Heh!!!
No trick of mine it all comes down to the code snippet to break on a message box OK button.
I could not get the extension sdbgext to work in w64 therefore could not employ the !hwnd poi(poi(esp+4)). However, the bp user32!GetMessageW "pt;gc" got me right into the message loop for windows and it was retrieving messages from Device Manager (I presume devmgr.dll).bp user32!GetMessageW "pt;gc"
g
bc *
.load sdbgext
bp @eip ".if (poi(poi(esp+4)+4) == 0x202) {!hwnd poi(poi(esp+4));gc } .else {gc}"
g
I know the message loop processes all messages from user apps but when I was there it was processing only device manager windows messages. Many of them we 0xf messages for wm_paint.
I guess because I was in the context for Device Manager when I activated the OK button, windows must have retrieved the message. It was a 32770 dialog box.
https://docs.microsoft.com/en-us/windows/desktop/winmsg/about-window-classes
I may be all wet but it is my understanding that the window's message loop uses getmessagew and that it is a system thing. It processes any windows message and passes it on to the calling application.
Looked it up:
https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-getmessagew
GetMessageW function
Retrieves a message from the calling thread's message queue. The function dispatches incoming sent messages until a posted message is available for retrieval.
Bookmarks