I work manager trying to get all the items in Windows, but all the lines I get - empty. I use the Red Studio XE7
process wtff (hwn: thandle); Var list view: HWND; Process ID: Dedworlds; Process: Thandel; Size: Cardinal; MemLocal: Indicator; MemRemote: Indicator; NumBytes: NativeUInt; IconIndex: integer; IconLabel: string; Initiation ProcessId: = 0; List view: = FindWindowEx (H, 0, 'SysListView32', zero); GetWindowThreadProcessId (ListView, @ProcessId); Procedure: = OpenProcess (PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE, false, ProcessID); If the process (try gt0) then try the size: = sizeof (TLVItem) + sizeof (four) * MAX_PATH + 1; MemLocal: = VirtualAlloc (zero, size, MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE); MemRemote: = VirtualAllocEx (process, zero, size, MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE); If Assigned (MemLocal) and Assign (MemRemote) then // Assign strive for memory IconIndex so: = 0 SendMessage do (ListView, LVM_GETITEMCOUNT, 0, 0) - Starting from 1 ZeroMemory (MemLocal, sizeof (TLVItem) ); ^ Do start mask with PLVItem (MemLocal): = LVIF_TEXT; IItem: IconIndex; PszText: = LPTSTR (Cardinal (Mmremote) + Cardinal (Size (TLVItem)); CchTextMax: MAX_PATH; End; NumBytes: = 0; WriteProcessMemory (getting process, MemRemote, MemLocal, size, NumBytes) and Boolean (SendMessage (ListView, LVM_GETITEM, 0, lParam (MemRemote))) and ReadProcessMemory (process, MemRemote, MemLocal, size, NumBytes) begin // if the text the IconLabel: = string (Pisihr (Cardinal (Memokl) + Cardinal (Size (TLVItem)))); If CaseSensitive then IconLabel starts: = LowerCase (IconLabel); AText: = lowercase (aText); End; Form1.Memo1.Lines.Add (IconLabel); /// Memo Add Finally; End; Excluding the End; If assigned (memremote) then virtualfreex (process, memerette, 0, mammules); If assigned (memokal) then virtualfree (memocal, 0, memorial); Finally CloseHandle (process); End; End;
So, in the memo, I only look at many empty lines.
I tried some similar code. For any reason, this method works in some applications, but in some it is not (especially when foreign processes require high privileges).
Perhaps foreign process window does not accept message. Send Message
Error number 5 (Access denied) can give a possible solution I can see dll injection
in the process and can issue ChangeWindowMessageFilterEx
Accept the message from window to inside of that process.
But it can be very troublesome and can increase the antivirus alarm ..
No comments:
Post a Comment