PDA

View Full Version : Sendshortcut - ALT key state (needed for close deb

focht
February 4th, 2004, 16:15
Greets,

while coding on my COM wrapper to mimic ollydbg plugin interface i stumbled across "close debuggee".

From ollydbg help:

>Alt+F2 - close, closes debugged program. If program is still active, you will be asked to confirm the action.

Well the script pauses the debuggee before so messagebox is no problem at all.
But how do i tell ollydbg to close the debuggee?

plugin.h:

extc void cdecl Sendshortcut(int where,ulong addr,
int msg,int ctrl,int shift,int vkcode);

No "alt" state

Any ideas?

Regards,

A. Focht
blabberer
February 6th, 2004, 12:05
there are no referances to send shortcut in olly
i dunno i did alt+f2 to try it out
it GetKeyState
004377CD . E8 1C1F0700 CALL <JMP.&USER32.GetKeyState> ; |&#92;GetKeyState
then picks up this from stack
004377E8 . 8B95 C4F6FFFF MOV EDX, DWORD PTR SS:[EBP-93C] ; |
004377F6 . E8 158AFFFF CALL OLLYDBG.00430210 ; &#92;OLLYDBG.00430210

and here it calls this proc this also has referance to _sendshortcut+2c
00430210 /&#036; 55 PUSH EBP

cmps here
004303DA JMP OLLYDBG.0043092C
004303DF CMP EAX, 104
004303E4 JNZ SHORT OLLYDBG.00430416
004303E6 CMP EDX, 71
004303E9 JNZ SHORT OLLYDBG.00430416

pushes 1
and calls this
004303ED |. E8 AA320400 CALL OLLYDBG.0047369C ; &#92;OLLYDBG.0047369C

and it puts out the message box
|hOwner = 00000984 ('OllyDbg - Assassination.exe -...',class='OLLYDBG',wndproc=00430A54)
|Text = "Process 'Assassination' is active. If you terminate it now, process will be unable to clean up and write unsaved data to disk. Do you really want to terminate active process?

Note: you can permanently disable this warning in Options |"...
|Title = "Process still active"
&#92;Style = MB_YESNO|MB_ICONQUESTION|MB_DEFBUTTON2|MB_TASKMODAL

so i think u can try using this 71 whatever and use that sendshortcut and see

hope this helps in some way

else reply ill edit this post
focht
February 6th, 2004, 15:01
Greets,

uhm well i found other methods to emulate ALT (VK_MENU) key combinations from plugin/script engine without sendshortcut...

keybd_event/SendInput
SendMessage/PostMessage( ..., WM_KEYDOWN ...)

Anyway .. the "close debuggee" functionality is not really necessary to be accessible from script namespace
So i stick without it... for now
blabberer
February 7th, 2004, 00:54
k i was thinking of using FindWindow,SendMessage WM_COMMAND
combined with this 104 and 71 as clicking yes closes the debuggee
psyCK0
February 7th, 2004, 17:06
I've also stumbled across that limitation... Would be nice to have
an "alt-state" as "Execute to user code" also uses it...

focht: I hope you are planning on making your COM-wrapper public when you are done? =)