//Sets the title for the log
232	+	string functionName = "Console.Write(string format, object arg0, object arg1, object arg2, object arg3)";
233	+	//Create the message, where both the type and value are printed
234	+	string message = "Raw string: " + format + "\n" +
235	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0 + "\n" +
236	+	"Format argument (of type " + arg1.GetType().FullName + "): " + arg1 +
237	+	"Format argument (of type " + arg2.GetType().FullName + "): " + arg2 + "\n" +
238	+	"Format argument (of type " + arg3.GetType().FullName + "): " + arg3;
239	+	//Write the aggregated data to the log and the console
240	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteStringObjectObjectObjectObject(), new object[] { format, arg0, arg1, arg2, arg3 }, null);
241	+	}
242	+	}
243	+
244	+	[MethodImpl(MethodImplOptions.NoInlining)]
245	+	public static void WriteHookStringObjectArray(string format, params object[] arg)
246	+	{
247	+	//Enable the thread safe lock, as a launched program can be multi-threaded
248	+	lock (GenericHookHelper.SyncLock)
249	+	{
250	+	//Sets the title for the log
251	+	string functionName = "Console.Write(string format, params object[] arg)";
252	+	//Create the message, where both the type and value are printed
253	+	string message = "Raw string: " + format + "\n";
254	+	foreach (object item in arg)
255	+	{
256	+	message += "Format argument (of type " + item.GetType().FullName + "): " + item + "\n";
257	+	}
258	+	//Write the aggregated data to the log and the console
259	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteStringObjectArray(), new object[] { format, arg }, null);
260	+	}
261	+	}
262	+
263	+	[MethodImpl(MethodImplOptions.NoInlining)]
264	+	public static void WriteHookCharArray(char[] buffer)
265	+	{
266	+	//Enable the thread safe lock, as a launched program can be multi-threaded
267	+	lock (GenericHookHelper.SyncLock)
268	+	{
269	+	//Sets the title for the log
270	+	string functionName = "Console.Write(char[] buffer)";
271	+	//Create the message, where both the type and value are printed
272	+	string message = "Raw string: " + new string(buffer) + "\n";
273	+	//Write the aggregated data to the log and the console
274	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteCharArray(), new object[] { buffer }, null);
275	+	}
276	+	}
277	+
278	+	[MethodImpl(MethodImplOptions.NoInlining)]
279	+	public static void WriteHookCharArrayIntInt(char[] buffer, int index, int count)
280	+	{
281	+	//Enable the thread safe lock, as a launched program can be multi-threaded
282	+	lock (GenericHookHelper.SyncLock)
283	+	{
284	+	//Sets the title for the log
285	+	string functionName = "Console.Write(char[] buffer)";
286	+	//Create the message, where both the type and value are printed
287	+	string message = "Raw string: " + new string(buffer) + "\n" +
288	+	"Selected string: " + new string(buffer).Substring(index, count) + "\n";
289	+	//Write the aggregated data to the log and the console
290	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteCharArrayIntInt(), new object[] { buffer, index, count }, null);
291	+	}
292	+	}
293	+
294	+	[MethodImpl(MethodImplOptions.NoInlining)]
295	+	public static void WriteLineHookString(string value)
296	+	{
297	+	//Enable the thread safe lock, as a launched program can be multi-threaded
298	+	lock (GenericHookHelper.SyncLock)
299	+	{
300	+	//Sets the title for the log
301	+	string functionName = "Console.WriteLine(string value)";
302	+	//Create the message, where both the type and value are printed
303	+	string message = "Value: " + value;
304	+	//Write the aggregated data to the log and the console
305	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteString(), new object[] { value }, null);
306	+	}
307	+	}
308	+
309	+	[MethodImpl(MethodImplOptions.NoInlining)]
310	+	public static void WriteLineHookObject(object value)
311	+	{
312	+	//Enable the thread safe lock, as a launched program can be multi-threaded
313	+	lock (GenericHookHelper.SyncLock)
314	+	{
315	+	//Sets the title for the log
316	+	string functionName = "Console.WriteLine(object value)";
317	+	//Create the message, where both the type and value are printed
318	+	string message = "Type: " + value.GetType().FullName + "\n" +
319	+	"Value: " + value;
320	+	//Write the aggregated data to the log and the console
321	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineObject(), new object[] { value }, null);
322	+	}
323	+	}
324	+
325	+	[MethodImpl(MethodImplOptions.NoInlining)]
326	+	public static void WriteLineHookUlong(ulong value)
327	+	{
328	+	//Enable the thread safe lock, as a launched program can be multi-threaded
329	+	lock (GenericHookHelper.SyncLock)
330	+	{
331	+	//Sets the title for the log
332	+	string functionName = "Console.WriteLine(ulong value)";
333	+	//Create the message, where both the type and value are printed
334	+	string message = "Value: " + value;
335	+	//Write the aggregated data to the log and the console
336	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineUlong(), new object[] { value }, null);
337	+	}
338	+	}
339	+
340	+	[MethodImpl(MethodImplOptions.NoInlining)]
341	+	public static void WriteLineHookLong(long value)
342	+	{
343	+	//Enable the thread safe lock, as a launched program can be multi-threaded
344	+	lock (GenericHookHelper.SyncLock)
345	+	{
346	+	//Sets the title for the log
347	+	string functionName = "Console.WriteLine(long value)";
348	+	//Create the message, where both the type and value are printed
349	+	string message = "Value: " + value;
350	+	//Write the aggregated data to the log and the console
351	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineLong(), new object[] { value }, null);
352	+	}
353	+	}
354	+
355	+	[MethodImpl(MethodImplOptions.NoInlining)]
356	+	public static void WriteLineHookInt(int value)
357	+	{
358	+	//Enable the thread safe lock, as a launched program can be multi-threaded
359	+	lock (GenericHookHelper.SyncLock)
360	+	{
361	+	//Sets the title for the log
362	+	string functionName = "Console.WriteLine(int value)";
363	+	//Create the message, where both the type and value are printed
364	+	string message = "Value: " + value;
365	+	//Write the aggregated data to the log and the console
366	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineInt(), new object[] { value }, null);
367	+	}
368	+	}
369	+
370	+	[MethodImpl(MethodImplOptions.NoInlining)]
371	+	public static void WriteLineHookUint(uint value)
372	+	{
373	+	//Enable the thread safe lock, as a launched program can be multi-threaded
374	+	lock (GenericHookHelper.SyncLock)
375	+	{
376	+	//Sets the title for the log
377	+	string functionName = "Console.WriteLine(uint value)";
378	+	//Create the message, where both the type and value are printed
379	+	string message = "Value: " + value;
380	+	//Write the aggregated data to the log and the console
381	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineUint(), new object[] { value }, null);
382	+	}
383	+	}
384	+
385	+	[MethodImpl(MethodImplOptions.NoInlining)]
386	+	public static void WriteLineHookBool(bool value)
387	+	{
388	+	//Enable the thread safe lock, as a launched program can be multi-threaded
389	+	lock (GenericHookHelper.SyncLock)
390	+	{
391	+	//Sets the title for the log
392	+	string functionName = "Console.WriteLine(bool value)";
393	+	//Create the message, where both the type and value are printed
394	+	string message = "Value: " + value;
395	+	//Write the aggregated data to the log and the console
396	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineBool(), new object[] { value }, null);
397	+	}
398	+	}
399	+
400	+	[MethodImpl(MethodImplOptions.NoInlining)]
401	+	public static void WriteLineHookChar(char value)
402	+	{
403	+	//Enable the thread safe lock, as a launched program can be multi-threaded
404	+	lock (GenericHookHelper.SyncLock)
405	+	{
406	+	//Sets the title for the log
407	+	string functionName = "Console.WriteLine(char value)";
408	+	//Create the message, where both the type and value are printed
409	+	string message = "Value: " + value;
410	+	//Write the aggregated data to the log and the console
411	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineChar(), new object[] { value }, null);
412	+	}
413	+	}
414	+
415	+	[MethodImpl(MethodImplOptions.NoInlining)]
416	+	public static void WriteLineHookDecimal(decimal value)
417	+	{
418	+	//Enable the thread safe lock, as a launched program can be multi-threaded
419	+	lock (GenericHookHelper.SyncLock)
420	+	{
421	+	//Sets the title for the log
422	+	string functionName = "Console.WriteLine(decimal value)";
423	+	//Create the message, where both the type and value are printed
424	+	string message = "Value: " + value;
425	+	//Write the aggregated data to the log and the console
426	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineDecimal(), new object[] { value }, null);
427	+	}
428	+	}
429	+
430	+	[MethodImpl(MethodImplOptions.NoInlining)]
431	+	public static void WriteLineHookFloat(float value)
432	+	{
433	+	//Enable the thread safe lock, as a launched program can be multi-threaded
434	+	lock (GenericHookHelper.SyncLock)
435	+	{
436	+	//Sets the title for the log
437	+	string functionName = "Console.WriteLine(float value)";
438	+	//Create the message, where both the type and value are printed
439	+	string message = "Value: " + value;
440	+	//Write the aggregated data to the log and the console
441	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineFloat(), new object[] { value }, null);
442	+	}
443	+	}
444	+
445	+	[MethodImpl(MethodImplOptions.NoInlining)]
446	+	public static void WriteLineHookDouble(double value)
447	+	{
448	+	//Enable the thread safe lock, as a launched program can be multi-threaded
449	+	lock (GenericHookHelper.SyncLock)
450	+	{
451	+	//Sets the title for the log
452	+	string functionName = "Console.WriteLine(double value)";
453	+	//Create the message, where both the type and value are printed
454	+	string message = "Value: " + value;
455	+	//Write the aggregated data to the log and the console
456	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineDouble(), new object[] { value }, null);
457	+	}
458	+	}
459	+
460	+	[MethodImpl(MethodImplOptions.NoInlining)]
461	+	public static void WriteLineHookStringObject(string format, object arg0)
462	+	{
463	+	//Enable the thread safe lock, as a launched program can be multi-threaded
464	+	lock (GenericHookHelper.SyncLock)
465	+	{
466	+	//Sets the title for the log
467	+	string functionName = "Console.WriteLine(string format, object arg0)";
468	+	//Create the message, where both the type and value are printed
469	+	string message = "Raw string: " + format + "\n" +
470	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0;
471	+	//Write the aggregated data to the log and the console
472	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineStringObject(), new object[] { format, arg0 }, null);
473	+	}
474	+	}
475	+
476	+	[MethodImpl(MethodImplOptions.NoInlining)]
477	+	public static void WriteLineHookStringObjectObject(string format, object arg0, object arg1)
478	+	{
479	+	//Enable the thread safe lock, as a launched program can be multi-threaded
480	+	lock (GenericHookHelper.SyncLock)
481	+	{
482	+	//Sets the title for the log
483	+	string functionName = "Console.WriteLine(string format, object arg0, object arg1)";
484	+	//Create the message, where both the type and value are printed
485	+	string message = "Raw string: " + format + "\n" +
486	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0 + "\n" +
487	+	"Format argument (of type " + arg1.GetType().FullName + "): " + arg1;
488	+	//Write the aggregated data to the log and the console
489	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineStringObjectObject(), new object[] { format, arg0, arg1 }, null);
490	+	}
491	+	}
492	+
493	+	[MethodImpl(MethodImplOptions.NoInlining)]
494	+	public static void WriteLineHookStringObjectObjectObject(string format, object arg0, object arg1, object arg2)
495	+	{
496	+	//Enable the thread safe lock, as a launched program can be multi-threaded
497	+	lock (GenericHookHelper.SyncLock)
498	+	{
499	+	//Sets the title for the log
500	+	string functionName = "Console.WriteLine(string format, object arg0, object arg1, object arg2)";
501	+	//Create the message, where both the type and value are printed
502	+	string message = "Raw string: " + format + "\n" +
503	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0 + "\n" +
504	+	"Format argument (of type " + arg1.GetType().FullName + "): " + arg1 +
505	+	"Format argument (of type " + arg2.GetType().FullName + "): " + arg2;
506	+	//Write the aggregated data to the log and the console
507	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineStringObjectObjectObject(), new object[] { format, arg0, arg1, arg2 }, null);
508	+	}
509	+	}
510	+
511	+	[MethodImpl(MethodImplOptions.NoInlining)]
512	+	public static void WriteLineHookStringObjectObjectObjectObject(string format, object arg0, object arg1, object arg2, object arg3)
513	+	{
514	+	//Enable the thread safe lock, as a launched program can be multi-threaded
515	+	lock (GenericHookHelper.SyncLock)
516	+	{
517	+	//Sets the title for the log
518	+	string functionName = "Console.WriteLine(string format, object arg0, object arg1, object arg2, object arg3)";
519	+	//Create the message, where both the type and value are printed
520	+	string message = "Raw string: " + format + "\n" +
521	+	"Format argument (of type " + arg0.GetType().FullName + "): " + arg0 + "\n" +
522	+	"Format argument (of type " + arg1.GetType().FullName + "): " + arg1 +
523	+	"Format argument (of type " + arg2.GetType().FullName + "): " + arg2 + "\n" +
524	+	"Format argument (of type " + arg3.GetType().FullName + "): " + arg3;
525	+	//Write the aggregated data to the log and the console
526	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineStringObjectObjectObjectObject(), new object[] { format, arg0, arg1, arg2, arg3 }, null);
527	+	}
528	+	}
529	+
530	+	[MethodImpl(MethodImplOptions.NoInlining)]
531	+	public static void WriteLineHookStringObjectArray(string format, params object[] arg)
532	+	{
533	+	//Enable the thread safe lock, as a launched program can be multi-threaded
534	+	lock (GenericHookHelper.SyncLock)
535	+	{
536	+	//Sets the title for the log
537	+	string functionName = "Console.WriteLine(string format, params object[] arg)";
538	+	//Create the message, where both the type and value are printed
539	+	string message = "Raw string: " + format + "\n";
540	+	foreach (object item in arg)
541	+	{
542	+	message += "Format argument (of type " + item.GetType().FullName + "): " + item + "\n";
543	+	}
544	+	//Write the aggregated data to the log and the console
545	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineStringObjectArray(), new object[] { format, arg }, null);
546	+	}
547	+	}
548	+
549	+	[MethodImpl(MethodImplOptions.NoInlining)]
550	+	public static void WriteLineHookCharArray(char[] buffer)
551	+	{
552	+	//Enable the thread safe lock, as a launched program can be multi-threaded
553	+	lock (GenericHookHelper.SyncLock)
554	+	{
555	+	//Sets the title for the log
556	+	string functionName = "Console.WriteLine(char[] buffer)";
557	+	//Create the message, where both the type and value are printed
558	+	string message = "Raw string: " + new string(buffer) + "\n";
559	+	//Write the aggregated data to the log and the console
560	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineCharArray(), new object[] { buffer }, null);
561	+	}
562	+	}
563	+
564	+	[MethodImpl(MethodImplOptions.NoInlining)]
565	+	public static void WriteLineHookCharArrayIntInt(char[] buffer, int index, int count)
566	+	{
567	+	//Enable the thread safe lock, as a launched program can be multi-threaded
568	+	lock (GenericHookHelper.SyncLock)
569	+	{
570	+	//Sets the title for the log
571	+	string functionName = "Console.WriteLine(char[] buffer)";
572	+	//Create the message, where both the type and value are printed
573	+	string message = "Raw string: " + new string(buffer) + "\n" +
574	+	"Selected string: " + new string(buffer).Substring(index, count) + "\n";
575	+	//Write the aggregated data to the log and the console
576	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConsoleWriteLineCharArrayIntInt(), new object[] { buffer, index, count }, null);
577	+	}
578	+	}
579	+	}
580	+	}
581	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Console/ConsoleHooksHelper.cs

1	+	namespace DotDumper.HookHandlers
2	+	{
3	+	class ConsoleHooksHelper
4	+	{
5	+	public static void Log(string functionName, string message)
6	+	{
7	+	//GenericHookHelper._Logger.Log(2, OriginalFunctions.ConsoleWriteLine(), new object[] { message }, null);
8	+	}
9	+	}
10	+	}
11	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Convert/ConvertHooks.cs

1	+	using System;
2	+	using System.Runtime.CompilerServices;
3	+	using DotDumper.Hooks;
4	+
5	+	namespace DotDumper.HookHandlers
6	+	{
7	+	class ConvertHooks
8	+	{
9	+	[MethodImpl(MethodImplOptions.NoInlining)]
10	+	public static byte[] FromBase64StringString(string s)
11	+	{
12	+	//Declare the local variable to store the object in
13	+	byte[] output;
14	+
15	+	//Enable the thread safe lock, as a launched program can be multi-threaded
16	+	lock (GenericHookHelper.SyncLock)
17	+	{
18	+	//Disable the placed hook
19	+	HookManager.UnHookByHookName("FromBase64StringString");
20	+	//Call the original function
21	+	output = Convert.FromBase64String(s);
22	+	//Restore the hook
23	+	HookManager.HookByHookName("FromBase64StringString");
24	+
25	+	//Sets the title for the log
26	+	string functionName = "Convert.FromBase64String(string s)";
27	+	//Write the aggregated data to the log and the console
28	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConvertFromBase64StringString(), new object[] { s }, output);
29	+	}
30	+
31	+	//Return the process object to the caller
32	+	return output;
33	+	}
34	+
35	+	[MethodImpl(MethodImplOptions.NoInlining)]
36	+	public static byte[] FromBase64CharArrayCharyArrayIntInt(char[] inArray, int offset, int length)
37	+	{
38	+	//Declare the local variable to store the object in
39	+	byte[] output;
40	+
41	+	//Enable the thread safe lock, as a launched program can be multi-threaded
42	+	lock (GenericHookHelper.SyncLock)
43	+	{
44	+	//Disable the placed hook
45	+	HookManager.UnHookByHookName("FromBase64CharArrayCharyArrayIntInt");
46	+	//Call the original function
47	+	output = Convert.FromBase64CharArray(inArray, offset, length);
48	+	//Restore the hook
49	+	HookManager.HookByHookName("FromBase64CharArrayCharyArrayIntInt");
50	+
51	+	//Sets the title for the log
52	+	string functionName = "Convert.FromBase64CharArray(string s)";
53	+	//Write the aggregated data to the log and the console
54	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.ConvertFromBase64CharArrayCharArrayIntInt(), new object[] { inArray, offset, length }, output);
55	+	}
56	+
57	+	//Return the process object to the caller
58	+	return output;
59	+	}
60	+	}
61	+	}
62	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Convert/ConvertHooksHelper.cs

1	+	namespace DotDumper.HookHandlers
2	+	{
3	+	class ConvertHooksHelper
4	+	{
5	+	public static void Process(string functionName, string encoded, byte[] decoded)
6	+	{
7	+	//string message = ""; // GenericHookHelper.GetStackTraceAndAssemblyMapping(2);
8	+	//string encodedPath = GenericHookHelper.SaveFile(encoded);
9	+	//string decodedPath = GenericHookHelper.SaveFile(decoded);
10	+	//message += "The encoded string (" + encoded.Length + " characters in size) has been saved at \"" + encodedPath + "\"\n";
11	+	//message += "The decoded data (" + decoded.Length + " bytes in size) has been saved at \"" + decodedPath + "\"\n";
12	+	//message += "\n";
13	+
14	+	//Write the aggregated data to the log and the console
15	+	//GenericHookHelper._Logger.Log(2, OriginalFunctions.ConvertFromBase64StringString(), new object[] { encoded }, decoded);
16	+	}
17	+
18	+	public static void Process(string functionName, char[] inArray, int offset, int length, byte[] decoded)
19	+	{
20	+	//char[] encoded = new char[length];
21	+	//for (int i = 0; i < length; i++)
22	+	//{
23	+	// encoded[i] = inArray[offset + i];
24	+	//}
25	+
26	+	//string inArrayPath = GenericHookHelper.SaveFile(new String(inArray));
27	+	//string encodedPath = GenericHookHelper.SaveFile(new String(encoded));
28	+	//string decodedPath = GenericHookHelper.SaveFile(decoded);
29	+
30	+	//string message = ""; //GenericHookHelper.GetStackTraceAndAssemblyMapping(2);
31	+	//message += "The complete input array (" + inArray.Length + " characters in size) has been saved at \"" + inArrayPath + "\"\n";
32	+	//message += "The encoded string (" + encoded.Length + " characters in size) has been saved at \"" + encodedPath + "\"\n";
33	+	//message += "The decoded data (" + decoded.Length + " bytes in size) has been saved at \"" + decodedPath + "\"\n";
34	+	//message += "\n";
35	+
36	+	//Write the aggregated data to the log and the console
37	+	//GenericHookHelper._Logger.Log(2, OriginalFunctions.ConvertFromBase64CharArrayCharArrayIntInt(), new object[] { inArray, offset, length }, decoded);
38	+	}
39	+	}
40	+	}
41	+

■ ■ ■ ■ ■ ■

DotDumper/HookHandlers/Environment/EnvironmentHooks.cs

1	+	using System;
2	+	using System.Runtime.CompilerServices;
3	+	using System.Collections;
4	+	using static System.Environment;
5	+	using DotDumper.Hooks;
6	+
7	+	namespace DotDumper.HookHandlers
8	+	{
9	+	class EnvironmentHooks
10	+	{
11	+	[MethodImpl(MethodImplOptions.NoInlining)]
12	+	public static void ExitHookInt(int exitCode)
13	+	{
14	+	//Enable the thread safe lock, as a launched program can be multi-threaded
15	+	lock (GenericHookHelper.SyncLock)
16	+	{
17	+	//Sets the title for the log
18	+	string functionName = "Environment.Exit(int exitCode)";
19	+	//Write the aggregated data to the log and the console
20	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentExitInt(), new object[] { exitCode }, null);
21	+
22	+	//Disable the placed hook
23	+	HookManager.UnHookByHookName("ExitHookInt");
24	+	//Call the original function
25	+	Environment.Exit(exitCode);
26	+	//Restore the hook
27	+	HookManager.HookByHookName("ExitHookInt");
28	+	}
29	+	}
30	+
31	+	[MethodImpl(MethodImplOptions.NoInlining)]
32	+	public static string ExpandEnvironmentVariablesHookString(string name)
33	+	{
34	+	//Declare the local variable to store the object in
35	+	string output;
36	+
37	+	//Enable the thread safe lock, as a launched program can be multi-threaded
38	+	lock (GenericHookHelper.SyncLock)
39	+	{
40	+	//Disable the placed hook
41	+	HookManager.UnHookByHookName("ExpandEnvironmentVariablesHookString");
42	+	//Call the original function
43	+	output = Environment.ExpandEnvironmentVariables(name);
44	+	//Restore the hook
45	+	HookManager.HookByHookName("ExpandEnvironmentVariablesHookString");
46	+
47	+	//Sets the title for the log
48	+	string functionName = "Environment.ExpandEnvironmentVariables(string name)";
49	+	//Write the aggregated data to the log and the console
50	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentExpandEnvironmentVariablesString(), new object[] { name }, output);
51	+	}
52	+
53	+	//Return the object to the caller
54	+	return output;
55	+	}
56	+
57	+	[MethodImpl(MethodImplOptions.NoInlining)]
58	+	public static void FailFastHookStringException(string message, Exception exception)
59	+	{
60	+	//Enable the thread safe lock, as a launched program can be multi-threaded
61	+	lock (GenericHookHelper.SyncLock)
62	+	{
63	+	//Sets the title for the log
64	+	string functionName = "Environment.FailFast(string message, Exception exception)";
65	+	//Write the aggregated data to the log and the console
66	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentFailFastStringException(), new object[] { message, exception }, null);
67	+
68	+	//Disable the placed hook
69	+	HookManager.UnHookByHookName("FailFastHookStringException");
70	+	//Call the original function
71	+	Environment.FailFast(message, exception);
72	+	//Restore the hook
73	+	HookManager.HookByHookName("FailFastHookStringException");
74	+	}
75	+	}
76	+
77	+	[MethodImpl(MethodImplOptions.NoInlining)]
78	+	public static void FailFastHookString(string message)
79	+	{
80	+	//Enable the thread safe lock, as a launched program can be multi-threaded
81	+	lock (GenericHookHelper.SyncLock)
82	+	{
83	+	//Sets the title for the log
84	+	string functionName = "Environment.FailFast(string message)";
85	+	//Write the aggregated data to the log and the console
86	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentFailFastString(), new object[] { message }, null);
87	+
88	+	//Disable the placed hook
89	+	HookManager.UnHookByHookName("FailFastHookString");
90	+	//Call the original function
91	+	Environment.FailFast(message);
92	+	//Restore the hook
93	+	HookManager.HookByHookName("FailFastHookString");
94	+	}
95	+	}
96	+
97	+	[MethodImpl(MethodImplOptions.NoInlining)]
98	+	public static string[] GetCommandLineArgsHook()
99	+	{
100	+	//Declare the local variable to store the object in
101	+	string[] output;
102	+
103	+	//Enable the thread safe lock, as a launched program can be multi-threaded
104	+	lock (GenericHookHelper.SyncLock)
105	+	{
106	+	//Disable the placed hook
107	+	HookManager.UnHookByHookName("GetCommandLineArgsHook");
108	+	//Call the original function
109	+	//TODO obtain provided CLI arguments, if any, otherwise return an empty array, as this would return the CLI arguments of DotDumper itself
110	+	//output = Environment.GetCommandLineArgs();
111	+	output = new string[0];
112	+
113	+	//Restore the hook
114	+	HookManager.HookByHookName("GetCommandLineArgsHook");
115	+
116	+	//Sets the title for the log
117	+	string functionName = "Environment.GetCommandLineArgs()";
118	+	//Write the aggregated data to the log and the console
119	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetCommandLineArgs(), new object[] { }, output);
120	+	}
121	+
122	+	//Return the object to the caller
123	+	return output;
124	+	}
125	+
126	+	[MethodImpl(MethodImplOptions.NoInlining)]
127	+	public static string GetEnvironmentVariableHookStringEnvironmentVariableTarget(string variable, EnvironmentVariableTarget target)
128	+	{
129	+	//Declare the local variable to store the object in
130	+	string output;
131	+
132	+	//Enable the thread safe lock, as a launched program can be multi-threaded
133	+	lock (GenericHookHelper.SyncLock)
134	+	{
135	+	//Disable the placed hook
136	+	HookManager.UnHookByHookName("GetEnvironmentVariableHookStringEnvironmentVariableTarget");
137	+	//Call the original function
138	+	output = Environment.GetEnvironmentVariable(variable, target);
139	+	//Restore the hook
140	+	HookManager.HookByHookName("GetEnvironmentVariableHookStringEnvironmentVariableTarget");
141	+
142	+	//Sets the title for the log
143	+	string functionName = "Environment.GetEnvironmentVariable(string variable, EnvironmentVariableTarget target)";
144	+	//Write the aggregated data to the log and the console
145	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetEnvironmentVariableStringEnvironmentVariableTarget(), new object[] { variable, target }, output);
146	+	}
147	+
148	+	//Return the object to the caller
149	+	return output;
150	+	}
151	+
152	+	[MethodImpl(MethodImplOptions.NoInlining)]
153	+	public static string GetEnvironmentVariablesHookString(string variable)
154	+	{
155	+	//Declare the local variable to store the object in
156	+	string output;
157	+
158	+	//Enable the thread safe lock, as a launched program can be multi-threaded
159	+	lock (GenericHookHelper.SyncLock)
160	+	{
161	+	//Disable the placed hook
162	+	HookManager.UnHookByHookName("GetEnvironmentVariablesHookString");
163	+	//Call the original function
164	+	output = Environment.GetEnvironmentVariable(variable);
165	+	//Restore the hook
166	+	HookManager.HookByHookName("GetEnvironmentVariablesHookString");
167	+
168	+	//Sets the title for the log
169	+	string functionName = "Environment.GetEnvironmentVariable(string variable)";
170	+	//Write the aggregated data to the log and the console
171	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetEnvironmentVariableString(), new object[] { variable }, output);
172	+	}
173	+
174	+	//Return the object to the caller
175	+	return output;
176	+	}
177	+
178	+	[MethodImpl(MethodImplOptions.NoInlining)]
179	+	public static IDictionary GetEnvironmentVariablesHookEnvironmentVariableTarget(EnvironmentVariableTarget target)
180	+	{
181	+	//Declare the local variable to store the object in
182	+	IDictionary output;
183	+
184	+	//Enable the thread safe lock, as a launched program can be multi-threaded
185	+	lock (GenericHookHelper.SyncLock)
186	+	{
187	+	//Disable the placed hook
188	+	HookManager.UnHookByHookName("GetEnvironmentVariablesHookEnvironmentVariableTarget");
189	+	//Call the original function
190	+	output = Environment.GetEnvironmentVariables(target);
191	+	//Restore the hook
192	+	HookManager.HookByHookName("GetEnvironmentVariablesHookEnvironmentVariableTarget");
193	+
194	+	//Sets the title for the log
195	+	string functionName = "Environment.GetEnvironmentVariables(EnvironmentVariableTarget target)";
196	+	//Write the aggregated data to the log and the console
197	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetEnvironmentVariablesEnvironmentVariableTarget(), new object[] { target }, output);
198	+	}
199	+
200	+	//Return the object to the caller
201	+	return output;
202	+	}
203	+
204	+	[MethodImpl(MethodImplOptions.NoInlining)]
205	+	public static IDictionary GetEnvironmentVariablesHook()
206	+	{
207	+	//Declare the local variable to store the object in
208	+	IDictionary output;
209	+
210	+	//Enable the thread safe lock, as a launched program can be multi-threaded
211	+	lock (GenericHookHelper.SyncLock)
212	+	{
213	+	//Disable the placed hook
214	+	HookManager.UnHookByHookName("GetEnvironmentVariablesHook");
215	+	//Call the original function
216	+	output = Environment.GetEnvironmentVariables();
217	+	//Restore the hook
218	+	HookManager.HookByHookName("GetEnvironmentVariablesHook");
219	+
220	+	//Sets the title for the log
221	+	string functionName = "Environment.GetEnvironmentVariables()";
222	+	//Write the aggregated data to the log and the console
223	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetEnvironmentVariables(), new object[] { }, output);
224	+	}
225	+
226	+	//Return the object to the caller
227	+	return output;
228	+	}
229	+
230	+	[MethodImpl(MethodImplOptions.NoInlining)]
231	+	public static string GetFolderPathHookSpecialFolderSpecialFolderOption(SpecialFolder folder, SpecialFolderOption option)
232	+	{
233	+	//Declare the local variable to store the object in
234	+	string output;
235	+
236	+	//Enable the thread safe lock, as a launched program can be multi-threaded
237	+	lock (GenericHookHelper.SyncLock)
238	+	{
239	+	//Disable the placed hook
240	+	HookManager.UnHookByHookName("GetFolderPathHookSpecialFolderSpecialFolderOption");
241	+	//Call the original function
242	+	output = Environment.GetFolderPath(folder, option);
243	+	//Restore the hook
244	+	HookManager.HookByHookName("GetFolderPathHookSpecialFolderSpecialFolderOption");
245	+
246	+	//Sets the title for the log
247	+	string functionName = "Environment.GetFolderPath(SpecialFolder folder, SpecialFolderOption option)";
248	+	//Write the aggregated data to the log and the console
249	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetFolderPathSpecialFolderSpecialFolderOption(), new object[] { folder, option }, output);
250	+	}
251	+
252	+	//Return the object to the caller
253	+	return output;
254	+	}
255	+
256	+	[MethodImpl(MethodImplOptions.NoInlining)]
257	+	public static string GetFolderPathHookSpecialFolder(SpecialFolder folder)
258	+	{
259	+	//Declare the local variable to store the object in
260	+	string output;
261	+
262	+	//Enable the thread safe lock, as a launched program can be multi-threaded
263	+	lock (GenericHookHelper.SyncLock)
264	+	{
265	+	//Disable the placed hook
266	+	HookManager.UnHookByHookName("GetFolderPathHookSpecialFolder");
267	+	//Call the original function
268	+	output = Environment.GetFolderPath(folder);
269	+	//Restore the hook
270	+	HookManager.HookByHookName("GetFolderPathHookSpecialFolder");
271	+
272	+	//Sets the title for the log
273	+	string functionName = "Environment.GetFolderPath(SpecialFolder folder)";
274	+	//Write the aggregated data to the log and the console
275	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetFolderPathSpecialFolder(), new object[] { folder }, output);
276	+	}
277	+
278	+	//Return the object to the caller
279	+	return output;
280	+	}
281	+
282	+	[MethodImpl(MethodImplOptions.NoInlining)]
283	+	public static string[] GetLogicalDrivesHook()
284	+	{
285	+	//Declare the local variable to store the object in
286	+	string[] output;
287	+
288	+	//Enable the thread safe lock, as a launched program can be multi-threaded
289	+	lock (GenericHookHelper.SyncLock)
290	+	{
291	+	//Disable the placed hook
292	+	HookManager.UnHookByHookName("GetLogicalDrivesHook");
293	+	//Call the original function
294	+	output = Environment.GetLogicalDrives();
295	+	//Restore the hook
296	+	HookManager.HookByHookName("GetLogicalDrivesHook");
297	+
298	+	//Sets the title for the log
299	+	string functionName = "Environment.GetLogicalDrives()";
300	+	//Write the aggregated data to the log and the console
301	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentGetLogicalDrives(), new object[] { }, output);
302	+	}
303	+
304	+	//Return the object to the caller
305	+	return output;
306	+	}
307	+
308	+	[MethodImpl(MethodImplOptions.NoInlining)]
309	+	public static void SetEnvironmentVariableHookStringStringEnvironmentVariableTarget(string variable, string value, EnvironmentVariableTarget target)
310	+	{
311	+	//Enable the thread safe lock, as a launched program can be multi-threaded
312	+	lock (GenericHookHelper.SyncLock)
313	+	{
314	+	//Disable the placed hook
315	+	HookManager.UnHookByHookName("SetEnvironmentVariableHookStringStringEnvironmentVariableTarget");
316	+	//Call the original function
317	+	Environment.SetEnvironmentVariable(variable, value, target);
318	+	//Restore the hook
319	+	HookManager.HookByHookName("SetEnvironmentVariableHookStringStringEnvironmentVariableTarget");
320	+
321	+	//Sets the title for the log
322	+	string functionName = "SetEnvironmentVariable(string variable, string value, EnvironmentVariableTarget target)";
323	+	//Write the aggregated data to the log and the console
324	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentSetEnvironmentVariableStringStringEnvironmentVariableTarget(), new object[] { variable, value, target }, null);
325	+	}
326	+	}
327	+
328	+	[MethodImpl(MethodImplOptions.NoInlining)]
329	+	public static void SetEnvironmentVariableHookStringString(string variable, string value)
330	+	{
331	+	//Enable the thread safe lock, as a launched program can be multi-threaded
332	+	lock (GenericHookHelper.SyncLock)
333	+	{
334	+	//Disable the placed hook
335	+	HookManager.UnHookByHookName("SetEnvironmentVariableHookStringStringEnvironmentVariableTarget");
336	+	//Call the original function
337	+	Environment.SetEnvironmentVariable(variable, value);
338	+	//Restore the hook
339	+	HookManager.HookByHookName("SetEnvironmentVariableHookStringStringEnvironmentVariableTarget");
340	+
341	+	//Sets the title for the log
342	+	string functionName = "SetEnvironmentVariable(string variable, string value)";
343	+	//Write the aggregated data to the log and the console
344	+	GenericHookHelper._Logger.Log(1, OriginalManagedFunctions.EnvironmentSetEnvironmentVariableStringString(), new object[] { variable, value }, null);
345	+	}
346	+	}
347	+
348	+	[MethodImpl(MethodImplOptions.NoInlining)]
349	+	public static string GetResourceFromDefaultHookString(string key)
350	+	{
351	+	object result = null;
352	+
353	+	//Enable the thread safe lock, as a launched program can be multi-threaded
354	+	lock (GenericHookHelper.SyncLock)
355	+	{
356	+	//Disable the placed hook
357	+	HookManager.UnHookAll();
358	+	//Call the original function
359	+	result = OriginalManagedFunctions.EnvironmentGetResourceFromDefaultString().Invoke(null, new object[] { key });
360	+
361	+
362	+	//Sets the title for the log
363	+	string functionName = "SetEnvironmentVariable(string variable, string value)";
364	+	//Write the aggregated data to the log and the console
365	+	GenericHookHelper._Logger.LogSampleCall(1, OriginalManagedFunctions.EnvironmentGetResourceFromDefaultString(), new object[] { key }, result);
366	+	//Restore the hook
367	+	HookManager.HookAll();
368	+	}
369	+	return (string)result;
370	+	}
371	+	}
372	+	}
373	+

Release of version 1.0