{"id":110,"date":"2022-04-01T14:48:48","date_gmt":"2022-04-01T06:48:48","guid":{"rendered":"http:\/\/www.aqwu.net\/wp\/?p=110"},"modified":"2022-04-10T22:00:55","modified_gmt":"2022-04-10T14:00:55","slug":"notepadexec-%e4%bd%bf%e7%94%a8-notepad-exe-%e5%90%af%e5%8a%a8-exe-%e8%80%8c%e6%97%a0%e9%9c%80%e4%bb%a3%e7%a0%81%e6%b3%a8%e5%85%a5","status":"publish","type":"post","link":"https:\/\/www.aqwu.net\/wp\/?p=110","title":{"rendered":"NotepadExec – \u4f7f\u7528 notepad.exe \u542f\u52a8 EXE \u800c\u65e0\u9700\u4ee3\u7801\u6ce8\u5165"},"content":{"rendered":"\n

\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/www.x86matthew.com\/view_post?id=notepadexec<\/p>\n\n\n\n

\u6b64\u4ee3\u7801\u6f14\u793a\u5982\u4f55\u4f7f\u7528\u7a97\u53e3\u6d88\u606f ( SendMessage\u00a0\/\u00a0PostMessage\u00a0)\u00a0\u4ee5\u7f16\u7a0b\u65b9\u5f0f\u4ece notepad.exe \u4e2d\u542f\u52a8\u53e6\u4e00\u4e2a\u53ef\u6267\u884c\u6587\u4ef6\u3002\u6211\u60f3\u4e0d\u51fa\u8fd9\u4e2a\u5de5\u5177\u6709\u4ec0\u4e48\u5b9e\u9645\u7528\u9014\u2014\u2014\u8fd9\u53ea\u662f\u4e00\u4e2a\u6709\u8da3\u7684\u5feb\u901f\u6982\u5ff5\u9a8c\u8bc1\u3002<\/p>\n\n\n\n

\u6b64\u4ee3\u7801\u6f14\u793a\u5982\u4f55\u4f7f\u7528\u7a97\u53e3\u6d88\u606f ( SendMessage \/ PostMessage ) \u4ee5\u7f16\u7a0b\u65b9\u5f0f\u4ece notepad.exe \u4e2d\u542f\u52a8\u53e6\u4e00\u4e2a\u53ef\u6267\u884c\u6587\u4ef6\u3002\u6211\u60f3\u4e0d\u51fa\u8fd9\u4e2a\u5de5\u5177\u6709\u4ec0\u4e48\u5b9e\u9645\u7528\u9014\u2014\u2014\u8fd9\u53ea\u662f\u4e00\u4e2a\u6709\u8da3\u7684\u5feb\u901f\u6982\u5ff5\u9a8c\u8bc1\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u5176\u5de5\u4f5c\u539f\u7406\u5982\u4e0b\uff1a<\/p>\n\n\n\n

1. \u4f7f\u7528CreateProcess\u542f\u52a8\u9690\u85cf\u7684notepad.exe\u8fdb\u7a0b\u30022. \u4f7f\u7528EnumWindows
\u627e\u5230\u65b0\u7684 notepad.exe \u8fdb\u7a0b\u7684\u4e3b\u7a97\u53e3\u3002\u4f7f\u7528GetWindowThreadProcessId\u68c0\u67e5\u7a97\u53e3\u662f\u5426\u7531\u65b0\u7684notepad.exe\u8fdb\u7a0b\u62e5\u6709\u30023. \u4f7f\u7528SendMessage \u4ee5\u7f16\u7a0b\u65b9\u5f0f\u542f\u52a8\u201c\u6253\u5f00\u6587\u4ef6\u201d\u5bf9\u8bdd\u6846\u3002<\/p>\n\n\n\n

4. \u5411\u201c\u6253\u5f00\u6587\u4ef6\u201d\u5bf9\u8bdd\u6846\u53d1\u9001\u5404\u79cd\u6d88\u606f\u4ee5\u5bfc\u822a\u5230\u76ee\u6807\u76ee\u5f55\u5e76\u9009\u62e9 EXE \u6587\u4ef6\u3002\u5c06\u6709\u66f4\u7b80\u6d01\u7684\u65b9\u6cd5\u6765\u8bbf\u95ee\u672a\u8bb0\u5f55\u7684DirectUIHWND\u7a97\u53e3\u7c7b\uff0c\u4f46\u6211\u6ca1\u6709\u82b1\u4efb\u4f55\u65f6\u95f4\u7814\u7a76\u8fd9\u4e2a\u3002
5\u3001\u53d1\u9001WM_CONTEXTMENU\u6d88\u606f\u5230\u201c\u6253\u5f00\u6587\u4ef6\u201d\u5bf9\u8bdd\u6846\uff0c\u6a21\u62dfEXE\u6587\u4ef6\u7684\u53f3\u952e\u5355\u51fb\u3002
6. \u9009\u62e9\u53f3\u952e\u83dc\u5355\u4e2d\u7684\u201c\u6253\u5f00\u201d\u6309\u94ae\u6267\u884c\u7a0b\u5e8f\u3002<\/p>\n\n\n\n

\u4e0a\u8ff0\u6b65\u9aa4\u7684\u7ed3\u679c\u662f\u4ecenotepad.exe\u8fdb\u7a0b\u4e2d\u521b\u5efa\u7684\u5b50\u8fdb\u7a0b\u3002\u8fd9\u662f\u56e0\u4e3a Windows \u4e2d\u7684\u201c\u6253\u5f00\u6587\u4ef6\u201d\u5bf9\u8bdd\u6846\u662f\u5728\u6bcf\u4e2a\u8fdb\u7a0b\u4e2d\u4f7f\u7528 shell API DLL \u5b9e\u73b0\u7684\u2014\u2014\u8fd9\u610f\u5473\u7740\u5b83\u53ef\u4ee5\u7528\u4f5c\u201c\u7f29\u51cf\u201d<\/p>\n\n\n\n

\u6211\u8fd8\u5e94\u8be5\u8865\u5145\u4e00\u70b9\uff0c\u8fd9\u79cd\u65b9\u6cd5\u5e76\u4e0d\u662f\u7279\u522b\u53ef\u9760\u3002\u5b83\u4f9d\u8d56\u4e8e\u4e00\u4e9b\u786c\u7f16\u7801\u7684\u7761\u7720\u8c03\u7528\uff0c\u6574\u4e2a\u4e8b\u60c5\u5f88\u53ef\u80fd\u4f1a\u5728\u672a\u6765\u7684 Windows \u7248\u672c\u4e0a\u4e2d\u65ad\u3002\u5b83\u8fd8\u9700\u8981\u82f1\u6587\u6807\u7b7e\uff0c\u5c3d\u7ba1\u8fd9\u4e9b\u6807\u7b7e\u5f88\u5bb9\u6613\u66f4\u6539\u3002\u8fd9\u4ec5\u5728 Windows 10 \u4e0a\u8fdb\u884c\u4e86\u6d4b\u8bd5\u3002<\/p>\n\n\n\n

\u5b8c\u6574\u4ee3\u7801\u5982\u4e0b\uff1a<\/p>\n\n\n\n

\/\/ NotepadExec.cpp : \u6b64\u6587\u4ef6\u5305\u542b \"main\" \u51fd\u6570\u3002\u7a0b\u5e8f\u6267\u884c\u5c06\u5728\u6b64\u5904\u5f00\u59cb\u5e76\u7ed3\u675f\u3002\n\/\/\n\n\/\/#include <iostream>\n\n#include <stdio.h>\n#include <windows.h>\n\nDWORD dwGlobal_HideWindows = 0;\nDWORD dwGlobal_NotepadPID = 0;\nHWND hGlobal_NotepadWindow = NULL;\nHWND hGlobal_OpenFileWindow = NULL;\nHWND hGlobal_OpenFileEditControl = NULL;\nHWND hGlobal_OpenFileOpenButton = NULL;\nHWND hGlobal_OpenFileListControl = NULL;\nHWND hGlobal_PopupWindow = NULL;\nHANDLE hGlobal_NotepadProcess = NULL;\n\nBOOL CALLBACK FindNotepadWindow(HWND hWnd, LPARAM lParam)\n{\n\tDWORD dwPID = 0;\n\n\t\/\/ check if this window is within the new notepad process\n\tGetWindowThreadProcessId(hWnd, &dwPID);\n\tif (dwPID == dwGlobal_NotepadPID)\n\t{\n\t\tif (GetWindow(hWnd, GW_OWNER) == 0)\n\t\t{\n\t\t\t\/\/ found main window\n\t\t\thGlobal_NotepadWindow = hWnd;\n\t\t\treturn 0;\n\t\t}\n\t}\n\n\treturn 1;\n}\n\nBOOL CALLBACK FindOpenFileWindow(HWND hWnd, LPARAM lParam)\n{\n\tDWORD dwPID = 0;\n\tchar szClassName[512];\n\n\t\/\/ check if this window is within the new notepad process\n\tGetWindowThreadProcessId(hWnd, &dwPID);\n\tif (dwPID == dwGlobal_NotepadPID)\n\t{\n\t\tmemset(szClassName, 0, sizeof(szClassName));\n\t\tGetClassName(hWnd, szClassName, sizeof(szClassName) - 1);\n\t\tif (strcmp(szClassName, \"#32770\") == 0)\n\t\t{\n\t\t\t\/\/ found \"open file\" window\n\t\t\thGlobal_OpenFileWindow = hWnd;\n\t\t\treturn 0;\n\t\t}\n\t}\n\n\treturn 1;\n}\n\nBOOL CALLBACK FindPopupWindow(HWND hWnd, LPARAM lParam)\n{\n\tDWORD dwPID = 0;\n\tchar szClassName[512];\n\n\t\/\/ check if this window is within the new notepad process\n\tGetWindowThreadProcessId(hWnd, &dwPID);\n\tif (dwPID == dwGlobal_NotepadPID)\n\t{\n\t\tmemset(szClassName, 0, sizeof(szClassName));\n\t\tGetClassName(hWnd, szClassName, sizeof(szClassName) - 1);\n\t\tif (strcmp(szClassName, \"#32768\") == 0)\n\t\t{\n\t\t\t\/\/ found context menu\n\t\t\thGlobal_PopupWindow = hWnd;\n\t\t\treturn 0;\n\t\t}\n\t}\n\n\treturn 1;\n}\n\nBOOL CALLBACK FindOpenFileBaseControls(HWND hWnd, LPARAM lParam)\n{\n\tDWORD dwPID = 0;\n\tchar szClassName[512];\n\tchar szButtonText[512];\n\n\t\/\/ check class name\n\tmemset(szClassName, 0, sizeof(szClassName));\n\tGetClassName(hWnd, szClassName, sizeof(szClassName) - 1);\n\tif (strcmp(szClassName, \"Edit\") == 0)\n\t{\n\t\tif (GetParent(GetParent(GetParent(hWnd))) == hGlobal_OpenFileWindow)\n\t\t{\n\t\t\t\/\/ found file name edit control\n\t\t\thGlobal_OpenFileEditControl = hWnd;\n\t\t}\n\t}\n\telse if (strcmp(szClassName, \"Button\") == 0)\n\t{\n\t\tmemset(szButtonText, 0, sizeof(szButtonText));\n\t\tGetWindowText(hWnd, szButtonText, sizeof(szButtonText) - 1);\n\t\tif (strcmp(szButtonText, \"&Open\") == 0)\n\t\t{\n\t\t\t\/\/ found open button\n\t\t\thGlobal_OpenFileOpenButton = hWnd;\n\t\t}\n\t}\n\n\treturn 1;\n}\n\nBOOL CALLBACK FindOpenFileListControl(HWND hWnd, LPARAM lParam)\n{\n\tchar szClassName[512];\n\n\t\/\/ check class name\n\tmemset(szClassName, 0, sizeof(szClassName));\n\tGetClassName(hWnd, szClassName, sizeof(szClassName) - 1);\n\tif (strcmp(szClassName, \"DirectUIHWND\") == 0)\n\t{\n\t\t\/\/ get parent class name\n\t\tmemset(szClassName, 0, sizeof(szClassName));\n\t\tGetClassName(GetParent(hWnd), szClassName, sizeof(szClassName) - 1);\n\t\tif (strcmp(szClassName, \"SHELLDLL_DefView\") == 0)\n\t\t{\n\t\t\t\/\/ found file list control\n\t\t\thGlobal_OpenFileListControl = hWnd;\n\t\t}\n\t}\n\n\treturn 1;\n}\n\nDWORD WINAPI HideOpenFileWindowThread(LPVOID lpArg)\n{\n\tfor (;;)\n\t{\n\t\tSleep(10);\n\n\t\t\/\/ check if we have a valid window handle\n\t\tif (hGlobal_OpenFileWindow != NULL)\n\t\t{\n\t\t\t\/\/ hide window\n\t\t\tShowWindow(hGlobal_OpenFileWindow, SW_HIDE);\n\t\t}\n\t}\n}\n\nDWORD CreateNotepadProcess()\n{\n\tPROCESS_INFORMATION ProcessInfo;\n\tSTARTUPINFO StartupInfo;\n\tchar szCmd[1024];\n\n\t\/\/ initialise startup data\n\tmemset((void*)&StartupInfo, 0, sizeof(StartupInfo));\n\tStartupInfo.cb = sizeof(StartupInfo);\n\n\t\/\/ check if the window should be hidden\n\tif (dwGlobal_HideWindows != 0)\n\t{\n\t\tStartupInfo.dwFlags = STARTF_USESHOWWINDOW;\n\t\tStartupInfo.wShowWindow = SW_HIDE;\n\t\tStartupInfo.wShowWindow = SW_SHOW;\n\t}\n\n\tstrcpy(szCmd, \"notepad.exe\");\n\t\/\/ create notepad process\n\tif (CreateProcess(NULL, szCmd, NULL, NULL, 0, 0, NULL, NULL, &StartupInfo, &ProcessInfo) == 0)\n\t{\n\t\treturn 1;\n\t}\n\n\t\/\/ store process ID and handle\n\tdwGlobal_NotepadPID = ProcessInfo.dwProcessId;\n\thGlobal_NotepadProcess = ProcessInfo.hProcess;\n\n\t\/\/ close thread handle\n\tCloseHandle(ProcessInfo.hThread);\n\n\t\/\/ get main notepad window\n\tfor (;;)\n\t{\n\t\tSleep(10);\n\n\t\t\/\/ search for notepad window\n\t\tEnumWindows(FindNotepadWindow, NULL);\n\t\tif (hGlobal_NotepadWindow != NULL)\n\t\t{\n\t\t\tbreak;\n\t\t}\n\t}\n\n\treturn 0;\n}\n\nDWORD LaunchTargetProcess(char* pDirectoryPath, char* pTargetExe)\n{\n\tHMENU hMenu = NULL;\n\tMENUITEMINFO MenuItemInfo;\n\tchar szMenuItemString[512];\n\tDWORD dwItemCount = 0;\n\tDWORD dwFoundOpenButton = 0;\n\tDWORD dwMenuKeyDownCount = 0;\n\tchar szSendString[512];\n\tDWORD i;\n\n\t\/\/ open \"open file\" dialog\n\tPostMessage(hGlobal_NotepadWindow, WM_COMMAND, 0x10002, 0);\n\n\t\/\/ find \"open file\" window\n\tfor (;;)\n\t{\n\t\tSleep(10);\n\n\t\t\/\/ search for window\n\t\tEnumWindows(FindOpenFileWindow, NULL);\n\t\tif (hGlobal_OpenFileWindow != NULL)\n\t\t{\n\t\t\tbreak;\n\t\t}\n\t}\n\n\t\/\/ find controls within \"open file\" window\n\tfor (;;)\n\t{\n\t\t\/\/ search for controls\n\t\tEnumChildWindows(hGlobal_OpenFileWindow, FindOpenFileBaseControls, NULL);\n\t\tif (hGlobal_OpenFileEditControl != NULL && hGlobal_OpenFileOpenButton != NULL)\n\t\t{\n\t\t\tbreak;\n\t\t}\n\t\tSleep(10);\n\t}\n\n\t\/\/ set directory path\n\tmemset(szSendString, 0, sizeof(szSendString));\n\t_snprintf(szSendString, sizeof(szSendString) - 1, \"%s\\\\\", pDirectoryPath);\n\tSendMessage(hGlobal_OpenFileEditControl, WM_SETTEXT, strlen(szSendString), (long)szSendString);\n\tSendMessage(hGlobal_OpenFileOpenButton, BM_CLICK, 0, 0);\n\n\t\/\/ wait for 1 second\n\tSleep(1000);\n\n\t\/\/ set '*.exe' filter\n\tmemset(szSendString, 0, sizeof(szSendString));\n\t_snprintf(szSendString, sizeof(szSendString) - 1, \"*.exe\");\n\tSendMessage(hGlobal_OpenFileEditControl, WM_SETTEXT, strlen(szSendString), (long)szSendString);\n\tSendMessage(hGlobal_OpenFileOpenButton, BM_CLICK, 0, 0);\n\n\t\/\/ wait for 1 second\n\tSleep(1000);\n\n\t\/\/ find directory listing control within \"open file\" window\n\tfor (;;)\n\t{\n\t\tSleep(10);\n\n\t\t\/\/ find list control\n\t\tEnumChildWindows(hGlobal_OpenFileWindow, FindOpenFileListControl, NULL);\n\t\tif (hGlobal_OpenFileListControl != NULL)\n\t\t{\n\t\t\tbreak;\n\t\t}\n\t}\n\n\t\/\/ send tab character to move focus away from the edit control\n\tPostMessage(hGlobal_OpenFileWindow, WM_KEYDOWN, VK_TAB, 1);\n\tPostMessage(hGlobal_OpenFileWindow, WM_KEYUP, VK_TAB, 0xc0000001);\n\n\t\/\/ wait for 1 second\n\tSleep(1000);\n\n\t\/\/ send target file name characters to the directory listing control to select the target file\n\tfor ( i = 0; i < strlen(pTargetExe); i++)\n\t{\n\t\t\/\/ send current character\n\t\tSendMessage(hGlobal_OpenFileListControl, WM_CHAR, *(char*)(pTargetExe + i), 1);\n\t}\n\n\t\/\/ open the context menu for this file\n\tPostMessage(hGlobal_OpenFileListControl, WM_CONTEXTMENU, (WPARAM)hGlobal_OpenFileListControl, 0xFFFFFFFF);\n\n\t\/\/ find context menu\n\tfor (;;)\n\t{\n\t\tSleep(10);\n\n\t\t\/\/ search for context menu\n\t\tEnumWindows(FindPopupWindow, NULL);\n\t\tif (hGlobal_PopupWindow != NULL)\n\t\t{\n\t\t\tbreak;\n\t\t}\n\t}\n\n\t\/\/ send MN_GETHMENU message\n\thMenu = (HMENU)SendMessage(hGlobal_PopupWindow, 0x01E1, 0, 0);\n\tif (hMenu == NULL)\n\t{\n\t\treturn 1;\n\t}\n\n\t\/\/ find \"Open\" entry within the menu\n\tdwItemCount = GetMenuItemCount(hMenu);\n\tfor (i = 0; i < dwItemCount; i++)\n\t{\n\t\t\/\/ get current menu item info\n\t\tmemset((void*)&MenuItemInfo, 0, sizeof(MenuItemInfo));\n\t\tMenuItemInfo.cbSize = sizeof(MenuItemInfo);\n\t\tMenuItemInfo.fMask = 0x100;\n\t\tGetMenuItemInfo(hMenu, i, 1, &MenuItemInfo);\n\n\t\t\/\/ check if this is a separator item\n\t\tif (MenuItemInfo.fType & MFT_SEPARATOR)\n\t\t{\n\t\t\t\/\/ ignore\n\t\t\tcontinue;\n\t\t}\n\n\t\t\/\/ increase the number of \"key down\" presses\n\t\tdwMenuKeyDownCount++;\n\n\t\t\/\/ check if this is the \"Open\" button\n\t\tmemset(szMenuItemString, 0, sizeof(szMenuItemString));\n\t\tGetMenuString(hMenu, i, szMenuItemString, sizeof(szMenuItemString) - 1, MF_BYPOSITION);\n\t\tif (strcmp(szMenuItemString, \"&Open\") == 0)\n\t\t{\n\t\t\t\/\/ found \"Open\" button\n\t\t\tdwFoundOpenButton = 1;\n\t\t\tbreak;\n\t\t}\n\t}\n\n\t\/\/ ensure the \"Open\" button was found in the context menu\n\tif (dwFoundOpenButton == 0)\n\t{\n\t\treturn 1;\n\t}\n\n\t\/\/ send \"down\" key presses\n\tfor (i = 0; i < dwMenuKeyDownCount; i++)\n\t{\n\t\tPostMessage(hGlobal_PopupWindow, WM_KEYDOWN, VK_DOWN, 0x2A0001);\n\t\tPostMessage(hGlobal_PopupWindow, WM_KEYUP, VK_DOWN, 0xD02A0001);\n\t}\n\n\t\/\/ send \"enter\" key to execute the target exe\n\tPostMessage(hGlobal_PopupWindow, WM_KEYDOWN, VK_RETURN, 0x2A0001);\n\tPostMessage(hGlobal_PopupWindow, WM_KEYUP, VK_RETURN, 0xD02A0001);\n\n\treturn 0;\n}\n\nint main(int argc, char* argv[])\n{\n\tDWORD dwThreadID = 0;\n\tHANDLE hHideOpenFileWindowThread = NULL;\n\tchar szDirectoryPath[512];\n\tchar szTargetExe[512];\n\tchar* pLastSlash = NULL;\n\n\tprintf(\"NotepadExec - www.x86matthew.com\\n\\n\");\n\n\tif (argc != 2)\n\t{\n\t\tprintf(\"%s <full_exe_path>\\n\\n\", argv[0]);\n\t\treturn 1;\n\t}\n\n\t\/\/ split target exe path\n\tmemset(szDirectoryPath, 0, sizeof(szDirectoryPath));\n\tstrncpy(szDirectoryPath, argv[1], sizeof(szDirectoryPath) - 1);\n\n\t\/\/ find last slash\n\tpLastSlash = strrchr(szDirectoryPath, '\\\\');\n\tif (pLastSlash == NULL)\n\t{\n\t\tprintf(\"Invalid exe path\\n\");\n\t\treturn 1;\n\t}\n\n\t\/\/ remove exe name from directory path\n\t*pLastSlash = '\\0';\n\n\t\/\/ store exe name\n\tmemset(szTargetExe, 0, sizeof(szTargetExe));\n\tpLastSlash++;\n\tstrncpy(szTargetExe, pLastSlash, sizeof(szTargetExe) - 1);\n\n\t\/\/ hide windows\n\tdwGlobal_HideWindows = 1;\n\n\tprintf(\"Creating notepad.exe process...\\n\");\n\n\t\/\/ create notepad process\n\tif (CreateNotepadProcess() != 0)\n\t{\n\t\t\/\/ error\n\t\tprintf(\"Failed to create notepad process\\n\");\n\t\treturn 1;\n\t}\n\n\tif (dwGlobal_HideWindows != 0)\n\t{\n\t\t\/\/ create background thread to ensure the \"open file\" window remains hidden.\n\t\t\/\/ this is because the \"open file\" window makes itself visible again when performing certain actions.\n\t\thHideOpenFileWindowThread = CreateThread(NULL, 0, HideOpenFileWindowThread, NULL, 0, &dwThreadID);\n\t\tif (hHideOpenFileWindowThread == NULL)\n\t\t{\n\t\t\t\/\/ error\n\t\t\tprintf(\"Failed to create thread\\n\");\n\n\t\t\tTerminateProcess(hGlobal_NotepadProcess, 0);\n\t\t\treturn 1;\n\t\t}\n\t}\n\n\tprintf(\"Sending window messages to notepad...\\n\");\n\n\t\/\/ launch target process\n\tif (LaunchTargetProcess(szDirectoryPath, szTargetExe) != 0)\n\t{\n\t\t\/\/ error\n\t\tprintf(\"Failed to launch target process\\n\");\n\n\t\tif (dwGlobal_HideWindows != 0)\n\t\t{\n\t\t\tTerminateThread(hHideOpenFileWindowThread, 0);\n\t\t}\n\n\t\tTerminateProcess(hGlobal_NotepadProcess, 0);\n\t\treturn 1;\n\t}\n\n\tprintf(\"Notepad launched %s successfully\\n\", szTargetExe);\n\n\t\/\/ wait for 2 seconds\n\tSleep(2000);\n\n\t\/\/ terminate background thread\n\tif (dwGlobal_HideWindows != 0)\n\t{\n\t\tTerminateThread(hHideOpenFileWindowThread, 0);\n\t}\n\n\t\/\/ terminate notepad process\n\tTerminateProcess(hGlobal_NotepadProcess, 0);\n\n\treturn 0;\n}\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/www.x86matthew.com\/view_post?id=notepadexe […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[45,37,43],"tags":[],"class_list":["post-110","post","type-post","status-publish","format-standard","hentry","category-x86matthew-com","category-samples","category-infoarticle"],"views":1491,"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110"}],"version-history":[{"count":1,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":111,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions\/111"}],"wp:attachment":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}