Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Hi all,
I have a delphi program with some beautifull buttons (conteined into some TPanel).
I'd like to jump into assmbly on WM_LBUTTONUP ...but I can't.
I have used spy++ to debug window messages on that button.
When I click on that button I find:
- window handle: 00160270
- Message 0202 (Posted) WM_LBUTTONUP
- wParam: 0000000
- lParam: 00100038
So I have set on ollydbg a conditional break point (with 'Message Breakpoint on classProc'
[ESP+4]==00160270 && [ESP+8]==WM_LBUTTONUP
I think I have done everything right but ... when I click on this damn button olly did not jump into assembly.
Can anyone help me ?
What I have done wrong ?
Thank you all in advance.
Thank you deepzero,
but what do you mean (more in details) when you say 'LBUTTONUP handling on your own and bp it'.
How can I do it ?
thanks in advance.
- break in the Callback
- manually set the values to that it seems like a LBUTTONUP message is handled
- trace to see where that specific message is handled
- bp where the message is handled
Hi again deepzero,
I think you have much much more knowledge than me.
The callback is the winproc associated with my button ? How can i get this function ?
The ollydbg Window form don't give me that value.
[quote]The callback is the winproc associated with my button ?[/QUOTE]
i dont have olly here, but i think the window-list should give you the callback. Alternatively you can use Microsofts Windows spy.
Or you hit the button, pause the application and try to find the callback on the stack. Or you breakpoint CreateWindow(), and try to guess from the paramters which window is being created.
I'd check the olly window again and then try ms window spy.
I have got the winproc address from spy++.
I have found:
- window handler: 00020272
- winProc: 00DF0FA1
so I have done this operaion
1. I have created a conditional bp to break into button.click event
bpx TranslateMessage && [EDX+4] == 202
2. I have created a bp on winprocAddreess and actually the code has gone from dispatchMessage to the winproc.
But (there is a but) it seems that at the winproc address there is not a winProc function.
This is what I have found
you can try the upx unpacker in cff explorer, but any UPX is very easy to unpack manually.
I also know that at least one delphi decompiler (dede?) dumps the code at runtime itself.
Indeed - if it's a delphi target you will want to go via a decompiler.
Hi all,
I have used:
- UPX but I have got this error: CantUnpackExecution file is modified/hacked/protected; take care!!! (with three exclamation mark)
- Dede has told me 'dump successfull' but it gives error when decompile the project
- cff Explorer: I don't where can I find it
I have used IDA pro to decompile the project but something goes wrong (...the IAT is located in a non standard location...)
So here I am.
I can't break into winproc and I can't unpack the exe.
Game over ?
