BOOL
NTAPI
FirstSoundSentry(VOID)
{
UNICODE_STRING DllString = RTL_CONSTANT_STRING(L"winsrv");
STRING FuncString = RTL_CONSTANT_STRING("_UserSoundSentry");
HANDLE DllHandle;
NTSTATUS Status;
PUSER_SOUND_SENTRY NewSoundSentry = FailSoundSentry;
/* Load winsrv manually */
Status = LdrGetDllHandle(NULL, NULL, &DllString, &DllHandle);
if (NT_SUCCESS(Status))
{
/* If it was found, get SoundSentry export */
Status = LdrGetProcedureAddress(DllHandle,
&FuncString,
0,
(PVOID*)&NewSoundSentry);
}
/* Set it as the callback for the future, and call it */
_UserSoundSentry = NewSoundSentry;
return _UserSoundSentry();
}
PCSR_THREAD CsrConnectToUser( VOID )
{
static BOOLEAN (*ClientThreadSetupRoutine)(VOID) = NULL;
NTSTATUS Status;
ANSI_STRING DllName;
UNICODE_STRING DllName_U;
STRING ProcedureName;
HANDLE UserClientModuleHandle;
PTEB Teb;
PCSR_THREAD Thread;
BOOLEAN fConnected;
if (ClientThreadSetupRoutine == NULL) {
RtlInitAnsiString(&DllName, "user32");
Status = RtlAnsiStringToUnicodeString(&DllName_U, &DllName, TRUE);
ASSERT(NT_SUCCESS(Status));
Status = LdrGetDllHandle(
UNICODE_NULL,
NULL,
&DllName_U,
(PVOID *)&UserClientModuleHandle
);
RtlFreeUnicodeString(&DllName_U);
if ( NT_SUCCESS(Status) ) {
RtlInitString(&ProcedureName,"ClientThreadSetup");
Status = LdrGetProcedureAddress(
UserClientModuleHandle,
&ProcedureName,
0L,
(PVOID *)&ClientThreadSetupRoutine
);
ASSERT(NT_SUCCESS(Status));
}
}
try {
fConnected = ClientThreadSetupRoutine();
} except (EXCEPTION_EXECUTE_HANDLER) {
fConnected = FALSE;
}
if (!fConnected) {
IF_DEBUG {
DbgPrint("CSRSS: CsrConnectToUser failed\n");
}
return NULL;
}
NTSTATUS HookDirectInput8(PVOID *ModuleBase, PDHOOK_HOOK_INFO Context)
{
PVOID DInput8ModuleBase;
NTSTATUS Status;
UNICODE_STRING DllName;
LPDIRECTINPUT8W dinput;
HRESULT (WINAPI *DirectInput8Create)(HINSTANCE, DWORD, REFIID, PVOID*, LPUNKNOWN);
Status = STATUS_UNSUCCESSFUL;
dinput = NULL;
LOOP_ONCE
{
RTL_CONST_STRING(DllName, L"dinput8.dll");
Status = LdrGetDllHandle(NULL, 0, &DllName, &DInput8ModuleBase);
if (!NT_SUCCESS(Status))
return Status;
Status = STATUS_UNSUCCESSFUL;
*(PVOID *)&DirectInput8Create = Nt_GetProcAddress(DInput8ModuleBase, "DirectInput8Create");
if (DirectInput8Create == NULL)
break;
MEMORY_FUNCTION_PATCH f[] =
{
INLINE_HOOK_JUMP(DirectInput8Create, HookDirectInput8Create, StubDirectInput8Create),
};
Status = Nt_PatchMemory(NULL, 0, f, countof(f), NULL);
if (ModuleBase != NULL)
*ModuleBase = DInput8ModuleBase;
DInput8CallbackContext = Context;
}
return Status;
}
// my getmodulehandlea, uses only ntdll functions
LPVOID engine_NtGetModuleHandleA(LPSTR lpModuleName)
{
STRING asModuleName;
UNICODE_STRING usModuleName;
HANDLE hModule;
asModuleName.Buffer=(PCHAR)lpModuleName;
asModuleName.Length=strlen(lpModuleName);
asModuleName.MaximumLength=asModuleName.Length;
if (!NT_SUCCESS(RtlAnsiStringToUnicodeString(&usModuleName,&asModuleName,TRUE)))
return NULL;
if (!NT_SUCCESS(LdrGetDllHandle(NULL,NULL,&usModuleName,&hModule)))
{
RtlFreeUnicodeString(&usModuleName);
return NULL;
}
RtlFreeUnicodeString(&usModuleName);
return hModule;
}
NTSTATUS
CsrClientConnectToServer(
IN PWSTR ObjectDirectory,
IN ULONG ServerDllIndex,
IN PCSR_CALLBACK_INFO CallbackInformation OPTIONAL,
IN PVOID ConnectionInformation,
IN OUT PULONG ConnectionInformationLength OPTIONAL,
OUT PBOOLEAN CalledFromServer OPTIONAL
)
/*++
Routine Description:
This function is called by the client side DLL to connect with its
server side DLL.
Arguments:
ObjectDirectory - Points to a null terminate string that is the same
as the value of the ObjectDirectory= argument passed to the CSRSS
program.
ServerDllIndex - Index of the server DLL that is being connected to.
It should match one of the ServerDll= arguments passed to the CSRSS
program.
CallbackInformation - An optional pointer to a structure that contains
a pointer to the client callback function dispatch table.
ConnectionInformation - An optional pointer to uninterpreted data.
This data is intended for clients to pass package, version and
protocol identification information to the server to allow the
server to determine if it can satisify the client before
accepting the connection. Upon return to the client, the
ConnectionInformation data block contains any information passed
back from the server DLL by its call to the
CsrCompleteConnection call. The output data overwrites the
input data.
ConnectionInformationLength - Pointer to the length of the
ConnectionInformation data block. The output value is the
length of the data stored in the ConnectionInformation data
block by the server's call to the NtCompleteConnectPort
service. This parameter is OPTIONAL only if the
ConnectionInformation parameter is NULL, otherwise it is
required.
CalledFromServer - On output, TRUE if the dll has been called from
a server process.
Return Value:
Status value.
--*/
{
NTSTATUS Status;
CSR_API_MSG m;
PCSR_CLIENTCONNECT_MSG a = &m.u.ClientConnect;
PCSR_CAPTURE_HEADER CaptureBuffer;
HANDLE CsrServerModuleHandle;
STRING ProcedureName;
ANSI_STRING DllName;
UNICODE_STRING DllName_U;
PIMAGE_NT_HEADERS NtHeaders;
if (ARGUMENT_PRESENT( ConnectionInformation ) &&
(!ARGUMENT_PRESENT( ConnectionInformationLength ) ||
*ConnectionInformationLength == 0
)
) {
return( STATUS_INVALID_PARAMETER );
}
if (!CsrInitOnceDone) {
Status = CsrOneTimeInitialize();
if (!NT_SUCCESS( Status )) {
return( Status );
}
}
if (ARGUMENT_PRESENT( CallbackInformation )) {
CsrLoadedClientDll[ ServerDllIndex ] = RtlAllocateHeap( CsrHeap, MAKE_TAG( CSR_TAG ), sizeof(CSR_CALLBACK_INFO) );
CsrLoadedClientDll[ ServerDllIndex ]->ApiNumberBase =
CallbackInformation->ApiNumberBase;
CsrLoadedClientDll[ ServerDllIndex ]->MaxApiNumber =
CallbackInformation->MaxApiNumber;
CsrLoadedClientDll[ ServerDllIndex ]->CallbackDispatchTable =
CallbackInformation->CallbackDispatchTable;
}
//
// if we are being called by a server process, skip lpc port initialization
// and call to server connect routine and just initialize heap. the
// dll initialization routine will do any necessary initialization. this
// stuff only needs to be done for the first connect.
//
if ( CsrServerProcess == TRUE ) {
*CalledFromServer = CsrServerProcess;
return STATUS_SUCCESS;
}
//
// If the image is an NT Native image, we are running in the
// context of the server.
//
NtHeaders = RtlImageNtHeader(NtCurrentPeb()->ImageBaseAddress);
CsrServerProcess =
(NtHeaders->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_NATIVE) ? TRUE : FALSE;
if ( CsrServerProcess ) {
extern PVOID NtDllBase;
RtlInitAnsiString( &DllName, "csrsrv" );
Status = RtlAnsiStringToUnicodeString(&DllName_U, &DllName, TRUE);
ASSERT(NT_SUCCESS(Status));
LdrDisableThreadCalloutsForDll(NtDllBase);
Status = LdrGetDllHandle(
UNICODE_NULL,
NULL,
&DllName_U,
(PVOID *)&CsrServerModuleHandle
);
RtlFreeUnicodeString(&DllName_U);
CsrServerProcess = TRUE;
RtlInitString(&ProcedureName,"CsrCallServerFromServer");
Status = LdrGetProcedureAddress(
CsrServerModuleHandle,
&ProcedureName,
0L,
(PVOID *)&CsrServerApiRoutine
);
ASSERT(NT_SUCCESS(Status));
RtlInitString(&ProcedureName, "CsrLocateThreadInProcess");
Status = LdrGetProcedureAddress(
CsrServerModuleHandle,
&ProcedureName,
0L,
(PVOID *)&CsrpLocateThreadInProcess
);
ASSERT(NT_SUCCESS(Status));
ASSERT (CsrPortHeap==NULL);
CsrPortHeap = RtlProcessHeap();
CsrPortBaseTag = RtlCreateTagHeap( CsrPortHeap,
0,
L"CSRPORT!",
L"CAPTURE\0"
);
if (ARGUMENT_PRESENT(CalledFromServer)) {
*CalledFromServer = CsrServerProcess;
}
return STATUS_SUCCESS;
}
if ( ARGUMENT_PRESENT(ConnectionInformation) ) {
CsrServerProcess = FALSE;
if (CsrPortHandle == NULL) {
Status = CsrpConnectToServer( ObjectDirectory );
if (!NT_SUCCESS( Status )) {
return( Status );
}
}
a->ServerDllIndex = ServerDllIndex;
a->ConnectionInformationLength = *ConnectionInformationLength;
if (ARGUMENT_PRESENT( ConnectionInformation )) {
CaptureBuffer = CsrAllocateCaptureBuffer( 1,
0,
a->ConnectionInformationLength
);
if (CaptureBuffer == NULL) {
return( STATUS_NO_MEMORY );
}
CsrAllocateMessagePointer( CaptureBuffer,
a->ConnectionInformationLength,
(PVOID *)&a->ConnectionInformation
);
RtlMoveMemory( a->ConnectionInformation,
ConnectionInformation,
a->ConnectionInformationLength
);
*ConnectionInformationLength = a->ConnectionInformationLength;
}
else {
CaptureBuffer = NULL;
}
Status = CsrClientCallServer( &m,
CaptureBuffer,
CSR_MAKE_API_NUMBER( CSRSRV_SERVERDLL_INDEX,
CsrpClientConnect
),
sizeof( *a )
);
if (CaptureBuffer != NULL) {
if (ARGUMENT_PRESENT( ConnectionInformation )) {
RtlMoveMemory( ConnectionInformation,
a->ConnectionInformation,
*ConnectionInformationLength
);
}
CsrFreeCaptureBuffer( CaptureBuffer );
}
}
else {
Status = STATUS_SUCCESS;
}
if (ARGUMENT_PRESENT(CalledFromServer)) {
*CalledFromServer = CsrServerProcess;
}
return( Status );
}
