archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/windows/core/ntuser/kernel/srvhook.c

561 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /****************************** Module Header ******************************\
  2. * Module Name: srvhook.c
  3. *
  4. * Copyright (c) 1985 - 1999, Microsoft Corporation
  5. *
  6. * Server side of hook calls and callbacks.
  7. *
  8. * 05-09-91 ScottLu Created.
  9. \***************************************************************************/
  11. #include "precomp.h"
  12. #pragma hdrstop
  14. LRESULT fnHkINLPCBTCREATESTRUCT(UINT msg, WPARAM wParam, LPCBT_CREATEWND pcbt,
  15. PROC xpfnProc, BOOL bAnsi);
  17. /***************************************************************************\
  18. * xxxHkCallHook
  19. *
  20. * This is the server-side stub that calls to the client to call the actual
  21. * hook function.
  22. *
  23. * History:
  24. * 05-09-91 ScottLu Rewrote to make all hooks work client/server!
  25. * 01-28-91 DavidPe Created.
  26. \***************************************************************************/
  28. LRESULT xxxHkCallHook(
  29. PHOOK phk,
  30. int nCode,
  31. WPARAM wParam,
  32. LPARAM lParam)
  33. {
  34. LRESULT nRet;
  35. PROC pfnHk, pfnHookProc;
  36. PPFNCLIENT ppfnClient;
  37. PCWPSTRUCTEX pcwp;
  38. PCWPRETSTRUCTEX pcwpret;
  39. PCLIENTINFO pci;
  40. ULONG_PTR dwHookData;
  41. ULONG_PTR dwFlags;
  42. struct tagSMS *psms;
  43. #ifdef LATER
  44. /*
  45. * WindowsBug 246329
  46. * The code was supposed to prevent the backdoor
  47. * for the surprise foreground change.
  48. * However, the implementation below locks the
  49. * entire system, preventing the legit, expected
  50. * foreground change too. It's obvious on MP systems.
  51. * E.g. in the case global hooks such as
  52. * GETMESSAGEHOOK are installed, the chances are
  53. * pretty high.
  54. * For this time being, instead of making the lock
  55. * per process or per thread, we decided to simply
  56. * disable the foreground lock during the hook
  57. * callback.
  58. */
  59. TL tlSFWLock;
  60. BOOL fLockForeground;
  61. #endif
  63. DbgValidateHooks(phk, phk->iHook);
  64. /*
  65. * Only low level hooks are allowed in the RIT context.
  66. * Also asssert that the hook is not destroyed
  67. */
  68. #ifdef REDIRECTION
  69. UserAssert((PtiCurrent() != gptiRit)
  70. || (phk->iHook == WH_MOUSE_LL)
  71. || (phk->iHook == WH_KEYBOARD_LL)
  72. || (phk->iHook == WH_HITTEST));
  73. #else
  74. UserAssert((PtiCurrent() != gptiRit)
  75. || (phk->iHook == WH_MOUSE_LL)
  76. || (phk->iHook == WH_KEYBOARD_LL));
  77. #endif // REDIRECTION
  79. /*
  80. * While we're still inside the critical section make sure the
  81. * hook hasn't been 'freed'. If so just return 0.
  82. */
  83. if (phk->offPfn != 0) {
  84. pfnHookProc = PFNHOOK(phk);
  85. } else {
  86. return 0;
  87. }
  89. ppfnClient = (phk->flags & HF_ANSI) ? &gpsi->apfnClientA :
  90. &gpsi->apfnClientW;
  92. #ifdef LATER // per 246329
  93. /*
  94. * LATER5.0 GerardoB. This might generate some hate reactions but I'm
  95. * not sure we want people hooking just to steal the foreground.
  96. * Prevent hookprocs from other processes from switching the foreground
  97. */
  98. fLockForeground = (GETPTI(phk)->ppi != PpiCurrent());
  99. if (fLockForeground) {
  100. ThreadLockSFWLockCount(&tlSFWLock);
  101. }
  102. #endif
  104. switch(phk->iHook) {
  105. case WH_CALLWNDPROC:
  106. case WH_CALLWNDPROCRET:
  107. if (phk->iHook == WH_CALLWNDPROC) {
  108. pcwp = (PCWPSTRUCTEX)lParam;
  109. psms = pcwp->psmsSender;
  110. } else {
  111. pcwpret = (PCWPRETSTRUCTEX)lParam;
  112. psms = pcwpret->psmsSender;
  113. }
  115. /*
  116. * If the sender has died or timed out, don't call the
  117. * hook because any memory the message points to may be invalid.
  118. */
  119. if (psms != NULL && (psms->flags & (SMF_SENDERDIED | SMF_REPLY))) {
  120. nRet = 0;
  121. break;
  122. }
  124. /*
  125. * This is the hardest of the hooks because we need to thunk through
  126. * the message hooks in order to deal with synchronously sent messages
  127. * that point to structures - to get the structures passed across
  128. * alright, etc.
  129. *
  130. * This will call a special client-side routine that'll rebundle the
  131. * arguments and call the hook in the right format.
  132. *
  133. * Currently, the message thunk callbacks to the client-side don't take
  134. * enough parameters to pass wParam (which == fInterThread send msg).
  135. * To do this, call one of two functions.
  136. */
  137. pci = GetClientInfo();
  138. if (phk->iHook == WH_CALLWNDPROC) {
  139. pfnHk = ppfnClient->pfnHkINLPCWPSTRUCT;
  140. } else {
  141. pfnHk = ppfnClient->pfnHkINLPCWPRETSTRUCT;
  142. try {
  143. pci->dwHookData = pcwpret->lResult;
  144. } except (W32ExceptionHandler(FALSE, RIP_WARNING)) {
  145. nRet = 0;
  146. break;
  147. }
  148. }
  150. /*
  151. * Save current hook state.
  152. */
  153. try {
  154. dwFlags = pci->CI_flags & CI_INTERTHREAD_HOOK;
  155. dwHookData = pci->dwHookData;
  157. if (wParam) {
  158. pci->CI_flags |= CI_INTERTHREAD_HOOK;
  159. } else {
  160. pci->CI_flags &= ~CI_INTERTHREAD_HOOK;
  161. }
  162. } except (W32ExceptionHandler(FALSE, RIP_WARNING)) {
  163. nRet = 0;
  164. break;
  165. }
  166. if (phk->iHook == WH_CALLWNDPROC) {
  167. nRet = ScSendMessageSMS(
  168. PW(pcwp->hwnd),
  169. pcwp->message,
  170. pcwp->wParam,
  171. pcwp->lParam,
  172. (ULONG_PTR)pfnHookProc, pfnHk,
  173. (phk->flags & HF_ANSI) ?
  174. (SCMS_FLAGS_ANSI|SCMS_FLAGS_INONLY) :
  175. SCMS_FLAGS_INONLY,
  176. psms);
  177. } else {
  178. nRet = ScSendMessageSMS(
  179. PW(pcwpret->hwnd),
  180. pcwpret->message,
  181. pcwpret->wParam,
  182. pcwpret->lParam,
  183. (ULONG_PTR)pfnHookProc, pfnHk,
  184. (phk->flags & HF_ANSI) ?
  185. (SCMS_FLAGS_ANSI|SCMS_FLAGS_INONLY) :
  186. SCMS_FLAGS_INONLY,
  187. psms);
  188. }
  189. /*
  190. * Restore previous hook state.
  191. */
  192. try {
  193. pci->CI_flags ^= ((pci->CI_flags ^ dwFlags) & CI_INTERTHREAD_HOOK);
  194. pci->dwHookData = dwHookData;
  195. } except (W32ExceptionHandler(FALSE, RIP_WARNING)) {
  196. nRet = 0;
  197. }
  198. break;
  199. case WH_CBT:
  200. /*
  201. * There are many different types of CBT hooks!
  202. */
  203. switch(nCode) {
  204. case HCBT_CLICKSKIPPED:
  205. goto MouseHook;
  206. break;
  208. case HCBT_CREATEWND:
  209. /*
  210. * This hook type points to a CREATESTRUCT, so we need to
  211. * be fancy with it's thunking, because a CREATESTRUCT contains
  212. * a pointer to CREATEPARAMS which can be anything... so
  213. * funnel this through our message thunks.
  214. */
  215. nRet = fnHkINLPCBTCREATESTRUCT(
  216. MAKELONG((WORD)nCode, (WORD)phk->iHook),
  217. wParam,
  218. (LPCBT_CREATEWND)lParam,
  219. pfnHookProc,
  220. (phk->flags & HF_ANSI) ? TRUE : FALSE);
  221. break;
  223. #ifdef REDIRECTION
  224. case HCBT_GETCURSORPOS:
  226. /*
  227. * This hook type points to a POINT structure, so it's pretty
  228. * simple.
  229. */
  230. nRet = fnHkINLPPOINT(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  231. wParam, (LPPOINT)lParam, (ULONG_PTR)pfnHookProc,
  232. ppfnClient->pfnDispatchHook);
  233. break;
  234. #endif // REDIRECTION
  236. case HCBT_MOVESIZE:
  238. /*
  239. * This hook type points to a RECT structure, so it's pretty
  240. * simple.
  241. */
  242. nRet = fnHkINLPRECT(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  243. wParam, (LPRECT)lParam, (ULONG_PTR)pfnHookProc,
  244. ppfnClient->pfnDispatchHook);
  245. break;
  247. case HCBT_ACTIVATE:
  248. /*
  249. * This hook type points to a CBTACTIVATESTRUCT
  250. */
  251. nRet = fnHkINLPCBTACTIVATESTRUCT(MAKELONG((UINT)nCode,
  252. (UINT)phk->iHook), wParam, (LPCBTACTIVATESTRUCT)lParam,
  253. (ULONG_PTR)pfnHookProc, ppfnClient->pfnDispatchHook);
  254. break;
  256. default:
  258. /*
  259. * The rest of the cbt hooks are all dword parameters.
  260. */
  261. nRet = fnHkINDWORD(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  262. wParam, lParam, (ULONG_PTR)pfnHookProc,
  263. ppfnClient->pfnDispatchHook, &phk->flags);
  264. break;
  265. }
  266. break;
  268. case WH_FOREGROUNDIDLE:
  269. /*
  270. * These are dword parameters and are therefore real easy.
  271. *
  272. */
  273. nRet = fnHkINDWORD(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  274. wParam, lParam, (ULONG_PTR)pfnHookProc,
  275. ppfnClient->pfnDispatchHook, &phk->flags);
  276. break;
  278. case WH_SHELL:
  280. if (nCode == HSHELL_GETMINRECT) {
  281. /*
  282. * This hook type points to a RECT structure, so it's pretty
  283. * simple.
  284. */
  285. nRet = fnHkINLPRECT(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  286. wParam, (LPRECT)lParam, (ULONG_PTR)pfnHookProc,
  287. ppfnClient->pfnDispatchHook);
  288. break;
  289. }
  291. /*
  292. * Otherwise fall through to the simple case of DWORD below
  293. */
  295. case WH_KEYBOARD:
  296. /*
  297. * These are dword parameters and are therefore real easy.
  298. */
  299. nRet = fnHkINDWORD(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  300. wParam, lParam, (ULONG_PTR)pfnHookProc,
  301. ppfnClient->pfnDispatchHook, &phk->flags);
  302. break;
  304. case WH_MSGFILTER:
  305. case WH_SYSMSGFILTER:
  306. case WH_GETMESSAGE:
  307. /*
  308. * These take an lpMsg as their last parameter. Since these are
  309. * exclusively posted parameters, and since nowhere on the server
  310. * do we post a message with a pointer to some other structure in
  311. * it, the lpMsg structure contents can all be treated verbatim.
  312. */
  313. nRet = fnHkINLPMSG(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  314. wParam, (LPMSG)lParam, (ULONG_PTR)pfnHookProc,
  315. ppfnClient->pfnDispatchHook,
  316. (phk->flags & HF_ANSI) ? TRUE : FALSE, &phk->flags);
  317. break;
  319. case WH_JOURNALPLAYBACK:
  321. #ifdef HOOKBATCH
  322. /*
  323. * If this hook has cached playback info then we need to grab
  324. * the info out of the cache.
  325. */
  327. if (phk->cEventMessages) {
  328. if (nCode == HC_GETNEXT) {
  329. LPEVENTMSG pEventMsg;
  330. pEventMsg = (LPEVENTMSG)lParam;
  332. if (phk->flags & HF_NEEDHC_SKIP)
  333. phk->iCurrentEvent++;
  335. if (phk->iCurrentEvent < phk->cEventMessages) {
  336. *pEventMsg = phk->aEventCache[phk->iCurrentEvent];
  337. } else {
  339. /*
  340. * Free the cache set if it is still around
  341. */
  342. if (phk->aEventCache) {
  343. UserFreePool(phk->aEventCache);
  344. phk->aEventCache = NULL;
  345. }
  346. phk->cEventMessages = 0;
  347. phk->iCurrentEvent = 0;
  349. goto MakeClientJournalPlaybackCall;
  350. }
  352. /*
  353. * Return the time and zero the batched time so if we sleep
  354. * this time we won't sleep again next time
  355. */
  356. nRet = pEventMsg->time;
  357. if (nRet)
  358. phk->aEventCache[phk->iCurrentEvent].time = 0;
  359. } else if (nCode == HC_SKIP) {
  360. phk->iCurrentEvent++;
  361. nRet = 0;
  362. }
  364. } else {
  365. #endif // HOOKBATCH
  366. /*
  367. * In order to avoid a client/server transition for HC_SKIP we
  368. * piggy-back it on top of the next journal playback event and
  369. * send it from there.
  370. */
  371. // MakeClientJournalPlaybackCall:
  372. nRet = fnHkOPTINLPEVENTMSG(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  373. (WPARAM)PtoHq(phk), (LPEVENTMSG)lParam, (ULONG_PTR)pfnHookProc,
  374. ppfnClient->pfnDispatchHook);
  375. #ifdef HOOKBATCH
  376. }
  378. /*
  379. * Determine if we received a cached set of events if so then store
  380. * them away off of the hook.
  381. * paramL will be the number of events.
  382. * paramH will be the array of events.
  383. */
  384. if ((nCode == HC_GETNEXT) && (((LPEVENTMSG)lParam)->message == 0x12341234)) {
  385. NTSTATUS Status;
  386. LPEVENTMSG pEventMsg = (LPEVENTMSG)lParam;
  388. /*
  389. * We should not be getting another cached set if we aren't
  390. * done with the first set
  391. */
  392. UserAssert((phk->cEventMessages == 0) ||
  393. (phk->cEventMessages >= phk->iCurrentEvent));
  394. UserAssert((pEventMsg->paramL < 500) && (pEventMsg->paramL > 1));
  396. /*
  397. * Free the last cache set if it is still around
  398. */
  399. if (phk->aEventCache) {
  400. UserFreePool(phk->aEventCache);
  401. phk->aEventCache = NULL;
  402. }
  404. if (phk->aEventCache = LocalAlloc(LPTR,
  405. pEventMsg->paramL*sizeof(EVENTMSG))) {
  406. PETHREAD Thread = PsGetCurrentThread();
  408. Status = ZwReadVirtualMemory(Thread->Process->ProcessHandle,
  409. (PVOID)pEventMsg->paramH, phk->aEventCache,
  410. pEventMsg->paramL*sizeof(EVENTMSG), NULL);
  412. if (NT_SUCCESS(Status)) {
  413. phk->cEventMessages = pEventMsg->paramL;
  414. phk->iCurrentEvent = 0;
  416. /*
  417. * Fill in the real EventMsg for this message
  418. */
  419. *pEventMsg = phk->aEventCache[0];
  420. phk->aEventCache[0].time = 0;
  421. }
  423. } else {
  424. phk->cEventMessages = 0;
  425. phk->iCurrentEvent = 0;
  426. }
  427. }
  428. #endif // HOOKBATCH
  430. phk->flags &= ~HF_NEEDHC_SKIP;
  431. break;
  433. case WH_JOURNALRECORD:
  435. nRet = fnHkOPTINLPEVENTMSG(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  436. wParam, (LPEVENTMSG)lParam, (ULONG_PTR)pfnHookProc,
  437. ppfnClient->pfnDispatchHook);
  438. break;
  440. case WH_DEBUG:
  441. /*
  442. * This takes an lpDebugHookStruct.
  443. */
  444. nRet = fnHkINLPDEBUGHOOKSTRUCT(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  445. wParam, (LPDEBUGHOOKINFO)lParam, (ULONG_PTR)pfnHookProc,
  446. ppfnClient->pfnDispatchHook);
  447. break;
  449. case WH_KEYBOARD_LL:
  450. /*
  451. * This takes an lpKbdHookStruct.
  452. */
  453. nRet = fnHkINLPKBDLLHOOKSTRUCT(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  454. wParam, (LPKBDLLHOOKSTRUCT)lParam,
  455. (ULONG_PTR)pfnHookProc, ppfnClient->pfnDispatchHook);
  456. break;
  458. case WH_MOUSE_LL:
  459. /*
  460. * This takes an lpMsllHookStruct.
  461. */
  462. nRet = fnHkINLPMSLLHOOKSTRUCT(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  463. wParam, (LPMSLLHOOKSTRUCT)lParam,
  464. (ULONG_PTR)pfnHookProc, ppfnClient->pfnDispatchHook);
  465. break;
  467. case WH_MOUSE:
  468. /*
  469. * This takes an lpMouseHookStructEx.
  470. */
  471. MouseHook:
  472. nRet = fnHkINLPMOUSEHOOKSTRUCTEX(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  473. wParam, (LPMOUSEHOOKSTRUCTEX)lParam,
  474. (ULONG_PTR)pfnHookProc, ppfnClient->pfnDispatchHook, &phk->flags);
  475. break;
  477. #ifdef REDIRECTION
  478. case WH_HITTEST:
  479. /*
  480. * This takes an lpHTHookStruct.
  481. */
  482. nRet = fnHkINLPHTHOOKSTRUCT(MAKELONG((UINT)nCode, (UINT)phk->iHook),
  483. wParam, (LPHTHOOKSTRUCT)lParam,
  484. (ULONG_PTR)pfnHookProc, ppfnClient->pfnDispatchHook);
  485. break;
  486. #endif // REDIRECTION
  488. }
  490. #ifdef LATER // per 246329
  491. if (fLockForeground) {
  492. ThreadUnlockSFWLockCount(&tlSFWLock);
  493. }
  494. #endif
  496. return nRet;
  497. }
  499. /***************************************************************************\
  500. * fnHkINLPCWPEXSTRUCT
  501. *
  502. * This gets thunked through the message thunks, so it has the format
  503. * of a c/s message thunk call.
  504. *
  505. * 05-09-91 ScottLu Created.
  506. \***************************************************************************/
  508. LRESULT fnHkINLPCWPEXSTRUCT(
  509. PWND pwnd,
  510. UINT message,
  511. WPARAM wParam,
  512. LPARAM lParam,
  513. ULONG_PTR xParam)
  514. {
  515. CWPSTRUCTEX cwp;
  516. PCLIENTINFO pci = GetClientInfo();
  517. BOOL bInterThread;
  519. UNREFERENCED_PARAMETER(xParam);
  521. cwp.hwnd = HW(pwnd);
  522. cwp.message = message;
  523. cwp.wParam = wParam;
  524. cwp.lParam = lParam;
  525. cwp.psmsSender = NULL;
  526. try {
  527. bInterThread = (pci->CI_flags & CI_INTERTHREAD_HOOK) != 0;
  528. } except (W32ExceptionHandler(FALSE, RIP_WARNING)) {
  529. return 0;
  530. }
  532. return xxxCallNextHookEx(HC_ACTION, bInterThread, (LPARAM)&cwp);
  533. }
  535. LRESULT fnHkINLPCWPRETEXSTRUCT(
  536. PWND pwnd,
  537. UINT message,
  538. WPARAM wParam,
  539. LPARAM lParam,
  540. ULONG_PTR xParam)
  541. {
  542. CWPRETSTRUCTEX cwp;
  543. PCLIENTINFO pci = GetClientInfo();
  544. BOOL bInterThread;
  546. UNREFERENCED_PARAMETER(xParam);
  548. cwp.hwnd = HW(pwnd);
  549. cwp.message = message;
  550. cwp.wParam = wParam;
  551. cwp.lParam = lParam;
  552. cwp.psmsSender = NULL;
  553. try {
  554. cwp.lResult = pci->dwHookData;
  555. bInterThread = (pci->CI_flags & CI_INTERTHREAD_HOOK) != 0;
  556. } except (W32ExceptionHandler(FALSE, RIP_WARNING)) {
  557. return 0;
  558. }
  560. return xxxCallNextHookEx(HC_ACTION, bInterThread, (LPARAM)&cwp);
  561. }