ollydbg radasm.exe view windows (W Icon) sort class and look for Mdi class like mdiEditChild / dialog etc
example
Windows, item 96 Handle=000704EE Title=C:\testrad\Html\Projects\testrad\testradinc3.html Parent=000203E4 ID=0000FDEA (65002.) Style=56CF0001 WS_CHILD|WS_GROUP|WS_TABSTOP|WS_CLIPSIBLINGS|WS_CLIPCHILDREN|WS_VISIBLE|WS_SYSMENU|WS_THICKFRAME|WS_CAPTION|1 ExtStyle=00000340 WS_EX_MDICHILD|WS_EX_WINDOWEDGE|WS_EX_CLIENTEDGE Thread=Main ClsProc=00xxxxxx RadASM.00xxxxxx Class=MdiEditChild
right click message breakpoint on class proc
in the dialog
choose window creation and destruction never pause radio button log winproc args always
you should be able to capture the WM_CLOSE sent by ctrl+f4
Log data Address Message 00XXXXXX CALL to Assumed WinProc from USER32.7E418731 hWnd = 000704EE ('C:\testrad\Html\Projects\test...',class='MdiEditChild',parent=000203E4) Message = WM_CLOSE wParam = 0 lParam = 0
The patch below should pop up a Messagebox when you hit Middle Mouse Button on the SysTabControl
004071A7 |> \90 NOP ; Default case of switch 004070B6 004071A8 |. 90 NOP 004071A9 |. 90 NOP 004071AA |. E8 5D1F0400 CALL RadASMWM.0044910C 00449100 <STRING> . 57 4D 5F 4D 42 5>ASCII "WM_MB_CLICK",0 0044910C <WM_MB_CLICK_HANDLER> /$ 60 PUSHAD ; CALL FROM 4071AA 0044910D |. 9C PUSHFD 0044910E |. 3D 07020000 CMP EAX, 207 ; WM_MB 00449113 |. 75 13 JNZ SHORT <RadASMWM.RETTOORIGHANDLER> 00449115 |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL 00449117 |. 68 00914400 PUSH <RadASMWM.STRING> ; |Title = "WM_MB_CLICK" 0044911C |. 68 00914400 PUSH <RadASMWM.STRING> ; |Text = "WM_MB_CLICK" 00449121 |. 6A 00 PUSH 0 ; |hOwner = NULL 00449123 |. E8 A2FBFFFF CALL <JMP.&user32.MessageBoxA> ; \MessageBoxA 00449128 <RETTOORIGHANDLER> |> 9D POPFD 00449129 |. 61 POPAD 0044912A |. 8B45 08 MOV EAX, DWORD PTR SS:[EBP+8] ; RadASMWM.<ModuleEntryPoint> 0044912D |. E8 F7B8FBFF CALL <RadASMWM.ORIGINAL HANDLER> 00449132 \. C3 RETN
