0

我已经用我自己的函数 MyNtUserShowWindow 替换了 ssdt shadow 中的 NtUserShowWindow 函数。但是在 MyNtUserShowWindow 函数中,我调用 NtUserInternalGetWindowText 函数来尝试获取窗口标题,但它总是返回 0(表示失败)。我不知道为什么?

一些代码打击:

BOOL MyNtUserShowWindow(
    IN HWND hWnd,
    IN int nCmdShow )
{
    LPWSTR buffer = NULL;
    SIZE_T memSize;
    int strLen;
    NTSTATUS status;

    memSize = MAX_PATH + 1;
    if (NT_SUCCESS(ZwAllocateVirtualMemory( ZwCurrentProcess(),
                                            &buffer,
                                            0,
                                            &memSize,
                                            MEM_COMMIT | MEM_RESERVE | MEM_TOP_DOWN,
                                            PAGE_READWRITE )))
    {
        strLen = NtUserInternalGetWindowText( hWnd, buffer, MAX_PATH );
        KdPrint(( "the get window len is %d, buffer is %S\n", strLen, buffer)); // strLen = 0

    }

    ......
}
4

1 回答 1

1

I doubt this is the answer, but you're allocating the wrong size buffer. You are allocating MAX_PATH+1 bytes, but telling NtUserInternalGetWindowText that the buffer is MAX_PATH WCHARs (MAX_PATH*2 bytes) long. Unless MAX_PATH is 1 (which it isn't), this may cause an access violation.

If the window you're looking at has a caption longer than MAX_PATH / 2 characters, this would cause the function to fail.

It is also possible that the window you're looking at belongs to a different process and is managing it's own window text - e.g. an edit control. You may want to take a look at http://blogs.msdn.com/b/oldnewthing/archive/2003/08/21/54675.aspx for an explanation of the times when GetWindowText (and one assumes by extension this undocumented method) will return something different.

于 2013-04-26T10:43:58.023 回答