// Helpers //----------------------------------- public static Boolean EnumWndProps(IntPtr hwnd, IntPtr lpszString, IntPtr hData) { // Create result struct WndPropStruc PropertyStruct = new WndPropStruc(); // Fill struct data IntPtr UxSubclass = GetProp(hwnd, "UxSubclassInfo"); IntPtr CC32Subclass = GetProp(hwnd, "CC32SubclassInfo"); if (UxSubclass == IntPtr.Zero && CC32Subclass == IntPtr.Zero) { // This doesn't have what we need.. } else { // Parse data if (UxSubclass == IntPtr.Zero) { PropertyStruct.hProperty = CC32Subclass; } else { PropertyStruct.hProperty = UxSubclass; } PropertyStruct.hChildWnd = hwnd; PropertyStruct.hParentWnd = GetParent(hwnd); GetWindowThreadProcessId(hwnd, ref PropertyStruct.dwPid); StringBuilder ParentClassName = new StringBuilder(260); GetClassName(PropertyStruct.hParentWnd, ParentClassName, 260); PropertyStruct.ParentClassName = ParentClassName.ToString(); StringBuilder ChildClassName = new StringBuilder(260); GetClassName(PropertyStruct.hChildWnd, ChildClassName, 260); PropertyStruct.ChildClassName = ChildClassName.ToString(); PropertyStruct.ImageName = Process.GetProcessById((int)PropertyStruct.dwPid).ProcessName; // if unique add to list if (!SubclassWndProps.Any(Entry => Entry.hProperty == PropertyStruct.hProperty)) { SubclassWndProps.Add(PropertyStruct); } } return(true); }
public static IntPtr ReadSubclassHeader(WndPropStruc UxSubclassInfo) { // Open process Console.WriteLine("[+] Duplicating Subclass header..", Color.LightGreen); IntPtr hProc = OpenProcess(0x1F0FFF, false, (int)UxSubclassInfo.dwPid); if (hProc == IntPtr.Zero) { Console.WriteLine("[!] Unable to open " + UxSubclassInfo.ImageName + " for access..", Color.Red); return(IntPtr.Zero); } else { Console.WriteLineFormatted("{0} {5}{1} " + "0x" + String.Format("{0:X}", (hProc).ToInt64()), Color.White, iProperties); } // Read out header SUBCLASS_HEADER SubclassHeader = new SUBCLASS_HEADER(); IntPtr HeaderCopy = Marshal.AllocHGlobal(Marshal.SizeOf(SubclassHeader)); uint BytesRead = 0; Boolean CallResult = ReadProcessMemory(hProc, UxSubclassInfo.hProperty, HeaderCopy, (uint)(Marshal.SizeOf(SubclassHeader)), ref BytesRead); if (CallResult) { Console.WriteLineFormatted("{0} {6}{1} " + "0x" + String.Format("{0:X}", (UxSubclassInfo.hProperty).ToInt64()), Color.White, iProperties); SubclassHeader = (SUBCLASS_HEADER)Marshal.PtrToStructure(HeaderCopy, typeof(SUBCLASS_HEADER)); Console.WriteLineFormatted(" {2} {7}{1} " + SubclassHeader.uRefs + "{3} {8}{1} " + SubclassHeader.uAlloc + "{3} {9}{1} " + SubclassHeader.uCleanup, Color.White, iProperties); Console.WriteLineFormatted(" {2} {10}{1} " + SubclassHeader.dwThreadId + "{3} {11}{1} " + SubclassHeader.pFrameCur, Color.White, iProperties); Console.WriteLineFormatted(" {2} {12}{1} " + "0x" + String.Format("{0:X}", (SubclassHeader.CallArray.pfnSubclass).ToInt64()) + " {4} comctl32!CallOriginalWndProc (?)", Color.White, iProperties); Console.WriteLineFormatted(" {2} {13}{1} " + SubclassHeader.CallArray.uIdSubclass + "{3} {14}{1} " + "0x" + String.Format("{0:X}", (Int64)SubclassHeader.CallArray.dwRefData), Color.White, iProperties); } else { Console.WriteLine("[!] Unable to call ReadProcessMemory..", Color.Red); CloseHandle(hProc); return(IntPtr.Zero); } CloseHandle(hProc); return(HeaderCopy); }