greetings all!

i want ollydbg to break when the program accesses the address circled in the picture (0003042E)...
http://www.heroraven.com/pub/screenshot1.JPG
i noticed the address is not part of the image base.
the picture shows one place in the code where it is accessed, but there are more in the program but don't know how to ask olly to break when it comes across each one.

that is the handle to the window the value is per seesin only they change if you change session it is not an address

you can use conditional break point and specify the handle

or use window menu and set a message break point

what's the window menu? and how do i set message breakpoints?

i dont know why you ppl need to be spoon fed shit
cant rtfm ?? never look into the folder where ollydbg is situated ??
dont open .hlp file ?? doesnt know the .hlp file is there for help ??
the question is the most useless one to answer

instead of wasting time waiting for reply form some one you could have opened the fscking .hlp file and could have found out for yourself what windows menu is and how do you set message breakpoints and could have posted a meaningful question which when answering bring joy rathere than anger



This window displays list of all windows owned by debugged application and their most important parameters.

NT-based systems hide address of window procedure (function that processes all messages to the window). This effectively disables subclassing of windows belonging to different process but creates problems for debugger. OllyDbg can read address of window procedure by executing GetWindowLong in the context of debugged application using code injection. This method is time-consuming and sometimes (especially for multithreaded applications) unsafe. I use it only when debugged application is paused and injection is enabled by option Allow code injection to get address of WinProc.

Due to the lack of place, many columns in this window contain additional information that is normally hidden in the columns. For example, column WinProc marks subclassed windows (window procedure is not the same as class procedure), column ID displays ID of the control in decimal form and Style decodes window's style as a set of WM_xxx flags. To view additional information, change width of corresponding column.

You can set breakpoint on window message, for example WM_PAINT, or group, like mouse messages.

To set breakpoint on message, OllyDbg creates specially prepared conditional logging breakpoint with explanation "<WinProc>". To see how it works, assume that we have button with handle 00001234 and request pause on all button messages. After breakpoint is set, open it as a conditional logging breakpoint. You will see the following options set:


Condition: [ESP+4]==00001234 && [ESP+8] IN (0F0..0F7,135)
Explanation: <WinProc>
Pause program: On condition

At entry to window procedure, stack contains:

[ESP+00] Return address
[ESP+04] Window's handle
[ESP+08] Message
[ESP+0C] wParam
[ESP+10] lParam
Now it's clear that first part of condition means: "Window's handle must be 00001234" and second: "Message is one of (BM_GETCHECK...BM_SETIMAGE, WM_CTLCOLORBTN)".

Important note: Window's handle is different each time window is created, so if you set breakpoint on actual window only, this breakpoint is valid only for the life of this window.



now i have pasted the full content form help file go read through and experiment and ask some question which is really enajoyable to read and answer

thanks oh me anon!