TheLegendOfRandom.com

[Modnar Profile]

Hi I read this tutorial and I got some questions if you don’t mind, I guess my ASM is a bit rusty:

1- At the part where it shifts right 16 times, and then OR’s itself, I didn’t understand how by doing this it is checking the 5th bit? and why does it want to check that bit? The ID thing is not clear.

2- How come DEAD was stored in little endian (AD DE) but not 42424242? is it because 42424242 = DWORD therefor it does not do the packing?

Sorry again I know this site is not about ASM, but I’ve re-reading the book and tried Google, it just did not click. So this is my last hope.

3- I am really considering learning WinAPI, do you recommend Charles Petzold’s book for today or is it outdated?

Thanks!

[random]

I answered #2 and 3 in the blog. Still looking up #1

[Gaius Baltar Profile]

Hi Modnar,

To answer your question3, I found theForger's Win32 API Tutorial very effective for me:

http://www.winprog.org/tutorial/

[random]

If you already know C/C++, then Petzold's book is far and away the best resource, providing you want to work directly with the API. You can get it used on Amazon for like 39 cents. If you want to deal with MFC, Petzold's second book (Windows Programming with MFC) is just like the original but with MFC support.

If you need to learn C++, I suggest Visual C++ 2008 by Ivor Horton, as it deals directly with the APIs, includes a little MFC, but doesn't get bogged down in all the CLI/.NET crap. The 2010 versions and later may as well be "How to program in C#". A lot of other c++ books get bogged down in the "I can be more object oriented than you!"

I found learning the APIs directly through Windows programming was extremely helpful in my reverse engineering. Add to that the assembly, and you have a beginning to end understanding of exactly what's going on behind the scenes.

[Gaius Baltar Profile]

I think the exact title of the book is "Ivor Horton's Beginning Visual C++ 2008" right?

[random]

Yup

[Modnar Profile]

Thanks for taking your time people, I almost forgot about the forums and posted a 16B question in the blog. (old habits die hard, I guess )

@Randon: I already know C++ (3 courses) and some C# (read like half a book 2 years ago, not much), so I think I am ready to read Petzold's WinAPI book, don't know anything about MFC yet but I assume I should just deal with winapi and other things later on, let's not get overwhelmed!
Also, I know ASM since I took a course in it, can't say I am a master at it but I can understand everything most of the time.

It all started 3-3.5 years ago (wow time flies, already 20 years old.. ) when I wanted to write a bot for a game, people told me I need to know C++, ASM and reverse engineering but didn't seem to mention WinAPI. (as for game hacking don't think it's really necessary)
It's all funny because I did not think that wanting to write a bot will help me find the best major and future career for me, as I am enjoying it to the max so far, and I feel that this is just a starting point!
What's even more funny is that by the time I started learning I didn't really care about the game anymore, it's just been some kind of obsession to me to code that bot.

Well, two down. Two to go: RCE and WinAPI.
I can't imagine how happy I will be when I finally code the bot, I will feel like I walked on the moon! (Lame, I know. )

Uhh sorry for all that talk that you guys probably don't give a damn. Just wanted to share in case any of you have advises for me, or to guide me better. Thanks, again!

[random]

Compared to c++, assembly and c#, WinAPIU is a piece of cake.

Reverse engineering on the other hand....

[Modnar Profile]

Well, so far RCE has been sweet and easy for me, let's hope it last.
Though I think the more challenging it gets, the more fun it gets.

Was wondering, if I learn WinAPI, is the LinuxAPI similar to it? And does RCE work in Linux the same way?

[random]

Linux is completely different, unfortunately.

[tcm1998 Profile]

Question 1 was never really answered, so I'd like to give it a go. Sorry for the late response. I didn't find this site earlier. And just maybe it'll put some new life in this site. That would be great.

the WM_COMMAND message has two parameters, which depends on what screen element it handles. For buttons and other controls these parameters are as follows:

1) WParam (ARG.3 or EBP+16) contains the control ID in it's LOW WORD (bits 0-15) and the control notification code in the HIGH WORD (bits 16-31).
2) LParam (ARG.4 or EBP+20, but not used in this crackme) contains the handle to the window that generated the message.

in case of this crackme:

MOV EAX,[ARG.3]; Load EAX with WParam
MOV EDX,[ARG,3]; Load it in EDX aswell
SHR EDX,10; Shift EDX 16 bits, putting the control notification code into bit 0-15
OR DX,DX; Set Flags according to DX (bit 0-15)
JNZ ...... If it's nonzero, the notification code that is, jump over the button handling code

And the notification in question is BN_CLICKED (Button notification clicked)

In other words, ignore all messages that are not BN_CLICKED.

Hope this helps.