Log in

View Full Version : api getwindowtextA

newbcrk
May 2nd, 2003, 11:26
'llo
Humm ...
i am using the breakpoint getwindowtextA

00401533 E866030000 CALL 0040189E 1er buffer
:00401538 8B4DE0 MOV ECX,[EBP-20]
:0040153B 81C1E4000000 ADD ECX,000000E4
:00401541 51 PUSH ECX > D * ECX = "name"
:00401542 8B4DE0 MOV ECX,[EBP-20]
:00401545 83C160 ADD ECX,60
:00401548 E851030000 CALL 0040189E >2nd buffer
:0040154D 8B55E0 MOV EDX,[EBP-20]
:00401550 81C2E0000000 ADD EDX,000000E0
:0040154D 8B55E0 MOV EDX,[EBP-20]
:00401550 81C2E0000000 ADD EDX,000000E0
:00401556 52 PUSH EDX > D * EDX = "sérial"
:00401557 8D4DE4 LEA ECX,[EBP-1C] > [EBP-1C]= nom -> ECX
:0040155A E839030000 CALL 00401898 > call MFC42
:0040155F 8B45E0 MOV EAX,[EBP-20]

1/I know this

MOV EDI,[ESP+00000220] ; Get Handle of dialog box in EDI
PUSH 00000100 ; PUSH (4) Max size of string
PUSH 00406130 ; PUSH (3) Address of buffer for text
PUSH 00000405 ; PUSH (2) Identifier of control
PUSH EDI ; PUSH (1) Handle of dialog box
CALL GetWindowText ; CALL the function

2/ I see the call and I m waiting at the parameters push 1-2-3-4
Why don't they appear above my 2 call ?

Thanks



Rackmount
May 2nd, 2003, 16:25
Hi:

Is this where you arrived in the break, or where you landed after you hit F-12 to return from called function? If the first, then you will need to return from inside the function (hit F-12) to see the parameters passed to the function from outside. I see no reference in your code snippet to getwindowtext function...you may be in a few layers from the call in your proggie. It seems that when SICE breaks for me I usually see the API I am breaking on referenced somewhere in SICE window, if not, hitting F-12 will usually bring it around within a few tries. Hope this helps more than confuses (heck I got confused writing this...or maybe I just was born this way...who knows..lol)

Rackmount
newbcrk
May 3rd, 2003, 05:36
Well ,
I landed after I hit F-12 to return from called function and quit the user32 and MFC42.dll of windows .Finnaly I landed in my target
I hit d ecx and find my false code with a memory adresse in my wd but I don't understand the correspondance between the adresse of the wd and the lot of adresse of ecx in the wc .