How to debug a stored dialog box from EXE file. I have this EXE file it is for a game. When you run the game and when you hit [ENTER] a dialog box pop ups (Chat box) to enter some chat. I would like to know where I can find this dialog box ? How this dialog box being called? what break point I should use. I tried many but did not work
I appreciate your responce.
Regards

load the game in ollydbg..

Hit > CTRL+N

you will see the names
find GetDlgItemTextA (find all refrence)

you can Set a Breakpoint on every refrence and it will pop at the one it access,
goodluck

xcracx

Thanx
I will try it tonight

I loaded the game
then Hit Ctrl N
I did not find: GetDlgItemTextA
then I looked into a file called DPLAY60A I opened this file in ollydbg
and found this:GetDlgItemTextA
but this file DPLAY60A is a dircect paly for the game. most things in it has to do with exe.
I'am stuck don't know what to do !!

Dplay60A is an executable or a dll?

the exe you've tried before was a luncher of the game?

what do you wanna do with this DialogBox?

xcracx

Dplay60A is an eexecutable not dll
please note that this game is associated with the following dll files like user32, KERNEL32.dll,GDI3.dll,ADVAPI32.dll,DPLAYX.dll,DDRAW.dll,WINMM.dll,IMM3 2.dll,MSVFW32.dll,ole32.dll,WSOCK32.dll,language.dll,DINPUT.DLL,langua gex.dll
Now this dialog box comes in the center of the screen 5cm long by 1/2cm wide white plain box
What I wanna do withis box is change it is location on the screen instead being in the center I want it on top of the screen or at the bottom
regards

Any input xcracx
Anybody can tell me how to debug this dialog box

There may be some other API fcn used to get text.
For example (I see it today):
SendMessageA

It's possible use window to locate procedure associated with your ENTER box, but I have allways problem how to determine correct MessageBP.

when I set a break point ont SendMessageA . the whole game freez
what other tricks I could use to catch the dialog chat box

If game isn't packed, You can search in some dissassember (Dasm) or in Olly in text (string) references for "ENTER" or other string from dialog box.

If game isn't packed, You can search in some dissassember (Dasm) or in Olly in text (string) references for "ENTER" or other string from dialog box.
The exe is not packed after dissassembel(DASM)
and earching enter this is what I found
-------------
push 00559F28
push edx
pushedi
call0042C330
mov ecx, dword ptr{esi+00000164]
add esp, 00000018
cmp ecx, FFFFFFFF
jne 004CD327
mov eax, dword ptr[esi+0C]
push 00559EFC
push eax
push edi
call 0042C330
add esp, 0000000C
xor eax, eax
pop edi
pop esi
pop ebp
pop ebx
add esp, 0000001C
ret 0014
---------------------
Now what

I'm wrong! I don't read correctly Your first post. You wrote "hit ENTER", this isn't name of window. Try find name of dialog box (which is in upper border of window) or some text which is in this box. If You find any, You are probably in the right place.
I'm sorry, my english is poor.

Do not worry Joe
THIS dialog box has no text and has no name
It is just plain white box 5cm long 1/2cm wide. popups in the meddile of the screen when I hit "ENTER" on the keyboard

It's easy!
Try go to ollydbg forums / Plugins / ApiBreak - New Ollydbg Plugin
Ther is link to usefull plugin:
http://nikt.zog.net.au/ApiBreak.rar ("http://nikt.zog.net.au/ApiBreak.rar")
In this plugin You can set PointH breakpoint. (It's works as hmemcpy in non 32 applications). Or BP in Dialog from this plugin can help You set BP which You need.

Thanks I used the plugin and Itried the Point H and the Dailog stuff
The game feezez(not responding).
NOTE:
by the way do u load the game first then debug or the otherway arround

Does Olly freezing only with this game or with some other apps too (if does have some protection or if is problem with Olly or OS)?

No it freeze on the game only. even though at one time it did work and the other time freez.
:NOTE:
by the way do u load the game first then debug or the otherway arround

I prefer load first then debug, because I don't known if it's possible analyse program after attaching. What game does freez? I can try look to it.

The name of the game "Age of empires Rise of rome" it written C++ and some assembly language

I found this info when I used "wininspector"
Can any of this information below be used to debug this dialog box
------------------------
- <messages created-by="Winspector">
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message>
<name>WM_NULL</name>
- <parameters>
<parameter>wParam: 0x00000000</parameter>
<parameter>lParam: 0x00000000</parameter>
</parameters>
</message>
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message return-value="1">
<name>WM_NULL</name>
- <parameters>
<parameter>Return: 0x00000000</parameter>
</parameters>
</message>
- <message>
<name>WM_NULL</name>
- <parameters>
<parameter>wParam: 0x00000000</parameter>
<parameter>lParam: 0x00000000</parameter>
</parameters>
</message>
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message return-value="1">
<name>WM_NULL</name>
- <parameters>
<parameter>Return: 0x00000000</parameter>
</parameters>
</message>
- <message>
<name>WM_NULL</name>
- <parameters>
<parameter>wParam: 0x00000000</parameter>
<parameter>lParam: 0x00000000</parameter>
</parameters>
</message>
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message>
<name>EM_GETSEL</name>
<parameters />
</message>
- <message return-value="1">
<name>EM_GETSEL</name>
- <parameters>
<parameter>Start position: 0</parameter>
<parameter>First no-selected: 0</parameter>
</parameters>
</message>
- <message return-value="1">
<name>WM_NULL</name>
- <parameters>
<parameter>Return: 0x00000000</parameter>
</parameters>
</message>
</messages>

It uses GetWindowTextA (after pressing any key). My system don't response too, because it need many sources & I have only 128 MB ram & poor graphics. Function with GetWindowTextA are called 9 times. Please wait, I look to it!

Thanks Joe for the help I really appreciated
Do you have the game Age of empires rise of rome?

I downloaded it yesterday(demo version). It is interesting - 'normal' BP works fine, but some are without response. I tested older version (1?) Age of Empires & there are same problem. It looks as some anti-debug?!
I will continue to debug.

My version is 1.0a
if you send me your e-mail I can email you the exe file and all what you have to do is replace it with the one you have. This way we can tlak about the same version.
Thanks

Joe: HI
Any NEWS

Nothing! It's beyond to me today. Exceptions take control over processes (above Olly too). I must find some small exe with exception handler & test it in Olly first.

Ok let me know if I can help

wtf?!

why so many shit posts!@?#

i'll make it easier for you
use OllyDbg Command bar... type : bp GetDlgItemTextA

then hit F9 and wait for olly to break if it does hit F9
until it break when the Dialog EditBox you ment pops


#########
Goodluck,
xcracx

more reference that could help you

SetWindowPos
GetWindowPos

This isn't so simple. Hardware BP leads to freeze too!

wtf?!

why so many shit posts!@?#

i'll make it easier for you
use OllyDbg Command bar... type : bp GetDlgItemTextA

then hit F9 and wait for olly to break if it does hit F9
until it break when the Dialog EditBox you ment pops


#########
Goodluck,
xcracx
wtf?!

why so many shit posts!@?#

i'll make it easier for you
use OllyDbg Command bar... type : bp GetDlgItemTextA

then hit F9 and wait for olly to break if it does hit F9
until it break when the Dialog EditBox you ment pops


#########
Goodluck,
xcracx

We tried this from the beginning. even some plgin stuff!!!!!!!!!

-_-
read my next post..

that says.. look for SetWindowPos
and GetWindowPos

Oh ***! This exe uses DirectX!
Can be there same problem as in 'Is it possible?' in this forum?
http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1& topic=1357
("http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1&topic=1357
")
Riccardo has many good idea.

Joe : what do you suggest to do now I read the above link and I think I understood that you can not debug in a game uses DIRECTX?????

This is true partially only. It's only hardness. Try to use script from Ricardo Narvaja & now set BP to GetWindowTextA - it don't freeze. It can't steps exe, but it creates logs (maybe this script to modify to obtain needed informations).
I'm sorry, Ricardo Narvaja for mistake Your name in my previous post.