After some time i decided to try some crackits again, using good old olly.

A problem that i always encounter in solving these, is to find the usercode that gets executed when i push a button in the app.

A simple strategy, that should work, is the following:

1. run the application
2. pause
3. execute till usercode
4. push a button in the application

Olly should stop now in usercode, and i can start examine what is happening when i push the button.

My problem is, that olly wont stop in usercode, and i have to search for these codepoints by hand.
When setting a manual breakpoint, everything works fine.

Does anyone know what might be the reason ?
Also other techniques and tricks are welcome here.

Thank you and Greetings
Towley

The reason? I think it's because the event handling task follows the observer pattern and is executed in the event-dispatch thread, not the main thread.
I myself prefer using the Search for all referenced strings feature to find the code.
(Does that ring a bell to something? )

i think you are right and it depends on the application / program flow.
I think "execute till usercode" is designed for skipping accidental "kernel-step-in's"

Searching for bad boy and tracing should be known.

A very simple and mostly useless "trick" is the following:

1. run app
2. pause.
3. open "windows" window
4. now you can see all the windows/buttons procedure and handles
5. but by my experience, you wont find the real entry point of buttons with this "trick"

Greets Towley

Your (Towley) "trick" is something i started using lately, i never really used it in the beginning.
Usually i search for strings or set breakpoints on API's, because that's the most common and easiest way.
You could also run the app, hit pause (F12) and then push the K button (Alt+K) to see the Call stack.
It must be paused to see the Call Stack.