This may seem an overly elementary question, but hey, I figure why not ask. I have been doing a lot of tutorials and crackmes (Immortal Descendants are good) and I understand how to crack each one of these. However, why use the breakpoints that they did? How do you figure out whether you want to use bpx on hmemcpy, MessageBoxExA, GetDlgItemTextA, etc, etc. How do you make the choice of which one to use? Thanks,

P.S. -> Is there an alternative to using hmemcpy because they took it out of kernel32.dll for Win ME and I can't use it or memcpy.. any ideas? (I know.. wrong board but I figured I would ask while i was thinking about it)

This gets asked every few weeks or so, maybe we should post an faq here somewhere (yes, I may be volunteering if I find the time)

Anyway, as for your question...

Much of it is experience and the ability to read an API guide ;-)

Most programmers use functions provided by the compilers so they don't have to reinvent the wheel every time they write a program... this is good for us ;-)

What this means is that there is a limited number of API's they use for each function. API's such as GetDlgItemTextA or GetWindowTextA will get text from an edit box. MessageBoxA or ShowWindow will pop up a MessageBox. etc.,etc.

The A at the end of some API's means that they are for 32 bit code. For 16 bit apps, drop the A. i.e. GetWindowTextA is 32 bit while GetWindowText is 16 bit.

As for the tutorials, the author probably set breakpoints on 2 or 3 API's, but didn't feel the need to tell you which ones didn't work.

This gets asked every few weeks or so, maybe we should post an faq here somewhere (yes, I may be volunteering if I find the time)

Anyway, as for your question...

Much of it is experience and the ability to read an API guide ;-)

Most programmers use functions provided by the compilers so they don't have to reinvent the wheel every time they write a program... this is good for us ;-)

What this means is that there is a limited number of API's they use for each function. API's such as GetDlgItemTextA or GetWindowTextA will get text from an edit box. MessageBoxA or ShowWindow will pop up a MessageBox. etc.,etc.

The A at the end of some API's means that they are for 32 bit code. For 16 bit apps, drop the A. i.e. GetWindowTextA is 32 bit while GetWindowText is 16 bit.

As for the tutorials, the author probably set breakpoints on 2 or 3 API's, but didn't feel the need to tell you which ones didn't work.

It is, for the most part, trial and error.
You may guide your choice by disassembling the program and looking at the imported function list, if it is small enough to be practical. For instance if the program does not list GetDlgItemTextA as an import, it is unlikely that a BPX on this function will be useful.
hmemcpy is sort of an 'universal' breakpoint, which is in turn invoked by most of the other
functions that capture input from the user.



I have not seen working alternatives, and I have been chastised for talking about it.
A possible solution would be to do your cracking in a Win98 machine in which hmemcpy does work.

damn back button ;-)

Thanks, that helped! So I can tell which breakpoint to use by looking at 1) whether Im trying to find the contents of a textbox info or how a message box pops up? or 2) By looking at the program's imports through windasm or IDA?

Thanks!