I'm writing a keylogger type application, and I have pretty much everything done, my problem is getting the window title, I don't want to write the window title every time they press a key, I can get the window title, like I know how to, but how would I only write it to the log when its a new window?
You could maintain an internal list of all windows (with window handles as identifiers to keep memory usage low), and when a new one appears, then you can extract it.
The Win32 API (which I assume you're using) has the function:
EnumChildWindows
which can be used for this task. Call
GetDesktopWindow
to supply as the input window handle, and you'll get every window created under this desktop session.
I'm not sure if this would still work via RDP (and Windows Vista+ have the secure desktop as well as the normal clients), but it depends how vital this functionality is for you.
Store the previous window title and if the current window title is different than the previous window title, print the new window title and set the previous window title to the current window title.
This fails if there's multiple windows with the same name, but it may work for your needs.
Anytime a keypress is detected, call GetForegroundWindow to get the handle to the currently focused window. Store this value as a variable in your program and when it changes, call GetWindowText to get the title of the window and log this title.
Related
I'm writing a window manager in C++ (mostly c stuff but i need unordered_map) with Xlib and my current approach to updating window titles is to get window titles whenever it receives any unrelated event. The problem with this is that if I open XTerm, for example, the titlebar says "xterm" until I do something that sends an event (like clicking the titlebar) and then the window title changes to "username#hostname:WD". It's supposed to update to that format after showing "xterm" for only a split second. It's also supposed to change every time you use the cd command.
Is there an event mask I can use to do this? I looked in a list of Xlib event masks and couldn't find an event mask that does this.
The client should set _NET_WM_NAME application window property. If you want to get events when application updates this property you can set PropertyChangeMask on the application window. Mask value is 0x400000.
OK, so a noob question here: How do you code this functionality that browsers have for example? You open a chrome browser for example and you can open multiple tabs open. Then you can move one tab out of the window and it becomes another window, having its own separate process. Then you can drag that tab into another window and they become one frame? Similar to docking in windows applications, but how do you do it with executables?
Windows-specific answer, though I think other OSs work pretty much the same: the HWND handle that you get for a window is global. If you send its numeric value to a different process, that process can use it to do things with the window: get its information, resize it, even draw on it. What it can't do is replace its event handler function.
To get process separation like browsers have nowadays, the key is to create a container window and send the handle to the child. The child then creates its own window as a child of the container. The child window simply fills out the entire content area of the container.
This way, the content process is contained within the parent's window, but can handle events.
Now, if you want to drag out a tab into its own top-level window, the parent process creates a new top-level window with all the UI inside, and then re-parents the content container to this new top-level window. The content child follows along.
I can't tell you how to code it, you should search the feature inside the chromium code to know how it's coded but I can tell you how it works:
Inside chromium every tab, extension, utility, etc is a process, each one of these processes is child of the "Browser" process, the "Browser" process manages everything (creating new windows, opening new tabs, closing tabs, destroying windows etc) so, for example, whenever you open a new instance of chromium you are telling the "Browser" process to create a new tab and put it inside a new window.
Every window is managed by the "Browser" process and every tab is managed by a process that is child of the main process.
Now to reply your question: when you drag & drop a tab outside a window you're triggering an event that is caught by the "Browser" process which then create a new window and assign the tab to the new window.
Those informations should give you a hint on how you could develop this feature yourself.
If you want to know more about the chromium architecture I suggest you to read how chromium is designed at https://www.chromium.org/developers/design-documents
I am new to Windows programming, mostly done Java(Java SE, Java ME, Android, Java EE), so be detailed and gentle.
I want to capture "the name of the file/path that was clicked in windows, like clicking a file on the desktop"?
Further research http://www.codeproject.com/Articles/6362/Global-System-Hooks-in-NET, which is a small c#/c++ nice app that uses Global System Hooks, to capture mouse events such as coordinates,clicks,etc.
So what is the right API or Global System Hook that captures events on file icons?
There is no single API that provides that level of detail.
The WH_MOUSE and WH_MOUSE_LL hooks of SetWindowsHookEx(), or the WM_INPUT message delivered by RegisterRawInputDevices(), can tell when the mouse is being intereacted with, and the GetCursorPos() function can tell you where the mouse cursor is located onscreen at the time of a click, but it cannot tell you what it is clicking on. You have to figure that out manually.
For instance, the Desktop is implemented as a ListView control, so you can use the WindowFromPoint() and GetDesktopWindow() functions to check if the mouse is located at coordinates corresponding to the desktop window itself instead of an application window, and if so then use the LVM_HITTEST and LVM_GETITEM messages to determine which icon onthe desktop is being clicked on and extract its display text. Then use the SHGetDesktopFolder() function and the IShellFolder interface, or the SHParseDisplayName() function, to parse that text and see if it returns a PIDL that represents a path/file, and if so then use SHGetPathFromIDList() to get the actual path/file name.
If you want to do the same thing with the Windows Explorer app, it gets a bit more complicated. Use WindowFromPoint(), GetWindowThreadProcessId(), OpenProcess(), and EnumProcessModules() to determine if the mouse is over the Windows Explorer app. However, its UI changes from on Windows version to the next, but the jist is that you have to manually locate the focused control via AttachThreadInput() and GetActiveWindow(), check if it is a TreeView/ListView control, and if so then use control-specific messages to get information about the item/icon underneath the mouse cursor coordinates, and use IShellFolder again to figure out what the text of that item/icon actually represents.
Shell programming is very complex system and not for the feint of heart to interact with. So you need to ask yourself, why do you need this information in the first place?
I need to move the mouse to the last opened window. This last window will be a popup created by whatever website.
I guess all I need is to get the position of the last opened window and use SetMousePos, right?
I'm not really familiar with the windows API and any help is welcome - Thanks!
Edit:
To answer the questions, we are writing a program that gets malware data. Unfortunately some malware only start working after the mouse moves to a popup they opened. Its a research-based application
I haven't tested this but I believe you could try the following:
Enumerate running processes and order by PID.
The highest number PID should be the "newest" process.
For the newest process enumerate its windows (use GetWindowThreadProcessId)
At this point I guess you'd have to pick which window you think is the "main" window, for example if the malware opens two windows I don't know how you're going to choose which one to give focus to?
Of your picked HWND get its position on the desktop.
Use SetMousePos to move the mouse to the position of the window.
I haven't included all the API's you'll need for these tasks as its generally quite easy to find on here :)
One way to track recently opened windows is to use SetWinEventHook to listen to the EVENT_OBJECT_CREATE and EVENT_OBJECT_SHOW events. In the callback, filter:
just events with a non-null HWND where idObject==OBJID_WINDOW to get just window creation events (vs other creation events such as for items within a listbox)
for top-level only windows, also filter by checking GetAncestor(hwnd, GA_PARENT) is GetDesktopWindow()
And check that the window is indeed currently visible (WS_VISIBLE style is set in GetWindowLong(GWL_STYLE)).
Also filter by GetWindowThreadProcessId() and via the thread/process you pass into SetWinEventHook if you only care about HWNDs from a specific app.
The reason for checking both of these events is that some windows are created hidden and then shown, others are created fully visible, while others are created once, then shown/hidden many times over their lifetime.
You can then cache this 'last known created hwnd' in a global and check it as needed, using GetWindowRect() to get its location, and SetCursorPos() to move the mouse to that location.
--
If the most recent popup is an active window which takes focus - as is the case with dialogs, but not usually the case with 'pop-under' windows - you can use GetGUIThreadInfo(NULL, ...) to determine the currently active HWND, which might be the one you are looking for, returned in the GUITHREADINFO.hwndActive member of the struct you pass it.
I have created a simple game using Win32 and gdi. I would like to have a track bar at the bottom that tracks a global variable. I'm just not sure how to add controls. How could I add a trackbar? I can imagine it would get created in the wm_create event.
Do you mean TrackBar or StatusBar?
A StatusBar is normally located at the bottom of a window and displays informational messages about the application status, a TrackBar allows the user to select a value. Do you want to allow the user to select the value of your global variable or do you just want to display the current value of the variable? (I'm not sure if the trackbar will display the current value of the variable without extra work.)
Either way, there are samples for both StatusBar and TrackBar located on MSDN.
The child windows are normally created either in the WM_CREATE of the parent or after the parent window has been created (i.e. when you obtain a valid hWnd for the parent) and after calling InitCommonControls() and/or initializing COM if needed.
To create controls on the fly, in general use the CreateWindow function. With a bit of googling for "TrackBar+CreateWindow" you'll find a number of samples for your question:
i.e.:
http://zetcode.com/gui/winapi/controlsII/
or
http://msdn.microsoft.com/en-us/library/bb760151%28VS.85%29.aspx