|
|
Post by anixx on Jan 17, 2024 15:30:29 GMT -8
This mod works just like the ClassicThemeTray.exe utility and fully replaces it. Thanks GPT-4-Turbo for help. This mod injects only winlogon.exe process and exits instantly after enabling classic theme. There is a problem: there is no way to start ApplicationFrameHost before it, so UWP apps do not work.
// ==WindhawkMod==
// @id classic-theme-enable
// @name Enable Classic Theme by handle method
// @description Disables theming by closing the handle
// @version 0.1
// @author Anixx
// @include winlogon.exe
// @compilerOptions -lntdll
// ==/WindhawkMod==
#include <iostream>
#include <sddl.h>
#include <winnt.h>
#include <winternl.h>
#include <aclapi.h>
#include <securitybaseapi.h>
// Define the prototype for the NtOpenSection function.
extern "C" NTSTATUS NTAPI NtOpenSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
BOOL Wh_ModInit() {
Wh_Log(L"Init");
// Retrieve the current session ID for the process.
DWORD sessionId;
ProcessIdToSessionId(GetCurrentProcessId(), &sessionId);
wchar_t sectionName[256];
swprintf_s(sectionName, _countof(sectionName), L"\\Sessions\\%lu\\Windows\\ThemeSection", sessionId);
// Define the name of the section object.
UNICODE_STRING sectionObjectName;
RtlInitUnicodeString(§ionObjectName, sectionName);
// Define the attributes for the section object.
OBJECT_ATTRIBUTES objectAttributes;
InitializeObjectAttributes(&objectAttributes, §ionObjectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
HANDLE hSection;
NTSTATUS status = NtOpenSection(&hSection, WRITE_DAC, &objectAttributes);
Wh_Log("status: %u\n", status);
Wh_Log("%s", sectionName);
// Define your SDDL string.
LPCWSTR sddl = L"O:BAG:SYD:(A;;RC;;;IU)(A;;DCSWRPSDRCWDWO;;;SY)";
PSECURITY_DESCRIPTOR psd = NULL;
// Convert the SDDL string to a security descriptor.
if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &psd, NULL)) {
CloseHandle(hSection);
return false;
}
// Set the security descriptor for the object.
BOOL result = SetKernelObjectSecurity(
hSection,
DACL_SECURITY_INFORMATION,
psd
);
Wh_Log("result: %u\n", result);
// Cleanup: free allocated security descriptor memory and close the handle.
LocalFree(psd);
CloseHandle(hSection);
return result;
}
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 17, 2024 15:54:41 GMT -8
Wait a minute. An AI, helped with making this?
|
|
|
|
Post by anixx on Jan 17, 2024 17:36:26 GMT -8
Wait a minute. An AI, helped with making this? Yes, it wrote all the code and comments. I only had to fix some issues such as changing SECTION_ALL_ACCESS to WRITE_DAC. |
|
clara
Sophomore Member
Posts: 118 
|
Post by clara on Jan 17, 2024 18:43:24 GMT -8
Confirmed working. If someone manages to find a way to resolve ApplicationFrameHost issue, that's probably going to be the best way of untheming Windows thus far.
|
|
clara
Sophomore Member
Posts: 118
|
Post by clara on Jan 23, 2024 23:15:12 GMT -8
Been running this script for almost a week now, no issues so far, aside from UWP apps not working. Applies classic theme consistently on multiple user accounts.
|
|
|
|
Post by anixx on Jan 24, 2024 6:06:09 GMT -8
I do not know, why this does not work when injected into Windhawk service. If it worked, then the both issues would be solved: the UWP apps and the permission in Windhawk to inject system processes would not be needed.
|
|
|
|
Post by Brawllux on Jan 24, 2024 12:29:03 GMT -8
Been running this script for almost a week now, no issues so far, aside from UWP apps not working. Applies classic theme consistently on multiple user accounts. Try adding ApplicationFrameHost.exe to the mods exclusion list. |
|
|
|
Post by anixx on Jan 24, 2024 16:42:01 GMT -8
Been running this script for almost a week now, no issues so far, aside from UWP apps not working. Applies classic theme consistently on multiple user accounts. Try adding ApplicationFrameHost.exe to the mods exclusion list. This won't work, the mod does not inject any processes except winlogon.exe |
|
clara
Sophomore Member
Posts: 118
|
Post by clara on Jan 24, 2024 16:45:37 GMT -8
Try adding ApplicationFrameHost.exe to the mods exclusion list. Already done that after installing but that wouldn't remedy the problem and, as expected, it did not. I don't think the problem is that windhawk affects ApplicationFrameHost, the problem is that the latter starts after the classic theme is applied. I remember similar issues in 2021 when i was first using SCT, leet just fixed it at some point later that year. I'm not sure though if launching AppFrameHost before Windhawk would fix this, however, and if it would even work, since i have no idea how to do this, i looked into task scheduler, but the only windhawk related task is the one bypassing the UAC.
|
|
|
|
Post by anixx on Jan 24, 2024 17:04:03 GMT -8
You add anything to the exclusion list if you have line `// @include *`. If you do not have this line, the mod injects only those processes which are listed in `// @include`.
|
|
|
|
Post by anixx on Jan 24, 2024 17:29:07 GMT -8
Try adding ApplicationFrameHost.exe to the mods exclusion list. Already done that after installing but that wouldn't remedy the problem and, as expected, it did not. I don't think the problem is that windhawk affects ApplicationFrameHost, the problem is that the latter starts after the classic theme is applied. I remember similar issues in 2021 when i was first using SCT, leet just fixed it at some point later that year. I'm not sure though if launching AppFrameHost before Windhawk would fix this, however, and if it would even work, since i have no idea how to do this, i looked into task scheduler, but the only windhawk related task is the one bypassing the UAC.
Starding ApplicationFrameHost before Windhawk definitely would help. |
|
clara
Sophomore Member
Posts: 118
|
Post by clara on Jan 24, 2024 19:16:07 GMT -8
Starding ApplicationFrameHost before Windhawk definitely would help. Tried experimenting with this, can be done, task scheduler method sometimes works, sometimes doesn't. Only once UWP apps managed to open successfully, and all of the benefits to windhawk method (quick startup, no need for explorer restart and so on) are pretty much lost. Also it requires babysitting, since windhawk service is reverting back to automatic startup after launch. Seems to be a dead end. |
|
|
|
Post by anixx on Jan 24, 2024 19:35:57 GMT -8
Starding ApplicationFrameHost before Windhawk definitely would help. Tried experimenting with this, can be done, task scheduler method sometimes works, sometimes doesn't. Only once UWP apps managed to open successfully, and all of the benefits to windhawk method (quick startup, no need for explorer restart and so on) are pretty much lost. Also it requires babysitting, since windhawk service is reverting back to automatic startup after launch. Seems to be a dead end. Well, actually if we create a task for ApplicationFrameHost, we can call the task from this mod directly before enabling classic theme. But creating a task is a complicated thing so there would not be any advantage over the usual ClassicThemeTray method via task scheduler. |
|
|
|
Post by anixx on Jan 24, 2024 19:41:28 GMT -8
One thing I do not understand is that the process WinLogon does not see the ApllicationFrameHost file. I i start cmd.exe from this mod and do `dir` in c:\windows\system32, there is no file "ApplicationFrameHost.exe". It is impossible to start it either.
|
|
clara
Sophomore Member
Posts: 118
|
Post by clara on Jan 24, 2024 20:25:48 GMT -8
One thing I do not understand is that the process WinLogon does not see the ApllicationFrameHost file. I i start cmd.exe from this mod and do `dir` in c:\windows\system32, there is no file "ApplicationFrameHost.exe". It is impossible to start it either. It seems like its impossible to launch AppFrameHost before login, i tried launching the "framehost then windhawk" strategy at system startup and it just does nothing, it goes straight to windhawk. Trying to launch task from the SYSTEM user also does nothing, framehost just doesn't start and UWP apps don't work. Task scheduler says it did something, but ur explanation makes sense here, apparently cmd started executing the command, found nothing, shrugged and moved on. |
|
|
|
Post by anixx on Jan 24, 2024 20:47:21 GMT -8
One way could be to hook ApplicationFrameHost.exe itself to fix the incompatibility with classic theme. XAML elemets in the taskbar work under classic theme, so the problm is possibly n just some check executed from ApplicationFrameHost.
|
|
clara
Sophomore Member
Posts: 118
|
Post by clara on Jan 24, 2024 21:07:56 GMT -8
One way could be to hook ApplicationFrameHost.exe itself to fix the incompatibility with classic theme. XAML elemets in the taskbar work under classic theme, so the problm is possibly n just some check executed from ApplicationFrameHost. Yes, that would be the closest to an actual solution, I think. |
|
|
|
Post by anixx on Jan 24, 2024 21:13:36 GMT -8
Additionally, ApplicationFrameHost checks if it is elevated and exits if it is. So, it should be started from an unelevated process.
|
|
kirta
Freshman Member
Posts: 59
OS: Windows 10 LTSC 2021
|
Post by kirta on Jan 30, 2024 5:16:23 GMT -8
Been running this script for almost a week now, no issues so far, aside from UWP apps not working. Applies classic theme consistently on multiple user accounts. |
|
clara
Sophomore Member
Posts: 118
|
Post by clara on Jan 30, 2024 6:21:08 GMT -8
Been running this script for almost a week now, no issues so far, aside from UWP apps not working. Applies classic theme consistently on multiple user accounts. Was using this mod prior, yes, know that it exists, i was the one who figured out that this mod works better with critical files injection permission. Still doesn't apply classic theme to parts of the system, so, considering Ingan121 's mod exists now, the issue at hand is solved. |
|
