如何在其他程序的窗口上创建按钮并使之能响应

实现方法

采用将动态连接库注入到其他进程中的方法来实现。

为了便于选择窗口，我借用了另一个程序"2000下显示带*号"来选择窗口。如果要在98下实现你可用钩子同样实现。程序运行界面如下图：

将动态连接库注入其他进程的代码如下：

 
   

  
    
BOOL WINAPI RT_CTRL_BTN(LPCSTR lpszLibFile, HWND hWnd, DWORD dwID, LPRECT pRtBtn, LPCTSTR szCaptionBtn)

{

	try {

		DWORD dwProcessID;

		GetWindowThreadProcessId(hWnd, &dwProcessID);

		HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |

				PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwProcessID );

		if (!hProcess){

			return FALSE;

		}



		INJECT_DLL InjectInfo;

		InjectDLL_Info(&InjectInfo, lpszLibFile, hWnd, dwID, pRtBtn, szCaptionBtn);



		LPBYTE lpThreadAddr=(LPBYTE)::VirtualAllocEx(hProcess, NULL, MAXINJECTSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);



		LPINJECT_DLL param = (LPINJECT_DLL) VirtualAllocEx( hProcess, 0, sizeof(INJECT_DLL), MEM_COMMIT, PAGE_READWRITE );



		WriteProcessMemory(hProcess, lpThreadAddr,&RemoteControlThread,	MAXINJECTSIZE, 0);

		WriteProcessMemory( hProcess, param, &InjectInfo, sizeof(InjectInfo), 0 );



		DWORD dwThreadId;

		HANDLE hThread = ::CreateRemoteThread(hProcess,NULL,0,

			(unsigned long (__stdcall *)(void *))lpThreadAddr,

			param, 0, &dwThreadId);





		if (!hThread){

			CloseHandle(hProcess);

			VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE );

			VirtualFreeEx( hProcess, param, 0, MEM_RELEASE );

			return FALSE;

		}

		else {

			CloseHandle(hThread);

			CloseHandle(hProcess);

			VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE );

			VirtualFreeEx( hProcess, param, 0, MEM_RELEASE );

		}

	

	}

	catch (...){

		return FALSE;

	}

	return TRUE;

}




 
   

环境：win2000 professional + VC6.0+SP5 + PlatformSDK 2001.8