// Helpers
//-----------------------------------
public static Boolean EnumWndProps(IntPtr hwnd, IntPtr lpszString, IntPtr hData)
{
// Create result struct
WndPropStruc PropertyStruct = new WndPropStruc();
// Fill struct data
IntPtr UxSubclass = GetProp(hwnd, "UxSubclassInfo");
IntPtr CC32Subclass = GetProp(hwnd, "CC32SubclassInfo");
if (UxSubclass == IntPtr.Zero && CC32Subclass == IntPtr.Zero)
{
// This doesn't have what we need..
}
else
{
// Parse data
if (UxSubclass == IntPtr.Zero)
{
PropertyStruct.hProperty = CC32Subclass;
}
else
{
PropertyStruct.hProperty = UxSubclass;
}
PropertyStruct.hChildWnd = hwnd;
PropertyStruct.hParentWnd = GetParent(hwnd);
GetWindowThreadProcessId(hwnd, ref PropertyStruct.dwPid);
StringBuilder ParentClassName = new StringBuilder(260);
GetClassName(PropertyStruct.hParentWnd, ParentClassName, 260);
PropertyStruct.ParentClassName = ParentClassName.ToString();
StringBuilder ChildClassName = new StringBuilder(260);
GetClassName(PropertyStruct.hChildWnd, ChildClassName, 260);
PropertyStruct.ChildClassName = ChildClassName.ToString();
PropertyStruct.ImageName = Process.GetProcessById((int)PropertyStruct.dwPid).ProcessName;
// if unique add to list
if (!SubclassWndProps.Any(Entry => Entry.hProperty == PropertyStruct.hProperty))
{
SubclassWndProps.Add(PropertyStruct);
}
}
return(true);
}
public static IntPtr ReadSubclassHeader(WndPropStruc UxSubclassInfo)
{
// Open process
Console.WriteLine("[+] Duplicating Subclass header..", Color.LightGreen);
IntPtr hProc = OpenProcess(0x1F0FFF, false, (int)UxSubclassInfo.dwPid);
if (hProc == IntPtr.Zero)
{
Console.WriteLine("[!] Unable to open " + UxSubclassInfo.ImageName + " for access..", Color.Red);
return(IntPtr.Zero);
}
else
{
Console.WriteLineFormatted("{0} {5}{1} " + "0x" + String.Format("{0:X}", (hProc).ToInt64()), Color.White, iProperties);
}
// Read out header
SUBCLASS_HEADER SubclassHeader = new SUBCLASS_HEADER();
IntPtr HeaderCopy = Marshal.AllocHGlobal(Marshal.SizeOf(SubclassHeader));
uint BytesRead = 0;
Boolean CallResult = ReadProcessMemory(hProc, UxSubclassInfo.hProperty, HeaderCopy, (uint)(Marshal.SizeOf(SubclassHeader)), ref BytesRead);
if (CallResult)
{
Console.WriteLineFormatted("{0} {6}{1} " + "0x" + String.Format("{0:X}", (UxSubclassInfo.hProperty).ToInt64()), Color.White, iProperties);
SubclassHeader = (SUBCLASS_HEADER)Marshal.PtrToStructure(HeaderCopy, typeof(SUBCLASS_HEADER));
Console.WriteLineFormatted(" {2} {7}{1} " + SubclassHeader.uRefs + "{3} {8}{1} " + SubclassHeader.uAlloc + "{3} {9}{1} " + SubclassHeader.uCleanup, Color.White, iProperties);
Console.WriteLineFormatted(" {2} {10}{1} " + SubclassHeader.dwThreadId + "{3} {11}{1} " + SubclassHeader.pFrameCur, Color.White, iProperties);
Console.WriteLineFormatted(" {2} {12}{1} " + "0x" + String.Format("{0:X}", (SubclassHeader.CallArray.pfnSubclass).ToInt64()) + " {4} comctl32!CallOriginalWndProc (?)", Color.White, iProperties);
Console.WriteLineFormatted(" {2} {13}{1} " + SubclassHeader.CallArray.uIdSubclass + "{3} {14}{1} " + "0x" + String.Format("{0:X}", (Int64)SubclassHeader.CallArray.dwRefData), Color.White, iProperties);
}
else
{
Console.WriteLine("[!] Unable to call ReadProcessMemory..", Color.Red);
CloseHandle(hProc);
return(IntPtr.Zero);
}
CloseHandle(hProc);
return(HeaderCopy);
}
