tags:

views:

219

answers:

1
+1  Q: 

Finding WndProc Address

How can I find the address of a WndProc (of a window of another process). Even if I inject a DLL and try to find it with either GetClassInfoEx() or GetWindowLong() or GetWindowLongPtr() I always get values like 0xffff08ed, which is definitely not an executable address. It is according to MSDN: "... the address of the window procedure, or a handle representing the address of the window procedure."

Unfortunately that is not good enough for me I need the actual address. Spy++ does the job right most of the time (but even that sometimes fails). So it should be be possible. Thanx.

[EDIT:] Kudos to Chris Becke for providing a super fast, and correct solution to my little problem!

+2  A: 

Perhaps you are being stymied because you are asking for the wrong version of the windowproc.

Window Procs, like applications, occur in two flavors: ansi and unicode. Windows cannot return a raw pointer to a ansi window to a unicode application, or visa versa, as they will attempt to call it with the wrong string type.

So, there is no GetWindowLongPtr function. Its a macro that resolves to two 'real' functions the windows api provides: GetWindowLongPtrA and GetWindowLongPtrW. If the window is a unicode window, and GetWindowLongPtrA is called windows will return a handle instead of the raw pointer, so that it can intercept calls (made via CallWindowProc) and marshal the string's from ansi to unicode. The opposite conversion holds the other way.

Even if you call the correct function, you still might get a handle back - its completely possible that ansi code has subclassed a unicode window. so the windowproc has been completely replaced by one of the callWindowProc handles.

In that case - tough luck I guess.

Chris Becke  2009-12-15 11:13:26
That was quick Chris, thanks. But: I am calling the right one, and get the handle instead of the address. And Spy++ does get the right address for the same window. So it is do-able
Adam  2009-12-15 11:19:52
I was wrong. I went back and doubled checked. Turns out that ::GetWindowLongA() did the trick. Thanks and Kudos!
Adam  2009-12-15 11:33:25
Keep in mind that if you're getting back an address from another process, it is meaningless within *your* process unless you map their memory into your address space.
Paul Betts  2009-12-17 01:37:06
I know Paul, in fact my code is injected into the other process so that is where my address space is. So by "another process" I meant that I have no control of the process itself, nor do I have its source.
Adam  2009-12-18 12:07:43

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)