dcef3加载flash闪烁问题简单解决方法

dcef3添加flash插件后，在播放flash时会有一个dos的黑框一闪而过,显示not sandboxed,影响使用体验!

1. 一种方法是hook 具体可以看这篇文章 http://blog.csdn.net/zx2356/article/details/51514403
   这篇文章是使用的C语言，这儿采用同样的方法，在delphi中实现!代码如下HookExt.pas源码

   unit HookExt;
    
    
   interface
   uses
      uhook,Windows,SysUtils;
    
   type
     TFuncCreateProcessA = function(lpApplicationName: LPCSTR; lpCommandLine: LPSTR;
       lpProcessAttributes, lpThreadAttributes: PSecurityAttributes; bInheritHandles: BOOL; dwCreationFlags: DWORD;
       lpEnvironment: Pointer; lpCurrentDirectory: LPCSTR; const lpStartupInfo: TStartupInfoA;
       var lpProcessInformation: TProcessInformation): BOOL; stdcall;
     TFuncCreateProcessW = function(lpApplicationName: LPCWSTR; lpCommandLine: LPWSTR;
       lpProcessAttributes, lpThreadAttributes: PSecurityAttributes; bInheritHandles: BOOL; dwCreationFlags: DWORD;
       lpEnvironment: Pointer; lpCurrentDirectory: LPCWSTR; const lpStartupInfo: TStartupInfoW;
       var lpProcessInformation: TProcessInformation): BOOL; stdcall;
    
   implementation
    
   var
     hhk: HHook;
     MapFile: THandle;
     startPID: PDWORD;
     Hook: array [0 .. 1] of TNtHookClass;
    
   function NewCreateProcessA(lpApplicationName: LPCSTR; lpCommandLine: LPSTR;
     lpProcessAttributes, lpThreadAttributes: PSecurityAttributes; bInheritHandles: BOOL; dwCreationFlags: DWORD;
     lpEnvironment: Pointer; lpCurrentDirectory: LPCSTR; const lpStartupInfo: TStartupInfoA;
     var lpProcessInformation: TProcessInformation): BOOL; stdcall;
   var
     strCommandLine: AnsiString;
   begin
     strCommandLine := StrPas(lpCommandLine);
     if (Pos('echo NOT SANDBOXED',strCommandLine)>0) or  (Pos('no-sandbox',strCommandLine)>0) then
       Result := True
     else
     begin
       Hook[0].UnHook;
       Result := TFuncCreateProcessA(Hook[0].BaseAddr)(lpApplicationName, lpCommandLine, lpProcessAttributes,
         lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
         lpProcessInformation);
       Hook[0].Hook;
     end;
   end;
    
   function NewCreateProcessW(lpApplicationName: LPCWSTR; lpCommandLine: LPWSTR;
     lpProcessAttributes, lpThreadAttributes: PSecurityAttributes; bInheritHandles: BOOL; dwCreationFlags: DWORD;
     lpEnvironment: Pointer; lpCurrentDirectory: LPCWSTR; const lpStartupInfo: TStartupInfoW;
     var lpProcessInformation: TProcessInformation): BOOL; stdcall;
   var
     strCommandLine: string;
   begin
     strCommandLine := StrPas(lpCommandLine);
    
     if (Pos('echo NOT SANDBOXED',strCommandLine)>0) or  (Pos('no-sandbox',strCommandLine)>0) then
       Result := True
     else
     begin
       Hook[1].UnHook;
       Result := TFuncCreateProcessW(Hook[1].BaseAddr)(lpApplicationName, lpCommandLine, lpProcessAttributes,
         lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
         lpProcessInformation);
       Hook[1].Hook;
     end;
   end;
    
   // 安装API Hook
   procedure InitHook;
   begin
     Hook[0] := TNtHookClass.Create('kernel32.dll', 'CreateProcessA', @NewCreateProcessA);
     Hook[1] := TNtHookClass.Create('kernel32.dll', 'CreateProcessW', @NewCreateProcessW);
     // Hook[2] := TNtHookClass.Create( 'user32.dll', 'MessageBoxA', @NewMessageBoxA );
   end;
    
   // 删除API Hook
   procedure UnInitHook;
   var
     i: Integer;
   begin
     for i := 0 to High(Hook) do
       FreeAndNil(Hook[i]);
   end;
    
   // 环境处理
   procedure DllEntry(dwReason: DWORD);
   begin
     case dwReason of
       DLL_PROCESS_ATTACH:
         InitHook;
       DLL_PROCESS_DETACH:
         UnInitHook;
     end;
   end;
    
   initialization
      InitHook;
    
   finalization
     UnInitHook;
   end.

   其中的uHook.pas源码:

   unit uHook;
    
   interface
    
   uses
   Windows, Messages, SysUtils;
   type
     TNtJmpCode = packed record
       MovEax: Byte;
       Addr: DWORD;
       JmpCode: Word;
       dwReserved: Byte;
     end;
    
     TNtHookClass = class(TObject)
     private
       hProcess: THandle;
       NewAddr: TNtJmpCode;
       OldAddr: array [0 .. 7] of Byte;
       ReadOk: Boolean;
     public
       BaseAddr: Pointer;
       constructor Create(const ADllName, AFuncName: string; ANewFunc: Pointer);
       destructor Destroy; override;
       procedure Hook;
       procedure UnHook;
     end;
    
   implementation
    
   { TNtHookClass }
    
   constructor TNtHookClass.Create(const ADllName, AFuncName: string; ANewFunc: Pointer);
   var
     dllModule: HMODULE;
     lpNumberOfBytesReacd: DWORD; //NativeUInt;
     i:Integer;
   begin
     // 获取模块句柄
     dllModule := GetModuleHandle(PWideChar(ADllName));
     if dllModule = 0 then
       dllModule := LoadLibrary(PWideChar(ADllName));
     // 得到模块入口地址
     BaseAddr := Pointer(GetProcAddress(dllModule, PWideChar(AFuncName)));
     // 获取当前进程句柄
     hProcess := GetCurrentProcess;
     // 指向新地址的指针
     NewAddr.MovEax := $B8;
     NewAddr.Addr := DWORD(ANewFunc);
     NewAddr.JmpCode := $E0FF;
     // 保存原始地址
    
     ReadOk:=ReadProcessMemory(hProcess, BaseAddr, Pointer(@OldAddr), 8, lpNumberOfBytesReacd);
     // 开始拦截
     Hook;
    
   end;
    
   destructor TNtHookClass.Destroy;
   begin
     UnHook;
     CloseHandle(hProcess);
    
     inherited;
   end;
    
   procedure TNtHookClass.Hook;
   var
     lpNumberOfBytesRead: DWORD;
   begin
     if not ReadOk then
       exit;
     // 写入新的地址
     WriteProcessMemory(hProcess, BaseAddr, @NewAddr, 8, lpNumberOfBytesRead);
   end;
    
   procedure TNtHookClass.UnHook;
   var
     lpNumberOfBytesRead: DWORD;
   begin
     if not ReadOk then
       exit;
     // 恢复地址
     WriteProcessMemory(hProcess, BaseAddr, @OldAddr, 8, lpNumberOfBytesRead);
    
   end;
    
   end.

2. 这种hook处理不好就容易蓝屏，更简单的方法如下：用二进制编辑软件，比如winhex,我这儿采用UltraEdit,用UltraEdit打开flash插件dll文件 pepflashplayer.dll 搜索comspec修改为somspec,(修改的名字只要和comspec不相同即可)修改cmd.exe为cm1.exe (修改的名字只要和cmd.exe不相同即可) 修改后为 然后保存即可，这时打开flash就不会有dos黑框闪一下了！
3. 第三种方法，更简单，什么都不用修改，只要在你的程序目录下新建一个文本文件，然后改名为cmd.exe，因为弹出黑框需要使用cmd程序，而系统搜索程序是从进程当前的工作目录开始查找，所以直接这样建一个不能执行的cmd.exe文件可以拦截cmd的调用。这个方法最简单！

第一种hook方法是修改flash文件，但其实是采用动态方法改了汇编代码，处理不好容易蓝屏。第二种方法修改flash插件文件,原理是：flash执行cmd的逻辑是，先读取环境变量comspec(cmd.exe的全路径)，读取到就执行它，读取不到就不执行cmd.exe.只要把变量和cmd.exe名字修改，就执行不成功，就没有DOS黑框出来!第一种方法是在flash插件要运行cmd.exe的时候再进行拦截，是动态修改的，而第二种是直接让flash找不到变量和cmd.exe程序，flash自己判断不用执行，是静态修改!第三种是懒人方法!但几种方法实现的效果都是阻止cmd.exe的正常执行!同时你就可以这样思考了，为了让flash不出现闪黑框的问题，就变成了如何阻止cmd.exe的执行，比如你在你自己的程序中先修改一下comspec环境变量，也是可以阻止cmd.exe执行的，大家自由发挥!