C# – How to enumerate all opened windows?

Yesterday I read a blog post at Benina’s blog about a funny trojan. This trojan use TeamViewer to open a back door so that the attacker can access and control the victim’s machine. What I am interested in this trojan is how he gets the ID and Pass from TeamViewer. I took a look at the source code and found out that the author uses a simple SendMessage command to get text from textbox.

I would like to improve this trojan so that it will automatically find out which window belongs to TeamViewer and send command to that window because the author used hard code to find windows of TeamViewer.

public class EnumerateOpenedWindows
{
const int MAXTITLE = 255;

private static List<string> lstTitles;

private delegate bool EnumDelegate(IntPtr hWnd, int lParam);

[DllImport("user32.dll", EntryPoint = "EnumDesktopWindows",
ExactSpelling = false, CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool EnumDesktopWindows(IntPtr hDesktop,
EnumDelegate lpEnumCallbackFunction, IntPtr lParam);

[DllImport("user32.dll", EntryPoint = "GetWindowText",
ExactSpelling = false, CharSet = CharSet.Auto, SetLastError = true)]
private static extern int _GetWindowText(IntPtr hWnd,
StringBuilder lpWindowText, int nMaxCount);

[DllImport("user32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool IsWindowVisible(IntPtr hWnd);

private static bool EnumWindowsProc(IntPtr hWnd, int lParam)
{
string strTitle = GetWindowText(hWnd);
if (strTitle != "" & IsWindowVisible(hWnd)) //
{
lstTitles.Add(strTitle);
}
return true;
}

/// <summary>
/// Return the window title of handle
/// </summary>
/// <param name="hWnd"></param>
/// <returns></returns>
public static string GetWindowText(IntPtr hWnd)
{
StringBuilder strbTitle = new StringBuilder(MAXTITLE);
int nLength = _GetWindowText(hWnd, strbTitle, strbTitle.Capacity + 1);
strbTitle.Length = nLength;
return strbTitle.ToString();
}

/// <summary>
/// Return titles of all visible windows on desktop
/// </summary>
/// <returns>List of titles in type of string</returns>
private static string[] GetDesktopWindowsTitles()
{
lstTitles = new List<string>();
EnumDelegate delEnumfunc = new EnumDelegate(EnumWindowsProc);
bool bSuccessful = EnumDesktopWindows(IntPtr.Zero, delEnumfunc, IntPtr.Zero); //for current desktop

if (bSuccessful)
{
return lstTitles.ToArray();
}
else
{
// Get the last Win32 error code
int nErrorCode = Marshal.GetLastWin32Error();
string strErrMsg = String.Format("EnumDesktopWindows failed with code {0}.", nErrorCode);
throw new Exception(strErrMsg);
}
}

static void Main()
{
string[] strWindowsTitles = GetDesktopWindowsTitles();
foreach (string strTitle in strWindowsTitles)
{
Console.WriteLine(strTitle);
}
Console.ReadLine();
}
}

In the source code above I used EnumDesktopWindows API to list all opened Windows, the GetWindowText API to get title of each window and IsWindowsVisible to filter to only visible windows. There is one thing that I still can not understand is the result which EnumDesktopWindows returns. It returns many strange output which I really can not understand. For example, I am using Yahoo Messenger and in the list of opened windows, I see a title of a window which is the status of my friend in Yahoo Messenger.

I will ask some experts about this problem. If you know please share with me.

Leave a Reply

Your email address will not be published. Required fields are marked *