// 首先得到输入框的句柄。通过spy++这类工具分析,聊天窗体的类名为“#32770”
// 但当前系统里不只一个类名为“#32770”的窗体,这就需要全体遍历一次。
// 类名为“#32770”标题含“聊天”基本能确定。为保险起见还判断一下所在进程是否为“qq.exe”
uses PsAPI, RichEdit;
function Process_ReadRichEditText(AHandle: THandle): WideString;
var
vGetTextEx: GETTEXTEX;
vGetTextLengthEx: GETTEXTLENGTHEX;
L: Integer;
vProcessId: DWORD;
vProcess: THandle;
vPointer: Pointer;
vNumberOfBytesRead: Cardinal;
begin
Result := '';
if not IsWindow(AHandle) then Exit;
GetWindowThreadProcessId(AHandle, @vProcessId);
vProcess := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ or
PROCESS_VM_WRITE, False, vProcessId);
try
vPointer := VirtualAllocEx(vProcess, nil, 4096, MEM_RESERVE or MEM_COMMIT,
PAGE_READWRITE);
vGetTextLengthEx.flags := GTL_DEFAULT;
vGetTextLengthEx.codepage := 1200; // Unicode
WriteProcessMemory(vProcess, vPointer, @vGetTextLengthEx,
SizeOf(vGetTextLengthEx), vNumberOfBytesRead);
L := SendMessage(AHandle, EM_GETTEXTLENGTHEX, Integer(vPointer), 0);
VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE);
if L <= 0 then Exit;
vPointer := VirtualAllocEx(vProcess, nil, SizeOf(vGetTextEx) + L * 2 + 2,
MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE);
SetLength(Result, L);
vGetTextEx.cb := L * 2 + 2;
vGetTextEx.flags := GT_DEFAULT;
vGetTextEx.codepage := 1200; // Unicode
vGetTextEx.lpDefaultChar := nil;
vGetTextEx.lpUsedDefChar := nil;
WriteProcessMemory(vProcess, vPointer, @vGetTextEx,
SizeOf(vGetTextEx), vNumberOfBytesRead);
SendMessage(AHandle, EM_GETTEXTEX, Integer(vPointer),
Integer(vPointer) + SizeOf(vGetTextEx));
ReadProcessMemory(vProcess, Pointer(Integer(vPointer) + SizeOf(vGetTextEx)),
@Result[1], L * 2, vNumberOfBytesRead);
VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE);
finally
CloseHandle(vProcess);
end;
end; { Process_ReadRichEditText }
function GetProcessName(AProcessID: THandle): string;
var
vBuffer: array[0..MAX_PATH] of Char;
vProcess: THandle;
begin
vProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False,
AProcessID);
try
if GetModuleBaseName(vProcess, 0, vBuffer, SizeOf(vBuffer)) > 0 then
Result := vBuffer
else Result := '';
finally
CloseHandle(vProcess);
end;
end; { GetProcessName }
function EnumChild(hwnd: HWND; lParam: LPARAM): BOOL; stdcall;
var
vBuffer: array[0..255] of Char;
begin
Result := True;
if not IsWindowVisible(hwnd) then Exit; // 不可见
GetClassName(hwnd, vBuffer, SizeOf(vBuffer));
if SameText(vBuffer, 'RichEdit20A') then
begin
if GetWindowLong(hwnd, GWL_STYLE) and ES_READONLY <> ES_READONLY then // 非只读
begin
PInteger(lParam)^ := hwnd;
Result := False;
end;
end;
end; { EnumChild }
function EnumFunc(hwnd: HWND; lParam: LPARAM): BOOL; stdcall;
var
vBuffer: array[0..255] of Char;
vProcessId: THandle;
begin
Result := True;
if not IsWindowVisible(hwnd) then Exit; // 不可见
GetClassName(hwnd, vBuffer, SizeOf(vBuffer));
if SameText(vBuffer, '#32770') then
begin
GetWindowThreadProcessId(hwnd, vProcessId);
if SameText(GetProcessName(vProcessId), 'qq.exe') then
begin
GetWindowText(hwnd, vBuffer, SizeOf(vBuffer));
if Pos('聊天中', vBuffer) > 0 then // 标题中含"聊天中"
begin
EnumChildWindows(hwnd, @EnumChild, lParam);
Result := False;
end;
end;
end;
end; { EnumFunc }
procedure TForm1.Button1Click(Sender: TObject);
var
vHandle: THandle;
begin
vHandle := 0;
EnumWindows(@EnumFunc, Integer(@vHandle));
if vHandle = 0 then Exit;
Memo1.Text := Process_ReadRichEditText(vHandle);
end;
using System.Runtime.InteropServices;[DllImport("User32.DLL")]public static extern int SendMessage(IntPtr hWnd, uint Msg, int wParam, int lParam);public delegate bool WNDENUMPROC(IntPtr hwnd, int lParam);[DllImport("user32.dll")]public static extern int EnumWindows(WNDENUMPROC lpEnumFunc, int lParam);[DllImport("user32.dll")]public static extern int EnumChildWindows(IntPtr hWndParent, WNDENUMPROC lpEnumFunc, int lParam);[DllImport("user32.dll")]public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);[DllImport("user32.dll")]public static extern int GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount);[DllImport("user32.dll")]public static extern bool IsWindow(IntPtr hWnd);[DllImport("user32.dll")]public static extern bool IsWindowVisible(IntPtr hWnd);[DllImport("user32.DLL")]public static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);[DllImport("user32.dll")]public static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint dwProcessId);[DllImport("psapi.dll")]public static extern uint GetModuleBaseName(IntPtr hProcess, IntPtr hModule, StringBuilder lpBaseName, uint nSize);public const uint PROCESS_VM_OPERATION = 0x0008;public const uint PROCESS_VM_READ = 0x0010;public const uint PROCESS_VM_WRITE = 0x0020;public const uint PROCESS_QUERY_INFORMATION = 0x0400;[DllImport("kernel32.dll")]public static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, uint dwProcessId);[DllImport("kernel32.dll")]public static extern bool CloseHandle(IntPtr handle);[DllImport("user32.dll")]public static extern int GetWindowLong(IntPtr hWnd, int nIndex);public const int GWL_STYLE = -16;public const int ES_READONLY = 0x800;public const uint MEM_COMMIT = 0x1000;public const uint MEM_RELEASE = 0x8000;public const uint MEM_RESERVE = 0x2000;public const uint PAGE_READWRITE = 4;[DllImport("kernel32.dll")]public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint dwFreeType);[DllImport("kernel32.dll")]public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead);[DllImport("kernel32.dll")]public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead); private IntPtr richHandle;public string GetProcessName(uint AProcessId)
{
StringBuilder vBuffer = new StringBuilder(256); IntPtr vProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, AProcessId); try
{ if (GetModuleBaseName(vProcess, IntPtr.Zero, vBuffer, (uint)vBuffer.Capacity) > 0) return vBuffer.ToString(); else return string.Empty;
} finally { CloseHandle(vProcess); }
}public bool EnumChild(IntPtr hwnd, int lParam){ if (!IsWindowVisible(hwnd)) return true; // 不可见 StringBuilder vBuffer = new StringBuilder(256); GetClassName(hwnd, vBuffer, vBuffer.Capacity); if (vBuffer.ToString().ToLower() == "richedit20a") { if ((GetWindowLong(hwnd, GWL_STYLE) & ES_READONLY) != ES_READONLY) // 非只读 { richHandle = hwnd; return false; } } return true;}public bool EnumFunc(IntPtr hwnd, int lParam){ if (!IsWindowVisible(hwnd)) return true; // 不可见 StringBuilder vBuffer = new StringBuilder(256); GetClassName(hwnd, vBuffer, vBuffer.Capacity); if (vBuffer.ToString() == "#32770") { uint vProcessId; GetWindowThreadProcessId(hwnd, out vProcessId); if (GetProcessName(vProcessId).ToLower() == "qq.exe") { GetWindowText(hwnd, vBuffer, vBuffer.Capacity); if (vBuffer.ToString().IndexOf("聊天中") >= 0) // 标题中含"聊天中" { EnumChildWindows(hwnd, @EnumChild, lParam); return false; } } } return true;}[StructLayout(LayoutKind.Sequential)]public struct GETTEXTLENGTHEX{ public uint flags; public uint codepage;}[StructLayout(LayoutKind.Sequential)]public struct GETTEXTEX{ public int cb; public int flags; public int codepage; public IntPtr lpDefaultChar; public IntPtr lpUsedDefChar;};public const int GTL_DEFAULT = 0;public const int GT_DEFAULT = 0;public const int WM_USER = 0x0400;public const int EM_GETTEXTEX = WM_USER + 94; public const int EM_GETTEXTLENGTHEX = WM_USER + 95;public string Process_ReadRichEditText(IntPtr AHandle){ if (!IsWindow(AHandle)) return string.Empty; string vReturn = string.Empty; uint vProcessId; GetWindowThreadProcessId(AHandle, out vProcessId); IntPtr vProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, false, vProcessId); try { uint vNumberOfBytesRead = 0; IntPtr vPointer = VirtualAllocEx(vProcess, IntPtr.Zero, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); GETTEXTLENGTHEX vGetTextLengthEx = new GETTEXTLENGTHEX(); vGetTextLengthEx.flags = GTL_DEFAULT; vGetTextLengthEx.codepage = 1200; // Unicode IntPtr vAddress = Marshal.AllocCoTaskMem(Marshal.SizeOf(vGetTextLengthEx)); Marshal.StructureToPtr(vGetTextLengthEx, vAddress, false); WriteProcessMemory(vProcess, vPointer, vAddress, Marshal.SizeOf(vGetTextLengthEx), ref vNumberOfBytesRead); Marshal.FreeCoTaskMem(vAddress); int L = SendMessage(AHandle, EM_GETTEXTLENGTHEX, (int)vPointer, 0); VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE); if (L <= 0) return vReturn; GETTEXTEX vGetTextEx = new GETTEXTEX(); vGetTextEx.cb = L * 2 + 2; vGetTextEx.flags = GT_DEFAULT; vGetTextEx.codepage = 1200; // Unicode vGetTextEx.lpDefaultChar = IntPtr.Zero; vGetTextEx.lpUsedDefChar = IntPtr.Zero; vPointer = VirtualAllocEx(vProcess, IntPtr.Zero, (uint)(Marshal.SizeOf(vGetTextEx) + L * 2 + 2), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); vAddress = Marshal.AllocCoTaskMem(Marshal.SizeOf(vGetTextEx)); Marshal.StructureToPtr(vGetTextEx, vAddress, false); WriteProcessMemory(vProcess, vPointer, vAddress, Marshal.SizeOf(vGetTextEx), ref vNumberOfBytesRead); Marshal.FreeCoTaskMem(vAddress); SendMessage(AHandle, EM_GETTEXTEX, (int)vPointer, (int)vPointer + Marshal.SizeOf(vGetTextEx)); vAddress = Marshal.AllocCoTaskMem(L * 2); ReadProcessMemory(vProcess, (IntPtr)((int)vPointer + Marshal.SizeOf(vGetTextEx)), vAddress, L * 2, ref vNumberOfBytesRead); vReturn = Marshal.PtrToStringUni(vAddress, L * 2); Marshal.FreeCoTaskMem(vAddress); VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE); } finally { CloseHandle(vProcess); } return vReturn;}private void button1_Click(object sender, EventArgs e){ richHandle = IntPtr.Zero; EnumWindows(EnumFunc, 0); if (richHandle == IntPtr.Zero) return; Console.WriteLine(Process_ReadRichEditText(richHandle));}http://blog.csdn.net/zswang/article/details/2009868