一、读取listView
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;
namespace gouzi
{
public partial class Form3 : Form
{
public Form3()
{
InitializeComponent();
}
public const uint LVM_FIRST = 0x1000;
public const uint LVM_GETITEMCOUNT = LVM_FIRST + 4;
public const uint LVM_GETITEMW = LVM_FIRST + 75;
[DllImport("user32.DLL")]
public static extern int SendMessage(IntPtr hWnd, uint Msg, int wParam, int lParam);
[DllImport("user32.DLL")]
public static extern IntPtr FindWindow(string lpszClass, string lpszWindow);
[DllImport("user32.DLL")]
public static extern IntPtr FindWindowEx(IntPtr hwndParent,IntPtr hwndChildAfter, string lpszClass, string lpszWindow);
//找出某个窗口的创建者(线程或进程),返回创建者的标志符。
[DllImport("user32.dll")]
public static extern uint GetWindowThreadProcessId(IntPtr hWnd,out uint dwProcessId);
public const uint PROCESS_VM_OPERATION = 0x0008;
public const uint PROCESS_VM_READ = 0x0010;
public const uint PROCESS_VM_WRITE = 0x0020;
/// <summary>
/// 用来打开一个已存在的进程对象,并返回进程的句柄
/// </summary>
/// <param name="dwDesiredAccess">渴望得到的访问权限(标志)</param>
/// <param name="bInheritHandle">是否继承句柄 </param>
/// <param name="dwProcessId">进程标示符</param>
/// <returns></returns>
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint dwDesiredAccess,bool bInheritHandle, uint dwProcessId);
public const uint MEM_COMMIT = 0x1000;
public const uint MEM_RELEASE = 0x8000;
public const uint MEM_RESERVE = 0x2000;
public const uint PAGE_READWRITE = 4;
/// <summary>
/// 在指定进程的虚拟空间保留或提交内存区域,除非指定MEM_RESET参数,否则将该内存区域置0。
/// </summary>
/// <param name="hProcess">申请内存所在的进程句柄。</param>
/// <param name="lpAddress">保留页面的内存地址;一般用NULL自动分配 。</param>
/// <param name="dwSize">欲分配的内存大小,字节单位;注意实际分 配的内存大小是页内存大小的整数倍</param>
/// <param name="flAllocationType">枚举值</param>
/// <param name="flProtect">枚举值</param>
/// <returns></returns>
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
/// <summary>
/// 释放申请的虚拟内存空间。
/// </summary>
/// <param name="hProcess">目标进程的句柄。</param>
/// <param name="lpAddress">指向要释放的虚拟内存空间首地址的指针。</param>
/// <param name="dwSize">虚拟内存空间的字节数。 MEM_RELEASE 0x8000, 这种方式 很彻底,完全回收。</param>
/// <param name="dwFreeType">释放类型</param>
/// <returns></returns>
[DllImport("kernel32.dll")]
public static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint dwFreeType);
//关闭一个内核对象
[DllImport("kernel32.dll")]
public static extern bool CloseHandle(IntPtr handle);
/// <summary>
/// 写入某一进程的内存区域
/// </summary>
/// <param name="hProcess">由OpenProcess返回的进程句柄。</param>
/// <param name="lpBaseAddress">要写的内存首地址 </param>
/// <param name="lpBuffer">指向要写的数据的指针。</param>
/// <param name="nSize">要写入的字节数。</param>
/// <param name="vNumberOfBytesRead"></param>
/// <returns></returns>
[DllImport("kernel32.dll")]
public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead);
/// <summary>
/// 读取某一进程的内存区域
/// </summary>
/// <param name="hProcess">由OpenProcess返回的进程句柄。</param>
/// <param name="lpBaseAddress">要写的内存首地址 </param>
/// <param name="lpBuffer">指向要写的数据的指针。</param>
/// <param name="nSize">要写入的字节数。</param>
/// <param name="vNumberOfBytesRead"></param>
/// <returns></returns>
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead);
//消息结构体
public struct LVITEM
{
public int mask;
public int iItem;
public int iSubItem;
public int state;
public int stateMask;
public IntPtr pszText; // string
public int cchTextMax;
public int iImage;
public IntPtr lParam;
public int iIndent;
public int iGroupId;
public int cColumns;
public IntPtr puColumns;
}
public int LVIF_TEXT = 0x0001;
public int ListView_GetItemCount(IntPtr AHandle)
{
return SendMessage(AHandle, LVM_GETITEMCOUNT, 0, 0);
}
private void button1_Click(object sender, EventArgs e)
{
IntPtr vHandle = FindWindow("#32770", "Windows 任务管理器");
vHandle = FindWindowEx(vHandle, IntPtr.Zero, "#32770", "Processes");
vHandle = FindWindowEx(vHandle, IntPtr.Zero, "SysListView32", null);
if (vHandle == IntPtr.Zero) return;
int vItemCount = ListView_GetItemCount(vHandle);
uint vProcessId; //找出某个窗口的创建者(线程或进程)
GetWindowThreadProcessId(vHandle, out vProcessId);
//用来打开一个已存在的进程对象,并返回进程的句柄
IntPtr vProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, false, vProcessId);
IntPtr vPointer = VirtualAllocEx(vProcess,IntPtr.Zero, 4096, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
try
{
for (int i = 0; i < vItemCount; i++)
{
int n = 0;
byte[] vBuffer = new byte[256];
LVITEM[] vItem = new LVITEM[1];
vItem[n].mask = LVIF_TEXT;
vItem[n].iItem = i;
vItem[n].iSubItem =0;
vItem[n].cchTextMax = vBuffer.Length;
vItem[n].pszText = (IntPtr)((int)vPointer + Marshal.SizeOf(typeof(LVITEM)));
uint vNumberOfBytesRead = 0;
WriteProcessMemory(vProcess, vPointer, Marshal.UnsafeAddrOfPinnedArrayElement(vItem, n), Marshal.SizeOf(typeof(LVITEM)), ref vNumberOfBytesRead);
SendMessage(vHandle, LVM_GETITEMW, i, vPointer.ToInt32());
//把内存读数组的结构体中 LVITEM
ReadProcessMemory(vProcess, (IntPtr)((int)vPointer + Marshal.SizeOf(typeof(LVITEM))), Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, n), vBuffer.Length, ref vNumberOfBytesRead);
string vText = Marshal.PtrToStringUni(Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, n));
richTextBox1.Text += vText+"\r";
}
}
finally
{
VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE);
CloseHandle(vProcess);
}
}
}
}
//
二、读取TreeView
/
using System.Runtime.InteropServices;
public const int TV_FIRST = 0x1100;
public const int TVM_GETCOUNT = TV_FIRST + 5;
public const int TVM_GETNEXTITEM = TV_FIRST + 10;
public const int TVM_GETITEMA = TV_FIRST + 12;
public const int TVM_GETITEMW = TV_FIRST + 62;
public const int TVGN_ROOT = 0x0000;
public const int TVGN_NEXT = 0x0001;
public const int TVGN_PREVIOUS = 0x0002;
public const int TVGN_PARENT = 0x0003;
public const int TVGN_CHILD = 0x0004;
public const int TVGN_FIRSTVISIBLE = 0x0005;
public const int TVGN_NEXTVISIBLE = 0x0006;
public const int TVGN_PREVIOUSVISIBLE = 0x0007;
public const int TVGN_DROPHILITE = 0x0008;
public const int TVGN_CARET = 0x0009;
public const int TVGN_LASTVISIBLE = 0x000A;
public const int TVIF_TEXT = 0x0001;
public const int TVIF_IMAGE = 0x0002;
public const int TVIF_PARAM = 0x0004;
public const int TVIF_STATE = 0x0008;
public const int TVIF_HANDLE = 0x0010;
public const int TVIF_SELECTEDIMAGE = 0x0020;
public const int TVIF_CHILDREN = 0x0040;
public const int TVIF_INTEGRAL = 0x0080;
[DllImport("User32.DLL")]
public static extern int SendMessage(IntPtr hWnd,
uint Msg, int wParam, int lParam);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint dwDesiredAccess,
bool bInheritHandle, uint dwProcessId);
public const uint MEM_COMMIT = 0x1000;
public const uint MEM_RELEASE = 0x8000;
public const uint MEM_RESERVE = 0x2000;
public const uint PAGE_READWRITE = 4;
public const uint PROCESS_VM_OPERATION = 0x0008;
public const uint PROCESS_VM_READ = 0x0010;
public const uint PROCESS_VM_WRITE = 0x0020;
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress,
uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress,
uint dwSize, uint dwFreeType);
[DllImport("kernel32.dll")]
public static extern bool CloseHandle(IntPtr handle);
[DllImport("kernel32.dll")]
public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
IntPtr lpBuffer, int nSize, ref uint vNumberOfBytesRead);
[DllImport("user32.dll")]
public static extern uint GetWindowThreadProcessId(IntPtr hWnd,
out uint dwProcessId);
[StructLayout(LayoutKind.Sequential)]
public struct TVITEM
{
public int mask;
public IntPtr hItem;
public int state;
public int stateMask;
public IntPtr pszText;
public int cchTextMax;
public int iImage;
public int iSelectedImage;
public int cChildren;
public IntPtr lParam;
public IntPtr HTreeItem;
}
public static uint TreeView_GetCount(IntPtr hwnd)
{
return (uint)SendMessage(hwnd, TVM_GETCOUNT, 0, 0);
}
public static IntPtr TreeView_GetNextItem(IntPtr hwnd, IntPtr hitem, int code)
{
return (IntPtr)SendMessage(hwnd, TVM_GETNEXTITEM, code, (int)hitem);
}
public static IntPtr TreeView_GetRoot(IntPtr hwnd)
{
return TreeView_GetNextItem(hwnd, IntPtr.Zero, TVGN_ROOT);
}
public static IntPtr TreeView_GetChild(IntPtr hwnd, IntPtr hitem)
{
return TreeView_GetNextItem(hwnd, hitem, TVGN_CHILD);
}
public static IntPtr TreeView_GetNextSibling(IntPtr hwnd, IntPtr hitem)
{
return TreeView_GetNextItem(hwnd, hitem, TVGN_NEXT);
}
public static IntPtr TreeView_GetParent(IntPtr hwnd, IntPtr hitem)
{
return TreeView_GetNextItem(hwnd, hitem, TVGN_PARENT);
}
public static IntPtr TreeNodeGetNext(IntPtr AHandle, IntPtr ATreeItem)
{
if (AHandle == IntPtr.Zero || ATreeItem == IntPtr.Zero) return IntPtr.Zero;
IntPtr result = TreeView_GetChild(AHandle, ATreeItem);
if (result == IntPtr.Zero)
result = TreeView_GetNextSibling(AHandle, ATreeItem);
IntPtr vParentID = ATreeItem;
while (result == IntPtr.Zero && vParentID != IntPtr.Zero)
{
vParentID = TreeView_GetParent(AHandle, vParentID);
result = TreeView_GetNextSibling(AHandle, vParentID);
}
return result;
}
public static bool GetTreeViewText(IntPtr AHandle, List<string> AOutput)
{
if (AOutput == null) return false;
uint vProcessId;
GetWindowThreadProcessId(AHandle, out vProcessId);
IntPtr vProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ |
PROCESS_VM_WRITE, false, vProcessId);
IntPtr vPointer = VirtualAllocEx(vProcess, IntPtr.Zero, 4096,
MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
try
{
uint vItemCount = TreeView_GetCount(AHandle);
IntPtr vTreeItem = TreeView_GetRoot(AHandle);
Console.WriteLine(vItemCount);
for (int i = 0; i < vItemCount; i++)
{
byte[] vBuffer = new byte[256];
TVITEM[] vItem = new TVITEM[1];
vItem[0] = new TVITEM();
vItem[0].mask = TVIF_TEXT;
vItem[0].hItem = vTreeItem;
vItem[0].pszText = (IntPtr)((int)vPointer + Marshal.SizeOf(typeof(TVITEM)));
vItem[0].cchTextMax = vBuffer.Length;
uint vNumberOfBytesRead = 0;
WriteProcessMemory(vProcess, vPointer,
Marshal.UnsafeAddrOfPinnedArrayElement(vItem, 0),
Marshal.SizeOf(typeof(TVITEM)), ref vNumberOfBytesRead);
SendMessage(AHandle, TVM_GETITEMA, 0, (int)vPointer);
ReadProcessMemory(vProcess,
(IntPtr)((int)vPointer + Marshal.SizeOf(typeof(TVITEM))),
Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, 0),
vBuffer.Length, ref vNumberOfBytesRead);
Console.WriteLine(Marshal.PtrToStringAnsi(
Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, 0)));
vTreeItem = TreeNodeGetNext(AHandle, vTreeItem);
}
}
finally
{
VirtualFreeEx(vProcess, vPointer, 0, MEM_RELEASE);
CloseHandle(vProcess);
}
return true;
}
private void button1_Click(object sender, EventArgs e)
{
List<string> vOutput = new List<string>();
GetTreeViewText((IntPtr)xxxx, vOutput); // xxxx替换成相应treeview句柄。获得参考上贴FindWindow()的使用
foreach (string vLine in vOutput)
Console.WriteLine(vLine);
}