Winspy the Windows APIs involved

Winspy the Windows APIs involved

Winspy is an open source project that mimics Microsoft Spy + +, but it only covers the window handles of Spy + +, window properties, styles, class name child windows, process thread information, and so on. While not powerful, it involves a lot of Windows APIs and is a useful tool for understanding Windows APIs. The Winspy interface is as follows:

1: Dragging the sight icon to get the HWND of the window

Core Api:clienttoscreen, Windowfrompoint, Enumchildwindows, GetParent, GetWindowLong, SetWindowLong

1.1 Windowfrompoint

HWND Windowfrompoint (point point);

View Code

Gets the HWND to the window based on the desktop coordinates. Returns null to indicate that no window is below the point.

1.2 ClientToScreen

BOOL ClientToScreen (HWND hwnd,       //  handle to Windowlppoint lppoint  //  screen coordinates);

View Code

Converting client relative coordinates to desktop coordinates is a prerequisite for windowfrompoint. The function call succeeds and returns a value other than 0. Otherwise, 0 is returned.

1.3 GetParent

HWND GetParent (HWND hwnd  );

View Code

Returns the parent window HWND of the current HWND. Returns null if the window does not have a parent window or if the function call fails.

1.4 GetWindowLong

LONG GetWindowLong (   hwnd hwnd,   int

View Code

The function obtains information about the specified window, and the function obtains a 32-bit integer value that specifies the offset address in the extra window memory (the shaping value can also be used for incoming function pointers or window procedure addresses). The call successfully returned a 32-bit shaped value, and the failure returned 0. The GetLastError can be used to obtain the failure information. The types of window information that can be obtained are as follows:

Gwl_exstyle; Get the extended window style.
Gwl_style: Get the window style.
Gwl_wndproc: Gets the address of the window procedure, or the handle of the address that represents the window procedure. The window procedure must be called using the CallWindowProc function, and the CallWindowProc function is used to send a message to the window procedure for the specified window. The prototype is as follows:

1 LRESULT CallWindowProc (   2    WNDPROC lpprevwndfunc,   3    HWND HWnd,   4    5    WPARAM WPARAM,   6     

View Code

Gwl_hinstance: Gets the handle to the application case.

Gwl_hwndpaaent: Gets the parent window handle if the parent window exists.
gwl_id: Gets the window ID.
Gwl_userdata: Gets the 32-bit value associated with the window. Each window has a 32-bit value that is used by the application that created the window.
The following values are also available when the HWND parameter identifies a dialog box:
Dwl_dlgproc: Gets the address of the dialog box procedure, or a handle to the address that represents the dialog box procedure. You must use the function CallWindowProc to invoke the dialog box procedure.
Dwl_msgresult: Gets the return value of a message processing during a dialog box.
Dwl_user: Get extra information about the application's private, such as a handle or pointer.

1.5 SetWindowLong

1 LONG SetWindowLong (   2hwnd hwnd,   3int  nIndex,    4

View Code

Corresponds to GetWindowLong, which modifies the properties of the window. The property type is the same as GetWindowLong. A return value of 0 indicates that the call failed with GetLastError query error information.

1.6 Enumchildwindows

1 BOOL enumchildwindows (         2    HWND hwndparent,3    Wndenumproc Lpenumfunc,4    LPARAM LPARAM5 );

View Code

Used to enumerate all the child windows under the parent window, and Wndenumproc lpenumfunc to process the child window by returning the function. The function will block until the child window being used is enumerated, or the return function returns FALSE. The format of the return function is:

1 BOOL CALLBACK enumchildproc (          2    hwnd hwnd,3    LPARAM LPARAM 4 );

View Code

2:general Page Related APIs

The General page contains some basic information about the window, with core APIs getclassname, Iswindowunicode, GetWindowRect, GetClientRect, Offsetrect, mapwindowpoints , Getclasslong.

2.1 GetClassName

1 int getclassname (   2hwnd hwnd,   3LPTSTR lpclassname,   4  int

View Code

Gets the class name of the class to which the specified window belongs. The second parameter passes into the buffer for the class name to be received, and the third parameter is the buffer length. The return value is the length of the returned string, and a return value of 0 indicates that the call failed.

2.2 Iswindowunicode

BOOL Iswindowunicode (   hwnd hwnd);

View Code

Determines whether the character set of the window is Unicode. The character set of a window is determined by the function registerclass. If the window class is registered with the ANSI version of RegisterClass (Regjsterclassa), the window character set is ANSI, and if the window class is registered in the Unicode version of RegisterClass (REGISTERCLASSW), The window character set is Unicode.

2.3 GetWindowRect

BOOL GetWindowRect (   hwnd hwnd,   

View Code

Returns the screen coordinates of the upper-left and lower-right corners of the window's bounding rectangle for the specified window. The screen coordinate coordinate system.

2.4 GetClientRect

BOOL GetClientRect (   hwnd hwnd,   

View Code

Returns the client area coordinates for the upper-left and lower-right corners of the window's bounding rectangle for the specified window. Customer area coordinate system.

2.5 Offsetrect

1 BOOL offsetrect (  2     LPRECT LPRC,  //3     int DX,           //  horizontal offset4     int dy            //  Vertical offset);

View Code

The specified rectangle moves to the specified position, the return value is not 0 successful, and 0 fails.

2.6 MapWindowPoints

1 int mapwindowpoints (  2   HWND hwndfrom,     //  handle to source window3    HWND hwndto,       //  handle to Destination window4   lppoint lpPoints ,  //  array of points to map5   UINT cpoints       //  number of Points in array);

View Code

Maps a set of points relative to the coordinate space of a window into a set of points that correspond to the coordinate space of another window. If the function call succeeds, the low word of the return value is the number of pixels of the horizontal coordinate of each source point in order to calculate the horizontal coordinates of each target point, and the high word is the number of pixels of the vertical coordinate of each source point in order to calculate the vertical coordinates of each target point, and the return value is zero if the function call fails.

Hwndfrom or to arguments are null or hwnd_desktop, the points are assumed to be on screen coordinates. can be used instead of screentoclient or ClientToScreen.

2.7 Getclasslong

DWORD Getclasslong (   hwnd hwnd,   int  nIndex);

View Code

Returns the specified 32-bit value of the WNDCLASSEX structure associated with the specified window.

GCSW Atom: Gets an atomic value that uniquely identifies the window class, the same value as the return value of the RegisterClassEx function. Gcl_cbwndextra: Gets the byte size of the memory space in the extra window associated with each window in the class, see GetWindowLong for a method to enter the storage space. Gcl_hbrbackground: Gets a handle to the background brush associated with the class. Gcl_hcursor: Gets a handle to the cursor associated with the class. Gcl_hicon: Gets a handle to the icon associated with the class. GCL_HICONSM: Gets a handle to the small icon associated with the class. Gcl_hmoudle: Gets the handle of the module that registers the class. Gcl_menuname: Gets the address of the menu name string that identifies the menu resource associated with the class. Gcl_style: Gets the style bit of the window class. Gcl_wndrpoc: Gets the address of the window procedure associated with the class. Return value: If the function succeeds, the return value is the desired 32-bit value, and if the function fails, the return value is 0. To get more error information, call the GetLastError function. 3:styles Page Related APIs

4:properities Page Related APIs

Core Api:enumpropsex

4.1 Enumpropsex

int Enumpropsex (      hwnd hwnd,      Propenumprocex lpenumfunc,      LPARAM LPARAM);

View Code

Lists all the items in the window's property sheet, which are routed to the specified callback function until the last item is enumerated, or the callback function returns FALSE. This function provides the properties associated with the COM component OLE.

5:class Page Related APIs

Core Api:getclasslong, Getclassinfoex

5.1 Getclassinfoex

BOOL Getclassinfoex (          hinstance hinst,    lpctstr lpszclass,    lpwndclassex lpwcx);

View Code

Finds information about a window class. The second parameter passes in the name of the window class that must be registered by registerclass or registerclassex. The third parameter is used to receive class information.

6:windows Page Related APIs

Core Api:enumchildwindows, GetParent

7:process Page Related APIs

Core Api:openprocess, GetWindowThreadProcessId, GetModuleBaseName, Getmodulefilenameex, EnumProcessModules

7.1 OpenProcess

HANDLE OpenProcess (   DWORD fdwaccess,   BOOL Finherit,   DWORD idprocess);

View Code

The OpenProcess function is used to open an existing process object and return a handle to the process. The parameters are as follows:

dwDesiredAccess: Want to have theProcess access Rights
Process_all_access//All available permissions
Process_create_process//need to create a process
Process_create_thread//need to create a thread
Process_dup_handle//re-use DuplicateHandle handle
Process_query_information//Get permission to process information, such as its exit code, priority
Process_query_limited_information/* Access to certain information, if obtained process_query_information, also has process_query_limited_ Information Permissions */
Process_set_information//permission to set certain information, such as process priority
Process_set_quota//Set memory limit permissions, use SetProcessWorkingSetSize
Process_suspend_resume//Suspend or resume a process's permissions
Process_terminate//Terminate permissions on a process, using terminateprocess
Process_vm_operation//operating process memory space permissions (available Virtualprotectex and writeprocessmemory)
Process_vm_read//Read the permissions of the process memory space, you can use ReadProcessMemory
Process_vm_write//Read the permissions of the process memory space, you can use WriteProcessMemory
SYNCHRONIZE//wait for process to terminate

bInheritHandle: Indicates whether the resulting process handle can be inherited
DWPROCESSID: PID of the Open process

The return value is a handle to the specified process. If it fails, the return value is NULL, and you can call GetLastError () to get the error code.

7.2 GetWindowThreadProcessId

DWORD GetWindowThreadProcessId (  hwnd hwnd,   Lpdword lpdwprocessid);

View Code

Finds the creator (thread or process) of a window, returning the creator's process ID and thread ID. The return value is the thread ID, and the second parameter returns the process ID.

7.3 GetModuleBaseName

DWORD WINAPI getmodulebasename (  __in          HANDLE hprocess,  __in          hmodule hmodule,  __out         LPTSTR Lpbasename,  __in          DWORD nSize);

View Code

The third parameter returns the name of the module. The return value represents the length of the write buffer string, and 0 indicates that the call failed.

7.4 Getmodulefilenameex

DWORD WINAPI Getmodulefilenameex (  __in          HANDLE hprocess,  __in          hmodule hmodule,  __out         LPTSTR lpFileName,  __in          DWORD nSize);

View Code

Gets the full path of the module. The return value represents the length of the write buffer string, and 0 indicates that the call failed.

7.5 EnumProcessModules

BOOL WINAPI enumprocessmodules (  __in          HANDLE hprocess,  __out         hmodule* Lphmodule,  _ _in          DWORD CB,  __out         lpdword lpcbneeded);

View Code

Enumerates all the modules under the process and receives them with the second parameter. A return of 0 indicates that the call failed.

Winspy the Windows APIs involved