方永、南天紫云

道亦有道

dllcall使用说明,教程
作者 vinoca 發布於 2011年08月25日

dllcall使用说明,教程

用这样的标题,主要是为了方便搜索,dllcall的使用其实很简单。

Windows中程序的实现,都是直接间接调用Windows提供的函数来实现它的执行体(通常所见的exe和dll文件),这成千上万函数的集合称之为 Applicatiom Programming Interface (API),中文直译为应用程序编程接口。就位置来说,这些函数在一个个dll中导出,dll和exe都是可执行的,它们最大的不同之处在于dll是被调用的,不单独执行,为调用者提供函数,这些提供系统函数的dll大多位于系统目录的system32的子目录中,当然,调用者不必关心这些DLL在什么地方,Windows的加载器(loader)会找到它们的。

前面说过,许多人在学习语言上耽误了过久,鉴于此,许多脚本出现了,批处理也是历久弥新,某天受rundll32启发,dllcall就写出来了。dllcall并没有打算调用所有的API函数,如果这样dllcall会膨胀成为一个脚本解释器,就成了写dllcall的脚本,而没有批处理什么事了……很明显是重复地造轮子。

微软提供的API说明书是英文的,英文不好可以在网上找一找API大全之类的书,可能是VB,DELPHI或别的什么语言的,这没关系,只看函数说明,用dllcall的格式调用就可以了。

下面就对 ”dllcall ,用批处理做程序“ 这篇文章中提到的示例1做详细说明。

示例1: 对 notepad 操作

@echo off
start “” notepad.exe > nul
dllcall Sleep,1000,kernel32.dll > nul
dllcall FindWindowA,Notepad,,user32.dll >exe1.dllcall
for /f %%i in (exe1.dllcall) do set hPad=%%i
dllcall ShowWindow,%hPad%,3,user32.dll > nul
dllcall FindWindowExA,%hPad%,,EDIT,,user32.dll >>exe1.dllcall
for /f tokens=2 %%i in (exe1.dllcall) do set hEdit=%%i
rem 发送WM_CHAR(0x102) 消息到notepad的子窗体edit ,输入一个字符wParam 参数为字符
dllcall SendMessageA,%hEdit%,0x102,0x4F,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x6E,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x6C,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x79,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x20,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x44,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x45,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x4D,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x4F,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall SendMessageA,%hEdit%,0x102,0x2E,,user32.dll > nul
dllcall Sleep,300,kernel32.dll > nul
dllcall Sleep,1500,kernel32.dll > nul
rem 发送 WM_QUIT(0x12) 消息到notepad的主窗体关闭notpead .
dllcall PostMessageA,%hPad%,0x12,,,user32.dll > nul
del \*.dllcall > nul
pause

start “” notepad.exe > nul 这句用start命令打开一个记事本窗口

dllcall Sleep,1000,kernel32.dll > nul 这句调用封装在kernel32.dll 这个DLL中的函数Sleep,我常用的API说明文档是Win32 Programmer’s Reference 这个win32.hlp文件,这份说明书中对Sleep函数是这样说明的:

The Sleep function suspends the execution of the current thread for a specified interval.

VOID Sleep(

DWORD dwMilliseconds     // sleep time in milliseconds
);

Parameters

dwMilliseconds

Specifies the time, in milliseconds, for which to suspend execution. A value of zero causes the thread to relinquish the remainder of its time slice to any other thread of equal priority that is ready to run. If there are no other threads of equal priority ready to run, the function returns immediately, and the thread continues execution. A value of INFINITE causes an infinite delay.

Return Values

This function does not return a value.

Remarks

A thread can relinquish the remainder of its time slice by calling this function with a sleep time of zero milliseconds.
You have to be careful when using Sleep and DDE. If a thread creates any windows, it must process messages. DDE sends messages to all windows in the system. If you have a thread that uses a wait function with no time-out interval, the system will deadlock. Therefore, if you have a thread that creates windows, use MsgWaitForMultipleObjects or MsgWaitForMultipleObjectsEx, rather than Sleep.

See Also

MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, SleepEx 

即Sleep函数传入一个参数,这个参数是DWORD类型的,为暂停的毫秒数。那么DWORD又是什么类型呢?就是双字,也即一个32位的数,这不必知道,因为函数的参数绝大多数都是一个32位的数,对dllcall来说没有类型的概念,它只知道传入一个32位的数。

dllcall FindWindowA,Notepad,,user32.dll >exe1.dllcall

这句调用了FindWindow函数,后面的A指出了用的FindWindow的ANSI版本,FindWindowW后面的字符就应是UNICODE编码的,一般用FindWindowA就可以了。有的函数后面没有A或W,怎么区别呢?用gie 这个工具。

函数的返回值写到了exe1.dllcall这个文件中。

for /f %%i in (exe1.dllcall) do set hPad=%%i

这句取出上句调用的函数FindWindow的返回值到hPad中

dllcall ShowWindow,%hPad%,3,user32.dll > nul

这句调用ShowWindow函数,API说明中这样描述:

The ShowWindow function sets the specified window’s show state.

BOOL ShowWindow(

HWND hWnd,    // handle of window
int nCmdShow     // show state of window
);

Parameters

hWnd

Identifies the window.

nCmdShow

Specifies how the window is to be shown. This parameter is ignored the first time an application calls ShowWindow, if the program that launched the application provides a STARTUPINFO structure. Otherwise, the first time ShowWindow is called, the value should be the value obtained by the WinMain function in its nCmdShow parameter. In subsequent calls, this parameter can be one of the following values:

Value    Meaning
SW_HIDE    Hides the window and activates another window.
SW_MAXIMIZE    Maximizes the specified window.
SW_MINIMIZE    Minimizes the specified window and activates the next top-level window in the Z order.
SW_RESTORE    Activates and displays the window. If the window is minimized or maximized, Windows restores it to its original size and position. An application should specify this flag when restoring a minimized window.
SW_SHOW    Activates the window and displays it in its current size and position.
SW_SHOWDEFAULT    Sets the show state based on the SW_ flag specified in the STARTUPINFO structure passed to the CreateProcess function by the program that started the application.
SW_SHOWMAXIMIZED    Activates the window and displays it as a maximized window.
SW_SHOWMINIMIZED    Activates the window and displays it as a minimized window.
SW_SHOWMINNOACTIVE    Displays the window as a minimized window. The active window remains active.
SW_SHOWNA    Displays the window in its current state. The active window remains active.
SW_SHOWNOACTIVATE    Displays a window in its most recent size and position. The active window remains active.
SW_SHOWNORMAL    Activates and displays a window. If the window is minimized or maximized, Windows restores it to its original size and position. An application should specify this flag when displaying the window for the first time.

Return Values

If the window was previously visible, the return value is nonzero.
If the window was previously hidden, the return value is zero.
……

nCmdShow这个参数中传入的是像SW_SHOWMAXIMIZED这样的宏定义值,那在哪查看这些宏的真实数字呢?简单的办法是下载masm32包,安装(也即是解压缩,复制,生成LIB),找到include目录,在这个里面有一个windows.inc的文件,在这个文件中搜索SW_RESTORE ,可以看到 SW_SHOWMAXIMIZED equ 3 这句,equ理解为“=”,数字后若有h,像100h这样,与0x100 等价,SW_SHOWMAXIMIZED的值为3,ShowWindow的第二个参数传入3,即将第一个参数所指定的窗口最大化显示。第一个参数是个句柄,句柄即是编号,Windows 用的,它就是一个32位的数。

dllcall SendMessageA,%hEdit%,0x102,0x4F,,user32.dll > nul

SendMessage 是所有API中使用率比较高的一个函数,共传入四个参数,第一个是窗口句柄,第二个是消息,第三第四个参数根据第二个参数决定。0x102是一个真实值,宏名为WM_CHAR ,在API说明文档中可以查到,说明中指明了SendMessage 的第三第四个参数该传入什么样的值。0x4F为一个字符值,即大写的“O”,用0x4F或79这样的数字是因为如果使用“O”,传入的是存储“O”字符的地址而不是“O”字符本身。

不可避免地,用了许多Windows编程方面的术语,其实这些术语也就那么一点点的概念,网上找找就可找到。

文中提到的win32.hlp及windows.inc及dllcall的源码可在这里下载(2009-12-3 update)