BOOL init_bosskey(LPWNDINFO pInfo)
{
WCHAR win_titiles[BUFSIZE+1];
while ( !pInfo->hFF ) /* 等待主窗口并获取句柄 */
{
HWND hwnd_pre = FindWindowExW( NULL, NULL, L"MozillaWindowClass", NULL );
while (NULL != hwnd_pre)
{
int n = GetWindowTextW(hwnd_pre, win_titiles, BUFSIZE);
if ( n>0 && n < BUFSIZE)
{
win_titiles[n] = L'\0';
if ( stristrW(win_titiles, L"- Mozilla Thunderbird") )
{
/* 获取thunderbird窗体句柄 */
pInfo->hFF = is_thunderbird()?hwnd_pre:NULL;
}
else
{
/* 获取firefox窗体句柄 */
pInfo->hFF = is_browser()?hwnd_pre:NULL;
}
}
if (pInfo->hFF)
{
break;
}
hwnd_pre = FindWindowExW(NULL, hwnd_pre, L"MozillaWindowClass", NULL);
}
Sleep(800);
}
if ( pInfo->hFF )
{
WCHAR atom_str[VALUE_LEN+1] = {0};
GetModuleFileNameW(NULL,atom_str,VALUE_LEN);
GetWindowThreadProcessId(pInfo->hFF, &pInfo->pFF);
pInfo->atom_str = GlobalAddAtomW(atom_str)-0xC000;
}
return RegisterHotKey(NULL, pInfo->atom_str, pInfo->key_mod, pInfo->key_vk);
}
BOOL WINAPI is_specialdll(UINT_PTR callerAddress,LPCWSTR dll_file)
{
BOOL ret = FALSE;
HMODULE hCallerModule = NULL;
if (GetModuleHandleExW(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCWSTR)callerAddress, &hCallerModule))
{
WCHAR szModuleName[VALUE_LEN+1] = {0};
if ( GetModuleFileNameW(hCallerModule, szModuleName, VALUE_LEN) )
{
if ( StrChrW(dll_file,L'*') || StrChrW(dll_file,L'?') )
{
if ( PathMatchSpecW(szModuleName, dll_file) )
{
ret = TRUE;
}
}
else if ( stristrW(szModuleName, dll_file) )
{
ret = TRUE;
}
}
}
return ret;
}
/* 必须使用进程依赖crt的wputenv函数追加环境变量 */
unsigned WINAPI SetPluginPath(void * pParam)
{
typedef int (__cdecl *_pwrite_env)(LPCWSTR envstring);
int ret = 0;
HMODULE hCrt =NULL;
_pwrite_env write_env = NULL;
char msvc_crt[CRT_LEN+1] = {0};
LPWSTR lpstring;
if ( !find_msvcrt(msvc_crt,CRT_LEN) )
{
return (0);
}
if ( (hCrt = GetModuleHandleA(msvc_crt)) == NULL )
{
return (0);
}
if ( profile_path[1] != L':' )
{
if (!ini_ready(profile_path,MAX_PATH))
{
return (0);
}
}
write_env = (_pwrite_env)GetProcAddress(hCrt,"_wputenv");
if ( write_env == NULL )
{
return (0);
}
if ( (lpstring = (LPWSTR)SYS_MALLOC(MAX_ENV_SIZE)) == NULL )
{
return (0);
}
if ( (ret = GetPrivateProfileSectionW(L"Env", lpstring, MAX_ENV_SIZE-1, profile_path)) > 0 )
{
LPWSTR strKey = lpstring;
while(*strKey != L'\0')
{
if ( stristrW(strKey, L"NpluginPath") )
{
WCHAR lpfile[VALUE_LEN+1];
if ( read_appkey(L"Env",L"NpluginPath",lpfile,sizeof(lpfile)) )
{
WCHAR env_string[VALUE_LEN+1] = {0};
PathToCombineW(lpfile, VALUE_LEN);
if ( _snwprintf(env_string,VALUE_LEN,L"%ls%ls",L"MOZ_PLUGIN_PATH=",lpfile) > 0)
{
ret = write_env( (LPCWSTR)env_string );
}
}
}
else if ( stristrW(strKey, L"VimpPentaHome") )
{
WCHAR lpfile[VALUE_LEN+1];
if ( read_appkey(L"Env",L"VimpPentaHome",lpfile,sizeof(lpfile)) )
{
WCHAR env_string[VALUE_LEN+1] = {0};
if (lpfile[1] != L':')
{
WCHAR vimp_path[VALUE_LEN+1] = {0};
charTochar(lpfile);
if ( PathCombineW(vimp_path,portable_data_path,lpfile) )
{
int n = _snwprintf(lpfile,VALUE_LEN,L"%ls",vimp_path);
lpfile[n] = L'\0';
}
}
if ( _snwprintf(env_string,VALUE_LEN,L"%ls%ls",L"HOME=",lpfile) > 0)
{
ret = write_env( (LPCWSTR)env_string );
}
}
}
else if (stristrW(strKey, L"MOZ_GMP_PATH"))
{
WCHAR lpfile[VALUE_LEN+1];
if ( read_appkey(L"Env",L"MOZ_GMP_PATH",lpfile,sizeof(lpfile)) )
{
WCHAR env_string[VALUE_LEN+1] = {0};
PathToCombineW(lpfile, VALUE_LEN);
if ( _snwprintf(env_string,VALUE_LEN,L"%ls%ls",L"MOZ_GMP_PATH=",lpfile) > 0)
{
ret = write_env( (LPCWSTR)env_string );
}
}
}
else if (stristrW(strKey, L"TmpDataPath"))
{
/* the PATH environment variable does not exist */
}
else
{
ret = write_env( (LPCWSTR)strKey );
}
strKey += wcslen(strKey)+1;
}
}
SYS_FREE(lpstring);
return (1);
}
BOOL WINAPI HookCreateProcessInternalW (HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken)
{
BOOL ret = FALSE;
LPWSTR lpfile = lpCommandLine;
BOOL tohook = FALSE;
if (lpApplicationName && wcslen(lpApplicationName)>1)
{
lpfile = (LPWSTR)lpApplicationName;
}
/* 禁止启动16位程序 */
if (dwCreationFlags&CREATE_SHARED_WOW_VDM || dwCreationFlags&CREATE_SEPARATE_WOW_VDM)
{
SetLastError(ERROR_INVALID_PARAMETER);
return ret;
}
/* 存在不安全插件,注入保护 */
if ( stristrW(lpfile, L"SumatraPDF.exe") ||
stristrW(lpfile, L"java.exe") ||
stristrW(lpfile, L"jp2launcher.exe"))
{
/* 静态编译时,不能启用远程注入 */
#if !defined(LIBPORTABLE_STATIC)
dwCreationFlags |= CREATE_SUSPENDED;
tohook = TRUE;
#endif
}
/* 如果启用白名单制度(严格检查) */
else if ( read_appint(L"General",L"EnableWhiteList") > 0 )
{
if ( !in_whitelist((LPCWSTR)lpfile) )
{
#ifdef _LOGDEBUG
logmsg("the process %ls disabled-runes\n",lpfile);
#endif
SetLastError( TrueRtlNtStatusToDosError(STATUS_ERROR) );
return ret;
}
}
else if ( in_whitelist((LPCWSTR)lpfile) )
{
;
}
/* 如果不存在于白名单,则自动阻止命令行程序启动 */
else
{
if ( ProcessIsCUI(lpfile) )
{
#ifdef _LOGDEBUG
logmsg("%ls process, disabled-runes\n",lpfile);
#endif
SetLastError( TrueRtlNtStatusToDosError(STATUS_ERROR) );
return ret;
}
}
ret = TrueCreateProcessInternalW(hToken,lpApplicationName,lpCommandLine,lpProcessAttributes,
lpThreadAttributes,bInheritHandles,dwCreationFlags,lpEnvironment,lpCurrentDirectory,
lpStartupInfo,lpProcessInformation,hNewToken);
if ( ret && tohook )
{
#ifdef _LOGDEBUG
logmsg("InjectDll run .\n");
#endif
InjectDll(lpProcessInformation);
}
return ret;
}
BOOL WINAPI in_whitelist(LPCWSTR lpfile)
{
WCHAR *moz_processes[] = {L"", L"plugin-container.exe", L"plugin-hang-ui.exe", L"webapprt-stub.exe",
L"webapp-uninstaller.exe",L"WSEnable.exe",L"uninstall\\helper.exe",
L"crashreporter.exe",L"CommandExecuteHandler.exe",L"maintenanceservice.exe",
L"maintenanceservice_installer.exe",L"updater.exe"
};
static WCHAR white_list[EXCLUDE_NUM][VALUE_LEN+1];
int i = sizeof(moz_processes)/sizeof(moz_processes[0]);
LPCWSTR pname = lpfile;
BOOL ret = FALSE;
if (lpfile[0] == L'"')
{
pname = &lpfile[1];
}
/* 遍历白名单一次,只需遍历一次 */
ret = stristrW(white_list[1],L"plugin-container.exe") != NULL;
if ( !ret )
{
/* firefox目录下进程的路径 */
int num;
WCHAR temp[VALUE_LEN+1];
GetModuleFileNameW(NULL,temp,VALUE_LEN);
wcsncpy(white_list[0],(LPCWSTR)temp,VALUE_LEN);
PathRemoveFileSpecW(temp);
for(num=1; num<i; ++num)
{
_snwprintf(white_list[num],VALUE_LEN,L"%ls\\%ls", temp, moz_processes[num]);
}
ret = foreach_section(L"whitelist", &white_list[num], EXCLUDE_NUM-num);
}
if ( (ret = !ret) == FALSE )
{
/* 核对白名单 */
for ( i=0; i<EXCLUDE_NUM ; i++ )
{
if (wcslen(white_list[i]) == 0)
{
continue;
}
if ( StrChrW(white_list[i],L'*') || StrChrW(white_list[i],L'?') )
{
if ( PathMatchSpecW(pname,white_list[i]) )
{
ret = TRUE;
break;
}
}
else if (white_list[i][1] != L':')
{
PathToCombineW(white_list[i],VALUE_LEN);
}
if (_wcsnicmp(white_list[i],pname,wcslen(white_list[i]))==0)
{
ret = TRUE;
break;
}
}
}
return ret;
}
NTSTATUS WINAPI HookNtCreateUserProcess(PHANDLE ProcessHandle,PHANDLE ThreadHandle,
ACCESS_MASK ProcessDesiredAccess,ACCESS_MASK ThreadDesiredAccess,
POBJECT_ATTRIBUTES ProcessObjectAttributes,
POBJECT_ATTRIBUTES ThreadObjectAttributes,
ULONG CreateProcessFlags,
ULONG CreateThreadFlags,
PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
PVOID CreateInfo,
PNT_PROC_THREAD_ATTRIBUTE_LIST AttributeList)
{
RTL_USER_PROCESS_PARAMETERS mY_ProcessParameters;
PROCESS_INFORMATION ProcessInformation;
NTSTATUS status;
BOOL tohook = FALSE;
fzero(&mY_ProcessParameters,sizeof(RTL_USER_PROCESS_PARAMETERS));
if ( stristrW(ProcessParameters->ImagePathName.Buffer, L"SumatraPDF.exe") ||
stristrW(ProcessParameters->ImagePathName.Buffer, L"java.exe") ||
stristrW(ProcessParameters->ImagePathName.Buffer, L"jp2launcher.exe"))
{
tohook = TRUE;
}
else if ( read_appint(L"General",L"EnableWhiteList") > 0 )
{
if ( ProcessParameters->ImagePathName.Length > 0 &&
in_whitelist((LPCWSTR)ProcessParameters->ImagePathName.Buffer) )
{
#ifdef _LOGDEBUG
logmsg("the process %ls in whitelist\n",ProcessParameters->ImagePathName.Buffer);
#endif
}
else
{
#ifdef _LOGDEBUG
logmsg("the process %ls disabled-runes\n",ProcessParameters->ImagePathName.Buffer);
#endif
ProcessParameters = &mY_ProcessParameters;
}
}
else if ( in_whitelist((LPCWSTR)ProcessParameters->ImagePathName.Buffer) )
{
;
}
else
{
if ( !IsGUI((LPCWSTR)ProcessParameters->ImagePathName.Buffer) )
ProcessParameters = &mY_ProcessParameters;
}
status = TrueNtCreateUserProcess(ProcessHandle, ThreadHandle,
ProcessDesiredAccess, ThreadDesiredAccess,
ProcessObjectAttributes, ThreadObjectAttributes,
CreateProcessFlags, CreateThreadFlags, ProcessParameters,
CreateInfo, AttributeList);
if ( NT_SUCCESS(status)&&tohook)
{
ULONG Suspend = 0;
fzero(&ProcessInformation,sizeof(PROCESS_INFORMATION));
ProcessInformation.hProcess = *ProcessHandle;
ProcessInformation.hThread = *ThreadHandle;
/* when tcmalloc enabled or MinGW compile time,InjectDll crash on win8/8.1 */
#if !defined(ENABLE_TCMALLOC) && !defined(__GNUC__) && !defined(LIBPORTABLE_STATIC)
if ( NT_SUCCESS(TrueNtSuspendThread(ProcessInformation.hThread,&Suspend)) )
{
#ifdef _LOGDEBUG
logmsg("NtInjectDll() run .\n");
#endif
InjectDll(&ProcessInformation);
}
#endif
}
return status;
}
/* 必须使用进程依赖crt的wputenv函数追加环境变量 */
unsigned WINAPI SetPluginPath(void * pParam)
{
typedef int (__cdecl *_pwrite_env)(LPCWSTR envstring);
int ret = 0;
HMODULE hCrt =NULL;
_pwrite_env write_env = NULL;
char msvc_crt[CRT_LEN+1] = {0};
LPWSTR lpstring;
if ( !find_msvcrt(msvc_crt,CRT_LEN) )
{
return ((unsigned)ret);
}
if ( (hCrt = GetModuleHandleA(msvc_crt)) == NULL )
{
return ((unsigned)ret);
}
if ( profile_path[1] != L':' )
{
if (!ini_ready(profile_path,MAX_PATH))
{
return ((unsigned)ret);
}
}
write_env = (_pwrite_env)GetProcAddress(hCrt,"_wputenv");
if ( write_env )
{
if ( (lpstring = (LPWSTR)SYS_MALLOC(MAX_ENV_SIZE)) != NULL )
{
if ( (ret = GetPrivateProfileSectionW(L"Env", lpstring, MAX_ENV_SIZE-1, profile_path)) > 0 )
{
LPWSTR strKey = lpstring;
while(*strKey != L'\0')
{
if ( stristrW(strKey, L"NpluginPath") )
{
WCHAR lpfile[VALUE_LEN+1];
if ( read_appkey(L"Env",L"NpluginPath",lpfile,sizeof(lpfile)) )
{
WCHAR env_string[VALUE_LEN+1] = {0};
PathToCombineW(lpfile, VALUE_LEN);
if ( _snwprintf(env_string,VALUE_LEN,L"%ls%ls",L"MOZ_PLUGIN_PATH=",lpfile) > 0)
{
ret = write_env( (LPCWSTR)env_string );
}
}
}
else if (stristrW(strKey, L"TmpDataPath"))
{
;
}
else
{
ret = write_env( (LPCWSTR)strKey );
}
strKey += wcslen(strKey)+1;
}
}
SYS_FREE(lpstring);
}
}
return ( (unsigned)ret );
}
