Froz
/
ExplorerPatcher
mirror of https://github.com/valinet/ExplorerPatcher.git
1
0
Fork 0
Code Issues Projects Releases 1 Wiki Activity
Browse Source

Hardcoded symbols are based on MD5 sum

pull/400/head
Valentin Radu 4 years ago
parent
1608abf6c6
commit
6f8d0efe97
3 changed files with 221 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 112
      ExplorerPatcher/symbols.c
  2. 112
      ExplorerPatcher/utility.c
  3. 3
      ExplorerPatcher/utility.h

112
ExplorerPatcher/symbols.c
Unescape View File

@ -539,7 +539,16 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule)
ubr ubr
); );
if (IsBuild(rovi, ubr, 22000, 282) || IsBuild(rovi, ubr, 22000, 318)) BOOL bIsStartHardcoded = FALSE;
BOOL bIsTwinuiPcshellHardcoded = FALSE;
WCHAR hash[100];
ZeroMemory(hash, 100 * sizeof(WCHAR));
TCHAR wszPath[MAX_PATH];
GetSystemDirectoryW(wszPath, MAX_PATH);
wcscat_s(wszPath, MAX_PATH, L"\\" TEXT(TWINUI_PCSHELL_SB_NAME) L".dll");
ComputeFileHash(wszPath, hash, 100);
if (!_wcsicmp(hash, L"8b23b02962856e89b8d8a3956de1d76c")) // 282, 318
{ {
symbols_PTRS->twinui_pcshell_PTRS[0] = 0x217CE6; symbols_PTRS->twinui_pcshell_PTRS[0] = 0x217CE6;
symbols_PTRS->twinui_pcshell_PTRS[1] = 0x5CC570; symbols_PTRS->twinui_pcshell_PTRS[1] = 0x5CC570;
@ -549,14 +558,108 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule)
symbols_PTRS->twinui_pcshell_PTRS[5] = 0x5DA8C4; symbols_PTRS->twinui_pcshell_PTRS[5] = 0x5DA8C4;
symbols_PTRS->twinui_pcshell_PTRS[6] = 0x5CD9C0; symbols_PTRS->twinui_pcshell_PTRS[6] = 0x5CD9C0;
symbols_PTRS->twinui_pcshell_PTRS[7] = 0x52980; symbols_PTRS->twinui_pcshell_PTRS[7] = 0x52980;
bIsTwinuiPcshellHardcoded = TRUE;
}
else if (!_wcsicmp(hash, L"03487ccd5bc5a194fad61b616b0a2b28")) // 346
{
symbols_PTRS->twinui_pcshell_PTRS[0] = 0x21B036;
symbols_PTRS->twinui_pcshell_PTRS[1] = 0x5CD740;
symbols_PTRS->twinui_pcshell_PTRS[2] = 0x5F7058;
symbols_PTRS->twinui_pcshell_PTRS[3] = 0x5F7860;
symbols_PTRS->twinui_pcshell_PTRS[4] = 0x5DBDD8;
symbols_PTRS->twinui_pcshell_PTRS[5] = 0x5DBA94;
symbols_PTRS->twinui_pcshell_PTRS[6] = 0x5CEB90;
symbols_PTRS->twinui_pcshell_PTRS[7] = 0x4D780;
bIsTwinuiPcshellHardcoded = TRUE;
}
if (bIsTwinuiPcshellHardcoded)
{
wprintf(L"[Symbols] Identified known \"" TEXT(TWINUI_PCSHELL_SB_NAME) L".dll\" with hash %s.\n", hash);
}
GetWindowsDirectoryW(wszPath, MAX_PATH);
wcscat_s(wszPath, MAX_PATH, L"\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\" TEXT(STARTDOCKED_SB_NAME) L".dll");
ComputeFileHash(wszPath, hash, 100);
if (!_wcsicmp(hash, L"b57bb94a48d2422de9a78c5fcba28f98")) // 282, 318
{
symbols_PTRS->startdocked_PTRS[0] = 0x188EBC; symbols_PTRS->startdocked_PTRS[0] = 0x188EBC;
symbols_PTRS->startdocked_PTRS[1] = 0x188EBC; symbols_PTRS->startdocked_PTRS[1] = 0x188EBC;
symbols_PTRS->startdocked_PTRS[2] = 0x187120; symbols_PTRS->startdocked_PTRS[2] = 0x187120;
symbols_PTRS->startdocked_PTRS[3] = 0x3C10; symbols_PTRS->startdocked_PTRS[3] = 0x3C10;
symbols_PTRS->startdocked_PTRS[4] = 0x160AEC; symbols_PTRS->startdocked_PTRS[4] = 0x160AEC;
bIsStartHardcoded = TRUE;
} }
else else if (!_wcsicmp(hash, L"e9c1c45a659dafabf671cb0ae195f8d9")) // 346
{
symbols_PTRS->startdocked_PTRS[0] = 0x18969C;
symbols_PTRS->startdocked_PTRS[1] = 0x18969C;
symbols_PTRS->startdocked_PTRS[2] = 0x187900;
symbols_PTRS->startdocked_PTRS[3] = 0x3C00;
symbols_PTRS->startdocked_PTRS[4] = 0x1612CC;
bIsStartHardcoded = TRUE;
}
if (bIsStartHardcoded)
{
wprintf(L"[Symbols] Identified known \"" TEXT(STARTDOCKED_SB_NAME) L".dll\" with hash %s.\n", hash);
RegCreateKeyExW(
HKEY_CURRENT_USER,
TEXT(REGPATH) L"\\" TEXT(STARTDOCKED_SB_NAME),
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_WRITE,
NULL,
&hKey,
&dwDisposition
);
if (hKey)
{
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_0),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[0]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_1),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[1]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_2),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[2]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_3),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[3]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_4),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[4]),
sizeof(DWORD)
);
RegCloseKey(hKey);
}
}
if (!bIsTwinuiPcshellHardcoded || !bIsStartHardcoded)
{ {
RegCreateKeyExW( RegCreateKeyExW(
HKEY_CURRENT_USER, HKEY_CURRENT_USER,
@ -728,10 +831,7 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule)
&dwSize &dwSize
); );
RegCloseKey(hKey); RegCloseKey(hKey);
if (!bNeedToDownload && if (!bNeedToDownload && (!bIsTwinuiPcshellHardcoded || !bIsStartHardcoded))
!IsBuild(rovi, ubr, 22000, 282) &&
!IsBuild(rovi, ubr, 22000, 318)
)
{ {
bNeedToDownload = wcscmp(szReportedVersion, szStoredVersion); bNeedToDownload = wcscmp(szReportedVersion, szStoredVersion);
} }

112
ExplorerPatcher/utility.c
Unescape View File

@ -412,4 +412,116 @@ void* ReadFromFile(wchar_t* wszFileName, DWORD* dwSize)
CloseHandle(hImage); CloseHandle(hImage);
} }
return ok; return ok;
}
int ComputeFileHash(LPCWSTR filename, LPCWSTR hash, DWORD dwHash)
{
DWORD dwStatus = 0;
BOOL bResult = FALSE;
HCRYPTPROV hProv = 0;
HCRYPTHASH hHash = 0;
HANDLE hFile = NULL;
BYTE* rgbFile;
DWORD cbRead = 0;
BYTE rgbHash[16];
DWORD cbHash = 0;
WCHAR rgbDigits[] = L"0123456789abcdef";
// Logic to check usage goes here.
hFile = CreateFile(filename,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_FLAG_SEQUENTIAL_SCAN,
NULL);
if (INVALID_HANDLE_VALUE == hFile)
{
dwStatus = GetLastError();
return dwStatus;
}
LARGE_INTEGER dwFileSize;
GetFileSizeEx(hFile, &dwFileSize);
if (!dwFileSize.LowPart)
{
dwStatus = GetLastError();
CloseHandle(hFile);
return dwStatus;
}
rgbFile = malloc(dwFileSize.LowPart);
if (!rgbFile)
{
dwStatus = E_OUTOFMEMORY;
CloseHandle(hFile);
return dwStatus;
}
// Get handle to the crypto provider
if (!CryptAcquireContext(&hProv,
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
dwStatus = GetLastError();
CloseHandle(hFile);
return dwStatus;
}
if (!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
{
dwStatus = GetLastError();
CloseHandle(hFile);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
while (bResult = ReadFile(hFile, rgbFile, dwFileSize.LowPart, &cbRead, NULL))
{
if (0 == cbRead)
{
break;
}
if (!CryptHashData(hHash, rgbFile, cbRead, 0))
{
dwStatus = GetLastError();
CryptReleaseContext(hProv, 0);
CryptDestroyHash(hHash);
CloseHandle(hFile);
return dwStatus;
}
}
if (!bResult)
{
dwStatus = GetLastError();
CryptReleaseContext(hProv, 0);
CryptDestroyHash(hHash);
CloseHandle(hFile);
return dwStatus;
}
cbHash = 16;
if (CryptGetHashParam(hHash, HP_HASHVAL, rgbHash, &cbHash, 0))
{
for (DWORD i = 0; i < cbHash; i++)
{
swprintf_s(hash + (i * 2), dwHash, L"%c%c", rgbDigits[rgbHash[i] >> 4], rgbDigits[rgbHash[i] & 0xf]);
}
}
else
{
dwStatus = GetLastError();
}
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, 0);
CloseHandle(hFile);
free(rgbFile);
return dwStatus;
} }

3
ExplorerPatcher/utility.h
Unescape View File

@ -4,6 +4,7 @@
//#define USE_PRIVATE_INTERFACES //#define USE_PRIVATE_INTERFACES
#endif #endif
#include <Windows.h> #include <Windows.h>
#include <stdio.h>
#include <tchar.h> #include <tchar.h>
#include <windows.data.xml.dom.h> #include <windows.data.xml.dom.h>
#include <accctrl.h> #include <accctrl.h>
@ -212,6 +213,8 @@ static BOOL AppsShouldUseDarkMode() { return TRUE; }
void* ReadFromFile(wchar_t* wszFileName, DWORD* dwSize); void* ReadFromFile(wchar_t* wszFileName, DWORD* dwSize);
int ComputeFileHash(LPCWSTR filename, LPCWSTR hash, DWORD dwHash);
inline long long milliseconds_now() { inline long long milliseconds_now() {
LARGE_INTEGER s_frequency; LARGE_INTEGER s_frequency;
BOOL s_use_qpc = QueryPerformanceFrequency(&s_frequency); BOOL s_use_qpc = QueryPerformanceFrequency(&s_frequency);

Write Preview
Loading…
Cancel
Save