![]() ![]() The first field of this window info is the kernel address of another structure which contains all the shared window information. There are some kernel structures/sections involved: win32k!gSharedInfo, win32k!ghSectionShared, win32k!gpsi and others (which I don't know of).Īctually, the lower 16 bits of HWND represents index into window info array with base address *(&user32!gSharedInfo + 1). It gets mapped into the process address space during user32.dll loading. You may try to search virtual space of your process for unicode names of other processes' windows. This info is stored in memory that is shared between all the processes that use user32.dll. Which seems to imply that the text for every window that exists is accessible without a context switch. GetWindowText got the window name without performing a context switch. Any information you can provide is greatly appreciated. ![]() So I'm looking for any explanations as to how this is done. It mentions that window names are stored in quote "a special place", but does not explain how this "special place" can be accessed from a different process without a syscall/context switching. and that can't be right because there's no way Windows keeps a copy of the text for every single window/control on the system, on every single process. This means that GetWindowText got the window name without performing a context switch. I used a usermode debugger so I certainly didn't end up in kernelmode while stepping without realizing it. None of these API calls seem to be able to read a string in memory not owned by the calling process. WCSToMBEx (which is basically WideCharToMultiByte).GetWindowThreadProcessId (in GetWindowLong).I attached a debugger and stepped through the GetWindowTextA call, manually stepping through everything except these API calls (in order): HWND winmine = FindWindow(NULL,"Minesweeper") MessageBox(0,"Attach debugger and set bp","on GetWindowTextA",0) int CALLBACK WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) I wrote a simple program to call GetWindowText with a handle to a window in a different process. ![]() I wanted to figure out what the syscalls behind GetWindowText are. ![]()
0 Comments
Leave a Reply. |