Posted by [Op2]BTS on 1/28/2000, 2:55 am
, in reply to "Wil's Thread (still stuck at task 1)"
192.71.20.27
Hi Wil, I'll try to help a little bit ...
1) I'd guess the tool you used to find those string references is W32Dasm. Then the next step is a little bit challenging for absolute newbies, that is d-click on the string reference in the window, W32Dasm will bring you to the place where the string is 'used' in the application. Do this for a number of times until you see it start all over again, because the string may be used by the proggie for a number of times ...
Okay, when you have located the string, just scroll back a few lines, and sniff for a suspicious 'Conditional jump' reference and such, follow the jump, you'll find that the 'good guy/Bad guy' selection is not far away ...
Read some of +thesandman's tut, you'll know more ...2) I have no idea about how to use the BRW, The method I used to find out the type of window is to look into the proggie's import functions(API calls) with the help of W32Dasm, I found 'MessageBoxa, MessageboxEXA' and then I set the break point in SICE @ each one of them(Do it one time after another), you'll find that the proggie only break itself when you set the break point to MessageboxEXA. Find a nice API reference(avialable on +thesandman's page) and dig into it ...
3) hang out +thesandman's .....
[Op2]BTS