Results 1 to 6 of 6

Thread: How to find what happens to the input I put in a window ?

  1. #1
    Apprentice
    Guest

    How to find what happens to the input I put in a window ?

    Hello everyone.
    I am new in this website and I am happy to be part of this group.
    I am trying to decrypt a encrypted file used by a lookup program for two weeks.
    I searched google, olly site tuts4you and this site for relevant info. I didn't found anything that I could apply in my case.
    My program is quite large so it is unthinkable to step every instruction.
    When I run it freely and pause after input window being displayed a return instruction gets hilighted.
    When I stepped without going through everything I got to db section and olly asked me if I wanted to place a breakpoint and that it was dangerous ( Suspicious breakpoint ). I was only stepping and didn't doubleclicked any opcodes. When i said no the input window was displayed.
    What I now want to do is follow my input and see what happens to it. So how do I find the input I entered in a program back in olly ? The program shows no. of elements found and displays those elements when I input name of that element. My program has 1 main executable and 2 dlls : 1 does searching and calls other crypt.dll. It also has database file and css file for layout of main executable. Hope you guys can point me my mistake and help me go further.

    Happy reversing
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Quote Originally Posted by Apprentice View Post
    how do I find the input I entered in a program back in olly ?
    Search process memory for your input (with cheat engine) then drop a hardware breakpoint on it

    or make some educated guesses about which api calls would involve your input and place a bp on them (GetWindowText, WM_COMMAND, etc)

    here is some old intro stuff:
    http://www.woodmann.com/crackz/Archives/Crknotes.zip

  3. #3

    As Above

    Why not try using IDA debugger, instead of Olly, assuming the file indeed is encrypted?

    Have Phun
    Blame Microsoft, get l337 !!

  4. #4
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    To answer your question directly, GetWindowTextW and GetDlgItemTextW are the most common APIs for getting your input.
    However, you may also want to break on CreateFileW and/or ReadFile if your goal is to see how your file is getting decrypted.

  5. #5
    Apprentice
    Guest

    Post Appreciated

    Thanks for the reply guys.

    Progress so far :
    Cheat Engine added to my tool-kit.

    Decrypt function found in crypt.dll but unable to decrypt how it actually decrypts (so far)
    It changes crypted code in ram pointed by edi to readable words but not to definitions.

    New discovery : My Dictionary app deinitiates 1 dictionary database and initiates other when I open the app or change databases. Deinit en init are functions in a search dll that in turn calls crypt.dll.
    Why would it have to (de)initiate a database prior to using it ?
    I breakpointed every functions in local dlls and this is what happens my input goes through search-decrypt-search results.

    Working with suggested apis currently. Calls are nested so I'm having trouble to follow them all at a time.

    My intention was to figure out how that app works in order to convert dictionary database into plaintext so that i could use it in more generic app that fits my needs and works with lot other dictionaries.

    Q: What can IDA do that Olly can't ? And why should I consider using it ?

    Regards
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Quote Originally Posted by Apprentice View Post
    Q: What can IDA do that Olly can't ? And why should I consider using it ?
    Beyond compare disassembler, not that Olly's is bad, but combining that with the ability to use its own debugger, well, its just ... better.

    Have Phun
    Blame Microsoft, get l337 !!

Similar Threads

  1. Creating a window before the main foreground window
    By Maximus in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: October 9th, 2010, 11:07
  2. [HELP] OD 2.0 problems. need your input ! :)
    By TBD in forum OllyDbg Support Forums
    Replies: 1
    Last Post: May 28th, 2003, 10:45
  3. How to find a window procedure ?
    By MrSmith in forum OllyDbg Support Forums
    Replies: 2
    Last Post: March 13th, 2003, 07:38
  4. Need program to read input
    By vgb in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: April 17th, 2002, 02:43
  5. hooking a process's keyboard input
    By 2_a_day in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: March 10th, 2002, 07:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •