francesco149

Silent Aero Glass Reloaded [Works with RC4]

135 posts in this topic

Silent Aero Glass Reloaded

Binaries:

BitBucket

Source code:

BitBucket

Google Code

Silent Aero Glass is a little utility I wrote that prevents the annoying demo version message of Big Muscle's Aero Glass for Windows 8 from popping up.

If you don't trust the pre-compiled binaries I provided in the download section get Visual Studio 2010/2012, clone the source and compile it yourself.

This software does not modify bigmuscle's software in any way, as it merely hides the messagebox window so it does not violate any kind of copyright.

Please note that this software was only tested on my own machine on Windows 8 x64. Use it at your own risk!

Installation

Installing silent-ag is as simple as running the setup program. It will be automatically added to your startup programs and started after the installation. If you need to close or disable it, just right click the tray icon in your task bar.

License

This software is free and open-source and licensed under the GPLv3 license: http://www.gnu.org/licenses/gpl.txt

Old version that used x64 system-wide hooks and broke after RC4 (in case you're looking for manual x64 winapi hooks examples):

Silent Aero Glass

Binaries:

BitBucket

Source code:

BitBucket

Google Code

Silent Aero Glass is a little utility I wrote that prevents the annoying demo version message of Big Muscle's Aero Glass for Windows 8 from popping up. At the moment it only works on the RC3 64-bit version of DWMGlass and it's broken for any later version of Aero Glass. Feel free to modify it for 32-bit if you need it.

If you don't trust the pre-compiled binaries I provided in the download section get Visual Studio 2010/2012, clone the source and compile it yourself. Make sure you use Visual Studio 2010's compiler (even if you're on VS2012).

Also, this dll can be modified to suppress any kind of messagebox system-wide on x64 systems.

Please note that this does not interfere with any program that uses MessageBoxTimeoutW, but it might cause problems with software that hooks MessageBoxTimeoutW as well.

This software does not modify bigmuscle's software in any way, as it merely hooks MessageBoxTimeoutW system-wide, so it does not violate any kind of copyright.

Please note that this software was only tested on my own machine on Windows 8 x64. Use it at your own risk!

Installation

Installing silent-ag works pretty much in the same way as installing Big Muscle's Aero Glass.

  • Download the binaries in the download section or compile the dll yourself
  • Place the dll in an easily reachable directory, such as C:\silent-ag
  • Create a .reg file (or edit the one provided with the precompiled binaries) and paste the following in it (make sure you replace the first dll with the path to your DWMGlass.dll and the second one with the path to your silent-ag dll):

    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=dword:00000001"AppInit_DLLs"="C:\\silent-ag\\silent-ag.dll C:\\DWM\\DWMGlass.dll""RequireSignedAppInit_DLLs"=dword:00000000
  • Save the .reg file and double-click it. Confirm when prompted.
  • Reboot. The annoying messagebox should be gone! ;)
Tech Details

If you're wondering what I'm using to hook WinAPIs on x64, I'm simply allocating a relay function 15 bytes before MessageBoxTimeoutW that contains a 64-bit jump to the hook function. Then I simply write a standard 32-bit 0xE9 jmp to the relay function on MessageBoxTimeoutW. This is all done by writing bytecode manually obviously (Visual Studio does not support inline asm for x64 yet).

For more info, browse through the code - it's well-commented.

License

This software is free and open-source and licensed under the GPLv3 license: http://www.gnu.org/licenses/gpl.txt

Edited by francesco149
0

Share this post


Link to post
Share on other sites

Thanks dude. Copy-Pasting this just incase. This doesn't interfere with other apps calling the MessageBoxW does it?

Edited by Blackbird256
0

Share this post


Link to post
Share on other sites

thanks - but seems to crash other programs

Edited by adacom
0

Share this post


Link to post
Share on other sites

Don't work, every time you reload or enable and disable aero the "AppInit_DLLs" string value goes back to default DWM.dll..So you lose all the settings to your path and your back where you started..

0

Share this post


Link to post
Share on other sites

Works for me. Finally I can move from using 0.7+.

0

Share this post


Link to post
Share on other sites

Thanks dude. Copy-Pasting this just incase. This doesn't interfere with other apps calling the MessageBoxW does it?

Check the source, any call to messageboxW that does not contain "Big Muscle" in the text is ignored so it shouldn't interfere at all.

thanks - but seems to crash other programs

Are you sure you're on x64? Which programs is it crashing? What cpu have you got?

Don't work, every time you reload or enable and disable aero the "AppInit_DLLs" string value goes back to default DWM.dll..So you lose all the settings to your path and your back where you started..

Which version of aero glass are you using? I'm using 0.94 RC3 and it works just fine. If anything else fails, try the old RC3 which didn't have the auto installer, that one will work for sure.

0

Share this post


Link to post
Share on other sites

yes i am on 64 - stupid i may be but not that stupid

it crashes Total commander - a program i use all the time - parts of it work but use key presses to do things and it crashes it - delete a file [for example] is shift and delete - try and delete a file and the program crashes

i went no further thats a show stopper for me

Edited by adacom
0

Share this post


Link to post
Share on other sites

yes i am on 64 - stupid i may be but not that stupid

it crashes Total commander - a program i use all the time - parts of it work but use key presses to do things and it crashes it - delete a file [for example] is shift and delete - try and delete a file and the program crashes

i went no further thats a show stopper for me

Tough luck :/ I have no idea of why this doesn't work for you, but I think it's related to your CPU's architecture. I'm writing raw bytecode instructions so they're probabilly not compatible with your particular CPU

Edited by francesco149
0

Share this post


Link to post
Share on other sites

thanks - great when you are right or think you are - CPU - Intel Core i5 - M560 - pretty standard - but then maybe Intel have done something that makes them non compatable with your program

so as you say Tough Luck - but i guess others with equally odd Intel CPUs will also be having problems as it cannot be your code

0

Share this post


Link to post
Share on other sites

thanks - great when you are right or think you are - CPU - Intel Core i5 - M560 - pretty standard - but then maybe Intel have done something that makes them non compatable with your program

so as you say Tough Luck - but i guess others with equally odd Intel CPUs will also be having problems as it cannot be your code

I merely made this tool for myself and shared it as a proof of concept because I'm sure it will be useful to some people. It could be anything when we're talking about raw bytecode, as every cpu has slightly different dialects (one solution could be assembling the hook on the fly with an extremely reliable assembler library) so yeah eventually someone who knows what's wrong will fork my source code and fix it. It could also be crashing because that particular program hooks MessageBoxW as well.

0

Share this post


Link to post
Share on other sites

Old RC3? I have 0.94 RC3

Which version of aero glass are you using? I'm using 0.94 RC3 and it works just fine. If anything else fails, try the old RC3 which didn't have the auto installer, that one will work for sure.

0

Share this post


Link to post
Share on other sites

Old RC3? I have 0.94 RC3

Which version of aero glass are you using? I'm using 0.94 RC3 and it works just fine. If anything else fails, try the old RC3 which didn't have the auto installer, that one will work for sure.

The "new" RC3 is the one with the automatic installer. The "old" one is the one where you have to manually open the .reg file

0

Share this post


Link to post
Share on other sites

By "Auto Installer" BigMuscle did not do an installer, are you referring to the one by MrGriM?

Old RC3? I have 0.94 RC3

Which version of aero glass are you using? I'm using 0.94 RC3 and it works just fine. If anything else fails, try the old RC3 which didn't have the auto installer, that one will work for sure.

The "new" RC3 is the one with the automatic installer. The "old" one is the one where you have to manually open the .reg file

0

Share this post


Link to post
Share on other sites

By "Auto Installer" BigMuscle did not do an installer, are you referring to the one by MrGriM?

Old RC3? I have 0.94 RC3

Which version of aero glass are you using? I'm using 0.94 RC3 and it works just fine. If anything else fails, try the old RC3 which didn't have the auto installer, that one will work for sure.

The "new" RC3 is the one with the automatic installer. The "old" one is the one where you have to manually open the .reg file

Oh yeah sorry didn't notice it was by a diff person

0

Share this post


Link to post
Share on other sites

Does not work on RC4.

Please fix.

0

Share this post


Link to post
Share on other sites

Does not work on RC4.

Please fix.

Looks like bigmuscle renamed MessageBoxW to MessageBoxTimeoutW. Seriously? I'll try to compile my own version.

Testing it now!

Edited by Blackbird256
0

Share this post


Link to post
Share on other sites

Does not work on RC4.

Please fix.

Looks like bigmuscle renamed MessageBoxW to MessageBoxTimeoutW. Seriously? I'll try to compile my own version.

Testing it now!

It's an undocumented winapi, you gotta check the memory and see if the hook still fits and modify the trampoline

http://edn.embarcadero.com/article/32736

0

Share this post


Link to post
Share on other sites

Lol it reminds me of when bigmuscle changed the buttons on his dialog boxes (previews 2 & 3) just because I was autoclicking them with AGTweaker.

Anyway, good job, upgraded my old v0.7 to RC3, and total respect I read your code and hardly understood half of it :angel

0

Share this post


Link to post
Share on other sites

Yes, I changed to MessageBoxTimeout function but reason is completely different than bothering with your stupid cracking. However, if you are so active in cracking other's work, you surely will be able to develop Aero Glass completely on your own and there's no need why I should ever release final version and make public version of Win8.1 Aero Glass :whistle:

0

Share this post


Link to post
Share on other sites

Good thing I won't upgrade to 8.1, because I don't need more metro crap. If they added Start menu back at least I'd consider it.

Does not work on RC4.

Please fix.

Looks like bigmuscle renamed MessageBoxW to MessageBoxTimeoutW. Seriously? I'll try to compile my own version.

Testing it now!

It's an undocumented winapi, you gotta check the memory and see if the hook still fits and modify the trampoline

http://edn.embarcadero.com/article/32736

I looked over the code and it seems to be more complicated than I thought. I don't know much about assembly so this'll be hard.

Edited by Blackbird256
0

Share this post


Link to post
Share on other sites
I looked over the code and it seems to be more complicated than I thought. I don't know much about assembly so this'll be hard.

It shouldn't be hard to pull off. I took a look at MessageBoxTimeoutW and these are the opcodes:

7FF15190638 - FF F3 - push ebx7FF1519063A - 55 - push rbp7FF1519063B - 56 - push rsi7FF1519063C - 57 - push rdi

Warning: code ahead

first of all you need to get the proc address of the new API so replace the func name in the getprocaddress call:

EDIT: fix'd this line

pMessageBoxProc = SafeGetProcAddress(GetModuleHandle(_T("user32.dll")), "MessageBoxTimeoutW");

so you need to replace the trampoline with

BYTE hook::trampoline_MessageBox[] ={    0xFF, 0xF3, // push ebx    0x55, // push rbp    0x56, // push rsi    0x57, // push rdi    0x68, 0x00, 0x00, 0x00, 0x00, // push 00000000 ; low DWORD of the ret address    0xC7, 0x44, 0x24, 0x04, 0x00, 0x00, 0x00, 0x00, // mov [rsp+04],00000000 ; high DWORD of the ret address    0xC3 // ret};

then you need to comment out the nops in hook::attach() since we're overwriting 5 bytes now

//*pwNops = 0x9090; // 2 nops to fill the truncated opcode

then you need to fix detach to restore the correct opcodes:

	void hook::detach()	{		LPBYTE pbCleanOpcode1a = reinterpret_cast<LPBYTE>(&trampoline_MessageBox[0]);		LPDWORD pdwCleanOpcode1b = reinterpret_cast<LPDWORD>(reinterpret_cast<LPBYTE>(pbCleanOpcode1a) + 1);		LPBYTE pbOpcode1a = reinterpret_cast<LPBYTE>(pMessageBoxProc);		LPDWORD pdwOpcode1b = reinterpret_cast<LPDWORD>(reinterpret_cast<LPBYTE>(pbOpcode1a) + 1);		// attempt to unhook MessageBox		*pbOpcode1a = *pbCleanOpcode1a;		*pdwOpcode1b = *pdwCleanOpcode1b;		// erase relay function		memset(pbOpcode1a - 15, 0x90, 14);		VirtualFree(pbOpcode1a - 15, 14, MEM_RELEASE);		// TODO: restore old memory protection (optional)		if (*pbOpcode1a != *pbCleanOpcode1a)			hook::pMessageBox(NULL, _T("Failed to un-hook MessageBoxTimeout"), 				appname, MB_OK | MB_ICONWARNING, 0, 0x7FFFFFFF);		pMessageBox = reinterpret_cast<pfnMessageBox>(pMessageBoxProc);	}

Then you need to change the hook function to:

int WINAPI hook::hook_MessageBox(HWND hWnd, LPCWSTR lpText,    LPCWSTR lpCaption, UINT uType,    WORD wLanguageId, DWORD dwMilliseconds){...}

EDIT:

You also need to change the typedef in hook.hpp:

		typedef int (WINAPI *pfnMessageBox)(_In_ HWND hWnd, _In_ LPCTSTR lpText, 			_In_ LPCTSTR lpCaption, _In_ UINT uType, _In_ WORD wLanguageId, _In_ DWORD dwMilliseconds);

and of course change the hook prototype in hook.hpp as well:

		static int WINAPI hook_MessageBox(_In_ HWND hWnd, _In_ LPCTSTR lpText, 			_In_ LPCTSTR lpCaption, _In_ UINT uType, _In_ WORD wLanguageId, _In_ DWORD dwMilliseconds);

You also need to change the trampoline offsets in hook()

		LPDWORD pdwTrampolineRetAddressLow = reinterpret_cast<LPDWORD>(&trampoline_MessageBox[6]);		LPDWORD pdwTrampolineRetAddressHigh = reinterpret_cast<LPDWORD>(&trampoline_MessageBox[14]); 

Also, the return address is now different:

pMessageBoxReturn = reinterpret_cast<LPVOID>(reinterpret_cast<LPBYTE>(hook::pMessageBox) + 5);

Also we need to only make 5 bytes writable now (and add the two extra parameters to each messagebox call as demonstrated here):

		if (!VirtualProtect(pbOpcode, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect))		{			hook::pMessageBox(NULL, _T("Failed to make MessageBoxTimeout writable"), appname, MB_OK | MB_ICONWARNING, 0, 0x7FFFFFFF);			return;		} 

I think that's about it, this is just a quick analysis, I haven't tested any of this but I'm quite sure it will work

Edited by francesco149
0

Share this post


Link to post
Share on other sites

I don't think discussing a crack in the Same Forum to circumvent the pop-up is fair to all the hard work that BigMuscle has done.

There is a discussion already over at MDL over 450 posts on Aero Glass... why don't you take it over there just not here?

DP

0

Share this post


Link to post
Share on other sites

I don't think discussing a crack in the Same Forum to circumvent the pop-up is fair to all the hard work that BigMuscle has done.

There is a discussion already over at MDL over 450 posts on Aero Glass... why don't you take it over there just not here?

DP

+1

0

Share this post


Link to post
Share on other sites

+2

i am one of those that moaned about the popup but its gone away - or has in my mind - the plusses of aero far outweigh the popup which seems less and less intrusive

i might even miss it when we get the final version :angel

0

Share this post


Link to post
Share on other sites

+2

i am one of those that moaned about the popup but its gone away - or has in my mind - the plusses of aero far outweigh the popup which seems less and less intrusive

i might even miss it when we get the final version :angel

Not when you're playing quake 3 arena and it pops up when you're trying to get some frags done

Edited by francesco149
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.