GetWindowLong跨进程获取WndProc、DlgProc。。。
来源:互联网 发布:男生护肤 知乎 编辑:程序博客网 时间:2024/06/08 02:21
在看雪提问,没人回答,只能自己折腾。。。
标题虽然写是GetWindowLong,其实并不是GetWindowLong,只是按照GetWindowLong的内部实现改了下而已。。
下面代码Win7及以上可用。。。要想XP用,XP下必需暴力搜索user32.gSharedInfo,搜索方法:user32的入口点往下看,CsrCononToServer那个函数下面。。。或者参照网上那个枚举全局Hook的代码。
Private Declare Function GetWindowThreadProcessId& Lib "user32" (ByVal hWnd&, ByRef lpdwProcessId&)Private Declare Function GetModuleHandleW& Lib "kernel32" (ByVal lpModuleName&)Private Declare Function GetProcAddress& Lib "kernel32" (ByVal hModule&, ByVal lpProcName$)Private Declare Function OpenProcess& Lib "kernel32" (ByVal dwDesiredAccess&, ByVal bInheritHandle As Boolean, ByVal dwProcessId&)Private Declare Function OpenThread& Lib "kernel32" (ByVal dwDesiredAccess&, ByVal bInheritHandle As Boolean, ByVal dwThreadId&)Private Declare Function ReadProcessMemory& Lib "kernel32" (ByVal hProcess&, ByVal lpBaseAddress&, ByVal lpBuffer&, ByVal nSize&, ByRef lpNumberOfBytesRead&)Private Declare Function NtQueryInformationThread& Lib "ntdll" (ByVal ThreadHandle&, ByVal ThreadInformationClass&, ByVal ThreadInformation&, ByVal ThreadInformationLength&, ByRef ReturnLength&)Private Declare Function CloseHandle& Lib "kernel32" (ByVal hObject&)Private Function GetThreadTeb&(ByVal hThread&)Dim tbi&(6)If NtQueryInformationThread(hThread, 0, VarPtr(tbi(0)), 28, 0) = 0 Then GetThreadTeb = tbi(1)End FunctionPrivate Function GetHighValueForUser32&(ByVal hProcess&, ByVal hThread&)Dim lpValue&ReadProcessMemory hProcess, GetThreadTeb(hThread) + &H6E8, VarPtr(lpValue), 4, 0GetHighValueForUser32 = lpValueEnd FunctionPrivate Function GetHWNDTablePointerInUser32SharedInfoEntry&(ByVal hProcess&)Dim lpU32SharedInfo&lpU32SharedInfo = GetProcAddress(GetModuleHandleW(StrPtr("user32.dll")), "gSharedInfo") + 4ReadProcessMemory hProcess, lpU32SharedInfo, VarPtr(lpU32SharedInfo), 4, 0GetHWNDTablePointerInUser32SharedInfoEntry = lpU32SharedInfoEnd FunctionPrivate Function MakeInfoPointerByRemote2UnknownForHWND&(ByVal hProcess&, ByVal hWnd&, ByVal unkHighValue&, ByVal unkPointer&)Dim dwLowValue&, dwUnknownValue&, lpPointer&dwLowValue = hWnd And &HFFFF&dwLowValue = dwLowValue + dwLowValue * 2lpPointer = unkPointer + dwLowValue * 4ReadProcessMemory hProcess, lpPointer, VarPtr(dwUnknownValue), 4, 0MakeInfoPointerByRemote2UnknownForHWND = dwUnknownValue - unkHighValueEnd FunctionPrivate Function GetRemoteProcessWndProc&(ByVal hProcess&, ByVal lpPointer&)Dim lpfnWndProc&ReadProcessMemory hProcess, lpPointer + &H60, VarPtr(lpfnWndProc), 4, 0GetRemoteProcessWndProc = lpfnWndProcEnd FunctionPrivate Function GetRemoteProcessDlgProc&(ByVal hProcess&, ByVal lpPointer&)Dim lpfnDlgProc&ReadProcessMemory hProcess, lpPointer + &HCC, VarPtr(lpfnDlgProc), 4, 0 '//XP:+ &HA8ReadProcessMemory hProcess, lpfnDlgProc, VarPtr(lpfnDlgProc), 4, 0GetRemoteProcessDlgProc = lpfnDlgProcEnd FunctionPrivate Sub Form_Load()Dim hProcess&, hThread&, tid&, pid&tid = GetWindowThreadProcessId(197776, pid)hThread = OpenThread(2032639, False, tid)hProcess = OpenProcess(2035711, False, pid)MsgBox Hex(GetRemoteProcessWndProc(hProcess, MakeInfoPointerByRemote2UnknownForHWND(hProcess, 197776, GetHighValueForUser32(hProcess, hThread), GetHWNDTablePointerInUser32SharedInfoEntry(hProcess))))MsgBox Hex(GetRemoteProcessDlgProc(hProcess, MakeInfoPointerByRemote2UnknownForHWND(hProcess, 197776, GetHighValueForUser32(hProcess, hThread), GetHWNDTablePointerInUser32SharedInfoEntry(hProcess))))CloseHandle hProcessEnd Sub
- GetWindowLong跨进程获取WndProc、DlgProc。。。
- DLGPROC
- 跨进程 获取 syslistview32 内容
- XE6 跨进程获取SysListView32
- GetWindowLong
- GetWindowLong
- GetWindowLong
- GetWindowLong
- GetWindowLong
- 研究关于跨进程信息获取
- 跨进程获取树控件节点信息
- GetProcAddressEx跨进程获取导出函数地址
- GetProcAddressEx跨进程获取导出函数地址
- SharedPreferences跨应用跨进程获取数据
- SharePreferences应用跨进程获取数据
- 安卓 SharePreferences 跨进程获取数据
- 跨进程获取其他程序的DBGrid内容
- 跨进程获取其他程序的DBGrid内容
- shared_ptr用法
- auto_ptr与shared_ptr --- auto_ptr
- 企业网站html框架
- EJB3.0学习笔记--第一个EJB程序:
- C++ 虚拟继承
- GetWindowLong跨进程获取WndProc、DlgProc。。。
- EJB3.0学习笔记---第一个EJB程序:
- 倒排索引技术
- Crontab命令学习
- cocos2d-x 内存和效率的优化(一)
- 微软ETL和企业信息管理
- gho 的相关资料
- 微软ETL和企业信息管理(1)
- 基于索引的SQL语句优化之降龙十八掌
