关闭

CEF加载FLASH插件时弹出CMD命令行窗口的问题

标签: 沙盒flashhookbug函数
2184人阅读 评论(9) 收藏 举报
分类:

问题

这个是flash插件的一个bug,CEF(chromium系列浏览器)关闭sandbox第一次加载flash插件就会跳出这样的一个提示,在Google官方也看到了chromium的issue: 

地址

这里写图片描述

解决方案

官方暂时未解决这问题,只能是自己修改代码,通过hook命令行启动函数来实现不让命令行启动,hook库有
微软的牛逼 Detours 但是要票票的,Esayhook 就是个不错的选择,32和64位都支持,开放源码使用简单。
MHOOK据说小而好用但不研究了。

代码

// HookFlash.cpp : 定义 DLL 应用程序的导出函数。
//



#include "stdafx.h"

using namespace std;

HOOK_TRACE_INFO hAHookTrackInfo = { NULL }; // keep track of our hook
HOOK_TRACE_INFO hWHookTrackInfo = { NULL }; // keep track of our hook

//注意调用约定 WINAPI,否则会出现堆栈异常

typedef BOOL(WINAPI *realCreateProcessWPtr)(LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
    LPSECURITY_ATTRIBUTES lpProcessAttributes,
    LPSECURITY_ATTRIBUTES lpThreadAttributes,
    BOOL bInheritHandles,
    DWORD dwCreationFlags,
    LPVOID lpEnvironment,
    LPCWSTR lpCurrentDirectory,
    LPSTARTUPINFOW lpStartupInfo,
    LPPROCESS_INFORMATION lpProcessInformation
    );


typedef BOOL(WINAPI *realCreateProcessAPtr)(LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment,
    LPCSTR lpCurrentDirectory, \
    LPSTARTUPINFOA lpStartupInfo, \
    LPPROCESS_INFORMATION lpProcessInformation);


realCreateProcessAPtr prealCreateProcessA;
realCreateProcessWPtr prealCreateProcessW;


BOOL WINAPI MYCreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
    LPSECURITY_ATTRIBUTES lpProcessAttributes,
    LPSECURITY_ATTRIBUTES lpThreadAttributes,
    BOOL bInheritHandles,
    DWORD dwCreationFlags,
    LPVOID lpEnvironment,
    LPCWSTR lpCurrentDirectory,
    LPSTARTUPINFOW lpStartupInfo,
    LPPROCESS_INFORMATION lpProcessInformation
)
{
    std::wstring strCommandLine(lpCommandLine);

    //MessageBoxW(GetActiveWindow(), strCommandLine.c_str(), L"createproceW", MB_OK);

    if (string::npos != strCommandLine.find(L"echo NOT SANDBOXED"))
    {
        //MessageBoxW(GetActiveWindow(), strCommandLine.c_str(), L"createproceW", MB_OK);
        return TRUE;
    }
    else
    {
        return (prealCreateProcessW)(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
    }

}

BOOL WINAPI MYCreateProcessA(
    LPCSTR lpApplicationName,
    LPSTR lpCommandLine,
    LPSECURITY_ATTRIBUTES lpProcessAttributes,
    LPSECURITY_ATTRIBUTES lpThreadAttributes,
    BOOL bInheritHandles,
    DWORD dwCreationFlags,
    LPVOID lpEnvironment,
    LPCSTR lpCurrentDirectory,
    LPSTARTUPINFOA lpStartupInfo,
    LPPROCESS_INFORMATION lpProcessInformation
)
{
    std::string strCommandLine = lpCommandLine;

    if (string::npos != strCommandLine.find("echo NOT SANDBOXED"))
    {
        //MessageBoxA(GetActiveWindow(), strCommandLine.c_str(), "createprocesA", MB_OK);
        return TRUE;
    }
    else
    {
        return (prealCreateProcessA)(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
    }

}




void DoHook()
{

    HMODULE hKernel32 = LoadLibrary(L"kernel32.dll");

    if (!(prealCreateProcessA = (realCreateProcessAPtr)GetProcAddress(hKernel32, "CreateProcessA")))
    {
        MessageBoxW(GetDesktopWindow(), L"GetProcAddress Err", L"CreateProcessA", MB_OK);
        return;
    }

    if (!(prealCreateProcessW = (realCreateProcessWPtr)GetProcAddress(hKernel32, "CreateProcessW")))
    {
        MessageBoxW(GetDesktopWindow(), L"GetProcAddress Err", L"CreateProcessW", MB_OK);
        return;
    }


    NTSTATUS resultA = LhInstallHook(prealCreateProcessA, MYCreateProcessA, NULL, &hAHookTrackInfo);
    NTSTATUS resultW = LhInstallHook(prealCreateProcessW, MYCreateProcessW, NULL, &hWHookTrackInfo);


    if (FAILED(resultA) || (FAILED(resultW)))
    {
        MessageBox(GetForegroundWindow(), _T("Hook Failed"), _T("Error"), MB_OK);
    }


    ULONG ACLEntriesA[1] = { 0 };
    ULONG ACLEntriesW[1] = { 0 };

    // If the threadId in the ACL is set to “ 0 ”,
    // then internally EasyHook uses GetCurrentThreadId()
    // Disable the hook for the provided threadIds, enable for all others
    LhSetExclusiveACL(ACLEntriesA, 0, &hAHookTrackInfo);
    LhSetExclusiveACL(ACLEntriesW, 0, &hWHookTrackInfo);

}


void UnHook()
{

    // this will also invalidate "hHook", because it is a traced handle...  
    LhUninstallAllHooks();

    // this will do nothing because the hook is already removed...  
    LhUninstallHook(&hAHookTrackInfo);
    LhUninstallHook(&hWHookTrackInfo);

    // even if the hook is removed, we need to wait for memory release  
    LhWaitForPendingRemovals();

}

源码下载

源码github地址

参考文章

http://blog.csdn.net/baggiowangyu/article/details/7675098
http://easyhook.github.io/tutorials/nativehook.html
http://blog.csdn.net/x356982611/article/details/52385394

2
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:654935次
    • 积分:6944
    • 等级:
    • 排名:第3291名
    • 原创:175篇
    • 转载:37篇
    • 译文:2篇
    • 评论:120条
    博客专栏
    文章分类
    GITHUB
    极客学院