Finish support for 1903, 1909 should also work but is untested

versions below 1903 haven't been tested but hopefully work
wiktorwiktor12 · Jun 28, 2024 · fefd97f · fefd97f
1 parent 88f5b7a
commit fefd97f
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 18 deletions.
diff --git a/ConsoleLogonHook/ConsoleLogonHook.vcxproj b/ConsoleLogonHook/ConsoleLogonHook.vcxproj
@@ -23,7 +23,7 @@
     <Keyword>Win32Proj</Keyword>
     <ProjectGuid>{6cc17286-2fe3-4bcb-899b-76d1eacd3469}</ProjectGuid>
     <RootNamespace>ConsoleLogonHook</RootNamespace>
-    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <WindowsTargetPlatformVersion>10.0.18362.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -118,7 +118,7 @@
       <LanguageStandard>stdcpplatest</LanguageStandard>
       <LanguageStandard_C>stdc17</LanguageStandard_C>
       <AdditionalIncludeDirectories>$(ProjectDir);detours;imgui;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
@@ -142,7 +142,7 @@
       <LanguageStandard>stdcpplatest</LanguageStandard>
       <LanguageStandard_C>stdc17</LanguageStandard_C>
       <AdditionalIncludeDirectories>$(ProjectDir);detours;imgui;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>

diff --git a/ConsoleLogonHook/ui/ui_securitycontrol.cpp b/ConsoleLogonHook/ui/ui_securitycontrol.cpp
@@ -82,7 +82,7 @@ __int64 __fastcall SecurityOptionsView__RuntimeClassInitialize_Hook(__int64 a1,
     return res;
 }
 
-__int64(__fastcall* MakeAndInitialize_SecurityOptionControl)(void** _this, void* a2, int* a3, void* a4);
+/*__int64(__fastcall* MakeAndInitialize_SecurityOptionControl)(void** _this, void* a2, int* a3, void* a4);
 __int64 __fastcall MakeAndInitialize_SecurityOptionControl_Hook(void** _this, void* a2, int* a3, void* a4)
 {
     auto res = MakeAndInitialize_SecurityOptionControl(_this, a2, a3, a4);
@@ -103,8 +103,29 @@ __int64 __fastcall MakeAndInitialize_SecurityOptionControl_Hook(void** _this, vo
         //buttonsList.push_back(button);
     }
 
+    return res;
+}*/
+
+__int64(__fastcall* SecurityOptionControl_RuntimeClassInitialize)(void* _this, void* a2, int a3, void* a4);
+__int64 __fastcall SecurityOptionControl_RuntimeClassInitialize_Hook(void** _this, void* a2, int a3, void* a4)
+{
+    auto res = SecurityOptionControl_RuntimeClassInitialize(_this, a2, a3, a4);
+
+    //SPDLOG_INFO("Got Control!");
+
+    wchar_t* text = *(wchar_t**)(__int64(_this) + 0x48);
+
+    //SecurityOptionControlWrapper button(control);
+
+    SPDLOG_INFO("text: {}, controlptr {} a2 {} a3 {} a4 {}", ws2s(text).c_str(), (void*)_this, (void*)a2, (void*)a3, (void*)a4);
+
+    external::SecurityOptionControl_Create(_this);
+
+    //buttonsList.push_back(button);
+
     return res;
 }
+
 void* (__fastcall* SecurityOptionControl_Destructor)(__int64 a1, unsigned int a2);
 void* SecurityOptionControl_Destructor_Hook(__int64 a1, unsigned int a2)
 {
@@ -186,10 +207,9 @@ const wchar_t* external::SecurityOptionControl_getString(void* actualInstance)
 
 void uiSecurityControl::InitHooks(uintptr_t baseaddress)
 {
-    LogonViewManager__ShowSecurityOptionsUIThread = memory::FindPatternCached<decltype(LogonViewManager__ShowSecurityOptionsUIThread)>("LogonViewManager__ShowSecurityOptionsUIThread", { "48 89 5C 24 08 4C 89 44 24 18 55 56 57 41 56 41 57 48 8B EC 48 83 EC 40" });
-    LogonViewManager__ShowSecurityOptions = memory::FindPatternCached<decltype(LogonViewManager__ShowSecurityOptions)>("LogonViewManager__ShowSecurityOptions", { "48 89 5C 24 10 4C 89 44 24 18 55 56 57 41 54 41 55 41 56 41 57" });
-    auto adr = memory::FindPatternCached<uintptr_t>("MakeAndInitialize_SecurityOptionControl", { "E8 ?? ?? ?? ?? 44 8B F0 85 C0 79 ?? 48 8B 4D ?? 44 8B C8 4C 8D 05 ?? ?? ?? ?? BA ?? ?? ?? ?? E8 ?? ?? ?? ?? 90" });
-    MakeAndInitialize_SecurityOptionControl = (decltype(MakeAndInitialize_SecurityOptionControl))(REL(adr,1));
+    LogonViewManager__ShowSecurityOptionsUIThread = memory::FindPatternCached<decltype(LogonViewManager__ShowSecurityOptionsUIThread)>("LogonViewManager__ShowSecurityOptionsUIThread", { "48 8B EC 48 83 EC 40 49 8B F8 8B F2 4C 8B F1 E8" },true);
+    LogonViewManager__ShowSecurityOptions = memory::FindPatternCached<decltype(LogonViewManager__ShowSecurityOptions)>("LogonViewManager__ShowSecurityOptions", { "48 89 ?? 28 44 89 ?? 30 ?? 89 ?? 38 ?? 89 73 40 ?? 85 F6 74 10 ?? 8B 06 ?? 8B CE 48 8B 40 08 FF 15" },true);
+    SecurityOptionControl_RuntimeClassInitialize = memory::FindPatternCached<decltype(SecurityOptionControl_RuntimeClassInitialize)>("SecurityOptionControl_RuntimeClassInitialize", {"B9 10 00 00 00 E8 ?? ?? ?? ?? 4C 8B F0 48 85 C0 74 22 48 8B 07 49 89 06 48 8B 4F 08 49 89 4E 08 48 85 C9 74 12 48 8B 01"}, true);
     SecurityOptionControlHandleKeyInput = memory::FindPatternCached<decltype(SecurityOptionControlHandleKeyInput)>("SecurityOptionControlHandleKeyInput", { "48 89 5C 24 10 48 89 74 24 20 55 57 41 56 48 8B EC 48 83 EC 70 48 8B 05 ?? ?? ?? ?? 48 33 C4" });
     //SecurityOptionControlHandleKeyInput = decltype(SecurityOptionControlHandleKeyInput)(baseaddress + 0x44490);
     //ConsoleUIView__Initialize = decltype(ConsoleUIView__Initialize)(baseaddress + 0x42710);
@@ -204,7 +224,7 @@ void uiSecurityControl::InitHooks(uintptr_t baseaddress)
 
     Hook(LogonViewManager__ShowSecurityOptionsUIThread, LogonViewManager__ShowSecurityOptionsUIThread_Hook);
     Hook(LogonViewManager__ShowSecurityOptions, LogonViewManager__ShowSecurityOptions_Hook);
-    Hook(MakeAndInitialize_SecurityOptionControl, MakeAndInitialize_SecurityOptionControl_Hook);
+    Hook(SecurityOptionControl_RuntimeClassInitialize, SecurityOptionControl_RuntimeClassInitialize_Hook);
     Hook(SecurityOptionControlHandleKeyInput, SecurityOptionControlHandleKeyInput_Hook);
     Hook(SecurityOptionControl_Destructor, SecurityOptionControl_Destructor_Hook);
     Hook(SecurityOptionsView__RuntimeClassInitialize, SecurityOptionsView__RuntimeClassInitialize_Hook);

diff --git a/ConsoleLogonHook/ui/ui_userselect.cpp b/ConsoleLogonHook/ui/ui_userselect.cpp
@@ -212,7 +212,7 @@ void uiUserSelect::InitHooks(uintptr_t baseaddress)
     SelectableUserOrCredentialControl_Destructor = memory::FindPatternCached<decltype(SelectableUserOrCredentialControl_Destructor)>("SelectableUserOrCredentialControl_Destructor", { "48 89 5C 24 08 57 48 83 EC 20 8B FA 48 8B D9 48 8B 49 58 48 85 C9 74 13 48 83 63 58 00 48 8B 01 48 8B 40 10 FF 15 ?? ?? ?? ?? 90 48 8B 4B 50 48 85 C9 74 13 48 83 63 50 00 48 8B 01 48 8B 40 10 FF 15 ?? ?? ?? ?? 90 48 8B CB","48 89 5C 24 08 57 48 83 EC 20 48 8B D9 8B FA 48 8B 49 58 48 85 C9 74 ?? 48 83 63 58 00 48 8B 01 48 8B 40 10 FF 15 ?? ?? ?? ?? 48 8B 4B 50 48 85 C9 74 ?? 48 83 63 50 00 48 8B 01 48 8B 40 10 FF 15 ?? ?? ?? ?? 48 8B CB"});
     //UserSelectionView__v_OnKeyInput = memory::FindPatternCached<decltype(UserSelectionView__v_OnKeyInput)>("UserSelectionView__v_OnKeyInput", { "40 55 53 56 57 41 56 48 8B EC 48 83 EC 20 49 8B F8 48 8B F1 41 83 20 00 66 83 7A 06 0D" });
 
-    globals::ConsoleUIView__Initialize = memory::FindPatternCached<decltype(globals::ConsoleUIView__Initialize)>("ConsoleUIView__Initialize", {"48 89 5C 24 08 57 48 83 EC 30 83 64 24 48 00","48 83 60 D8 00 41 B9 01 00 00 00 4C 8B F1 45 33 C0 B9 00 00 00 C0 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 48 8B D8"});
+    globals::ConsoleUIView__Initialize = memory::FindPatternCached<decltype(globals::ConsoleUIView__Initialize)>("ConsoleUIView__Initialize", {"48 89 5C 24 08 57 48 83 EC 30 83 64 24 48 00","48 83 60 D8 00 41 B9 01 00 00 00 4C 8B F1 45 33 C0 B9 00 00 00 C0 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 48 8B D8"},true);
     globals::ConsoleUIView__HandleKeyInput = memory::FindPatternCached<decltype(globals::ConsoleUIView__HandleKeyInput)>("ConsoleUIView__HandleKeyInput", { "48 89 5C 24 10 48 89 74 24 18 57 48 83 EC 20 83 64 24 30 00 48 8B FA" });
 
     LogonViewManager__Lock = memory::FindPatternCached<decltype(LogonViewManager__Lock)>("LogonViewManager__Lock", { "48 89 5C 24 18 89 54 24 10 55 56 57 41 54 41 55 41 56 41 57 48 8B EC 48 83 EC 70 49 8B F9 45 8A E8 8B F2","48 89 5C 24 10 48 89 74 24 18 48 89 7C 24 20 55 41 54 41 55 41 56 41 57 48 8B EC 48 83 EC 40 4C 8B F9"});

diff --git a/ConsoleLogonHook/util/memory_man.h b/ConsoleLogonHook/util/memory_man.h
@@ -178,8 +178,8 @@ namespace memory
     static T FindPatternCached(std::string functionName, std::vector<std::string> signatures, bool bFindTop = false)
     {
         uintptr_t base_address = (uintptr_t)GetModuleHandle(L"ConsoleLogon.dll");
-        //offsetCache.find(functionName);
-
+        ////offsetCache.find(functionName);
+        //
         //for (int i = 0; i < signatures.size(); ++i)
         //{
         //    auto signature = signatures[i];
@@ -233,11 +233,11 @@ namespace memory
     {
         //return;
         //auto SecurityOptionsView__RuntimeClassIntialise = (uint8_t*)(baseaddress + 0x36EB4);
-        auto SecurityOptionsView__RuntimeClassIntialise = FindPatternCached<uint8_t*>("SecurityOptionsViewRuntimeClassIntialise", { "48 89 5C 24 10 4C 89 44 24 18 55 56 57 41 56" });
-        if (IsBadReadPtr(SecurityOptionsView__RuntimeClassIntialise,8) || SecurityOptionsView__RuntimeClassIntialise[0] != 0x48 || SecurityOptionsView__RuntimeClassIntialise[1] != 0x89 || SecurityOptionsView__RuntimeClassIntialise[2] != 0x5C)
+        auto SecurityOptionsView__RuntimeClassIntialise = FindPatternCached<uint8_t*>("SecurityOptionsViewRuntimeClassIntialise", { "55 56 57 41 56 41 57 48 8B EC 48 83 EC 30" });
+        if (IsBadReadPtr(SecurityOptionsView__RuntimeClassIntialise,8) || SecurityOptionsView__RuntimeClassIntialise[0] != 0x55 || SecurityOptionsView__RuntimeClassIntialise[1] != 0x56 || SecurityOptionsView__RuntimeClassIntialise[2] != 0x57)
         {
             offsetCache.clear();
-            SecurityOptionsView__RuntimeClassIntialise = FindPatternCached<uint8_t*>("SecurityOptionsViewRuntimeClassIntialise", { "48 89 5C 24 10 4C 89 44 24 18 55 56 57 41 56" });
+            SecurityOptionsView__RuntimeClassIntialise = FindPatternCached<uint8_t*>("SecurityOptionsViewRuntimeClassIntialise", { "55 56 57 41 56 41 57 48 8B EC 48 83 EC 30" });
             if (!SecurityOptionsView__RuntimeClassIntialise)
                 MessageBoxW(0,L"SecurityOptionsView__RuntimeClassIntialise pattern Broke!",0,0);
         }

diff --git a/ConsoleLogonUI/ConsoleLogonUI.vcxproj b/ConsoleLogonUI/ConsoleLogonUI.vcxproj
@@ -23,7 +23,7 @@
     <Keyword>Win32Proj</Keyword>
     <ProjectGuid>{e624c20f-a41a-4bc5-b312-257ed4aecfb9}</ProjectGuid>
     <RootNamespace>ConsoleLogonUI</RootNamespace>
-    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <WindowsTargetPlatformVersion>10.0.18362.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -115,7 +115,7 @@
       <LanguageStandard>stdcpplatest</LanguageStandard>
       <LanguageStandard_C>stdc17</LanguageStandard_C>
       <AdditionalIncludeDirectories>$(ProjectDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
@@ -137,7 +137,7 @@
       <LanguageStandard>stdcpplatest</LanguageStandard>
       <LanguageStandard_C>stdc17</LanguageStandard_C>
       <AdditionalIncludeDirectories>$(ProjectDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>