1
0
mirror of https://github.com/valinet/ExplorerPatcher.git synced 2024-11-30 18:24:36 +01:00

Hardcoded symbols are based on MD5 sum

This commit is contained in:
Valentin Radu 2021-11-13 07:59:14 +02:00
parent 1608abf6c6
commit 6f8d0efe97
3 changed files with 221 additions and 6 deletions

View File

@ -539,7 +539,16 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule)
ubr
);
if (IsBuild(rovi, ubr, 22000, 282) || IsBuild(rovi, ubr, 22000, 318))
BOOL bIsStartHardcoded = FALSE;
BOOL bIsTwinuiPcshellHardcoded = FALSE;
WCHAR hash[100];
ZeroMemory(hash, 100 * sizeof(WCHAR));
TCHAR wszPath[MAX_PATH];
GetSystemDirectoryW(wszPath, MAX_PATH);
wcscat_s(wszPath, MAX_PATH, L"\\" TEXT(TWINUI_PCSHELL_SB_NAME) L".dll");
ComputeFileHash(wszPath, hash, 100);
if (!_wcsicmp(hash, L"8b23b02962856e89b8d8a3956de1d76c")) // 282, 318
{
symbols_PTRS->twinui_pcshell_PTRS[0] = 0x217CE6;
symbols_PTRS->twinui_pcshell_PTRS[1] = 0x5CC570;
@ -549,14 +558,108 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule)
symbols_PTRS->twinui_pcshell_PTRS[5] = 0x5DA8C4;
symbols_PTRS->twinui_pcshell_PTRS[6] = 0x5CD9C0;
symbols_PTRS->twinui_pcshell_PTRS[7] = 0x52980;
bIsTwinuiPcshellHardcoded = TRUE;
}
else if (!_wcsicmp(hash, L"03487ccd5bc5a194fad61b616b0a2b28")) // 346
{
symbols_PTRS->twinui_pcshell_PTRS[0] = 0x21B036;
symbols_PTRS->twinui_pcshell_PTRS[1] = 0x5CD740;
symbols_PTRS->twinui_pcshell_PTRS[2] = 0x5F7058;
symbols_PTRS->twinui_pcshell_PTRS[3] = 0x5F7860;
symbols_PTRS->twinui_pcshell_PTRS[4] = 0x5DBDD8;
symbols_PTRS->twinui_pcshell_PTRS[5] = 0x5DBA94;
symbols_PTRS->twinui_pcshell_PTRS[6] = 0x5CEB90;
symbols_PTRS->twinui_pcshell_PTRS[7] = 0x4D780;
bIsTwinuiPcshellHardcoded = TRUE;
}
if (bIsTwinuiPcshellHardcoded)
{
wprintf(L"[Symbols] Identified known \"" TEXT(TWINUI_PCSHELL_SB_NAME) L".dll\" with hash %s.\n", hash);
}
GetWindowsDirectoryW(wszPath, MAX_PATH);
wcscat_s(wszPath, MAX_PATH, L"\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\" TEXT(STARTDOCKED_SB_NAME) L".dll");
ComputeFileHash(wszPath, hash, 100);
if (!_wcsicmp(hash, L"b57bb94a48d2422de9a78c5fcba28f98")) // 282, 318
{
symbols_PTRS->startdocked_PTRS[0] = 0x188EBC;
symbols_PTRS->startdocked_PTRS[1] = 0x188EBC;
symbols_PTRS->startdocked_PTRS[2] = 0x187120;
symbols_PTRS->startdocked_PTRS[3] = 0x3C10;
symbols_PTRS->startdocked_PTRS[4] = 0x160AEC;
bIsStartHardcoded = TRUE;
}
else
else if (!_wcsicmp(hash, L"e9c1c45a659dafabf671cb0ae195f8d9")) // 346
{
symbols_PTRS->startdocked_PTRS[0] = 0x18969C;
symbols_PTRS->startdocked_PTRS[1] = 0x18969C;
symbols_PTRS->startdocked_PTRS[2] = 0x187900;
symbols_PTRS->startdocked_PTRS[3] = 0x3C00;
symbols_PTRS->startdocked_PTRS[4] = 0x1612CC;
bIsStartHardcoded = TRUE;
}
if (bIsStartHardcoded)
{
wprintf(L"[Symbols] Identified known \"" TEXT(STARTDOCKED_SB_NAME) L".dll\" with hash %s.\n", hash);
RegCreateKeyExW(
HKEY_CURRENT_USER,
TEXT(REGPATH) L"\\" TEXT(STARTDOCKED_SB_NAME),
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_WRITE,
NULL,
&hKey,
&dwDisposition
);
if (hKey)
{
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_0),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[0]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_1),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[1]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_2),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[2]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_3),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[3]),
sizeof(DWORD)
);
RegSetValueExW(
hKey,
TEXT(STARTDOCKED_SB_4),
0,
REG_DWORD,
&(symbols_PTRS->startdocked_PTRS[4]),
sizeof(DWORD)
);
RegCloseKey(hKey);
}
}
if (!bIsTwinuiPcshellHardcoded || !bIsStartHardcoded)
{
RegCreateKeyExW(
HKEY_CURRENT_USER,
@ -728,10 +831,7 @@ BOOL LoadSymbols(symbols_addr* symbols_PTRS, HMODULE hModule)
&dwSize
);
RegCloseKey(hKey);
if (!bNeedToDownload &&
!IsBuild(rovi, ubr, 22000, 282) &&
!IsBuild(rovi, ubr, 22000, 318)
)
if (!bNeedToDownload && (!bIsTwinuiPcshellHardcoded || !bIsStartHardcoded))
{
bNeedToDownload = wcscmp(szReportedVersion, szStoredVersion);
}

View File

@ -413,3 +413,115 @@ void* ReadFromFile(wchar_t* wszFileName, DWORD* dwSize)
}
return ok;
}
int ComputeFileHash(LPCWSTR filename, LPCWSTR hash, DWORD dwHash)
{
DWORD dwStatus = 0;
BOOL bResult = FALSE;
HCRYPTPROV hProv = 0;
HCRYPTHASH hHash = 0;
HANDLE hFile = NULL;
BYTE* rgbFile;
DWORD cbRead = 0;
BYTE rgbHash[16];
DWORD cbHash = 0;
WCHAR rgbDigits[] = L"0123456789abcdef";
// Logic to check usage goes here.
hFile = CreateFile(filename,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_FLAG_SEQUENTIAL_SCAN,
NULL);
if (INVALID_HANDLE_VALUE == hFile)
{
dwStatus = GetLastError();
return dwStatus;
}
LARGE_INTEGER dwFileSize;
GetFileSizeEx(hFile, &dwFileSize);
if (!dwFileSize.LowPart)
{
dwStatus = GetLastError();
CloseHandle(hFile);
return dwStatus;
}
rgbFile = malloc(dwFileSize.LowPart);
if (!rgbFile)
{
dwStatus = E_OUTOFMEMORY;
CloseHandle(hFile);
return dwStatus;
}
// Get handle to the crypto provider
if (!CryptAcquireContext(&hProv,
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
dwStatus = GetLastError();
CloseHandle(hFile);
return dwStatus;
}
if (!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
{
dwStatus = GetLastError();
CloseHandle(hFile);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
while (bResult = ReadFile(hFile, rgbFile, dwFileSize.LowPart, &cbRead, NULL))
{
if (0 == cbRead)
{
break;
}
if (!CryptHashData(hHash, rgbFile, cbRead, 0))
{
dwStatus = GetLastError();
CryptReleaseContext(hProv, 0);
CryptDestroyHash(hHash);
CloseHandle(hFile);
return dwStatus;
}
}
if (!bResult)
{
dwStatus = GetLastError();
CryptReleaseContext(hProv, 0);
CryptDestroyHash(hHash);
CloseHandle(hFile);
return dwStatus;
}
cbHash = 16;
if (CryptGetHashParam(hHash, HP_HASHVAL, rgbHash, &cbHash, 0))
{
for (DWORD i = 0; i < cbHash; i++)
{
swprintf_s(hash + (i * 2), dwHash, L"%c%c", rgbDigits[rgbHash[i] >> 4], rgbDigits[rgbHash[i] & 0xf]);
}
}
else
{
dwStatus = GetLastError();
}
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, 0);
CloseHandle(hFile);
free(rgbFile);
return dwStatus;
}

View File

@ -4,6 +4,7 @@
//#define USE_PRIVATE_INTERFACES
#endif
#include <Windows.h>
#include <stdio.h>
#include <tchar.h>
#include <windows.data.xml.dom.h>
#include <accctrl.h>
@ -212,6 +213,8 @@ static BOOL AppsShouldUseDarkMode() { return TRUE; }
void* ReadFromFile(wchar_t* wszFileName, DWORD* dwSize);
int ComputeFileHash(LPCWSTR filename, LPCWSTR hash, DWORD dwHash);
inline long long milliseconds_now() {
LARGE_INTEGER s_frequency;
BOOL s_use_qpc = QueryPerformanceFrequency(&s_frequency);