Hi,
my goal is to force swf animations to render in 'low quality'. If you right click in your browser on a swf animation there's a 'quality' menu with three entries (low, medium, high). It always starts with 'high' setting. I want to change that.

I opened the swf Firefox Plugin with RessourceHacker (see attached picture) and there are some IDs for the specific functions. Can these IDs be of help finding a good breakpoint for olly when i choose one of these options?

I want olly to break when i select one of these 'high', 'medium' or 'low' functions but i don't know how. I'm unexperienced with window messages and need a hand here.

Any ideas what's the breakpoint command in olly to catch menu entries and how to achieve the right handles?


RessourceHacker Picture:
http://img168.imageshack.us/img168/2650/reshackpc6.png

The selection of API that could be involved in this situation is rather large, if you take into account that a variety of intermediate frameworks (For instance MFC) may be doing the API calling.
An good starting point is translating the menu item IDs from dec to hex (i.e 20035 == 0x4E43) and look for instructions that push these constants into the stack, or load them into registers, as a preamble to doing something with the menu items.

You should land in the vicinity of the action. . .

I binary searched for 0x434E (needed to be swapped) and found 2 occurrences. Both deal with 'CheckMenuItem' and are responsible for the checkmark sign (preselected item) when the menu opens but i couldn't find any reference to the action.

Shouldn't it be something like a breakpoint in the WndProc to intercept the window message that will be sent when i activate an item? I'm currently in the .dll context. Would i need to change to the main application (firefox.exe) for that?

Need some sleep first...

The "high quality" default actually comes from the html object or embed tag parameter. "PARAM NAME=quality VALUE=high"
You could save yourself a bunch of time by just creating a greasemonkey script to replace the flash parameter for quality

Replace "PARAM NAME=quality VALUE=high"
With "PARAM NAME=quality VALUE=low"

Greasemonkey 0.7.20080121.0 addon
https://addons.mozilla.org/en-US/firefox/addon/748

Edit: Someone already did it...
Force flash quality
http://userscripts.org/forums/2/topics/1792

Another one here:
http://www.sephiroth-j.de/1/mozilla/

If you still want to RE it though... I would use a memory searcher like Tsearch or Cheat Engine and see what value/s change when you toggle the menu from low to high. You may come up with a few memory values. Toggle each individually to find the right one.
Next, attach a debugger and set a hardware memory-read breakpoint on that place in memory to find out what code is reading that value. If it's being read from a few different places... examine each of them and edit whatever conditional jumps that this value effects. you should see immedietly when you have found the right one. I would use the Flash Player rather than a browser to simplify things.