Code: Select all
#noenv
#singleinstance force
ScriptInfo(Command, hWnd := 0)
{
if (!hWnd)
hWnd := A_ScriptHwnd
if (hWnd != A_ScriptHwnd) {
prevDetectHiddenWindows := A_DetectHiddenWindows
DetectHiddenWindows On
hWnd := WinExist("ahk_id " . hWnd . " ahk_class AutoHotkey")
if (!hWnd) {
DetectHiddenWindows %prevDetectHiddenWindows%
return ""
}
WinGet, PID, PID, ahk_id %hWnd%
DetectHiddenWindows %prevDetectHiddenWindows%
if (!(hProcess := DllCall("OpenProcess", "UInt", PROCESS_QUERY_INFORMATION := 0x0400 | PROCESS_VM_OPERATION := 0x0008 | PROCESS_VM_READ := 0x0010 | PROCESS_VM_WRITE := 0x0020, "Int", False, "UInt", PID, "Ptr")))
return ""
; LIST_MODULES_DEFAULT (0x00) is probably better here
Loop {
DllCall("psapi\EnumProcessModulesEx", "Ptr", hProcess, "Ptr", 0, "UInt", 0, "UInt*", cbNeeded, "UInt", LIST_MODULES_ALL := 0x03)
VarSetCapacity(hModules, cbNeeded, 0)
} until (DllCall("psapi\EnumProcessModulesEx", "Ptr", hProcess, "Ptr", &hModules, "UInt", cbNeeded, "UInt*", cbNeeded, "UInt", LIST_MODULES_ALL := 0x03))
VarSetCapacity(modName, 524)
Loop % cbNeeded / A_PtrSize {
if (DllCall("psapi\GetModuleBaseName", "Ptr", hProcess, "Ptr", NumGet(hModules, A_PtrSize * (A_Index - 1), "Ptr"), "Str", modName, "UInt", 260))
if (modName = "user32.dll") {
user32 := NumGet(hModules, A_PtrSize * (A_Index - 1), "Ptr")
break
}
}
} else {
user32 := DllCall("GetModuleHandle", "str", "user32.dll", "ptr")
}
if (!user32) {
if (hProcess)
LogonDesktop_CloseHandle(hProcess)
return ""
}
hEdit := DllCall("GetWindow", "ptr", hWnd, "uint", 5, "ptr")
pfn := [], bkp := []
for i, fn in ["SetForegroundWindow", "ShowWindow"] {
if (A_ScriptHwnd == hWnd) {
pfn[i] := DllCall("GetProcAddress", "ptr", user32, "astr", fn, "ptr")
DllCall("VirtualProtect", "ptr", pfn[i], "ptr", 8, "uint", 0x40, "uint*", 0)
bkp[i] := NumGet(pfn[i], 0, "int64")
} else {
pfn[i] := ProcAddressFromRemoteProcess(hProcess, user32, fn, Magic)
DllCall("VirtualProtectEx", "Ptr", hProcess, "Ptr", pfn[i], "ptr", 8, "uint", 0x40, "uint*", 0)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", pfn[i], "Int64*", tmp, "UInt", 8, "UInt*", br)
bkp[i] := tmp
}
}
if (hWnd == A_ScriptHwnd) {
if (A_PtrSize=8) { ; Disable SetForegroundWindow and ShowWindow.
NumPut(0x0000C300000001B8, pfn[1], 0, "int64") ; return TRUE
NumPut(0x0000C300000001B8, pfn[2], 0, "int64") ; return TRUE
} else {
NumPut(0x0004C200000001B8, pfn[1], 0, "int64") ; return TRUE
NumPut(0x0008C200000001B8, pfn[2], 0, "int64") ; return TRUE
}
} else {
if (Magic == (IMAGE_NT_OPTIONAL_HDR64_MAGIC := 0x20b)) {
DllCall("WriteProcessMemory", "Ptr", hProcess, "Ptr", pfn[1], "Int64*", 0x0000C300000001B8, "UInt", 8, "UInt*", br)
DllCall("WriteProcessMemory", "Ptr", hProcess, "Ptr", pfn[2], "Int64*", 0x0000C300000001B8, "UInt", 8, "UInt*", br)
} else {
DllCall("WriteProcessMemory", "Ptr", hProcess, "Ptr", pfn[1], "Int64*", 0x0004C200000001B8, "UInt", 8, "UInt*", br)
DllCall("WriteProcessMemory", "Ptr", hProcess, "Ptr", pfn[2], "Int64*", 0x0008C200000001B8, "UInt", 8, "UInt*", br)
}
}
static cmds := {ListLines:65406, ListVars:65407, ListHotkeys:65408, KeyHistory:65409}
cmds[Command] ? DllCall("SendMessage", "ptr", hWnd, "uint", 0x111, "ptr", cmds[Command], "ptr", 0) : 0
if (hWnd == A_ScriptHwnd) {
NumPut(bkp[1], pfn[1], 0, "int64") ; Enable SetForegroundWindow.
NumPut(bkp[2], pfn[2], 0, "int64") ; Enable ShowWindow.
} else {
DllCall("WriteProcessMemory", "Ptr", hProcess, "Ptr", pfn[1], "Int64*", bkp[1], "UInt", 8, "UInt*", br)
DllCall("WriteProcessMemory", "Ptr", hProcess, "Ptr", pfn[2], "Int64*", bkp[2], "UInt", 8, "UInt*", br)
LogonDesktop_CloseHandle(hProcess)
}
ControlGetText, text,, ahk_id %hEdit%
return text
}
; Very little error checking. TBH, I'd be surprised if someone actually uses this, so...
ProcAddressFromRemoteProcess(hProcess, hModule, targetFuncName, ByRef Magic := 0)
{
; MarkHC: https://www.unknowncheats.me/forum/1457119-post3.html
IMAGE_DOS_SIGNATURE := 0x5A4D, IMAGE_NT_SIGNATURE := 0x4550
if (DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule, "UShort*", header, "UInt", 2, "UInt*", br) && br == 2 && header == IMAGE_DOS_SIGNATURE) {
if (DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+60, "Int*", e_lfanew, "UInt", 4, "UInt*", br) && DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+e_lfanew, "UInt*", Signature, "UInt", 4, "UInt*", br)) {
if (Signature == IMAGE_NT_SIGNATURE) {
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+e_lfanew+24, "UShort*", Magic, "UInt", 2, "UInt*", br)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+e_lfanew+24+(Magic == (IMAGE_NT_OPTIONAL_HDR64_MAGIC := 0x20b) ? 112 : 96), "UInt*", exportTableRVA, "UInt", 4, "UInt*", br)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+exportTableRVA+20, "UInt*", NumberOfFunctions, "UInt", 4, "UInt*", br)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+exportTableRVA+24, "UInt*", NumberOfNames, "UInt", 4, "UInt*", br)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+exportTableRVA+28, "UInt*", AddressOfFunctions, "UInt", 4, "UInt*", br)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+exportTableRVA+32, "UInt*", AddressOfNames, "UInt", 4, "UInt*", br)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+exportTableRVA+36, "UInt*", AddressOfNameOrdinals, "UInt", 4, "UInt*", br)
VarSetCapacity(functions, NumberOfFunctions * 4)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+AddressOfFunctions, "Ptr", &functions, "UInt", NumberOfFunctions * 4, "UInt*", br)
VarSetCapacity(exports, NumberOfNames * 4)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+AddressOfNames, "Ptr", &exports, "UInt", NumberOfNames * 4, "UInt*", br)
VarSetCapacity(ordinals, NumberOfNames * 2)
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+AddressOfNameOrdinals, "Ptr", &ordinals, "UInt", NumberOfNames * 2, "UInt*", br)
Loop % NumberOfNames {
addr := NumGet(exports, 4 * (A_Index - 1), "UInt")
i := 0, funcName := ""
while (true) {
DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", hModule+addr+i, "Int*", letter, "UInt", 1, "UInt*", br)
if (!letter)
break
funcName .= Chr(letter)
i += 1
}
if (funcName == targetFuncName) {
ordinal := NumGet(ordinals, 2 * (A_Index - 1), "UShort")
return NumGet(functions, 4 * ordinal, "UInt") + hModule
}
}
}
}
}
return 0
}
LogonDesktop_AdjustThisProcessPrivileges(privNames, ByRef PreviousState := 0) {
sizeofTOKEN_PRIVILEGES := 16
ret := False
if (IsObject(privNames)) {
if (!(privNamesOrPrevStateLen := privNames.SetCapacity(0)))
return ret
VarSetCapacity(TOKEN_PRIVILEGES, (sizeTp := 4 + ((sizeofTOKEN_PRIVILEGES - 4) * privNamesOrPrevStateLen)), 0)
NumPut(privNamesOrPrevStateLen, TOKEN_PRIVILEGES,, "UInt")
for priv, enabled in privNames {
luidOffset := 4 + ((sizeofTOKEN_PRIVILEGES - 4) * (A_Index - 1))
if (DllCall("Advapi32\LookupPrivilegeValueW", "Ptr", 0, "WStr", priv, "Ptr", &TOKEN_PRIVILEGES+luidOffset))
if (enabled)
NumPut(0x00000002, TOKEN_PRIVILEGES, luidOffset+8, "UInt")
}
} else {
if (!privNames && !IsByRef(PreviousState))
return ret
}
if (LogonDesktop_OpenProcessToken(_GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES := 0x0020 | TOKEN_QUERY := 0x0008 , hToken)) {
psBr := IsByRef(PreviousState)
if (privNames) {
if (psBr)
VarSetCapacity(PreviousState, sizeTp, 0)
ret := DllCall("Advapi32\AdjustTokenPrivileges", "Ptr", hToken, "Int", False, "Ptr", &TOKEN_PRIVILEGES, "UInt", psBr ? 0 : sizeTp, "Ptr", psBr ? &PreviousState : 0, "UInt*", ReturnLength)
if (!ret && psBr && ReturnLength && A_LastError == (ERROR_INSUFFICIENT_BUFFER := 122)) {
VarSetCapacity(PreviousState, ReturnLength)
ret := DllCall("Advapi32\AdjustTokenPrivileges", "Ptr", hToken, "Int", False, "Ptr", &TOKEN_PRIVILEGES, "UInt", ReturnLength, "Ptr", &PreviousState, "UInt*", ReturnLength)
}
} else {
if (psBr && PreviousState)
ret := DllCall("Advapi32\AdjustTokenPrivileges", "Ptr", hToken, "Int", False, "Ptr", &PreviousState, "UInt", 0, "Ptr", 0, "Ptr", 0)
}
LogonDesktop_CloseHandle(hToken)
}
return ret
}
_GetCurrentProcess() {
return DllCall("GetCurrentProcess", "Ptr")
}
LogonDesktop_OpenProcessToken(ProcessHandle, DesiredAccess, ByRef TokenHandle) {
return DllCall("Advapi32\OpenProcessToken", "Ptr", ProcessHandle, "UInt", DesiredAccess, "Ptr*", TokenHandle)
}
LogonDesktop_CloseHandle(hObject) {
return DllCall("CloseHandle", "Ptr", hObject)
}
LogonDesktop_AdjustThisProcessPrivileges({"SeDebugPrivilege": True}, PreviousState)
DetectHiddenWindows, % "On"
WinGet, hWnd, ID, %A_ScriptDir%\New AutoHotkey Script.ahk
MsgBox % ScriptInfo("ListHotkeys", hWnd)
LogonDesktop_AdjustThisProcessPrivileges(0, PreviousState)