Browsing the archives for the Hacking tag

10Oct09 ワーウ!てめえぇぇぇぇ~ wowTemee 1.1.0 Public Release

wowTemee 1.1.0
support for WoW Patch Downloader version up to 3.2.2a
支援魔獸世界更新下載程式至版本編號 3.2.2a
http://mifan.infor.org/lab/wowTemee-1.1.0.exe

.

wowTemee stands for WoW TorrEnt MEtafile Extractor, which can extract .torrent metafile from an official World of Warcraft patch downloader program. We all know that the downloader is a tiny and simple BitTorrent client with lack of many features, say network traffic control, comparing with other common BT clients. This bothers many users, including me, because we just don’t have enough large bandwidth to upload data unlimitedly. By combining wowTemee and any common BT client (I personally recommend µTorrent) you can download and manage the officially released .torrent metafiles with your favorite BT client. This also ensures security since you don’t have to worry about getting virii or spyware by downloading patch programs from others’ .torrent metafiles.

wowTemee 是「WoW TorrEnt MEtafile Extractor」的縮寫,它能夠幫你從魔獸世界的官方「更新下載程式」(注意不是更新程式,而是用來下載更新程式的程式)當中抽取出一個 .torrent 檔案,其中的內容就是要被下載來進行主程式更新的更新程式。我們都知道這個更新下載程式本身是一個功能極為簡單的 BT 下載程式,其中缺乏了很多必要的功能,像是網路流量與同時連線數量的限制。這實在是對包含我在內的使用者們感到困擾,因為我們家裡沒有夠好的網路可以那樣提供無限制的上傳頻寬;在下載更新程式的同時,所有其他需要網路的事情幾乎都無法做了。所以如果把 wowTemee 和任何當今流行的 BT 客戶端(我個人推薦 µTorrent)程式搭配在一起使用,你就可以享受這些 BT 客戶端程式帶來給你的方便下載功能,同時又能確保你所使用來下載的 .torrent 檔是官方提供的版本,而不需要像以往一樣擔心因為使用了不明人士的 .torrent 檔案而抓到了帶有木馬或病毒的魔獸世界更新程式。

No Comments Posted by mifan in Release Notes
Tagged , , , ,
18Jun09 Notes on Windows Live Messenger 8.5

Last time in “Windows Live Messenger 8.5 is Resurrected” I mentioned about that I removed the limit of single process per user session on a Windows system as well as the update-reminding balloons. This time I am going to tell you how the WLM originally works on such both things and you will find that there no difficulty to patch them yourself.

1. Constraint on the number of WLM process

This is done by trying to create an event object with invoking the CreateEvent() API function using a constant event name. In our case of WLM 8.5, it is MSNMSGR. If you use tools to probe opened handles in a WLM process, you may find some thing like Figure.1. According to the MSDN document, if you try to create a named event that already exists, CreateEvent() will return the handle to the already-created event object, and a subsequent GetLastError() invocation returns ERROR_ALREADY_EXISTS. So during WLM’s initialization, it tries to create a named event object and check the return value from GetLastError(): if the value indicates an existed object, the process signals it and terminated itself.

opened handles
Figure.1

To present this flow in a more detailed perspective, I made the following pseudo code:

HANDLE hEvent = CreateEvent(NULL, true, NULL, "MSNMSGR");
if (hEvent == NULL) {
    goto OnError;
}
else if (GetLastError() == ERROR_ALREADY_EXISTS) {
    // we do this to notify the existing WLM process
    // to pop up its main window
    SetEvent(hEvent);

    goto ExitProcess;
}

// do some subsequent initialization
....

2. Retrieval of current version number from server

After the identity authentication passed, the WLM client send its current version information to the server by posting a VER message in the microsoft defined protocol (it is a plain text format). The server then respond a CVR message with the latest stable version number of client software and perhaps a URL to the new client download, depending on the information sent by the client earlier. If the server response contains a URL, then it means that the client side is recommended to upgrade its program, and an annoying balloon will come out. This portion of code is merely some string comparison, which parses the server response.

DWORD dwHead = *((DWORD*)szMsg);
switch (dwHead) {
    case 0x20524556:  // VER
        ...
        break;
    case 0x20525643:  // CVR
        ...
        break;
    ...
}

A fast but somewhat brute method to disable this behavior is to break the pattern used to be matched by parser. We only need to modify the string CVR in the executable image to anything else, so the program will not be able to recognize the latest client version and URL to download it. This does work and for now no side effects have been found by me, since the information provided with a CVR message will not be used ever after.

No Comments Posted by mifan in Software Hacking
Tagged , , ,
12Apr09 Windows Live Messenger 8.5 is Resurrected

Since the new version, or the so-called stable release, of Windows Live Messenger (build 14.0.8064.0206) was available for downloads, many of my friends have been complaining about its inconvenience brought by the yet modified UI design and its instability. In fact, most of them didn’t intended to apply the update, but the ANNOYING update balloon just kept popping up and said, “I will keep poking you until you install my new update, mate!”

As always fighting for the freedom of humankind, I can not tolerate this kind of rude behavior. So I yet modified the binary of Window Live Messenger 8.5, yes I did that again, to get rid of this foolish balloon. Because I have little time to rewrite Purifier recently, I can only upload the patched binaries for you, which are the same files I am using now.

http://cmlab.csie.ntu.edu.tw/~mifan/download/Messenger-8.5.1302.1008.rar

Version: 8.5.1302.1008
Language: Taiwanese

  1. Ad banners and texts are removed as Purifier has already done for you
  2. Support for multi-account logins is added (you will need to run a Messenger process for each account)
  3. No update-reminding balloons anymore

Note: some reported that the packed binaries didn’t work on a clean system.

No Comments Posted by mifan in Release Notes
Tagged , ,