Re: How to control another program to run cryptically?

From:

"David Ching" <dc@remove-this.dcsoft.com>

Newsgroups:

microsoft.public.vc.mfc

Date:

Wed, 23 Aug 2006 18:35:18 GMT

Message-ID:

<Gd1Hg.2282$yO7.1277@newssvr14.news.prodigy.com>

"Sean" <xfbakup@21cn.com> wrote in message
news:uFKt1ZoxGHA.3456@TK2MSFTNGP03.phx.gbl...

thanks for your help
I'v installed a global hook in a DLL(SetWindowsHookEx(WH_CBT, CBTProc,
g_hInstDLL, 0)),this is the callback function:
LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{
  FILE* stream;
TCHAR sFilename[MAX_PATH]={0};
int n_count;
int pos=-2;
   LPCBT_CREATEWND p=(LPCBT_CREATEWND)lParam;
if(nCode==HCBT_CREATEWND)
{
    DWORD m_PID;
    HANDLE m_handle;
GetWindowThreadProcessId((HWND)wParam,&m_PID);
m_handle=OpenProcess(PROCESS_ALL_ACCESS, TRUE, m_PID);
n_count=GetModuleFileNameEx((HMODULE)m_handle,NULL,sFilename,MAX_PATH);
CloseHandle(m_handle);
pos = strcmp( &sFilename[n_count-12], "AcroRd32.exe" );
if(pos==0)
{
  stream = fopen( "c:\\sys_fopen.txt", "at" );
fwrite(sFilename,sizeof(char),n_count,stream);
       fclose( stream );
}
}

Do a GetClassName( (HWND) wParam, ... ) and GetWindowText ( (HWND) wParam,
....) and see if you can identify the splash screen by either its window
class or its caption. Then invoke your file code only if it matches.

Since your CBTProc runs in the context of every process, I would try to
avoid use of the RTL functions fopen/fwrite/fclose and replace them with the
Win32 equivalents.

Also, do you do a CallNextHookEx() anywhere? You're supposed to.

-- David
http://www.dcsoft.com