in a c++ aplication with a single window there is a start button that has a 30 seconds delay (it is grayed out for 30 seconds after you start the program)
i have read Lord Soth's menu-items tutorial and the references on menuitems from the TORN@DO cracker's notes
now . i have tied a lot of things and all unsuscesfull but i allways ended back at this paradoxal thing (to me)
i load the program wait some 5 seconds till it finishes loading (still 25 seconds to go till the button is enabled) then go in softice and put brekapoints on all menu handling api's i found in this particular program's import table :
deletemenu
destroymenu
checkmenuitem
enablemenuitem
modifymenu
modifymenua
loadmenua
getmenustate
getmenu
getmenuitemcount
getmenuitemid
trackpopupmenu
appendmenua
and still at the 30 second the button is ungrayed but without softice breaking on any of those breakpoints

(btw the program does not show a counter of any sort of how manny seconds remain or anything)

zipped below are text files with all imports from this program
could i miss a api i should have breakpointed or sould it be another cause ?

Hi Mancini,

You say the start button is grayed out for 30 seconds. Unless the button control has a menu counterpart, menu related APIs won't be being used here, though that's a good list of them. The program may be doing it in a couple of ways. Like many reversing problems, understanding how something may be coded at the system level is the first step in figuring it out. The Win32 programmers guide (or *much* better the MS SDK), and an API monitor are invaluable. From the guides can be found the basic ways in which a control can be created and how it can be modified. From this information can be devised a strategy for dealing with the problem by accessing the APIs or Windows messages.

The control may be being loaded from the resource file or being created in code. If it doesn't exist in a resource editor then it's probably the latter. If it's the latter it may show up in the Softice 'hwnd <task>' list. If you've got a hWnd for it then you've got control over it with BMSG message breakpoints, if not then there are APIs.


This sounds like a delayed Dialog box splash screen or something. The program may be creating the pushbutton with CreateWindow and the WS_DISABLED (equ 8000000h) style, and using the EnableWindow API or the WM_ENABLE message to control it. You could start by checking the CreateWindow calls and see if it's apparent there is a separate control being created for the pushbutton.

By using a SendMessage call it's easier to hide the fact that the control is being handled. You can monitor a call like this for the proper control Id and check for the WM_ message being sent. I haven't checked this code, but I think something like this could be used

invoke GetDlgItem, hDlg, ControlID
; returns handle of dialog box control in eax

invoke SendMessage, eax, WM_ENABLE, FALSE, 0
; WM_ENABLE equ 0Ah

-------------------------

Another way would be to create the control during the WM_INITDIALOG message as the dialog box is being created, as an ownerdrawn button with the BS_OWNERDRAW (equ 0Bh) style of a CreateWindow call. If so, the ownerdrawn control would use a SendMessage call with the WM_DRAWITEM notification code to modify the look and function of the control. This might be called like this:

invoke SendMessage, hDlg, WM_DRAWITEM, ControlID, offset lpDRAWITEMSTRUCT

The WM_DRAWITEM message is sent to the parent window of an owner-drawn button, combo box, list box, or menu when a visual aspect of it has changed. The last parameter, which would be the first pushed in the SendMessage call, contains a pointer to a DRAWITEMSTRUCT structure which can be used to control the look and function of the control. One of the flags that can be set is for ODS_DISABLED (equ 4h) - The item is to be drawn as disabled. This flag may be being set in a separate instruction that you can change.


Putting together all this API info, you can devise a strategy for finding where the button is being created and how it may be being controlled. If this was a toolbar button then it might be being handled with the specific Windows message TB_ENABLEBUTTON. You could modify the CreateWindow call to create the button enabled to start with, but this won't necessarily enable the function of it if more code is being controlled by the 30 second timer. Again, a WM_TIMER Windows message may be being used if you can't find any SetTimer or KillTimer calls.

I'd suggest starting with an API monitor and see what calls are actually being used to enable the button after the 30 second interval. Then try a Windows messaging spy such as Borlands WinSight, ISpy or similar and see if you can detect any suspicious messages being used. This should lead you to the timer function as well. Once you've found it it's usually easy to deal with.

Post if you have problems, hope this helps.

Kayaker

Kayaker where can I get the MS SDK?

Athlon, you can browse the Platform SDK Windows API reference online at

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winprog/winprog/functions_by_category.asp

or d/l it from

http://www.microsoft.com/msdownload/platformsdk/sdkupdate/

It's something like 350 MB total, 190MB for the core SDK, but I think it can be d/l in bits and pieces depending on what you want out of it. The important stuff I've isolated for general work, some 92 .chm files takes about 100MB uncompressed. You'll have to see what's available and what you can afford downloading.

Kayaker

Is the SDK only for XP

Heh reversers I have noticed know jack about programming. Too bad. The SDK is pretty much the same for all OS's because the API is almost identical. The DDK on the other hand is much different.

Snatch

I might not know jack about programming but I know a programmer named Jack... no really I do ..... Yeah I know off-topic.... just had to.

// cHeCksUm

Kayaker thanks for your reply .i learned from it and wish all replies where in depth like this

paul333

Thank you and you're welcome Paul333, you just made it all worth while by the fact that you learned something. It's what we need to do, keep passing on the knowledge, that's what it's all about.

Kayaker