Merge 0ddbe45 into 51aacac

LeonarddeR · web-flow · commit 4415eb7d88ac · 2023-03-30T21:03:39.000+10:00
diff --git a/nvdaHelper/archBuild_sconscript b/nvdaHelper/archBuild_sconscript
@@ -200,6 +200,12 @@ mathPlayerRPCStubs=env.SConscript('mathPlayer_sconscript')
 if TARGET_ARCH=='x86':
 	env.Install(sourceTypelibDir,mathPlayerRPCStubs[0]) #typelib
 
+detoursLib = env.SConscript('detours/sconscript')
+Export('detoursLib')
+
+apiHookObj = env.Object("apiHook","common/apiHook.cpp")
+Export('apiHookObj')
+
 if TARGET_ARCH=='x86':
 	localLib=env.SConscript('local/sconscript')
 	Export('localLib')
@@ -224,9 +230,6 @@ if signExec:
 	env.AddPostAction(clientLib[0],[signExec])
 env.Install(clientInstallDir,clientLib)
 
-detoursLib = env.SConscript('detours/sconscript')
-Export('detoursLib')
-
 remoteLib=env.SConscript('remote/sconscript')
 Export('remoteLib')
 if signExec:
diff --git a/nvdaHelper/common/apiHook.cpp b/nvdaHelper/common/apiHook.cpp
@@ -18,9 +18,7 @@ This license can be found at:
 #include <windows.h>
 #include <delayimp.h>
 #include <detours/src/detours.h>
-#include <remote/nvdaControllerInternal.h>
-#include <common/log.h>
-#include "dllmain.h"
+#include "log.h"
 #include "apiHook.h"
 
 using namespace std;
diff --git a/nvdaHelper/common/apiHook.h b/nvdaHelper/common/apiHook.h
diff --git a/nvdaHelper/local/nvdaHelperLocal.cpp b/nvdaHelper/local/nvdaHelperLocal.cpp
@@ -19,21 +19,25 @@ This license can be found at:
 #include <rpc.h>
 #include <sddl.h>
 #include <common/log.h>
+#include <common/apiHook.h>
 #include <local/nvdaControllerInternal.h>
 #include "nvdaHelperLocal.h"
 #include "dllImportTableHooks.h"
 #include "rpcsrv.h"
 
-DllImportTableHooks* oleaccHooks = NULL;
-DllImportTableHooks* uiaCoreHooks = NULL;
+decltype(&SendMessageW) real_SendMessageW = nullptr;
+decltype(&SendMessageTimeoutW) real_SendMessageTimeoutW = nullptr;
+decltype(&OpenClipboard) real_OpenClipboard = nullptr;
+
+bool isSecureModeNVDAProcess=false;
 
 typedef struct _RPC_SECURITY_QOS_V5_W {
   unsigned long Version;
   unsigned long Capabilities;
   unsigned long IdentityTracking;
   unsigned long ImpersonationType;
   unsigned long AdditionalSecurityInfoType;
-  union 
+  union
       {
       RPC_HTTP_TRANSPORT_CREDENTIALS_W *HttpCredentials;
       } u;
@@ -53,7 +57,7 @@ handle_t createRemoteBindingHandle(wchar_t* uuidString) {
 	if((rpcStatus=RpcBindingFromStringBinding(stringBinding,&bindingHandle))!=RPC_S_OK) {
 		LOG_ERROR(L"RpcBindingFromStringBinding failed with status "<<rpcStatus);
 		return NULL;
-	} 
+	}
 	//On Windows 8 we must allow AppContainer servers to communicate back to us
 	//Detect Windows 8 by looking for RpcServerRegisterIf3
 	HANDLE rpcrt4Handle=GetModuleHandle(L"rpcrt4.dll");
@@ -106,7 +110,7 @@ DWORD WINAPI bgSendMessageThreadProc(LPVOID param) {
 				bgSendMessageData.error = ERROR_CANCELLED;
 				break;
 			}
-			if (SendMessageTimeoutW(bgSendMessageData.hwnd, bgSendMessageData.Msg, bgSendMessageData.wParam, bgSendMessageData.lParam, bgSendMessageData.fuFlags, std::min(remainingTimeout, CANCELSENDMESSAGE_CHECK_INTERVAL), &bgSendMessageData.dwResult) != 0) {
+			if (real_SendMessageTimeoutW(bgSendMessageData.hwnd, bgSendMessageData.Msg, bgSendMessageData.wParam, bgSendMessageData.lParam, bgSendMessageData.fuFlags, std::min(remainingTimeout, CANCELSENDMESSAGE_CHECK_INTERVAL), &bgSendMessageData.dwResult) != 0) {
 				// Success.
 				bgSendMessageData.error = 0;
 				break;
@@ -147,7 +151,7 @@ LRESULT cancellableSendMessageTimeout(HWND hwnd, UINT Msg, WPARAM wParam, LPARAM
 	DWORD currentThreadId = GetCurrentThreadId();
 	if (currentThreadId == mainThreadId && GetWindowThreadProcessId(hwnd, NULL) == mainThreadId) {
 		// We're sending a message to our own thread, so just forward the call.
-		return SendMessageTimeoutW(hwnd, Msg, wParam, lParam, fuFlags, uTimeout, lpdwResult);
+		return real_SendMessageTimeoutW(hwnd, Msg, wParam, lParam, fuFlags, uTimeout, lpdwResult);
 	}
 
 	if (currentThreadId != mainThreadId) {
@@ -167,7 +171,7 @@ LRESULT cancellableSendMessageTimeout(HWND hwnd, UINT Msg, WPARAM wParam, LPARAM
 				SetLastError(ERROR_CANCELLED);
 				return 0;
 			}
-			if ((ret = SendMessageTimeoutW(hwnd, Msg, wParam, lParam, fuFlags, std::min(remainingTimeout, CANCELSENDMESSAGE_CHECK_INTERVAL), lpdwResult)) != 0 || GetLastError() != ERROR_TIMEOUT) {
+			if ((ret = real_SendMessageTimeoutW(hwnd, Msg, wParam, lParam, fuFlags, std::min(remainingTimeout, CANCELSENDMESSAGE_CHECK_INTERVAL), lpdwResult)) != 0 || GetLastError() != ERROR_TIMEOUT) {
 				// Success or error other than timeout.
 				return ret;
 			}
@@ -232,44 +236,40 @@ LRESULT WINAPI fake_SendMessageTimeoutW(HWND hwnd, UINT Msg, WPARAM wParam, LPAR
 	return cancellableSendMessageTimeout(hwnd, Msg, wParam, lParam, fuFlags, uTimeout, lpdwResult);
 }
 
-void nvdaHelperLocal_initialize() {
+//A replacement OpenClipboard function to disable the use of the clipboard in a secure mode NVDA process
+//Simply returns false without calling the original OpenClipboard
+BOOL WINAPI fake_OpenClipboard(HWND hwndOwner) {
+	return false;
+}
+
+void nvdaHelperLocal_initialize(int secureMode) {
+	if(secureMode) {
+		isSecureModeNVDAProcess = true;
+	}
 	startServer();
 	mainThreadId = GetCurrentThreadId();
 	cancelCallEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
 	bgSendMessageData.execEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
 	bgSendMessageData.completeEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
 	bgSendMessageData.isActive = false;
 	CloseHandle(CreateThread(NULL, 0, bgSendMessageThreadProc, NULL, 0, NULL));
-	HMODULE oleacc = LoadLibraryA("oleacc.dll");
-	if (!oleacc)
-		return;
-	oleaccHooks = new DllImportTableHooks(oleacc);
-	oleaccHooks->requestFunctionHook("USER32.dll", "SendMessageW", fake_SendMessageW);
-	oleaccHooks->requestFunctionHook("USER32.dll", "SendMessageTimeoutW", fake_SendMessageTimeoutW);
-	oleaccHooks->hookFunctions();
-	HMODULE uiaCore = LoadLibraryA("UIAutomationCore.dll");
-	// It is not an error if UIA isn't present.
-	if (uiaCore) {
-		uiaCoreHooks = new DllImportTableHooks(uiaCore);
-		uiaCoreHooks->requestFunctionHook("USER32.dll", "SendMessageW", fake_SendMessageW);
-		uiaCoreHooks->requestFunctionHook("USER32.dll", "SendMessageTimeoutW", fake_SendMessageTimeoutW);
-		uiaCoreHooks->hookFunctions();
+	// Begin API hooking transaction
+	apiHook_beginTransaction();
+	// Hook SendMessageW and SendMessageTimeoutW to ensure that
+	// we can cancel such calls when they would otherwise freeze NVDA's process.
+	apiHook_hookFunction_safe(SendMessageW, fake_SendMessageW, &real_SendMessageW);
+	apiHook_hookFunction_safe(SendMessageTimeoutW, fake_SendMessageTimeoutW, &real_SendMessageTimeoutW);
+	// For secure mode NVDA process, hook OpenClipboard to disable usage of the clipboard
+	if (isSecureModeNVDAProcess) {
+		apiHook_hookFunction_safe(OpenClipboard, fake_OpenClipboard, &real_OpenClipboard);
 	}
+	// Enable all registered API hooks by committing the transaction
+	apiHook_commitTransaction();
 }
 
 void nvdaHelperLocal_terminate() {
-	if (uiaCoreHooks) {
-		uiaCoreHooks->unhookFunctions();
-		FreeLibrary(uiaCoreHooks->targetModule);
-		delete uiaCoreHooks;
-		uiaCoreHooks = NULL;
-	}
-	if (oleaccHooks) {
-		oleaccHooks->unhookFunctions();
-		FreeLibrary(oleaccHooks->targetModule);
-		delete oleaccHooks;
-		oleaccHooks = NULL;
-	}
+	// Unregister and terminate API hooks
+	apiHook_terminate();
 	// Terminate the background SendMessage thread.
 	bgSendMessageData.hwnd = NULL;
 	SetEvent(bgSendMessageData.execEvent);
diff --git a/nvdaHelper/local/nvdaHelperLocal.h b/nvdaHelper/local/nvdaHelperLocal.h
@@ -18,7 +18,11 @@ This license can be found at:
 
 handle_t createRemoteBindingHandle(wchar_t* uuidString);
 LRESULT cancellableSendMessageTimeout(HWND hwnd, UINT Msg, WPARAM wParam, LPARAM lParam, UINT fuFlags, UINT uTimeout, PDWORD_PTR lpdwResult);
-void nvdaHelperLocal_initialize();
+/*
+ * Initializes the NVDAHelper local library
+ * @param secureMode 1 specifies that the NVDA process initializing NVDAHelper is in secure mode
+ */
+void nvdaHelperLocal_initialize(int secureMode);
 void nvdaHelperLocal_terminate();
 
 #endif
diff --git a/nvdaHelper/local/sconscript b/nvdaHelper/local/sconscript
@@ -14,6 +14,8 @@
 
 Import([
 	'env',
+	'detoursLib',
+	'apiHookObj',
 ])
 
 winIPCUtilsObj=env.Object("./winIPCUtils","../common/winIPCUtils.cpp")
@@ -71,6 +73,7 @@ localLib=env.SharedLibrary(
 	target="nvdaHelperLocal",
 	source=[
 		env['projectResFile'],
+		apiHookObj,
 		"nvdaHelperLocal.cpp",
 		"beeps.cpp",
 		vbufRPCClientSource,
@@ -97,6 +100,7 @@ localLib=env.SharedLibrary(
 		"oleaut32",
 		"rpcrt4",
 		"shlwapi",
+		detoursLib,
 	],
 )
 
diff --git a/nvdaHelper/remote/gdiHooks.cpp b/nvdaHelper/remote/gdiHooks.cpp
@@ -22,7 +22,7 @@ This license can be found at:
 #include <usp10.h>
 #include "nvdaHelperRemote.h"
 #include "dllmain.h"
-#include "apiHook.h"
+#include <common/apiHook.h>
 #include "displayModel.h"
 #include <common/log.h>
 #include <remote/nvdaControllerInternal.h>
diff --git a/nvdaHelper/remote/injection.cpp b/nvdaHelper/remote/injection.cpp
@@ -21,7 +21,7 @@ This license can be found at:
 #include <shlwapi.h>
 #include <sddl.h>
 #include <common/log.h>
-#include "apiHook.h"
+#include <common/apiHook.h>
 #include <remote/nvdaController.h>
 #include <remote/nvdaControllerInternal.h>
 #include <common/lock.h>
@@ -45,7 +45,6 @@ map<long,HHOOK> callWndProcHooksByThread;
 map<long,HHOOK> getMessageHooksByThread;
 long tlsIndex_inThreadInjectionID=0;
 bool isProcessExiting=false;
-bool isSecureModeNVDAProcess=false;
 SetWindowsHookEx_funcType real_SetWindowsHookExA=NULL;
 
 //Code executed in-process
@@ -128,14 +127,6 @@ void killRunningWindowsHooks() {
 	}
 }
 
-//A replacement OpenClipboard function to disable the use of the clipboard in a secure mode NVDA process
-//Simply returns false without calling the original OpenClipboard
-typedef BOOL(WINAPI *OpenClipboard_funcType)(HWND);
-OpenClipboard_funcType real_OpenClipboard=NULL;
-BOOL WINAPI fake_OpenClipboard(HWND hwndOwner) {
-	return false;
-}
-
 //A thread function that runs while  NVDA is injected in a process.
 //Note that a mutex is used to make sure that there is never more than one copy of this thread in a given process at any given time.
 //I.e. Another copy of NVDA is started  while the first is still running.
@@ -175,10 +166,6 @@ DWORD WINAPI inprocMgrThreadFunc(LPVOID data) {
 	// Hook SetWindowsHookExA so that we can juggle hooks around a bit.
 	// Fixes #2411
 	apiHook_hookFunction_safe(SetWindowsHookExA, fake_SetWindowsHookExA, &real_SetWindowsHookExA);
-	// For secure mode NVDA process, hook OpenClipboard to disable usage of the clipboard
-	if (isSecureModeNVDAProcess) {
-		apiHook_hookFunction_safe(OpenClipboard, fake_OpenClipboard, &real_OpenClipboard);
-	}
 	// Initialize in-process subsystems
 	inProcess_initialize();
 	// Enable all registered API hooks by committing the transaction
@@ -339,10 +326,8 @@ BOOL outprocInitialized=FALSE;
 
 /**
  * Initializes the out-of-process code for NVDAHelper 
- * @param secureMode 1 specifies that NVDA is running in seucre mode, 0 says not.
  */ 
-BOOL injection_initialize(int secureMode) {
-	if(secureMode) isSecureModeNVDAProcess=true;
+BOOL injection_initialize() {
 	if(outprocInitialized) {
 		MessageBox(NULL,L"Already initialized",L"nvdaHelperRemote (injection_initialize)",0);
 		return FALSE;
diff --git a/nvdaHelper/remote/nvdaHelperRemote.h b/nvdaHelper/remote/nvdaHelperRemote.h
@@ -21,13 +21,12 @@ This license can be found at:
 
 /**
  * Initializes nvdaHelperRemote, and allows it to inject in to processes.
- * @param secureMode 1 specifies that the NVDA process initializing NVDAHelper is in secure mode
  */
-BOOL injection_initialize(int secureMode);
+BOOL injection_initialize();
 
 /**
  * Terminates nvdaHelperRemote, allowing it to uninject from any processes.
- */ 
+ */
 BOOL injection_terminate();
 
 //Win event registration
diff --git a/nvdaHelper/remote/sconscript b/nvdaHelper/remote/sconscript
@@ -16,6 +16,7 @@ Import([
 	'env',
 	'ia2RPCStubs',
 	'detoursLib',
+	'apiHookObj',
 ])
 
 winIPCUtilsObj=env.Object("./winIPCUtils","../common/winIPCUtils.cpp")
@@ -86,7 +87,7 @@ source = [
 	"injection.cpp",
 	"log.cpp",
 	"inProcess.cpp",
-	"apiHook.cpp",
+	apiHookObj,
 	"inputLangChange.cpp",
 	"typedCharacter.cpp",
 	"ime.cpp",
diff --git a/nvdaHelper/remoteLoader/loader.cpp b/nvdaHelper/remoteLoader/loader.cpp
@@ -23,7 +23,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR cmdline,
 	#ifndef NDEBUG
 	Beep(440,100);
 	#endif
-	res=injection_initialize(0);
+	res=injection_initialize();
 	assert(res!=0); //nvdaHelper_initialize
 	// Wait for input or EOF.
 	getc(stdin);
diff --git a/source/NVDAHelper.py b/source/NVDAHelper.py
@@ -563,7 +563,7 @@ def initialize() -> None:
 		except AttributeError as e:
 			log.error("nvdaHelperLocal function pointer for %s could not be found, possibly old nvdaHelperLocal dll"%name,exc_info=True)
 			raise e
-	localLib.nvdaHelperLocal_initialize()
+	localLib.nvdaHelperLocal_initialize(globalVars.appArgs.secure)
 	generateBeep=localLib.generateBeep
 	generateBeep.argtypes=[c_char_p,c_float,c_int,c_int,c_int]
 	generateBeep.restype=c_int
@@ -588,7 +588,7 @@ def initialize() -> None:
 		log.critical("Error loading nvdaHelperRemote.dll: %s" % WinError())
 		return
 	_remoteLib=CDLL("nvdaHelperRemote",handle=h)
-	if _remoteLib.injection_initialize(globalVars.appArgs.secure) == 0:
+	if _remoteLib.injection_initialize() == 0:
 		raise RuntimeError("Error initializing NVDAHelperRemote")
 	if not _remoteLib.installIA2Support():
 		log.error("Error installing IA2 support")
