Solved

Substituting Window Procedure in another process

Posted on 2003-10-30
6
202 Views
Last Modified: 2010-04-05
Hello,

I am trying to substitute a Window Procedure in another process.
I've come across Madshi collection, thus I was thinking about using
DLL injection in order to solve my problem.

But there's a thing: how can I say which handle the DLL should refer to
after a call to CreateProcessEx?

I mean, how am I supposed to communicate with the DLL in the
other process?

Which other paths may be advisable in order to get a decent result?

TIA,

Andrew

P.S. I tried using hooks, but am having all sorts of troubles, starting from the
fact I have no clue about how to share the right window handle. Any clues on how
I could achieve this?
0
Comment
Question by:DeerBear
  • 4
  • 2
6 Comments
 
LVL 5

Author Comment

by:DeerBear
ID: 9649515
I've been trying all sorts of tricks in order to make this thing work.
I guess the problem relies in my lack of understanding about how
Window maps DLLs in processes, so really a deep understanding of
this topic may lead to a quick and easy solution.

Andrew
0
 
LVL 1

Accepted Solution

by:
fanar earned 150 total points
ID: 9655222
Hey check this out this is a hook program that subclasses msn and then adds a menu to it. It incluedes event handling also

You should find everything u need in here

http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_20429026.html#7621675

Hope this helps ,
Anar
0
 
LVL 5

Author Comment

by:DeerBear
ID: 9685709
Hi again,

This is the DLL I have now:

library EventReg_Hks;

{ Important note about DLL memory management: ShareMem must be the
  first unit in your library's USES clause AND your project's (select
  Project-View Source) USES clause if your DLL exports any procedures or
  functions that pass strings as parameters or function results. This
  applies to all strings passed to and from your DLL--even those that
  are nested in records and classes. ShareMem is the interface unit to
  the BORLNDMM.DLL shared memory manager, which must be deployed along
  with your DLL. To avoid using BORLNDMM.DLL, pass string information
  using PChar or ShortString parameters. }

uses
  Hook_Mgt in 'Hook_Mgt.pas',
  HookRoutines in 'HookRoutines.pas',
  Windows,
  Messages,
  SysUtils;

{$R *.RES}

type

  PShared=^TShared;
  TShared = record
    WindowHandle: integer;
    PID: Cardinal;
    bSubClassDone: boolean;
    AttachCount:Integer;
  end;

var
  MemFile: THandle;
  Shared: PShared;
  OldWndProc: pointer;

const HookMemFileName='MyMemoryMappedFile.Andrea';

function NewWndProc(HWindow: HWnd; Message, WParam: Longint;
                    LParam: Longint): Longint;
begin
  if Message = WM_COMMAND then
  begin
    if HiWord(WParam) = 0 then
    begin
      if LoWord( WParam ) = 2 then
        Result := CallWindowProc(OldWndProc,
                           HWindow,
                           Message,
                           WParam,
                           LParam)
      else
        Result := 0;
      Exit;
    end;
  end;
  result := CallWindowProc(OldWndProc,
                           HWindow,
                           Message,
                           WParam,
                           LParam);
end;

procedure DoSubClassWindow;
begin
  if Not Shared^.bSubClassDone then begin
    // subclasso la finestra...
    Shared^.bSubClassDone := True;
    OldWndProc := Pointer(GetWindowLong(Shared^.WindowHandle, GWL_WNDPROC));
    MessageBox( Shared^.WindowHandle,PCHar( 'Risultato: '+GetLastErrorString( ) ),'WndProc',MB_OK );
    SetWindowLong(Shared^.WindowHandle, GWL_WNDPROC, Longint(@NewWndProc));
  end
  else // ho già subclassato questa finestra !!
end;

procedure DoSubClassBack;
begin
  if Shared^.bSubClassDone then
    // de-subclasso la finestra...
    SetWindowLong(Shared^.WindowHandle, GWL_WNDPROC, Longint(OldWndProc));
end;

procedure Intro; stdcall;
begin
  MemFile := OpenFileMapping(FILE_MAP_WRITE, False, HookMemFileName);
  if MemFile=0 then
    MemFile := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0,
                                 SizeOf(TShared), HookMemFileName);
  Shared := MapViewOfFile(MemFile, FILE_MAP_WRITE, 0, 0, 0);
  if MemFile=0 then
    FillChar(Shared^, SizeOf(TShared), 0);

  Inc(Shared^.AttachCount);

  if GetCurrentProcessId = Shared^.PID then
    DoSubClassWindow;
end;

procedure Extro; stdcall;
var
  bFinished:Boolean;
begin
  Dec(Shared^.AttachCount);
  bFinished := (Shared^.AttachCount=0);

  if (GetCurrentProcessId = Shared^.PID) and Shared^.bSubClassDone then
    DoSubClassBack;

  if bFinished then
  begin
    RemoveHook;
    UnmapViewOfFile(Shared);
    CloseHandle(MemFile);
  end;
end;

procedure DLLEntryPoint(reason:integer);
begin
  case reason of
    0: {DLL_PROCESS_DETACH} Extro;
    1: {DLL_PROCESS_ATTACH} Intro;
  end;
end;

procedure SetPID(APID: Cardinal); stdcall;
begin
  Shared^.PID := APID;
end;


procedure SetWindowHandle(AHandle: Integer); stdcall;
begin
  Shared^.WindowHandle := AHandle;
  Shared^.bSubClassDone := False;
end;

exports
  InstallHook index 1,
  RemoveHook index 2,
  SetWindowHandle index 3,
  SetPID index 4;

begin
  Intro;
  DLLProc := @DLLEntryPoint;
end.

Now the used units:

unit Hook_Mgt;

interface

uses SysUtils,Windows;

Procedure InstallHook; stdcall;
procedure RemoveHook; stdcall;

implementation

uses HookRoutines;

var TheHook : Integer;

Procedure InstallHook; stdcall;
begin
  theHook := SetWindowsHookEx(WH_GETMESSAGE, @MyHookProc, hInstance, 0);
end;

procedure RemoveHook; stdcall;
begin
  UnhookWindowsHookEx(theHook);
end;

procedure UninstallHooks;
begin
end;

procedure SetUpCallBack( CB : TFarProc );
begin
  CallBack := CB;
end;

end.

unit HookRoutines;

interface

uses sysUtils, Windows, Messages;

var CallBack : TFNHookProc;

function MyHookProc(code: Integer; wparam: WPARAM; lparam: LPARAM): LRESULT stdcall;
procedure SetWndProcHandle( Handle : HWND );stdcall;
function GetLastErrorString( ErrorCode: DWord ) : PChar;

implementation

var Window : Hwnd;
    LastProc : Pointer;

procedure SetWndProcHandle( Handle : HWND );
begin
  Window := Handle;
end;

Function GetLastErrorString(ErrorCode: dWord): PChar;
var Buffer: PChar;
begin
  GetMem( Result,200 );
  FillChar( Result^,SizeOf( Result^ ),0 );
  GetMem(Buffer,200);
  if FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
                   Pointer(FORMAT_MESSAGE_FROM_HMODULE),
                   ErrorCode,
                   0,
                   Buffer,
                   200,
                   nil) <> 0 then
  begin
    StrCopy( Result, Buffer );
  end;
  FreeMem(Buffer);
end;

var Count : Integer;

function MyHookProc(code: Integer; wparam: WPARAM; lparam: LPARAM): LRESULT stdcall;
begin
  Result := CallNextHookEx( WH_CBT,code,wparam,lparam );
end;

initialization

end.

The calling code is as follows:

procedure TRecordItem.Launch;
var BlCreateProcess : Boolean;
    SI : TStartupInfo;
    PI : TProcessInformation;
    WT : TWaitThread;
    LP : PChar;
    EnvBlock : Pointer;
    BlockSize : Integer;
    EnvVars : TStringList;
begin
  FillChar(SI,SizeOf(TStartupInfo),#0);
  SI.cb:=SizeOf(TStartupInfo);
  GetMem( LP,Length( LaunchPath ) );
  LP := StrPCopy( LP,LaunchPath );
  BlCreateProcess := CreateProcess(nil, LP, nil, nil, True, 0, nil, nil, si, pi);
  FreeMem( LP );
  if BlCreateProcess then
  begin
    FProcessId := PI.dwProcessId;
    FProcessHandle := PI.hProcess;
    MainFrm.ProcessId := FProcessId;
    Sleep(100);
    EnumWindows( @EnumProc,0 );
    MainFrm.AppBox.Caption := GetWindowText( MainFrm.WindowHandle );
    WT := TWaitThread.Create( True );
    WT.ProcessHandle := FProcessHandle;
    WT.Resume;
//    SetupCallBack( @JournalRecordProc );
    SetPID(PI.dwProcessId);
    SetWindowHandle(MainFrm.WindowHandle);
    InstallHook;
    PostMessage(MainFrm.WindowHandle, WM_USER, 0, 0); // forza l'hook
  end
  else begin
         RaiseLastWin32Error;
       end;
end;

I increased the points, hoping I'll get some thorough responses.

TIA,

Andrew
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 5

Author Comment

by:DeerBear
ID: 9686396
Hey,

I'm now convinced that Windows is picking on me!

I have compiled this code in the DLL:

procedure DoSubClassWindow;
begin
  if Not Shared^.bSubClassDone then
  begin
    // subclasso la finestra...
    Shared^.bSubClassDone := True;
    OldWndProc := Pointer(GetWindowLong(Shared^.WindowHandle, GWL_WNDPROC));
    MessageBox( Shared^.WindowHandle,PCHar( 'Risultato: '+GetLastErrorString( GetLastError ) ),'WndProc',MB_OK );
    SetWindowLong(Shared^.WindowHandle, GWL_WNDPROC, Longint(@NewWndProc));
  end
  else // ho già subclassato questa finestra !!
end;

GetLastErrorString retrieves the last error issued by win32 and the surprise is... well,
the message is: "Invalid Window Handle"... but SURPRISE! That handle is just the very same
handle used to display the message... and I'm sure DoSubClass is called in the right process!

I'm feeling kinda disappointed... :-(

Any ideas?

TIA,

Andrew
0
 
LVL 1

Expert Comment

by:fanar
ID: 9752038
Hey Andrew try puting the whole source inside the ProcFunction for the Hook .

This is what i mean
first to to subclass a window u have to inject ur dll into its process.
Ez way to do that is to use  SetWindowsHookEx and then inside this hook proc u can use the SetWindowLong to subclass.

I think this should work
Anar
0
 
LVL 5

Author Comment

by:DeerBear
ID: 9837466
Hi Fanar,

I decided to close the question and assign you the points!

Thank you for your interest!

Andrew
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question