Common APIs in software cracking

In software cracking, a common software cracking method is to quickly locate an event at the next breakpoint. In the command line BP, the breakpoint, shift + f9, locate the event, and then alt + f9 returns. Shortcut: ctrl + A analyze the code. Ctrl + N find the API function to be disconnected. Right-click to view the call structure. And then run shift + F9 separately. You can see that alt + f9 is not returned. BPX is used. Ctrl + A for cracking or shelling, which is better for analysis. PS // A indicates ANSI (short), W indicates widechars is Unicode (WIDE ). Short bytes are frequently used, so most of them use A. If A cannot be disconnected, try W. * *** Indicates the string related to common API interceptions: bp GetDlgItemTextA (W) -> retrieve the input string ***** bp GetDlgItemInt in the specified input box-> retrieve the integer bp GetWindowTextA (W)-> obtain the title text of a form, or a control content ***** bp GetDIgItem-> get button Event code (break input box) * *** bp GetwindowTextLengthA-> investigate the text in the window title or the length of the control content ***** bp GetWindowWord-> obtain information about the interception dialog box of the specified window structure: bp MessageBeep-> play a system sound. The distribution scheme of system sound is determined in the control panel by bp MessageBoxA (W)-> Create a message box ***** bp MessageBoxExA (W) -> Create A message box bp MessageBoxIndirect (A)-> create A custom message box bp DialogBox-> Create A modal dialog window bp DialogBoxParamA (W) from the resource template) -> Create a modal dialog window bp DialogBoxIndirect from the resource template-> Create a modal dialog window bp DialogBoxIndirectParam from the memory template-> Create a modal dialog window bp CreateDialog from the memory template-> Create a modal dialog window from the Resource template creates A non-modal dialog window bp CreateDialogParam () -> create A non-modal dialog window bp CreateDialogIndirect from the resource template-> create A non-modal dialog window bp CreateDialogIndirectParam (A) from the memory template-> from memory Template creates a non-modal dialog window bp EndDialog-> end a modal dialog window bp greatew.wexa (W) -> get the window range of the specified device scenario bp ShowWindow-> control window visibility bp UpdateWindow-> force update of the window immediately. For VB Programs, bp MessageBoxA cannot be broken down, use bp rtcMsgBox to intercept the window: bp CreateWindow-> Create A window bp CreateWindow Wex (A)-> Create A window bp ShowWindow-> display window bp UpdateWindow-> Update window bp GetWindowTExt () -> obtain the warning sound related to text blocking in the window: bp MessageBeep-> play a system sound. The distribution scheme of system sound is to intercept the clipboard in the control panel: bp GetClipboardData-> the function of obtaining Clipboard data is restricted: bp EnableMenuItem-> allow, disable, or grayed out specified menu entries bp EnableWindow-> allow or disable mouse and keyboard control on specified Windows and entries (when the menu is grayed out) to intercept ads: bp ShellExecuteExA-> find the file name of the program associated with the specified file. The program opens the webpage by itself and can directly search for the address of the webpage. Then, search for the key jump and click OK. Time processing function: bp CompareFileTime-> compare the time of the two files: bp GetFileTime-> obtain the file creation, and finally access the file, modify time bp GetLocalTime-> get current local time ***** bp GetSystemTime-> get current system time bp GetCurrentTime-> get current time (16 bits) bp GetTickCount-> get the millisecond bp SetFileTime when windows is started to the present-> set the file time bp SetLocalTime-> set the local time dExecutableA to find the name of the program associated with a specified file bp SetTimer-> Create a timer bp TimerProc-> related to the timer timeout callback function software dog: www.2cto. combpio-h 278 Rbpio-h unzip RBP CreateFileA-> open and create files, pipelines, mail tanks, communication services, devices In addition, the console bp DeviceIOControl-> execute the specified affinity bp FreeEnvironmentStringsA-> translate the specified environment string block (effective against HASP) on the device. Registry related: bp RegOpenKeyA-> open an existing registry item ***** bp RegOpenKeyExA-> open an existing registry item bp RegCreateKeyA-> Create or open an item bp under the specified item regCreateKeyExA-> Create a new item under a specified item in a more complex way bp RegDeleteKeyA-> delete a specified sub-item under an existing item bp RegDeleteValueA-> delete a value under a specified item bp RegQueryValueA-> get the setting value of an item bp RegQueryValueExA-> get the setting value of an item bp RegSetValueA-> set the value of a specified item or subitem bp RegSetValueExA -> Set the value of the specified item bp RegCloseKey-> close an item (or key) INI initialization file in the system registry: bp GetPrivateProfileStringA-> obtains the *** string for the specified entry in the initialization file (which is valid for restart verification). bp GetPrivateProfileInt-> is the initialization file (. INI file) get an integer bp WritePrivateProfileStringA-> set a string bp WritePrivateProfileInt in the specified section of the initialization file-> set all item names and value key files in a specified section of the initialization file: bp Getprivateprofileint-> get an integer *** bp ReadFile-> read data from the file bp CreateFileA-> open and create files, pipelines, and mails slot, Communication Service, device, and console win process operations As: Get (return) bp FindExecutableA-> find the file name of the program associated with a specified file bp FreeLibray-> release the specified dynamic link library bp GetCurrentProcess-> get a pseudo (virtual) of the current process) handle ***** (frequently used breakpoint for shelling) bp GetCurrentProcessId-> get a unique identifier of the current process bp OpenMutexA-> the program runs the parent process as a sub-process (two-process shelling) bp GetCurrentThreadId-> return current process ID *** shells are often used to return OEPbp GetCurrentThread-> get a pseudo handle of the current thread bp GetExitCodeProces-> get the exit code of an End Process bp GetExitCodeThread -> get the exit code bp GetModuleHandleA of an end thread-> get the module handle of an application or dynamic link library * *** (Often used to handle Magic JMP) bp GetPriorityClassA-> get the priority level bp LoadLibraryA of a specific process-> load the specified dynamic link library, and map it to the address space used by the current process bp LoadLibraryExA-> load the specified dynamic link library, and map it to the address space bp LoadModule for the current process-> load a windows application, and run bp CreateProcessA in the specified environment-> Create a new process bp TerminateProcess-> end a process bp ExitProcess-> close a process bp ResumeThread in a clean way-> restore the thread execute (unbundled shell) bp SuspendTread-> pause the thread (unbundled shell) bp VirtualAlloc-> apply for space storage resources (unbundled shell) bp VirtualFree-> release the specified address resources (unbundled shell) bp VirtualProtect-> protect the specified address resource (unbundled) CD-ROM or disk-related: bp GetDiskFreeSpaceA-> get information about the organization of a disk, learn about the remaining space capacity bp GetDiskFreeSpaceExA-> get information related to the organization of a disk and the remaining space capacity bp GetFullPathNameA-> get the detailed path of a specified file bp GetDriveTypeA-> judge a disk driver Type bp GetLogicalDrives-> determine which logical drive letters exist in the system bp getvolume0000-> ionA obtain information related to a disk volume bp GetWindowsDirectoryA-> obtain the complete path name bp GetSystemDirectoryA of the Windows directory -> obtain the Windows System directory (that is, the System directory) full path name bp GetFileAttrib UtesA (W) -> determine the attribute bp GetFileSize of the specified file-> determine the file length bp GetDriveType-> determine the type of a disk drive bp GetLastError-> return the extended error code bp ReadFile-> read from the file data disc cracking: win16: bp getvolumeinformation-> get information related to a disk volume bp getdrivetype-> determine the type of a disk drive win32: bp GetDriveTypeA-> get the disk drive type bp GetLogicalDrives-> get the logical drive symbol bp GetFullPathNameA-> get the detailed path of the specified file bp GetWindowsDirectoryA-> get the full path name bp GetLogicalDriveStringsA-obtain the root drive path file access for all current logical drives: Bp lcreat-> create a file bp CreateDirectoryA-> Create a new directory bp CreateDirectoryExA-> Create a new directory bp CreateFileMappingA-> Create a new file ing object bp CreateFileA-> Create or open files, pipelines, mail tanks, communication services, devices, and the console ***** bp RemoveDirectoryA-> Delete the specified directory bp DeleteFileA-> Delete the specified file bp lopen-> in binary mode open the specified file bp OpenFile-> open the file, can execute a large number of different file operations (32-bit) bp OpenFileMappingA-> open a ready-made file ing object bp SetEndOfFile-> for an open file, set the current file location to the end of the file bp CloseHandle-> close a kernel object. Including file, file ing, process, thread, security, synchronization object, and other bp lclose-> close the specified file bp ReadFile-> read data from the file (32-bit) * ***** bp ReadFileEx-> is similar to ReadFile, but it can only be used for asynchronous read operations, it also contains a complete callback bp lread-> read data from the file into the memory buffer bp hread-> read data from the file into the memory buffer ******* bp lwrite-> write data into a file bp hwrite-> write data into a file bp WriteFile-> write data into a file bp WriteFileEx-> similar to the WriteFile bp MapViewOfFile-> map a file ing object to the address space of the current application bp MapViewOfFileEx-> map a file ing object to the address space of the current application bp FindFirstFil EA-> Search for the file bp SearchPathA by file name-> Search for the specified file bp MoveFileA-> move the file bp CopyFileA-> copy the file bp SetCurrentDirectoryA-> set the current directory bp SetFileAttributesA-> set file Properties bp llseek-> set the current location for reading and writing in the file bp SetFilePointer-> set the current read and write location bp SetFileTime-> set the file creation, access, and last modification time bp getFileTime-> get the time information of the specified file bp CompareFileTime-> compare the time of the two files bp GetBinaryTypeA-> determine whether the file can execute bp GetFileAttributesA-> determine the attribute of the specified file bp GetFileSize-> determine the file length bp FindNextFileA-> Based on the call of F When the indFirstFile function is used, specify a file name to search for the next file bp FindClose-> close a search handle bp GetFileType created by the FindFirstFile function-> given the file handle, determine the file type bp GetSystemDirectory-> obtain the complete path name of the Windows System directory (that is, the System directory) VB Function: ........................................................................ VB cracking: Quickly search for the event ctrl + B and search for 816C24. Then, set the F2 breakpoint on JMP and run the registration module for registration. In that JMP interrupt, the registration module is called from this JMP. Abbreviation in a function: bool-> boolean data (TRUE or FALSE) str-> string type data STRINGi2-> BYTE type data or double BYTE Integer Data BYTE or Integerui2-> unsigned double BYTE Integer Data i4-> long integer data (4 bytes) longr4-> single precision floating point data (4 bytes) Singler8-> Double Precision Floating Point Data (8 bytes) Doublecy-> (8 bytes) the value form of an integer is Currencyvar-> variable Variantfp-> Float Pointcmp-> compared with comparecomp-> compared with compareEq-> equal to and between Ne-> not equal to Le-> less than or equal to Lt-> less than Ge-> greater than or equal to Gt-> greater than dialog box: bpx rtcMsgBox-> display an information dialog box ****** common forms: bpx DestroyWindow-> destroy (that is, clear) Specified Window and all its subwindows ***** bpx mouseevent-> simulate a mouse event (mouse interruption) bpx postquitmessage-> deliver a message to the application. This message is obtained by the internal GetMessage loop of the application, however, it will not be passed to a specific window bpx vbaVarTstEq-> check whether the specified variables are equal and whether the registered function has a breakpoint under BPX vbaVarTstEq, shift + F9 run N times to the error Prompt window, and then N-1 shift + F9 run. If alt + F9 is returned, you can go to the key point. Interception warning: bpx rtcBeep-> the speaker prompts data movement: bpx vbaVarCopy-> data movement: copy a variable value string to the memory bpx vbaVarMove-> move data variables in the memory, or copy a variable value string to the memory bpx vbaStrMove-> move string bpx vbaStrCopy-> move string to copy a string to the memory, similar to Windows api hmemcpy data type conversion: bpx v3162str-> convert a string to an 8-bit (1 byte) value (range: 0 to 255) or a two-byte value (range:-32,768 to 32,767 ). Bpx v3164str-> convert a string to a long integer (4 bytes) value (range:-2,147,483,648, 147,483,647) bpx vbar4Str-> convert a string to a single precision Floating Point (4 bytes) numeric form bpx vbar8Str-> convert a string to Double Precision single precision floating point type (8 bytes) value form bpx VarCyFromStr-> (only VB6 library. to debug, go to WINICE. DAT must contain OLEAUT32.DLL) string to the ratio type bpx VarBstrFromI2-> (only VB6 library. to debug, go to WINICE. DAT must contain OLEAUT32.DLL) integer data to the string: Numeric operation: bpx vbaVarAdd-> Add two variable values bpx vbaVarIdiv-> divide the first variable by the second variable, get an integer operator bpx vbaVarSub-> the first variable minus the second variable bpx vb AVarMul-> multiply two variable values by bpx vbaVarDiv-> remove bpx vbaVarMod-> retrieve residual bpx vbaVarNeg-> retrieve negative bpx vbaVarPow-> index bpx vbavarxor-> perform an exclusive or operation on the two variable: bpx vbaVarCompEq-> compare local variables with bpx vbaVarCompNe-> compare local variables with bpx vbaVarCompLe-> compare local variables with or equal to bpx vbaVarCompLt-> compare local variables with bpx vbaVarCompGe-> compare local variables with or equal to bpx vbaVarCompGt-> compare local variables with pointers greater than VB: THROW program structure: bpx vbaVarForInit-> repeat execution initialization bpx vbaVarForNext-> repeat execution loop structure,... Next... (Loop) Comparison function: bpx vbaStrCmp-> comparison string equality ****** bpx vbaStrComp-> comparison string equality ****** bpx vbaVarTstEq-> check whether the specified variable is equal bpx vbaVarTstNe-> test whether the specified variable is not equal bpx vbaVarTstGt-> test whether the specified variable is greater than or equal to bpx vbaVarTstGe-> test whether the specified variable is smaller than or equal to bpx vbaVarTstLe-> test the specified variable. string operations less than or equal: bpx vbaStrCat-> the string operation is to combine the two strings, in VB, there is only one & or + bpx variable vbaStrTextComp-> comparison with the specified text string bpx variable vbaLenBstr-> String Length bpx vbaLenBstrB-> String Length bpx vbaLenVar-> String Length bpx vbaLenVarB-> String Length: bpx rtcLeftCharVar-> truncated string, take the corresponding character from the left side of the string. Usage in VB: left ("string", "Start from the left side with a few characters") bpx v1_4var-> trash string bpx rtcRightCharVar-> trash string, take the corresponding character from the Right of the string. Usage in VB: Right ("string", "Start from the Right several characters") bpx rtcMidCharVar-> intercept the string, MID function in VB, use MID ("string", "Start position", "several characters ") bpx vbaInStr-> bpx vbaw. B-> bpx vbaStrCopy-> copy string bpx vbaStrMove-> move string bpx rtcLeftTrimVar-> Delete string blank bpx rtcRightTrimVar-> Delete string rtcRightTrimVar-> empty bpx rtcTrimVar-> Delete blank bpx vbaRsetFixstrFree-> string to right alignment bpx vbaRsetFixstr-> string to right alignment bpx margin-> string to left alignment bpx vbaLsetFixstr-> string to left Al -> string comparison bpx vbaStrCompVar-> string comparison bpx bytes-> string type conversion bpx rtcR8ValFromBstr-> String Conversion to floating point bpx MultiByteToWideChar-> ANSI String Conversion to Unicode string bpx WideCharToMultiByte-> unicode string to ANSI string bpx rtcVarFromFormatVar-> Format String bpx encoding-> lowercase to uppercase bpx rtcLowerCaseVar-> uppercase to lowercase to write bpx rtcStringVar-> repeated character bpx rtcSpaceVar-> specified number of spaces bpx rtcAnsiValueBstr-> return the escape code (return the character code of the first character) bpx rtcByteValueBstr-> return the escape code (return the character code of the first byte) bpx rtcCharValueBstr-> return the escape code (return the code of the first Unicode character) bpx rtcVarBstrFromAnsi-> return the character (return String, it contains Characters Related to the specified character code) bpx rtcVarBstrFromByte-> return character (return String, which contains a single byte related to the specified character code) bpx rtcVarBstrFromChar-> return character (return String, which contains a String with the specified Unicode) self-verification: bpx CreateFileA-> open and create files, pipelines, mail tanks, communication services, devices, and the console (most common self-verification) * ***** bpx GetFileSize-> determine the file length bpx SetFilePointer-> set the current read/write location in a file ****** bpx ExitProcess-> to clean to close a process bpx TerminateProcess-> to end a process bpx rtcFileLen → to deal with vbprogram *** bpx rtcFileLength → to deal with vbprogram