KaFu

This works on my Win10 machine. #include <GUIConstantsEx.au3> #include <WinApi.au3> #include <WindowsConstants.au3> Global $hDeskWin = _WinGetDesktopHandle() Global $h_Desktop_SysListView32 = HWnd(@extended) Main() Func Main() Local $this = GUICreate("", 400, 400, @DesktopWidth - (400) - 20, 100, $WS_POPUP, $WS_EX_NOACTIVATE + $WS_EX_TRANSPARENT) _WinAPI_SetParent($this, $h_Desktop_SysListView32) Local $iPic = GUICtrlCreatePic("C:\Program Files (x86)\AutoIt3\Examples\GUI\msoobe.jpg", 0, 0, 400, 400) ;GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) WinSetTrans($this, "", 200) _GuiRoundCorners($this, 16, 16) _WinAPI_SetWindowLong($this, $GWL_HWNDPARENT, ControlGetHandle("[CLASS:Progman]", "", "SysListView321")) ;hide in taskbar GUISetState(@SW_SHOWNOACTIVATE, $this) ;_WinAPI_SetWindowPos($this, $HWND_BOTTOM, Default, Default, Default, Default, BitOR($SWP_NOACTIVATE, $SWP_SHOWWINDOW, $SWP_NOMOVE, $SWP_NOSIZE )) ;not worked While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE ExitLoop EndSwitch WEnd GUIDelete($this) EndFunc ;==>Main Func _GuiRoundCorners($h_win, $ixR, $iyR) Local $aPos = WinGetPos($h_win) If @error Then Return 0 Local $iW = $aPos[2] Local $iH = $aPos[3] Local $hRgn = _WinAPI_CreateRoundRectRgn(0, 0, $iW, $iH, $ixR, $iyR) _WinAPI_SetWindowRgn($h_win, $hRgn) EndFunc ;==>_GuiRoundCorners ; http://www.autoitscript.com/forum/topic/119783-desktop-class-workerw/page__view__findpost__p__903081 ; =============================================================================================================================== ; <_WinGetDesktopHandle.au3> ; ; Function to get the Windows' Desktop Handle. ; Since this is no longer a simple '[CLASS:Progman]' on Aero-enabled desktops, this method uses a slightly ; more involved method to find the correct Desktop Handle. ; ; Author: Ascend4nt, credits to Valik for pointing out the Parent->Child relationship: Desktop->'SHELLDLL_DefView' ; =============================================================================================================================== ; Example use: #cs #include <GuiListView.au3> $iTimer = TimerInit() $hDeskWin = _WinGetDesktopHandle() $hListView = HWnd(@extended) ConsoleWrite("Time elapsed:" & TimerDiff($iTimer) & " ms" & @CRLF) $iDeskItems = _GUICtrlListView_GetItemCount($hListView) ConsoleWrite("Handle to desktop: " & $hDeskWin & ", Title: '" & WinGetTitle($hDeskWin) & "', Handle to Listview: " & $hListView & ", # Items:" & $iDeskItems & ", Title: " & WinGetTitle($hListView) & @CRLF) MsgBox(0, "Desktop handle (with ListView) found", "Handle to desktop: " & $hDeskWin & ", Title: '" & WinGetTitle($hDeskWin) & "'," & @CRLF & "Handle to Listview: " & $hListView & @CRLF & "# Desktop Items:" & $iDeskItems) #ce Func _WinGetDesktopHandle() Local $i, $hDeskWin, $hSHELLDLL_DefView, $hListView ; The traditional Windows Classname for the Desktop, not always so on newer O/S's $hDeskWin = WinGetHandle("[CLASS:Progman]") ; Parent->Child relationship: Desktop->SHELLDLL_DefView $hSHELLDLL_DefView = ControlGetHandle($hDeskWin, '', '[CLASS:SHELLDLL_DefView; INSTANCE:1]') ; No luck with finding the Desktop and/or child? If $hDeskWin = '' Or $hSHELLDLL_DefView = '' Then ; Look through a list of WorkerW windows - one will be the Desktop on Windows 7+ O/S's $aWinList = WinList("[CLASS:WorkerW]") For $i = 1 To $aWinList[0][0] $hSHELLDLL_DefView = ControlGetHandle($aWinList[$i][1], '', '[CLASS:SHELLDLL_DefView; INSTANCE:1]') If $hSHELLDLL_DefView <> '' Then $hDeskWin = $aWinList[$i][1] ExitLoop EndIf Next EndIf ; Parent->Child relationship: Desktop->SHELDLL_DefView->SysListView32 $hListView = ControlGetHandle($hSHELLDLL_DefView, '', '[CLASS:SysListView32; INSTANCE:1]') If $hListView = '' Then Return SetError(-1, 0, '') Return SetExtended($hListView, $hDeskWin) EndFunc ;==>_WinGetDesktopHandle

Upsa, that was not about the flicker at all 🙂. For that I learned that input controls do not flicker as labels do, maybe the update of these is slower? #include <GUIConstantsEx.au3> #include <GuiEdit.au3> #include <WindowsConstants.au3> HotKeySet("{ESC}","_Exit") GUICreate("Example") $c_Label = GUICtrlCreateLabel("",10,10,100,20) $c_Input = GUICtrlCreateInput("",10,40,100,20, $ES_READONLY, $WS_EX_TRANSPARENT) GUISetState(@SW_SHOW) While Sleep(10) $iTimer = TimerInit() GUICtrlSetData($c_Label,$iTimer) GUICtrlSetData($c_Input,$iTimer) WEnd Func _Exit() Exit EndFunc

Create a simple GUI like this and let it run. GUICreate("Debugger_Output_GUI", 400, 200) GUICtrlCreateEdit("", 10, 10, 380, 180) GUISetState() While 1 Switch GUIGetMsg() Case -3 ; $GUI_EVENT_CLOSE ExitLoop EndSwitch WEnd In the script to debug add trace lines in SciTE via "Tools > Trace: Add Trace Lines". Search and replace ConsoleWrite('>Error code: ' & @error & @CRLF & @CRLF & '@@ Trace( with ControlSetText('Debugger_Output_GUI', '', 'Edit1', '>Error code: ' & @error & @CRLF & @CRLF & '@@ Trace( in your code and then run it.

Hi Jos, a feature request for SciTE from my side. When I run code in SciTE, all entries under "Tools" except the last 5 are greyed out. Would it be possible to leave those enabled, which do not interfere with the current code execution? Especially for running "AU3Info" I don't know how many times I had to abort the current execution, start AU3Info and then run the code again 🙂, because I forgot to start AU3Info early. Maybe it makes sense to leave some others enabled too, e.g. Open Explorer in Scriptdir, Codewizard and Koda? Best Regards

For x64: There's a conversion error, is the Int datatype hardcoded in the x64 opcode? The best template from the AHK guys for variable parameters in the opcode seems to be in this post: https://www.autohotkey.com/boards/viewtopic.php?p=594011#p594011 Edit: Would it be a quick (and dirty) solution to set both parameters as ptr in the opcode? By default 4-byte in x86 and 8-byte in x64?

This seems to work for two parameters. Are there callbacks with more than two parameters? I guess this hack is limited to two parameters anyhow, because it relies on sendmessage (with only two parameters)? Though the clean-up after the main loop is still messed, but that's for tomorrow. Although I broke it again for x64 🙄 with another hack, that currently works for x86 (without this hack it worked under x64 too). In the CreateTimerQueueTimer call I pass a ptr for $t_Data_Send_to_Callback, which is fed to to callback via $lParam. Under x86 I can read the buffer in the callback, under x64 it currently crashes. #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_UseX64=n #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ; based on ; https://www.autoitscript.com/forum/topic/212917-createtimerqueuetimer/page/2/#findComment-1543584 ; by nine #include <Memory.au3> #include <WindowsConstants.au3> #include <WinAPIError.au3> #include <WinAPIHObj.au3> #include <WinAPISys.au3> Global Const $WT_EXECUTELONGFUNCTION = 0x00000010 ; The callback function can perform a long wait. This flag helps the system to decide if it should create a new thread. Global Const $WT_EXECUTEINTIMERTHREAD = 0x00000020 ; The callback function is invoked by the timer thread itself. This flag should be used only for short tasks or it could affect other timer operations. Global Const $WT_EXECUTEINPERSISTENTTHREAD = 0x00000080 ; The callback function is queued to a thread that never terminates. Local $a_h_CreateTimerQueue = DllCall("kernel32.dll", "handle", "CreateTimerQueue") ConsoleWrite("CreateTimerQueue = " & $a_h_CreateTimerQueue[0] & @CRLF & @CRLF) ConsoleWrite(_WinAPI_GetLastError() & @TAB & _WinAPI_GetLastErrorMessage() & @CRLF & @CRLF) Local $i_TimerQueue_Start_after = 100 Local $i_TimerQueue_Repeat_after = 100 Local $pCallback = _RegisterSyncCallback("_CallBackFunction", "none", "ptr;bool") ; WaitOrTimerCallback callback function > https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms687066(v=vs.85) Func _CallBackFunction($lParam, $TimerOrWaitFired) ConsoleWrite("_CallBackFunction fired - 0 = " & TimerInit() & @CRLF) ConsoleWrite("_CallBackFunction fired - 1 = " & $lParam & @TAB & $TimerOrWaitFired & @CRLF) ConsoleWrite("_CallBackFunction fired - 2 = " & VarGetType($lParam) & @TAB & VarGetType($TimerOrWaitFired) & @CRLF) Local $t_Data_Received = DllStructCreate("wchar[256]", $lParam) ConsoleWrite(DllStructGetData($t_Data_Received, 1) & @CRLF) EndFunc ;==>_CallBackFunction Local $t_Data_Send_to_Callback = DllStructCreate("wchar[256]") DllStructSetData($t_Data_Send_to_Callback, 1, "Update from main @ " & TimerInit()) ; https://msdn.microsoft.com/en-us/library/windows/desktop/ms682485(v=vs.85).aspx Local $a_hCall = DllCall("kernel32.dll", "bool", "CreateTimerQueueTimer", _ "handle*", 0, _ "handle", $a_h_CreateTimerQueue[0], _ "ptr", $pCallback, _ "ptr", DllStructGetPtr($t_Data_Send_to_Callback), _ "dword", $i_TimerQueue_Start_after, _ "dword", $i_TimerQueue_Repeat_after, _ "ulong", $WT_EXECUTEINTIMERTHREAD) Local $phNewTimer = $a_hCall[1] ConsoleWrite("CreateTimerQueueTimer = " & $a_hCall[0] & @TAB & $phNewTimer & @CRLF & @CRLF) ConsoleWrite(_WinAPI_GetLastError() & @TAB & _WinAPI_GetLastErrorMessage() & @CRLF & @CRLF) Local $timer = TimerInit() While Sleep(10) ConsoleWrite("+ " & TimerDiff($timer) & @CRLF) DllStructSetData($t_Data_Send_to_Callback, 1, "Update from main @ " & TimerInit()) If TimerDiff($timer) > 2000 Then ConsoleWrite("! fire Exitloop event" & @CRLF) ExitLoop EndIf WEnd Local $a_hCall = DllCall("kernel32.dll", "bool", "DeleteTimerQueueTimer", _ "handle", $a_h_CreateTimerQueue[0], _ "handle", $phNewTimer, _ "handle", 0) ConsoleWrite("DeleteTimerQueueTimer = " & $a_hCall[0] & @CRLF & @CRLF) If _WinAPI_GetLastError() = 997 Then ; ERROR_IO_PENDING = 997 ConsoleWrite("If there are outstanding callback functions and CompletionEvent is NULL, the function will fail and set the error code to ERROR_IO_PENDING (997). " & @CRLF _ & "This indicates that there are outstanding callback functions. Those callbacks either will execute or are in the middle of executing. " & @CRLF _ & "The timer is cleaned up when the callback function is finished executing." & @CRLF & @CRLF) EndIf ConsoleWrite(_WinAPI_GetLastError() & @TAB & _WinAPI_GetLastErrorMessage() & @CRLF & @CRLF) ConsoleWrite("_WinAPI_CloseHandle($phNewTimer) = " & _WinAPI_CloseHandle($phNewTimer) & @CRLF) ConsoleWrite(_WinAPI_GetLastError() & @TAB & _WinAPI_GetLastErrorMessage() & @CRLF & @CRLF) Local $a_hCall = DllCall("kernel32.dll", "bool", "DeleteTimerQueueEx", "handle", $a_h_CreateTimerQueue[0], "handle", 0) ConsoleWrite("DeleteTimerQueueEx = " & $a_hCall[0] & @CRLF & @CRLF) ConsoleWrite(_WinAPI_GetLastError() & @TAB & _WinAPI_GetLastErrorMessage() & @CRLF & @CRLF) Exit Func _RegisterSyncCallback($sFunction, $sReturnType, $sParams) Local Static $hGUI Local Static $pSendMessage Local Static $iMsg If Not $hGUI Then $hGUI = GUICreate("RegisterSyncCallback_Msg", 100, 100) $iMsg = $WM_APP GUIRegisterMsg($iMsg, RegisterSyncCallback_Msg) $pSendMessage = _WinAPI_GetProcAddress(_WinAPI_GetModuleHandle("user32.dll"), "SendMessageW") ConsoleWrite("$hGUI: " & Hex($hGUI) & @CRLF) ConsoleWrite("$pSendMessage: " & Hex($pSendMessage) & @CRLF) ConsoleWrite("$iMsg: " & Hex($iMsg) & @CRLF) EndIf Local $hHandle = DllCallbackRegister($sFunction, $sReturnType, $sParams) ConsoleWrite("$hHandle = " & $hHandle & @CRLF) If @AutoItX64 Then Local $sOPCode = "0x" _ & "48894C2408488954" _ & "24104C894424184C" _ & "894C24204883EC28" _ & "4989C8" _ & "48C7C1" _ & SwapEndian($hGUI, False) _ & "48C7C2" _ & SwapEndian($iMsg, False) _ & "49B9" _ & SwapEndian(DllCallbackGetPtr($hHandle)) _ & "48B8" _ & SwapEndian($pSendMessage) _ & "FFD04883C428C3" Else Local $sOPCode = "0x" _ & "68" _ & SwapEndian(DllCallbackGetPtr($hHandle)) _ & "FF74240868" _ & SwapEndian($iMsg) _ & "68" _ & SwapEndian($hGUI) _ & "B8" _ & SwapEndian($pSendMessage) _ & "FFD0C20800" EndIf Local $pRemoteCode = _MemVirtualAlloc(0, BinaryLen($sOPCode), $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) If Not $pRemoteCode Then MsgBox(0, "Error", "_MemVirtualAlloc :(") Local $tCodeBuffer = DllStructCreate("byte[" & BinaryLen($sOPCode) & "]", $pRemoteCode) DllStructSetData($tCodeBuffer, 1, $sOPCode) ConsoleWrite("$tCodeBuffer: " & DllStructGetData($tCodeBuffer, 1) & @CRLF) Return $pRemoteCode EndFunc ;==>_RegisterSyncCallback Func RegisterSyncCallback_Msg($hWnd, $iMsg, $wParam, $lParam) ConsoleWrite(">RegisterSyncCallback_Msg Called" & @CRLF) ; ConsoleWrite("$hWnd: " & Hex($hWnd) & @CRLF) ; ConsoleWrite("$iMsg: " & Hex($iMsg) & @CRLF) ; ConsoleWrite("$wParam: " & Hex($wParam) & @CRLF) ; ConsoleWrite("$lParam: " & Hex($lParam) & @CRLF) DllCallAddress("none", $lParam, "int", $wParam, "int", 1) EndFunc ;==>RegisterSyncCallback_Msg Func SwapEndian($uInt, $b64 = True) Local $iLen = (@AutoItX64 And $b64) ? 16 : 8, $sHex = Hex($uInt, $iLen), $sRes For $i = $iLen - 2 To 0 Step -2 $sRes &= StringMid($sHex, $i + 1, 2) Next Return $sRes EndFunc ;==>SwapEndian

Or this way. #include <WinAPISys.au3> Local $tInfo = _WinAPI_GetStartupInfo() ConsoleWrite(_WinAPI_GetString($tInfo.title) & @CRLF)

This is true for this specific CreateTimerQueue callback, but for other callbacks the return parameters will change. It would be great to make _RegisterSyncCallback() as generic and flexible as possible.

Looks good on my side for x64 🙂👍. You've removed the parameters from this example, I would think they are required for the callbacks to fully work. I would also assume that the parameter type is relevant for the distinction between x86 and x64, so an explicit variable for the callback parameter structure should be part of the _RegisterSyncCallback() function call (they need to be passed to the DllCallbackRegister() call for $hHandle too?). Local $t_Callback_Parameters = "ptr lpParameter; bool TimerOrWaitFired" ; WaitOrTimerCallback callback function > https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms687066(v=vs.85) Local $pCallback = _RegisterSyncCallback(_CallBackFunction, $t_Callback_Parameters) I also propose to create the opcode memory only after the definition of the opcode itself, with something like this. Local $pRemoteCode = _MemVirtualAlloc(0, BinaryLen($sOPCode), $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) If Not $pRemoteCode Then MsgBox(0, "Error", "_MemVirtualAlloc :(") Local $tCodeBuffer = DllStructCreate("byte[" & BinaryLen($sOPCode) & "]", $pRemoteCode)

Hi jugador, thanks for the feedback. The x86 code worked without the volatile for me, but I've added it to be on the safe side 👍. The only open topic for me would be to make the opcode x64 compatible. Just ported SMF to x64, and I made it a habit to try to make all my code x86 and x64 compatible.

Hi UEZ, initially my request was about CreateTimerQueueTimer, triggered by this comment. By jugadors comment I learned of the opcode hack with RegisterSyncCallback, as described by the AHK guys. Also jugador tested it with _WinHttpSetStatusCallback and EnumWindows here. So now it's only about making RegisterSyncCallback x64 compatible, to have a hack in the quiver for any functions using callbacks, which will crash with DllCallbackRegister. Besides the mentioned ones I think there are more functions out there, where this can be used. I think the callback in CopyFileEx also crashed with DllCallbackRegister, maybe it works with RegisterSyncCallback?

There are cases with work-arounds using opcode execution in separate threads, e.g. transex gif animation UDF. I think this RegisterSyncCallback hack might be a good workaround at least for simple callbacks in separate threads.

Great 🙂, works for me too 👍! The team over at the AHK forum also posted the opcode for x64 mode. https://www.autohotkey.com/boards/viewtopic.php?p=538378#p538378 p := pcb if A_PtrSize = 8 { /* 48 89 4c 24 08 ; mov [rsp+8], rcx 48 89 54'24 10 ; mov [rsp+16], rdx 4c 89 44 24 18 ; mov [rsp+24], r8 4c'89 4c 24 20 ; mov [rsp+32], r9 48 83 ec 28' ; sub rsp, 40 4c 8d 44 24 30 ; lea r8, [rsp+48] (arg 3, &params) 49 b9 .. ; mov r9, .. (arg 4, operand to follow) */ p := NumPut('Ptr' , 0x54894808244c8948, 'Ptr' , 0x4c182444894c1024, 'Ptr' , 0x28ec834820244c89, 'Ptr' , 0x00b9493024448d4c, p) - 1 lParamPtr := p, p += 8 p := NumPut('Char' , 0xba, ; mov edx, nmsg 'Int' , msg, 'Char' , 0xb9, ; mov ecx, hwnd 'Int' , wnd.hwnd, 'Short', 0xb848, ; mov rax, SendMessageW 'Ptr' , SendMessageW, /* ff d0 ; call rax 48 83 c4 28 ; add rsp, 40 c3 ; ret */ 'Ptr' , 0x00c328c48348d0ff, p) } else { p := NumPut('Char' , 0x68, p) ; push ... (lParam data) lParamPtr := p, p += 4 p := NumPut('Int' , 0x0824448d, ; lea eax, [esp+8] 'Char' , 0x50, ; push eax 'Char' , 0x68, ; push nmsg 'Int' , msg, 'Char' , 0x68, ; push hwnd 'Int' , wnd.hwnd, 'Char' , 0xb8, ; mov eax, &SendMessageW 'Int' , SendMessageW, 'Short', 0xd0ff, ; call eax 'Char' , 0xc2, ; ret argsize 'Short', InStr(Options, 'C') ? 0 : ParamCount * 4, p) } I'll give it a try, although I have to admit I'm not good in this assembly stuff. Edit: Found this for SwapEndian under x64. uint64_t swapLong(void *X) { uint64_t x = (uint64_t) X; x = (x & 0x00000000FFFFFFFF) << 32 | (x & 0xFFFFFFFF00000000) >> 32; x = (x & 0x0000FFFF0000FFFF) << 16 | (x & 0xFFFF0000FFFF0000) >> 16; x = (x & 0x00FF00FF00FF00FF) << 8 | (x & 0xFF00FF00FF00FF00) >> 8; return x; }

What did you change?

Thanks for pointing that out 🙂! I'll test @Danyfirex's function from here later the day. Edit: No luck yet, the callback fires one time and on the second call the parameters are gone and the process crashes. #include <WinAPI.au3> #include <Memory.au3> Global $dll_kernel32 = DllOpen("kernel32.dll") Func _CallBackFunction($arg1, $arg2) ; MsgBox(0, "_MyFn - Child Thread", "GetCurrentThreadId: " & DllCall("kernel32.dll", "handle", "GetCurrentThread")[0] & @CRLF & "$arg1: " & Int($arg1) & @CRLF & "$arg2: " & Int($arg2)) ConsoleWrite("_CallBackFunction" & @tab & TimerInit() & @crlf) EndFunc ;==>_CallBackFunction ; https://www.autoitscript.com/forum/topic/211447-registersynccallback/#findComment-1529893 ; by Danyfirex Local $hCallback = _RegisterSyncCallback("_CallBackFunction", 2) ConsoleWrite("$hCallback = " & $hCallback & @crlf) Local $tParameters = DllStructCreate("int Value1;int Value2") $tParameters.Value1 = 10 $tParameters.Value2 = 30 ;~ DllCallAddress("int", $pCB, "ptr", DllStructGetPtr($tParameters)) ConsoleWrite("DllStructGetPtr($tParameters): " & DllStructGetPtr($tParameters) & @CRLF) DllCall($dll_kernel32, "hwnd", "CreateThread", "ptr", 0, "dword", 0, "long", $hCallback, "ptr", DllStructGetPtr($tParameters), "long", 0, "int*", 0) Local Const $WT_EXECUTELONGFUNCTION = 0x00000010 ; The callback function can perform a long wait. This flag helps the system to decide if it should create a new thread. Local Const $WT_EXECUTEINTIMERTHREAD = 0x00000020 ; The callback function is invoked by the timer thread itself. This flag should be used only for short tasks or it could affect other timer operations. Local Const $WT_EXECUTEINPERSISTENTTHREAD = 0x00000080 ; The callback function is queued to a thread that never terminates. Local $i_TimerQueue_Start_after = 100 Local $i_TimerQueue_Repeat_after = 100 Local $a_hCall = DllCall($dll_kernel32, "bool", "CreateTimerQueueTimer", _ "handle*", 0, _ "handle", Null, _ "ptr", $hCallback, _ "ptr", Null, _ "dword", 100, _ "dword", $i_TimerQueue_Repeat_after, _ "ulong", BitOR($WT_EXECUTELONGFUNCTION, $WT_EXECUTEINTIMERTHREAD)) Local $phNewTimer = $a_hCall[1] ConsoleWrite("CreateTimerQueueTimer = " & $a_hCall[0] & @TAB & $phNewTimer & @CRLF & @CRLF) ConsoleWrite(_WinAPI_GetLastError() & @TAB & _WinAPI_GetLastErrorMessage() & @CRLF & @CRLF) Local $timer = TimerInit() ConsoleWrite("! Main loop - START" & @crlf) While 1 ConsoleWrite("+ " & TimerDiff($timer) & @CRLF) If TimerDiff($timer) > 5000 Then ConsoleWrite("! fire Exitloop event" & @CRLF) ExitLoop EndIf Sleep(10) WEnd ConsoleWrite("! Main loop - END" & @crlf) Local $a_hCall = DllCall($dll_kernel32, "bool", "DeleteTimerQueueTimer", _ "handle", 0, _ "handle", $phNewTimer, _ "handle", 0) ConsoleWrite("DeleteTimerQueueTimer = " & $a_hCall[0] & @CRLF & @CRLF) ConsoleWrite(_WinAPI_GetLastError() & @TAB & _WinAPI_GetLastErrorMessage() & @CRLF & @CRLF) ConsoleWrite("_WinAPI_CloseHandle($phNewTimer) = " & _WinAPI_CloseHandle($phNewTimer) & @CRLF) Exit Func _RegisterSyncCallback($Function, $iParamCount = 0, $iOptions = 0) Local Static $hGUI Local Static $pSendMessage Local Static $iMsg If Not $hGUI Then $hGUI = GUICreate("RegisterSyncCallback_Msg", 300, 200) $iMsg = 0x8000 GUIRegisterMsg($iMsg, RegisterSyncCallback_Msg) $pSendMessage = DllCall($dll_kernel32, "ptr", "GetProcAddress", "ptr", _WinAPI_GetModuleHandle("user32.dll"), "str", "SendMessageW")[0] ConsoleWrite("$hGUI: " & Hex($hGUI) & @CRLF) ConsoleWrite("$pSendMessage: " & Hex($pSendMessage) & @CRLF) ConsoleWrite("$iMsg: " & Hex($iMsg) & @CRLF) EndIf If @AutoItX64 Then Return MsgBox(0, "Error", "This is a x86 Sample :(") ; add x64 code yourself Local $pRemoteCode = _MemVirtualAlloc(0, 96, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) If Not $pRemoteCode Then MsgBox(0, "Error", "_MemVirtualAlloc :(") Local $tCodeBuffer = DllStructCreate("byte[96]", $pRemoteCode) Local $hHandle = DllCallbackRegister($Function, "int", "int;int") ; hardcode one parameter ; Local $tExtradata = DllStructCreate("wchar[128]") ; DllStructSetData($tExtradata,1,"TestData") Local $sOPCode = "0x68" & SwapEndian($pRemoteCode + 30) & _ "8D4424085068" & SwapEndian($iMsg) & "68" & SwapEndian($hGUI) & _ "B8" & SwapEndian($pSendMessage) & "FFD0C2" & StringLeft(SwapEndian($iParamCount * 4), 4) & _ SwapEndian(DllCallbackGetPtr($hHandle)) & SwapEndian($iParamCount) ; & SwapEndian(DllStructGetPtr($tExtradata)) ;<<== added this line and it worked > by jugador DllStructSetData($tCodeBuffer, 1, $sOPCode) ConsoleWrite("$tCodeBuffer: " & DllStructGetData($tCodeBuffer, 1) & @CRLF) Return $pRemoteCode EndFunc ;==>_RegisterSyncCallback Func RegisterSyncCallback_Msg($hWnd, $iMsg, $wParam, $lParam) ConsoleWrite(">RegisterSyncCallback_Msg Called" & @CRLF) ConsoleWrite("$hWnd: " & Hex($hWnd) & @CRLF) ConsoleWrite("$iMsg: " & Hex($iMsg) & @CRLF) ConsoleWrite("$wParam: " & Hex($wParam) & @CRLF) ConsoleWrite("$lParam: " & Hex($lParam) & @CRLF) Local $tStruct = DllStructCreate("ptr pFunction", $lParam) Local $tNParameters = DllStructCreate("ptr NParameters", $lParam + 4) Local $tStructParameters = DllStructCreate("ptr", $wParam) ConsoleWrite("$tStruct.pFunction: " & $tStruct.pFunction & @CRLF) ConsoleWrite("$tNParameters.NParameters: " & $tNParameters.NParameters & @CRLF) Local $aValues[$tNParameters.NParameters] For $i = 0 To $tNParameters.NParameters - 1 $aValues[$i] = DllStructGetData(DllStructCreate("int", DllStructGetData($tStructParameters, 1) + ($i * 4)), 1) ConsoleWrite($aValues[$i] & @CRLF) Next DllCallAddress("int", $tStruct.pFunction, "int", $aValues[0], "int", $aValues[1]) Return 1 EndFunc ;==>RegisterSyncCallback_Msg Func SwapEndian($hex) Return Hex(BitOR(BitOR(BitOR(BitShift($hex, 24), _ BitAND(BitShift($hex, -8), 0x00FF0000)), _ BitAND(BitShift($hex, 8), 0x0000FF00)), _ BitShift($hex, -24)), 8) EndFunc ;==>SwapEndian