Prevents spy ++ programs from capturing software windows.

Source: Internet
Author: User

I used to use Spy ++ to easily capture the 360 software interface, except for some forms created by the Application DHTML. I couldn't capture it when I used spy ++ to capture it yesterday, or even the exclusive dialog box could not be captured. It was obviously a process similar to blocking the API. I will also simulate this effect so that my program window cannot be captured.
Programs such as spy ++ generally use the windowfrompoint and childwindowfrompoint functions to obtain the window handle at the specified position. Intercept the windowfrompoint function. If the system captures the window of its own program and the process to be captured is not its own program, then return NULL directly (so that your program will not be affected when capturing your own window ). I directly use Microsoft's detour library to intercept APIs, making it easy to use.
Because it is the windowfrompoint function that intercepts all process address spaces, I use the global wh_shell hook to place the interception operation in a separate DLL project. First encapsulate the detour operation cinterceptspyfun class:
/// // Hfile ////////////////// /////////

Class cinterceptspyfun
{
PRIVATE:
// Whether it has been intercepted
Bool m_bintercepted;

Public:
// Save the process ID to block the windowfrompoint Function
Static DWORD m_dwvalidprocessid;

Public:
Cinterceptspyfun ();
~ Cinterceptspyfun ();

Bool isintercepted ()
{
Return this-> m_bintercepted;
}

/*
* Interception
* Dwvalidprocessid: process ID of the windowfrompoint function to be blocked
* Whether the interception is successful or not
*/
Bool intercept (DWORD dwvalidprocessid );

/*
* Cancel the interception and restore it to the original operation.
*/
Void unintercept ();
};

//////////// ////////////////

DWORD cinterceptspyfun: m_dwvalidprocessid = 0;

// Point the real_windowfrompoint pointer to the actual windowfrompoint function address.
Detour_trampoline (hwnd winapi real_windowfrompoint (point pt), windowfrompoint );

/*
* Processing of custom windowfrompoint Functions
*/
Hwnd winapi mine_windowfrompoint (point pt)
{
// Call the actual windowfrompoint function to obtain the window handle
Hwnd = real_windowfrompoint (PT );

// Obtain the process ID of the window
DWORD dwprocessid (0 );
: Getwindowthreadprocessid (hwnd, & dwprocessid );

If (cinterceptspyfun: m_dwvalidprocessid = dwprocessid) & (: getcurrentprocessid ()! = Cinterceptspyfun: m_dwvalidprocessid ))
{// If the window belongs to the specified process and is accessed by another process that is not the specified process, return null
Return NULL;
}

Return hwnd;
}

Cinterceptspyfun: cinterceptspyfun ()
{
M_bintercepted = false;
}

Cinterceptspyfun ::~ Cinterceptspyfun ()
{
}

Bool cinterceptspyfun: intercept (DWORD dwvalidprocessid)
{
Cinterceptspyfun: m_dwvalidprocessid = dwvalidprocessid;
// Detour database Interception
M_bintercepted = detourfunctionwithtrampoline (pbyte) real_windowfrompoint, (pbyte) mine_windowfrompoint );
Return m_bintercepted;
}

Void cinterceptspyfun: unintercept ()
{
If (m_bintercepted)
{
// Cancel Interception
Detourremove (pbyte) real_windowfrompoint, (pbyte) mine_windowfrompoint );
M_bintercepted = false;
}
}

Dwvalidprocessid (process ID of the windowfrompoint function to be intercepted) must be passed after loadlibrary, before the hook is installed, and stored in the Sharing Section for data sharing among all processes.
# Pragma data_seg (". unspy ")
Hhook = NULL;
DWORD dwvalidprocessid = 0;
# Pragma data_seg ()
# Pragma comment (linker, "/section:. unspy, RWS ")

 

The hook handle and dwvalidprocessid are both saved to the shared section ". unspy.

Set the export function of dwvalidprocessid:
Extern "C" _ declspec (dllexport) void setvalidprocessid (DWORD dwprocessid)
{
Dwvalidprocessid = dwprocessid;
}

Declare global variables of the interception class:
Cinterceptspyfun interceptspy;
Hmodule hdllmodule = NULL; // Save the DLL module handle

SHELL hook processing:

 

Lresult callback customshellproc (INT ncode, wparam, lparam)
{
If (! Interceptspy. isintercepted ())
{// Intercept the API
Interceptspy. Intercept (dwvalidprocessid );
}

Return: callnexthookex (hhook, ncode, wparam, lparam );
}

Extern "C" _ declspec (dllexport) void installhook ()
{
Hhook =: setwindowshookex (wh_shell, customshellproc, (hinstance) hdllmodule, 0 );
}

Extern "C" _ declspec (dllexport) void uninstallhook ()
{
If (hhook! = NULL)
{
: Unhookwindowshookex (hhook );
}
Hhook = NULL;
}

When uninstalling the DLL, cancel the interception operation:
Bool apientry dllmain (hmodule, DWORD ul_reason_for_call, lpvoid lpreserved)
{
Hdllmodule = hmodule;
Switch (ul_reason_for_call)
{
Case dll_process_attach:
Break;
Case dll_thread_attach:
Break;
Case dll_thread_detach:
Break;
Case dll_process_detach:
{
Interceptspy. unintercept ();
}
Break;
}

Return true;
}

So far, the DLL part has been completed. to load the DLL in the program that needs to shield the windowfrompoint function, call the setvalidprocessid of the DLL, pass in the current process ID, and then install the HOOK:
M_hinstance =: loadlibrary (_ T ("avoidspylib. dll "));
If (m_hinstance = NULL)
{
: MessageBox (null, _ T ("loadlibrary failed"), _ T (""), mb_ OK );
}

If (m_hinstance = NULL)
Return 0;
 
Typedef void (* psetvalidprocessid) (DWORD dwprocessid );
Psetvalidprocessid psetfunc;
Psetfunc = (psetvalidprocessid): getprocaddress (m_hinstance, "setvalidprocessid ");
If (psetfunc! = NULL)
{
(* Psetfunc) (: getcurrentprocessid ());
}

Typedef void (* pinstallhook )();
Pinstallhook pinstallfunc;
Pinstallfunc = (pinstallhook): getprocaddress (m_hinstance, "installhook ");
If (pinstallfunc! = NULL)
{
(* Pinstallfunc )();
}
// Uninstall the hook
If (m_hinstance! = NULL)
{
Typedef void (* puninstallhook )();
Puninstallhook pfunc;
Pfunc = (puninstallhook): getprocaddress (m_hinstance, "uninstallhook ");
If (pfunc! = NULL)
{
(* Pfunc )();
}

: Freelibrary (m_hinstance );
}

After all the work is completed, run it for a moment. The effect of the 360 software is the same. Spy ++ can no longer capture anything on the interface.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.