Spelunking - Getting Started

Suppose you have an executable. Any executable. Let's say Getright v4.3. Have you ever wondered how it works? It has nice interface effects, a robust resume/pause shell while downloading files, etc.

There is absolutely no change that a program will have its own interface routines for example. Behind every nice coded program, there is a common factor: Windows API. (API stands for Application Programming Interface). There are numerous books that do talk about API. So where's the problem? Microsoft has decided NOT to document every single function that is available in the API. So we have undocumented API or API that is documented in such a way that it does not make sense. It's the API that is being used by magic programs like ms office, ms internet explorer and other ms programs.

Let's determine our objectives:

We'll try to discover which API functions a program uses.
We'll try to discover how the program uses these API functions.
We'll try to discover how the program really works by connecting API to its actual source code.

Return