Difference between revisions of "Techwiki:RegisterUserApiHook"
(New page: RegisterUserApiHook seems to be implemlemented in user32 to be used exclusively by uxtheme. Actually it abstracts the functionality need to apply themes in uxtheme. The problem with this f...) |
|||
| Line 6: | Line 6: | ||
| − | BOOL WINAPI RegisterUserApiHook(HINSTANCE hInstance, PVOID Callback); | + | BOOL WINAPI RegisterUserApiHook(HINSTANCE hInstance, PVOID Callback); |
| Line 13: | Line 13: | ||
| − | typedef struct _USERAPIHOOKINFO | + | typedef struct _USERAPIHOOKINFO |
| − | { | + | { |
DWORD m_size; | DWORD m_size; | ||
LPCWSTR m_dllname1; | LPCWSTR m_dllname1; | ||
| Line 20: | Line 20: | ||
LPCWSTR m_dllname2; | LPCWSTR m_dllname2; | ||
LPCWSTR m_funname2; | LPCWSTR m_funname2; | ||
| − | }USERAPIHOOKINFO,*PUSERAPIHOOKINFO; | + | }USERAPIHOOKINFO,*PUSERAPIHOOKINFO; |
| − | BOOL WINAPI RegisterUserApiHook(PUSERAPIHOOKINFO ApiHookInfo); | + | BOOL WINAPI RegisterUserApiHook(PUSERAPIHOOKINFO ApiHookInfo); |
| Line 28: | Line 28: | ||
| − | typedef struct | + | typedef struct |
| − | { | + | { |
| − | + | DWORD size; | |
| − | + | WNDPROC DefWindowProcA; | |
| − | + | WNDPROC DefWindowProcW; | |
| − | + | DWORD* DefWndProcArray; | |
| − | + | DWORD DefWndProcArraySize; | |
| − | + | FARPROC GetScrollInfo; | |
| − | + | FARPROC SetScrollInfo; | |
| − | + | FARPROC EnableScrollBar; | |
| − | + | FARPROC AdjustWindowRectEx; | |
| − | + | FARPROC SetWindowRng; | |
| − | + | WNDPROC PreWndProc; | |
| − | + | WNDPROC PostWndProc; | |
| − | + | DWORD* WndProcArray; | |
| − | + | DWORD WndProcArraySize; | |
| − | + | WNDPROC PreDefDlgProc; | |
| − | + | WNDPROC PostDefDlgProc; | |
| − | + | DWORD* DlgProcArray; | |
| − | + | DWORD DlgProcArraySize; | |
| − | + | FARPROC GetSystemMetrics; | |
| − | + | FARPROC SystemParametersInfoA; | |
| − | + | FARPROC SystemParametersInfoW; | |
| − | + | FARPROC ForceResetUserApiHook; | |
| − | + | FARPROC DrawFrameControl; | |
| − | + | FARPROC DrawCaption; | |
| − | + | FARPROC MDIRedrawFrame; | |
| − | } APIHOOKINFO, *PAPIHOOKINFO; | + | } APIHOOKINFO, *PAPIHOOKINFO; |
| + | |||
| + | typedef DWORD (CALLBACK * USERAPIHOOKPROC)(DWORD State, PAPIHOOKINFO ApiHookInfo); | ||
| + | |||
| − | |||
User32 gives to the callback function an APIHOOKINFO struct filled with the original implementation of the functions that the library can use from user32. Then the function replaces the functions from user32 with its own functions. | User32 gives to the callback function an APIHOOKINFO struct filled with the original implementation of the functions that the library can use from user32. Then the function replaces the functions from user32 with its own functions. | ||
The most strange thing in APIHOOKINFO struct are the DefWndProcArray, WndProcArray and DlgProcArray fields. | The most strange thing in APIHOOKINFO struct are the DefWndProcArray, WndProcArray and DlgProcArray fields. | ||
| Line 66: | Line 68: | ||
| − | DWORD DefWindowProcMagic[25]= {0x1000, 0x0, 0x80, 0x28000000, 0x75, 0xc003, 0x0, 0x0, | + | DWORD DefWindowProcMagic[25]= {0x1000, 0x0, 0x80, 0x28000000, 0x75, 0xc003, 0x0, 0x0, |
0x40000,0x01240000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x9800000}; | 0x40000,0x01240000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x9800000}; | ||
| − | DWORD PrePostWindowProcMagic[25]= {0x4000002,0x1800,0xc0,0x30000000,0x26,0x0,0x0,0x0,0x0,0x1, | + | |
| + | |||
| + | DWORD PrePostWindowProcMagic[25]= {0x4000002,0x1800,0xc0,0x30000000,0x26,0x0,0x0,0x0,0x0,0x1, | ||
0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0xc000000}; | 0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0xc000000}; | ||
Revision as of 16:23, 18 June 2009
RegisterUserApiHook seems to be implemlemented in user32 to be used exclusively by uxtheme. Actually it abstracts the functionality need to apply themes in uxtheme. The problem with this function is that it is changed it through Windows releases so it is more difficult to test it. RegisterUserApiHook works in the same way a global hook works. The only difference is that right after user32 loads the specified library into every application, it calls the (specified) callback to give the ability to the loaded library to override some functionality that exists in use32.
This is the prototype in windows xp:
BOOL WINAPI RegisterUserApiHook(HINSTANCE hInstance, PVOID Callback);
And this is the prototype in win2k3:
typedef struct _USERAPIHOOKINFO
{
DWORD m_size;
LPCWSTR m_dllname1;
LPCWSTR m_funname1;
LPCWSTR m_dllname2;
LPCWSTR m_funname2;
}USERAPIHOOKINFO,*PUSERAPIHOOKINFO;
BOOL WINAPI RegisterUserApiHook(PUSERAPIHOOKINFO ApiHookInfo);
In both cases we give to RegisterUserApiHook the dll that is going to be loaded and the callback function.
This is the prototype of the callback function:
typedef struct
{
DWORD size;
WNDPROC DefWindowProcA;
WNDPROC DefWindowProcW;
DWORD* DefWndProcArray;
DWORD DefWndProcArraySize;
FARPROC GetScrollInfo;
FARPROC SetScrollInfo;
FARPROC EnableScrollBar;
FARPROC AdjustWindowRectEx;
FARPROC SetWindowRng;
WNDPROC PreWndProc;
WNDPROC PostWndProc;
DWORD* WndProcArray;
DWORD WndProcArraySize;
WNDPROC PreDefDlgProc;
WNDPROC PostDefDlgProc;
DWORD* DlgProcArray;
DWORD DlgProcArraySize;
FARPROC GetSystemMetrics;
FARPROC SystemParametersInfoA;
FARPROC SystemParametersInfoW;
FARPROC ForceResetUserApiHook;
FARPROC DrawFrameControl;
FARPROC DrawCaption;
FARPROC MDIRedrawFrame;
} APIHOOKINFO, *PAPIHOOKINFO;
typedef DWORD (CALLBACK * USERAPIHOOKPROC)(DWORD State, PAPIHOOKINFO ApiHookInfo);
User32 gives to the callback function an APIHOOKINFO struct filled with the original implementation of the functions that the library can use from user32. Then the function replaces the functions from user32 with its own functions.
The most strange thing in APIHOOKINFO struct are the DefWndProcArray, WndProcArray and DlgProcArray fields.
These fields seem to control when overridden DefWindowProc, Pre/PostWndProc and PreDefDlgProc will be called. If they are set to NULL, the overridden functions never get called.
However, when testing in win2k3, I called ThemeInitApiHook and dumped the contents of these arrays. If I use these, the overridden functions are called correctly (in both xp and win2k3) :
DWORD DefWindowProcMagic[25]= {0x1000, 0x0, 0x80, 0x28000000, 0x75, 0xc003, 0x0, 0x0,
0x40000,0x01240000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x4,0x0,0x0,0x9800000};
DWORD PrePostWindowProcMagic[25]= {0x4000002,0x1800,0xc0,0x30000000,0x26,0x0,0x0,0x0,0x0,0x1,
0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0xc000000};
