PEiD & W32DSM Questions

[2late]

If the answer is yes, indeed, Wdasm tends to give rather poor result with later C++ versions. I'd suggest try the app with Bengaly's PVDasm - I found it to be much better to locate and show strings. That's what are you after, seems to me.

Cheers

You can Modified the PeHeader to E0000020 with a PeEditor
then you can see the string in WD32ASM.
ECO

my 2 cents...try to break on MessageboxA ,(in wdasm set breakpoint to all occurences of the API) if it breaks look at the code, somwere upwards is somthing conditional, like je,jne,jz etc. on so on..
monguz

Hi;
Searching for strings isnt good everytime coz sometimes they can be in resources as static. So if your message isnt a MessageBox api it is normal to not find any strings. Thus there is different types of strings like, Zero terminated,Unicode,pascal, $ terminated,etc. But as your application seems as a Visual C++ app. I prefer you to check for a DialogBoxParamA api. Still no use a rsource editor to examine application if there is a static text like your message.

So this message can be crypted or something like this at all. For example coder can be use reversed message trick.

Message <-- every cracker search for

egasseM <-- some eyes miss this.

or message can be simple crypted like

Message

tRvfgfdw

just look for something interesting.


Thats just a point of view of mine.

Regards.

[taos]

If you don't find any string references, please follow this steps:

Analyze the windows that shows the "demo message".

is it a "messagebox" type? (you know, with its symbols,etc...)

The text in the window can be loaded from a resource file, or a INI file or a packed language file, etc... (uses Filemonitor when the window is going to show)

And the most important, uses the handle of the window in the debugger or use the WM_CLOSE or WM_OPEN event in the debugger to get the line of source that shows the text (uses the buttons of the window for it).

Regards

[ivanov]

I have a program written in Visual C++ with a disabled-grayed menu item inside. Question: How can I locate the dissambled codes for this disabled-gray menu? Restorator or PE Explorer didn't show anything at all.

For me, Ollydbg with WindowJuggler plugin give good result to have informations about window and to post order on it.

Quote:

Originally Posted by ivanov

I have a program written in Visual C++ with a disabled-grayed menu item inside. Question: How can I locate the dissambled codes for this disabled-gray menu? Restorator or PE Explorer didn't show anything at all.

Try breaking on EnableMenuItem and looking for the menu ID. If it's actually a button that is disabled, then you should be looking for calls to EnableWindow.