unsigned WINAPI GdiSetLimit_tt(void * pParam)
{
HANDLE hc = (HANDLE)pParam;
HMODULE hGdi32 = GetModuleHandleW(L"gdi32.dll");
int limit = read_appint(L"General",L"GdiBatchLimit");
if (hc && hGdi32 && limit > 0)
{
_pGdiSetBatchLimit pfnGdiSetBatchLimit = (_pGdiSetBatchLimit)GetProcAddress(hGdi32, "GdiSetBatchLimit");
_pGdiFlush pfnGdiFlush = (_pGdiFlush)GetProcAddress(hGdi32, "GdiFlush");
if (pfnGdiSetBatchLimit && pfnGdiFlush)
{
#ifdef _LOGDEBUG
logmsg("exec GdiSetBatchLimit()\n");
#endif
SuspendThread(hc);
pfnGdiSetBatchLimit(limit);
pfnGdiFlush();
ResumeThread(hc);
}
}
if (hc)
{
CloseHandle(hc);
}
return (1);
}
unsigned WINAPI SetCpuAffinity_tt(void * pParam)
{
int cpu_z = 0;
HANDLE hc = (HANDLE)pParam;
if (hc)
{
SuspendThread(hc);
cpu_z = GetNumberOfWorkers();
if ( !cpu_z )
{
cpu_z = read_appint(L"General",L"ProcessAffinityMask");
}
if ( cpu_z>5 )
{
SetThreadAffinityMask(hc, 0x1c);
}
else if ( cpu_z>3 )
{
SetThreadAffinityMask(hc, 0xe);
}
else if ( cpu_z>2 )
{
SetThreadAffinityMask(hc, 0x6);
}
else
{
SetThreadAffinityMask(hc, 0x1);
}
ResumeThread(hc);
CloseHandle(hc);
}
return (1);
}
/* 初始化全局变量 */
unsigned WINAPI init_global_env(void * pParam)
{
BOOL diff = read_appint(L"General", L"Nocompatete") > 0;
if ( read_appkey(L"General",L"PortableDataPath",appdata_path,sizeof(appdata_path)) )
{
/* 如果ini文件里的appdata设置路径为相对路径 */
if (appdata_path[1] != L':')
{
PathToCombineW(appdata_path,VALUE_LEN);
}
/* 处理localdata变量 */
if ( !read_appkey(L"Env",L"TmpDataPath",localdata_path,sizeof(appdata_path)) )
{
wcsncpy(localdata_path,appdata_path,VALUE_LEN);
}
/* 修正相对路径问题 */
if (localdata_path[1] != L':')
{
PathToCombineW(localdata_path,VALUE_LEN);
}
/* 为appdata建立目录 */
charTochar(appdata_path);
wcsncat(appdata_path,L"\\AppData",VALUE_LEN);
SHCreateDirectoryExW(NULL,appdata_path,NULL);
/* 为localdata建立目录 */
charTochar(localdata_path);
wcsncat(localdata_path,L"\\LocalAppData\\Temp\\Fx",VALUE_LEN);
SHCreateDirectoryExW(NULL,localdata_path,NULL);
if ( diff )
{
WaitWriteFile(appdata_path);
}
}
return (unsigned)diff;
}
bool init_uia(void)
{
HRESULT hr;
if (message_hook != NULL)
{
#ifdef _LOGDEBUG
logmsg("message_hook used\n");
#endif
return false;
}
mouse_time = read_appint(L"tabs", L"mouse_time");
if (mouse_time < 0)
{
mouse_time = 300;
}
if (!mouse_time)
{
#ifdef _LOGDEBUG
logmsg("mouse_time = 0, OnTabs will be disabled!\n");
#endif
activation = false;
}
else
{
activation = true;
}
if (read_appint(L"tabs", L"double_click_close") > 0)
{
double_click = true;
}
if (read_appint(L"tabs", L"mouse_hover_close") > 0)
{
mouse_close = true;
}
if (!(activation || double_click || mouse_close))
{
return false;
}
CoInitialize(NULL);
hr = CoCreateInstance(__uuidof(CUIAutomation), NULL, CLSCTX_INPROC_SERVER,
__uuidof(IUIAutomation), (void**)&g_uia);
#ifdef _LOGDEBUG
print_process_module(GetCurrentProcessId());
#endif
return SUCCEEDED(hr);
}
BOOL WINAPI HookCreateProcessInternalW (HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken)
{
BOOL ret = FALSE;
LPWSTR lpfile = lpCommandLine;
BOOL tohook = FALSE;
if (lpApplicationName && wcslen(lpApplicationName)>1)
{
lpfile = (LPWSTR)lpApplicationName;
}
/* 禁止启动16位程序 */
if (dwCreationFlags&CREATE_SHARED_WOW_VDM || dwCreationFlags&CREATE_SEPARATE_WOW_VDM)
{
SetLastError(ERROR_INVALID_PARAMETER);
return ret;
}
/* 存在不安全插件,注入保护 */
if ( stristrW(lpfile, L"SumatraPDF.exe") ||
stristrW(lpfile, L"java.exe") ||
stristrW(lpfile, L"jp2launcher.exe"))
{
/* 静态编译时,不能启用远程注入 */
#if !defined(LIBPORTABLE_STATIC)
dwCreationFlags |= CREATE_SUSPENDED;
tohook = TRUE;
#endif
}
/* 如果启用白名单制度(严格检查) */
else if ( read_appint(L"General",L"EnableWhiteList") > 0 )
{
if ( !in_whitelist((LPCWSTR)lpfile) )
{
#ifdef _LOGDEBUG
logmsg("the process %ls disabled-runes\n",lpfile);
#endif
SetLastError( TrueRtlNtStatusToDosError(STATUS_ERROR) );
return ret;
}
}
else if ( in_whitelist((LPCWSTR)lpfile) )
{
;
}
/* 如果不存在于白名单,则自动阻止命令行程序启动 */
else
{
if ( ProcessIsCUI(lpfile) )
{
#ifdef _LOGDEBUG
logmsg("%ls process, disabled-runes\n",lpfile);
#endif
SetLastError( TrueRtlNtStatusToDosError(STATUS_ERROR) );
return ret;
}
}
ret = TrueCreateProcessInternalW(hToken,lpApplicationName,lpCommandLine,lpProcessAttributes,
lpThreadAttributes,bInheritHandles,dwCreationFlags,lpEnvironment,lpCurrentDirectory,
lpStartupInfo,lpProcessInformation,hNewToken);
if ( ret && tohook )
{
#ifdef _LOGDEBUG
logmsg("InjectDll run .\n");
#endif
InjectDll(lpProcessInformation);
}
return ret;
}
NTSTATUS WINAPI HookNtCreateUserProcess(PHANDLE ProcessHandle,PHANDLE ThreadHandle,
ACCESS_MASK ProcessDesiredAccess,ACCESS_MASK ThreadDesiredAccess,
POBJECT_ATTRIBUTES ProcessObjectAttributes,
POBJECT_ATTRIBUTES ThreadObjectAttributes,
ULONG CreateProcessFlags,
ULONG CreateThreadFlags,
PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
PVOID CreateInfo,
PNT_PROC_THREAD_ATTRIBUTE_LIST AttributeList)
{
RTL_USER_PROCESS_PARAMETERS mY_ProcessParameters;
PROCESS_INFORMATION ProcessInformation;
NTSTATUS status;
BOOL tohook = FALSE;
fzero(&mY_ProcessParameters,sizeof(RTL_USER_PROCESS_PARAMETERS));
if ( stristrW(ProcessParameters->ImagePathName.Buffer, L"SumatraPDF.exe") ||
stristrW(ProcessParameters->ImagePathName.Buffer, L"java.exe") ||
stristrW(ProcessParameters->ImagePathName.Buffer, L"jp2launcher.exe"))
{
tohook = TRUE;
}
else if ( read_appint(L"General",L"EnableWhiteList") > 0 )
{
if ( ProcessParameters->ImagePathName.Length > 0 &&
in_whitelist((LPCWSTR)ProcessParameters->ImagePathName.Buffer) )
{
#ifdef _LOGDEBUG
logmsg("the process %ls in whitelist\n",ProcessParameters->ImagePathName.Buffer);
#endif
}
else
{
#ifdef _LOGDEBUG
logmsg("the process %ls disabled-runes\n",ProcessParameters->ImagePathName.Buffer);
#endif
ProcessParameters = &mY_ProcessParameters;
}
}
else if ( in_whitelist((LPCWSTR)ProcessParameters->ImagePathName.Buffer) )
{
;
}
else
{
if ( !IsGUI((LPCWSTR)ProcessParameters->ImagePathName.Buffer) )
ProcessParameters = &mY_ProcessParameters;
}
status = TrueNtCreateUserProcess(ProcessHandle, ThreadHandle,
ProcessDesiredAccess, ThreadDesiredAccess,
ProcessObjectAttributes, ThreadObjectAttributes,
CreateProcessFlags, CreateThreadFlags, ProcessParameters,
CreateInfo, AttributeList);
if ( NT_SUCCESS(status)&&tohook)
{
ULONG Suspend = 0;
fzero(&ProcessInformation,sizeof(PROCESS_INFORMATION));
ProcessInformation.hProcess = *ProcessHandle;
ProcessInformation.hThread = *ThreadHandle;
/* when tcmalloc enabled or MinGW compile time,InjectDll crash on win8/8.1 */
#if !defined(ENABLE_TCMALLOC) && !defined(__GNUC__) && !defined(LIBPORTABLE_STATIC)
if ( NT_SUCCESS(TrueNtSuspendThread(ProcessInformation.hThread,&Suspend)) )
{
#ifdef _LOGDEBUG
logmsg("NtInjectDll() run .\n");
#endif
InjectDll(&ProcessInformation);
}
#endif
}
return status;
}
void WINAPI do_it(void)
{
HANDLE hc = NULL;
UINT_PTR dwCaller = 0;
#ifdef _LOGDEBUG
if ( GetEnvironmentVariableA("APPDATA",logfile_buf,MAX_PATH) > 0 )
{
strncat(logfile_buf,"\\",1);
strncat(logfile_buf,LOG_FILE,strlen((LPCSTR)LOG_FILE));
}
#endif
if (!dll_module)
{
#ifdef __GNUC__
dwCaller = (UINT_PTR)__builtin_return_address(0);
#else
dwCaller = (UINT_PTR)_ReturnAddress();
#endif
}
if (dwCaller)
{
GetModuleHandleExW(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCWSTR)dwCaller, &dll_module);
}
if ( read_appint(L"General",L"SafeEx") > 0 )
{
init_safed(NULL);
}
if ( read_appint(L"General", L"Portable") > 0 )
{
env_thread = (HANDLE)_beginthreadex(NULL,0,&init_global_env,NULL,0,NULL);
if (env_thread)
{
SetThreadPriority(env_thread,THREAD_PRIORITY_HIGHEST);
init_portable(NULL);
}
}
if ( is_browser() || is_thunderbird() )
{
if ( read_appint(L"General",L"GdiBatchLimit") > 0 )
{
hc = OpenThread(THREAD_ALL_ACCESS, 0, GetCurrentThreadId());
if (hc)
{
CloseHandle((HANDLE)_beginthreadex(NULL,0,&GdiSetLimit_tt,hc,0,NULL));
}
}
if ( read_appint(L"General",L"ProcessAffinityMask") > 0 )
{
hc = OpenThread(THREAD_ALL_ACCESS, 0, GetCurrentThreadId());
if (hc)
{
CloseHandle((HANDLE)_beginthreadex(NULL,0,&SetCpuAffinity_tt,hc,0,NULL));
}
}
if ( read_appint(L"General",L"CreateCrashDump") > 0 )
{
CloseHandle((HANDLE)_beginthreadex(NULL,0,&init_exeception,NULL,0,NULL));
}
if ( read_appint(L"General", L"Bosskey") > 0 )
{
CloseHandle((HANDLE)_beginthreadex(NULL,0,&bosskey_thread,&ff_info,0,NULL));
}
CloseHandle((HANDLE)_beginthreadex(NULL,0,&SetPluginPath,NULL,0,NULL));
}
}
