Results 1 to 9 of 9

Thread: button enabling delay

  1. #1
    mancini
    Guest

    button enabling delay

    in a c++ aplication with a single window there is a start button that has a 30 seconds delay (it is grayed out for 30 seconds after you start the program)
    i have read Lord Soth's menu-items tutorial and the references on menuitems from the TORN@DO cracker's notes
    now . i have tied a lot of things and all unsuscesfull but i allways ended back at this paradoxal thing (to me)
    i load the program wait some 5 seconds till it finishes loading (still 25 seconds to go till the button is enabled) then go in softice and put brekapoints on all menu handling api's i found in this particular program's import table :
    deletemenu
    destroymenu
    checkmenuitem
    enablemenuitem
    modifymenu
    modifymenua
    loadmenua
    getmenustate
    getmenu
    getmenuitemcount
    getmenuitemid
    trackpopupmenu
    appendmenua
    and still at the 30 second the button is ungrayed but without softice breaking on any of those breakpoints

    (btw the program does not show a counter of any sort of how manny seconds remain or anything)

    zipped below are text files with all imports from this program
    could i miss a api i should have breakpointed or sould it be another cause ?
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Hi Mancini,

    You say the start button is grayed out for 30 seconds. Unless the button control has a menu counterpart, menu related APIs won't be being used here, though that's a good list of them. The program may be doing it in a couple of ways. Like many reversing problems, understanding how something may be coded at the system level is the first step in figuring it out. The Win32 programmers guide (or *much* better the MS SDK), and an API monitor are invaluable. From the guides can be found the basic ways in which a control can be created and how it can be modified. From this information can be devised a strategy for dealing with the problem by accessing the APIs or Windows messages.

    The control may be being loaded from the resource file or being created in code. If it doesn't exist in a resource editor then it's probably the latter. If it's the latter it may show up in the Softice 'hwnd <task>' list. If you've got a hWnd for it then you've got control over it with BMSG message breakpoints, if not then there are APIs.


    This sounds like a delayed Dialog box splash screen or something. The program may be creating the pushbutton with CreateWindow and the WS_DISABLED (equ 8000000h) style, and using the EnableWindow API or the WM_ENABLE message to control it. You could start by checking the CreateWindow calls and see if it's apparent there is a separate control being created for the pushbutton.

    By using a SendMessage call it's easier to hide the fact that the control is being handled. You can monitor a call like this for the proper control Id and check for the WM_ message being sent. I haven't checked this code, but I think something like this could be used

    invoke GetDlgItem, hDlg, ControlID
    ; returns handle of dialog box control in eax

    invoke SendMessage, eax, WM_ENABLE, FALSE, 0
    ; WM_ENABLE equ 0Ah

    -------------------------

    Another way would be to create the control during the WM_INITDIALOG message as the dialog box is being created, as an ownerdrawn button with the BS_OWNERDRAW (equ 0Bh) style of a CreateWindow call. If so, the ownerdrawn control would use a SendMessage call with the WM_DRAWITEM notification code to modify the look and function of the control. This might be called like this:

    invoke SendMessage, hDlg, WM_DRAWITEM, ControlID, offset lpDRAWITEMSTRUCT

    The WM_DRAWITEM message is sent to the parent window of an owner-drawn button, combo box, list box, or menu when a visual aspect of it has changed. The last parameter, which would be the first pushed in the SendMessage call, contains a pointer to a DRAWITEMSTRUCT structure which can be used to control the look and function of the control. One of the flags that can be set is for ODS_DISABLED (equ 4h) - The item is to be drawn as disabled. This flag may be being set in a separate instruction that you can change.


    Putting together all this API info, you can devise a strategy for finding where the button is being created and how it may be being controlled. If this was a toolbar button then it might be being handled with the specific Windows message TB_ENABLEBUTTON. You could modify the CreateWindow call to create the button enabled to start with, but this won't necessarily enable the function of it if more code is being controlled by the 30 second timer. Again, a WM_TIMER Windows message may be being used if you can't find any SetTimer or KillTimer calls.

    I'd suggest starting with an API monitor and see what calls are actually being used to enable the button after the 30 second interval. Then try a Windows messaging spy such as Borlands WinSight, ISpy or similar and see if you can detect any suspicious messages being used. This should lead you to the timer function as well. Once you've found it it's usually easy to deal with.

    Post if you have problems, hope this helps.

    Kayaker

  3. #3
    Athlon
    Guest
    Kayaker where can I get the MS SDK?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Athlon, you can browse the Platform SDK Windows API reference online at

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winprog/winprog/functions_by_category.asp

    or d/l it from

    http://www.microsoft.com/msdownload/platformsdk/sdkupdate/

    It's something like 350 MB total, 190MB for the core SDK, but I think it can be d/l in bits and pieces depending on what you want out of it. The important stuff I've isolated for general work, some 92 .chm files takes about 100MB uncompressed. You'll have to see what's available and what you can afford downloading.

    Kayaker

  5. #5
    Athlon
    Guest
    Is the SDK only for XP
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Snatch
    Guest
    Heh reversers I have noticed know jack about programming. Too bad. The SDK is pretty much the same for all OS's because the API is almost identical. The DDK on the other hand is much different.

    Snatch
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    cHeCksUm
    Guest
    I might not know jack about programming but I know a programmer named Jack... no really I do ..... Yeah I know off-topic.... just had to.

    // cHeCksUm
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Paul333
    Guest
    Kayaker thanks for your reply .i learned from it and wish all replies where in depth like this

    paul333
    Last edited by Paul333; September 10th, 2002 at 04:31.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Thank you and you're welcome Paul333, you just made it all worth while by the fact that you learned something. It's what we need to do, keep passing on the knowledge, that's what it's all about.

    Kayaker

Similar Threads

  1. enabling flash item
    By aeon in forum The Newbie Forum
    Replies: 10
    Last Post: February 6th, 2008, 03:18
  2. enabling missing option
    By Towelie in forum The Newbie Forum
    Replies: 5
    Last Post: August 17th, 2004, 19:44
  3. 3com firewall VPN enabling
    By Lbolt99 in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: July 11th, 2002, 20:12
  4. Tutz about menu enabling?
    By Inst in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: November 12th, 2000, 18:10
  5. BPX on a button??
    By pupp in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: November 6th, 2000, 19:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •