KaterinaS
asked on
SQL Query Analyzer - How To Select and Execute a Line of SQL Using SendMessage() (1.1) or Other Trick
Hi
I want to select a line of text that I have inserted by way of SendMessage in another process and then execute it, but unable to do either. I used Spy++ to see what is happening behind the scene and replicate similar messages but this approach yields no fruit. Am assigning high level pts because this has frustated Jon, my Norwegian friend who claims to be best hacker. ha
1. Run Query Analyzer and open a child query window
2. Create a new C# windows application and copy the below code over the generated Form1.cs
3. Run and click button
4. Copies SQL ok and the down arrow is intercepted properly, but neither is text selected nor executed
//------------------------
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Text;
using System.Data;
using System.Runtime.InteropServ
namespace WindowsApplication2
{
/// <summary>
/// Summary description for Form1.
/// </summary>
public class Form1 : System.Windows.Forms.Form
{
[DllImport("user32.dll")]
public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll")]
public static extern IntPtr FindWindowEx(IntPtr hWndParent, IntPtr hWndChildAfter, string lpClassName, string lpWindowName);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern IntPtr SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, StringBuilder lParam);
[DllImport("user32.dll")]
public static extern Int32 SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, Int32 lParam);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern IntPtr SendMessage(IntPtr hWnd, uint wMsg, uint wParam, uint lParam);
[DllImport("User32.dll", CharSet=CharSet.Auto)]
private static extern int SendMessage(IntPtr hWnd, int message, IntPtr wParam, IntPtr lParam);
[DllImport("User32.dll", CharSet=CharSet.Auto)]
private static extern int SendMessage(IntPtr hWnd, int message, long wParam, long lParam);
[DllImport("user32.dll")]
public static extern void SetWindowText(IntPtr hWnd, string lpText);
[DllImport("user32.dll")]
public static extern bool IsWindowEnabled(IntPtr hWnd);
[DllImport("user32.dll", EntryPoint="PostMessageA")
public static extern Int32 PostMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, Int32 lParam);
[DllImport("user32.dll", EntryPoint="PostMessageA")
public static extern Int32 PostMessage(IntPtr hWnd, Int32 wMsg, uint wParam, uint lParam);
[DllImport("user32.dll")]
public static extern int MapVirtualKeyA(int wCode, int wMapType);
[DllImport("user32.dll")]
public static extern int SetFocus(IntPtr hWnd);
public const int WM_USER = 0x0400;
public const int EM_HIDESELECTION = 0x043F;
public const int WM_SETTEXT = 12;
public const int EM_SETSEL = 0x00B1;
public const int EM_REPLACESEL = 0x00C2;
public const int WM_LBUTTONDOWN = 0x0201;
public const int WM_LBUTTONUP = 0x0202;
public const uint WM_MDIGETACTIVE = 0x0229;
public const int WM_KEYDOWN = 0x0100;
public const int WM_KEYUP = 0x0101;
public const int WM_CHAR = 0x0102;
public const int WM_PAINT = 0x000F;
public const int WM_CAPTURECHANGED = 0x0215;
public const int WM_CUT = 0x0300;
public const int WM_SETFOCUS = 0x0007;
public const int VK_F5 = 0x0074;
public const int VK_SHIFT = 0x0010;
public const int VK_RIGHT = 0x0027;
public const int VK_DOWN = 0x0028;
public const int VK_LSHIFT = 0x00A0;
public const int VK_RSHIFT = 0x00A1;
private System.Windows.Forms.Butto
private System.ComponentModel.ICon
public Form1()
{
//
// Required for Windows Form Designer support
//
InitializeComponent();
}
/// <summary>
/// Clean up any resources being used.
/// </summary>
protected override void Dispose( bool disposing )
{
if( disposing )
{
if (components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.button1 = new System.Windows.Forms.Butto
this.SuspendLayout();
//
// button1
//
this.button1.Location = new System.Drawing.Point(8, 24);
this.button1.Name = "button1";
this.button1.Size = new System.Drawing.Size(96, 24);
this.button1.TabIndex = 1;
this.button1.Text = "button1";
this.button1.Click += new System.EventHandler(this.b
//
// Form1
//
this.AutoScaleBaseSize = new System.Drawing.Size(5, 13);
this.ClientSize = new System.Drawing.Size(115, 78);
this.Controls.Add(this.but
this.Name = "Form1";
this.StartPosition = System.Windows.Forms.FormS
this.Text = "Form1";
this.ResumeLayout(false);
}
#endregion
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
Form f1 = new Form1();
Application.Run(f1);
}
private void button1_Click(object sender, System.EventArgs e)
{
IntPtr hWndDialog = FindWindow("ISQLWWindowCla
IntPtr hWndMdiMain = FindWindowEx(hWndDialog, IntPtr.Zero, "MDIClient", null);
IntPtr hWndMdiActiveChild = SendMessage(hWndMdiMain, WM_MDIGETACTIVE, 0, 0);
IntPtr hWndEdit = FindWindowEx(hWndMdiActive
SendMessage(hWndEdit, WM_SETTEXT, 0, new StringBuilder("Select * From Orders"));
int iLShift = MapVirtualKeyA( VK_LSHIFT, 0);
int iDown = MapVirtualKeyA( VK_DOWN, 0);
int iF5 = MapVirtualKeyA( VK_F5, 0);
SendMessage(hWndEdit, WM_SETFOCUS, 0, 0);
SendMessage(hWndEdit, WM_KEYDOWN, VK_SHIFT, 1 | (iLShift << 16));
SendMessage(hWndEdit, WM_KEYDOWN, VK_DOWN, 1 | (iDown << 16) | (1 << 24));
SendMessage(hWndEdit, WM_KEYUP, VK_DOWN, 1 | (3 << 30) | (iDown << 16) | (1 << 24));
SendMessage(hWndEdit, WM_KEYUP, VK_SHIFT, 1 | (3 << 30) | (iLShift << 16));
SendMessage(hWndEdit, WM_KEYDOWN, VK_F5, 1 | (iF5 << 16));
SendMessage(hWndEdit, WM_KEYUP, VK_F5, 1 | (3 << 30) | (iF5 << 16));
}
}
}
//------------------------
// Spasibo!
I want to select a line of text that I have inserted by way of SendMessage in another process and then execute it, but unable to do either. I used Spy++ to see what is happening behind the scene and replicate similar messages but this approach yields no fruit. Am assigning high level pts because this has frustated Jon, my Norwegian friend who claims to be best hacker. ha
1. Run Query Analyzer and open a child query window
2. Create a new C# windows application and copy the below code over the generated Form1.cs
3. Run and click button
4. Copies SQL ok and the down arrow is intercepted properly, but neither is text selected nor executed
//------------------------
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Text;
using System.Data;
using System.Runtime.InteropServ
namespace WindowsApplication2
{
/// <summary>
/// Summary description for Form1.
/// </summary>
public class Form1 : System.Windows.Forms.Form
{
[DllImport("user32.dll")]
public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll")]
public static extern IntPtr FindWindowEx(IntPtr hWndParent, IntPtr hWndChildAfter, string lpClassName, string lpWindowName);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern IntPtr SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, StringBuilder lParam);
[DllImport("user32.dll")]
public static extern Int32 SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, Int32 lParam);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern IntPtr SendMessage(IntPtr hWnd, uint wMsg, uint wParam, uint lParam);
[DllImport("User32.dll", CharSet=CharSet.Auto)]
private static extern int SendMessage(IntPtr hWnd, int message, IntPtr wParam, IntPtr lParam);
[DllImport("User32.dll", CharSet=CharSet.Auto)]
private static extern int SendMessage(IntPtr hWnd, int message, long wParam, long lParam);
[DllImport("user32.dll")]
public static extern void SetWindowText(IntPtr hWnd, string lpText);
[DllImport("user32.dll")]
public static extern bool IsWindowEnabled(IntPtr hWnd);
[DllImport("user32.dll", EntryPoint="PostMessageA")
public static extern Int32 PostMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, Int32 lParam);
[DllImport("user32.dll", EntryPoint="PostMessageA")
public static extern Int32 PostMessage(IntPtr hWnd, Int32 wMsg, uint wParam, uint lParam);
[DllImport("user32.dll")]
public static extern int MapVirtualKeyA(int wCode, int wMapType);
[DllImport("user32.dll")]
public static extern int SetFocus(IntPtr hWnd);
public const int WM_USER = 0x0400;
public const int EM_HIDESELECTION = 0x043F;
public const int WM_SETTEXT = 12;
public const int EM_SETSEL = 0x00B1;
public const int EM_REPLACESEL = 0x00C2;
public const int WM_LBUTTONDOWN = 0x0201;
public const int WM_LBUTTONUP = 0x0202;
public const uint WM_MDIGETACTIVE = 0x0229;
public const int WM_KEYDOWN = 0x0100;
public const int WM_KEYUP = 0x0101;
public const int WM_CHAR = 0x0102;
public const int WM_PAINT = 0x000F;
public const int WM_CAPTURECHANGED = 0x0215;
public const int WM_CUT = 0x0300;
public const int WM_SETFOCUS = 0x0007;
public const int VK_F5 = 0x0074;
public const int VK_SHIFT = 0x0010;
public const int VK_RIGHT = 0x0027;
public const int VK_DOWN = 0x0028;
public const int VK_LSHIFT = 0x00A0;
public const int VK_RSHIFT = 0x00A1;
private System.Windows.Forms.Butto
private System.ComponentModel.ICon
public Form1()
{
//
// Required for Windows Form Designer support
//
InitializeComponent();
}
/// <summary>
/// Clean up any resources being used.
/// </summary>
protected override void Dispose( bool disposing )
{
if( disposing )
{
if (components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.button1 = new System.Windows.Forms.Butto
this.SuspendLayout();
//
// button1
//
this.button1.Location = new System.Drawing.Point(8, 24);
this.button1.Name = "button1";
this.button1.Size = new System.Drawing.Size(96, 24);
this.button1.TabIndex = 1;
this.button1.Text = "button1";
this.button1.Click += new System.EventHandler(this.b
//
// Form1
//
this.AutoScaleBaseSize = new System.Drawing.Size(5, 13);
this.ClientSize = new System.Drawing.Size(115, 78);
this.Controls.Add(this.but
this.Name = "Form1";
this.StartPosition = System.Windows.Forms.FormS
this.Text = "Form1";
this.ResumeLayout(false);
}
#endregion
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
Form f1 = new Form1();
Application.Run(f1);
}
private void button1_Click(object sender, System.EventArgs e)
{
IntPtr hWndDialog = FindWindow("ISQLWWindowCla
IntPtr hWndMdiMain = FindWindowEx(hWndDialog, IntPtr.Zero, "MDIClient", null);
IntPtr hWndMdiActiveChild = SendMessage(hWndMdiMain, WM_MDIGETACTIVE, 0, 0);
IntPtr hWndEdit = FindWindowEx(hWndMdiActive
SendMessage(hWndEdit, WM_SETTEXT, 0, new StringBuilder("Select * From Orders"));
int iLShift = MapVirtualKeyA( VK_LSHIFT, 0);
int iDown = MapVirtualKeyA( VK_DOWN, 0);
int iF5 = MapVirtualKeyA( VK_F5, 0);
SendMessage(hWndEdit, WM_SETFOCUS, 0, 0);
SendMessage(hWndEdit, WM_KEYDOWN, VK_SHIFT, 1 | (iLShift << 16));
SendMessage(hWndEdit, WM_KEYDOWN, VK_DOWN, 1 | (iDown << 16) | (1 << 24));
SendMessage(hWndEdit, WM_KEYUP, VK_DOWN, 1 | (3 << 30) | (iDown << 16) | (1 << 24));
SendMessage(hWndEdit, WM_KEYUP, VK_SHIFT, 1 | (3 << 30) | (iLShift << 16));
SendMessage(hWndEdit, WM_KEYDOWN, VK_F5, 1 | (iF5 << 16));
SendMessage(hWndEdit, WM_KEYUP, VK_F5, 1 | (3 << 30) | (iF5 << 16));
}
}
}
//------------------------
// Spasibo!
ASKER
Yes, all handles are correct and verified by Spy++. hWndEdit is the handle to edit control hosted on the active Mdi child window. I am also able to post the aforementioned query string to the edit control. I cannot, however, select (highlight) the text and then execute it by sending an F5 keystroke. Since it does not respond to EM_SETSEL, I tried to send a SHIFT+DOWN ARROW, but to no avail. Feel like I have exhausted all options at this point.
Would be indispensable to have QA (SQL Client Tools) installed to troubleshoot this issue. Buenos Noches!
Would be indispensable to have QA (SQL Client Tools) installed to troubleshoot this issue. Buenos Noches!
ASKER
Jon seems to think that Microsoft was deliberate to prevent this as an obvious security concern.
mmh, i dont think so. i had done such an implementation at work, i will check it out tomorrow.
maybe i got a solution to select the text.
and if we can select the text, i think we will also be able to send a keycode;)
maybe i got a solution to select the text.
and if we can select the text, i think we will also be able to send a keycode;)
ASKER
that would be wonderful
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
KaterinaS, any progress in your problem? have you tested teh norepad example with your query analyzer?
IntPtr hWndDialog = FindWindow("ISQLWWindowCla
IntPtr hWndMdiMain = FindWindowEx(hWndDialog, IntPtr.Zero, "MDIClient", null);
IntPtr hWndMdiActiveChild = SendMessage(hWndMdiMain, WM_MDIGETACTIVE, 0, 0);
IntPtr hWndEdit = FindWindowEx(hWndMdiActive
is hWndEdit the controlhandle, which holds the text? or is it the window, which has the editorcontrol implemented?
try the GetDlgItem function to get the controls handle.
i just made a test with the notepad and i got no problem sending a text to it.
i extended your pinvoke deklarations as follow:
[DllImport("user32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr SendMessage(IntPtr hWnd, Int32 wMsg, Int32 wParam, string lParam);
[DllImport("user32.dll", EntryPoint = "GetDlgItem")]
public static extern IntPtr GetDlgItem(IntPtr hWnd, Int32 nIDDlgItem);
in the keys clickevent, i did this:
IntPtr hWndDialog = FindWindow("Notepad", "Unbenannt - Editor");
IntPtr ctrlHandle = GetDlgItem(hWndDialog, 0xF); //0xF is the controls id
SendMessage(ctrlHandle, WM_SETTEXT, 0, "Test");
that puts 'Test' in my notepad instance.