Getting a handle on handles 1

1
Getting a handle on handles 1

• By Nathan Adams

2
What is a handle?

• A handle or HWND is a hex representation of an
  object or window
• Handles allow a programmer to send commands to
  other windows
• 0x23034

3
Windows API

• The Windows API gives you the keys to
  accomplish this
• Controlling a window is NOT hard
• However, there is catch, you need to know the
  object names and captions

4
Defacing notepad
5
Notepad notes

• We know the caption Untitled Notepad
• We know that notepad has a toolbar.
• We know that notepad has a textarea

6
Notepad Anatomy

• The text area is just a normal Edit control
• The menu toolbar is also just a regular toolbar
  so we dont have to worry about too much.

7
Playing with handles

• From earlier, we need the handlebut how can we
  get it?
• Simple, using the FindWindow Windows API!
• FindWindow(0, Untitled Notepad)
• Simple huh?

8
Can you handle this?

• But wait were not done yet!
• FindWindow returns a HWND (handle) datatype.
• C knows what this is, due to the windows.h
  header file
• HWND hwndnote FindWindow(0, Untitled
  Notepad)
• Dont worry! You dont have to actually do
  anything with hwndnote, you just have to pass it
  as a parameter (phew!).

9
(Man)handling windows

• We have the handle, what now?
• Lets change the caption!
• SetWindowText(hwndnotepad, notepad suckz0rs)
• This will change the caption to notepad suckz0rs

10
Bored yet? Watch this

• Lets add some text to the text area of notepad.
• But, wait, we need the hwnd of the text area
  first!
• Not a problem with FindWindowEx
• FindWindowEx(hwndnote, 0, Edit, 0)

11
Bored yet? Watch this cont.

• Now we have the hwnd of the edit boxnow what?
• We have to call SendMessage with a message to
  send to it
• What is a message?
• Its the language that windows understand and
  attempt to do what the message says.

12
Bored yet? Watch this cont.

• What message do we need to send to the edit box?
• WM_SETTEXT (tell it to set its text)
• (WM_SETTEXT is a const to god knows what)
• SendMessage(hwndnotetext, WM_SETTEXT, 0,
  (LPARAM)some text)

13
Boring! I could have typed that!

• Didnt think that was cool?
• Hows about getting the text from the text area?
• A little harder but pretty simple
• What we need is the amount of chars to continue

14
Boring! I could have typed that! Cont.

• WM_GETTEXTLENGTH will tell the control or window
  to returnhow many chars it has
• SendMessage(hwndnotetext, WM_GETTEXTLENGTH, 0, 0)

15
Boring! I could have typed that! Cont.

• But why did we need to know that?
• To make a new array of chars to pass for
  SendMessage to fill
• Using the message WM_GETTEXT we can...get the
  text from the control or window
• char notetextnTextlng 1
• SendMessage(hwndnotetext, WM_GETTEXT,
  nTextlng1, (LPARAM)notetext)

16
Yawn! Show me something interesting!

• So what? I can just copy and paste the text!
• Next lets show some magic and click the Start
  menu through code gasps

17
Start menu fun

• Yay! Finally something interesting!
• Check list Find out the control name, (and/or)
  type, and caption.
• Start menu button is a Button, with the caption
  Start
• Lets check our sanity and attempt to get the hwnd
  of the Start menu

18
Start menu fun cont.

• The start menu is a button of the window
  Shell_TrayWnd
• FindWindow("Shell_TrayWnd", 0)
• Phew, that was hard work, now to get the hwnd of
  the start button
• FindWindowEx(hwndtray, 0, "Button", "Start")

19
Start menu fun cont.

• Alright! Now its time to deface the start button!
• Though first, lets click it one last time before
  we deface it.
• BM_CLICK tells a button to click itself
• SendMessage(hwndstartbutton, BM_CLICK, 0, 0)

20
Start menu fun cont.

• Boring! Lets deface it now!
• SendMessage(hwndstartbutton, WM_SETTEXT, 0,
  (LPARAMStartz)
• SetWindowText(hwndstartbutton, St123")

21
Questions/comments

• Questions
• Comments
• Concerns
• Donations