Cool_Tools/ExplorerPatcher
1
0
Fork 0
mirror of https://github.com/valinet/ExplorerPatcher.git synced 2024-11-14 11:07:36 +01:00
Code Releases Wiki Activity

Start menu is now hooked from explorer.exe

Browse Source
This commit is contained in:
Valentin Radu 2021-10-06 02:58:32 +03:00
parent adb396c524
commit 64e8573d98
3 changed files with 139 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
ExplorerPatcher/StartMenu.c
View File

@ -190,3 +190,124 @@ DWORD OpenStartAtLogonThread(OpenStartAtLogonThreadParams* unused)
printf("Ended \"Open Start at Logon\" thread.\n");
}
DWORD WINAPI HookStartMenu(HookStartMenuParams* params)
{
printf("Started \"Hook Start Menu\" thread.\n");
TCHAR wszKnownPath[MAX_PATH];
GetWindowsDirectoryW(wszKnownPath, MAX_PATH);
wcscat_s(wszKnownPath, MAX_PATH, L"\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe");
while (TRUE)
{
HANDLE hProcess, hSnapshot;
PROCESSENTRY32 pe32;
while (TRUE)
{
hProcess = NULL;
hSnapshot = NULL;
ZeroMemory(&pe32, sizeof(PROCESSENTRY32));
pe32.dwSize = sizeof(PROCESSENTRY32);
hSnapshot = CreateToolhelp32Snapshot(
TH32CS_SNAPPROCESS,
0
);
if (Process32First(hSnapshot, &pe32) == TRUE)
{
do
{
if (!wcscmp(pe32.szExeFile, TEXT("StartMenuExperienceHost.exe")))
{
hProcess = OpenProcess(
PROCESS_QUERY_LIMITED_INFORMATION |
PROCESS_VM_OPERATION |
PROCESS_VM_READ |
PROCESS_VM_WRITE |
PROCESS_CREATE_THREAD |
SYNCHRONIZE,
FALSE,
pe32.th32ProcessID
);
if (!hProcess)
{
printf("Unable to open handle to StartMenuExperienceHost.exe.\n");
Sleep(params->dwTimeout);
}
TCHAR wszProcessPath[MAX_PATH];
DWORD dwLength = MAX_PATH;
QueryFullProcessImageNameW(
hProcess,
0,
wszProcessPath,
&dwLength
);
if (!_wcsicmp(wszProcessPath, wszKnownPath))
{
break;
}
else
{
CloseHandle(hProcess);
hProcess = NULL;
}
}
} while (Process32Next(hSnapshot, &pe32) == TRUE);
}
CloseHandle(hSnapshot);
if (hProcess)
{
break;
}
else
{
Sleep(params->dwTimeout);
}
}
LPVOID lpRemotePath = VirtualAllocEx(
hProcess,
NULL,
MAX_PATH,
MEM_COMMIT,
PAGE_READWRITE
);
if (!lpRemotePath)
{
printf("Unable to allocate path memory.\n");
Sleep(1000);
continue;
}
if (!WriteProcessMemory(
hProcess,
lpRemotePath,
(void*)params->wszModulePath,
MAX_PATH,
NULL
))
{
printf("Unable to write path.\n");
Sleep(params->dwTimeout);
continue;
}
HANDLE hThread = CreateRemoteThread(
hProcess,
NULL,
0,
LoadLibraryW,
lpRemotePath,
0,
NULL
);
if (!hThread)
{
printf("Unable to inject DLL.\n");
Sleep(params->dwTimeout);
continue;
}
WaitForSingleObject(
hProcess,
INFINITE
);
CloseHandle(hProcess);
}
}

9
ExplorerPatcher/StartMenu.h
View File

@ -5,6 +5,7 @@
#include <windowsx.h>
#include <Shlwapi.h>
#pragma comment(lib, "Shlwapi.lib")
#include <TlHelp32.h>
DEFINE_GUID(CLSID_ImmersiveShell,
0xc2f03a33,
@ -174,4 +175,12 @@ DWORD OpenStartOnCurentMonitorThread(OpenStartOnCurentMonitorThreadParams* unuse
typedef DWORD OpenStartAtLogonThreadParams;
DWORD OpenStartAtLogonThread(OpenStartAtLogonThreadParams* unused);
typedef struct _HookStartMenuParams
{
HMODULE hModule;
DWORD dwTimeout;
wchar_t wszModulePath[MAX_PATH];
} HookStartMenuParams;
DWORD WINAPI HookStartMenu(HookStartMenuParams* params);
#endif

9
ExplorerPatcher/dllmain.c
View File

@ -1575,6 +1575,15 @@ __declspec(dllexport) DWORD WINAPI main(
}
HookStartMenuParams* params = calloc(1, sizeof(HookStartMenuParams));
params->dwTimeout = 1000;
params->hModule = hModule;
GetModuleFileNameW(hModule, params->wszModulePath, MAX_PATH);
CreateThread(0, 0, HookStartMenu, params, 0, 0);
// This notifies applications when the taskbar has recomputed its layout
if (SUCCEEDED(TaskbarCenter_Initialize(hExplorer)))
{