Ollydebug combined with Pywin32 are great for finding hidden buttons on desktop applications that are invisible but still active. That Python library makes it easy to access and use them. (I haven't done that much research with desktop applications, and I'm almost positive a tool already exists to do these things in a more automated way, but this is one pretty heinous way, mclovin.py...)
import time
import win32con
import win32gui
import win32api
import win32process
import winxpgui
import struct
import pywintypes
mclovin, cmd = win32.api.CreateProcess(
None, #name
cmd,
None, #process attributes
None, #thread attributes
0, #inheritance flag
0, #creation flag SW_NORMAL #invisible, but I can still write to it: 1
win32con.SHOW_MINIMIZED
None, #new environment
None, #current directory
win32process.STARTUPINFO()
)
#brunningonline.net
def getEditText(hwnd):
result = []
bufferlength = struct.pack('i',255)
linecount = win32gui.SendMessage(hwnd, win32con.EM_GETLINECOUNT, 0,0)
linetext = linetext+"".ljust(253)
linelength = win32gui.SendMessage(hwnd, win32con.EM_GETLINECOUNT, line, linetext)
result.append(linetext[:linelength])
return result
def wcallb(hwnd, handle):
if (win32gui.GetClassName(hwnd) == 'Edit'):
handle[win32gui.GetClassName(hwnd)+str(hwnd)] = hwnd
else:
handle[win32gui.GetClassName(hwnd)] = hwnd
try:
win32gui.EnumChildWindows(hwnd, wcallb, handle)
except:
print ('?no hijos?')
return True
handle = {}
while not handle: #loop until we find the window
time.sleep(0.1)
win32gui.EnumThreadWindows(tid, wcallb, handle) #select fro future list of handles, not the top window
print(handle)
#if tabbing worked, I wouldn't need to find instances of components
#mclovin is a valid handle, but keys aren't sent to the window?
#handle['Button'] <-- Output 'Edit' <-- three 'Static' <-- window
'#32770' <-- dialog
#don't trust ordering of the fields, read the label text to determine
#text a:\***.csv
onlyEdits = []
for thehandle in handle.keys():
if "Edit" in thehandle:
onlyEdits.append(handle[thehandle])
try:
for k in onlyEdits:
testPath = getEditText(k)
if 'a:\***.csv' in testPath:
editPath = k
except:
print('couldn't find it)
#delete the current text which is at most 20 chars, replace with my own keystrokes
for c in range(20):
win32api.PostMessage(
editPath,
win32con.WM_KEYDOWN,
win32con.VK_DELETE,
0
)
win32api.PostMessage (
editPath,
win32con.WM_KEYUP,
win32con.VK_DELETE,
0
)
for escritarme in "*****\mclovinUSA.txt":
win32api.SendMessage(
editPath
win32con.WM_CHAR,
ord(escritarme),
0
)
Whew that's an ugly script. Anyway, unrelated, but a major social media network implies a lot of verification steps to the user, but if the user clicks the help link to exit the process early and get to the main site, it's clear that the account has already been created and can be used without further verification.
No comments:
Post a Comment