I work in about 5 different languages, and it is not very often that I get to work in assembler, but when I do I have trouble finding the correct API call. Microsoft keep changing the format of their reference library, so here is an old listing of API calls I found. It might make life easier.
MHT files with embedded binary code, to be opened in MSIE... ::)
The infotomic site doesn't work any more, just ads there.
Content-Location: http://www.infotomic.com/store/win32tlb/reference_win32.php?subject=1&type=1&categoryName=Windows+Socket+2.0+Functions&category=87
It is just a list of API's by catagory, it help point me in the right direction. I go to the microsoft site to find the structure for the call.
Here's a handy dandy tool I use, I don't know if it's up-to-date enough for your OS.
It's meant for Visual Basic 6, but it lists all of the parameters or constants and lets you place them on the clipboard.
Here ya go!
There is 1 executable.
Win7-32: Error 339: DbList32.ocx missing or invalid.
Try instead Windows 32-bit API help file (http://www.powerbasic.com/support/downloads/Microsoft%20Tools.htm) (Microsoft SDK)...
Hi Jochen,
Quote from: jj2007 on October 12, 2012, 12:35:58 AM
Try instead Windows 32-bit API help file (http://www.powerbasic.com/support/downloads/Microsoft%20Tools.htm) (Microsoft SDK)...
good link. The good old PowerBASIC site. :t
Gunther
Sorry jj, windows 98 has failed your windows 7
-- not to be mean, but -- It's nice to see it happens on the other end of the OS wave too. :P
Quote from: mikorians on October 12, 2012, 05:48:14 AM
Sorry jj, windows 98 has failed your windows 7
-- not to be mean, but -- It's nice to see it happens on the other end of the OS wave too. :P
DbList32.ocx is included with VB6, but is not included with Windows OS's. Sharing VB6 executables almost never work when there is no installation program to catch the dependencies. Now there is the .NET Framework which can also lead to trouble if a person's Framework isn't up to date.
Thanks jj2007, that help file is very handy :biggrin:
ahck, tell me about it.
If you want the bulk of win32 API reference, get a copy of win32.hlp, it has a vewry large number of the standard API calls, you use MSDN for any of the rest.
i have winhlp, as well as a few other resources on disk - which are nice
there are certain aspects of using the current MSDN pages - user comments, for example
so, recently, i have been making a habit of saving the webpages to disk
when i visit an MSDN page, i save the entire webpage to a folder
they don't take up much space, really
at this point, i have about 150 of the ones i use often and it takes about 55 Mb of disk space
it's not all functions - some structures, some "about" type pages, etc
i even have a few pages from sites like codeproject and Jose Roca's site :P
if you know html, it's pretty easy to make a little index.html page to list the contents
if the internet is down, which happens once in a while, i can still do programming :biggrin:
Is there an API reference file that includes user32.lib? (dont mention msdn, i mean an offline documentation)
offhand, i don't know of any documents that are necessarily arranged "per-lib"
but - i will mention a tool that i use that you may enjoy - that is the dependency walker...
http://www.dependencywalker.com/ (http://www.dependencywalker.com/)
using that tool, you can find out what functions are supported in a certain DLL
then collect documentation on those functions and associated structures, messages, etc
you can click on functions listed to see the help info :P
Hi Dave,
seems to be a good tool. I'll give it a try.
Gunther
Quote from: dedndave on November 07, 2012, 11:53:50 PM
offhand, i don't know of any documents that are necessarily arranged "per-lib"
but - i will mention a tool that i use that you may enjoy - that is the dependency walker...
http://www.dependencywalker.com/ (http://www.dependencywalker.com/)
using that tool, you can find out what functions are supported in a certain DLL
then collect documentation on those functions and associated structures, messages, etc
you can click on functions listed to see the help info :P
I have downloaded it. It is really useful to see the functions that which you attach to the program. Also when you right click on a function you can use the option "Lookup Function in External Help" -> so it jumps to msdn web.
:icon14:
Quote from: blue_devil on November 08, 2012, 08:37:36 AM
...and reverse engineering....
OOOooo don't mention that evil word here.. people get overexcited.
We don't rev..rev...eng.. eng... stutter..... Ahem! we ... Analyse Data
:biggrin:
@K_F, got it :exclaim: before banning
banning is rather drastic - Hutch will generally give you warnings before that
but - the moderators are not shy about locking a thread - lol
reversing or not - the tool is a great way to get around windows DLL's
you can open the \windows\system32\user32.dll file and see all the functions and dependancies
another handy tool is MS Spy++
it is very useful to troubleshoot programs that you are having problems with
you can verify the hierarchy of your windows and controls and check their style bits, sizes, and positions
and - the reshacker is also a good tool
it may have been intended for reversing - again, great for troubleshooting problems
it is nice to see if your resources are set up the way you intended
Its something that most of the folks around here know the difference, we encourage low level programming and a good understanding of how binary files work but we cannot allow cracking or its euphemism "reverse engineering" as it drags in a whole host of rubbish from people too lazy to code their own apps. Debuggers, disassemblers and the like are normal tools of the trade but we must keep an eye on some tasks as there have been people over time that thought they could get some support for illegal activities by stealth in the forum.
With some thousands of years of collective experience floating around here, it does not get very far. :biggrin:
Quote from: hutch-- on November 08, 2012, 04:01:55 PM
.. people too lazy to code their own apps...
I think this is misleading, as it's is much easier to code you own code than try work out what somebody else has done.
RE and cr..ing is a LOT of work (and time wasted) and if you get to that level of proficiency, you could write your own better code.
;)
Quote from: K_F on November 08, 2012, 08:00:18 PM
Quote from: hutch-- on November 08, 2012, 04:01:55 PM
.. people too lazy to code their own apps...
I think this is misleading, as it's is much easier to code you own code than try work out what somebody else has done.
RE and cr..ing is a LOT of work (and time wasted) and if you get to that level of proficiency, you could write your own better code.
;)
Working out other people's code is hard unless you can see a pattern that a compiler uses. Pure asm is harder.
Having said that, I have RE'd a few trainers, these trainers obviously RE'd the game to do it. Am I bad?
Funnily enough, there are plenty of trainers built with masm32 - you can see the macro code for creating buttons for example (a pattern).
I think we have all tried to RE kernel32 et al and see nothing wrong. Curiousity.
You get into trouble when you contravene the eula's "no reverse engineering" clause.
I have even seen it divided into manual and automatic disassembly...
I spent too long on IRC where I had to listen to the cracking community and while some of them were decent programmers first, the bulk of them were just lazy and looking for a quick and easy way to pop a keygen or some similar technique to crack a commercial program. At least in Fravia's days there was some talent around but it faded fast as the bludgers took over. It used to fascinate these guys when you could tweak a normal binary in a hex editor without having to p*ss around with a hot copy of SoftIce but then that was programming, not cracking. :biggrin:
:biggrin:
Now you can get ida free, version 5 I think. Even has a debugger.
I have one of the free copies of IDA and it is a good tool when you are looking for something. Most of the time I prefer Clive's DumpPE as its fast and produces tidy output.
the biggest thing i ever reversed was DOS - lol
DOS 1.x was pretty easy to do
DOS 2 - a little harder, DOS 3. a little harder, still
i didn't disassemble all of it - but a lot of pieces
i used DEBUG and a good text editor :P
i reversed it because i wanted to know how it worked
not because i wanted to modify it or steal it - for me, it was a step in learning assembler
i learned a lot by doing it - and one thing i learned was that MS programmers weren't all that great - lol
but - it was functional - and "complete" for it's day
Quote from: hutch-- on November 08, 2012, 10:15:06 PM
.. but then that was programming, not cracking. :biggrin:
ahem!! ... Data Analysing 8)
:biggrin:
:biggrin:
Van,
There was a variation on cracking, when the class of binary got too hard for the idiot fringe to fiddle, they started "quacking" and if you ever saw some of the things posted in Efnet "#cracking4newbies" complaining about the complexity of some of the later binaries you would have died laughing. "I can't crack this, Quack quack". :P
I agree all of you ppl, but if you work for an antivirus/antimalware company you can be "analyze" the malcode and can write a cure for it ;)
Was looking at a piece of Microsot code the other day in olly, and the code crashed saying it detected Softice. Did somemore research and found a snippet of code that can be add to a program to detect Softice.
mov eax, dword ptr [pIDT+2] ; eax -> IDT
add eax, 8 ; eax -> int 1 vector
mov ebx, [eax] ; ebx == int 1 vector
add eax, 16 ; eax -> int 3 vector
mov eax, [eax] ; eax == int 3 vector
and eax, 0ffffh ; strip the selector
and ebx, 0ffffh ; part of it
sub eax, ebx ; find displacement
cmp eax, 10h ;
jne HackedVector ; if it isn't equal, then chances are
; SoftICE had tampered with these vectors
Don't know how valid the code is, haven't had time to test it yet. I'm thinking you would add it to WinMain proc.