ReactOS 0.4.15-dev-6644-g539123c
Classes | Typedefs | Functions | Variables
hook.c File Reference
#include <win32k.h>
Include dependency graph for hook.c:

Go to the source code of this file.

Classes

struct  _HOOKPACK
 

Typedefs

typedef struct _HOOKPACK HOOKPACK
 
typedef struct _HOOKPACKPHOOKPACK
 

Functions

 DBG_DEFAULT_CHANNEL (UserHook)
 
BOOL IntLoadHookModule (int iHookID, HHOOK hHook, BOOL Unload)
 
BOOL IntHookModuleUnloaded (PDESKTOP pdesk, int iHookID, HHOOK hHook)
 
BOOL FASTCALL UserLoadApiHook (VOID)
 
BOOL FASTCALL UserRegisterUserApiHook (PUNICODE_STRING pstrDllName, PUNICODE_STRING pstrFuncName)
 
BOOL FASTCALL UserUnregisterUserApiHook (VOID)
 
static LRESULT FASTCALL co_IntCallLowLevelHook (PHOOK Hook, INT Code, WPARAM wParam, LPARAM lParam)
 
LRESULT APIENTRY co_CallHook (INT HookId, INT Code, WPARAM wParam, LPARAM lParam)
 
static LRESULT APIENTRY co_HOOK_CallHookNext (PHOOK Hook, INT Code, WPARAM wParam, LPARAM lParam)
 
static LRESULT FASTCALL co_IntCallDebugHook (PHOOK Hook, int Code, WPARAM wParam, LPARAM lParam, BOOL Ansi)
 
static LRESULT APIENTRY co_UserCallNextHookEx (PHOOK Hook, int Code, WPARAM wParam, LPARAM lParam, BOOL Ansi)
 
PHOOK FASTCALL IntGetHookObject (HHOOK hHook)
 
static HHOOK *FASTCALL IntGetGlobalHookHandles (PDESKTOP pdo, int HookId)
 
PHOOK FASTCALL IntGetNextHook (PHOOK Hook)
 
static VOID FASTCALL IntFreeHook (PHOOK Hook)
 
BOOLEAN IntRemoveHook (PVOID Object)
 
LRESULT APIENTRY co_HOOK_CallHooks (INT HookId, INT Code, WPARAM wParam, LPARAM lParam)
 
BOOL FASTCALL IntUnhookWindowsHook (int HookId, HOOKPROC pfnFilterProc)
 
LRESULT APIENTRY NtUserCallNextHookEx (int Code, WPARAM wParam, LPARAM lParam, BOOL Ansi)
 
HHOOK APIENTRY NtUserSetWindowsHookAW (int idHook, HOOKPROC lpfn, BOOL Ansi)
 
HHOOK APIENTRY NtUserSetWindowsHookEx (HINSTANCE Mod, PUNICODE_STRING UnsafeModuleName, DWORD ThreadId, int HookId, HOOKPROC HookProc, BOOL Ansi)
 
BOOL APIENTRY NtUserUnhookWindowsHookEx (HHOOK Hook)
 
BOOL APIENTRY NtUserRegisterUserApiHook (PUNICODE_STRING m_dllname1, PUNICODE_STRING m_funname1, DWORD dwUnknown3, DWORD dwUnknown4)
 
BOOL APIENTRY NtUserUnregisterUserApiHook (VOID)
 

Variables

UNICODE_STRING strUahModule
 
UNICODE_STRING strUahInitFunc
 
PPROCESSINFO ppiUahServer
 

Typedef Documentation

◆ HOOKPACK

typedef struct _HOOKPACK HOOKPACK

◆ PHOOKPACK

typedef struct _HOOKPACK * PHOOKPACK

Function Documentation

◆ co_CallHook()

LRESULT APIENTRY co_CallHook ( INT  HookId,
INT  Code,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 321 of file hook.c.

325{
326 LRESULT Result = 0;
327 PHOOK phk;
328 PHOOKPACK pHP = (PHOOKPACK)lParam;
329
330 phk = pHP->pHk;
331 lParam = pHP->lParam;
332
333 switch(HookId)
334 {
335 case WH_JOURNALPLAYBACK:
336 case WH_JOURNALRECORD:
337 case WH_KEYBOARD_LL:
338 case WH_MOUSE_LL:
339 case WH_MOUSE:
340 lParam = (LPARAM)pHP->pHookStructs;
341 case WH_KEYBOARD:
342 break;
343 }
344
345 if (!UserObjectInDestroy(UserHMGetHandle(phk)))
346 {
347 /* The odds are high for this to be a Global call. */
348 Result = co_IntCallHookProc( HookId,
349 Code,
350 wParam,
351 lParam,
352 phk->Proc,
353 phk->ihmod,
354 phk->offPfn,
355 phk->Ansi,
356 &phk->ModuleName);
357 }
358 /* The odds so high, no one is waiting for the results. */
359 if (pHP->pHookStructs) ExFreePoolWithTag(pHP->pHookStructs, TAG_HOOK);
360 ExFreePoolWithTag(pHP, TAG_HOOK);
361 return Result;
362}
wParam
WPARAM wParam
Definition: combotst.c:138
lParam
LPARAM lParam
Definition: combotst.c:139
UserHMGetHandle
#define UserHMGetHandle(obj)
Definition: ntuser.h:230
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
PHOOKPACK
struct _HOOKPACK * PHOOKPACK
_HOOKPACK
Definition: hook.c:16
_HOOKPACK::pHookStructs
PVOID pHookStructs
Definition: hook.c:19
_HOOKPACK::pHk
PHOOK pHk
Definition: hook.c:17
_HOOKPACK::lParam
LPARAM lParam
Definition: hook.c:18
tagHOOK::ihmod
INT_PTR ihmod
Definition: ntuser.h:244
tagHOOK::Proc
HOOKPROC Proc
Definition: ntuser.h:249
tagHOOK::offPfn
ULONG_PTR offPfn
Definition: ntuser.h:242
tagHOOK::Ansi
BOOLEAN Ansi
Definition: ntuser.h:250
tagHOOK::ModuleName
UNICODE_STRING ModuleName
Definition: ntuser.h:251
Code
_In_ UCHAR _In_ UCHAR _In_ ULONG Code
Definition: wdfdevice.h:1701
co_IntCallHookProc
LRESULT APIENTRY co_IntCallHookProc(INT HookId, INT Code, WPARAM wParam, LPARAM lParam, HOOKPROC Proc, INT Mod, ULONG_PTR offPfn, BOOLEAN Ansi, PUNICODE_STRING ModuleName)
Definition: callback.c:508
UserObjectInDestroy
BOOL FASTCALL UserObjectInDestroy(HANDLE h)
Definition: object.c:703
TAG_HOOK
#define TAG_HOOK
Definition: tags.h:5
LPARAM
LONG_PTR LPARAM
Definition: windef.h:208
LRESULT
LONG_PTR LRESULT
Definition: windef.h:209
WH_KEYBOARD
#define WH_KEYBOARD
Definition: winuser.h:32
WH_JOURNALPLAYBACK
#define WH_JOURNALPLAYBACK
Definition: winuser.h:31
WH_MOUSE_LL
#define WH_MOUSE_LL
Definition: winuser.h:44
WH_MOUSE
#define WH_MOUSE
Definition: winuser.h:37
WH_KEYBOARD_LL
#define WH_KEYBOARD_LL
Definition: winuser.h:43
WH_JOURNALRECORD
#define WH_JOURNALRECORD
Definition: winuser.h:30
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409

Referenced by co_MsqDispatchOneSentMessage().

◆ co_HOOK_CallHookNext()

static LRESULT APIENTRY co_HOOK_CallHookNext ( PHOOK  Hook,
INT  Code,
WPARAM  wParam,
LPARAM  lParam 
)
static

Definition at line 367 of file hook.c.

371{
372 TRACE("Calling Next HOOK %d\n", Hook->HookId);
373
374 return co_IntCallHookProc( Hook->HookId,
375 Code,
376 wParam,
377 lParam,
378 Hook->Proc,
379 Hook->ihmod,
380 Hook->offPfn,
381 Hook->Ansi,
382 &Hook->ModuleName);
383}
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
tagHOOK::HookId
int HookId
Definition: ntuser.h:241

Referenced by co_IntCallDebugHook(), and co_UserCallNextHookEx().

◆ co_HOOK_CallHooks()

LRESULT APIENTRY co_HOOK_CallHooks ( INT  HookId,
INT  Code,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 1102 of file hook.c.

1106{
1107 PHOOK Hook, SaveHook;
1108 PTHREADINFO pti;
1109 PCLIENTINFO ClientInfo;
1110 PLIST_ENTRY pLastHead;
1111 PDESKTOP pdo;
1112 BOOL Local = FALSE, Global = FALSE;
1113 LRESULT Result = 0;
1114 USER_REFERENCE_ENTRY Ref;
1115
1116 ASSERT(WH_MINHOOK <= HookId && HookId <= WH_MAXHOOK);
1117
1118 pti = PsGetCurrentThreadWin32Thread();
1119 if (!pti || !pti->rpdesk || !pti->rpdesk->pDeskInfo)
1120 {
1121 pdo = IntGetActiveDesktop();
1122 /* If KeyboardThread|MouseThread|(RawInputThread or RIT) aka system threads,
1123 pti->fsHooks most likely, is zero. So process KbT & MsT to "send" the message.
1124 */
1125 if ( !pti || !pdo || (!(HookId == WH_KEYBOARD_LL) && !(HookId == WH_MOUSE_LL)) )
1126 {
1127 TRACE("No PDO %d\n", HookId);
1128 goto Exit;
1129 }
1130 }
1131 else
1132 {
1133 pdo = pti->rpdesk;
1134 }
1135
1136 if ( pti->TIF_flags & (TIF_INCLEANUP|TIF_DISABLEHOOKS))
1137 {
1138 TRACE("Hook Thread dead %d\n", HookId);
1139 goto Exit;
1140 }
1141
1142 if ( ISITHOOKED(HookId) )
1143 {
1144 TRACE("Local Hooker %d\n", HookId);
1145 Local = TRUE;
1146 }
1147
1148 if ( pdo->pDeskInfo->fsHooks & HOOKID_TO_FLAG(HookId) )
1149 {
1150 TRACE("Global Hooker %d\n", HookId);
1151 Global = TRUE;
1152 }
1153
1154 if ( !Local && !Global ) goto Exit; // No work!
1155
1156 Hook = NULL;
1157
1158 /* SetWindowHookEx sorts out the Thread issue by placing the Hook to
1159 the correct Thread if not NULL.
1160 */
1161 if ( Local )
1162 {
1163 pLastHead = &pti->aphkStart[HOOKID_TO_INDEX(HookId)];
1164 if (IsListEmpty(pLastHead))
1165 {
1166 ERR("No Local Hook Found!\n");
1167 goto Exit;
1168 }
1169
1170 Hook = CONTAINING_RECORD(pLastHead->Flink, HOOK, Chain);
1171 ObReferenceObject(pti->pEThread);
1172 IntReferenceThreadInfo(pti);
1173 UserRefObjectCo(Hook, &Ref);
1174
1175 ClientInfo = pti->pClientInfo;
1176 SaveHook = pti->sphkCurrent;
1177 /* Note: Setting pti->sphkCurrent will also lock the next hook to this
1178 * hook ID. So, the CallNextHookEx will only call to that hook ID
1179 * chain anyway. For Thread Hooks....
1180 */
1181
1182 /* Load it for the next call. */
1183 pti->sphkCurrent = Hook;
1184 Hook->phkNext = IntGetNextHook(Hook);
1185 if (ClientInfo)
1186 {
1187 _SEH2_TRY
1188 {
1189 ClientInfo->phkCurrent = Hook;
1190 }
1191 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1192 {
1193 ClientInfo = NULL; // Don't bother next run.
1194 }
1195 _SEH2_END;
1196 }
1197 Result = co_IntCallHookProc( HookId,
1198 Code,
1199 wParam,
1200 lParam,
1201 Hook->Proc,
1202 Hook->ihmod,
1203 Hook->offPfn,
1204 Hook->Ansi,
1205 &Hook->ModuleName);
1206 if (ClientInfo)
1207 {
1208 _SEH2_TRY
1209 {
1210 ClientInfo->phkCurrent = SaveHook;
1211 }
1212 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1213 {
1214 /* Do nothing */
1215 (void)0;
1216 }
1217 _SEH2_END;
1218 }
1219 pti->sphkCurrent = SaveHook;
1220 Hook->phkNext = NULL;
1221 UserDerefObjectCo(Hook);
1222 IntDereferenceThreadInfo(pti);
1223 ObDereferenceObject(pti->pEThread);
1224 }
1225
1226 if ( Global )
1227 {
1228 PTHREADINFO ptiHook;
1229 HHOOK *pHookHandles;
1230 unsigned i;
1231
1232 /* Keep hooks in array because hooks can be destroyed in user world */
1233 pHookHandles = IntGetGlobalHookHandles(pdo, HookId);
1234 if(!pHookHandles)
1235 goto Exit;
1236
1237 /* Performance goes down the drain. If more hooks are associated to this
1238 * hook ID, this will have to post to each of the thread message queues
1239 * or make a direct call.
1240 */
1241 for(i = 0; pHookHandles[i]; ++i)
1242 {
1243 Hook = (PHOOK)UserGetObject(gHandleTable, pHookHandles[i], TYPE_HOOK);
1244 if(!Hook)
1245 {
1246 ERR("Invalid hook!\n");
1247 continue;
1248 }
1249
1250 /* Hook->Thread is null, we hax around this with Hook->head.pti. */
1251 ptiHook = Hook->head.pti;
1252
1253 if ( (pti->TIF_flags & TIF_DISABLEHOOKS) || (ptiHook->TIF_flags & TIF_INCLEANUP))
1254 {
1255 TRACE("Next Hook %p, %p\n", ptiHook->rpdesk, pdo);
1256 continue;
1257 }
1258 UserRefObjectCo(Hook, &Ref);
1259
1260 if (ptiHook != pti )
1261 {
1262 // Block | TimeOut
1263 if ( HookId == WH_JOURNALPLAYBACK || // 1 | 0
1264 HookId == WH_JOURNALRECORD || // 1 | 0
1265 HookId == WH_KEYBOARD || // 1 | 200
1266 HookId == WH_MOUSE || // 1 | 200
1267 HookId == WH_KEYBOARD_LL || // 0 | 300
1268 HookId == WH_MOUSE_LL ) // 0 | 300
1269 {
1270 TRACE("\nGlobal Hook posting to another Thread! %d\n",HookId );
1271 Result = co_IntCallLowLevelHook(Hook, Code, wParam, lParam);
1272 }
1273 else if (ptiHook->ppi == pti->ppi)
1274 {
1275 TRACE("\nGlobal Hook calling to another Thread! %d\n",HookId );
1276 ObReferenceObject(ptiHook->pEThread);
1277 IntReferenceThreadInfo(ptiHook);
1278 Result = co_IntCallHookProc( HookId,
1279 Code,
1280 wParam,
1281 lParam,
1282 Hook->Proc,
1283 Hook->ihmod,
1284 Hook->offPfn,
1285 Hook->Ansi,
1286 &Hook->ModuleName);
1287 IntDereferenceThreadInfo(ptiHook);
1288 ObDereferenceObject(ptiHook->pEThread);
1289 }
1290 }
1291 else
1292 { /* Make the direct call. */
1293 TRACE("Global going Local Hook calling to Thread! %d\n",HookId );
1294 ObReferenceObject(pti->pEThread);
1295 IntReferenceThreadInfo(pti);
1296 Result = co_IntCallHookProc( HookId,
1297 Code,
1298 wParam,
1299 lParam,
1300 Hook->Proc,
1301 Hook->ihmod,
1302 Hook->offPfn,
1303 Hook->Ansi,
1304 &Hook->ModuleName);
1305 IntDereferenceThreadInfo(pti);
1306 ObDereferenceObject(pti->pEThread);
1307 }
1308 UserDerefObjectCo(Hook);
1309 }
1310 ExFreePoolWithTag(pHookHandles, TAG_HOOK);
1311 TRACE("Ret: Global HookId %d Result 0x%x\n", HookId,Result);
1312 }
1313Exit:
1314 return Result;
1315}
ERR
#define ERR(fmt,...)
Definition: debug.h:110
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
IsListEmpty
#define IsListEmpty(ListHead)
Definition: env_spec_w32.h:954
_SEH2_END
#define _SEH2_END
Definition: filesup.c:22
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HOOKID_TO_INDEX
#define HOOKID_TO_INDEX(HookId)
Definition: hook.h:4
ISITHOOKED
#define ISITHOOKED(HookId)
Definition: hook.h:6
HOOKID_TO_FLAG
#define HOOKID_TO_FLAG(HookId)
Definition: hook.h:5
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
TIF_INCLEANUP
#define TIF_INCLEANUP
Definition: ntuser.h:262
PHOOK
struct tagHOOK * PHOOK
TYPE_HOOK
@ TYPE_HOOK
Definition: ntuser.h:45
TIF_DISABLEHOOKS
#define TIF_DISABLEHOOKS
Definition: ntuser.h:290
ClientInfo
CLIENT_DATA ClientInfo
Global
UNICODE_STRING Global
Definition: symlink.c:37
ASSERT
#define ASSERT(a)
Definition: mode.c:44
PsGetCurrentThreadWin32Thread
PVOID NTAPI PsGetCurrentThreadWin32Thread(VOID)
Definition: thread.c:805
IntGetGlobalHookHandles
static HHOOK *FASTCALL IntGetGlobalHookHandles(PDESKTOP pdo, int HookId)
Definition: hook.c:962
co_IntCallLowLevelHook
static LRESULT FASTCALL co_IntCallLowLevelHook(PHOOK Hook, INT Code, WPARAM wParam, LPARAM lParam)
Definition: hook.c:239
IntGetNextHook
PHOOK FASTCALL IntGetNextHook(PHOOK Hook)
Definition: hook.c:995
UserDerefObjectCo
static __inline VOID UserDerefObjectCo(PVOID obj)
Definition: object.h:40
UserRefObjectCo
static __inline VOID UserRefObjectCo(PVOID obj, PUSER_REFERENCE_ENTRY UserReferenceEntry)
Definition: object.h:27
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
Exit
static void Exit(void)
Definition: sock.c:1330
_CLIENTINFO
Definition: ntuser.h:313
_DESKTOPINFO::fsHooks
DWORD fsHooks
Definition: ntuser.h:138
_DESKTOP
Definition: desktop.h:4
_DESKTOP::pDeskInfo
PDESKTOPINFO pDeskInfo
Definition: desktop.h:8
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_THREADINFO
Definition: win32.h:84
_THREADINFO::ppi
PPROCESSINFO ppi
Definition: win32.h:88
_THREADINFO::sphkCurrent
struct tagHOOK * sphkCurrent
Definition: win32.h:118
_THREADINFO::pClientInfo
struct _CLIENTINFO * pClientInfo
Definition: win32.h:94
_THREADINFO::aphkStart
LIST_ENTRY aphkStart[NB_HOOKS]
FIXME!
Definition: win32.h:143
_THREADINFO::TIF_flags
FLONG TIF_flags
Definition: win32.h:95
_THREADINFO::rpdesk
struct _DESKTOP * rpdesk
Definition: win32.h:92
_USER_REFERENCE_ENTRY
Definition: object.h:4
tagHOOK::phkNext
struct tagHOOK * phkNext
Definition: ntuser.h:240
tagHOOK::head
THRDESKHEAD head
Definition: ntuser.h:239
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
IntDereferenceThreadInfo
#define IntDereferenceThreadInfo(pti)
Definition: win32.h:171
IntReferenceThreadInfo
#define IntReferenceThreadInfo(pti)
Definition: win32.h:166
IntGetActiveDesktop
PDESKTOP FASTCALL IntGetActiveDesktop(VOID)
Definition: desktop.c:1262
UserGetObject
PVOID UserGetObject(PUSER_HANDLE_TABLE ht, HANDLE handle, HANDLE_TYPE type)
Definition: object.c:495
gHandleTable
PUSER_HANDLE_TABLE gHandleTable
Definition: object.c:13
WH_MINHOOK
#define WH_MINHOOK
Definition: winuser.h:46
WH_MAXHOOK
#define WH_MAXHOOK
Definition: winuser.h:47
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ObReferenceObject
#define ObReferenceObject
Definition: obfuncs.h:204

Referenced by co_CallLowLevelKeyboardHook(), co_IntGetPeekMessage(), co_IntProcessKeyboardMessage(), co_IntProcessMouseMessage(), co_IntSetActiveWindow(), co_IntShellHookNotify(), co_MsqInsertMouseMessage(), co_UserCreateWindowEx(), co_UserDestroyWindow(), co_UserSetFocus(), co_WinPosMinMaximize(), DefWndDoSizeMove(), DefWndHandleSysCommand(), IdlePing(), IntCallMsgFilter(), IntCallWndProc(), IntCallWndProcRet(), IntDefWindowProc(), NtUserCallMsgFilter(), NtUserDragDetect(), and NtUserNotifyIMEStatus().

◆ co_IntCallDebugHook()

static LRESULT FASTCALL co_IntCallDebugHook ( PHOOK  Hook,
int  Code,
WPARAM  wParam,
LPARAM  lParam,
BOOL  Ansi 
)
static

Definition at line 388 of file hook.c.

393{
394 LRESULT lResult = 0;
395 ULONG Size;
396 DEBUGHOOKINFO Debug;
397 PVOID HooklParam = NULL;
398 BOOL BadChk = FALSE;
399
400 if (lParam)
401 {
402 _SEH2_TRY
403 {
404 ProbeForRead((PVOID)lParam,
405 sizeof(DEBUGHOOKINFO),
406 1);
407
408 RtlCopyMemory(&Debug,
409 (PVOID)lParam,
410 sizeof(DEBUGHOOKINFO));
411 }
412 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
413 {
414 BadChk = TRUE;
415 }
416 _SEH2_END;
417
418 if (BadChk)
419 {
420 ERR("HOOK WH_DEBUG read from lParam ERROR!\n");
421 return lResult;
422 }
423 }
424 else
425 return lResult; /* Need lParam! */
426
427 switch (wParam)
428 {
429 case WH_CBT:
430 {
431 switch (Debug.code)
432 {
433 case HCBT_CLICKSKIPPED:
434 Size = sizeof(MOUSEHOOKSTRUCTEX);
435 break;
436
437 case HCBT_MOVESIZE:
438 Size = sizeof(RECT);
439 break;
440
441 case HCBT_ACTIVATE:
442 Size = sizeof(CBTACTIVATESTRUCT);
443 break;
444
445 case HCBT_CREATEWND: /* Handle ANSI? */
446 Size = sizeof(CBT_CREATEWND);
447 /* What shall we do? Size += sizeof(HOOKPROC_CBT_CREATEWND_EXTRA_ARGUMENTS); same as CREATESTRUCTEX */
448 break;
449
450 default:
451 Size = sizeof(LPARAM);
452 }
453 }
454 break;
455
456 case WH_MOUSE_LL:
457 Size = sizeof(MSLLHOOKSTRUCT);
458 break;
459
460 case WH_KEYBOARD_LL:
461 Size = sizeof(KBDLLHOOKSTRUCT);
462 break;
463
464 case WH_MSGFILTER:
465 case WH_SYSMSGFILTER:
466 case WH_GETMESSAGE:
467 Size = sizeof(MSG);
468 break;
469
470 case WH_JOURNALPLAYBACK:
471 case WH_JOURNALRECORD:
472 Size = sizeof(EVENTMSG);
473 break;
474
475 case WH_FOREGROUNDIDLE:
476 case WH_KEYBOARD:
477 case WH_SHELL:
478 default:
479 Size = sizeof(LPARAM);
480 }
481
482 if (Size > sizeof(LPARAM))
483 HooklParam = ExAllocatePoolWithTag(NonPagedPool, Size, TAG_HOOK);
484
485 if (HooklParam)
486 {
487 _SEH2_TRY
488 {
489 ProbeForRead((PVOID)Debug.lParam,
490 Size,
491 1);
492
493 RtlCopyMemory(HooklParam,
494 (PVOID)Debug.lParam,
495 Size);
496 }
497 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
498 {
499 BadChk = TRUE;
500 }
501 _SEH2_END;
502
503 if (BadChk)
504 {
505 ERR("HOOK WH_DEBUG read from Debug.lParam ERROR!\n");
506 ExFreePoolWithTag(HooklParam, TAG_HOOK);
507 return lResult;
508 }
509 }
510
511 if (HooklParam) Debug.lParam = (LPARAM)HooklParam;
512 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Debug);
513 if (HooklParam) ExFreePoolWithTag(HooklParam, TAG_HOOK);
514
515 return lResult;
516}
MSG
#define MSG
Definition: Mailslot.c:11
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
NonPagedPool
#define NonPagedPool
Definition: env_spec_w32.h:307
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
co_HOOK_CallHookNext
static LRESULT APIENTRY co_HOOK_CallHookNext(PHOOK Hook, INT Code, WPARAM wParam, LPARAM lParam)
Definition: hook.c:367
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
RECT
#define RECT
Definition: precomp.h:26
EVENTMSG
struct tagEVENTMSG EVENTMSG
HCBT_ACTIVATE
#define HCBT_ACTIVATE
Definition: winuser.h:60
WH_MSGFILTER
#define WH_MSGFILTER
Definition: winuser.h:29
CBTACTIVATESTRUCT
struct tagCBTACTIVATESTRUCT CBTACTIVATESTRUCT
WH_SHELL
#define WH_SHELL
Definition: winuser.h:40
CBT_CREATEWND
CBT_CREATEWNDA CBT_CREATEWND
Definition: winuser.h:5717
WH_CBT
#define WH_CBT
Definition: winuser.h:35
HCBT_CREATEWND
#define HCBT_CREATEWND
Definition: winuser.h:58
HCBT_CLICKSKIPPED
#define HCBT_CLICKSKIPPED
Definition: winuser.h:61
HCBT_MOVESIZE
#define HCBT_MOVESIZE
Definition: winuser.h:55
WH_GETMESSAGE
#define WH_GETMESSAGE
Definition: winuser.h:33
WH_SYSMSGFILTER
#define WH_SYSMSGFILTER
Definition: winuser.h:36
MSLLHOOKSTRUCT
struct tagMSLLHOOKSTRUCT MSLLHOOKSTRUCT
KBDLLHOOKSTRUCT
struct tagKBDLLHOOKSTRUCT KBDLLHOOKSTRUCT
WH_FOREGROUNDIDLE
#define WH_FOREGROUNDIDLE
Definition: winuser.h:41

Referenced by co_UserCallNextHookEx().

◆ co_IntCallLowLevelHook()

static LRESULT FASTCALL co_IntCallLowLevelHook ( PHOOK  Hook,
INT  Code,
WPARAM  wParam,
LPARAM  lParam 
)
static

Definition at line 239 of file hook.c.

243{
244 NTSTATUS Status;
245 PTHREADINFO pti;
246 PHOOKPACK pHP;
247 INT Size = 0;
248 UINT uTimeout = 300;
249 BOOL Block = FALSE;
250 ULONG_PTR uResult = 0;
251
252 if (Hook->ptiHooked)
253 pti = Hook->ptiHooked;
254 else
255 pti = Hook->head.pti;
256
257 pHP = ExAllocatePoolWithTag(NonPagedPool, sizeof(HOOKPACK), TAG_HOOK);
258 if (!pHP) return 0;
259
260 pHP->pHk = Hook;
261 pHP->lParam = lParam;
262 pHP->pHookStructs = NULL;
263
264// This prevents stack corruption from the caller.
265 switch(Hook->HookId)
266 {
267 case WH_JOURNALPLAYBACK:
268 case WH_JOURNALRECORD:
269 uTimeout = 0;
270 Size = sizeof(EVENTMSG);
271 break;
272 case WH_KEYBOARD_LL:
273 Size = sizeof(KBDLLHOOKSTRUCT);
274 break;
275 case WH_MOUSE_LL:
276 Size = sizeof(MSLLHOOKSTRUCT);
277 break;
278 case WH_MOUSE:
279 uTimeout = 200;
280 Block = TRUE;
281 Size = sizeof(MOUSEHOOKSTRUCT);
282 break;
283 case WH_KEYBOARD:
284 uTimeout = 200;
285 Block = TRUE;
286 break;
287 }
288
289 if (Size)
290 {
291 pHP->pHookStructs = ExAllocatePoolWithTag(NonPagedPool, Size, TAG_HOOK);
292 if (pHP->pHookStructs) RtlCopyMemory(pHP->pHookStructs, (PVOID)lParam, Size);
293 }
294
295 /* FIXME: Should get timeout from
296 * HKEY_CURRENT_USER\Control Panel\Desktop\LowLevelHooksTimeout */
297 Status = co_MsqSendMessage( pti,
298 IntToPtr(Code), // hWnd
299 Hook->HookId, // Msg
300 wParam,
301 (LPARAM)pHP,
302 uTimeout,
303 Block,
304 MSQ_ISHOOK,
305 &uResult);
306 if (!NT_SUCCESS(Status))
307 {
308 ERR("Error Hook Call SendMsg. %d Status: 0x%x\n", Hook->HookId, Status);
309 if (pHP->pHookStructs) ExFreePoolWithTag(pHP->pHookStructs, TAG_HOOK);
310 ExFreePoolWithTag(pHP, TAG_HOOK);
311 }
312 return NT_SUCCESS(Status) ? uResult : 0;
313}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
IntToPtr
#define IntToPtr(i)
Definition: basetsd.h:89
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
Status
Status
Definition: gdiplustypes.h:25
co_MsqSendMessage
NTSTATUS FASTCALL co_MsqSendMessage(PTHREADINFO ptirec, HWND Wnd, UINT Msg, WPARAM wParam, LPARAM lParam, UINT uTimeout, BOOL Block, INT HookMessage, ULONG_PTR *uResult)
Definition: msgqueue.c:1056
MSQ_ISHOOK
#define MSQ_ISHOOK
Definition: msgqueue.h:5
UINT
unsigned int UINT
Definition: ndis.h:50
tagHOOK::ptiHooked
struct _THREADINFO * ptiHooked
Definition: ntuser.h:245
INT
int32_t INT
Definition: typedefs.h:58
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
MOUSEHOOKSTRUCT
struct tagMOUSEHOOKSTRUCT MOUSEHOOKSTRUCT

Referenced by co_HOOK_CallHooks().

◆ co_UserCallNextHookEx()

static LRESULT APIENTRY co_UserCallNextHookEx ( PHOOK  Hook,
int  Code,
WPARAM  wParam,
LPARAM  lParam,
BOOL  Ansi 
)
static

Definition at line 521 of file hook.c.

526{
527 LRESULT lResult = 0;
528 BOOL BadChk = FALSE;
529
530 /* Handle this one first. */
531 if ((Hook->HookId == WH_MOUSE) ||
532 (Hook->HookId == WH_CBT && Code == HCBT_CLICKSKIPPED))
533 {
534 MOUSEHOOKSTRUCTEX Mouse;
535 if (lParam)
536 {
537 _SEH2_TRY
538 {
539 ProbeForRead((PVOID)lParam,
540 sizeof(MOUSEHOOKSTRUCTEX),
541 1);
542
543 RtlCopyMemory(&Mouse,
544 (PVOID)lParam,
545 sizeof(MOUSEHOOKSTRUCTEX));
546 }
547 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
548 {
549 BadChk = TRUE;
550 }
551 _SEH2_END;
552
553 if (BadChk)
554 {
555 ERR("HOOK WH_MOUSE read from lParam ERROR!\n");
556 }
557 }
558
559 if (!BadChk)
560 {
561 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Mouse);
562 }
563
564 return lResult;
565 }
566
567 switch(Hook->HookId)
568 {
569 case WH_MOUSE_LL:
570 {
571 MSLLHOOKSTRUCT Mouse;
572
573 if (lParam)
574 {
575 _SEH2_TRY
576 {
577 ProbeForRead((PVOID)lParam,
578 sizeof(MSLLHOOKSTRUCT),
579 1);
580
581 RtlCopyMemory(&Mouse,
582 (PVOID)lParam,
583 sizeof(MSLLHOOKSTRUCT));
584 }
585 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
586 {
587 BadChk = TRUE;
588 }
589 _SEH2_END;
590
591 if (BadChk)
592 {
593 ERR("HOOK WH_MOUSE_LL read from lParam ERROR!\n");
594 }
595 }
596
597 if (!BadChk)
598 {
599 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Mouse);
600 }
601 break;
602 }
603
604 case WH_KEYBOARD_LL:
605 {
606 KBDLLHOOKSTRUCT Keyboard;
607
608 if (lParam)
609 {
610 _SEH2_TRY
611 {
612 ProbeForRead((PVOID)lParam,
613 sizeof(KBDLLHOOKSTRUCT),
614 1);
615
616 RtlCopyMemory(&Keyboard,
617 (PVOID)lParam,
618 sizeof(KBDLLHOOKSTRUCT));
619 }
620 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
621 {
622 BadChk = TRUE;
623 }
624 _SEH2_END;
625
626 if (BadChk)
627 {
628 ERR("HOOK WH_KEYBORD_LL read from lParam ERROR!\n");
629 }
630 }
631
632 if (!BadChk)
633 {
634 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Keyboard);
635 }
636 break;
637 }
638
639 case WH_MSGFILTER:
640 case WH_SYSMSGFILTER:
641 case WH_GETMESSAGE:
642 {
643 MSG Msg;
644
645 if (lParam)
646 {
647 _SEH2_TRY
648 {
649 ProbeForRead((PVOID)lParam,
650 sizeof(MSG),
651 1);
652
653 RtlCopyMemory(&Msg,
654 (PVOID)lParam,
655 sizeof(MSG));
656 }
657 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
658 {
659 BadChk = TRUE;
660 }
661 _SEH2_END;
662
663 if (BadChk)
664 {
665 ERR("HOOK WH_XMESSAGEX read from lParam ERROR!\n");
666 }
667 }
668
669 if (!BadChk)
670 {
671 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&Msg);
672
673 if (lParam && (Hook->HookId == WH_GETMESSAGE))
674 {
675 _SEH2_TRY
676 {
677 ProbeForWrite((PVOID)lParam,
678 sizeof(MSG),
679 1);
680
681 RtlCopyMemory((PVOID)lParam,
682 &Msg,
683 sizeof(MSG));
684 }
685 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
686 {
687 BadChk = TRUE;
688 }
689 _SEH2_END;
690
691 if (BadChk)
692 {
693 ERR("HOOK WH_GETMESSAGE write to lParam ERROR!\n");
694 }
695 }
696 }
697 break;
698 }
699
700 case WH_CBT:
701 TRACE("HOOK WH_CBT!\n");
702 switch (Code)
703 {
704 case HCBT_CREATEWND:
705 {
706 LPCBT_CREATEWNDW pcbtcww = (LPCBT_CREATEWNDW)lParam;
707
708 TRACE("HOOK HCBT_CREATEWND\n");
709 _SEH2_TRY
710 {
711 if (Ansi)
712 {
713 ProbeForRead( pcbtcww,
714 sizeof(CBT_CREATEWNDA),
715 1);
716 ProbeForWrite(pcbtcww->lpcs,
717 sizeof(CREATESTRUCTA),
718 1);
719 ProbeForRead( pcbtcww->lpcs->lpszName,
720 sizeof(CHAR),
721 1);
722
723 if (!IS_ATOM(pcbtcww->lpcs->lpszClass))
724 {
725 _Analysis_assume_(pcbtcww->lpcs->lpszClass != NULL);
726 ProbeForRead(pcbtcww->lpcs->lpszClass,
727 sizeof(CHAR),
728 1);
729 }
730 }
731 else
732 {
733 ProbeForRead( pcbtcww,
734 sizeof(CBT_CREATEWNDW),
735 1);
736 ProbeForWrite(pcbtcww->lpcs,
737 sizeof(CREATESTRUCTW),
738 1);
739 ProbeForRead( pcbtcww->lpcs->lpszName,
740 sizeof(WCHAR),
741 1);
742
743 if (!IS_ATOM(pcbtcww->lpcs->lpszClass))
744 {
745 _Analysis_assume_(pcbtcww->lpcs->lpszClass != NULL);
746 ProbeForRead(pcbtcww->lpcs->lpszClass,
747 sizeof(WCHAR),
748 1);
749 }
750 }
751 }
752 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
753 {
754 BadChk = TRUE;
755 }
756 _SEH2_END;
757
758 if (BadChk)
759 {
760 ERR("HOOK HCBT_CREATEWND write ERROR!\n");
761 }
762 /* The next call handles the structures. */
763 if (!BadChk && Hook->Proc)
764 {
765 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, lParam);
766 }
767 break;
768 }
769
770 case HCBT_MOVESIZE:
771 {
772 RECTL rt;
773
774 TRACE("HOOK HCBT_MOVESIZE\n");
775
776 if (lParam)
777 {
778 _SEH2_TRY
779 {
780 ProbeForRead((PVOID)lParam,
781 sizeof(RECT),
782 1);
783
784 RtlCopyMemory(&rt,
785 (PVOID)lParam,
786 sizeof(RECT));
787 }
788 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
789 {
790 BadChk = TRUE;
791 }
792 _SEH2_END;
793
794 if (BadChk)
795 {
796 ERR("HOOK HCBT_MOVESIZE read from lParam ERROR!\n");
797 }
798 }
799
800 if (!BadChk)
801 {
802 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&rt);
803 }
804 break;
805 }
806
807 case HCBT_ACTIVATE:
808 {
809 CBTACTIVATESTRUCT CbAs;
810
811 TRACE("HOOK HCBT_ACTIVATE\n");
812 if (lParam)
813 {
814 _SEH2_TRY
815 {
816 ProbeForRead((PVOID)lParam,
817 sizeof(CBTACTIVATESTRUCT),
818 1);
819
820 RtlCopyMemory(&CbAs,
821 (PVOID)lParam,
822 sizeof(CBTACTIVATESTRUCT));
823 }
824 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
825 {
826 BadChk = TRUE;
827 }
828 _SEH2_END;
829
830 if (BadChk)
831 {
832 ERR("HOOK HCBT_ACTIVATE read from lParam ERROR!\n");
833 }
834 }
835
836 if (!BadChk)
837 {
838 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)&CbAs);
839 }
840 break;
841 }
842
843 /* The rest just use default. */
844 default:
845 TRACE("HOOK HCBT_ %d\n",Code);
846 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, lParam);
847 break;
848 }
849 break;
850/*
851 Note WH_JOURNALPLAYBACK,
852 "To have the system wait before processing the message, the return value
853 must be the amount of time, in clock ticks, that the system should wait."
854 */
855 case WH_JOURNALPLAYBACK:
856 case WH_JOURNALRECORD:
857 {
858 EVENTMSG EventMsg;
859
860 if (lParam)
861 {
862 _SEH2_TRY
863 {
864 ProbeForRead((PVOID)lParam,
865 sizeof(EVENTMSG),
866 1);
867
868 RtlCopyMemory(&EventMsg,
869 (PVOID)lParam,
870 sizeof(EVENTMSG));
871 }
872 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
873 {
874 BadChk = TRUE;
875 }
876 _SEH2_END;
877
878 if (BadChk)
879 {
880 ERR("HOOK WH_JOURNAL read from lParam ERROR!\n");
881 }
882 }
883
884 if (!BadChk)
885 {
886 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, (LPARAM)(lParam ? &EventMsg : NULL));
887
888 if (lParam)
889 {
890 _SEH2_TRY
891 {
892 ProbeForWrite((PVOID)lParam,
893 sizeof(EVENTMSG),
894 1);
895
896 RtlCopyMemory((PVOID)lParam,
897 &EventMsg,
898 sizeof(EVENTMSG));
899 }
900 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
901 {
902 BadChk = TRUE;
903 }
904 _SEH2_END;
905
906 if (BadChk)
907 {
908 ERR("HOOK WH_JOURNAL write to lParam ERROR!\n");
909 }
910 }
911 }
912 break;
913 }
914
915 case WH_DEBUG:
916 lResult = co_IntCallDebugHook(Hook, Code, wParam, lParam, Ansi);
917 break;
918
919 /*
920 * Default the rest like, WH_FOREGROUNDIDLE, WH_KEYBOARD and WH_SHELL.
921 */
922 case WH_FOREGROUNDIDLE:
923 case WH_KEYBOARD:
924 case WH_SHELL:
925 lResult = co_HOOK_CallHookNext(Hook, Code, wParam, lParam);
926 break;
927
928 default:
929 ERR("Unsupported HOOK Id -> %d\n",Hook->HookId);
930 break;
931 }
932 return lResult;
933}
IS_ATOM
#define IS_ATOM(x)
Definition: class.h:3
Msg
struct @1611 Msg[]
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
Keyboard
@ Keyboard
Definition: i8042prt.h:115
Mouse
@ Mouse
Definition: i8042prt.h:116
_Analysis_assume_
#define _Analysis_assume_(expr)
Definition: ms_sal.h:2901
co_IntCallDebugHook
static LRESULT FASTCALL co_IntCallDebugHook(PHOOK Hook, int Code, WPARAM wParam, LPARAM lParam, BOOL Ansi)
Definition: hook.c:388
tagCBT_CREATEWNDA
Definition: winuser.h:2959
tagCBT_CREATEWNDW
Definition: winuser.h:2964
tagCBT_CREATEWNDW::lpcs
LPCREATESTRUCTW lpcs
Definition: winuser.h:2965
tagCREATESTRUCTW::lpszClass
LPCWSTR lpszClass
Definition: winuser.h:2955
tagCREATESTRUCTW::lpszName
LPCWSTR lpszName
Definition: winuser.h:2954
MSG
TW_UINT32 TW_UINT16 TW_UINT16 MSG
Definition: twain.h:1829
WH_DEBUG
#define WH_DEBUG
Definition: winuser.h:39
LPCBT_CREATEWNDW
struct tagCBT_CREATEWNDW * LPCBT_CREATEWNDW
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
CHAR
char CHAR
Definition: xmlstorage.h:175

Referenced by NtUserCallNextHookEx().

◆ DBG_DEFAULT_CHANNEL()

DBG_DEFAULT_CHANNEL ( UserHook  )

◆ IntFreeHook()

static VOID FASTCALL IntFreeHook ( PHOOK  Hook)
static

Definition at line 1022 of file hook.c.

1023{
1024 RemoveEntryList(&Hook->Chain);
1025 if (Hook->ModuleName.Buffer)
1026 {
1027 ExFreePoolWithTag(Hook->ModuleName.Buffer, TAG_HOOK);
1028 Hook->ModuleName.Buffer = NULL;
1029 }
1030 /* Close handle */
1031 UserDeleteObject(UserHMGetHandle(Hook), TYPE_HOOK);
1032}
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
tagHOOK::Chain
LIST_ENTRY Chain
Definition: ntuser.h:248
UserDeleteObject
BOOL FASTCALL UserDeleteObject(HANDLE h, HANDLE_TYPE type)
Definition: object.c:717

Referenced by IntRemoveHook().

◆ IntGetGlobalHookHandles()

static HHOOK *FASTCALL IntGetGlobalHookHandles ( PDESKTOP  pdo,
int  HookId 
)
static

Definition at line 962 of file hook.c.

963{
964 PLIST_ENTRY pLastHead, pElem;
965 unsigned i = 0;
966 unsigned cHooks = 0;
967 HHOOK *pList;
968 PHOOK pHook;
969
970 pLastHead = &pdo->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)];
971 for (pElem = pLastHead->Flink; pElem != pLastHead; pElem = pElem->Flink)
972 ++cHooks;
973
974 pList = ExAllocatePoolWithTag(PagedPool, (cHooks + 1) * sizeof(HHOOK), TAG_HOOK);
975 if (!pList)
976 {
977 EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
978 return NULL;
979 }
980
981 for (pElem = pLastHead->Flink; pElem != pLastHead; pElem = pElem->Flink)
982 {
983 pHook = CONTAINING_RECORD(pElem, HOOK, Chain);
984 NT_ASSERT(i < cHooks);
985 pList[i++] = pHook->head.h;
986 }
987 pList[i] = NULL;
988
989 return pList;
990}
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
pList
FxChildList * pList
Definition: fxchildlistapi.cpp:55
_DESKTOPINFO::aphkStart
LIST_ENTRY aphkStart[NB_HOOKS]
Definition: ntuser.h:139
EngSetLastError
ENGAPI VOID APIENTRY EngSetLastError(_In_ ULONG iError)
Definition: error.c:28
NT_ASSERT
#define NT_ASSERT
Definition: rtlfuncs.h:3310

Referenced by co_HOOK_CallHooks().

◆ IntGetHookObject()

PHOOK FASTCALL IntGetHookObject ( HHOOK  hHook)

Definition at line 937 of file hook.c.

938{
939 PHOOK Hook;
940
941 if (!hHook)
942 {
943 EngSetLastError(ERROR_INVALID_HOOK_HANDLE);
944 return NULL;
945 }
946
947 Hook = (PHOOK)UserGetObject(gHandleTable, hHook, TYPE_HOOK);
948 if (!Hook)
949 {
950 EngSetLastError(ERROR_INVALID_HOOK_HANDLE);
951 return NULL;
952 }
953
954 UserReferenceObject(Hook);
955
956 return Hook;
957}
UserReferenceObject
VOID FASTCALL UserReferenceObject(PVOID obj)
Definition: object.c:731
ERROR_INVALID_HOOK_HANDLE
#define ERROR_INVALID_HOOK_HANDLE
Definition: winerror.h:885

Referenced by NtUserUnhookWindowsHookEx().

◆ IntGetNextHook()

PHOOK FASTCALL IntGetNextHook ( PHOOK  Hook)

Definition at line 995 of file hook.c.

996{
997 int HookId = Hook->HookId;
998 PLIST_ENTRY pLastHead, pElem;
999 PTHREADINFO pti;
1000
1001 if (Hook->ptiHooked)
1002 {
1003 pti = Hook->ptiHooked;
1004 pLastHead = &pti->aphkStart[HOOKID_TO_INDEX(HookId)];
1005 }
1006 else
1007 {
1008 pti = PsGetCurrentThreadWin32Thread();
1009 pLastHead = &pti->rpdesk->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)];
1010 }
1011
1012 pElem = Hook->Chain.Flink;
1013 if (pElem != pLastHead)
1014 return CONTAINING_RECORD(pElem, HOOK, Chain);
1015 return NULL;
1016}

Referenced by co_HOOK_CallHooks(), NtUserCallNextHookEx(), and NtUserMessageCall().

◆ IntHookModuleUnloaded()

BOOL IntHookModuleUnloaded ( PDESKTOP  pdesk,
int  iHookID,
HHOOK  hHook 
)

Definition at line 88 of file hook.c.

89{
90 PTHREADINFO ptiCurrent;
91 PLIST_ENTRY ListEntry;
92 PPROCESSINFO ppiCsr;
93
94 TRACE("IntHookModuleUnloaded: iHookID=%d\n", iHookID);
95
96 ppiCsr = PsGetProcessWin32Process(gpepCSRSS);
97
98 ListEntry = pdesk->PtiList.Flink;
99 while(ListEntry != &pdesk->PtiList)
100 {
101 ptiCurrent = CONTAINING_RECORD(ListEntry, THREADINFO, PtiLink);
102
103 /* FIXME: Do some more security checks here */
104
105 /* FIXME: HACK: The first check is a reactos specific hack for system threads */
106 if(!PsIsSystemProcess(ptiCurrent->ppi->peProcess) &&
107 ptiCurrent->ppi != ppiCsr)
108 {
109 if(ptiCurrent->ppi->W32PF_flags & W32PF_APIHOOKLOADED)
110 {
111 TRACE("IntHookModuleUnloaded: sending message to PID %p, ppi=%p\n", PsGetProcessId(ptiCurrent->ppi->peProcess), ptiCurrent->ppi);
112 co_MsqSendMessageAsync( ptiCurrent,
113 0,
114 iHookID,
115 TRUE,
116 (LPARAM)hHook,
117 NULL,
118 0,
119 FALSE,
120 MSQ_INJECTMODULE);
121 }
122 }
123 ListEntry = ListEntry->Flink;
124 }
125
126 return TRUE;
127}
gpepCSRSS
PEPROCESS gpepCSRSS
Definition: csr.c:15
co_MsqSendMessageAsync
BOOL FASTCALL co_MsqSendMessageAsync(PTHREADINFO ptiReceiver, HWND hwnd, UINT Msg, WPARAM wParam, LPARAM lParam, SENDASYNCPROC CompletionCallback, ULONG_PTR CompletionCallbackContext, BOOL HasPackedLParam, INT HookMessage)
Definition: msgqueue.c:1014
MSQ_INJECTMODULE
#define MSQ_INJECTMODULE
Definition: msgqueue.h:6
PsIsSystemProcess
BOOLEAN NTAPI PsIsSystemProcess(IN PEPROCESS Process)
Definition: process.c:1223
PsGetProcessWin32Process
PVOID NTAPI PsGetProcessWin32Process(PEPROCESS Process)
Definition: process.c:1193
PsGetProcessId
HANDLE NTAPI PsGetProcessId(PEPROCESS Process)
Definition: process.c:1063
_DESKTOP::PtiList
LIST_ENTRY PtiList
Definition: desktop.h:25
_PROCESSINFO
Definition: win32.h:253
W32PF_APIHOOKLOADED
#define W32PF_APIHOOKLOADED
Definition: win32.h:35

Referenced by UserUnregisterUserApiHook().

◆ IntLoadHookModule()

BOOL IntLoadHookModule ( int  iHookID,
HHOOK  hHook,
BOOL  Unload 
)

Definition at line 30 of file hook.c.

31{
32 PPROCESSINFO ppi;
33 BOOL bResult;
34
35 ppi = PsGetCurrentProcessWin32Process();
36
37 TRACE("IntLoadHookModule. Client PID: %p\n", PsGetProcessId(ppi->peProcess));
38
39 /* Check if this is the api hook */
40 if(iHookID == WH_APIHOOK)
41 {
42 if(!Unload && !(ppi->W32PF_flags & W32PF_APIHOOKLOADED))
43 {
44 /* A callback in user mode can trigger UserLoadApiHook to be called and
45 as a result IntLoadHookModule will be called recursively.
46 To solve this we set the flag that means that the application has
47 loaded the api hook before the callback and in case of error we remove it */
48 ppi->W32PF_flags |= W32PF_APIHOOKLOADED;
49
50 /* Call ClientLoadLibrary in user32 */
51 bResult = co_IntClientLoadLibrary(&strUahModule, &strUahInitFunc, Unload, TRUE);
52 TRACE("co_IntClientLoadLibrary returned %d\n", bResult );
53 if (!bResult)
54 {
55 /* Remove the flag we set before */
56 ppi->W32PF_flags &= ~W32PF_APIHOOKLOADED;
57 }
58 return bResult;
59 }
60 else if(Unload && (ppi->W32PF_flags & W32PF_APIHOOKLOADED))
61 {
62 /* Call ClientLoadLibrary in user32 */
63 bResult = co_IntClientLoadLibrary(NULL, NULL, Unload, TRUE);
64 if (bResult)
65 {
66 ppi->W32PF_flags &= ~W32PF_APIHOOKLOADED;
67 }
68 return bResult;
69 }
70
71 return TRUE;
72 }
73
74 STUB;
75
76 return FALSE;
77}
Unload
static VOID NTAPI Unload(PDRIVER_OBJECT DriverObject)
Definition: floppy.c:377
WH_APIHOOK
#define WH_APIHOOK
Definition: hook.h:12
STUB
#define STUB
Definition: kernel32.h:27
PsGetCurrentProcessWin32Process
PVOID NTAPI PsGetCurrentProcessWin32Process(VOID)
Definition: process.c:1183
strUahModule
UNICODE_STRING strUahModule
Definition: hook.c:22
strUahInitFunc
UNICODE_STRING strUahInitFunc
Definition: hook.c:23
co_IntClientLoadLibrary
BOOL NTAPI co_IntClientLoadLibrary(PUNICODE_STRING pstrLibName, PUNICODE_STRING pstrInitFunc, BOOL Unload, BOOL ApiHook)
Definition: callback.c:136

Referenced by co_MsqDispatchOneSentMessage(), and UserLoadApiHook().

◆ IntRemoveHook()

BOOLEAN IntRemoveHook ( PVOID  Object)

Definition at line 1036 of file hook.c.

1037{
1038 INT HookId;
1039 PTHREADINFO ptiHook, pti;
1040 PDESKTOP pdo;
1041 PHOOK Hook = Object;
1042
1043 NT_ASSERT(UserIsEnteredExclusive());
1044
1045 HookId = Hook->HookId;
1046 pti = PsGetCurrentThreadWin32Thread();
1047
1048 if (Hook->ptiHooked) // Local
1049 {
1050 ptiHook = Hook->ptiHooked;
1051
1052 IntFreeHook(Hook);
1053
1054 if (IsListEmpty(&ptiHook->aphkStart[HOOKID_TO_INDEX(HookId)]))
1055 {
1056 BOOL bOtherProcess;
1057 KAPC_STATE ApcState;
1058
1059 ptiHook->fsHooks &= ~HOOKID_TO_FLAG(HookId);
1060 bOtherProcess = (ptiHook->ppi != pti->ppi);
1061
1062 if (bOtherProcess)
1063 KeStackAttachProcess(&ptiHook->ppi->peProcess->Pcb, &ApcState);
1064
1065 _SEH2_TRY
1066 {
1067 ptiHook->pClientInfo->fsHooks = ptiHook->fsHooks;
1068 }
1069 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1070 {
1071 /* Do nothing */
1072 (void)0;
1073 }
1074 _SEH2_END;
1075
1076 if (bOtherProcess)
1077 KeUnstackDetachProcess(&ApcState);
1078 }
1079 }
1080 else // Global
1081 {
1082 IntFreeHook(Hook);
1083
1084 pdo = IntGetActiveDesktop();
1085
1086 if (pdo &&
1087 pdo->pDeskInfo &&
1088 IsListEmpty(&pdo->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)]))
1089 {
1090 pdo->pDeskInfo->fsHooks &= ~HOOKID_TO_FLAG(HookId);
1091 }
1092 }
1093
1094 return TRUE;
1095}
ApcState
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1759
IntFreeHook
static VOID FASTCALL IntFreeHook(PHOOK Hook)
Definition: hook.c:1022
UserIsEnteredExclusive
BOOL FASTCALL UserIsEnteredExclusive(VOID)
Definition: ntuser.c:224
KeStackAttachProcess
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
KeUnstackDetachProcess
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
_THREADINFO::fsHooks
ULONG fsHooks
Definition: win32.h:117
Object
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
Definition: wdfcollection.h:123
KAPC_STATE
KAPC_STATE
Definition: ketypes.h:1285

Referenced by IntUnhookWindowsHook(), NtUserSetWindowsHookEx(), and NtUserUnhookWindowsHookEx().

◆ IntUnhookWindowsHook()

BOOL FASTCALL IntUnhookWindowsHook ( int  HookId,
HOOKPROC  pfnFilterProc 
)

Definition at line 1319 of file hook.c.

1320{
1321 PHOOK Hook;
1322 PLIST_ENTRY pLastHead, pElement;
1323 PTHREADINFO pti = PsGetCurrentThreadWin32Thread();
1324
1325 if (HookId < WH_MINHOOK || WH_MAXHOOK < HookId )
1326 {
1327 EngSetLastError(ERROR_INVALID_HOOK_FILTER);
1328 return FALSE;
1329 }
1330
1331 if (pti->fsHooks)
1332 {
1333 pLastHead = &pti->aphkStart[HOOKID_TO_INDEX(HookId)];
1334
1335 pElement = pLastHead->Flink;
1336 while (pElement != pLastHead)
1337 {
1338 Hook = CONTAINING_RECORD(pElement, HOOK, Chain);
1339
1340 /* Get the next element now, we might free the hook in what follows */
1341 pElement = Hook->Chain.Flink;
1342
1343 if (Hook->Proc == pfnFilterProc)
1344 {
1345 if (Hook->head.pti == pti)
1346 {
1347 IntRemoveHook(Hook);
1348 return TRUE;
1349 }
1350 else
1351 {
1352 EngSetLastError(ERROR_ACCESS_DENIED);
1353 return FALSE;
1354 }
1355 }
1356 }
1357 }
1358 return FALSE;
1359}
ERROR_ACCESS_DENIED
#define ERROR_ACCESS_DENIED
Definition: compat.h:97
IntRemoveHook
BOOLEAN IntRemoveHook(PVOID Object)
Definition: hook.c:1036
ERROR_INVALID_HOOK_FILTER
#define ERROR_INVALID_HOOK_FILTER
Definition: winerror.h:907

Referenced by NtUserCallTwoParam().

◆ NtUserCallNextHookEx()

LRESULT APIENTRY NtUserCallNextHookEx ( int  Code,
WPARAM  wParam,
LPARAM  lParam,
BOOL  Ansi 
)

Definition at line 1370 of file hook.c.

1374{
1375 PTHREADINFO pti;
1376 PHOOK HookObj, NextObj;
1377 PCLIENTINFO ClientInfo;
1378 LRESULT lResult = 0;
1379 DECLARE_RETURN(LRESULT);
1380
1381 TRACE("Enter NtUserCallNextHookEx\n");
1382 UserEnterExclusive();
1383
1384 pti = GetW32ThreadInfo();
1385
1386 HookObj = pti->sphkCurrent;
1387
1388 if (!HookObj) RETURN( 0);
1389
1390 NextObj = HookObj->phkNext;
1391
1392 pti->sphkCurrent = NextObj;
1393 ClientInfo = pti->pClientInfo;
1394 _SEH2_TRY
1395 {
1396 ClientInfo->phkCurrent = NextObj;
1397 }
1398 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1399 {
1400 ClientInfo = NULL;
1401 }
1402 _SEH2_END;
1403
1404 /* Now in List run down. */
1405 if (ClientInfo && NextObj)
1406 {
1407 NextObj->phkNext = IntGetNextHook(NextObj);
1408 lResult = co_UserCallNextHookEx( NextObj, Code, wParam, lParam, NextObj->Ansi);
1409 }
1410 RETURN( lResult);
1411
1412CLEANUP:
1413 TRACE("Leave NtUserCallNextHookEx, ret=%i\n",_ret_);
1414 UserLeave();
1415 END_CLEANUP;
1416}
RETURN
#define RETURN(x)
GetW32ThreadInfo
struct _THREADINFO * GetW32ThreadInfo(VOID)
Definition: misc.c:801
co_UserCallNextHookEx
static LRESULT APIENTRY co_UserCallNextHookEx(PHOOK Hook, int Code, WPARAM wParam, LPARAM lParam, BOOL Ansi)
Definition: hook.c:521
UserLeave
VOID FASTCALL UserLeave(VOID)
Definition: ntuser.c:251
UserEnterExclusive
VOID FASTCALL UserEnterExclusive(VOID)
Definition: ntuser.c:242
CLEANUP
#define CLEANUP
Definition: ntuser.h:5
DECLARE_RETURN
#define DECLARE_RETURN(type)
Definition: ntuser.h:3
END_CLEANUP
#define END_CLEANUP
Definition: ntuser.h:6

Referenced by CallNextHookEx().

◆ NtUserRegisterUserApiHook()

BOOL APIENTRY NtUserRegisterUserApiHook ( PUNICODE_STRING  m_dllname1,
PUNICODE_STRING  m_funname1,
DWORD  dwUnknown3,
DWORD  dwUnknown4 
)

Definition at line 1723 of file hook.c.

1728{
1729 BOOL ret;
1730 UNICODE_STRING strDllNameSafe;
1731 UNICODE_STRING strFuncNameSafe;
1732 NTSTATUS Status;
1733
1734 /* Probe and capture parameters */
1735 Status = ProbeAndCaptureUnicodeString(&strDllNameSafe, UserMode, m_dllname1);
1736 if(!NT_SUCCESS(Status))
1737 {
1738 EngSetLastError(RtlNtStatusToDosError(Status));
1739 return FALSE;
1740 }
1741
1742 Status = ProbeAndCaptureUnicodeString(&strFuncNameSafe, UserMode, m_funname1);
1743 if(!NT_SUCCESS(Status))
1744 {
1745 ReleaseCapturedUnicodeString(&strDllNameSafe, UserMode);
1746 EngSetLastError(RtlNtStatusToDosError(Status));
1747 return FALSE;
1748 }
1749
1750 UserEnterExclusive();
1751
1752 /* Call internal function */
1753 ret = UserRegisterUserApiHook(&strDllNameSafe, &strFuncNameSafe);
1754
1755 UserLeave();
1756
1757 /* Cleanup only in case of failure */
1758 if(ret == FALSE)
1759 {
1760 ReleaseCapturedUnicodeString(&strDllNameSafe, UserMode);
1761 ReleaseCapturedUnicodeString(&strFuncNameSafe, UserMode);
1762 }
1763
1764 return ret;
1765}
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
UserMode
#define UserMode
Definition: asm.h:35
UserRegisterUserApiHook
BOOL FASTCALL UserRegisterUserApiHook(PUNICODE_STRING pstrDllName, PUNICODE_STRING pstrFuncName)
Definition: hook.c:138
ProbeAndCaptureUnicodeString
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
ReleaseCapturedUnicodeString
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
_UNICODE_STRING
Definition: env_spec_w32.h:368
ret
int ret
Definition: wcstombs-tests.c:31

Referenced by RegisterUserApiHook().

◆ NtUserSetWindowsHookAW()

HHOOK APIENTRY NtUserSetWindowsHookAW ( int  idHook,
HOOKPROC  lpfn,
BOOL  Ansi 
)

Definition at line 1420 of file hook.c.

1423{
1424 DWORD ThreadId;
1425 UNICODE_STRING USModuleName;
1426
1427 RtlInitUnicodeString(&USModuleName, NULL);
1428 ThreadId = PtrToUint(NtCurrentTeb()->ClientId.UniqueThread);
1429
1430 return NtUserSetWindowsHookEx( NULL,
1431 &USModuleName,
1432 ThreadId,
1433 idHook,
1434 lpfn,
1435 Ansi);
1436}
PtrToUint
#define PtrToUint(p)
Definition: basetsd.h:85
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NtUserSetWindowsHookEx
HHOOK APIENTRY NtUserSetWindowsHookEx(HINSTANCE Mod, PUNICODE_STRING UnsafeModuleName, DWORD ThreadId, int HookId, HOOKPROC HookProc, BOOL Ansi)
Definition: hook.c:1440
_CLIENT_ID::UniqueThread
HANDLE UniqueThread
Definition: compat.h:826
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1165

◆ NtUserSetWindowsHookEx()

HHOOK APIENTRY NtUserSetWindowsHookEx ( HINSTANCE  Mod,
PUNICODE_STRING  UnsafeModuleName,
DWORD  ThreadId,
int  HookId,
HOOKPROC  HookProc,
BOOL  Ansi 
)

Definition at line 1440 of file hook.c.

1446{
1447 PWINSTATION_OBJECT WinStaObj;
1448 PHOOK Hook = NULL;
1449 UNICODE_STRING ModuleName;
1450 NTSTATUS Status;
1451 HHOOK Handle;
1452 PTHREADINFO pti, ptiHook = NULL;
1453 DECLARE_RETURN(HHOOK);
1454
1455 TRACE("Enter NtUserSetWindowsHookEx\n");
1456 UserEnterExclusive();
1457
1458 pti = PsGetCurrentThreadWin32Thread();
1459
1460 if (HookId < WH_MINHOOK || WH_MAXHOOK < HookId )
1461 {
1462 EngSetLastError(ERROR_INVALID_HOOK_FILTER);
1463 RETURN( NULL);
1464 }
1465
1466 if (!HookProc)
1467 {
1468 EngSetLastError(ERROR_INVALID_FILTER_PROC);
1469 RETURN( NULL);
1470 }
1471
1472 if (ThreadId) /* thread-local hook */
1473 {
1474 if ( HookId == WH_JOURNALRECORD ||
1475 HookId == WH_JOURNALPLAYBACK ||
1476 HookId == WH_KEYBOARD_LL ||
1477 HookId == WH_MOUSE_LL ||
1478 HookId == WH_SYSMSGFILTER)
1479 {
1480 TRACE("Local hook installing Global HookId: %d\n",HookId);
1481 /* these can only be global */
1482 EngSetLastError(ERROR_GLOBAL_ONLY_HOOK);
1483 RETURN( NULL);
1484 }
1485
1486 if ( !(ptiHook = IntTID2PTI( UlongToHandle(ThreadId) )))
1487 {
1488 ERR("Invalid thread id 0x%x\n", ThreadId);
1489 EngSetLastError(ERROR_INVALID_PARAMETER);
1490 RETURN( NULL);
1491 }
1492
1493 if ( ptiHook->rpdesk != pti->rpdesk) // gptiCurrent->rpdesk)
1494 {
1495 ERR("Local hook wrong desktop HookId: %d\n",HookId);
1496 EngSetLastError(ERROR_ACCESS_DENIED);
1497 RETURN( NULL);
1498 }
1499
1500 if (ptiHook->ppi != pti->ppi)
1501 {
1502 if ( !Mod &&
1503 (HookId == WH_GETMESSAGE ||
1504 HookId == WH_CALLWNDPROC ||
1505 HookId == WH_CBT ||
1506 HookId == WH_HARDWARE ||
1507 HookId == WH_DEBUG ||
1508 HookId == WH_SHELL ||
1509 HookId == WH_FOREGROUNDIDLE ||
1510 HookId == WH_CALLWNDPROCRET) )
1511 {
1512 ERR("Local hook needs hMod HookId: %d\n",HookId);
1513 EngSetLastError(ERROR_HOOK_NEEDS_HMOD);
1514 RETURN( NULL);
1515 }
1516
1517 if ( (ptiHook->TIF_flags & (TIF_CSRSSTHREAD|TIF_SYSTEMTHREAD)) &&
1518 (HookId == WH_GETMESSAGE ||
1519 HookId == WH_CALLWNDPROC ||
1520 HookId == WH_CBT ||
1521 HookId == WH_HARDWARE ||
1522 HookId == WH_DEBUG ||
1523 HookId == WH_SHELL ||
1524 HookId == WH_FOREGROUNDIDLE ||
1525 HookId == WH_CALLWNDPROCRET) )
1526 {
1527 EngSetLastError(ERROR_HOOK_TYPE_NOT_ALLOWED);
1528 RETURN( NULL);
1529 }
1530 }
1531 }
1532 else /* System-global hook */
1533 {
1534 ptiHook = pti; // gptiCurrent;
1535 if ( !Mod &&
1536 (HookId == WH_GETMESSAGE ||
1537 HookId == WH_CALLWNDPROC ||
1538 HookId == WH_CBT ||
1539 HookId == WH_SYSMSGFILTER ||
1540 HookId == WH_HARDWARE ||
1541 HookId == WH_DEBUG ||
1542 HookId == WH_SHELL ||
1543 HookId == WH_FOREGROUNDIDLE ||
1544 HookId == WH_CALLWNDPROCRET) )
1545 {
1546 ERR("Global hook needs hMod HookId: %d\n",HookId);
1547 EngSetLastError(ERROR_HOOK_NEEDS_HMOD);
1548 RETURN( NULL);
1549 }
1550 }
1551
1552 Status = IntValidateWindowStationHandle( PsGetCurrentProcess()->Win32WindowStation,
1553 UserMode,
1554 0,
1555 &WinStaObj,
1556 0);
1557
1558 if (!NT_SUCCESS(Status))
1559 {
1560 SetLastNtError(Status);
1561 RETURN( NULL);
1562 }
1563 ObDereferenceObject(WinStaObj);
1564
1565 Hook = UserCreateObject(gHandleTable, NULL, ptiHook, (PHANDLE)&Handle, TYPE_HOOK, sizeof(HOOK));
1566
1567 if (!Hook)
1568 {
1569 RETURN( NULL);
1570 }
1571
1572 Hook->ihmod = (INT_PTR)Mod; // Module Index from atom table, Do this for now.
1573 Hook->HookId = HookId;
1574 Hook->rpdesk = ptiHook->rpdesk;
1575 Hook->phkNext = NULL; /* Dont use as a chain! Use link lists for chaining. */
1576 Hook->Proc = HookProc;
1577 Hook->Ansi = Ansi;
1578
1579 TRACE("Set Hook Desk %p DeskInfo %p Handle Desk %p\n", pti->rpdesk, pti->pDeskInfo, Hook->head.rpdesk);
1580
1581 if (ThreadId) /* Thread-local hook */
1582 {
1583 InsertHeadList(&ptiHook->aphkStart[HOOKID_TO_INDEX(HookId)], &Hook->Chain);
1584 ptiHook->sphkCurrent = NULL;
1585 Hook->ptiHooked = ptiHook;
1586 ptiHook->fsHooks |= HOOKID_TO_FLAG(HookId);
1587
1588 if (ptiHook->pClientInfo)
1589 {
1590 if ( ptiHook->ppi == pti->ppi) /* gptiCurrent->ppi) */
1591 {
1592 _SEH2_TRY
1593 {
1594 ptiHook->pClientInfo->fsHooks = ptiHook->fsHooks;
1595 ptiHook->pClientInfo->phkCurrent = NULL;
1596 }
1597 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1598 {
1599 ERR("Problem writing to Local ClientInfo!\n");
1600 }
1601 _SEH2_END;
1602 }
1603 else
1604 {
1605 KAPC_STATE ApcState;
1606
1607 KeStackAttachProcess(&ptiHook->ppi->peProcess->Pcb, &ApcState);
1608 _SEH2_TRY
1609 {
1610 ptiHook->pClientInfo->fsHooks = ptiHook->fsHooks;
1611 ptiHook->pClientInfo->phkCurrent = NULL;
1612 }
1613 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1614 {
1615 ERR("Problem writing to Remote ClientInfo!\n");
1616 }
1617 _SEH2_END;
1618 KeUnstackDetachProcess(&ApcState);
1619 }
1620 }
1621 }
1622 else
1623 {
1624 InsertHeadList(&ptiHook->rpdesk->pDeskInfo->aphkStart[HOOKID_TO_INDEX(HookId)], &Hook->Chain);
1625 Hook->ptiHooked = NULL;
1626 //gptiCurrent->pDeskInfo->fsHooks |= HOOKID_TO_FLAG(HookId);
1627 ptiHook->rpdesk->pDeskInfo->fsHooks |= HOOKID_TO_FLAG(HookId);
1628 ptiHook->sphkCurrent = NULL;
1629 ptiHook->pClientInfo->phkCurrent = NULL;
1630 }
1631
1632 RtlInitUnicodeString(&Hook->ModuleName, NULL);
1633
1634 if (Mod)
1635 {
1636 Status = MmCopyFromCaller(&ModuleName,
1637 UnsafeModuleName,
1638 sizeof(UNICODE_STRING));
1639 if (!NT_SUCCESS(Status))
1640 {
1641 IntRemoveHook(Hook);
1642 SetLastNtError(Status);
1643 RETURN( NULL);
1644 }
1645
1646 Hook->ModuleName.Buffer = ExAllocatePoolWithTag( PagedPool,
1647 ModuleName.MaximumLength,
1648 TAG_HOOK);
1649 if (NULL == Hook->ModuleName.Buffer)
1650 {
1651 IntRemoveHook(Hook);
1652 EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
1653 RETURN( NULL);
1654 }
1655
1656 Hook->ModuleName.MaximumLength = ModuleName.MaximumLength;
1657 Status = MmCopyFromCaller( Hook->ModuleName.Buffer,
1658 ModuleName.Buffer,
1659 ModuleName.MaximumLength);
1660 if (!NT_SUCCESS(Status))
1661 {
1662 ExFreePoolWithTag(Hook->ModuleName.Buffer, TAG_HOOK);
1663 Hook->ModuleName.Buffer = NULL;
1664 IntRemoveHook(Hook);
1665 SetLastNtError(Status);
1666 RETURN( NULL);
1667 }
1668
1669 Hook->ModuleName.Length = ModuleName.Length;
1672 FIXME("NtUserSetWindowsHookEx Setting process hMod instance addressing.\n");
1673 /* Make proc relative to the module base */
1674 Hook->offPfn = (ULONG_PTR)((char *)HookProc - (char *)Mod);
1675 }
1676 else
1677 Hook->offPfn = 0;
1678
1679 TRACE("Installing: HookId %d Global %s\n", HookId, !ThreadId ? "TRUE" : "FALSE");
1680 RETURN( Handle);
1681
1682CLEANUP:
1683 if (Hook)
1684 UserDereferenceObject(Hook);
1685 TRACE("Leave NtUserSetWindowsHookEx, ret=%p\n", _ret_);
1686 UserLeave();
1687 END_CLEANUP;
1688}
ModuleName
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
Definition: acpixf.h:1280
UlongToHandle
#define UlongToHandle(ul)
Definition: basetsd.h:97
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
InsertHeadList
#define InsertHeadList(ListHead, Entry)
Definition: env_spec_w32.h:1022
Handle
ULONG Handle
Definition: gdb_input.c:15
TIF_CSRSSTHREAD
#define TIF_CSRSSTHREAD
Definition: ntuser.h:265
TIF_SYSTEMTHREAD
#define TIF_SYSTEMTHREAD
Definition: ntuser.h:264
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
IntValidateWindowStationHandle
NTSTATUS FASTCALL IntValidateWindowStationHandle(HWINSTA WindowStation, KPROCESSOR_MODE AccessMode, ACCESS_MASK DesiredAccess, PWINSTATION_OBJECT *Object, POBJECT_HANDLE_INFORMATION pObjectHandleInfo)
Definition: winsta.c:232
MmCopyFromCaller
#define MmCopyFromCaller
Definition: polytest.cpp:29
_THRDESKHEAD::rpdesk
struct _DESKTOP * rpdesk
Definition: ntuser.h:194
_THREADINFO::pDeskInfo
struct _DESKTOPINFO * pDeskInfo
Definition: win32.h:93
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_WINSTATION_OBJECT
Definition: winsta.h:16
acpi_buffer::Length
ACPI_SIZE Length
Definition: actypes.h:1053
tagHOOK::rpdesk
struct _DESKTOP * rpdesk
Definition: ntuser.h:246
INT_PTR
int32_t INT_PTR
Definition: typedefs.h:64
SetLastNtError
VOID FASTCALL SetLastNtError(NTSTATUS Status)
Definition: error.c:37
IntTID2PTI
PTHREADINFO FASTCALL IntTID2PTI(HANDLE id)
Definition: misc.c:42
UserDereferenceObject
BOOL FASTCALL UserDereferenceObject(PVOID Object)
Definition: object.c:644
UserCreateObject
PVOID FASTCALL UserCreateObject(PUSER_HANDLE_TABLE ht, PDESKTOP pDesktop, PTHREADINFO pti, HANDLE *h, HANDLE_TYPE type, ULONG size)
Definition: object.c:568
ERROR_HOOK_TYPE_NOT_ALLOWED
#define ERROR_HOOK_TYPE_NOT_ALLOWED
Definition: winerror.h:939
ERROR_INVALID_FILTER_PROC
#define ERROR_INVALID_FILTER_PROC
Definition: winerror.h:908
ERROR_HOOK_NEEDS_HMOD
#define ERROR_HOOK_NEEDS_HMOD
Definition: winerror.h:909
ERROR_GLOBAL_ONLY_HOOK
#define ERROR_GLOBAL_ONLY_HOOK
Definition: winerror.h:910
WH_CALLWNDPROCRET
#define WH_CALLWNDPROCRET
Definition: winuser.h:42
WH_HARDWARE
#define WH_HARDWARE
Definition: winuser.h:38
WH_CALLWNDPROC
#define WH_CALLWNDPROC
Definition: winuser.h:34
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by IntSetWindowsHook(), and NtUserSetWindowsHookAW().

◆ NtUserUnhookWindowsHookEx()

BOOL APIENTRY NtUserUnhookWindowsHookEx ( HHOOK  Hook)

Definition at line 1692 of file hook.c.

1693{
1694 PHOOK HookObj;
1695 DECLARE_RETURN(BOOL);
1696
1697 TRACE("Enter NtUserUnhookWindowsHookEx\n");
1698 UserEnterExclusive();
1699
1700 if (!(HookObj = IntGetHookObject(Hook)))
1701 {
1702 ERR("Invalid handle passed to NtUserUnhookWindowsHookEx\n");
1703 /* SetLastNtError(Status); */
1704 RETURN( FALSE);
1705 }
1706
1707 ASSERT(Hook == UserHMGetHandle(HookObj));
1708
1709 IntRemoveHook(HookObj);
1710
1711 UserDereferenceObject(HookObj);
1712
1713 RETURN( TRUE);
1714
1715CLEANUP:
1716 TRACE("Leave NtUserUnhookWindowsHookEx, ret=%i\n",_ret_);
1717 UserLeave();
1718 END_CLEANUP;
1719}
IntGetHookObject
PHOOK FASTCALL IntGetHookObject(HHOOK hHook)
Definition: hook.c:937

◆ NtUserUnregisterUserApiHook()

BOOL APIENTRY NtUserUnregisterUserApiHook ( VOID  )

Definition at line 1769 of file hook.c.

1770{
1771 BOOL ret;
1772
1773 UserEnterExclusive();
1774 ret = UserUnregisterUserApiHook();
1775 UserLeave();
1776
1777 return ret;
1778}
UserUnregisterUserApiHook
BOOL FASTCALL UserUnregisterUserApiHook(VOID)
Definition: hook.c:206

Referenced by UnregisterUserApiHook().

◆ UserLoadApiHook()

BOOL FASTCALL UserLoadApiHook ( VOID  )

Definition at line 131 of file hook.c.

132{
133 return IntLoadHookModule(WH_APIHOOK, 0, FALSE);
134}
IntLoadHookModule
BOOL IntLoadHookModule(int iHookID, HHOOK hHook, BOOL Unload)
Definition: hook.c:30

Referenced by NtUserCallNoParam().

◆ UserRegisterUserApiHook()

BOOL FASTCALL UserRegisterUserApiHook ( PUNICODE_STRING  pstrDllName,
PUNICODE_STRING  pstrFuncName 
)

Definition at line 138 of file hook.c.

141{
142 PTHREADINFO pti, ptiCurrent;
143 HWND *List;
144 PWND DesktopWindow, pwndCurrent;
145 ULONG i;
146 PPROCESSINFO ppiCsr;
147
148 pti = PsGetCurrentThreadWin32Thread();
149 ppiCsr = PsGetProcessWin32Process(gpepCSRSS);
150
151 /* Fail if the api hook is already registered */
152 if(gpsi->dwSRVIFlags & SRVINFO_APIHOOK)
153 {
154 return FALSE;
155 }
156
157 TRACE("UserRegisterUserApiHook. Server PID: %p\n", PsGetProcessId(pti->ppi->peProcess));
158
159 /* Register the api hook */
160 gpsi->dwSRVIFlags |= SRVINFO_APIHOOK;
161
162 strUahModule = *pstrDllName;
163 strUahInitFunc = *pstrFuncName;
164 ppiUahServer = pti->ppi;
165
166 /* Broadcast an internal message to every top level window */
167 DesktopWindow = UserGetWindowObject(IntGetDesktopWindow());
168 List = IntWinListChildren(DesktopWindow);
169
170 if (List != NULL)
171 {
172 for (i = 0; List[i]; i++)
173 {
174 pwndCurrent = UserGetWindowObject(List[i]);
175 if(pwndCurrent == NULL)
176 {
177 continue;
178 }
179 ptiCurrent = pwndCurrent->head.pti;
180
181 /* FIXME: The first check is a reactos specific hack for system threads */
182 if(PsIsSystemProcess(ptiCurrent->ppi->peProcess) ||
183 ptiCurrent->ppi == ppiCsr)
184 {
185 continue;
186 }
187
188 co_MsqSendMessageAsync( ptiCurrent,
189 0,
190 WH_APIHOOK,
191 FALSE, /* Load the module */
192 0,
193 NULL,
194 0,
195 FALSE,
196 MSQ_INJECTMODULE);
197 }
198 ExFreePoolWithTag(List, USERTAG_WINDOWLIST);
199 }
200
201 return TRUE;
202}
gpsi
PSERVERINFO gpsi
Definition: imm.c:18
SRVINFO_APIHOOK
#define SRVINFO_APIHOOK
Definition: ntuser.h:945
ppiUahServer
PPROCESSINFO ppiUahServer
Definition: hook.c:24
DesktopWindow
Implementation of the Explorer desktop window.
Definition: desktop.h:52
_WND
Definition: ntuser.h:689
_WND::head
THRDESKHEAD head
Definition: ntuser.h:690
tagSERVERINFO::dwSRVIFlags
DWORD dwSRVIFlags
Definition: ntuser.h:1046
UserGetWindowObject
PWND FASTCALL UserGetWindowObject(HWND hWnd)
Definition: window.c:122
List
_Must_inspect_result_ _In_ WDFCMRESLIST List
Definition: wdfresource.h:550
IntGetDesktopWindow
HWND FASTCALL IntGetDesktopWindow(VOID)
Definition: desktop.c:1374
USERTAG_WINDOWLIST
#define USERTAG_WINDOWLIST
Definition: tags.h:298
IntWinListChildren
HWND *FASTCALL IntWinListChildren(PWND Window)
Definition: window.c:274

Referenced by NtUserRegisterUserApiHook().

◆ UserUnregisterUserApiHook()

BOOL FASTCALL UserUnregisterUserApiHook ( VOID  )

Definition at line 206 of file hook.c.

207{
208 PTHREADINFO pti;
209
210 pti = PsGetCurrentThreadWin32Thread();
211
212 /* Fail if the api hook is not registered */
213 if(!(gpsi->dwSRVIFlags & SRVINFO_APIHOOK))
214 {
215 return FALSE;
216 }
217
218 /* Only the process that registered the api hook can uregister it */
219 if(ppiUahServer != PsGetCurrentProcessWin32Process())
220 {
221 return FALSE;
222 }
223
224 TRACE("UserUnregisterUserApiHook. Server PID: %p\n", PsGetProcessId(pti->ppi->peProcess));
225
226 /* Unregister the api hook */
227 gpsi->dwSRVIFlags &= ~SRVINFO_APIHOOK;
228 ppiUahServer = NULL;
229 ReleaseCapturedUnicodeString(&strUahModule, UserMode);
230 ReleaseCapturedUnicodeString(&strUahInitFunc, UserMode);
231
232 /* Notify all applications that the api hook module must be unloaded */
233 return IntHookModuleUnloaded(pti->rpdesk, WH_APIHOOK, 0);
234}
IntHookModuleUnloaded
BOOL IntHookModuleUnloaded(PDESKTOP pdesk, int iHookID, HHOOK hHook)
Definition: hook.c:88

Referenced by ExitThreadCallback(), and NtUserUnregisterUserApiHook().

Variable Documentation

◆ ppiUahServer

PPROCESSINFO ppiUahServer

Definition at line 24 of file hook.c.

Referenced by ExitThreadCallback(), UserRegisterUserApiHook(), and UserUnregisterUserApiHook().

◆ strUahInitFunc

UNICODE_STRING strUahInitFunc

Definition at line 23 of file hook.c.

Referenced by IntLoadHookModule(), UserRegisterUserApiHook(), and UserUnregisterUserApiHook().

◆ strUahModule

UNICODE_STRING strUahModule

Definition at line 22 of file hook.c.

Referenced by IntLoadHookModule(), UserRegisterUserApiHook(), and UserUnregisterUserApiHook().