a good masculine program shares its feelings (error codes) with other…

…s (the event log)
Vortesys · Jul 28, 2024 · a3d8bb7 · a3d8bb7
1 parent f257ef8
commit a3d8bb7
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 31 deletions.
diff --git a/CscdSvc/hook.c b/CscdSvc/hook.c
@@ -46,8 +46,11 @@ __declspec(dllexport) BOOL CALLBACK InstallUserHook()
 	OutputDebugString(TEXT("InstallUserHook called\n"));
 
 	// Unregister before we do anything
-	// TODO: kill uxtheme kill uxtheme
-	//UnregisterUserApiHookDelay();
+	if (!UnregisterUserApiHookRemote())
+		SvcReportEvent(TEXT("InstallUserHook: UnregisterUserApiHookRemote"));
+
+	if (!UnregisterUserApiHookDelay())
+		SvcReportEvent(TEXT("InstallUserHook: UnregisterUserApiHookDelay"));
 
 	// Get the module
 	g_hModule = GetModuleHandle(NULL);
@@ -276,9 +279,15 @@ static BOOL WINAPI UnregisterUserApiHookRemote(VOID)
 	// Return if we can't get the snapshot
 	// or if we get an invalid session ID
 	if (hProcessSnapshot == NULL)
+	{
+		SvcReportEvent(TEXT("UnregisterUserApiHookRemote: CreateToolhelp32Snapshot"));
 		return FALSE;
+	}
 	if (dwSessionID == 0xFFFFFFFF)
+	{
+		SvcReportEvent(TEXT("UnregisterUserApiHookRemote: WTSGetActiveConsoleSessionId"));
 		return FALSE;
+	}
 
 	// Set the size of the structure before using it
 	pe32.dwSize = sizeof(PROCESSENTRY32);
@@ -309,7 +318,10 @@ static BOOL WINAPI UnregisterUserApiHookRemote(VOID)
 	hProcess = OpenProcess(0x1FFFFFu, FALSE, dwProcessID);
 
 	if (hProcess == NULL)
+	{
+		SvcReportEvent(TEXT("UnregisterUserApiHookRemote: OpenProcess"));
 		return FALSE;
+	}
 
 	// Calculate the size of the UnregisterUserApiHookDelay function... HACK!
 	LONGLONG sizeofUnregisterUserApiHookDelay = (BYTE*)UnregisterUserApiHookRemote - (BYTE*)UnregisterUserApiHookDelay;
@@ -319,7 +331,10 @@ static BOOL WINAPI UnregisterUserApiHookRemote(VOID)
 
 	// Blah blah error checking
 	if (lpvRemoteProcessBuffer == 0)
+	{
+		SvcReportEvent(TEXT("UnregisterUserApiHookRemote: VirtualAllocEx"));
 		return FALSE;
+	}
 
 	// Write the sauce into Winlogon (not dangerous!)
 	WriteProcessMemory(hProcess, lpvRemoteProcessBuffer, UnregisterUserApiHookRemote, sizeofUnregisterUserApiHookDelay, NULL);
@@ -333,25 +348,3 @@ static BOOL WINAPI UnregisterUserApiHookRemote(VOID)
 
 	return TRUE;
 }
-
-/* * * *\
-	ExternUnregisterUserApiHookDelay -
-		Forward function
-	RETURNS -
-		TRUE if successful.
-\* * * */
-BOOL WINAPI ExternUnregisterUserApiHookDelay(VOID)
-{
-	UnregisterUserApiHookDelay();
-}
-
-/* * * *\
-	ExternUnregisterUserApiHookRemote -
-		Forward function
-	RETURNS -
-		TRUE if successful.
-\* * * */
-BOOL WINAPI ExternUnregisterUserApiHookRemote(VOID)
-{
-	return UnregisterUserApiHookRemote();
-}
diff --git a/CscdSvc/hook.h b/CscdSvc/hook.h
@@ -31,5 +31,3 @@ __declspec(dllexport) BOOL CALLBACK RemoveUserHook(VOID);
 BOOL WINAPI RegisterUserApiHookDelay(HINSTANCE hInstance, PUSERAPIHOOKINFO ApiHookInfo);
 static BOOL WINAPI UnregisterUserApiHookDelay(VOID);
 static BOOL WINAPI UnregisterUserApiHookRemote(VOID);
-BOOL WINAPI ExternUnregisterUserApiHookDelay(VOID);
-BOOL WINAPI ExternUnregisterUserApiHookRemote(VOID);
diff --git a/CscdSvc/svc.c b/CscdSvc/svc.c
@@ -278,13 +278,10 @@ VOID SvcInit(DWORD dwArgc, LPTSTR* lpszArgv)
 	// Report running status when initialization is complete.
 	ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0);
 
-	// Kill UxTheme for good
-	ExternUnregisterUserApiHookRemote();
-
 	// Install our user hook, if FALSE then fail.
 	if (!InstallUserHook())
 	{
-		SvcMessageEvent(TEXT("RegisterUserApiHook"));
+		SvcReportEvent(TEXT("RegisterUserApiHook"));
 
 		ReportSvcStatus(SERVICE_STOPPED, GetLastError(), 0);
 		return;
@@ -302,7 +299,7 @@ VOID SvcInit(DWORD dwArgc, LPTSTR* lpszArgv)
 	// Kill the user hook
 	if (!RemoveUserHook())
 	{
-		SvcMessageEvent(TEXT("UnregisterUserApiHook"));
+		SvcReportEvent(TEXT("UnregisterUserApiHook"));
 
 		ReportSvcStatus(SERVICE_STOPPED, GetLastError(), 0);
 		return;