January 2000 |
Netscape annoyances |
Windows Reversing |
|
by Amante4 |
|
|
Code Reversing For Beginners |
|
|
Published by Tsehp |
Program Details Program Name: Netscape Navigator Program Type: Browser Program Location: [ here ] Program Size: Too big |
|
Tools Required: Hexeditor- I use Ultraedit |
||
Rating |
Easy ( X ) Medium ( ) Hard ( ) Pro ( ) |
There is a crack, a crack in everything. That's how the light gets in. |
Destroying Netscape
annoyances Written by Amante4
Introduction |
With all the comercial advertising going on lately there's one thing
about all current Netscape browsers that really annoys me. Whenever I open the messenger
(mail tool) portion of Netscape it automatically downloads some annonying page from
netscape in the bottom most window. This really sucks and not to mention hogs bandwidth
for no good reason. The purpose of this essay is to show how I put a stop to it. Included
is some C code I wrote to "fix" this problem on any version of Netscape.
The Essay |
Try it. Just open any version of Netscape (probably needs to be 4.? or greater) and go to Communicator->Messenger. Notice the page it downloads in the window. Now before clicking on anything goto View->Page Source. You'll see that this page comes from http://messenger.netscape.com/bookmark/4_5/messengerstart.html . Grep for this in the netscape directory and you'll find it in a file called resdll.dll. Here's a snippet of the text from the file:
pref("mailnews.start_page.url", "http://messenger.netscape.com/bookmark/4_5/messengerstart.html");
<------ The page in question
pref("mailnews.start_page.enabled", true); <------
A flag to enable or disable this page from loading
Try using your hexeditor to change the true to a false (yes you can do it because there is a space between the , and the t in true). So now your line should look like this:
pref("mailnews.start_page.enabled",false); <------ Notice no space between , and f in false
Restart Netscape and Cool!!!! the page no longer loads. Free at last :)
Although this is simple, new versions of Netscape are produced pretty fast and I'd get tired of manually editing this each time I got a new version. So I wrote a little C program to do the fixing for you. Here's the C code netscape_patch.c:
#include <stdio.h>
#include <fcntl.h>
#include <io.h>
#include <windows.h>
void main() {
// local variables
unsigned char* install_directory; // the key value
unsigned long value_length; // the length of the key
char *target_file;
long ret_value=0;
HKEY hKey, hSubKey;
int find_and_patch_file(char *);
// update the status window
printf("Attempting to locate netscape
install directory...\n");
SleepEx(1000,FALSE);
// try to open the registry key
ret_value = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"Software",
0,
KEY_QUERY_VALUE,
&hKey
);
ret_value = RegOpenKeyEx(hKey,
"Microsoft",
0,
KEY_QUERY_VALUE,
&hSubKey
);
hKey = hSubKey;
ret_value = RegOpenKeyEx(hKey,
"Windows",
0,
KEY_QUERY_VALUE,
&hSubKey
);
hKey = hSubKey;
ret_value = RegOpenKeyEx(hKey,
"CurrentVersion",
0,
KEY_QUERY_VALUE,
&hSubKey
);
hKey = hSubKey;
ret_value = RegOpenKeyEx(hKey,
"App Paths",
0,
KEY_QUERY_VALUE,
&hSubKey
);
hKey = hSubKey;
ret_value = RegOpenKeyEx(hKey,
"Netscape.exe",
0,
KEY_QUERY_VALUE,
&hSubKey
);
hKey = hSubKey;
if (ret_value != ERROR_SUCCESS) { // if there's
an error
printf("Unable to
find a valid Netscape installation.\n");
}
else {
// first query value to
get size of value
ret_value =
RegQueryValueEx(hKey,
"Path",
NULL,
NULL,
NULL,
&value_length
);
install_directory =
(unsigned char*)malloc(value_length);
target_file =
(char*)malloc(value_length+15); // add some for our filename
ret_value =
RegQueryValueEx(hKey,
"Path",
NULL,
NULL,
install_directory,
&value_length
);
if (ret_value !=
ERROR_SUCCESS) {
printf("Unable
to get installation path.\n");
}
else {
printf("Found
Netscape installation.\n");
SleepEx(1000,FALSE);
target_file
= install_directory; // convert to CString
strcat(target_file,"\\resdll.dll");
printf("Opening
file %s\n",target_file);
SleepEx(1000,FALSE);
find_and_patch_file(target_file);
// call the function to find the code and patch it
}
}
}
int find_and_patch_file(char *file)
{
int file_handle;
char* filename;
// the code signature to look for in file
unsigned char code_sig[35] = { 0x70, 0x72, 0x65, 0x66, 0x28, 0x22,
0x6d, 0x61, 0x69,
0x6c,
0x6e, 0x65, 0x77, 0x73, 0x2e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f,
0x70,
0x61, 0x67, 0x65, 0x2e, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x22,
0x2c }; // pref("mailnews.start_page.enabled",
unsigned char patch_bytes[5] = { 0x66, 0x61, 0x6c, 0x73, 0x65 }; //
"false"
int index = 0; // the index into the code_sig array
unsigned char read_byte; // a 1 byte buffer
// open the file
if ((file_handle = open(file, O_RDWR | O_BINARY)) == -1) {
printf("Error: Can't open file. Please
make sure Netscape is closed.\n");
return (0); // failure
}
printf("Finding Code Signature\n");
SleepEx(1000,FALSE);
while (file_handle != (int)NULL) {
// we've read the entire string from file
if (index == 35) {
printf("Found Code
Signature\n");
SleepEx(1000,FALSE);
printf("Patching
file\n");
SleepEx(1000,FALSE);
write(file_handle,
&patch_bytes, 5); // patch the file
printf("Done.\n");
SleepEx(1000,FALSE);
return (1); // success
}
read(file_handle, &read_byte, 1); // read a
byte from the file
if (read_byte == code_sig[index]) {
++index;
}
else {
index = 0; // reset
index if ever a mismatch
}
}
printf("Error: Code Signature Not Found.\n");
return (0); // fail
}
Final Notes |
This file resdll.dll seems to contain default settings for many things in Netscape. The crack was simple but the program will allieviate any manual editing on future versions of Netscape. Hope this is helpful.
Job Done.
Amante4
Ob Duh |
Do I really have to remind you all that by buying and NOT
stealing the software you use will ensure that these software houses will continue to
produce even *better* software for us to use and more importantly, to continue offering
even more challenges to breaking their often weak protection systems.
If your looking for cracks or serial numbers from these
pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks
etc.