So far I tried to use GetWindow using GetForegroundWindow and this always returns NULL. when I use The GetLastError I have a msg saying 1400, Invalid windows Handle.
When I first debug I have Null as I said befor, but when I redo the execution I have a valid handle and all work fine.
What could be the problem.
static int CheckZOrder2Windows(HWND FirstWindow, HWND SecondWindow)
{
int zOrderWnd1 = -1, zOrderWnd2 =-1;
HWND tempHwnd = GetWindow(GetForegroundWindow(), GW_HWNDFIRST);
if (!tempHwnd)
ErrorExit(TEXT(""));
DWORD dwFGThread1 = GetWindowThreadProcessId(FirstWindow, NULL);
DWORD dwFGThread2 = GetWindowThreadProcessId(SecondWindow, NULL);
int currentOrder = 0;
DWORD dwFGThread = 0;
while(tempHwnd)
{
++currentOrder;
if(IsWindowVisible(tempHwnd))
{
dwFGThread = GetWindowThreadProcessId(tempHwnd, NULL);
if (dwFGThread == dwFGThread1)
zOrderWnd1 = currentOrder;
else if (dwFGThread == dwFGThread2)
zOrderWnd2 = currentOrder;
}
tempHwnd=GetWindow(tempHwnd,GW_HWNDNEXT);
}
if ((zOrderWnd1 == -1) || (zOrderWnd2 == -1))
return 0;
return (zOrderWnd1 - zOrderWnd2);
}
GetForegroundWindow is allowed to return NULL and you never check for that.
MSDN also says:
The Enum[Child]Windows function is more reliable than calling GetWindow in a loop. An application that calls GetWindow to perform this task risks being caught in an infinite loop or referencing a handle to a window that has been destroyed.
Related
I'm writing a very simple debugger and I defined a class called BREAKPOINT_INFO that contains information about breakpoints set.
class BREAKPOINT_INFO
{
public:
HANDLE hProcess;
PCHAR lpBreakPoint;
CHAR instr;
BOOL justCalled;
//Set default values
BREAKPOINT_INFO()
{
hProcess = NULL;
lpBreakPoint = NULL;
instr = 0x00;
justCalled = FALSE;
}
//Destructor
~BREAKPOINT_INFO()
{
//Let me know the destructor is being called
MessageBox(NULL, "Destructor called", NULL, MB_OK);
DWORD dwError = 0;
LPCSTR szErrorRest = (LPCSTR)"Error restoring original instruction: ";
LPCSTR szErrorHanlde = (LPCSTR)"Error closing process handle: ";
std::ostringstream oss;
if(hProcess != NULL && lpBreakPoint != NULL)
{
//write back the original instruction stored in instr
if(!WriteProcessMemory(hProcess, lpBreakPoint, &instr, sizeof(CHAR), NULL))
{
dwError = GetLastError();
oss << szErrorRest << dwError;
MessageBox(NULL, oss.str().c_str(), "ERROR", MB_OK|MB_ICONERROR);
}
}
}
};
I need the destructor to clean up any breakpoints set however the deconstructor is never called and I'm not quite sure why that is in my particular case.
Here's main.cpp:
BREAKPOINT_INFO instrMov;
//GetProcModuleHandle is a function I made to get the handle of a
//of a module in a remote process
LPVOID lpServerDll = (LPVOID)GetProcModuleHandle(dwPid, szServerDll);
//the instructions address is relative to the starting address of the server dll. Hence the offset.
PCHAR lpInstr = (PCHAR)((DWORD)lpServerDll+instr_offset);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, dwPid);
//sets the breakpoint
instrMov.InitializeBreakPoint(hProcess, lpInstr);
while(1)
{
if(!instrMov.justCalled)
{
instrMov.SetBreakPoint();
}
if(instrMov.justCalled)
{
instrMov.justCalled = FALSE;
}
if(WaitForDebugEvent(&dbgEvent, 0))
{
ProcessDebugEvent(&dbgEvent, lpBreakPoints, 3);
ContinueDebugEvent(dbgEvent.dwProcessId, dbgEvent.dwThreadId, DBG_CONTINUE);
}
}
return 0; //<---never reaches return
It's a never ending loop so the program, at the moment, never actually reaches the return. It has to be terminated with either Ctrl+C or by closing the terminal. Not sure if this could be causing the destructor to not be called or not.
Any information, solutions, etc would be greatly appreciated. Thank you for your time.
you have to handle SIGINT signal, otherwise program is terminated abnormally and dtors are not called.
When error occurs in the program, on the screen we can see something like this:
Is there anyway to determine this situation using c++ winapi? I have aldready tried to use this code to find out if the main thread of the procces is suspend. But it doesn't.
I also tried to send timeot messages(code below) but result is always true, even if error window have appeared.
typedef struct tagENUMINFO
{
// In Parameters
DWORD PId;
// Out Parameters
HWND hWnd;
HWND hEmptyWnd;
HWND hInvisibleWnd;
HWND hEmptyInvisibleWnd;
} ENUMINFO, *PENUMINFO;
BOOL CALLBACK EnumWindowsProc(HWND hWnd, LPARAM lParam)
{
DWORD pid = 0;
PENUMINFO pInfo = (PENUMINFO)lParam;
TCHAR szTitle[_MAX_PATH+1];
// sanity checks
if (pInfo == NULL)
// stop the enumeration if invalid parameter is given
return(FALSE);
// get the processid for this window
if (!::GetWindowThreadProcessId(hWnd, &pid))
// this should never occur :-)
return(TRUE);
// compare the process ID with the one given as search parameter
if (pInfo->PId == pid)
{
// look for the visibility first
if (::IsWindowVisible(hWnd))
{
// look for the title next
if (::GetWindowText(hWnd, szTitle, _MAX_PATH) != 0)
{
pInfo->hWnd = hWnd;
// we have found the right window
return(FALSE);
}
else
pInfo->hEmptyWnd = hWnd;
}
else
{
// look for the title next
if (::GetWindowText(hWnd, szTitle, _MAX_PATH) != 0)
{
pInfo->hInvisibleWnd = hWnd;
}
else
pInfo->hEmptyInvisibleWnd = hWnd;
}
}
// continue the enumeration
return(TRUE);
}
HWND GetMainWindow(DWORD PId)
{
ENUMINFO EnumInfo;
// set the search parameters
EnumInfo.PId = PId;
// set the return parameters to default values
EnumInfo.hWnd = NULL;
EnumInfo.hEmptyWnd = NULL;
EnumInfo.hInvisibleWnd = NULL;
EnumInfo.hEmptyInvisibleWnd = NULL;
// do the search among the top level windows
::EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&EnumInfo);
// return the one found if any
if (EnumInfo.hWnd != NULL)
return(EnumInfo.hWnd);
else if (EnumInfo.hEmptyWnd != NULL)
return(EnumInfo.hEmptyWnd);
else if (EnumInfo.hInvisibleWnd != NULL)
return(EnumInfo.hInvisibleWnd);
else
return(EnumInfo.hEmptyInvisibleWnd);
}
DWORD GetProcessByExeName(char *ExeName)
{
DWORD Pid;
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
return false;
}
if (Process32First(hProcessSnap, &pe32))
{
do
{
if (strcmpi(pe32.szExeFile, ExeName) == 0)
{
CloseHandle(hProcessSnap);
return pe32.th32ProcessID;
}
} while (Process32Next(hProcessSnap, &pe32));
}
CloseHandle(hProcessSnap);
return 0;
}
int WINAPI WinMain(HINSTANCE hInst, HINSTANCE prev, LPSTR cmdline, int show)
{
HWND Hwnd;
LRESULT res;
DWORD PID;
PID=GetProcessByExeName("procces.exe");
Hwnd=GetMainWindow(PID);
res = SendMessageTimeout(Hwnd, WM_NULL, NULL, NULL, SMTO_ABORTIFHUNG, 3000,NULL);
//res == 1 always
}
Yes there is a way, all crash interceptors work this way, like the firefox crash reporter.
On windows you can use structured exception handling:
reference:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680657(v=vs.85).aspx
and howto:
http://www.codeproject.com/Articles/207464/Exception-Handling-in-Visual-Cplusplus
extract:
LONG WINAPI MyUnhandledExceptionFilter(PEXCEPTION_POINTERS pExceptionPtrs)
{
// Do something, for example generate error report
//..
// Execute default exception handler next
return EXCEPTION_EXECUTE_HANDLER;
}
void main()
{
SetUnhandledExceptionFilter(MyUnhandledExceptionFilter);
// .. some unsafe code here
}
I found another solution. This error message has it's own procces WerFault.exe, we can simply destroy it with TerminateProcess() and the hang procces will be destroyed too. And then it is quite simple to notice that the required process does not exist.
I'm working on an application that creates a new desktop when launched and using a key combo I can move back and forth between the original and the new desktop. At creation time, in the new desktop a new explorer.exe process is started, so the user can start whatever applications he desires.
When the key combo that sends the exit command is detected, the new desktop is closed, and we return to the original one, but all the applications that the user started in the new desktop are still running.
Is there a way to get a handle on all of this processes opened in the new desktop, having a HANDLE for the Window Station and a HDESK handle for the new Desktop?
Thanks to David Heffernan's idea, I was able to find the following solution. Having a HDESK handle for the desktop, I compare it using GetThreadDesktop function with every thread from the system. I'm not sure that it's the most performant solution, I'm open towards suggestions for improvements, but this works just fine:
int main(void)
{
// Desktop handles
HDESK currentDesktop = GetsecondDesktop(GetCurrentThreadId());
HDESK secondDesktop = CreateDesktop(L"secondDesktop", NULL, NULL, 0, GENERIC_ALL, NULL);
// Start processes in secondDesktop ...
// Process enumeration
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded);
cProcesses = cbNeeded / sizeof(DWORD);
for (i = 0; i < cProcesses; i++)
{
if (aProcesses[i] != 0)
{
DWORD pThreadId = ListProcessThreads(aProcesses[i]);
if (GetsecondDesktop(pThreadId) == secondDesktop)
{
TerminateProcess(aProcesses[i]);
}
}
}
return 0;
}
DWORD ListProcessThreads(DWORD dwOwnerPID)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return(FALSE);
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Retrieve information about the first thread,
// and exit if unsuccessful
if (!Thread32First(hThreadSnap, &te32))
{
CloseHandle(hThreadSnap); // Must clean up the snapshot object!
return(FALSE);
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
return te32.th32ThreadID;
}
} while (Thread32Next(hThreadSnap, &te32));
// Don't forget to clean up the snapshot object.
CloseHandle(hThreadSnap);
return 0;
}
BOOL TerminateProcess(DWORD dwProcessId)
{
DWORD dwDesiredAccess = PROCESS_TERMINATE;
BOOL bInheritHandle = FALSE;
HANDLE hProcess = OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
if (hProcess == NULL)
return FALSE;
UINT uExitCode = 0;
BOOL result = TerminateProcess(hProcess, uExitCode);
CloseHandle(hProcess);
return result;
}
This question already has answers here:
How to launch Windows' RegEdit with certain path?
(15 answers)
Closed 9 years ago.
I'm looking for way to open registry editor and show some specific key or value. For example, if I pass "HKLM\\SOFTWARE\\Skype\\Installer" I want to get such a result:
All suggestions except system() calls are welcome.
Just call system. To use Raymond Chen's words: It rather involved being on the other side of this airtight hatchway. Any relevant attack requires compromising the machine to the point that your system call is utterly irrelevant. In fact, any attacker that can change RegEdit can change your program as well, so he could just add that system call. (Which he won't, since it is pointless anyway)
Here is, what I needed.
String GetFullHKEY (HKEY hKeyRoot)
{
if (HKEY_LOCAL_MACHINE == hKeyRoot) return _T("HKEY_LOCAL_MACHINE\\");
if (HKEY_CLASSES_ROOT == hKeyRoot) return _T("HKEY_CLASSES_ROOT\\");
if (HKEY_CURRENT_CONFIG == hKeyRoot) return _T("HKEY_CURRENT_CONFIG\\");
if (HKEY_CURRENT_USER == hKeyRoot) return _T("HKEY_CURRENT_USER\\");
if (HKEY_USERS == hKeyRoot) return _T("HKEY_USERS\\");
}
bool RegistryGoTo (HKEY hKeyRoot, const String &lpctPath, String lpctValue)
{
if (lpctPath.empty() || 0 == hKeyRoot)
return false;
if( lpctValue.empty() && lpctValue.empty() == 0)
{
lpctValue.clear();
}
SHELLEXECUTEINFO shi = { 0 };
DEVMODE dm = { 0 };
HWND hWndRegedit = ::FindWindow (_T("RegEdit_RegEdit"), NULL);
if (NULL == hWndRegedit)
{
shi.cbSize = sizeof(SHELLEXECUTEINFO);
shi.fMask = SEE_MASK_NOCLOSEPROCESS;
shi.lpVerb = _T("open");
shi.lpFile = _T("regedit.exe");
shi.nShow = SW_SHOWNORMAL;
ShellExecuteEx (&shi);
if( GetLastError() != 0 )
{
Sleep(200);
ShellExecuteEx (&shi);
}
WaitForInputIdle (shi.hProcess, INFINITE);
hWndRegedit = ::FindWindow (_T("RegEdit_RegEdit"), NULL);
}
if (NULL == hWndRegedit) return FALSE;
SetForegroundWindow (hWndRegedit);
ShowWindow (hWndRegedit, SW_SHOWNORMAL);
HWND hWndTreeView = FindWindowEx (hWndRegedit, NULL, _T ("SysTreeView32"), NULL);
SetForegroundWindow (hWndTreeView);
SetFocus (hWndTreeView);
for (int i = 0; i < 30; i++)
{
SendMessage (hWndTreeView, WM_KEYDOWN, VK_LEFT, 0);
}
dm.dmSize = sizeof (DEVMODE);
EnumDisplaySettings (NULL, ENUM_CURRENT_SETTINGS, &dm);
if (8 < dm.dmBitsPerPel) Sleep (100);
// the path must start with a backslash
String stRegPath = String (_T("\\")) + GetFullHKEY(hKeyRoot) + lpctPath;
// open path
for (int iIndex = 0; iIndex < (int) stRegPath.length (); iIndex++)
{
if (_T('\\') == stRegPath [iIndex])
{
SendMessage (hWndTreeView, WM_KEYDOWN, VK_RIGHT, 0);
if (8 < dm.dmBitsPerPel)
Sleep (100);
}
else SendMessage (hWndTreeView, WM_CHAR, toupper (stRegPath [iIndex]), 0);
}
SetForegroundWindow (hWndRegedit);
SetFocus (hWndRegedit);
if (lpctValue.length())
{
HWND hWndListView = FindWindowEx (hWndRegedit, NULL, _T("SysListView32"), NULL);
SetForegroundWindow (hWndListView);
SetFocus (hWndListView);
Sleep (100);
SendMessage (hWndListView, WM_KEYDOWN, VK_HOME, 0);
String stValue = lpctValue;
for (String::iterator it = stValue.begin (); it != stValue.end (); ++it)
{
SendMessage (hWndListView, WM_CHAR, toupper (*it), 0);
}
}
return true;
}
Any idea why this happens? The method works flawlessly for the currentprocess and fails for remote process running on the same local machine with a garbage error code 2147483661 (0x80000000D) for me, since there is no hint at all anywhere about this particular error code, or am i missing something?.
Also, I feel; since SymInitialize itself failed, and so is SymFromAddr. Am I correct?
The process in question is running as admin and does have the SeDebug and SeSecurity Privileges.
bool DbgHelpWrapper::MatchTargetSymbol( IntPtr processHandle, int procId, int threadId )
{
DWORD dwStartAddress;
DWORD dwInitializeError;
DWORD dwThreadID = static_cast<DWORD>(threadId);
DWORD dwProcessId = static_cast<DWORD>(procId);
HANDLE hRemoteProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, dwProcessId );
if (GetThreadStartAddress( processHandle, dwProcessId, dwThreadID, &dwStartAddress ))
{
dwInitializeError = ERROR_SUCCESS;
} else {
dwInitializeError = Marshal::GetLastWin32Error();
System::Console::WriteLine( String::Format("GetThreadStartAddress failed: {0}", dwInitializeError ));
}
try
{
DWORD dwSymSetOptStatus = SymSetOptions(SYMOPT_DEFERRED_LOADS | SYMOPT_UNDNAME | SYMOPT_LOAD_LINES);
DWORD dwSymInitStatus = ERROR_SUCCESS;
if (dwSymInitStatus = SymInitialize(hRemoteProcess, NULL, TRUE)) {
dwInitializeError = ERROR_SUCCESS;
} else {
dwInitializeError = Marshal::GetLastWin32Error();
System::Console::WriteLine( String::Format("SymInitialize failed: {0} error: {1}", dwSymInitStatus, dwInitializeError ));
return false;
}
const int kMaxNameLength = 256;
ULONG64 buffer[(sizeof(SYMBOL_INFO) + kMaxNameLength * sizeof(wchar_t) + sizeof(ULONG64) - 1) / sizeof(ULONG64)];
memset(buffer, 0, sizeof(buffer));
// Initialize symbol information retrieval structures.
DWORD64 sym_displacement = 0;
PSYMBOL_INFO symbol = reinterpret_cast<PSYMBOL_INFO>(&buffer[0]);
symbol->SizeOfStruct = sizeof(SYMBOL_INFO);
symbol->MaxNameLen = kMaxNameLength - 1;
if( SymFromAddr(hRemoteProcess, (DWORD64)dwStartAddress, &sym_displacement, symbol ))
{
System::String^ name = gcnew System::String( symbol->Name );
System::Console::WriteLine( String::Format("Found thread with ModuleName: {0}", name ));
if( name->Contains( this->symbolName ))
{
return true;
}
}
else
{
dwInitializeError = Marshal::GetLastWin32Error();
System::Console::WriteLine( String::Format("SymFromAddr failed: {0}", dwInitializeError ));
}
}
finally
{
CloseHandle(hRemoteProcess);
}
return false;
}
Another reason, although probably not in this case, might be that the process is not fully started yet. In my debugger code I was calling SymInitialize immediately after WaitForDebugEvent returned a CREATE_PROCESS_DEBUG_EVENT event code. This gave 0x80000000D. Calling it a bit later (right before I needed a stack-walk) succeeded.
Microsoft result codes are usually expressed in hex. In this case, you'd Google for "SymInitialize error 8000000D":
http://msdn.microsoft.com/en-us/library/windows/desktop/ms681351%28v=vs.85%29.aspx
I came up empty-handed for anything on error code "8000000D" (except for this, but the MSDN link sounds interesting:
The handle passed to SymInitialize must be the same value passed to
all other symbol handler functions called by the process. It is the
handle that the functions use to identify the caller and locate the
correct symbol information.
<= It sounds like you're doing this...
A process that calls SymInitialize should not call it again unless it calls SymCleanup first.
<= What about this?
All DbgHelp functions, such as this one, are single threaded. Therefore, calls from more than one thread to this function will likely result in unexpected behavior or memory corruption. To avoid this, call SymInitialize only when your process starts and SymCleanup only when your process ends. It is not necessary for each thread in the process to call these functions.
<= Or this
Q: You are not calling SymInitialize() from multiple threads, are you?
You got error 2147483661 if you try to invoke SymInitialize where process id belongs to a 64bits process, but your own process is a 32bits process.