TeamTofuShop/bananatools
7
5
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

misc: add system version hook

Browse Source
This commit is contained in:
Hay1tsme
2023-09-18 03:56:15 -04:00
parent 4de39f2682
commit a0050a5fac
4 changed files with 152 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
hooklib/reg.c
View File

@ -43,6 +43,11 @@ static LSTATUS reg_hook_query_val_locked(
void *bytes,
uint32_t *nbytes);
static LSTATUS reg_hook_open_locked_a(
HKEY parent,
const char *name,
HKEY *out);
/* API hooks */
static LSTATUS WINAPI hook_RegOpenKeyExW(
@ -52,6 +57,13 @@ static LSTATUS WINAPI hook_RegOpenKeyExW(
uint32_t access,
HKEY *out);
static LSTATUS WINAPI hook_RegOpenKeyExA(
HKEY parent,
const char *name,
uint32_t flags,
uint32_t access,
HKEY *out);
static LSTATUS WINAPI hook_RegCreateKeyExW(
HKEY parent,
const wchar_t *name,
@ -108,6 +120,13 @@ static LSTATUS (WINAPI *next_RegOpenKeyExW)(
uint32_t access,
HKEY *out);
static LSTATUS (WINAPI *next_RegOpenKeyExA)(
HKEY parent,
const char *name,
uint32_t flags,
uint32_t access,
HKEY *out);
static LSTATUS (WINAPI *next_RegCreateKeyExW)(
HKEY parent,
const wchar_t *name,
@ -160,6 +179,10 @@ static const struct hook_symbol reg_hook_syms[] = {
.name = "RegOpenKeyExW",
.patch = hook_RegOpenKeyExW,
.link = (void **) &next_RegOpenKeyExW,
},{
.name = "RegOpenKeyExA",
.patch = hook_RegOpenKeyExA,
.link = (void **) &next_RegOpenKeyExA,
}, {
.name = "RegCreateKeyExW",
.patch = hook_RegCreateKeyExW,
@ -369,6 +392,70 @@ static LSTATUS reg_hook_open_locked(
return err;
}
static LSTATUS reg_hook_open_locked_a(
HKEY parent,
const char *name,
HKEY *out)
{
struct reg_hook_key *key;
LSTATUS err;
size_t i;
wchar_t *name_w;
size_t name_c;
*out = NULL;
mbstowcs_s(&name_c, NULL, 0, name, 0);
name_w = malloc(name_c * sizeof(wchar_t));
if (name_w == NULL) {
return ERROR_OUTOFMEMORY;
}
mbstowcs_s(NULL, name_w, name_c, name, name_c - 1);
for (i = 0 ; i < reg_hook_nkeys ; i++) {
/* Assume reg keys are referenced from a root key and not from some
intermediary key */
key = &reg_hook_keys[i];
if (key->root == parent && wstr_ieq(key->name, name_w)) {
break;
}
}
/* (Bail out if we didn't find anything; this causes the open/create call
to be passed onward down the hook chain) */
if (i >= reg_hook_nkeys) {
return ERROR_SUCCESS;
}
/* Assume only one handle will be open at a time */
if (key->handle != NULL) {
return ERROR_SHARING_VIOLATION;
}
/* Open a unique HKEY handle that we can use to identify accesses to
this virtual registry key. We open a read-only handle to an arbitrary
registry key that we can reliably assume exists and isn't one of the
hardcoded root handles. HKLM\SOFTWARE will suffice for this purpose. */
err = next_RegOpenKeyExA(
HKEY_LOCAL_MACHINE,
"SOFTWARE",
0,
KEY_READ,
out);
if (err == ERROR_SUCCESS) {
key->handle = *out;
}
return err;
}
static LSTATUS WINAPI hook_RegOpenKeyExW(
HKEY parent,
const wchar_t *name,
@ -397,6 +484,34 @@ static LSTATUS WINAPI hook_RegOpenKeyExW(
return err;
}
static LSTATUS WINAPI hook_RegOpenKeyExA(
HKEY parent,
const char *name,
uint32_t flags,
uint32_t access,
HKEY *out)
{
LSTATUS err;
if (out == NULL) {
return ERROR_INVALID_PARAMETER;
}
EnterCriticalSection(&reg_hook_lock);
err = reg_hook_open_locked_a(parent, name, out);
LeaveCriticalSection(&reg_hook_lock);
if (err == ERROR_SUCCESS) {
if (*out != NULL) {
//dprintf("Registry: Opened virtual key %s\n", name);
} else {
err = next_RegOpenKeyExA(parent, name, flags, access, out);
}
}
return err;
}
static LSTATUS WINAPI hook_RegCreateKeyExW(
HKEY parent,
const wchar_t *name,