如何在其他程序的窗口上创建按钮并使之能响应
| 源代码下载
环境:Windows NT/2000 实现方法:采用将动态连接库注入到其他进程中的方法来实现。 为了便于选择窗口,我借用了另一个程序"2000下显示带*号"来选择窗口。 |
 |
| 图一 将动态连接库注入其他进程的代码如下: |
BOOL WINAPI RT_CTRL_BTN(LPCSTR lpszLibFile, HWND hWnd, DWORD dwID, LPRECT pRtBtn, LPCTSTR szCaptionBtn)
{
try {
DWORD dwProcessID;
GetWindowThreadProcessId(hWnd, &dwProcessID);
HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwProcessID );
if (!hProcess){
return FALSE;
}
INJECT_DLL InjectInfo;
InjectDLL_Info(&InjectInfo, lpszLibFile, hWnd, dwID, pRtBtn, szCaptionBtn);
LPBYTE lpThreadAddr=(LPBYTE)::VirtualAllocEx(hProcess, NULL, MAXINJECTSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
LPINJECT_DLL param = (LPINJECT_DLL) VirtualAllocEx( hProcess, 0, sizeof(INJECT_DLL), MEM_COMMIT, PAGE_READWRITE );
WriteProcessMemory(hProcess, lpThreadAddr,&RemoteControlThread, MAXINJECTSIZE, 0);
WriteProcessMemory( hProcess, param, &InjectInfo, sizeof(InjectInfo), 0 );
DWORD dwThreadId;
HANDLE hThread = ::CreateRemoteThread(hProcess,NULL,0,
(unsigned long (__stdcall *)(void *))lpThreadAddr,
param, 0, &dwThreadId);
if (!hThread){
CloseHandle(hProcess);
VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE );
VirtualFreeEx( hProcess, param, 0, MEM_RELEASE );
return FALSE;
}
else {
CloseHandle(hThread);
CloseHandle(hProcess);
VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE );
VirtualFreeEx( hProcess, param, 0, MEM_RELEASE );
}
}
catch (...){
return FALSE;
}
return TRUE;
}
|
| 环境:win2000 professional + VC6.0+SP5 + PlatformSDK 2001.8 |