Aug 2 2012

Hooking StartService

In the past two days, I was looking for a way to detect when service starts and prevent it.
At first I thought it would be rather “easy”, All I need to do is to create a filter-driver and catch the request for a service creation and that’s it.

Unfortunately, It’s not that “easy”. I thought there should be a representation of services in the kernel, but as it seems, there are none!
When one calls the StartService function, All it does is to send RPC message to services.exe. Then services.exe do all what counts: checks the service’s configuration, checking the dependencies, calls CreateProcess if needed, etc.
In all this procedure, the only kernel calls are the delivery of the RPC  (which you might hook if you are very, very sadistic), and a lot of registry related functions (reading/writing configurations), and of course a call to CreateProcess if needed, with no indication that the process is a service what-so-ever (remember, not all services are hosted in a unique process, some services can share the same process).
As it seems, there is just no way to determine when a service was launched from the kernel’s point-of-view.

So what should one do?

One can inject a DLL to services.exe and make a detour to RStartService(the function that handles the StartService RPC). Why should you hook that function and not StartService(system wide)? Because a service can be launched from a remote computer, therefor StartService won’t be called on the specific computer at all (and of course, a developer can implement the StartService by himself by calling the RPC directly, so even local commands might not be detected).

Note: If you want to detect a specific service from launching (i.e. check the service name and decide whether to block that service), hooking RStartService won’t be good enough.
Because RStartService won’t be called for the dependencies of the service the user launched, only the service itself. If one would like to fully block a specific service, it would be better to hook ScStartService (which is the function that actually starts every service).


Jul 23 2012

One last thing about using HyperRef with Hebrew (in LaTeX)

There was another small problem with the hyperref when a section contains Hebrew and English in the same row.

The problem is caused because the \L{} tag tries to change the font as well as the LTR.

A quick workaround will be to use \beginL … \endL instead of \L{}. But as mentioned, it will won’t change the font, meaning it will use the same font for Hebrew and English.

The better workaround will be to change the code mentioned in the previous post to the following(changes highlighted):

\PreloadUnicodePage{5}

\usepackage{hyperref}

\def\contentsline#1#2#3#4{%
  \ifx\\#4\\%
    \csname l@#1\endcsname{#2}{#3}%
  \else
    \ifcase\Hy@linktoc % none
      \csname l@#1\endcsname{#2}{#3}%
    \or % section
      \csname l@#1\endcsname{%
        \beginL\hyper@linkstart{link}{#4}{\R{#2}}\hyper@linkend\endL
      }{#3}%
    \or % page
      \csname l@#1\endcsname{{#2}}{%
        \hyper@linkstart{link}{#4}{#3}\hyper@linkend
      }%
    \else % all
      \csname l@#1\endcsname{%
        \hyper@linkstart{link}{#4}{#2}\hyper@linkend
      }{%
        \hyper@linkstart{link}{#4}{#3}\hyper@linkend
      }%
    \fi
  \fi
}

\def\LDiG#1{\beginL #1 \endL}
 
\def\pdfstringdef#1#2{%
  \let\LOld\L
  \let\L\LDiG
  \begingroup
    \escapechar`\\%
    \edef\0{\string\0}%
    \edef\1{\string\1}%
    \edef\2{\string\2}%
    \edef\3{\string\3}%
    \ifHy@unicode
      \edef\8{\string\8}%
      \edef\9{\string\9}%
      \fontencoding{PU}%
      \HyPsd@UTFviii
      \def\ifpdfstringunicode##1##2{##1}%
    \else
      \fontencoding{PD1}%
      \def\ifpdfstringunicode##1##2{##2}%
    \fi
    \let\utf@viii@undeferr\HyPsd@utf@viii@undeferr
    \enc@update
    \@inmathwarn\pdfstringdef
    \let\@inmathwarn\HyPsd@inmathwarn
    \let\add@accent\HyPsd@add@accent
    \let\{\textbraceright
    \let\}\textbraceleft
    \let\\\textbackslash
    \let\#\textnumbersign
    \let\$\textdollar
    \let\%\textpercent
    \let\&\textampersand
    \let\_\textunderscore
    \let\P\textparagraph
    \let\ldots\textellipsis
    \let\dots\textellipsis
    \def\\{\pdfstringdefWarn\\}%
    \def\newline{\pdfstringdefWarn\newline}%
    \def\TeX{TeX}%
    \def\LaTeX{La\TeX}%
    \def\LaTeXe{%
      \LaTeX2%
      \ifHy@unicode\textepsilon\else e\fi
    }%
    \def\eTeX{%
      \ifHy@unicode\textepsilon\else e\fi
      -\TeX%
    }%
    \def\SliTeX{Sli\TeX}%
    \def\MF{Metafont}%
    \def\MP{Metapost}%
    \let\fontencoding\@gobble
    \let\fontfamily\@gobble
    \let\fontseries\@gobble
    \let\fontshape\@gobble
    \let\fontsize\@gobbletwo
    \let\selectfont\@empty
    \let\usefont\@gobblefour
    \let\emph\@firstofone
    \let\textnormal\@firstofone
    \let\textrm\@firstofone
    \let\textsf\@firstofone
    \let\texttt\@firstofone
    \let\textbf\@firstofone
    \let\textmd\@firstofone
    \let\textit\@firstofone
    \let\textsc\@firstofone
    \let\textsl\@firstofone
    \let\textup\@firstofone
    \let\normalfont\@empty
    \let\rmfamily\@empty
    \let\sffamily\@empty
    \let\ttfamily\@empty
    \let\bfseries\@empty
    \let\mdseries\@empty
    \let\itshape\@empty
    \let\scshape\@empty
    \let\slshape\@empty
    \let\upshape\@empty
    \let\em\@empty
    \let\rm\@empty
    \let\Huge\@empty
    \let\LARGE\@empty
    \let\Large\@empty
    \let\footnotesize\@empty
    \let\huge\@empty
    \let\large\@empty
    \let\normalsize\@empty
    \let\scriptsize\@empty
    \let\small\@empty
    \let\tiny\@empty
    \let\mathversion\@gobble
    \let\phantom\@gobble
    \let\vphantom\@gobble
    \let\hphantom\@gobble
    \def\textcolor##1##{\@secondoftwo}%
    \def\MakeUppercase{\MakeUppercaseUnsupportedInPdfStrings}%
    \def\MakeLowercase{\MakeLowercaseUnsupportedInPdfStrings}%
    \let\textlatin\@firstofone
    \ltx@IfUndefined{language@group}{}{%
      \csname HyPsd@babel@\language@group\endcsname
    }%
    \HyPsd@GreekPatch
    \HyPsd@SpanishPatch
    \HyPsd@RussianPatch
    \HyPsd@BabelPatch
    \let\@safe@activestrue\relax
    \let\@safe@activesfalse\relax
    \let\cyr\relax
    \let\es@roman\@Roman
    \let\glqq\textglqq
    \let\grqq\textgrqq
    \let\glq\textglq
    \let\grq\textgrq
    \let\flqq\textflqq
    \let\frqq\textfrqq
    \let\flq\textflq
    \let\frq\textfrq
    \let\if@mid@expandable\@firstoftwo
    \HyPsd@AMSclassfix
    \let\hspace\HyPsd@hspace
    \let\label\@gobble
    \let\index\@gobble
    \let\glossary\@gobble
    \let\href\HyPsd@href
    \let\@mkboth\@gobbletwo
    \let\ref\HyPsd@ref
    \let\pageref\HyPsd@pageref
    \let\nameref\HyPsd@nameref
    \let\autoref\HyPsd@autoref
    \let\leavevmode\@empty
    \let\mbox\@empty
    \def\halign{\pdfstringdefWarn\halign\@gobble}%
    \let\ignorespaces\HyPsd@ignorespaces
    \let\Hy@SectionAnchorHref\@gobble
    \HyPsd@CJKhook
    \Hy@pdfstringtrue
    \pdfstringdefPreHook
    \HyPsd@LetUnexpandableSpace\space
    \HyPsd@LetUnexpandableSpace\ %
    \HyPsd@LetUnexpandableSpace~%
    \HyPsd@LetUnexpandableSpace\nobreakspace
    \ltx@IfUndefined{@xspace}{%
      \let\xspace\HyPsd@ITALCORR
    }{%
      \let\xspace\HyPsd@XSPACE
    }%
    \let\/\HyPsd@ITALCORR
    \let\bgroup\/%
    \let\egroup\/%
    \let\discretionary\@gobbletwo
    \def\@ifnextchar{\HyPsd@ifnextchar\@ifnextchar}%
    \def\kernel@ifnextchar{\HyPsd@ifnextchar\kernel@ifnextchar}%
    \def\new@ifnextchar{\HyPsd@ifnextchar\new@ifnextchar}%
    \let\@protected@testopt\HyPsd@protected@testopt
    \let\@protected@testopt@xargs\HyPsd@protected@testopt
    \begingroup
      \let\GenericError\@gobblefour
      \let\GenericWarning\@gobbletwo
      \let\GenericInfo\@gobbletwo
      \ifx\nofrenchguillemets\@undefined
      \else
        \nofrenchguillemets
      \fi
      \let\Hy@temp\xdef
      \let\def\HyPsd@DefCommand
      \let\gdef\HyPsd@DefCommand
      \let\edef\HyPsd@DefCommand
      \let\xdef\HyPsd@DefCommand
      \let\futurelet\HyPsd@LetCommand
      \let\let\HyPsd@LetCommand
      \Hy@temp#1{#2}%
    \endgroup
    \ifx#1\@empty
    \else
      \HyPsd@ProtectSpaces#1%
      \let\HyPsd@String\@empty
      \expandafter\HyPsd@RemoveBraces\expandafter{#1|}%
      \global\let#1\HyPsd@String
      \let\HyPsd@SPACEOPTI\relax
      {%
         \let\HyPsd@String\@empty
         \expandafter\HyPsd@CheckCatcodes#1\HyPsd@End
         \global\let#1\HyPsd@String
      }%
      \expandafter\HyPsd@RemoveMask\expandafter
        |\expandafter\@empty#1\HyPsd@End#1%
      \expandafter\HyPsd@Subst\expandafter{\HyPsd@GLYPHERR}{\relax}#1%
      \let\HyPsd@String\@empty
      \expandafter\HyPsd@GlyphProcess#1\relax\@empty
      \global\let#1\HyPsd@String
      \HyPsd@StringSubst{\\}{\textbackslash}#1%
      \ifHy@unicode
        \expandafter\HyPsd@StringSubst\csname 80\040\endcsname
          \HyPsd@SPACEOPTI#1%
        \edef\Hy@temp@A{\HyPsd@SPACEOPTI\HyPsd@SPACEOPTI\80\273}%
        \expandafter\HyPsd@Subst\expandafter{\Hy@temp@A}%
          {\HyPsd@SPACEOPTI\80\273}#1%
      \else
        \HyPsd@StringSubst{\040}\HyPsd@SPACEOPTI#1%
        \expandafter\HyPsd@Subst\expandafter{%
          \expandafter\HyPsd@SPACEOPTI\expandafter\HyPsd@SPACEOPTI
          \string\273}{\HyPsd@SPACEOPTI\273}#1%
      \fi
      \ifHy@unicode
        \HyPsd@StringSubst{\)}{\80\050}#1%
        \HyPsd@Subst){\80\050}#1%
        \let\HyPsd@empty\relax
        \expandafter\HyPsd@StringSubst\csname 80\050\endcsname
          {\HyPsd@empty\80\050}#1%
      \else
        \HyPsd@StringSubst{\)}{\050}#1%
        \HyPsd@Subst){\050}#1%
        \let\HyPsd@empty\relax
        \HyPsd@StringSubst{\050}{\HyPsd@empty\string\)}#1%
      \fi
      \ifHy@unicode
        \HyPsd@StringSubst{\]}{\80\133}#1%
        \HyPsd@Subst]{\80\133}#1%
        \let\HyPsd@empty\relax
        \expandafter\HyPsd@StringSubst\csname 80\133\endcsname
          {\HyPsd@empty\80\133}#1%
      \else
        \HyPsd@StringSubst{\]}{\133}#1%
        \HyPsd@Subst]{\133}#1%
        \let\HyPsd@empty\relax
        \HyPsd@StringSubst{\133}{\HyPsd@empty\string\)}#1%
      \fi
      \ifHy@unicode
        \HyPsd@StringSubst{\[}{\80\135}#1%
        \HyPsd@Subst[{\80\135}#1%
        \let\HyPsd@empty\relax
        \expandafter\HyPsd@StringSubst\csname 80\135\endcsname
          {\HyPsd@empty\80\135}#1%
      \else
        \HyPsd@StringSubst{\[}{\135}#1%
        \HyPsd@Subst[{\135}#1%
        \let\HyPsd@empty\relax
        \HyPsd@StringSubst{\135}{\HyPsd@empty\string\)}#1%
      \fi
      \ifHy@unicode
        \HyPsd@StringSubst{\>}{\80\074}#1%
        \HyPsd@Subst>{\80\074}#1%
        \let\HyPsd@empty\relax
        \expandafter\HyPsd@StringSubst\csname 80\074\endcsname
          {\HyPsd@empty\80\074}#1%
      \else
        \HyPsd@StringSubst{\>}{\074}#1%
        \HyPsd@Subst>{\074}#1%
        \let\HyPsd@empty\relax
        \HyPsd@StringSubst{\074}{\HyPsd@empty\string\)}#1%
      \fi
      \ifHy@unicode
        \HyPsd@StringSubst{\<}{\80\076}#1%
        \HyPsd@Subst<{\80\076}#1%
        \let\HyPsd@empty\relax
        \expandafter\HyPsd@StringSubst\csname 80\076\endcsname
          {\HyPsd@empty\80\076}#1%
      \else
        \HyPsd@StringSubst{\<}{\076}#1%
        \HyPsd@Subst<{\076}#1%
        \let\HyPsd@empty\relax
        \HyPsd@StringSubst{\076}{\HyPsd@empty\string\)}#1%
      \fi
      \expandafter\HyPsd@Subst\expandafter{\/}\HyPsd@empty#1%
      \ltx@IfUndefined{@xspace}{%
      }{%
        \let\HyPsd@xspace\relax
        \expandafter\HyPsd@Subst\expandafter
          {\HyPsd@XSPACE}\HyPsd@xspace#1%
        \let\HyPsd@xspace\HyPsd@doxspace
      }%
      \xdef#1{#1\HyPsd@empty}%
      \HyPsd@Subst{---}\textemdash#1%
      \HyPsd@Subst{--}\textendash#1%
      \HyPsd@Subst{!`}\textexclamdown#1%
      \HyPsd@Subst{?`}\textquestiondown#1%
      \let\HyPsd@empty\@empty
      \ifHy@unicode
        \HyPsd@StringSubst\(\textparenright#1%
        \HyPsd@Subst(\textparenright#1%
      \else
        \HyPsd@StringSubst\({\051}#1%
        \HyPsd@Subst({\051}#1%
        \HyPsd@StringSubst{\051}{\string\(}#1%
      \fi
      \ifHy@unicode
        \edef\HyPsd@SPACEOPTI{\80\040}%
      \else
        \let\HyPsd@SPACEOPTI\HyPsd@spaceopti
      \fi
      \xdef#1{#1\@empty}%
    \fi
  \endgroup
  \begingroup
    \ifHy@unicode
      \HyPsd@ConvertToUnicode#1%
      \ifx\HyPsd@pdfencoding\HyPsd@pdfencoding@auto
        \ltx@IfUndefined{StringEncodingConvertTest}{%
        }{%
          \EdefUnescapeString\HyPsd@temp#1%
          \ifxetex
            \let\HyPsd@UnescapedString\HyPsd@temp
            \StringEncodingConvertTest\HyPsd@temp\HyPsd@temp
                                      {utf16be}{ascii-print}{%
              \EdefEscapeString\HyPsd@temp\HyPsd@temp
              \global\let#1\HyPsd@temp
              \HyPsd@EscapeTeX#1%
              \Hy@unicodefalse
            }{%
              \HyPsd@ToBigChars#1%
            }%
          \else
            \StringEncodingConvertTest\HyPsd@temp\HyPsd@temp
                                      {utf16be}{pdfdoc}{%
              \EdefEscapeString\HyPsd@temp\HyPsd@temp
              \global\let#1\HyPsd@temp
              \HyPsd@EscapeTeX#1%
              \Hy@unicodefalse
            }{}%
          \fi
        }%
      \fi
    \fi
    \HyPsd@XeTeXBigCharsfalse
    \pdfstringdefPostHook#1%
  \endgroup
  \let\L\LOld
}

Now everything suppose to work as expected.

Note: Line 3 is critical! you have to import hyperref manually (Don’t let LyX do it for you, because the order of the commands is critical)

This site is hosted by:

Jul 21 2012

LaTeX for SyntaxHighligther 3

I’m using a WordPress blog system, and I’m using WP SyntaxHighligther for syntax highlighting.

In the last few posts I’ve made, I had to paste a lot of latex code into them. The problem was that SyntaxHighligther (The script that WP SyntaxHighligther is based on) lacks support in latex highlighting.

Luckily enough, The SyntaxHighlighter script is very generic, which allowed me to just add my own latex brush into it.

You can find the brush here.

Just add a script tag to your HTML referencing this script and in SyntaxHighlighter “pre” command use the attribute class=”brush: latex;”.

% Example
\documentclass[english]{article}

\begin{document}
\title{Hello World!}
\author{DiGMi.org}
\maketitle
Hello this is an example: $\int_{a}^{b}xdx$.
\end{document}

I’ve also made a patch for  WP SyntaxHighligther which adds the brush. It can be found here. You might need to reset the settings. I’ve submitted a request to add it to the official WP SyntaxHighligther version, hopefully it will be added soon enough.