Thread: Pass Fake Keystrokes to 3'rd Party Application

I'm still not getting the desired response that I expect to get. For instance I want to try and pass some menu commands to my application to upload a program to a serial controller and I need to access the __file menu and select __Download from there, so i theory I need to pass <ALT>F then D or <ALT>F <ALT>D to the application. I've tried to use the messaging system calls as set out in my code to try and open windows notepad menu but there is no response. I managed to get the handle successfull now but the messages passed has no response, can you please elaborate on the sequence to actually pass the keystrokes to the application now?

Below the code of what I've done so far.

Code:

#include "windows.h"
#include <ansi_c.h>
#include <utility.h>
#include <cvirte.h>


int __stdcall WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
					   LPSTR lpszCmdLine, int nCmdShow)
{
	int ExeHandle;
	HWND WindowHandle;
	LRESULT Result;
	
	if (InitCVIRTE (hInstance, 0, 0) == 0)
		return -1;    /* out of memory */
	//launch my application here
	//system (Notepad.exe WinMSG.txt);
	LaunchExecutableEx ("Notepad.exe WinMSG.txt", LE_SHOWNORMAL, &ExeHandle);
	//get the handle to the application
	WindowHandle = FindWindow(
					  	"Notepad",			//LPCTSTR lpClassName - class name
					  	"WinMSG.txt - Notepad"//LPCTSTR lpWindowName - window name
						);
	//and send a message to the application
	Result = SendMessage(
				  	WindowHandle,	// handle to destination window
				  	WM_KEYDOWN,		// message
				  	VK_MENU,	// first message parameter
				  	1	// second message parameter
					);
	Result = SendMessage(
				  	WindowHandle,	// handle to destination window
				  	WM_CHAR,		// message
				  	'a',	// first message parameter
				  	1	// second message parameter
					);
	
	TerminateExecutable (ExeHandle);
	RetireExecutableHandle (ExeHandle);
	return 0;
}

Code tags added by Hammer

Here's what I suggest: Write a quick program which receives messages, and logs WM_KEYDOWN/WM_KETUP & WM_CHAR messages. Press the keys you want & see what comes through.


I think a key press constitutes a WM_KEYDOWN followed by a WM_KEYUP. I think a WM_CHAR is generated automatically in this. So you could try two different approaches, one where you send it a WM_KEYDOWN(s) followed by WM_KEYUP. Also try sending a single WM_CHAR message.

In the case of WM_CHAR, you will have to correctly specify that the alt key is down in lKeyData, which you don't appear to be doing. Alt key is specified by 29th bit. You seem to be simply setting lKeyData to 1, which is simply setting the 0th bit.

try:

SendMessage(hndl, WM_CHAR, 'A', 0x40000001);

I.e. the 0x40000000 is the 29th bit, plus 1 for a repeat rate.

Still not working.

How would you send a simple command to windows notepad menu, for instance <ctrl> S?

The M$ documentation is hard work, but the necessary info regarding WM key messages is there.

I have done this before, but it was sometime ago and took me a lot of effort to get it working. Unfortunately, I don't have the code with me, otherwise I would post it.

As I suggested, write a quick application which logs WM_KEYDOWN, WM_KEYUP, WM_CHAR and any other message you suspect. Hit some keys and see what is logged. Use this information to decide what you need to send to Notepad. This is exactly what I had to do.

This is what I've been able to learn so far with regard to sending keystrokes to a third part executable application that's launched by my application. In summary I basically get the handle to the application and simply send it a message using that handle and the message format is determined by the output captured using a handy application spy.exe found in the M$ SDK. This message is repeated by my code but nothing happens in the third party application(notepad in this case) when I send the messages from my code. For some reason unknown (and undocumented by M$) it simply does not respond. My guess is that it has to do with the handle of the message sender and I have to assume that it is a handle (00170448) that's in front of spy's output because it's also not described in the M$ documentation. The only difference I can see is the handle/ID being different and the keydown capture handle in the captured sequence is different.

So if anyone can help me to make some progress beyond this point, please let me know, any suggestions or ideas are welcome!

Code:

/*
Captured code capturing keystrokes in Notepad pushing <ctrl>S
00170448	WM_KEYDOWN	00000011	001D0001 
00170448	WM_KEYDOWN	00000053	001F0001 
00170448	WM_CHAR		00000013	001F0001 
00050514	WM_KEYUP	00000053	C01F0001 
00050514	WM_KEYUP	00000011	C01D0001 

result of my program code sending the same keystrokes with messages also captured in spy.
0019044E	WM_KEYDOWN	00000011	001D0001 
0019044E	WM_KEYDOWN	0000004F	00180001 
0019044E	WM_CHAR		0000000F	00180001 
0019044E	WM_KEYUP	0000004F	C0180001 
0019044E	WM_KEYUP	00000011	C01D0001 
*/

My Code

Code:

#include "windows.h"
#include "toolbox.h"
#include <ansi_c.h>
#include <utility.h>
#include <cvirte.h>
 

int __stdcall WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
					   LPSTR lpszCmdLine, int nCmdShow)
{
	int ExeHandle;
	HWND WindowHandle;
	LRESULT Result;
	WPARAM WParam;
	LPARAM LParam;
	
	//launch my application here

	LaunchExecutableEx ("Notepad.exe WinMSG.txt", LE_SHOWNORMAL,&ExeHandle);
	//wiat a while before getting the handle else it return NULL
	Delay(1);
	//get the handle to the application
	WindowHandle = FindWindow(
	                            "Notepad",			//LPCTSTR lpClassName - class name
	                             "WinMSG.txt - Notepad"//LPCTSTR lpWindowName - window name
						);
	//Key sequence captured with Spy.exe - what happens when you hit <ctrl>S in
	//a notepad window and you get the save dialogue
	/*
	00170448	WM_KEYDOWN	00000011	001D0001 
	00170448	WM_KEYDOWN	00000053	001F0001 
	00170448	WM_CHAR		00000013	001F0001 
	00050514	WM_KEYUP	00000053	C01F0001 
	00050514	WM_KEYUP	00000011	C01D0001 
	*/

	//This code produces the exact same results in spy, but no result in notepad
	WParam=0x11;
	LParam=0x1D0001;
	Result = SendMessage(WindowHandle,WM_KEYDOWN,WParam,LParam);
	
	WParam=0x4F;
	LParam=0x180001;
	Result = SendMessage(WindowHandle,WM_KEYDOWN,WParam,LParam);
	
	WParam=0xF;
	LParam=0X180001;
	Result = SendMessage(WindowHandle,WM_CHAR,WParam,LParam);
	
	WParam=0x4F;
	LParam=0xC0180001;
	Result = SendMessage(WindowHandle,WM_KEYUP,WParam,LParam);
	
	WParam=0x11;
	LParam=0xC01D0001;
	Result = SendMessage(WindowHandle,WM_KEYUP,WParam,LParam);
	
	Delay(5);
	TerminateExecutable (ExeHandle);
	RetireExecutableHandle (ExeHandle);
	
	return 0;
}

Check your WindowHandle after FindWindow to see if it NULL. Make sure it is working.

Also remember you are looking for the window caption, which in some applications can change depending upon the name of the document open at the time.

Try calling:

FindWindow(NULL, "Untitled - Notepad');

Mmmm...

I'm obviously stabbing in the dark here, but may be it's the edit control in NotePad you need to send the messages to. See if you can send a message to the parent window (which you have) to make it return it's child which currently has focus (i.e. the edit control). Then send the messages to that.

If nothing seems to work, here are some desperate alternatives:

1. Notepad is a trivial application. You could easily write you own clone (ClonePad) & build in your own method of communicating with it. Instead of launching NotePad, launch your clone & control that.

2. Launch your file in M$ Word. I know that Word has built in methods of control. I believe it uses COM/automation objects, or something. However, I normally steer clear of this kind of stuff, and therefore don't know much about it.

3. Send Notepad a mouse click over the File menu item (i.e. near top/left corner), followed by an 'S' key message. But this is real desperation stakes. Figuring out mouse messages is even harder than WM_KEY messages.

If you get your key messages working, I'd be interested to know what the problem was.

When you send a program a keycode, along with that the information relating to the fact that you are an outside application is passed through the guard of the OS. Thus the solution is not going to be so simple. There are probably undocumented API's for this, as well some code out on the internet that achieves this. But I think you may have to do something like:
-obtain the target windows handle as you have.
-set the focus on that window.
-invoke bios keyboard interrupts to bypass sendmessage.