From 6f8d0efe974dbe12ca9b4ce022275dfa06c3baad Mon Sep 17 00:00:00 2001 From: Valentin Radu Date: Sat, 13 Nov 2021 07:59:14 +0200 Subject: [PATCH] Hardcoded symbols are based on MD5 sum --- ExplorerPatcher/symbols.c | 112 ++++++++++++++++++++++++++++++++++++-- ExplorerPatcher/utility.c | 112 ++++++++++++++++++++++++++++++++++++++ ExplorerPatcher/utility.h | 3 + 3 files changed, 221 insertions(+), 6 deletions(-) diff --git a/ExplorerPatcher/symbols.c b/ExplorerPatcher/symbols.c index 3337b41..be1458a 100644 --- a/ExplorerPatcher/symbols.c +++ b/ExplorerPatcher/symbols.c @@ -539,7 +539,16 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule) ubr ); - if (IsBuild(rovi, ubr, 22000, 282) || IsBuild(rovi, ubr, 22000, 318)) + BOOL bIsStartHardcoded = FALSE; + BOOL bIsTwinuiPcshellHardcoded = FALSE; + WCHAR hash[100]; + ZeroMemory(hash, 100 * sizeof(WCHAR)); + TCHAR wszPath[MAX_PATH]; + + GetSystemDirectoryW(wszPath, MAX_PATH); + wcscat_s(wszPath, MAX_PATH, L"\\" TEXT(TWINUI_PCSHELL_SB_NAME) L".dll"); + ComputeFileHash(wszPath, hash, 100); + if (!_wcsicmp(hash, L"8b23b02962856e89b8d8a3956de1d76c")) // 282, 318 { symbols_PTRS->twinui_pcshell_PTRS[0] = 0x217CE6; symbols_PTRS->twinui_pcshell_PTRS[1] = 0x5CC570; @@ -549,14 +558,108 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule) symbols_PTRS->twinui_pcshell_PTRS[5] = 0x5DA8C4; symbols_PTRS->twinui_pcshell_PTRS[6] = 0x5CD9C0; symbols_PTRS->twinui_pcshell_PTRS[7] = 0x52980; + bIsTwinuiPcshellHardcoded = TRUE; + } + else if (!_wcsicmp(hash, L"03487ccd5bc5a194fad61b616b0a2b28")) // 346 + { + symbols_PTRS->twinui_pcshell_PTRS[0] = 0x21B036; + symbols_PTRS->twinui_pcshell_PTRS[1] = 0x5CD740; + symbols_PTRS->twinui_pcshell_PTRS[2] = 0x5F7058; + symbols_PTRS->twinui_pcshell_PTRS[3] = 0x5F7860; + symbols_PTRS->twinui_pcshell_PTRS[4] = 0x5DBDD8; + symbols_PTRS->twinui_pcshell_PTRS[5] = 0x5DBA94; + symbols_PTRS->twinui_pcshell_PTRS[6] = 0x5CEB90; + symbols_PTRS->twinui_pcshell_PTRS[7] = 0x4D780; + bIsTwinuiPcshellHardcoded = TRUE; + } + if (bIsTwinuiPcshellHardcoded) + { + wprintf(L"[Symbols] Identified known \"" TEXT(TWINUI_PCSHELL_SB_NAME) L".dll\" with hash %s.\n", hash); + } + GetWindowsDirectoryW(wszPath, MAX_PATH); + wcscat_s(wszPath, MAX_PATH, L"\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\" TEXT(STARTDOCKED_SB_NAME) L".dll"); + ComputeFileHash(wszPath, hash, 100); + if (!_wcsicmp(hash, L"b57bb94a48d2422de9a78c5fcba28f98")) // 282, 318 + { symbols_PTRS->startdocked_PTRS[0] = 0x188EBC; symbols_PTRS->startdocked_PTRS[1] = 0x188EBC; symbols_PTRS->startdocked_PTRS[2] = 0x187120; symbols_PTRS->startdocked_PTRS[3] = 0x3C10; symbols_PTRS->startdocked_PTRS[4] = 0x160AEC; + bIsStartHardcoded = TRUE; } - else + else if (!_wcsicmp(hash, L"e9c1c45a659dafabf671cb0ae195f8d9")) // 346 + { + symbols_PTRS->startdocked_PTRS[0] = 0x18969C; + symbols_PTRS->startdocked_PTRS[1] = 0x18969C; + symbols_PTRS->startdocked_PTRS[2] = 0x187900; + symbols_PTRS->startdocked_PTRS[3] = 0x3C00; + symbols_PTRS->startdocked_PTRS[4] = 0x1612CC; + bIsStartHardcoded = TRUE; + } + if (bIsStartHardcoded) + { + wprintf(L"[Symbols] Identified known \"" TEXT(STARTDOCKED_SB_NAME) L".dll\" with hash %s.\n", hash); + + RegCreateKeyExW( + HKEY_CURRENT_USER, + TEXT(REGPATH) L"\\" TEXT(STARTDOCKED_SB_NAME), + 0, + NULL, + REG_OPTION_NON_VOLATILE, + KEY_WRITE, + NULL, + &hKey, + &dwDisposition + ); + if (hKey) + { + RegSetValueExW( + hKey, + TEXT(STARTDOCKED_SB_0), + 0, + REG_DWORD, + &(symbols_PTRS->startdocked_PTRS[0]), + sizeof(DWORD) + ); + RegSetValueExW( + hKey, + TEXT(STARTDOCKED_SB_1), + 0, + REG_DWORD, + &(symbols_PTRS->startdocked_PTRS[1]), + sizeof(DWORD) + ); + RegSetValueExW( + hKey, + TEXT(STARTDOCKED_SB_2), + 0, + REG_DWORD, + &(symbols_PTRS->startdocked_PTRS[2]), + sizeof(DWORD) + ); + RegSetValueExW( + hKey, + TEXT(STARTDOCKED_SB_3), + 0, + REG_DWORD, + &(symbols_PTRS->startdocked_PTRS[3]), + sizeof(DWORD) + ); + RegSetValueExW( + hKey, + TEXT(STARTDOCKED_SB_4), + 0, + REG_DWORD, + &(symbols_PTRS->startdocked_PTRS[4]), + sizeof(DWORD) + ); + RegCloseKey(hKey); + } + } + + if (!bIsTwinuiPcshellHardcoded || !bIsStartHardcoded) { RegCreateKeyExW( HKEY_CURRENT_USER, @@ -728,10 +831,7 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule) &dwSize ); RegCloseKey(hKey); - if (!bNeedToDownload && - !IsBuild(rovi, ubr, 22000, 282) && - !IsBuild(rovi, ubr, 22000, 318) - ) + if (!bNeedToDownload && (!bIsTwinuiPcshellHardcoded || !bIsStartHardcoded)) { bNeedToDownload = wcscmp(szReportedVersion, szStoredVersion); } diff --git a/ExplorerPatcher/utility.c b/ExplorerPatcher/utility.c index 7c1f3ee..2211807 100644 --- a/ExplorerPatcher/utility.c +++ b/ExplorerPatcher/utility.c @@ -412,4 +412,116 @@ void* ReadFromFile(wchar_t* wszFileName, DWORD* dwSize) CloseHandle(hImage); } return ok; +} + +int ComputeFileHash(LPCWSTR filename, LPCWSTR hash, DWORD dwHash) +{ + DWORD dwStatus = 0; + BOOL bResult = FALSE; + HCRYPTPROV hProv = 0; + HCRYPTHASH hHash = 0; + HANDLE hFile = NULL; + BYTE* rgbFile; + DWORD cbRead = 0; + BYTE rgbHash[16]; + DWORD cbHash = 0; + WCHAR rgbDigits[] = L"0123456789abcdef"; + // Logic to check usage goes here. + + hFile = CreateFile(filename, + GENERIC_READ, + FILE_SHARE_READ, + NULL, + OPEN_EXISTING, + FILE_FLAG_SEQUENTIAL_SCAN, + NULL); + + if (INVALID_HANDLE_VALUE == hFile) + { + dwStatus = GetLastError(); + return dwStatus; + } + + LARGE_INTEGER dwFileSize; + GetFileSizeEx(hFile, &dwFileSize); + if (!dwFileSize.LowPart) + { + dwStatus = GetLastError(); + CloseHandle(hFile); + return dwStatus; + } + + rgbFile = malloc(dwFileSize.LowPart); + if (!rgbFile) + { + dwStatus = E_OUTOFMEMORY; + CloseHandle(hFile); + return dwStatus; + } + + // Get handle to the crypto provider + if (!CryptAcquireContext(&hProv, + NULL, + NULL, + PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) + { + dwStatus = GetLastError(); + CloseHandle(hFile); + return dwStatus; + } + + if (!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) + { + dwStatus = GetLastError(); + CloseHandle(hFile); + CryptReleaseContext(hProv, 0); + return dwStatus; + } + + while (bResult = ReadFile(hFile, rgbFile, dwFileSize.LowPart, &cbRead, NULL)) + { + if (0 == cbRead) + { + break; + } + + if (!CryptHashData(hHash, rgbFile, cbRead, 0)) + { + dwStatus = GetLastError(); + CryptReleaseContext(hProv, 0); + CryptDestroyHash(hHash); + CloseHandle(hFile); + return dwStatus; + } + } + + if (!bResult) + { + dwStatus = GetLastError(); + CryptReleaseContext(hProv, 0); + CryptDestroyHash(hHash); + CloseHandle(hFile); + return dwStatus; + } + + cbHash = 16; + if (CryptGetHashParam(hHash, HP_HASHVAL, rgbHash, &cbHash, 0)) + { + for (DWORD i = 0; i < cbHash; i++) + { + swprintf_s(hash + (i * 2), dwHash, L"%c%c", rgbDigits[rgbHash[i] >> 4], rgbDigits[rgbHash[i] & 0xf]); + } + } + else + { + dwStatus = GetLastError(); + } + + CryptDestroyHash(hHash); + CryptReleaseContext(hProv, 0); + CloseHandle(hFile); + free(rgbFile); + + return dwStatus; } \ No newline at end of file diff --git a/ExplorerPatcher/utility.h b/ExplorerPatcher/utility.h index 7b84a22..f1a195e 100644 --- a/ExplorerPatcher/utility.h +++ b/ExplorerPatcher/utility.h @@ -4,6 +4,7 @@ //#define USE_PRIVATE_INTERFACES #endif #include +#include #include #include #include @@ -212,6 +213,8 @@ static BOOL AppsShouldUseDarkMode() { return TRUE; } void* ReadFromFile(wchar_t* wszFileName, DWORD* dwSize); +int ComputeFileHash(LPCWSTR filename, LPCWSTR hash, DWORD dwHash); + inline long long milliseconds_now() { LARGE_INTEGER s_frequency; BOOL s_use_qpc = QueryPerformanceFrequency(&s_frequency);