Jump to content
Tuts 4 You
Sign in to follow this  
LCF-AT

How to control CMD console?

Rate this topic

Recommended Posts

LCF-AT

Hi again,


 


so I have a little question again and need some help. :)


 


Can anybody tell me how to control & handle & work with the CMD console inside of own code?So what I want at the moment is to get the content of the CMD console.


 


Exsample / Steps:


-----------------------------------------


1.) I start the a CMD tool xy with specific paramters via CreateProcess API


2.) Now the CMD console gets some results xy back (text xy)


3.) I wanna get this text etc logged into memory buffer


4.) Now I check the text for some strings as success or failed for exsample


5.) I got the results of CMD console


6.) If string success was found = keep console running


7.) If string failed found = close console via TerminateProcess


------------------------------------------


Pretty simple so far right?Its just some condition check about success or failed of executed CMD tool command paramters and if I got the results then I can work go on with my own code to make the next steps etc.So how can I do this to get the text content into my memory buffer?So I hope you know what I mean so far.Maybe you have any ideas about it which could help to handle this thing.


 


Thank you


  • Like 2

Share this post


Link to post
Share on other sites
LCF-AT

Hi Encrypto,


 


thanks for the answer but this exsample is not helpfully for me.So I think I need anything else or better any exsample exe file what I could check in debugger to see how its working.


 


So I do remember from the past that I have seen already any GUIs for CMD tools who do pipe the CMD text content directly into a own GUI window but can't remember the target names anymore.Do you know any exsample targets which I could check or something?Or can anybody code any little exsample?


 


PS: So at the moment I could maybe hook the WriteConsole API somehow to check what gets written into the CMD process but also this way would be to awkward.Hhmmm!Is there never any simple solution to get? :)


 


greetz


Share this post


Link to post
Share on other sites
simple

I'd post the binary but no point when u can compile it yourself. MSDN code makes me throw up too, but just an advice for next time, C programming makes this kind of stuff very fast ; )



.data
format1 db "%s", 0
format2 db "PID = %d", 0
SearchString db "ghfhgf", 0
Error db "SearchString not found", 0
SecuAttr SECURITY_ATTRIBUTES <>
StartInfo STARTUPINFO <>
PI PROCESS_INFORMATION <>
hRead dd 0
hWrite dd 0
retourligne db 13,10,0
ReadBuffer db 500h dup (0)
bytesRead dd 0
Hfile dd 0
NumberOfBytesWritten dd 0
CommandToRun db "ipconfig /all",0
.data? .code
; function mod'd from somebody on masm forums.
; according to msdn ur supposed to call SetHandleInfo first but works fine w/out it
Init PROC
Local RetVal:DWORD
mov RetVal,0
mov SecuAttr.nLength,sizeof SECURITY_ATTRIBUTES
mov SecuAttr.bInheritHandle,TRUE invoke CreatePipe,addr hRead,addr hWrite,addr SecuAttr,NULL
mov RetVal,eax
mov StartInfo.cb,sizeof StartInfo
invoke GetStartupInfo,addr StartInfo
xor eax,eax
mov StartInfo.lpReserved,eax ;null avant d'appeler CreateProcess
mov eax,hWrite
mov StartInfo.hStdOutput,eax
mov StartInfo.hStdError,eax
mov StartInfo.dwFlags,STARTF_USESHOWWINDOW+STARTF_USESTDHANDLES
mov StartInfo.wShowWindow,SW_SHOW mov eax,RetVal
ret
Init endp main proc ; initialize
call Init ; self explanatory...
invoke CreateProcess,NULL,addr CommandToRun,NULL,NULL,TRUE,NULL,NULL,NULL, addr StartInfo, addr PI invoke crt_printf, ADDR format2, [PI.dwProcessId] ; read console output
invoke ReadFile,hRead,addr ReadBuffer, sizeof ReadBuffer - 1, addr bytesRead, NULL invoke crt_printf, ADDR format1, addr ReadBuffer ; search for search string
invoke crt_strstr, addr ReadBuffer, addr SearchString ; If search string was not found
.if eax == 0 invoke crt_printf, ADDR Error invoke OpenProcess, PROCESS_TERMINATE, FALSE, [PI.dwProcessId] .if eax != 0 invoke TerminateProcess, eax, 0 .endif jmp FINISH
.endif ; if a string was found now u can send other info back
;invoke WriteFile,hFile,addr InfoToSendBack, bytesRead, addr NumberOfBytesWritten,NULL FINISH:
invoke CloseHandle,hRead ;invoke crt_printf, addr format3, x invoke ExitProcess, 0 ret
main endp
end main
  • Like 3

Share this post


Link to post
Share on other sites
LCF-AT

HI simple,


 


coolio and thanks for your code exsample. :) So the test executable is working so far (with ReadFile API / funny).So I didn't remember that I could also use ReadFile for this (completely forgotten). :) Its already good to have any working exsample code now and I will see how I get it work with my other CMD based tool where I get the response later (after few seconds) so I think there I have to add any loop (sleep mode or so) to capture the datas.I will see and check this out and send some feedback.


 


Thanks again very much for the quick help and this nice exsample ASM code. :) Hhmm I have also no idea about C programming (don't have C) and just use WinASM what I can handle already a little bit (more or less). :)


 


greetz


Share this post


Link to post
Share on other sites
Alzri2

You can have a look at AutoIt; it has the functions you want and more.


Also, it's open source ... it means that u can compile a file then debug it or just read the source code.


Share this post


Link to post
Share on other sites
LCF-AT

Hi again,


 


sorry but AutoIt is not my thing. :)


 


@ simple


 


Ok I have test the code snippet some more and found some problems.


 


1.) Is it just possible to pipe the content text without to keep the content text showing in CMD at same time?So in your code I see you do use "STARTF_USESHOWWINDOW+STARTF_USESTDHANDLES" in startup struct and with this paramters I can read the content via ReadFile API but the CMD window keeps empty but I wanna get both (Read Content + keep content showing in CMD) so is this also possible or not?


 


2.) Next problem is the termination of CMD tool again.So I see this is only working if the CMD tool was failed to work but if its running then its not working to terminate and it keeps running.


 


3.) My CreateProcess Paramter are like this...



cmd.exe /c toolXY.exe -Paramter X -Paramter -Y player.exe

...so normaly if the tool was executed successfully with right working paramters then it keeps running permanently and gets datas so long till I close it manually (press X or key combi strg+c).Now the question is whether I can send a command strg+c to this CMD before to execute the TerminateProcess API?So I think the problem is to terminate the player.exe.So if I exit the player.exe manually then CMD will also closed but how to get the right PID of this player.exe?Lets say the player.exe is running already 3 times so where should I find out which player PID was executed with this CreateProcess string?Hhmmm!


 


greetz


Share this post


Link to post
Share on other sites
Encrypto

LCF:

 

for point 2), you could enumerate the processes, using Process32First/Next and check the ParentPID of the process for player.exe. For example:

 

yourprocess.exe->

             | -> cmd.exe (PID : 011) ( from simple's code : CreateProcess(.... π) -> pi.dwProcessID)
                  | -> player.exe (PID : 012) ( enumerate process32first/next to find pe.th32ProcessID == 012, check if pe.th32ParentProcessID  == 011)

 

Perhaps this link will give you answers to what you seek. http://stackoverflow.com/questions/185254/how-can-a-win32-process-get-the-pid-of-its-parent

Share this post


Link to post
Share on other sites
simple

1. Yes, you should be able to do that using anonymous pipes, but it requires editing code inside of your child process. By default progs use 1 pipe only for output. edit - typo


 


2. The OpenProc()/TermProc() calls work fine for terminating process. See code below.


 


3. A. If I understand u, You'd have to manually edit the PSP to change args post CreateProc().


 


    B. PID of the child process (the exe called via CreateProc()) is returned in [PI.dwProcessId] (look at the arg to printf()) and can be determined from other instances. It's used to Terminate the proc.


 


Here's a proof concept I'm using.


 


Sample program (child process):



#include <stdio.h>
#include <stdlib.h>
#include <conio.h>
// this will retrieve args from the psp
int main(int argc, char *argv[])
{
printf("%s %s %s\n", argv[0], argv[1], argv[2]);
fflush(stdout);
_getch ();
return 0;
}

Slightly mod'd masm (parent process):


edit again - this isn't designed to be production code, just a PoC, u have to add error checking, etc.



.data
        ...
        Args db "CmdLineArg.exe string1 string2", 0 ; dont put cmd.exe /c here
        CommandToRun db "CmdLineArg.exe",0
.data?
.code
Init PROC
Local RetVal:DWORD
mov RetVal,0
mov SecuAttr.nLength,sizeof SECURITY_ATTRIBUTES
mov SecuAttr.bInheritHandle,TRUE invoke CreatePipe,addr hRead,addr hWrite,addr SecuAttr,NULL invoke SetHandleInformation, hRead, HANDLE_FLAG_INHERIT, 0 mov RetVal,eax
mov StartInfo.cb,sizeof StartInfo invoke GetStartupInfo,addr StartInfo
xor eax,eax
mov StartInfo.lpReserved,eax
mov eax,hWrite
mov StartInfo.hStdOutput,eax
mov StartInfo.hStdError,eax
;mov StartInfo.dwFlags,STARTF_USESHOWWINDOW+STARTF_USESTDHANDLES mov StartInfo.dwFlags, STARTF_USESTDHANDLES
mov StartInfo.wShowWindow,SW_SHOW mov eax,RetVal
ret
Init endp main proc ; initialize
call Init ; self explanatory...
;invoke CreateProcess,NULL,addr CommandToRun,NULL,NULL,TRUE,NULL,NULL,NULL, addr StartInfo, addr PI invoke CreateProcess,addr CommandToRun, addr Args, NULL,NULL,TRUE,NULL,NULL,NULL, addr StartInfo, addr PI invoke crt_printf, ADDR format2, [PI.dwProcessId] ; read console output
invoke ReadFile,hRead,addr ReadBuffer, sizeof ReadBuffer - 1, addr bytesRead, NULL invoke crt_printf, ADDR format1, addr ReadBuffer ; search for search string
invoke crt_strstr, addr ReadBuffer, addr SearchString ; If search string was not found
.if eax == 0 invoke crt_printf, ADDR Error invoke OpenProcess, PROCESS_TERMINATE, FALSE, [PI.dwProcessId] .if eax != 0 invoke TerminateProcess, eax, 0 .endif jmp FINISH
.endif FINISH:
invoke CloseHandle,hRead ;invoke crt_printf, addr format3, x invoke ExitProcess, 0 ret
main endp
end main

Edited by simple (see edit history)

Share this post


Link to post
Share on other sites
LCF-AT

Hi again and thanks for your hints so far,


 


@ Encrypto


 


Ok I have test what you said but I got one problem....so if I got the PID of my CMD process what to do to check for a running parent process?So I wrote a quick MultiASM exsample...



@top:
call GetCurrentProcessId
mov ebx,eax
lea esi, [esp-400]
mov dword [esi], 128
push edi
push 2
call CreateToolhelp32Snapshot
mov edi, eax
push esi
push edi
call Process32First
cmp dword [esi+8], ebx
je @PIDFOUND
@LOOP:
push esi
push edi
call Process32Next
or eax,eax
je short @LISTFINISHED
cmp dword [esi+8], ebx
je @PIDFOUND
jmp short @LOOP
@LISTFINISHED:
push edi
call CloseHandle
nop ; <-- pause
nop
@PIDFOUND:
nop ; <-- Got PID what now?
nop

...so you know what I mean right?Just need to know what steps I have to do after this check now.Also I don't really can follow these MSDN descriptions,sorry.


 


@ simple


 


Got some problems with your new & extra code on the first code tags "#include <stdio.h> etc" so this I can't use in WinASM as you wrote and also I don't have this files.


 


Next problem comes with the new paramters for CreateProcess API so they don't work on this way = failed to work correctly.If I set dwFlags to default (to see something in CMD temporary for testing) then the content inside is not normal = all trashy inside with all signs etc = not working.So it seems I still have to use the cmd.exe /c command in commandline of this API then it works also normaly.But also if I rechange this with using cmd.exe /c then I got same results as before = CMD is showing nothing inside & TerminateProcess does not Terminate CMD.


 


So I think I have to use the idea of Encrypto to get the processID of the player.exe which was executed by commandline and to close this only and then also CMD tool gets closed automatic.


 


EDIT: So I think to get the parent process is not really working.So if I found the CMD PID and check then what for a parent PID I got before then its not the player PID its Exlporer PID...



PROCESSENTRY32 structure
$ ==> 0012FBB0 00000128
$+4 0012FBB4 00000000
$+8 0012FBB8 00000250 <-- CMD PID
$+C 0012FBBC 00000000
$+10 0012FBC0 00000000
$+14 0012FBC4 00000001
$+18 0012FBC8 00000288 <-- Explorer PID
$+1C 0012FBCC 00000008
$+20 0012FBD0 00000000
.....

...I think this way isn't working.Is there now way to check now something with the PID I got from CMD to get infos of extra executed processes by CMD or something etc?So I do execute a commandline via CreateProcess which also holds at the end of all paramters the player.exe path which gets started by the extern CMD tool xy and I don't have any influence about the player.exe so far you know.Also this player.exe could also run already a few times to work with other processes so how should I then find out which player does belong to this executed CMD commandlines you know?Of course I don't want to quit the wrong player.exe process.Maybe you have again any ideas how to handle this situation.


 


greetz


Edited by LCF-AT (see edit history)

Share this post


Link to post
Share on other sites
simple

Sry misunderstood u I drank too many soft drinks today. After your call to Proc32First, use pe.th32ParentProcessID to get parent PID of child. Would code it for u but don't have ur target binary.


Share this post


Link to post
Share on other sites
LCF-AT

Hi again,


 


so you mean this right?



typedef struct tagPROCESSENTRY32 {
DWORD dwSize;
DWORD cntUsage;
DWORD th32ProcessID;
ULONG_PTR th32DefaultHeapID;
DWORD th32ModuleID;
DWORD cntThreads;
DWORD th32ParentProcessID; <---- Here
LONG pcPriClassBase;
DWORD dwFlags;
TCHAR szExeFile[MAX_PATH];
} PROCESSENTRY32, *PPROCESSENTRY32;

But as I told before,there I only get the parent PID back what I got before and this parent PID is not the player.exe PID its just any PID if any process which was found in the PID list. :( Somehow I have to work now go on with the PID of CMD tool what is connected with the player to get the PID of the player but how is the question.


 


greetz


Share this post


Link to post
Share on other sites
simple

 OK, I used cmd.exe /c target.exe param etc, I ran multiple instances of it and this will close the instance called w/CreateProc.

 

theres a bug in masm w/ascii vs ansi Proc32First/Next api requiring special build instructions, here they are thanks to Alex @masmforums who found it

 

Change in kernel32.incProcess32FirstW PROTO STDCALL :DWORD,:DWORD
Process32NextW PROTO STDCALL :DWORD,:DWORDtoProcess32First PROTO STDCALL :DWORD,:DWORD
Process32Next PROTO STDCALL :DWORD,:DWORDand make a new kernel32.lib or take the one from windows sdk.

.386p.model	flat, stdcalloption	casemap: noneinclude		\masm32\include\windows.incinclude		\masm32\include\kernel32.incinclude		\masm32\include\user32.incinclude		\masm32\include\ntdll.incinclude		\masm32\include\msvcrt.incincludelib      \kernel32.libincludelib	\masm32\lib\ntdll.libincludelib	\masm32\lib\user32.libincludelib	\masm32\lib\msvcrt.lib.data        format1 db "%s", 0        format2 db "PID = %d", 0	SearchString db "ghfhgf", 0	Args db "cmd.exe /c CmdLineArg.exe string1 string2", 0	Error db "SearchString not found", 0     	SecuAttr      SECURITY_ATTRIBUTES <>	StartInfo     STARTUPINFO         <>           PI            PROCESS_INFORMATION <>          hRead dd 0        hWrite dd 0        retourligne db 13,10,0        ReadBuffer db 500h dup (0)        bytesRead dd 0        Hfile dd 0        NumberOfBytesWritten dd 0        CommandToRun db "CmdLineArg.exe",0	AppName         db "Terminate",0	;SearchForThis   db "CmdLineArg.exe",0	errSnapshot     db "CreateToolhelp32Snapshot failed.",0	errProcFirst    db "Process32First failed.",0	hSnapshot   HANDLE ?	ProcEnt     PROCESSENTRY32 <>				.data?.codeInit PROC        Local  RetVal:DWORD        mov RetVal,0        mov SecuAttr.nLength,sizeof SECURITY_ATTRIBUTES        mov SecuAttr.bInheritHandle,TRUE                invoke CreatePipe,addr hRead,addr hWrite,addr SecuAttr,NULL   			invoke SetHandleInformation, hRead, HANDLE_FLAG_INHERIT, 0	        mov RetVal,eax        mov StartInfo.cb,sizeof StartInfo               invoke GetStartupInfo,addr StartInfo        xor eax,eax        mov StartInfo.lpReserved,eax             mov eax,hWrite        mov StartInfo.hStdOutput,eax        mov StartInfo.hStdError,eax      			mov StartInfo.dwFlags, STARTF_USESTDHANDLES        mov StartInfo.wShowWindow,SW_SHOW				               mov eax,RetVal        retInit endpmain    proc        ; initialize 		        call Init        			; self explanatory...        ;invoke CreateProcess,NULL,addr CommandToRun,NULL,NULL,TRUE,NULL,NULL,NULL, addr StartInfo, addr PI			invoke CreateProcess, NULL, addr Args, NULL,NULL,TRUE,NULL,NULL,NULL, addr StartInfo, addr PI        	invoke crt_printf, ADDR format2, [PI.dwProcessId]		        ; read console output        invoke ReadFile,hRead,addr ReadBuffer, sizeof ReadBuffer - 1, addr bytesRead, NULL			invoke crt_printf, ADDR format1, addr ReadBuffer			; search for search string	invoke crt_strstr, addr ReadBuffer, addr SearchString			; If search string was not found        .if eax == 0                     invoke crt_printf, ADDR Error 			         invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS,0			 	.IF (eax != INVALID_HANDLE_VALUE)			     mov hSnapshot,eax                             mov [ProcEnt.dwSize],SIZEOF ProcEnt                             invoke Process32First, hSnapshot,ADDR ProcEnt ; 7c865535                            .IF (eax)                             l00p:					 					 invoke crt_printf, ADDR format1, addr [ProcEnt.szExeFile]					                                          invoke lstrcmpi, ADDR CommandToRun ,ADDR [ProcEnt.szExeFile]                                         .IF (eax == 0)					 					     ; if PID of cmd.exe from CreateProc == Parent PID of CmdLineArg.exe				             ; then this is the CmdLineArg.exe called from cmd.exe called from CreateProcess()					     mov eax, [PI.dwProcessId]						 					     mov ecx, [ProcEnt.th32ParentProcessID]						 					     cmp eax, ecx						 					     jnz n0cl0se						 					     ;invoke crt_memcmp, [PI.dwProcessId], [ProcEnt.th32ParentProcessID], sizeof DWORD					                                                   invoke OpenProcess, PROCESS_TERMINATE,FALSE,[ProcEnt.th32ProcessID]                                             .IF (eax)						                                                  invoke TerminateProcess, eax,0                                                      .ENDIF                    .ENDIF							    n0cl0se:					                    invoke Process32Next, hSnapshot,ADDR ProcEnt                    test eax,eax                    jnz l00p               .endif            .ENDIF        invoke CloseHandle, hSnapshot	.endif			         ; if a string was found now u can send other info back	;invoke WriteFile,hFile,addr InfoToSendBack, bytesRead, addr NumberOfBytesWritten,NULL		FINISH:		        invoke CloseHandle,hRead		        ;invoke crt_printf, addr format3, x        invoke ExitProcess, 0               retmain endpend main

I tried to space this code best I could manually, this modern technology forum we're using doesnt want to do it for me forgive me if it comes up messed up

  • Like 1

Share this post


Link to post
Share on other sites
LCF-AT

Hi again,


 


thanks for the new code. :)


 


In my kernel32.inc I find this...



Process32First PROTO :DWORD,:DWORD
Process32FirstW PROTO :DWORD,:DWORD
Process32Next PROTO :DWORD,:DWORD
Process32NextW PROTO :DWORD,:DWORD

...should I really change this now or not?Ok at the moment I haven't change it and have only test your code so far and it seems to work.No idea why but it works on my first tests but I am still not sure so maybe it was only a lucky random that it was working. :) First I just startet 2 player.exe instances and then I startet your code and it also has closed the right one. :) Coolio! :) So I get a little lost during debugging the code sample.I also tried now to start 10 player instances but its still working. :) Does it mean that I can keep my kernel32.inc untouched now?


 


Ok so it seems that this problem is sloved now so far (very well) but the other little problem I have is still the empty CMD window.So I would like to keep showing the content as normaly + reading the content via ReadFile but my tests failed to get both together so I can just decide for one only at the moment or do you also know any way how to get both or is it really not possible?


 


greetz


Share this post


Link to post
Share on other sites
LCF-AT

Forgot one more thing.


 


Problem with ReadFile API


 


So I see ReadFile API is just so long working so long CMD gets some content but if not and I call ReadFile API again then my code is just running without to come back after this API call.How to handle this?Normaly I would like to call ReadFile API to get the content bytes XY so far and right after I wanna call ReadFile API again to see whether it got another content or not and if not = call exit but the problem now is that my code then just runs and gets lost into ReadFile API.Hmmm.


 


greetz


Share this post


Link to post
Share on other sites
Alzri2

Told ya ... what ur looking for is already written neatly in AutoIt by C++ experts


just look at the source code of AutoIt (StdoutRead function)


Share this post


Link to post
Share on other sites
simple

If u want the console to display as normal, ShellExecuteExA will do it. The downside is that the only way to get stdout from console is to have it write to a file, so you'd then have to open the file and search for the string. Don't think ShellEx is wired for pipes.


 


U can also use anonymous pipes w/CreateProcess, but as far as I know you'll have to alter some of the code in your child process to redirect the pipes as I don't think it's possible to tell the kernel to redirect pipes of a process from outside that process.


 


If the program flow stops at ReadFile, it's because there is nothing in stdout and it needs to be flushed via fflush(stdout) from within the child process. You can put the ReadFile call inside of a thread if your main thread has other work to do in the mean time so program flow continues.


 


edit: yeah if it compiles fine then leave kernel32.lib/inc alone, my masm must be old


Edited by simple (see edit history)

Share this post


Link to post
Share on other sites
Encrypto

LCF: To see if the named pipe has any content use PeekNamedPipe. So your code will look like:


 


bSuccess = PeekNamedPipe(blahblah, ...)


if (!bSuccess) return 0;


ReadFile(blahblahblah...)


 


https://msdn.microsoft.com/en-us/library/windows/desktop/aa365779%28v=vs.85%29.aspx


 


P.S : I know you dont like MSDN, but just use that for detailed information, and use google for the rest. 


  • Like 1

Share this post


Link to post
Share on other sites
LCF-AT

Hi again,


 


ah ok so as I thought already its not working to get both without to write a extra temporary file.


 


How to flush?So I can't find a API called fflush etc or what to do?


 


@ Encrypto


 


Hey thanks for this info about this API so I have test it and its working so far and I can call it endless without the problems I get with ReadFile.So if I see it right then this PeekNamedPipe API seems to log always the entire content from the start.So I think it should be then enough only to check the returned bytes I got and this twice and if both byte lenghts are same = There is no more action going on in the CMD right? :)



call PeekNamedPipe ...
// Got 214 bytes
call Sleep (1000d)
call PeekNamedPipe ...
// Got 214 bytes
= Same bytes value Pipe Over call PeekNamedPipe ...
// Got 214 bytes
call Sleep (1000d)
call PeekNamedPipe ...
// Got 282 bytes
= Pipe still in action

So I think I have to check this on that way also because I always get "success" back after calling call PeekNamedPipe API (always 1 never 0).Ok thanks again guys and I will check this out and send some feedback later.


 


greetz


Share this post


Link to post
Share on other sites
LCF-AT

Hi again,


 


so I got a quick short other simple question (don't wanna create new topic now).


 


So I have a problem how to get the handle (hwnd) of my created editbox and without the handle I can't get the content (text what I have entered).


 


I just created a Dialog (ID 1001) & Edit (ID 1002) & Button (ID 1003).Now if I press the button then my code should read the text from the editbox.Pretty simple so far but I can't get this handle of editbox.I tried already to use the ID 1002 but dosen't work.So what I have is this at the moment...



DlgProc proc hWnd:HWND, uMsg:HWND, wParam:WPARAM, lParam:LPARAM .if uMsg == WM_COMMAND
.if wParam == 1003 mov eax, handle of editbox etc ; <---
call ReadText
.endif
.elseif uMsg == WM_CLOSE
invoke EndDialog,hWnd,0
.endif
xor eax,eax
Ret
DlgProc endp ;;;;;;;;;;;;;;;;;;;;;;;;;;;;
ReadText proc
invoke GetWindowText,eax,ADDR buffer,512
.....
ret
ReadText endp

...so can anybody tell me quick how to get the handle of editbox?Sorry for asking but I have always problems with that handle stuff or how to declare the IDs with that handle thing etc.Is there any API something like GetHandleByID or something?


 


Thanks


Share this post


Link to post
Share on other sites
simple

Try something like:



DlgProc proc hWnd:HWND, uMsg:HWND, wParam:WPARAM, lParam:LPARAM .if uMsg == WM_COMMAND
.if wParam == 1003 invoke GetDlgItem, hWnd, 1002 ; pass getdlgitem the handle from callback + id of edit box invoke GetWindowText, eax, addr ThisIsWhereTextLands, MAX_TEXT_SIZE
.endif
  • Like 1

Share this post


Link to post
Share on other sites
mrexodia

Learn some C/C++, you can write these kind of things with a few lines of code. Syntax is different from ASM, but you can use the WinAPI in the same manner, it's not too hard to learn...


Share this post


Link to post
Share on other sites
simple

next time search "GetWindowText masm example". C (NOT high/app level C++, but C89) is good because its near identical to masm, everybody codes it = billions of code examples. no example in masm? surely C will have.


Share this post


Link to post
Share on other sites
LCF-AT

Hi again,


 


thanks for the API hint (didn't remember again as always). :)


Hhmm no idea about C /+ etc so I got already problems with WinASM and I think switching to C / + would be maybe not the best idea for me.So for me its really hard to handle all this strange name stuff where I mostly don't know what it is or what I have to use in this or that case etc and I need hours to code any little things + testing. :) I am very lousy.


 


Thanks again


Share this post


Link to post
Share on other sites
ragdog

The language is relativ, only understand it


 


Lcf i cannot send you a pm


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...