2

How I could properly call the SetCursorPos function from windows RunDll32 application?

If I try this, it sends the cursor to bottom-right corner:

RunDll32.exe user32.dll,SetCursorPos 100, 100

But I'm passing the proper values to its parameters:

https://msdn.microsoft.com/en-us/library/windows/desktop/ms648394%28v=vs.85%29.aspx

PS: I'm not interested in alternatives like for example NirCMD application, I know them, I only would like to know the answer to the question I did, thankyou.

ElektroStudios
  • 19,105
  • 33
  • 200
  • 417

1 Answers1

8

This isn't possible. RunDll32 can only call functions with this signature:

void CALLBACK EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);

So if you do

RunDll32.exe user32.dll,SetCursorPos 100 100

You are telling RunDll32.exe to do this:

SetCursorPos(0x314159, 0x265358, "100 100", 1)

...were the first two parameters are not in your control (for example, in my machine the call moves the cursor to the upper right).

More info from the docs:

hwnd - window handle that should be used as the owner window for
       any windows your DLL creates
hinst - your DLL's instance handle
lpszCmdLine - ASCIIZ command line your DLL should parse
nCmdShow - describes how your DLL's windows should be displayed
JohnKiller
  • 2,008
  • 18
  • 28
  • Thanks for answer, could you please specify how you verified the function signature?. How I could locate it to ensure it?. – ElektroStudios Apr 04 '15 at 13:33
  • source: http://support.microsoft.com/en-us/kb/164787 – JohnKiller Apr 04 '15 at 13:34
  • There does not explain how to locate a signature of a exported function, only explains how it should be, or I'm wrong?, how I see the signature of SetCursorPos?. – ElektroStudios Apr 04 '15 at 13:36
  • well, for public api, you can read from the official MSDN: https://msdn.microsoft.com/it-it/library/windows/desktop/ms648394%28v=vs.85%29.aspx – JohnKiller Apr 04 '15 at 13:38
  • however, if you want to run a specific DLL that is not from M$, you need to have the associated `.h` file wich contains the declarations – JohnKiller Apr 04 '15 at 13:39
  • The thing is that SetCursorPos is a function like many others that accepts 1 or 2 parameters, for example SwapMouseButton, which accepts 1 parameter and works perfectlly in RunDll32... also note that when SetCursorPos is called from RunDll32 the entrypoint is found on the dll, and the function is called, but just it sends the mouse hotspot to a corner. the information given here is useful but seems not to be a reason for explaining this specific issue. – ElektroStudios Apr 04 '15 at 13:39
  • can you show me an example of how you got that working for swapmouse? because reading on other questiones here on SO everyone says it isn't possible and shouldn't be done that way – JohnKiller Apr 04 '15 at 13:41
  • 1
    the reason the mouse moves but doesn't go where you want to, is because the function is called the way i've explained in my answer. your "100,100" is being passed to the function as the third argoument, while the first two are the window handle and dll instance, two completely random values that you are not in control of. same thing for swapmouse: the function gets called, but not with your parameters – JohnKiller Apr 04 '15 at 13:45
  • thanks for deep in explanations and your patience, I remember that in the past I've used SwapMouseButton from Rundll32, and it works but not as expected, cannot "unswap" it once swaped. thanks. – ElektroStudios Apr 04 '15 at 13:49
  • 1
    yep, because the window handle is always > 0, so always evaluates to true (: – JohnKiller Apr 04 '15 at 13:51