Cracking 4 Newbies
Using breakpoints
I told you earlier that I would come back on all sort of breakpoints that are usefull when cracking. I'll keep it as easy as possible, however it's possible you won't understand everything. But don't worry, just try and practice, you'll get it in no time! ;)

  • BPX

    This is the most common breakpoint: breakpoint on execution. It's used to break on API calls like GetWindowTextA or GetDlgItemTextA (those two read text in editboxes....mostly used to search for serials or to follow how a serial is created in a program). Of course there are many many other breakpoints. On my mainpage you can view a list on breakpoints that are used most when cracking.
    Syntax: bpx [API call]

  • BPM

    Breakpoint on memory access. It 's used for breaking on a specific memory location. When serials are created, the program first has to read the serial you typed in. By setting a breakpoint on the memory location where you serial is stored, SoftICE will pop-up when the program reads your serial. This is usefull as then you can see what it does with you serial or with a part of your serial
    Syntax: bpm #xxxx:xxxxxxxx

  • BPR

    Breakpoint on memory range. It's almost the same as BPM, but it's more usefull (actually, I always use bpr and NOT bpm) : it sets a breakpoint on a certain memory range. Now imagine that you serial (8 chars long) is stored at memory location #0030:80000000. Setting a "bpm #0030:80000000" will only cause a break when the first character of your serial is read. If you set however a "bpr #0030:80000000 #0030:80000000+8" (note that you can use math signs like "+", "-", etc...) SoftICE will pop-up on every character that 's read.
    Syntax: bpr #xxxx:xxxxxxxx #yyyy:yyyyyyyy

  • BMSG

    This breakpoint is somewhat more complicated, but it's very useful and I use it all the time when cracking programs. It breaks on the handle of certain things like: buttons, mouseclicks, windows, etc... . It's common used to find out the offset adress of where a nagscreen is drawn, or to find out how a serial is read in memory if it doesn't use the normal GetWindowTextA or GetDlgItemTextA.
    But now: how do you use it? Well, let's make a fictious program and call it "Crackme". Let's say it has a nagscreen with an OK-button on it. So what do we do: we fire up Crackme, press CTRL-D to popup SoftICE. We want the handle of OK button, so first type in Sice: "hwnd crackme". Now you will see a list of every object drawn on the screen of the program crackme. Somewhere you should see the handle of the nagscreen. Note the handle of it (let's imagine it is 035C).....then type: "bmsg 035C wm_lbuttonup". This command 'll break if you pressed the OK button. That way you can find out the call that draws the nagscreen or find out where the comparison is made whether the OK-button is pressed or not.
    I guess this is somewhat difficult to understand, and I had some difficulties with it when first reading how to use BMSG, but I'll try and put a tutorial for it online :)


[ GO BACK TO MAIN PAGE ]
Cracking 4 Newbies by the Blackbird © 1999