3

I am injecting a .NET SpyLib in the target address space using remote invocation. I need to send a message to that window's thread which created that remote process via GetWindowThreadProcessId.

I am working on Windows 7. Unfortunately it returns 0 most of the time. Sometimes it gives the appropriate thread id (after restarting Windows).

Why am I getting this strange behavior with GetWindowThreadProcessId?

Erwin Brandstetter
  • 605,456
  • 145
  • 1,078
  • 1,228
Usman
  • 2,742
  • 4
  • 44
  • 82
  • See the "Community Content" section on this page: http://msdn.microsoft.com/en-us/library/ms633522%28v=vs.85%29.aspx. GetWindowThreadProcessId returns 0, when the HWND parameter is invalid. Also, what is the value of GetLastError() in this case? – Christian.K Apr 29 '11 at 05:02
  • GetLastError() returns 1400 = "invlid hWnd", But agin the oint is how can i determin that it would be an invlid hWnd id? as it is giving right numeric value. – Usman Apr 29 '11 at 19:39

1 Answers1

4

The MSDN documentation for GetWindowThreadProcessId has a Community Content section, in which DDeBen has already answered your questions two years before you even asked your question. :)

GetWindowThreadProcessId returns 0 and the variable pointed to by lpdwProcessId is not modifed if the handle hWnd is not valid. GetLastError() returns 87 (ERROR_INVALID_PARAMETER).

In the future it might help to remember that GetLastError() is often the function you need to go to in the Win32 API when you have failure states you are unsure of. MSDN will generally give a link to it, but even if it does not, it can't hurt to check it out. However, be aware that in managed code GetLastError() requires special treatment or you will end up with bogus results that will only end up confusing you.

Stigma
  • 1,686
  • 13
  • 27
  • Even though it is valid numeric id of that process to which I want to hook, but every time it is different say 1028,1439 .. So to me these are valid identifiers for that process for which GetWndowThreadProcessId is called. My point is how to check that whether it is valid identifier (valid hWnd) as in my case it is giving always some numeric value. – Usman Apr 29 '11 at 19:15
  • The community comment sections are often missing now, like on this page, or at least not where they were usually. Its not on the page now. – Beeeaaar Apr 08 '17 at 05:51