PDA

View Full Version : If my proggie...


Petroff
November 11th, 2000, 13:59
...doesn't break on getdlgitemtexta, getwindowtexta (nor their 16 bit equivalents), hmemcpy, wm_gettext and manages to send me a nice messagebox (which isn't created using standard API) that says it was wrong serial I entered what can I do? When I bpx on wm_lbuttonup from msgbox I land in msg loop without useful jz/jnz instructions above. Register nag is created using Dialogboxindirectparama and it is possible to disable it but unfortunately without benefits (there are registered user flags for sure). So besides theese metods mentioned above which is the other way an author can copy entered serial in memory ? Of course there are no useful stringrefs. Any ideas from you guys?

carpathia
November 11th, 2000, 16:14
The message dialog must be created using API somewhere along the line. Have you tried the CreateWindow series of API ? If you get desperate I'm sure you'd break on ShowWindow. Trace back from where the message dialog is shown or created.

If this still doesnt work, perhaps you could try placing a bpm on the API's youve tried to bpx on. If the first instruction or block of instructions were to be copied from the body of the API, to the application memory, executed, and then a jump made into the centre of the API call, it could be possible to execute the API without it ever hitting the address of the API entry point. This is unlikely, but something to bear in mind.

Also, if youre still stuck, by all means, post the url to the app.

Regards

Carpathia

rg_
November 11th, 2000, 16:23
Quote:
[B]Register nag is created using Dialogboxindirectparama and it is possible to disable it but unfortunately without benefits (there are registered user flags for sure).


Hi
one of the parameters of DialogBoxIndirectParamA is the offset of the DialogProc the dialog uses. Get it and you can start searching there.

Regards

tola
November 12th, 2000, 12:37
Quote:
Petroff (11-11-2000 02:59):
...doesn't break on getdlgitemtexta, getwindowtexta (nor their 16 bit equivalents), hmemcpy, wm_gettext and manages to send me a nice messagebox (which isn't created using standard API) that says it was wrong serial I entered what can I do?

you may also try this: enter your fake serial, search for it in memory (you'll find it somewhere above 80000000h) and set a breakpoint on that memory location.