Cracking 4 Newbies
Win32API reference
Reading & Writing Files
These are generic calls to read/write to a file, usually binary in nature:
  • ReadFile
  • WriteFile
More on locating file accesses:
  • SetFilePointer
  • GetSystemDirectory
  • GetSystemDirectoryA
These are the most common calls to read/write from/to a *.ini file or a file of similar format.
For 16-bit win apps:
  • GetPrivateProfileString
  • GetPrivateProfileInt
  • WritePrivateProfileString
  • WritePrivateProfileInt
For 32-bit win apps:
  • GetPrivateProfileStringA
  • GetPrivateProfileIntA
  • WritePrivateProfileStringA
  • WritePrivateProfileIntA
The Registry
Create or delete a new key in the registry:
  • RegCreateKey
  • RegDeleteKey
  • RegCreateKeyA
  • RegDeleteKeyA
Read a value from the currently open registry key:
  • RegQueryValue
  • RegQueryValueA
Open or close a registry key:
  • RegCloseKey
  • RegOpenKey
  • RegCloseKeyA
  • RegOpenKeyA
Dialog Boxes
Get text or integer from a dialog box edit:
  • GetWindowText
  • GetDlgItemText
  • GetWindowTextA
  • GetDlgItemTextA
  • GetDlgItemInt
Open a message box, usually one that says "invalid registration":
  • MessageBox
  • MessageBoxA
  • MessageBoxExA
  • MessageBeep
and other ways to display text...
  • SENDMESSAGE
  • WSPRINTF
Time & Date
These get the time and date
  • GetSystemTime
  • GetLocalTime
  • SystemTimeToFileTime
Generating a Window
  • createwindow
  • createwindowexa
  • showwindow
  • bitblt (a type of memory move, similar to hmemcpy)
CD-ROM Calls (Donated by: +-=Riddler=-+)
  • GetDriveType (if eax=5 then it is a cdrom check)
  • GetDriveTypeA
GetDriveType Return Function codes: 
     Value               Meaning
     0                 Drive Cannot Be determined
     1                 Root Dir Does not exist
     2                 DriveRemoveable
     3                 A Fixed Disk (HardDrive)  
     4                 Remote Drive(Network)
     5                 Cd-Rom Drive
     6                 RamDisk
  • GetLogicalDrives
  • GetLogicalDrivesA
  • GetLogicalDriveStrings
  • GetLogicalDriveStringsA
Window Numerical Inputs
  • GETWINDOWWORD
  • GETWINDOWLONG
Some other nice breakpoints from the ORC
  • BOZOSLIVEHERE
  • HMEMCPY
  • GLOBALGETATOMNAME
Message breaks, not quite the same but completely useful
  • BMSG xxxx WM_GETTEXT (good for passwords)
  • BMSG xxxx WM_COMMAND (good fro OK buttons)
The xxxx is of course the hwnd value, but important info: assuming you are using wm_command to try to locate the button push, you hwnd the result and see the hwnd of the button is 0324 and the hwnd of the window is 0129 to find the button, use the window value, not the button value to bmsg on (the other just won't work)so for the example here, to find our button push we would:
BMSG 0129 WM_COMMAND

NOTE
These aren't the only win32 api calls you need to know in order to crack windows.There are many many more that programs will use, many are derivatives of these calls. Try substituting a W for the A at the end of some calls, or placingan Ex right before the A. Also, in SoftIce, typing 'EXP GETPRIVATEPROFILE' will give you a list of all of the procs to read from .ini files, and thereare more than the ones i have listed.


[ GO BACK TO MAIN PAGE ]
Cracking 4 Newbies by the Blackbird © 1999