Simulating a Button Push

Hello im currently working on cracking Typer Shark Deluxe 1.02.
The serial method is way long and so I've decided to brute-force it.

Here's what I've acomplished so far:
Make it accept all serials.
Remove the Length Check so you don't have to enter a serial.

Now what I need to know is if you can simulate a button push.
I know where the call starts, and everything, but if I jump to it say, right before the "Register" text shows up, or any other place i've tried, I get a read access error.

Is this possible?

[dyn!o]

Of course you can do it: WM_LBUTTONDOWN/WM_LBUTTONUP.

Regards.

I'm not sure I fully understand what you're asking, but.. If you know the window handle of the button, you can send it the BM_CLICK message -- "An application sends a BM_CLICK message to simulate the user clicking a button. This message causes the button to receive the WM_LBUTTONDOWN and WM_LBUTTONUP messages, and the button's parent window to receive a BN_CLICKED notification message."

hxxp://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/commctls/buttons/buttonreference/buttonmessages/bm_click.asp

Easiest way would be to find the window using the windows API FindWindow and FindWindowEx. Then you should use something like

SendMessage(hwnd, WM_KEYDOWN,VK_RETURN,0);
SendMessage(hwnd, WM_KEYUP, VK_RETURN,0);

in delphi

Code:

//
// symulacja klikniecia lewym kneflem myszki
//
procedure SingleClick(X: Integer; Y: Integer; SaveOriginal:Boolean = False);
var mousepos:TPoint;
begin

  // pobierz oryginalne polozenie kursora
  if SaveOriginal = True then GetCursorPos(mousepos);

  // ustaw pozycje kursora myszki
  SetCursorPos(X, Y);

  // symuluj nacisniecie lewego klawisza myszki
  mouse_event(mouseeventf_leftdown,0,0,0,0);

  // symuluj podniesienie lewego klawisza myszki po kliku
  mouse_event(mouseeventf_leftup,0,0,0,0);

  // przywroc oryginalne polozenie kursora
  if SaveOriginal = True then SetCursorPos(mousepos.X, mousepos.Y);

end;

[dyn!o]

Bart: I suppose Lilmeanman asked abour more "generic" idea.

Your one is good... assuming we know the screen resolution and button box coordinates

"Knefel" = przycisk? Hmm....

Regards.

[FEARHQ]

What I used to do in such a case is send a WM_COMMAND to the parent, but I had to have known the button id to accomplish this. It's no big deal to find it but it's not generic enough. the WM_MOUSE messages are good too, since they are relative (as I remember?) to the upper left of the parent window and do not steal mouse cursor. If you resize your window however, you are thourougly screwed. WM_CLICK seems perfect, as you can *easily* get the handle of the button, you just have to ask windows nicely for it I guess it pays to read the msdn library. Thanks Satyric0n!

Sorry im such a newbie at all of this, but would I put the WM code at the end of the program?

And then jump to it when the program is at a safe place?

I'm not very good at ASM and most of the tutorials out there suck, so im sorry for being such a newb.

[bilbo]

Hi, lilmeanman / FEARHQ,

here is a C program which will do the job...
Compile from DOS prompt with command "cl click.c"
Run the resulting CLICK.EXE from DOS prompt attaching the button name (e.g. "ok") as command parameter.

Code:

// CLICK.C -- written by bilbo -- 15feb05

#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "user32")

#define WM_CLICK 0xF5

BOOL CALLBACK
EnumWindowsProc(HWND hwnd, LPARAM caption)
{
	char name[128];

	if (GetClassName(hwnd, name, 127) && !strcmp(name, "Button")) {
		GetWindowText(hwnd, name, 127);
		if (!stricmp(name, (LPSTR)caption)) {
			printf("Found Button with handle %x\n", hwnd);
			SendMessage(hwnd, WM_CLICK, 0, 0);
			return FALSE;  // done
			}
		}

	EnumChildWindows(hwnd, EnumWindowsProc, (WPARAM)caption);
	return TRUE;
}

void
main(int argc, char **argv)
{
	if (argc != 2) {
		printf("usage: %s button_caption\n", argv[0]);
		return;
		}

	EnumWindows(EnumWindowsProc, (LPARAM)argv[1]);
}

Strangely enough the message WM_CLICK is not defined in Microsoft includes!!!
So I have defined it at start of the program.

To test the program, you can run Calculator: in that app, each key is a different button... You can press calc keys remotely (e.g. "click 1" "click +")...

Regards, bilbo

hehe thanks bilbo
for that equ
i had to wade through WM_USER+ the messages in the range of 0xb00
if the project was build with bcbuilder

to find the message that simulates a click on buttons
this equate makes the work easy

where did you dig it out from
coz sending two concurrent WM_LBUTTONDOWN AND WM_LBUTTONDOWN
OR WM_COMMAND to buttons failed many times and i
could never see this WM_CLICK anywhere
so i was forced to dig into many apps to find the exact message that handles
like 0xbd11 blah blah and send that message

i just transformed one of my masm template

Code:

.const 
WM_CLICK equ 0f5h

invoke PostMessage,NagButtonHandle,WM_CLICK,NULL,NULL

works flawlessly for a button that handled ony 0bd11h message

btw Doesnt SendMessage Create problems like not getting closed
till the original exe returns ???
i had problems with it and i converted my self to PostMessage

[bilbo]

Quote:

Originally Posted by JuneMouse

where did you dig it out from

I googled for WM_CLICK and only 141 hits came out, some of them with the equate. I don't know who discovered it (I browsed all the hits without success), and I'm surprised that that message has not yet been documented by Microsoft!

Quote:

Originally Posted by JuneMouse

Doesnt SendMessage Create problems like not getting closed till the original exe returns ???

I didn't find the problem you are reporting... Maybe BCBuilder sub-classes the standard button class???

Regards, bilbo

You probably didn't get many hits because it's BM_CLICK not WM_CLICK See Satyric0n's post above.

[JMI]

He would have found only 281 hits for "BM_CLICK."

This one might be of interest:

http://www.minigui.com/api_ref/group__ctrl__button__msgs.html

and the part where it states:

Define Documentation

#define BM_CLICK 0xF0F5
Simulates the user clicking a button.

An application sends a BM_CLICK message to simulate the user clicking a button.

BM_CLICK

wParam = 0;
lParam = 0;

Definition at line 822 of file control.h.


That seems to make the "definition" of BM_CLICK and WM_CLICK seem somewhat similar. At least in this case.


Regards,

[bilbo]

Thanks, Jackal / JMI,

that was another gross failure of my memory!

I would have known that, since a CLICK is a message specific to Buttons,
it must not be searched under WM_xxx (generic Windows messages),
but under BM_xxx (Button messages).

And that is in fact the place where it is documented by M$,
in their SDK, along with other:

Button Control Messages (BCM_GETIDEALSIZE, BCM_GETIMAGELIST, BCM_GETTEXTMARGIN,BCM_SETIMAGELIST, BCM_SETTEXTMARGIN)

Button Control Notifications (BCN_HOTITEMCHANGE)

Button Messages (BM_CLICK, BM_GETCHECK, BM_GETIMAGE, BM_GETSTATE,BM_SETCHECK, BM_SETIMAGE,BM_SETSTATE,
BM_SETSTYLE)

Button Notifications (BN_CLICKED,BN_DBLCLK, BN_DOUBLECLICKED, BN_KILLFOCUS,BN_SETFOCUS, BN_DISABLE, BN_HILITE, BN_PAINT,BN_PUSHED,BN_UNHILITE,BN_UNPUSHED)

BM_CLICK is defined in winuser.h (for MSVC) as

Code:

#define BM_CLICK           0x00F5

and in windows.inc (for MASM32) as

Code:

BM_CLICK                             equ 0F5h

Regards, bilbo

By the way, the site you dug out is very interesting, JMI!
They (our chinese colleagues) are offering a full GUI (with some sources) multi-platform and not depending on GDI32/WIN32K...

[EDIT JMI: Master bilbo: Slightly adjusted your post so that it didn't run outside the normal window view and all shows without the scroll sideways.]

[EDIT bilbo: Thanks, JMI, I do not how could it happen!]

Ok this really isn't helping much because I get how you simulate it, yet I don't get how I can insert and run that C code when Typer Shark starts.

Maybe someone can download it and help me a bit (www.popcap.com)