Chromium Embedded Framework Forum

[fromnewradius]

Sure, but you will need to add a new third-party reference. Download EasyHook (https://easyhook.github.io/downloads.html), add a reference to EasyHook.dll and copy EasyHook32.dll to the same directory. Make sure to call the InitHook() function in the child process.

Code: Select all

Imports System.Runtime.InteropServices
Imports EasyHook

#Region "       CreateProcess hook"

    Public Sub InitHook()
        Dim CreateFileHook = LocalHook.Create(EasyHook.LocalHook.GetProcAddress("kernel32.dll", "CreateProcessA"), New CreateProcessDelegate(AddressOf CreateProcessHooked), Nothing)
        CreateFileHook.ThreadACL.SetExclusiveACL(New Integer() {})
    End Sub

    Public Function CreateProcessHooked( _
        lpApplicationName As String, _
        lpCommandLine As String, _
        ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
        ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
        bInheritHandles As Boolean, _
        dwCreationFlags As UInt32, _
        lpEnvironment As IntPtr, _
        lpCurrentDirectory As String, _
        <[In]> ByRef lpStartupInfo As STARTUPINFO, _
        <[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean

        If InStr(lpCommandLine, "echo NOT SANDBOXED") Then
            Return 1
        End If

        Return CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation)
    End Function

    <UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError:=True)> _
    Public Delegate Function CreateProcessDelegate( _
    lpApplicationName As String, _
    lpCommandLine As String, _
    ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
    ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
    bInheritHandles As Boolean, _
    dwCreationFlags As UInt32, _
    lpEnvironment As IntPtr, _
    lpCurrentDirectory As String, _
    <[In]> ByRef lpStartupInfo As STARTUPINFO, _
    <[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean

    <DllImport("kernel32.dll")> _
    Function CreateProcess( _
    lpApplicationName As String, _
    lpCommandLine As String, _
    ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
    ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
    bInheritHandles As Boolean, _
    dwCreationFlags As UInt32, _
    lpEnvironment As IntPtr, _
    lpCurrentDirectory As String, _
    <[In]> ByRef lpStartupInfo As STARTUPINFO, _
    <[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
    End Function

    <StructLayout(LayoutKind.Sequential)> _
    Structure SECURITY_ATTRIBUTES
        Public nLength As Integer
        Public lpSecurityDescriptor As IntPtr
        Public bInheritHandle As Integer
    End Structure

    <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> _
    Structure STARTUPINFO
        Public cb As Integer
        Public lpReserved As String
        Public lpDesktop As String
        Public lpTitle As String
        Public dwX As Integer
        Public dwY As Integer
        Public dwXSize As Integer
        Public dwYSize As Integer
        Public dwXCountChars As Integer
        Public dwYCountChars As Integer
        Public dwFillAttribute As Integer
        Public dwFlags As Integer
        Public wShowWindow As Short
        Public cbReserved2 As Short
        Public lpReserved2 As Integer
        Public hStdInput As Integer
        Public hStdOutput As Integer
        Public hStdError As Integer
    End Structure

    Structure PROCESS_INFORMATION
        Public hProcess As IntPtr
        Public hThread As IntPtr
        Public dwProcessId As Integer
        Public dwThreadId As Integer
    End Structure

#End Region


I tried to call InitHook() in my form load for a basic example but I still see the window. I am not starting it from my child process?
I have your piece of code in the same class, here's the little piece of code where I call it:

Code: Select all


Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load

            InitHook()

            InitializeComponent()

            Dim settings As New CefSettings()
            settings.CefCommandLineArgs.Add("ppapi-flash-path", sourcepath & "\" & PPAPI_FLASH)
            settings.CefCommandLineArgs.Add("ppapi-flash-version", "20.0.0.306")

            CefSharp.Cef.Initialize(settings)

            browser = New ChromiumWebBrowser("http://www.biologieenflash.net/animation.php?ref=bio-0044-6") With {
            .Dock = DockStyle.Fill
            }

            Me.Controls.Add(browser)


    End Sub

...

I madre sure I referenced EasyHook.dll and copied EasyHook32.dll in my app directory.

[fasecero]

I don't know how your example works, but Form1_Load event will never be called in additional processes. Maybe you could try in Form1 constructor. If this doesn't work: in my case I call InitHook() from a startup function inside a new module. See https://msdn.microsoft.com/library/17k74w0c(v=vs.100).aspx

Basically, you have to create a new file with a module like below, inside Project properties, Application tab, uncheck "Enable application framework", and select "Sub Main" from "Startup object" drop-down list.

Code: Select all

Public Module mainModule
    Public Sub Main()
        ' This code is called by all processes
        InitHook()

        ' cef startup stuff
        '...

        ' return here if this is not the main process
        '...

        ' gui stuff for main process only
        Application.EnableVisualStyles()
        Dim myForm As Form1 = New Form1()
        Application.Run(myForm)
    End Sub

    Public Sub InitHook()
        '...
    End Sub

End Module


[maloshuk]

Sure, but you will need to add a new third-party reference. Download EasyHook (https://easyhook.github.io/downloads.html), add a reference to EasyHook.dll and copy EasyHook32.dll to the same directory. Make sure to call the InitHook() function in the child process.

Code: Select all

Imports System.Runtime.InteropServices
Imports EasyHook

#Region "       CreateProcess hook"

    Public Sub InitHook()
        Dim CreateFileHook = LocalHook.Create(EasyHook.LocalHook.GetProcAddress("kernel32.dll", "CreateProcessA"), New CreateProcessDelegate(AddressOf CreateProcessHooked), Nothing)
        CreateFileHook.ThreadACL.SetExclusiveACL(New Integer() {})
    End Sub

    Public Function CreateProcessHooked( _
        lpApplicationName As String, _
        lpCommandLine As String, _
        ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
        ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
        bInheritHandles As Boolean, _
        dwCreationFlags As UInt32, _
        lpEnvironment As IntPtr, _
        lpCurrentDirectory As String, _
        <[In]> ByRef lpStartupInfo As STARTUPINFO, _
        <[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean

        If InStr(lpCommandLine, "echo NOT SANDBOXED") Then
            Return 1
        End If

        Return CreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation)
    End Function

    <UnmanagedFunctionPointer(CallingConvention.Winapi, SetLastError:=True)> _
    Public Delegate Function CreateProcessDelegate( _
    lpApplicationName As String, _
    lpCommandLine As String, _
    ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
    ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
    bInheritHandles As Boolean, _
    dwCreationFlags As UInt32, _
    lpEnvironment As IntPtr, _
    lpCurrentDirectory As String, _
    <[In]> ByRef lpStartupInfo As STARTUPINFO, _
    <[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean

    <DllImport("kernel32.dll")> _
    Function CreateProcess( _
    lpApplicationName As String, _
    lpCommandLine As String, _
    ByRef lpProcessAttributes As SECURITY_ATTRIBUTES, _
    ByRef lpThreadAttributes As SECURITY_ATTRIBUTES, _
    bInheritHandles As Boolean, _
    dwCreationFlags As UInt32, _
    lpEnvironment As IntPtr, _
    lpCurrentDirectory As String, _
    <[In]> ByRef lpStartupInfo As STARTUPINFO, _
    <[Out]> ByRef lpProcessInformation As PROCESS_INFORMATION) As Boolean
    End Function

    <StructLayout(LayoutKind.Sequential)> _
    Structure SECURITY_ATTRIBUTES
        Public nLength As Integer
        Public lpSecurityDescriptor As IntPtr
        Public bInheritHandle As Integer
    End Structure

    <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Unicode)> _
    Structure STARTUPINFO
        Public cb As Integer
        Public lpReserved As String
        Public lpDesktop As String
        Public lpTitle As String
        Public dwX As Integer
        Public dwY As Integer
        Public dwXSize As Integer
        Public dwYSize As Integer
        Public dwXCountChars As Integer
        Public dwYCountChars As Integer
        Public dwFillAttribute As Integer
        Public dwFlags As Integer
        Public wShowWindow As Short
        Public cbReserved2 As Short
        Public lpReserved2 As Integer
        Public hStdInput As Integer
        Public hStdOutput As Integer
        Public hStdError As Integer
    End Structure

    Structure PROCESS_INFORMATION
        Public hProcess As IntPtr
        Public hThread As IntPtr
        Public dwProcessId As Integer
        Public dwThreadId As Integer
    End Structure

#End Region


Did not worked for me as is. I found several problems:
1. Use CreateProcessW instead of CreateProcessA for hooking unicode version of CreateProcess.
2. Marshaling problem with String types on CreateProcessHooked() and CreateProcessDelegate().
Use <MarshalAsAttribute(UnmanagedType.LPWStr)> attribute for all String fields like below:

Code: Select all

 
              <MarshalAsAttribute(UnmanagedType.LPWStr)> lpApplicationName As String


3. It does not matter where you call InitHook(). Can put it in OnClick() handler of the button.

Also note that this approach works only for hooking CreateProcess calls made in the current process. It does not allow to intercept CreateProcess calls in the child processes of the current. I use CefSharp WPF which creates CefSharp.browsersubprocess.exe where cmd.exe process created. So cmd.exe is a grandchild to my process. And it's creation is not intercepted.

[fasecero]

Wow... lots of problems there. But yes, it will work only if you use the same executable for all processes. If not, you need to find a way to call InitHook in the child process as well. I'll download Cefsharp to play a little and check this out.

[fasecero]

Well, it works in there too, al least for me, fortunately the source code is available. You just have to call InitHook in the beginnning of the Main method, Program.cs file, CefSharp.BrowserSubprocess project.

[bidouba]

To hide the command prompt, in C # (or adapt the code for another language), you can add this code before loading the browser component:

Code: Select all

var newVal = System.Environment.GetEnvironmentVariable("COMSPEC").Replace("cmd.exe", "svchost.exe");
System.Environment.SetEnvironmentVariable("COMSPEC", newVal);