MFC42.dll Button Event Summary rule

Read the "MFC Program Reverse-Message Chapter ( top ) + ( bottom )" article, the harvest is quite abundant. The author mentions that for dialog box programs, it is best to set breakpoints at the entrance of this function function ( Remember this function:ccmdtarget::oncmdmsg ()). In the process of learning, some of the use of OD further deepened the understanding.

First, using VC6.0 to establish a dialog-based MFC program, respectively, using dynamic link ( TraceButtonDynamic.exe) and Static link (TraceButtonStatic.exe) generation.

1. Program Analysis of Dynamic linkage

(1) First use IDA to find the address of ccmdtarget::oncmdmsg (). It is 0040157C in My Computer .

(2) load with OD ,ctrl+g, enter 0040157C, come to 0040157C.

You can see that there is a jmp statement,enter entered. Here is the entrance to ONCMDMSG () .

Down-tipped push DWORD ptr [eax+14], F2 down, run program.

Click the "hello,world" button to see 00401480, which is what the button is dealing with.

Ctrl+g, enter 00401480, come to 00401480. OK, get it done.

(3) a simpler approach.

Re-load the TraceButtonDynamic.exe. ALT + E, load the DLL module and double-click MFC42.

7

Come to MFC42.dll

Ctrl+s, input

Push DWORD ptr [EBP+14]

Push DWORD ptr [EAX+10]

Push DWORD ptr [EBP+10]

Push DWORD ptr [EAX+14]

Push DWORD ptr [Ebp+c]

Push DWORD ptr [EBP+8]

Click Find.

In the "Push DWORD ptr [eax+14]", the F2 can be broken down

2. Statically linked program analysis.

Od Loading. ctrl+s, enter the sequence of instructions.

Click Find, in "Push DWORD ptr [eax+14]", F2 down.

Of course, you can also F7 into the call at the bottom of the statement sequence ( This example is call 004157f5). After entering, the statement directly in the "call DWORD ptr [EBP+14]" is broken. Of course you can use the search method.

These are some of my learning experience , inappropriate, please correct me.

2000-09-17

by Littlewisp

MFC42.dll Button Event Summary rule