#include "fixscancodemap.h"\r
-#include "registry.h"\r
#include "misc.h"\r
+#include "windowstool.h"\r
#include <tchar.h>\r
#include <tlhelp32.h>\r
-\r
-typedef HMODULE (WINAPI *FpGetModuleHandleW)(LPCWSTR);\r
-typedef FARPROC (WINAPI *FpGetProcAddress)(HMODULE, LPCSTR);\r
-typedef BOOL (WINAPI *FpUpdatePerUserSystemParameters)(DWORD, BOOL);\r
-typedef HANDLE (WINAPI *FpOpenProcess)(DWORD, BOOL, DWORD);\r
-typedef BOOL (WINAPI *FpOpenProcessToken)(HANDLE, DWORD, PHANDLE);\r
-typedef BOOL (WINAPI *FpImpersonateLoggedOnUser)(HANDLE);\r
-typedef BOOL (WINAPI *FpRevertToSelf)(VOID);\r
-typedef BOOL (WINAPI *FpCloseHandle)(HANDLE);\r
-\r
-typedef BOOL (WINAPI *FpRegisterShellHook)(HWND, DWORD);\r
-\r
-typedef struct {\r
- DWORD retval_;\r
- DWORD pid_;\r
- TCHAR advapi32_[64];\r
- CHAR impersonateLoggedOnUser_[32];\r
- CHAR revertToSelf_[32];\r
- CHAR openProcessToken_[32];\r
- FpGetModuleHandleW pGetModuleHandle;\r
- FpGetProcAddress pGetProcAddress;\r
- FpUpdatePerUserSystemParameters pUpdate;\r
- FpOpenProcess pOpenProcess;\r
- FpCloseHandle pCloseHandle;\r
-} InjectInfo;\r
+#include <process.h>\r
\r
#pragma runtime_checks( "", off )\r
-static DWORD invokeFunc(InjectInfo *info)\r
+static DWORD WINAPI invokeFunc(InjectInfo *info)\r
{\r
BOOL ret;\r
HANDLE hToken;\r
HMODULE hAdvapi32;\r
+ DWORD result = 0;\r
+\r
FpImpersonateLoggedOnUser pImpersonateLoggedOnUser;\r
FpRevertToSelf pRevertToSelf;\r
FpOpenProcessToken pOpenProcessToken;\r
\r
- info->retval_ = 0;\r
-\r
hAdvapi32 = info->pGetModuleHandle(info->advapi32_);\r
\r
pImpersonateLoggedOnUser = (FpImpersonateLoggedOnUser)info->pGetProcAddress(hAdvapi32, info->impersonateLoggedOnUser_);\r
\r
HANDLE hProcess = info->pOpenProcess(PROCESS_QUERY_INFORMATION, FALSE, info->pid_);\r
if (hProcess == NULL) {\r
- info->retval_ = 1;\r
- return 0;\r
+ result = YAMY_ERROR_ON_OPEN_YAMY_PROCESS;\r
+ goto exit;\r
}\r
\r
ret = pOpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_DUPLICATE , &hToken);\r
if (ret == FALSE) {\r
- info->retval_ = 2;\r
- return 0;\r
+ result = YAMY_ERROR_ON_OPEN_YAMY_TOKEN;\r
+ goto exit;\r
}\r
\r
ret = pImpersonateLoggedOnUser(hToken);\r
if (ret == FALSE) {\r
- info->retval_ = 3;\r
- return 0;\r
+ result = YAMY_ERROR_ON_IMPERSONATE;\r
+ goto exit;\r
}\r
\r
- info->pUpdate(0, 1);\r
+ if (info->isVistaOrLater_) {\r
+ info->pUpdate4(1);\r
+ } else {\r
+ info->pUpdate8(0, 1);\r
+ }\r
\r
ret = pRevertToSelf();\r
if (ret == FALSE) {\r
- info->retval_ = 4;\r
- return 0;\r
+ result = YAMY_ERROR_ON_REVERT_TO_SELF;\r
+ goto exit;\r
}\r
\r
- info->pCloseHandle(hToken);\r
- info->pCloseHandle(hProcess);\r
- return 0;\r
+exit:\r
+ if (hToken != NULL) {\r
+ info->pCloseHandle(hToken);\r
+ }\r
+\r
+ if (hProcess != NULL) {\r
+ info->pCloseHandle(hProcess);\r
+ }\r
+\r
+ return result;\r
+}\r
+static int afterFunc(int arg)\r
+{\r
+ // dummy operation\r
+ // if this function empty, optimizer unify this with other empty functions.\r
+ // following code avoid it.\r
+ arg *= 710810; // non-sense operation\r
+ return arg;\r
}\r
-static void afterFunc(void){}\r
#pragma runtime_checks( "", restore )\r
\r
+const DWORD FixScancodeMap::s_fixEntryNum = 4;\r
+const DWORD FixScancodeMap::s_fixEntry[] = {\r
+ 0x003ae03a,\r
+ 0x0029e029,\r
+ 0x0070e070,\r
+ 0x007be07b,\r
+};\r
+\r
int FixScancodeMap::acquirePrivileges()\r
{\r
int ret = 0;\r
HANDLE hToken = NULL;\r
\r
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) {\r
- ret = 1;\r
+ ret = YAMY_ERROR_ON_OPEN_CURRENT_PROCESS;\r
goto exit;\r
}\r
\r
LUID luid;\r
- if (!LookupPrivilegeValue(NULL, _T("SeDebugPrivilege"), &luid)) {\r
- ret = 2;\r
+ if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {\r
+ ret = YAMY_ERROR_ON_LOOKUP_PRIVILEGE;\r
goto exit;\r
}\r
\r
tk_priv.Privileges[0].Luid = luid;\r
\r
if (!AdjustTokenPrivileges(hToken, FALSE, &tk_priv, 0, NULL, NULL)) {\r
- ret = 3;\r
+ ret = YAMY_ERROR_ON_ADJUST_PRIVILEGE;\r
goto exit;\r
}\r
\r
\r
BOOL bResult = Process32First(hSnap, &pe);\r
while (bResult){\r
- if (!_tcscmp(pe.szExeFile, _T("winlogon.exe"))) {\r
+ if (!_tcsicmp(pe.szExeFile, _T("winlogon.exe"))) {\r
DWORD sessionId;\r
\r
- if (ProcessIdToSessionId(pe.th32ProcessID, &sessionId) == FALSE) {\r
- pid = 0;\r
- break;\r
- }\r
-\r
- if (sessionId == mySessionId) {\r
- pid = pe.th32ProcessID;\r
- break;\r
+ if (ProcessIdToSessionId(pe.th32ProcessID, &sessionId) != FALSE) {\r
+ if (sessionId == mySessionId) {\r
+ pid = pe.th32ProcessID;\r
+ break;\r
+ }\r
}\r
}\r
bResult = Process32Next(hSnap, &pe);\r
}\r
\r
\r
-int FixScancodeMap::injectThread(DWORD dwPID)\r
+bool FixScancodeMap::clean(WlInfo wl)\r
{\r
int ret = 0;\r
- DWORD err = 0;\r
- BOOL wFlag;\r
-\r
- HANDLE hProcess = NULL;\r
- LPVOID remoteMem = NULL;\r
- LPVOID remoteInfo = NULL;\r
- DWORD invokeFuncAddr = (DWORD)invokeFunc;\r
- DWORD afterFuncAddr = (DWORD)afterFunc;\r
- DWORD memSize = afterFuncAddr - invokeFuncAddr;\r
- InjectInfo info;\r
- HMODULE hMod;\r
-\r
- info.pid_ = GetCurrentProcessId();\r
\r
- memcpy(&info.advapi32_, _T("advapi32.dll"), sizeof(info.advapi32_));\r
- memcpy(&info.impersonateLoggedOnUser_, "ImpersonateLoggedOnUser", sizeof(info.impersonateLoggedOnUser_));\r
- memcpy(&info.revertToSelf_, "RevertToSelf", sizeof(info.revertToSelf_));\r
- memcpy(&info.openProcessToken_, "OpenProcessToken", sizeof(info.openProcessToken_));\r
+ if (wl.m_hThread != NULL) {\r
+ DWORD result;\r
\r
- hMod = GetModuleHandle(_T("user32.dll"));\r
- if (hMod != NULL) {\r
- info.pUpdate = (FpUpdatePerUserSystemParameters)GetProcAddress(hMod, "UpdatePerUserSystemParameters");\r
- if (info.pUpdate == NULL) {\r
- return 1;\r
+ if (WaitForSingleObject(wl.m_hThread, 5000) == WAIT_TIMEOUT) {\r
+ return false;\r
}\r
- }\r
\r
- hMod = GetModuleHandle(_T("kernel32.dll"));\r
- if (hMod != NULL) {\r
- info.pGetModuleHandle = (FpGetModuleHandleW)GetProcAddress(hMod, "GetModuleHandleW");\r
- if (info.pGetModuleHandle == NULL) {\r
- return 1;\r
- }\r
+ GetExitCodeThread(wl.m_hThread, &result);\r
+ CloseHandle(wl.m_hThread);\r
\r
- info.pGetProcAddress = (FpGetProcAddress)GetProcAddress(hMod, "GetProcAddress");\r
- if (info.pGetProcAddress == NULL) {\r
- return 1;\r
+ if (wl.m_remoteMem != NULL && wl.m_hProcess != NULL) {\r
+ VirtualFreeEx(wl.m_hProcess, wl.m_remoteMem, 0, MEM_RELEASE);\r
}\r
\r
- info.pOpenProcess = (FpOpenProcess)GetProcAddress(hMod, "OpenProcess");\r
- if (info.pOpenProcess == NULL) {\r
- return 1;\r
+ if (wl.m_remoteInfo != NULL && wl.m_hProcess != NULL) {\r
+ VirtualFreeEx(wl.m_hProcess, wl.m_remoteInfo, 0, MEM_RELEASE);\r
}\r
\r
- info.pCloseHandle = (FpCloseHandle)GetProcAddress(hMod, "CloseHandle");\r
- if (info.pCloseHandle == NULL) {\r
- return 1;\r
+ if (wl.m_hProcess != NULL) {\r
+ CloseHandle(wl.m_hProcess);\r
}\r
}\r
\r
- if ((hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)) == NULL) {\r
- ret = 1;\r
+ return true;\r
+}\r
+\r
+\r
+int FixScancodeMap::injectThread(DWORD dwPID)\r
+{\r
+ int ret = 0;\r
+ DWORD err = 0;\r
+ BOOL wFlag;\r
+ WlInfo wi;\r
+\r
+ wi.m_hProcess = NULL;\r
+ wi.m_remoteMem = NULL;\r
+ wi.m_remoteInfo = NULL;\r
+ wi.m_hThread = NULL;\r
+\r
+ ULONG_PTR invokeFuncAddr = (ULONG_PTR)invokeFunc;\r
+ ULONG_PTR afterFuncAddr = (ULONG_PTR)afterFunc;\r
+ SIZE_T memSize = afterFuncAddr - invokeFuncAddr;\r
+\r
+ if ((wi.m_hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)) == NULL) {\r
+ ret = YAMY_ERROR_ON_OPEN_WINLOGON_PROCESS;\r
goto exit;\r
}\r
\r
- remoteMem = VirtualAllocEx(hProcess, NULL, memSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\r
- if (remoteMem == NULL) {\r
- ret = 2;\r
+ wi.m_remoteMem = VirtualAllocEx(wi.m_hProcess, NULL, memSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\r
+ if (wi.m_remoteMem == NULL) {\r
+ ret = YAMY_ERROR_ON_VIRTUALALLOCEX;\r
err = GetLastError();\r
goto exit;\r
}\r
\r
- wFlag = WriteProcessMemory(hProcess, remoteMem, (char*)invokeFunc, memSize, (SIZE_T*)0);\r
+ wFlag = WriteProcessMemory(wi.m_hProcess, wi.m_remoteMem, (char*)invokeFunc, memSize, (SIZE_T*)0);\r
if (wFlag == FALSE) {\r
- ret = 3;\r
+ ret = YAMY_ERROR_ON_WRITEPROCESSMEMORY;\r
goto exit;\r
}\r
\r
- remoteInfo = VirtualAllocEx(hProcess, NULL, sizeof(info), MEM_COMMIT, PAGE_READWRITE);\r
- if (remoteInfo == NULL) {\r
- ret = 2;\r
+ wi.m_remoteInfo = VirtualAllocEx(wi.m_hProcess, NULL, sizeof(m_info), MEM_COMMIT, PAGE_READWRITE);\r
+ if (wi.m_remoteInfo == NULL) {\r
+ ret = YAMY_ERROR_ON_VIRTUALALLOCEX;\r
err = GetLastError();\r
goto exit;\r
}\r
\r
- wFlag = WriteProcessMemory(hProcess, remoteInfo, (char*)&info, sizeof(info), (SIZE_T*)0);\r
+ wFlag = WriteProcessMemory(wi.m_hProcess, wi.m_remoteInfo, (char*)&m_info, sizeof(m_info), (SIZE_T*)0);\r
if (wFlag == FALSE) {\r
- ret = 3;\r
- goto exit;\r
- }\r
-\r
-#if 0\r
- TCHAR buf[1024];\r
-\r
- _stprintf_s(buf, sizeof(buf)/sizeof(buf[0]),\r
- _T("execute UpdatePerUserSystemParameters(), inject code to winlogon.exe?\r\n")\r
- _T("invokeFunc=0x%p\r\n")\r
- _T("afterFunc=0x%p\r\n")\r
- _T("afterFunc - invokeFunc=%d\r\n")\r
- _T("remoteMem=0x%p\r\n")\r
- _T("remoteInfo=0x%p(size: %d)\r\n"),\r
- invokeFunc, afterFunc, memSize, remoteMem, remoteInfo, sizeof(info));\r
- if (MessageBox((HWND)NULL, buf, _T("upusp"), MB_OKCANCEL | MB_ICONSTOP) == IDCANCEL) {\r
- (info.pUpdate)(0, 1);\r
+ ret = YAMY_ERROR_ON_WRITEPROCESSMEMORY;\r
goto exit;\r
}\r
-#endif\r
\r
- HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, \r
- (LPTHREAD_START_ROUTINE)remoteMem, remoteInfo, 0, NULL);\r
- if (hThread == NULL) {\r
- ret = 4;\r
+ wi.m_hThread = CreateRemoteThread(wi.m_hProcess, NULL, 0, \r
+ (LPTHREAD_START_ROUTINE)wi.m_remoteMem, wi.m_remoteInfo, 0, NULL);\r
+ if (wi.m_hThread == NULL) {\r
+ ret = YAMY_ERROR_ON_CREATEREMOTETHREAD;\r
goto exit;\r
}\r
\r
- if (WaitForSingleObject(hThread, 5000) == WAIT_TIMEOUT) {\r
- ret = 5;\r
- goto exit;\r
+ if (WaitForSingleObject(wi.m_hThread, 5000) == WAIT_TIMEOUT) {\r
+ ret = YAMY_ERROR_TIMEOUT_INJECTION;\r
+ m_wlTrash.push_back(wi);\r
+ goto dirty_exit;\r
}\r
- CloseHandle(hThread);\r
+ DWORD result = -1;\r
+ GetExitCodeThread(wi.m_hThread, &result);\r
+ ret = result;\r
+ CloseHandle(wi.m_hThread);\r
+ wi.m_hThread = NULL;\r
\r
exit:\r
- if (remoteMem != NULL) {\r
- VirtualFreeEx(hProcess, remoteMem, 0, MEM_RELEASE);\r
+ if (wi.m_remoteMem != NULL && wi.m_hProcess != NULL) {\r
+ VirtualFreeEx(wi.m_hProcess, wi.m_remoteMem, 0, MEM_RELEASE);\r
+ wi.m_remoteMem = NULL;\r
}\r
\r
- if (remoteInfo != NULL) {\r
- VirtualFreeEx(hProcess, remoteInfo, 0, MEM_RELEASE);\r
+ if (wi.m_remoteInfo != NULL && wi.m_hProcess != NULL) {\r
+ VirtualFreeEx(wi.m_hProcess, wi.m_remoteInfo, 0, MEM_RELEASE);\r
+ wi.m_remoteInfo = NULL;\r
}\r
\r
- if (hProcess != NULL) {\r
- CloseHandle(hProcess);\r
+ if (wi.m_hProcess != NULL) {\r
+ CloseHandle(wi.m_hProcess);\r
+ wi.m_hProcess = NULL;\r
}\r
\r
+dirty_exit:\r
return ret;\r
}\r
\r
MINIMIZEDMETRICS mm;\r
int result = 0;\r
\r
- if (acquirePrivileges()) {\r
- result = 1;\r
+ if (m_errorOnConstruct) {\r
+ result = m_errorOnConstruct;\r
goto exit;\r
}\r
\r
- DWORD dwPID;\r
- if ((dwPID = getWinLogonPid()) == 0) {\r
- result = 1;\r
- goto exit;\r
- }\r
+ m_wlTrash.erase(remove_if(m_wlTrash.begin(), m_wlTrash.end(), FixScancodeMap::clean), m_wlTrash.end());\r
\r
memset(&mm, 0, sizeof(mm));\r
mm.cbSize = sizeof(mm);\r
SystemParametersInfo(SPI_GETMINIMIZEDMETRICS, sizeof(mm), &mm, 0);\r
\r
- if (injectThread(dwPID)) {\r
- result = 1;\r
- goto exit;\r
+ result = injectThread(m_winlogonPid);\r
+ if (result == YAMY_ERROR_TIMEOUT_INJECTION) {\r
+ // retry once\r
+ result = injectThread(m_winlogonPid);\r
+ if (result == YAMY_SUCCESS) {\r
+ result = YAMY_ERROR_RETRY_INJECTION_SUCCESS;\r
+ }\r
}\r
\r
+ mm.iArrange = ARW_HIDE;\r
SystemParametersInfo(SPI_SETMINIMIZEDMETRICS, sizeof(mm), &mm, 0);\r
\r
exit:\r
int FixScancodeMap::fix()\r
{\r
ScancodeMap *origMap, *fixMap;\r
- Registry reg(HKEY_CURRENT_USER, _T("Keyboard Layout"));\r
DWORD origSize, fixSize;\r
bool ret;\r
int result = 0;\r
\r
// save original Scancode Map\r
- ret = reg.read(_T("Scancode Map"), NULL, &origSize, NULL, 0);\r
+ ret = m_pReg->read(_T("Scancode Map"), NULL, &origSize, NULL, 0);\r
if (ret) {\r
origMap = reinterpret_cast<ScancodeMap*>(malloc(origSize));\r
if (origMap == NULL) {\r
- result = 1;\r
+ result = YAMY_ERROR_NO_MEMORY;\r
goto exit;\r
}\r
\r
- ret = reg.read(_T("Scancode Map"), reinterpret_cast<BYTE*>(origMap), &origSize, NULL, 0);\r
+ ret = m_pReg->read(_T("Scancode Map"), reinterpret_cast<BYTE*>(origMap), &origSize, NULL, 0);\r
if (ret == false) {\r
- result = 1;\r
+ result = YAMY_ERROR_ON_READ_SCANCODE_MAP;\r
goto exit;\r
}\r
\r
fixSize = origSize;\r
fixMap = reinterpret_cast<ScancodeMap*>(malloc(origSize + s_fixEntryNum * sizeof(s_fixEntry[0])));\r
if (fixMap == NULL) {\r
- result = 1;\r
+ result = YAMY_ERROR_NO_MEMORY;\r
goto exit;\r
}\r
\r
fixSize = sizeof(ScancodeMap);\r
fixMap = reinterpret_cast<ScancodeMap*>(malloc(sizeof(ScancodeMap) + s_fixEntryNum * sizeof(s_fixEntry[0])));\r
if (fixMap == NULL) {\r
- result = 1;\r
+ result = YAMY_ERROR_NO_MEMORY;\r
goto exit;\r
}\r
\r
fixSize += 4;\r
}\r
\r
- ret = reg.write(_T("Scancode Map"), reinterpret_cast<BYTE*>(fixMap), fixSize);\r
+ ret = m_pReg->write(_T("Scancode Map"), reinterpret_cast<BYTE*>(fixMap), fixSize);\r
if (ret == false) {\r
- result = 1;\r
+ result = YAMY_ERROR_ON_WRITE_SCANCODE_MAP;\r
goto exit;\r
}\r
\r
result = update();\r
\r
if (origMap) {\r
- ret = reg.write(_T("Scancode Map"), reinterpret_cast<BYTE*>(origMap), origSize);\r
+ ret = m_pReg->write(_T("Scancode Map"), reinterpret_cast<BYTE*>(origMap), origSize);\r
} else {\r
- ret = reg.remove(_T("Scancode Map"));\r
+ ret = m_pReg->remove(_T("Scancode Map"));\r
}\r
if (ret == false) {\r
- result = 1;\r
+ result = YAMY_ERROR_ON_WRITE_SCANCODE_MAP;\r
goto exit;\r
}\r
\r
return update();\r
}\r
\r
-const DWORD FixScancodeMap::s_fixEntryNum = 4;\r
-const DWORD FixScancodeMap::s_fixEntry[] = {\r
- 0x003ae03a,\r
- 0x0029e029,\r
- 0x0070e070,\r
- 0x003b001e,\r
-};\r
+int FixScancodeMap::escape(bool i_escape)\r
+{\r
+ if (i_escape) {\r
+ SetEvent(m_hFixEvent);\r
+ } else {\r
+ SetEvent(m_hRestoreEvent);\r
+ }\r
+ return 0;\r
+}\r
+\r
+unsigned int WINAPI FixScancodeMap::threadLoop(void *i_this)\r
+{\r
+ int err;\r
+ DWORD ret;\r
+ FixScancodeMap *This = reinterpret_cast<FixScancodeMap*>(i_this);\r
+ HANDLE handles[] = {This->m_hFixEvent, This->m_hRestoreEvent, This->m_hQuitEvent};\r
+ while ((ret = MsgWaitForMultipleObjects(NUMBER_OF(handles), &handles[0],\r
+ FALSE, INFINITE, QS_POSTMESSAGE)) != WAIT_FAILED) {\r
+ switch (ret) {\r
+ case WAIT_OBJECT_0: // m_hFixEvent\r
+ ResetEvent(This->m_hFixEvent);\r
+ err = This->fix();\r
+ PostMessage(This->m_hwnd, This->m_messageOnFail, err, 1);\r
+ break;\r
+ case WAIT_OBJECT_0 + 1: // m_hRestoreEvent\r
+ ResetEvent(This->m_hRestoreEvent);\r
+ err = This->restore();\r
+ PostMessage(This->m_hwnd, This->m_messageOnFail, err, 0);\r
+ break;\r
+ case WAIT_OBJECT_0 + 2: // m_hQuiteEvent\r
+ ResetEvent(This->m_hQuitEvent);\r
+ // through below\r
+ default:\r
+ return 0;\r
+ break;\r
+ }\r
+ }\r
+ return 1;\r
+}\r
+\r
+int FixScancodeMap::init(HWND i_hwnd, UINT i_messageOnFail)\r
+{\r
+ m_hwnd = i_hwnd;\r
+ m_messageOnFail = i_messageOnFail;\r
+ return 0;\r
+}\r
+\r
+FixScancodeMap::FixScancodeMap() :\r
+ m_hwnd(NULL),\r
+ m_messageOnFail(WM_NULL),\r
+ m_errorOnConstruct(0),\r
+ m_winlogonPid(0),\r
+ m_regHKCU(HKEY_CURRENT_USER, _T("Keyboard Layout")),\r
+ m_regHKLM(HKEY_LOCAL_MACHINE, _T("SYSTEM\\CurrentControlSet\\Control\\Keyboard Layout")),\r
+ m_pReg(NULL)\r
+{\r
+ HMODULE hMod;\r
+\r
+ m_info.pid_ = GetCurrentProcessId();\r
+\r
+ memcpy(&m_info.advapi32_, _T("advapi32.dll"), sizeof(m_info.advapi32_));\r
+ memcpy(&m_info.impersonateLoggedOnUser_, "ImpersonateLoggedOnUser", sizeof(m_info.impersonateLoggedOnUser_));\r
+ memcpy(&m_info.revertToSelf_, "RevertToSelf", sizeof(m_info.revertToSelf_));\r
+ memcpy(&m_info.openProcessToken_, "OpenProcessToken", sizeof(m_info.openProcessToken_));\r
\r
+ m_hFixEvent = CreateEvent(NULL, TRUE, FALSE, NULL);\r
+ ASSERT(m_hFixEvent);\r
+ m_hRestoreEvent = CreateEvent(NULL, TRUE, FALSE, NULL);\r
+ ASSERT(m_hRestoreEvent);\r
+ m_hQuitEvent = CreateEvent(NULL, TRUE, FALSE, NULL);\r
+ ASSERT(m_hQuitEvent);\r
+\r
+ m_hThread = (HANDLE)_beginthreadex(NULL, 0, threadLoop, this, 0, &m_threadId);\r
+\r
+ hMod = GetModuleHandle(_T("user32.dll"));\r
+ if (hMod != NULL) {\r
+ m_info.pUpdate4 = (FpUpdatePerUserSystemParameters4)GetProcAddress(hMod, "UpdatePerUserSystemParameters");\r
+ m_info.pUpdate8 = (FpUpdatePerUserSystemParameters8)m_info.pUpdate4;\r
+ if (m_info.pUpdate4 == NULL) {\r
+ return;\r
+ }\r
+ }\r
+\r
+ hMod = GetModuleHandle(_T("kernel32.dll"));\r
+ if (hMod != NULL) {\r
+ m_info.pGetModuleHandle = (FpGetModuleHandleW)GetProcAddress(hMod, "GetModuleHandleW");\r
+ if (m_info.pGetModuleHandle == NULL) {\r
+ return;\r
+ }\r
+\r
+ m_info.pGetProcAddress = (FpGetProcAddress)GetProcAddress(hMod, "GetProcAddress");\r
+ if (m_info.pGetProcAddress == NULL) {\r
+ return;\r
+ }\r
+\r
+ m_info.pOpenProcess = (FpOpenProcess)GetProcAddress(hMod, "OpenProcess");\r
+ if (m_info.pOpenProcess == NULL) {\r
+ return;\r
+ }\r
+\r
+ m_info.pCloseHandle = (FpCloseHandle)GetProcAddress(hMod, "CloseHandle");\r
+ if (m_info.pCloseHandle == NULL) {\r
+ return;\r
+ }\r
+ }\r
+\r
+ // Windows7 RC not support Scancode Map on HKCU?\r
+ if (checkWindowsVersion(6, 1) == FALSE) {\r
+ m_pReg = &m_regHKCU; // Vista or earlier\r
+ } else {\r
+ m_pReg = &m_regHKLM; // Windows7 or later\r
+ }\r
+\r
+ // prototype of UpdatePerUserSystemParameters() differ vista or earlier\r
+ if (checkWindowsVersion(6, 0) == FALSE) {\r
+ m_info.isVistaOrLater_ = 0; // before Vista\r
+ } else {\r
+ m_info.isVistaOrLater_ = 1; // Vista or later\r
+ }\r
+\r
+ m_errorOnConstruct = acquirePrivileges();\r
+ if (m_errorOnConstruct) {\r
+ goto exit;\r
+ }\r
+\r
+ if ((m_winlogonPid = getWinLogonPid()) == 0) {\r
+ m_errorOnConstruct = YAMY_ERROR_ON_GET_WINLOGON_PID;\r
+ goto exit;\r
+ }\r
+\r
+exit:\r
+ ;\r
+}\r
+\r
+FixScancodeMap::~FixScancodeMap()\r
+{\r
+ SetEvent(m_hQuitEvent);\r
+ WaitForSingleObject(m_hThread, INFINITE);\r
+}\r