mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
294 lines
8.3 KiB
294 lines
8.3 KiB
#ifndef WIN32_LEAN_AND_MEAN
|
|
#define WIN32_LEAN_AND_MEAN
|
|
#endif // WIN32_LEAN_AND_MEAN
|
|
|
|
#define INITGUID
|
|
#include <stdio.h>
|
|
#include <windows.h>
|
|
#include <wmium.h>
|
|
#include <wmistr.h>
|
|
#include <setupapi.h>
|
|
#include <regstr.h>
|
|
#include <devguid.h>
|
|
#include <ntddkbd.h>
|
|
#include "winkeycmn.h"
|
|
|
|
void WinKeyWmiRawDataCallback(PWNODE_HEADER WnodeHeader, ULONG_PTR Context)
|
|
{
|
|
PWNODE_SINGLE_INSTANCE wNode;
|
|
LPGUID eventGuid;
|
|
|
|
wNode = (PWNODE_SINGLE_INSTANCE)WnodeHeader;
|
|
eventGuid = &WnodeHeader->Guid;
|
|
|
|
if (IsEqualGUID(eventGuid, &GUID_WMI_WINKEY_RAW_DATA)) {
|
|
PKEYBOARD_INPUT_DATA pPackets;
|
|
ULONG numPackets, i;
|
|
|
|
numPackets = wNode->SizeDataBlock / sizeof(KEYBOARD_INPUT_DATA);
|
|
pPackets = (PKEYBOARD_INPUT_DATA) (((PBYTE) wNode) + wNode->DataBlockOffset);
|
|
|
|
for (i = 0; i < numPackets; i++) {
|
|
printf("code %04x, flags %04x (",
|
|
(ULONG) pPackets[i].MakeCode, (ULONG) pPackets[i].Flags);
|
|
|
|
if (pPackets[i].Flags & KEY_BREAK) {
|
|
printf("break");
|
|
}
|
|
else {
|
|
printf("make");
|
|
}
|
|
|
|
if (pPackets[i].Flags & KEY_E0) {
|
|
printf(", E0");
|
|
}
|
|
else if (pPackets[i].Flags & KEY_E1) {
|
|
printf(", E1");
|
|
}
|
|
|
|
printf(")\n");
|
|
}
|
|
}
|
|
}
|
|
|
|
BOOL g_quit = FALSE;
|
|
|
|
BOOL WINAPI CtrlHandler(DWORD dwCtrlType)
|
|
{
|
|
switch (dwCtrlType) {
|
|
case CTRL_C_EVENT:
|
|
case CTRL_BREAK_EVENT:
|
|
case CTRL_CLOSE_EVENT:
|
|
printf("received ctrl event %d\n", dwCtrlType);
|
|
g_quit = TRUE;
|
|
return TRUE;
|
|
default:
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
#define STR_WINKEYD TEXT("winkeyd")
|
|
|
|
BOOL AddFilter(HKEY ClassKey)
|
|
{
|
|
DWORD dwType, dwSize;
|
|
ULONG res,
|
|
filterLength,
|
|
length;
|
|
BOOLEAN added = FALSE,
|
|
addFilter;
|
|
TCHAR szFilter[] = STR_WINKEYD TEXT("\0");
|
|
PTCHAR szCurrentFilter, szOffset, szUpperFilters;
|
|
|
|
filterLength = lstrlen(szFilter);
|
|
|
|
dwSize = 0;
|
|
res = RegQueryValueEx(ClassKey,
|
|
REGSTR_VAL_UPPERFILTERS,
|
|
NULL,
|
|
&dwType,
|
|
NULL,
|
|
&dwSize);
|
|
|
|
if (res == ERROR_FILE_NOT_FOUND || dwType != REG_MULTI_SZ) {
|
|
//
|
|
// Value isn't there,
|
|
//
|
|
RegSetValueEx(ClassKey,
|
|
REGSTR_VAL_UPPERFILTERS,
|
|
0,
|
|
REG_MULTI_SZ,
|
|
(PBYTE) szFilter,
|
|
(filterLength + 2) * sizeof(TCHAR) );
|
|
|
|
added = TRUE;
|
|
}
|
|
else if (res == ERROR_SUCCESS) {
|
|
|
|
szUpperFilters = (PTCHAR)
|
|
LocalAlloc(LPTR, dwSize + (filterLength + 1) * sizeof(TCHAR));
|
|
|
|
if (!szUpperFilters)
|
|
return FALSE;
|
|
|
|
szOffset = szUpperFilters + filterLength + 1;
|
|
|
|
res = RegQueryValueEx(ClassKey,
|
|
REGSTR_VAL_UPPERFILTERS,
|
|
NULL,
|
|
&dwType,
|
|
(PBYTE) szOffset,
|
|
&dwSize);
|
|
|
|
if (res == ERROR_SUCCESS) {
|
|
|
|
addFilter = TRUE;
|
|
for (szCurrentFilter = szOffset; *szCurrentFilter; ) {
|
|
|
|
length = lstrlen(szCurrentFilter);
|
|
if (lstrcmpi(szFilter, szCurrentFilter) == 0) {
|
|
addFilter = FALSE;
|
|
break;
|
|
}
|
|
|
|
szCurrentFilter += (length + 1);
|
|
}
|
|
|
|
if (addFilter) {
|
|
|
|
length = (filterLength + 1) * sizeof(TCHAR);
|
|
memcpy(szUpperFilters, szFilter, length);
|
|
|
|
dwSize += length;
|
|
res = RegSetValueEx(ClassKey,
|
|
REGSTR_VAL_UPPERFILTERS,
|
|
0,
|
|
REG_MULTI_SZ,
|
|
(PBYTE) szUpperFilters,
|
|
dwSize);
|
|
|
|
added = (res == ERROR_SUCCESS);
|
|
}
|
|
}
|
|
|
|
LocalFree(szUpperFilters);
|
|
}
|
|
|
|
return added;
|
|
}
|
|
|
|
void RestartDevices()
|
|
{
|
|
HDEVINFO hDevInfo;
|
|
SP_DEVINFO_DATA did;
|
|
SP_DEVINSTALL_PARAMS dip;
|
|
int i;
|
|
|
|
hDevInfo = SetupDiGetClassDevs(&GUID_DEVCLASS_KEYBOARD, NULL, NULL, 0);
|
|
|
|
if (hDevInfo != INVALID_HANDLE_VALUE) {
|
|
ZeroMemory(&did, sizeof(SP_DEVINFO_DATA));
|
|
did.cbSize = sizeof(SP_DEVINFO_DATA);
|
|
|
|
for (i = 0; SetupDiEnumDeviceInfo(hDevInfo, i, &did); i++) {
|
|
//
|
|
// restart the controller so that the filter driver is in
|
|
// place
|
|
//
|
|
ZeroMemory(&dip, sizeof(SP_DEVINSTALL_PARAMS));
|
|
dip.cbSize = sizeof(SP_DEVINSTALL_PARAMS);
|
|
|
|
if (SetupDiGetDeviceInstallParams(hDevInfo, &did, &dip)) {
|
|
dip.Flags |= DI_PROPERTIES_CHANGE;
|
|
SetupDiSetDeviceInstallParams(hDevInfo, &did, &dip);
|
|
}
|
|
}
|
|
|
|
SetupDiDestroyDeviceInfoList(hDevInfo);
|
|
}
|
|
}
|
|
|
|
int
|
|
InstallService()
|
|
{
|
|
char szBin[MAX_PATH];
|
|
SC_HANDLE hSCM, hService;
|
|
|
|
strcpy(szBin, "System32\\Drivers\\winkeyd.sys");
|
|
|
|
hSCM = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CREATE_SERVICE);
|
|
|
|
if (NULL == hSCM) {
|
|
return FALSE;
|
|
}
|
|
|
|
hService = CreateService(
|
|
hSCM, // SCManager database
|
|
STR_WINKEYD, // name of service
|
|
"WinKey keyboard filter driver", // service name to display
|
|
SERVICE_ALL_ACCESS, // desired access
|
|
SERVICE_KERNEL_DRIVER, // service type
|
|
SERVICE_DEMAND_START, // start type
|
|
SERVICE_ERROR_NORMAL, // error control type
|
|
szBin, // service's binary
|
|
NULL, // no load ordering group
|
|
NULL, // no tag identifier
|
|
NULL, // no dependencies
|
|
NULL, // LocalSystem account
|
|
NULL); // no password
|
|
|
|
CloseServiceHandle(hService);
|
|
CloseServiceHandle(hSCM);
|
|
|
|
if (NULL == hService) {
|
|
return FALSE;
|
|
}
|
|
else {
|
|
//
|
|
// Alternatively, what you can do is call SetupDiGetClassDevs, iterate over
|
|
// all the keyboards on the machine, find the one which as a service of
|
|
// "i8042prt" and install winkeyd.sys as an upper filter of just the
|
|
// ps/2 keyboard instead of an upper filter of every keyboard.
|
|
//
|
|
HKEY hKeyClass = SetupDiOpenClassRegKey(&GUID_DEVCLASS_KEYBOARD, KEY_ALL_ACCESS);
|
|
int success = FALSE;
|
|
if (hKeyClass != 0) {
|
|
if (AddFilter(hKeyClass)) {
|
|
RestartDevices();
|
|
success = TRUE;
|
|
}
|
|
RegCloseKey(hKeyClass);
|
|
}
|
|
|
|
return success;
|
|
}
|
|
}
|
|
|
|
|
|
int _cdecl main(int argc, char *argv[])
|
|
{
|
|
//
|
|
// This is an example application of how to listen for WMI events generated
|
|
// by winkeyd.sys
|
|
//
|
|
if (argc > 1 && _strcmpi(argv[1], "/install") == 0) {
|
|
//
|
|
// Make sure winkeyd.sys is copied into %windir%\system32\drivers first,
|
|
// this appliation does not copy it over!
|
|
//
|
|
return InstallService();
|
|
}
|
|
|
|
printf("registering WMI callback.\n");
|
|
if (WmiNotificationRegistration((LPGUID) &GUID_WMI_WINKEY_RAW_DATA,
|
|
TRUE,
|
|
WinKeyWmiRawDataCallback,
|
|
(ULONG_PTR) NULL, // context
|
|
NOTIFICATION_CALLBACK_DIRECT) == ERROR_SUCCESS) {
|
|
|
|
SetConsoleCtrlHandler(CtrlHandler, TRUE);
|
|
|
|
while (!g_quit) {
|
|
Sleep(5000);
|
|
}
|
|
|
|
printf("unregistering WMI callback.\n");
|
|
|
|
//
|
|
// unregister
|
|
//
|
|
WmiNotificationRegistration((LPGUID) &GUID_WMI_WINKEY_RAW_DATA,
|
|
FALSE,
|
|
WinKeyWmiRawDataCallback,
|
|
(ULONG_PTR) NULL, // context
|
|
NOTIFICATION_CALLBACK_DIRECT);
|
|
|
|
return 0;
|
|
}
|
|
else {
|
|
printf("could not register WMI callback.\n");
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|