Untitled

mail@pastecode.io avatarunknown
plain_text
2 months ago
2.0 kB
1
Indexable
Never
#include "pch.h"
#include <Windows.h>
#include <iostream>
#include <conio.h>
#include <tlhelp32.h>

using fn_t = int(*)(_In_ HWND hWnd, _In_ PWSTR Verb, _In_ PWSTR Object, _In_opt_ PWSTR Message, _In_ BOOLEAN Warning);

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam) {
	DWORD targetProcessId = (DWORD)lParam;
	DWORD windowProcessId;
	GetWindowThreadProcessId(hwnd, &windowProcessId);

	if (windowProcessId == targetProcessId) {
		if (GetWindow(hwnd, GW_OWNER) == NULL && (GetWindowLong(hwnd, GWL_STYLE) & WS_OVERLAPPEDWINDOW) != 0) {
			*((HWND*)lParam) = hwnd;
			return FALSE;
		}
	}

	return TRUE;
}

HWND GetMainWindowHandleFromHMODULE(HMODULE hModule) {
	DWORD processId = 0;
	TCHAR hModulePath[MAX_PATH];
	if (GetModuleFileName(hModule, hModulePath, MAX_PATH) > 0) {
		HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, GetCurrentProcessId());
		if (hSnapshot != INVALID_HANDLE_VALUE) {
			MODULEENTRY32 me;
			me.dwSize = sizeof(MODULEENTRY32);
			if (Module32First(hSnapshot, &me)) {
				do {
					if (lstrcmpi(me.szExePath, hModulePath) == 0) {
						processId = me.th32ProcessID;
						break;
					}
				} while (Module32Next(hSnapshot, &me));
			}
			CloseHandle(hSnapshot);
		}
	}

	if (processId != 0) {
		HWND mainWindowHandle = NULL;
		EnumWindows(EnumWindowsProc, (LPARAM)&processId);
		return mainWindowHandle;
	}

	return NULL;
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
	fn_t showconfirmmessage = (fn_t)GetProcAddress(hModule, "PhShowConfirmMessage");
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
		showconfirmmessage(
			GetMainWindowHandleFromHMODULE(hModule),
			(PWSTR)L"terminate",
			(PWSTR)L"all sandboxed processes",
			NULL,
			FALSE
		);
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}