/*
struct StrParam{
HWND hPwdEdit;
unsigned int nLenth;
char* buff;
};
//计算器为目标进程。
static DWORD WINAPI MyFunc (LPVOID pData)
{
//do something
StrParam* param=(StrParam*)pData;
HWND hPwdEdit=param->hPwdEdit;
char* buff=param->buff;
unsigned int nLenth=param->nLenth;
::SendMessage( hPwdEdit, WM_GETTEXT, nLenth, (LPARAM)buff );
return 0;
}
*/
static DWORD WINAPI MyFunc (LPVOID pData)
{
//do something
DWORD hPwdEdit=*(DWORD*)pData;
//*
char buff[512];
unsigned int nLenth=sizeof(buff);
//::SendMessage( (HWND)hPwdEdit, WM_GETTEXT, nLenth, (LPARAM)buff );
//::PostMessage( (HWND)hPwdEdit, WM_GETTEXT, nLenth, (LPARAM)buff );
//exit(0);
//*/
//::MessageBox(NULL,"test","test",MB_OK);
return *(DWORD*)pData;
}
static void AfterMyFunc (void) {
}
void CRemoThread1GetPwdDlg::OnBtnGetpassword()
{
HWND hPwdEdit;
char psBuffer[256];
int nMaxChars=sizeof(psBuffer);
//HWND hStart =(HWND)this->GetDlgItemInt(IDC_EDIT_HWINDOW);// ::FindWindow (NULL,"SciCalc");
char hwindowBuff[255];
this->GetDlgItemText(IDC_EDIT_HWINDOW,hwindowBuff,sizeof(hwindowBuff));
HWND hStart;
sscanf(hwindowBuff,"%x",(int*)(&hStart));
char hwndBuff[255];
this->GetDlgItemText(IDC_EDIT_HWND,hwndBuff,sizeof(hwndBuff));
sscanf(hwndBuff,"%x",(int*)(&hPwdEdit));
//hPwdEdit=(HWND)this->GetDlgItemInt(IDC_EDIT_HWND);
//::SendMessage( hPwdEdit, WM_GETTEXT, nMaxChars, (LPARAM)psBuffer ); //SendMessage(hWnd1,256,(LPARAM)str1);
DWORD PID, TID;
TID = ::GetWindowThreadProcessId (hStart, &PID);
HANDLE hProcess;
hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,PID);
//char szBuffer[10];
//*(DWORD*)szBuffer=1000;//for test
//DWORD cbParamSize=sizeof(szBuffer);
//void *pDataRemote =(char*) VirtualAllocEx( hProcess, 0, sizeof(szBuffer), MEM_COMMIT,PAGE_READWRITE );
char szBuffer[10];
*(DWORD*)szBuffer=(DWORD)hPwdEdit;//for test
DWORD cbParamSize=sizeof(szBuffer);
//DWORD cbParamSize=sizeof(hPwdEdit);
void *pDataRemote =(char*) VirtualAllocEx( hProcess, 0, cbParamSize, MEM_COMMIT,PAGE_READWRITE );
{
char buff[255];
sprintf(buff,"%d,%x",cbParamSize,(int)pDataRemote);
MessageBox(buff);
}
//5
//::WriteProcessMemory( hProcess, pDataRemote, szBuffer,sizeof(szBuffer),NULL);
::WriteProcessMemory( hProcess, pDataRemote,szBuffer, cbParamSize,NULL);
//6
DWORD cbCodeSize=((LPBYTE) AfterMyFunc - (LPBYTE) MyFunc);
//分配代码地址空间
PDWORD pCodeRemote = (PDWORD) VirtualAllocEx( hProcess, 0, cbCodeSize, MEM_COMMIT,PAGE_EXECUTE_READWRITE );
//7
WriteProcessMemory( hProcess, pCodeRemote, &MyFunc, cbCodeSize, NULL);
//8
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE) pCodeRemote,
pDataRemote, 0 , NULL);
DWORD h;
if (hThread)
{
::WaitForSingleObject( hThread, INFINITE );
::GetExitCodeThread( hThread, &h );
TRACE("run and return %d/n",h);
char buff[256];
sprintf(buff,"run and return %d,0x%x",h,h);
MessageBox(buff);
::CloseHandle( hThread );
}
//9
//释放空间
::VirtualFreeEx( hProcess, pCodeRemote,
cbCodeSize,MEM_RELEASE );
::VirtualFreeEx( hProcess, pDataRemote,
cbParamSize,MEM_RELEASE );
//关闭进程句柄
::CloseHandle( hProcess );
//this->SetDlgItemText(IDC_EDIT_PASSWORD,psBuffer);
}