CN102722403B - Method for taking over Windows desktop - Google Patents
Method for taking over Windows desktop Download PDFInfo
- Publication number
- CN102722403B CN102722403B CN201210172775.8A CN201210172775A CN102722403B CN 102722403 B CN102722403 B CN 102722403B CN 201210172775 A CN201210172775 A CN 201210172775A CN 102722403 B CN102722403 B CN 102722403B
- Authority
- CN
- China
- Prior art keywords
- message
- windows
- explorer
- desktop
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a method for taking over a Windows desktop, which remotely injects a dynamic link library by starting a Windows desktop extension so as to take over the Windows desktop. The method for taking over the Windows desktop advantage that a remote injecting way replaces a traditional hook technology, thereby avoiding the problem that the Windows desktop extension is filtered by other desktop security software in the running process.
Description
[technical field]
The present invention relates to a kind of computer system communication technical field, relate in particular to a kind of windows desktop method of taking over.
[background technology]
Windows desktop, is also explorer, and the program name of its operation is Explorer.exe; In the time that using windows desktop program (as my computer, my document etc.), user produces desktop operated message, this program can be desktop operated message dispatch to explorer, and explorer is processed and ordered about corresponding desktop programs and perform an action this message according to the default inter-process flow process of Windows.Windows desktop extender, carry out exactly Function Extension taking windows desktop program as basis, such as showing on the table self-defining icon layer, allow user to classify to icon, drag etc. operation, also can show on the table 3D scene, can carry out the switching of scene with mouse roller, convergent-divergent etc., and icon original function on desktop retains.
Traditional windows desktop extender, generally to adopt Hook Technique, such as using the SetWindowsHookEx function of Windows, the upper hook of installing of program (being Explorer.exe) at explorer is intercepted and captured this message before resource manager processes message, then need message to be processed to process to some, other the CallNextHookEx function that passes through to call Windows transfers to original treatment scheme of explorer to carry out.
Because windows desktop extender is not to replace windows desktop, but complete compatible windows desktop, and retain its most of original function and treatment scheme, simultaneously, have method that a lot of virus and wooden horse also use this hook some function bindings of oneself to windows desktop, such as carrying out stealing of user cipher etc.
Along with being widely used of some desktop security softwares, the method for this program function of expanding described explorer with hook cannot be suitable for.Because desktop security software can be to using the message that in Hook Technique, each hook transmits to tackle, cause a lot of message can by desktop security software as be wooden horse and virus to filtering out, cause windows desktop extender also cannot be smoothly and the program of explorer carry out alternately.
[summary of the invention]
The technical problem to be solved in the present invention, is to provide a kind of windows desktop method of taking over, and user can use windows desktop extender under not by the interference of desktop security software.
The present invention is achieved in that a kind of windows desktop method of taking over, and the present invention specifically comprises the steps:
After step 10, windows desktop extender start, this program creation one message sink processing module, and by this program, dynamic link library is loaded to the explorer that injects Windows;
Step 20, enter step 30 when Remote create dynamic link library when success; In the time of the failure of Remote create dynamic link library, exit this program and finish;
In step 30, described explorer, comprise a DLL module of being injected by this program; Described DLL module definition one extended operation Message Processing flow process, and extended message treatment scheme is set to the Message Processing flow process of explorer, and preserve the original inter-process flow process of explorer;
In the time that using windows desktop program, user produces desktop operated message; In the time that using the feature operation of windows desktop extender, user produces extended operation message; Explorer is in extended operation Message Processing flow process, and desktop operated message and extended operation message to Windows are processed;
Described extended operation Message Processing flow process is:
When described DLL module receives after desktop operated message, this desktop operated message is processed and performed an action by be allowed corresponding desktop programs by the original built-in function treatment scheme of explorer;
When described DLL module is received after this extended operation message, will in extended operation message, need the message that passes to described message sink processing module to be encrypted formation one encrypting messages, and this encrypting messages is distributed to described message sink processing module;
Described DLL module judges whether this extended operation message comprises the inside story that need to call described inter-process flow process, if needed, this inside story is distributed to explorer;
Step 40, described message sink processing module are received after encrypting messages, and this encrypting messages is decrypted into execution message; This program performs an action according to described execution message; Described explorer receives after inside story, and this explorer is processed and allowed corresponding desktop programs perform an action described inside information according to original inter-process flow process.
Further, described step 10 is further specially:
Described in RegisterClass function by Windows of step 11, this program and CreateWindow function creation, to process mould fast for message sink.
Further, described step 20 is further specially:
Step 21, described program obtain the process ID of described explorer;
Step 22, this program are opened explorer process by described process ID, obtain process handle;
Step 23, this program are distributed after a memory headroom in explorer, and the path of described dynamic link library is write to this memory headroom;
Step 24, this program creation remote thread, be loaded on explorer by described dynamic link library;
Step 25, after described dynamic link library is loaded on explorer and completes, described program discharges this memory headroom.
Further, described step 30 is further specially:
Step 31, described DLL module obtain the forms handle of the SysListView32 of windows desktop;
Step 32, DLL module are utilized described forms handle, by this extended operation Message Processing flow process of SetWindowLongPtr function definition of Windows;
Step 33, described program are by the class name of RegisterClass function registration one this message sink module of Windows; Described program is by the forms name of CreateWindow function creation one this message sink module of Windows; After described message sink processing module creates, Windows gives this message sink processing module one first handle;
Described DLL module, by the FindWindowEx function of Windows, utilizes described class name and forms name to find out described the first handle;
Step 34, described DLL module are offset conversion process by extended operation message and form an encrypting messages; Described DLL module by the PostMessage function of Windows, finds encrypting messages described message sink processing module according to described the first handle, and this encrypting messages is distributed to described message sink processing module.
Tool of the present invention has the following advantages: method is simple, method by described program Remote create dynamic link library is taken over windows desktop, solve by the technology of Remote create the problem that in traditional Hook Technique, message can be tackled and filter by desktop security software, allow can be smoothly right the moving of windows desktop extender on windows desktop.
[brief description of the drawings]
The present invention is further illustrated in conjunction with the embodiments with reference to the accompanying drawings.
Fig. 1 is a kind of flowchart of taking over windows desktop method of the present invention.
To be that the present invention is a kind of take over the flowchart that in windows desktop method, DLL module is carried out windows desktop adapter to Fig. 2.
[embodiment]
Refer to described in Fig. 1-2, a kind of windows desktop method of taking over of the present invention, comprises the steps:
After step 10, windows desktop extender start, this program creation one message sink processing module, and by this program, dynamic link library is loaded to the explorer that injects Windows;
Step 20, enter step 30 when Remote create dynamic link library when success; In the time of the failure of Remote create dynamic link library, exit this program and finish;
In step 30, described explorer, comprise a DLL module of being injected by this program; Described DLL module definition one extended operation Message Processing flow process, and extended message treatment scheme is set to the Message Processing flow process of explorer, and preserve the original inter-process flow process of explorer;
In the time that using windows desktop program, user produces desktop operated message; In the time that using the feature operation of windows desktop extender, user produces extended operation message; Explorer is in extended operation Message Processing flow process, and desktop operated message and extended operation message to Windows are processed;
Described extended operation Message Processing flow process is (seeing Fig. 2):
When described DLL module receives after desktop operated message, this desktop operated message is processed and performed an action by be allowed corresponding desktop programs by the original built-in function treatment scheme of explorer;
When described DLL module is received after this extended operation message, will in this extended operation message, need the part message that passes to described message acceptance processing module to be encrypted formation one encrypting messages, and this encrypting messages is distributed to described message sink processing module;
Described DLL module judges whether this extended operation message comprises the inside story that need to call described inter-process flow process, if needed, this inside story is distributed to explorer;
Step 40, described message sink processing module are received after encrypting messages, and this encrypting messages is decrypted into execution message; This program performs an action according to described execution message; Described explorer receives after inside story, and this explorer is processed and allowed corresponding desktop programs perform an action described inside information according to original inter-process flow process.
By the method for Remote create dynamic link library, avoid the problem that traditional hook is filtered by the interception of desktop security software in the time that message is transmitted, realize the desktop of Windows and take over, the extender (as shown 3D scene, carry out scene switching etc. with mouse roller at desktop) of desktop can under do not filtered by desktop security software and interception etc. disturbed, be moved.
Described step 10 is further specially:
Described in RegisterClass function by Windows of step 11, this program and CreateWindow function creation, to process mould fast for message sink.
Described step 20 is further specially:
Step 21, described program obtain the process ID of described explorer;
Step 22, this program are opened explorer process by described process ID, obtain process handle;
Step 23, this program are distributed after a memory headroom in explorer, and the path of described dynamic link library is write to this memory headroom;
Step 24, this program creation remote thread, be loaded on explorer by described dynamic link library;
Step 25, after described dynamic link library is loaded on explorer and completes, described program discharges this memory headroom.
Described step 30 is further specially:
Step 31, described DLL module obtain the forms handle of the SysListView32 of windows desktop;
Step 32, DLL module are utilized described forms handle, by this extended operation Message Processing flow process of SetWindowLongPtr function definition of Windows;
Step 33, described program are by the class name of RegisterClass function registration one this message sink module of Windows; Described program is by the forms name of CreateWindow function creation one this message sink module of Windows; After described message sink processing module creates, Windows gives this message sink processing module one first handle;
Described DLL module, by the FindWindowEx function of Windows, utilizes described class name and forms name to find out described the first handle;
Step 34, described DLL module are offset conversion process by extended operation message and form an encrypting messages; Described DLL module by the PostMessage function of Windows, finds encrypting messages described message sink processing module according to described the first handle, and this encrypting messages is distributed to described message sink processing module.
Concrete operations flow process of the present invention is as follows:
1.Windows desktop extender creates message sink processing module:
After 1-1. program starts, first define a forms process (being extended operation Message Processing flow process) that is used for receipt message, define a forms process (as MyWndProc) by the WNDPROC call back function type of Windows.
1-2. is by a self-defining class of RegisterClass function registration (as MyClassColor5201) of Windows, and it is the forms title (as MyWndProc) previously defining that its forms process is set simultaneously.
Then 1-3. is used for the window of receipt message with these forms of CreateWindow function creation of Windows, and this window name is called self-defining title (as MyClassColor5201), and the handle of parent window is hShellDefView; So just can receive encrypting messages that DLL module distributes.
1-4. is in the time that message sink processing module receives the encrypting messages that DLL module distributes, and this message sink processing module is decrypted described encrypting messages according to the method for 4-2; After described encrypting messages deciphering, form and carry out message, described message sink processing module is processed this execution message, complete the operational motion (as shown on the table 3D scene, can carrying out the switching of scene, convergent-divergent etc. by mouse roller) of described windows desktop extender.
2.Windows desktop extender loads dynamic link library the explorer that injects Windows:
2-1. obtains the process ID of explorer:
2-1-1. obtains the handle (being hProgram) of shell Program Manager by the FindWindowEx function of Windows.
2-1-2. obtains the handle (being hShellDefView) of the SHELLDLL_DefView subwindow of shell Program Manager.
2-1-3. obtains desktop handle (being hDesktopFolderView) by the FindWindowEx function of Windows.
2-1-4. obtains the process ID (being nDesktopProcessId) of explorer by the GetWindowThreadProcessId function of Windows.
2-2. opens explorer process by the process ID of explorer and obtains process handle:
2-2-1. uses the OpenProcess function of Windows to obtain the process handle of explorer.
2-3. after long-range storage allocation, writes the dynamic link library file path that will inject on explorer:
2-3-1. applies for memory headroom by the VirtualAllocEx function of Windows on explorer, and space size is the required space size of dynamic link library file complete trails that will inject.
2-3-2. is written in dynamic link library file complete trails in the space described in 2-3-1 by the WriteProcessMemory function of Windows.
2-4. creates remote thread and loads the dynamic link library of specifying above:
2-4-1. carries out the establishment of remote thread by the CreateRemoteThread function of Windows, and call LoadLibrary function and load described dynamic link library, if successfully move described DLL module in explorer, if failure is exited this program and finishes.
2-5. wait dynamic link library has loaded and has returned, and releasing memory space completes dynamic link library and injects:
2-5-1. uses the WaitForSingleObject function of Windows to wait for after remote thread creates loaded and returns.
2-5-2. uses the CloseHandle function of Windows to be closed in the process handle of opening in 2-2-1.
2-5-3. uses the VirtualFreeEx function of Windows to be released in the memory headroom described in 2-3-1.
The Window message process of 3.DLL module is taken over and message encryption forwards:
3-1., in the time of DLL module initialization, uses the technology of 2-1, obtains the handle of SHELLDLL_DefView window.
Self-defining forms process of 3-2.DLL module definition (being extended operation Message Processing flow process), defines a forms process title (as NewProgramProc) by the WNDPROC call back function type of Windows.
3-3. utilizes the handle of getting in 3-1, by the SetWindowLongPtr function of Windows, the forms process that explorer is set is self-defining forms process (being NewProgramProc), preserve its original forms process of returning (being the desktop operated of explorer to former Windows, the operational processes flow process of non-extender) pointer simultaneously.
3-4. obtains the forms handle (being hNewDesktopHandle) of the desktop extender receipt message creating in 1-3 with the FindWindowEx function of Windows.
3-5. is inner in self-defining forms process (being NewProgramProc), use the extended operation message (being the parameter m sg in self-defined forms process NewProgramProc) that the feature operation of windows desktop extender produces to process to user, contents processing depends on what function is program want to provide, simultaneously extended operation message is encrypted to formation encrypting messages by the method for 4-1, then encrypting messages is distributed in the message sink processing module of windows desktop extender and go by the PostMessage function of Windows.The inter-process flow process of the original explorer of CallWindowProc function call of Windows for other non-encrypted message (being the message producing under the operation of user's non-extender in use windows desktop), completes the adapter of message flow.
4. the encryption and decryption of extended operation message:
4-1. extended operation message encryption: extended message is offset to conversion process (as the ID predefine constant value of extended message is all added to WM_USER adds X, wherein WM_USER is the initial value of the user self-defined message of Windows definition, and X is the round values of a nonnegative number) formation encrypting messages.
4-2. extended operation decrypt messages: encrypting messages is entered to anti-line displacement conversion process (deduct X as the ID predefine constant value of encrypting messages is all deducted to WM_USER, wherein X is the round values of a nonnegative number again) and form execution message.
In summary, a kind of windows desktop method of taking over of the present invention is injected explorer by the mode of Remote create dynamic link library by DLL module, avoid desktop security software by the technology of Remote create and the message in traditional Hook Technique is tackled to the problem of filtering, realize and effectively take over windows desktop, allow Windows extender can on the desktop of Windows, carry out smoothly application.
Although more than described the specific embodiment of the present invention; but being familiar with those skilled in the art is to be understood that; our described specific embodiment is illustrative; instead of for the restriction to scope of the present invention; those of ordinary skill in the art are in equivalent modification and the variation done according to spirit of the present invention, all should be encompassed in the scope that claim of the present invention protects.
Claims (4)
1. take over a windows desktop method, it is characterized in that: comprise the steps:
After step 10, windows desktop extender start, this program creation one message sink processing module, and by this program, dynamic link library is loaded to the explorer that injects Windows;
Step 20, enter step 30 when Remote create dynamic link library when success; In the time of the failure of Remote create dynamic link library, exit this program and finish;
In step 30, described explorer, comprise a DLL module of being injected by this program; Described DLL module definition one extended operation Message Processing flow process, and extended message treatment scheme is set to the Message Processing flow process of explorer, and preserve the original inter-process flow process of explorer;
In the time that using windows desktop program, user produces desktop operated message; In the time that using the feature operation of windows desktop extender, user produces extended operation message; Explorer is in extended operation Message Processing flow process, and desktop operated message and extended operation message to Windows are processed;
Described extended operation Message Processing flow process is:
When described DLL module receives after desktop operated message, this desktop operated message is processed and performed an action by be allowed corresponding desktop programs by the original built-in function treatment scheme of explorer;
When described DLL module is received after this extended operation message, will in extended operation message, need the message that passes to described message sink processing module to be encrypted formation one encrypting messages, and this encrypting messages is distributed to described message sink processing module;
Described DLL module judges whether this extended operation message comprises the inside story that need to call described inter-process flow process, if needed, this inside story is distributed to explorer;
Step 40, described message sink processing module are received after encrypting messages, and this encrypting messages is decrypted into execution message; This program performs an action according to described execution message; Described explorer receives after inside story, and this explorer is processed and allowed corresponding desktop programs perform an action described inside information according to original inter-process flow process.
2. a kind of windows desktop method of taking over according to claim 1, is characterized in that: described step 10 is further specially:
Described in RegisterClass function by Windows of step 11, this program and CreateWindow function creation, to process mould fast for message sink.
3. a kind of windows desktop method of taking over according to claim 1, is characterized in that: described step 20 is further specially:
Step 21, described program obtain the process ID of described explorer;
Step 22, this program are opened explorer process by described process ID, obtain process handle;
Step 23, this program are distributed after a memory headroom in explorer, and the path of described dynamic link library is write to this memory headroom;
Step 24, this program creation remote thread, be loaded on explorer by described dynamic link library;
Step 25, after described dynamic link library is loaded on explorer and completes, described program discharges this memory headroom.
4. a kind of windows desktop method of taking over according to claim 1, is characterized in that: described step 30 is further specially:
Step 31, described DLL module obtain the forms handle of the SysListView32 of windows desktop;
Step 32, DLL module are utilized described forms handle, by this extended operation Message Processing flow process of SetWindowLongPtr function definition of Windows;
Step 33, described program are by the class name of RegisterClass function registration one this message sink module of Windows; Described program is by the forms name of CreateWindow function creation one this message sink module of Windows; After described message sink processing module creates, Windows gives this message sink processing module one first handle;
Described DLL module, by the FindWindowEx function of Windows, utilizes described class name and forms name to find out described the first handle;
Step 34, described DLL module are offset conversion process by extended operation message and form an encrypting messages; Described DLL module by the PostMessage function of Windows, finds encrypting messages described message sink processing module according to described the first handle, and this encrypting messages is distributed to described message sink processing module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210172775.8A CN102722403B (en) | 2012-05-30 | 2012-05-30 | Method for taking over Windows desktop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210172775.8A CN102722403B (en) | 2012-05-30 | 2012-05-30 | Method for taking over Windows desktop |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102722403A CN102722403A (en) | 2012-10-10 |
| CN102722403B true CN102722403B (en) | 2014-10-29 |
Family
ID=46948182
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210172775.8A Active CN102722403B (en) | 2012-05-30 | 2012-05-30 | Method for taking over Windows desktop |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102722403B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103914321B (en) * | 2013-01-05 | 2018-11-06 | 腾讯科技(深圳)有限公司 | A kind of method and mobile terminal of the message handling ability of calling system |
| CN106844061B (en) * | 2015-12-03 | 2020-02-14 | 腾讯科技(深圳)有限公司 | Shared resource processing method and device |
| CN106815023B (en) * | 2017-01-09 | 2020-05-05 | 山东华软金盾软件股份有限公司 | Method for taking over windows system start menu |
| CN110162249A (en) * | 2019-04-23 | 2019-08-23 | 北京小米移动软件有限公司 | A kind of control application program image target method and device, equipment and storage medium |
| CN114610405B (en) * | 2022-03-03 | 2024-03-29 | 深圳盛显科技有限公司 | Multi-application screen capturing and network code output method, equipment, medium and product |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6188995B1 (en) * | 1997-07-28 | 2001-02-13 | Apple Computer, Inc. | Method and apparatus for enforcing software licenses |
| CN101110700A (en) * | 2007-06-14 | 2008-01-23 | 上海众恒信息产业有限公司 | Explorer in resource management platform |
| CN101908119A (en) * | 2010-08-12 | 2010-12-08 | 浙江中控软件技术有限公司 | Method and device for processing dynamic link library (DLL) file |
-
2012
- 2012-05-30 CN CN201210172775.8A patent/CN102722403B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6188995B1 (en) * | 1997-07-28 | 2001-02-13 | Apple Computer, Inc. | Method and apparatus for enforcing software licenses |
| CN101110700A (en) * | 2007-06-14 | 2008-01-23 | 上海众恒信息产业有限公司 | Explorer in resource management platform |
| CN101908119A (en) * | 2010-08-12 | 2010-12-08 | 浙江中控软件技术有限公司 | Method and device for processing dynamic link library (DLL) file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102722403A (en) | 2012-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102722403B (en) | Method for taking over Windows desktop | |
| CN102043932B (en) | Method for preventing Java program from being decompiled | |
| CN103530118B (en) | Method and device for loading user-defined DLL into target progress | |
| CN107291456B (en) | Multi-screen display control method and system | |
| Pereira et al. | BigActors: a model for structure-aware computation | |
| US20140096230A1 (en) | Method and system for sharing vpn connections between applications | |
| CN103530898B (en) | A kind of animation processing method and system based on 3D real-time renderings | |
| WO2016070847A1 (en) | Method for performing synchronization control through external device and apparatus thereof | |
| CN109766199A (en) | Node communication method and device in a kind of robot operating system | |
| CN103488954A (en) | File encryption system | |
| CN104407865B (en) | The display methods and device of window | |
| CN103796058A (en) | Method for achieving control over Android smart television based on virtual input equipment | |
| CN103116715A (en) | API (application programming interface) delay import protection method for executable files of Windows platform | |
| CN103729176B (en) | Application program integration method and device | |
| TW201826102A (en) | Execution of multiple applications on a device | |
| CN101872317B (en) | VxWorks multitask synchronization and communication method | |
| CN107818588A (en) | The apparatus and method that android system calls Qt drawing based on JNI multithreadings | |
| CN104021352A (en) | Method and system for isolating applications through data | |
| Alizadeh et al. | A brief review of mobile cloud computing opportunities | |
| Ricci et al. | Concurrent object-oriented programming with agent-oriented abstractions: The ALOO approach | |
| EP1151396A1 (en) | A method of processing digital material | |
| CN108763401A (en) | A kind of reading/writing method and equipment of file | |
| CN106325657A (en) | Screen projection display control method and device and mobile terminal | |
| JP2016522489A (en) | Data processing system security apparatus and security method | |
| WO2019136840A1 (en) | Bullet screen posting time control method and system, and storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: FUJIAN HUAYU EDUCATION TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: FUJIAN TIANQING DIGITAL CO., LTD. Effective date: 20150625 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150625 Address after: Hunan Town, Fujian city of Changle province Dahe village 350000 Patentee after: Fujian Hua Yu Education Technology Co., Ltd. Address before: 350000 No. 8, Xing FA Road, Fuzhou Development Zone, Fuzhou, Fujian Patentee before: Fujian TQ Digital Co.,Ltd. |