Fairly new to the reverse engineering scene and was wondering if there was a list of API functions for example the functions available in user32.dll. Looking for a document which may have a similar layout to this:
DLL: User32
Function: MessageBoxA
Description: Displays a message box.
Parameters: (int hWnd, String text, String caption, uint type,)
Example:
push 0
push offset
push offset
push 0
call MessageBoxA
Anyone know of such a document which can help me? Ive been through IDE Spinners tutorials and basically want to become familiar with many more API calls. I know you can retrieve a list of functions from a DLL using OllyDbg but I need a bit more help until im more comfortable with all the concepts.
Many thanks
Articles
Metasploit Framework Windows Tutorial The Archives General GSO | Full Version: List Of Api Calls
www.msdn.com is microsoft developer network, and has the biggest and most complete list of API calls. Another very good resource is API-Guide, google it.
msdn is indeed the best resource.
example: CODE MessageBoxA(NULL,"Text here","White Scorpion",MB_OK); would be CODE push NULL ; or 0 push offset White Scorpion push offset Text Here push MB_OK call MessageBoxA in assembly would be something like CODE push 0 push 00401384 push 00401400 push 0 call MessageBoxA in a disassembled program. see the resemblence? it is in the opposite order in assembly. you push the last argument first since the stack works via the FILO (first in last out) technique.
Cheers for the tips and info guys. Just got API-Guide, its exactly what I needed. Makes life so easy, would certainly recommend it to anyone who hasnt already got it. Was just flicking through some of the API calls and had calc.exe performing all different types of stuff in no time, e.g. moving files around a system.
Thanks again, much appreciated. EDIT: You can get API-Guide from the file downloads, it has been posted by Digital Spirit. QUOTE(nolimit @ Feb 25 2005, 05:06 PM) www.msdn.com is microsoft developer network, and has the biggest and most complete list of API calls. Another very good resource is API-Guide, google it.  API Guide doesn't contain so much, and it mostly contains visual basic examples which contain predefined values... i will suggest Microsoft API Reference.
AllAPI.net has some nice tuto's + 'the api-guide' and online api list
QUOTE(White Scorpion @ Feb 25 2005, 02:10 PM) msdn is indeed the best resource. example: CODE MessageBoxA(NULL,"Text here","White Scorpion",MB_OK); would be CODE push NULL ; or 0 push offset White Scorpion push offset Text Here push MB_OK call MessageBoxA in assembly would be something like CODE push 0 push 00401384 push 00401400 push 0 call MessageBoxA in a disassembled program. see the resemblence? it is in the opposite order in assembly. you push the last argument first since the stack works via the FILO (first in last out) technique. Correct me if I'm wrong (I'm used to being so...) but... push NULL ; or 0 push offset White Scorpion push offset Text Here push MB_OK shouldn't that be... push MB_OK push offset White Scorpion push offset Text Here push NULL ; or 0 ? I thought, from the IDESpin tuts, that the params are passed in the reverse...? Let me know, thanks.
yes it should be in reverse order for both disassembled progs and assembly. im not sure which assembler White Scorpian is using, but every assembler I have seen you pass parameters in reverse order for stdcalls...
krozgen > you are right, i have made a typo. luckely in this case it doesn't matter since MB_OK equals 0 so you could even say:
CODE push MB_OK push offset AppName push offset MesText push MB_OK call MessageBoxA only the correct usage would indeed be: CODE push MB_OK push offset AppName push offset MesText push NULL;hwnd call MessageBoxA where NULL equals 0 and MB_OK equals 0. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc. |
||
