Hi,
I would like to know how I can capture messages sent to a richedit box in another application which is using the EM_STREAMIN message. I really need to know what to hook and how to get the text once i've hooked it (if that makes sense?). I have everytning else setup and working such as sending messages to and from the remote injected dll however don't know how I should grab this damn rich edit text from the remote app. I used winspector to see which messages are being sent to the rich edit control and the only one which seems to make sense is the EM_STREAMIN one. Any help would be greatly appreciated.
regards,
Paul.
I'm finding this one really tough
Hooking all messages realted to a process.
Is there no way to hook / intercept all windows messages related to a process using your library such as what winspector or apispy does?
It seems some people are having trouble understanding the difference between API hooking and message hooking. API hooking is far more powerful, but for most "spying" purposes it's not needed. The standard windows message hooking (SetWindowsHookEx) will allow you to manipulate the GUI of any app, as well as spy on it. But if you actually want to change the internal workings of a program you go lower level and use the API hooking stuff.
If you don't understand basic Windows messaging, you probably need to learn more before you move on to more complicated things like API hooking, since this isn't even officially supported by Microsoft and can be tricky to implement, even with nice tools like madshi's.
If you don't understand basic Windows messaging, you probably need to learn more before you move on to more complicated things like API hooking, since this isn't even officially supported by Microsoft and can be tricky to implement, even with nice tools like madshi's.
c78,
Hi, I have no problem with using Madshi's code, in fact it's working quite well for me on other things and I am also using IPC quite well too (It's working the way I want for most things). The thing is that using the windows message hook as suggested by madshi (which is something I already tried before posting the question) is not producing what I want and I am also unable to find any solutions on the net either for hooking into the messages within a remote rich edit control using Delphi. I manage to find the control using findwindow and then finding the child which is the rich edit control, however when I come to reading the contents (which looking at the control, doesn't at first glance seem to be a difficult task), you basically set up a structure and pass it along with the handle of the control to gettextex. The trouble is that the stuff that comes back is garbage and seems to not work as expected (I have double checked my code and it is correct). I was wondering if there is an API which I could hook into which would allow me to get to the richedit text in another way (perhaps before it reaches the rich edit control). All the one's I've tried so far come up blank and the standard windows gettext messages do not work with this control. It is a RichEdit20A according to several spy tools I have. Also the main windows is of a class POPUP_DLG_WINDOW which is one i've never come across before.
Madshi / c78,
Many thanks for your help, ut i'm afraid I've hit a blank wall with this one.
Hi, I have no problem with using Madshi's code, in fact it's working quite well for me on other things and I am also using IPC quite well too (It's working the way I want for most things). The thing is that using the windows message hook as suggested by madshi (which is something I already tried before posting the question) is not producing what I want and I am also unable to find any solutions on the net either for hooking into the messages within a remote rich edit control using Delphi. I manage to find the control using findwindow and then finding the child which is the rich edit control, however when I come to reading the contents (which looking at the control, doesn't at first glance seem to be a difficult task), you basically set up a structure and pass it along with the handle of the control to gettextex. The trouble is that the stuff that comes back is garbage and seems to not work as expected (I have double checked my code and it is correct). I was wondering if there is an API which I could hook into which would allow me to get to the richedit text in another way (perhaps before it reaches the rich edit control). All the one's I've tried so far come up blank and the standard windows gettext messages do not work with this control. It is a RichEdit20A according to several spy tools I have. Also the main windows is of a class POPUP_DLG_WINDOW which is one i've never come across before.
Madshi / c78,
Many thanks for your help, ut i'm afraid I've hit a blank wall with this one.
Hello mushy. I'd be surprised if this rich edit control cannot be read with normal messages. If for some reason you cannot read the text with wm_gettext then you still should be able to intercept the characters being typed into the box with WM_KEYDOWN message. etc. Even if this edit box uses weird methods to store its text, it will still rely on standard keyboard/mouse messages to receive user input.
As far as API hooking, the APIs you want to look at are TextOutA, TextOutW, DrawText.. and there maybe 1 or 2 more... Of course, if this rich edit box is so fancy maybe it draws it's own fonts and text pixels with no windows APIs at all! .I think java apps would qualify in that category?.
As far as API hooking, the APIs you want to look at are TextOutA, TextOutW, DrawText.. and there maybe 1 or 2 more... Of course, if this rich edit box is so fancy maybe it draws it's own fonts and text pixels with no windows APIs at all! .I think java apps would qualify in that category?.
c78,
Hi, thanks again for your post. Unfortunately all of what you have mentioned so far hasn't worked. I'm stumped as to what I should do. I've never had any problem in the past. I have tried TextOutA, TextOutW, DrawText etc,.. with no results. There is no text allowed in this rich edit control and therefore no keydown events to capture. The rich edit box is automatically updated by the program. I can only think that the rich edit control is in someway modified.
Also, the second thing I would like to ask is how I should go about detecting when graphics are drawn on a flash image and also what was drawn. (The thing i'm thinking about is certain cards drawn on a poker table.) I want to be able to detect what is drawn and when. The control is an embedded flash player.
Regards,
Paul.
Hi, thanks again for your post. Unfortunately all of what you have mentioned so far hasn't worked. I'm stumped as to what I should do. I've never had any problem in the past. I have tried TextOutA, TextOutW, DrawText etc,.. with no results. There is no text allowed in this rich edit control and therefore no keydown events to capture. The rich edit box is automatically updated by the program. I can only think that the rich edit control is in someway modified.
Also, the second thing I would like to ask is how I should go about detecting when graphics are drawn on a flash image and also what was drawn. (The thing i'm thinking about is certain cards drawn on a poker table.) I want to be able to detect what is drawn and when. The control is an embedded flash player.
Regards,
Paul.
Can you just poll the edit box?
I did this before using EM_STREAMOUT to read it externaly.
1. First I used madChook function to copy a callback function into the target.
"CopyFunction(EditStreamCallback, hPh, FALSE, &pCode))"
2. Allocated buffers inside the target.
3. Send a "SendMessage(hWnd, (UINT) EM_STREAMOUT, (WPARAM) SF_TEXT, (LPARAM) ptStruct);"
Note: I just needed basic text and thats what the SF_TEXT flag is for.
Then read the buffer inside the target process using madCHook functions again.
Also you have to put some communication/setup structures inside the target for this to work.
If I were to do it again I'd probably use an injected DLL and use IPC or shared memory to pass the data, as it would be cleaner.
But I've had 1000's of hours on this setup and it works fine.
In my case I just need to poll the edit box a few times a second.
I did this before using EM_STREAMOUT to read it externaly.
1. First I used madChook function to copy a callback function into the target.
"CopyFunction(EditStreamCallback, hPh, FALSE, &pCode))"
2. Allocated buffers inside the target.
3. Send a "SendMessage(hWnd, (UINT) EM_STREAMOUT, (WPARAM) SF_TEXT, (LPARAM) ptStruct);"
Note: I just needed basic text and thats what the SF_TEXT flag is for.
Then read the buffer inside the target process using madCHook functions again.
Also you have to put some communication/setup structures inside the target for this to work.
If I were to do it again I'd probably use an injected DLL and use IPC or shared memory to pass the data, as it would be cleaner.
But I've had 1000's of hours on this setup and it works fine.
In my case I just need to poll the edit box a few times a second.
-
dcsoft
- Posts: 380
- Joined: Sat Dec 11, 2004 2:11 am
- Location: San Francisco Bay Area, CA USA
- Contact:
This seems the most promising technique of all you have tried. So you have used SendMessage (WM_GETTEXTEX, ...)? And the string you get back (in lparam) is garbage? I think you need to call SendMessage in the context of the app with the richedit. So use madshi's InjectLibrary() to get your dll in there, then do the SendMessage from the dll. You should be golden.mushy99 wrote:I manage to find the control using findwindow and then finding the child which is the rich edit control, however when I come to reading the contents (which looking at the control, doesn't at first glance seem to be a difficult task), you basically set up a structure and pass it along with the handle of the control to gettextex. The trouble is that the stuff that comes back is garbage and seems to not work as expected (I have double checked my code and it is correct).
-- David