Froz
/
ExplorerPatcher
mirror of https://github.com/valinet/ExplorerPatcher.git
1
0
Fork 0
Code Issues Projects Releases 1 Wiki Activity
Browse Source

Main: Guards against NULL dereferences (#879)

pull/886/head
Valentin Radu 4 years ago
parent
5f5578f46e
commit
c00de82cd6
1 changed files with 82 additions and 66 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 148
      ExplorerPatcher/dllmain.c

148
ExplorerPatcher/dllmain.c
Unescape View File

@ -4624,71 +4624,74 @@ BOOL explorer_SetChildWindowNoActivateHook(HWND hWnd)
if (!wcscmp(className, L"TrayButton")) if (!wcscmp(className, L"TrayButton"))
{ {
uintptr_t Instance = *(uintptr_t*)GetWindowLongPtrW(hWnd, 0); uintptr_t Instance = *(uintptr_t*)GetWindowLongPtrW(hWnd, 0);
uintptr_t TrayButton_GetComponentName = *(INT_PTR(WINAPI**)())(Instance + 304); if (Instance)
if (!IsBadCodePtr(TrayButton_GetComponentName))
{ {
wchar_t* wszComponentName = (const WCHAR*)(*(uintptr_t (**)(void))(Instance + 304))(); uintptr_t TrayButton_GetComponentName = *(INT_PTR(WINAPI**)())(Instance + 304);
if (!wcscmp(wszComponentName, L"CortanaButton")) if (!IsBadCodePtr(TrayButton_GetComponentName))
{ {
DWORD dwOldProtect; wchar_t* wszComponentName = (const WCHAR*)(*(uintptr_t(**)(void))(Instance + 304))();
VirtualProtect(Instance + 160, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect); if (!wcscmp(wszComponentName, L"CortanaButton"))
if (!Widgets_OnClickFunc) Widgets_OnClickFunc = *(uintptr_t*)(Instance + 160); {
*(uintptr_t*)(Instance + 160) = Widgets_OnClickHook; // OnClick DWORD dwOldProtect;
VirtualProtect(Instance + 160, sizeof(uintptr_t), dwOldProtect, &dwOldProtect); VirtualProtect(Instance + 160, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect);
VirtualProtect(Instance + 216, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect); if (!Widgets_OnClickFunc) Widgets_OnClickFunc = *(uintptr_t*)(Instance + 160);
if (!Widgets_GetTooltipTextFunc) Widgets_GetTooltipTextFunc = *(uintptr_t*)(Instance + 216); *(uintptr_t*)(Instance + 160) = Widgets_OnClickHook; // OnClick
*(uintptr_t*)(Instance + 216) = Widgets_GetTooltipTextHook; // OnTooltipShow VirtualProtect(Instance + 160, sizeof(uintptr_t), dwOldProtect, &dwOldProtect);
VirtualProtect(Instance + 216, sizeof(uintptr_t), dwOldProtect, &dwOldProtect); VirtualProtect(Instance + 216, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect);
} if (!Widgets_GetTooltipTextFunc) Widgets_GetTooltipTextFunc = *(uintptr_t*)(Instance + 216);
else if (!wcscmp(wszComponentName, L"MultitaskingButton")) *(uintptr_t*)(Instance + 216) = Widgets_GetTooltipTextHook; // OnTooltipShow
{ VirtualProtect(Instance + 216, sizeof(uintptr_t), dwOldProtect, &dwOldProtect);
DWORD dwOldProtect; }
VirtualProtect(Instance + 160, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect); else if (!wcscmp(wszComponentName, L"MultitaskingButton"))
*(uintptr_t*)(Instance + 160) = ToggleTaskView; // OnClick {
VirtualProtect(Instance + 160, sizeof(uintptr_t), dwOldProtect, &dwOldProtect); DWORD dwOldProtect;
} VirtualProtect(Instance + 160, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect);
else if (!wcscmp(wszComponentName, L"PeopleButton")) *(uintptr_t*)(Instance + 160) = ToggleTaskView; // OnClick
{ VirtualProtect(Instance + 160, sizeof(uintptr_t), dwOldProtect, &dwOldProtect);
DWORD dwOldProtect; }
else if (!wcscmp(wszComponentName, L"PeopleButton"))
{
DWORD dwOldProtect;
uintptr_t PeopleButton_Instance = *((uintptr_t*)GetWindowLongPtrW(hWnd, 0) + 17); uintptr_t PeopleButton_Instance = *((uintptr_t*)GetWindowLongPtrW(hWnd, 0) + 17);
VirtualProtect(PeopleButton_Instance + 32, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect); VirtualProtect(PeopleButton_Instance + 32, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect);
if (!PeopleButton_CalculateMinimumSizeFunc) PeopleButton_CalculateMinimumSizeFunc = *(uintptr_t*)(PeopleButton_Instance + 32); if (!PeopleButton_CalculateMinimumSizeFunc) PeopleButton_CalculateMinimumSizeFunc = *(uintptr_t*)(PeopleButton_Instance + 32);
*(uintptr_t*)(PeopleButton_Instance + 32) = PeopleButton_CalculateMinimumSizeHook; // CalculateMinimumSize *(uintptr_t*)(PeopleButton_Instance + 32) = PeopleButton_CalculateMinimumSizeHook; // CalculateMinimumSize
VirtualProtect(PeopleButton_Instance + 32, sizeof(uintptr_t), dwOldProtect, &dwOldProtect); VirtualProtect(PeopleButton_Instance + 32, sizeof(uintptr_t), dwOldProtect, &dwOldProtect);
VirtualProtect(Instance + 224, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect); VirtualProtect(Instance + 224, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect);
if (!PeopleButton_ShowTooltipFunc) PeopleButton_ShowTooltipFunc = *(uintptr_t*)(Instance + 224); if (!PeopleButton_ShowTooltipFunc) PeopleButton_ShowTooltipFunc = *(uintptr_t*)(Instance + 224);
*(uintptr_t*)(Instance + 224) = PeopleButton_ShowTooltipHook; // OnTooltipShow *(uintptr_t*)(Instance + 224) = PeopleButton_ShowTooltipHook; // OnTooltipShow
VirtualProtect(Instance + 224, sizeof(uintptr_t), dwOldProtect, &dwOldProtect); VirtualProtect(Instance + 224, sizeof(uintptr_t), dwOldProtect, &dwOldProtect);
VirtualProtect(Instance + 160, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect); VirtualProtect(Instance + 160, sizeof(uintptr_t), PAGE_READWRITE, &dwOldProtect);
if (!PeopleButton_OnClickFunc) PeopleButton_OnClickFunc = *(uintptr_t*)(Instance + 160); if (!PeopleButton_OnClickFunc) PeopleButton_OnClickFunc = *(uintptr_t*)(Instance + 160);
*(uintptr_t*)(Instance + 160) = PeopleButton_OnClickHook; // OnClick *(uintptr_t*)(Instance + 160) = PeopleButton_OnClickHook; // OnClick
VirtualProtect(Instance + 160, sizeof(uintptr_t), dwOldProtect, &dwOldProtect); VirtualProtect(Instance + 160, sizeof(uintptr_t), dwOldProtect, &dwOldProtect);
PeopleButton_LastHWND = hWnd; PeopleButton_LastHWND = hWnd;
SetWindowSubclass(hWnd, PeopleButton_SubclassProc, PeopleButton_SubclassProc, 0); SetWindowSubclass(hWnd, PeopleButton_SubclassProc, PeopleButton_SubclassProc, 0);
AcquireSRWLockExclusive(&lock_epw); AcquireSRWLockExclusive(&lock_epw);
if (!epw) if (!epw)
{
if (SUCCEEDED(CoCreateInstance(&CLSID_EPWeather, NULL, CLSCTX_LOCAL_SERVER, &IID_IEPWeather, &epw)) && epw)
{ {
epw->lpVtbl->SetNotifyWindow(epw, hWnd); if (SUCCEEDED(CoCreateInstance(&CLSID_EPWeather, NULL, CLSCTX_LOCAL_SERVER, &IID_IEPWeather, &epw)) && epw)
WCHAR wszBuffer[MAX_PATH];
ZeroMemory(wszBuffer, sizeof(WCHAR) * MAX_PATH);
HMODULE hModule = GetModuleHandleW(L"pnidui.dll");
if (hModule)
{ {
LoadStringW(hModule, 35, wszBuffer, MAX_PATH); epw->lpVtbl->SetNotifyWindow(epw, hWnd);
WCHAR wszBuffer[MAX_PATH];
ZeroMemory(wszBuffer, sizeof(WCHAR) * MAX_PATH);
HMODULE hModule = GetModuleHandleW(L"pnidui.dll");
if (hModule)
{
LoadStringW(hModule, 35, wszBuffer, MAX_PATH);
}
SetWindowTextW(hWnd, wszBuffer);
} }
SetWindowTextW(hWnd, wszBuffer);
} }
ReleaseSRWLockExclusive(&lock_epw);
} }
ReleaseSRWLockExclusive(&lock_epw);
} }
} }
} }
@ -6173,12 +6176,15 @@ void Explorer_RefreshClockHelper(HWND hClockButton)
// we call v_Initialize because all it does is to query the // we call v_Initialize because all it does is to query the
// registry and update the internal state to display seconds or not // registry and update the internal state to display seconds or not
// to get the offset, simply inspect the vtable of ClockButton // to get the offset, simply inspect the vtable of ClockButton
((void(*)(void*))(*(INT64*)((*(INT64*)ClockButtonInstance) + 6 * sizeof(uintptr_t))))(ClockButtonInstance); // v_Initialize if (ClockButtonInstance)
// we need to refresh the button; for the text to actually change, we need to set this: {
// inspect ClockButton::v_OnTimer ((void(*)(void*))(*(INT64*)((*(INT64*)ClockButtonInstance) + 6 * sizeof(uintptr_t))))(ClockButtonInstance); // v_Initialize
*((BYTE*)ClockButtonInstance + 547) = 1; // we need to refresh the button; for the text to actually change, we need to set this:
// then, we simply invalidate the area // inspect ClockButton::v_OnTimer
InvalidateRect(hClockButton, NULL, TRUE); *((BYTE*)ClockButtonInstance + 547) = 1;
// then, we simply invalidate the area
InvalidateRect(hClockButton, NULL, TRUE);
}
} }
void Explorer_RefreshClock(int unused) void Explorer_RefreshClock(int unused)
@ -6229,10 +6235,15 @@ void Explorer_TogglePeopleButton(int unused)
if (hShellTray_Wnd) if (hShellTray_Wnd)
{ {
INT64* CTrayInstance = (BYTE*)(GetWindowLongPtrW(hShellTray_Wnd, 0)); // -> CTray INT64* CTrayInstance = (BYTE*)(GetWindowLongPtrW(hShellTray_Wnd, 0)); // -> CTray
const unsigned int TRAYUI_OFFSET_IN_CTRAY = 110; if (CTrayInstance)
INT64* TrayUIInstance = *((INT64*)CTrayInstance + TRAYUI_OFFSET_IN_CTRAY); {
const unsigned int TRAYUI_OFFSET_IN_CTRAY = 110;
((void(*)(void*))(*(INT64*)((*(INT64*)TrayUIInstance) + 57 * sizeof(uintptr_t))))(TrayUIInstance); INT64* TrayUIInstance = *((INT64*)CTrayInstance + TRAYUI_OFFSET_IN_CTRAY);
if (TrayUIInstance)
{
((void(*)(void*))(*(INT64*)((*(INT64*)TrayUIInstance) + 57 * sizeof(uintptr_t))))(TrayUIInstance);
}
}
} }
} }
@ -6242,10 +6253,15 @@ void Explorer_ToggleTouchpad(int unused)
if (hShellTray_Wnd) if (hShellTray_Wnd)
{ {
INT64* CTrayInstance = (BYTE*)(GetWindowLongPtrW(hShellTray_Wnd, 0)); // -> CTray INT64* CTrayInstance = (BYTE*)(GetWindowLongPtrW(hShellTray_Wnd, 0)); // -> CTray
const unsigned int TRAYUI_OFFSET_IN_CTRAY = 110; if (CTrayInstance)
INT64* TrayUIInstance = *((INT64*)CTrayInstance + TRAYUI_OFFSET_IN_CTRAY); {
const unsigned int TRAYUI_OFFSET_IN_CTRAY = 110;
((void(*)(void*))(*(INT64*)((*(INT64*)TrayUIInstance) + 60 * sizeof(uintptr_t))))(TrayUIInstance); INT64* TrayUIInstance = *((INT64*)CTrayInstance + TRAYUI_OFFSET_IN_CTRAY);
if (TrayUIInstance)
{
((void(*)(void*))(*(INT64*)((*(INT64*)TrayUIInstance) + 60 * sizeof(uintptr_t))))(TrayUIInstance);
}
}
} }
} }
#pragma endregion #pragma endregion

Write Preview
Loading…
Cancel
Save