1

I have some code like this:

TBBUTTONINFO mtbbi;
HWND hwnd;
HANDLE hProc;
DWORD dwProcessID;
void* lpData;

.....

GetWindowThreadProcessId(hwnd, &dwProcessID);
hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, dwProcessID);
lpData = VirtualAllocEx(hProc , 0, sizeof(TBBUTTONINFO), MEM_COMMIT, PAGE_READWRITE);
memset(&mtbbi,0,sizeof(mtbbi));
mtbbi.cbSize=sizeof(TBBUTTONINFO);
mtbbi.dwMask=TBIF_BYINDEX|TBIF_LPARAM;  
WriteProcessMemory(hProc,lpData,&mtbbi,sizeof(TBBUTTONINFO),&dwBytesRead);
SendMessage(hwnd, TB_GETBUTTONINFO, 0, (LPARAM)lpData);
ReadProcessMemory(hProc, lpData, &mtbbi, sizeof(TBBUTTONINFO), &dwBytesRead);

where hwnd - is a toolbar handle. This handle is correct, other messages(like TB_BUTTONCOUNT or TB_GETBUTTON) work fine. So, this code is working correctly under Windows XP, but when I try to execute it under Windows 7 x64 SendMessage returns -1, which means an error. I tried to use GETBUTTONINFOA instead of GETBUTTONINFO, but result is the same.

What am I doing wrong?

P̲̳x͓L̳
  • 3,615
  • 3
  • 29
  • 37
Ryzhehvost
  • 395
  • 1
  • 9
  • 1
    When in Rome, act like a Roman. If that program you are hacking is running elevated then you have to run elevated as well. If it is 64-bit process then you have to be a 64-bit process as well. Don't hack the taskbar, that's an ungreek thing to do. – Hans Passant Mar 20 '14 at 09:58
  • On the face of it: wrong struct size, wrong hwnd, wrong button index. Maybe you should do a complete repro case including a message that works. I'm sure someone will debug it. – david.pfx Mar 20 '14 at 10:57

2 Answers2

3

Solved it. Problem was that TBBUTTONINFO structure contains pointers, which take double size in 64-bit processes. I made my own structure, replacing pointers with int64, and with this structure SendMessage work as expected. Thanks to everyone for help.

Ryzhehvost
  • 395
  • 1
  • 9
1

Starting with Windows Vista the User Interface Privilege Isolation provides restrictions to the system that prevents lower-privilege applications from sending window messages or installing hooks in higher-privilege processes. However, higher-privilege applications are still permitted to send window messages to lower-privilege processes. These restrictions are implemented throw SendMessage and other message sending functions.

I'm not sure whether this is the cause for your problem, because in general, read-only message are not blocked even from lower-privilege processes. Your TB_GETBUTTONINFO seem to be such a message, same for TB_BUTTONCOUNT and TB_GETBUTTON. However, you should investigate this.

See Windows Integrity Mechanism Design for more information.

Marius Bancila
  • 16,053
  • 9
  • 49
  • 91