1 /* 2 * COPYRIGHT: See COPYING in the top level directory 3 * PROJECT: ReactOS Win32k subsystem 4 * PURPOSE: Callback to usermode support 5 * FILE: win32ss/user/ntuser/callback.c 6 * PROGRAMER: Casper S. Hornstrup (chorns@users.sourceforge.net) 7 * Thomas Weidenmueller (w3seek@users.sourceforge.net) 8 * NOTES: Please use the Callback Memory Management functions for 9 * callbacks to make sure, the memory is freed on thread 10 * termination! 11 */ 12 13 #include <win32k.h> 14 DBG_DEFAULT_CHANNEL(UserCallback); 15 16 17 /* CALLBACK MEMORY MANAGEMENT ************************************************/ 18 19 typedef struct _INT_CALLBACK_HEADER 20 { 21 /* List entry in the THREADINFO structure */ 22 LIST_ENTRY ListEntry; 23 } 24 INT_CALLBACK_HEADER, *PINT_CALLBACK_HEADER; 25 26 PVOID FASTCALL 27 IntCbAllocateMemory(ULONG Size) 28 { 29 PINT_CALLBACK_HEADER Mem; 30 PTHREADINFO W32Thread; 31 32 if(!(Mem = ExAllocatePoolWithTag(PagedPool, Size + sizeof(INT_CALLBACK_HEADER), 33 USERTAG_CALLBACK))) 34 { 35 return NULL; 36 } 37 38 RtlZeroMemory(Mem, Size + sizeof(INT_CALLBACK_HEADER)); 39 W32Thread = PsGetCurrentThreadWin32Thread(); 40 ASSERT(W32Thread); 41 42 /* Insert the callback memory into the thread's callback list */ 43 44 InsertTailList(&W32Thread->W32CallbackListHead, &Mem->ListEntry); 45 46 return (Mem + 1); 47 } 48 49 VOID FASTCALL 50 IntCbFreeMemory(PVOID Data) 51 { 52 PINT_CALLBACK_HEADER Mem; 53 PTHREADINFO W32Thread; 54 55 W32Thread = PsGetCurrentThreadWin32Thread(); 56 ASSERT(W32Thread); 57 58 if (W32Thread->TIF_flags & TIF_INCLEANUP) 59 { 60 ERR("CbFM Thread is already in cleanup\n"); 61 return; 62 } 63 64 ASSERT(Data); 65 66 Mem = ((PINT_CALLBACK_HEADER)Data - 1); 67 68 /* Remove the memory block from the thread's callback list */ 69 RemoveEntryList(&Mem->ListEntry); 70 71 /* Free memory */ 72 ExFreePoolWithTag(Mem, USERTAG_CALLBACK); 73 } 74 75 VOID FASTCALL 76 IntCleanupThreadCallbacks(PTHREADINFO W32Thread) 77 { 78 PLIST_ENTRY CurrentEntry; 79 PINT_CALLBACK_HEADER Mem; 80 81 while (!IsListEmpty(&W32Thread->W32CallbackListHead)) 82 { 83 CurrentEntry = RemoveHeadList(&W32Thread->W32CallbackListHead); 84 Mem = CONTAINING_RECORD(CurrentEntry, INT_CALLBACK_HEADER, 85 ListEntry); 86 87 /* Free memory */ 88 ExFreePoolWithTag(Mem, USERTAG_CALLBACK); 89 } 90 } 91 92 // 93 // Pass the Current Window handle and pointer to the Client Callback. 94 // This will help user space programs speed up read access with the window object. 95 // 96 static VOID 97 IntSetTebWndCallback (HWND * hWnd, PWND * pWnd, PVOID * pActCtx) 98 { 99 HWND hWndS = *hWnd; 100 PWND Window = UserGetWindowObject(*hWnd); 101 PCLIENTINFO ClientInfo = GetWin32ClientInfo(); 102 103 *hWnd = ClientInfo->CallbackWnd.hWnd; 104 *pWnd = ClientInfo->CallbackWnd.pWnd; 105 *pActCtx = ClientInfo->CallbackWnd.pActCtx; 106 107 if (Window) 108 { 109 ClientInfo->CallbackWnd.hWnd = hWndS; 110 ClientInfo->CallbackWnd.pWnd = DesktopHeapAddressToUser(Window); 111 ClientInfo->CallbackWnd.pActCtx = Window->pActCtx; 112 } 113 else //// What if Dispatching WM_SYS/TIMER with NULL window? Fix AbiWord Crash when sizing. 114 { 115 ClientInfo->CallbackWnd.hWnd = hWndS; 116 ClientInfo->CallbackWnd.pWnd = Window; 117 ClientInfo->CallbackWnd.pActCtx = 0; 118 } 119 } 120 121 static VOID 122 IntRestoreTebWndCallback (HWND hWnd, PWND pWnd, PVOID pActCtx) 123 { 124 PCLIENTINFO ClientInfo = GetWin32ClientInfo(); 125 126 ClientInfo->CallbackWnd.hWnd = hWnd; 127 ClientInfo->CallbackWnd.pWnd = pWnd; 128 ClientInfo->CallbackWnd.pActCtx = pActCtx; 129 } 130 131 /* FUNCTIONS *****************************************************************/ 132 133 /* Calls ClientLoadLibrary in user32 */ 134 BOOL 135 NTAPI 136 co_IntClientLoadLibrary(PUNICODE_STRING pstrLibName, 137 PUNICODE_STRING pstrInitFunc, 138 BOOL Unload, 139 BOOL ApiHook) 140 { 141 PVOID ResultPointer; 142 ULONG ResultLength; 143 ULONG ArgumentLength; 144 PCLIENT_LOAD_LIBRARY_ARGUMENTS pArguments; 145 NTSTATUS Status; 146 BOOL bResult; 147 ULONG_PTR pLibNameBuffer = 0, pInitFuncBuffer = 0; 148 149 /* Do not allow the desktop thread to do callback to user mode */ 150 ASSERT(PsGetCurrentThreadWin32Thread() != gptiDesktopThread); 151 152 TRACE("co_IntClientLoadLibrary: %S, %S, %d, %d\n", pstrLibName->Buffer, pstrLibName->Buffer, Unload, ApiHook); 153 154 /* Calculate the size of the argument */ 155 ArgumentLength = sizeof(CLIENT_LOAD_LIBRARY_ARGUMENTS); 156 if(pstrLibName) 157 { 158 pLibNameBuffer = ArgumentLength; 159 ArgumentLength += pstrLibName->Length + sizeof(WCHAR); 160 } 161 if(pstrInitFunc) 162 { 163 pInitFuncBuffer = ArgumentLength; 164 ArgumentLength += pstrInitFunc->Length + sizeof(WCHAR); 165 } 166 167 /* Allocate the argument */ 168 pArguments = IntCbAllocateMemory(ArgumentLength); 169 if(pArguments == NULL) 170 { 171 return FALSE; 172 } 173 174 /* Fill the argument */ 175 pArguments->Unload = Unload; 176 pArguments->ApiHook = ApiHook; 177 if(pstrLibName) 178 { 179 /* Copy the string to the callback memory */ 180 pLibNameBuffer += (ULONG_PTR)pArguments; 181 pArguments->strLibraryName.Buffer = (PWCHAR)pLibNameBuffer; 182 pArguments->strLibraryName.MaximumLength = pstrLibName->Length + sizeof(WCHAR); 183 RtlCopyUnicodeString(&pArguments->strLibraryName, pstrLibName); 184 185 /* Fix argument pointer to be relative to the argument */ 186 pLibNameBuffer -= (ULONG_PTR)pArguments; 187 pArguments->strLibraryName.Buffer = (PWCHAR)(pLibNameBuffer); 188 } 189 190 if(pstrInitFunc) 191 { 192 /* Copy the strings to the callback memory */ 193 pInitFuncBuffer += (ULONG_PTR)pArguments; 194 pArguments->strInitFuncName.Buffer = (PWCHAR)pInitFuncBuffer; 195 pArguments->strInitFuncName.MaximumLength = pstrInitFunc->Length + sizeof(WCHAR); 196 RtlCopyUnicodeString(&pArguments->strInitFuncName, pstrInitFunc); 197 198 /* Fix argument pointers to be relative to the argument */ 199 pInitFuncBuffer -= (ULONG_PTR)pArguments; 200 pArguments->strInitFuncName.Buffer = (PWCHAR)(pInitFuncBuffer); 201 } 202 203 /* Do the callback */ 204 UserLeaveCo(); 205 206 Status = KeUserModeCallback(USER32_CALLBACK_CLIENTLOADLIBRARY, 207 pArguments, 208 ArgumentLength, 209 &ResultPointer, 210 &ResultLength); 211 212 UserEnterCo(); 213 214 /* Free the argument */ 215 IntCbFreeMemory(pArguments); 216 217 if(!NT_SUCCESS(Status)) 218 { 219 return FALSE; 220 } 221 222 _SEH2_TRY 223 { 224 /* Probe and copy the usermode result data */ 225 ProbeForRead(ResultPointer, sizeof(HMODULE), 1); 226 bResult = *(BOOL*)ResultPointer; 227 } 228 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 229 { 230 bResult = FALSE; 231 } 232 _SEH2_END; 233 234 return bResult; 235 } 236 237 VOID APIENTRY 238 co_IntCallSentMessageCallback(SENDASYNCPROC CompletionCallback, 239 HWND hWnd, 240 UINT Msg, 241 ULONG_PTR CompletionCallbackContext, 242 LRESULT Result) 243 { 244 SENDASYNCPROC_CALLBACK_ARGUMENTS Arguments; 245 PVOID ResultPointer, pActCtx; 246 PWND pWnd; 247 ULONG ResultLength; 248 NTSTATUS Status; 249 250 /* Do not allow the desktop thread to do callback to user mode */ 251 ASSERT(PsGetCurrentThreadWin32Thread() != gptiDesktopThread); 252 253 Arguments.Callback = CompletionCallback; 254 Arguments.Wnd = hWnd; 255 Arguments.Msg = Msg; 256 Arguments.Context = CompletionCallbackContext; 257 Arguments.Result = Result; 258 259 IntSetTebWndCallback (&hWnd, &pWnd, &pActCtx); 260 261 UserLeaveCo(); 262 263 Status = KeUserModeCallback(USER32_CALLBACK_SENDASYNCPROC, 264 &Arguments, 265 sizeof(SENDASYNCPROC_CALLBACK_ARGUMENTS), 266 &ResultPointer, 267 &ResultLength); 268 269 UserEnterCo(); 270 271 IntRestoreTebWndCallback (hWnd, pWnd, pActCtx); 272 273 if (!NT_SUCCESS(Status)) 274 { 275 ERR("KeUserModeCallback failed with %lx\n", Status); 276 return; 277 } 278 return; 279 } 280 281 LRESULT APIENTRY 282 co_IntCallWindowProc(WNDPROC Proc, 283 BOOLEAN IsAnsiProc, 284 HWND Wnd, 285 UINT Message, 286 WPARAM wParam, 287 LPARAM lParam, 288 INT lParamBufferSize) 289 { 290 WINDOWPROC_CALLBACK_ARGUMENTS StackArguments = { 0 }; 291 PWINDOWPROC_CALLBACK_ARGUMENTS Arguments; 292 NTSTATUS Status; 293 PVOID ResultPointer, pActCtx; 294 PWND pWnd; 295 ULONG ResultLength; 296 ULONG ArgumentLength; 297 LRESULT Result; 298 299 TRACE("co_IntCallWindowProc(Proc %p, IsAnsiProc: %s, Wnd %p, Message %u, wParam %Iu, lParam %Id, lParamBufferSize %d)\n", 300 Proc, IsAnsiProc ? "TRUE" : "FALSE", Wnd, Message, wParam, lParam, lParamBufferSize); 301 302 /* Do not allow the desktop thread to do callback to user mode */ 303 ASSERT(PsGetCurrentThreadWin32Thread() != gptiDesktopThread); 304 305 if (lParamBufferSize != -1) 306 { 307 ArgumentLength = sizeof(WINDOWPROC_CALLBACK_ARGUMENTS) + lParamBufferSize; 308 Arguments = IntCbAllocateMemory(ArgumentLength); 309 if (NULL == Arguments) 310 { 311 ERR("Unable to allocate buffer for window proc callback\n"); 312 return -1; 313 } 314 RtlMoveMemory((PVOID) ((char *) Arguments + sizeof(WINDOWPROC_CALLBACK_ARGUMENTS)), 315 (PVOID) lParam, lParamBufferSize); 316 } 317 else 318 { 319 Arguments = &StackArguments; 320 ArgumentLength = sizeof(WINDOWPROC_CALLBACK_ARGUMENTS); 321 } 322 Arguments->Proc = Proc; 323 Arguments->IsAnsiProc = IsAnsiProc; 324 Arguments->Wnd = Wnd; 325 Arguments->Msg = Message; 326 Arguments->wParam = wParam; 327 Arguments->lParam = lParam; 328 Arguments->lParamBufferSize = lParamBufferSize; 329 ResultPointer = NULL; 330 ResultLength = ArgumentLength; 331 332 IntSetTebWndCallback (&Wnd, &pWnd, &pActCtx); 333 334 UserLeaveCo(); 335 336 Status = KeUserModeCallback(USER32_CALLBACK_WINDOWPROC, 337 Arguments, 338 ArgumentLength, 339 &ResultPointer, 340 &ResultLength); 341 if (!NT_SUCCESS(Status)) 342 { 343 ERR("Error Callback to User space Status %lx Message %d\n",Status,Message); 344 UserEnterCo(); 345 return 0; 346 } 347 348 _SEH2_TRY 349 { 350 /* Simulate old behaviour: copy into our local buffer */ 351 RtlMoveMemory(Arguments, ResultPointer, ArgumentLength); 352 } 353 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 354 { 355 ERR("Failed to copy result from user mode, Message %u lParam size %d!\n", Message, lParamBufferSize); 356 Status = _SEH2_GetExceptionCode(); 357 } 358 _SEH2_END; 359 360 UserEnterCo(); 361 362 IntRestoreTebWndCallback (Wnd, pWnd, pActCtx); 363 364 if (!NT_SUCCESS(Status)) 365 { 366 ERR("Call to user mode failed! 0x%08lx\n",Status); 367 if (lParamBufferSize != -1) 368 { 369 IntCbFreeMemory(Arguments); 370 } 371 return -1; 372 } 373 Result = Arguments->Result; 374 375 if (lParamBufferSize != -1) 376 { 377 PTHREADINFO pti = PsGetCurrentThreadWin32Thread(); 378 // Is this message being processed from inside kernel space? 379 BOOL InSendMessage = (pti->pcti->CTI_flags & CTI_INSENDMESSAGE); 380 381 TRACE("Copy lParam Message %u lParam %d!\n", Message, lParam); 382 switch (Message) 383 { 384 default: 385 TRACE("Don't copy lParam, Message %u Size %d lParam %d!\n", Message, lParamBufferSize, lParam); 386 break; 387 // Write back to user/kernel space. Also see g_MsgMemory. 388 case WM_CREATE: 389 case WM_GETMINMAXINFO: 390 case WM_GETTEXT: 391 case WM_NCCALCSIZE: 392 case WM_NCCREATE: 393 case WM_STYLECHANGING: 394 case WM_WINDOWPOSCHANGING: 395 case WM_SIZING: 396 case WM_MOVING: 397 case WM_MEASUREITEM: 398 case WM_NEXTMENU: 399 TRACE("Copy lParam, Message %u Size %d lParam %d!\n", Message, lParamBufferSize, lParam); 400 if (InSendMessage) 401 // Copy into kernel space. 402 RtlMoveMemory((PVOID) lParam, 403 (PVOID) ((char *) Arguments + sizeof(WINDOWPROC_CALLBACK_ARGUMENTS)), 404 lParamBufferSize); 405 else 406 { 407 _SEH2_TRY 408 { // Copy into user space. 409 RtlMoveMemory((PVOID) lParam, 410 (PVOID) ((char *) Arguments + sizeof(WINDOWPROC_CALLBACK_ARGUMENTS)), 411 lParamBufferSize); 412 } 413 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 414 { 415 ERR("Failed to copy lParam to user space, Message %u!\n", Message); 416 } 417 _SEH2_END; 418 } 419 break; 420 } 421 IntCbFreeMemory(Arguments); 422 } 423 424 return Result; 425 } 426 427 HMENU APIENTRY 428 co_IntLoadSysMenuTemplate(VOID) 429 { 430 LRESULT Result = 0; 431 NTSTATUS Status; 432 PVOID ResultPointer; 433 ULONG ResultLength; 434 435 /* Do not allow the desktop thread to do callback to user mode */ 436 ASSERT(PsGetCurrentThreadWin32Thread() != gptiDesktopThread); 437 438 ResultPointer = NULL; 439 ResultLength = sizeof(LRESULT); 440 441 UserLeaveCo(); 442 443 Status = KeUserModeCallback(USER32_CALLBACK_LOADSYSMENUTEMPLATE, 444 &ResultPointer, 445 0, 446 &ResultPointer, 447 &ResultLength); 448 if (NT_SUCCESS(Status)) 449 { 450 /* Simulate old behaviour: copy into our local buffer */ 451 _SEH2_TRY 452 { 453 ProbeForRead(ResultPointer, sizeof(LRESULT), 1); 454 Result = *(LRESULT*)ResultPointer; 455 } 456 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 457 { 458 Result = 0; 459 } 460 _SEH2_END; 461 } 462 463 UserEnterCo(); 464 465 return (HMENU)Result; 466 } 467 468 extern HCURSOR gDesktopCursor; 469 470 BOOL APIENTRY 471 co_IntLoadDefaultCursors(VOID) 472 { 473 NTSTATUS Status; 474 PVOID ResultPointer; 475 ULONG ResultLength; 476 BOOL DefaultCursor = TRUE; 477 478 /* Do not allow the desktop thread to do callback to user mode */ 479 ASSERT(PsGetCurrentThreadWin32Thread() != gptiDesktopThread); 480 481 ResultPointer = NULL; 482 ResultLength = sizeof(HCURSOR); 483 484 UserLeaveCo(); 485 486 Status = KeUserModeCallback(USER32_CALLBACK_LOADDEFAULTCURSORS, 487 &DefaultCursor, 488 sizeof(BOOL), 489 &ResultPointer, 490 &ResultLength); 491 492 UserEnterCo(); 493 494 if (!NT_SUCCESS(Status)) 495 { 496 return FALSE; 497 } 498 499 /* HACK: The desktop class doen't have a proper cursor yet, so set it here */ 500 gDesktopCursor = *((HCURSOR*)ResultPointer); 501 502 return TRUE; 503 } 504 505 static INT iTheId = -2; // Set it out of range. 506 507 LRESULT APIENTRY 508 co_IntCallHookProc(INT HookId, 509 INT Code, 510 WPARAM wParam, 511 LPARAM lParam, 512 HOOKPROC Proc, 513 INT Mod, 514 ULONG_PTR offPfn, 515 BOOLEAN Ansi, 516 PUNICODE_STRING ModuleName) 517 { 518 ULONG ArgumentLength; 519 PVOID Argument = NULL; 520 LRESULT Result = 0; 521 NTSTATUS Status; 522 PVOID ResultPointer; 523 ULONG ResultLength; 524 PHOOKPROC_CALLBACK_ARGUMENTS Common; 525 CBT_CREATEWNDW *CbtCreateWnd = NULL; 526 PCHAR Extra; 527 PHOOKPROC_CBT_CREATEWND_EXTRA_ARGUMENTS CbtCreatewndExtra = NULL; 528 PTHREADINFO pti; 529 PWND pWnd; 530 PMSG pMsg = NULL; 531 BOOL Hit = FALSE; 532 UINT lParamSize = 0; 533 CWPSTRUCT* pCWP = NULL; 534 CWPRETSTRUCT* pCWPR = NULL; 535 536 ASSERT(Proc); 537 /* Do not allow the desktop thread to do callback to user mode */ 538 ASSERT(PsGetCurrentThreadWin32Thread() != gptiDesktopThread); 539 540 pti = PsGetCurrentThreadWin32Thread(); 541 if (pti->TIF_flags & TIF_INCLEANUP) 542 { 543 ERR("Thread is in cleanup and trying to call hook %d\n", Code); 544 return 0; 545 } 546 547 ArgumentLength = sizeof(HOOKPROC_CALLBACK_ARGUMENTS); 548 549 switch(HookId) 550 { 551 case WH_CBT: 552 TRACE("WH_CBT: Code %d\n", Code); 553 switch(Code) 554 { 555 case HCBT_CREATEWND: 556 pWnd = UserGetWindowObject((HWND) wParam); 557 if (!pWnd) 558 { 559 ERR("WH_CBT HCBT_CREATEWND wParam bad hWnd!\n"); 560 goto Fault_Exit; 561 } 562 TRACE("HCBT_CREATEWND AnsiCreator %s, AnsiHook %s\n", pWnd->state & WNDS_ANSICREATOR ? "True" : "False", Ansi ? "True" : "False"); 563 // Due to KsStudio.exe, just pass the callers original pointers 564 // except class which point to kernel space if not an atom. 565 // Found by, Olaf Siejka 566 CbtCreateWnd = (CBT_CREATEWNDW *) lParam; 567 ArgumentLength += sizeof(HOOKPROC_CBT_CREATEWND_EXTRA_ARGUMENTS); 568 break; 569 570 case HCBT_MOVESIZE: 571 ArgumentLength += sizeof(RECTL); 572 break; 573 case HCBT_ACTIVATE: 574 ArgumentLength += sizeof(CBTACTIVATESTRUCT); 575 break; 576 case HCBT_CLICKSKIPPED: 577 ArgumentLength += sizeof(MOUSEHOOKSTRUCT); 578 break; 579 /* ATM pass on */ 580 case HCBT_KEYSKIPPED: 581 case HCBT_MINMAX: 582 case HCBT_SETFOCUS: 583 case HCBT_SYSCOMMAND: 584 /* These types pass through. */ 585 case HCBT_DESTROYWND: 586 case HCBT_QS: 587 break; 588 default: 589 ERR("Trying to call unsupported CBT hook %d\n", Code); 590 goto Fault_Exit; 591 } 592 break; 593 case WH_KEYBOARD_LL: 594 ArgumentLength += sizeof(KBDLLHOOKSTRUCT); 595 break; 596 case WH_MOUSE_LL: 597 ArgumentLength += sizeof(MSLLHOOKSTRUCT); 598 break; 599 case WH_MOUSE: 600 ArgumentLength += sizeof(MOUSEHOOKSTRUCT); 601 break; 602 case WH_CALLWNDPROC: 603 { 604 pCWP = (CWPSTRUCT*) lParam; 605 ArgumentLength = sizeof(CWP_Struct); 606 if ( pCWP->message == WM_CREATE || pCWP->message == WM_NCCREATE ) 607 { 608 lParamSize = sizeof(CREATESTRUCTW); 609 } 610 else 611 lParamSize = lParamMemorySize(pCWP->message, pCWP->wParam, pCWP->lParam); 612 ArgumentLength += lParamSize; 613 break; 614 } 615 case WH_CALLWNDPROCRET: 616 { 617 pCWPR = (CWPRETSTRUCT*) lParam; 618 ArgumentLength = sizeof(CWPR_Struct); 619 if ( pCWPR->message == WM_CREATE || pCWPR->message == WM_NCCREATE ) 620 { 621 lParamSize = sizeof(CREATESTRUCTW); 622 } 623 else 624 lParamSize = lParamMemorySize(pCWPR->message, pCWPR->wParam, pCWPR->lParam); 625 ArgumentLength += lParamSize; 626 break; 627 } 628 case WH_MSGFILTER: 629 case WH_SYSMSGFILTER: 630 case WH_GETMESSAGE: 631 ArgumentLength += sizeof(MSG); 632 break; 633 case WH_FOREGROUNDIDLE: 634 case WH_KEYBOARD: 635 case WH_SHELL: 636 break; 637 default: 638 ERR("Trying to call unsupported window hook %d\n", HookId); 639 goto Fault_Exit; 640 } 641 642 Argument = IntCbAllocateMemory(ArgumentLength); 643 if (NULL == Argument) 644 { 645 ERR("HookProc callback %d failed: out of memory %d\n",HookId,ArgumentLength); 646 goto Fault_Exit; 647 } 648 Common = (PHOOKPROC_CALLBACK_ARGUMENTS) Argument; 649 Common->HookId = HookId; 650 Common->Code = Code; 651 Common->wParam = wParam; 652 Common->lParam = lParam; 653 Common->Proc = Proc; 654 Common->Mod = Mod; 655 Common->offPfn = offPfn; 656 Common->Ansi = Ansi; 657 Common->lParamSize = lParamSize; 658 if (ModuleName->Buffer && ModuleName->Length) 659 { 660 RtlCopyMemory(&Common->ModuleName, ModuleName->Buffer, ModuleName->Length); 661 // If ModuleName->Buffer NULL while in destroy, 662 // this will make User32:Hook.c complain about not loading the library module. 663 // Fix symptom for CORE-10549. 664 } 665 Extra = (PCHAR) Common + sizeof(HOOKPROC_CALLBACK_ARGUMENTS); 666 667 switch(HookId) 668 { 669 case WH_CBT: 670 switch(Code) 671 { // Need to remember this is not the first time through! Call Next Hook? 672 case HCBT_CREATEWND: 673 CbtCreatewndExtra = (PHOOKPROC_CBT_CREATEWND_EXTRA_ARGUMENTS) Extra; 674 RtlCopyMemory( &CbtCreatewndExtra->Cs, CbtCreateWnd->lpcs, sizeof(CREATESTRUCTW) ); 675 CbtCreatewndExtra->WndInsertAfter = CbtCreateWnd->hwndInsertAfter; 676 CbtCreatewndExtra->Cs.lpszClass = CbtCreateWnd->lpcs->lpszClass; 677 CbtCreatewndExtra->Cs.lpszName = CbtCreateWnd->lpcs->lpszName; 678 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 679 //ERR("HCBT_CREATEWND: hWnd %p Csw %p Name %p Class %p\n", Common->wParam, CbtCreateWnd->lpcs, CbtCreateWnd->lpcs->lpszName, CbtCreateWnd->lpcs->lpszClass); 680 break; 681 case HCBT_CLICKSKIPPED: 682 RtlCopyMemory(Extra, (PVOID) lParam, sizeof(MOUSEHOOKSTRUCT)); 683 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 684 break; 685 case HCBT_MOVESIZE: 686 RtlCopyMemory(Extra, (PVOID) lParam, sizeof(RECTL)); 687 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 688 break; 689 case HCBT_ACTIVATE: 690 RtlCopyMemory(Extra, (PVOID) lParam, sizeof(CBTACTIVATESTRUCT)); 691 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 692 break; 693 } 694 break; 695 case WH_KEYBOARD_LL: 696 RtlCopyMemory(Extra, (PVOID) lParam, sizeof(KBDLLHOOKSTRUCT)); 697 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 698 break; 699 case WH_MOUSE_LL: 700 RtlCopyMemory(Extra, (PVOID) lParam, sizeof(MSLLHOOKSTRUCT)); 701 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 702 break; 703 case WH_MOUSE: 704 RtlCopyMemory(Extra, (PVOID) lParam, sizeof(MOUSEHOOKSTRUCT)); 705 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 706 break; 707 case WH_CALLWNDPROC: 708 { 709 PCWP_Struct pcwps = (PCWP_Struct)Common; 710 RtlCopyMemory( &pcwps->cwps, pCWP, sizeof(CWPSTRUCT)); 711 /* For CALLWNDPROC and CALLWNDPROCRET, we must be wary of the fact that 712 * lParam could be a pointer to a buffer. This buffer must be exported 713 * to user space too */ 714 if ( lParamSize ) 715 { 716 RtlCopyMemory( &pcwps->Extra, (PVOID)pCWP->lParam, lParamSize ); 717 } 718 } 719 break; 720 case WH_CALLWNDPROCRET: 721 { 722 PCWPR_Struct pcwprs = (PCWPR_Struct)Common; 723 RtlCopyMemory( &pcwprs->cwprs, pCWPR, sizeof(CWPRETSTRUCT)); 724 if ( lParamSize ) 725 { 726 RtlCopyMemory( &pcwprs->Extra, (PVOID)pCWPR->lParam, lParamSize ); 727 } 728 } 729 break; 730 case WH_MSGFILTER: 731 case WH_SYSMSGFILTER: 732 case WH_GETMESSAGE: 733 pMsg = (PMSG)lParam; 734 RtlCopyMemory(Extra, (PVOID) pMsg, sizeof(MSG)); 735 Common->lParam = (LPARAM) (Extra - (PCHAR) Common); 736 break; 737 case WH_FOREGROUNDIDLE: 738 case WH_KEYBOARD: 739 case WH_SHELL: 740 break; 741 } 742 743 ResultPointer = NULL; 744 ResultLength = ArgumentLength; 745 746 UserLeaveCo(); 747 748 Status = KeUserModeCallback(USER32_CALLBACK_HOOKPROC, 749 Argument, 750 ArgumentLength, 751 &ResultPointer, 752 &ResultLength); 753 754 UserEnterCo(); 755 756 if (!NT_SUCCESS(Status)) 757 { 758 if ( iTheId != HookId ) // Hook ID can change. 759 { 760 ERR("Failure to make Callback %d! Status 0x%x ArgumentLength %d\n",HookId,Status,ArgumentLength); 761 iTheId = HookId; 762 } 763 goto Fault_Exit; 764 } 765 766 if (ResultPointer) 767 { 768 _SEH2_TRY 769 { 770 /* Simulate old behaviour: copy into our local buffer */ 771 RtlMoveMemory(Argument, ResultPointer, ArgumentLength); 772 Result = Common->Result; 773 } 774 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 775 { 776 Result = 0; 777 Hit = TRUE; 778 } 779 _SEH2_END; 780 } 781 else 782 { 783 ERR("ERROR: Hook %d Code %d ResultPointer 0x%p ResultLength %u\n",HookId,Code,ResultPointer,ResultLength); 784 } 785 786 /* Support write backs... SEH is in UserCallNextHookEx. */ 787 switch (HookId) 788 { 789 case WH_CBT: 790 { 791 switch (Code) 792 { 793 case HCBT_CREATEWND: 794 if (CbtCreatewndExtra) 795 {/* 796 The parameters could have been changed, include the coordinates 797 and dimensions of the window. We copy it back. 798 */ 799 CbtCreateWnd->hwndInsertAfter = CbtCreatewndExtra->WndInsertAfter; 800 CbtCreateWnd->lpcs->x = CbtCreatewndExtra->Cs.x; 801 CbtCreateWnd->lpcs->y = CbtCreatewndExtra->Cs.y; 802 CbtCreateWnd->lpcs->cx = CbtCreatewndExtra->Cs.cx; 803 CbtCreateWnd->lpcs->cy = CbtCreatewndExtra->Cs.cy; 804 } 805 break; 806 case HCBT_MOVESIZE: 807 if (Extra && lParam) 808 { 809 RtlCopyMemory((PVOID) lParam, Extra, sizeof(RECTL)); 810 } 811 break; 812 } 813 } 814 // "The GetMsgProc hook procedure can examine or modify the message." 815 case WH_GETMESSAGE: 816 if (pMsg) 817 { 818 RtlCopyMemory((PVOID) pMsg, Extra, sizeof(MSG)); 819 } 820 break; 821 } 822 823 Fault_Exit: 824 if (Hit) 825 { 826 ERR("Exception CallHookProc HookId %d Code %d\n",HookId,Code); 827 } 828 if (Argument) IntCbFreeMemory(Argument); 829 830 return Result; 831 } 832 833 // 834 // Events are notifications w/o results. 835 // 836 LRESULT 837 APIENTRY 838 co_IntCallEventProc(HWINEVENTHOOK hook, 839 DWORD event, 840 HWND hWnd, 841 LONG idObject, 842 LONG idChild, 843 DWORD dwEventThread, 844 DWORD dwmsEventTime, 845 WINEVENTPROC Proc, 846 INT Mod, 847 ULONG_PTR offPfn) 848 { 849 LRESULT Result = 0; 850 NTSTATUS Status; 851 PEVENTPROC_CALLBACK_ARGUMENTS Common; 852 ULONG ArgumentLength, ResultLength; 853 PVOID Argument, ResultPointer; 854 855 ArgumentLength = sizeof(EVENTPROC_CALLBACK_ARGUMENTS); 856 857 Argument = IntCbAllocateMemory(ArgumentLength); 858 if (NULL == Argument) 859 { 860 ERR("EventProc callback failed: out of memory\n"); 861 return 0; 862 } 863 Common = (PEVENTPROC_CALLBACK_ARGUMENTS) Argument; 864 Common->hook = hook; 865 Common->event = event; 866 Common->hwnd = hWnd; 867 Common->idObject = idObject; 868 Common->idChild = idChild; 869 Common->dwEventThread = dwEventThread; 870 Common->dwmsEventTime = dwmsEventTime; 871 Common->Proc = Proc; 872 Common->Mod = Mod; 873 Common->offPfn = offPfn; 874 875 ResultPointer = NULL; 876 ResultLength = sizeof(LRESULT); 877 878 UserLeaveCo(); 879 880 Status = KeUserModeCallback(USER32_CALLBACK_EVENTPROC, 881 Argument, 882 ArgumentLength, 883 &ResultPointer, 884 &ResultLength); 885 886 UserEnterCo(); 887 888 IntCbFreeMemory(Argument); 889 890 if (!NT_SUCCESS(Status)) 891 { 892 return 0; 893 } 894 895 return Result; 896 } 897 898 // 899 // Callback Load Menu and results. 900 // 901 HMENU 902 APIENTRY 903 co_IntCallLoadMenu( HINSTANCE hModule, 904 PUNICODE_STRING pMenuName ) 905 { 906 LRESULT Result = 0; 907 NTSTATUS Status; 908 PLOADMENU_CALLBACK_ARGUMENTS Common; 909 ULONG ArgumentLength, ResultLength; 910 PVOID Argument, ResultPointer; 911 912 ArgumentLength = sizeof(LOADMENU_CALLBACK_ARGUMENTS); 913 914 ArgumentLength += pMenuName->Length + sizeof(WCHAR); 915 916 Argument = IntCbAllocateMemory(ArgumentLength); 917 if (NULL == Argument) 918 { 919 ERR("LoadMenu callback failed: out of memory\n"); 920 return 0; 921 } 922 Common = (PLOADMENU_CALLBACK_ARGUMENTS) Argument; 923 924 Common->hModule = hModule; 925 if (pMenuName->Length) 926 RtlCopyMemory(&Common->MenuName, pMenuName->Buffer, pMenuName->Length); 927 else 928 Common->InterSource = pMenuName->Buffer; 929 930 ResultPointer = NULL; 931 ResultLength = sizeof(LRESULT); 932 933 UserLeaveCo(); 934 935 Status = KeUserModeCallback(USER32_CALLBACK_LOADMENU, 936 Argument, 937 ArgumentLength, 938 &ResultPointer, 939 &ResultLength); 940 941 UserEnterCo(); 942 943 if (NT_SUCCESS(Status)) 944 { 945 Result = *(LRESULT*)ResultPointer; 946 } 947 else 948 { 949 Result = 0; 950 } 951 952 IntCbFreeMemory(Argument); 953 954 return (HMENU)Result; 955 } 956 957 NTSTATUS 958 APIENTRY 959 co_IntClientThreadSetup(VOID) 960 { 961 NTSTATUS Status; 962 ULONG ArgumentLength, ResultLength; 963 PVOID Argument, ResultPointer; 964 965 /* Do not allow the desktop thread to do callback to user mode */ 966 ASSERT(PsGetCurrentThreadWin32Thread() != gptiDesktopThread); 967 968 ArgumentLength = ResultLength = 0; 969 Argument = ResultPointer = NULL; 970 971 UserLeaveCo(); 972 973 Status = KeUserModeCallback(USER32_CALLBACK_CLIENTTHREADSTARTUP, 974 Argument, 975 ArgumentLength, 976 &ResultPointer, 977 &ResultLength); 978 979 UserEnterCo(); 980 981 return Status; 982 } 983 984 HANDLE FASTCALL 985 co_IntCopyImage(HANDLE hnd, UINT type, INT desiredx, INT desiredy, UINT flags) 986 { 987 HANDLE Handle; 988 NTSTATUS Status; 989 ULONG ArgumentLength, ResultLength; 990 PVOID Argument, ResultPointer; 991 PCOPYIMAGE_CALLBACK_ARGUMENTS Common; 992 993 ArgumentLength = ResultLength = 0; 994 Argument = ResultPointer = NULL; 995 996 ArgumentLength = sizeof(COPYIMAGE_CALLBACK_ARGUMENTS); 997 998 Argument = IntCbAllocateMemory(ArgumentLength); 999 if (NULL == Argument) 1000 { 1001 ERR("CopyImage callback failed: out of memory\n"); 1002 return 0; 1003 } 1004 Common = (PCOPYIMAGE_CALLBACK_ARGUMENTS) Argument; 1005 1006 Common->hImage = hnd; 1007 Common->uType = type; 1008 Common->cxDesired = desiredx; 1009 Common->cyDesired = desiredy; 1010 Common->fuFlags = flags; 1011 1012 UserLeaveCo(); 1013 1014 Status = KeUserModeCallback(USER32_CALLBACK_COPYIMAGE, 1015 Argument, 1016 ArgumentLength, 1017 &ResultPointer, 1018 &ResultLength); 1019 1020 1021 UserEnterCo(); 1022 1023 if (NT_SUCCESS(Status)) 1024 { 1025 Handle = *(HANDLE*)ResultPointer; 1026 } 1027 else 1028 { 1029 ERR("CopyImage callback failed!\n"); 1030 Handle = NULL; 1031 } 1032 1033 IntCbFreeMemory(Argument); 1034 1035 return Handle; 1036 } 1037 1038 BOOL 1039 APIENTRY 1040 co_IntGetCharsetInfo(LCID Locale, PCHARSETINFO pCs) 1041 { 1042 NTSTATUS Status; 1043 ULONG ArgumentLength, ResultLength; 1044 PVOID Argument, ResultPointer; 1045 PGET_CHARSET_INFO Common; 1046 1047 ArgumentLength = sizeof(GET_CHARSET_INFO); 1048 1049 Argument = IntCbAllocateMemory(ArgumentLength); 1050 if (NULL == Argument) 1051 { 1052 ERR("GetCharsetInfo callback failed: out of memory\n"); 1053 return 0; 1054 } 1055 Common = (PGET_CHARSET_INFO) Argument; 1056 1057 Common->Locale = Locale; 1058 1059 ResultPointer = NULL; 1060 ResultLength = ArgumentLength; 1061 1062 UserLeaveCo(); 1063 1064 Status = KeUserModeCallback(USER32_CALLBACK_GETCHARSETINFO, 1065 Argument, 1066 ArgumentLength, 1067 &ResultPointer, 1068 &ResultLength); 1069 1070 if (NT_SUCCESS(Status)) 1071 { 1072 _SEH2_TRY 1073 { 1074 /* Need to copy into our local buffer */ 1075 RtlMoveMemory(Argument, ResultPointer, ArgumentLength); 1076 } 1077 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) 1078 { 1079 ERR("Failed to copy result from user mode!\n"); 1080 Status = _SEH2_GetExceptionCode(); 1081 } 1082 _SEH2_END; 1083 } 1084 1085 UserEnterCo(); 1086 1087 RtlCopyMemory(pCs, &Common->Cs, sizeof(CHARSETINFO)); 1088 1089 IntCbFreeMemory(Argument); 1090 1091 if (!NT_SUCCESS(Status)) 1092 { 1093 ERR("GetCharsetInfo Failed!!\n"); 1094 return FALSE; 1095 } 1096 1097 return TRUE; 1098 } 1099 1100 BOOL FASTCALL 1101 co_IntSetWndIcons(VOID) 1102 { 1103 NTSTATUS Status; 1104 ULONG ArgumentLength, ResultLength; 1105 PVOID Argument, ResultPointer; 1106 PSETWNDICONS_CALLBACK_ARGUMENTS Common; 1107 1108 ResultPointer = NULL; 1109 ResultLength = ArgumentLength = sizeof(SETWNDICONS_CALLBACK_ARGUMENTS); 1110 1111 Argument = IntCbAllocateMemory(ArgumentLength); 1112 if (NULL == Argument) 1113 { 1114 ERR("Set Window Icons callback failed: out of memory\n"); 1115 return FALSE; 1116 } 1117 Common = (PSETWNDICONS_CALLBACK_ARGUMENTS) Argument; 1118 1119 UserLeaveCo(); 1120 1121 Status = KeUserModeCallback(USER32_CALLBACK_SETWNDICONS, 1122 Argument, 1123 ArgumentLength, 1124 &ResultPointer, 1125 &ResultLength); 1126 1127 1128 UserEnterCo(); 1129 1130 if (!NT_SUCCESS(Status)) 1131 { 1132 ERR("Set Window Icons callback failed!\n"); 1133 IntCbFreeMemory(Argument); 1134 return FALSE; 1135 } 1136 1137 RtlMoveMemory(Common, ResultPointer, ArgumentLength); 1138 gpsi->hIconSmWindows = Common->hIconSmWindows; 1139 gpsi->hIconWindows = Common->hIconWindows; 1140 1141 IntLoadSystenIcons(Common->hIconSample, OIC_SAMPLE); 1142 IntLoadSystenIcons(Common->hIconHand, OIC_HAND); 1143 IntLoadSystenIcons(Common->hIconQuestion, OIC_QUES); 1144 IntLoadSystenIcons(Common->hIconBang, OIC_BANG); 1145 IntLoadSystenIcons(Common->hIconNote, OIC_NOTE); 1146 IntLoadSystenIcons(gpsi->hIconWindows, OIC_WINLOGO); 1147 IntLoadSystenIcons(gpsi->hIconSmWindows, OIC_WINLOGO+1); 1148 1149 ERR("hIconSmWindows %p hIconWindows %p \n",gpsi->hIconSmWindows,gpsi->hIconWindows); 1150 1151 IntCbFreeMemory(Argument); 1152 1153 return TRUE; 1154 } 1155 1156 VOID FASTCALL 1157 co_IntDeliverUserAPC(VOID) 1158 { 1159 ULONG ResultLength; 1160 PVOID ResultPointer; 1161 NTSTATUS Status; 1162 UserLeaveCo(); 1163 1164 Status = KeUserModeCallback(USER32_CALLBACK_DELIVERUSERAPC, 1165 0, 1166 0, 1167 &ResultPointer, 1168 &ResultLength); 1169 1170 1171 UserEnterCo(); 1172 1173 if (!NT_SUCCESS(Status)) 1174 { 1175 ERR("Delivering User APC callback failed!\n"); 1176 } 1177 } 1178 1179 VOID FASTCALL 1180 co_IntSetupOBM(VOID) 1181 { 1182 NTSTATUS Status; 1183 ULONG ArgumentLength, ResultLength; 1184 PVOID Argument, ResultPointer; 1185 PSETOBM_CALLBACK_ARGUMENTS Common; 1186 1187 ResultPointer = NULL; 1188 ResultLength = ArgumentLength = sizeof(SETOBM_CALLBACK_ARGUMENTS); 1189 1190 Argument = IntCbAllocateMemory(ArgumentLength); 1191 if (NULL == Argument) 1192 { 1193 ERR("Set Window Icons callback failed: out of memory\n"); 1194 return; 1195 } 1196 Common = (PSETOBM_CALLBACK_ARGUMENTS) Argument; 1197 1198 UserLeaveCo(); 1199 1200 Status = KeUserModeCallback(USER32_CALLBACK_SETOBM, 1201 Argument, 1202 ArgumentLength, 1203 &ResultPointer, 1204 &ResultLength); 1205 1206 1207 UserEnterCo(); 1208 1209 if (!NT_SUCCESS(Status)) 1210 { 1211 ERR("Set Window Icons callback failed!\n"); 1212 IntCbFreeMemory(Argument); 1213 return; 1214 } 1215 1216 RtlMoveMemory(Common, ResultPointer, ArgumentLength); 1217 RtlCopyMemory(gpsi->oembmi, Common->oembmi, sizeof(gpsi->oembmi)); 1218 1219 IntCbFreeMemory(Argument); 1220 } 1221 1222 // 1223 // Called from Kernel GDI sides, no UserLeave/EnterCo required. 1224 // 1225 LRESULT 1226 APIENTRY 1227 co_UserCBClientPrinterThunk( PVOID pkt, INT InSize, PVOID pvOutData, INT OutSize ) 1228 { 1229 NTSTATUS Status; 1230 PVOID ResultPointer; 1231 1232 Status = KeUserModeCallback( USER32_CALLBACK_UMPD, 1233 pkt, 1234 InSize, 1235 &ResultPointer, 1236 (PULONG)&OutSize ); 1237 1238 1239 if (!NT_SUCCESS(Status)) 1240 { 1241 ERR("User UMPD callback failed!\n"); 1242 return 1; 1243 } 1244 1245 if (OutSize) RtlMoveMemory( pvOutData, ResultPointer, OutSize ); 1246 1247 return 0; 1248 } 1249 1250 /* EOF */ 1251