Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 207|Likes:
Published by karthik

More info:

Published by: karthik on Jun 10, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as TXT, PDF, TXT or read online from Scribd
See more
See less





/******************************************************\HCU NOTES:Below is a nice handly little guide that answers the question:'What can I breakpoint on in softice to find what I want?'It was originally a decent win32 guide, but I have modified itquite alot since I originally received it.Credit goes to the original author for the easy to follow formatthough it pains me to say i do not have a clue who it was who sentme the original listing.NEW USER NOTES:(Yes I get these questions alot, so here I answer them) To use these api, just flip into SoftICE and BPX MessageBoxA(or any other call you want to bpx on)THE ONES WITH 'A' AT THE END ARE 32-BIT CALLS,so you will need to make sure that your WINICE.DAT file has beenmodified to EXPORT the proper symbol files (in softice for '95 of coursesince NT-ice uses 32 bit rather than the 16 bit calls you will need for manyapps)Being redundant in case this file has been separated from the website,your winice.dat file is in your softice'95 directory with the executable(look in your autoexec.bat file for the location of WINICE.EXE if youhave forgotten it's install location)EDITING WINICE.DAT TO INCLUDE 32-BIT CALLSREMOVE THE SEMICOLONS to uncomment the particular ones you need,Use THESE for now: (see ED!SON's tutorial for more info)gdi32.dllkernel32.dlluser32.dllWELL - without anymore boring taglines, here it is...+gthorne'97\******************************************************/The Cracker's Guide of Common Win32 API Calls--------------------------------------------- Reading & Writing Files-----------------------These are generic calls to read/write to a file, usually binary in nature:ReadFileWriteFile
more on locating file accesses:SetFilePointerGetSystemDirectoryGetSystemDirectoryAThese are the most common calls to read/write from/to a *.ini fileor a file of similar format.for 16-bit win apps:GetPrivateProfileStringGetPrivateProfileIntWritePrivateProfileStringWritePrivateProfileIntfor 32-bit win apps:GetPrivateProfileStringAGetPrivateProfileIntAWritePrivateProfileStringAWritePrivateProfileIntAInterrupt info:_____________file accesses (A couple by YOSHi)bpint 21 if (ah==3d)bpint 2f if (ah==01)The Registry------------Create or delete a new key in the registry:RegCreateKeyRegDeleteKeyRegCreateKeyARegDeleteKeyARead a value from the currently open registry key:RegQueryValueRegQueryValueAOpen or close a registry key:RegCloseKeyRegOpenKeyRegCloseKeyARegOpenKeyA
Dialog Boxes------------Get text or integer from a dialog box edit:GetWindowTextGetDlgItemTextGetWindowTextAGetDlgItemTextAGetDlgItemIntOpen a message box, usually one that says "invalid registration":MessageBoxMessageBoxAMessageBoxExAMessageBeepand other ways to display text...SENDMESSAGEWSPRINTFTime & Date-----------These get the time and dateGetSystemTimeGetLocalTimeSystemTimeToFileTimeGenerating a Window---------------------createwindowcreatewindowexashowwindowbitblt (a type of memory move, similar to hmemcpy)CD-ROM Calls (Donated by: +-=Riddler=-+)----------------GetDriveType (if eax=5 then it is a cdrom check)GetDriveTypeAGetDriveType Return Function codes:Value Meaning0 Drive Cannot Be determined1 Root Dir Does not exist2 DriveRemoveable

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->