Re: Reading a Wnd structure...

Hi James.

Not a good example, because all mentioned by you code might be changed to
something like:

__asm
{
mov eax, hUser32Instance
add eax, dwOffsetToValidateHwnd
mov ecx, hwnd
call eax
}

which is simpler and *unsafe* as your example.

--
Vladimir

"James Brown [MVP]" <not@home> wrote in message
news:lfqdndLdT93v2e3ZRVny1g@xxxxxxxxxxxx
"James Brown [MVP]" <not@home> wrote in message
news:lq2dnab92oYYo-3ZRVny1w@xxxxxxxxxxxx

"Jack" <jack@xxxxxx> wrote in message
news:h4707216sfc982j2bi9g2n80lqeq9emvov@xxxxxxxxxx
I can get a Wnd pointer in Windows 9x (thanks to one of Matt Pietrek's
books), but I can't figure it out in Windows NT/2k/XP. This page
offers vague information on how to do it:
http://www.winterdom.com/dev/ui/wnd.html

I just need read access to the structure, but if I could get write
access that would be great. And yes, I know it's undocumented, and I'm
not "supposed" to do it, but I would appreciate any help I could get.

Thanks,
Jack

Under NT OSs you need to call the ValidateHwnd function which is a
private function inside user32.dll.

PWND __fastcall ValidateHwnd(HWND hwnd);

Note the __fastcall - this is not a WINAPI definition, the hwnd parameter
gets passed via ecx register. You can use WinDbg to find the address if
you've got debug-symbols installed:

x user32!ValidateHwnd
77d48490 USER32!ValidateHwnd (on my current XP SP2 machine)

So you can't do GetProcAddress. But you can manually locate ValidateHwnd
by finding an exported function from user32 that you *know* calls it
(such as GetWindowRect). Then you parse the opcodes at the start of this
function looking for the "call" (i.e. op-code 0xE8) to ValidateHwnd:

The following C code works for 32bit NT/2000/XP on x86 processors. You
may need to play with function-pointer typedefs if you want it to compile
under C++.
PVOID ValidateHwnd(HWND hwnd){
DWORD ptr = (DWORD )memchr(GetWindowRect, 0xE8, 100);
DWORD addr = *(DWORD *)(ptr+1) + ptr + 5;

// make a function pointer
PVOID (__fastcall * _ValidateHwnd)(HWND hwnd) = (PVOID)addr;

// call the real ValidateHwnd
return _ValidateHwnd(hwnd);}Just call this function, passing in your
HWND and you'll get back a pointer-to-WND (represented as a PVOID here
for simplicity). I would recommend installing WinDbg and debug-symbols,
and inspecting the disassembly for GetWindowRect so that you understand
what the above function is doing, and also appreciate why this is not a
very smart thing to be including in 'production' software...


Formatting went funny there.....here's the function again:


PVOID ValidateHwnd(HWND hwnd)
{
DWORD ptr = (DWORD )memchr(GetWindowRect, 0xE8, 100);
DWORD addr = *(DWORD *)(ptr+1) + ptr + 5;

// make a function pointer
PVOID (__fastcall * _ValidateHwnd)(HWND hwnd) = (PVOID)addr;

// call the real ValidateHwnd
return _ValidateHwnd(hwnd);
}


James




.

Relevant Pages

  • Re: Reading a Wnd structure...
    ... add eax, dwOffsetToValidateHwnd ... PWND __fastcall ValidateHwnd(HWND hwnd); ... // call the real ValidateHwnd ... and inspecting the disassembly for GetWindowRect so that you understand ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Win32 non blocking console input?
    ... sub(eax, eax); ... w.SetTimer(hWnd, 500, 3000, NULL); ... mov(0, key); ... procedure QuickGet(window:dword); ...
    (alt.lang.asm)
  • Re: Reading a Wnd structure...
    ... Note the __fastcall - this is not a WINAPI definition, the hwnd parameter ... // make a function pointer ... // call the real ValidateHwnd ... HWND and you'll get back a pointer-to-WND (represented as a PVOID here ...
    (microsoft.public.win32.programmer.kernel)
Loading