Froz
/
ExplorerPatcher
mirror of https://github.com/valinet/ExplorerPatcher.git
1
0
Fork 0
Code Issues Projects Releases 1 Wiki Activity
Browse Source

Taskbar10: Try to make fixes for 22621.2134. 

- Fix Action Center, Control Center, and Toast Center placements.
- Fix Task View refusing to appear.
- Fix Win+B not working.
pull/2097/head
Amrsatrio 2 years ago
parent
5bda71f184
commit
db1a168ebf
3 changed files with 346 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 313
      ExplorerPatcher/dllmain.c
  2. 8
      ExplorerPatcher/osutility.h
  3. 26
      ExplorerPatcher/utility.h

313
ExplorerPatcher/dllmain.c
Unescape View File

@ -9209,7 +9209,7 @@ BOOL explorer_SetRect(LPRECT lprc, int xLeft, int yTop, int xRight, int yBottom) @@ -9209,7 +9209,7 @@ BOOL explorer_SetRect(LPRECT lprc, int xLeft, int yTop, int xRight, int yBottom)
const UINT office_hotkeys[10] = { 0x57, 0x54, 0x59, 0x4F, 0x50, 0x44, 0x4C, 0x58, 0x4E, 0x20 };
BOOL explorer_RegisterHotkeyHook(HWND hWnd, int id, UINT fsModifiers, UINT vk)
{
if (fsModifiers == (MOD_ALT | MOD_CONTROL | MOD_SHIFT | MOD_WIN | MOD_NOREPEAT) && (
if (bDisableOfficeHotkeys && fsModifiers == (MOD_ALT | MOD_CONTROL | MOD_SHIFT | MOD_WIN | MOD_NOREPEAT) && (
vk == office_hotkeys[0] ||
vk == office_hotkeys[1] ||
vk == office_hotkeys[2] ||
@ -9225,6 +9225,21 @@ BOOL explorer_RegisterHotkeyHook(HWND hWnd, int id, UINT fsModifiers, UINT vk) @@ -9225,6 +9225,21 @@ BOOL explorer_RegisterHotkeyHook(HWND hWnd, int id, UINT fsModifiers, UINT vk)
SetLastError(ERROR_HOTKEY_ALREADY_REGISTERED);
return FALSE;
}
static BOOL bWinBHotkeyRegistered = FALSE;
if (!bWinBHotkeyRegistered && fsModifiers == (MOD_WIN | MOD_NOREPEAT) && vk == 'D') // right after Win+D
{
#if 0
BOOL bMoment2PatchesEligible = IsWindows11Version22H2Build1413OrHigher();
#else
BOOL bMoment2PatchesEligible = IsWindows11Version22H2Build2134OrHigher();
#endif
if (bMoment2PatchesEligible && global_rovi.dwBuildNumber == 22621 && bOldTaskbar)
{
RegisterHotKey(hWnd, 514, MOD_WIN | MOD_NOREPEAT, 'B');
printf("Registered Win+B\n");
}
bWinBHotkeyRegistered = TRUE;
}
return RegisterHotKey(hWnd, id, fsModifiers, vk);
}
@ -9831,6 +9846,276 @@ INT64 twinui_pcshell_CMultitaskingViewManager__CreateXamlMTVHostHook(INT64 a1, u @@ -9831,6 +9846,276 @@ INT64 twinui_pcshell_CMultitaskingViewManager__CreateXamlMTVHostHook(INT64 a1, u
return twinui_pcshell_CMultitaskingViewManager__CreateXamlMTVHostFunc(a1, a2, a3, a4, a5);
}
BOOL Moment2PatchActionCenter(LPMODULEINFO mi)
{
/***
Step 1:
Scan within the DLL.
```0F 10 45 ?? F3 0F 7F 07 80 BE // rcMonitor = mi.rcMonitor; // movups - movdqu - cmp```
22621.1992: 7E2F0
22621.2283: 140D5
22621.1992 has a different compiled code structure than 22621.2283 therefore we have to use a different approach:
Short circuiting the `if (26008830 is enabled)`.
22621.1992: 7E313
Step 2:
Scan within the function for the real fix.
```0F 10 45 ?? F3 0F 7F 07 48 // *a2 = mi.rcWork; // movups - movdqu - test```
22621.2283: 1414B
Step 3:
After the first jz starting from step 1, write a jmp to the address found in step 2.
+17 from the movups in step 1.
22621.2283: 140E6
Step 4:
Change jz to jmp after the real fix, short circuiting `if (b) unconditional_release_ref(...)`.
+11 from the movups in step 2.
22621.2283:
74 -> EB
***/
PBYTE step1 = FindPattern(mi->lpBaseOfDll, mi->SizeOfImage, "\x0F\x10\x45\x00\xF3\x0F\x7F\x07\x80\xBE", "xxx?xxxxxx");
if (!step1) return FALSE;
printf("[CActionCenterExperienceManager::GetViewPosition()] step1 = %lX\n", step1 - (PBYTE)mi->lpBaseOfDll);
if (!IsWindows11Version22H2Build2134OrHigher()) // We're on 1413-1992
{
PBYTE featureCheckJz = step1 + 35;
if (*featureCheckJz != 0x0F && *(featureCheckJz + 1) != 0x84) return FALSE;
DWORD dwOldProtect = 0;
PBYTE jzAddr = featureCheckJz + 6 + *(DWORD*)(featureCheckJz + 2);
if (!VirtualProtect(featureCheckJz, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
featureCheckJz[0] = 0xE9;
*(DWORD*)(featureCheckJz + 1) = (DWORD)(jzAddr - featureCheckJz - 5);
VirtualProtect(featureCheckJz, 5, dwOldProtect, &dwOldProtect);
goto done;
}
PBYTE step2 = FindPattern(step1 + 1, 200, "\x0F\x10\x45\x00\xF3\x0F\x7F\x07\x48", "xxx?xxxxx");
if (!step2) return FALSE;
printf("[CActionCenterExperienceManager::GetViewPosition()] step2 = %lX\n", step2 - (PBYTE)mi->lpBaseOfDll);
PBYTE step3 = step1 + 17;
printf("[CActionCenterExperienceManager::GetViewPosition()] step3 = %lX\n", step3 - (PBYTE)mi->lpBaseOfDll);
PBYTE step4 = step2 + 11;
printf("[CActionCenterExperienceManager::GetViewPosition()] step4 = %lX\n", step4 - (PBYTE)mi->lpBaseOfDll);
if (*step4 != 0x74) return FALSE;
// Execution
DWORD dwOldProtect = 0;
if (!VirtualProtect(step3, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step3[0] = 0xE9;
*(DWORD*)(step3 + 1) = (DWORD)(step2 - step3 - 5);
VirtualProtect(step3, 5, dwOldProtect, &dwOldProtect);
dwOldProtect = 0;
if (!VirtualProtect(step4, 1, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step4[0] = 0xEB;
VirtualProtect(step4, 1, dwOldProtect, &dwOldProtect);
done:
printf("[CActionCenterExperienceManager::GetViewPosition()] Patched!\n");
return TRUE;
}
BOOL Moment2PatchControlCenter(LPMODULEINFO mi)
{
/***
Step 1:
Scan within the DLL.
```0F 10 44 24 ?? F3 0F 7F 44 24 ?? 80 BF // rcMonitor = mi.rcMonitor; // movups - movdqu - cmp```
22621.1992: 4B35B
22621.2283: 65C5C
Step 2:
Scan within the function for the real fix. This pattern applies to both ControlCenter and ToastCenter.
```0F 10 45 ?? F3 0F 7F 44 24 ?? 48 // rcMonitor = mi.rcWork; // movups - movdqu - test```
22621.1992: 4B3FD and 4B418 (The second one is compiled out in later builds)
22621.2283: 65CE6
Step 3:
After the first jz starting from step 1, write a jmp to the address found in step 2.
+24 from the movups in step 1.
22621.1992: 4B373
22621.2283: 65C74
Step 4:
Change jz to jmp after the real fix, short circuiting `if (b) unconditional_release_ref(...)`.
+13 from the movups in step 2.
22621.1992: 4B40A
22621.2283: 65CE3
74 -> EB
***/
PBYTE step1 = FindPattern(mi->lpBaseOfDll, mi->SizeOfImage, "\x0F\x10\x44\x24\x00\xF3\x0F\x7F\x44\x24\x00\x80\xBF", "xxxx?xxxxx?xx");
if (!step1) return FALSE;
printf("[CControlCenterExperienceManager::PositionView()] step1 = %lX\n", step1 - (PBYTE)mi->lpBaseOfDll);
PBYTE step2 = FindPattern(step1 + 1, 200, "\x0F\x10\x45\x00\xF3\x0F\x7F\x44\x24\x00\x48", "xxx?xxxxx?x");
if (!step2) return FALSE;
printf("[CControlCenterExperienceManager::PositionView()] step2 = %lX\n", step2 - (PBYTE)mi->lpBaseOfDll);
PBYTE step3 = step1 + 24;
printf("[CControlCenterExperienceManager::PositionView()] step3 = %lX\n", step3 - (PBYTE)mi->lpBaseOfDll);
PBYTE step4 = step2 + 13;
printf("[CControlCenterExperienceManager::PositionView()] step4 = %lX\n", step4 - (PBYTE)mi->lpBaseOfDll);
if (*step4 != 0x74) return FALSE;
// Execution
DWORD dwOldProtect = 0;
if (!VirtualProtect(step3, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step3[0] = 0xE9;
*(DWORD*)(step3 + 1) = (DWORD)(step2 - step3 - 5);
VirtualProtect(step3, 5, dwOldProtect, &dwOldProtect);
dwOldProtect = 0;
if (!VirtualProtect(step4, 1, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step4[0] = 0xEB;
VirtualProtect(step4, 1, dwOldProtect, &dwOldProtect);
printf("[CControlCenterExperienceManager::PositionView()] Patched!\n");
return TRUE;
}
BOOL Moment2PatchToastCenter(LPMODULEINFO mi)
{
/***
Step 1:
Scan within the DLL.
```0F 10 45 84 ?? 0F 7F 44 24 ?? 48 8B CF // rcMonitor = mi.rcMonitor; // movups - movdqu - mov```
22621.1992: 40CE8
22621.2283: 501DB
Step 2:
Scan within the function for the real fix. This pattern applies to both ControlCenter and ToastCenter.
```0F 10 45 ?? F3 0F 7F 44 24 ?? 48 // rcMonitor = mi.rcWork; // movups - movdqu - test```
22621.1992: 40D8B
22621.2283: 5025D
Step 3:
After the first jz starting from step 1, write a jmp to the address found in step 2.
+26 from the movups in step 1.
22621.1992: 40D02
22621.2283: 501F5
Step 4:
Change jz to jmp after the real fix, short circuiting `if (b) unconditional_release_ref(...)`.
+13 from the movups in step 2.
22621.1992: 40D98
22621.2283: 5026A
Note: We are skipping EdgeUI calls here.
***/
PBYTE step1 = FindPattern(mi->lpBaseOfDll, mi->SizeOfImage, "\x0F\x10\x45\x84\x00\x0F\x7F\x44\x24\x00\x48\x8B\xCF", "xxxx?xxxx?xxx");
if (!step1) return FALSE;
printf("[CToastCenterExperienceManager::PositionView()] step1 = %lX\n", step1 - (PBYTE)mi->lpBaseOfDll);
PBYTE step2 = FindPattern(step1 + 1, 200, "\x0F\x10\x45\x00\xF3\x0F\x7F\x44\x24\x00\x48", "xxx?xxxxx?x");
if (!step2) return FALSE;
printf("[CToastCenterExperienceManager::PositionView()] step2 = %lX\n", step2 - (PBYTE)mi->lpBaseOfDll);
PBYTE step3 = step1 + 26;
printf("[CToastCenterExperienceManager::PositionView()] step3 = %lX\n", step3 - (PBYTE)mi->lpBaseOfDll);
PBYTE step4 = step2 + 13;
printf("[CToastCenterExperienceManager::PositionView()] step4 = %lX\n", step4 - (PBYTE)mi->lpBaseOfDll);
if (*step4 != 0x0F /*When the else block is big*/ && *step4 != 0x74) return FALSE;
// Execution
DWORD dwOldProtect = 0;
if (!VirtualProtect(step3, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step3[0] = 0xE9;
*(DWORD*)(step3 + 1) = (DWORD)(step2 - step3 - 5);
VirtualProtect(step3, 5, dwOldProtect, &dwOldProtect);
dwOldProtect = 0;
if (*step4 == 0x74) // Same size, just change the opcode
{
if (!VirtualProtect(step4, 1, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step4[0] = 0xEB;
VirtualProtect(step4, 1, dwOldProtect, &dwOldProtect);
}
else // The big one
{
PBYTE jzAddr = step4 + 6 + *(DWORD*)(step4 + 2);
if (!VirtualProtect(step4, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step4[0] = 0xE9;
*(DWORD*)(step4 + 1) = (DWORD)(jzAddr - step4 - 5);
VirtualProtect(step4, 5, dwOldProtect, &dwOldProtect);
}
printf("[CToastCenterExperienceManager::PositionView()] Patched!\n");
return TRUE;
}
BOOL Moment2PatchTaskView(LPMODULEINFO mi)
{
/***
If we're using the old taskbar, it'll be stuck in an infinite loading since it's waiting for the new one to respond.
Let's skip those.
Step 1:
Scan within the DLL. We point to the assignment of the `GetWorkArea()` result.
```0F 10 00 F3 0F 7F 46 ?? 4C 8B C7 // movups - movdqu - mov```
22621.2283: 24A1CA
Step 2:
Find the beginning, it should be 4C (mov) which is the preparation of the `UpdateWorkAreaAsync()` call.
+8 from step 1.
22621.2283: 24A1D2
Step 3:
Find the end, it should be before the next `IUnknown::operator=()` call.
```48 8D 4E 60 48 8B 54 24 ?? E8```
22621.2283: 24A1F4
Step 4:
NOP everything between step 2 and 3.
***/
if (!IsWindows11Version22H2Build2134OrHigher())
{
// 1413-1992, just short circuit the if
// TODO ONLY TESTED ON 1992
PBYTE step1 = FindPattern(mi->lpBaseOfDll, mi->SizeOfImage, "\x74\x27\x4D\x8B\xC6\x48\x8D\x55\xC0\x48\x8B\xCF", "xxxxxxxxxxxx"); // jz short - mov - lea - mov
if (!step1) return FALSE;
DWORD dwOldProtect = 0;
if (!VirtualProtect(step1, 1, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
step1[0] = 0xEB;
VirtualProtect(step1, 1, dwOldProtect, &dwOldProtect);
goto done;
}
PBYTE step1 = FindPattern(mi->lpBaseOfDll, mi->SizeOfImage, "\x0F\x10\x00\xF3\x0F\x7F\x46\x00\x4C\x8B\xC7", "xxxxxxx?xxx");
if (!step1) return FALSE;
printf("[TaskViewFrame::RuntimeClassInitialize()] step1 = %lX\n", step1 - (PBYTE)mi->lpBaseOfDll);
PBYTE step2 = step1 + 8;
printf("[TaskViewFrame::RuntimeClassInitialize()] step2 = %lX\n", step2 - (PBYTE)mi->lpBaseOfDll);
if (*step2 != 0x4C) return FALSE;
PBYTE step3 = FindPattern(step2 + 1, 128, "\x48\x8D\x4E\x60\x48\x8B\x54\x24\x00\xE8", "xxxxxxxx?x");
if (!step3) return FALSE;
printf("[TaskViewFrame::RuntimeClassInitialize()] step3 = %lX\n", step3 - (PBYTE)mi->lpBaseOfDll);
// Execution
DWORD dwOldProtect = 0;
if (!VirtualProtect(step2, step3 - step2, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return FALSE;
memset(step2, 0x90, step3 - step2);
VirtualProtect(step2, step3 - step2, dwOldProtect, &dwOldProtect);
done:
printf("[TaskViewFrame::RuntimeClassInitialize()] Patched!\n");
return TRUE;
}
BOOL IsDebuggerPresentHook()
{
return FALSE;
@ -10418,6 +10703,30 @@ DWORD Inject(BOOL bIsExplorer) @@ -10418,6 +10703,30 @@ DWORD Inject(BOOL bIsExplorer)
return rv;
}
}*/
#if 0
// Use this only for testing, since the RtlQueryFeatureConfiguration() hook is perfect.
// Only tested on 22621.1992.
BOOL bMoment2PatchesEligible = IsWindows11Version22H2Build1413OrHigher();
#else
// This is the only way to fix stuff since the flag "26008830" and the code when it's not enabled are gone.
// Only tested on 22621.2283.
BOOL bMoment2PatchesEligible = IsWindows11Version22H2Build2134OrHigher();
#endif
if (bMoment2PatchesEligible && global_rovi.dwBuildNumber == 22621 && bOldTaskbar) // TODO Test for 23H2
{
MODULEINFO miTwinuiPcshell;
GetModuleInformation(GetCurrentProcess(), hTwinuiPcshell, &miTwinuiPcshell, sizeof(MODULEINFO));
// Fix flyout placement: Our goal with these patches is to get `mi.rcWork` assigned
Moment2PatchActionCenter(&miTwinuiPcshell);
Moment2PatchControlCenter(&miTwinuiPcshell);
Moment2PatchToastCenter(&miTwinuiPcshell);
// Fix task view
Moment2PatchTaskView(&miTwinuiPcshell);
}
VnPatchIAT(hTwinuiPcshell, "API-MS-WIN-CORE-REGISTRY-L1-1-0.DLL", "RegGetValueW", twinuipcshell_RegGetValueW);
//VnPatchIAT(hTwinuiPcshell, "api-ms-win-core-debug-l1-1-0.dll", "IsDebuggerPresent", IsDebuggerPresentHook);
printf("Setup twinui.pcshell functions done\n");
@ -10760,7 +11069,7 @@ DWORD Inject(BOOL bIsExplorer) @@ -10760,7 +11069,7 @@ DWORD Inject(BOOL bIsExplorer)
if (bDisableOfficeHotkeys)
// if (bDisableOfficeHotkeys)
{
VnPatchIAT(hExplorer, "user32.dll", "RegisterHotKey", explorer_RegisterHotkeyHook);
}

8
ExplorerPatcher/osutility.h
Unescape View File

@ -77,4 +77,12 @@ inline BOOL IsWindows11Version22H2Build1413OrHigher() @@ -77,4 +77,12 @@ inline BOOL IsWindows11Version22H2Build1413OrHigher()
if (global_ubr >= 1413) return TRUE;
return FALSE;
}
inline BOOL IsWindows11Version22H2Build2134OrHigher()
{
if (IsWindows11BuildHigherThan25158()) return TRUE;
if (!global_rovi.dwMajorVersion) global_ubr = VnGetOSVersionAndUBR(&global_rovi);
if (global_ubr >= 2134) return TRUE;
return FALSE;
}
#endif

26
ExplorerPatcher/utility.h
Unescape View File

@ -625,4 +625,30 @@ typedef struct _MonitorOverrideData @@ -625,4 +625,30 @@ typedef struct _MonitorOverrideData
} MonitorOverrideData;
BOOL ExtractMonitorByIndex(HMONITOR hMonitor, HDC hDC, LPRECT lpRect, MonitorOverrideData* mod);
inline BOOL MaskCompare(PVOID pBuffer, LPCSTR lpPattern, LPCSTR lpMask)
{
for (PBYTE value = pBuffer; *lpMask; ++lpPattern, ++lpMask, ++value)
{
if (*lpMask == 'x' && *(LPCBYTE)lpPattern != *value)
return FALSE;
}
return TRUE;
}
inline PVOID FindPattern(PVOID pBase, SIZE_T dwSize, LPCSTR lpPattern, LPCSTR lpMask)
{
dwSize -= strlen(lpMask);
for (SIZE_T index = 0; index < dwSize; ++index)
{
PBYTE pAddress = (PBYTE)pBase + index;
if (MaskCompare(pAddress, lpPattern, lpMask))
return pAddress;
}
return NULL;
}
#endif

Write Preview
Loading…
Cancel
Save