I've been working on making a C# DLL which to be injected into a specific target application which is also written in C#. The goal is to manipulate the output of several functions of the .NET framework. I was successful in changing the value of reading a registry key by hooking the underlying windows API function, but I have trouble with the way it reads the system's harddisk signature and serial.
It uses the System.Management for it roughly this way:
using System.Management;
internal static string GetHarddiskIdentifier()
{
string[] properties = new string[] {"Signature", "SerialNumber"};
var class = new ManagementClass("Win32_DiskDrive");
var instances = class.GetInstances();
foreach (ManagementObject mo in instances) {
foreach (string w in properties) {
object o = mo[w];
if (o != null)
return o.ToString();
}
}
return string.Empty;
}
I have went through the .NET reference source for the ManagementObject class, looking for winapi calls that I could hook, but I have not found anything useful. I also used an api monitor on a test program with just this code, but even with filtering it is like looking for a needle in a haystack.
My question is, how would I change the outcome of this method? I cannot hook the target application's method because the assembly is obfuscated so the name changes with every update.
