Click here to Skip to main content
15,867,686 members
Articles / Programming Languages / C++
Article

The forceful implementation of features

Rate me:
Please Sign up or sign in to vote.
4.92/5 (9 votes)
4 Jul 2009CPOL2 min read 25.4K   231   10   4
Apple’s Safari, unfortunately is missing some functionality that I require to surf the web. With the plugin API being currently unavailable, I decided to implement it on my own using DLL Injection and Hooking.

Background

As a long time user of Firefox, I decided to switch to Apple’s Safari; unfortunately, the browser is missing some functionality that I require to surf the web, with the plug-in API being currently unavailable. I decided to implement it on my own by the usage of DLL-Injection and Hooking.

Image 1

How it works

After our Dynamic Link Library is injected, we first have to import Apple’s Core Foundations in order to interface with the browser. Unfortunately, Apple unlinks their modules from the PEB, so that we have to do this in DllMain, or else we would have to jump through further hoops to get the Module Handles.

C++
#define InitCFImport( x ) \
( *( FARPROC* )&##x ) = GetProcAddress( hmCoreFoundations, #x ); \
if( x == NULL ){ \
    ( *( FARPROC* )&##x ) = GetProcAddress( hmCFNetwork, #x );\
}\
if( x == NULL ){\
    MessageBoxA( 0, #x, "Unable to import", 0 );\
    return false;\
}

InitCFImport( CFStringGetSystemEncoding );
InitCFImport( CFStringGetCStringPtr );
InitCFImport( CFStringGetCharactersPtr );
InitCFImport( CFURLCopyAbsoluteURL );
InitCFImport( CFURLGetString );
InitCFImport( CFURLGetBaseURL );
InitCFImport( CFURLCreateWithString );
InitCFImport( CFStringGetCharacters );
InitCFImport( CFStringDelete );
InitCFImport( CFStringGetLength );
InitCFImport( CFURLRequestGetURL );

Now, with those imports, we can read which URL Safari is trying to access, and we also need a way to integrate ourselves into the Safari UI. I decided to use the “Page Button” because it seemed like the right place to me. But before we can place our entries there, we need to obtain the menu handle, which is why I hooked InsertMenuItemW. Basically, all I do there is to wait for Apple to add their entries so that I can insert mine. Please refer to “hkInsertMenuItemW” if you want to know more.

Now that we have inserted ourselves into Apple’s menu, we need to subclass their main-window. The problem with that is that Apple creates a multitude of windows of all kinds. In fact, they even create the MainWindow new for each “instance” of Safari. To handle that, I hooked “CreateWindowExW” to subclass the “Message-Handler” (please refer to “hkCreateWindowExW” if you want to know more ).

Last but not least, we need a way to figure out which URLs are being loaded and a way to prevent that from happening for undesired ones.

This is my solution:

C++
Core::CFURLRef __cdecl hkCFURLRequestGetURL( Core::CFRequestRef refRequest )
{
    Core::CFURLRef pResult = Core::CFURLRequestGetURL( refRequest );

    DWORD dwReturnAddress = ( DWORD ) _ReturnAddress();
    DWORD dwModuleBase = ( DWORD ) Core::g_hmCFNetwork;

    if ( pResult && dwReturnAddress > dwModuleBase
    && dwReturnAddress < dwModuleBase + 0x57000 )
    {
        Core::CStringRef refUrlText = Core::CFURLGetString( pResult );
    
        if ( refUrlText )
        {
            wchar_t wszBuffer[2024];

            if ( Core::ConvertString( refUrlText, wszBuffer, 1024 ) )
            {
                // returns true if the content is to be blocked
                if ( ContentIndexer::Add( wszBuffer ) )
                {
                    return NULL;
                }
            }
        }
    }
    return pResult;
}

I check for the return address (location where the call to our hook originated from) to be within the boundaries of CFNetwork.dll because some callers of this function expect it to always return a valid value, although Apple’s SDK states that this function might fail. The only thing that’s left to do within the function is to check for URLs of interest and either index them or block them. The algorithms I use are very basic because speed matters here.

Image 2

Image 3

Image 4

Thanks for reading.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Other
Germany Germany
i am patrick.

Comments and Discussions

 
Generalthanks Pin
v3n0m425-Jul-09 3:29
v3n0m425-Jul-09 3:29 
GeneralIrony who gives a rats arse.. Pin
streetmedic25-Jul-09 2:44
streetmedic25-Jul-09 2:44 
GeneralThe irony of all of this Pin
Jim Crafton8-Jul-09 7:55
Jim Crafton8-Jul-09 7:55 
is that you picked an app that you actually have access to all the source code! So in this case there's no real to bother with injection, just modify the actual source code and build.


¡El diablo está en mis pantalones! ¡Mire, mire!
SELECT * FROM User WHERE Clue > 0
0 rows returned

Save an Orange - Use the VCF!
Personal 3D projects
Just Say No to Web 2 Point Blow


GeneralRe: The irony of all of this PinPopular
Luka13-Jul-09 0:02
Luka13-Jul-09 0:02 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.