Restore or Minimize One or All Windows
Spy on the Window Under the Cursor
Decode Passwords

This sample illustrates a number of interesting points. It shows how to: minimize, maximize or restore one or all windows, and how to obtain basic information about the window under the cursor. This information includes the window's handle, caption, text, size, position, class, style, ID of the owning process and thread and similar info about the window's parent.

It is interested to examine the text value retrieved from a window such as a textbox. When a textbox is used as a password field the text is displayed as asterisks or some other character. However, when retrieved via the SendMessage API with the WM_GETTEXT message the actual, unencrypted value is displayed. Thus, your passwords are not very secure.

You can get around this by subclassing the form holding your password textbox. By subclassing you can trap for the WM_GETTEXT message and discard it so SendMessage simply returns and empty string.

By the way, Microsoft has fixed this password loophole in Windows 2000.

Download Source Code

To restore or minimize a window, first you need the window's handle. This sample uses the FindWindow function to look for a window with the caption that you specify. Once the window handle is obtained it is passed to the GetWindowPlacement API which populates a WindowPlacement structure with the window's position and state information.

The state tells if the window is minimized, maximized or restored. Knowing this and the window's handle ShowWindow is called with the appropriate flag to change the window's state to minimized, maximized or restored.

You can minimize or restore all windows by enumerating them and following the above process on each one. But there is an easier way. If you right click on the taskbar it displays a "Minimize All Windows" option. So, I programmatically invoke that option by calling FindWindow with the class name of the taskbar window to retrieve the taskbar's handle. Then I use PostMessage to send a message to either minimize or restore all windows.

To obtain information on the window under the cursor, the GetCursorPos function is called to populate a POINTAPI structure with the x and y coordinates of the cursor. These coordinates are passed to WindowFromPoint which returns the window's handle. Now that we have the handle the GetWindowText, GetClassName, GetWindowThreadProcessId, GetWindowRect, GetWindowLong functions are invoked to get the window's caption, class, process and thread ID, coordinates, and style information.

Using SendMessage to send the WM_GETTEXT message to the window retrieves its text. On password fields, it returns the actual password value and not the encoded value. Hmmm, your passwords are not as secure as you may have expected.

To protect passwords used in your apps you can subclass the form your password textbox is on. The sample Protect Password app WM_Hooks into Window's message stream and watches for the WM_GETTEXT message. When it comes along, it discards it nullifying the SendMessage command.

For a complete discussion of sub-classing, see my Sub-Class your form to trap Window's messages page. That sample uses simpler, more straight forward code to implement the sub-classing.

Download this project. Press F5 to run the program and display the above dialog.

1. Open one or more applications then click this application's icon in the task bar to bring it to the foreground.
   
2. Type the exact (case sensitive) window caption of an app into the top textbox.
   
3. Minimize, maximize or hide the application whose caption you just entered.
   
4. Click the "Display Application" button to restore the application and bring it to the foreground.
   
5. Open a few applications. Click Minimize all Windows.
   
6. Restore this app by clicking its taskbar icon.
   
7. Click Undo Minimize All to restore all just minimized apps.

To spy on a window:

1. Make this app visible, move the cursor over the title bar and various controls on another applications. The window's caption, text, style, process ID,... will be displayed as shown above.
   
2. Here is the interesting part. Bring up a password dialog and enter your password. Move the cursor over the password textbox and note that this sample app displays the unencrypted password.
   
3. Start the Protect Password app. Enter a password and move the cursor over it. The real value is displayed.
   
4. Check the "Discard WM_GETTEXT" checkbox. Now move the cursor over the password and see that no text value is displayed in the Spy application.