Thread: BP to find the SAVE AS menu
View Single Post
  #8  
Old 04-03-2005, 05:19
Gato_negro
 
Posts: n/a
Thanks ThomasAntony and Amitophia, im trying to do that,, but im using OllyDebug.. how can a imake these BP conditionant on OLLy?????? i make this(thanks Gabri3l and Kruger!!) i have use bp EnableMenuItem and find the menu (i guess :S) :
0022D878 0050ADE4 /CALL to EnableMenuItem from isis.0050ADDE
0022D87C 142B01EF |hMenu = 142B01EF
0022D880 00000000 |ItemID = 0
0022D884 00000403 \Flags = MF_BYPOSITION|3|MF_STRING


Then im trace and to here:
0050ADCF /75 15 JNZ SHORT isis.0050ADE6
0050ADD1 |68 03040000 PUSH 403
0050ADD6 |57 PUSH EDI

And change the 403 for 400 and this enables the menu SAVE as.... but when im run the program DONT SAVE.. thats the problem.. i dont know how to make a bp qhen i do CLick on the SAve as.. to chek if the save menu its there...........
Analizing the File with PEID.. i have found this:
Entrypoint:0014274C EP section:_TEXT
FileOffset:0014094C FirstBytes:55,8B,EC,6A
Linker Info:7.80 SubSystem:Win32 GUI

FOUND:::::::::::::::Microsoft Visual C++

But when im click on extra info, gives me this:
Detected:Microsoft Visual C++
SacanMode :Normal
EntryPoint:6.31 (Not Packed)
EP Check:Packed <-------------THATS WHY I HAVE DUDES
Fast Check:Not Packed

I think that the process of save ITS THERE... but its packed on some form or hide without string references..............

Any idea????????
Regards from mexico..
Reply With Quote