Prevents spy ++ programs from capturing software windows.

I used to use Spy ++ to easily capture the 360 software interface, except for some forms created by the Application DHTML. I couldn't capture it when I used spy ++ to capture it yesterday, or even the exclusive dialog box could not be captured. It was obviously a process similar to blocking the API. I will also simulate this effect so that my program window cannot be captured.
Programs such as spy ++ generally use the windowfrompoint and childwindowfrompoint functions to obtain the window handle at the specified position. Intercept the windowfrompoint function. If the system captures the window of its own program and the process to be captured is not its own program, then return NULL directly (so that your program will not be affected when capturing your own window ). I directly use Microsoft's detour library to intercept APIs, making it easy to use.
Because it is the windowfrompoint function that intercepts all process address spaces, I use the global wh_shell hook to place the interception operation in a separate DLL project. First encapsulate the detour operation cinterceptspyfun class:
/// // Hfile ////////////////// /////////

Class cinterceptspyfun
{
PRIVATE:
// Whether it has been intercepted
Bool m_bintercepted;

Public:
// Save the process ID to block the windowfrompoint Function
Static DWORD m_dwvalidprocessid;

Public:
Cinterceptspyfun ();
~ Cinterceptspyfun ();

Bool isintercepted ()
{
Return this-> m_bintercepted;
}

/*
* Interception
* Dwvalidprocessid: process ID of the windowfrompoint function to be blocked
* Whether the interception is successful or not
*/
Bool intercept (DWORD dwvalidprocessid );

/*
* Cancel the interception and restore it to the original operation.
*/
Void unintercept ();
};

//////////// ////////////////

DWORD cinterceptspyfun: m_dwvalidprocessid = 0;

// Point the real_windowfrompoint pointer to the actual windowfrompoint function address.
Detour_trampoline (hwnd winapi real_windowfrompoint (point pt), windowfrompoint );

/*
* Processing of custom windowfrompoint Functions
*/
Hwnd winapi mine_windowfrompoint (point pt)
{
// Call the actual windowfrompoint function to obtain the window handle
Hwnd = real_windowfrompoint (PT );

// Obtain the process ID of the window
DWORD dwprocessid (0 );
: Getwindowthreadprocessid (hwnd, & dwprocessid );

If (cinterceptspyfun: m_dwvalidprocessid = dwprocessid) & (: getcurrentprocessid ()! = Cinterceptspyfun: m_dwvalidprocessid ))
{// If the window belongs to the specified process and is accessed by another process that is not the specified process, return null
Return NULL;
}

Return hwnd;
}

Cinterceptspyfun: cinterceptspyfun ()
{
M_bintercepted = false;
}

Cinterceptspyfun ::~ Cinterceptspyfun ()
{
}

Bool cinterceptspyfun: intercept (DWORD dwvalidprocessid)
{
Cinterceptspyfun: m_dwvalidprocessid = dwvalidprocessid;
// Detour database Interception
M_bintercepted = detourfunctionwithtrampoline (pbyte) real_windowfrompoint, (pbyte) mine_windowfrompoint );
Return m_bintercepted;
}

Void cinterceptspyfun: unintercept ()
{
If (m_bintercepted)
{
// Cancel Interception
Detourremove (pbyte) real_windowfrompoint, (pbyte) mine_windowfrompoint );
M_bintercepted = false;
}
}

Dwvalidprocessid (process ID of the windowfrompoint function to be intercepted) must be passed after loadlibrary, before the hook is installed, and stored in the Sharing Section for data sharing among all processes.
# Pragma data_seg (". unspy ")
Hhook = NULL;
DWORD dwvalidprocessid = 0;
# Pragma data_seg ()
# Pragma comment (linker, "/section:. unspy, RWS ")

 

The hook handle and dwvalidprocessid are both saved to the shared section ". unspy.

Set the export function of dwvalidprocessid:
Extern "C" _ declspec (dllexport) void setvalidprocessid (DWORD dwprocessid)
{
Dwvalidprocessid = dwprocessid;
}

Declare global variables of the interception class:
Cinterceptspyfun interceptspy;
Hmodule hdllmodule = NULL; // Save the DLL module handle

SHELL hook processing:

 

Lresult callback customshellproc (INT ncode, wparam, lparam)
{
If (! Interceptspy. isintercepted ())
{// Intercept the API
Interceptspy. Intercept (dwvalidprocessid );
}

Return: callnexthookex (hhook, ncode, wparam, lparam );
}

Extern "C" _ declspec (dllexport) void installhook ()
{
Hhook =: setwindowshookex (wh_shell, customshellproc, (hinstance) hdllmodule, 0 );
}

Extern "C" _ declspec (dllexport) void uninstallhook ()
{
If (hhook! = NULL)
{
: Unhookwindowshookex (hhook );
}
Hhook = NULL;
}

When uninstalling the DLL, cancel the interception operation:
Bool apientry dllmain (hmodule, DWORD ul_reason_for_call, lpvoid lpreserved)
{
Hdllmodule = hmodule;
Switch (ul_reason_for_call)
{
Case dll_process_attach:
Break;
Case dll_thread_attach:
Break;
Case dll_thread_detach:
Break;
Case dll_process_detach:
{
Interceptspy. unintercept ();
}
Break;
}

Return true;
}

So far, the DLL part has been completed. to load the DLL in the program that needs to shield the windowfrompoint function, call the setvalidprocessid of the DLL, pass in the current process ID, and then install the HOOK:
M_hinstance =: loadlibrary (_ T ("avoidspylib. dll "));
If (m_hinstance = NULL)
{
: MessageBox (null, _ T ("loadlibrary failed"), _ T (""), mb_ OK );
}

If (m_hinstance = NULL)
Return 0;
 
Typedef void (* psetvalidprocessid) (DWORD dwprocessid );
Psetvalidprocessid psetfunc;
Psetfunc = (psetvalidprocessid): getprocaddress (m_hinstance, "setvalidprocessid ");
If (psetfunc! = NULL)
{
(* Psetfunc) (: getcurrentprocessid ());
}

Typedef void (* pinstallhook )();
Pinstallhook pinstallfunc;
Pinstallfunc = (pinstallhook): getprocaddress (m_hinstance, "installhook ");
If (pinstallfunc! = NULL)
{
(* Pinstallfunc )();
}
// Uninstall the hook
If (m_hinstance! = NULL)
{
Typedef void (* puninstallhook )();
Puninstallhook pfunc;
Pfunc = (puninstallhook): getprocaddress (m_hinstance, "uninstallhook ");
If (pfunc! = NULL)
{
(* Pfunc )();
}

: Freelibrary (m_hinstance );
}

After all the work is completed, run it for a moment. The effect of the 360 software is the same. Spy ++ can no longer capture anything on the interface.