API Reference List

[bluedevil]

offhand, i don't know of any documents that are necessarily arranged "per-lib"

but - i will mention a tool that i use that you may enjoy - that is the dependency walker...

http://www.dependencywalker.com/

using that tool, you can find out what functions are supported in a certain DLL
then collect documentation on those functions and associated structures, messages, etc
you can click on functions listed to see the help info   :P

I have downloaded it. It is really useful to see the functions that which you attach to the program. Also when you right click on a function you can use the option "Lookup Function in External Help" -> so it jumps to msdn web.
:icon14:

[K_F]

...and reverse engineering....

OOOooo don't mention that evil word here.. people get overexcited.

We don't rev..rev...eng.. eng... stutter..... Ahem! we ... Analyse Data

[bluedevil]

@K_F, got it :exclaim: before banning

[dedndave]

banning is rather drastic - Hutch will generally give you warnings before that
but - the moderators are not shy about locking a thread - lol

reversing or not - the tool is a great way to get around windows DLL's
you can open the \windows\system32\user32.dll file and see all the functions and dependancies

another handy tool is MS Spy++
it is very useful to troubleshoot programs that you are having problems with
you can verify the hierarchy of your windows and controls and check their style bits, sizes, and positions

and - the reshacker is also a good tool
it may have been intended for reversing - again, great for troubleshooting problems
it is nice to see if your resources are set up the way you intended

[hutch--]

Its something that most of the folks around here know the difference, we encourage low level programming and a good understanding of how binary files work but we cannot allow cracking or its euphemism "reverse engineering" as it drags in a whole host of rubbish from people too lazy to code their own apps. Debuggers, disassemblers and the like are normal tools of the trade but we must keep an eye on some tasks as there have been people over time that thought they could get some support for illegal activities by stealth in the forum.

With some thousands of years of collective experience floating around here, it does not get very far. 

[K_F]

.. people too lazy to code their own apps...

I think this is misleading, as it's is much easier to code you own code than try work out what somebody else has done.
RE and cr..ing is a LOT of work (and time wasted) and if you get to that level of proficiency, you could write your own better code.
;)

[sinsi]

.. people too lazy to code their own apps...

I think this is misleading, as it's is much easier to code you own code than try work out what somebody else has done.
RE and cr..ing is a LOT of work (and time wasted) and if you get to that level of proficiency, you could write your own better code.
;)

Working out other people's code is hard unless you can see a pattern that a compiler uses. Pure asm is harder.
Having said that, I have RE'd a few trainers, these trainers obviously RE'd the game to do it. Am I bad?
Funnily enough, there are plenty of trainers built with masm32 - you can see the macro code for creating buttons for example (a pattern).

I think we have all tried to RE kernel32 et al and see nothing wrong. Curiousity.
You get into trouble when you contravene the eula's "no reverse engineering" clause.
I have even seen it divided into manual and automatic disassembly...

[hutch--]

I spent too long on IRC where I had to listen to the cracking community and while some of them were decent programmers first, the bulk of them were just lazy and looking for a quick and easy way to pop a keygen or some similar technique to crack a commercial program. At least in Fravia's days there was some talent around but it faded fast as the bludgers took over. It used to fascinate these guys when you could tweak a normal binary in a hex editor without having to p*ss around with a hot copy of SoftIce but then that was programming, not cracking. 

[sinsi]

 

Now you can get ida free, version 5 I think. Even has a debugger.

[hutch--]

I have one of the free copies of IDA and it is a good tool when you are looking for something. Most of the time I prefer Clive's DumpPE as its fast and produces tidy output.

[dedndave]

the biggest thing i ever reversed was DOS - lol
DOS 1.x was pretty easy to do
DOS 2 - a little harder, DOS 3. a little harder, still
i didn't disassemble all of it - but a lot of pieces
i used DEBUG and a good text editor   :P

i reversed it because i wanted to know how it worked
not because i wanted to modify it or steal it - for me, it was a step in learning assembler
i learned a lot by doing it - and one thing i learned was that MS programmers weren't all that great - lol
but - it was functional - and "complete" for it's day

[K_F]

.. but then that was programming, not cracking. 

ahem!! ... Data Analysing   8)

[hutch--]

 

Van,

There was a variation on cracking, when the class of binary got too hard for the idiot fringe to fiddle, they started "quacking" and if you ever saw some of the things posted in Efnet "#cracking4newbies" complaining about the complexity of some of the later binaries you would have died laughing. "I can't crack this, Quack quack".  :P

[bluedevil]

I agree all of you ppl, but if you work for an antivirus/antimalware company you can be "analyze" the malcode and can write a cure for it ;)

[Don57]

Was looking at a piece of Microsot code the other day in olly, and the code crashed saying it detected Softice. Did somemore research and found a snippet of code that can be add to a program to detect Softice.

    mov eax, dword ptr [pIDT+2]   ; eax -> IDT
    add eax, 8                                ; eax -> int 1 vector
    mov ebx, [eax]                         ; ebx == int 1 vector
    add eax, 16                              ; eax -> int 3 vector
    mov eax, [eax]                         ; eax == int 3 vector
    and eax, 0ffffh                          ; strip the selector
    and ebx, 0ffffh                          ; part of it
    sub eax, ebx                            ; find displacement
    cmp eax, 10h                            ;
    jne HackedVector                     ; if it isn't equal, then chances are
                                                    ; SoftICE had tampered with these vectors


Don't know how valid the code is, haven't had time to test it yet. I'm thinking you would add it to WinMain proc.