Is anyone aware of any Windows Defender Exploit Protection (all settings on except ASLR for the program so it can be debugged by the clarion debugger) affecting callbacks like EnumWindow or EnumDesktopWindows, the problem I’m seeing is the lParam isnt being passed into the callback procedure EnumWindowsProc and what I get is a value looking like a hWnd being passed to the EnumWindowsProcCallBackProcedure.
My thinking is the callback procedure is probably in some windows context and not my app context so maybe there are is/are some security restrictions I need to account for, changing the manifest elevation from asInvoker to highestAvailable doesnt change anything.
EnumWindows function (winuser.h) - Win32 apps | Microsoft Docs
EnumDesktopWindows function (winuser.h) - Win32 apps | Microsoft Docs
EnumWindowsProc callback function (Windows) | Microsoft Docs
Map
EnumWindowsProcCallBackProcedure Procedure(Long hWnd,Long lParam),Bool
End
Loc:EnumWindowsProcCallBackProcedureAddress = Address(EnumWindowsProcCallBackProcedure)`
Loc:ReturnValueBool = IS_EnumDesktopWindows(0,|
Loc:EnumWindowsProcCallBackProcedureAddress,|
Loc:hProcessID)
OR
Loc:ReturnValueBool = IS_EnumWindows( Loc:EnumWindowsProcCallBackProcedureAddress,|
Loc:hProcessID)
EnumWindowsProcCallBackProcedure Procedure(Long hWnd,Long lParam)
Code
!Some code
!Some DebugView Strings
Return 1