Hi all,
I have a program with two text boxes, six radio buttons and two push buttons and I am trying to see what I have put into the text boxes.

Using softice, I have set breakpoints on getdlgitemtext, getdlgitemtexta, getdlgitemint & getdlgiteminta none of which produces a breakpoint when I click OK. The only one that seems to work is getwindowtexta but there something strange about it – since according to the WinAPI guide, it's function is:

int GetWindowText(
HWND hWnd, // handle of window or control with text
LPTSTR lpString, // address of buffer for text
int nMaxCount // maximum number of characters to copy
);

so to find the value of the textbox when softice breaks I used:
bpx getwindowtexta DO “d ESP->8;”

but the program breaks several times and each time I get exactly the same memory location, so to me that cannot be breaking on either of the textboxs....... can it???????

It does seem strange to use getwindowtexta but it appears the only one that softice breaks on yet doesn't yield the results.

If someone can point out where I am going wrong in my way to finding the contents of the textbox, I would greatly appreciate it.

Could the program be protected? I know there are many different programs for this out there, but is there a easy way to find out if this is the case?

Are you are following older tutorials? Softice has changed a bit with its newer version. To effectively set a BP you need to be in the programs context. You may have already done this, if so please ignore me. If not then check out the FAQ http://www.woodmann.com/fravia/rce-faq.htm and look for "I am not able to set breakpoint with new version of Softice (on NT system)?"

You don't say if you're running under Win98 or WinXP.
I found that using DriverStudio 3.2 on WinXP the indirection expression
"D ESP->8" no longer functions as it did using Softice on Win98.
This format worked for me -
"D *(ESP+8)"

Regards, Len

In my experience, GetWindowTextA is the most common way to check the value in a TextBox (MFC, Qt, VB).

Chances are that if GetWindowTextA is breaking when you click a button (that checks the text) then this is indeed the right function to be intercepting. I don't fully understand your problem with breaking several times with the same address. Often, window designers' wrapper functions (such as those of MFC) will validate the contents of the text box, maybe several times, before returning the value contained. This behaviour will manifest itself (from within SoftICE, which I'll come to later) as several breaks referencing the same spot. Check the contents of lpString right after GetWindowTextA returns in order to check which text box is being queried.

If worse comes to worst, write an obscure (but memorable) string in one of the text boxes, break your debugger and perform a (data section) memory search for this string. Set a memory access breakpoint on each occurrence, run, then start clicking. Your debugger will break inside the API function being used to get this value, or (more likely) one of its subsidiary calls. Either way, the appropriate function will appear somewhere towards the top of the call stack when your debugger breaks.

Edit: This next bit probably only applies if you're using NT5 (XP or Win2000).

That should be enough to get you going on your current problem, but I have another point to bring up. Now many may disagree but I feel that although SoftICE has many (or perhaps 'a few') uses, serial cracking (which I assume you're doing) is certainly not one of them. I'm not sure how up-to-date your tutorials are, but unless you need the power of a kernel-mode debugger, which it seems that you don't, you'd be much better off using a user-mode debugger (such as OllyDbg). Not only is the interface much clearer and user-friendly but the analyses are tailored to your needs (also you can listen to music and your taskbar clock doesn't lose time ).
Anyway. Now that I've got that off my chest, good luck.

Admiral

Ah yes.....always miss one part of the vital information - I am running Win2K!!

Thanks lenwuk - i'll try the new method and see if that works. gabri3l - I tried your suggestion but to no avail. I tried "addr <PID>" (on both instances of the program in memory) and I wasn't able to bpx on anything usefull.

Admiral - You have indicated several things which have really got me thinking now.......Firstly you are indeed correct about this application; it is a MFC app!!
You say about querying lpString, am I not doing that using
bpx getwindowtexta DO "D ESP->8" ???? or have I got the wrong end of the stick and am looking at something else
As for the memorable phrase, I shall also try that.

My tutorials are all old, and from the general consensus ollydbg is the one to use, so I shall go in search of some helpfull guides to this program.

Thanks to all, the help is appreciated.