Log in

View Full Version : Finding resource call in program

uad782
December 12th, 2008, 16:39
Hi,

I am trying to find where a resource (either a menu item or dialog) is called. I have used resource hacker to get the ID of the menu item and the dialog but when I search the DLL I cannot find any reference to the hex number that identifies the resources.

For example if the number is 231 I have been searching for both 231 and push 231 in the DLL to no avail. I cannot break on the menu item as it is currently greyed out.

Does anyone have any ideas how I can find where this menu item is called or the dialog is called from using the number/identifier of the resource.

Thanks

Dave
Kayaker
December 13th, 2008, 01:07
Hi

Try reading the theory within these, you may be able to solve the problem with the knowledge of how menu items are handled.

http://www.woodmann.com/fravia/Clandestinity_MixVibes.html

Menu Enabling Project
http://www.woodmann.com/forum/showthread.php?t=126
WaxfordSqueers
December 13th, 2008, 11:55
Quote:
[Originally Posted by uad782;78210]I am trying to find where a resource...


After you read up on what Kayaker pointed to, try to define your problem better. Is this a resource in a normal program or in a protected program? If the app is protected, ask yourself what you'd do if you were trying to hide a resource ID. Sometimes in resource hacker, you'll find several references to the same resource ID and menu ID. What's that about?

Resource hacker is helpful for getting the ID number but often doesn't tell you a lot. IDA is much better for finding resource ID's, but if the author doesn't want you to find it, there are different ways he can hide it from you. For example, it might be hidden in a data section, or even in the code section, with a pointer to it rather than listed directly with a PUSH.

Also, if a menu item is disabled, the code supporting it could have been removed, yet it will show up in resource hacker because it reads the resource section in the code. Many items are listed in the resource section that have no code reference.

When you click on a menu item with a mouse, many windows messages are sent out. You need an app like SPYXX that will tell you what messages are being sent and what window is receiving them. Using a BMSG on a message ID or a BPX on a hwnd you can intercept the messages and trace them to where they are going. Don't forget that a programmer can create custom messages, but SPYXX will reveal them.