本文共 1887 字,大约阅读时间需要 6 分钟。
original url :
Q:
i wang to setting a break in windbg when windows message queue have message which like WM_LBUTTONDOWN and others?
how do i set the command?
debug environment:
win7 32bit OS+VMware win7 32 bit OS+windbg
what the command i do now is :
bu User32!PostMessageA ".if(poi(@edx+0x05) = 0x0201) {.printf \"[1111]\";} .else {.printf \"[2222]\";gc}"
but there is no any responsewhen i chick left mouse button on the VMware win7 system desktop,where has a proplem???????
A:
PostMessage API is Not a part of Message Queue it is used to post a message to any Threads MessageQueue
if you are specifically interested in Message Queue handling
Set Breakpoints on one of these apis
1) GetMessage() 2) TranslateMessage() 3) DispatchMessage etc
why are you using edx register and why are you accessing it unaligned (edx+5 )
normally any message is passed in stack in a MSG structure
BOOL TranslateMessage(
CONST MSG *lpMsg // address of structure with message );lParameters
lpMsg Points to an MSG structure that contains message information retrieved from the calling thread's message queue by using the GetMessage or PeekMessage function.typedef struct tagMSG { // msg
HWND hwnd; UINT message; <--------------------- WPARAM wParam; LPARAM lParam; DWORD time; POINT pt; } MSG;so if you are setting a bp on TranslateMessage api then (esp+4) would point to MSG Structure
ie poi(esp+4) == MSG Structure
so poi(poi(esp+4)+4) will contain the ActualMessage
so if you set a break like below
bu user32!TranslateMessage ".if ((poi(poi(esp+4)+4))==0x201) { .printf \"WM_MOUSECLICK\\n\" };gc"
then when you click with mouse windbg will print MOUSECLICK
0:001> bl
0 e 7e418bf6 0001 (0001) 0:**** user32!TranslateMessage ".if ((poi(poi(esp+4)+4))==0x201) { .printf \"WM_MOUSECLICK\\n\" };gc" 0:001> g WM_MOUSECLICK WM_MOUSECLICK WM_MOUSECLICK WM_MOUSECLICK WM_MOUSECLICK WM_MOUSECLICK WM_MOUSECLICK
转载地址:https://lostspeed.blog.csdn.net/article/details/12975053 如侵犯您的版权,请留言回复原文章的地址,我们会给您删除此文章,给您带来不便请您谅解!
发表评论
最新留言
关于作者
