MaTRiX_2k
January 7th, 2001, 06:13
Greetings Reversers,
I am having a sinking feeling of late, because of a problem, which
i am unable to understand.
It is regarding the Menu reversing project (Target: MixVibes PRO 2.23a).
I made a BPX on enablemenuitem and came to this code.
:0049A759 56 push esi
:0049A75A 8BF1 mov esi, ecx
:0049A75C 57 push edi
:0049A75D 8B460C mov eax, dword ptr [esi+0C]
:0049A760 85C0 test eax, eax
:0049A762 7426 je 0049A78A
:0049A764 837E1000 cmp dword ptr [esi+10],
:0049A768 757A jne 0049A7E4
:0049A76A 8B4C240C mov ecx, dword ptr [esp+0C]
:0049A76E F7D9 neg ecx
:0049A770 1BC9 sbb ecx, ecx
:0049A772 83E1FD and ecx, FFFFFFFD
:0049A775 83C103 add ecx, 00000003
:0049A778 80CD04 or ch, 04
:0049A77B 51 push ecx ->Flag
:0049A77C FF7608 push [esi+08] ->Menu Item
:0049A77F FF7004 push [eax+04] ->Handle To Menu
* Reference To: USER32.EnableMenuItem, Ord:00B0h
|
:0049A782 FF150C264C00 Call dword ptr [004C260C]
:0049A788 EB53 jmp 0049A7DD ;->Returned To The Caller came here
Then I Bpx'd the Pushes before the call as described by Lord Soth.
On the next pass, I watched the value of ECX, it's value (flag) was set
to 02.
But i had a problem when i began to read the 2nd & 3rd parameter's.
They did not correspond to any, ID's I had seen in Win32dasm.
Maybe I was reading it the wrong way.
Anyways here is what i saw in Softice:-
ECX -> 016f:00000403 02 00 00 00 00 78 03 - 00 00 00 13 02 23 c4 fe
MenutItem ->
016f:0075f3dc 01 00 00 00 90 53 EA - 00 00 00 00 00 00 00 00
Handle ->
016f:00EA5394 D4 03 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
Then I said Enough of this, and tried to patch it.
I saw this:-
:0049A772 83E1FD and ecx, FFFFFFFD
:0049A775 83C103 add ecx, 00000003
:0049A778 80CD04 or ch, 04
:0049A77B 51 push ecx
00000003 was added to ecx. I guess that 3 was added to some number may be -1 to give 2. So why not change this to 1 ?#$#. (I may be stupid sometimes
so bear with me)
I opened up HEX Workshop, I must confess that this was the first time,
i was using it. I searched for 0049a77b and guess what i did'nt find it.
Then I guessed that I must search for the offset value (0009b75h) given by Win32Dasm (Staus Bar).
I got this junk, i did'nt know what to do.
:00099b70 1BC9 83E1 FD83 C103 80CD 0451 FF76 08FF
This was the last thing i wanted, which effectively stopped my cracking
session for the day.
Please help this newbie out.
Please suggest if, there is anything I should read to increase my knowledge. (Other than the one's suggested by Kayaker.)
Signing Out
MaTRiX
PS:-
Sorry I am getting a lot of I's in my english, this human being
shall try to improve his lang.
I am having a sinking feeling of late, because of a problem, which
i am unable to understand.
It is regarding the Menu reversing project (Target: MixVibes PRO 2.23a).
I made a BPX on enablemenuitem and came to this code.
:0049A759 56 push esi
:0049A75A 8BF1 mov esi, ecx
:0049A75C 57 push edi
:0049A75D 8B460C mov eax, dword ptr [esi+0C]
:0049A760 85C0 test eax, eax
:0049A762 7426 je 0049A78A
:0049A764 837E1000 cmp dword ptr [esi+10],
:0049A768 757A jne 0049A7E4
:0049A76A 8B4C240C mov ecx, dword ptr [esp+0C]
:0049A76E F7D9 neg ecx
:0049A770 1BC9 sbb ecx, ecx
:0049A772 83E1FD and ecx, FFFFFFFD
:0049A775 83C103 add ecx, 00000003
:0049A778 80CD04 or ch, 04
:0049A77B 51 push ecx ->Flag
:0049A77C FF7608 push [esi+08] ->Menu Item
:0049A77F FF7004 push [eax+04] ->Handle To Menu
* Reference To: USER32.EnableMenuItem, Ord:00B0h
|
:0049A782 FF150C264C00 Call dword ptr [004C260C]
:0049A788 EB53 jmp 0049A7DD ;->Returned To The Caller came here
Then I Bpx'd the Pushes before the call as described by Lord Soth.
On the next pass, I watched the value of ECX, it's value (flag) was set
to 02.
But i had a problem when i began to read the 2nd & 3rd parameter's.
They did not correspond to any, ID's I had seen in Win32dasm.
Maybe I was reading it the wrong way.
Anyways here is what i saw in Softice:-
ECX -> 016f:00000403 02 00 00 00 00 78 03 - 00 00 00 13 02 23 c4 fe
MenutItem ->
016f:0075f3dc 01 00 00 00 90 53 EA - 00 00 00 00 00 00 00 00
Handle ->
016f:00EA5394 D4 03 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
Then I said Enough of this, and tried to patch it.
I saw this:-
:0049A772 83E1FD and ecx, FFFFFFFD
:0049A775 83C103 add ecx, 00000003
:0049A778 80CD04 or ch, 04
:0049A77B 51 push ecx
00000003 was added to ecx. I guess that 3 was added to some number may be -1 to give 2. So why not change this to 1 ?#$#. (I may be stupid sometimes
so bear with me)
I opened up HEX Workshop, I must confess that this was the first time,
i was using it. I searched for 0049a77b and guess what i did'nt find it.
Then I guessed that I must search for the offset value (0009b75h) given by Win32Dasm (Staus Bar).
I got this junk, i did'nt know what to do.
:00099b70 1BC9 83E1 FD83 C103 80CD 0451 FF76 08FF
This was the last thing i wanted, which effectively stopped my cracking
session for the day.
Please help this newbie out.
Please suggest if, there is anything I should read to increase my knowledge. (Other than the one's suggested by Kayaker.)
Signing Out
MaTRiX
PS:-
Sorry I am getting a lot of I's in my english, this human being
shall try to improve his lang.