Common breakpoints
Intercept window:
bp CreateWindow Create window
bp CreateWindowEx (A) Create window
bp ShowWindow display window
BP UpdateWindow Update window
bp GetWindowText (A) Get window text
To intercept a message box:
bp MessageBox (A) Create A message box
BP messageboxexa creating a message box
bp Messageboxindirect (A) Create A custom message box
BP Isdialogmessagew
Intercept Warning:
The BP messagebeep emits a system warning (directly drives the system horn if no sound card is in the voice)
To intercept the dialog box:
bp dialogbox Creating modal dialog box
bp Dialogboxparam (A) Create modal dialog box
bp dialogboxindirect Creating modal dialog box
bp Dialogboxindirectparam (A) Create modal dialog box
BP createdialog Creating a non modal dialog box
bp Createdialogparam (A) creating A Non-modal dialog box
BP Createdialogindirect Creating a non modal dialog box
bp Createdialogindirectparam (A) creating A Non-modal dialog box
bp GetDlgItemText (A) Get dialog box text
bp getdlgitemint Get dialog integer value
To intercept the Clipboard:
bp GetClipboardData get Clipboard data
To intercept the registration form:
bp RegOpenKey (A) Open the child health
BP RegOpenKeyEx Open Child health
bp RegQueryValue (A) Find Zijian
BP RegQueryValueEx Find Zijian
bp RegSetValue (A) Set the sub-health
bp RegSetValueEx (A) Set the sub-health
Feature limit intercept breakpoints:
BP EnableMenuItem prohibited or allowed menu items
BP EnableWindow prohibit or allow Windows
Intercept time:
BP Getlocaltime get local time
BP GetSystemTime Acquisition System time
bp getfiletime get file time
BP GetTickCount the number of milliseconds that have elapsed since the system was successfully started
BP GetCurrentTime get current time (16 bit)
BP SetTimer Create timer
BP Timerproc Timer Timeout callback function
Getdlgitemint to specify an integer value for the input box
GetDlgItemText to specify input box input string
Getdlgitemtexta to specify input box input string
Intercept files:
BP Createfilea Create or open a file (32-bit)
bp OpenFile Open File (32-bit)
bp ReadFile Read file (32-bit)
bp WriteFile Write file (32-bit)
GetModuleFileNameA
GetFileSize
SetFilePointer
FileOpen
Findfirstfilea
ReadFile
Block Drive:
BP Getdrivetypea get the disk drive type
BP getlogicaldrives get logical drive symbols
bp Getlogicaldrivestringsa gets the root drive path of all current logical drives
★★VB Program Special Breakpoint ★
File Length: Rtcfilelen
bp __vbafreestr against VB program restart verification
bp __vbastrcmp compare strings for equality
bp __vbastrcomp compare strings for equality
bp __vbavartstne comparison variables are not equal
bp __vbavartsteq comparison variables are equal
bp __vbastrcopy Copy string
BP __vbastrmove Moving string
BP MultiByteToWideChar ANSI string converted to Unicode string
BP WideCharToMultiByte Unicode string converted to ANSI string
=============== ================
Password Common interrupts
hmemcpy (Win9x dedicated)
Getdlgitemtexta
Getdlgitemint
Vb:
Getvolumeinformationa
Vbastrcomp (TRW)
BPX __vbastrcomp
Msvbvm60!_vbastrcomp|sofice
msvbvm50! |
Vbai4str
Ctrl+d
BPX Msvbvm60!__vbastrcomp Do "D * (esp+0c)" (SoftICE)
A few F5 out of the book code.
BPX regqueryvalueexa do "D esp->8" (TRW)
Vbavartsteq determine whether a registered function
(0042932F 66898580FEFFFF mov word ptr [ebp+fffffe80], ax
Instead of 0042932F 66898580FEFFFF mov word ptr [ebp+fffffe80], BX)
Time-Frequent interrupts
GetSystemTime
Getlocaltime
GetTickCount
Vb:
Rtcgetpresentdate//Get current date
Kill Windows frequently used interrupts
Lockmytask (Win9x dedicated)
BP ExitProcess exit process
DestroyWindow
Mouse_event (mouse interrupt)
PostQuitMessage (cracking football lottery xp, very useful ^_^)
Vb:
_rtcmsgbox
INI file content common interrupts
Getprivateprofilestringa
Getprivateprofileprofileint
Key file:
Getprivateprofileint
ReadFile
Createfilea
Registry Common interrupts
Regqueryvaluea
Regqueryvalueexa
Dog Encryption Interrupt
Bpio-h 278 R
Bpio-h 378 R
Other common function breakpoints
Createfilea (read dog driver),
DeviceIoControl,
Freeenvironmentstringsa (very effective against hasp).
Prestochangoselector (16-bit HASP ' s), ' 7242 ' Find the string (against Holy days). Refer to the following example for specific meanings.
Disc cracked Interrupt
16:
GetVolumeInformation
GetDriveType
int 2FH (DOS)
32:
Getdrivetypea
Getfullpathnamea
Getwindowsdirectorya
Read Disk Interrupt
GetLastError return expansion error code
Limit interrupts
EnableMenuItem allow, disallow, or darken a specified menu entry
EnableWindow allows or disables the mouse and keyboard control of specified windows and entries (the menu is dimmed when forbidden)
Don't know what the floppy disk interrupt is? There are other special interruptions, I do not know if other friends can say it?
such as Ockmytask and mouse_event, these are not api32 functions?
Win9x and Win2K to crack, the above interrupt part is no longer available?
I do not know what is the above-mentioned interrupt function on Win2K?
That is, ask password, time, window, INI, key, registry, dongle, CD, floppy, limit, etc.
Understand the commonly used interrupts, the analysis can be done to solve the multiplier!
Please tell us! And how to hack a software, a reboot to return to the prototype?
Don't know what's down? Can be divided into three cases:
1. Comparisons may be in the registry
2. Comparison in special documents (*.key *.ini *.dat, etc.)
3. Comparison in the program, there is no error prompt or anti-translation can not find obvious characters (this is what I want to ask)
There is one of the most difficult, is to remove the watermark!
There are three things you can do:
A. Watermark is a bitmap file (bitmap functions such as Bitblt,creatbitmap)
B. Watermark is an obvious character (inverse translation analysis)
C. The watermark is not an obvious character (such as: This a demo! it is only displayed on another production file, but *.htm *.exe, etc.)
C. Is the most difficult to engage in, but also many people want to know! including me. I don't know what the pros are suggesting?
Banner:
It can be divided into two types of situations:
A. From the creation window, you can use MoveWindow or other window functions!
B. BitBlt or other bitmap functions can also be used to enter the hand from a bitmap!
Finally, you can use some existing tools (such as: Api27,vwindset,freespy tools)
It depends on where the mark is made, usually leaving information in the registry!
In the SoftICE with bpx regqueryvalueexa do "D esp->8" to interrupt to see,
In TRW use bpx regqueryvalueexa do "d* (esp+8)" to interrupt the look.
There are also a few in this directory to leave the registration information, the common have. dat. ini. dll, and so on,
I use BPX ReadFile to interrupt, and also to leave the registration information in the Windows directory.
You can use special tools to help you view, into the Filemon and so on!
Vb:
1, __vbavartstne//Compare two variables are not equal
2. Rtcr8valfrombstr//Convert string to floating point
3, Rtcmsgbox Display a message dialog box
4, Rtcbeep//Let the Speaker bark
5, Rtcgetpresentdate//Get the current date
For strings:
__vbastrcomp
__vbastrcmp
__vbastrcompvar
__vbastrlike
__vbastrtextcomp
__vbastrtextlike
For variables:
__vbavarcompeq
__vbavarcomple
__vbavarcomplt
__vbavarcompge
__vbavarcompgt
__vbavarcompne
Common Breakpoints (2)
VB pointers:
THROW
The VB DLL also calls some of the functions in Oleauto32.dll. Oleauto32.dll is a generic proxy/stub DLL, and its prototype for each function is defined in <oleauto.h> and is described in detail in MSDN. This also helps to understand the function of the VB DLL.
Example:
LEA EAX, [EBP-58]
PUSH EAX
Call [Msvbvm60!__vbai4var]
Hit DD eax+8 before executing call, resulting in a value of 3;
After call is executed, EAX = 3
The function of __vbai4var is to convert a variant to I4 (that is, a long integer).
The __vbavartstne appears to be used for self-calibration, normally with a return value of 0.
Known applicable software is: Network three countries intelligent robot, music greeting Card Factory. When the two software is shelled after the error, the network three robots will produce illegal *, and the music greeting Card Factory will tell you are illegal copy, by modifying the return value of __vbavartstne can let them run normally.
So when you encounter a VB software, after shelling can not be normal operation, and can not find other problems, try to intercept this function, it might be useful oh. 8-)
API is not known, may be able to read and write the sector through the BIOS on the 98 platform, but under the 2000/nt can be written by the internal black Atapi,hal sector
MACHOMAN[CCG]
BPX Write_port_buffer_ushort
nt/2000 this breakpoint, when edx=1f0h, you can see the EDI address data in the sector location data, you must first load the Hal.sys details in Winice.dat to see the ATAPI manual
Supplementary article:
On the breakpoints of VB program and time limit program
Crackerabc
First, the address of the w32dasm that modifies the VB program can be correctly compiled:
======================
Offsets 0x16b6c-0x16b6d
Change machine code to: 98 F4
======================
VB program's Tracking breakpoint:
============
MultiByteToWideChar,
RTCR8VALFROMBSTR,
WideCharToMultiByte,
__vbastrcmp
__vbastrcomp
__vbastrcopy
__vbastrmove
__vbavartstne
Rtcbeep
Rtcgetpresentdate (Time API)
Rtcmsgbox
=========
Time limit Breakpoint:
================
Comparefiletime
Getlocaltime
GetSystemTime
GetTimeZoneInformation
Msvcrt.difftime ()
Msvcrt. Time ()
================
General processing
BPX hmemcpy
BPX MessageBox
BPX Messageboxexa
BPX MessageBeep
BPX SendMessage
BPX GetDlgItemText
BPX Getdlgitemint
BPX GetWindowText
BPX Getwindowword
BPX Getwindowint
BPX Dialogboxparama
BPX CreateWindow
BPX CreateWindowEx
BPX ShowWindow
BPX UpdateWindow
bmsg xxxx Wm_move
bmsg xxxx Wm_gettext
bmsg xxxx Wm_command
bmsg xxxx wm_activate
Time-related
Bpint if AH==2A (DOS)
BPX Getlocaltime
BPX Getfiletime
BPX GetSystemTime
CD-ROM or disk-related
Bpint if ah==2 (DOS)
Bpint if Ah==3 (DOS)
Bpint if ah==4 (DOS)
BPX Getfileattributesa
BPX GetFileSize
BPX GetDriveType
BPX GetLastError
BPX ReadFile
Bpio-h (Your CD-ROM Port Address) R
Software Dog Related
Bpio-h 278 R
Bpio-h 378 R
Keyboard input related
Bpint if Ah==0 (DOS)
Bpint if Ah==0xa (DOS)
File Access Related
Bpint if AH==3DH (DOS)
Bpint if AH==3FH (DOS)
Bpint if AH==3DH (DOS)
BPX ReadFile
BPX WriteFile
BPX CreateFile
BPX SetFilePointer
BPX GetSystemDirectory
INI initialization File related
BPX getprivateprofilestring
BPX Getprivateprofileint
BPX writeprivateprofilestring
BPX Writeprivateprofileint
Registry related
BPX RegCreateKey
BPX Regdeletekey
BPX RegQueryValue
BPX RegCloseKey
BPX RegOpenKey
Registration logo related
BPX Cs:eip If eax==0
Memory Standard Related
BPMB Cs:eip RW If 0x30:0x45aa==0
Show related
BPX 0X30:0X45AA do "D 0x30:0x44bb"
BPX cs:0x66cc do "? EAX "
Find window
Findwindowa
BP SetFilePointer
BPX hmemcpy; Break the Universal breakpoint and intercept the memory copy action (Note: Win9x dedicated breakpoint)
BPX Lockmytask; When you use other breakpoints are not valid, you can try, this breakpoint block the action of the button (Win9x dedicated)
I can't find a breakpoint to try the following method:
Bmsg handle wm_gettext; Intercept registration code (handle is the handle to the corresponding window)
Bmsg handle wm_command; intercept OK button (handle is the handle to the corresponding window)
Intercept window:
BPX CreateWindow; Creating a Window
BPX CreateWindowEx (A/W); Create window
BPX ShowWindow; Display window
BPX updatewindow; Update window
BPX GetWindowText (A/W); Get window text
To intercept a message box:
BPX MessageBox (A/W); Create message box
BPX Messageboxexa (W); Create a message box
BPX Messageboxindirect (A/W); Create a custom message box
Intercept Warning:
BPX MessageBeep; issue a system warning (directly drive the system speaker if no sound card is in the voice)
To intercept the dialog box:
BPX dialogbox; creating modal dialog boxes
BPX Dialogboxparam (A/W); Create modal dialog box
BPX dialogboxindirect; creating modal dialog boxes
BPX Dialogboxindirectparam (A/W); Create modal dialog box
BPX createdialog; Creating a non modal dialog box
BPX Createdialogparam (A/W); Creating a non modal dialog box
BPX Createdialogindirect; Creating a non modal dialog box
BPX Createdialogindirectparam (A/W); Creating a non modal dialog box
BPX GetDlgItemText (A/W); Get dialog box text
BPX getdlgitemint; Get dialog integer values
To intercept the Clipboard:
BPX getclipboarddata; get clipboard data
To intercept the registration form:
BPX RegOpenKey (A/W); open Zijian (Example: bpx regopenkey (A) if * (esp->8) = = * * *)
BPX Regopenkeyexa (W); open Zijian (example: bpx regopenkeyex if * (esp->8) = = * * * *)
BPX RegQueryValue (A/W); Find Zijian (example: bpx regqueryvalue (A) if * (esp->8) = = * * *)
BPX RegQueryValueEx (A/W); Find Zijian (example: bpx RegQueryValueEx if * (esp->8) = = * * * *)
BPX RegSetValue (A/W); set Zijian (Example: bpx regsetvalue (A) if * (esp->8) = = * * *)
BPX RegSetValueEx (A/W); set Zijian (Example: bpx RegSetValueEx (A) if * (esp->8) = = * * *)
NOTE: ' * * * ' is the first 4 characters of the specified sub-key name, such as ' Regcode ', then ' * * * ' = ' regc '
Feature limit intercept breakpoints:
BPX enablemenuitem; Ban or allow menu items
BPX EnableWindow; prohibit or allow Windows
Bmsg hMenu wm_command; block Menu key event, where HMenu is a menu handle
BPX K32thk1632prolog; with bmsg HMenu wm_command, you can enter the menu handler through this breakpoint
Examples of applications:
Call [kernel32! K32thk1632prolog]
Call [...] <--this trace into the menu handler
Call [kernel32! K32thk1632epilog]
Intercept time:
BPX getlocaltime; get local time
BPX getsystemtime; Get system time
BPX getfiletime; Get file time
BPX GetTickCount; Gets the number of milliseconds that have elapsed since the system was successfully started
BPX getcurrenttime; Get current time (16-bit)
BPX SetTimer; creating timers
BPX Timerproc; Timer Timeout callback function
Intercept files:
BPX Createfilea (W); Create or open a file (32-bit)
BPX OpenFile; Open file (32-bit)
BPX ReadFile; Read file (32-bit)
BPX WriteFile; Writing files (32-bit)
BPX _lcreat; Create or open a file (16-bit)
BPX _lopen; Open file (16-bit)
BPX _lread; Read file (16-bit)
BPX _lwrite; writing files (16-bit)
BPX _hread; Read file (16-bit)
BPX _hwrite; writing files (16-bit)
Block Drive:
BPX GetDriveType (A/W); Get disk drive type
BPX getlogicaldrives; get logical drive symbols
BPX Getlogicaldrivestringsa (W); Gets the root drive path of all current logical drives
Interceptor Dog:
Bpio-h 378 (or 278, 3BC) R; 378, 278, 3BC are parallel print ports
Bpio-h 3F8 (or 2f8, 3E8, 2E8) R; 3F8, 2f8, 3E8, 2E8 are serial ports
VB Program Special Breakpoint:
BPX Msvbvm60!rtcmsgbox
BPX msvbvm60!__vbastrcmp
BPX Msvbvm60!__vbastrcomp
BPX Msvbvm60!__vbastrcompvar
BPX msvbvm60!__vbastrtextcmp
BPX Msvbvm60!__vbafileopen
BPX Msvbvm60!__vbainputfile
BPX Msvbvm60!__vbafileseek
BPX Msvbvm60!__vbawritefile
BPX Msvbvm60!__vbafileclose
BPX msvbvm60!rtcfileattributes
BPX Msvbvm60!rtcfiledatetime
BPX Msvbvm60!rtcfilelen
BPX Msvbvm60!rtcfilelength
BPX Msvbvm60!__vbavarint
BPX Msvbvm60!__vbavarcmpge
BPX MSVBVM60!__VBAVARCMPGT
BPX Msvbvm60!__vbavarcmple
BPX MSVBVM60!__VBAVARCMPLT
BPX Msvbvm60!__vbavarcmpne
BPX Msvbvm60!__vbavartextcmpeq
BPX Msvbvm60!__vbavartextcmpge
BPX MSVBVM60!__VBAVARTEXTCMPGT
BPX Msvbvm60!__vbavartextcmple
BPX MSVBVM60!__VBAVARTEXTCMPLT
BPX Msvbvm60!__vbavartextcmpne
BPX Msvbvm60!__vbavartexttsteq
BPX Msvbvm60!__vbavartexttstge
BPX MSVBVM60!__VBAVARTEXTTSTGT
BPX Msvbvm60!__vbavartexttstle
BPX MSVBVM60!__VBAVARTEXTTSTLT
BPX Msvbvm60!__vbavartexttstne
BPX Msvbvm60!__vbavartsteq
BPX Msvbvm60!__vbavartstge
BPX MSVBVM60!__VBAVARTSTGT
BPX Msvbvm60!__vbavartstle
BPX MSVBVM60!__VBAVARTSTLT
BPX Msvbvm60!__vbavartstne
Note: VB programs can still use normal API functions, as long as the function "finally" call the function
The above breakpoint corresponds to the VB6 program, if it is the VB5 program will MSVBVM60 changed to MSVBVM50 can
The article originates from the Internet, copyright has the original author all, if infringement, please contact Bo Master.
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
OD Debug Program Common Breakpoints Daquan
