Skip to main content


Showing posts with the label Windows

Close a Window Application from another application.

 This is just a demo application code to show how the WM_CLOSE message can be sent to the target process which has a titled window to close the application. To achieve this, either we can use SendMessage or PostMessage APIs to send required Windows messages to the target application. Though both the APIs are dispatching WM_XXXXX message to target application two APIs has some differences, these are as below: 1. SendMessage () call is a blocking call but PostMessage is a non-blocking call(Asynchronous) 2. SendMessage() APIs return type is LRESULT (LONG_PTR) but PostMessage() APIs return type is BOOL(typedef int). In Short, SendMessage () APIs return type depends on what message has been sent to the Windowed target process. For the other one, it's always a non-zero value, which indicates the message has been successfully placed on the target process message queue. Now let's see how can I close a target windowed application "Solitaire & Casual Games" from my custom-

Network Adapter Information on Windows

 I was trying to get Network Adapter Information from the Windows platform. So I have used an old API GetAdaptersInfo API . I was not sure whether it will work for Windows 10 but I have written a small sample to run on my Windows 10 PC and to my surprise, it still works. Though Microsoft recommended using  GetAdaptersAddresses API over GetAdaptersInfo API. It's a very small piece of code but the order headers are very important. If we do not follow the proper order the program won't compile. <Code> #include <iostream> #include <winsock2.h> #include <iphlpapi.h> #include <cassert> #pragma comment(lib, "iphlpapi.lib") void PrintMACAddress()  { DWORD _macAddress = 0; IP_ADAPTER_INFO _adapterInfo[16]; DWORD dwBufLen = sizeof(_adapterInfo); DWORD dwStatus = GetAdaptersInfo(_adapterInfo, &dwBufLen); assert(dwStatus == ERROR_SUCCESS); PIP_ADAPTER_INFO _pAdapterInfo = _adapterInfo; char string[32]; do { sprintf_s(string,

IsDebuggerPresent API Vs Process Environment Block

  Sometimes we've seen some application or process that can't be debugged using any debugger. As soon as we attach a debugger, either the application will terminate or pop up a message like a debugger attached with the process, so terminating the application. What so ever, in windows world, there is an API, which detects if the process is being debugged or not.  It's IsDebuggerPresent() Win32 API. You can refer to the  MSDN  link to get more details on it. So, I've written a test sample below: #include <Windows.h> int _tmain(int argc, _TCHAR* argv[]) {     if (IsDebuggerPresent() == TRUE)     {           MessageBox(NULL,            TEXT("Please close your debugging                 application and restart the program"),            TEXT("Debugger Found!"), 0);         ExitProcess(0);     }     MessageBox(NULL, TEXT("Hello World!"), TEXT("Bypassed"), 0);     ExitProcess(0);     return 0; } As usual, I did compile the code usin

How do we list out files in Recycle Bin (Windows 7)

In this post, I tried to enumerate files within recycle bin using a small Win32 program. As we know that recycle bin is a special folder on Windows File System. The location of this directory is not in the registry; it is marked with hidden and system attributes to prevent the user from moving or deleting it. The steps to list out the contents of Recycle bin are as below: 1. It's a special folder denoted by CSIDL_BITBUCKET, which we need to pass to the function SHGetFolderLocation() method. 2. Source code snippet, I've avoided checks as much as possible to make the code simple and clean: int _tmain(int argc, _TCHAR* argv[]) {     LPITEMIDLIST pidlWinRecycleFiles    = NULL;     LPITEMIDLIST pidlItems                = NULL;     IShellFolder *psfWinRecycleFiles    = NULL;     IShellFolder *psfDeskTop            = NULL;     LPENUMIDLIST ppenum                    = NULL;     STRRET strDispName;     TCHAR pszParseName[MAX_PATH];     ULONG celtFetched;     HRESULT hr;     hr

Locking a physical disk on windows....

In this, I've tried to lock a physical disk using a small Windows C++ program. The steps to follow to achieve this are: 1. Get the Physical Drive and volume mapping. Say, the computer is attached with three physical drives, and we're interested to lock the Physical Drive 1 ("\\\\.\\PhysicalDrive1"). Then we need to figure out how many volumes are there on that physical disk. 2. Then Lock that volume one by one using control code FSCTL_LOCK_VOLUME . 3. Do the stuff we'd like to perform on the disk and then unlock each volume using control code  FSCTL_UNLOCK_VOLUME . 4. Close disk and volume handle(s). Few things to remember here. As per Microsoft documentation, a. The NTFS file system treats a locked volume as a dismounted volume. b. Lock volume call will fail with Access Code 5 (Access Denied) if the volume is in use. If we're not sure who's using the volume, just unmount it once. c. The FSCTL_DISMOUNT_VOLUME control code functions similarl

Detect Antivirus installed on Windows 7

In this article, I've tried to show how we can detect antivirus product installed on a Windows system. The code is written is specifically for Windows 7. The basic idea here is to use WMI from C++. Here are the steps: 1. To Setup WMI consumer, set up COM by calling CoInitializeEx . 2. Initialized COM process security by calling CoInitializeSecurity . 3. Obtained the initial locator to WMI by calling CoCreateInstance. 4. Obtained a pointer to IWbemServices for the root\cimv2 namespace on the local computer by calling IWbemLocator::ConnectServer . 5. Set IWbemServices proxy security so the WMI service can impersonate the client by calling CoSetProxyBlanket . 6.Used the IWbemServices pointer to make requests of WMI. This executes a WQL query for the antivirus product installed by calling IWbemServices::ExecQuery . The following WQL query is one of the method arguments. SELECT * FROM AntiVirusProduct The result of this query is stored in an IEnumWbemClassObject poi