ansicon/ANSI.c

/*
  ANSI.c - ANSI escape sequence console driver.

  Jason Hood, 21 & 22 October, 2005.

  Derived from ANSI.xs by Jean-Louis Morel, from his Perl package
  Win32::Console::ANSI.  I removed the codepage conversion ("\e(") and added
  WriteConsole hooking.

  v1.01, 11 & 12 March, 2006:
    disable when console has disabled processed output;
    \e[5m (blink) is the same as \e[4m (underline);
    do not conceal control characters (0 to 31);
    \e[m will restore original color.

  v1.10, 22 February, 2009:
    fix MyWriteConsoleW for strings longer than the buffer;
    initialise attributes to current;
    hook into child processes.

  v1.11, 28 February, 2009:
    fix hooking into child processes (only do console executables).

  v1.12, 9 March, 2009:
    really fix hooking (I didn't realise MinGW didn't generate relocations).

  v1.13, 21 & 27 March, 2009:
    alternate injection method, to work with DEP;
    use Unicode and the current output code page (not OEMCP).

  v1.14, 3 April, 2009:
    fix test for empty import section.

  v1.15, 17 May, 2009:
    properly update lpNumberOfCharsWritten in MyWriteConsoleA.

  v1.20, 26 & 29 May, 17 to 21 June, 2009:
    create an ANSICON environment variable;
    hook GetEnvironmentVariable to create ANSICON dynamically;
    use another injection method.

  v1.22, 5 October, 2009:
    hook LoadLibrary to intercept the newly loaded functions.

  v1.23, 11 November, 2009:
    unload gracefully;
    conceal characters by making foreground same as background;
    reverse the bold/underline attributes, too.

  v1.25, 15, 20 & 21 July, 2010:
    hook LoadLibraryEx (now cscript works);
    Win7 support.

  v1.30, 3 August to 7 September, 2010:
    x64 support.

  v1.31, 13 & 19 November, 2010:
    fix multibyte conversion problems.

  v1.32, 4 to 22 December, 2010:
    test for lpNumberOfCharsWritten/lpNumberOfBytesWritten being NULL;
    recognise DSR and xterm window title;
    ignore sequences starting with \e[? & \e[>;
    close the handles opened by CreateProcess.

  v1.40, 25 & 26 February, 1 March, 2011:
    hook GetProcAddress, addresses issues with .NET (work with PowerShell);
    implement SO & SI to use the DEC Special Graphics Character Set (enables
     line drawing via ASCII); ignore \e(X & \e)X (where X is any character);
    add \e[?25h & \e[?25l to show/hide the cursor (DECTCEM).

  v1.50, 7 to 14 December, 2011:
    added dynamic environment variable ANSICON_VER to return version;
    read ANSICON_EXC environment variable to exclude selected modules;
    read ANSICON_GUI environment variable to hook selected GUI programs;
    read ANSICON_DEF environment variable to set the default GR;
    transfer current GR to child, read it on exit.

  v1.51, 15 January, 5, 22 & 24 February, 2012:
    added log mask 16 to log all the imported modules of imported modules;
    ignore the version within the core API DLL names;
    fix 32-bit process trying to identify 64-bit process;
    hook _lwrite & _hwrite.

  v1.52, 10 April, 1 & 2 June, 2012:
    use ansicon.exe to enable 32-bit to inject into 64-bit;
    implement \e[39m & \e[49m (only setting color, nothing else);
    added the character/line equivalents (keaj`) of the cursor movement
     sequences (ABCDG), as well as vertical absolute (d) and erase characters
     (X).

  v1.53, 12 June, 2012:
    fixed Update_GRM when running multiple processes (e.g. "cl /MP").

  v1.60, 22 to 24 November, 2012:
    alternative method to obtain LLW for 64->32 injection;
    support for VC6 (remove section pragma, rename isdigit to is_digit).

  v1.61, 14 February, 2013:
    go back to using ANSI-LLW.exe for 64->32 injection.

  v1.62, 17 & 18 July, 2013:
    another method to obtain LLW for 64->32 injection.

  v1.64, 2 August, 2013:
    better method of determining a console handle (see IsConsoleHandle).

  v1.65, 28 August, 2013:
    fix \e[K (was using window, not buffer).

  v1.66, 20 & 21 September, 2013:
    fix 32-bit process trying to detect 64-bit process.

  v1.70, 25 January to 26 February, 2014:
    don't hook ourself from LoadLibrary or LoadLibraryEx;
    update the LoadLibraryEx flags that should not cause hooking;
    inject by manipulating the import directory table; for 64-bit AnyCPU use
     ntdll's LdrLoadDll via CreateRemoteThread;
    restore original attributes on detach (for LoadLibrary/FreeLibrary usage);
    log: remove the quotes around the CreateProcess command line string and
	  distinguish NULL and "" args;
    attributes (and saved position) are local to each console window;
    exclude entire programs, by not using an extension in ANSICON_EXC;
    hook modules injected via CreateRemoteThread+LoadLibrary;
    hook all modules loaded due to LoadLibrary, not just the specified;
    don't hook a module that's already hooked us;
    better parsing of escape & CSI sequences;
    ignore xterm 38 & 48 SGR values;
    change G1 blank from space to U+00A0 - No-Break Space;
    use window height, not buffer;
    added more sequences;
    don't add a newline immediately after a wrap;
    restore cursor visibility on unload.

  v1.71, 23 October, 2015:
    add _CRT_NON_CONFORMING_WCSTOK define for VS2015.

  v1.72, 14 to 24 December, 2015:
    recognize the standard handle defines in WriteFile;
    minor speed improvement by caching GetConsoleMode;
    keep track of three handles (ostensibly stdout, stderr and a file);
    test a DOS header exists before writing to e_oemid;
    more flexible/robust handling of data directories;
    files writing to the console will always succeed;
    log: use API file functions and a custom printf;
	 add a blank line between processes;
	 set function name for MyWriteConsoleA;
    scan imports from "kernel32" (without extension);
    added dynamic environment variable CLICOLOR;
    removed _hwrite (it's the same address as _lwrite);
    join multibyte characters split across separate writes;
    remove wcstok, avoiding potential interference with the host;
    similarly, use a private heap instead of malloc.

  v1.80, 26 to 28 October, 2017:
    fix unloading;
    revert back to (re)storing buffer cursor position;
    increase cache to five handles.
*/

#include "ansicon.h"
#include "version.h"
#include <tlhelp32.h>

#define is_digit(c) ('0' <= (c) && (c) <= '9')

// ========== Global variables and constants

HANDLE	hConOut;		// handle to CONOUT$
WORD	orgattr;		// original attributes
DWORD	orgmode;		// original mode
CONSOLE_CURSOR_INFO orgcci;	// original cursor state
HANDLE	hHeap;			// local memory heap

#define CACHE	5
struct
{
  HANDLE h;
  DWORD  mode;
} cache[CACHE];

#define ESC	'\x1B'          // ESCape character
#define BEL	'\x07'
#define SO	'\x0E'          // Shift Out
#define SI	'\x0F'          // Shift In

#define MAX_ARG 16		// max number of args in an escape sequence
int   state;			// automata state
TCHAR prefix;			// escape sequence prefix ( '[', ']' or '(' );
TCHAR prefix2;			// secondary prefix ( '?' or '>' );
TCHAR suffix;			// escape sequence suffix
TCHAR suffix2;			// escape sequence secondary suffix
int   es_argc;			// escape sequence args count
int   es_argv[MAX_ARG]; 	// escape sequence args
TCHAR Pt_arg[MAX_PATH*2];	// text parameter for Operating System Command
int   Pt_len;
BOOL  shifted;
int   screen_top = -1;		// initial window top when cleared


// DEC Special Graphics Character Set from
// http://vt100.net/docs/vt220-rm/table2-4.html
// Some of these may not look right, depending on the font and code page (in
// particular, the Control Pictures probably won't work at all).
const WCHAR G1[] =
{
  L'\x00a0',    // _ - No-Break Space
  L'\x2666',    // ` - Black Diamond Suit
  L'\x2592',    // a - Medium Shade
  L'\x2409',    // b - HT
  L'\x240c',    // c - FF
  L'\x240d',    // d - CR
  L'\x240a',    // e - LF
  L'\x00b0',    // f - Degree Sign
  L'\x00b1',    // g - Plus-Minus Sign
  L'\x2424',    // h - NL
  L'\x240b',    // i - VT
  L'\x2518',    // j - Box Drawings Light Up And Left
  L'\x2510',    // k - Box Drawings Light Down And Left
  L'\x250c',    // l - Box Drawings Light Down And Right
  L'\x2514',    // m - Box Drawings Light Up And Right
  L'\x253c',    // n - Box Drawings Light Vertical And Horizontal
  L'\x00af',    // o - SCAN 1 - Macron
  L'\x25ac',    // p - SCAN 3 - Black Rectangle
  L'\x2500',    // q - SCAN 5 - Box Drawings Light Horizontal
  L'_',         // r - SCAN 7 - Low Line
  L'_',         // s - SCAN 9 - Low Line
  L'\x251c',    // t - Box Drawings Light Vertical And Right
  L'\x2524',    // u - Box Drawings Light Vertical And Left
  L'\x2534',    // v - Box Drawings Light Up And Horizontal
  L'\x252c',    // w - Box Drawings Light Down And Horizontal
  L'\x2502',    // x - Box Drawings Light Vertical
  L'\x2264',    // y - Less-Than Or Equal To
  L'\x2265',    // z - Greater-Than Or Equal To
  L'\x03c0',    // { - Greek Small Letter Pi
  L'\x2260',    // | - Not Equal To
  L'\x00a3',    // } - Pound Sign
  L'\x00b7',    // ~ - Middle Dot
};

#define FIRST_G1 '_'
#define LAST_G1  '~'


// color constants

#define FOREGROUND_BLACK 0
#define FOREGROUND_WHITE FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE

#define BACKGROUND_BLACK 0
#define BACKGROUND_WHITE BACKGROUND_RED|BACKGROUND_GREEN|BACKGROUND_BLUE

const BYTE foregroundcolor[8] =
{
  FOREGROUND_BLACK,			// black foreground
  FOREGROUND_RED,			// red foreground
  FOREGROUND_GREEN,			// green foreground
  FOREGROUND_RED | FOREGROUND_GREEN,	// yellow foreground
  FOREGROUND_BLUE,			// blue foreground
  FOREGROUND_BLUE | FOREGROUND_RED,	// magenta foreground
  FOREGROUND_BLUE | FOREGROUND_GREEN,	// cyan foreground
  FOREGROUND_WHITE			// white foreground
};

const BYTE backgroundcolor[8] =
{
  BACKGROUND_BLACK,			// black background
  BACKGROUND_RED,			// red background
  BACKGROUND_GREEN,			// green background
  BACKGROUND_RED | BACKGROUND_GREEN,	// yellow background
  BACKGROUND_BLUE,			// blue background
  BACKGROUND_BLUE | BACKGROUND_RED,	// magenta background
  BACKGROUND_BLUE | BACKGROUND_GREEN,	// cyan background
  BACKGROUND_WHITE,			// white background
};

const BYTE attr2ansi[8] =		// map console attribute to ANSI number
{
  0,					// black
  4,					// blue
  2,					// green
  6,					// cyan
  1,					// red
  5,					// magenta
  3,					// yellow
  7					// white
};


typedef struct
{
  BYTE	foreground;	// ANSI base color (0 to 7; add 30)
  BYTE	background;	// ANSI base color (0 to 7; add 40)
  BYTE	bold;		// console FOREGROUND_INTENSITY bit
  BYTE	underline;	// console BACKGROUND_INTENSITY bit
  BYTE	rvideo; 	// swap foreground/bold & background/underline
  BYTE	concealed;	// set foreground/bold to background/underline
  BYTE	reverse;	// swap console foreground & background attributes
  BYTE	crm;		// showing control characters?
  COORD SavePos;	// saved cursor position
} STATE, *PSTATE;

PSTATE pState;
HANDLE hMap;

void set_ansicon( PCONSOLE_SCREEN_BUFFER_INFO );


void get_state( void )
{
  TCHAR  buf[64];
  HWND	 hwnd;
  BOOL	 init;
  HANDLE hConOut;
  CONSOLE_SCREEN_BUFFER_INFO csbi;
  static STATE state;	// on the odd chance file mapping fails

  if (pState != NULL)
    return;

  hwnd = GetConsoleWindow();
  if (hwnd == NULL)
    return;

  wsprintf( buf, L"ANSICON_State_%X", PtrToUint( hwnd ) );
  hMap = CreateFileMapping( INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE,
			    0, sizeof(STATE), buf );
  if (hMap == NULL)
  {
  no_go:
    DEBUGSTR( 1, "File mapping failed (%u) - using default state",
		 GetLastError() );
    pState = &state;
    goto do_init;
  }
  init = (GetLastError() != ERROR_ALREADY_EXISTS);

  pState = MapViewOfFile( hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0 );
  if (pState == NULL)
  {
    CloseHandle( hMap );
    hMap = NULL;
    goto no_go;
  }

  if (init)
  {
  do_init:
    hConOut = CreateFile( L"CONOUT$", GENERIC_READ | GENERIC_WRITE,
				      FILE_SHARE_READ | FILE_SHARE_WRITE,
				      NULL, OPEN_EXISTING, 0, NULL );
    if (!GetConsoleScreenBufferInfo( hConOut, &csbi ))
    {
      DEBUGSTR( 1, "Failed to get screen buffer info (%u) - assuming defaults",
		   GetLastError() );
      csbi.wAttributes	   = 7;
      csbi.dwSize.X	   = 80;
      csbi.dwSize.Y	   = 300;
      csbi.srWindow.Left   = 0;
      csbi.srWindow.Right  = 79;
      csbi.srWindow.Top    = 0;
      csbi.srWindow.Bottom = 24;
    }
    if (GetEnvironmentVariable( L"ANSICON_REVERSE", NULL, 0 ))
    {
      SetEnvironmentVariable( L"ANSICON_REVERSE", NULL );
      pState->reverse	 = TRUE;
      pState->foreground = attr2ansi[(csbi.wAttributes >> 4) & 7];
      pState->background = attr2ansi[csbi.wAttributes & 7];
      pState->bold	 = (csbi.wAttributes & BACKGROUND_INTENSITY) >> 4;
      pState->underline  = (csbi.wAttributes & FOREGROUND_INTENSITY) << 4;
    }
    else
    {
      pState->foreground = attr2ansi[csbi.wAttributes & 7];
      pState->background = attr2ansi[(csbi.wAttributes >> 4) & 7];
      pState->bold	 = csbi.wAttributes & FOREGROUND_INTENSITY;
      pState->underline  = csbi.wAttributes & BACKGROUND_INTENSITY;
    }
    if (!GetEnvironmentVariable( L"ANSICON_DEF", NULL, 0 ))
    {
      TCHAR  def[4];
      LPTSTR a = def;
      if (pState->reverse)
      {
	*a++ = '-';
	csbi.wAttributes = ((csbi.wAttributes >> 4) & 15)
			 | ((csbi.wAttributes & 15) << 4);
      }
      wsprintf( a, L"%X", csbi.wAttributes & 255 );
      SetEnvironmentVariable( L"ANSICON_DEF", def );
    }
    set_ansicon( &csbi );
    CloseHandle( hConOut );
  }
}


// Search an environment variable for a string.
BOOL search_env( LPCTSTR var, LPCTSTR val )
{
  static LPTSTR env;
  static DWORD	env_len;
  DWORD  len;
  BOOL	 not;
  LPTSTR end;

  len = GetEnvironmentVariable( var, env, env_len );
  if (len == 0)
    return FALSE;

  if (len > env_len)
  {
    LPTSTR tmp = (env == NULL) ? HeapAlloc( hHeap, 0, TSIZE(len) )
			       : HeapReAlloc( hHeap, 0, env, TSIZE(len) );
    if (tmp == NULL)
      return FALSE;
    env = tmp;
    env_len = (DWORD)HeapSize( hHeap, 0, env );
    GetEnvironmentVariable( var, env, env_len );
  }

  not = (*env == '!');
  if (not && env[1] == '\0')
    return TRUE;

  end = env + not;
  while (*end != '\0')
  {
    var = end;
    do
    {
      if (*end++ == ';')
      {
	end[-1] = '\0';
	break;
      }
    } while (*end != '\0');
    if (_wcsicmp( val, var ) == 0)
      return !not;
  }

  return not;
}


// ========== Print Buffer functions

#define BUFFER_SIZE 2048

int   nCharInBuffer;
WCHAR ChBuffer[BUFFER_SIZE];
WCHAR ChPrev;
BOOL  fWrapped;

//-----------------------------------------------------------------------------
//   FlushBuffer()
// Writes the buffer to the console and empties it.
//-----------------------------------------------------------------------------

void FlushBuffer( void )
{
  DWORD nWritten;

  if (nCharInBuffer <= 0) return;

  if (pState->crm)
  {
    DWORD mode;
    GetConsoleMode( hConOut, &mode );
    SetConsoleMode( hConOut, mode & ~ENABLE_PROCESSED_OUTPUT );
    WriteConsole( hConOut, ChBuffer, nCharInBuffer, &nWritten, NULL );
    SetConsoleMode( hConOut, mode );
  }
  else
  {
    HANDLE hConWrap;
    CONSOLE_CURSOR_INFO cci;
    CONSOLE_SCREEN_BUFFER_INFO csbi;

    if (nCharInBuffer < 4)
    {
      LPWSTR b = ChBuffer;
      do
      {
	WriteConsole( hConOut, b, 1, &nWritten, NULL );
	if (*b != '\r' && *b != '\b' && *b != '\a')
	{
	  GetConsoleScreenBufferInfo( hConOut, &csbi );
	  if (csbi.dwCursorPosition.X == 0)
	    fWrapped = TRUE;
	}
      } while (++b, --nCharInBuffer);
    }
    else
    {
      // To detect wrapping of multiple characters, create a new buffer, write
      // to the top of it and see if the cursor changes line.  This doesn't
      // always work on the normal buffer, since if you're already on the last
      // line, wrapping scrolls everything up and still leaves you on the last.
      hConWrap = CreateConsoleScreenBuffer( GENERIC_READ|GENERIC_WRITE, 0, NULL,
					    CONSOLE_TEXTMODE_BUFFER, NULL );
      // Even though the buffer isn't visible, the cursor still shows up.
      cci.dwSize = 1;
      cci.bVisible = FALSE;
      SetConsoleCursorInfo( hConWrap, &cci );
      // Ensure the buffer is the same width (it gets created using the window
      // width) and more than one line.
      GetConsoleScreenBufferInfo( hConOut, &csbi );
      csbi.dwSize.Y = csbi.srWindow.Bottom - csbi.srWindow.Top + 2;
      SetConsoleScreenBufferSize( hConWrap, csbi.dwSize );
      // Put the cursor on the top line, in the same column.
      csbi.dwCursorPosition.Y = 0;
      SetConsoleCursorPosition( hConWrap, csbi.dwCursorPosition );
      WriteConsole( hConWrap, ChBuffer, nCharInBuffer, &nWritten, NULL );
      GetConsoleScreenBufferInfo( hConWrap, &csbi );
      if (csbi.dwCursorPosition.Y != 0)
	fWrapped = TRUE;
      CloseHandle( hConWrap );
      WriteConsole( hConOut, ChBuffer, nCharInBuffer, &nWritten, NULL );
    }
  }
  nCharInBuffer = 0;
}

//-----------------------------------------------------------------------------
//   PushBuffer( WCHAR c )
// Adds a character in the buffer.
//-----------------------------------------------------------------------------

void PushBuffer( WCHAR c )
{
  CONSOLE_SCREEN_BUFFER_INFO csbi;
  DWORD nWritten;

  ChPrev = c;

  if (c == '\n')
  {
    if (pState->crm)
      ChBuffer[nCharInBuffer++] = c;
    FlushBuffer();
    // Avoid writing the newline if wrap has already occurred.
    GetConsoleScreenBufferInfo( hConOut, &csbi );
    if (pState->crm)
    {
      // If we're displaying controls, then the only way we can be on the left
      // margin is if wrap occurred.
      if (csbi.dwCursorPosition.X != 0)
	WriteConsole( hConOut, L"\n", 1, &nWritten, NULL );
    }
    else
    {
      LPCWSTR nl = L"\n";
      if (fWrapped)
      {
	// It's wrapped, but was anything more written?  Look at the current
	// row, checking that each character is space in current attributes.
	// If it's all blank we can drop the newline.  If the cursor isn't
	// already at the margin, then it was spaces or tabs that caused the
	// wrap, which can be ignored and overwritten.
	CHAR_INFO blank;
	PCHAR_INFO row;
	row = HeapAlloc( hHeap, 0, csbi.dwSize.X * sizeof(CHAR_INFO) );
	if (row != NULL)
	{
	  COORD s, c;
	  SMALL_RECT r;
	  s.X = csbi.dwSize.X;
	  s.Y = 1;
	  c.X = c.Y = 0;
	  r.Left = 0;
	  r.Right = s.X - 1;
	  r.Top = r.Bottom = csbi.dwCursorPosition.Y;
	  ReadConsoleOutput( hConOut, row, s, c, &r );
	  blank.Char.UnicodeChar = ' ';
	  blank.Attributes = csbi.wAttributes;
	  while (*(PDWORD)&row[c.X] == *(PDWORD)&blank)
	  {
	    if (++c.X == s.X)
	    {
	      nl = (csbi.dwCursorPosition.X == 0) ? NULL : L"\r";
	      break;
	    }
	  }
	  HeapFree( hHeap, 0, row );
	}
	fWrapped = FALSE;
      }
      if (nl)
	WriteConsole( hConOut, nl, 1, &nWritten, NULL );
    }
  }
  else
  {
    if (shifted && c >= FIRST_G1 && c <= LAST_G1)
      c = G1[c-FIRST_G1];
    ChBuffer[nCharInBuffer] = c;
    if (++nCharInBuffer == BUFFER_SIZE)
      FlushBuffer();
  }
}

//-----------------------------------------------------------------------------
//   SendSequence( LPTSTR seq )
// Send the string to the input buffer.
//-----------------------------------------------------------------------------

void SendSequence( LPTSTR seq )
{
  DWORD out;
  INPUT_RECORD in;
  HANDLE hStdIn = GetStdHandle( STD_INPUT_HANDLE );

  in.EventType = KEY_EVENT;
  in.Event.KeyEvent.bKeyDown = TRUE;
  in.Event.KeyEvent.wRepeatCount = 1;
  in.Event.KeyEvent.wVirtualKeyCode = 0;
  in.Event.KeyEvent.wVirtualScanCode = 0;
  in.Event.KeyEvent.dwControlKeyState = 0;
  for (; *seq; ++seq)
  {
    in.Event.KeyEvent.uChar.UnicodeChar = *seq;
    WriteConsoleInput( hStdIn, &in, 1, &out );
  }
}

// ========== Print functions

//-----------------------------------------------------------------------------
//   InterpretEscSeq()
// Interprets the last escape sequence scanned by ParseAndPrintString
//   prefix             escape sequence prefix
//   es_argc            escape sequence args count
//   es_argv[]          escape sequence args array
//   suffix             escape sequence suffix
//
// for instance, with \e[33;45;1m we have
// prefix = '[',
// es_argc = 3, es_argv[0] = 33, es_argv[1] = 45, es_argv[2] = 1
// suffix = 'm'
//-----------------------------------------------------------------------------

void InterpretEscSeq( void )
{
  int  i;
  WORD attribut;
  CONSOLE_SCREEN_BUFFER_INFO Info;
  CONSOLE_CURSOR_INFO CursInfo;
  DWORD len, NumberOfCharsWritten;
  COORD Pos;
  SMALL_RECT Rect;
  CHAR_INFO  CharInfo;
  DWORD      mode;

#define WIDTH  Info.dwSize.X
#define CUR    Info.dwCursorPosition
#define WIN    Info.srWindow
#define TOP    WIN.Top
#define BOTTOM WIN.Bottom
#define LEFT   0
#define RIGHT  (WIDTH - 1)

#define FillBlank( len, Pos ) \
  FillConsoleOutputCharacter( hConOut, ' ', len, Pos, &NumberOfCharsWritten );\
  FillConsoleOutputAttribute( hConOut, Info.wAttributes, len, Pos, \
			      &NumberOfCharsWritten )

  if (prefix == '[')
  {
    if (prefix2 == '?' && (suffix == 'h' || suffix == 'l') && es_argc == 1)
    {
      switch (es_argv[0])
      {
	case 25:
	  GetConsoleCursorInfo( hConOut, &CursInfo );
	  CursInfo.bVisible = (suffix == 'h');
	  SetConsoleCursorInfo( hConOut, &CursInfo );
	return;

	case 7:
	  mode = ENABLE_PROCESSED_OUTPUT;
	  if (suffix == 'h')
	    mode |= ENABLE_WRAP_AT_EOL_OUTPUT;
	  SetConsoleMode( hConOut, mode );
	return;
      }
    }
    // Ignore any other private sequences.
    if (prefix2 != 0)
      return;

    GetConsoleScreenBufferInfo( hConOut, &Info );
    switch (suffix)
    {
      case 'm':
	if (es_argc == 0) es_argv[es_argc++] = 0;
	for (i = 0; i < es_argc; i++)
	{
	  if (30 <= es_argv[i] && es_argv[i] <= 37)
	  {
	    pState->foreground = es_argv[i] - 30;
	  }
	  else if (40 <= es_argv[i] && es_argv[i] <= 47)
	  {
	    pState->background = es_argv[i] - 40;
	  }
	  else if (es_argv[i] == 38 || es_argv[i] == 48)
	  {
	    // This is technically incorrect, but it's what xterm does, so
	    // that's what we do.  According to T.416 (ISO 8613-6), there is
	    // only one parameter, which is divided into elements.  So where
	    // xterm does "38;2;R;G;B" it should really be "38;2:I:R:G:B" (I is
	    // a colour space identifier).
	    if (i+1 < es_argc)
	    {
	      if (es_argv[i+1] == 2)		// rgb
		i += 4;
	      else if (es_argv[i+1] == 5)	// index
		i += 2;
	    }
	  }
	  else switch (es_argv[i])
	  {
	    case 0:
	    case 39:
	    case 49:
	    {
	      TCHAR def[4];
	      int   a;
	      *def = '7'; def[1] = '\0';
	      GetEnvironmentVariable( L"ANSICON_DEF", def, lenof(def) );
	      a = wcstol( def, NULL, 16 );
	      pState->reverse = FALSE;
	      if (a < 0)
	      {
		pState->reverse = TRUE;
		a = -a;
	      }
	      if (es_argv[i] != 49)
		pState->foreground = attr2ansi[a & 7];
	      if (es_argv[i] != 39)
		pState->background = attr2ansi[(a >> 4) & 7];
	      if (es_argv[i] == 0)
	      {
		if (es_argc == 1)
		{
		  pState->bold	    = a & FOREGROUND_INTENSITY;
		  pState->underline = a & BACKGROUND_INTENSITY;
		}
		else
		{
		  pState->bold	    = 0;
		  pState->underline = 0;
		}
		pState->rvideo    = 0;
		pState->concealed = 0;
	      }
	    }
	    break;

	    case  1: pState->bold      = FOREGROUND_INTENSITY; break;
	    case  5: // blink
	    case  4: pState->underline = BACKGROUND_INTENSITY; break;
	    case  7: pState->rvideo    = 1; break;
	    case  8: pState->concealed = 1; break;
	    case 21: // oops, this actually turns on double underline
		     // but xterm turns off bold too, so that's alright
	    case 22: pState->bold      = 0; break;
	    case 25:
	    case 24: pState->underline = 0; break;
	    case 27: pState->rvideo    = 0; break;
	    case 28: pState->concealed = 0; break;
	  }
	}
	if (pState->concealed)
	{
	  if (pState->rvideo)
	  {
	    attribut = foregroundcolor[pState->foreground]
		     | backgroundcolor[pState->foreground];
	    if (pState->bold)
	      attribut |= FOREGROUND_INTENSITY | BACKGROUND_INTENSITY;
	  }
	  else
	  {
	    attribut = foregroundcolor[pState->background]
		     | backgroundcolor[pState->background];
	    if (pState->underline)
	      attribut |= FOREGROUND_INTENSITY | BACKGROUND_INTENSITY;
	  }
	}
	else if (pState->rvideo)
	{
	  attribut = foregroundcolor[pState->background]
		   | backgroundcolor[pState->foreground];
	  if (pState->bold)
	    attribut |= BACKGROUND_INTENSITY;
	  if (pState->underline)
	    attribut |= FOREGROUND_INTENSITY;
	}
	else
	  attribut = foregroundcolor[pState->foreground] | pState->bold
		   | backgroundcolor[pState->background] | pState->underline;
	if (pState->reverse)
	  attribut = ((attribut >> 4) & 15) | ((attribut & 15) << 4);
	SetConsoleTextAttribute( hConOut, attribut );
      return;

      case 'J':
	if (es_argc == 0) es_argv[es_argc++] = 0; // ESC[J == ESC[0J
	if (es_argc != 1) return;
	switch (es_argv[0])
	{
	  case 0: // ESC[0J erase from cursor to end of display
	    len = (BOTTOM - CUR.Y) * WIDTH + WIDTH - CUR.X;
	    FillBlank( len, CUR );
	  return;

	  case 1: // ESC[1J erase from start to cursor.
	    Pos.X = 0;
	    Pos.Y = TOP;
	    len   = (CUR.Y - TOP) * WIDTH + CUR.X + 1;
	    FillBlank( len, Pos );
	  return;

	  case 2: // ESC[2J Clear screen and home cursor
	    if (TOP != screen_top || BOTTOM == Info.dwSize.Y - 1)
	    {
	      // Rather than clearing the existing window, make the current
	      // line the new top of the window (assuming this is the first
	      // thing a program does).
	      int range = BOTTOM - TOP;
	      if (CUR.Y + range < Info.dwSize.Y)
	      {
		TOP = CUR.Y;
		BOTTOM = TOP + range;
	      }
	      else
	      {
		BOTTOM = Info.dwSize.Y - 1;
		TOP = BOTTOM - range;
		Rect.Left = LEFT;
		Rect.Right = RIGHT;
		Rect.Top = CUR.Y - TOP;
		Rect.Bottom = CUR.Y - 1;
		Pos.X = Pos.Y = 0;
		CharInfo.Char.UnicodeChar = ' ';
		CharInfo.Attributes = Info.wAttributes;
		ScrollConsoleScreenBuffer(hConOut, &Rect, NULL, Pos, &CharInfo);
	      }
	      SetConsoleWindowInfo( hConOut, TRUE, &WIN );
	      screen_top = TOP;
	    }
	    Pos.X = LEFT;
	    Pos.Y = TOP;
	    len   = (BOTTOM - TOP + 1) * WIDTH;
	    FillBlank( len, Pos );
	    // Not technically correct, but perhaps expected.
	    SetConsoleCursorPosition( hConOut, Pos );
	  return;

	  default:
	  return;
	}

      case 'K':
	if (es_argc == 0) es_argv[es_argc++] = 0; // ESC[K == ESC[0K
	if (es_argc != 1) return;
	switch (es_argv[0])
	{
	  case 0: // ESC[0K Clear to end of line
	    len = WIDTH - CUR.X;
	    FillBlank( len, CUR );
	  return;

	  case 1: // ESC[1K Clear from start of line to cursor
	    Pos.X = LEFT;
	    Pos.Y = CUR.Y;
	    FillBlank( CUR.X + 1, Pos );
	  return;

	  case 2: // ESC[2K Clear whole line.
	    Pos.X = LEFT;
	    Pos.Y = CUR.Y;
	    FillBlank( WIDTH, Pos );
	  return;

	  default:
	  return;
	}

      case 'X': // ESC[#X Erase # characters.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[X == ESC[1X
	if (es_argc != 1) return;
	FillBlank( es_argv[0], CUR );
      return;

      case 'L': // ESC[#L Insert # blank lines.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[L == ESC[1L
	if (es_argc != 1) return;
	Rect.Left   = WIN.Left	= LEFT;
	Rect.Right  = WIN.Right = RIGHT;
	Rect.Top    = CUR.Y;
	Rect.Bottom = BOTTOM;
	Pos.X = LEFT;
	Pos.Y = CUR.Y + es_argv[0];
	CharInfo.Char.UnicodeChar = ' ';
	CharInfo.Attributes = Info.wAttributes;
	ScrollConsoleScreenBuffer( hConOut, &Rect, &WIN, Pos, &CharInfo );
	// Technically should home the cursor, but perhaps not expected.
      return;

      case 'M': // ESC[#M Delete # lines.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[M == ESC[1M
	if (es_argc != 1) return;
	Rect.Left   = WIN.Left	= LEFT;
	Rect.Right  = WIN.Right = RIGHT;
	Rect.Bottom = BOTTOM;
	Rect.Top    = CUR.Y - es_argv[0];
	Pos.X = LEFT;
	Pos.Y = TOP = CUR.Y;
	CharInfo.Char.UnicodeChar = ' ';
	CharInfo.Attributes = Info.wAttributes;
	ScrollConsoleScreenBuffer( hConOut, &Rect, &WIN, Pos, &CharInfo );
	// Technically should home the cursor, but perhaps not expected.
      return;

      case 'P': // ESC[#P Delete # characters.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[P == ESC[1P
	if (es_argc != 1) return;
	Rect.Left   = WIN.Left	= CUR.X;
	Rect.Right  = WIN.Right = RIGHT;
	Pos.X	    = CUR.X - es_argv[0];
	Pos.Y	    =
	Rect.Top    =
	Rect.Bottom = CUR.Y;
	CharInfo.Char.UnicodeChar = ' ';
	CharInfo.Attributes = Info.wAttributes;
	ScrollConsoleScreenBuffer( hConOut, &Rect, &WIN, Pos, &CharInfo );
      return;

      case '@': // ESC[#@ Insert # blank characters.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[@ == ESC[1@
	if (es_argc != 1) return;
	Rect.Left   = WIN.Left	= CUR.X;
	Rect.Right  = WIN.Right = RIGHT;
	Pos.X	    = CUR.X + es_argv[0];
	Pos.Y	    =
	Rect.Top    =
	Rect.Bottom = CUR.Y;
	CharInfo.Char.UnicodeChar = ' ';
	CharInfo.Attributes = Info.wAttributes;
	ScrollConsoleScreenBuffer( hConOut, &Rect, &WIN, Pos, &CharInfo );
      return;

      case 'k': // ESC[#k
      case 'A': // ESC[#A Moves cursor up # lines
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[A == ESC[1A
	if (es_argc != 1) return;
	Pos.Y = CUR.Y - es_argv[0];
	if (Pos.Y < TOP) Pos.Y = TOP;
	Pos.X = CUR.X;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'e': // ESC[#e
      case 'B': // ESC[#B Moves cursor down # lines
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[B == ESC[1B
	if (es_argc != 1) return;
	Pos.Y = CUR.Y + es_argv[0];
	if (Pos.Y > BOTTOM) Pos.Y = BOTTOM;
	Pos.X = CUR.X;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'a': // ESC[#a
      case 'C': // ESC[#C Moves cursor forward # spaces
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[C == ESC[1C
	if (es_argc != 1) return;
	Pos.X = CUR.X + es_argv[0];
	if (Pos.X > RIGHT) Pos.X = RIGHT;
	Pos.Y = CUR.Y;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'j': // ESC[#j
      case 'D': // ESC[#D Moves cursor back # spaces
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[D == ESC[1D
	if (es_argc != 1) return;
	Pos.X = CUR.X - es_argv[0];
	if (Pos.X < LEFT) Pos.X = LEFT;
	Pos.Y = CUR.Y;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'E': // ESC[#E Moves cursor down # lines, column 1.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[E == ESC[1E
	if (es_argc != 1) return;
	Pos.Y = CUR.Y + es_argv[0];
	if (Pos.Y > BOTTOM) Pos.Y = BOTTOM;
	Pos.X = LEFT;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'F': // ESC[#F Moves cursor up # lines, column 1.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[F == ESC[1F
	if (es_argc != 1) return;
	Pos.Y = CUR.Y - es_argv[0];
	if (Pos.Y < TOP) Pos.Y = TOP;
	Pos.X = LEFT;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case '`': // ESC[#`
      case 'G': // ESC[#G Moves cursor column # in current row.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[G == ESC[1G
	if (es_argc != 1) return;
	Pos.X = es_argv[0] - 1;
	if (Pos.X > RIGHT) Pos.X = RIGHT;
	if (Pos.X < LEFT) Pos.X = LEFT;
	Pos.Y = CUR.Y;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'd': // ESC[#d Moves cursor row #, current column.
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[d == ESC[1d
	if (es_argc != 1) return;
	Pos.Y = es_argv[0] - 1;
	if (Pos.Y < TOP) Pos.Y = TOP;
	if (Pos.Y > BOTTOM) Pos.Y = BOTTOM;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'f': // ESC[#;#f
      case 'H': // ESC[#;#H Moves cursor to line #, column #
	if (es_argc == 0)
	  es_argv[es_argc++] = 1; // ESC[H == ESC[1;1H
	if (es_argc == 1)
	  es_argv[es_argc++] = 1; // ESC[#H == ESC[#;1H
	if (es_argc > 2) return;
	Pos.X = es_argv[1] - 1;
	if (Pos.X < LEFT) Pos.X = LEFT;
	if (Pos.X > RIGHT) Pos.X = RIGHT;
	Pos.Y = es_argv[0] - 1;
	if (Pos.Y < TOP) Pos.Y = TOP;
	if (Pos.Y > BOTTOM) Pos.Y = BOTTOM;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'I': // ESC[#I Moves cursor forward # tabs
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[I == ESC[1I
	if (es_argc != 1) return;
	Pos.Y = CUR.Y;
	Pos.X = (CUR.X & -8) + es_argv[0] * 8;
	if (Pos.X > RIGHT) Pos.X = RIGHT;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'Z': // ESC[#Z Moves cursor back # tabs
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[Z == ESC[1Z
	if (es_argc != 1) return;
	Pos.Y = CUR.Y;
	if ((CUR.X & 7) == 0)
	   Pos.X = CUR.X - es_argv[0] * 8;
	else
	   Pos.X = (CUR.X & -8) - (es_argv[0] - 1) * 8;
	if (Pos.X < LEFT) Pos.X = LEFT;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'b': // ESC[#b Repeat character
	if (es_argc == 0) es_argv[es_argc++] = 1; // ESC[b == ESC[1b
	if (es_argc != 1) return;
	while (--es_argv[0] >= 0)
	  PushBuffer( ChPrev );
      return;

      case 's': // ESC[s Saves cursor position for recall later
	if (es_argc != 0) return;
	pState->SavePos = CUR;
      return;

      case 'u': // ESC[u Return to saved cursor position
	if (es_argc != 0) return;
	Pos = pState->SavePos;
	if (Pos.X > RIGHT) Pos.X = RIGHT;
	if (Pos.Y > BOTTOM) Pos.Y = BOTTOM;
	SetConsoleCursorPosition( hConOut, Pos );
      return;

      case 'n': // ESC[#n Device status report
	if (es_argc != 1) return; // ESC[n == ESC[0n -> ignored
	switch (es_argv[0])
	{
	  case 5: // ESC[5n Report status
	    SendSequence( L"\33[0n" ); // "OK"
	  return;

	  case 6: // ESC[6n Report cursor position
	  {
	    TCHAR buf[32];
	    wsprintf( buf, L"\33[%d;%dR", CUR.Y - TOP + 1, CUR.X + 1 );
	    SendSequence( buf );
	  }
	  return;

	  default:
	  return;
	}

      case 't': // ESC[#t Window manipulation
	if (es_argc != 1) return;
	if (es_argv[0] == 21)	// ESC[21t Report xterm window's title
	{
	  TCHAR buf[MAX_PATH*2];
	  DWORD len = GetConsoleTitle( buf+3, lenof(buf)-3-2 );
	  // Too bad if it's too big or fails.
	  buf[0] = ESC;
	  buf[1] = ']';
	  buf[2] = 'l';
	  buf[3+len] = ESC;
	  buf[3+len+1] = '\\';
	  buf[3+len+2] = '\0';
	  SendSequence( buf );
	}
      return;

      case 'h': // ESC[#h Set Mode
	if (es_argc == 1 && es_argv[0] == 3)
	  pState->crm = TRUE;
      return;

      case 'l': // ESC[#l Reset Mode
      return;			// ESC[3l is handled during parsing

      default:
      return;
    }
  }
  else // (prefix == ']')
  {
    // Ignore any "private" sequences.
    if (prefix2 != 0)
      return;

    if (es_argc == 1 && (es_argv[0] == 0 || // ESC]0;titleST - icon (ignored) &
			 es_argv[0] == 2))  // ESC]2;titleST - window
    {
      SetConsoleTitle( Pt_arg );
    }
  }
}

//-----------------------------------------------------------------------------
//   ParseAndPrintString(hDev, lpBuffer, nNumberOfBytesToWrite)
// Parses the string lpBuffer, interprets the escapes sequences and prints the
// characters in the device hDev (console).
// The lexer is a three states automata.
// If the number of arguments es_argc > MAX_ARG, only the MAX_ARG-1 firsts and
// the last arguments are processed (no es_argv[] overflow).
//-----------------------------------------------------------------------------

BOOL
ParseAndPrintString( HANDLE hDev,
		     LPCVOID lpBuffer,
		     DWORD nNumberOfBytesToWrite,
		     LPDWORD lpNumberOfBytesWritten
		     )
{
  DWORD   i;
  LPCTSTR s;

  if (hDev != hConOut)	// reinit if device has changed
  {
    hConOut = hDev;
    state = 1;
    shifted = FALSE;
  }
  for (i = nNumberOfBytesToWrite, s = (LPCTSTR)lpBuffer; i > 0; i--, s++)
  {
    int c = *s; 		// more efficient to use int than short, fwiw

    if (state == 1)
    {
      if (c == ESC)
      {
	suffix2 = 0;
	get_state();
	state = (pState->crm) ? 7 : 2;
      }
      else if (c == SO) shifted = TRUE;
      else if (c == SI) shifted = FALSE;
      else PushBuffer( (WCHAR)c );
    }
    else if (state == 2)
    {
      if (c == ESC) ;		// \e\e...\e == \e
      else if (c >= '\x20' && c <= '\x2f')
	suffix2 = c;
      else if (suffix2 != 0)
	state = 1;
      else if (c == '[' ||      // CSI Control Sequence Introducer
	       c == ']')        // OSC Operating System Command
      {
	FlushBuffer();
	prefix = c;
	prefix2 = 0;
	Pt_len = 0;
	*Pt_arg = '\0';
	state = 3;
      }
      else if (c == 'P' ||      // DCS Device Control String
	       c == 'X' ||      // SOS Start Of String
	       c == '^' ||      // PM  Privacy Message
	       c == '_')        // APC Application Program Command
      {
	*Pt_arg = '\0';
	state = 6;
      }
      else state = 1;
    }
    else if (state == 3)
    {
      if (is_digit( c ))
      {
        es_argc = 0;
	es_argv[0] = c - '0';
        state = 4;
      }
      else if (c == ';')
      {
        es_argc = 1;
        es_argv[0] = 0;
	es_argv[1] = 0;
        state = 4;
      }
      else if (c == ':')
      {
	// ignore it
      }
      else if (c >= '\x3b' && c <= '\x3f')
      {
	prefix2 = c;
      }
      else if (c >= '\x20' && c <= '\x2f')
      {
	suffix2 = c;
      }
      else if (suffix2 != 0)
      {
	state = 1;
      }
      else
      {
        es_argc = 0;
        suffix = c;
        InterpretEscSeq();
        state = 1;
      }
    }
    else if (state == 4)
    {
      if (is_digit( c ))
      {
	es_argv[es_argc] = 10 * es_argv[es_argc] + (c - '0');
      }
      else if (c == ';')
      {
        if (es_argc < MAX_ARG-1) es_argc++;
	es_argv[es_argc] = 0;
	if (prefix == ']')
	  state = 5;
      }
      else if (c >= '\x3a' && c <= '\x3f')
      {
	// ignore 'em
      }
      else if (c >= '\x20' && c <= '\x2f')
      {
	suffix2 = c;
      }
      else if (suffix2 != 0)
      {
	state = 1;
      }
      else
      {
	es_argc++;
        suffix = c;
        InterpretEscSeq();
        state = 1;
      }
    }
    else if (state == 5)
    {
      if (c == BEL)
      {
	Pt_arg[Pt_len] = '\0';
        InterpretEscSeq();
        state = 1;
      }
      else if (c == '\\' && Pt_len > 0 && Pt_arg[Pt_len-1] == ESC)
      {
	Pt_arg[--Pt_len] = '\0';
        InterpretEscSeq();
        state = 1;
      }
      else if (Pt_len < lenof(Pt_arg)-1)
	Pt_arg[Pt_len++] = c;
    }
    else if (state == 6)
    {
      if (c == BEL || (c == '\\' && *Pt_arg == ESC))
	state = 1;
      else
	*Pt_arg = c;
    }
    else if (state == 7)
    {
      if (c == '[') state = 8;
      else
      {
	PushBuffer( ESC );
	PushBuffer( (WCHAR)c );
	state = 1;
      }
    }
    else if (state == 8)
    {
      if (c == '3') state = 9;
      else
      {
	PushBuffer( ESC );
	PushBuffer( '[' );
	PushBuffer( (WCHAR)c );
	state = 1;
      }
    }
    else if (state == 9)
    {
      if (c == 'l') pState->crm = FALSE;
      else
      {
	PushBuffer( ESC );
	PushBuffer( '[' );
	PushBuffer( '3' );
	PushBuffer( (WCHAR)c );
      }
      state = 1;
    }
  }
  FlushBuffer();
  if (lpNumberOfBytesWritten != NULL)
    *lpNumberOfBytesWritten = nNumberOfBytesToWrite - i;
  return (i == 0);
}


// ========== Hooking API functions
//
// References about API hooking (and dll injection):
// - Matt Pietrek ~ Windows 95 System Programming Secrets.
// - Jeffrey Richter ~ Programming Applications for Microsoft Windows 4th ed.

const char APIKernel[]		   = "kernel32.dll";
const char APIConsole[] 	   = "API-MS-Win-Core-Console-";
const char APIProcessThreads[]	   = "API-MS-Win-Core-ProcessThreads-";
const char APIProcessEnvironment[] = "API-MS-Win-Core-ProcessEnvironment-";
const char APILibraryLoader[]	   = "API-MS-Win-Core-LibraryLoader-";
const char APIFile[]		   = "API-MS-Win-Core-File-";

typedef struct
{
  PCSTR   name;
  DWORD   len;
  HMODULE base;
} API_DATA, *PAPI_DATA;

API_DATA APIs[] =
{
  { APIConsole, 	   sizeof(APIConsole) - 1,	      NULL },
  { APIProcessThreads,	   sizeof(APIProcessThreads) - 1,     NULL },
  { APIProcessEnvironment, sizeof(APIProcessEnvironment) - 1, NULL },
  { APILibraryLoader,	   sizeof(APILibraryLoader) - 1,      NULL },
  { APIFile,		   sizeof(APIFile) - 1, 	      NULL },
  { NULL,		   0,				      NULL }
};


HMODULE   hKernel;		// Kernel32 module handle
HINSTANCE hDllInstance; 	// Dll instance handle
#if defined(_WIN64) || defined(W32ON64)
LPTSTR	  DllNameType;		// pointer to process type within DllName
#endif

typedef struct
{
  PCSTR lib;
  PSTR	name;
  PROC	newfunc;
  PROC	oldfunc;
  PROC	apifunc;
  PULONG_PTR myimport;
} HookFn, *PHookFn;

HookFn Hooks[];

const char zIgnoring[]	= "Ignoring";
const char zScanning[]	= "Scanning";
const char zSkipping[]	= "Skipping";
const char zHooking[]	= "Hooking";
const char zUnhooking[] = "Unhooking";


//-----------------------------------------------------------------------------
//   HookAPIOneMod
// Substitute a new function in the Import Address Table (IAT) of the
// specified module.
// Return FALSE on error and TRUE on success.
//-----------------------------------------------------------------------------

BOOL HookAPIOneMod(
    HMODULE hFromModule,	// Handle of the module to intercept calls from
    PHookFn Hooks,		// Functions to replace
    BOOL    restore,		// Restore the original functions
    LPCSTR  sp			// Logging indentation
    )
{
  PIMAGE_DOS_HEADER	   pDosHeader;
  PIMAGE_NT_HEADERS	   pNTHeader;
  PIMAGE_IMPORT_DESCRIPTOR pImportDesc;
  PIMAGE_THUNK_DATA	   pThunk;
  PHookFn		   hook;
  BOOL			   self;

  if (hFromModule == NULL)
  {
    self = TRUE;
    hFromModule = hDllInstance;
  }
  else
    self = FALSE;

  // Tests to make sure we're looking at a module image (the 'MZ' header)
  pDosHeader = (PIMAGE_DOS_HEADER)hFromModule;
  if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
  {
    DEBUGSTR( 1, "Image has no DOS header!" );
    return FALSE;
  }

  // The MZ header has a pointer to the PE header
  pNTHeader = MakeVA( PIMAGE_NT_HEADERS, pDosHeader->e_lfanew );

  // One more test to make sure we're looking at a "PE" image
  if (pNTHeader->Signature != IMAGE_NT_SIGNATURE)
  {
    DEBUGSTR( 1, "Image has no NT header!" );
    return FALSE;
  }

  // We now have a valid pointer to the module's PE header.
  // Get a pointer to its imports section.
  pImportDesc = MakeVA( PIMAGE_IMPORT_DESCRIPTOR,
			pNTHeader->IMPORTDIR.VirtualAddress );

  // Bail out if the RVA of the imports section is 0 (it doesn't exist)
  if (pImportDesc == (PIMAGE_IMPORT_DESCRIPTOR)pDosHeader)
    return TRUE;

  // Iterate through the array of imported module descriptors, looking
  // for the module whose name matches the pszFunctionModule parameter.
  for (; pImportDesc->Name; pImportDesc++)
  {
    BOOL kernel = TRUE;
    PSTR pszModName = MakeVA( PSTR, pImportDesc->Name );
    if (_strnicmp( pszModName, APIKernel, 8 ) != 0 ||
	(_stricmp( pszModName+8, APIKernel+8 ) != 0 && pszModName[8] != '\0'))
    {
      PAPI_DATA lib;
      for (lib = APIs; lib->name; ++lib)
      {
	if (_strnicmp( pszModName, lib->name, lib->len ) == 0)
	{
	  if (lib->base == NULL)
	  {
	    lib->base = GetModuleHandleA( pszModName );
	    for (hook = Hooks; hook->name; ++hook)
	      if (hook->lib == lib->name)
		hook->apifunc = GetProcAddress( lib->base, hook->name );
	  }
	  break;
	}
      }
      if (lib->name == NULL)
      {
	if (log_level & 16)
	  DEBUGSTR( 2, " %s%s %s", sp, zIgnoring, pszModName );
	continue;
      }
      kernel = FALSE;
    }
    if (log_level & 16)
      DEBUGSTR( 2, " %s%s %s", sp, zScanning, pszModName );

    // Get a pointer to the found module's import address table (IAT).
    pThunk = MakeVA( PIMAGE_THUNK_DATA, pImportDesc->FirstThunk );

    // Blast through the table of import addresses, looking for the ones
    // that match the original addresses.
    while (pThunk->u1.Function)
    {
      for (hook = Hooks; hook->name; ++hook)
      {
	PROC patch = 0;
	if (restore)
	{
	  if ((PROC)pThunk->u1.Function == hook->newfunc)
	    patch = (kernel) ? hook->oldfunc : hook->apifunc;
	}
	else if ((PROC)pThunk->u1.Function == hook->oldfunc ||
		 (PROC)pThunk->u1.Function == hook->apifunc)
	{
	  if (self)
	  {
	    hook->myimport = &pThunk->u1.Function;
	    DEBUGSTR( 3, "  %s%s", sp, hook->name );
	  }
	  else
	  {
	    // Don't hook if our import already points to the module being
	    // hooked (i.e. it's already hooked us).
	    MEMORY_BASIC_INFORMATION minfo;
	    VirtualQuery( (LPVOID)*hook->myimport, &minfo, sizeof(minfo) );
	    if (minfo.AllocationBase != hFromModule)
	      patch = hook->newfunc;
	  }
	}
	if (patch)
	{
	  DWORD pr;

	  DEBUGSTR( 3, "  %s%s", sp, hook->name );
	  // Change the access protection on the region of committed pages in
	  // the virtual address space of the current process.
	  VirtualProtect( &pThunk->u1.Function, PTRSZ, PAGE_READWRITE, &pr );

	  // Overwrite the original address with the address of the new function.
	  pThunk->u1.Function = (DWORD_PTR)patch;

	  // Put the page attributes back the way they were.
	  VirtualProtect( &pThunk->u1.Function, PTRSZ, pr, &pr );
	}
      }
      pThunk++; // Advance to next imported function address
    }
  }

  return TRUE;	// Function not found
}

//-----------------------------------------------------------------------------
//   HookAPIAllMod
// Substitute a new function in the Import Address Table (IAT) of all
// the modules in the current process.
// Return FALSE on error and TRUE on success.
//-----------------------------------------------------------------------------

BOOL HookAPIAllMod( PHookFn Hooks, BOOL restore, BOOL indent )
{
  HANDLE	hModuleSnap;
  MODULEENTRY32 me;
  BOOL		fOk;
  LPCSTR	op, sp;
  DWORD 	pr;

  // Take a snapshot of all modules in the current process.
  hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE,
					  GetCurrentProcessId() );

  if (hModuleSnap == INVALID_HANDLE_VALUE)
  {
    DEBUGSTR( 1, "Failed to create snapshot (%u)", GetLastError() );
    return FALSE;
  }

  op = (restore) ? zUnhooking : zHooking;
  sp = (indent) ? "  " : "";

  // Fill the size of the structure before using it.
  me.dwSize = sizeof(MODULEENTRY32);

  // Walk the module list of the modules.
  for (fOk = Module32First( hModuleSnap, &me ); fOk;
       fOk = Module32Next( hModuleSnap, &me ))
  {
    // We don't hook functions in our own module.
    if (me.hModule == hDllInstance || me.hModule == hKernel)
      continue;

    if (!restore)
    {
      // Don't scan what we've already scanned.
      if (*(PDWORD)((PBYTE)me.hModule + 36) == 'ISNA')    // e_oemid, e_oeminfo
      {
	if (log_level & 16)
	  DEBUGSTR( 2, "%s%s %S", sp, zSkipping, me.szModule );
	continue;
      }
      // It's possible for the PE header to be inside the DOS header.
      if (*(PDWORD)((PBYTE)me.hModule + 0x3C) >= 0x40)
      {
	VirtualProtect( (PBYTE)me.hModule + 36, 4, PAGE_READWRITE, &pr );
	*(PDWORD)((PBYTE)me.hModule + 36) = 'ISNA';
	VirtualProtect( (PBYTE)me.hModule + 36, 4, pr, &pr );
      }
    }
    else
    {
      if (*(PDWORD)((PBYTE)me.hModule + 36) != 'ISNA' &&
	  *(PDWORD)((PBYTE)me.hModule + 0x3C) >= 0x40)
      {
	if (log_level & 16)
	  DEBUGSTR( 2, "%s%s %S", sp, zSkipping, me.szModule );
	continue;
      }
    }
    if (search_env( L"ANSICON_EXC", me.szModule ))
    {
      DEBUGSTR( 2, "%s%s %S", sp, zIgnoring, me.szModule );
      continue;
    }

    // Hook the functions in this module.
    DEBUGSTR( 2, "%s%s %S", sp, op, me.szModule );
    if (!HookAPIOneMod( me.hModule, Hooks, restore, sp ))
    {
      CloseHandle( hModuleSnap );
      return FALSE;
    }
  }
  CloseHandle( hModuleSnap );
  DEBUGSTR( 2, "%s%s completed", sp, op );
  return TRUE;
}


// ========== Child process injection

#define MAX_DEV_PATH (32+MAX_PATH)	// device form instead of drive letter

static LPTSTR get_program( LPTSTR app, HANDLE hProcess,
			   BOOL wide, LPCVOID lpApp, LPCVOID lpCmd )
{
  app[MAX_DEV_PATH-1] = '\0';

  if (lpApp == NULL)
  {
    typedef DWORD (WINAPI *PGPIFNW)( HANDLE, LPTSTR, DWORD );
    static PGPIFNW GetProcessImageFileName;

    if (GetProcessImageFileName == NULL)
    {
      // Use Ex to avoid potential recursion with other hooks.
      HMODULE psapi = LoadLibraryEx( L"psapi.dll", NULL, 0 );
      if (psapi != NULL)
      {
	GetProcessImageFileName = (PGPIFNW)GetProcAddress( psapi,
						  "GetProcessImageFileNameW" );
      }
      if (GetProcessImageFileName == NULL)
	GetProcessImageFileName = INVALID_HANDLE_VALUE;
    }
    if (GetProcessImageFileName == INVALID_HANDLE_VALUE ||
	GetProcessImageFileName( hProcess, app, MAX_DEV_PATH ) == 0)
    {
      LPTSTR  name;
      LPCTSTR term = L" \t";

      if (wide)
      {
	LPCTSTR pos;
	for (pos = lpCmd; *pos == ' ' || *pos == '\t'; ++pos) ;
	if (*pos == '"')
	{
	  term = L"\"";
	  ++pos;
	}
	wcsncpy( app, pos, MAX_DEV_PATH-1 );
      }
      else
      {
	LPCSTR pos;
	for (pos = lpCmd; *pos == ' ' || *pos == '\t'; ++pos) ;
	if (*pos == '"')
	{
	  term = L"\"";
	  ++pos;
	}
	MultiByteToWideChar( CP_ACP, 0, pos, -1, app, MAX_DEV_PATH-1 );
      }
      // CreateProcess only works with surrounding quotes ('"a name"' works,
      // but 'a" "name' fails), so that's all I'll test, too.  However, it also
      // tests for a file at each separator ('a name' tries "a.exe" before
      // "a name.exe") which I won't do.
      name = wcspbrk( app, term );
      if (name != NULL)
	*name = '\0';
    }
  }
  else
  {
    if (wide)
      wcsncpy( app, lpApp, MAX_DEV_PATH-1 );
    else
      MultiByteToWideChar( CP_ACP, 0, lpApp, -1, app, MAX_DEV_PATH-1 );
  }
  return get_program_name( app );
}


// Inject code into the target process to load our DLL.
void Inject( DWORD dwCreationFlags, LPPROCESS_INFORMATION lpi,
	     LPPROCESS_INFORMATION child_pi,
	     BOOL wide, LPCVOID lpApp, LPCVOID lpCmd )
{
  int	 type;
  PBYTE  base;
  BOOL	 gui;
  WCHAR  app[MAX_DEV_PATH];
  LPTSTR name;

  name = get_program( app, child_pi->hProcess, wide, lpApp, lpCmd );
  DEBUGSTR( 1, "%S (%u)", name, child_pi->dwProcessId );
  if (search_env( L"ANSICON_EXC", name ))
  {
    DEBUGSTR( 1, "  Excluded" );
    type = 0;
  }
  else
  {
    type = ProcessType( child_pi, &base, &gui );
    if (gui && type > 0)
    {
      if (!search_env( L"ANSICON_GUI", name ))
      {
	DEBUGSTR( 1, "  %s", zIgnoring );
	type = 0;
      }
    }
  }
  if (type > 0)
  {
#ifdef _WIN64
    if (type == 64)
    {
      ansi_bits[0] = '6';
      ansi_bits[1] = '4';
      InjectDLL( child_pi, base );
    }
    else if (type == 32)
    {
      ansi_bits[0] = '3';
      ansi_bits[1] = '2';
      InjectDLL32( child_pi, base );
    }
    else // (type == 48)
    {
      InjectDLL64( child_pi );
    }
#else
#ifdef W32ON64
    if (type != 32)
    {
      TCHAR args[64];
      STARTUPINFO si;
      PROCESS_INFORMATION pi;
      wcscpy( DllNameType, L"CON.exe" );
      wsprintf( args, L"ansicon -P%ld", child_pi->dwProcessId );
      ZeroMemory( &si, sizeof(si) );
      si.cb = sizeof(si);
      if (CreateProcess( DllName, args, NULL, NULL, FALSE, 0, NULL, NULL,
			 &si, &pi ))
      {
	WaitForSingleObject( pi.hProcess, INFINITE );
	CloseHandle( pi.hProcess );
	CloseHandle( pi.hThread );
      }
      else
	DEBUGSTR( 1, "Could not execute %\"S (%u)", DllName, GetLastError() );
      wcscpy( DllNameType, L"32.dll" );
    }
    else
#endif
    InjectDLL( child_pi, base );
#endif
  }

  if (!(dwCreationFlags & CREATE_SUSPENDED))
    ResumeThread( child_pi->hThread );

  if (lpi != NULL)
  {
    memcpy( lpi, child_pi, sizeof(PROCESS_INFORMATION) );
  }
  else
  {
    CloseHandle( child_pi->hThread );
    CloseHandle( child_pi->hProcess );
  }
}


BOOL WINAPI MyCreateProcessA( LPCSTR lpApplicationName,
			      LPSTR lpCommandLine,
			      LPSECURITY_ATTRIBUTES lpThreadAttributes,
			      LPSECURITY_ATTRIBUTES lpProcessAttributes,
			      BOOL bInheritHandles,
			      DWORD dwCreationFlags,
			      LPVOID lpEnvironment,
			      LPCSTR lpCurrentDirectory,
			      LPSTARTUPINFOA lpStartupInfo,
			      LPPROCESS_INFORMATION lpProcessInformation )
{
  PROCESS_INFORMATION child_pi;

  DEBUGSTR( 1, "CreateProcessA: %\"s, %#s", lpApplicationName, lpCommandLine );

  // May need to initialise the state, to propagate environment variables.
  get_state();
  if (!CreateProcessA( lpApplicationName,
		       lpCommandLine,
		       lpThreadAttributes,
		       lpProcessAttributes,
		       bInheritHandles,
		       dwCreationFlags | CREATE_SUSPENDED,
		       lpEnvironment,
		       lpCurrentDirectory,
		       lpStartupInfo,
		       &child_pi ))
  {
    DEBUGSTR( 1, "  Failed (%u)", GetLastError() );
    return FALSE;
  }

  Inject( dwCreationFlags, lpProcessInformation, &child_pi,
	  FALSE, lpApplicationName, lpCommandLine );

  return TRUE;
}


BOOL WINAPI MyCreateProcessW( LPCWSTR lpApplicationName,
			      LPWSTR lpCommandLine,
			      LPSECURITY_ATTRIBUTES lpThreadAttributes,
			      LPSECURITY_ATTRIBUTES lpProcessAttributes,
			      BOOL bInheritHandles,
			      DWORD dwCreationFlags,
			      LPVOID lpEnvironment,
			      LPCWSTR lpCurrentDirectory,
			      LPSTARTUPINFOW lpStartupInfo,
			      LPPROCESS_INFORMATION lpProcessInformation )
{
  PROCESS_INFORMATION child_pi;

  DEBUGSTR( 1, "CreateProcessW: %\"S, %#S", lpApplicationName, lpCommandLine );

  get_state();
  if (!CreateProcessW( lpApplicationName,
		       lpCommandLine,
		       lpThreadAttributes,
		       lpProcessAttributes,
		       bInheritHandles,
		       dwCreationFlags | CREATE_SUSPENDED,
		       lpEnvironment,
		       lpCurrentDirectory,
		       lpStartupInfo,
		       &child_pi ))
  {
    DEBUGSTR( 1, "  Failed (%u)", GetLastError() );
    return FALSE;
  }

  Inject( dwCreationFlags, lpProcessInformation, &child_pi,
	  TRUE, lpApplicationName, lpCommandLine );

  return TRUE;
}


FARPROC WINAPI MyGetProcAddress( HMODULE hModule, LPCSTR lpProcName )
{
  PHookFn hook;
  FARPROC proc;

  proc = GetProcAddress( hModule, lpProcName );

  if (proc != NULL)
  {
    if (hModule == hKernel)
    {
      // Ignore LoadLibrary so other hooks continue to work (our version
      // might end up at a different address).
      if (proc == Hooks[0].oldfunc || proc == Hooks[1].oldfunc)
      {
	DEBUGSTR( 3, "GetProcAddress: %s (ignoring)", lpProcName );
	return proc;
      }
      for (hook = Hooks + 2; hook->name; ++hook)
      {
	if (proc == hook->oldfunc)
	{
	  DEBUGSTR( 3, "GetProcAddress: %s", lpProcName );
	  return hook->newfunc;
	}
      }
    }
    else
    {
      PAPI_DATA api;
      for (api = APIs; api->name; ++api)
      {
	if (hModule == api->base)
	{
	  if (proc == Hooks[0].apifunc || proc == Hooks[1].apifunc)
	  {
	    DEBUGSTR( 3, "GetProcAddress: %s (ignoring)", lpProcName );
	    return proc;
	  }
	  for (hook = Hooks + 2; hook->name; ++hook)
	  {
	    if (proc == hook->apifunc)
	    {
	      DEBUGSTR( 3, "GetProcAddress: %s", lpProcName );
	      return hook->newfunc;
	    }
	  }
	  break;
	}
      }
    }
  }

  return proc;
}


HMODULE WINAPI MyLoadLibraryA( LPCSTR lpFileName )
{
  HMODULE hMod = LoadLibraryA( lpFileName );
  DEBUGSTR( 2, "LoadLibraryA %s", lpFileName );
  HookAPIAllMod( Hooks, FALSE, TRUE );
  return hMod;
}


HMODULE WINAPI MyLoadLibraryW( LPCWSTR lpFileName )
{
  HMODULE hMod = LoadLibraryW( lpFileName );
  DEBUGSTR( 2, "LoadLibraryW %S", lpFileName );
  HookAPIAllMod( Hooks, FALSE, TRUE );
  return hMod;
}


HMODULE WINAPI MyLoadLibraryExA( LPCSTR lpFileName, HANDLE hFile,
				 DWORD dwFlags )
{
  HMODULE hMod = LoadLibraryExA( lpFileName, hFile, dwFlags );
  if (!(dwFlags & (LOAD_LIBRARY_AS_DATAFILE |
		   LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE |
		   LOAD_LIBRARY_AS_IMAGE_RESOURCE)))
  {
    DEBUGSTR( 2, "LoadLibraryExA %s", lpFileName );
    HookAPIAllMod( Hooks, FALSE, TRUE );
  }
  return hMod;
}


HMODULE WINAPI MyLoadLibraryExW( LPCWSTR lpFileName, HANDLE hFile,
				 DWORD dwFlags )
{
  HMODULE hMod = LoadLibraryExW( lpFileName, hFile, dwFlags );
  if (!(dwFlags & (LOAD_LIBRARY_AS_DATAFILE |
		   LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE |
		   LOAD_LIBRARY_AS_IMAGE_RESOURCE)))
  {
    DEBUGSTR( 2, "LoadLibraryExW %S", lpFileName );
    HookAPIAllMod( Hooks, FALSE, TRUE );
  }
  return hMod;
}


//-----------------------------------------------------------------------------
//   IsConsoleHandle
// Determine if the handle is writing to the console, with processed output.
//-----------------------------------------------------------------------------
BOOL IsConsoleHandle( HANDLE h )
{
  int c;

  for (c = 0; c < CACHE; ++c)
    if (cache[c].h == h)
      return (cache[c].mode & ENABLE_PROCESSED_OUTPUT);

  while (--c > 0)
    cache[c] = cache[c-1];

  cache[0].h = h;
  cache[0].mode = 0;
  if (!GetConsoleMode( h, &cache[0].mode ))
  {
    // GetConsoleMode could fail if the console was not opened for reading
    // (which is what Microsoft's conio output does).  Verify the handle with
    // WriteConsole (processed output is the default).
    DWORD written;
    if (WriteConsole( h, NULL, 0, &written, NULL ))
      cache[0].mode = ENABLE_PROCESSED_OUTPUT;
  }

  return (cache[0].mode & ENABLE_PROCESSED_OUTPUT);
}

//-----------------------------------------------------------------------------
//   MySetConsoleMode
// It seems GetConsoleMode is a relatively slow function, so call it once and
// keep track of changes directly.
//-----------------------------------------------------------------------------
BOOL
WINAPI MySetConsoleMode( HANDLE hCon, DWORD mode )
{
  BOOL rc = SetConsoleMode( hCon, mode );
  if (rc)
  {
    int c;
    for (c = 0; c < CACHE; ++c)
    {
      // The mode is associated with the buffer, not the handle.
      GetConsoleMode( cache[c].h, &cache[c].mode );
    }
  }
  return rc;
}


//-----------------------------------------------------------------------------
//   MyWrite...
// The new functions that must replace the original Write... functions.  These
// functions have exactly the same signature as the original ones.  This
// module is not hooked, so we can still call the original functions ourselves.
//-----------------------------------------------------------------------------

static LPCSTR write_func;

BOOL
WINAPI MyWriteConsoleA( HANDLE hCon, LPCVOID lpBuffer,
			DWORD nNumberOfCharsToWrite,
			LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved )
{
  LPWSTR buf;
  WCHAR  wBuf[1024];
  DWORD  len, wlen;
  UINT	 cp;
  BOOL	 rc = TRUE;
  LPCSTR aBuf;
  static char  mb[4];
  static DWORD mb_len, mb_size;

  if (nNumberOfCharsToWrite != 0 && IsConsoleHandle( hCon ))
  {
    DEBUGSTR( 4, "%s: %u %\"<s",
		 write_func == NULL ? "WriteConsoleA" : write_func,
		 nNumberOfCharsToWrite, lpBuffer );
    write_func = NULL;
    aBuf = lpBuffer;
    len = nNumberOfCharsToWrite;
    wlen = 0;
    cp = GetConsoleOutputCP();
    // How to determine a multibyte character set?  Cmd.Exe has IsDBCSCodePage,
    // which tests code page numbers; ConHost has IsAvailableFarEastCodePage,
    // which uses TranslateCharsetInfo; I used GetCPInfo in CMDRead.  Let's use
    // IsDBCSCodePage, as that avoids another API call.
    if (cp == 932 || cp == 936 || cp == 949 || cp == 950)
    {
      if (mb_len == 1)
      {
	mb[1] = *aBuf++;
	--len;
	DEBUGSTR( 4, "  %strail byte, removing & writing %\"*s",
		     (len == 0) ? "" : "starts with a ", 2, mb );
	wlen = MultiByteToWideChar( cp, 0, mb, 2, wBuf, lenof(wBuf) );
	ParseAndPrintString( hCon, wBuf, wlen, NULL );
	mb_len = 0;
      }
      // A lead byte might also be a trail byte, so count all consecutive lead
      // bytes - an even number means complete pairs, whilst an odd number
      // means the last lead byte has been split.
      if (len != 0 && IsDBCSLeadByteEx( cp, aBuf[len-1] ))
      {
	int lead = 1;
	int pos = len - 1;
	while (--pos >= 0 && IsDBCSLeadByteEx( cp, aBuf[pos] ))
	  ++lead;
	if (lead & 1)
	{
	  mb[mb_len++] = aBuf[--len];
	  DEBUGSTR( 4, "  %slead byte, removing",
		       (len == 0) ? "" : "ends with a " );
	}
      }
    }
    else if (cp == CP_UTF8)
    {
      if (mb_len != 0)
      {
	while ((*aBuf & 0xC0) == 0x80)
	{
	  mb[mb_len++] = *aBuf++;
	  --len;
	  if (mb_len == mb_size)
	    break;
	  if (len == 0)
	  {
	    DEBUGSTR( 4, "  trail byte%s, removing",
			 (nNumberOfCharsToWrite == 1) ? "" : "s" );
	    if (lpNumberOfCharsWritten != NULL)
	      *lpNumberOfCharsWritten = 0;
	    goto check_written;
	  }
	}
	if (log_level & 4)
	{
	  DWORD tlen = nNumberOfCharsToWrite - len;
	  if (tlen == 0)
	    DEBUGSTR( 4, "  incomplete UTF-8 sequence, writing %\"*s",
			 mb_len, mb );
	  else if (len == 0)
	    DEBUGSTR( 4, "  trail byte%s, removing & writing %\"*s",
			 (tlen == 1) ? "" : "s", mb_len, mb );
	  else if (tlen == 1)
	    DEBUGSTR( 4, "  starts with a trail byte, removing & writing %\"*s",
			 mb_len, mb );
	  else
	    DEBUGSTR( 4, "  starts with %u trail bytes, removing & writing %\"*s",
			 tlen, mb_len, mb );
	}
	wlen = MultiByteToWideChar( cp, 0, mb, mb_len, wBuf, lenof(wBuf) );
	ParseAndPrintString( hCon, wBuf, wlen, NULL );
	mb_len = 0;
      }
      // In UTF-8, the high bit set means a lead or trail byte; if the next
      // bit is clear, it's a trail byte; otherwise the number of set high bits
      // counts the bytes in the sequence.  The maximum legitimate sequence is
      // four bytes.
      if (len != 0 && (aBuf[len-1] & 0x80))
      {
	int pos = len;
	while (--pos >= 0 && (aBuf[pos] & 0xC0) == 0x80)
	  ;
	if (pos >= 0 && (aBuf[pos] & 0x80) && len - pos < 4 &&
	    (pos == 0 || (aBuf[pos-1] & 0xC0) != 0xC0))
	{
	  char lead = aBuf[pos];
	  mb_size = 0;
	  do
	  {
	    ++mb_size;
	    lead <<= 1;
	  } while (lead & 0x80);
	  if (mb_size <= 4 && mb_size > len - pos)
	  {
	    mb_len = len - pos;
	    memcpy( mb, aBuf + pos, mb_len );
	    len = pos;
	    if (log_level & 4)
	    {
	      if (mb_len == nNumberOfCharsToWrite)
		DEBUGSTR( 4, "  lead byte%s, removing",
			     (mb_len == 1) ? "" : "s" );
	      else if (mb_len == 1)
		DEBUGSTR( 4, "  ends with a lead byte, removing" );
	      else
		DEBUGSTR( 4, "  ends with %u lead bytes, removing", mb_len );
	    }
	  }
	}
      }
    }
    if (len == 0)
    {
      if (lpNumberOfCharsWritten != NULL)
	*lpNumberOfCharsWritten = wlen;
      goto check_written;
    }
    if (len <= lenof(wBuf))
      buf = wBuf;
    else
    {
      buf = HeapAlloc( hHeap, 0, TSIZE(len) );
      if (buf == NULL)
      {
	DEBUGSTR( 4, "HeapAlloc failed, using original function" );
	rc = WriteConsoleA( hCon, aBuf,len, lpNumberOfCharsWritten,lpReserved );
	goto check_written;
      }
    }
    len = MultiByteToWideChar( cp, 0, aBuf, len, buf, len );
    rc = ParseAndPrintString( hCon, buf, len, lpNumberOfCharsWritten );
    if (wlen != 0 && rc && lpNumberOfCharsWritten != NULL)
      *lpNumberOfCharsWritten += wlen;
    if (buf != wBuf)
      HeapFree( hHeap, 0, buf );
  check_written:
    if (rc && lpNumberOfCharsWritten != NULL &&
	      *lpNumberOfCharsWritten != nNumberOfCharsToWrite)
    {
      // Converting a multibyte character to Unicode results in a different
      // "character" count.  This causes some programs to think not everything
      // was written, so the difference is sent again.	Fudge the (presumably)
      // correct count.
      if (search_env( L"ANSICON_API", prog ))
	*lpNumberOfCharsWritten = nNumberOfCharsToWrite;
    }
    return rc;
  }

  return WriteConsoleA( hCon, lpBuffer, nNumberOfCharsToWrite,
			lpNumberOfCharsWritten, lpReserved );
}

BOOL
WINAPI MyWriteConsoleW( HANDLE hCon, LPCVOID lpBuffer,
			DWORD nNumberOfCharsToWrite,
			LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved )
{
  if (nNumberOfCharsToWrite != 0 && IsConsoleHandle( hCon ))
  {
    DEBUGSTR( 4, "WriteConsoleW: %u %\"<S",
		 nNumberOfCharsToWrite, lpBuffer );
    return ParseAndPrintString( hCon, lpBuffer,
				nNumberOfCharsToWrite,
				lpNumberOfCharsWritten );
  }

  return WriteConsoleW( hCon, lpBuffer, nNumberOfCharsToWrite,
			lpNumberOfCharsWritten, lpReserved );
}

BOOL
WINAPI MyWriteFile( HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite,
		    LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped )
{
  if (nNumberOfBytesToWrite != 0 && IsConsoleHandle( hFile ))
  {
    if (HandleToULong( hFile ) == STD_OUTPUT_HANDLE ||
	HandleToULong( hFile ) == STD_ERROR_HANDLE)
      hFile = GetStdHandle( HandleToULong( hFile ) );

    write_func = "WriteFile";
    MyWriteConsoleA( hFile, lpBuffer,nNumberOfBytesToWrite, NULL,lpOverlapped );
    if (lpNumberOfBytesWritten != NULL)
      *lpNumberOfBytesWritten = nNumberOfBytesToWrite;
    return TRUE;
  }

  return WriteFile( hFile, lpBuffer, nNumberOfBytesToWrite,
		    lpNumberOfBytesWritten, lpOverlapped );
}


#define HHFILE (HANDLE)(DWORD_PTR)

UINT
WINAPI My_lwrite( HFILE hFile, LPCSTR lpBuffer, UINT uBytes )
{
  if (uBytes != 0 && IsConsoleHandle( HHFILE hFile ))
  {
    write_func = "_lwrite";
    MyWriteConsoleA( HHFILE hFile, lpBuffer, uBytes, NULL, NULL );
    return uBytes;
  }

  return _lwrite( hFile, lpBuffer, uBytes );
}

// ========== Environment variable

void set_ansicon( PCONSOLE_SCREEN_BUFFER_INFO pcsbi )
{
  CONSOLE_SCREEN_BUFFER_INFO csbi;
  TCHAR buf[64];

  if (pcsbi == NULL)
  {
    HANDLE hConOut;
    hConOut = CreateFile( L"CONOUT$", GENERIC_READ | GENERIC_WRITE,
				      FILE_SHARE_READ | FILE_SHARE_WRITE,
				      NULL, OPEN_EXISTING, 0, NULL );
    GetConsoleScreenBufferInfo( hConOut, &csbi );
    CloseHandle( hConOut );
    pcsbi = &csbi;
  }

  wsprintf( buf, L"%dx%d (%dx%d)",
	    pcsbi->dwSize.X, pcsbi->dwSize.Y,
	    pcsbi->srWindow.Right - pcsbi->srWindow.Left + 1,
	    pcsbi->srWindow.Bottom - pcsbi->srWindow.Top + 1 );
  SetEnvironmentVariable( L"ANSICON", buf );
}

DWORD
WINAPI MyGetEnvironmentVariableA( LPCSTR lpName, LPSTR lpBuffer, DWORD nSize )
{
  if (_stricmp( lpName, "ANSICON_VER" ) == 0)
  {
    if (nSize < sizeof(PVEREA))
      return sizeof(PVEREA);
    memcpy( lpBuffer, PVEREA, sizeof(PVEREA) );
    return sizeof(PVEREA) - 1;
  }

  if (_stricmp( lpName, "CLICOLOR" ) == 0)
  {
    if (nSize < 2)
      return 2;
    lpBuffer[0] = '1';
    lpBuffer[1] = '\0';
    return 1;
  }

  if (_stricmp( lpName, "ANSICON" ) == 0)
    set_ansicon( NULL );

  return GetEnvironmentVariableA( lpName, lpBuffer, nSize );
}

DWORD
WINAPI MyGetEnvironmentVariableW( LPCWSTR lpName, LPWSTR lpBuffer, DWORD nSize )
{
  if (_wcsicmp( lpName, L"ANSICON_VER" ) == 0)
  {
    if (nSize < lenof(PVERE))
      return lenof(PVERE);
    memcpy( lpBuffer, PVERE, sizeof(PVERE) );
    return lenof(PVERE) - 1;
  }

  if (_wcsicmp( lpName, L"CLICOLOR" ) == 0)
  {
    if (nSize < 2)
      return 2;
    lpBuffer[0] = '1';
    lpBuffer[1] = '\0';
    return 1;
  }

  if (_wcsicmp( lpName, L"ANSICON" ) == 0)
    set_ansicon( NULL );

  return GetEnvironmentVariableW( lpName, lpBuffer, nSize );
}


// ========== Initialisation

HookFn Hooks[] = {
  // These two are expected first!
  { APILibraryLoader,	   "LoadLibraryA",            (PROC)MyLoadLibraryA,            NULL, NULL, NULL },
  { APILibraryLoader,	   "LoadLibraryW",            (PROC)MyLoadLibraryW,            NULL, NULL, NULL },
  { APIProcessThreads,	   "CreateProcessA",          (PROC)MyCreateProcessA,          NULL, NULL, NULL },
  { APIProcessThreads,	   "CreateProcessW",          (PROC)MyCreateProcessW,          NULL, NULL, NULL },
  { APIProcessEnvironment, "GetEnvironmentVariableA", (PROC)MyGetEnvironmentVariableA, NULL, NULL, NULL },
  { APIProcessEnvironment, "GetEnvironmentVariableW", (PROC)MyGetEnvironmentVariableW, NULL, NULL, NULL },
  { APILibraryLoader,	   "GetProcAddress",          (PROC)MyGetProcAddress,          NULL, NULL, NULL },
  { APILibraryLoader,	   "LoadLibraryExA",          (PROC)MyLoadLibraryExA,          NULL, NULL, NULL },
  { APILibraryLoader,	   "LoadLibraryExW",          (PROC)MyLoadLibraryExW,          NULL, NULL, NULL },
  { APIConsole, 	   "SetConsoleMode",          (PROC)MySetConsoleMode,          NULL, NULL, NULL },
  { APIConsole, 	   "WriteConsoleA",           (PROC)MyWriteConsoleA,           NULL, NULL, NULL },
  { APIConsole, 	   "WriteConsoleW",           (PROC)MyWriteConsoleW,           NULL, NULL, NULL },
  { APIFile,		   "WriteFile",               (PROC)MyWriteFile,               NULL, NULL, NULL },
  { APIKernel,		   "_lwrite",                 (PROC)My_lwrite,                 NULL, NULL, NULL },
  { NULL, NULL, NULL, NULL, NULL, NULL }
};

//-----------------------------------------------------------------------------
//   OriginalAttr()
// Determine the original attributes for use by \e[m.
//-----------------------------------------------------------------------------
void OriginalAttr( PVOID lpReserved )
{
  HANDLE hConOut;
  CONSOLE_SCREEN_BUFFER_INFO csbi;

  hConOut = CreateFile( L"CONOUT$", GENERIC_READ | GENERIC_WRITE,
				    FILE_SHARE_READ | FILE_SHARE_WRITE,
				    NULL, OPEN_EXISTING, 0, NULL );
  if (!GetConsoleScreenBufferInfo( hConOut, &csbi ))
    csbi.wAttributes = 7;

  // If we were loaded dynamically, remember the current attributes to restore
  // upon unloading.  However, if we're the 64-bit DLL, but the image is 32-
  // bit, then the dynamic load was due to injecting into AnyCPU.
  if (lpReserved == NULL)
  {
#ifdef _WIN64
    PIMAGE_DOS_HEADER pDosHeader;
    PIMAGE_NT_HEADERS pNTHeader;
    pDosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle( NULL );
    pNTHeader = MakeVA( PIMAGE_NT_HEADERS, pDosHeader->e_lfanew );
    if (pNTHeader->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
#endif
    orgattr = csbi.wAttributes;
    GetConsoleMode( hConOut, &orgmode );
    GetConsoleCursorInfo( hConOut, &orgcci );
  }
  CloseHandle( hConOut );

  get_state();
}


//-----------------------------------------------------------------------------
//   DllMain()
// Function called by the system when processes and threads are initialized
// and terminated.
//-----------------------------------------------------------------------------

// Need to export something for static loading to work, this is as good as any.
__declspec(dllexport)
BOOL WINAPI DllMain( HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved )
{
  BOOL	  bResult = TRUE;
  PHookFn hook;
  TCHAR   logstr[4];
  typedef LONG (WINAPI *PNTQIT)( HANDLE, int, PVOID, ULONG, PULONG );
  static PNTQIT NtQueryInformationThread;

  if (dwReason == DLL_PROCESS_ATTACH)
  {
    hHeap = HeapCreate( 0, 0, 128 * 1024 );

    *logstr = '\0';
    GetEnvironmentVariable( L"ANSICON_LOG", logstr, lenof(logstr) );
    log_level = _wtoi( logstr );
    prog = get_program_name( NULL );
#if defined(_WIN64) || defined(W32ON64)
    DllNameType = DllName - 6 +
#endif
    GetModuleFileName( hInstance, DllName, lenof(DllName) );
    set_ansi_dll();

    hDllInstance = hInstance; // save Dll instance handle
    DEBUGSTR( 1, "hDllInstance = %p", hDllInstance );

    // Get the entry points to the original functions.
    hKernel = GetModuleHandleA( APIKernel );
    for (hook = Hooks; hook->name; ++hook)
      hook->oldfunc = GetProcAddress( hKernel, hook->name );

    // Get my import addresses, to detect if anyone's hooked me.
    DEBUGSTR( 2, "Storing my imports" );
    HookAPIOneMod( NULL, Hooks, FALSE, "" );

    bResult = HookAPIAllMod( Hooks, FALSE, FALSE );
    OriginalAttr( lpReserved );

    NtQueryInformationThread = (PNTQIT)GetProcAddress(
		 GetModuleHandle( L"ntdll.dll" ), "NtQueryInformationThread" );
    if (NtQueryInformationThread == NULL)
      DisableThreadLibraryCalls( hInstance );
  }
  else if (dwReason == DLL_PROCESS_DETACH)
  {
    if (lpReserved == NULL)
    {
      DEBUGSTR( 1, "Unloading" );
      HookAPIAllMod( Hooks, TRUE, FALSE );
    }
    else
    {
      DEBUGSTR( 1, "Terminating" );
    }
    if (orgattr != 0)
    {
      hConOut = CreateFile( L"CONOUT$", GENERIC_READ | GENERIC_WRITE,
					FILE_SHARE_READ | FILE_SHARE_WRITE,
					NULL, OPEN_EXISTING, 0, NULL );
      SetConsoleTextAttribute( hConOut, orgattr );
      SetConsoleMode( hConOut, orgmode );
      SetConsoleCursorInfo( hConOut, &orgcci );
      CloseHandle( hConOut );
    }
    if (hMap != NULL)
    {
      UnmapViewOfFile( pState );
      CloseHandle( hMap );
    }
    HeapDestroy( hHeap );
  }
  else if (dwReason == DLL_THREAD_DETACH)
  {
    PVOID start;
    if (NtQueryInformationThread( GetCurrentThread(),
				  9 /* ThreadQuerySetWin32StartAddress */,
				  &start, sizeof(start), NULL ) == 0
	&& (start == Hooks[0].oldfunc || start == Hooks[1].oldfunc
	 || start == Hooks[0].apifunc || start == Hooks[1].apifunc))
    {
      DEBUGSTR( 2, "Injection detected" );
      HookAPIAllMod( Hooks, FALSE, TRUE );
    }
  }
  return bResult;
}