Results 1 to 6 of 6

Thread: MessageBoxA inside MFC

  1. #1
    UnderCover
    Guest

    MessageBoxA inside MFC

    Hi,

    first i have a MessageBoxA that opens everytime when i start the prog and it has a Ok button so i must click in order to continue..as this program uses MFC i coudlnt patch it as i do with other programs,

    * Possible StringData Ref from Data Obj ->"Thank you for trying this "
    ->"Demo."
    |
    :00422949 BE60AD5400 mov esi, 0054AD60
    :0042294E 8D7C2444 lea edi, dword ptr [esp+44]
    :00422952 6A00 push 00000000
    :00422954 8D542448 lea edx, dword ptr [esp+48]
    :00422958 898594000000 mov dword ptr [ebp+00000094], eax
    :0042295E 6A40 push 00000040
    :00422960 F3 repz
    :00422961 A5 movsd
    :00422962 52 push edx

    * Reference To: MFC42.Ordinal:04B0, Ord:04B0h
    |
    :00422963 E86EBE0900 Call 004BE7D6 -> show msgboxa
    :00422968 8B44241C mov eax, dword ptr [esp+1C] ->eax = 1 after
    :0042296C 85C0 test eax, eax
    :0042296E 7451 je 004229C1


    so in 00422963 i entered in MFC and saw the call to MessageBoxA but i can't patch mfc42.dll, anyone can give me some direction ? i was thinking on making the prog thinks i've clicked ok but i need to mov eax, 6 before the call to Msgbox ?

    tnx in advance
    UnderCover
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    1. first change "Call 004BE7D6" to "add esp, xxxxxxxx", where xxxxxxxx is the number of bytes to balance the stack, coz it pushes some parameters into the stack before calling MFC subroutine.

    2. change "je 004229C1" to "nop"


    :00422963 E86EBE0900 Call 004BE7D6 //add esp, xxxxxxxx
    :00422968 8B44241C mov eax, dword ptr [esp+1C]
    :0042296C 85C0 test eax, eax
    :0042296E 7451 je 004229C1 //nop, nop

  3. #3
    UnderCover
    Guest
    first change "Call 004BE7D6" to "add esp, xxxxxxxx"

    how will i know what xxx is ? the program runs the message wont show but it crashes after start...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    UnderCover
    Guest
    ArthaXerXes, patching this call by nopping it make the program crashes.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    1. write down the value of ESP register right before executing this call,
    2. execute this call.
    3. write down the value of ESP after executing this call.
    just subtract the two values, you will get xxxxxxxx


    Originally posted by UnderCover
    first change "Call 004BE7D6" to "add esp, xxxxxxxx"

    how will i know what xxx is ? the program runs the message wont show but it crashes after start...

  6. #6
    UnderCover
    Guest
    ye Solomon, worked tnx :]
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Funny API function inside ntdll.dll
    By OHPen in forum Blogs Forum
    Replies: 11
    Last Post: October 30th, 2007, 04:59
  2. breaking inside modules
    By jose barroca in forum OllyDbg Support Forums
    Replies: 1
    Last Post: September 22nd, 2005, 12:16
  3. When MessageBoxA is far away
    By Medic in forum The Newbie Forum
    Replies: 3
    Last Post: September 14th, 2004, 14:57
  4. Breakpoints inside dlls?
    By Anonymous in forum OllyDbg Support Forums
    Replies: 6
    Last Post: June 5th, 2003, 15:15
  5. Getting ImageBase from inside the process
    By Sorrow The Prince in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: December 7th, 2000, 11:06

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •