Win32 API - Part II

Creating the Window

HWND hwnd;

hwnd = CreateWindowEx(
     WS_EX_CLIENTEDGE,
     g_szClassName,
     "The title of my window",
     WS_OVERLAPPEDWINDOW,
     CW_USEDEFAULT, CW_USEDEFAULT, 240, 120,
     NULL, NULL, hInstance, NULL); 

 WS_EX_CLIENTEDGE - extended windows style

g_szClassName - tells the system what kind of window to create. We want to create window from the class we just registered. 

CW_USEDEFAULT, CW_USEDEFAULT, 240, 120, - X, Y co-ordinates and width and height of window

In windows, the windows on your screen are arranged in a heirarchy of parent and child
windows.  When you see a button on a window, the button is the Child and it is contained

within. the window that is it's Parent.

The Message Loop

Pretty much everything that your program does passes through this point of control 

while(GetMessage(&Msg, NULL, 0, 0) > 0)
{
    TranslateMessage(&Msg);
    DispatchMessage(&Msg);
}
return Msg.wParam; 

GetMessage() gets a message from your application's message queue. 

Any time the user moves the mouse, types on the keyboard, clicks on your window's menu, 

or does any number of other things, messages are generated by the system and entered into your 
program's message queue 

By calling GetMessage() you are requesting the next available message to be removed from the queue 

and returned to you for processing.

Window Procedure

This is where all the messages that are sent to our window get processed.

LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
    switch(msg)
    {
        case WM_CLOSE:
            DestroyWindow(hwnd);
        break;
        case WM_DESTROY:
            PostQuitMessage(0);
        break;
        default:
            return DefWindowProc(hwnd, msg, wParam, lParam);
    }
    return 0;
} 

Window procedure is called for each message. HWND parameter is the handle of your window.

HWND will be different for each window depending on which window it is.

WM_CLOSE is sent when the user presses the Close Button, but its good to handle this event, since this 

is the perfect spot to do cleanup checks.

DestroyWindow() the system sends the WM_DESTROY message to the window getting destroyed 

Since we want the program to exit, we call PostQuitMessage()

Win32 API - Part I

This post will have the basics about Win32 API. I am following the tutorials on http://www.winprog.org.

 Make sure you have specified Win32 GUI and not console.

First Example 

#include <windows.h>

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, 
    LPSTR lpCmdLine, int nCmdShow)
{
    MessageBox(NULL, "Goodbye, cruel world!", "Note", MB_OK);
    return 0;
}

WinMain()                         - windows equivalent of Main(). This is where our program starts execution.

HINSTANCE hInstance        - handle to the programs executable module

HINSTANCE hPrevInstance  - Always NULL for Win32 programs

LPSTR lpCmdLine               - Command line arguments as a single string

int nCmdShow                    - An integer value that may be passed to ShowWindow() 

Second Example

#include <windows.h>

const char g_szClassName[] = "myWindowClass";

// Step 4: the Window Procedure
LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
    switch(msg)
    {
        case WM_CLOSE:
            DestroyWindow(hwnd);
        break;
        case WM_DESTROY:
            PostQuitMessage(0);
        break;
        default:
            return DefWindowProc(hwnd, msg, wParam, lParam);
    }
    return 0;
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)
{
    WNDCLASSEX wc;
    HWND hwnd;
    MSG Msg;

    //Step 1: Registering the Window Class
    wc.cbSize        = sizeof(WNDCLASSEX);
    wc.style         = 0;
    wc.lpfnWndProc   = WndProc;
    wc.cbClsExtra    = 0;
    wc.cbWndExtra    = 0;
    wc.hInstance     = hInstance;
    wc.hIcon         = LoadIcon(NULL, IDI_APPLICATION);
    wc.hCursor       = LoadCursor(NULL, IDC_ARROW);
    wc.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
    wc.lpszMenuName  = NULL;
    wc.lpszClassName = g_szClassName;
    wc.hIconSm       = LoadIcon(NULL, IDI_APPLICATION);

    if(!RegisterClassEx(&wc))
    {
        MessageBox(NULL, "Window Registration Failed!", "Error!",
            MB_ICONEXCLAMATION | MB_OK);
        return 0;
    }

    // Step 2: Creating the Window
    hwnd = CreateWindowEx(
        WS_EX_CLIENTEDGE,
        g_szClassName,
        "The title of my window",
        WS_OVERLAPPEDWINDOW,
        CW_USEDEFAULT, CW_USEDEFAULT, 240, 120,
        NULL, NULL, hInstance, NULL);

    if(hwnd == NULL)
    {
        MessageBox(NULL, "Window Creation Failed!", "Error!",
            MB_ICONEXCLAMATION | MB_OK);
        return 0;
    }

    ShowWindow(hwnd, nCmdShow);
    UpdateWindow(hwnd);

    // Step 3: The Message Loop
    while(GetMessage(&Msg, NULL, 0, 0) > 0)
    {
        TranslateMessage(&Msg);
        DispatchMessage(&Msg);
    }
    return Msg.wParam;
}

Window Class - stores information about type of a window, this includes the window procedure which controls the window, small and large icons 

for the window and the background color.

The important points will be explained later, do not try to memorize the above parameters.

Huge Contagion Malware Collection

Contagio has released a huge bunch of malwares as part of their Version 4 April 2011 archive

1) COLLECTION 1 - 240   251 files (70 MB) - Email attachments from targeted attacks

2) COLLECTION 2 - 7 10 files (3 MB) - Zero day files

3) COLLECTION 3 (from Stephan Chenette) - 118 Files (5MB) - Web exploit pdf files +

4) COLLECTION 4 (from Stephan Chenette) - 10,980 Files (243 MB) - Web exploit pdf (I think they all are pdf) files

5) COLLECTION 5 Non-Malicious PDF Collection (from Stephan Chenette) - 6,052 clean files (1.4GB) 

6) COLLECTION 6

 Happy hunting