Ollydbg handles

[hobferret]

Hi

This may sound like a dumb question but

How the hell do you find a window handle in Olly

SICE was a snitch but I have been trying for the last 30minutes to track mouse activity, like HANDLE XXXX WM_LBUTTONUP but buggered if I can work it out

Someone out there must be able to tell me before I go absolutely crazy

Before you flame me JMI it's probably just another synapse failing to fire

/hobferret

[Shub-Nigurrath]

really dumb: there's a nice "W" button, no shourtcut for it.

[JMI]

hobferret:

Those of us old enough to have "synapses failing to fire" should stick together. I see only 2 problems with the survival of our "group."

1. Most of the time when my "synapses fail to fire" I can't remember who "I" am.

2. The rest of the time a can't remember who the rest of the members of the group are.

Ah well. Such is life for we older folks.

Regards,

[hobferret]

Hey Shub Nigurrath

I know about the "W" button, I will try to explain a bit more

When I have a messagebox on the screen and then try to press the "W" button all that happens is the messagebox flashes

So what the hell am I doing wrong

Was assuming there must be another method of doing it

Tried it with Olly always on top and with "floating windows"

And JMI my friend I just can't remember anything

/hobferret

[Shub-Nigurrath]

well from your explanation I cannot really understand what happens..the only thing that come to my mind is to try the WindowInfo plug, which you can find in the stuph Olly's page or break in the usual APIs which are always called to show any window.

[hobferret]

Quote:

Originally Posted by Shub-Nigurrath

well from your explanation I cannot really understand what happens..the only thing that come to my mind is to try the WindowInfo plug, which you can find in the stuph Olly's page or break in the usual APIs which are always called to show any window.

OK Shub

Will try the plugin, have already tried breaking on "ShowWindow" and "DestroyWindow" but for some weird reason it then breaks in miles of obfuscated code

Thanks

/hobferret

well since you are talking about a messagebox i can possibly hazard a guess
a messagebox that has pushed its owner window handle and the Flag MB_APPLMODAL
wont let you do anything with the owner window unless you have disposed the messagebox i feel that is what you are experiencing

edit
well to reinforce i cooked up a small code

you wont be able to do anything with the parent
ie if you copy paste this to your desktop and execute it from there
you wont be able to click open you MYComputer mydocuments etc

Code:

.386
.model flat, stdcall
option casemap:none
include       \masm32\include\windows.inc
include       \masm32\include\kernel32.inc
includelib    \masm32\lib\kernel32.lib
include       \masm32\include\user32.inc
includelib    \masm32\lib\user32.lib

.data
MsgCaption      db "Iczelion's tutorial no.2",0
MsgBoxText      db "Win32 Assembly is Great!",0

.code
start:
      
             invoke GetForegroundWindow      
	invoke MessageBox, eax,addr MsgBoxText, addr MsgCaption, MB_OK
	invoke ExitProcess,NULL
end start

[nikola]

There are few plugins for this. Like WindowJuggler by EsseEmme and WindowInfor by DDM/FFF

sure there are plugins nikola but what is the use if you cant use them or even click open the plugins menu may be you should download the attachment load it in olly and then f9 to execute it and then try getting the
plugin menu active
now if you reply "well so you can use sysinternals process viewer or ms spy++ or prcview to find the handles externally " i have no counter argument to that

[hobferret]

Hi JuneMouse

I understand what you are saying, a messagebox that has pushed its owner window handle, had tried that also but still failed to get a break

Have only just realized that the WindowJuggler plugin needs to be activated before you run the program

To Shub, can't get any joy with windowinfo plugin at all

The trouble really is that along with JMI we are both that old not only does the computer think faster than us the worms do too

No offense JMI mate

/hobferret

[JMI]

I learned a long, long time ago not to take offense at what people say. If they say something worthy of a retort, I just try to be somewhat clever about it. And no one has said anything in this thread which even appears to be trying to be offensive.

It's amazing how frustrated people get when they discover they can't get you angry or hurt your feelings.

Another thing I also learned a long, long time ago was that when I deserve to be corrected about something, I should try to have the good sense to accept it with some simple grace. That also really annoys people who want to get you down.

And Hobferret you just need to learn how to outsmart the dang computers. It's really simple to prevent them from thinking faster than we do. Just keep a really, really old computer running around the house and use it once in a while to reassure yourself you still have "personal computing" speed faster than a simple piece of silicone. And if that fails, take a very large hammer and show it just who's still Boss around there.

Regards,

[hobferret]

Hey JMI

You are too clever for me, I am always outsmarted by the board

Dang computers, well there's a thing. Like I said before I'm in England now and dont have an old Dang; however I do have an old Amstrad laptop that goes about 10 cycles a second so I will have to try that

Remember what I said over on exetools, I was fast enough to dodge the lead at the Battle of Second Bull Run, or Second Manassas, whichever side you want to be on. 1862 seems a long time ago now, no wonder I can't think fast enough at my age

/hobferret

JMI have you stopped reading the forum posts ??
how come these two here are posting dud posts to increase thier post count ??
is it an official post count scam racket *
one is gonna be a vvip and other will become vip if they are allowed to continue
in this manner
your urgent intervention is required to stop the ghosts from posting old tales from 1847

*
well i increased my post count by one in the process

[JMI]

Where? Where is this happening? I didn't "see" it. Where are those dang spectacles???

And hobferret, according to the movie "National Treasure", that's not all that's buried "in Christ Church cemetary PA."

Regards,

[hobferret]

JMI amigo mio

Will have to get my spectacles out, the good pair and check, because I thought I had the one and only original copy of the Declaration of Independence

Justin Bartha has disappearing spectacles, did you notice it in the movie, one shot they are there and the next they have disappeared.

It's only a little banter JuneMouse, although my mouse does not have a month, just Microsoft.

We have done stuff like this before on exetools so don't panic about being a VIP+, I don't mind being a noob

/hobferret