BOOL
FASTCALL
UserUnregisterUserApiHook(VOID)
{
PTHREADINFO pti;
pti = PsGetCurrentThreadWin32Thread();
/* Fail if the api hook is not registered */
if(!(gpsi->dwSRVIFlags & SRVINFO_APIHOOK))
{
return FALSE;
}
/* Only the process that registered the api hook can uregister it */
if(ppiUahServer != PsGetCurrentProcessWin32Process())
{
return FALSE;
}
ERR("UserUnregisterUserApiHook. Server PID: %p\n", PsGetProcessId(pti->ppi->peProcess));
/* Unregister the api hook */
gpsi->dwSRVIFlags &= ~SRVINFO_APIHOOK;
ppiUahServer = NULL;
ReleaseCapturedUnicodeString(&strUahModule, UserMode);
ReleaseCapturedUnicodeString(&strUahInitFunc, UserMode);
/* Notify all applications that the api hook module must be unloaded */
return IntHookModuleUnloaded(pti->rpdesk, WH_APIHOOK, 0);
}
/*
* @implemented
*/
BOOL
APIENTRY
NtUserSetCursorIconData(
_In_ HCURSOR Handle,
_In_opt_ PUNICODE_STRING pustrModule,
_In_opt_ PUNICODE_STRING pustrRsrc,
_In_ const CURSORDATA* pCursorData)
{
PCURICON_OBJECT CurIcon;
NTSTATUS Status = STATUS_SUCCESS;
BOOLEAN Ret = FALSE;
BOOLEAN IsShared = FALSE, IsAnim = FALSE;
DWORD numFrames;
UINT i = 0;
TRACE("Enter NtUserSetCursorIconData\n");
UserEnterExclusive();
if (!(CurIcon = UserGetCurIconObject(Handle)))
{
UserLeave();
EngSetLastError(ERROR_INVALID_HANDLE);
return FALSE;
}
_SEH2_TRY
{
ProbeForRead(pCursorData, sizeof(*pCursorData), 1);
if(pCursorData->CURSORF_flags & CURSORF_ACON)
{
/* This is an animated cursor */
PACON AniCurIcon = (PACON)CurIcon;
DWORD numSteps;
numFrames = AniCurIcon->cpcur = pCursorData->cpcur;
numSteps = AniCurIcon->cicur = pCursorData->cicur;
AniCurIcon->iicur = pCursorData->iicur;
AniCurIcon->rt = pCursorData->rt;
/* Calculate size: one cursor object for each frame, and a frame index and jiffies for each "step" */
AniCurIcon->aspcur = ExAllocatePoolWithTag(PagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE, /* Let SEH catch allocation failures */
numFrames * sizeof(CURICON_OBJECT*) + numSteps * (sizeof(DWORD) + sizeof(INT)),
USERTAG_CURSOR);
AniCurIcon->aicur = (DWORD*)(AniCurIcon->aspcur + numFrames);
AniCurIcon->ajifRate = (INT*)(AniCurIcon->aicur + numSteps);
RtlZeroMemory(AniCurIcon->aspcur, numFrames * sizeof(CURICON_OBJECT*));
ProbeForRead(pCursorData->aicur, numSteps * sizeof(DWORD), 1);
RtlCopyMemory(AniCurIcon->aicur, pCursorData->aicur, numSteps * sizeof(DWORD));
ProbeForRead(pCursorData->ajifRate, numSteps * sizeof(INT), 1);
RtlCopyMemory(AniCurIcon->ajifRate, pCursorData->ajifRate, numSteps * sizeof(INT));
AniCurIcon->CURSORF_flags = pCursorData->CURSORF_flags;
pCursorData = pCursorData->aspcur;
IsAnim = TRUE;
}
else
{
CurIcon->xHotspot = pCursorData->xHotspot;
CurIcon->yHotspot = pCursorData->yHotspot;
CurIcon->cx = pCursorData->cx;
CurIcon->cy = pCursorData->cy;
CurIcon->rt = pCursorData->rt;
CurIcon->bpp = pCursorData->bpp;
CurIcon->hbmMask = pCursorData->hbmMask;
CurIcon->hbmColor = pCursorData->hbmColor;
CurIcon->hbmAlpha = pCursorData->hbmAlpha;
CurIcon->CURSORF_flags = pCursorData->CURSORF_flags;
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END
if (!NT_SUCCESS(Status))
{
SetLastNtError(Status);
goto done;
}
if(IsAnim)
{
PACON AniCurIcon = (PACON)CurIcon;
/* This is an animated cursor. Create a cursor object for each frame and set up the data */
for(i = 0; i < numFrames; i++)
{
HANDLE hCurFrame = IntCreateCurIconHandle(FALSE);
if(!NtUserSetCursorIconData(hCurFrame, NULL, NULL, pCursorData))
goto done;
AniCurIcon->aspcur[i] = UserGetCurIconObject(hCurFrame);
if(!AniCurIcon->aspcur[i])
goto done;
pCursorData++;
}
}
if(CurIcon->CURSORF_flags & CURSORF_LRSHARED)
{
IsShared = TRUE;
if(pustrRsrc && pustrModule)
{
UNICODE_STRING ustrModuleSafe;
/* We use this convenient function, because INTRESOURCEs and ATOMs are the same */
Status = ProbeAndCaptureUnicodeStringOrAtom(&CurIcon->strName, pustrRsrc);
if(!NT_SUCCESS(Status))
goto done;
Status = ProbeAndCaptureUnicodeString(&ustrModuleSafe, UserMode, pustrModule);
if(!NT_SUCCESS(Status))
goto done;
Status = RtlAddAtomToAtomTable(gAtomTable, ustrModuleSafe.Buffer, &CurIcon->atomModName);
ReleaseCapturedUnicodeString(&ustrModuleSafe, UserMode);
if(!NT_SUCCESS(Status))
goto done;
}
}
if(!CurIcon->hbmMask)
{
ERR("NtUserSetCursorIconData was got no hbmMask.\n");
EngSetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
GreSetObjectOwner(CurIcon->hbmMask, GDI_OBJ_HMGR_PUBLIC);
if(CurIcon->hbmColor)
GreSetObjectOwner(CurIcon->hbmColor, GDI_OBJ_HMGR_PUBLIC);
if(CurIcon->hbmAlpha)
GreSetObjectOwner(CurIcon->hbmAlpha, GDI_OBJ_HMGR_PUBLIC);
if(IsShared)
{
/* Update process cache in case of shared cursor */
PPROCESSINFO ppi = CurIcon->head.ppi;
UserReferenceObject(CurIcon);
CurIcon->pcurNext = ppi->pCursorCache;
ppi->pCursorCache = CurIcon;
}
Ret = TRUE;
done:
if(!Ret && IsShared)
{
if(!IS_INTRESOURCE(CurIcon->strName.Buffer))
ExFreePoolWithTag(CurIcon->strName.Buffer, TAG_STRING);
}
if(!Ret && IsAnim)
{
PACON AniCurIcon = (PACON)CurIcon;
for(i = 0; i < numFrames; i++)
{
if(AniCurIcon->aspcur[i])
IntDestroyCurIconObject(AniCurIcon->aspcur[i], TRUE);
}
AniCurIcon->cicur = 0;
AniCurIcon->cpcur = 0;
ExFreePoolWithTag(AniCurIcon->aspcur, USERTAG_CURSOR);
AniCurIcon->aspcur = NULL;
AniCurIcon->aicur = NULL;
AniCurIcon->ajifRate = NULL;
}
UserDereferenceObject(CurIcon);
TRACE("Leave NtUserSetCursorIconData, ret=%i\n",Ret);
UserLeave();
return Ret;
}
/*
* @implemented
*/
HICON
NTAPI
NtUserFindExistingCursorIcon(
_In_ PUNICODE_STRING pustrModule,
_In_ PUNICODE_STRING pustrRsrc,
_In_ FINDEXISTINGCURICONPARAM* param)
{
PCURICON_OBJECT CurIcon;
HICON Ret = NULL;
UNICODE_STRING ustrModuleSafe, ustrRsrcSafe;
FINDEXISTINGCURICONPARAM paramSafe;
NTSTATUS Status;
PPROCESSINFO pProcInfo = PsGetCurrentProcessWin32Process();
RTL_ATOM atomModName;
TRACE("Enter NtUserFindExistingCursorIcon\n");
_SEH2_TRY
{
ProbeForRead(param, sizeof(*param), 1);
RtlCopyMemory(¶mSafe, param, sizeof(paramSafe));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END
/* Capture resource name (it can be an INTRESOURCE == ATOM) */
Status = ProbeAndCaptureUnicodeStringOrAtom(&ustrRsrcSafe, pustrRsrc);
if(!NT_SUCCESS(Status))
return NULL;
Status = ProbeAndCaptureUnicodeString(&ustrModuleSafe, UserMode, pustrModule);
if(!NT_SUCCESS(Status))
goto done;
Status = RtlLookupAtomInAtomTable(gAtomTable, ustrModuleSafe.Buffer, &atomModName);
ReleaseCapturedUnicodeString(&ustrModuleSafe, UserMode);
if(!NT_SUCCESS(Status))
{
/* The module is not in the atom table. No chance to find the cursor */
goto done;
}
UserEnterExclusive();
CurIcon = pProcInfo->pCursorCache;
while(CurIcon)
{
/* Icon/cursor */
if (paramSafe.bIcon != is_icon(CurIcon))
{
CurIcon = CurIcon->pcurNext;
continue;
}
/* See if module names match */
if (atomModName == CurIcon->atomModName)
{
/* They do. Now see if this is the same resource */
if (IS_INTRESOURCE(CurIcon->strName.Buffer) != IS_INTRESOURCE(ustrRsrcSafe.Buffer))
{
/* One is an INT resource and the other is not -> no match */
CurIcon = CurIcon->pcurNext;
continue;
}
if (IS_INTRESOURCE(CurIcon->strName.Buffer))
{
if (CurIcon->strName.Buffer == ustrRsrcSafe.Buffer)
{
/* INT resources match */
break;
}
}
else if (RtlCompareUnicodeString(&ustrRsrcSafe, &CurIcon->strName, TRUE) == 0)
{
/* Resource name strings match */
break;
}
}
CurIcon = CurIcon->pcurNext;
}
if(CurIcon)
Ret = CurIcon->head.h;
UserLeave();
done:
if(!IS_INTRESOURCE(ustrRsrcSafe.Buffer))
ExFreePoolWithTag(ustrRsrcSafe.Buffer, TAG_STRING);
return Ret;
}
