拦截windows消息（拦截windows消息）.docVIP

拦截windows消息（拦截windows消息） Block Windows messages When the menu item is blocked by the application, SoftIce provides the following: : bmsg, hMenu, wm_command : G : bc* : BPX k23thk1632prolog : G : bc* G: ret Usually comes to the following procedure: XXXX:CALL [KERNEL32! K32Thk1632Prolog]! XXXX:CALL []----- menu entrance point... XXXX:CALL [KERNEL32! K32Thk1632Epilog]! For MASM and VC program tracking, you can find the entry point of the menu processing, and follow the path under 98: 0167:5f401BD1--0167:5F401BFF--0167:5F401C6D CALL [EAX+40] In SoftIce, use : D eax+40 to see the entry address of the menu handler that we care about. But thats where the problem comes: 1) in 2K and XP, SoftIces: HWND application handler is not working! 2) when using breakpoint settings in IDA and OllyDbg, we need to know in advance and pass Resscope, UltraEdit You can find the program entry point in the executable program by looking for relevant information. The process is too complicated! Sometimes it is impossible to find We wanted something program didnt shell a little shame! ~ ~! 3) can IDA and OllyDbg perform dynamic tracking like 98 SoftIce, and they offer a great deal? Referential information. On the static basis, dynamic debugging can better understand the ideas of the analyzed program. 4) when there is no experience, tracking messages with IDA and OllyDbg will get stuck in an infinite message loop Where do we care?!! 5) is there a rule to follow when we find a stop point? Now, step by step, we can see how to solve the above 5 problems, and provide a reference road sign for later people to make them smooth Enter the ranks of the decryption or reverse analysis, as to why ~ ~ ~ this is not to say Get to the point! Example: from the above 5 questions, let us assume a proposition as follows Suppose: after receiving the mouse button in a menu, the response displays a modal template with buttons and other items on it Optional operation. How to implement: in a main process, only the mouse