March 28, 2024, 11:10:26 AM

News:

IonicWind Snippit Manager 2.xx Released!  Install it on a memory stick and take it with you!  With or without IWBasic!


Advanced Webbrowser topics

Started by sapero, June 24, 2008, 06:21:44 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sapero

June 24, 2008, 06:21:44 PM Last Edit: June 24, 2008, 06:25:09 PM by sapero
There are 8 more advanced webbrowser examples (part one):

- simple: shows how to use (written in C) CWebPage static libray that implements minimum code for hosting a browser control.. The library is modified a bit by me to easily extend it with external classes, allow drag-drop and the default MSHTML context menu.
- popups: shows how to control new windows, using CWebBrowserEvents2 class as the base for derieved classes. This class already implements statusbar and title text changing, both are optional.
- user_agent: how to convert Internet Explorer to Opera running on Linux?
- mouse_navigation: what to do, to navigate the browser back and forward with mouse X buttons.
- information_bar: (XP sp2 or above) how to attach IE infobar to your browser application.
- focus_preventing: how to prevent javascript from focus manipulation.
- download_control: disabling images, videos, javascript, and java.
- browser_events: displays browser informations on the statusbar, the basic usage of CWebBrowserEvents2.

Open each project file in your Aurora, and when prompted - click OK to update file paths.

lemmi

Sapero,

that's lot amount of finest stuff. From me already a big thank you very much to make it available.

lemmi

aurelCB

Hi sapero...
I download zip and i try start this but i dont understand how this work ???
I unzip this file to projects and try start but nothing heapend?
i ask why when i'm new in Aurora ...
any sugestion?

sapero

In Aurora menu click File->Open Project, choose one of .awp files, then compile the project.
You'll need to install the SDK headers before compiling, because each project includes a ton of definitions not included with default Aurora instalation.

sapero

April 27, 2009, 12:55:06 AM #4 Last Edit: April 27, 2009, 03:09:42 AM by sapero
Now it's time for a bit of security. You'll wonder what IE6sp3 can do.
I have set the highest security level for Internet zone, disabled most plugins (except my own and google toolbar), so javascript, java, download and the use of ActiveX is disabled by default, but enabled for selected set of websites. Even the OPEN verb for executables is changed, to run my custom program which prompts for permission to execute.
Recently i've created a webbrowser application (webproxy checker). It has a list of webproxies, uses the browser to navigate to each proxy and submits all forms with a prepared link. If there are links to other proxy sites it extracts them and appends to internal queue list.

The hosting code implements:
* IDownloadManager - to deny file download
* IOleCommandTarget - to deny script errors nags
* IDispatch - to deny image download, javascript, java, ocx, behaviors...

But my darling IE does not always accept security restrictions. A 10 years old, win32 parite virus has been downloaded to TEMP directory, and would be executed if not the antivirus. So I've installed hooks on some winapi functions to see what goes on:

For XP (and above) users only:
#define UNICODE
#include "windows.inc"
#include "shlobj.inc"
#include "shlwapi.inc"
#include "wchar.inc"

// before YOU call OpenFile with write access, set this flag to TRUE
// otherwise OpenFile will fail.
BOOL g_fAllowCreateFile;

sub main()
{
// install vectored exception handler (XP users)
// Note: you cannot use SetUnhandledExceptionFilter here
if (AddVectoredExceptionHandler(TRUE, &MyHandler))
{
// control file and directory creation
SetBreakpoint(&CreateFile);
SetBreakpoint(&CreateDirectory);
// control OLE objects creation
SetBreakpoint(&CoCreateInstance);
// control execution
SetBreakpoint(&CreateProcess);
SetBreakpoint(&ShellExecuteEx);
// control code injection
SetBreakpoint(&OpenProcess);
// control nags
SetBreakpoint(&MessageBox);

// TODO: open your browser here and wait until closed.

// uninstall vectored exception handler (XP users)
RemoveVectoredExceptionHandler(&MyHandler);
}
}


// breakpoints designed for XP api's, overwrite 'mov edi,edi' with 'int3'
#emit HookBytes int3
#emit           nop
declare HookBytes();

sub SetBreakpoint(void *address)
{
WriteProcessMemory(GetCurrentProcess(), address, &HookBytes, 2, NULL);
}


// breakpoint handler
sub MyHandler(EXCEPTION_POINTERS* ExceptionInfo),int
{
CONTEXT *ctx;
DWORD   *parameter;
wstring *path;
GUID    *pClsid;
DWORD    access;
SHELLEXECUTEINFO *execinfo;
dwstring wszClsid[MAX_PATH];

// ShowBalloon() function is optional, not included here.

if (ExceptionInfo->ExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT)
{
parameter = ctx->Esp + 0;
ctx       = ExceptionInfo->ContextRecord;
// *parameter[0] is the return address
// *parameter[1] is the first function parameter

if (ExceptionInfo->ExceptionRecord->ExceptionAddress == &CreateFile)
{
path   = *parameter[1] + 0;
access = *parameter[2];

// check if we called OpenFile
BOOL allow = g_fAllowCreateFile;
g_fAllowCreateFile = FALSE;

if (access & GENERIC_WRITE)
{
if (!allow)
{
// audio device, enable for click sound. You'll need to adjust this name.
allow = !wcsicmp(path, L"\\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}");
}
if (!allow)
{
// not sure what this pipe is for
allow = !wcsicmp(path, L"\\.\PIPE\lsarpc");
}

if (!allow)
{
// probably a fie for History
SHGetSpecialFolderPath(0, wszClsid, CSIDL_LOCAL_APPDATA, FALSE);
wcscat(wszClsid, L"\Microsoft\Internet Explorer\MSIMGSIZ.DAT");
allow = !wcsnicmp(path, wszClsid, wcslen(wszClsid));
}
if (!allow)
{
// allow file creation in Cache
SHGetSpecialFolderPath(0, wszClsid, CSIDL_INTERNET_CACHE, FALSE);
allow = !wcsnicmp(path, wszClsid, wcslen(wszClsid));
}
if (!allow)
{
// allow cookies creation
SHGetSpecialFolderPath(0, wszClsid, CSIDL_COOKIES, FALSE);
allow = !wcsnicmp(path, wszClsid, wcslen(wszClsid));
}
if (!allow)
{
// allow history modifications
SHGetSpecialFolderPath(0, wszClsid, CSIDL_HISTORY, FALSE);
allow = !wcsnicmp(path, wszClsid, wcslen(wszClsid));
}
if (!allow)
{
// deny all other locations
openconsole();
print("CreateFile ", w2s(*path));
ShowBalloon(L"CreateFile", path);
// change file name to invalid file name, the api should fail.
*parameter[1] = &L":?"; // lpFileName

// this is to check if the browser has downloaded a cabinet (ocx/malware)
WCHAR *ext = PathFindExtension(path);
if (ext && !wcsicmp(ext, L".tmp"))
{
//print("site: ", w2s(app->m_wBrowser.m_url));
}
}
}
// skip the breakpoint
ctx->Eip++;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (ExceptionInfo->ExceptionRecord->ExceptionAddress == &CreateDirectory)
{
path = *parameter[1] + 0;

// check if the directory belongs to temporary internet files
// and deny all other locations
SHGetSpecialFolderPath(0, wszClsid, CSIDL_INTERNET_CACHE, FALSE);
access = wcslen(wszClsid);
if (wcsnicmp(path, wszClsid, access))
{
openconsole();
print("CreateDirectory ", w2s(*path));
ShowBalloon(L"CreateDirectory", path);
//print("site: ", w2s(app->m_wBrowser.m_url));
// change file name to invalid file name, the api should fail.
*parameter[1] = &L":?"; // lpPathName
}
ctx->Eip++;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (ExceptionInfo->ExceptionRecord->ExceptionAddress == &CoCreateInstance)
{
// [ ] - deny and display, default
// [*] - deny and do not display
// [+] - allow
// {25336920-03F9-11CF-8FD0-00AA00686F13}*HTML Document
// {275C23E2-3747-11D0-9FEA-00AA003F8646}+Multi Language Support
// {3050F499-98B5-11CF-BB82-00AA00BDCE0B}*Microsoft HTML Recalc
// {3050F3B4-98B5-11CF-BB82-00AA00BDCE0B}+Microsoft Document Browse Property Page
// {3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}+Trident HTMLEditor
// {33C53A50-F456-4884-B049-85FD643ECFED}+TF_InputProcessorProfiles
// {3CE74DE4-53D3-4D74-8B83-431B3828BA53}+TF_DisplayAttributeMgr
// {48123BC4-99D9-11D1-A6B3-00C04FD91555} XML Document
// {50D5107A-D278-4871-8989-F4CEAAF59CFC}+CActiveIMMAppEx_Trident
// {7057E952-BD1B-11D1-8919-00C04FC2C836}+Microsoft DocHost User Interface Handler [propsheet]
// {750FDF0E-2A26-11D1-A3EA-080036587F03}*Offline Files Menu [add to favorites]
// {7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}+Security Manager
// {81397204-F51A-4571-8D7B-DC030521AABD}*DXTFilterFactory (directX transform filter)
// {871C5380-42A0-1069-A2EA-08002B30309D}+CLSID_Internet
// {8856F961-340A-11D0-A96B-00C04FD705A2}+Microsoft Webbrowser
// {A4B544A1-438D-4B41-9325-869523E2D6C7}+TF_CategoryMgr
// {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}*Subscription Mgr   [add to favorites]
// {FBF23B40-E3F0-101B-8488-00AA003E56F8}*Internet Shortcut
// {F6240000-66DA-4DCD-B1AF-5C59D05C44D5}+Sketch IMX
// {FF393560-C2A7-11CF-BFF4-444553540000}+History

pClsid = *parameter[1] + 0;

StringFromCLSID2(pClsid, wszClsid, 64);
// allow list
if (!wcsstr(L"{275C23E2-3747-11D0-9FEA-00AA003F8646}{7057E952-BD1B-11D1-8919-00C04FC2C836}{3050F3B4-98B5-11CF-BB82-00AA00BDCE0B}{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}{33C53A50-F456-4884-B049-85FD643ECFED}{3CE74DE4-53D3-4D74-8B83-431B3828BA53}{50D5107A-D278-4871-8989-F4CEAAF59CFC}{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}{871C5380-42A0-1069-A2EA-08002B30309D}{8856F961-340A-11D0-A96B-00C04FD705A2}{A4B544A1-438D-4B41-9325-869523E2D6C7}{F6240000-66DA-4DCD-B1AF-5C59D05C44D5}{FF393560-C2A7-11CF-BFF4-444553540000}", wszClsid))
{
// if the CLSID was not found, display it and deny
// 'do not display' list
if (!wcsstr(L"{750FDF0E-2A26-11D1-A3EA-080036587F03}{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}{FBF23B40-E3F0-101B-8488-00AA003E56F8}{25336920-03F9-11CF-8FD0-00AA00686F13}{81397204-F51A-4571-8D7B-DC030521AABD}{3050F499-98B5-11CF-BB82-00AA00BDCE0B}", wszClsid))
{
openconsole();
print("CoCreateInstance ", w2s(wszClsid),);
ShowBalloon(L"CoCreateInstance", wszClsid);
// read class name from registry
// HKEY_CLASSES_ROOT/CLSID/{guid}
//  @ = class name
HKEY hk;
if (!RegOpenKeyEx(HKEY_CLASSES_ROOT, L"CLSID", 0, KEY_READ, &hk))
{
HKEY hkClsid;
if (!RegOpenKeyEx(hk, wszClsid, 0, KEY_READ, &hkClsid))
{
access = (MAX_PATH-1)*2;
if (!RegQueryValueEx(hkClsid, NULL, 0, NULL, wszClsid, &access) && access)
{
print(" ", w2s(wszClsid),);
}
StringFromCLSID2(pClsid, wszClsid, 64);
RegCloseKey(hkClsid);
}
RegCloseKey(hk);
}
print();
//print("site: ", w2s(app->m_wBrowser.m_url));
}
*parameter[1] = &_GUID_NULL; // rclsid
}
ctx->Eip++;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (ExceptionInfo->ExceptionRecord->ExceptionAddress == &CreateProcess)
{
// deny always
path = *parameter[1] + 0;
if (!path)
path  = *parameter[2] + 0;

if (path)
{
openconsole();
print("CreateProcess ", w2s(*path));
ShowBalloon(L"CreateProcess", path);
}
*parameter[1] = 0;      // lpApplicationName
*parameter[2] = &L":?"; // lpCommandLine

ctx->Eip++;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (ExceptionInfo->ExceptionRecord->ExceptionAddress == &ShellExecuteEx)
{
execinfo = *parameter[1] + 0; // SHELLEXECUTEINFO

if (execinfo && execinfo->lpFile)
{
// deny always
openconsole();
print("ShellExecuteEx ", w2s(execinfo->*(wstring)lpFile));
ShowBalloon(L"ShellExecuteEx", execinfo->lpFile);
execinfo->lpFile = L":?";
}
ctx->Eip++;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (ExceptionInfo->ExceptionRecord->ExceptionAddress == &OpenProcess)
{
openconsole();
print("OpenProcess ", *parameter[3]);
swprintf(wszClsid, L"%d", *parameter[3]);
ShowBalloon(L"OpenProcess", wszClsid);
*parameter[3] = 0; // dwProcessId

ctx->Eip++;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (ExceptionInfo->ExceptionRecord->ExceptionAddress == &MessageBox)
{
// check caller address, deny if outside this module
IMAGE_DOS_HEADER *dos = &*(IMAGE_DOS_HEADER)_hinstance;
IMAGE_NT_HEADERS32 *nt = dos + dos->e_lfanew;

if ((*parameter[0] < _hinstance)
||  (*parameter[0] >= (_hinstance + nt->OptionalHeader.SizeOfImage)))
{
path = *parameter[2] + 0;
if (path)
{
openconsole();
print("MessageBox: ", w2s(*path));
ShowBalloon(L"MessageBox", path);
}
// exit from MessageBox
ctx->Eip = *parameter[0];
ctx->Esp += 20; // 1+4 parameters * 4
}
else
{
ctx->Eip++;
}
return EXCEPTION_CONTINUE_EXECUTION;
}
}
return EXCEPTION_EXECUTE_HANDLER;
}

DominiqueB

Hello, sapero,

even with the last sdk installed, i get an error:

Compiling...
AdvancedBrowser.src
File: C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.src (122) Warning: undeclared function 'ShowBalloon'
File: C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.src (150) Warning: undeclared function 'ShowBalloon'
File: C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.src (196) Warning: undeclared function 'ShowBalloon'
File: C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.src (235) Warning: undeclared function 'ShowBalloon'
File: C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.src (252) Warning: undeclared function 'ShowBalloon'
File: C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.src (263) Warning: undeclared function 'ShowBalloon'
File: C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.src (283) Warning: undeclared function 'ShowBalloon'
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:597: error: symbol `ShowBalloon' undefined
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:779: error: symbol `ShowBalloon' undefined
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:922: error: symbol `ShowBalloon' undefined
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:1202: error: symbol `ShowBalloon' undefined
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:1354: error: symbol `ShowBalloon' undefined
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:1459: error: symbol `ShowBalloon' undefined
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:1653: error: symbol `ShowBalloon' undefined
C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm:1758: error: phase error detected at end of assembly.
Error(s) in assembling "C:\Mes Programmes\Aurora\Mes Exemples\AdvancedBrowser\AdvancedBrowser.asm"

Thank's

Dominique

sapero

April 27, 2009, 02:48:23 PM #6 Last Edit: April 27, 2009, 02:49:58 PM by sapero
Quote// ShowBalloon() function is optional, not included here
sub ShowBalloon(wstring *pwszTitle, wstring *pwszMessage)
{
}
I hope you know you need to add the basic code which opens the webbrowser and navigates somewhere. The ShowBalloon subroutine is empty, because the real function needs a window and icon handle:NOTIFYICONDATA g_nid; // after #include, before sub ShowBalloon

sub ShowBalloon(wstring *pwszTitle, wstring *pwszMessage)
{
// const WM_TRAY = WM_USER + 32;
// call ShowBalloon(NULL, NULL) in CWindow::OnDestroy
if (!g_nid.cbSize)
{
g_nid.cbSize = sizeof(g_nid) - 4; // 4 less if you have the headers from 2 april
g_nid.hWnd   = app->m_hwnd; // window handle
g_nid.uID    = 1;
g_nid.uFlags = NIF_ICON | NIF_MESSAGE | NIF_TIP;
g_nid.hIcon  = LoadImage(_hinstance, IDI_APPLICATION, IMAGE_ICON, 0, 0, 0); // *** icon handle
g_nid.uCallbackMessage = WM_TRAY;
wcsncpy(g_nid.szTip, L"Hooked Browser", 64);

Shell_NotifyIcon(NIM_ADD, &g_nid);
}
if (pwszTitle)
{
g_nid.dwInfoFlags = NIIF_INFO;
g_nid.uFlags      = NIF_INFO;
g_nid.uTimeout    = 20000;
wcsncpy(g_nid.szInfoTitle, pwszTitle, 64);
wcsncpy(g_nid.szInfo, pwszMessage, 256);

Shell_NotifyIcon(NIM_MODIFY, &g_nid);
}
else if (g_nid.cbSize)
{
Shell_NotifyIcon(NIM_DELETE, &g_nid);
}
}

DominiqueB

thank's,

no, i didn't know i had to add some code to yours ?

I thought it was complete, sorry . . .

Dominique

sapero

This is a snippet displaying IE extensions configuration dialog:#include "windows.inc"
declare CLSID_IEExtensionsDialogManager();
declare IID_IIEExtensionsDlg();

enum IEEXTENSIONSDLG_VIEW
{
IEEXTENSIONSDLG_VIEW_ALL = 0,
IEEXTENSIONSDLG_VIEW_INUSE
}

interface IIEExtensionsDlg : IUnknown
{
declare virtual ShowDlg(HWND h);
declare virtual ShowDlgWithGuids(HWND h, GUID *p,int u, IEEXTENSIONSDLG_VIEW v);
declare virtual ShowDlgWithModules(HWND h,ushort *pp, ulong u, GUID *p);
}

sub main()
{
CoInitialize(0);

IIEExtensionsDlg *unk;
if (!CoCreateInstance(&CLSID_IEExtensionsDialogManager, NULL, CLSCTX_INPROC_SERVER, &IID_IIEExtensionsDlg, &unk))
{
openconsole();
HWND parent = GetConsoleWindow(); // use real window handle here

// all three are working in different way, just pick one
//unk->ShowDlg(parent);
unk->ShowDlgWithGuids(parent, _GUID_NULL, 0, IEEXTENSIONSDLG_VIEW_ALL); // guessed parameters
//unk->ShowDlgWithModules(parent, 0, 0, _GUID_NULL); // guessed parameters

unk->Release();
}
CoUninitialize();
}

#asm
align 4
CLSID_IEExtensionsDialogManager dd 0x364626C9, 0x4CC5440B, 0x54F86E9E, 0x0DECD7FA5
IID_IIEExtensionsDlg dd 0x0CB674319, 0x4A3304CA, 0x0E77CFA9, 0x38D3156F
#endasm