### Example Windhawk Mod Readme Content Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Illustrates a practical example of a Windhawk mod readme block. It demonstrates how to use Markdown for headings, bold text, and links to describe the mod's purpose and provide relevant details to users. ```text // ==WindhawkModReadme== /* # Your Awesome Mod This is a place for useful information about your mod. Use it to describe the mod, explain why it's useful, and add any other relevant details. You can use [Markdown](https://en.wikipedia.org/wiki/Markdown) to add links and **formatting** to the readme. */ // ==/WindhawkModReadme== ``` -------------------------------- ### Example Windhawk Mod Settings Configuration Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Provides a comprehensive example of a Windhawk mod's settings configuration in YAML. It demonstrates various setting types (boolean, number, string, arrays, nested options) and the use of metadata fields like `$name`, `$description`, and `$options` for user interface hints, including localization support. ```YAML // ==WindhawkModSettings== /* - BooleanOption: true $name: Example Boolean $description: An example boolean setting $description:uk-UA: Приклад логічного налаштування - NumberOption: 1234 - StringOption: Default string value - StringCombobox: option1 $options: - option1: First Option Description - option2: Second Option Description $options:uk-UA: - option1: Опис першого варіанту - option2: Опис другого варіанту - NestedOptions: - NumberNestedOption: 2345 - StringNestedOption: Nested option text - ArrayOfNumbers: [1, 2, 3] - ArrayOfStrings: [a, b, c] - ArrayOfStringComboboxes: [a, b, c] $options: - a: First Option Description - b: Second Option Description - c: Third Option Description - ArrayOfNestedOptions: - - NumberNestedOptionInArray: 3456 - StringNestedOptionInArray: Nested option in array text */ // ==/WindhawkModSettings== ``` -------------------------------- ### Install CodeLLDB Extension in Windhawk Source: https://github.com/ramensoftware/windhawk/wiki/Debugging-the-mods This command installs the CodeLLDB debugging extension within the Windhawk environment, enabling advanced debugging capabilities for mods. ```Shell ext install vadimcn.vscode-lldb ``` -------------------------------- ### Windhawk Mod Lifecycle Callback Functions Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Documents the essential callback functions that a Windhawk mod can implement to interact with the Windhawk engine at different stages of its lifecycle. These functions allow for initialization, cleanup, and dynamic response to settings changes. ```APIDOC Wh_ModInit() Description: The first callback function called by the Windhawk engine. It's invoked before the target process starts executing (unless the process is already running when the mod loads). Allows the mod to initialize and set up hooks using Wh_SetFunctionHook. Returns: BOOL - TRUE if initialization is successful; FALSE will cause the mod to be unloaded with no further callbacks. Wh_ModAfterInit() Description: Called after Wh_ModInit and after the Windhawk engine has completed setting up all hooks. Returns: void Wh_ModBeforeUninit() Description: Called when the mod is about to be unloaded, specifically before the Windhawk engine removes any active hooks. Returns: void Wh_ModUninit() Description: Called when the mod is about to be unloaded, after the Windhawk engine has removed all hooks. Returns: void Wh_ModSettingsChanged() Description: Called when the mod's settings are modified by the user. This allows the mod to load and apply the new settings dynamically. Variants: 1. void Wh_ModSettingsChanged() Returns: void 2. BOOL Wh_ModSettingsChanged(BOOL* bReload) Parameters: bReload: A pointer to a BOOL. If set to TRUE by the mod and the function returns TRUE, the mod will be reloaded after the callback. If the function returns FALSE, the mod will be unloaded for the target process until settings are changed again. Returns: BOOL - TRUE to indicate successful processing (and potentially reload if bReload is TRUE); FALSE to indicate the mod should be unloaded. ``` -------------------------------- ### Define Windhawk Mod Settings Block Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Outlines the structure for defining user-configurable settings within a Windhawk mod. Settings are specified in YAML format, allowing for a name and a default value, which can be changed by the user after installation. ```YAML // ==WindhawkModSettings== /* - SettingName: Default Value */ // ==/WindhawkModSettings== ``` -------------------------------- ### Windhawk Mod Storage: Binary Value API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Provides functions for handling raw binary data within the mod's local storage. This allows mods to persist arbitrary byte sequences. ```APIDOC Wh_GetBinaryValue(PCWSTR valueName, void* buffer, size_t bufferSize) Retrieves a binary value (raw bytes) from the mod's local storage. Parameters: valueName (PCWSTR): The name of the value to retrieve. buffer (void*): The buffer that will receive the value. bufferSize (size_t): The length of the buffer, in bytes. Returns (size_t): The number of bytes copied to the buffer. If the value doesn't exist, if the buffer is not large enough, or in case of an error, no data is copied and the return value is zero. Wh_SetBinaryValue(PCWSTR valueName, const void* buffer, size_t bufferSize) Stores a binary value (raw bytes) in the mod's local storage. Parameters: valueName (PCWSTR): The name of the value to store. buffer (const void*): An array of bytes containing the value to store. bufferSize (size_t): The size of the array of bytes. Returns (BOOL): A boolean value indicating whether the function succeeded. ``` -------------------------------- ### Windhawk Mod Storage: Get Storage Path API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Retrieves the file system path to the mod's dedicated storage directory. This directory can be used by the mod to store any necessary files, and it will be automatically removed when the mod is uninstalled. ```APIDOC Wh_GetModStoragePath(PWSTR pathBuffer, size_t bufferChars) Retrieves the mod's storage directory path. Parameters: pathBuffer (PWSTR): The buffer that will receive the path, terminated with a null character. bufferChars (size_t): The length of `pathBuffer`, in characters. The buffer must be large enough to include the terminating null character. Returns (size_t): The number of characters copied to the buffer, not including the terminating null character. If the buffer is not large enough or in case of an error, an empty string is returned. ``` -------------------------------- ### Windhawk Mod Metadata Block Specification Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Defines the structure and available keys for the metadata block required at the beginning of every Windhawk mod. This block provides essential information about the mod, such as its ID, name, version, author, and target processes. Some keys support localization. ```APIDOC Windhawk Mod Metadata Block: Format: // ==WindhawkMod== // @key value // ==/WindhawkMod== Example: // ==WindhawkMod== // @id new-mod // @name Your Awesome Mod // @description The best mod ever that does great things // @version 0.1 // @author You // @github https://github.com/nat // @twitter https://twitter.com/jack // @homepage https://your-personal-homepage.example.com/ // @include notepad.exe // ==/WindhawkMod== Keys: @id: Syntax: // @id mod-id-1 Description: Unique mod identifier. Must contain only 0-9, a-z, and hyphen (-). @name: Syntax: // @name The mod name Description: The mod's display name. Can be localized (e.g., @name:uk-UA). @description: Syntax: // @description The mod description Description: A short description of the mod. Can be localized (e.g., @description:fr-FR). @version: Syntax: // @version 1.0 Description: The mod's version number. Must increase with each new publication. @author: Syntax: // @author John Doe Description: The mod author's name or nickname. Can be localized. @github: Syntax: // @github https://github.com/nat Description: Link to the mod author's GitHub profile. @twitter: Syntax: // @twitter https://twitter.com/jack Description: Link to the mod author's Twitter profile. @homepage: Syntax: // @homepage https://your-personal-homepage.example.com/ Description: Link to the mod author's personal website. @include: Syntax: // @include notepad.exe // @include program-1.*.exe // @include C:\programs\*.exe // @include C:\Windows\explorer.exe Description: A list of executable file names/paths that the mod targets. The mod is loaded if the path matches an @include entry and no @exclude entry. Wildcards (* for any sequence, ? for any single character) are supported. Multiple entries allowed. @exclude: Syntax: // @exclude notepad.exe // @exclude program-1.*.exe // @exclude C:\programs\*.exe // // @exclude C:\Windows\explorer.exe Description: A list of executable file names/paths to be excluded from targeting. The mod is NOT loaded if the path matches an @exclude entry. Wildcards are supported. Multiple entries allowed. @architecture: Syntax: // @architecture x86 // @architecture x86-64 // @architecture amd64 // @architecture arm64 Description: A list of supported CPU architectures for the mod. If no @architecture entries are specified, it defaults to x86 and x86-64. Multiple entries allowed. - x86: Compiled as 32-bit (x86). - amd64: Compiled as 64-bit (x86-64). - arm64: Compiled as ARM64 (AArch64). Ignored on non-ARM64 devices. - x86-64: On non-ARM64, equivalent to amd64. On ARM64, if targeting specific system processes, equivalent to arm64; otherwise, equivalent to both amd64 and arm64. @compilerOptions: Syntax: // @compilerOptions -lcomctl32 -lgdi32 -luxtheme Description: Extra command-line parameters passed directly to the compiler during mod compilation. ``` ```APIDOC Mod Metadata Localization: Description: Some metadata entries (e.g., @name, @description, @author) can be localized for different languages using a language tag. Syntax: // @name Example mod // @name:uk-UA Приклад мод // @name:fr-FR Exemple de mod ``` -------------------------------- ### Windhawk User Settings API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Provides functions for retrieving user-defined settings for the mod. These settings can be configured by the user and may include printf-style format specifiers for dynamic value retrieval. A dedicated function is provided to free memory allocated for string settings. ```APIDOC Wh_GetIntSetting(PCWSTR valueName, ...) Retrieves an integer value from the mod's user settings. Parameters: valueName (PCWSTR): The name of the value to retrieve. It can optionally contain embedded printf-style format specifiers that are replaced by the values specified in subsequent additional arguments and formatted as requested. Returns (int): The retrieved integer value. If the value doesn't exist or in case of an error, the return value is zero. Wh_GetStringSetting(PCWSTR valueName, ...) Retrieves a string value from the mod's user settings. When no longer needed, free the memory with `Wh_FreeStringSetting`. Parameters: valueName (PCWSTR): The name of the value to retrieve. It can optionally contain embedded printf-style format specifiers that are replaced by the values specified in subsequent additional arguments and formatted as requested. Returns (PCWSTR): The retrieved string value. If the value doesn't exist or in case of an error, an empty string is returned. Wh_FreeStringSetting(PCWSTR string) Frees a string returned by `Wh_GetStringSetting`. Parameters: string (PCWSTR): The string to free. Returns (void): This function does not return a value. ``` -------------------------------- ### Windhawk Mod Storage: String Value API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Offers functions for managing string values in the mod's local storage. This includes retrieving strings into a provided buffer and storing new string values. ```APIDOC Wh_GetStringValue(PCWSTR valueName, PWSTR stringBuffer, size_t bufferChars) Retrieves a string value from the mod's local storage. Parameters: valueName (PCWSTR): The name of the value to retrieve. stringBuffer (PWSTR): The buffer that will receive the text, terminated with a null character. bufferChars (size_t): The length of `stringBuffer`, in characters. The buffer must be large enough to include the terminating null character. Returns (size_t): The number of characters copied to the buffer, not including the terminating null character. If the value doesn't exist, if the buffer is not large enough, or in case of an error, an empty string is returned. Wh_SetStringValue(PCWSTR valueName, PCWSTR value) Stores a string value in the mod's local storage. Parameters: valueName (PCWSTR): The name of the value to store. value (PCWSTR): A null-terminated string containing the value to store. Returns (BOOL): A boolean value indicating whether the function succeeded. ``` -------------------------------- ### Windhawk Symbol Lookup API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Provides functions to find, enumerate, and close symbol search handles for loaded modules. This allows retrieving information about functions and variables (symbols) within a module, including their addresses and decorated/undecorated names. ```C++ typedef struct tagWH_FIND_SYMBOL_OPTIONS { // Must be set to `sizeof(WH_FIND_SYMBOL_OPTIONS)`. size_t optionsSize; // The symbol server to query. Set to `NULL` to query the Microsoft public // symbol server. PCWSTR symbolServer; // Set to `TRUE` to only retrieve decorated symbols, making the enumeration // faster. Can be especially useful for very large modules such as Chrome or // Firefox. BOOL noUndecoratedSymbols; } WH_FIND_SYMBOL_OPTIONS; typedef struct tagWH_FIND_SYMBOL { void* address; PCWSTR symbol; PCWSTR symbolDecorated; } WH_FIND_SYMBOL; HANDLE Wh_FindFirstSymbol(HMODULE hModule, const WH_FIND_SYMBOL_OPTIONS* options, WH_FIND_SYMBOL* findData); - Returns information about the first symbol for the specified module handle. - Parameters: - hModule: A handle to the loaded module whose information is being requested. If this parameter is NULL, the module of the current process (.exe file) is used. - options: Can be used to customize the symbol enumeration. Pass NULL to use the default options. - findData: A pointer to a structure to receive the symbol information. - Returns: A search handle used in a subsequent call to Wh_FindNextSymbol or Wh_FindCloseSymbol. If no symbols are found or in case of an error, the return value is NULL. BOOL Wh_FindNextSymbol(HANDLE symSearch, WH_FIND_SYMBOL* findData); - Returns information about the next symbol for the specified search handle, continuing an enumeration from a previous call to Wh_FindFirstSymbol. - Parameters: - symSearch: A search handle returned by a previous call to Wh_FindFirstSymbol. - findData: A pointer to a structure to receive the symbol information. - Returns: A boolean value indicating whether symbol information was retrieved. If no more symbols are found or in case of an error, the return value is FALSE. void Wh_FindCloseSymbol(HANDLE symSearch); - Closes a file search handle opened by Wh_FindFirstSymbol. - Parameters: - symSearch: The search handle. If symSearch is NULL, the function does nothing. ``` -------------------------------- ### Windhawk Disassembly API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Provides a utility function to disassemble a machine instruction at a given memory address and format it into a human-readable textual representation. This is useful for analyzing executable code dynamically. ```C++ typedef struct tagWH_DISASM_RESULT { // The length of the decoded instruction. size_t length; // The textual, human-readable representation of the instruction. char text[96]; } WH_DISASM_RESULT; BOOL Wh_Disasm(void* address, WH_DISASM_RESULT* result); - Disassembles an instruction and formats it to human-readable text. - Parameters: - address: The address of the instruction to disassemble. - result: A pointer to a structure to receive the disassembly information. - Returns: A boolean value indicating whether the function succeeded. ``` -------------------------------- ### Define Windhawk Mod Readme Block Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Specifies the general format for including a readme block within a Windhawk mod. This block allows mod developers to provide information to users, supporting Markdown for formatting and links, with restrictions on image embedding domains. ```text // ==WindhawkModReadme== /* content */ // ==/WindhawkModReadme== ``` -------------------------------- ### Windhawk Mod Storage: Integer Value API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Provides functions for retrieving and storing integer values within the mod's local storage. These functions allow mods to persist simple integer configurations or states. ```APIDOC Wh_GetIntValue(PCWSTR valueName, int defaultValue) Retrieves an integer value from the mod's local storage. Parameters: valueName (PCWSTR): The name of the value to retrieve. defaultValue (int): The default value to be returned as a fallback if the value doesn't exist or an error occurs. Returns (int): The retrieved integer value. If the value doesn't exist or in case of an error, the provided default value is returned. Wh_SetIntValue(PCWSTR valueName, int value) Stores an integer value in the mod's local storage. Parameters: valueName (PCWSTR): The name of the value to store. value (int): The integer value to store. Returns (BOOL): A boolean value indicating whether the function succeeded. ``` -------------------------------- ### Windhawk Mod Storage: Delete Value API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Function to remove a specific value from the mod's local storage, regardless of its type. ```APIDOC Wh_DeleteValue(PCWSTR valueName) Deletes a value from the mod's local storage. Parameters: valueName (PCWSTR): The name of the value to delete. Returns (BOOL): A boolean value indicating whether the function succeeded. ``` -------------------------------- ### Windhawk Mod Logging API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Describes the `Wh_Log` macro, an API function available for Windhawk mods to output messages. These messages can be viewed in the editor's log output window if logging is enabled. The arguments are only evaluated when logging is active. ```APIDOC Wh_Log(message, ...) Description: Logs a message to the Windhawk editor log output window. Arguments are only evaluated if logging is enabled. Parameters: message: The primary message string. It can include printf-style format specifiers (e.g., %s, %d) which will be replaced by subsequent additional arguments. ...: Optional additional arguments corresponding to the format specifiers in the message string. Returns: void (macro) ``` -------------------------------- ### Defining Windhawk Hook Functions with Correct Calling Conventions Source: https://github.com/ramensoftware/windhawk/wiki/Development-tips This C++ example illustrates the critical importance of specifying the correct calling convention, typically `WINAPI` for WinAPI functions, when defining hook functions in Windhawk. It demonstrates how to declare a type alias for the original function, define a hook function with the appropriate calling convention, and then use `WindhawkUtils::SetFunctionHook` to apply the hook, emphasizing type safety and preventing common crash causes. ```cpp using FindWindowW_t = decltype(&FindWindowW); FindWindowW_t FindWindowW_Original; HWND WINAPI FindWindowW_Hook(LPCWSTR lpClassName, LPCWSTR lpWindowName) { // ... } BOOL Wh_ModInit() { // ... WindhawkUtils::SetFunctionHook(FindWindowW, FindWindowW_Hook, &FindWindowW_Original); // ... } ``` -------------------------------- ### Windhawk API: Common Mod Constants Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Documents essential constants used in Windhawk mods, including `WH_MOD_ID` for unique mod identification and `WH_MOD_VERSION` for version tracking. These constants are typically defined within the mod's source code. ```APIDOC WH_MOD_ID - Description: The unique identifier for the mod. - Example: `L"my-mod"` WH_MOD_VERSION - Description: The version string for the mod. - Example: `L"1.0"` ``` -------------------------------- ### Windhawk API: Retrieve URL Content and Data Structures Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Defines the `WH_GET_URL_CONTENT_OPTIONS` and `WH_URL_CONTENT` structures used for URL content retrieval, and the `Wh_GetUrlContent` function signature. This function fetches content from a given URL, allowing options for file output or direct memory return. Memory allocated by this function must be freed using `Wh_FreeUrlContent`. ```APIDOC typedef struct tagWH_GET_URL_CONTENT_OPTIONS { size_t optionsSize; // Must be set to `sizeof(WH_GET_URL_CONTENT_OPTIONS)`. PCWSTR targetFilePath; // The path to the file to which the content will be written. If set, the data will be written to the file and the `data` field of the returned struct will be `NULL`. If this field is `NULL`, the content will be returned in the `data` field. } WH_GET_URL_CONTENT_OPTIONS; typedef struct tagWH_URL_CONTENT { const char* data; // Pointer to the retrieved content data. size_t length; // Length of the content data in bytes. int statusCode; // HTTP status code of the response. } WH_URL_CONTENT; const WH_URL_CONTENT* Wh_GetUrlContent( PCWSTR url, const WH_GET_URL_CONTENT_OPTIONS* options); - url: The URL (PCWSTR) to retrieve content from. - options: Pointer to `WH_GET_URL_CONTENT_OPTIONS` for custom behavior, or `NULL` to use default options. - Returns: A pointer to `WH_URL_CONTENT` containing the retrieved content and status. Returns `NULL` in case of an error. ``` -------------------------------- ### Preventing Windhawk Mod Loading on Process Startup Source: https://github.com/ramensoftware/windhawk/wiki/Development-tips This C++ code snippet demonstrates how to prevent a Windhawk mod from loading immediately when a process starts, which is particularly useful for development with processes that automatically restart after crashes. The code checks if the currently running thread is the initial thread of the process and unloads the mod if it is, indicating a potential restart. ```cpp BOOL Wh_ModInit() { // Unload if loaded on process startup. #ifdef _WIN64 const size_t OFFSET_SAME_TEB_FLAGS = 0x17EE; #else const size_t OFFSET_SAME_TEB_FLAGS = 0x0FCA; #endif bool isInitialThread = *(USHORT*)((BYTE*)NtCurrentTeb() + OFFSET_SAME_TEB_FLAGS) & 0x0400; if (isInitialThread) { return FALSE; } // ... } ``` -------------------------------- ### Windhawk API: Free URL Content Memory Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Defines the `Wh_FreeUrlContent` function, which is used to release the memory allocated for URL content retrieved by `Wh_GetUrlContent`. This function is crucial for preventing memory leaks and should be called when the `WH_URL_CONTENT` object is no longer needed. ```APIDOC void Wh_FreeUrlContent(const WH_URL_CONTENT* content); - content: A pointer to the `WH_URL_CONTENT` struct to free. If `NULL`, the function performs no operation. ``` -------------------------------- ### Windhawk Function Hooking API Source: https://github.com/ramensoftware/windhawk/wiki/Creating-a-new-mod Provides functions to set, remove, and apply function hooks within Windhawk modules. These functions allow intercepting and modifying the behavior of target functions by redirecting calls to a custom detour function. Hook operations must be applied for changes to take effect. ```C++ BOOL Wh_SetFunctionHook(void* targetFunction, void* hookFunction, void** originalFunction); - Registers a hook for the specified target function. Can't be called after Wh_ModBeforeUninit returns. Registered hook operations can be applied with Wh_ApplyHookOperations. - Parameters: - targetFunction: A pointer to the target function, which will be overridden by the detour function. - hookFunction: A pointer to the detour function, which will override the target function. - originalFunction: A pointer to the trampoline function, which will be used to call the original target function. Can be NULL. - Returns: A boolean value indicating whether the function succeeded. BOOL Wh_RemoveFunctionHook(void* targetFunction); - Registers a hook to be removed for the specified target function. Can't be called before Wh_ModInit returns or after Wh_ModBeforeUninit returns. Registered hook operations can be applied with Wh_ApplyHookOperations. - Parameters: - targetFunction: A pointer to the target function, for which the hook will be removed. - Returns: A boolean value indicating whether the function succeeded. BOOL Wh_ApplyHookOperations(); - Applies hook operations registered by Wh_SetFunctionHook and Wh_RemoveFunctionHook. Called automatically by Windhawk after Wh_ModInit. Can't be called before Wh_ModInit returns or after Wh_ModBeforeUninit returns. Note: This function is very slow, avoid using it if possible. Ideally, all hooks should be set in Wh_ModInit and this function should never be used. - Returns: A boolean value indicating whether the function succeeded. ``` -------------------------------- ### WindhawkUtils Class Reference Source: https://github.com/ramensoftware/windhawk/wiki/Development-tips Reference for key utility functions provided by the `WindhawkUtils` class in `windhawk_utils.h`, designed to simplify common mod development tasks like symbol hooking, window subclassing, and function hooking, as well as managing string settings. ```APIDOC WindhawkUtils::HookSymbols - Description: A simpler alternative for symbol loading and hooking. Uses `Wh_FindFirstSymbol`/`Wh_FindNextSymbol` and `Wh_SetFunctionHook`. Implements caching to optimize slow symbol enumeration, performing it only once per binary version. WindhawkUtils::SetWindowSubclassFromAnyThread - Description: Similar to `SetWindowSubclass`, but can be safely called from any thread. This addresses the limitation of `SetWindowSubclass` which cannot be used to subclass a window across different threads. WindhawkUtils::SetFunctionHook - Description: A strong-type wrapper for `Wh_SetFunctionHook`. This utility helps in omitting explicit casts and significantly reduces the risk of mistakes such as signature mismatches when defining and applying function hooks. WindhawkUtils::StringSetting - Description: A RAII (Resource Acquisition Is Initialization) wrapper designed for string settings. It automatically loads a string value from settings using `Wh_GetStringSetting` and ensures that `Wh_FreeStringSetting` is called upon its destruction, managing memory automatically. ``` -------------------------------- ### CodeLLDB Launch Configuration: Attach to Running Process Source: https://github.com/ramensoftware/windhawk/wiki/Debugging-the-mods This JSON configuration snippet outlines the essential settings for a CodeLLDB launch.json file to attach the debugger to an already running process. It allows specifying the program path or dynamically picking a process by PID. ```JSON { "request": "attach", "program": "${workspaceFolder}/path/to/your/program.exe", "pid": "${command:pickMyProcess}" // Alternative to 'program' for picking from a list } ``` -------------------------------- ### CodeLLDB Launch Configuration: Run Process in Debug Mode Source: https://github.com/ramensoftware/windhawk/wiki/Debugging-the-mods This JSON configuration snippet provides the necessary settings for a CodeLLDB launch.json file to launch a new process directly in debug mode. It requires specifying the executable's path. ```JSON { "request": "launch", "program": "C:\\Path\\To\\Your\\Program.exe" } ``` -------------------------------- ### Including phnt Native API Headers in C/C++ Source: https://github.com/ramensoftware/windhawk/blob/main/src/windhawk/engine/libraries/phnt/README.md This snippet demonstrates the standard way to include the `phnt_windows.h` and `phnt.h` header files in a C/C++ program. `phnt_windows.h` provides Win32 API access and `NTSTATUS` values, while `phnt.h` grants access to the full Native API. These headers are designed for user-mode programs. ```C #include #include ``` -------------------------------- ### Configure PHNT Interface Library with CMake Source: https://github.com/ramensoftware/windhawk/blob/main/src/windhawk/engine/libraries/phnt/CMakeLists.txt This CMake snippet defines an interface library named 'phnt'. It specifies the minimum required CMake version, adds the current directory to its include paths, and links it against 'ntdll.lib'. An alias 'phnt::phnt' is also created for convenient referencing in other CMake targets. ```CMake cmake_minimum_required(VERSION 3.5) project(phnt) add_library(phnt INTERFACE) target_include_directories(phnt INTERFACE "${CMAKE_CURRENT_LIST_DIR}") target_link_libraries(phnt INTERFACE "ntdll.lib") add_library(phnt::phnt ALIAS phnt) ``` -------------------------------- ### Defining Target Windows Version for phnt Native API in C/C++ Source: https://github.com/ramensoftware/windhawk/blob/main/src/windhawk/engine/libraries/phnt/README.md This code block illustrates how to specify the target Windows operating system version when using the `phnt` Native API headers. By defining `PHNT_VERSION` to one of the provided macros (e.g., `PHNT_WINXP`, `PHNT_WIN11`), developers can control which Native API definitions are included, ensuring compatibility with specific Windows versions beyond the default Windows XP. ```C #define PHNT_VERSION PHNT_WINXP // Windows XP #define PHNT_VERSION PHNT_WS03 // Windows Server 2003 #define PHNT_VERSION PHNT_VISTA // Windows Vista #define PHNT_VERSION PHNT_WIN7 // Windows 7 #define PHNT_VERSION PHNT_WIN8 // Windows 8 #define PHNT_VERSION PHNT_WINBLUE // Windows 8.1 #define PHNT_VERSION PHNT_THRESHOLD // Windows 10 #define PHNT_VERSION PHNT_WIN11 // Windows 11 ``` -------------------------------- ### Configure Windhawk Mod Compiler Options for Debugging Source: https://github.com/ramensoftware/windhawk/wiki/Debugging-the-mods To enable proper debugging of a Windhawk mod, it must be compiled with specific flags. These options ensure that the compiled mod includes necessary debugging symbols and disables optimizations that might hinder debugging. ```Configuration --optimize=0 --debug ``` -------------------------------- ### System Processes Excluded from Pattern-Based Mod Targets in Windhawk Source: https://github.com/ramensoftware/windhawk/wiki/Injection-targets-and-critical-system-processes This list specifies system processes that are not excluded from Windhawk injection by default but are specifically excluded from pattern-based mod targeting. This prevents mods from being loaded into these processes unless explicitly configured, mitigating potential compatibility issues and ensuring system stability. ```System Paths %systemroot%\system32\svchost.exe %systemroot%\syswow64\svchost.exe %systemroot%\system32\werfault.exe %systemroot%\syswow64\werfault.exe %systemroot%\system32\winlogon.exe ``` -------------------------------- ### Well-Known Games Excluded from Windhawk Injection Source: https://github.com/ramensoftware/windhawk/wiki/Injection-targets-and-critical-system-processes This list contains paths to popular games that are typically incompatible with Windhawk's code injection, primarily due to anti-cheat mechanisms or other game-specific protections. Entries include both 32-bit and 64-bit program file paths to ensure comprehensive exclusion, preventing issues like game crashes or anti-cheat detections. ```System Paths ?:\Program Files\2K Games\* ?:\Program Files\Activision\* ?:\Program Files\Battle.net\* ?:\Program Files\Bethesda Softworks\* ?:\Program Files\Bethesda.net Launcher\* ?:\Program Files\Blizzard Entertainment\* ?:\Program Files\EA Games\* ?:\Program Files\EA\* ?:\Program Files\EasyAntiCheat_EOS\* ?:\Program Files\Electronic Arts\* ?:\Program Files\Epic Games\* ?:\Program Files\GOG Galaxy\* ?:\Program Files\Grinding Gear Games\* ?:\Program Files\Microsoft Games\* ?:\Program Files\Origin Games\* ?:\Program Files\Paradox Interactive\* ?:\Program Files\Riot Games\* ?:\Program Files\Rockstar Games\* ?:\Program Files\Square Enix\* ?:\Program Files\Steam\* ?:\Program Files\Ubisoft\* ?:\Program Files\Valve\* ?:\Program Files\Wargaming.net\* ?:\Epic Games\* ?:\Games\* ?:\Riot Games\* ?:\WindowsApps\Microsoft.MinecraftUWP_**\* ?:\WindowsApps\Microsoft.SunriseBaseGame_**\* *\steamapps\common\* ``` -------------------------------- ### Programs Known to Be Incompatible with Windhawk Source: https://github.com/ramensoftware/windhawk/wiki/Injection-targets-and-critical-system-processes This list identifies specific programs that are known to conflict with Windhawk's operations, often due to their internal mechanisms or security measures. It is recommended to avoid using Windhawk with these applications to prevent unexpected behavior or crashes. ```System Paths %ProgramFiles%\Oracle\VirtualBox\* %ProgramFiles(X86)%\Oracle\VirtualBox\* ``` -------------------------------- ### Critical System Processes for Windhawk Exclusion Source: https://github.com/ramensoftware/windhawk/wiki/Injection-targets-and-critical-system-processes This list enumerates system processes that are essential for the operating system's stability and proper functioning. These processes are typically excluded from Windhawk's modifications to prevent system instability and ensure reliable operation. ```System Paths %systemroot%\system32\autochk.exe %systemroot%\syswow64\autochk.exe %systemroot%\system32\chkdsk.exe %systemroot%\syswow64\chkdsk.exe %systemroot%\system32\consent.exe %systemroot%\system32\csrss.exe %systemroot%\system32\doskey.exe %systemroot%\syswow64\doskey.exe %systemroot%\system32\dwm.exe %systemroot%\system32\fontdrvhost.exe %systemroot%\system32\logonui.exe %systemroot%\system32\lsaiso.exe %systemroot%\system32\lsass.exe %systemroot%\system32\searchindexer.exe %systemroot%\syswow64\searchindexer.exe %systemroot%\system32\searchprotocolhost.exe %systemroot%\syswow64\searchprotocolhost.exe %systemroot%\system32\services.exe %systemroot%\system32\setupcl.exe %systemroot%\system32\smss.exe %systemroot%\system32\spoolsv.exe %systemroot%\system32\taskhostw.exe %systemroot%\system32\werfaultsecure.exe %systemroot%\syswow64\werfaultsecure.exe %systemroot%\system32\wermgr.exe %systemroot%\syswow64\wermgr.exe %systemroot%\system32\wininit.exe %systemroot%\system32\winrshost.exe %systemroot%\syswow64\winrshost.exe %systemroot%\system32\wbem\wmiprvse.exe %systemroot%\syswow64\wbem\wmiprvse.exe %systemroot%\system32\wsmprovhost.exe %systemroot%\syswow64\wsmprovhost.exe ``` -------------------------------- ### Control Windhawk Application State Source: https://github.com/ramensoftware/windhawk/wiki/Command-line-flags These command-line flags provide control over the Windhawk application's lifecycle, allowing users to exit the application, restart it (optionally in tray mode), or launch it in a safe mode for troubleshooting purposes. ```Command Line windhawk.exe -exit [-wait] windhawk.exe -restart [-tray-only] windhawk.exe -safe-mode ``` -------------------------------- ### Run Windhawk in Tray Mode Source: https://github.com/ramensoftware/windhawk/wiki/Command-line-flags This flag allows Windhawk to run in the system tray without opening its main window, which is useful for background operation or when the GUI is not desired. ```Command Line windhawk.exe -tray-only ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.