get systree item from other app

[ragdog]

hi

i have in the www.asmcommunity.net a source found thats

get all systreeview item form another app

this works not can your help?

ragdog

[attachment deleted by admin]

[stanhebben]

This code looks like a way to hack into another program. However, windows xp seems not to allow it. (probably older version of windows did)

[ragdog]

hi
it must function nevertheless somehow on windows xp?

I try already the whole time
if someone to help could do would be good it

ragdog

[evlncrn8]

the problem (from a quick glance) is the use of the locals in that code, moved to another data area, and the writeprocessmemory being fixed up is all that i can see is needed to actually get it to work...

[ecube]

It works, wow its almost the exact same code I used for my cpu monitor i'm about to release, anyway check code section tonight, should be there.

[ragdog]

hi

i have this  (tv TVITEM <>)  moved to the data? section

I do not understand with that

invoke WriteProcessMemory,hProcess,ptvitem,addr tv, sizeof TVITEM, NULL
   
which is to change there

:'(

[PBrennick]

ragdog,
That is where it should be because TVITEM points to an uninitialized structure.

Code Select Expand


TVITEMA STRUCT
  _mask             DWORD  ?
  hItem             DWORD  ?
  state             DWORD  ?
  stateMask         DWORD  ?
  pszText           DWORD  ?
  cchTextMax        DWORD  ?
  iImage            DWORD  ?
  iSelectedImage    DWORD  ?
  cChildren         DWORD  ?
  lParam            DWORD  ?
TVITEMA ENDS

TVITEM  equ <TVITEMA>


As you can see, all the items in the structure are uninitialized.

Paul

[ragdog]

thanks

i did this just like that this works not


.data
szWindow      db "Tree View Demo",0 ;Iczelion's Win32 Assembly Tutorial part 19.
szClass       db "TreeViewWinClass",0
szTreeView    db "SysTreeView32",0
szInformation db "Information",0
szError       db "Iczelion's Win32 Assembly Tutorial part 19 not running!",0

.data?
hWin          dd ?
PID            dd ?
hProcess     dd ?
pMem        dd ?
_tvi          dd ?
hItem         dd ?
hItemChild    dd ?
cbWritten     dd ?
tvi           TVITEM <>
buffer        db 256 dup(?)

.code
start:

call FindProc
invoke ExitProcess,0

FindProc PROC
LOCAL _item :DWORD

  invoke FindWindow,addr szClass,addr szWindow
  invoke FindWindowEx,eax,0,addr szTreeView,0

    .if eax==FALSE
        invoke MessageBox,0,addr szError,addr szInformation,MB_OK
    .endif
  mov hWin,eax
 
  invoke GetWindowThreadProcessId,hWin,ADDR PID
     mov hProcess,eax
  invoke OpenProcess,PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE or PROCESS_QUERY_INFORMATION,FALSE,PID
  invoke VirtualAllocEx,hProcess,NULL,sizeof TV_ITEM,MEM_COMMIT,PAGE_READWRITE
  mov _tvi,eax
  invoke VirtualAllocEx,hProcess,NULL,1024, MEM_COMMIT, PAGE_READWRITE
  mov _item,eax
  mov edi,eax
  mov tvi.cchTextMax,1024
 
  ;;Get First Child
  invoke SendMessage,hWin,TVM_GETNEXTITEM,TVGN_CHILD,hItem
  mov hItemChild,eax
  mov tvi.hItem,offset hItemChild;
  mov tvi._mask,TVIF_TEXT or TVIF_CHILDREN;
  mov tvi.pszText,edi
  mov tvi.cchTextMax,1024
  invoke WriteProcessMemory,hProcess,_tvi,addr tvi,sizeof TVITEM,ADDR cbWritten
  invoke SendMessage,hWin,TVM_GETITEM,0,_tvi
  invoke ReadProcessMemory,hProcess,_item, offset buffer, 1024, ADDR cbWritten
  invoke MessageBox,0,addr buffer,0,MB_OK
 
  invoke VirtualFreeEx,hProcess,_tvi,addr hItem,MEM_RELEASE
  invoke VirtualFreeEx,hProcess,_item,0,MEM_RELEASE
  invoke CloseHandle,hProcess
ret
FindProc endp

[six_L]

i tested it ok.

Code Select Expand

.386
.model flat,stdcall
option casemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comctl32.inc

includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include \masm32\macros\macros.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data
root      dd ?

tit1      db 'TestTree',0 ;Iczelion's Win32 Assembly Tutorial part 19.
TreeView  db 'SysTreeView32',0

pid       dd 0
hProcess  dd 0
ptvitem   dd 0
pItem     dd 0
hwnd      dd 0
buffer    db 256 dup(0),0
item1     dd ?
dir1      dd ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
find proc
LOCAL tv:TVITEM
;int 3
invoke FindWindow,0,offset tit1
invoke FindWindowEx,eax,0,offset TreeView,0

mov hwnd,eax
invoke GetWindowThreadProcessId,hwnd,offset pid ;?????????PID?
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,pid ;????,??????   
mov    hProcess,eax
invoke VirtualAllocEx,hProcess,0, sizeof TVITEM, MEM_COMMIT, PAGE_EXECUTE_READWRITE
mov    ptvitem,eax
invoke VirtualAllocEx,hProcess,0, 1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE
mov pItem,eax
       
m2m tv._mask,TVIF_TEXT
        mov tv.cchTextMax,512
        m2m tv.pszText,pItem

invoke SendMessage,hwnd,TVM_GETNEXTITEM,TVGN_ROOT,0
mov tv.hItem,eax
.while tv.hItem !=0
invoke SendMessage,hwnd,TVM_SELECTITEM,TVGN_CARET,tv.hItem
invoke WriteProcessMemory,hProcess,ptvitem,addr tv, sizeof TVITEM, NULL
invoke SendMessage,hwnd,TVM_GETITEM,0,ptvitem
invoke ReadProcessMemory,hProcess, pItem,offset  buffer, 512, NULL
invoke MessageBox,NULL,offset buffer,offset buffer,NULL
invoke SendMessage,hwnd,TVM_EXPAND,TVE_EXPAND ,tv.hItem
invoke SendMessage,hwnd,TVM_GETNEXTITEM,TVGN_NEXTVISIBLE ,tv.hItem
mov tv.hItem,eax
.endw
invoke CloseHandle,hwnd
invoke VirtualFreeEx,hProcess, ptvitem, 0, MEM_RELEASE
invoke VirtualFreeEx,hProcess, pItem, 0, MEM_RELEASE
invoke CloseHandle,hProcess
ret
find endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke find
invoke ExitProcess,0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

end start

for your testing, change titl into "Tree View Demo".

[ragdog]

thanks for your help  :cheekygreen:

big regards  :U

ragdog