Oct 162013
 

The crash happens as a result of requesting a non-existent API via GetProcAddress, the API is GetThreadPreferredUILanguages. GetProcAddress returns 0xFFBADD11 (a known issue with windows XP where GetProcAddress returns NON-NULL) which means LDRP_BAD_DLL.

To fix this issue override CWinApp::LoadAppLangResourceDLL and prevent loading of the lang dll or set the WINVER macro to target XP builds so that the code using the non-existent API is not compiled into the application (hope its wrapped in a #define).

Nov 212007
 

Shell32.dll provides an undocumented API that wraps around a call to GetOpenFileName called GetFileNameFromBrowse we’ll have to get the call pointer using GetProcAddress, quite easy to use! ūüėČ Well I can see the documentation in MSDN but can’t find the prototype in any of the¬†header file in my SDK folder, so till then GetProcAddress is our refuge. As per MSDN prototype can be found in shlobj.h…

int _tmain()
{
    // Creates a typedef
    typedef BOOL ( WINAPI *GetFileNameFromBrowse )( HWND hwnd,
                                                    LPWSTR pszFilePath,
                                                    UINT cchFilePath,
                                                    LPCWSTR pszWorkingDir,
                                                    LPCWSTR pszDefExt,
                                                    LPCWSTR pszFilters,
                                                    LPCWSTR szTitle );

    // Path buffer, specifies starting directory and on successful return
    // from open dialog also holds the selected file name
    wchar_t wszPath[MAX_PATH] = L"D:\\";

    // Load shell32 dll
    HMODULE hModule = LoadLibrary( "Shell32.dll" );
    if( !hModule )
    {
       return 1;
    }

    // Get procedure address
    GetFileNameFromBrowse GetFileNameFromBrowsePtr = ( GetFileNameFromBrowse )GetProcAddress( hModule, "GetFileNameFromBrowse" );

    // Show browse dialog
    if( GetFileNameFromBrowsePtr && GetFileNameFromBrowsePtr( 0, wszPath, MAX_PATH, 0, 0, L"*.*", L"Nibu Open" ))
    {
       MessageBoxW( 0, wszPath, L"You selected", MB_OK | MB_ICONINFORMATION );
    }

    // Free loaded library
    FreeLibrary( hModule );

    return 0;

}// End _tmain
Sep 202007
 

Ever seen that “Select Computer” dialog coming up and did you wonder how¬†to have all those computer names without writing much code. There is an undocumented exported api in “ntlanman.dll” called ServerBrowseDialogA0 which is used exactly for this purpose.

int main()
{
// Some funky stuff
¬†¬†¬† HMODULE hMod = LoadLibrary( “Kernel32.dll” );
¬†¬†¬† GetConsoleWindow GCW = (GetConsoleWindow)GetProcAddress( hMod, “GetConsoleWindow” );
    HWND hConsole = GCW();
¬†¬†¬† SetWindowText( hConsole, “Nibu” );

// The real stuff for showing the dialog starts here
¬†¬†¬† HMODULE hModule = LoadLibrary( _T( “ntlanman.dll” ));

    typedef DWORD ( WINAPI *FNNTBrowseDlg )( HWND hwnd,
                                             CHAR *pchBuffer,
                                             DWORD cchBufSize );
    FNNTBrowseDlg lpfn = 0;
    CHAR szT[MAX_PATH + 1] = { 0 };
¬†¬†¬† lpfn = ( FNNTBrowseDlg )GetProcAddress( hModule, “ServerBrowseDialogA0” );

    // Will return zero on success, now show the dialog
    const DWORD dwResult = lpfn( hConsole, szT, MAX_PATH );

// Check result
    if( !dwResult )
    {
      stringstream sStream;
¬†¬†¬†¬†¬† sStream < < "Selected computer name is: " << szT; ¬†¬†¬†¬†¬† MessageBox( hConsole, sStream.str().c_str(), "Computer name", MB_OK | MB_ICONINFORMATION ); ¬†¬†¬† } ¬†¬†¬† else ¬†¬†¬† { ¬†¬†¬†¬†¬† MessageBox( hConsole, "You didn't make any selection", "Computer name", MB_OK | MB_ICONINFORMATION ); ¬†¬†¬† } ¬†¬†¬† FreeLibrary( hModule ); ¬†¬†¬† FreeLibrary( hMod ); return 0; }// End main[/sourcecode] Output: ‚ÄúSelect Computer‚Ä̬†dialog

Computer names are purposely not shown due to security reasons. ūüėČ