Results 1 to 3 of 3

Thread: Menu Reversing Project

  1. #1
    MaTRiX_2k
    Guest

    Menu Reversing Project

    Greetings Reversers,

    I am having a sinking feeling of late, because of a problem, which
    i am unable to understand.
    It is regarding the Menu reversing project (Target: MixVibes PRO 2.23a).
    I made a BPX on enablemenuitem and came to this code.



    :0049A759 56 push esi
    :0049A75A 8BF1 mov esi, ecx
    :0049A75C 57 push edi
    :0049A75D 8B460C mov eax, dword ptr [esi+0C]
    :0049A760 85C0 test eax, eax
    :0049A762 7426 je 0049A78A
    :0049A764 837E1000 cmp dword ptr [esi+10],
    :0049A768 757A jne 0049A7E4
    :0049A76A 8B4C240C mov ecx, dword ptr [esp+0C]
    :0049A76E F7D9 neg ecx
    :0049A770 1BC9 sbb ecx, ecx
    :0049A772 83E1FD and ecx, FFFFFFFD
    :0049A775 83C103 add ecx, 00000003
    :0049A778 80CD04 or ch, 04
    :0049A77B 51 push ecx ->Flag
    :0049A77C FF7608 push [esi+08] ->Menu Item
    :0049A77F FF7004 push [eax+04] ->Handle To Menu

    * Reference To: USER32.EnableMenuItem, Ord:00B0h
    |
    :0049A782 FF150C264C00 Call dword ptr [004C260C]
    :0049A788 EB53 jmp 0049A7DD ;->Returned To The Caller came here

    Then I Bpx'd the Pushes before the call as described by Lord Soth.

    On the next pass, I watched the value of ECX, it's value (flag) was set
    to 02.
    But i had a problem when i began to read the 2nd & 3rd parameter's.
    They did not correspond to any, ID's I had seen in Win32dasm.
    Maybe I was reading it the wrong way.

    Anyways here is what i saw in Softice:-

    ECX -> 016f:00000403 02 00 00 00 00 78 03 - 00 00 00 13 02 23 c4 fe

    MenutItem ->

    016f:0075f3dc 01 00 00 00 90 53 EA - 00 00 00 00 00 00 00 00

    Handle ->

    016f:00EA5394 D4 03 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00



    Then I said Enough of this, and tried to patch it.

    I saw this:-

    :0049A772 83E1FD and ecx, FFFFFFFD
    :0049A775 83C103 add ecx, 00000003
    :0049A778 80CD04 or ch, 04
    :0049A77B 51 push ecx

    00000003 was added to ecx. I guess that 3 was added to some number may be -1 to give 2. So why not change this to 1 ?#$#. (I may be stupid sometimes
    so bear with me)

    I opened up HEX Workshop, I must confess that this was the first time,
    i was using it. I searched for 0049a77b and guess what i did'nt find it.

    Then I guessed that I must search for the offset value (0009b75h) given by Win32Dasm (Staus Bar).
    I got this junk, i did'nt know what to do.

    :00099b70 1BC9 83E1 FD83 C103 80CD 0451 FF76 08FF

    This was the last thing i wanted, which effectively stopped my cracking
    session for the day.

    Please help this newbie out.

    Please suggest if, there is anything I should read to increase my knowledge. (Other than the one's suggested by Kayaker.)

    Signing Out
    MaTRiX



    PS:-

    Sorry I am getting a lot of I's in my english, this human being
    shall try to improve his lang.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Hi,

    Why don't you try Hacker's View instead? IMO, its much nicer because it allows you to edit directly in asm.

    Regards,
    Clandestiny

  3. #3
    MaTRiX_2k
    Guest
    Thanx Clan, I will give it a try.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Project Pattern of Reversing Projects?
    By ptr0x in forum The Newbie Forum
    Replies: 0
    Last Post: April 16th, 2012, 21:16
  2. IDA: Attach to Process -> Menu deactivated
    By Drigo in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: May 14th, 2009, 00:31
  3. InTether Protection System Reversing...Reversing Kernel Code
    By tHE mUTABLE in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 20th, 2007, 10:48
  4. Menu resource ??
    By crUsAdEr in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: March 29th, 2002, 10:15
  5. Menu Enabling Project
    By Kayaker in forum Mini Project Area
    Replies: 35
    Last Post: March 8th, 2001, 00:54

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •