OllyDBG, follow Call Function
I recently started learning reversing again, and I encountered a problem using my OllyDBG. When debugging an EXE which has buttons that every button does a different thing, I can't seem to find a way to follow a specific button's code.
For example: I have a KeygenMe with 3 buttons: "Login", "About", "Exit". I want OllyDbg to follow what happens when I press the "Login" button.
How do I do that? I know it is possible as I've done it before.
Answer
You can follow a button by asking for olly to stop when the program returns from a funcion. Do this:
- Start debugging your KeygenMe.
- Focus on ollydbg window and press
Ctrol+F9 - Focus on the KeygenMe and click on the button.
Olly will stop on the return of the button function.
Some times olly may stop a little bit far from where you want to go like in user32.dll, so you'll need to trace back your way.
you can do this using two tectiques(that i know):
(Use one after you landed on the return)
Use trace back:
- Run your program normally and then hit trace over
Ctrol+F11 - Then go back using - (Minus Key from numeric keyboard)
or Use Breakpoints
- Put breakpoints till you find from were this function is called
- Using Right click on the code find the references for the struction that you find on the first step.
- keep doint step 1 and 2 till you find your function
(i use both but some times the first one don't work)