Prevent from getting Window Handle
-
Hi As far as I know it is possible for other applications to get a handle of the window from my application (e.g.: FindWindow), and then it is possible for this application to write into my window. Does anyone know a method to prevent this? Thanks in advance :confused:
-
Hi As far as I know it is possible for other applications to get a handle of the window from my application (e.g.: FindWindow), and then it is possible for this application to write into my window. Does anyone know a method to prevent this? Thanks in advance :confused:
It's not possible to hide a HWND. You may try to make FindWindow harder to use - for example, by generating class name randomly each time your program starts, but this doesn't give you 100% protection - it's possible to iterate over all windows in the system. BTW: What are you afraid of? Tomasz Sowinski -- http://www.shooltz.com
-
It's not possible to hide a HWND. You may try to make FindWindow harder to use - for example, by generating class name randomly each time your program starts, but this doesn't give you 100% protection - it's possible to iterate over all windows in the system. BTW: What are you afraid of? Tomasz Sowinski -- http://www.shooltz.com
I'm writing a high security digital signature ActiveX control. And I thought it would be bad if another program writes into my window and then the signer thinks he signs something different then he really signs. I try know with Win32 Hooks. I hope this helps.
-
I'm writing a high security digital signature ActiveX control. And I thought it would be bad if another program writes into my window and then the signer thinks he signs something different then he really signs. I try know with Win32 Hooks. I hope this helps.
What if another program displays its own window looking like yours? Assuming that users's machine is infected by worm or virus targeting your ActiveX, there's not much you can do. I'd keep a checksum (or even a verbatim copy) of displayed text somewhere. Even if this program writes its own text, you'd be able to detect data corruption. Tomasz Sowinski -- http://www.shooltz.com
-
What if another program displays its own window looking like yours? Assuming that users's machine is infected by worm or virus targeting your ActiveX, there's not much you can do. I'd keep a checksum (or even a verbatim copy) of displayed text somewhere. Even if this program writes its own text, you'd be able to detect data corruption. Tomasz Sowinski -- http://www.shooltz.com
The text is already secured through a hash value, so it can't be corrupted. But this other program is able to write into my window and the user sees something different than he signs! This other thing, with the virus looking like my ActiveX is a problem too. I thought I can do something in correspondence with the server programm to which the signed file is sended. Do you have any ideas? Martin
-
The text is already secured through a hash value, so it can't be corrupted. But this other program is able to write into my window and the user sees something different than he signs! This other thing, with the virus looking like my ActiveX is a problem too. I thought I can do something in correspondence with the server programm to which the signed file is sended. Do you have any ideas? Martin
Hello NitramR, Try this idea. I haven't checked it out, but it should work. There are a few different ways of acheiving the end result. 1a) System wide hook that hooks each process. This loads your spy DLL into their process when their process starts. 1b) Use CreateRemoteThread() to inject your DLL into the running process. You'll need a thread to watch for new processes and then inject your DLL into each new process. This is more complicated than a system wide hook, but acheives the same result. 2) Your DLL will then hook the Kernel/User/GDI/whatever DLL functions that you think are appropriate. In this case you'll want to be hooking User32 functions related to finding windows. In your hooks you'll let the function execute then examine the return value before returning. If the value indicates your window you'll overwrite the value to indicate failure. 3) Their program will search for the window and fail. There is info on hooking technique elsewhere on this site and also in MSJ/MSDN website/magazine. Caveats. -------- If they know which DLL you are loading they may be able to write code to hook LoadLibrary and LoadLibraryEx and prevent the library from loading dy diverting the function call and returning a library not loaded return code. Not hard to do. If they get their hooks in before you get your hooks in, you have lost the battle. Cheers Stephen Kellett -- C++/Java/Win NT/Unix variants Memory leaks/corruptions/performance/system problems. UK based. Problems with RSI/WRULD? Contact me for advice.
-
Hi As far as I know it is possible for other applications to get a handle of the window from my application (e.g.: FindWindow), and then it is possible for this application to write into my window. Does anyone know a method to prevent this? Thanks in advance :confused:
Ok guys I did some research on hooks and I'm know convinced that there is know solution for this problem. The only thing to do, in my opinion, is to warn the user and give him the responsibility to keep his computer free of viruses and stuff like that. Thanks anyway. X|
-
Ok guys I did some research on hooks and I'm know convinced that there is know solution for this problem. The only thing to do, in my opinion, is to warn the user and give him the responsibility to keep his computer free of viruses and stuff like that. Thanks anyway. X|