Nektra announces the release of the new version of WLMailApi, the most used SDK designed to develop plugins in Windows Live Mail Desktop email client.

Main features included in this version:

• Create toolbars and buttons.
• Create toolbars and buttons in message windows (Compose / Reply / Forward / Message detail).
• Access and modify folders and messages.
• Event notifying selected folder and message/s.
• Event notifying changes in local folders.
• Demo application and dll plugin developed in C# with source code.

Request trial version here! http://www.nektra.com/products/wlmailapi-windows-live-mail-api-plugin/request-trial License: Some changes were introduced to the license for WLMailApi. Now, it is necessary to purchase a license for each developer that will use the library or by each product that will be developed using the library, taking into account whichever number is greater. For more details visit license page. http://www.nektra.com/products/wlmailapi-windows-live-mail-api-plugin/license Contact us to ask any commercial question or use the technical inquiries. http://www.nektra.com/contact

Best Regards,

Business Development

Nektra has released the new WLMailApi v1.1.1

Nektra has released the new WLMailApi v1.1.1, which has many more features & functions, this allows developers to create custom Windows Live Mail plug-ins.

Nektra Advanced Computing is glad to announce the release of the new WLMailApi version 1.1.1 which you can request a download by clicking here. This new version is an update of the official WLMailApi RTM version which has been released over two years ago.

Creating addons or plugins for Windows Live Mail Desktop® demands a deep knowledge of its internal behavior, it does not have any public Application Programming Interface.

Windows Live Mail is the desktop email client promoted by Microsoft for Windows XP®, Windows Vista® and Windows 7® as part of the Windows Live Essentials free software.

Contact us to ask any commercial question or use our forum for technical inquiries. For information about pricing or special demos please call 1-(310)237-6506.

The changes for this version are:

• SendMessage now works, but only for the default account.
• Resolved On click “create message” button Hang
• Resolved WLMail hang when I imported an account
• Resolved Hang when I drag and drop emails only if AVG is installed
• Resolved Moving messages through folders hang
• Added IMailAccount::GetMailAddress
• Moved all loading code to LiveMapiLoader
• Added GetButtonRect()
• Added Message::GetBodySize
• Changed folder enumeration to using ILMFolderEnumerator
• Fixed IMessage::GetBodySize
• Changed InternalRegisterMessageNotification folder limit from 30 to 20

A new version of Nektra Deviare API Hook is now released. This version has lots of fixes to bugs that I found along the last year working with the library in Application Virtualization Solutions and Reverse Engineer. I found some stability issues, generating dead-locks, stack trace wasn’t working as defined and it has important performance improvements. Also, there are more functions in the database and some data types were not working at all: arrays and enumerations.

New C# hooking console

Highlights

• Process / Module / Function panels
• Functions that are included in the database are displayed with full parameter information.
• Execution hooks (aka: ‘Add Exec Hook’) allow the user to add hooks when an application starts. It’s useful to debug an application that crashes at startup.
• Parameter information could be displayed before and after the function is called.
• Full Stack trace information.
• Function calls can be displayed grouped by thread.
• CLSID and IID are displayed in {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} format and with registration information:

• Structures parameters are expanded to show all their fields. This picture shows a call to Kernel32.FindFirstFileW with parameter _WIN32_FIND_DATAW expanded.

• Lots of Windows Messages are supported. LPARAM and WPARAM parameters of user32.dll functions DispatchMessage, PostMessage, SendMessage, PeekMessage and GetMessage are interpreted as the real data type that they are. Here a LVM_INSERTCOLUMNW (ListView_InsertColumnW macro for C++) is sent and the lParam is displayed as a tagLVCOLUMNW*:

In file $INSTDIR\Bin\Database\FunctionTypes.xml you can find all the definitions. They are of the style:

<message value="442">

  <name>TB_SETBUTTONINFOA</name>

  <return value="">

    <returninfo>returns LRESULT in lResult</returninfo>

  </return>

  <wparam value="INT">

    <wname>iID</wname>

  </wparam>

  <lparam value="LPTBBUTTONINFO">

    <lname>

    </lname>

  </lparam>

</message>

This definition means that when a message 0×442 is called TB_SETBUTTONINFOA. Parameter WPARAM is a INT and LPARAM is a LPTBUTTONINFO. The code to convert one parameter to another type is very easy using Deviare:

pm = pm.CastTo("LPTBBUTTONINFO");

if(pm == null)

{

    // data type is not in the database

}

Adding other message definitions in that xml will change the C# message handling functions. This method can be used for any other function that has any variable parameter such as DeviceIoControl.

COM Interception

Now Deviare COM Spy is part of Deviare Package, so you can get it downloading Deviare. I’m not very happy with the application and I would like to make big changes in this area.

Deviare Services

Deviare is a very specific tool and it can take a special effort to get acquainted with its mechanism. We have a team of professionals that can help so Just ask.

• Examples of interception code
• Parameter retrieve and change
• Ad-hoc interception techniques for complex problems
• COM Interception (with or without the interface)
• Interception of undocumented API
• 64 bits interception
• Debug server with interception techniques
• Server monitoring
• Sever performance boost

More information in API Hook Services

Download

Request the package in Deviare download section.

Nektra has released the new WLMailApi v1.0.2

Nektra has released the new WLMailApi v1.0.2, which has many more features & functions, this allows developers to create custom Windows Live Mail plug-ins.

Nektra Advanced Computing is glad to announce the release of the new WLMailApi version 1.0.2 which you can request a download by clicking here. This new version is an update of the official WLMailApi RTM version which has been released over 6 months ago.

Creating addons or plugins for Windows Live Mail Desktop® demands a deep knowledge of its internal behavior, it does not have any public Application Programming Interface.

Windows Live Mail is the desktop email client promoted by Microsoft for Windows XP®, Windows Vista® and Windows 7® as part of the Windows Live Essentials free software.

Contact us to ask any commercial question or use our forum for technical inquiries. For information about pricing or special demos please call 1-(310)237-6506.

The changes for this version are:

* Fixed: Memory leak when moving or deleting many messages left wlmail.exe process running after closing it
* Fixed: WLMail crashed when having an IMAP account
* Fixed: Getting a Toolbar object during the WLMailApiEvents::OnFolderSelectionChange event freezed WLMail
* Fixed the way WLMailApiAgent hooks the WLMail.exe process to avoid WLMailApiLoader.dll to be loaded in every process
* Implemented WLMailApiEvents::OnNewMessageInOutbox event that allows to modify and commit outgoing messages
* Implemented IWLMailApiEvents::OnSendButtonMsgWndClicked which is triggered when a new message window is set to be sent
* Implemented MsgWnd::GetTo(), GetCc(), GetBcc(), GetSubject(), SetTo(), SetCc(), SetBcc() and SetSubject()
* Added IMailAccountManager and IMailAccount interfaces to get the Default Account
* Implemented FolderManager::GetInboxFolder(), GetDraftFolder(), GetSentFolder(), GetJunkFolder(), GetDeletedFolder() for the Default Account
* Implemented Folder::IsInbox(), IsDraft(), IsSent(), IsJunk(), IsDeleted() functions for Default Account special folders
* Implemented FolderManager::GetOutboxFolder() and Folder::IsOutbox functions
* Added Unicode support to main API functions:
IFolderManager::CreateFolder() and RenameFolder()
IFolder::GetName(), Rename(), CreateFolder() and CreateMessage()
IMessage::GetSubject(), GetAllBody(), GetBody(), GetBodyText(), GetBodyDisplayName(), GetFilename() and SaveAsFile()
IMessage: For GetBodyProp() and SetBodyProp() functions, the message must be already encoded in Unicode

Nektra Advanced Computing is glad to announce that we are always working on Windows Live Mail API improvements from all your feedback. Now in our Windows Live Mail API Trial you are able to access the storage folders with read, write, delete, move, rename and clone capabilities. We are also able to append text and or HTML code inside each cloned message. Here is a screen shot of the Message Bodies in our WLMailApi C# Demo and below a video showing more capabilities of our product.

Contact us to ask any commercial question or use our forum for technical inquiries.

Nektra has released the new WLMailApi v1.0.1, which allows developers to create custom Windows Live Mail plug-ins.

Nektra Advanced Computing is glad to announce the release of the new WLMailApi version 1.0.1 which you can request a download by clicking here. This new version of WLMailApi left the Beta stage and is now an official RTM version.

Creating addons or plugins for Windows Live Mail Desktop® demands a deep knowledge of its internal behavior. Its Application Programming Interface (API) is undocumented and there is not a SDK available. Even the public interfaces IStoreNamespace and IStoreFolder supported in both Outlook Express® and Windows Mail® are not present in this new email client.

Windows 7® will not include Outlook Express or Windows Mail; its users will be forced to move to Windows Live Mail. Your product can be one of the first that plugs in!!!

Contact us to ask any commercial question or use our forum for technical inquiries.

This is the change log from previous version:

* Exiting from the system tray icon’s context menu crashed WLMail
* A stack overflow was produced when many database notifications were triggered
* There was a memory leak when handling database events
* C# DLL Demo solution made WLMail freeze after the evaluation expiration message when it was executed in Debug mode
* First events could get lost at startup before the first folder/message selection change event
* WLMailApi::GetCurrentMessageID() always returned -1 at startup until message selection was changed
* WLMailApi::GetCurrentMessageID() and NktWLMailApi::GetFirstSelectedMessageID() responses were not updated after current/selected message was deleted
* The WLMailApiEvents::OnDatabaseChange NKT_TR_INSERT_MESSAGE case was not triggered when messages were inserted in the Deleted Items folder
* Message.Delete(0) did not work when the message was in the Deleted Items folder
* WLMailApiEvents::OnCurrentMessageChanged event was not triggered if the current message was changed by selecting another message using “Ctrl + Click”
* When an unread message was selected in WLMail and was automatically marked as read, two WLMailApiEvents::OnDatabaseChange events (first NKT_TR_UNREAD_MESSAGE and then NKT_TR_READ_MESSAGE) were triggered instead of just one (NKT_TR_READ_MESSAGE)
* ToolbarButton::SetName and SetTooltip did not work if were called after the button was created
* Message::SaveAsFile() output file was corrupt if Message::GetHeader() was previously called
* Improved and corrected C++ and C# DLL Demos
* The solutions of the package now require Visual Studio 2008

The Nektra staff wishes you all a happy new year!

Best regards,

Nektra’s WLMailApi Team

Download messagespy_demo.zip – 250 KB

Download messagespy_src.zip – 249 KB

Deviare Message Spy

Contents

• Introduction
• So, what’s the good news?
• Deviare Message Spy
  • Finding a Window: The Spy++ Style Window Finder
  • Hooking
  • The XML
  • The Cast
• Using Deviare Message Spy
• Requirements
• Known Issues
• Resources

Introduction

This article presents you with a different perspective of how to inspect window messages, to see how applications are communicating and managing their controls. We are not going to explain what window messages are or what they are used for in this article, so we suggest that you read these excellent articles to understand them: Handling Window Messages (Part 1, Part 2, Part 3). In this article we are going to monitor the Message API from the inside by hooking the target process.

So, what’s the good news?

As a first step when developing, to inspect windows, we open the Spy++ application and start the tedious work of following messages as they are printed in their hundreds. This is helpful most of the time, as we usually want to know what our windows are seeing and receiving. Yet, what happens when we want to know exactly how an application is communicating with its controls (what calls it makes to the message API) or want to see if our messages are getting filtered by someone else? As you may know, Spy++ installs 3 global hooks to receive every Send, Post and Call to a window message handler. The information provided by these methods is not enough to know what messages are coming from our application or if any of them have been filtered by a hook installed earlier in the call chain.

Do not panic, Deviare comes to rescue. What we are going to do is intercept all the Message APIs from the process that the window belongs to and monitor its calls. From there, we can be sure of what messages are being sent from the application to its controls and if any of them are missing from the ones that Spy++ is reporting, then we will know if someone else is watching us…

What happens with the messages not known by Spy++? How are we going to see them? Look what happens with many of the messages used by the standard ListView in windows. Spy++ does not know anything about them if the window is subclassed (for example ATL:SysListView32), and cannot trace its content. Try following LVM_GETNEXTITEM in Outlook Express and you will only see unknown 0x100C messages. The same goes for custom user messages that you may know and want to follow. We need an application that can be customized to our needs!

Deviare Message Spy

To probe our theory, we have built this message spying application. We have added to it a way to lookup windows handlers, hook the process owning it, and correctly report the messages and structures.

Finding a Window: The Spy++ Style Window Finder

To pick the target window and the process we wanted an interface like the one used in Process Explorer and Spy++. Thanks to Mark Belles this was an easy task. He has a great article on how to implement a nice Window Finder, in Code Project.

Hooking

In order to install a hook, first we need to identify our target process. After obtaining a window handle from our Window Finder, we can use GetWindowThreadProcessId to identify which process owns the window. From there we use the .Net API to access it and tell Deviare which process we wish to hook.

Win32.GetWindowThreadProcessId(hWnd, out _processId);
_txtProc.Text = Process.GetProcessById(_processId).MainModule.ModuleName

For our monitoring we have divided the API in 2 sets: the Dispatch group, and the Sent and Post group. Monitoring messages that arrive to the first group will provide us with a very similar view of what Spy++ sees. This is because these messages arrived to the application and have not been filtered by any hook. With our second group, we will identify direct and asynchronous calls to the Message API.

Let’s see how we install the hook for one of these functions:

procs = _mgr.get_Processes(0);
procs = _mgr.get _Processes(0)
proc = procs.get_Item(_processId)
IPEModuleInfo mod = proc.Modules.get_ModuleByName("user32.dll");
IExportedFunction fnc = mod.Functions.get_ItemByName("PostMessageW");
_hook = _mgr.CreateHook(fnc);
_hook.Attach(proc);
_hook.OnFunctionCalled += new Deviare.DHookEvents_OnFunctionCalledEventHandler(_hookPst_OnFunctionCalled);
_hook.Properties = (int)DeviareCommonLib.NktHookFlags._call_before;
_hook.Hook();

As you see, we easily pick our target process by Id and select its Module and Function by name. The module name is not important, as it is always going to be “user32.dll”. If you have doubts, you can use Spy Studio to watch the process modules and exported functions.

Once the hook gets installed, we will receive notifications on our handler. From there we parse the function parameters transparently with the interface provided. (These parameters are actually in the target process, and Deviare copies them to our process on our demand and handles all the communication).

int returnVal = callInfo.ReturnValue;
IParams pms = callInfo.Params;
IEnumParams enm = pms.Enumerator;
IParam pm = enm.First;
IParam recvMsgHndl = pms.get_Item(0);
IParam recvMsgParam = pms.get_Item(1);
IParam recvWParam = pms.get_Item(2);
IParam recvLParam = pms.get_Item(3);

After reading all the data we require from the call, we will use our generated Xml to identify the message and properly cast it to its structure and show it properly.

The XML

The XML document in this application was created specifically to link together the message names, values and parameters. As messages like WM_LBUTTONDOWN are predefined as 0×201 we can place this in a XML file containing information on the parameters WPARAM and LPARAM.

<message value="0x201">
<name>WM_LBUTTONDOWN</name>
<return value="">
<returninfo></returninfo>
<returnmisc></returnmisc>
</return>
<wparam value="">
<wname>wParam</wname>
<wmisc>wParam Indicates whether various virtual keys are down. This parameter can be one or more of the following values.
MK_CONTROL
The CTRL key is down.
MK_LBUTTON
The left mouse button is down.
MK_MBUTTON
The middle mouse button is down.
MK_RBUTTON
The right mouse button is down.
MK_SHIFT
The SHIFT key is down.
MK_XBUTTON1
Windows 2000/XP: The first X button is down.
MK_XBUTTON2
Windows 2000/XP: The second X button is down.</wmisc>
</wparam>
<lparam value="">
<lname>lParam</lname>
<lmisc>lParam
The low-order word specifies the x-coordinate of the cursor. The coordinate is relative to the upper-left corner of the client area.
The high-order word specifies the y-coordinate of the cursor. The coordinate is relative to the upper-left corner of the client area.&amp;amp;amp;amp;lt;/lmisc&amp;amp;amp;amp;gt;
</lparam>
<misc></misc>

We could not find any database with this information, so we generated an XML document with the messages that we were interested in knowing about. As you can see, it is easy to simply add any message you want. In the process of building this XML, we used a very nice tool called ApiViewer from ActiveVB.de. Just search for the message names you want and you can evaluate the message values from the names.

The Cast

Now that we can identify the structures used on messages, we need to tell Deviare. Basically we are telling it to interpret our parameter, not as a simple LPARARM or WPARAM type, but as the complex structure we know is there. This is the case for messages like WM_DRAWITEM. So, to read it’s structure contained within the LPARAM we need to cast it as follows:

IParam pm = pms.get_Item(2); //LPARAM
pm = pm.CastTo(“LPDRAWITEMSTRUCT”); //Now our IParam is read as a pointer to DRAWITEMSTRUCT
pm = pm.Evaluated; //Resolve the pointer indirection
//Ready to use IParam as the structure sent by the OS.

It is possible to do this with all of the structures you can find defined in the windows headers. So, you should be able to cast and read any of them that are used in within these messages.

Using Deviare Message Spy

Deviare Message Spy in Action

Above we have our Deviare Message Spy in action. We selected the contacts list window from Outlook Express (at the bottom left) to spy on. You can see all the message values that were sent via Post and Send Message APIs. LVM_HITTEST has been expanded to show the full values received. As LPARAM is a pointer to the LVHITTESTINFO structure we can find all relevant information contained within.

Hope you enjoyed this article, and found it useful. Let us know what you think!

Requirements

• Deviare API Hooking

Known Issues

Many messages have the same Hex Address, such as TB_GETITEMRECT and TTM_UPDATE. Both of these messages have the value of 0x41d but are very different messages.

The TTM_UPDATE Message Forces the current tool to be redrawn. It does not use the wParam and lParam where as TB_GETITEMRECT Message Retrieves the bounding rectangle of a button in a toolbar.

TB is a Toolbar message and TTM is a Tooltip message. As our Spy++ style window finder already finds the window class, such as SysListView32 and ToolbarWindow32, It would be easy to use the class name to tell the program with Xml message is the correct one.

Resources

• Deviare API Hooking
• Message Lookup: ApiViewer
• Spy++ from the Microsoft Windows SDK

We all remember when Ole Automation came out. We were all impressed how simple it was to implement a few COM Interfaces, place a toolbar and interact with the office package. Soon the competition began to show who could create the best and most creative Add-on. How many times did you wonder how that other plug-ins “did that”? What if now you can even know how Outlook, or any Office application operates? Well, my friend, take a closer a look…

This Deviare example is implemented as an Outlook Add-on. We have used C# .Net, but you can use any language that supports Component Object Model.

We are using 2 threads to avoid freezing the application. The first one is the standard thread where Outlook report its events to us. The second is our worker thread where we create an output window to print our messages and a Deviare Event Proxy to process functions’ calls.

From the events Outlook provides us to work with we are only interested in OnStartupComplete. Here we know that Outlook is done with all its initialization and we can start hooking its interfaces. As a regular plug-in we ask for the Outlook Application, Active Explorer, CommandBars and create a CommandBarButton. We are going to intercept all of them and see how their members are used.

Notice that to obtain the interface we don’t use the class implementation, but the underlying interface definition. That’s why, when calling HookInterface, we send the Type of Outlook._Application and not Outlook.Application. The second one, is the .Net wrapper, and the first one is the Ole Interface.

To intercept these objects, Deviare needs some information. The necessary elements are the COM Object Interface (that would be its virtual table), which members we are interested in (specified by index), and the name of the Interface. Identifying the interface by name, will let Deviare find all the information it needs during the call, so you can handle its parameters the same way we did with any function hook. To gather all this the .Net Framework provides us with marshaling facilities (System.Runtime.InteropServices.Marshal), this makes our lives pretty easy .

And that’s all. We print our calls, and see our results:

Cheers, and happy coding!

Today we have released a console for monitoring and spying on applications using Microsoft’s Component Object Model. This technology is used in many professional applications and now you are able to watch them in action too!

Deviare’s last integration is the ability to intercept COM interfaces. Using this technology and heuristics to discover this interfaces, the console lets you see which interfaces are being used by an application, and how they made their calls.

Here is an example monitoring the Windows Live Messenger:

As you have seen, we found the instantiation of IwebBrowser2. Since we don’t know what we want to see yet, we hooked every member except IDispatch (not necessary here). Then, the console printed calls for Navigate2 (among others), and we could see where the little browser at the bottom of messenger was getting its Adverts from.

The console is open source, so feel free to contribute on it. In this first release, it contains only one method to discover the creation of interfaces, but many others may be added. Go chase them .

Download Deviare COM Spy Console