bigmuscle

Aero Glass for Win8 RC4

2,631 posts in this topic

Here's a aero shot of a Vista Se7en modded theme for 8..DPyes.gif

V7_1.png

0

Share this post


Link to post
Share on other sites

Can you post a link to that VS, DosProbie? Looks pretty nice.

0

Share this post


Link to post
Share on other sites

Also is there a windows 7 theme for windows 8 with the aero glass reflections?

This is probably as close as you can get. The author even included Aero Glass version that works very nicely with the tool

http://xxinightxx.deviantart.com/art/Aero-8-350491112

I think that only works for x64 as it says "x64 users download". Anything for x86?

0

Share this post


Link to post
Share on other sites

Can you post a link to that VS, DosProbie? Looks pretty nice.

Thanks glad you like it..It's a variation of MrGrim's theme (http://www.msfn.org/...-8/page__st__20) that I modded (part Vista and 7 calling it VistaSe7en) over a month ago for personal use, just haven't made it public as of yet..DPsmile.gif

0

Share this post


Link to post
Share on other sites

Of course, if you know about any better way then you can let us know ;-)

How did your "DLL2DWMInjector.exe" from v.0.6 work? It did just the thing. It DID work with Secure Boot ON. Both that AND it did NOT alert the Antivirus software. Sounds strange given what it did, but it did work.

I re-read your OP here, seems like there are some problems with that approach regarding DWM creating "internal objects" of some sort, but with 0.6 it seemed to work fine.

It seems I might be missing something crucial: some kind of changes made between v.0.6 and v.0.94 which render whichever code was used in "DLL2DWMInjector.exe" unusable for stated purpose anymore.

But there may be a solution: A system service process can be made, which can do what the aforementioned injector did, but at the stage, when DWM hasn't finished loading it's "internal objects".

Say, capture process starts at system startup and hook to DWM immediately after it is launched. I did a similar thing when I needed to run a certain script before "Terminal Services" process executed - worked perfectly.

Pardon if this already had been suggested.

Edited by EvilAlex
0

Share this post


Link to post
Share on other sites

Here's the aero8 theme running on my tablet: http://postimg.org/image/vzp43lxwr/full/

You'd swear I'm running windows 7 until you saw that it says "Windows 8" Lol. Very nice if you want to imitate windows 7 style.

I think I may actually be finished reversing all the crap windows 8 did (or should I say, didn't do)

0

Share this post


Link to post
Share on other sites

Of course, if you know about any better way then you can let us know ;-)

How did your "DLL2DWMInjector.exe" from v.0.6 work? It did just the thing. It DID work with Secure Boot ON. Both that AND it did NOT alert the Antivirus software. Sounds strange given what it did, but it did work.

It worked in a very easy way. It just restarted dwm.exe and then called CreateRemoteThread which injected DLL into dwm process. But:

a) you need to have admin privileges to do it

B) since dwm is restarted, your screen will go blank for a while

c) sometimes, dwm restart causes user to log off

d) it is a total race because you must manage to inject DLL before certain point so the result completely depends on many things and mainly on your luck

--- if DLL is loaded before point A, then everything will work correctly

--- if DLL is loaded after point A, you will get nothing

--- if you hit the wrong moment when DWM process holds some lock for a critical section, you will end up in a deadlock and you must restart your computer

0

Share this post


Link to post
Share on other sites

It worked in a very easy way. It just restarted dwm.exe and then called CreateRemoteThread which injected DLL into dwm process. But:

a) you need to have admin privileges to do it

B) since dwm is restarted, your screen will go blank for a while

c) sometimes, dwm restart causes user to log off

d) it is a total race because you must manage to inject DLL before certain point so the result completely depends on many things and mainly on your luck

--- if DLL is loaded before point A, then everything will work correctly

--- if DLL is loaded after point A, you will get nothing

--- if you hit the wrong moment when DWM process holds some lock for a critical section, you will end up in a deadlock and you must restart your computer

Thanks!

It actually lightens up a lot of important points.

Can you specifically post a CreateRemoteThread call here? I'm not asking for a source at all, just this specific line :) Thing is - I actually tried this approach yesterday, because I've become actually interested in solving this issue, but that exact command failed.

Does it (CRT that is) have to be called at a specific time interval, or the entire injection process (Including Alloc) should happen before it? Because everything going before CreateRemoteThread worked fine, surprisingly.

If you don't mind, and if I'll have enough time, I'll try my luck with the service approach (a Service won't need Admin priv. once installed). What I think can be done is a partial emulation of "AppInit_DLLs", without actually using it. Don't know if it's possible yet - but I just have to try.

If I'll have any luck I'll post my results and source.

Again, that is if you don't mind. I do not intend to do anything that goes against author's wishes.

Edited by EvilAlex
0

Share this post


Link to post
Share on other sites

Nice tutorial about DLL injection with CreateRemoteThread can be found here http://resources.infosecinstitute.com/using-createremotethread-for-dll-injection-on-windows/ . It is nothing complicated, you just need to have admin privileges to be able to inject into dwm process on Win8 else you will get "Access denied" error. And if I remember correctly, your application need to have SE_DEBUG_NAME privilege too. I also forgot to mention one more point - when dwm process is restarted for whatever reason, you must ensure that the DLL will be reinjected.

Actually, "AppInit_DLLs" can be nicely replaced with RegisterUserApiHook function which does not depend on secure boot. You just need to run system service which ensures that this function is called before winlogon.exe loads. You use it to hook certain system function and user32.dll will then load your DLL into every process (exactly as AppInit_DLLs does). The only problem is that this function can be called only once for whole session and it is already in use by Theme service. Thus you must handle it properly.

Edited by bigmuscle
0

Share this post


Link to post
Share on other sites

Nice tutorial about DLL injection with CreateRemoteThread can be found here http://resources.infosecinstitute.com/using-createremotethread-for-dll-injection-on-windows/ . It is nothing complicated, you just need to have admin privileges to be able to inject into dwm process on Win8 else you will get "Access denied" error. And if I remember correctly, your application need to have SE_DEBUG_NAME privilege too. I also forgot to mention one more point - when dwm process is restarted for whatever reason, you must ensure that the DLL will be reinjected.

Yep, my code just happened to be an almost exact replication of that example, the only major difference is that mine is written in .NET (C++\CLI) with DllImport used to invoke native functions.

But, apparently, the SE_DEBUG_NAME really is required, although it does successfully obtain a DWM process handle. May also be due to CreateRemoteThread being called way too late after DWM execution.

Actually, "AppInit_DLLs" can be nicely replaced with RegisterUserApiHook function which does not depend on secure boot. You just need to run system service which ensures that this function is called before winlogon.exe loads. You use it to hook certain system function and user32.dll will then load your DLL into every process (exactly as AppInit_DLLs does). The only problem is that this function can be called only once for whole session and it is already in use by Theme service. Thus you must handle it properly.

> and it is already in use by Theme service

Oh, how nice of MS to use their own "nails". Not that it's something new or unexpected...

Thanks a lot!!!

I'll try this out and see what works. :)

0

Share this post


Link to post
Share on other sites

Yeah, it's funny that Theme service is nothing more than DLL injection and system functions hook :-)

I say also one more thing. Current Aero Glass requires to be injected on before DWM completely loads because it reuses many DWM objects (pixel shaders, input layouts etc.). The situation turns out with Windows 8.1, because there are no such objects thus I must create all the Direct3D objects on my own.

0

Share this post


Link to post
Share on other sites

Yeah, it's funny that Theme service is nothing more than DLL injection and system functions hook :-)

I say also one more thing. Current Aero Glass requires to be injected on before DWM completely loads because it reuses many DWM objects (pixel shaders, input layouts etc.). The situation turns out with Windows 8.1, because there are no such objects thus I must create all the Direct3D objects on my own.

So, that's on their "un-feature" list too now, isn't it? Huh...

Can't say I blame 'em for trying to clean their stuff out, what I think shouldn't have been done is the removal of Glass in the first place.

And since they seem to be carrying plans to return the Start Button (but heard a rumor, that not the menu itself, so where will it direct you to? A Start Screen?) in 8.1, why clean-up on Glass now, and not return it too? If they say returning Start Button is due to Customer Demand, it would've been a logical move. (Yeah, right...)

Thing is: A lot of people got burned by their upgrade to 8, so I think many will stick with just 8 or 7 for awhile (I'm still largely use 7), so this work may not be in vain. That is, if 8.1 won't just be forced upon like an update or a Service Pack, because MS's plans on that are kinda shady as far as I heard. People are debating whether "codename Blue" is an update, an SP, or an actual new OS.

Anyway, if their plan is not to restore but to completely remove Glass, then both your project and SD's WB8 are going to have A LOT more customers, so brace yourself :)

0

Share this post


Link to post
Share on other sites

The situation turns out with Windows 8.1, because there are no such objects thus I must create all the Direct3D objects on my own.

So it's confirmed that 8.1 removes them?
0

Share this post


Link to post
Share on other sites

I feel strange why my taskbar is always more black than the explorer frame even under different themes...

How can I make the taskbar have the same color as the explorer frame?When I use the themes on win7,they displayed not like this...

Any help?

tUfvA1C.jpg

yTrmaB0.jpg

Edited by gru
0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.