Results 1 to 5 of 5

Thread: Message Tracking

  1. #1

    Message Tracking

    Hi guys.. what is the best way to track down a Message in a program? The program retrieve a certain WM_ message using PeekMessageA and i need to track down how the message got into the queue...

    BP on SendMessageA and PostMessageA doesnt seem to catch anything and BMSG only breaks in CSRS context :/, not the program's context...

    Thus is there an easy way of observing the Message Queue etc to track down where and how a certain message get into the queue?

    Thanks

  2. #2

    As Above

    You might try:

    1. Spy++
    2. Borland Winsight

    All freely available on the net...

    Have Phun
    Blame Microsoft, get l337 !!

  3. #3
    Thanks Aimless.. i check out those tools and find Winspector real good

    However they dont help me much... the dont tell me the offset of the code/call where the Message is inserted in the queue so i still dont know how the message gets there...
    let me be more specific about the problem...

    This is the piece of code
    Code:
    CODE:00452EA2 6A 01               push  PM_REMOVE             ; wRemoveMsg
    CODE:00452EA4 6A 00               push  0                     ; wMsgFilterMax
    CODE:00452EA6 6A 00               push  0                     ; wMsgFilterMin
    CODE:00452EA8 6A 00               push  0                     ; hWnd
    CODE:00452EAA 57                  push  edi                   ; lpMsg
    CODE:00452EAB E8 2C 55 FB FF      call  PeekMessageA
    CODE:00452EB0 85 C0               test  eax, eax
    CODE:00452EB2 74 75               jz    short loc_452F29
    CODE:00452EB4 B3 01               mov   bl, 1
    CODE:00452EB6 83 7F 04 12         cmp   [edi+MSG.message], WM_QUIT
    CODE:00452EBA 74 66               jz    short bad
    ok so i need to track down how this WM_QUIT gets into the Message Queue but Winspector / Spy++ doesnt even show any WM_QUIT found... yes the message is there when i debug the program with Olly...

  4. #4
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    I find it hard to believe that bpx on SendMessage or PostMessage wouldn't work, but maybe also try PostThreadMessage and PostQuitMessage too..


    -nt20
    Last edited by nikolatesla20; June 7th, 2004 at 10:28.

  5. #5
    Hey Nikolatesla... thanks man.. u nail the bugger... PostQuitMessage is the culprit :/... As a Delphi programmer i should have thought of this earlier ...

Similar Threads

  1. Tracking threads in Olly
    By live_dont_exist in forum The Newbie Forum
    Replies: 10
    Last Post: September 23rd, 2011, 04:41
  2. ERROR Message
    By w_a_r_1 in forum The Newbie Forum
    Replies: 5
    Last Post: August 5th, 2009, 23:31
  3. Reliability of Pseudo Registers in Bug Tracking
    By OpenRCE_adityaks in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50
  4. Tracking problem....Nolan help...
    By Robocop in forum The Newbie Forum
    Replies: 2
    Last Post: December 20th, 2005, 17:44
  5. Message for Clandestiny
    By proxymo in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: November 27th, 2000, 22:35

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •