BP to find the SAVE AS menu

Hi i have working on a program , and have a protection that DISABLES the SAVE button, the program its Proteus 6.7 sp3 , now (thanks a lot of people that teach me HOW ) i have been Enabled the Save as button with the BP EnableMenuItem and change the PUSH 403 to PUSH 400.... But the button DONT SAVE nothing... its that my question.. its there a way to locate the Call or Process to enable the Creation of the file????? any BP that helps me to find the procees where the file its created to try to patch???? i have tried with CreateFile,ShowWindow, etc... but dont works...... Any Idea???
Sorry my Bad English

Regards From Mexico

[Nacho_dj]

Hello Gato negro!

Do you have the full version of that program? Sometimes, the demo does not provide that funcionality, that is, the programmers remove the code of the "save" option in order to not to let you use that program as a full version.

Anyway, I give you the URL where you can find a curious programm called "veo veo" that is able to activate buttons that are inactive in the window you choose:

http://welcome.to/craaaack

It is in spanish, easy for you!

Try it and then tell me!

Cheers from Spain!

¡Qu�� onda, amigo mexicano!

Nacho_dj

Hi Nacho_dj,
Thanks for your fast answer, well i use an app SIMILAr that you give me(veo veo) this calls Windows Enabler , but just enable the button but DONT SAVE... I think that the process or call ITS THERE... Hidden, because this DEMO version can be LICENCED with a Licenced.key.. because have a licence.exe to put the file and regitred the Demo... The program Its Proton 6.7 SP3 , if you put this on google you can find the web.. its easy.. but they dont have us a DIRECT link to download....... the company is labcenter.
Add. Im quit the protection with help of Gabri3l and Kruger, and now have the files patched on EnableMenuItem of th Save button.. now its ENABLED.. but i need to find if its there thr process to Really SAVE on this program.
Regards my frind PAISANO!

[Wannabe]

Don't want to be a partykiller here, but I have also looked into this specific software lately, and can only confirm that all essential code for saving has been removed in the Demo edition
I have come to this conclusion by comparing disassembled code with Lite edition, which do have save enabled.
Regards
Wannabe

Lite edition can be downloaded (direct link) at
hxxp://downloads.labcenter.co.uk/prolite.exe
Demo edition: replace previous prolite.exe with prodemo.exe

THANKS Wannabe,
Where do you find the lite version of proteus 6.7 sp3??????????
Thanks for the help..
Regards From Mexico

Try looking in the WM_COMMAND part of the window procedure.

Thomas

In SoftICE you can set a breakpoint:
BMSG <HWND> WM_COMMAND IF (*(ESP+0C)==<Menu_ID>)
(esp+0xC ponits to wParam)
Usually you can look at MENU resources section of file. Find out an ID of "Save as..." menuitem (for example, ID=1219 (0x4C3))
Run program and determine it's window handle using SoftICE's HWND command or with another program that shows window handle (for example, HWND=0x120F5)
BP will be: BMSG 120F5 WM_COMMAND IF (*(ESP+0C)==4C3)

When you select and click "Save as..." menuitem you'll be dropped into SoftIce at right place. Then you may check out whether the save code is present or not

Thanks ThomasAntony and Amitophia, im trying to do that,, but im using OllyDebug.. how can a imake these BP conditionant on OLLy?????? i make this(thanks Gabri3l and Kruger!!) i have use bp EnableMenuItem and find the menu (i guess :S) :
0022D878 0050ADE4 /CALL to EnableMenuItem from isis.0050ADDE
0022D87C 142B01EF |hMenu = 142B01EF
0022D880 00000000 |ItemID = 0
0022D884 00000403 \Flags = MF_BYPOSITION|3|MF_STRING


Then im trace and to here:
0050ADCF /75 15 JNZ SHORT isis.0050ADE6
0050ADD1 |68 03040000 PUSH 403
0050ADD6 |57 PUSH EDI

And change the 403 for 400 and this enables the menu SAVE as.... but when im run the program DONT SAVE.. thats the problem.. i dont know how to make a bp qhen i do CLick on the SAve as.. to chek if the save menu its there...........
Analizing the File with PEID.. i have found this:
Entrypoint:0014274C EP section:_TEXT
FileOffset:0014094C FirstBytes:55,8B,EC,6A
Linker Info:7.80 SubSystem:Win32 GUI

FOUND:::::::::::::::Microsoft Visual C++

But when im click on extra info, gives me this:
Detected:Microsoft Visual C++
SacanMode :Normal
EntryPoint:6.31 (Not Packed)
EP Check:Packed <-------------THATS WHY I HAVE DUDES
Fast Check:Not Packed

I think that the process of save ITS THERE... but its packed on some form or hide without string references..............

Any idea????????
Regards from mexico..

[amigo]

I haven't seen the prog, but I think the key to problem is to find the SAVEAS proc inside the code - if it exists.
1. the standart API is GetSaveFileName so you have to find the proc with this API in the code and this will be probably the correct proc
2. then you have to look how the procs are linked to buttons (this is compiler-related) - reviewing the structure of procs, which work OK (help, about etc)
So you have to find ABOUT proc in code, and then the structure in disassembly where about button ID and ABOUT proc address are together
3. probably to saveas button the empty demo proc is linked
so it must be replaced with proper address

If GetSaveFileName is not used - maybe there is program own dialog in rsrc section (very rare)
If the saveas proc doesn't exist, you can insert the proc from working version, but because RVA of both versions are probably different - this is much bigger work (full disassembly without errors is needed - to enable reassembly)

Regards
amigo

Thanks AMIGO i guess that the save proc dont exist... i have tried to put the save code.. but isnt easy.... im gonna try

Regards from Mexico