PDA

View Full Version : MessageBoxA inside MFC


UnderCover
September 19th, 2001, 16:21
Hi,

first i have a MessageBoxA that opens everytime when i start the prog and it has a Ok button so i must click in order to continue..as this program uses MFC i coudlnt patch it as i do with other programs,

* Possible StringData Ref from Data Obj ->"Thank you for trying this "
->"Demo."
|
:00422949 BE60AD5400 mov esi, 0054AD60
:0042294E 8D7C2444 lea edi, dword ptr [esp+44]
:00422952 6A00 push 00000000
:00422954 8D542448 lea edx, dword ptr [esp+48]
:00422958 898594000000 mov dword ptr [ebp+00000094], eax
:0042295E 6A40 push 00000040
:00422960 F3 repz
:00422961 A5 movsd
:00422962 52 push edx

* Reference To: MFC42.Ordinal:04B0, Ord:04B0h
|
:00422963 E86EBE0900 Call 004BE7D6 -> show msgboxa
:00422968 8B44241C mov eax, dword ptr [esp+1C] ->eax = 1 after
:0042296C 85C0 test eax, eax
:0042296E 7451 je 004229C1


so in 00422963 i entered in MFC and saw the call to MessageBoxA but i can't patch mfc42.dll, anyone can give me some direction ? i was thinking on making the prog thinks i've clicked ok but i need to mov eax, 6 before the call to Msgbox ?

tnx in advance
UnderCover

Solomon
September 19th, 2001, 21:02
1. first change "Call 004BE7D6" to "add esp, xxxxxxxx", where xxxxxxxx is the number of bytes to balance the stack, coz it pushes some parameters into the stack before calling MFC subroutine.

2. change "je 004229C1" to "nop"


:00422963 E86EBE0900 Call 004BE7D6 //add esp, xxxxxxxx
:00422968 8B44241C mov eax, dword ptr [esp+1C]
:0042296C 85C0 test eax, eax
:0042296E 7451 je 004229C1 //nop, nop

UnderCover
September 20th, 2001, 10:19
first change "Call 004BE7D6" to "add esp, xxxxxxxx"

how will i know what xxx is ? the program runs the message wont show but it crashes after start...

UnderCover
September 20th, 2001, 13:33
ArthaXerXes, patching this call by nopping it make the program crashes.

Solomon
September 20th, 2001, 21:02
1. write down the value of ESP register right before executing this call,
2. execute this call.
3. write down the value of ESP after executing this call.
just subtract the two values, you will get xxxxxxxx


Quote:
Originally posted by UnderCover
first change "Call 004BE7D6" to "add esp, xxxxxxxx"

how will i know what xxx is ? the program runs the message wont show but it crashes after start...

UnderCover
September 20th, 2001, 21:49
ye Solomon, worked tnx :]