?
Solved

SQL Query Analyzer - How To Select and Execute a Line of SQL Using SendMessage() (1.1) or Other Trick

Posted on 2006-04-23
10
Medium Priority
?
590 Views
Last Modified: 2012-08-14
Hi
I want to select a line of text that I have inserted by way of SendMessage in another process and then execute it, but unable to do either.  I used Spy++ to see what is happening behind the scene and replicate similar messages but this approach yields no fruit.  Am assigning high level pts because this has frustated Jon, my Norwegian friend who claims to be best hacker. ha

1.  Run Query Analyzer and open a child query window
2.  Create a new C# windows application and copy the below code over the generated Form1.cs
3.  Run and click button
4.  Copies SQL ok and the down arrow is intercepted properly, but neither is text selected nor executed

//------------------------------
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Text;
using System.Data;
using System.Runtime.InteropServices;

namespace WindowsApplication2
{
      /// <summary>
      /// Summary description for Form1.
      /// </summary>
      public class Form1 : System.Windows.Forms.Form
      {
      [DllImport("user32.dll")]
      public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
      [DllImport("user32.dll")]
      public static extern IntPtr FindWindowEx(IntPtr hWndParent, IntPtr hWndChildAfter, string lpClassName, string lpWindowName);
      [DllImport("user32.dll", CharSet=CharSet.Auto)]
      public static extern IntPtr SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, StringBuilder lParam);
      [DllImport("user32.dll")]
      public static extern Int32 SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, Int32 lParam);
      [DllImport("user32.dll", CharSet=CharSet.Auto)]
      public static extern IntPtr SendMessage(IntPtr hWnd, uint wMsg, uint wParam, uint lParam);
      [DllImport("User32.dll", CharSet=CharSet.Auto)]
      private static extern int SendMessage(IntPtr hWnd, int message, IntPtr wParam, IntPtr lParam);
      [DllImport("User32.dll", CharSet=CharSet.Auto)]
      private static extern int SendMessage(IntPtr hWnd, int message, long wParam, long lParam);
      [DllImport("user32.dll")]
      public static extern void SetWindowText(IntPtr hWnd, string lpText);
      [DllImport("user32.dll")]
      public static extern bool IsWindowEnabled(IntPtr hWnd);
      [DllImport("user32.dll", EntryPoint="PostMessageA")]
      public static extern Int32 PostMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, Int32 lParam);
      [DllImport("user32.dll", EntryPoint="PostMessageA")]
      public static extern Int32 PostMessage(IntPtr hWnd, Int32 wMsg, uint wParam, uint lParam);

      [DllImport("user32.dll")]
      public static extern int MapVirtualKeyA(int wCode, int wMapType);
      [DllImport("user32.dll")]
      public static extern int SetFocus(IntPtr hWnd);


      public const int WM_USER = 0x0400;
      public const int EM_HIDESELECTION = 0x043F;
      public const int WM_SETTEXT = 12;
      public const int EM_SETSEL = 0x00B1;
      public const int EM_REPLACESEL = 0x00C2;
      public const int WM_LBUTTONDOWN = 0x0201;
      public const int WM_LBUTTONUP = 0x0202;
      public const uint WM_MDIGETACTIVE = 0x0229;
      public const int WM_KEYDOWN = 0x0100;
      public const int WM_KEYUP = 0x0101;
      public const int WM_CHAR = 0x0102;
      public const int WM_PAINT = 0x000F;
      public const int WM_CAPTURECHANGED = 0x0215;
      public const int WM_CUT = 0x0300;
      public const int WM_SETFOCUS = 0x0007;

      public const int VK_F5 = 0x0074;
      public const int VK_SHIFT = 0x0010;
      public const int VK_RIGHT = 0x0027;
      public const int VK_DOWN = 0x0028;
      public const int VK_LSHIFT = 0x00A0;
      public const int VK_RSHIFT = 0x00A1;
      private System.Windows.Forms.Button button1;

      private System.ComponentModel.IContainer components;

            public Form1()
            {
                  //
                  // Required for Windows Form Designer support
                  //
                  InitializeComponent();

      }

            /// <summary>
            /// Clean up any resources being used.
            /// </summary>
            protected override void Dispose( bool disposing )
            {
                  if( disposing )
                  {
                        if (components != null)
                        {
                              components.Dispose();
                        }
                  }
                  base.Dispose( disposing );
            }

            #region Windows Form Designer generated code
            /// <summary>
            /// Required method for Designer support - do not modify
            /// the contents of this method with the code editor.
            /// </summary>
            private void InitializeComponent()
            {
         this.button1 = new System.Windows.Forms.Button();
         this.SuspendLayout();
         //
         // button1
         //
         this.button1.Location = new System.Drawing.Point(8, 24);
         this.button1.Name = "button1";
         this.button1.Size = new System.Drawing.Size(96, 24);
         this.button1.TabIndex = 1;
         this.button1.Text = "button1";
         this.button1.Click += new System.EventHandler(this.button1_Click);
         //
         // Form1
         //
         this.AutoScaleBaseSize = new System.Drawing.Size(5, 13);
         this.ClientSize = new System.Drawing.Size(115, 78);
         this.Controls.Add(this.button1);
         this.Name = "Form1";
         this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
         this.Text = "Form1";
         this.ResumeLayout(false);

      }
            #endregion

            /// <summary>
            /// The main entry point for the application.
            /// </summary>
            [STAThread]
            static void Main()
            {
         Form f1 = new Form1();
                  Application.Run(f1);
            }

      private void button1_Click(object sender, System.EventArgs e)
      {
         IntPtr hWndDialog = FindWindow("ISQLWWindowClass", "SQL Query Analyzer");
         IntPtr hWndMdiMain = FindWindowEx(hWndDialog, IntPtr.Zero, "MDIClient", null);
         IntPtr hWndMdiActiveChild = SendMessage(hWndMdiMain, WM_MDIGETACTIVE, 0, 0);
         IntPtr hWndEdit = FindWindowEx(hWndMdiActiveChild, IntPtr.Zero, "DimensionEdit", null);

         SendMessage(hWndEdit, WM_SETTEXT, 0, new StringBuilder("Select * From Orders"));

         int iLShift = MapVirtualKeyA( VK_LSHIFT, 0);
         int iDown = MapVirtualKeyA( VK_DOWN, 0);
         int iF5 = MapVirtualKeyA( VK_F5, 0);

         SendMessage(hWndEdit, WM_SETFOCUS, 0, 0);
         SendMessage(hWndEdit, WM_KEYDOWN, VK_SHIFT, 1 | (iLShift << 16));
         SendMessage(hWndEdit, WM_KEYDOWN, VK_DOWN, 1 | (iDown << 16) | (1 << 24));
         SendMessage(hWndEdit, WM_KEYUP, VK_DOWN, 1 | (3 << 30) | (iDown << 16) | (1 << 24));
         SendMessage(hWndEdit, WM_KEYUP, VK_SHIFT, 1 | (3 << 30) | (iLShift << 16));

         SendMessage(hWndEdit, WM_KEYDOWN, VK_F5, 1 | (iF5 << 16));
         SendMessage(hWndEdit, WM_KEYUP, VK_F5, 1 | (3 << 30) | (iF5 << 16));

      }


      }
}
//------------------------------------------

// Spasibo!



0
Comment
Question by:KaterinaS
  • 4
  • 3
7 Comments
 
LVL 11

Expert Comment

by:vo1d
ID: 16520484
i dont have installed the queryanalyzer on my machine, so can you tell me, if all handles can be found?

IntPtr hWndDialog = FindWindow("ISQLWWindowClass", "SQL Query Analyzer");
IntPtr hWndMdiMain = FindWindowEx(hWndDialog, IntPtr.Zero, "MDIClient", null);
IntPtr hWndMdiActiveChild = SendMessage(hWndMdiMain, WM_MDIGETACTIVE, 0, 0);
IntPtr hWndEdit = FindWindowEx(hWndMdiActiveChild, IntPtr.Zero, "DimensionEdit", null);

is hWndEdit the controlhandle, which holds the text? or is it the window, which has the editorcontrol  implemented?
try the GetDlgItem function to get the controls handle.

i just made a test with the notepad and i got no problem sending a text to it.
i extended your pinvoke deklarations as follow:
[DllImport("user32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, string lParam);

[DllImport("user32.dll", EntryPoint = "GetDlgItem")]
public static extern IntPtr GetDlgItem(IntPtr hWnd, Int32 nIDDlgItem);

in the keys clickevent, i did this:
IntPtr hWndDialog = FindWindow("Notepad", "Unbenannt - Editor");
IntPtr ctrlHandle = GetDlgItem(hWndDialog, 0xF);  //0xF is the controls id
SendMessage(ctrlHandle, WM_SETTEXT, 0, "Test");

that puts 'Test' in my notepad instance.


0
 

Author Comment

by:KaterinaS
ID: 16522152
Yes, all handles are correct and verified by Spy++.  hWndEdit is the handle to edit control hosted on the active Mdi child window.  I am also able to post the aforementioned query string to the edit control.  I cannot, however, select (highlight) the text and then execute it by sending an F5 keystroke.  Since it does not respond to EM_SETSEL, I tried to send a SHIFT+DOWN ARROW, but to no avail.  Feel like I have exhausted all options at this point.

Would be indispensable to have QA (SQL Client Tools) installed to troubleshoot this issue.  Buenos Noches!
0
 

Author Comment

by:KaterinaS
ID: 16525210
Jon seems to think that Microsoft was deliberate to prevent this as an obvious security concern.  
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 11

Expert Comment

by:vo1d
ID: 16527349
mmh, i dont think so. i had done such an implementation at work, i will check it out tomorrow.
maybe i got a solution to select the text.
and if we can select the text, i think we will also be able to send a keycode;)
0
 

Author Comment

by:KaterinaS
ID: 16530999
that would be wonderful
0
 
LVL 11

Accepted Solution

by:
vo1d earned 1000 total points
ID: 16535608
i tried the following with my notepad test and it works fine:

private void button1_Click(object sender, System.EventArgs e)
{
    IntPtr hWndDialog = FindWindow("Notepad", "Unbenannt - Editor"); //get notepad windowhandle
    IntPtr ctrlHandle = GetDlgItem(hWndDialog, 0xF);                           //get editcontrol handle
    SendMessage(ctrlHandle, WM_SETTEXT, 0, "Test");                       //put "Test" in notepad
    SendMessage(ctrlHandle, 0x00B1, 0, (-1));                                    //select the whole text in editcontrol
    PostMessage(hWndDialog, WM_KEYDOWN, VK_F5, 0);                   //send F5 to notepad
}
0
 
LVL 11

Expert Comment

by:vo1d
ID: 16693807
KaterinaS, any progress in your problem? have you tested teh norepad example with your query analyzer?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question