2016-01-06 00:01:17 +09:00
# include "host.h"
2018-08-23 11:53:23 -04:00
# include "defs.h"
2018-11-22 15:53:32 -05:00
# include "util.h"
2019-03-13 11:54:19 -04:00
# include "../texthook/texthook.h"
2016-01-06 00:01:17 +09:00
2019-02-27 11:33:17 -05:00
extern const wchar_t * ALREADY_INJECTED ;
extern const wchar_t * ARCHITECTURE_MISMATCH ;
extern const wchar_t * INJECT_FAILED ;
extern const wchar_t * CONSOLE ;
extern const wchar_t * CLIPBOARD ;
2018-08-24 12:50:20 -04:00
namespace
2018-08-23 11:53:23 -04:00
{
2018-10-31 12:04:32 -04:00
class ProcessRecord
2018-08-24 12:50:20 -04:00
{
2018-10-31 12:04:32 -04:00
public :
2018-11-27 15:54:04 -05:00
ProcessRecord ( DWORD processId , HANDLE pipe ) :
processId ( processId ) ,
pipe ( pipe ) ,
2018-12-01 15:55:32 -05:00
mappedFile ( OpenFileMappingW ( FILE_MAP_READ , FALSE , ( ITH_SECTION_ + std : : to_wstring ( processId ) ) . c_str ( ) ) ) ,
2019-01-10 21:47:16 -05:00
view ( * ( const TextHook ( * ) [ MAX_HOOK ] ) MapViewOfFile ( mappedFile , FILE_MAP_READ , 0 , 0 , HOOK_SECTION_SIZE / 2 ) ) , // jichi 1/16/2015: Changed to half to hook section size
2018-12-01 15:55:32 -05:00
viewMutex ( ITH_HOOKMAN_MUTEX_ + std : : to_wstring ( processId ) )
2019-02-04 15:18:47 -05:00
{ }
2018-11-22 15:53:32 -05:00
2018-10-31 12:04:32 -04:00
~ ProcessRecord ( )
{
2018-12-01 15:55:32 -05:00
UnmapViewOfFile ( view ) ;
2018-10-31 12:04:32 -04:00
}
TextHook GetHook ( uint64_t addr )
{
2018-12-01 15:55:32 -05:00
if ( view = = nullptr ) return { } ;
2019-01-09 22:35:01 -05:00
std : : scoped_lock lock ( viewMutex ) ;
2019-01-10 21:47:16 -05:00
for ( auto hook : view )
if ( hook . address = = addr ) return hook ;
2018-10-31 12:04:32 -04:00
return { } ;
}
2018-11-27 15:54:04 -05:00
template < typename T >
2019-02-16 22:51:10 -05:00
void Send ( T data )
2018-11-27 15:54:04 -05:00
{
2019-02-16 22:51:10 -05:00
static_assert ( sizeof ( data ) < PIPE_BUFFER_SIZE ) ;
2019-01-10 21:47:16 -05:00
std : : thread ( [ = ]
{
2019-02-09 18:24:54 -05:00
DWORD DUMMY ;
2019-01-10 21:47:16 -05:00
WriteFile ( pipe , & data , sizeof ( data ) , & DUMMY , nullptr ) ;
} ) . detach ( ) ;
2018-11-27 15:54:04 -05:00
}
2018-10-31 12:04:32 -04:00
private :
2018-11-27 15:54:04 -05:00
DWORD processId ;
HANDLE pipe ;
2018-12-01 15:55:32 -05:00
AutoHandle < > mappedFile ;
2019-01-10 21:47:16 -05:00
const TextHook ( & view ) [ MAX_HOOK ] ;
2018-12-01 15:55:32 -05:00
WinMutex viewMutex ;
2018-08-24 12:50:20 -04:00
} ;
2019-01-09 22:35:01 -05:00
size_t HashThreadParam ( ThreadParam tp )
{
2019-01-11 16:15:42 -05:00
return std : : hash < int64_t > ( ) ( tp . processId + tp . addr ) + std : : hash < int64_t > ( ) ( tp . ctx + tp . ctx2 ) ;
2019-01-09 22:35:01 -05:00
}
2019-02-04 15:18:47 -05:00
ThreadSafe < std : : unordered_map < ThreadParam , TextThread , Functor < HashThreadParam > > , std : : recursive_mutex > textThreadsByParams ;
2019-01-06 02:57:52 -05:00
ThreadSafe < std : : unordered_map < DWORD , ProcessRecord > , std : : recursive_mutex > processRecordsByIds ;
2018-08-22 21:31:15 -04:00
2019-02-04 15:18:47 -05:00
Host : : ProcessEventHandler OnConnect , OnDisconnect ;
Host : : ThreadEventHandler OnCreate , OnDestroy ;
2018-08-24 12:50:20 -04:00
void RemoveThreads ( std : : function < bool ( ThreadParam ) > removeIf )
{
2019-02-04 15:18:47 -05:00
std : : vector < TextThread * > threadsToRemove ;
std : : for_each ( textThreadsByParams - > begin ( ) , textThreadsByParams - > end ( ) , [ & ] ( auto & it ) { if ( removeIf ( it . first ) ) threadsToRemove . push_back ( & it . second ) ; } ) ;
for ( auto thread : threadsToRemove )
{
OnDestroy ( * thread ) ;
textThreadsByParams - > erase ( thread - > tp ) ;
}
2018-08-24 12:50:20 -04:00
}
2018-11-04 01:34:49 -05:00
void CreatePipe ( )
2018-08-24 12:50:20 -04:00
{
2018-09-01 14:11:48 -04:00
std : : thread ( [ ]
2018-08-24 12:50:20 -04:00
{
2019-01-09 22:35:01 -05:00
struct PipeCloser { void operator ( ) ( HANDLE h ) { DisconnectNamedPipe ( h ) ; CloseHandle ( h ) ; } } ;
AutoHandle < PipeCloser >
2019-02-16 22:51:10 -05:00
hookPipe = CreateNamedPipeW ( HOOK_PIPE , PIPE_ACCESS_INBOUND , PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE , PIPE_UNLIMITED_INSTANCES , 0 , PIPE_BUFFER_SIZE , MAXDWORD , & allAccess ) ,
hostPipe = CreateNamedPipeW ( HOST_PIPE , PIPE_ACCESS_OUTBOUND , PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE , PIPE_UNLIMITED_INSTANCES , PIPE_BUFFER_SIZE , 0 , MAXDWORD , & allAccess ) ;
static AutoHandle < > pipeAvailableEvent = CreateEventW ( & allAccess , FALSE , FALSE , PIPE_AVAILABLE_EVENT ) ;
SetEvent ( pipeAvailableEvent ) ;
2018-08-24 12:50:20 -04:00
ConnectNamedPipe ( hookPipe , nullptr ) ;
2018-11-22 15:53:32 -05:00
BYTE buffer [ PIPE_BUFFER_SIZE ] = { } ;
2018-08-24 12:50:20 -04:00
DWORD bytesRead , processId ;
ReadFile ( hookPipe , & processId , sizeof ( processId ) , & bytesRead , nullptr ) ;
2019-01-10 02:00:39 -05:00
processRecordsByIds - > try_emplace ( processId , processId , hostPipe ) ;
2019-02-04 15:18:47 -05:00
OnConnect ( processId ) ;
2018-08-24 12:50:20 -04:00
2018-11-04 01:34:49 -05:00
CreatePipe ( ) ;
2018-09-09 22:37:48 -04:00
2018-08-24 12:50:20 -04:00
while ( ReadFile ( hookPipe , buffer , PIPE_BUFFER_SIZE , & bytesRead , nullptr ) )
2018-11-10 23:29:12 -05:00
switch ( * ( HostNotificationType * ) buffer )
2018-08-24 12:50:20 -04:00
{
case HOST_NOTIFICATION_RMVHOOK :
{
auto info = * ( HookRemovedNotif * ) buffer ;
2018-11-04 20:48:46 -05:00
RemoveThreads ( [ & ] ( ThreadParam tp ) { return tp . processId = = processId & & tp . addr = = info . address ; } ) ;
2018-08-24 12:50:20 -04:00
}
break ;
case HOST_NOTIFICATION_TEXT :
{
auto info = * ( ConsoleOutputNotif * ) buffer ;
2018-11-25 16:23:41 -05:00
Host : : AddConsoleOutput ( Util : : StringToWideString ( info . message ) . value ( ) ) ;
2018-08-24 12:50:20 -04:00
}
break ;
default :
{
2018-11-19 08:17:00 -05:00
auto tp = * ( ThreadParam * ) buffer ;
2019-02-04 15:18:47 -05:00
if ( textThreadsByParams - > count ( tp ) = = 0 )
{
TextThread & created = textThreadsByParams - > try_emplace ( tp , tp , Host : : GetHookParam ( tp ) ) . first - > second ;
OnCreate ( created ) ;
}
textThreadsByParams - > find ( tp ) - > second . Push ( buffer + sizeof ( tp ) , bytesRead - sizeof ( tp ) ) ;
2018-08-24 12:50:20 -04:00
}
break ;
}
2018-08-22 18:05:45 -04:00
2018-11-27 15:54:04 -05:00
RemoveThreads ( [ & ] ( ThreadParam tp ) { return tp . processId = = processId ; } ) ;
2019-02-04 15:18:47 -05:00
OnDisconnect ( processId ) ;
2018-11-27 15:54:04 -05:00
processRecordsByIds - > erase ( processId ) ;
2018-08-24 12:50:20 -04:00
} ) . detach ( ) ;
}
}
2016-01-06 00:01:17 +09:00
2018-07-23 12:25:02 -07:00
namespace Host
2016-01-06 00:01:17 +09:00
{
2019-02-04 15:18:47 -05:00
void Start ( ProcessEventHandler Connect , ProcessEventHandler Disconnect , ThreadEventHandler Create , ThreadEventHandler Destroy , TextThread : : OutputCallback Output )
2018-11-27 15:54:04 -05:00
{
2019-02-04 15:18:47 -05:00
OnConnect = Connect ;
OnDisconnect = Disconnect ;
OnCreate = [ Create ] ( TextThread & thread ) { Create ( thread ) ; thread . Start ( ) ; } ;
OnDestroy = [ Destroy ] ( TextThread & thread ) { thread . Stop ( ) ; Destroy ( thread ) ; } ;
2018-11-27 15:54:04 -05:00
TextThread : : Output = Output ;
2019-02-04 15:18:47 -05:00
2019-01-10 02:00:39 -05:00
processRecordsByIds - > try_emplace ( console . processId , console . processId , INVALID_HANDLE_VALUE ) ;
2019-02-04 15:18:47 -05:00
OnConnect ( console . processId ) ;
textThreadsByParams - > try_emplace ( console , console , HookParam { } , CONSOLE ) ;
OnCreate ( GetThread ( console ) ) ;
textThreadsByParams - > try_emplace ( clipboard , clipboard , HookParam { } , CLIPBOARD ) ;
OnCreate ( GetThread ( clipboard ) ) ;
2018-11-04 01:34:49 -05:00
CreatePipe ( ) ;
2019-01-20 09:52:35 -05:00
2019-02-16 00:33:38 -05:00
static AutoHandle < > clipboardUpdate = CreateEventW ( nullptr , FALSE , TRUE , NULL ) ;
2019-01-20 09:52:35 -05:00
SetWindowsHookExW ( WH_GETMESSAGE , [ ] ( int statusCode , WPARAM wParam , LPARAM lParam )
{
2019-02-16 00:33:38 -05:00
if ( statusCode = = HC_ACTION & & wParam = = PM_REMOVE & & ( ( MSG * ) lParam ) - > message = = WM_CLIPBOARDUPDATE ) SetEvent ( clipboardUpdate ) ;
2019-01-20 09:52:35 -05:00
return CallNextHookEx ( NULL , statusCode , wParam , lParam ) ;
} , NULL , GetCurrentThreadId ( ) ) ;
2019-02-16 00:33:38 -05:00
std : : thread ( [ ]
{
while ( WaitForSingleObject ( clipboardUpdate , INFINITE ) = = WAIT_OBJECT_0 )
if ( auto text = Util : : GetClipboardText ( ) ) GetThread ( clipboard ) . AddSentence ( std : : move ( text . value ( ) ) ) ;
throw ;
} ) . detach ( ) ;
2018-07-23 12:25:02 -07:00
}
2019-02-16 00:33:38 -05:00
void InjectProcess ( DWORD processId )
2018-07-23 12:25:02 -07:00
{
2019-02-16 00:33:38 -05:00
std : : thread ( [ processId ]
2018-07-23 12:25:02 -07:00
{
2019-02-16 00:33:38 -05:00
if ( processId = = GetCurrentProcessId ( ) ) return ;
2018-07-23 12:25:02 -07:00
2019-02-16 00:33:38 -05:00
WinMutex ( ITH_HOOKMAN_MUTEX_ + std : : to_wstring ( processId ) ) ;
if ( GetLastError ( ) = = ERROR_ALREADY_EXISTS ) return AddConsoleOutput ( ALREADY_INJECTED ) ;
2018-07-23 12:25:02 -07:00
2019-02-16 00:33:38 -05:00
if ( AutoHandle < > process = OpenProcess ( PROCESS_ALL_ACCESS , FALSE , processId ) )
2018-08-22 15:11:58 -04:00
{
2019-02-16 00:33:38 -05:00
# ifdef _WIN64
BOOL invalidProcess = FALSE ;
IsWow64Process ( process , & invalidProcess ) ;
if ( invalidProcess ) return AddConsoleOutput ( ARCHITECTURE_MISMATCH ) ;
2018-08-22 15:11:58 -04:00
# endif
2019-02-16 22:51:10 -05:00
static std : : wstring location = Util : : GetModuleFilename ( LoadLibraryExW ( ITH_DLL , nullptr , DONT_RESOLVE_DLL_REFERENCES ) ) . value ( ) ;
2019-02-16 00:33:38 -05:00
if ( LPVOID remoteData = VirtualAllocEx ( process , nullptr , ( location . size ( ) + 1 ) * sizeof ( wchar_t ) , MEM_RESERVE | MEM_COMMIT , PAGE_READWRITE ) )
2018-08-22 15:11:58 -04:00
{
2019-02-16 00:33:38 -05:00
WriteProcessMemory ( process , remoteData , location . c_str ( ) , ( location . size ( ) + 1 ) * sizeof ( wchar_t ) , nullptr ) ;
if ( AutoHandle < > thread = CreateRemoteThread ( process , nullptr , 0 , ( LPTHREAD_START_ROUTINE ) LoadLibraryW , remoteData , 0 , nullptr ) ) WaitForSingleObject ( thread , INFINITE ) ;
2018-11-27 15:54:04 -05:00
VirtualFreeEx ( process , remoteData , 0 , MEM_RELEASE ) ;
2019-02-16 00:33:38 -05:00
return ;
2018-08-22 15:11:58 -04:00
}
}
2018-07-23 12:25:02 -07:00
2019-02-16 00:33:38 -05:00
AddConsoleOutput ( INJECT_FAILED ) ;
} ) . detach ( ) ;
2018-05-11 16:46:05 -04:00
}
2018-07-23 12:25:02 -07:00
2018-08-24 14:04:23 -04:00
void DetachProcess ( DWORD processId )
2018-05-11 16:46:05 -04:00
{
2019-02-21 13:09:44 -05:00
processRecordsByIds - > at ( processId ) . Send ( HOST_COMMAND_DETACH ) ;
2018-07-23 12:25:02 -07:00
}
2018-12-01 15:55:32 -05:00
void InsertHook ( DWORD processId , HookParam hp )
2018-07-23 12:25:02 -07:00
{
2018-12-17 21:03:42 -05:00
processRecordsByIds - > at ( processId ) . Send ( InsertHookCmd ( hp ) ) ;
2018-07-23 12:25:02 -07:00
}
2016-01-06 00:01:17 +09:00
2018-12-01 15:55:32 -05:00
HookParam GetHookParam ( ThreadParam tp )
2018-05-11 16:46:05 -04:00
{
2018-12-17 21:03:42 -05:00
return processRecordsByIds - > at ( tp . processId ) . GetHook ( tp . addr ) . hp ;
2018-05-11 16:46:05 -04:00
}
2016-01-06 00:01:17 +09:00
2019-02-04 15:18:47 -05:00
TextThread & GetThread ( ThreadParam tp )
2018-07-23 12:25:02 -07:00
{
2019-02-04 15:18:47 -05:00
return textThreadsByParams - > at ( tp ) ;
2018-07-23 12:25:02 -07:00
}
2018-05-11 16:46:05 -04:00
2018-12-28 12:14:56 -05:00
void AddConsoleOutput ( std : : wstring text )
{
2019-02-09 00:30:38 -05:00
GetThread ( console ) . AddSentence ( std : : move ( text ) ) ;
2018-11-01 15:03:30 -04:00
}
2016-01-06 00:01:17 +09:00
}