From 8611c3d1daa28718ea599ab630ab589171fcbb2a Mon Sep 17 00:00:00 2001 From: Valentin Radu Date: Tue, 31 Aug 2021 02:58:50 +0300 Subject: [PATCH] Improved Explorer hooking --- CHANGELOG.md | 10 +- ExplorerPatcher.sln | 42 +- ExplorerPatcher/ExplorerPatcher.rc | 16 +- ExplorerPatcher/ExplorerPatcher.vcxproj | 78 +- .../ExplorerPatcher.vcxproj.filters | 2 +- .../dllmain.c | 1745 ++++++++++++----- ExplorerPatcher/main.c | 1063 ---------- ExplorerPatcher/resource.rc | 100 - .../ExplorerPatcherLibrary.rc | 100 - .../ExplorerPatcherLibrary.vcxproj | 196 -- .../ExplorerPatcherLibrary.vcxproj.filters | 32 - ExplorerPatcherLibrary/resource.h | 15 - PostBuildCommand/PostBuildCommand.vcxproj | 96 - .../PostBuildCommand.vcxproj.filters | 17 - PreBuildCommand/PreBuildCommand.vcxproj | 96 - .../PreBuildCommand.vcxproj.filters | 17 - README.md | 25 +- 17 files changed, 1323 insertions(+), 2327 deletions(-) rename {ExplorerPatcherLibrary => ExplorerPatcher}/dllmain.c (57%) delete mode 100644 ExplorerPatcher/main.c delete mode 100644 ExplorerPatcher/resource.rc delete mode 100644 ExplorerPatcherLibrary/ExplorerPatcherLibrary.rc delete mode 100644 ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj delete mode 100644 ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj.filters delete mode 100644 ExplorerPatcherLibrary/resource.h delete mode 100644 PostBuildCommand/PostBuildCommand.vcxproj delete mode 100644 PostBuildCommand/PostBuildCommand.vcxproj.filters delete mode 100644 PreBuildCommand/PreBuildCommand.vcxproj delete mode 100644 PreBuildCommand/PreBuildCommand.vcxproj.filters diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fcc478..bdec041 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,15 @@ -# Explorer Patcher Changelog +# Explorer Patcher Change log This document includes the same release notes as in the [Releases](https://github.com/valinet/ExplorerPatcher/releases) section on GitHub. +## 22000.168.0.10 + +Improved Explorer hooking. + +The application now comes in the form of a single DLL file (`dxgi.dll`) which you have to place in `%windir%` (usually `C:\Windows`). Restart Explorer and that's it. + +Please make sure to uninstall the old version before using this new one. + ## 22000.168.0.9 Implements [#6](https://github.com/valinet/ExplorerPatcher/issues/6) (option to revert to classic context menu). To disable this feature, add this to the settings.ini file: diff --git a/ExplorerPatcher.sln b/ExplorerPatcher.sln index 2fbbcc0..9bc5da6 100644 --- a/ExplorerPatcher.sln +++ b/ExplorerPatcher.sln @@ -3,23 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 16 VisualStudioVersion = 16.0.30002.166 MinimumVisualStudioVersion = 10.0.40219.1 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExplorerPatcher", "ExplorerPatcher\ExplorerPatcher.vcxproj", "{05EB9B16-4C34-47A2-97F5-E65E4955F71B}" - ProjectSection(ProjectDependencies) = postProject - {E74E02C4-C6DA-44B2-A034-7C9F1B661152} = {E74E02C4-C6DA-44B2-A034-7C9F1B661152} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExplorerPatcherLibrary", "ExplorerPatcherLibrary\ExplorerPatcherLibrary.vcxproj", "{DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}" - ProjectSection(ProjectDependencies) = postProject - {E74E02C4-C6DA-44B2-A034-7C9F1B661152} = {E74E02C4-C6DA-44B2-A034-7C9F1B661152} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PreBuildCommand", "PreBuildCommand\PreBuildCommand.vcxproj", "{E74E02C4-C6DA-44B2-A034-7C9F1B661152}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PostBuildCommand", "PostBuildCommand\PostBuildCommand.vcxproj", "{9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}" - ProjectSection(ProjectDependencies) = postProject - {05EB9B16-4C34-47A2-97F5-E65E4955F71B} = {05EB9B16-4C34-47A2-97F5-E65E4955F71B} - {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9} = {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9} - EndProjectSection +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExplorerPatcher", "ExplorerPatcher\ExplorerPatcher.vcxproj", "{DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -29,14 +13,6 @@ Global Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Debug|x64.ActiveCfg = Debug|x64 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Debug|x64.Build.0 = Debug|x64 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Debug|x86.ActiveCfg = Debug|Win32 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Debug|x86.Build.0 = Debug|Win32 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Release|x64.ActiveCfg = Release|x64 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Release|x64.Build.0 = Release|x64 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Release|x86.ActiveCfg = Release|Win32 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B}.Release|x86.Build.0 = Release|Win32 {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}.Debug|x64.ActiveCfg = Debug|x64 {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}.Debug|x64.Build.0 = Debug|x64 {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}.Debug|x86.ActiveCfg = Debug|Win32 @@ -45,22 +21,6 @@ Global {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}.Release|x64.Build.0 = Release|x64 {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}.Release|x86.ActiveCfg = Release|Win32 {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9}.Release|x86.Build.0 = Release|Win32 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Debug|x64.ActiveCfg = Debug|x64 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Debug|x64.Build.0 = Debug|x64 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Debug|x86.ActiveCfg = Debug|Win32 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Debug|x86.Build.0 = Debug|Win32 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Release|x64.ActiveCfg = Release|x64 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Release|x64.Build.0 = Release|x64 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Release|x86.ActiveCfg = Release|Win32 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152}.Release|x86.Build.0 = Release|Win32 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Debug|x64.ActiveCfg = Debug|x64 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Debug|x64.Build.0 = Debug|x64 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Debug|x86.ActiveCfg = Debug|Win32 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Debug|x86.Build.0 = Debug|Win32 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Release|x64.ActiveCfg = Release|x64 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Release|x64.Build.0 = Release|x64 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Release|x86.ActiveCfg = Release|Win32 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/ExplorerPatcher/ExplorerPatcher.rc b/ExplorerPatcher/ExplorerPatcher.rc index 6787ccf..118a031 100644 --- a/ExplorerPatcher/ExplorerPatcher.rc +++ b/ExplorerPatcher/ExplorerPatcher.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 22000,168,0,9 - PRODUCTVERSION 22000,168,0,9 + FILEVERSION 22000,168,0,10 + PRODUCTVERSION 22000,168,0,10 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -60,7 +60,7 @@ VS_VERSION_INFO VERSIONINFO FILEFLAGS 0x0L #endif FILEOS 0x40004L - FILETYPE 0x1L + FILETYPE 0x2L FILESUBTYPE 0x0L BEGIN BLOCK "StringFileInfo" @@ -68,13 +68,13 @@ BEGIN BLOCK "040904b0" BEGIN VALUE "CompanyName", "VALINET Solutions SRL" - VALUE "FileDescription", "ExplorerPatcher Daemon" - VALUE "FileVersion", "22000.168.0.9" - VALUE "InternalName", "ExplorerPatcher.exe" + VALUE "FileDescription", "ExplorerPatcher" + VALUE "FileVersion", "22000.168.0.10" + VALUE "InternalName", "ExplorerPatcher.dll" VALUE "LegalCopyright", "Copyright (C) 2006-2021 VALINET Solutions SRL. All rights reserved." - VALUE "OriginalFilename", "ExplorerPatcher.exe" + VALUE "OriginalFilename", "ExplorerPatcher.dll" VALUE "ProductName", "ExplorerPatcher" - VALUE "ProductVersion", "22000.168.0.9" + VALUE "ProductVersion", "22000.168.0.10" END END BLOCK "VarFileInfo" diff --git a/ExplorerPatcher/ExplorerPatcher.vcxproj b/ExplorerPatcher/ExplorerPatcher.vcxproj index ef41f22..4e1c6fb 100644 --- a/ExplorerPatcher/ExplorerPatcher.vcxproj +++ b/ExplorerPatcher/ExplorerPatcher.vcxproj @@ -20,8 +20,8 @@ 16.0 - {05EB9B16-4C34-47A2-97F5-E65E4955F71B} - CenterTitlebarText + {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9} + CenterTitlebarTextLibrary 10.0 ExplorerPatcher @@ -40,13 +40,13 @@ Unicode - Application + DynamicLibrary true v142 Unicode - Application + DynamicLibrary false v142 true @@ -70,54 +70,62 @@ + + false + $(SolutionDir)$(Platform)\$(Configuration)\ + dxgi + true + dxgi true + dxgi false + dxgi - - false - $(SolutionDir)$(Platform)\$(Configuration)\ - - + Level3 + true + true true - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true - MultiThreadedDebug - $(SolutionDir)libs\funchook\distorm\include;$(SolutionDir)libs\libvalinet + $(SolutionDir)libs\funchook\include;$(SolutionDir)libs\libvalinet;$(SolutionDir)libs\funchook\distorm\include;%(AdditionalIncludeDirectories) + MultiThreaded Console + true + true true + $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalLibraryDirectories) + $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalDependencies) - - - - + + + + - + Level3 true _DEBUG;_CONSOLE;%(PreprocessorDefinitions) true - $(SolutionDir)libs\funchook\distorm\include;$(SolutionDir)libs\libvalinet MultiThreadedDebug - Windows + Console true - $(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalDependencies) @@ -128,33 +136,31 @@ - + Level3 - true - true true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) true - MultiThreaded - $(SolutionDir)libs\funchook\distorm\include;$(SolutionDir)libs\libvalinet + $(SolutionDir)libs\funchook\include;$(SolutionDir)libs\libvalinet;$(SolutionDir)libs\funchook\distorm\include;%(AdditionalIncludeDirectories) + MultiThreadedDebug Console - true - true true + $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalLibraryDirectories) + $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalDependencies) - - - - + + + + - + Level3 true @@ -162,15 +168,13 @@ true NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true - $(SolutionDir)libs\funchook\distorm\include;$(SolutionDir)libs\libvalinet MultiThreaded - Windows + Console true true true - $(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalDependencies) @@ -182,7 +186,7 @@ - + diff --git a/ExplorerPatcher/ExplorerPatcher.vcxproj.filters b/ExplorerPatcher/ExplorerPatcher.vcxproj.filters index 2e42052..47b3051 100644 --- a/ExplorerPatcher/ExplorerPatcher.vcxproj.filters +++ b/ExplorerPatcher/ExplorerPatcher.vcxproj.filters @@ -25,7 +25,7 @@ - + Source Files diff --git a/ExplorerPatcherLibrary/dllmain.c b/ExplorerPatcher/dllmain.c similarity index 57% rename from ExplorerPatcherLibrary/dllmain.c rename to ExplorerPatcher/dllmain.c index 3b5f1b4..3a45010 100644 --- a/ExplorerPatcherLibrary/dllmain.c +++ b/ExplorerPatcher/dllmain.c @@ -3,6 +3,9 @@ #include #include #include +#include +#include +#include #pragma comment(lib, "Psapi.lib") // required by funchook #include #pragma comment(lib, "Shlwapi.lib") @@ -34,18 +37,28 @@ DEFINE_GUID(__uuidof_IAuthUILogonSound, 0x4cfc, 0x435a, 0x91, 0xc2, 0x9d, 0xbd, 0xec, 0xbf, 0xfc, 0x95 ); + +#define BYTES_TO_DISASSEMBLE 1000 + +#define EXIT_CODE_EXPLORER 1 + #define OPEN_NAME L"&Open archive" #define EXTRACT_NAME L"&Extract to \"%s\\\"" #define OPEN_CMD L"\"C:\\Program Files\\7-Zip\\7zFM.exe\" %s" #define EXTRACT_CMD L"\"C:\\Program Files\\7-Zip\\7zG.exe\" x -o\"%s\" -spe %s" #define APPID L"Microsoft.Windows.Explorer" -#define SYMBOLS_RELATIVE_PATH "\\settings.ini" +#define SYMBOLS_RELATIVE_PATH "\\ExplorerPatcher\\settings.ini" #define EXPLORER_SB_NAME "explorer" #define EXPLORER_SB_0 "CTray::_HandleGlobalHotkey" #define EXPLORER_SB_1 "CTray::v_WndProc" #define EXPLORER_SB_2 "CTray::_FireDesktopSwitchIfReady" -#define EXPLORER_SB_CNT 3 +#define EXPLORER_SB_3 "CTray::Init" +#define EXPLORER_SB_CNT 4 +#define EXPLORER_PATCH_OFFSET "Offset" +#define EXPLORER_PATCH_OFFSET_OK "OffsetOK" +#define EXPLORER_PATCH_OFFSET_STRAT "OffsetStrat" +#define EXPLORER_PATCH_DIRTY "Dirty" #define TWINUI_PCSHELL_SB_NAME "twinui.pcshell" #define TWINUI_PCSHELL_SB_0 "CImmersiveContextMenuOwnerDrawHelper::s_ContextMenuWndProc" #define TWINUI_PCSHELL_SB_1 "CLauncherTipContextMenu::GetMenuItemsAsync" @@ -70,7 +83,8 @@ DEFINE_GUID(__uuidof_IAuthUILogonSound, const char* explorer_SN[EXPLORER_SB_CNT] = { EXPLORER_SB_0, EXPLORER_SB_1, - EXPLORER_SB_2 + EXPLORER_SB_2, + EXPLORER_SB_3 }; const char* twinui_pcshell_SN[TWINUI_PCSHELL_SB_CNT] = { TWINUI_PCSHELL_SB_0, @@ -119,10 +133,23 @@ L"\r\n"; wchar_t DownloadOKXML[] = L"\r\n" +L" \r\n" +L" \r\n" +L" \r\n" +L" \r\n" +L" \r\n" +L" \r\n" +L" \r\n" +L" \r\n"; + +wchar_t InstallOK[] = +L"\r\n" L" \r\n" L" \r\n" -L" \r\n" +L" \r\n" L" \r\n" L" \r\n" L" \r\n" @@ -137,7 +164,6 @@ HWND archivehWnd; funchook_t* funchook = NULL; HMODULE hModule = NULL; -HWND messageWindow = NULL; HANDLE hIsWinXShown = NULL; INT64 lockEnsureWinXHotkeyOnlyOnce; @@ -310,6 +336,7 @@ char ContextMenuPresenter_DoContextMenuHook( void* a4 ) { + printf("da\n"); *(((char*)_this + 156)) = 0; ContextMenuPresenter_DoContextMenuFunc( _this, @@ -562,9 +589,9 @@ LRESULT CALLBACK CLauncherTipContextMenu_WndProc( } else if (res == 1) { - TCHAR path[MAX_PATH], path_orig[MAX_PATH]; - ZeroMemory(path, MAX_PATH * sizeof(TCHAR)); - ZeroMemory(path_orig, MAX_PATH * sizeof(TCHAR)); + TCHAR path[MAX_PATH + 1], path_orig[MAX_PATH + 1]; + ZeroMemory(path, (MAX_PATH + 1) * sizeof(TCHAR)); + ZeroMemory(path_orig, (MAX_PATH + 1) * sizeof(TCHAR)); memcpy(path, st->lpData, wcslen(st->lpData) * sizeof(TCHAR)); memcpy(path_orig, st->lpData, wcslen(st->lpData) * sizeof(TCHAR)); PathUnquoteSpacesW(path_orig); @@ -1243,6 +1270,7 @@ LRESULT CALLBACK OpenStartOnCurentMonitorThreadHook( DWORD ArchiveMenuThread(LPVOID unused) { Sleep(1000); + printf("Started \"Archive menu\" thread.\n"); HRESULT hr = CoInitialize(NULL); if (FAILED(hr)) @@ -1313,10 +1341,23 @@ DWORD ArchiveMenuThread(LPVOID unused) TranslateMessage(&msg); DispatchMessage(&msg); } + + printf("Ended \"Archive menu\" thread.\n"); } DWORD OpenStartOnCurentMonitorThread(LPVOID unused) { + HANDLE hEvent = CreateEvent(0, 0, 0, L"ShellDesktopSwitchEvent"); + if (!hEvent) + { + printf("Failed to start \"Open Start on current monitor\" thread.\n"); + return 0; + } + WaitForSingleObject( + hEvent, + INFINITE + ); + printf("Started \"Open Start on current monitor\" thread.\n"); HWND g_ProgWin = FindWindowEx( NULL, NULL, @@ -1339,11 +1380,14 @@ DWORD OpenStartOnCurentMonitorThread(LPVOID unused) TranslateMessage(&msg); DispatchMessage(&msg); } + + printf("Ended \"Open Start on current monitor\" thread.\n"); } DWORD PlayStartupSound(DWORD x) { Sleep(1000); + printf("Started \"Play startup sound\" thread.\n"); HRESULT hr = CoInitialize(NULL); @@ -1383,117 +1427,718 @@ DWORD PlayStartupSound(DWORD x) ppv->lpVtbl->PlayIfNecessary(ppv, 1); ppv->lpVtbl->Release(ppv); } + + printf("Ended \"Play startup sound\" thread.\n"); return 0; } DWORD SignalShellReady(DWORD x) { - Sleep(1000); + Sleep(2000); + printf("Started \"Signal shell ready\" thread.\n"); - HANDLE hEvent = CreateEvent(0, 1, 1, L"ShellDesktopSwitchEvent"); + HANDLE hEvent = CreateEvent(0, 0, 0, L"ShellDesktopSwitchEvent"); if (hEvent) { SetEvent(hEvent); } + + printf("Ended \"Signal shell ready\" thread.\n"); return 0; } -__declspec(dllexport) DWORD WINAPI main( - _In_ LPVOID lpParameter -) +DWORD DownloadSymbols(TCHAR* wszSettingsPath) { + Sleep(3000); + + printf("Started \"Download symbols\" thread.\n"); + + RTL_OSVERSIONINFOW rovi; + if (!GetOSVersion(&rovi)) + { + FreeLibraryAndExitThread( + hModule, + 1 + ); + return 1; + } + DWORD32 ubr = 0, ubr_size = sizeof(DWORD32); + HKEY hKey; + LONG lRes = RegOpenKeyExW( + HKEY_LOCAL_MACHINE, + wcschr( + wcschr( + wcschr( + UNIFIEDBUILDREVISION_KEY, + '\\' + ) + 1, + '\\' + ) + 1, + '\\' + ) + 1, + 0, + KEY_READ, + &hKey + ); + if (lRes == ERROR_SUCCESS) + { + RegQueryValueExW( + hKey, + UNIFIEDBUILDREVISION_VALUE, + 0, + NULL, + &ubr, + &ubr_size + ); + } + TCHAR szReportedVersion[MAX_PATH + 1]; + ZeroMemory( + szReportedVersion, + (MAX_PATH + 1) * sizeof(TCHAR) + ); + wsprintf( + szReportedVersion, + L"%d.%d.%d.%d", + rovi.dwMajorVersion, + rovi.dwMinorVersion, + rovi.dwBuildNumber, + ubr + ); + + TCHAR buffer[sizeof(DownloadSymbolsXML) / sizeof(wchar_t) + 30]; + ZeroMemory( + buffer, + (sizeof(DownloadSymbolsXML) / sizeof(wchar_t) + 30) * sizeof(TCHAR) + ); + wsprintf( + buffer, + DownloadSymbolsXML, + szReportedVersion + ); + HRESULT hr = S_OK; + __x_ABI_CWindows_CData_CXml_CDom_CIXmlDocument* inputXml = NULL; + hr = String2IXMLDocument( + buffer, + wcslen(buffer), + &inputXml, #ifdef DEBUG - FILE* conout; - AllocConsole(); - freopen_s( - &conout, - "CONOUT$", - "w", stdout +#else + NULL +#endif ); + hr = ShowToastMessage( + inputXml, + APPID, + sizeof(APPID) / sizeof(TCHAR) - 1, +#ifdef DEBUG + stdout +#else + NULL #endif + ); - int rv; - if (!funchook) + DWORD dwRet = 0; + char szSettingsPath[MAX_PATH + 1]; + ZeroMemory( + szSettingsPath, + (MAX_PATH + 1) * sizeof(char) + ); + wcstombs_s( + &dwRet, + szSettingsPath, + MAX_PATH + 1, + wszSettingsPath, + MAX_PATH + 1 + ); + PathRemoveFileSpecA(szSettingsPath); + strcat_s( + szSettingsPath, + MAX_PATH + 1, + "\\" + ); + + printf("Downloading to \"%s\".\n", szSettingsPath); + + symbols_addr symbols_PTRS; + ZeroMemory( + &symbols_PTRS, + sizeof(symbols_addr) + ); + + char explorer_sb_exe[MAX_PATH]; + ZeroMemory( + explorer_sb_exe, + (MAX_PATH) * sizeof(char) + ); + GetWindowsDirectoryA( + explorer_sb_exe, + MAX_PATH + ); + strcat_s( + explorer_sb_exe, + MAX_PATH, + "\\" + ); + strcat_s( + explorer_sb_exe, + MAX_PATH, + EXPLORER_SB_NAME + ); + strcat_s( + explorer_sb_exe, + MAX_PATH, + ".exe" + ); + printf("Downloading symbols for \"%s\"...\n", explorer_sb_exe); + if (VnDownloadSymbols( + NULL, + explorer_sb_exe, + szSettingsPath, + MAX_PATH + )) { - - CreateThread( - 0, - 0, - PlayStartupSound, - 0, - 0, - 0 + FreeLibraryAndExitThread( + hModule, + 2 ); + return 2; + } + printf("Reading symbols...\n"); + if (VnGetSymbols( + szSettingsPath, + symbols_PTRS.explorer_PTRS, + explorer_SN, + EXPLORER_SB_CNT + )) + { + FreeLibraryAndExitThread( + hModule, + 3 + ); + return 3; + } + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_SB_0), + symbols_PTRS.explorer_PTRS[0], + wszSettingsPath + ); + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_SB_1), + symbols_PTRS.explorer_PTRS[1], + wszSettingsPath + ); + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_SB_2), + symbols_PTRS.explorer_PTRS[2], + wszSettingsPath + ); + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_SB_3), + symbols_PTRS.explorer_PTRS[3], + wszSettingsPath + ); + char twinui_pcshell_sb_dll[MAX_PATH]; + ZeroMemory( + twinui_pcshell_sb_dll, + (MAX_PATH) * sizeof(char) + ); + GetSystemDirectoryA( + twinui_pcshell_sb_dll, + MAX_PATH + ); + strcat_s( + twinui_pcshell_sb_dll, + MAX_PATH, + "\\" + ); + strcat_s( + twinui_pcshell_sb_dll, + MAX_PATH, + TWINUI_PCSHELL_SB_NAME + ); + strcat_s( + twinui_pcshell_sb_dll, + MAX_PATH, + ".dll" + ); + printf("Downloading symbols for \"%s\"...\n", twinui_pcshell_sb_dll); + if (VnDownloadSymbols( + NULL, + twinui_pcshell_sb_dll, + szSettingsPath, + MAX_PATH + )) + { + FreeLibraryAndExitThread( + hModule, + 4 + ); + return 4; + } + printf("Reading symbols...\n"); + if (VnGetSymbols( + szSettingsPath, + symbols_PTRS.twinui_pcshell_PTRS, + twinui_pcshell_SN, + TWINUI_PCSHELL_SB_CNT + )) + { + FreeLibraryAndExitThread( + hModule, + 5 + ); + return 5; + } + VnWriteUInt( + TEXT(TWINUI_PCSHELL_SB_NAME), + TEXT(TWINUI_PCSHELL_SB_0), + symbols_PTRS.twinui_pcshell_PTRS[0], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_PCSHELL_SB_NAME), + TEXT(TWINUI_PCSHELL_SB_1), + symbols_PTRS.twinui_pcshell_PTRS[1], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_PCSHELL_SB_NAME), + TEXT(TWINUI_PCSHELL_SB_2), + symbols_PTRS.twinui_pcshell_PTRS[2], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_PCSHELL_SB_NAME), + TEXT(TWINUI_PCSHELL_SB_3), + symbols_PTRS.twinui_pcshell_PTRS[3], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_PCSHELL_SB_NAME), + TEXT(TWINUI_PCSHELL_SB_4), + symbols_PTRS.twinui_pcshell_PTRS[4], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_PCSHELL_SB_NAME), + TEXT(TWINUI_PCSHELL_SB_5), + symbols_PTRS.twinui_pcshell_PTRS[5], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_PCSHELL_SB_NAME), + TEXT(TWINUI_PCSHELL_SB_6), + symbols_PTRS.twinui_pcshell_PTRS[6], + wszSettingsPath + ); + char twinui_sb_dll[MAX_PATH]; + ZeroMemory( + twinui_sb_dll, + (MAX_PATH) * sizeof(char) + ); + GetSystemDirectoryA( + twinui_sb_dll, + MAX_PATH + ); + strcat_s( + twinui_sb_dll, + MAX_PATH, + "\\" + ); + strcat_s( + twinui_sb_dll, + MAX_PATH, + TWINUI_SB_NAME + ); + strcat_s( + twinui_sb_dll, + MAX_PATH, + ".dll" + ); + printf("Downloading symbols for \"%s\"...\n", twinui_sb_dll); + if (VnDownloadSymbols( + NULL, + twinui_sb_dll, + szSettingsPath, + MAX_PATH + )) + { + FreeLibraryAndExitThread( + hModule, + 6 + ); + return 6; + } + printf("Reading symbols...\n"); + if (VnGetSymbols( + szSettingsPath, + symbols_PTRS.twinui_PTRS, + twinui_SN, + TWINUI_SB_CNT + )) + { + FreeLibraryAndExitThread( + hModule, + 7 + ); + return 7; + } + VnWriteUInt( + TEXT(TWINUI_SB_NAME), + TEXT(TWINUI_SB_0), + symbols_PTRS.twinui_PTRS[0], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_SB_NAME), + TEXT(TWINUI_SB_1), + symbols_PTRS.twinui_PTRS[1], + wszSettingsPath + ); + VnWriteUInt( + TEXT(TWINUI_SB_NAME), + TEXT(TWINUI_SB_2), + symbols_PTRS.twinui_PTRS[2], + wszSettingsPath + ); + char stobject_sb_dll[MAX_PATH]; + ZeroMemory( + stobject_sb_dll, + (MAX_PATH) * sizeof(char) + ); + GetSystemDirectoryA( + stobject_sb_dll, + MAX_PATH + ); + strcat_s( + stobject_sb_dll, + MAX_PATH, + "\\" + ); + strcat_s( + stobject_sb_dll, + MAX_PATH, + STOBJECT_SB_NAME + ); + strcat_s( + stobject_sb_dll, + MAX_PATH, + ".dll" + ); + printf("Downloading symbols for \"%s\"...\n", stobject_sb_dll); + if (VnDownloadSymbols( + NULL, + stobject_sb_dll, + szSettingsPath, + MAX_PATH + )) + { + FreeLibraryAndExitThread( + hModule, + 6 + ); + return 6; + } + printf("Reading symbols...\n"); + if (VnGetSymbols( + szSettingsPath, + symbols_PTRS.stobject_PTRS, + stobject_SN, + STOBJECT_SB_CNT + )) + { + FreeLibraryAndExitThread( + hModule, + 7 + ); + return 7; + } + VnWriteUInt( + TEXT(STOBJECT_SB_NAME), + TEXT(STOBJECT_SB_0), + symbols_PTRS.stobject_PTRS[0], + wszSettingsPath + ); + VnWriteUInt( + TEXT(STOBJECT_SB_NAME), + TEXT(STOBJECT_SB_1), + symbols_PTRS.stobject_PTRS[1], + wszSettingsPath + ); - CreateThread( - 0, - 0, - SignalShellReady, - 0, - 0, - 0 + char windowsuifileexplorer_sb_dll[MAX_PATH]; + ZeroMemory( + windowsuifileexplorer_sb_dll, + (MAX_PATH) * sizeof(char) + ); + GetSystemDirectoryA( + windowsuifileexplorer_sb_dll, + MAX_PATH + ); + strcat_s( + windowsuifileexplorer_sb_dll, + MAX_PATH, + "\\" + ); + strcat_s( + windowsuifileexplorer_sb_dll, + MAX_PATH, + WINDOWSUIFILEEXPLORER_SB_NAME + ); + strcat_s( + windowsuifileexplorer_sb_dll, + MAX_PATH, + ".dll" + ); + printf("Downloading symbols for \"%s\"...\n", windowsuifileexplorer_sb_dll); + if (VnDownloadSymbols( + NULL, + windowsuifileexplorer_sb_dll, + szSettingsPath, + MAX_PATH + )) + { + FreeLibraryAndExitThread( + hModule, + 6 + ); + return 6; + } + printf("Reading symbols...\n"); + if (VnGetSymbols( + szSettingsPath, + symbols_PTRS.windowsuifileexplorer_PTRS, + windowsuifileexplorer_SN, + WINDOWSUIFILEEXPLORER_SB_CNT + )) + { + FreeLibraryAndExitThread( + hModule, + 7 ); + return 7; + } + VnWriteUInt( + TEXT(WINDOWSUIFILEEXPLORER_SB_NAME), + TEXT(WINDOWSUIFILEEXPLORER_SB_0), + symbols_PTRS.windowsuifileexplorer_PTRS[0], + wszSettingsPath + ); + + VnWriteString( + TEXT("OS"), + TEXT("Build"), + szReportedVersion, + wszSettingsPath + ); + + __x_ABI_CWindows_CData_CXml_CDom_CIXmlDocument* inputXml2 = NULL; + hr = String2IXMLDocument( + DownloadOKXML, + wcslen(DownloadOKXML), + &inputXml2, +#ifdef DEBUG + stdout +#else + NULL +#endif + ); + hr = ShowToastMessage( + inputXml2, + APPID, + sizeof(APPID) / sizeof(TCHAR) - 1, +#ifdef DEBUG + stdout +#else + NULL +#endif + ); + Sleep(4000); + + TCHAR wszExplorerPath[MAX_PATH + 1]; + wszExplorerPath[0] = L'\"'; + GetSystemDirectory(wszExplorerPath + 1, MAX_PATH); + wcscat_s(wszExplorerPath, MAX_PATH + 1, L"\\rundll32.exe\" \""); + GetModuleFileName(hModule, wszExplorerPath + wcslen(wszExplorerPath), MAX_PATH - wcslen(wszExplorerPath)); + wcscat_s(wszExplorerPath, MAX_PATH, L"\",ZZLaunchExplorer"); + wprintf(L"Command to launch: \" %s \"\n.", wszExplorerPath); + STARTUPINFO si = { sizeof(si) }; + PROCESS_INFORMATION pi; + BOOL b = CreateProcess( + NULL, + wszExplorerPath, + NULL, + NULL, + TRUE, + CREATE_UNICODE_ENVIRONMENT, + NULL, + NULL, + &si, + &pi + ); + FreeConsole(); + TerminateProcess( + OpenProcess( + PROCESS_TERMINATE, + FALSE, + GetCurrentProcessId() + ), + EXIT_CODE_EXPLORER + ); +} +DWORD DetermineInjectionSuccess(TCHAR* wszSettingsPath) +{ + uintptr_t ok = 0; + Sleep(3000); + printf("Started \"Determine injection success\" thread.\n"); + HWND hWnd = FindWindowEx( + NULL, + NULL, + L"Shell_TrayWnd", + NULL + ); + if (hWnd) + { + hWnd = FindWindowEx( + hWnd, + NULL, + L"Start", + NULL + ); + if (hWnd) + { + if (IsWindowVisible(hWnd)) + { + ok = 1; + } + } + } + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_OFFSET_OK), + ok, + wszSettingsPath + ); + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_DIRTY), + 0, + wszSettingsPath + ); + printf("Attempt status is %d.\n", ok); - messageWindow = (HWND)lpParameter; + if (ok) + { + __x_ABI_CWindows_CData_CXml_CDom_CIXmlDocument* inputXml = NULL; + HRESULT hr = String2IXMLDocument( + InstallOK, + wcslen(InstallOK), + &inputXml, +#ifdef DEBUG + stdout +#else + NULL +#endif + ); + hr = ShowToastMessage( + inputXml, + APPID, + sizeof(APPID) / sizeof(TCHAR) - 1, +#ifdef DEBUG + stdout +#else + NULL +#endif + ); + } + FreeConsole(); + TerminateProcess( + OpenProcess( + PROCESS_TERMINATE, + FALSE, + GetCurrentProcessId() + ), + EXIT_CODE_EXPLORER + ); +} +DWORD WINAPI main( + _In_ LPVOID lpParameter +) +{ +#ifdef DEBUG + FILE* conout; + AllocConsole(); + freopen_s( + &conout, + "CONOUT$", + "w", + stdout + ); +#endif + int rv; + if (!funchook) + { funchook = funchook_create(); + printf("funchook create %d\n", funchook != 0); - - DWORD dwRet = 0; - char szSettingsPath[MAX_PATH]; - ZeroMemory( - szSettingsPath, - (MAX_PATH) * sizeof(char) - ); - TCHAR wszSettingsPath[MAX_PATH]; + TCHAR* wszSettingsPath = malloc((MAX_PATH + 1) * sizeof(TCHAR)); + if (!wszSettingsPath) + { + return 0; + } ZeroMemory( wszSettingsPath, - (MAX_PATH) * sizeof(TCHAR) - ); - GetModuleFileNameA( - hModule, - szSettingsPath, - MAX_PATH + (MAX_PATH + 1) * sizeof(TCHAR) ); - PathRemoveFileSpecA(szSettingsPath); - strcat_s( - szSettingsPath, - MAX_PATH, - SYMBOLS_RELATIVE_PATH + SHGetFolderPathW( + NULL, + CSIDL_APPDATA, + NULL, + SHGFP_TYPE_CURRENT, + wszSettingsPath ); - mbstowcs_s( - &dwRet, + wcscat_s( wszSettingsPath, MAX_PATH, - szSettingsPath, - MAX_PATH + TEXT(SYMBOLS_RELATIVE_PATH) ); + wprintf(L"Settings path: \"%s\"\n", wszSettingsPath); - - - - CreateThread( - 0, +#ifndef DEBUG + uintptr_t alloc_console = VnGetUInt( + TEXT("AllocConsole"), + TEXT("General"), 0, - OpenStartOnCurentMonitorThread, - 0, - 0, - 0 + wszSettingsPath ); - - - + if (alloc_console) + { + FILE* conout; + AllocConsole(); + freopen_s( + &conout, + "CONOUT$", + "w", + stdout + ); + } +#endif symbols_addr symbols_PTRS; ZeroMemory( @@ -1518,6 +2163,12 @@ __declspec(dllexport) DWORD WINAPI main( 0, wszSettingsPath ); + symbols_PTRS.explorer_PTRS[3] = VnGetUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_SB_3), + 0, + wszSettingsPath + ); symbols_PTRS.twinui_pcshell_PTRS[0] = VnGetUInt( TEXT(TWINUI_PCSHELL_SB_NAME), @@ -1649,15 +2300,15 @@ __declspec(dllexport) DWORD WINAPI main( &ubr_size ); } - TCHAR szReportedVersion[MAX_PATH]; + TCHAR szReportedVersion[MAX_PATH + 1]; ZeroMemory( szReportedVersion, - (MAX_PATH) * sizeof(TCHAR) + (MAX_PATH + 1) * sizeof(TCHAR) ); - TCHAR szStoredVersion[MAX_PATH]; + TCHAR szStoredVersion[MAX_PATH + 1]; ZeroMemory( szStoredVersion, - (MAX_PATH) * sizeof(TCHAR) + (MAX_PATH + 1) * sizeof(TCHAR) ); wsprintf( szReportedVersion, @@ -1683,467 +2334,297 @@ __declspec(dllexport) DWORD WINAPI main( if (bNeedToDownload) { - TCHAR buffer[sizeof(DownloadSymbolsXML) / sizeof(wchar_t) + 30]; - ZeroMemory( - buffer, - (sizeof(DownloadSymbolsXML) / sizeof(wchar_t) + 30) * sizeof(TCHAR) - ); - wsprintf( - buffer, - DownloadSymbolsXML, - szReportedVersion - ); - HRESULT hr = S_OK; - __x_ABI_CWindows_CData_CXml_CDom_CIXmlDocument* inputXml = NULL; - hr = String2IXMLDocument( - buffer, - wcslen(buffer), - &inputXml, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - hr = ShowToastMessage( - inputXml, - APPID, - sizeof(APPID) / sizeof(TCHAR) - 1, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - char explorer_sb_exe[MAX_PATH]; - ZeroMemory( - explorer_sb_exe, - (MAX_PATH) * sizeof(char) - ); - GetWindowsDirectoryA( - explorer_sb_exe, - MAX_PATH - ); - strcat_s( - explorer_sb_exe, - MAX_PATH, - "\\" - ); - strcat_s( - explorer_sb_exe, - MAX_PATH, - EXPLORER_SB_NAME - ); - strcat_s( - explorer_sb_exe, - MAX_PATH, - ".exe" - ); - printf("Downloading symbols for %s.\n", explorer_sb_exe); - if (VnDownloadSymbols( - NULL, - explorer_sb_exe, - szSettingsPath, - MAX_PATH - )) + printf("Symbols have to be (re)downloaded...\n"); + CreateThread(0, 0, DownloadSymbols, wszSettingsPath, 0, 0); + return 0; + } + else + { + printf("Loaded symbols\n"); + } + + + HANDLE hExplorer = GetModuleHandle(NULL); + CTray_HandleGlobalHotkeyFunc = (INT64(*)(void*, unsigned int, unsigned int)) + ((uintptr_t)hExplorer + symbols_PTRS.explorer_PTRS[0]); + rv = funchook_prepare( + funchook, + (void**)&CTray_HandleGlobalHotkeyFunc, + CTray_HandleGlobalHotkeyHook + ); + if (rv != 0) + { + FreeLibraryAndExitThread(hModule, rv); + return rv; + } + CTray_v_WndProcFunc = (INT64(*)(void*, HWND, UINT, WPARAM, LPARAM)) + ((uintptr_t)hExplorer + symbols_PTRS.explorer_PTRS[1]); + /*rv = funchook_prepare( + funchook, + (void**)&CTray_v_WndProcFunc, + CTray_v_WndProcHook + ); + if (rv != 0) + { + FreeLibraryAndExitThread(hModule, rv); + return rv; + }*/ + CTray__FireDesktopSwitchIfReadyFunc = (INT64(*)(HWND, int)) + ((uintptr_t)hExplorer + symbols_PTRS.explorer_PTRS[2]); + printf("Setup explorer functions done\n"); + const char szPayload0[6] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }; + const char szPayload1[2] = { 0x90, 0xE9 }; + UINT start = VnGetUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_OFFSET), + 0, + wszSettingsPath + ); + UINT ok = VnGetUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_OFFSET_OK), + 0, + wszSettingsPath + ); + UINT strat = VnGetUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_OFFSET_STRAT), + 0, + wszSettingsPath + ); + uintptr_t dwInjectedAddr = (uintptr_t)hExplorer; + DWORD dwOldValue = 0, dwNumberOfBytes = 0; + if (ok) + { + dwInjectedAddr += symbols_PTRS.explorer_PTRS[3] + start; + if (strat == 0) { - FreeLibraryAndExitThread( - hModule, - 2 + printf("Results: %d (%d) ", VirtualProtect( + (LPVOID)dwInjectedAddr, + sizeof(szPayload0), + PAGE_EXECUTE_READWRITE, + &dwOldValue + ), GetLastError()); + memcpy( + (LPVOID)dwInjectedAddr, + szPayload0, + sizeof(szPayload0) ); - return 2; + printf("Results: %d (%d) ", VirtualProtect( + (LPVOID)dwInjectedAddr, + sizeof(szPayload0), + dwOldValue, + (PDWORD)(&dwNumberOfBytes) + ), GetLastError()); + printf("when altering taskbar code path using strat 1.\n"); } - printf("Reading symbols.\n"); - if (VnGetSymbols( - szSettingsPath, - symbols_PTRS.explorer_PTRS, - explorer_SN, - EXPLORER_SB_CNT - )) + else if (strat == 1) { - FreeLibraryAndExitThread( - hModule, - 3 + printf("Results: %d (%d) ", VirtualProtect( + (LPVOID)dwInjectedAddr, + sizeof(szPayload1), + PAGE_EXECUTE_READWRITE, + &dwOldValue + ), GetLastError()); + memcpy( + (LPVOID)dwInjectedAddr, + szPayload1, + sizeof(szPayload1) ); - return 3; + printf("%d (%d) ", VirtualProtect( + (LPVOID)dwInjectedAddr, + sizeof(szPayload1), + dwOldValue, + (PDWORD)(&dwNumberOfBytes) + ), GetLastError()); + printf("when altering taskbar code path using strat 1.\n"); } - VnWriteUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_SB_0), - symbols_PTRS.explorer_PTRS[0], - wszSettingsPath - ); - VnWriteUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_SB_1), - symbols_PTRS.explorer_PTRS[1], - wszSettingsPath - ); - VnWriteUInt( + } + else + { + UINT dirty = VnGetUInt( TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_SB_2), - symbols_PTRS.explorer_PTRS[2], + TEXT(EXPLORER_PATCH_DIRTY), + 0, wszSettingsPath ); - - char twinui_pcshell_sb_dll[MAX_PATH]; - ZeroMemory( - twinui_pcshell_sb_dll, - (MAX_PATH) * sizeof(char) - ); - GetSystemDirectoryA( - twinui_pcshell_sb_dll, - MAX_PATH - ); - strcat_s( - twinui_pcshell_sb_dll, - MAX_PATH, - "\\" - ); - strcat_s( - twinui_pcshell_sb_dll, - MAX_PATH, - TWINUI_PCSHELL_SB_NAME - ); - strcat_s( - twinui_pcshell_sb_dll, - MAX_PATH, - ".dll" - ); - printf("Downloading symbols for %s.\n", twinui_pcshell_sb_dll); - if (VnDownloadSymbols( - NULL, - twinui_pcshell_sb_dll, - szSettingsPath, - MAX_PATH - )) - { - FreeLibraryAndExitThread( - hModule, - 4 - ); - return 4; - } - printf("Reading symbols.\n"); - if (VnGetSymbols( - szSettingsPath, - symbols_PTRS.twinui_pcshell_PTRS, - twinui_pcshell_SN, - TWINUI_PCSHELL_SB_CNT - )) + if (dirty) { - FreeLibraryAndExitThread( - hModule, - 5 + FreeConsole(); + TerminateProcess( + OpenProcess( + PROCESS_TERMINATE, + FALSE, + GetCurrentProcessId() + ), + EXIT_CODE_EXPLORER ); - return 5; } - VnWriteUInt( - TEXT(TWINUI_PCSHELL_SB_NAME), - TEXT(TWINUI_PCSHELL_SB_0), - symbols_PTRS.twinui_pcshell_PTRS[0], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_PCSHELL_SB_NAME), - TEXT(TWINUI_PCSHELL_SB_1), - symbols_PTRS.twinui_pcshell_PTRS[1], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_PCSHELL_SB_NAME), - TEXT(TWINUI_PCSHELL_SB_2), - symbols_PTRS.twinui_pcshell_PTRS[2], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_PCSHELL_SB_NAME), - TEXT(TWINUI_PCSHELL_SB_3), - symbols_PTRS.twinui_pcshell_PTRS[3], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_PCSHELL_SB_NAME), - TEXT(TWINUI_PCSHELL_SB_4), - symbols_PTRS.twinui_pcshell_PTRS[4], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_PCSHELL_SB_NAME), - TEXT(TWINUI_PCSHELL_SB_5), - symbols_PTRS.twinui_pcshell_PTRS[5], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_PCSHELL_SB_NAME), - TEXT(TWINUI_PCSHELL_SB_6), - symbols_PTRS.twinui_pcshell_PTRS[6], - wszSettingsPath - ); - char twinui_sb_dll[MAX_PATH]; - ZeroMemory( - twinui_sb_dll, - (MAX_PATH) * sizeof(char) + uintptr_t CTray_Init = dwInjectedAddr + (uintptr_t)symbols_PTRS.explorer_PTRS[3]; + char m[BYTES_TO_DISASSEMBLE]; + VirtualProtect( + (LPVOID)CTray_Init, + BYTES_TO_DISASSEMBLE, + PAGE_EXECUTE_READ, + &dwOldValue ); - GetSystemDirectoryA( - twinui_sb_dll, - MAX_PATH + memcpy( + m, + (LPVOID)CTray_Init, + BYTES_TO_DISASSEMBLE ); - strcat_s( - twinui_sb_dll, - MAX_PATH, - "\\" + VirtualProtect( + (LPVOID)CTray_Init, + BYTES_TO_DISASSEMBLE, + dwOldValue, + (PDWORD)(&dwNumberOfBytes) ); - strcat_s( - twinui_sb_dll, - MAX_PATH, - TWINUI_SB_NAME - ); - strcat_s( - twinui_sb_dll, - MAX_PATH, - ".dll" + printf("Copied %d bytes to disassemble.\n", BYTES_TO_DISASSEMBLE); + _DecodedInst decodedInstructions[1000]; + UINT decodedInstructionsCount = 0; + _DecodeResult res = distorm_decode( + 0, + (const unsigned char*)m, + BYTES_TO_DISASSEMBLE, + Decode64Bits, + decodedInstructions, + 1000, + &decodedInstructionsCount ); - printf("Downloading symbols for %s.\n", twinui_sb_dll); - if (VnDownloadSymbols( - NULL, - twinui_sb_dll, - szSettingsPath, - MAX_PATH - )) + printf("Disassembled bytes.\n"); + BOOL found = FALSE; + for (UINT i = 0; i < decodedInstructionsCount; ++i) { - FreeLibraryAndExitThread( - hModule, - 6 - ); - return 6; + if ((!strcmp(decodedInstructions[i].mnemonic.p, "JZ") || + !strcmp(decodedInstructions[i].mnemonic.p, "JNZ")) && + decodedInstructions[i].offset > start) + { + found = TRUE; + start = decodedInstructions[i].offset; + printf("Attempting offset %lld with strat %lld...\n", decodedInstructions[i].offset, strat); + if (strat == 0) + { + memcpy( + m + start, + szPayload0, + sizeof(szPayload0) + ); + } + else if (strat == 1) + { + memcpy( + m + start, + szPayload1, + sizeof(szPayload1) + ); + } + break; + } } - printf("Reading symbols.\n"); - if (VnGetSymbols( - szSettingsPath, - symbols_PTRS.twinui_PTRS, - twinui_SN, - TWINUI_SB_CNT - )) + if (!found) { - FreeLibraryAndExitThread( - hModule, - 7 - ); - return 7; + start = 0; + strat++; } - VnWriteUInt( - TEXT(TWINUI_SB_NAME), - TEXT(TWINUI_SB_0), - symbols_PTRS.twinui_PTRS[0], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_SB_NAME), - TEXT(TWINUI_SB_1), - symbols_PTRS.twinui_PTRS[1], - wszSettingsPath - ); - VnWriteUInt( - TEXT(TWINUI_SB_NAME), - TEXT(TWINUI_SB_2), - symbols_PTRS.twinui_PTRS[2], - wszSettingsPath - ); - - char stobject_sb_dll[MAX_PATH]; - ZeroMemory( - stobject_sb_dll, - (MAX_PATH) * sizeof(char) - ); - GetSystemDirectoryA( - stobject_sb_dll, - MAX_PATH - ); - strcat_s( - stobject_sb_dll, - MAX_PATH, - "\\" - ); - strcat_s( - stobject_sb_dll, - MAX_PATH, - STOBJECT_SB_NAME - ); - strcat_s( - stobject_sb_dll, - MAX_PATH, - ".dll" +#ifdef DEBUG + /*res = distorm_decode( + 0, + (const unsigned char*)m, + BYTES_TO_DISASSEMBLE, + Decode64Bits, + decodedInstructions, + 1000, + &decodedInstructionsCount ); - printf("Downloading symbols for %s.\n", stobject_sb_dll); - if (VnDownloadSymbols( - NULL, - stobject_sb_dll, - szSettingsPath, - MAX_PATH - )) + for (UINT i = 0; i < decodedInstructionsCount; ++i) { - FreeLibraryAndExitThread( - hModule, - 6 + printf( + "0x%p\t%s\t%s\n", + decodedInstructions[i].offset, + decodedInstructions[i].mnemonic.p, + decodedInstructions[i].instructionHex.p ); - return 6; - } - printf("Reading symbols.\n"); - if (VnGetSymbols( - szSettingsPath, - symbols_PTRS.stobject_PTRS, - stobject_SN, - STOBJECT_SB_CNT - )) - { - FreeLibraryAndExitThread( - hModule, - 7 - ); - return 7; - } - VnWriteUInt( - TEXT(STOBJECT_SB_NAME), - TEXT(STOBJECT_SB_0), - symbols_PTRS.stobject_PTRS[0], - wszSettingsPath - ); - VnWriteUInt( - TEXT(STOBJECT_SB_NAME), - TEXT(STOBJECT_SB_1), - symbols_PTRS.stobject_PTRS[1], - wszSettingsPath - ); - - char windowsuifileexplorer_sb_dll[MAX_PATH]; - ZeroMemory( - windowsuifileexplorer_sb_dll, - (MAX_PATH) * sizeof(char) - ); - GetSystemDirectoryA( - windowsuifileexplorer_sb_dll, - MAX_PATH + }*/ +#endif + VirtualProtect( + (LPVOID)CTray_Init, + BYTES_TO_DISASSEMBLE, + PAGE_EXECUTE_READWRITE, + &dwOldValue ); - strcat_s( - windowsuifileexplorer_sb_dll, - MAX_PATH, - "\\" + memcpy( + (LPVOID)CTray_Init, + m, + BYTES_TO_DISASSEMBLE ); - strcat_s( - windowsuifileexplorer_sb_dll, - MAX_PATH, - WINDOWSUIFILEEXPLORER_SB_NAME + VirtualProtect( + (LPVOID)CTray_Init, + BYTES_TO_DISASSEMBLE, + dwOldValue, + (PDWORD)(&dwNumberOfBytes) ); - strcat_s( - windowsuifileexplorer_sb_dll, - MAX_PATH, - ".dll" + UINT new_ok = VnGetUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_OFFSET_OK), + 0, + wszSettingsPath ); - printf("Downloading symbols for %s.\n", windowsuifileexplorer_sb_dll); - if (VnDownloadSymbols( - NULL, - windowsuifileexplorer_sb_dll, - szSettingsPath, - MAX_PATH - )) + if (!new_ok) { - FreeLibraryAndExitThread( - hModule, - 6 + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_OFFSET), + start, + wszSettingsPath ); - return 6; - } - printf("Reading symbols.\n"); - if (VnGetSymbols( - szSettingsPath, - symbols_PTRS.windowsuifileexplorer_PTRS, - windowsuifileexplorer_SN, - WINDOWSUIFILEEXPLORER_SB_CNT - )) - { - FreeLibraryAndExitThread( - hModule, - 7 + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_OFFSET_STRAT), + strat, + wszSettingsPath ); - return 7; } - VnWriteUInt( - TEXT(WINDOWSUIFILEEXPLORER_SB_NAME), - TEXT(WINDOWSUIFILEEXPLORER_SB_0), - symbols_PTRS.windowsuifileexplorer_PTRS[0], - wszSettingsPath + TCHAR wszExplorerPath[MAX_PATH + 1]; + wszExplorerPath[0] = L'\"'; + GetSystemDirectory(wszExplorerPath + 1, MAX_PATH); + wcscat_s(wszExplorerPath, MAX_PATH + 1, L"\\rundll32.exe\" \""); + GetModuleFileName(hModule, wszExplorerPath + wcslen(wszExplorerPath), MAX_PATH - wcslen(wszExplorerPath)); + wcscat_s(wszExplorerPath, MAX_PATH, L"\",ZZLaunchExplorerDelayed"); + wprintf(L"Command to launch: \" %s \"\n.", wszExplorerPath); + STARTUPINFO si = { sizeof(si) }; + PROCESS_INFORMATION pi; + BOOL b = CreateProcess( + NULL, + wszExplorerPath, + NULL, + NULL, + TRUE, + CREATE_UNICODE_ENVIRONMENT, + NULL, + NULL, + &si, + &pi ); - - VnWriteString( - TEXT("OS"), - TEXT("Build"), - szReportedVersion, + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_DIRTY), + 1, wszSettingsPath ); - - __x_ABI_CWindows_CData_CXml_CDom_CIXmlDocument* inputXml2 = NULL; - hr = String2IXMLDocument( - DownloadOKXML, - wcslen(DownloadOKXML), - &inputXml2, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - hr = ShowToastMessage( - inputXml2, - APPID, - sizeof(APPID) / sizeof(TCHAR) - 1, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - } - - - - - HANDLE hExplorer = GetModuleHandle(NULL); - CTray_HandleGlobalHotkeyFunc = (INT64(*)(void*, unsigned int, unsigned int)) - ((uintptr_t)hExplorer + symbols_PTRS.explorer_PTRS[0]); - rv = funchook_prepare( - funchook, - (void**)&CTray_HandleGlobalHotkeyFunc, - CTray_HandleGlobalHotkeyHook - ); - if (rv != 0) - { - FreeLibraryAndExitThread(hModule, rv); - return rv; + FreeConsole(); + CreateThread(0, 0, DetermineInjectionSuccess, wszSettingsPath, 0, 0); + return 0; } - CTray_v_WndProcFunc = (INT64(*)(void*, HWND, UINT, WPARAM, LPARAM)) - ((uintptr_t)hExplorer + symbols_PTRS.explorer_PTRS[1]); - /*rv = funchook_prepare( - funchook, - (void**)&CTray_v_WndProcFunc, - CTray_v_WndProcHook - ); - if (rv != 0) - { - FreeLibraryAndExitThread(hModule, rv); - return rv; - }*/ - CTray__FireDesktopSwitchIfReadyFunc = (INT64(*)(HWND, int)) - ((uintptr_t)hExplorer + symbols_PTRS.explorer_PTRS[2]); + LoadLibraryW(L"user32.dll"); HANDLE hUser32 = GetModuleHandle(L"user32.dll"); - if (hUser32) CreateWindowInBand = GetProcAddress(hUser32, "CreateWindowInBand"); + printf("Setup user32 functions done\n"); - LoadLibrary("twinui.pcshell.dll"); + LoadLibraryW(L"twinui.pcshell.dll"); HANDLE hTwinuiPcshell = GetModuleHandle(L"twinui.pcshell.dll"); CImmersiveContextMenuOwnerDrawHelper_s_ContextMenuWndProcFunc = (INT64(*)(HWND, int, HWND, int, BOOL*)) @@ -2176,9 +2657,10 @@ __declspec(dllexport) DWORD WINAPI main( FreeLibraryAndExitThread(hModule, rv); return rv; } + printf("Setup twinui.pcshell functions done\n"); - LoadLibrary(L"twinui.dll"); + LoadLibraryW(L"twinui.dll"); HANDLE hTwinui = GetModuleHandle(L"twinui.dll"); CImmersiveHotkeyNotification_GetMonitorForHotkeyNotificationFunc = (INT64(*)(void*, void**, HWND*)) @@ -2199,10 +2681,11 @@ __declspec(dllexport) DWORD WINAPI main( FreeLibraryAndExitThread(hModule, rv); return rv; } + printf("Setup twinui functions done\n"); - LoadLibrary(L"stobject.dll"); + LoadLibraryW(L"stobject.dll"); HANDLE hStobject = GetModuleHandle(L"stobject.dll"); SysTrayWndProcFunc = (INT64(*)(HWND, UINT, WPARAM, LPARAM)) ((uintptr_t)hStobject + symbols_PTRS.stobject_PTRS[0]); @@ -2227,20 +2710,21 @@ __declspec(dllexport) DWORD WINAPI main( FreeLibraryAndExitThread(hModule, rv); return rv; } + printf("Setup stobject functions done\n"); - LoadLibrary(L"Windows.UI.FileExplorer.dll"); + LoadLibraryW(L"Windows.UI.FileExplorer.dll"); HANDLE hWindowsUIFileExplorer = GetModuleHandle(L"Windows.UI.FileExplorer.dll"); ContextMenuPresenter_DoContextMenuFunc = (char(*)(void*)) ((uintptr_t)hWindowsUIFileExplorer + symbols_PTRS.windowsuifileexplorer_PTRS[0]); - UINT archive_plugin = VnGetUInt( - L"ArchiveMenu", - L"Enabled", + UINT bAllowImmersiveContextMenus = VnGetUInt( + L"General", + L"AllowImmersiveContextMenus", 0, wszSettingsPath ); - if (archive_plugin) + if (!bAllowImmersiveContextMenus) { rv = funchook_prepare( funchook, @@ -2253,6 +2737,7 @@ __declspec(dllexport) DWORD WINAPI main( return rv; } } + printf("Setup Windows.UI.FileExplorer functions done\n"); @@ -2262,17 +2747,68 @@ __declspec(dllexport) DWORD WINAPI main( FreeLibraryAndExitThread(hModule, rv); return rv; } + printf("Installed hooks.\n"); + + + + HANDLE hEvent = CreateEventEx( + 0, + L"ShellDesktopSwitchEvent", + CREATE_EVENT_MANUAL_RESET, + EVENT_ALL_ACCESS + ); + ResetEvent(hEvent); + printf("Created ShellDesktopSwitchEvent event.\n"); + + + CreateThread( + 0, + 0, + PlayStartupSound, + 0, + 0, + 0 + ); + printf("Play startup sound thread...\n"); + - UINT archive_plugin = VnGetUInt( + CreateThread( + 0, + 0, + SignalShellReady, + 0, + 0, + 0 + ); + printf("Signal shell ready...\n"); + + + + + CreateThread( + 0, + 0, + OpenStartOnCurentMonitorThread, + 0, + 0, + 0 + ); + printf("Open Start on monitor thread\n"); + + + + + + UINT bEnableArchivePlugin = VnGetUInt( L"ArchiveMenu", L"Enabled", 0, wszSettingsPath ); - if (archive_plugin) + if (bEnableArchivePlugin) { CreateThread( 0, @@ -2306,6 +2842,166 @@ __declspec(dllexport) DWORD WINAPI main( return 0; } +__declspec(dllexport) CALLBACK ZZLaunchExplorer(HWND hWnd, HINSTANCE hInstance, LPSTR lpszCmdLine, int nCmdShow) +{ + Sleep(100); + TCHAR* wszSettingsPath = malloc((MAX_PATH + 1) * sizeof(TCHAR)); + if (!wszSettingsPath) + { + return 0; + } + ZeroMemory( + wszSettingsPath, + (MAX_PATH + 1) * sizeof(TCHAR) + ); + SHGetFolderPathW( + NULL, + CSIDL_APPDATA, + NULL, + SHGFP_TYPE_CURRENT, + wszSettingsPath + ); + wcscat_s( + wszSettingsPath, + MAX_PATH, + TEXT(SYMBOLS_RELATIVE_PATH) + ); + VnWriteUInt( + TEXT(EXPLORER_SB_NAME), + TEXT(EXPLORER_PATCH_DIRTY), + 0, + wszSettingsPath + ); + TCHAR wszExplorerPath[MAX_PATH + 1]; + GetWindowsDirectory(wszExplorerPath, MAX_PATH + 1); + wcscat_s(wszExplorerPath, MAX_PATH + 1, L"\\explorer.exe"); + STARTUPINFO si = { sizeof(si) }; + PROCESS_INFORMATION pi; + BOOL b = CreateProcess( + NULL, + wszExplorerPath, + NULL, + NULL, + TRUE, + CREATE_UNICODE_ENVIRONMENT, + NULL, + NULL, + &si, + &pi + ); + FreeConsole(); + TerminateProcess( + OpenProcess( + PROCESS_TERMINATE, + FALSE, + GetCurrentProcessId() + ), + 0 + ); +} + +__declspec(dllexport) CALLBACK ZZLaunchExplorerDelayed(HWND hWnd, HINSTANCE hInstance, LPSTR lpszCmdLine, int nCmdShow) +{ + Sleep(5000); + ZZLaunchExplorer(hWnd, hInstance, lpszCmdLine, nCmdShow); +} + +static HRESULT(*ApplyCompatResolutionQuirkingFunc)(void*, void*); +__declspec(dllexport) HRESULT ApplyCompatResolutionQuirking(void* p1, void* p2) +{ + return ApplyCompatResolutionQuirkingFunc(p1, p2); +} +static HRESULT(*CompatStringFunc)(void*, void*, void*, BOOL); +__declspec(dllexport) HRESULT CompatString(void* p1, void* p2, void* p3, BOOL p4) +{ + return CompatStringFunc(p1, p2, p3, p4); +} +static HRESULT(*CompatValueFunc)(void*, void*); +__declspec(dllexport) HRESULT CompatValue(void* p1, void* p2) +{ + return CompatValueFunc(p1, p2); +} +static HRESULT(*CreateDXGIFactoryFunc)(void*, void**); +__declspec(dllexport) HRESULT CreateDXGIFactory(void* p1, void** p2) +{ + return CreateDXGIFactoryFunc(p1, p2); +} +static HRESULT(*CreateDXGIFactory1Func)(void*, void**); +__declspec(dllexport) HRESULT CreateDXGIFactory1(void* p1, void** p2) +{ + return CreateDXGIFactory1Func(p1, p2); +} +static HRESULT(*CreateDXGIFactory2Func)(UINT, void*, void**); +__declspec(dllexport) HRESULT CreateDXGIFactory2(UINT p1, void* p2, void** p3) +{ + return CreateDXGIFactory2Func(p1, p2, p3); +} +static HRESULT(*DXGID3D10CreateDeviceFunc)(); +__declspec(dllexport) HRESULT DXGID3D10CreateDevice() { + return DXGID3D10CreateDeviceFunc(); +} +static HRESULT(*DXGID3D10CreateLayeredDeviceFunc)(); +__declspec(dllexport) HRESULT DXGID3D10CreateLayeredDevice() +{ + return DXGID3D10CreateLayeredDeviceFunc(); +} +static HRESULT(*DXGID3D10GetLayeredDeviceSizeFunc)(); +__declspec(dllexport) HRESULT DXGID3D10GetLayeredDeviceSize() +{ + return DXGID3D10GetLayeredDeviceSizeFunc(); +} +static HRESULT(*DXGID3D10RegisterLayersFunc)(); +__declspec(dllexport) HRESULT DXGID3D10RegisterLayers() +{ + return DXGID3D10RegisterLayersFunc(); +} +static HRESULT(*DXGIDeclareAdapterRemovalSupportFunc)(); +__declspec(dllexport) HRESULT DXGIDeclareAdapterRemovalSupport() +{ + return DXGIDeclareAdapterRemovalSupportFunc(); +} +static HRESULT(*DXGIDumpJournalFunc)(void*); +__declspec(dllexport) HRESULT DXGIDumpJournal(void* p1) +{ + return DXGIDumpJournalFunc(p1); +} +static HRESULT(*DXGIGetDebugInterface1Func)(UINT, void*, void**); +__declspec(dllexport) HRESULT DXGIGetDebugInterface1(UINT p1, void* p2, void* p3) +{ + return DXGIGetDebugInterface1Func(p1, p2, p3); +} +static HRESULT(*DXGIReportAdapterConfigurationFunc)(); +__declspec(dllexport) HRESULT DXGIReportAdapterConfiguration(void* p1) +{ + return DXGIReportAdapterConfigurationFunc(p1); +} +static HRESULT(*PIXBeginCaptureFunc)(INT64, void*); +__declspec(dllexport) HRESULT PIXBeginCapture(INT64 p1, void* p2) +{ + return PIXBeginCaptureFunc(p1, p2); +} +static HRESULT(*PIXEndCaptureFunc)(); +__declspec(dllexport) HRESULT PIXEndCapture() +{ + return PIXEndCaptureFunc(); +} +static HRESULT(*PIXGetCaptureStateFunc)(); +__declspec(dllexport) HRESULT PIXGetCaptureState() +{ + return PIXGetCaptureState(); +} +static HRESULT(*SetAppCompatStringPointerFunc)(SIZE_T, void*); +__declspec(dllexport) HRESULT SetAppCompatStringPointer(SIZE_T p1, void* p2) +{ + return SetAppCompatStringPointerFunc(p1, p2); +} +static HRESULT(*UpdateHMDEmulationStatusFunc)(char); +__declspec(dllexport) HRESULT UpdateHMDEmulationStatus(char p1) +{ + return UpdateHMDEmulationStatusFunc(p1); +} + + BOOL WINAPI DllMain( _In_ HINSTANCE hinstDLL, _In_ DWORD fdwReason, @@ -2317,6 +3013,47 @@ BOOL WINAPI DllMain( case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls(hinstDLL); hModule = hinstDLL; + TCHAR exeName[MAX_PATH + 1]; + GetProcessImageFileNameW( + OpenProcess( + PROCESS_QUERY_INFORMATION, + FALSE, + GetCurrentProcessId() + ), + exeName, + MAX_PATH + ); + PathStripPath(exeName); + if (!wcscmp(exeName, L"rundll32.exe")) + { + break; + } + TCHAR wszSystemPath[MAX_PATH + 1]; + GetSystemDirectory(wszSystemPath, MAX_PATH + 1); + wcscat_s(wszSystemPath, MAX_PATH + 1, L"\\dxgi.dll"); + HMODULE hModule = LoadLibraryW(wszSystemPath); +#pragma warning(disable : 6387) + ApplyCompatResolutionQuirkingFunc = GetProcAddress(hModule, "ApplyCompatResolutionQuirking"); + CompatStringFunc = GetProcAddress(hModule, "CompatString"); + CompatValueFunc = GetProcAddress(hModule, "CompatValue"); + CreateDXGIFactoryFunc = GetProcAddress(hModule, "CreateDXGIFactory"); + CreateDXGIFactory1Func = GetProcAddress(hModule, "CreateDXGIFactory1"); + CreateDXGIFactory2Func = GetProcAddress(hModule, "CreateDXGIFactory2"); + DXGID3D10CreateDeviceFunc = GetProcAddress(hModule, "DXGID3D10CreateDevice"); + DXGID3D10CreateLayeredDeviceFunc = GetProcAddress(hModule, "DXGID3D10CreateLayeredDevice"); + DXGID3D10GetLayeredDeviceSizeFunc = GetProcAddress(hModule, "DXGID3D10GetLayeredDeviceSize"); + DXGID3D10RegisterLayersFunc = GetProcAddress(hModule, "DXGID3D10RegisterLayers"); + DXGIDeclareAdapterRemovalSupportFunc = GetProcAddress(hModule, "DXGIDeclareAdapterRemovalSupport"); + DXGIDumpJournalFunc = GetProcAddress(hModule, "DXGIDumpJournal"); + DXGIGetDebugInterface1Func = GetProcAddress(hModule, "DXGIGetDebugInterface1"); + DXGIReportAdapterConfigurationFunc = GetProcAddress(hModule, "DXGIReportAdapterConfiguration"); + PIXBeginCaptureFunc = GetProcAddress(hModule, "PIXBeginCapture"); + PIXEndCaptureFunc = GetProcAddress(hModule, "PIXEndCapture"); + PIXGetCaptureStateFunc = GetProcAddress(hModule, "PIXGetCaptureState"); + SetAppCompatStringPointerFunc = GetProcAddress(hModule, "SetAppCompatStringPointer"); + UpdateHMDEmulationStatusFunc = GetProcAddress(hModule, "UpdateHMDEmulationStatus"); + main(0); +#pragma warning(default : 6387) break; case DLL_THREAD_ATTACH: break; diff --git a/ExplorerPatcher/main.c b/ExplorerPatcher/main.c deleted file mode 100644 index 5dd632e..0000000 --- a/ExplorerPatcher/main.c +++ /dev/null @@ -1,1063 +0,0 @@ -#pragma comment(linker,"\"/manifestdependency:type='win32' \ -name='Microsoft.Windows.Common-Controls' version='6.0.0.0' \ -processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"") -#include -#include -#include -#include -#include -#include -#pragma comment(lib, "Shlwapi.lib") - -#include -#include -#define _LIBVALINET_INCLUDE_UNIVERSAL -#include - -#include -#define BYTES_TO_DISASSEMBLE 1000 -#define APPID L"Microsoft.Windows.Explorer" -#define SYMBOLS_RELATIVE_PATH "\\settings.ini" -#define EXPLORER_SB_NAME "explorer" -#define EXPLORER_SB_0 "CTray::Init" -#define EXPLORER_SB_CNT 1 -#define EXPLORER_PATCH_OFFSET "Offset" -#define EXPLORER_PATCH_OFFSET_OK "OffsetOK" -#define EXPLORER_PATCH_OFFSET_STRAT "OffsetStrat" -const char* explorer_SN[EXPLORER_SB_CNT] = { - EXPLORER_SB_0 -}; -#pragma pack(push, 1) -typedef struct symbols_addr -{ - DWORD explorer_PTRS[EXPLORER_SB_CNT]; -} symbols_addr; -#pragma pack(pop) - -wchar_t InstallOK[] = -L"\r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n"; - -wchar_t UninstallOK[] = -L"\r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n" -L" \r\n"; - -typedef LONG NTSTATUS, * PNTSTATUS; -#define STATUS_SUCCESS (0x00000000) - -typedef NTSTATUS(WINAPI* RtlGetVersionPtr)(PRTL_OSVERSIONINFOW); - -BOOL GetOSVersion(PRTL_OSVERSIONINFOW lpRovi) -{ - HMODULE hMod = GetModuleHandleW(L"ntdll.dll"); - if (hMod != NULL) - { - RtlGetVersionPtr fxPtr = (RtlGetVersionPtr)GetProcAddress( - hMod, - "RtlGetVersion" - ); - if (fxPtr != NULL) - { - lpRovi->dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOW); - if (STATUS_SUCCESS == fxPtr(lpRovi)) - { - return TRUE; - } - } - } - return FALSE; -} - -#define DEBUG -#undef DEBUG - -#define CLASS_NAME TEXT("ExplorerPatcher") -#define APP_NAME TEXT("Windows Explorer") -#define NOP 0x90 -#define PATCH_OFFSET 0 //0x8cb33 -#define DELAY 5000 - -HANDLE hProcess = NULL; -HMODULE hMod = NULL; -LPVOID hInjection = NULL; -HWND hWnd = NULL; - -DWORD KillAfter(INT64 timeout) -{ - Sleep(timeout); - TerminateProcess(GetCurrentProcess(), 0); - return 0; -} - -LRESULT CALLBACK WindowProc( - HWND hWnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam -) -{ - switch (uMsg) - { - case WM_APP_CRASHED: - { - TerminateProcess(GetCurrentProcess(), 0); - } - } - return VnWindowProc( - hWnd, - uMsg, - wParam, - lParam - ); -} - -// https://stackoverflow.com/questions/8046097/how-to-check-if-a-process-has-the-administrative-rights -BOOL IsElevated() { - BOOL fRet = FALSE; - HANDLE hToken = NULL; - if (OpenProcessToken( - GetCurrentProcess(), - TOKEN_QUERY, - &hToken - )) - { - TOKEN_ELEVATION Elevation; - DWORD cbSize = sizeof(TOKEN_ELEVATION); - if (GetTokenInformation( - hToken, - TokenElevation, - &Elevation, - sizeof(Elevation), - &cbSize - )) { - fRet = Elevation.TokenIsElevated; - } - } - if (hToken) { - CloseHandle(hToken); - } - return fRet; -} - -int install_uninstall() -{ - TCHAR buffer[200], szFileName[MAX_PATH], szReadName[MAX_PATH] = { 0 }; - HKEY hKey; - DWORD dwReadBytes; - - if (IsElevated()) - { - dwReadBytes = MAX_PATH; - GetModuleFileName(NULL, szFileName, MAX_PATH); - if (RegOpenKeyEx( - HKEY_LOCAL_MACHINE, - TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"), - 0, - KEY_READ | KEY_SET_VALUE, - &hKey - ) != ERROR_SUCCESS) - { - goto error_setup; - } - RegGetValue( - hKey, - NULL, - TEXT("Taskman"), - RRF_RT_REG_SZ, - NULL, - szReadName, - (LPDWORD)(&dwReadBytes) - ); - if (!wcscmp(szFileName, szReadName)) - { - if (RegDeleteValue( - hKey, - TEXT("Taskman") - ) != ERROR_SUCCESS) - { - goto error_setup; - } - BOOL canShowToast = FALSE; - PROCESSENTRY32 pe32 = { 0 }; - pe32.dwSize = sizeof(PROCESSENTRY32); - HANDLE hSnapshot = CreateToolhelp32Snapshot( - TH32CS_SNAPPROCESS, - 0 - ); - if (Process32First(hSnapshot, &pe32) == TRUE) - { - do - { - if (!wcscmp(pe32.szExeFile, TEXT("explorer.exe"))) - { - canShowToast = TRUE; - break; - } - } while (Process32Next(hSnapshot, &pe32) == TRUE); - } - CloseHandle(hSnapshot); - if (!canShowToast) - { - MessageBox( - 0, - TEXT("Uninstall successful."), - APP_NAME, - MB_ICONINFORMATION - ); - } - else - { - __x_ABI_CWindows_CData_CXml_CDom_CIXmlDocument* inputXml2 = NULL; - HRESULT hr = String2IXMLDocument( - UninstallOK, - wcslen(UninstallOK), - &inputXml2, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - hr = ShowToastMessage( - inputXml2, - APPID, - sizeof(APPID) / sizeof(TCHAR) - 1, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - } - } - else - { - if (RegSetValueEx( - hKey, - TEXT("Taskman"), - 0, - REG_SZ, - (const BYTE*)szFileName, (DWORD)( -#ifdef UNICODE - wcslen(szFileName) -#else - strlen(szFileName) -#endif - * sizeof(TCHAR)) - ) != ERROR_SUCCESS) - { - goto error_setup; - } - BOOL canShowToast = FALSE; - PROCESSENTRY32 pe32 = { 0 }; - pe32.dwSize = sizeof(PROCESSENTRY32); - HANDLE hSnapshot = CreateToolhelp32Snapshot( - TH32CS_SNAPPROCESS, - 0 - ); - if (Process32First(hSnapshot, &pe32) == TRUE) - { - do - { - if (!wcscmp(pe32.szExeFile, TEXT("explorer.exe"))) - { - canShowToast = TRUE; - break; - } - } while (Process32Next(hSnapshot, &pe32) == TRUE); - } - CloseHandle(hSnapshot); - if (!canShowToast) - { - MessageBox( - 0, - TEXT("Installation was successful. Please sign out or restart") - TEXT("the computer for the changes to take effect."), - APP_NAME, - MB_ICONINFORMATION - ); - } - else - { - __x_ABI_CWindows_CData_CXml_CDom_CIXmlDocument* inputXml2 = NULL; - HRESULT hr = String2IXMLDocument( - InstallOK, - wcslen(InstallOK), - &inputXml2, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - hr = ShowToastMessage( - inputXml2, - APPID, - sizeof(APPID) / sizeof(TCHAR) - 1, -#ifdef DEBUG - stdout -#else - NULL -#endif - ); - Sleep(10000); - } - hSnapshot = CreateToolhelp32Snapshot( - TH32CS_SNAPPROCESS, - 0 - ); - if (Process32First(hSnapshot, &pe32) == TRUE) - { - do - { - if (!wcscmp(pe32.szExeFile, TEXT("sihost.exe"))) - { - HANDLE hSihost = OpenProcess( - PROCESS_TERMINATE, - FALSE, - pe32.th32ProcessID - ); - TerminateProcess(hSihost, 0); - CloseHandle(hSihost); - } - } while (Process32Next(hSnapshot, &pe32) == TRUE); - } - CloseHandle(hSnapshot); - TerminateProcess( - OpenProcess( - PROCESS_TERMINATE, - FALSE, - GetCurrentProcessId() - ), - 0 - ); - } - RegCloseKey(hKey); - return 1; - error_setup: - RegCloseKey(hKey); -#ifdef UNICODE - swprintf(buffer, 200, -#else - sprintf(buffer, -#endif - TEXT("An error occured when servicing the product (%d)."), GetLastError()); - MessageBox( - 0, - buffer, - APP_NAME, - MB_ICONERROR - ); - return -1; - } - else - { - return 0; - } -} - -int WINAPI wWinMain( - _In_ HINSTANCE hInstance, - _In_opt_ HINSTANCE hPrevInstance, - _In_ LPWSTR lpCmdLine, - _In_ int nShowCmd -) -{ - HANDLE hExplorer, hSnapshot; - DWORD dwExplorerPID = 0, dwOldValue; - SIZE_T dwNumberOfBytes; - uintptr_t dwInjectedAddr = 0; - const char szPayload0[6] = { NOP, NOP, NOP, NOP, NOP, NOP }; - const char szPayload1[2] = { NOP, 0xE9 }; - PROCESSENTRY32 pe32 = { 0 }; - MODULEENTRY32 me32 = { 0 }; - THREADENTRY32 th32 = { 0 }; - TCHAR szExplorerPath[MAX_PATH]; - FILE* conout; - TCHAR szLibPath[MAX_PATH]; - -#ifdef DEBUG - if (!AllocConsole()); - if (freopen_s( - &conout, - "CONOUT$", - "w", - stdout - )); -#endif - - if (install_uninstall()) - { - return 0; - } - - while (TRUE) - { - pe32.dwSize = sizeof(PROCESSENTRY32); - hSnapshot = CreateToolhelp32Snapshot( - TH32CS_SNAPPROCESS, - 0 - ); - if (Process32First(hSnapshot, &pe32) == TRUE) - { - do - { - if (pe32.th32ProcessID != GetCurrentProcessId() && - !wcscmp(pe32.szExeFile, TEXT("ExplorerPatcher.exe"))) - { - HANDLE hOwn = OpenProcess( - SYNCHRONIZE, - FALSE, - pe32.th32ProcessID - ); - WaitForSingleObject( - hOwn, - INFINITE - ); - } - } while (Process32Next(hSnapshot, &pe32) == TRUE); - } - if (Process32First(hSnapshot, &pe32) == TRUE) - { - do - { - if (!wcscmp(pe32.szExeFile, TEXT("explorer.exe"))) - { - dwExplorerPID = pe32.th32ProcessID; - DebugActiveProcess(dwExplorerPID); - break; - } - } while (Process32Next(hSnapshot, &pe32) == TRUE); - } - CloseHandle(hSnapshot); - if (!dwExplorerPID) - { - break; - } - - DWORD dwRet = 0; - char szSettingsPath[MAX_PATH]; - ZeroMemory( - szSettingsPath, - (MAX_PATH) * sizeof(char) - ); - TCHAR wszSettingsPath[MAX_PATH]; - ZeroMemory( - wszSettingsPath, - (MAX_PATH) * sizeof(TCHAR) - ); - GetModuleFileNameA( - hInstance, - szSettingsPath, - MAX_PATH - ); - PathRemoveFileSpecA(szSettingsPath); - strcat_s( - szSettingsPath, - MAX_PATH, - SYMBOLS_RELATIVE_PATH - ); - mbstowcs_s( - &dwRet, - wszSettingsPath, - MAX_PATH, - szSettingsPath, - MAX_PATH - ); - - symbols_addr symbols_PTRS; - ZeroMemory( - &symbols_PTRS, - sizeof(symbols_addr) - ); - symbols_PTRS.explorer_PTRS[0] = VnGetUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_SB_0), - 0, - wszSettingsPath - ); - - BOOL bNeedToDownload = FALSE; - for (UINT i = 0; i < sizeof(symbols_addr) / sizeof(DWORD); ++i) - { - if (!((DWORD*)&symbols_PTRS)[i]) - { - bNeedToDownload = TRUE; - } - } - // https://stackoverflow.com/questions/36543301/detecting-windows-10-version/36543774#36543774 - RTL_OSVERSIONINFOW rovi; - if (!GetOSVersion(&rovi)) - { - DebugActiveProcessStop(dwExplorerPID); - return 1; - } - // https://stackoverflow.com/questions/47926094/detecting-windows-10-os-build-minor-version - DWORD32 ubr = 0, ubr_size = sizeof(DWORD32); - HKEY hKey; - LONG lRes = RegOpenKeyExW( - HKEY_LOCAL_MACHINE, - wcschr( - wcschr( - wcschr( - UNIFIEDBUILDREVISION_KEY, - '\\' - ) + 1, - '\\' - ) + 1, - '\\' - ) + 1, - 0, - KEY_READ, - &hKey - ); - if (lRes == ERROR_SUCCESS) - { - RegQueryValueExW( - hKey, - UNIFIEDBUILDREVISION_VALUE, - 0, - NULL, - &ubr, - &ubr_size - ); - } - TCHAR szReportedVersion[MAX_PATH]; - ZeroMemory( - szReportedVersion, - (MAX_PATH) * sizeof(TCHAR) - ); - TCHAR szStoredVersion[MAX_PATH]; - ZeroMemory( - szStoredVersion, - (MAX_PATH) * sizeof(TCHAR) - ); - wsprintf( - szReportedVersion, - L"%d.%d.%d.%d", - rovi.dwMajorVersion, - rovi.dwMinorVersion, - rovi.dwBuildNumber, - ubr - ); - VnGetString( - TEXT("OS"), - TEXT("Build"), - szStoredVersion, - MAX_PATH, - MAX_PATH, - NULL, - wszSettingsPath - ); - if (!bNeedToDownload) - { - bNeedToDownload = wcscmp(szReportedVersion, szStoredVersion); - } - - if (bNeedToDownload) - { - DeleteFile(wszSettingsPath); - - char explorer_sb_dll[MAX_PATH]; - ZeroMemory( - explorer_sb_dll, - (MAX_PATH) * sizeof(char) - ); - GetWindowsDirectoryA( - explorer_sb_dll, - MAX_PATH - ); - strcat_s( - explorer_sb_dll, - MAX_PATH, - "\\" - ); - strcat_s( - explorer_sb_dll, - MAX_PATH, - EXPLORER_SB_NAME - ); - strcat_s( - explorer_sb_dll, - MAX_PATH, - ".exe" - ); - if (VnDownloadSymbols( - NULL, - explorer_sb_dll, - szSettingsPath, - MAX_PATH - )) - { - DebugActiveProcessStop(dwExplorerPID); - return 2; - } - if (VnGetSymbols( - szSettingsPath, - symbols_PTRS.explorer_PTRS, - explorer_SN, - EXPLORER_SB_CNT - )) - { - DebugActiveProcessStop(dwExplorerPID); - return 3; - } - VnWriteUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_SB_0), - symbols_PTRS.explorer_PTRS[0], - wszSettingsPath - ); - - VnWriteString( - TEXT("OS"), - TEXT("Build"), - szReportedVersion, - wszSettingsPath - ); - } - - if ((hExplorer = OpenProcess( - PROCESS_VM_READ | - PROCESS_VM_WRITE | - PROCESS_QUERY_INFORMATION | - PROCESS_VM_OPERATION | - SYNCHRONIZE, - FALSE, - dwExplorerPID - )) != NULL && GetModuleFileNameEx( - hExplorer, - NULL, - szExplorerPath, - sizeof(szExplorerPath) - )) - { - CharLower(szExplorerPath); - me32.dwSize = sizeof(MODULEENTRY32); - hSnapshot = CreateToolhelp32Snapshot( - TH32CS_SNAPMODULE, - dwExplorerPID - ); - if (Module32First(hSnapshot, &me32) == TRUE) - { - do - { - if (!wcscmp(CharLower(me32.szExePath), szExplorerPath)) - { - dwInjectedAddr = (uintptr_t)me32.modBaseAddr + PATCH_OFFSET; - break; - } - } while (Module32Next(hSnapshot, &me32) == TRUE); - } - CloseHandle(hSnapshot); - - uintptr_t start = VnGetUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_PATCH_OFFSET), - 0, - wszSettingsPath - ); - uintptr_t ok = VnGetUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_PATCH_OFFSET_OK), - 0, - wszSettingsPath - ); - uintptr_t strat = VnGetUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_PATCH_OFFSET_STRAT), - 0, - wszSettingsPath - ); - uintptr_t end = 0; - if (!ok) - { - uintptr_t CTray_Init = dwInjectedAddr + (uintptr_t)symbols_PTRS.explorer_PTRS[0]; - char m[BYTES_TO_DISASSEMBLE]; - VirtualProtectEx( - hExplorer, - (LPVOID)CTray_Init, - BYTES_TO_DISASSEMBLE, - PAGE_EXECUTE_READWRITE, - &dwOldValue - ); - ReadProcessMemory( - hExplorer, - (LPVOID)CTray_Init, - m, - BYTES_TO_DISASSEMBLE, - &dwNumberOfBytes - ); - VirtualProtectEx( - hExplorer, - (LPVOID)CTray_Init, - BYTES_TO_DISASSEMBLE, - dwOldValue, - (PDWORD)(&dwNumberOfBytes) - ); - _DecodedInst decodedInstructions[1000]; - UINT decodedInstructionsCount = 0; - _DecodeResult res = distorm_decode( - 0, - (const unsigned char*)m, - BYTES_TO_DISASSEMBLE, - Decode64Bits, - decodedInstructions, - 1000, - &decodedInstructionsCount - ); - BOOL found = FALSE; - for (UINT i = 0; i < decodedInstructionsCount; ++i) - { - if ((!strcmp(decodedInstructions[i].mnemonic.p, "JZ") || - !strcmp(decodedInstructions[i].mnemonic.p, "JNZ")) && - decodedInstructions[i].offset > start) - { - found = TRUE; - start = decodedInstructions[i].offset; - if (strat == 0) - { - memcpy( - m + start, - szPayload0, - sizeof(szPayload0) - ); - } - else if (strat == 1) - { - memcpy( - m + start, - szPayload1, - sizeof(szPayload1) - ); - } - break; - } - } - if (!found) - { - start = 0; - strat++; - } -#ifdef DEBUG - res = distorm_decode( - 0, - (const unsigned char*)m, - BYTES_TO_DISASSEMBLE, - Decode64Bits, - decodedInstructions, - 1000, - &decodedInstructionsCount - ); - for (UINT i = 0; i < decodedInstructionsCount; ++i) - { - printf( - "0x%p\t%s\t%s\n", - decodedInstructions[i].offset, - decodedInstructions[i].mnemonic.p, - decodedInstructions[i].instructionHex.p - ); - } -#endif - VirtualProtectEx( - hExplorer, - (LPVOID)CTray_Init, - BYTES_TO_DISASSEMBLE, - PAGE_EXECUTE_READWRITE, - &dwOldValue - ); - WriteProcessMemory( - hExplorer, - (LPVOID)CTray_Init, - m, - BYTES_TO_DISASSEMBLE, - &dwNumberOfBytes - ); - VirtualProtectEx( - hExplorer, - (LPVOID)CTray_Init, - BYTES_TO_DISASSEMBLE, - dwOldValue, - (PDWORD)(&dwNumberOfBytes) - ); - DebugActiveProcessStop(dwExplorerPID); - Sleep(3000); - HWND hWnd = FindWindowEx( - NULL, - NULL, - L"Shell_TrayWnd", - NULL - ); - if (hWnd) - { - hWnd = FindWindowEx( - hWnd, - NULL, - L"Start", - NULL - ); - if (hWnd) - { - if (IsWindowVisible(hWnd)) - { - ok = 1; - } - } - } - VnWriteUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_PATCH_OFFSET), - start, - wszSettingsPath - ); - VnWriteUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_PATCH_OFFSET_OK), - ok, - wszSettingsPath - ); - VnWriteUInt( - TEXT(EXPLORER_SB_NAME), - TEXT(EXPLORER_PATCH_OFFSET_STRAT), - strat, - wszSettingsPath - ); -#ifdef DEBUG - printf("start: %d ok %d\n", start, ok); -#endif - if (!ok) - { - hSnapshot = CreateToolhelp32Snapshot( - TH32CS_SNAPPROCESS, - 0 - ); - if (Process32First(hSnapshot, &pe32) == TRUE) - { - do - { - if (!wcscmp(pe32.szExeFile, TEXT("explorer.exe"))) - { - HANDLE hExpl = OpenProcess( - PROCESS_TERMINATE, - FALSE, - pe32.th32ProcessID - ); - TerminateProcess(hExpl, 1); - CloseHandle(hExpl); - } - } while (Process32Next(hSnapshot, &pe32) == TRUE); - } - if (Process32First(hSnapshot, &pe32) == TRUE) - { - do - { - if (!wcscmp(pe32.szExeFile, TEXT("sihost.exe"))) - { - HANDLE hSihost = OpenProcess( - PROCESS_TERMINATE, - FALSE, - pe32.th32ProcessID - ); - TerminateProcess(hSihost, 1); - CloseHandle(hSihost); - Sleep(500); - STARTUPINFO info = {sizeof(info)}; - PROCESS_INFORMATION processInfo; - BOOL b = CreateProcess( - NULL, - pe32.szExeFile, - NULL, - NULL, - TRUE, - CREATE_UNICODE_ENVIRONMENT, - NULL, - NULL, - &info, - &processInfo - ); - break; - } - } while (Process32Next(hSnapshot, &pe32) == TRUE); - } - CloseHandle(hSnapshot); - TerminateProcess( - OpenProcess( - PROCESS_TERMINATE, - FALSE, - GetCurrentProcessId() - ), - 0 - ); - } - } - else - { - dwInjectedAddr += (uintptr_t)symbols_PTRS.explorer_PTRS[0] + start; - if (strat == 0) - { - VirtualProtectEx( - hExplorer, - (LPVOID)dwInjectedAddr, - sizeof(szPayload0), - PAGE_EXECUTE_READWRITE, - &dwOldValue - ); - WriteProcessMemory( - hExplorer, - (LPVOID)dwInjectedAddr, - szPayload0, - sizeof(szPayload0), - &dwNumberOfBytes - ); - VirtualProtectEx( - hExplorer, - (LPVOID)dwInjectedAddr, - sizeof(szPayload0), - dwOldValue, - (PDWORD)(&dwNumberOfBytes) - ); - } - else if (strat == 1) - { - VirtualProtectEx( - hExplorer, - (LPVOID)dwInjectedAddr, - sizeof(szPayload1), - PAGE_EXECUTE_READWRITE, - &dwOldValue - ); - WriteProcessMemory( - hExplorer, - (LPVOID)dwInjectedAddr, - szPayload1, - sizeof(szPayload1), - &dwNumberOfBytes - ); - VirtualProtectEx( - hExplorer, - (LPVOID)dwInjectedAddr, - sizeof(szPayload1), - dwOldValue, - (PDWORD)(&dwNumberOfBytes) - ); - } - DebugActiveProcessStop(dwExplorerPID); - // WaitForSingleObject( - // hExplorer, - // INFINITE - // ); - /*for (UINT i = 0; i < 7; ++i) - { - TCHAR title[200], className[200]; - GetWindowTextW(GetForegroundWindow(), title, 200); - GetClassNameW(GetForegroundWindow(), className, 200); - wprintf(L"%s %s\n", title, className); - Sleep(1000); - }*/ - } - CloseHandle(hExplorer); - } - else - { - DebugActiveProcessStop(dwExplorerPID); - TerminateProcess( - OpenProcess( - PROCESS_TERMINATE, - FALSE, - GetCurrentProcessId() - ), - 0 - ); - } - - GetModuleFileName( - GetModuleHandle(NULL), - szLibPath, - MAX_PATH - ); - PathRemoveFileSpec(szLibPath); - lstrcat( - szLibPath, - L"\\ExplorerPatcherLibrary.dll" - ); - //Sleep(DELAY); - - while (TRUE) - { - HWND hWnd = FindWindowEx( - NULL, - NULL, - L"Shell_TrayWnd", - NULL - ); - if (hWnd) - { - hWnd = FindWindowEx( - hWnd, - NULL, - L"Start", - NULL - ); - if (hWnd) - { - if (IsWindowVisible(hWnd)) - { - break; - } - } - } - Sleep(1); - } - - CreateThread( - 0, - 0, - KillAfter, - 5000, - 0, - 0 - ); - return VnInjectAndMonitorProcess( - szLibPath, - MAX_PATH, - "main", - TEXT("explorer.exe"), - CLASS_NAME, - NULL, - hInstance, - stdout, - 0, - WindowProc, - TRUE, - 0, - 0, - NULL, - &hProcess, - &hMod, - &hInjection, - NULL, - 0, - &hWnd, - &hWnd - ); - } - return 0; -} \ No newline at end of file diff --git a/ExplorerPatcher/resource.rc b/ExplorerPatcher/resource.rc deleted file mode 100644 index d3cd3cd..0000000 --- a/ExplorerPatcher/resource.rc +++ /dev/null @@ -1,100 +0,0 @@ -// Microsoft Visual C++ generated resource script. -// -#include "resource.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "winres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (United States) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE -BEGIN - "resource.h\0" -END - -2 TEXTINCLUDE -BEGIN - "#include ""winres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// Version -// - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 22000,1,0,0 - PRODUCTVERSION 22000,1,0,0 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x1L -#else - FILEFLAGS 0x0L -#endif - FILEOS 0x40004L - FILETYPE 0x1L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "CompanyName", "VALINET Solutions SRL" - VALUE "FileDescription", "Explorer Patcher" - VALUE "FileVersion", "22000.1.0.0" - VALUE "InternalName", "Explorer.exe" - VALUE "LegalCopyright", "Copyright (C) 2006-2021 VALINET Solutions SRL. All rights reserved." - VALUE "OriginalFilename", "Explorer.exe" - VALUE "ProductName", "Explorer Patcher" - VALUE "ProductVersion", "22000.1.0.0" - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 1200 - END -END - -#endif // English (United States) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - diff --git a/ExplorerPatcherLibrary/ExplorerPatcherLibrary.rc b/ExplorerPatcherLibrary/ExplorerPatcherLibrary.rc deleted file mode 100644 index 972724a..0000000 --- a/ExplorerPatcherLibrary/ExplorerPatcherLibrary.rc +++ /dev/null @@ -1,100 +0,0 @@ -// Microsoft Visual C++ generated resource script. -// -#include "resource.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "winres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (United States) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE -BEGIN - "resource.h\0" -END - -2 TEXTINCLUDE -BEGIN - "#include ""winres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// Version -// - -VS_VERSION_INFO VERSIONINFO - FILEVERSION 22000,168,0,9 - PRODUCTVERSION 22000,168,0,9 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x1L -#else - FILEFLAGS 0x0L -#endif - FILEOS 0x40004L - FILETYPE 0x2L - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - VALUE "CompanyName", "VALINET Solutions SRL" - VALUE "FileDescription", "ExplorerPatcher Library" - VALUE "FileVersion", "22000.168.0.9" - VALUE "InternalName", "ExplorerPatcherLibrary.dll" - VALUE "LegalCopyright", "Copyright (C) 2006-2021 VALINET Solutions SRL. All rights reserved." - VALUE "OriginalFilename", "ExplorerPatcherLibrary.dll" - VALUE "ProductName", "WinOverview" - VALUE "ProductVersion", "22000.168.0.9" - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 1200 - END -END - -#endif // English (United States) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - diff --git a/ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj b/ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj deleted file mode 100644 index 942a7ff..0000000 --- a/ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj +++ /dev/null @@ -1,196 +0,0 @@ - - - - - Debug - Win32 - - - Release - Win32 - - - Debug - x64 - - - Release - x64 - - - - 16.0 - {DB3E4319-2969-42B6-B7E8-BB57AA8C9FA9} - CenterTitlebarTextLibrary - 10.0 - ExplorerPatcherLibrary - - - - Application - true - v142 - Unicode - - - Application - false - v142 - true - Unicode - - - DynamicLibrary - true - v142 - Unicode - - - DynamicLibrary - false - v142 - true - Unicode - - - - - - - - - - - - - - - - - - - - - false - $(SolutionDir)$(Platform)\$(Configuration)\ - - - true - - - true - - - false - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - $(SolutionDir)libs\funchook\include;$(SolutionDir)libs\libvalinet;%(AdditionalIncludeDirectories) - MultiThreaded - - - Console - true - true - true - $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalLibraryDirectories) - $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalDependencies) - - - - - - - - - - - - - Level3 - true - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - MultiThreadedDebug - - - Console - true - - - - - - - - - - - - - Level3 - true - _DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - $(SolutionDir)libs\funchook\include;$(SolutionDir)libs\libvalinet;%(AdditionalIncludeDirectories) - MultiThreadedDebug - - - Console - true - $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalLibraryDirectories) - $(SolutionDir)libs\funchook\build\Release\funchook.lib;$(SolutionDir)libs\funchook\build\Release\distorm.lib;%(AdditionalDependencies) - - - - - - - - - - - - - Level3 - true - true - true - NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - MultiThreaded - - - Console - true - true - true - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj.filters b/ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj.filters deleted file mode 100644 index 464c2dc..0000000 --- a/ExplorerPatcherLibrary/ExplorerPatcherLibrary.vcxproj.filters +++ /dev/null @@ -1,32 +0,0 @@ - - - - - {4FC737F1-C7A5-4376-A066-2A32D752A2FF} - cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx - - - {93995380-89BD-4b04-88EB-625FBE52EBFB} - h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd - - - {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} - rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms - - - - - Header Files - - - - - Resource Files - - - - - Source Files - - - \ No newline at end of file diff --git a/ExplorerPatcherLibrary/resource.h b/ExplorerPatcherLibrary/resource.h deleted file mode 100644 index 68460ac..0000000 --- a/ExplorerPatcherLibrary/resource.h +++ /dev/null @@ -1,15 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Visual C++ generated include file. -// Used by ExplorerPatcherLibrary.rc -// - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 101 -#define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 1001 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff --git a/PostBuildCommand/PostBuildCommand.vcxproj b/PostBuildCommand/PostBuildCommand.vcxproj deleted file mode 100644 index af2b2c4..0000000 --- a/PostBuildCommand/PostBuildCommand.vcxproj +++ /dev/null @@ -1,96 +0,0 @@ - - - - - Debug - Win32 - - - Release - Win32 - - - Debug - x64 - - - Release - x64 - - - - 16.0 - {9AE5B3DE-EA42-454C-85C0-4A7AF6AD331B} - Win32Proj - - - - Makefile - true - v142 - - - Makefile - false - v142 - - - Makefile - true - v142 - - - Makefile - false - v142 - - - - - - - - - - - - - - - - - - - - - taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - PostBuildCommand.exe - NDEBUG;$(NMakePreprocessorDefinitions) - taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - - - rem taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - PostBuildCommand.exe - WIN32;_DEBUG;$(NMakePreprocessorDefinitions) - rem taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - - - rem taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - PostBuildCommand.exe - _DEBUG;$(NMakePreprocessorDefinitions) - rem taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - - - taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - PostBuildCommand.exe - WIN32;NDEBUG;$(NMakePreprocessorDefinitions) - taskkill /f /im:sihost.exe 2>nul &set errorlevel=0 - - - - - - - - - \ No newline at end of file diff --git a/PostBuildCommand/PostBuildCommand.vcxproj.filters b/PostBuildCommand/PostBuildCommand.vcxproj.filters deleted file mode 100644 index 1fb5e04..0000000 --- a/PostBuildCommand/PostBuildCommand.vcxproj.filters +++ /dev/null @@ -1,17 +0,0 @@ - - - - - {4FC737F1-C7A5-4376-A066-2A32D752A2FF} - cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx - - - {93995380-89BD-4b04-88EB-625FBE52EBFB} - h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd - - - {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} - rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms - - - \ No newline at end of file diff --git a/PreBuildCommand/PreBuildCommand.vcxproj b/PreBuildCommand/PreBuildCommand.vcxproj deleted file mode 100644 index 927f43d..0000000 --- a/PreBuildCommand/PreBuildCommand.vcxproj +++ /dev/null @@ -1,96 +0,0 @@ - - - - - Debug - Win32 - - - Release - Win32 - - - Debug - x64 - - - Release - x64 - - - - 16.0 - {E74E02C4-C6DA-44B2-A034-7C9F1B661152} - Win32Proj - - - - Makefile - true - v142 - - - Makefile - false - v142 - - - Makefile - true - v142 - - - Makefile - false - v142 - - - - - - - - - - - - - - - - - - - - - taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - PreBuildCommand.exe - NDEBUG;$(NMakePreprocessorDefinitions) - taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - - - rem taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - PreBuildCommand.exe - WIN32;_DEBUG;$(NMakePreprocessorDefinitions) - rem taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - - - rem taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - PreBuildCommand.exe - _DEBUG;$(NMakePreprocessorDefinitions) - rem taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - - - taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - PreBuildCommand.exe - WIN32;NDEBUG;$(NMakePreprocessorDefinitions) - taskkill /f /im:explorer.exe 2>nul &set errorlevel=0 - - - - - - - - - \ No newline at end of file diff --git a/PreBuildCommand/PreBuildCommand.vcxproj.filters b/PreBuildCommand/PreBuildCommand.vcxproj.filters deleted file mode 100644 index 1fb5e04..0000000 --- a/PreBuildCommand/PreBuildCommand.vcxproj.filters +++ /dev/null @@ -1,17 +0,0 @@ - - - - - {4FC737F1-C7A5-4376-A066-2A32D752A2FF} - cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx - - - {93995380-89BD-4b04-88EB-625FBE52EBFB} - h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd - - - {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} - rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms - - - \ No newline at end of file diff --git a/README.md b/README.md index e1c087c..89aca30 100644 --- a/README.md +++ b/README.md @@ -16,13 +16,32 @@ A changelog is available [here](https://github.com/valinet/ExplorerPatcher/blob/ A detailed description of how this works is available on my web site [here](https://valinet.ro/2021/08/09/Restore-Windows-11-to-working-Windows-10-UI.html). -Precompiled binaries are available in [Releases](https://github.com/valinet/ExplorerPatcher/releases). +The application comes in the form of a dynamic-link library (DLL). Precompiled binaries are available in [Releases](https://github.com/valinet/ExplorerPatcher/releases). ## Installation -To install, save the executable in a safe directory, run it once as an administrator to have it register as [Taskman](https://www.geoffchappell.com/notes/windows/shell/explorer/taskman.htm) for Explorer and just restart Explorer or reboot. +Simply copy the downloaded DLL named `dxgi.dll` to `%windir%` (usually `C:\Windows`) and restart Explorer. -The application does not currently offer a way to configure its behavior. In the mean time, I recommend commenting out whatever you do not like and compile your own executable, as described below (instructions are very simple). +At first launch, the application will notify you about missing symbols and will automatically download them from Microsoft. Then, it will try to determine some patch offsets for Explorer. The process involves automatically restarting Explorer a couple of times and evaluating the results. Please be patient and let this do its job; you will know it is done when you will see the old taskbar instead of the new one. Also, the application will show a notification to let you know it is done. + +Downloaded symbols and application configuration is saved in the `%appdata%\ExplorerPatcher` folder. + +To uninstall, simply delete `dxgi.dll` from `%windir%`. + +#### How does this work? + +The mechanism the application gets loaded is by exploiting the DLL search order in Windows. I take advantage of the fact that Explorer is one of the few system processes located in `%windir%` and not in `%windir%\System32`, so it does not affect most apps. Also, `%windir%` is not in the search path. Read more about this technique [here](https://itm4n.github.io/windows-dll-hijacking-clarified/). The main advantage here is that you do not have to keep an extra process running in the memory; plus, due to the diverse nature of how Explorer is launched, hooking it can be difficult. + +I picked `dxgi.dll` because it is not on the `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs` list, because it has few exports and is loaded very early by Explorer, when calling the `DXGIDeclareAdapterRemovalSupport()` function. + +## Configuration + +The `settings.ini` file contains, among the offsets for the various hooked/exploited functions, a few parameters that you can tweak: + +* `General\AllowImmersiveContextMenus = 1` will show the new context menus in Explorer instead of the legacy one +* `General\AllocConsole = 1` will show a console when the application runs (useful for diagnostics). + +To change whether Start opens on the monitor the mouse is on, configure this registry setting (DWORD): `HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\MonitorOverride`: 0 = enable, 1 or not created = default, disable. ## License