Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page olly plug-in monitor keystrokes
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-03-2011, 05:56
n0ital n0ital is offline
Friend
  
Join Date: Sep 2003
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
n0ital Reputation: 0
olly plug-in monitor keystrokes
Hey all,

Is there an Olly plug-in that monitors keystrokes and displays mem location where they are originally stored?

tnx
Reply With Quote
  #2  
Old 12-03-2011, 21:00
Kerlingen Kerlingen is offline
VIP
  
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 309 Times in 96 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Could you add some more explanation to your question? What do you want to achieve exactly?

Your text reads like you would like to have a breakpoint when somebody calls GetWindowText or similar. The real keystrokes are not accessible by applications, because they are handled deep inside kernel code and are passed down to the application in message queues.
Reply With Quote
  #3  
Old 12-06-2011, 10:23
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
  
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 260
Rept. Given: 77
Rept. Rcvd 85 Times in 38 Posts
Thanks Given: 147
Thanks Rcvd at 336 Times in 114 Posts
Fyyre Reputation: 85
Find WndProc in the app you are debugging... ( look for call to GetMessage, or PeekMessage ) there will be a switch/case block near by, check for WM_KEYDOWN, WM_CHAR, WM_Input...

example for WM_KEYDOWN ..; wParam will hold the virtual key code, (lParam & 0xffff) will be the scan code of the key pressed.

Also you can check for functions such as GetKeyState, GetAsyncKeyState, etc, and break there.

-Fyyre

Quote:
Originally Posted by n0ital View Post
Hey all,

Is there an Olly plug-in that monitors keystrokes and displays mem location where they are originally stored?

tnx
__________________
Best Wishes,

Fyyre

--

https://github.com/Fyyre
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 04:57.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )