2008-04-12 20:53:08 +00:00
|
|
|
/*
|
2001-06-12 17:51:51 +00:00
|
|
|
* COPYRIGHT: See COPYING in the top level directory
|
|
|
|
|
* PROJECT: ReactOS kernel
|
|
|
|
|
* PURPOSE: Window hooks
|
2010-10-23 05:36:12 +00:00
|
|
|
* FILE: subsystems/win32/win32k/ntuser/hook.c
|
2001-06-12 17:51:51 +00:00
|
|
|
* PROGRAMER: Casper S. Hornstrup (chorns@users.sourceforge.net)
|
2010-10-23 05:36:12 +00:00
|
|
|
* James Tabor (james.tabor@rectos.org)
|
2011-08-01 22:30:21 +00:00
|
|
|
* Rafal Harabien (rafalh@reactos.org)
|
2010-10-23 05:36:12 +00:00
|
|
|
*
|
2001-06-12 17:51:51 +00:00
|
|
|
* REVISION HISTORY:
|
|
|
|
|
* 06-06-2001 CSH Created
|
2003-12-12 14:22:37 +00:00
|
|
|
* NOTE: Most of this code was adapted from Wine,
|
|
|
|
|
* Copyright (C) 2002 Alexandre Julliard
|
2001-06-12 17:51:51 +00:00
|
|
|
*/
|
2003-12-12 14:22:37 +00:00
|
|
|
|
2010-04-26 13:58:46 +00:00
|
|
|
#include <win32k.h>
|
2001-06-12 17:51:51 +00:00
|
|
|
|
|
|
|
|
#define NDEBUG
|
2005-06-29 07:09:25 +00:00
|
|
|
#include <debug.h>
|
2001-06-12 17:51:51 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
typedef struct _HOOKPACK
|
2005-09-07 20:59:26 +00:00
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
PHOOK pHk;
|
|
|
|
|
LPARAM lParam;
|
2010-11-04 23:45:34 +00:00
|
|
|
PVOID pHookStructs;
|
2010-10-23 05:36:12 +00:00
|
|
|
} HOOKPACK, *PHOOKPACK;
|
2010-01-14 00:43:54 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/* PRIVATE FUNCTIONS *********************************************************/
|
2003-12-12 14:22:37 +00:00
|
|
|
|
2009-05-22 12:50:31 +00:00
|
|
|
static
|
2010-10-23 05:36:12 +00:00
|
|
|
LRESULT
|
2009-05-22 12:50:31 +00:00
|
|
|
FASTCALL
|
2011-08-01 22:30:21 +00:00
|
|
|
co_IntCallLowLevelHook(PHOOK Hook,
|
|
|
|
|
INT Code,
|
|
|
|
|
WPARAM wParam,
|
|
|
|
|
LPARAM lParam)
|
2003-12-12 14:22:37 +00:00
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
|
PTHREADINFO pti;
|
|
|
|
|
PHOOKPACK pHP;
|
2011-08-01 22:30:21 +00:00
|
|
|
INT Size = 0;
|
2010-11-16 04:52:53 +00:00
|
|
|
UINT uTimeout = 300;
|
|
|
|
|
BOOL Block = FALSE;
|
2010-10-23 05:36:12 +00:00
|
|
|
ULONG_PTR uResult = 0;
|
2010-01-14 00:43:54 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
if (Hook->Thread)
|
|
|
|
|
pti = Hook->Thread->Tcb.Win32Thread;
|
2009-05-22 12:50:31 +00:00
|
|
|
else
|
2010-10-23 05:36:12 +00:00
|
|
|
pti = Hook->head.pti;
|
2003-12-12 14:22:37 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
pHP = ExAllocatePoolWithTag(NonPagedPool, sizeof(HOOKPACK), TAG_HOOK);
|
|
|
|
|
if (!pHP) return 0;
|
2009-05-22 12:50:31 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
pHP->pHk = Hook;
|
|
|
|
|
pHP->lParam = lParam;
|
2010-11-04 23:45:34 +00:00
|
|
|
pHP->pHookStructs = NULL;
|
|
|
|
|
|
2010-11-16 04:52:53 +00:00
|
|
|
// This prevents stack corruption from the caller.
|
2010-11-04 23:45:34 +00:00
|
|
|
switch(Hook->HookId)
|
|
|
|
|
{
|
2010-11-16 04:52:53 +00:00
|
|
|
case WH_JOURNALPLAYBACK:
|
|
|
|
|
case WH_JOURNALRECORD:
|
|
|
|
|
uTimeout = 0;
|
|
|
|
|
Size = sizeof(EVENTMSG);
|
2010-11-04 23:45:34 +00:00
|
|
|
break;
|
|
|
|
|
case WH_KEYBOARD_LL:
|
|
|
|
|
Size = sizeof(KBDLLHOOKSTRUCT);
|
|
|
|
|
break;
|
|
|
|
|
case WH_MOUSE_LL:
|
|
|
|
|
Size = sizeof(MSLLHOOKSTRUCT);
|
|
|
|
|
break;
|
|
|
|
|
case WH_MOUSE:
|
2010-11-16 04:52:53 +00:00
|
|
|
uTimeout = 200;
|
|
|
|
|
Block = TRUE;
|
2010-11-04 23:45:34 +00:00
|
|
|
Size = sizeof(MOUSEHOOKSTRUCT);
|
|
|
|
|
break;
|
2010-11-16 04:52:53 +00:00
|
|
|
case WH_KEYBOARD:
|
|
|
|
|
uTimeout = 200;
|
|
|
|
|
Block = TRUE;
|
2010-11-04 23:45:34 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (Size)
|
|
|
|
|
{
|
|
|
|
|
pHP->pHookStructs = ExAllocatePoolWithTag(NonPagedPool, Size, TAG_HOOK);
|
|
|
|
|
if (pHP->pHookStructs) RtlCopyMemory(pHP->pHookStructs, (PVOID)lParam, Size);
|
|
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
|
|
|
|
|
/* FIXME should get timeout from
|
|
|
|
|
* HKEY_CURRENT_USER\Control Panel\Desktop\LowLevelHooksTimeout */
|
2011-04-04 22:08:39 +00:00
|
|
|
Status = co_MsqSendMessage( pti->MessageQueue,
|
2010-10-23 05:36:12 +00:00
|
|
|
IntToPtr(Code), // hWnd
|
|
|
|
|
Hook->HookId, // Msg
|
2009-05-22 12:50:31 +00:00
|
|
|
wParam,
|
2011-04-04 22:08:39 +00:00
|
|
|
(LPARAM)pHP,
|
2010-11-16 04:52:53 +00:00
|
|
|
uTimeout,
|
|
|
|
|
Block,
|
2009-05-22 12:50:31 +00:00
|
|
|
MSQ_ISHOOK,
|
2011-04-04 22:08:39 +00:00
|
|
|
&uResult);
|
2009-05-22 12:50:31 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
DPRINT1("Error Hook Call SendMsg. %d Status: 0x%x\n", Hook->HookId, Status);
|
2010-11-04 23:45:34 +00:00
|
|
|
if (pHP->pHookStructs) ExFreePoolWithTag(pHP->pHookStructs, TAG_HOOK);
|
2010-10-23 05:36:12 +00:00
|
|
|
ExFreePoolWithTag(pHP, TAG_HOOK);
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
return NT_SUCCESS(Status) ? uResult : 0;
|
2003-12-12 14:22:37 +00:00
|
|
|
}
|
|
|
|
|
|
2008-07-26 12:27:40 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
//
|
|
|
|
|
// Dispatch MsgQueue Hook Call processor!
|
|
|
|
|
//
|
|
|
|
|
LRESULT
|
|
|
|
|
FASTCALL
|
|
|
|
|
co_CallHook( INT HookId,
|
|
|
|
|
INT Code,
|
|
|
|
|
WPARAM wParam,
|
|
|
|
|
LPARAM lParam)
|
|
|
|
|
{
|
|
|
|
|
LRESULT Result;
|
|
|
|
|
PHOOK phk;
|
|
|
|
|
PHOOKPACK pHP = (PHOOKPACK)lParam;
|
|
|
|
|
|
|
|
|
|
phk = pHP->pHk;
|
2010-11-04 23:45:34 +00:00
|
|
|
lParam = pHP->lParam;
|
|
|
|
|
|
|
|
|
|
switch(HookId)
|
|
|
|
|
{
|
2010-11-16 04:52:53 +00:00
|
|
|
case WH_JOURNALPLAYBACK:
|
|
|
|
|
case WH_JOURNALRECORD:
|
|
|
|
|
case WH_KEYBOARD:
|
2010-11-04 23:45:34 +00:00
|
|
|
case WH_KEYBOARD_LL:
|
|
|
|
|
case WH_MOUSE_LL:
|
|
|
|
|
case WH_MOUSE:
|
|
|
|
|
lParam = (LPARAM)pHP->pHookStructs;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/* The odds are high for this to be a Global call. */
|
|
|
|
|
Result = co_IntCallHookProc( HookId,
|
|
|
|
|
Code,
|
|
|
|
|
wParam,
|
2010-11-04 23:45:34 +00:00
|
|
|
lParam,
|
2010-10-23 05:36:12 +00:00
|
|
|
phk->Proc,
|
|
|
|
|
phk->Ansi,
|
|
|
|
|
&phk->ModuleName);
|
|
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
/* The odds so high, no one is waiting for the results. */
|
|
|
|
|
if (pHP->pHookStructs) ExFreePoolWithTag(pHP->pHookStructs, TAG_HOOK);
|
2010-10-23 05:36:12 +00:00
|
|
|
ExFreePoolWithTag(pHP, TAG_HOOK);
|
|
|
|
|
return Result;
|
|
|
|
|
}
|
2008-07-26 12:27:40 +00:00
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
static
|
|
|
|
|
LRESULT
|
|
|
|
|
FASTCALL
|
|
|
|
|
co_HOOK_CallHookNext( PHOOK Hook,
|
|
|
|
|
INT Code,
|
|
|
|
|
WPARAM wParam,
|
|
|
|
|
LPARAM lParam)
|
|
|
|
|
{
|
|
|
|
|
DPRINT("Calling Next HOOK %d\n", Hook->HookId);
|
|
|
|
|
|
|
|
|
|
return co_IntCallHookProc( Hook->HookId,
|
|
|
|
|
Code,
|
|
|
|
|
wParam,
|
|
|
|
|
lParam,
|
|
|
|
|
Hook->Proc,
|
|
|
|
|
Hook->Ansi,
|
|
|
|
|
&Hook->ModuleName);
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
static
|
2008-07-22 04:54:53 +00:00
|
|
|
LRESULT
|
|
|
|
|
FASTCALL
|
2011-08-01 22:30:21 +00:00
|
|
|
co_IntCallDebugHook(PHOOK Hook,
|
|
|
|
|
int Code,
|
|
|
|
|
WPARAM wParam,
|
|
|
|
|
LPARAM lParam,
|
|
|
|
|
BOOL Ansi)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
LRESULT lResult = 0;
|
|
|
|
|
ULONG Size;
|
|
|
|
|
DEBUGHOOKINFO Debug;
|
|
|
|
|
PVOID HooklParam = NULL;
|
|
|
|
|
BOOL BadChk = FALSE;
|
|
|
|
|
|
|
|
|
|
if (lParam)
|
|
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
|
|
|
|
sizeof(DEBUGHOOKINFO),
|
|
|
|
|
1);
|
2008-07-22 04:54:53 +00:00
|
|
|
|
2009-05-22 12:50:31 +00:00
|
|
|
RtlCopyMemory(&Debug,
|
|
|
|
|
(PVOID)lParam,
|
|
|
|
|
sizeof(DEBUGHOOKINFO));
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK WH_DEBUG read from lParam ERROR!\n");
|
|
|
|
|
return lResult;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
return lResult; /* Need lParam! */
|
|
|
|
|
|
|
|
|
|
switch (wParam)
|
|
|
|
|
{
|
|
|
|
|
case WH_CBT:
|
|
|
|
|
{
|
|
|
|
|
switch (Debug.code)
|
|
|
|
|
{
|
|
|
|
|
case HCBT_CLICKSKIPPED:
|
|
|
|
|
Size = sizeof(MOUSEHOOKSTRUCTEX);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case HCBT_MOVESIZE:
|
|
|
|
|
Size = sizeof(RECT);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case HCBT_ACTIVATE:
|
|
|
|
|
Size = sizeof(CBTACTIVATESTRUCT);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case HCBT_CREATEWND: /* Handle Ansi? */
|
|
|
|
|
Size = sizeof(CBT_CREATEWND);
|
2009-06-26 02:10:52 +00:00
|
|
|
/* What shall we do? Size += sizeof(HOOKPROC_CBT_CREATEWND_EXTRA_ARGUMENTS); same as CREATESTRUCTEX */
|
2009-05-22 12:50:31 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
Size = sizeof(LPARAM);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WH_MOUSE_LL:
|
|
|
|
|
Size = sizeof(MSLLHOOKSTRUCT);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WH_KEYBOARD_LL:
|
|
|
|
|
Size = sizeof(KBDLLHOOKSTRUCT);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WH_MSGFILTER:
|
|
|
|
|
case WH_SYSMSGFILTER:
|
|
|
|
|
case WH_GETMESSAGE:
|
|
|
|
|
Size = sizeof(MSG);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WH_JOURNALPLAYBACK:
|
|
|
|
|
case WH_JOURNALRECORD:
|
|
|
|
|
Size = sizeof(EVENTMSG);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case WH_FOREGROUNDIDLE:
|
|
|
|
|
case WH_KEYBOARD:
|
|
|
|
|
case WH_SHELL:
|
|
|
|
|
default:
|
|
|
|
|
Size = sizeof(LPARAM);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (Size > sizeof(LPARAM))
|
|
|
|
|
HooklParam = ExAllocatePoolWithTag(NonPagedPool, Size, TAG_HOOK);
|
|
|
|
|
|
|
|
|
|
if (HooklParam)
|
|
|
|
|
{
|
2008-11-30 19:28:11 +00:00
|
|
|
_SEH2_TRY
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
ProbeForRead((PVOID)Debug.lParam,
|
|
|
|
|
Size,
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory(HooklParam,
|
|
|
|
|
(PVOID)Debug.lParam,
|
|
|
|
|
Size);
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2008-11-30 19:28:11 +00:00
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
BadChk = TRUE;
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2008-11-30 19:28:11 +00:00
|
|
|
_SEH2_END;
|
2009-05-22 12:50:31 +00:00
|
|
|
|
2008-07-22 04:54:53 +00:00
|
|
|
if (BadChk)
|
|
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
DPRINT1("HOOK WH_DEBUG read from Debug.lParam ERROR!\n");
|
|
|
|
|
ExFreePool(HooklParam);
|
|
|
|
|
return lResult;
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (HooklParam) Debug.lParam = (LPARAM)HooklParam;
|
|
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Debug);
|
|
|
|
|
if (HooklParam) ExFreePoolWithTag(HooklParam, TAG_HOOK);
|
|
|
|
|
|
|
|
|
|
return lResult;
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
static
|
2009-05-22 12:50:31 +00:00
|
|
|
LRESULT
|
|
|
|
|
FASTCALL
|
2011-08-01 22:30:21 +00:00
|
|
|
co_UserCallNextHookEx(PHOOK Hook,
|
|
|
|
|
int Code,
|
|
|
|
|
WPARAM wParam,
|
|
|
|
|
LPARAM lParam,
|
|
|
|
|
BOOL Ansi)
|
2009-05-22 12:50:31 +00:00
|
|
|
{
|
|
|
|
|
LRESULT lResult = 0;
|
|
|
|
|
BOOL BadChk = FALSE;
|
|
|
|
|
|
|
|
|
|
/* Handle this one first. */
|
|
|
|
|
if ((Hook->HookId == WH_MOUSE) ||
|
|
|
|
|
(Hook->HookId == WH_CBT && Code == HCBT_CLICKSKIPPED))
|
|
|
|
|
{
|
|
|
|
|
MOUSEHOOKSTRUCTEX Mouse;
|
|
|
|
|
if (lParam)
|
|
|
|
|
{
|
2008-11-30 19:28:11 +00:00
|
|
|
_SEH2_TRY
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
2009-05-22 12:50:31 +00:00
|
|
|
sizeof(MOUSEHOOKSTRUCTEX),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory(&Mouse,
|
|
|
|
|
(PVOID)lParam,
|
|
|
|
|
sizeof(MOUSEHOOKSTRUCTEX));
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2008-11-30 19:28:11 +00:00
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
BadChk = TRUE;
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2008-11-30 19:28:11 +00:00
|
|
|
_SEH2_END;
|
2009-05-22 12:50:31 +00:00
|
|
|
|
2008-07-22 04:54:53 +00:00
|
|
|
if (BadChk)
|
|
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
DPRINT1("HOOK WH_MOUSE read from lParam ERROR!\n");
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!BadChk)
|
|
|
|
|
{
|
2008-07-26 12:27:40 +00:00
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Mouse);
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return lResult;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch(Hook->HookId)
|
|
|
|
|
{
|
|
|
|
|
case WH_MOUSE_LL:
|
|
|
|
|
{
|
|
|
|
|
MSLLHOOKSTRUCT Mouse;
|
|
|
|
|
|
|
|
|
|
if (lParam)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
|
|
|
|
sizeof(MSLLHOOKSTRUCT),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory(&Mouse,
|
|
|
|
|
(PVOID)lParam,
|
|
|
|
|
sizeof(MSLLHOOKSTRUCT));
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK WH_MOUSE_LL read from lParam ERROR!\n");
|
|
|
|
|
}
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
|
|
|
|
|
if (!BadChk)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Mouse);
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case WH_KEYBOARD_LL:
|
|
|
|
|
{
|
|
|
|
|
KBDLLHOOKSTRUCT Keyboard;
|
|
|
|
|
|
|
|
|
|
if (lParam)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
|
|
|
|
sizeof(KBDLLHOOKSTRUCT),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory(&Keyboard,
|
|
|
|
|
(PVOID)lParam,
|
|
|
|
|
sizeof(KBDLLHOOKSTRUCT));
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK WH_KEYBORD_LL read from lParam ERROR!\n");
|
|
|
|
|
}
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
|
|
|
|
|
if (!BadChk)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Keyboard);
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case WH_MSGFILTER:
|
|
|
|
|
case WH_SYSMSGFILTER:
|
|
|
|
|
case WH_GETMESSAGE:
|
|
|
|
|
{
|
|
|
|
|
MSG Msg;
|
|
|
|
|
|
|
|
|
|
if (lParam)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
|
|
|
|
sizeof(MSG),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory(&Msg,
|
|
|
|
|
(PVOID)lParam,
|
2008-07-22 04:54:53 +00:00
|
|
|
sizeof(MSG));
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK WH_XMESSAGEX read from lParam ERROR!\n");
|
|
|
|
|
}
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
|
|
|
|
|
2009-05-22 12:50:31 +00:00
|
|
|
if (!BadChk)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Msg);
|
|
|
|
|
|
|
|
|
|
if (lParam && (Hook->HookId == WH_GETMESSAGE))
|
|
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForWrite((PVOID)lParam,
|
|
|
|
|
sizeof(MSG),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory((PVOID)lParam,
|
|
|
|
|
&Msg,
|
|
|
|
|
sizeof(MSG));
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK WH_GETMESSAGE write to lParam ERROR!\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case WH_CBT:
|
2009-07-04 16:31:11 +00:00
|
|
|
DPRINT("HOOK WH_CBT!\n");
|
2009-05-22 12:50:31 +00:00
|
|
|
switch (Code)
|
2008-07-22 04:54:53 +00:00
|
|
|
{
|
2009-06-25 20:39:32 +00:00
|
|
|
case HCBT_CREATEWND:
|
|
|
|
|
{
|
|
|
|
|
LPCBT_CREATEWNDW pcbtcww = (LPCBT_CREATEWNDW)lParam;
|
|
|
|
|
|
2009-07-04 16:31:11 +00:00
|
|
|
DPRINT("HOOK HCBT_CREATEWND\n");
|
2009-06-25 20:39:32 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
if (Ansi)
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead( pcbtcww,
|
|
|
|
|
sizeof(CBT_CREATEWNDA),
|
|
|
|
|
1);
|
|
|
|
|
ProbeForWrite(pcbtcww->lpcs,
|
|
|
|
|
sizeof(CREATESTRUCTA),
|
|
|
|
|
1);
|
|
|
|
|
ProbeForRead( pcbtcww->lpcs->lpszName,
|
|
|
|
|
sizeof(CHAR),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
if (!IS_ATOM(pcbtcww->lpcs->lpszClass))
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead( pcbtcww->lpcs->lpszClass,
|
|
|
|
|
sizeof(CHAR),
|
|
|
|
|
1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead( pcbtcww,
|
|
|
|
|
sizeof(CBT_CREATEWNDW),
|
|
|
|
|
1);
|
|
|
|
|
ProbeForWrite(pcbtcww->lpcs,
|
|
|
|
|
sizeof(CREATESTRUCTW),
|
|
|
|
|
1);
|
|
|
|
|
ProbeForRead( pcbtcww->lpcs->lpszName,
|
|
|
|
|
sizeof(WCHAR),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
if (!IS_ATOM(pcbtcww->lpcs->lpszClass))
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead( pcbtcww->lpcs->lpszClass,
|
|
|
|
|
sizeof(WCHAR),
|
|
|
|
|
1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK HCBT_CREATEWND write ERROR!\n");
|
|
|
|
|
}
|
|
|
|
|
/* The next call handles the structures. */
|
2009-06-26 02:10:52 +00:00
|
|
|
if (!BadChk && Hook->Proc)
|
2009-06-26 00:30:54 +00:00
|
|
|
{
|
2009-06-26 02:10:52 +00:00
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, lParam);
|
2009-06-26 00:30:54 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
break;
|
2009-06-25 20:39:32 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
|
|
|
|
|
case HCBT_MOVESIZE:
|
|
|
|
|
{
|
|
|
|
|
RECTL rt;
|
|
|
|
|
|
2009-07-04 16:31:11 +00:00
|
|
|
DPRINT("HOOK HCBT_MOVESIZE\n");
|
2009-05-22 12:50:31 +00:00
|
|
|
|
|
|
|
|
if (lParam)
|
|
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
|
|
|
|
sizeof(RECT),
|
2008-07-22 04:54:53 +00:00
|
|
|
1);
|
2009-05-22 12:50:31 +00:00
|
|
|
|
|
|
|
|
RtlCopyMemory(&rt,
|
|
|
|
|
(PVOID)lParam,
|
|
|
|
|
sizeof(RECT));
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK HCBT_MOVESIZE read from lParam ERROR!\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!BadChk)
|
|
|
|
|
{
|
|
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&rt);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case HCBT_ACTIVATE:
|
|
|
|
|
{
|
|
|
|
|
CBTACTIVATESTRUCT CbAs;
|
|
|
|
|
|
2009-07-04 16:31:11 +00:00
|
|
|
DPRINT("HOOK HCBT_ACTIVATE\n");
|
2009-05-22 12:50:31 +00:00
|
|
|
if (lParam)
|
|
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
|
|
|
|
sizeof(CBTACTIVATESTRUCT),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory(&CbAs,
|
|
|
|
|
(PVOID)lParam,
|
|
|
|
|
sizeof(CBTACTIVATESTRUCT));
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK HCBT_ACTIVATE read from lParam ERROR!\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!BadChk)
|
|
|
|
|
{
|
|
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&CbAs);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* The rest just use default. */
|
|
|
|
|
default:
|
2009-07-04 16:31:11 +00:00
|
|
|
DPRINT("HOOK HCBT_ %d\n",Code);
|
2009-05-22 12:50:31 +00:00
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, lParam);
|
|
|
|
|
break;
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
break;
|
2010-10-25 02:51:09 +00:00
|
|
|
/*
|
|
|
|
|
Note WH_JOURNALPLAYBACK,
|
|
|
|
|
"To have the system wait before processing the message, the return value
|
|
|
|
|
must be the amount of time, in clock ticks, that the system should wait."
|
|
|
|
|
*/
|
2009-05-22 12:50:31 +00:00
|
|
|
case WH_JOURNALPLAYBACK:
|
|
|
|
|
case WH_JOURNALRECORD:
|
|
|
|
|
{
|
|
|
|
|
EVENTMSG EventMsg;
|
|
|
|
|
|
2008-07-22 04:54:53 +00:00
|
|
|
if (lParam)
|
|
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForRead((PVOID)lParam,
|
|
|
|
|
sizeof(EVENTMSG),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory(&EventMsg,
|
|
|
|
|
(PVOID)lParam,
|
2008-07-22 04:54:53 +00:00
|
|
|
sizeof(EVENTMSG));
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK WH_JOURNAL read from lParam ERROR!\n");
|
|
|
|
|
}
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
|
|
|
|
|
2009-05-22 12:50:31 +00:00
|
|
|
if (!BadChk)
|
|
|
|
|
{
|
|
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)(lParam ? &EventMsg : NULL));
|
|
|
|
|
|
|
|
|
|
if (lParam)
|
|
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ProbeForWrite((PVOID)lParam,
|
|
|
|
|
sizeof(EVENTMSG),
|
|
|
|
|
1);
|
|
|
|
|
|
|
|
|
|
RtlCopyMemory((PVOID)lParam,
|
|
|
|
|
&EventMsg,
|
|
|
|
|
sizeof(EVENTMSG));
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
BadChk = TRUE;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
if (BadChk)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("HOOK WH_JOURNAL write to lParam ERROR!\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case WH_DEBUG:
|
2011-08-01 22:30:21 +00:00
|
|
|
lResult = co_IntCallDebugHook(Hook, Code, wParam, lParam, Ansi);
|
2009-05-22 12:50:31 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Default the rest like, WH_FOREGROUNDIDLE, WH_KEYBOARD and WH_SHELL.
|
|
|
|
|
*/
|
|
|
|
|
case WH_FOREGROUNDIDLE:
|
|
|
|
|
case WH_KEYBOARD:
|
|
|
|
|
case WH_SHELL:
|
|
|
|
|
lResult = co_HOOK_CallHookNext(Hook, Code, wParam, lParam);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
DPRINT1("Unsupported HOOK Id -> %d\n",Hook->HookId);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return lResult;
|
2008-07-22 04:54:53 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
PHOOK
|
|
|
|
|
FASTCALL
|
|
|
|
|
IntGetHookObject(HHOOK hHook)
|
|
|
|
|
{
|
|
|
|
|
PHOOK Hook;
|
|
|
|
|
|
|
|
|
|
if (!hHook)
|
|
|
|
|
{
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_INVALID_HOOK_HANDLE);
|
2010-10-23 05:36:12 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Hook = (PHOOK)UserGetObject(gHandleTable, hHook, otHook);
|
|
|
|
|
if (!Hook)
|
|
|
|
|
{
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_INVALID_HOOK_HANDLE);
|
2010-10-23 05:36:12 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
UserReferenceObject(Hook);
|
|
|
|
|
|
|
|
|
|
return Hook;
|
|
|
|
|
}
|
|
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
static
|
2011-08-01 22:30:21 +00:00
|
|
|
HHOOK*
|
2010-11-04 23:45:34 +00:00
|
|
|
FASTCALL
|
2011-08-01 22:30:21 +00:00
|
|
|
IntGetGlobalHookHandles(PDESKTOP pdo, int HookId)
|
2010-11-04 23:45:34 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
PLIST_ENTRY pLastHead, pElem;
|
|
|
|
|
unsigned i, cHooks;
|
|
|
|
|
HHOOK *pList;
|
|
|
|
|
PHOOK pHook;
|
|
|
|
|
|
|
|
|
|
pLastHead = &pdo->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)];
|
|
|
|
|
for (pElem = pLastHead->Flink; pElem != pLastHead; pElem = pElem->Flink)
|
|
|
|
|
++cHooks;
|
|
|
|
|
|
|
|
|
|
pList = ExAllocatePoolWithTag(PagedPool, (cHooks + 1) * sizeof(HHOOK), TAG_HOOK);
|
|
|
|
|
if(!pList)
|
|
|
|
|
{
|
|
|
|
|
EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2010-11-04 23:45:34 +00:00
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
for (pElem = pLastHead->Flink; pElem != pLastHead; pElem = pElem->Flink)
|
|
|
|
|
{
|
|
|
|
|
pHook = CONTAINING_RECORD(pElem, HOOK, Chain);
|
|
|
|
|
pList[i++] = pHook->head.h;
|
|
|
|
|
}
|
|
|
|
|
pList[i] = NULL;
|
|
|
|
|
|
|
|
|
|
return pList;
|
2010-11-04 23:45:34 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/* find the next hook in the chain */
|
|
|
|
|
PHOOK
|
|
|
|
|
FASTCALL
|
|
|
|
|
IntGetNextHook(PHOOK Hook)
|
|
|
|
|
{
|
|
|
|
|
int HookId = Hook->HookId;
|
2011-08-01 22:30:21 +00:00
|
|
|
PLIST_ENTRY pLastHead, pElem;
|
2010-10-23 05:36:12 +00:00
|
|
|
PTHREADINFO pti;
|
|
|
|
|
|
|
|
|
|
if (Hook->Thread)
|
|
|
|
|
{
|
|
|
|
|
pti = ((PTHREADINFO)Hook->Thread->Tcb.Win32Thread);
|
2011-08-01 22:30:21 +00:00
|
|
|
pLastHead = &pti->aphkStart[HOOKID_TO_INDEX(HookId)];
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
pti = PsGetCurrentThreadWin32Thread();
|
2011-08-01 22:30:21 +00:00
|
|
|
pLastHead = &pti->rpdesk->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)];
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
2011-08-01 22:30:21 +00:00
|
|
|
|
|
|
|
|
pElem = Hook->Chain.Flink;
|
|
|
|
|
if (pElem != pLastHead)
|
|
|
|
|
return CONTAINING_RECORD(pElem, HOOK, Chain);
|
2010-10-23 05:36:12 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* free a hook, removing it from its chain */
|
|
|
|
|
static
|
|
|
|
|
VOID
|
|
|
|
|
FASTCALL
|
|
|
|
|
IntFreeHook(PHOOK Hook)
|
|
|
|
|
{
|
|
|
|
|
RemoveEntryList(&Hook->Chain);
|
|
|
|
|
if (Hook->ModuleName.Buffer)
|
|
|
|
|
{
|
|
|
|
|
ExFreePoolWithTag(Hook->ModuleName.Buffer, TAG_HOOK);
|
|
|
|
|
Hook->ModuleName.Buffer = NULL;
|
|
|
|
|
}
|
|
|
|
|
/* Close handle */
|
|
|
|
|
UserDeleteObject(UserHMGetHandle(Hook), otHook);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* remove a hook, freeing it from the chain */
|
|
|
|
|
static
|
2011-08-01 22:30:21 +00:00
|
|
|
VOID
|
2010-10-23 05:36:12 +00:00
|
|
|
FASTCALL
|
|
|
|
|
IntRemoveHook(PHOOK Hook)
|
|
|
|
|
{
|
|
|
|
|
INT HookId;
|
|
|
|
|
PTHREADINFO pti;
|
2010-11-04 23:45:34 +00:00
|
|
|
PDESKTOP pdo;
|
2010-10-23 05:36:12 +00:00
|
|
|
|
|
|
|
|
HookId = Hook->HookId;
|
|
|
|
|
|
|
|
|
|
if (Hook->Thread) // Local
|
|
|
|
|
{
|
|
|
|
|
pti = ((PTHREADINFO)Hook->Thread->Tcb.Win32Thread);
|
|
|
|
|
|
|
|
|
|
IntFreeHook( Hook);
|
|
|
|
|
|
|
|
|
|
if ( IsListEmpty(&pti->aphkStart[HOOKID_TO_INDEX(HookId)]) )
|
|
|
|
|
{
|
|
|
|
|
pti->fsHooks &= ~HOOKID_TO_FLAG(HookId);
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
GetWin32ClientInfo()->fsHooks = pti->fsHooks;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else // Global
|
|
|
|
|
{
|
|
|
|
|
IntFreeHook( Hook);
|
|
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
pdo = IntGetActiveDesktop();
|
2010-10-23 05:36:12 +00:00
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
if ( pdo &&
|
|
|
|
|
pdo->pDeskInfo &&
|
|
|
|
|
IsListEmpty(&pdo->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)]) )
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2010-11-04 23:45:34 +00:00
|
|
|
pdo->pDeskInfo->fsHooks &= ~HOOKID_TO_FLAG(HookId);
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
FASTCALL
|
|
|
|
|
HOOK_DestroyThreadHooks(PETHREAD Thread)
|
|
|
|
|
{
|
|
|
|
|
PTHREADINFO pti;
|
2010-10-31 23:42:37 +00:00
|
|
|
PDESKTOP pdo;
|
2010-10-23 05:36:12 +00:00
|
|
|
int HookId;
|
|
|
|
|
PHOOK HookObj;
|
|
|
|
|
PLIST_ENTRY pElem;
|
|
|
|
|
|
|
|
|
|
pti = Thread->Tcb.Win32Thread;
|
2010-10-31 23:42:37 +00:00
|
|
|
pdo = IntGetActiveDesktop();
|
2010-11-04 23:45:34 +00:00
|
|
|
|
2010-10-31 23:42:37 +00:00
|
|
|
if (!pti || !pdo)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Kill Thread Hooks pti 0x%x pdo 0x%x\n",pti,pdo);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
|
|
|
|
|
// Local Thread cleanup.
|
|
|
|
|
if (pti->fsHooks)
|
|
|
|
|
{
|
|
|
|
|
for (HookId = WH_MINHOOK; HookId <= WH_MAXHOOK; HookId++)
|
|
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
PLIST_ENTRY pLastHead = &pti->aphkStart[HOOKID_TO_INDEX(HookId)];
|
2010-10-23 05:36:12 +00:00
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
pElem = pLastHead->Flink;
|
|
|
|
|
while (pElem != pLastHead)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
|
|
|
|
HookObj = CONTAINING_RECORD(pElem, HOOK, Chain);
|
2011-08-01 22:30:21 +00:00
|
|
|
pElem = HookObj->Chain.Flink; // get next element before hook is destroyed
|
|
|
|
|
IntRemoveHook(HookObj);
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
pti->fsHooks = 0;
|
|
|
|
|
}
|
|
|
|
|
// Global search based on Thread and cleanup.
|
2010-10-31 23:42:37 +00:00
|
|
|
if (pdo->pDeskInfo->fsHooks)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
|
|
|
|
for (HookId = WH_MINHOOK; HookId <= WH_MAXHOOK; HookId++)
|
|
|
|
|
{
|
2010-10-31 23:42:37 +00:00
|
|
|
PLIST_ENTRY pGLE = &pdo->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)];
|
2011-08-01 22:30:21 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
pElem = pGLE->Flink;
|
2011-08-01 22:30:21 +00:00
|
|
|
while (pElem != pGLE)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
HookObj = CONTAINING_RECORD(pElem, HOOK, Chain);
|
|
|
|
|
pElem = HookObj->Chain.Flink; // get next element before hook is destroyed
|
2010-10-23 05:36:12 +00:00
|
|
|
if (HookObj->head.pti == pti)
|
2010-11-04 23:45:34 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
IntRemoveHook(HookObj);
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Win32k Kernel Space Hook Caller.
|
|
|
|
|
*/
|
2003-12-12 14:22:37 +00:00
|
|
|
LRESULT
|
2010-10-23 05:36:12 +00:00
|
|
|
FASTCALL
|
|
|
|
|
co_HOOK_CallHooks( INT HookId,
|
|
|
|
|
INT Code,
|
|
|
|
|
WPARAM wParam,
|
|
|
|
|
LPARAM lParam)
|
2001-06-12 17:51:51 +00:00
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
PHOOK Hook, SaveHook;
|
|
|
|
|
PTHREADINFO pti;
|
2009-05-22 12:50:31 +00:00
|
|
|
PCLIENTINFO ClientInfo;
|
2011-08-01 22:30:21 +00:00
|
|
|
PLIST_ENTRY pLastHead;
|
2010-11-04 23:45:34 +00:00
|
|
|
PDESKTOP pdo;
|
2010-10-23 05:36:12 +00:00
|
|
|
BOOL Local = FALSE, Global = FALSE;
|
|
|
|
|
LRESULT Result = 0;
|
2011-08-01 22:30:21 +00:00
|
|
|
USER_REFERENCE_ENTRY Ref;
|
2005-09-05 21:19:23 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
ASSERT(WH_MINHOOK <= HookId && HookId <= WH_MAXHOOK);
|
2003-12-12 14:22:37 +00:00
|
|
|
|
2010-10-24 04:36:45 +00:00
|
|
|
pti = PsGetCurrentThreadWin32Thread();
|
2010-10-27 01:56:56 +00:00
|
|
|
if (!pti || !pti->rpdesk || !pti->rpdesk->pDeskInfo)
|
2010-11-04 23:45:34 +00:00
|
|
|
{
|
|
|
|
|
pdo = IntGetActiveDesktop();
|
|
|
|
|
/* If KeyboardThread|MouseThread|(RawInputThread or RIT) aka system threads,
|
|
|
|
|
pti->fsHooks most likely, is zero. So process KbT & MsT to "send" the message.
|
|
|
|
|
*/
|
|
|
|
|
if ( !pti || !pdo || (!(HookId == WH_KEYBOARD_LL) && !(HookId == WH_MOUSE_LL)) )
|
2010-11-16 04:52:53 +00:00
|
|
|
{
|
|
|
|
|
DPRINT("No PDO %d\n", HookId);
|
2010-11-04 23:45:34 +00:00
|
|
|
goto Exit;
|
2010-11-16 04:52:53 +00:00
|
|
|
}
|
2010-11-04 23:45:34 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
pdo = pti->rpdesk;
|
|
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
if ( pti->TIF_flags & (TIF_INCLEANUP|TIF_DISABLEHOOKS))
|
2010-11-16 04:52:53 +00:00
|
|
|
{
|
|
|
|
|
DPRINT("Hook Thread dead %d\n", HookId);
|
2010-10-23 05:36:12 +00:00
|
|
|
goto Exit;
|
2010-11-16 04:52:53 +00:00
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
|
|
|
|
|
if ( ISITHOOKED(HookId) )
|
2009-05-22 12:50:31 +00:00
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
DPRINT("Local Hooker %d\n", HookId);
|
|
|
|
|
Local = TRUE;
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
2005-09-07 21:25:42 +00:00
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
if ( pdo->pDeskInfo->fsHooks & HOOKID_TO_FLAG(HookId) )
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
|
|
|
|
DPRINT("Global Hooker %d\n", HookId);
|
|
|
|
|
Global = TRUE;
|
|
|
|
|
}
|
2005-09-07 21:25:42 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
if ( !Local && !Global ) goto Exit; // No work!
|
2008-07-22 04:54:53 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
Hook = NULL;
|
2008-07-26 12:27:40 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/* SetWindowHookEx sorts out the Thread issue by placing the Hook to
|
|
|
|
|
the correct Thread if not NULL.
|
|
|
|
|
*/
|
|
|
|
|
if ( Local )
|
|
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
pLastHead = &pti->aphkStart[HOOKID_TO_INDEX(HookId)];
|
|
|
|
|
if (IsListEmpty(pLastHead))
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
|
|
|
|
DPRINT1("No Local Hook Found!\n");
|
|
|
|
|
goto Exit;
|
|
|
|
|
}
|
2011-08-01 22:30:21 +00:00
|
|
|
|
|
|
|
|
Hook = CONTAINING_RECORD(pLastHead->Flink, HOOK, Chain);
|
|
|
|
|
UserRefObjectCo(Hook, &Ref);
|
2010-10-23 05:36:12 +00:00
|
|
|
|
|
|
|
|
ClientInfo = pti->pClientInfo;
|
|
|
|
|
SaveHook = pti->sphkCurrent;
|
2011-04-08 19:29:15 +00:00
|
|
|
/* Note: Setting pti->sphkCurrent will also lock the next hook to this
|
|
|
|
|
* hook ID. So, the CallNextHookEx will only call to that hook ID
|
|
|
|
|
* chain anyway. For Thread Hooks....
|
|
|
|
|
*/
|
2010-10-23 05:36:12 +00:00
|
|
|
|
|
|
|
|
/* Load it for the next call. */
|
|
|
|
|
pti->sphkCurrent = Hook;
|
|
|
|
|
Hook->phkNext = IntGetNextHook(Hook);
|
|
|
|
|
if (ClientInfo)
|
|
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ClientInfo->phkCurrent = Hook;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
ClientInfo = NULL; // Don't bother next run.
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
}
|
|
|
|
|
Result = co_IntCallHookProc( HookId,
|
|
|
|
|
Code,
|
|
|
|
|
wParam,
|
|
|
|
|
lParam,
|
|
|
|
|
Hook->Proc,
|
|
|
|
|
Hook->Ansi,
|
|
|
|
|
&Hook->ModuleName);
|
|
|
|
|
if (ClientInfo)
|
|
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
ClientInfo->phkCurrent = SaveHook;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
}
|
|
|
|
|
pti->sphkCurrent = SaveHook;
|
|
|
|
|
Hook->phkNext = NULL;
|
2011-08-01 22:30:21 +00:00
|
|
|
UserDerefObjectCo(Hook);
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
2008-07-26 12:27:40 +00:00
|
|
|
|
2011-04-09 20:32:52 +00:00
|
|
|
if ( Global )
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
|
|
|
|
PTHREADINFO ptiHook;
|
2011-08-01 22:30:21 +00:00
|
|
|
HHOOK *pHookHandles;
|
|
|
|
|
unsigned i;
|
2010-10-23 05:36:12 +00:00
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
/* Keep hooks in array because hooks can be destroyed in user world */
|
|
|
|
|
pHookHandles = IntGetGlobalHookHandles(pdo, HookId);
|
|
|
|
|
if(!pHookHandles)
|
2010-10-23 05:36:12 +00:00
|
|
|
goto Exit;
|
2011-08-01 22:30:21 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/* Performance goes down the drain. If more hooks are associated to this
|
|
|
|
|
* hook ID, this will have to post to each of the thread message queues
|
|
|
|
|
* or make a direct call.
|
|
|
|
|
*/
|
2011-08-01 22:30:21 +00:00
|
|
|
for(i = 0; pHookHandles[i]; ++i)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
Hook = (PHOOK)UserGetObject(gHandleTable, pHookHandles[i], otHook);
|
|
|
|
|
if(!Hook)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Invalid hook!\n");
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
UserRefObjectCo(Hook, &Ref);
|
|
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/* Hook->Thread is null, we hax around this with Hook->head.pti. */
|
|
|
|
|
ptiHook = Hook->head.pti;
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
if ( (pti->TIF_flags & TIF_DISABLEHOOKS) || (ptiHook->TIF_flags & TIF_INCLEANUP))
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
DPRINT("Next Hook 0x%x, 0x%x\n", ptiHook->rpdesk, pdo);
|
2010-10-23 05:36:12 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2011-08-01 22:30:21 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
if (ptiHook != pti )
|
2011-08-01 22:30:21 +00:00
|
|
|
{
|
|
|
|
|
// Block | TimeOut
|
2010-11-16 04:52:53 +00:00
|
|
|
if ( HookId == WH_JOURNALPLAYBACK || // 1 | 0
|
|
|
|
|
HookId == WH_JOURNALRECORD || // 1 | 0
|
|
|
|
|
HookId == WH_KEYBOARD || // 1 | 200
|
|
|
|
|
HookId == WH_MOUSE || // 1 | 200
|
|
|
|
|
HookId == WH_KEYBOARD_LL || // 0 | 300
|
|
|
|
|
HookId == WH_MOUSE_LL ) // 0 | 300
|
2010-11-04 23:45:34 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
DPRINT("\nGlobal Hook posting to another Thread! %d\n", HookId);
|
|
|
|
|
Result = co_IntCallLowLevelHook(Hook, Code, wParam, lParam);
|
2010-11-04 23:45:34 +00:00
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{ /* Make the direct call. */
|
|
|
|
|
Result = co_IntCallHookProc( HookId,
|
|
|
|
|
Code,
|
|
|
|
|
wParam,
|
|
|
|
|
lParam,
|
|
|
|
|
Hook->Proc,
|
|
|
|
|
Hook->Ansi,
|
|
|
|
|
&Hook->ModuleName);
|
|
|
|
|
}
|
2011-08-01 22:30:21 +00:00
|
|
|
UserDerefObjectCo(Hook);
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
2011-08-01 22:30:21 +00:00
|
|
|
ExFreePoolWithTag(pHookHandles, TAG_HOOK);
|
|
|
|
|
DPRINT("Ret: Global HookId %d Result 0x%x\n", HookId, Result);
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
Exit:
|
|
|
|
|
return Result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BOOL
|
|
|
|
|
FASTCALL
|
|
|
|
|
IntUnhookWindowsHook(int HookId, HOOKPROC pfnFilterProc)
|
|
|
|
|
{
|
|
|
|
|
PHOOK Hook;
|
2011-08-01 22:30:21 +00:00
|
|
|
PLIST_ENTRY pLastHead, pElement;
|
2010-10-23 05:36:12 +00:00
|
|
|
PTHREADINFO pti = PsGetCurrentThreadWin32Thread();
|
|
|
|
|
|
|
|
|
|
if (HookId < WH_MINHOOK || WH_MAXHOOK < HookId )
|
|
|
|
|
{
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_INVALID_HOOK_FILTER);
|
2010-10-23 05:36:12 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pti->fsHooks)
|
|
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
pLastHead = &pti->aphkStart[HOOKID_TO_INDEX(HookId)];
|
2010-10-23 05:36:12 +00:00
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
pElement = pLastHead->Flink;
|
|
|
|
|
while (pElement != pLastHead)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
Hook = CONTAINING_RECORD(pElement, HOOK, Chain);
|
|
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
if (Hook->Proc == pfnFilterProc)
|
|
|
|
|
{
|
|
|
|
|
if (Hook->head.pti == pti)
|
|
|
|
|
{
|
|
|
|
|
IntRemoveHook(Hook);
|
|
|
|
|
UserDereferenceObject(Hook);
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_ACCESS_DENIED);
|
2010-10-23 05:36:12 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-08-01 22:30:21 +00:00
|
|
|
|
|
|
|
|
pElement = Hook->Chain.Flink;
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2008-07-26 12:27:40 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/*
|
|
|
|
|
* Support for compatibility only? Global hooks are processed in kernel space.
|
|
|
|
|
* This is very thread specific! Never seeing applications with more than one
|
|
|
|
|
* hook per thread installed. Most of the applications are Global hookers and
|
|
|
|
|
* associated with just one hook Id. Maybe it's for diagnostic testing or a
|
|
|
|
|
* throw back to 3.11?
|
|
|
|
|
*/
|
|
|
|
|
LRESULT
|
|
|
|
|
APIENTRY
|
|
|
|
|
NtUserCallNextHookEx( int Code,
|
|
|
|
|
WPARAM wParam,
|
|
|
|
|
LPARAM lParam,
|
|
|
|
|
BOOL Ansi)
|
|
|
|
|
{
|
|
|
|
|
PTHREADINFO pti;
|
|
|
|
|
PHOOK HookObj, NextObj;
|
|
|
|
|
PCLIENTINFO ClientInfo;
|
|
|
|
|
LRESULT lResult = 0;
|
|
|
|
|
DECLARE_RETURN(LRESULT);
|
2010-04-30 11:23:17 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
DPRINT("Enter NtUserCallNextHookEx\n");
|
|
|
|
|
UserEnterExclusive();
|
2010-04-30 11:23:17 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
pti = GetW32ThreadInfo();
|
2005-09-07 21:25:42 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
HookObj = pti->sphkCurrent;
|
2008-07-22 04:54:53 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
if (!HookObj) RETURN( 0);
|
|
|
|
|
|
|
|
|
|
NextObj = HookObj->phkNext;
|
|
|
|
|
|
|
|
|
|
pti->sphkCurrent = NextObj;
|
|
|
|
|
ClientInfo = pti->pClientInfo;
|
|
|
|
|
_SEH2_TRY
|
2009-05-22 12:50:31 +00:00
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
ClientInfo->phkCurrent = NextObj;
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
ClientInfo = NULL;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
2005-09-07 21:25:42 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
/* Now in List run down. */
|
|
|
|
|
if (ClientInfo && NextObj)
|
|
|
|
|
{
|
|
|
|
|
NextObj->phkNext = IntGetNextHook(NextObj);
|
2011-08-01 22:30:21 +00:00
|
|
|
lResult = co_UserCallNextHookEx( NextObj, Code, wParam, lParam, NextObj->Ansi);
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
RETURN( lResult);
|
2001-06-12 17:51:51 +00:00
|
|
|
|
2005-09-05 21:19:23 +00:00
|
|
|
CLEANUP:
|
2009-05-22 12:50:31 +00:00
|
|
|
DPRINT("Leave NtUserCallNextHookEx, ret=%i\n",_ret_);
|
|
|
|
|
UserLeave();
|
|
|
|
|
END_CLEANUP;
|
2001-06-12 17:51:51 +00:00
|
|
|
}
|
|
|
|
|
|
2008-04-12 20:53:08 +00:00
|
|
|
HHOOK
|
2008-11-29 22:48:58 +00:00
|
|
|
APIENTRY
|
2010-10-23 05:36:12 +00:00
|
|
|
NtUserSetWindowsHookAW( int idHook,
|
|
|
|
|
HOOKPROC lpfn,
|
|
|
|
|
BOOL Ansi)
|
2001-06-12 17:51:51 +00:00
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
DWORD ThreadId;
|
2009-05-22 12:50:31 +00:00
|
|
|
UNICODE_STRING USModuleName;
|
|
|
|
|
|
|
|
|
|
RtlInitUnicodeString(&USModuleName, NULL);
|
2010-10-23 05:36:12 +00:00
|
|
|
ThreadId = PtrToUint(NtCurrentTeb()->ClientId.UniqueThread);
|
|
|
|
|
|
|
|
|
|
return NtUserSetWindowsHookEx( NULL,
|
|
|
|
|
&USModuleName,
|
|
|
|
|
ThreadId,
|
|
|
|
|
idHook,
|
|
|
|
|
lpfn,
|
|
|
|
|
Ansi);
|
2001-06-12 17:51:51 +00:00
|
|
|
}
|
|
|
|
|
|
2003-12-12 14:22:37 +00:00
|
|
|
HHOOK
|
2008-11-29 22:48:58 +00:00
|
|
|
APIENTRY
|
2010-10-23 05:36:12 +00:00
|
|
|
NtUserSetWindowsHookEx( HINSTANCE Mod,
|
|
|
|
|
PUNICODE_STRING UnsafeModuleName,
|
|
|
|
|
DWORD ThreadId,
|
|
|
|
|
int HookId,
|
|
|
|
|
HOOKPROC HookProc,
|
|
|
|
|
BOOL Ansi)
|
2001-06-12 17:51:51 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
PWINSTATION_OBJECT WinStaObj;
|
|
|
|
|
PHOOK Hook;
|
|
|
|
|
UNICODE_STRING ModuleName;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
HHOOK Handle;
|
2010-10-23 05:36:12 +00:00
|
|
|
PETHREAD Thread = NULL;
|
2011-08-01 22:30:21 +00:00
|
|
|
PTHREADINFO pti, ptiHook = NULL;
|
2009-05-22 12:50:31 +00:00
|
|
|
DECLARE_RETURN(HHOOK);
|
|
|
|
|
|
|
|
|
|
DPRINT("Enter NtUserSetWindowsHookEx\n");
|
|
|
|
|
UserEnterExclusive();
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
pti = PsGetCurrentThreadWin32Thread();
|
2010-10-23 05:36:12 +00:00
|
|
|
|
2009-05-22 12:50:31 +00:00
|
|
|
if (HookId < WH_MINHOOK || WH_MAXHOOK < HookId )
|
|
|
|
|
{
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_INVALID_HOOK_FILTER);
|
2009-05-22 12:50:31 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!HookProc)
|
|
|
|
|
{
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_INVALID_FILTER_PROC);
|
2009-05-22 12:50:31 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ThreadId) /* thread-local hook */
|
|
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
if ( HookId == WH_JOURNALRECORD ||
|
2005-09-07 21:25:42 +00:00
|
|
|
HookId == WH_JOURNALPLAYBACK ||
|
|
|
|
|
HookId == WH_KEYBOARD_LL ||
|
|
|
|
|
HookId == WH_MOUSE_LL ||
|
|
|
|
|
HookId == WH_SYSMSGFILTER)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2010-10-25 01:37:14 +00:00
|
|
|
DPRINT1("Local hook installing Global HookId: %d\n",HookId);
|
2010-10-23 05:36:12 +00:00
|
|
|
/* these can only be global */
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_GLOBAL_ONLY_HOOK);
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(PsLookupThreadByThreadId((HANDLE)(DWORD_PTR) ThreadId, &Thread)))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Invalid thread id 0x%x\n", ThreadId);
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_INVALID_PARAMETER);
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
ptiHook = Thread->Tcb.Win32Thread;
|
2010-10-23 05:36:12 +00:00
|
|
|
|
|
|
|
|
ObDereferenceObject(Thread);
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
if ( ptiHook->rpdesk != pti->rpdesk) // gptiCurrent->rpdesk)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2010-10-25 01:37:14 +00:00
|
|
|
DPRINT1("Local hook wrong desktop HookId: %d\n",HookId);
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_ACCESS_DENIED);
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (Thread->ThreadsProcess != PsGetCurrentProcess())
|
|
|
|
|
{
|
|
|
|
|
if ( !Mod &&
|
|
|
|
|
(HookId == WH_GETMESSAGE ||
|
|
|
|
|
HookId == WH_CALLWNDPROC ||
|
|
|
|
|
HookId == WH_CBT ||
|
|
|
|
|
HookId == WH_HARDWARE ||
|
|
|
|
|
HookId == WH_DEBUG ||
|
|
|
|
|
HookId == WH_SHELL ||
|
|
|
|
|
HookId == WH_FOREGROUNDIDLE ||
|
|
|
|
|
HookId == WH_CALLWNDPROCRET) )
|
|
|
|
|
{
|
2010-10-25 01:37:14 +00:00
|
|
|
DPRINT1("Local hook needs hMod HookId: %d\n",HookId);
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_HOOK_NEEDS_HMOD);
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
if ( (ptiHook->TIF_flags & (TIF_CSRSSTHREAD|TIF_SYSTEMTHREAD)) &&
|
2010-10-23 05:36:12 +00:00
|
|
|
(HookId == WH_GETMESSAGE ||
|
|
|
|
|
HookId == WH_CALLWNDPROC ||
|
|
|
|
|
HookId == WH_CBT ||
|
|
|
|
|
HookId == WH_HARDWARE ||
|
|
|
|
|
HookId == WH_DEBUG ||
|
|
|
|
|
HookId == WH_SHELL ||
|
|
|
|
|
HookId == WH_FOREGROUNDIDLE ||
|
|
|
|
|
HookId == WH_CALLWNDPROCRET) )
|
|
|
|
|
{
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_HOOK_TYPE_NOT_ALLOWED);
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
else /* system-global hook */
|
2010-11-04 23:45:34 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
ptiHook = pti; // gptiCurrent;
|
2010-10-23 05:36:12 +00:00
|
|
|
if ( !Mod &&
|
|
|
|
|
(HookId == WH_GETMESSAGE ||
|
|
|
|
|
HookId == WH_CALLWNDPROC ||
|
|
|
|
|
HookId == WH_CBT ||
|
|
|
|
|
HookId == WH_SYSMSGFILTER ||
|
|
|
|
|
HookId == WH_HARDWARE ||
|
|
|
|
|
HookId == WH_DEBUG ||
|
|
|
|
|
HookId == WH_SHELL ||
|
|
|
|
|
HookId == WH_FOREGROUNDIDLE ||
|
|
|
|
|
HookId == WH_CALLWNDPROCRET) )
|
|
|
|
|
{
|
2010-10-25 01:37:14 +00:00
|
|
|
DPRINT1("Global hook needs hMod HookId: %d\n",HookId);
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_HOOK_NEEDS_HMOD);
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
Status = IntValidateWindowStationHandle( PsGetCurrentProcess()->Win32WindowStation,
|
|
|
|
|
KernelMode,
|
|
|
|
|
0,
|
2009-05-22 12:50:31 +00:00
|
|
|
&WinStaObj);
|
|
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
SetLastNtError(Status);
|
|
|
|
|
RETURN( NULL);
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
ObDereferenceObject(WinStaObj);
|
2009-05-22 12:50:31 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
Hook = UserCreateObject(gHandleTable, NULL, &Handle, otHook, sizeof(HOOK));
|
|
|
|
|
|
|
|
|
|
if (!Hook)
|
2009-05-22 12:50:31 +00:00
|
|
|
{
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
Hook->ihmod = (INT)Mod; // Module Index from atom table, Do this for now.
|
|
|
|
|
Hook->Thread = Thread; /* Set Thread, Null is Global. */
|
|
|
|
|
Hook->HookId = HookId;
|
2011-08-01 22:30:21 +00:00
|
|
|
Hook->rpdesk = ptiHook->rpdesk;
|
2010-10-23 05:36:12 +00:00
|
|
|
Hook->phkNext = NULL; /* Dont use as a chain! Use link lists for chaining. */
|
|
|
|
|
Hook->Proc = HookProc;
|
|
|
|
|
Hook->Ansi = Ansi;
|
|
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
DPRINT("Set Hook Desk 0x%x DeskInfo 0x%x Handle Desk 0x%x\n", ptiHook->rpdesk, ptiHook->pDeskInfo,Hook->head.rpdesk);
|
2010-11-04 23:45:34 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
if (ThreadId) /* thread-local hook */
|
2009-05-22 12:50:31 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
InsertHeadList(&ptiHook->aphkStart[HOOKID_TO_INDEX(HookId)], &Hook->Chain);
|
|
|
|
|
ptiHook->sphkCurrent = NULL;
|
|
|
|
|
Hook->ptiHooked = ptiHook;
|
|
|
|
|
ptiHook->fsHooks |= HOOKID_TO_FLAG(HookId);
|
2010-10-23 05:36:12 +00:00
|
|
|
|
2011-08-01 22:30:21 +00:00
|
|
|
if (ptiHook->pClientInfo)
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
if ( ptiHook->ppi == pti->ppi) /* gptiCurrent->ppi) */
|
2010-10-23 05:36:12 +00:00
|
|
|
{
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
ptiHook->pClientInfo->fsHooks = ptiHook->fsHooks;
|
|
|
|
|
ptiHook->pClientInfo->phkCurrent = NULL;
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Problem writing to Local ClientInfo!\n");
|
|
|
|
|
}
|
2011-08-01 22:30:21 +00:00
|
|
|
_SEH2_END;
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
KeAttachProcess(&ptiHook->ppi->peProcess->Pcb);
|
2010-10-23 05:36:12 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
ptiHook->pClientInfo->fsHooks = ptiHook->fsHooks;
|
|
|
|
|
ptiHook->pClientInfo->phkCurrent = NULL;
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
DPRINT1("Problem writing to Remote ClientInfo!\n");
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
KeDetachProcess();
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
2010-10-23 05:36:12 +00:00
|
|
|
else
|
2009-05-22 12:50:31 +00:00
|
|
|
{
|
2011-08-01 22:30:21 +00:00
|
|
|
InsertHeadList(&ptiHook->rpdesk->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)], &Hook->Chain);
|
2010-10-23 05:36:12 +00:00
|
|
|
Hook->ptiHooked = NULL;
|
|
|
|
|
//gptiCurrent->pDeskInfo->fsHooks |= HOOKID_TO_FLAG(HookId);
|
2011-08-01 22:30:21 +00:00
|
|
|
ptiHook->rpdesk->pDeskInfo->fsHooks |= HOOKID_TO_FLAG(HookId);
|
|
|
|
|
ptiHook->sphkCurrent = NULL;
|
|
|
|
|
ptiHook->pClientInfo->phkCurrent = NULL;
|
2010-10-23 05:36:12 +00:00
|
|
|
}
|
2009-05-22 12:50:31 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
RtlInitUnicodeString(&Hook->ModuleName, NULL);
|
|
|
|
|
|
|
|
|
|
if (Mod)
|
|
|
|
|
{
|
|
|
|
|
Status = MmCopyFromCaller(&ModuleName,
|
|
|
|
|
UnsafeModuleName,
|
|
|
|
|
sizeof(UNICODE_STRING));
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
IntRemoveHook(Hook);
|
|
|
|
|
SetLastNtError(Status);
|
|
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Hook->ModuleName.Buffer = ExAllocatePoolWithTag( PagedPool,
|
2009-05-22 12:50:31 +00:00
|
|
|
ModuleName.MaximumLength,
|
|
|
|
|
TAG_HOOK);
|
2010-10-23 05:36:12 +00:00
|
|
|
if (NULL == Hook->ModuleName.Buffer)
|
|
|
|
|
{
|
|
|
|
|
IntRemoveHook(Hook);
|
2010-12-25 11:01:14 +00:00
|
|
|
EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
2010-10-23 05:36:12 +00:00
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Hook->ModuleName.MaximumLength = ModuleName.MaximumLength;
|
|
|
|
|
Status = MmCopyFromCaller( Hook->ModuleName.Buffer,
|
2009-05-22 12:50:31 +00:00
|
|
|
ModuleName.Buffer,
|
|
|
|
|
ModuleName.MaximumLength);
|
2010-10-23 05:36:12 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
ExFreePoolWithTag(Hook->ModuleName.Buffer, TAG_HOOK);
|
|
|
|
|
Hook->ModuleName.Buffer = NULL;
|
|
|
|
|
IntRemoveHook(Hook);
|
|
|
|
|
SetLastNtError(Status);
|
|
|
|
|
RETURN( NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Hook->ModuleName.Length = ModuleName.Length;
|
|
|
|
|
/* make proc relative to the module base */
|
|
|
|
|
Hook->offPfn = (ULONG_PTR)((char *)HookProc - (char *)Mod);
|
2009-05-22 12:50:31 +00:00
|
|
|
}
|
|
|
|
|
else
|
2010-10-23 05:36:12 +00:00
|
|
|
Hook->offPfn = 0;
|
2009-05-22 12:50:31 +00:00
|
|
|
|
2010-11-04 23:45:34 +00:00
|
|
|
DPRINT("Installing: HookId %d Global %s\n", HookId, !ThreadId ? "TRUE" : "FALSE");
|
2009-05-22 12:50:31 +00:00
|
|
|
RETURN( Handle);
|
2003-12-12 14:22:37 +00:00
|
|
|
|
2005-09-05 21:19:23 +00:00
|
|
|
CLEANUP:
|
2009-05-22 12:50:31 +00:00
|
|
|
DPRINT("Leave NtUserSetWindowsHookEx, ret=%i\n",_ret_);
|
|
|
|
|
UserLeave();
|
|
|
|
|
END_CLEANUP;
|
2001-06-12 17:51:51 +00:00
|
|
|
}
|
|
|
|
|
|
2003-12-12 14:22:37 +00:00
|
|
|
BOOL
|
2008-11-29 22:48:58 +00:00
|
|
|
APIENTRY
|
2009-05-22 12:50:31 +00:00
|
|
|
NtUserUnhookWindowsHookEx(HHOOK Hook)
|
2001-06-12 17:51:51 +00:00
|
|
|
{
|
2009-05-22 12:50:31 +00:00
|
|
|
PHOOK HookObj;
|
|
|
|
|
DECLARE_RETURN(BOOL);
|
|
|
|
|
|
|
|
|
|
DPRINT("Enter NtUserUnhookWindowsHookEx\n");
|
|
|
|
|
UserEnterExclusive();
|
|
|
|
|
|
|
|
|
|
if (!(HookObj = IntGetHookObject(Hook)))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Invalid handle passed to NtUserUnhookWindowsHookEx\n");
|
|
|
|
|
/* SetLastNtError(Status); */
|
|
|
|
|
RETURN( FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-15 13:47:25 +00:00
|
|
|
ASSERT(Hook == UserHMGetHandle(HookObj));
|
2009-05-22 12:50:31 +00:00
|
|
|
|
2010-10-23 05:36:12 +00:00
|
|
|
IntRemoveHook(HookObj);
|
2009-05-22 12:50:31 +00:00
|
|
|
|
|
|
|
|
UserDereferenceObject(HookObj);
|
|
|
|
|
|
|
|
|
|
RETURN( TRUE);
|
2003-12-12 14:22:37 +00:00
|
|
|
|
2005-09-05 21:19:23 +00:00
|
|
|
CLEANUP:
|
2009-05-22 12:50:31 +00:00
|
|
|
DPRINT("Leave NtUserUnhookWindowsHookEx, ret=%i\n",_ret_);
|
|
|
|
|
UserLeave();
|
|
|
|
|
END_CLEANUP;
|
2001-06-12 17:51:51 +00:00
|
|
|
}
|
2010-01-05 19:26:32 +00:00
|
|
|
|
2001-06-12 17:51:51 +00:00
|
|
|
/* EOF */
|
