SendMessage WM_SETTEXT到另一个进程失败,因为在目标进程中收到的指针被更改

Question

我目前正致力于自动化无法更改的Win32 UI应用程序.到目前为止,我的方法是使用目标应用程序的标准消息队列来注入我的输入.我已经走得很远了:

• 使用WM_COMMAND作品"点击"按钮
• TCM_GETITEMA通过虚拟鼠标点击WM_LBUTTONDOWN/ WM_LBUTTONUP工作来读取选项卡的名称并激活它们
• 读取控件的启用/禁用状态有效

然而,我遇到的情况是修改可编辑的ComboBox及其Edit控件的文本.我尝试使用这样的WM_SETTEXT消息:

    public static void SetText(IntPtr hWnd, string text) {

        // Maximum item text buffer length
        const int MAX_LEN = 512;    

        // Get process
        uint ProcessId;
        WinAPI.GetWindowThreadProcessId(hWnd, out ProcessId);

        IntPtr process = WinAPI.OpenProcess(
            WinAPI.ProcessAccessFlags.VMOperation | WinAPI.ProcessAccessFlags.VMRead |
            WinAPI.ProcessAccessFlags.VMWrite | WinAPI.ProcessAccessFlags.QueryInformation,
            false, ProcessId
        );

        if( process == IntPtr.Zero )
            throw new Exception("Could not open process");

        // Allocate memory in remote process
        IntPtr farTextPtr = WinAPI.VirtualAllocEx(process, IntPtr.Zero, MAX_LEN, 
            WinAPI.AllocationType.Commit, 
            WinAPI.MemoryProtection.ReadWrite
        );

        try {                
                if( farTextPtr == IntPtr.Zero )
                    throw new Exception("Could not allocate memory in target process");

                IntPtr nearTextPtr, pData;
                int bytesRead;

                // Write item text to remote memory (Unicode!)
                nearTextPtr = Marshal.StringToHGlobalUni(text);                    
                WinAPI.WriteProcessMemory(process, farTextPtr, nearTextPtr, MAX_LEN, out bytesRead);
                Marshal.FreeHGlobal(nearTextPtr);

                // Just for debugging purposes, read it back to verify it was set properly
                pData     = Marshal.AllocHGlobal(MAX_LEN);
                WinAPI.ReadProcessMemory(process, farTextPtr, pData, MAX_LEN, out bytesRead);
                text = Marshal.PtrToStringUni(pData);
                Marshal.FreeHGlobal(pData);

                // Set the text
                int res = WinAPI.SendMessage(hWnd, Constants.WM_SETTEXT, IntPtr.Zero, farTextPtr);
                if( res != 1 ) throw new Exception("SendMessage WM_SETTEXT failed");
        } finally {
            // Free remotely allocated memory
            if( farTextPtr != IntPtr.Zero )
                WinAPI.VirtualFreeEx(process, farTextPtr, 0, WinAPI.FreeType.Release);

            WinAPI.CloseHandle(process);
        }
    }

这不起作用!如果我将Spy ++附加到目标控件,我可以看到,该消息已被接收,但它的接收时间与wParam我在调用中指定的不同SendMessage.

例如,调用VirtualAllocEx在目标进程值内返回一个指针0x048b0000.在Spy ++中收到的消息中,我看到了0x0011AA88错误的值:

<000009> 0004065E S WM_SETTEXT lpsz:0011AA88 ("<random characters here>") [wParam:00000000 lParam:0011AA88]

指针是否会以某种方式被改变？我在我的例程中执行相同的过程来从控件中检索字符串,就像使用TabControl一样.在那里它完美无瑕.使用时有什么不同WM_SETTEXT吗？

Answer 1

是的,WM_SETTEXT是标准的Windows消息,操作系统将负责将数据复制到目标进程.您必须传递一个在您自己的进程中有效的指针.