Re: Reading a Wnd structure...

"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx> wrote in message
news:eG$3ARQfGHA.1792@xxxxxxxxxxxxxxxxxxxxxxx
Hi James.

Not a good example, because all mentioned by you code might be changed to
something like:

__asm
{
mov eax, hUser32Instance
add eax, dwOffsetToValidateHwnd
mov ecx, hwnd
call eax
}

which is simpler and *unsafe* as your example.

--
Vladimir

"James Brown [MVP]" <not@home> wrote in message
news:lfqdndLdT93v2e3ZRVny1g@xxxxxxxxxxxx
"James Brown [MVP]" <not@home> wrote in message
news:lq2dnab92oYYo-3ZRVny1w@xxxxxxxxxxxx

"Jack" <jack@xxxxxx> wrote in message
news:h4707216sfc982j2bi9g2n80lqeq9emvov@xxxxxxxxxx
I can get a Wnd pointer in Windows 9x (thanks to one of Matt Pietrek's
books), but I can't figure it out in Windows NT/2k/XP. This page
offers vague information on how to do it:
http://www.winterdom.com/dev/ui/wnd.html

I just need read access to the structure, but if I could get write
access that would be great. And yes, I know it's undocumented, and I'm
not "supposed" to do it, but I would appreciate any help I could get.

Thanks,
Jack

Under NT OSs you need to call the ValidateHwnd function which is a
private function inside user32.dll.

PWND __fastcall ValidateHwnd(HWND hwnd);

Note the __fastcall - this is not a WINAPI definition, the hwnd
parameter gets passed via ecx register. You can use WinDbg to find the
address if you've got debug-symbols installed:

x user32!ValidateHwnd
77d48490 USER32!ValidateHwnd (on my current XP SP2 machine)

So you can't do GetProcAddress. But you can manually locate ValidateHwnd
by finding an exported function from user32 that you *know* calls it
(such as GetWindowRect). Then you parse the opcodes at the start of this
function looking for the "call" (i.e. op-code 0xE8) to ValidateHwnd:

The following C code works for 32bit NT/2000/XP on x86 processors. You
may need to play with function-pointer typedefs if you want it to
compile under C++.
PVOID ValidateHwnd(HWND hwnd){
DWORD ptr = (DWORD )memchr(GetWindowRect, 0xE8, 100);
DWORD addr = *(DWORD *)(ptr+1) + ptr + 5;

// make a function pointer
PVOID (__fastcall * _ValidateHwnd)(HWND hwnd) = (PVOID)addr;

// call the real ValidateHwnd
return _ValidateHwnd(hwnd);}Just call this function, passing in your
HWND and you'll get back a pointer-to-WND (represented as a PVOID here
for simplicity). I would recommend installing WinDbg and debug-symbols,
and inspecting the disassembly for GetWindowRect so that you understand
what the above function is doing, and also appreciate why this is not a
very smart thing to be including in 'production' software...


Formatting went funny there.....here's the function again:


PVOID ValidateHwnd(HWND hwnd)
{
DWORD ptr = (DWORD )memchr(GetWindowRect, 0xE8, 100);
DWORD addr = *(DWORD *)(ptr+1) + ptr + 5;

// make a function pointer
PVOID (__fastcall * _ValidateHwnd)(HWND hwnd) = (PVOID)addr;

// call the real ValidateHwnd
return _ValidateHwnd(hwnd);
}


James





Please do not top-post in your reply when I have bottom-posted to the
original posting....

I'm not sure what the purpose of your assembly language version of this
function is - are you saying that it is unsafe compared to my C-version? If
this is the case then I would have to agree. Your code is unportable, not
because it is in assembly, but because you appear to be using a hard-coded
offset to the function to be called. Without any supporting code it seems
you are also not taking into account any change in the op-code sequence of
GetWindowRect between releases of the NT/2000/XP OSs.

There are hundreds of versions of user32.dll floating around - the function
I posted uses the memchr function to find the first CALL instruction in
GetWindowRect. This is important as it will be safe across all *current*
versions of NT. So I do not agree that your assembly-code is simpler as you
are missing a great deal of functionality - How are you calculating
dwOffsetToValidateHwnd? how do you get the base-address to hUser32?

regards,
James

--
Microsoft MVP - Windows SDK
www.catch22.net
Free Win32 Source and Tutorials



.

Relevant Pages

  • Re: Reading a Wnd structure...
    ... add eax, dwOffsetToValidateHwnd ... mov ecx, hwnd ... PWND __fastcall ValidateHwnd(HWND hwnd); ... // call the real ValidateHwnd ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Win32 non blocking console input?
    ... sub(eax, eax); ... w.SetTimer(hWnd, 500, 3000, NULL); ... mov(0, key); ... procedure QuickGet(window:dword); ...
    (alt.lang.asm)
  • Re: Reading a Wnd structure...
    ... Note the __fastcall - this is not a WINAPI definition, the hwnd parameter ... // make a function pointer ... // call the real ValidateHwnd ... HWND and you'll get back a pointer-to-WND (represented as a PVOID here ...
    (microsoft.public.win32.programmer.kernel)