I am new to reverse engineering, When I step-in code in ollydbg with F7, until a dialog box appear, which waits for user input, how do I handle user-input in to program properly?
- do you want to mange button click?Amir– Amir2016-03-05 19:49:52 +00:00Commented Mar 5, 2016 at 19:49
Add a comment |
1 Answer
ollydbg 1.10 used for demo 2.01 has similar functionality
i assume your query to mean that once an input is provided and proceded further
by cliking a button etc how ot break back into user mode code
assuming you are working with a simple application that doesn't actively prevent anyone from debugging
pasuing the application in ollydbg and viewing call stack should suffice
press f12 (single threaded program assumed here or you need to select the right thread )
to pause the debuggee
press ctrl+k to view call stack
ollydbg will show both callee and caller and in the context menu (right click) and has several options including execute till return to a specific call
select any one of the call in user code follow and set a breakpoint or
use execute till retn 
the code for the call stack shown in snap is as follows MessageBox is waiting for an user input (for pressing ok)
before pressing ok pause (f12) and view call stack (ctrl+k) to see the cal lstack similar to the image
matryoshka:\>dir /b matryoshka.cpp matryoshka:\>type matryoshka.cpp #include <windows.h> #pragma comment(lib, "user32.lib") void funcg (void) { MessageBoxA(NULL,"Matryoshka Doll\n","Matryoshka Doll",MB_OK); } void funcf (void) { funcg(); } void funce (void) { funcf(); } void funcd (void) { funce(); } void funcc (void) { funcd(); } void funcb (void) { funcc(); } void funca (void) { funcb(); } void main (void) { funca(); } matryoshka:\>cl /Zi /analyze /W4 /nologo matryoshka.cpp /link /RELEASE matryoshka:\>dir /b *.exe matryoshka.exe matryoshka:\>OLLYDBG.EXE matryoshka.exe 