Log in

View Full Version : [TIP] Messages Spy

TBD
November 12th, 2002, 03:47
1. open program [CTRL+O]
2. Names window [CTRL+N in CPU Window]
3. Find User32.TranslateMessage API
4. right click/FindReferences
5. conditional breakpoint [SHIFT+F4]
6. expression: MSG
log function arguments: Always

now you can do a message spy - good for debugging mouse movements, paint, keyboard, ...

dont forget to read ollydbg.hlp/Evaluation of expressions section

enjoy and if you find cool conditions post them here
Wayne
November 12th, 2002, 20:56
TBD, great tip! but ive done everything you said, but where are the spied message saved? I cant see them in any windows

Thanks,
Wayne
TBD
November 12th, 2002, 22:20
Wayne: Log Window - ALT+L.
try first on a simple program, only one window(not a dialog)
Wayne
November 13th, 2002, 00:00
Very, very cool!
TBD
November 13th, 2002, 00:36
Wayne: glad you like it ... I plan to do this regularly, maybe tip-a-week
Wayne
November 13th, 2002, 00:42
The more tips the better! I wonder how many other powerful features there are like this that I still havent seen yet?
It'll be good when the helpfile is a bit more comprehensive!
Anonymous
November 25th, 2002, 23:37
I only want to capture WM_COMMAND, how can I do this?
Anonymous
November 25th, 2002, 23:51
Ah, Message breakpoints via the Windows window ... very nice!
Anonymous
January 3rd, 2003, 19:30
Sorry I did get it regarding the WM_COMMAND.
You mean that we need to enter in the expression box:
MSG==WM_COMMAND

I tried but all WM_xx are also loged
luucorp
January 4th, 2003, 03:19
greats tip. i will use....
Anonymous
January 4th, 2003, 16:55
To Log Only WM_COMMAND

do it in this way

1. open program [CTRL+O]
2. Names window [CTRL+N in CPU Window]
3. Find User32.TranslateMessage API
4. right click/FindReferences
5. conditional breakpoint [SHIFT+F4]
6. Condtion box: MSG==WM_COMMAND
7. log function arguments: On Condition

Et Voila
Anonymous
January 9th, 2003, 18:28
3. Find User32.TranslateMessage API

Hummmm... I cant find it. Is there present in all .exe files?
Thx
TBD
January 10th, 2003, 01:59
if it has a GUI usually yes. also if it is packed you will not find in Names window (try also Search for/All intermodular calls).

ps. oops, i responded to an anonymous post. bad TBD
if you dont know what i am talking aboutm than read <u>this</u> ("http://www.rohanpall.com/ollydbg/?action=vthread&forum=5&topic=119")
FuZzYBiT
January 10th, 2003, 09:54
Thanks, that was what I was looking for.
PS. I've registered ... sorry for being anonymous
Anonymous
February 1st, 2003, 14:55
thanks
but where can i do 7. log function arguments: On Condition ? please
Mikelo2k
February 2nd, 2003, 20:48
Thanx 4 the tip man, will come in handy