(16 September 1997)
Courtesy of Fravia's page of reverse engineeringKilling those Javascript Messageboxes by +YOSHi First thing, WHY would you want to kill javascript messageboxes? Well, same reason you'd want to kill cookies, they're annoying, and they do pop up quite often, usually as disclaimers. Please note that Netscape uses MessageBoxA to display the box. a. Load up Netscape (assuming you have SoftIce loaded). Pick a page with a Javascript MessageBox, like the one on Fravia+'s home page. b. Bpx messageboxa, BEFORE you visit the site c. Load the page into Netscape d. You will land in SoftIce, in the messageboxa code. Here's where the crack starts. e. P RET once and look at the code. There is nothing really interesting, so p ret a few times until you come to the following code: mov ebx, [eax + 4c] call display&check add esp, 08 <- you are here mov ebx, eax jmp checkresult checkresult: mov eax, [edi] test eax, eax jz user_cancel f. Now, bpx on the address before the call. Reload the page in Netscape. g. You are back in SoftIce. Press F10 once, and assemble this where the call is: xor eax, eax xor eax, eax inc ax Note the use of the inc ax instead of inc eax, it does the same thing in this case and uses one more byte. h. Press F5 to leave SoftIce and.... no more messagebox! The page loads as if you had pressed Ok. i. It's not over yet. This only works in memory until you patch it (for obvious reasons). So, patch it :) That's all from me, I hope this knowledge is put to good use! :) +YOSHi yoshi@ij.net *EoF* Enjoy(c) +YOSHi, 1997. All rights reversed.
Back to project 5
homepage
links
anonymity
+ORC
students' essays
tools
cocktails
academy database
antismut
search_forms
mail_Fravia
is reverse engineering legal?