Results 1 to 6 of 6

Thread: Whic Breakpoint?

  1. #1
    distr0n
    Guest

    Whic Breakpoint?

    This may seem an overly elementary question, but hey, I figure why not ask. I have been doing a lot of tutorials and crackmes (Immortal Descendants are good) and I understand how to crack each one of these. However, why use the breakpoints that they did? How do you figure out whether you want to use bpx on hmemcpy, MessageBoxExA, GetDlgItemTextA, etc, etc. How do you make the choice of which one to use? Thanks,

    P.S. -> Is there an alternative to using hmemcpy because they took it out of kernel32.dll for Win ME and I can't use it or memcpy.. any ideas? (I know.. wrong board but I figured I would ask while i was thinking about it)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    qferret
    Guest
    This gets asked every few weeks or so, maybe we should post an faq here somewhere (yes, I may be volunteering if I find the time)

    Anyway, as for your question...

    Much of it is experience and the ability to read an API guide ;-)

    Most programmers use functions provided by the compilers so they don't have to reinvent the wheel every time they write a program... this is good for us ;-)

    What this means is that there is a limited number of API's they use for each function. API's such as GetDlgItemTextA or GetWindowTextA will get text from an edit box. MessageBoxA or ShowWindow will pop up a MessageBox. etc.,etc.

    The A at the end of some API's means that they are for 32 bit code. For 16 bit apps, drop the A. i.e. GetWindowTextA is 32 bit while GetWindowText is 16 bit.

    As for the tutorials, the author probably set breakpoints on 2 or 3 API's, but didn't feel the need to tell you which ones didn't work.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    qferret
    Guest
    This gets asked every few weeks or so, maybe we should post an faq here somewhere (yes, I may be volunteering if I find the time)

    Anyway, as for your question...

    Much of it is experience and the ability to read an API guide ;-)

    Most programmers use functions provided by the compilers so they don't have to reinvent the wheel every time they write a program... this is good for us ;-)

    What this means is that there is a limited number of API's they use for each function. API's such as GetDlgItemTextA or GetWindowTextA will get text from an edit box. MessageBoxA or ShowWindow will pop up a MessageBox. etc.,etc.

    The A at the end of some API's means that they are for 32 bit code. For 16 bit apps, drop the A. i.e. GetWindowTextA is 32 bit while GetWindowText is 16 bit.

    As for the tutorials, the author probably set breakpoints on 2 or 3 API's, but didn't feel the need to tell you which ones didn't work.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Bratscher
    Guest
    distr0n (03-27-2001 22:09):
    This may seem an overly elementary question, but hey, I figure why not ask. I have been doing a lot of tutorials and crackmes (Immortal Descendants are good) and I understand how to crack each one of these. However, why use the breakpoints that they did? How do you figure out whether you want to use bpx on hmemcpy, MessageBoxExA, GetDlgItemTextA, etc, etc. How do you make the choice of which one to use? Thanks,

    It is, for the most part, trial and error.
    You may guide your choice by disassembling the program and looking at the imported function list, if it is small enough to be practical. For instance if the program does not list GetDlgItemTextA as an import, it is unlikely that a BPX on this function will be useful.
    hmemcpy is sort of an 'universal' breakpoint, which is in turn invoked by most of the other
    functions that capture input from the user.


    P.S. -> Is there an alternative to using hmemcpy because they took it out of kernel32.dll for Win ME and I can't use it or memcpy. any ideas? (I know. wrong board but I figured I would ask while I was thinking about it)
    I have not seen working alternatives, and I have been chastised for talking about it.
    A possible solution would be to do your cracking in a Win98 machine in which hmemcpy does work.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    qferret
    Guest
    damn back button ;-)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    distr0n
    Guest
    Thanks, that helped! So I can tell which breakpoint to use by looking at 1) whether Im trying to find the contents of a textbox info or how a message box pops up? or 2) By looking at the program's imports through windasm or IDA?

    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Breakpoint
    By TrainingDay in forum The Newbie Forum
    Replies: 12
    Last Post: March 13th, 2005, 01:59
  2. Breakpoint handler
    By vxx in forum Plugins (General)
    Replies: 7
    Last Post: January 8th, 2005, 08:57
  3. Breakpoint on file
    By Anonymous in forum OllyDbg Support Forums
    Replies: 8
    Last Post: July 15th, 2003, 22:26
  4. Breakpoint issue
    By helloword in forum OllyDbg Support Forums
    Replies: 1
    Last Post: February 7th, 2003, 07:55
  5. Conditional Breakpoint
    By Anonymous in forum OllyDbg Support Forums
    Replies: 5
    Last Post: January 27th, 2003, 11:06

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •