8.1 compat for hook dll

Author: namazso

SecureUxTheme/avrf.cpp

@@ -89,6 +89,24 @@ LdrGetProcedureAddress(
   _Out_	PVOID *ProcedureAddress
 );
 
+NTSYSAPI
+PVOID
+NTAPI
+RtlPcToFileHeader(
+  _In_  PVOID PcValue,
+  _Out_ PVOID* BaseOfImage
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrGetDllHandle(
+  _In_opt_	PWSTR DllPath,
+  _In_opt_	PULONG DllCharacteristics,
+  _In_		PUNICODE_STRING DllName,
+  _Out_		PVOID* DllHandle
+);
+
 NTSYSAPI
 ULONG
 DbgPrintEx(
@@ -271,11 +289,28 @@ void signal_loaded()
   if (!NT_SUCCESS(status))
     return; // whatever
 
+  const auto pRtlGetTokenNamedObjectPath = (decltype(&RtlGetTokenNamedObjectPath))[]
+  {
+    PVOID ntdll = nullptr;
+    PVOID proc = nullptr;
+    RtlPcToFileHeader((PVOID)&RtlPcToFileHeader, &ntdll);
+    if (ntdll)
+    {
+      ANSI_STRING name = RTL_CONSTANT_STRING("RtlGetTokenNamedObjectPath");
+      LdrGetProcedureAddress(ntdll, &name, 0, &proc);
+    }
+    return proc;
+  }();
+
+  if (!pRtlGetTokenNamedObjectPath)
+    return;
+
   UNICODE_STRING named_objects{};
-  
+
   // Let's call this totally undocumented function with no example code available anywhere, to get our session's BNO
   // hopefully kernel shit is set up already for this, since we're running before our own process is considered alive.
-  status = RtlGetTokenNamedObjectPath(token, nullptr, &named_objects);
+  status = pRtlGetTokenNamedObjectPath(token, nullptr, &named_objects);
+
   if (!NT_SUCCESS(status))
     return;
 

ThemeTool/MainDialog.cpp

@@ -58,19 +58,15 @@ LR"(- For any custom themes to work SecureUxTheme or another patcher must be ins
   - or LogonUI must be hooked
 )";
 
-// RegRenameKey is undocumented
-
 static DWORD RenameDefaultColors()
 {
   const auto old_name = std::wstring{ kCurrentColorsPath } + kCurrentColorsName;
-  //return RegRenameKey(HKEY_LOCAL_MACHINE, old_name.c_str(), kCurrentColorsBackup);
   return utl::rename_key(old_name.c_str(), kCurrentColorsBackup);
 }
 
 static DWORD RestoreDefaultColors()
 {
   const auto old_name = std::wstring{ kCurrentColorsPath } + kCurrentColorsBackup;
-  //return RegRenameKey(HKEY_LOCAL_MACHINE, old_name.c_str(), kCurrentColorsName);
   return utl::rename_key(old_name.c_str(), kCurrentColorsName);
 }
 
@@ -92,6 +88,13 @@ static std::wstring GetPatcherDllPath()
   return path;
 }
 
+static bool IsWin10()
+{
+  ULONG major = 0, minor = 0, build = 0;
+  RtlGetNtVersionNumbers(&major, &minor, &build);
+  return major == 10;
+}
+
 static bool IsLoadedInSession()
 {
   const auto h = OpenEventW(
@@ -506,7 +509,7 @@ void MainDialog::UpdatePatcherState()
   _is_loaded =
     is_loaded
     ? PatcherState::Yes
-    : (_is_installed == PatcherState::Outdated ? PatcherState::Probably : PatcherState::No);
+    : (_is_installed == PatcherState::Outdated || (!IsWin10() && _is_installed == PatcherState::Yes) ? PatcherState::Probably : PatcherState::No);
   _is_logonui = reg_logonui ? PatcherState::Yes : PatcherState::No;
   _is_explorer = reg_explorer ? PatcherState::Yes : PatcherState::No;
   _is_systemsettings = reg_systemsettings ? PatcherState::Yes : PatcherState::No;
@@ -732,7 +735,7 @@ Are you sure you want to continue?)",
 %s
 The error encountered was: %s.
 Do you want to continue?)",
-        _is_elevated
+        !_is_elevated
           ? L"Try executing the tool as administrator."
           : L"It seems like we're already elevated. Consider submitting a but report.",
         utl::ErrorToString(fix_result).c_str()
@@ -742,7 +745,7 @@ Do you want to continue?)",
         return;
     }
 
-    if(_is_installed == PatcherState::Yes && _is_loaded != PatcherState::Yes)
+    if(_is_installed == PatcherState::Yes && _is_loaded == PatcherState::No)
     {
       const auto answer = utl::FormattedMessageBox(
         _hwnd,

ThemeTool/ThemeTool.vcxproj

@@ -139,6 +139,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
@@ -159,6 +160,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
@@ -174,6 +176,7 @@
     <Link>
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -189,6 +192,7 @@
     <Link>
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
@@ -204,6 +208,7 @@
     <Link>
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -224,6 +229,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>