; injection caves

use32
include "%INCLUDE%\MACRO\STRUCT.INC"
include "%INCLUDE%\MACRO\STDCALL.INC"
include "%INCLUDE%\EQUATES\KERNEL32.INC"
include "%INCLUDE%\EQUATES\USER32.INC"
include "%INCLUDE%\EQUATES\GDI32.INC"

vaOvertype = $86254 ; RVA
vaOvertypeFlip = $400000 + $2000 + $1080
vaLock = $400000 + $2000 + $1084

align 40h
devedit_50885E00:	; called by 50804775
	call	@F
@@:	pop	ecx
	add	ecx,(vaOvertype - $85E00 - $5)

	; decide the appropriate caret position:
	; - if we are in INS mode, the caret should appear below the character (bottom left)
	; - if we are in OVR mode, the caret should appear over the character (top left)

	; check if we are in OVR mode
	cmp	byte [ecx],0
	jne	.no_inc 	; don't increase if we are in OVR mode
	inc	edi
.no_inc:
	mov	eax,[esi+$160]
	imul	edi,[eax+$040]
	mov	eax,[esi+$0C8]

	cmp	byte [ecx],0
	jne	.no_inc2	; don't increase if we are in OVR mode
	dec	edi
.no_inc2:
	inc	ebx		; increase height
	retn

align 40h
devedit_50885E40:	; called by 508071A7, 50842F44, 5084388C
	call	@F
@@:	pop	ecx
	sub	ecx,$85E40 + $5
	cmp	byte [ecx+vaOvertype],0
	je	.normal

	; decide which caret to make
	; - if we are in INS mode, make a horizontal line caret
	; - if we are in OVR mode, make a rectangular block caret

	; block caret (overwrite made)
	push	dword [eax+40h] ; nHeight
	push	dword [eax+54h] ; nWidth
	jmp	.rest

.normal:; regular horizontal caret (insert mode)
	push	2		; nHeight
	push	dword [eax+54h] ; nWidth

.rest:	; rest of the call (static)
	push	0		; hBitmap
	push	dword [esi+20h] ; hWnd
	call	dword [ecx+$2344];CreateCaret ($50802344)

	retn

align 40h
GetActiveWindow = $23E4
EnableWindow = $23F4
SetFocus = $231C
GetFocus = $23E0
SendMessage = $23F8
PostMessage = $23AC
GetClientRect = $23EC
SetWindowPos = $2320
InvalidateRect = $235C
UpdateWindow = $23DC
GetParent = $239C
DestroyCaret = $2340
CreateCaret = $2344
GetCaretPos = $23FC
SetCaretPos = $22C8
GetDC = $23D0
ReleaseDC = $2374
GetTextExtentPoint32 = $2404
SelectObject = $240C
GetAsyncKeyState = $229C
GetParent = $239C

devedit_50885E80:	; called by 508072BA (82BA)
	push	ebx
	push	ebp
	call	@F
@@:	pop	ebp
	sub	ebp,$85E80 + $5 + $1 + $1

	; redraw only if new settings differ from current ones
	mov	eax,[esp+8]
	cmp	eax,[ebp+vaOvertype]
	je	.noredraw

	; make sure we don't go into an infinite loop
	cmp	dword [vaLock],0
	ja	.noredraw

	inc	dword [vaLock]

	; change caret if user pressed Insert key
	stdcall dword [ebp+GetAsyncKeyState],VK_INSERT
	and	eax,1
	push	eax
	xor	[ebp+vaOvertype],eax

	; get handle to edit control
	call	dword [ebp+GetFocus]
	mov	ebx,eax
	; disabling/enabling window causes caret to refresh
	stdcall dword [ebp+EnableWindow],ebx,0
	stdcall dword [ebp+EnableWindow],ebx,1
	stdcall dword [ebp+SetFocus],ebx
	pop	eax
	xor	[ebp+vaOvertype],eax
	dec	dword [vaLock]

.noredraw:
	pop	ebp
	pop	ebx
	mov	eax,[esp+8]
	push	dword [esp]
	mov	[esp+4],eax
	retn