读取sysTreeview32和SysListView32
#include <stdio.h>
#include <windows.h>
#include <commctrl.h>
int main(void)
{
/* Run through the windows until we find our listview. */
HWND hwnd = NULL;
int count, i;
char item[512] = {0}, subitem[512] = {0};
LVITEM lvi, *_lvi;
char *_item, *_subitem;
DWORD pid;
HANDLE process;
hwnd = FindWindowEx(hwnd, NULL, TEXT("CabinetWClass"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("SHELLDLL_DefView"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("DUIViewWndClassName"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("DirectUIHWND"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("CtrlNotifySink"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("SysListView32"), NULL);
count=(int)SendMessage(hwnd, LVM_GETITEMCOUNT, 0, 0);
GetWindowThreadProcessId(hwnd, &pid);
process=OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|
PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, pid);
_lvi=(LVITEM*)VirtualAllocEx(process, NULL, sizeof(LVITEM),
MEM_COMMIT, PAGE_READWRITE);
_item=(char*)VirtualAllocEx(process, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);
_subitem=(char*)VirtualAllocEx(process, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);
lvi.cchTextMax=512;
for(i=0; i<count; i++) {
lvi.iSubItem=0;
lvi.pszText=_item;
WriteProcessMemory(process, _lvi, &lvi, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)i, (LPARAM)_lvi);
lvi.iSubItem=1;
lvi.pszText=_subitem;
WriteProcessMemory(process, _lvi, &lvi, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)i, (LPARAM)_lvi);
ReadProcessMemory(process, _item, item, 512, NULL);
ReadProcessMemory(process, _subitem, subitem, 512, NULL);
printf("%s - %s\n", item, subitem);
}
VirtualFreeEx(process, _lvi, 0, MEM_RELEASE);
VirtualFreeEx(process, _item, 0, MEM_RELEASE);
VirtualFreeEx(process, _subitem, 0, MEM_RELEASE);
return 0;
}
//http://www.codeproject.com/Articles/5570/Stealing-Program-s-Memory#include <iostream>
#include <afx.h>
#include <windows.h>
#include <commctrl.h>
using namespace std;
int main()
{
HWND hwnd = NULL;
DWORD PID;
HANDLE process;
PVOID buffer;
const int bufferLength = 4000;
LPTVITEM item = (LPTVITEM)new BYTE[bufferLength];
CString text;
hwnd = FindWindowEx(hwnd, NULL, TEXT("CabinetWClass"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("BaseBar"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("ReBarWindow32"), NULL);
hwnd = FindWindowEx(hwnd, NULL, TEXT("SysTreeView32"), NULL);
if (hwnd == NULL)
{
return 0;
}
GetWindowThreadProcessId(hwnd, &PID);
process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
buffer = VirtualAllocEx(process,NULL,bufferLength,MEM_COMMIT,PAGE_READWRITE);
item->mask = TVIF_TEXT;
item->cchTextMax = 512;
item->pszText = LPTSTR((PBYTE)buffer+sizeof(TVITEM));
item->hItem = (HTREEITEM)SendMessage(hwnd,TVM_GETNEXTITEM,TVGN_ROOT,0);
while(item->hItem)
{
SendMessage(hwnd,TVM_SELECTITEM,TVGN_CARET,(long)item->hItem);
WriteProcessMemory(process,buffer,item,sizeof(TVITEM),NULL);
SendMessage(hwnd,TVM_GETITEM,0,(LPARAM)buffer);
ReadProcessMemory(process,buffer,item,bufferLength,NULL);
text = (LPTSTR)((PBYTE)item+sizeof(TVITEM));
if( -1 != text.Find("Download"))
{
SendMessage(hwnd,TVM_EXPAND,TVE_EXPAND,(long)item->hItem);
SendMessage(hwnd, TVM_SELECTITEM,TVGN_CARET, (long)item->hItem);
cout << (LPSTR)(LPCTSTR)text << endl;
break;
}
item->hItem = (HTREEITEM)SendMessage(hwnd,TVM_GETNEXTITEM,TVGN_NEXTVISIBLE,(long)item->hItem);
}
VirtualFreeEx(process, item, 0, MEM_RELEASE);
CloseHandle(process);
return 0;
}
//http://bbs.csdn.net/topics/391818883
Keep it simple!
