Skip to content

Commit cc9b6b3

Browse files
AmrsatrioAmrsatrio
committed
Taskbar10: Revised the method for hooking ShowLauncherTipContextMenu (#3837)
1 parent 78e6248 commit cc9b6b3

1 file changed

Lines changed: 45 additions & 84 deletions

File tree

ExplorerPatcher/TwinUIPatches.cpp

Lines changed: 45 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,22 @@ namespace ExperienceManagerUtils
278278
}
279279
}
280280

281+
// Before using this, please make sure that the vtable is in the real module not a stub.
282+
#define REPLACE_VTABLE_ENTRY(vtable, index, name) \
283+
{ \
284+
auto ppfn = (decltype(&name##Func))&vtable[index]; \
285+
if (*ppfn != name##Hook) \
286+
{ \
287+
name##Func = *ppfn; \
288+
DWORD dwOldProtectLocal; \
289+
if (VirtualProtect(ppfn, sizeof(void*), PAGE_EXECUTE_READWRITE, &dwOldProtectLocal)) \
290+
{ \
291+
*ppfn = name##Hook; \
292+
VirtualProtect(ppfn, sizeof(void*), dwOldProtectLocal, &dwOldProtectLocal); \
293+
} \
294+
} \
295+
}
296+
281297
#pragma endregion
282298

283299

@@ -322,11 +338,12 @@ BOOL IsCrashCounterEnabled();
322338
#define WINX_ADJUST_X 5
323339
#define WINX_ADJUST_Y 5
324340

325-
static INT64(*winrt_Windows_Internal_Shell_implementation_MeetAndChatManager_OnMessageFunc)(void* _this, INT64 a2, INT a3 ) = nullptr;
326-
static INT64(*CLauncherTipContextMenu_ShowLauncherTipContextMenuFunc)(void* _this, POINT* pt) = nullptr;
341+
static HRESULT(*winrt_Windows_Internal_Shell_implementation_MeetAndChatManager_OnMessageFunc)(void* _this, UINT uMsg, WPARAM wParam, LPARAM lParam) = nullptr;
342+
static HRESULT(*CLauncherTipContextMenu_ShowLauncherTipContextMenuFunc)(void* _this, POINT* pt) = nullptr;
327343
static void(*CLauncherTipContextMenu_ExecuteCommandFunc)(void* _this, void* a2) = nullptr;
328344
static void(*CLauncherTipContextMenu_ExecuteShutdownCommandFunc)(void* _this, void* a2) = nullptr;
329-
static INT64(*CLauncherTipContextMenu_GetMenuItemsAsyncFunc)(void* _this, RECT rect, IUnknown** iunk) = nullptr;
345+
static HRESULT(*CLauncherTipContextMenu_GetMenuItemsAsyncFunc)(void* _this, RECT rect, IUnknown** iunk) = nullptr;
346+
static DWORD g_rvaILauncherTipContextMenuVtbl;
330347

331348
HWND hWinXWnd;
332349
HANDLE hIsWinXShown;
@@ -589,10 +606,7 @@ DWORD ShowLauncherTipContextMenu(LPVOID lpParams)
589606
return 0;
590607
}
591608

592-
INT64 CLauncherTipContextMenu_ShowLauncherTipContextMenuHook(
593-
void* _this,
594-
POINT* pt
595-
)
609+
HRESULT CLauncherTipContextMenu_ShowLauncherTipContextMenuHook(void* _this, POINT* pt)
596610
{
597611
if (hWinXThread)
598612
{
@@ -714,7 +728,7 @@ INT64 CLauncherTipContextMenu_ShowLauncherTipContextMenuHook(
714728
{
715729
return CLauncherTipContextMenu_ShowLauncherTipContextMenuFunc(_this, pt);
716730
}
717-
return 0;
731+
return S_OK;
718732
}
719733

720734
extern "C" void ToggleLauncherTipContextMenu()
@@ -793,25 +807,21 @@ LSTATUS twinuipcshell_RegGetValueW(
793807
return lRes;
794808
}
795809

796-
INT64 winrt_Windows_Internal_Shell_implementation_MeetAndChatManager_OnMessageHook(
797-
void* _this,
798-
INT64 a2,
799-
INT a3
800-
)
810+
HRESULT winrt_Windows_Internal_Shell_implementation_MeetAndChatManager_OnMessageHook(void* _this, UINT uMsg, WPARAM wParam, LPARAM lParam)
801811
{
802812
if (!bClockFlyoutOnWinC)
803813
{
804814
if (winrt_Windows_Internal_Shell_implementation_MeetAndChatManager_OnMessageFunc)
805815
{
806-
return winrt_Windows_Internal_Shell_implementation_MeetAndChatManager_OnMessageFunc(_this, a2, a3);
816+
return winrt_Windows_Internal_Shell_implementation_MeetAndChatManager_OnMessageFunc(_this, uMsg, wParam, lParam);
807817
}
808-
return 0;
818+
return S_OK;
809819
}
810-
if (a2 == 786 && a3 == 107)
820+
if (uMsg == 0x2C2 && wParam == 107)
811821
{
812822
InvokeClockFlyout();
813823
}
814-
return 0;
824+
return S_OK;
815825
}
816826

817827
#pragma endregion
@@ -2118,60 +2128,15 @@ BOOL FixStartMenuAnimation(LPMODULEINFO mi)
21182128
return FALSE;
21192129
}
21202130

2121-
DWORD dwOldProtect = 0;
2122-
21232131
void** vtable = (void**)matchVtable;
2124-
void** p_OnViewUncloaking = &vtable[4];
2125-
void** p_OnViewUncloaked = &vtable[5];
2126-
void** p_OnViewCloaking = &vtable[6];
2127-
void** p_OnViewHidden = &vtable[10];
2128-
2129-
// OnViewUncloaking
2130-
if (*p_OnViewUncloaking != CStartExperienceManager_OnViewUncloakingHook)
2131-
{
2132-
CStartExperienceManager_OnViewUncloakingFunc = (decltype(CStartExperienceManager_OnViewUncloakingFunc))*p_OnViewUncloaking;
2133-
if (VirtualProtect(p_OnViewUncloaking, sizeof(void*), PAGE_EXECUTE_READWRITE, &dwOldProtect))
2134-
{
2135-
*p_OnViewUncloaking = CStartExperienceManager_OnViewUncloakingHook;
2136-
VirtualProtect(p_OnViewUncloaking, sizeof(void*), dwOldProtect, &dwOldProtect);
2137-
}
2138-
}
2139-
2140-
// OnViewUncloaked
2141-
if (*p_OnViewUncloaked != CStartExperienceManager_OnViewUncloakedHook)
2142-
{
2143-
CStartExperienceManager_OnViewUncloakedFunc = (decltype(CStartExperienceManager_OnViewUncloakedFunc))*p_OnViewUncloaked;
2144-
if (VirtualProtect(p_OnViewUncloaked, sizeof(void*), PAGE_EXECUTE_READWRITE, &dwOldProtect))
2145-
{
2146-
*p_OnViewUncloaked = CStartExperienceManager_OnViewUncloakedHook;
2147-
VirtualProtect(p_OnViewUncloaked, sizeof(void*), dwOldProtect, &dwOldProtect);
2148-
}
2149-
}
2150-
2151-
// OnViewCloaking
2152-
if (*p_OnViewCloaking != CStartExperienceManager_OnViewCloakingHook)
2153-
{
2154-
CStartExperienceManager_OnViewCloakingFunc = (decltype(CStartExperienceManager_OnViewCloakingFunc))*p_OnViewCloaking;
2155-
if (VirtualProtect(p_OnViewCloaking, sizeof(void*), PAGE_EXECUTE_READWRITE, &dwOldProtect))
2156-
{
2157-
*p_OnViewCloaking = CStartExperienceManager_OnViewCloakingHook;
2158-
VirtualProtect(p_OnViewCloaking, sizeof(void*), dwOldProtect, &dwOldProtect);
2159-
}
2160-
}
2161-
2162-
// OnViewHidden
2163-
if (*p_OnViewHidden != CStartExperienceManager_OnViewHiddenHook)
2164-
{
2165-
CStartExperienceManager_OnViewHiddenFunc = (decltype(CStartExperienceManager_OnViewHiddenFunc))*p_OnViewHidden;
2166-
if (VirtualProtect(p_OnViewHidden, sizeof(void*), PAGE_EXECUTE_READWRITE, &dwOldProtect))
2167-
{
2168-
*p_OnViewHidden = CStartExperienceManager_OnViewHiddenHook;
2169-
VirtualProtect(p_OnViewHidden, sizeof(void*), dwOldProtect, &dwOldProtect);
2170-
}
2171-
}
2132+
REPLACE_VTABLE_ENTRY(vtable, 4, CStartExperienceManager_OnViewUncloaking);
2133+
REPLACE_VTABLE_ENTRY(vtable, 5, CStartExperienceManager_OnViewUncloaked);
2134+
REPLACE_VTABLE_ENTRY(vtable, 6, CStartExperienceManager_OnViewCloaking);
2135+
REPLACE_VTABLE_ENTRY(vtable, 10, CStartExperienceManager_OnViewHidden);
21722136

21732137
if (dwStartShowClassicMode)
21742138
{
2139+
DWORD dwOldProtect = 0;
21752140
#if defined(_M_X64)
21762141
if (VirtualProtect(matchHideA, 1, PAGE_EXECUTE_READWRITE, &dwOldProtect))
21772142
{
@@ -2924,9 +2889,10 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
29242889
printf("CImmersiveContextMenuOwnerDrawHelper::s_ContextMenuWndProc() = %lX\n", pOffsets[0]);
29252890
}
29262891
}
2927-
if ((!pOffsets[1] || pOffsets[1] == 0xFFFFFFFF) || (!pOffsets[6] || pOffsets[6] == 0xFFFFFFFF))
2892+
// if ((!pOffsets[1] || pOffsets[1] == 0xFFFFFFFF) || (!pOffsets[6] || pOffsets[6] == 0xFFFFFFFF))
29282893
{
29292894
UINT_PTR* vtable = nullptr;
2895+
UINT_PTR vtableRVA = 0;
29302896
#if defined(_M_X64)
29312897
// 48 8D 05 ?? ?? ?? ?? 48 8B D9 48 89 01 48 8D 05 ?? ?? ?? ?? 48 89 41 18 48 8D 05 ?? ?? ?? ?? 48 89 41 20 48 8D 05 ?? ?? ?? ?? 48 89 41 58 48 8D 05 ?? ?? ?? ?? 48 89 41 60
29322898
// ^^^^^^^^^^^
@@ -2939,6 +2905,7 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
29392905
{
29402906
match += 35; // Point to 48
29412907
vtable = (UINT_PTR*)(match + 7 + *(int*)(match + 3));
2908+
vtableRVA = (PBYTE)vtable - pFile;
29422909
}
29432910
#elif defined(_M_ARM64)
29442911
// * Pattern 1 (for 24H2):
@@ -2953,7 +2920,7 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
29532920
if (match)
29542921
{
29552922
match += 4; // Point to ADRP
2956-
UINT_PTR vtableRVA = ARM64_DecodeADRL(FileOffsetToRVA(pFile, match - pFile), *(DWORD*)match, *(DWORD*)(match + 4));
2923+
vtableRVA = ARM64_DecodeADRL(FileOffsetToRVA(pFile, match - pFile), *(DWORD*)match, *(DWORD*)(match + 4));
29572924
vtable = (UINT_PTR*)((UINT_PTR)pFile + RVAToFileOffset(pFile, vtableRVA));
29582925
}
29592926
#endif
@@ -2967,6 +2934,8 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
29672934
{
29682935
pOffsets[1] = (DWORD)(vtable[4] - 0x180000000);
29692936
}
2937+
g_rvaILauncherTipContextMenuVtbl = (DWORD)vtableRVA;
2938+
printf("ILauncherTipContextMenuVtbl = %lX\n", g_rvaILauncherTipContextMenuVtbl);
29702939
}
29712940
if (pOffsets[6] && pOffsets[6] != 0xFFFFFFFF)
29722941
{
@@ -3288,24 +3257,16 @@ extern "C" void RunTwinUIPCShellPatches(symbols_addr* symbols_PTRS)
32883257
((uintptr_t)hTwinuiPcshell + symbols_PTRS->twinui_pcshell_PTRS[5]);
32893258
}
32903259

3291-
int rv = -1;
3292-
if (symbols_PTRS->twinui_pcshell_PTRS[6] && symbols_PTRS->twinui_pcshell_PTRS[6] != 0xFFFFFFFF)
3293-
{
3294-
CLauncherTipContextMenu_ShowLauncherTipContextMenuFunc = (decltype(CLauncherTipContextMenu_ShowLauncherTipContextMenuFunc))
3295-
((uintptr_t)hTwinuiPcshell + symbols_PTRS->twinui_pcshell_PTRS[6]);
3296-
rv = funchook_prepare(
3297-
funchook,
3298-
(void**)&CLauncherTipContextMenu_ShowLauncherTipContextMenuFunc,
3299-
CLauncherTipContextMenu_ShowLauncherTipContextMenuHook
3300-
);
3301-
}
3302-
if (rv != 0)
3303-
{
3304-
printf("Failed to hook CLauncherTipContextMenu::ShowLauncherTipContextMenu(). rv = %d\n", rv);
3305-
}
3260+
int rv;
33063261

33073262
if (IsWindows11())
33083263
{
3264+
if (g_rvaILauncherTipContextMenuVtbl)
3265+
{
3266+
void** vtable = (void**)((PBYTE)hTwinuiPcshell + g_rvaILauncherTipContextMenuVtbl);
3267+
REPLACE_VTABLE_ENTRY(vtable, 3, CLauncherTipContextMenu_ShowLauncherTipContextMenu);
3268+
}
3269+
33093270
rv = -1;
33103271
if (symbols_PTRS->twinui_pcshell_PTRS[7] && symbols_PTRS->twinui_pcshell_PTRS[7] != 0xFFFFFFFF)
33113272
{

0 commit comments

Comments
 (0)