Log in

View Full Version : How to determine what Specific API calls do

ShCiPwA
April 1st, 2005, 11:13
Hi, I am currently working on my first cracking / Reverse Eng project. And i think i am jumping into the deep end a bit, but have picked up a HUGE amount in the last week. I am trying to derive the formula for a challenge / response auth code for an online program, and need to copy the algorithm from the decompiled ASM code to insert into an imitation version of the program. so far I have figured out where the challenge manipulation starts, and now need to find out what a bunch of API calls actually do. I am pretty sure i am looking in the right spot as the API calls look alot like string manipulation, but the definitions that IDA come up with are very ambiguous

for example

extrn __imp_??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z:dword

is the first one, can someone tell me what i am looking at, and where i can find a reference of what it does,

By the way, it is imported from MSVC6


Thanks, ShCiPwA
nikolatesla20
April 1st, 2005, 11:19
basic_string is an STL class the you can use to handle strings, it creates memory space for the string, and takes care of when you add two strings, etc. Look up the docs for <string> to find out more about how it works, and from there you should be able to find what you are looking for (the memory where the string is, etc)

By the way the weird names you see are called "mangling", and that's how the linker knows for example which function to link to. For example in C++ you can have two functions of the same name but different arguments or different return values. The compiler adds characters to the name when creating the symbol table, the characters represent the argument types, number of args, etc, and creates the mangled name you see. This way the linker knows which function to link to between functions that have the same names in your code.

-nt20
blabberer
April 2nd, 2005, 13:21
there are lot of c++ demanglers out there

your string will be demangled like this

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

class std::basic_string<char,struct std::char_traits<char>,class std::allocator<
char> > __cdecl std:perator+(class std::basic_string<char,struct std::char_tr
aits<char>,class std::allocator<char> > const &,class std::basic_string<char,str
uct std::char_traits<char>,class std::allocator<char> > const &
Polaris
April 2nd, 2005, 13:35
Quote:
[Originally Posted by ShCiPwA]I am pretty sure i am looking in the right spot as the API calls look alot like string manipulation, but the definitions that IDA come up with are very ambiguous

for example

extrn __imp_??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z:dword

is the first one, can someone tell me what i am looking at, and where i can find a reference of what it does


In IDA, just go to Options->Demangled Names and select "Show as names"... This will allow to see names in a human understandable way.

To know what these functions do... well, just google!
JMI
April 2nd, 2005, 13:52
Oh NO, not searching! Who'd have thunk it.

Regards,