Comments (4)
As for a update on looking for a way to apply themes per-process, it is simply not possible in any meaningful way. See for example FillRect(HDC, LPCRECT, HBRUSH)
's handling of system brushes:
As you can see the brush pseudohandle is mapped to a real handle through an array in gpsi (a global pointing at a tagSERVERINFO mapped read-only into all processes containing lots of user32 stuff). We can easily confirm this is set by tracking user32!SetSysColors (win32u!NtUserSetSysColors -> win32kbase!NtUserSetSysColors -> win32kbase!xxxSetSysColors -> win32kbase!SetSysColor) where a brush is created and saved into gpsi, to an array of same offset (and the RGB value is also saved):
The problems this causes are pretty bad:
- There is no single handle converting function, or any point of code where all conversion passes through. Therefore we'd have to hook all functions taking brush handles. Just
user32.dll
alone has 2485 exports, and it grows and changes every feature update, and then there's the others likegdi32.dll
. - You could say "then let's try the other side, surely at some point the brush handle is passed to kernel, we just compare and swap there". Unfortunately this is not so simple. Many syscalls take HBRUSHes directly, again, never passing through a single codepath (at least in usermode). My copy of
win32u.dll
contains 1242 syscall stubs, and these are also changing and growing each feature update, so hooking these is out of the question. - The last alternative would be not focusing on code, but rather on data. A simple approach would be putting a page guard on
*(gpsi)
, or maybe just changinggpsi
to point at invalid memory, then just emulating all accesses via a Vectored Exception Handler. Unfortunatelygpsi
is accessed far too much, and this would presumably have a very big overhead, since we'd break on all accesses to it, not just when resolving brush pseudohandles. A more granular version of this could be utilizing the debug registrs, however we only have 4 of those, each watching at most 8 bytes. This means we'd be able to watch at most 8 of the 32 system brushes (and we haven't even considered the RGB values saved yet!) which is far from enough.
With these we exhausted all conventional options we had for replacing system brushes per-process. With the last method we could discover all gpsi access sites and hook them, then possibly JIT compile some code or use an x86 emulator to interruptlessly replace the colors, but the complexity of these solutions is far over of what I'm willing to make.
An alternative I could offer is faking high contrast themes, which have dark versions by default, and some software explicitly checks for it. This is for example win32calc.exe
, when high contrast is faked:
(Without, for comparison:)
I haven't yet tested OneNote with this since I don't have it installed.
from secureuxtheme.
Please see #7 (comment)
Also, the patch this program makes is done in winlogon.exe and it's simply returning TRUE in CryptVerifySignature regardless of input whenever we're called by the theme dlls, everything else about themes is done by windows on it's own, without injection.
Also, for VerifierDlls to get looked at you need GlobalFlag have 0x100 bit set, and it does not support paths, only dlls in system32. Regardless, even if you would've gotten it right it wouldn't do a thing.
from secureuxtheme.
alright that's unexpected, I didn't know about how hard that is, guess I've asked something too difficult to do.
You may add add issue to FAQ in project home page so others can see it.
from secureuxtheme.
added to the FAQ.
from secureuxtheme.
Related Issues (20)
- [BUG] White theme on control bar (where window controls are) instead of black theme.
- Blank Screen Windows 11 and Can't even boot HOT 2
- tried to install secureuxtheme, and fucked up HOT 1
- Lag issue after installing SecureUxTheme
- SecureUxTheme prevents Promptu launcher from launching HOT 1
- Hmm I want to hook LogonUI and integrate to install.wim
- Is it possible to add ARM32 support (for jailbroken Windows RT/Windows 10 build 15035)?
- Accent colour stuck on the default blue (in some places) HOT 1
- Themes Don't Apply (22H2 Windows 10) HOT 2
- ThemeDll usage HOT 1
- Theme colors also apply to microsoft apps HOT 1
- Include x64 and ARM in releases HOT 2
- Unable to apply themes on Windows 11 26100.1 HOT 3
- Unable to run themetool HOT 28
- Unable to install HOT 1
- [deleted issue]
- Confirmed to not be working on 23H2? HOT 8
- What is secureuxtheme_uninstall() returned 00000000 HOT 3
- Problem re-installing after uninstalling once
- Windows Restart and Ctrl Alt Del Color does not match Accent Color
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secureuxtheme.