// 首先得到输入框的句柄。通过spy++这类工具分析,聊天窗体的类名为“#32770”// 但当前系统里不只一个类名为“#32770”的窗体,这就需要全体遍历一次。// 类名为“#32770”标题含“聊天”基本能确定。为保险起见还判断一下所在进程是否为“qq.exe”
uses PsAPI, RichEdit;
function Process_ReadRichEditText(AHandle: THandle): WideString;var vGetTextEx: GETTEXTEX; vGetTextLengthEx: GETTEXTLENGTHEX; L: Integer;
vProcessId: DWORD; vProcess: THandle; vPointer: Pointer; vNumberOfBytesRead: Cardinal;begin Result := ‘‘; if not IsWindow(AHandle) then Exit; GetWindowThreadProcessId(AHandle, @vProcessId); vProcess := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE, False, vProcessId); try vPointer := VirtualAllocEx(vProcess, nil, 4096, MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE); vGetTextLengthEx.flags := GTL_DEFAULT; vGetTextLengthEx.codepage := 1200; // Unicode WriteProcessMemory(vProcess, vPointer, @vGetTextLengthEx, SizeOf(vGetTextLengthEx), vNumberOfBytesRead); L := SendMessage(AHandle, EM_GETTEXTLENGTHEX, Integer(vPointer), 0); VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE); if L <= 0 then Exit; vPointer := VirtualAllocEx(vProcess, nil, SizeOf(vGetTextEx) + L * 2 + 2, MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE); SetLength(Result, L); vGetTextEx.cb := L * 2 + 2; vGetTextEx.flags := GT_DEFAULT; vGetTextEx.codepage := 1200; // Unicode vGetTextEx.lpDefaultChar := nil; vGetTextEx.lpUsedDefChar := nil; WriteProcessMemory(vProcess, vPointer, @vGetTextEx, SizeOf(vGetTextEx), vNumberOfBytesRead); SendMessage(AHandle, EM_GETTEXTEX, Integer(vPointer), Integer(vPointer) + SizeOf(vGetTextEx)); ReadProcessMemory(vProcess, Pointer(Integer(vPointer) + SizeOf(vGetTextEx)), @Result[1], L * 2, vNumberOfBytesRead); VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE); finally CloseHandle(vProcess); end;end; { Process_ReadRichEditText }
function GetProcessName(AProcessID: THandle): string;var vBuffer: array[0..MAX_PATH] of Char; vProcess: THandle;begin vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, AProcessID); try if GetModuleBaseName(vProcess, 0, vBuffer, SizeOf(vBuffer)) > 0 then Result := vBuffer else Result := ‘‘; finally CloseHandle(vProcess); end;end; { GetProcessName }
function EnumChild(hwnd: HWND; lParam: LPARAM): BOOL; stdcall;var vBuffer: array[0..255] of Char;begin Result := True; if not IsWindowVisible(hwnd) then Exit; // 不可见 GetClassName(hwnd, vBuffer, SizeOf(vBuffer)); if SameText(vBuffer, ‘RichEdit20A‘) then begin if GetWindowLong(hwnd, GWL_STYLE) and ES_READONLY <> ES_READONLY then // 非只读 begin PInteger(lParam)^ := hwnd; Result := False; end; end;end; { EnumChild }
function EnumFunc(hwnd: HWND; lParam: LPARAM): BOOL; stdcall;var vBuffer: array[0..255] of Char; vProcessId: THandle;begin Result := True; if not IsWindowVisible(hwnd) then Exit; // 不可见 GetClassName(hwnd, vBuffer, SizeOf(vBuffer)); if SameText(vBuffer, ‘#32770‘) then begin GetWindowThreadProcessId(hwnd, vProcessId); if SameText(GetProcessName(vProcessId), ‘qq.exe‘) then begin GetWindowText(hwnd, vBuffer, SizeOf(vBuffer)); if Pos(‘聊天中‘, vBuffer) > 0 then // 标题中含"聊天中" begin EnumChildWindows(hwnd, @EnumChild, lParam); Result := False; end; end; end;end; { EnumFunc }
procedure TForm1.Button1Click(Sender: TObject);var vHandle: THandle;begin vHandle := 0; EnumWindows(@EnumFunc, Integer(@vHandle)); if vHandle = 0 then Exit; Memo1.Text := Process_ReadRichEditText(vHandle);end;
using System.Runtime.InteropServices;[DllImport("User32.DLL")]public static extern int SendMessage(IntPtr hWnd, uint Msg, int wParam, int lParam);public delegate bool WNDENUMPROC(IntPtr hwnd, int lParam);[DllImport("user32.dll")]public static extern int EnumWindows(WNDENUMPROC lpEnumFunc, int lParam);[DllImport("user32.dll")]public static extern int EnumChildWindows(IntPtr hWndParent, WNDENUMPROC lpEnumFunc, int lParam);[DllImport("user32.dll")]public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);[DllImport("user32.dll")]public static extern int GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount);[DllImport("user32.dll")]public static extern bool IsWindow(IntPtr hWnd);[DllImport("user32.dll")]public static extern bool IsWindowVisible(IntPtr hWnd);[DllImport("user32.DLL")]public static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);[DllImport("user32.dll")]public static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint dwProcessId);[DllImport("psapi.dll")]public static extern uint GetModuleBaseName(IntPtr hProcess, IntPtr hModule, StringBuilder lpBaseName, uint nSize);public const uint PROCESS_VM_OPERATION = 0x0008;public const uint PROCESS_VM_READ = 0x0010;public const uint PROCESS_VM_WRITE = 0x0020;public const uint PROCESS_QUERY_INFORMATION = 0x0400;[DllImport("kernel32.dll")]public static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, uint dwProcessId);[DllImport("kernel32.dll")]public static extern bool CloseHandle(IntPtr handle);[DllImport("user32.dll")]public static extern int GetWindowLong(IntPtr hWnd, int nIndex);public const int GWL_STYLE = -16;public const int ES_READONLY = 0x800;public const uint MEM_COMMIT = 0x1000;public const uint MEM_RELEASE = 0x8000;public const uint MEM_RESERVE = 0x2000;public const uint PAGE_READWRITE = 4;[DllImport("kernel32.dll")]public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint dwFreeType);[DllImport("kernel32.dll")]public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead);[DllImport("kernel32.dll")]public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead); private IntPtr richHandle;public string GetProcessName(uint AProcessId)
{
StringBuilder vBuffer = new StringBuilder(256); IntPtr vProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, AProcessId); try
{ if (GetModuleBaseName(vProcess, IntPtr.Zero, vBuffer, (uint)vBuffer.Capacity) > 0) return vBuffer.ToString(); else return string.Empty;
} finally { CloseHandle(vProcess); }
}public bool EnumChild(IntPtr hwnd, int lParam){ if (!IsWindowVisible(hwnd)) return true; // 不可见 StringBuilder vBuffer = new StringBuilder(256); GetClassName(hwnd, vBuffer, vBuffer.Capacity); if (vBuffer.ToString().ToLower() == "richedit20a") { if ((GetWindowLong(hwnd, GWL_STYLE) & ES_READONLY) != ES_READONLY) // 非只读 { richHandle = hwnd; return false; } } return true;}public bool EnumFunc(IntPtr hwnd, int lParam){ if (!IsWindowVisible(hwnd)) return true; // 不可见 StringBuilder vBuffer = new StringBuilder(256); GetClassName(hwnd, vBuffer, vBuffer.Capacity); if (vBuffer.ToString() == "#32770") { uint vProcessId; GetWindowThreadProcessId(hwnd, out vProcessId); if (GetProcessName(vProcessId).ToLower() == "qq.exe") { GetWindowText(hwnd, vBuffer, vBuffer.Capacity); if (vBuffer.ToString().IndexOf("聊天中") >= 0) // 标题中含"聊天中" { EnumChildWindows(hwnd, @EnumChild, lParam); return false; } } } return true;}[StructLayout(LayoutKind.Sequential)]public struct GETTEXTLENGTHEX{ public uint flags; public uint codepage;}[StructLayout(LayoutKind.Sequential)]public struct GETTEXTEX{ public int cb; public int flags; public int codepage; public IntPtr lpDefaultChar; public IntPtr lpUsedDefChar;};public const int GTL_DEFAULT = 0;public const int GT_DEFAULT = 0;public const int WM_USER = 0x0400;public const int EM_GETTEXTEX = WM_USER + 94; public const int EM_GETTEXTLENGTHEX = WM_USER + 95;public string Process_ReadRichEditText(IntPtr AHandle){ if (!IsWindow(AHandle)) return string.Empty; string vReturn = string.Empty; uint vProcessId; GetWindowThreadProcessId(AHandle, out vProcessId); IntPtr vProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, false, vProcessId); try { uint vNumberOfBytesRead = 0; IntPtr vPointer = VirtualAllocEx(vProcess, IntPtr.Zero, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); GETTEXTLENGTHEX vGetTextLengthEx = new GETTEXTLENGTHEX(); vGetTextLengthEx.flags = GTL_DEFAULT; vGetTextLengthEx.codepage = 1200; // Unicode IntPtr vAddress = Marshal.AllocCoTaskMem(Marshal.SizeOf(vGetTextLengthEx)); Marshal.StructureToPtr(vGetTextLengthEx, vAddress, false); WriteProcessMemory(vProcess, vPointer, vAddress, Marshal.SizeOf(vGetTextLengthEx), ref vNumberOfBytesRead); Marshal.FreeCoTaskMem(vAddress); int L = SendMessage(AHandle, EM_GETTEXTLENGTHEX, (int)vPointer, 0); VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE); if (L <= 0) return vReturn; GETTEXTEX vGetTextEx = new GETTEXTEX(); vGetTextEx.cb = L * 2 + 2; vGetTextEx.flags = GT_DEFAULT; vGetTextEx.codepage = 1200; // Unicode vGetTextEx.lpDefaultChar = IntPtr.Zero; vGetTextEx.lpUsedDefChar = IntPtr.Zero; vPointer = VirtualAllocEx(vProcess, IntPtr.Zero, (uint)(Marshal.SizeOf(vGetTextEx) + L * 2 + 2), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); vAddress = Marshal.AllocCoTaskMem(Marshal.SizeOf(vGetTextEx)); Marshal.StructureToPtr(vGetTextEx, vAddress, false); WriteProcessMemory(vProcess, vPointer, vAddress, Marshal.SizeOf(vGetTextEx), ref vNumberOfBytesRead); Marshal.FreeCoTaskMem(vAddress); SendMessage(AHandle, EM_GETTEXTEX, (int)vPointer, (int)vPointer + Marshal.SizeOf(vGetTextEx)); vAddress = Marshal.AllocCoTaskMem(L * 2); ReadProcessMemory(vProcess, (IntPtr)((int)vPointer + Marshal.SizeOf(vGetTextEx)), vAddress, L * 2, ref vNumberOfBytesRead); vReturn = Marshal.PtrToStringUni(vAddress, L * 2); Marshal.FreeCoTaskMem(vAddress); VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE); } finally { CloseHandle(vProcess); } return vReturn;}private void button1_Click(object sender, EventArgs e){ richHandle = IntPtr.Zero; EnumWindows(EnumFunc, 0); if (richHandle == IntPtr.Zero) return; Console.WriteLine(Process_ReadRichEditText(richHandle));}
http://blog.csdn.net/zswang/article/details/2009868