控制window程序

获取进程管理器中被选中进程的名字 :

int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow){
	HWND hwnd;
	int iItem=0;
	LVITEM lvitem, *plvitem;
	char ItemBuf[512],*pItem;
	DWORD PID;
	HANDLE hProcess;
	hwnd=FindWindow("#32770","Windows 任务管理器");
	hwnd=FindWindowEx(hwnd,0,"#32770",0);
	hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
	if (!hwnd)
		MessageBox(NULL,"[Windows 任务管理器] 尚未启动!","错误!",NULL);
	else{
		iItem=SendMessage(hwnd,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
		if (iItem==-1)
			MessageBox(NULL,"没有指定目标进程 !","错误!",NULL);
		else{
			GetWindowThreadProcessId(hwnd, &PID);
			hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
			if (!hProcess)
				MessageBox(NULL,"获取进程句柄操作失败!","错误!",NULL);
			else{
				plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);
				pItem=(char*)VirtualAllocEx(hProcess, NULL, 512, MEM_COMMIT, PAGE_READWRITE);
				if ((!plvitem)||(!pItem))
					MessageBox(NULL,"无法分配内存!","错误!",NULL);
				else{
					lvitem.cchTextMax=512;
					lvitem.iSubItem=0; //ProcessName
					lvitem.pszText=pItem;
					WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM), NULL);
					SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)iItem, (LPARAM)plvitem);
					ReadProcessMemory(hProcess, pItem, ItemBuf, 512, NULL);	
					MessageBox(NULL,ItemBuf,"ItemBuf",NULL);
				}
			}
		}
	}
	//释放内存
	CloseHandle(hwnd);
	CloseHandle(hProcess);
	VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);
	VirtualFreeEx(hProcess, pItem, 0, MEM_RELEASE);
	return 0;
}

更改进程管理器中的值

int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow){
	HWND hwnd;
	int iItem=0;
	LVITEM lvitem, *plvitem;
	DWORD PID;
	HANDLE hProcess;
	char *p_MyItemText;//目标程序中用来存放TEXT的地址
	//The pszText member is the pointer to a null-terminated
	// string containing the new text; it can also be NULL.
	//以上信息是从API手册中获得的,故在本例中字符串长度不能>=12,
	//以确保字符串后有NULL。
	char str_MyItemText[12]={0};
	strcpy(str_MyItemText,"天津 赵春生");
	hwnd=FindWindow("#32770","Windows 任务管理器");
	hwnd=FindWindowEx(hwnd,0,"#32770",0);
	hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
	if (!hwnd)
		MessageBox(NULL,"[Windows 任务管理器] 尚未启动!","错误!",NULL);
	else{
		GetWindowThreadProcessId(hwnd, &PID);
		hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
		if (!hProcess)
			MessageBox(NULL,"获取进程句柄操作失败!","错误!",NULL);
		else{
			plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);
			p_MyItemText=(char*)VirtualAllocEx(hProcess, NULL, 12, MEM_COMMIT, PAGE_READWRITE);
			if ((!plvitem)||(!p_MyItemText))
				MessageBox(NULL,"无法分配内存!","错误!",NULL);
			else{
				MessageBox(NULL,"本演示程序将更改TaskManager中第6个项目中第1列的内容。","提示",NULL);
				iItem=5;//5在这里是第六个(从零开始)
				lvitem.iSubItem=0;//同上
				lvitem.pszText=p_MyItemText;
				WriteProcessMemory(hProcess, p_MyItemText, &str_MyItemText, 12, NULL);
				WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM), NULL);
				//向目标程序发送LVM_SETITEMTEXT消息
				SendMessage(hwnd, LVM_SETITEMTEXT, (WPARAM)iItem, (LPARAM)plvitem);
			}
		}
	}
	//释放内存
	CloseHandle(hwnd);
	CloseHandle(hProcess);
	VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);
	VirtualFreeEx(hProcess, p_MyItemText, 0, MEM_RELEASE);
 
	return 0;
}
1 month ago, this page was being read.

,

Subscribe to Comments