RSS

Hooking a windows application in DotNet

19 Aug

1. Find a process of interest or a window of interest:

Process[] p = Process.GetProcessesByName(“glworld”);
if (p.Length >= 1)
{
LianZhongApp = p[0];
LianZhongProcessID = p[0].Id;
LianZhongApp.EnableRaisingEvents = true; //Important!
LianZhongApp.Exited +=new EventHandler(OnLianZhongExit);
}

to find a specfic window handle by name, use windows api FindWindow, FindWindowEx, EnumChildWindows etc.

2. To hook certain windows message e.g. windows created/destroyed/activated etc., use system hook classes, for instance, the one of GlobalHooks .

_GlobalHooks = new GlobalHooks(this.Handle);
_GlobalHooks.CBT.Activate += new GlobalHooksTest.GlobalHooks.WindowEventHandler(On_CBT_ActivateWindow);
_GlobalHooks.CBT.Start();

3. Monitor the events and inject code of interest

private void On_CBT_ActivateWindow(IntPtr Handle)
{
UInt32 ProcessID;// = 0;
Utility32.GetWindowThreadProcessId(Handle, out ProcessID);
if (ProcessID != LianZhongProcessID)
return;

string WinCaption = Utility32.GetWindowName(Handle);
if (WinCaption.Contains(“登录信息”) && !bLoginBlocked)
{
Utility32.HideWindow(Handle); W:\DesignSoft\Zoundry Raven\MyBlogImages\spy++msg2.png
bLoginBlocked = true; //Avoid multi-time log in;
Utility32.SetForegroundWindow(Handle);
SendKeys.SendWait(“{ENTER}”); //Simulate press enter/return keys
SendKeys.SendWait(“%N”); //ALT+N; , not debugging the script error

string ClassName = Utility32.GetWindowClass(Handle);
if (ClassName.Contains(“#32770”)) //Which is dialog
Utility32.CloseWindow(Handle); //Do not append it to the list;

const int WM_COMMAND = 0x111;
Utility32.SendMessage(Handle, WM_COMMAND, 0x0FA0, 0x1010AE); //The parameters can be got it using Spy ++
return;
}

}

In spy++, to monitor the message of a specfic window, first drag the cursor onto the windows to be monitored, then press Ctrl +M to display the message dialog to filter unwanted messages.

 
2 Comments

Posted by on August 19, 2008 in Dotnet/C#

 

2 responses to “Hooking a windows application in DotNet

  1. xinyustudio

    September 29, 2008 at 5:03 pm

    Some Notes:

    1. As discussed in the CodeProject article, this cannot be used by two applications simutaneously.
    2. For a in-process and local hook, this seems not working;
    3. For a in-process hook, I have developed a class called WindowsMonitor to monitor the windows creation/destroy/focus etc. And in this application, the IntPtr or Handle is not used.

    e.g.
    private static PopWindowMonitor _popMonitor = new PopWindowMonitor();
    _popMonitor.Activate +=new WindowEventHandler(On_SomeWindow_Activated);
    _popMonitor.DestroyWindow +=new WindowEventHandler(On_SomeWindow_Closed);
    _popMonitor.Start();

     
  2. xinyustudio

    September 29, 2008 at 5:05 pm

    http://support.microsoft.com/kb/318804 is a good link for writing your own hook.

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: