Killing those Javascript Messageboxes
Netscape optimising

by +YOSHi
hcu1
(16 September 1997)


Courtesy of Reverser's page of reverse engineering

Well, a new +contribution to our project 5... (yet we still await mammon_'s one too) Here +YOSHi teaches something pretty interesting... a nice reverse engineering essay: short and precise!
Only one critic, though: please, never forget, from now on, to give THE VERSION of the target you are using! This is even more important with a target like Navigator, which comes in hundredone different flavours.

		Killing those Javascript Messageboxes
				by +YOSHi

First thing, WHY would you want to kill javascript messageboxes? Well,
same reason you'd want to kill cookies, they're annoying, and they do
pop up quite often, usually as disclaimers. Please note that Netscape
uses MessageBoxA to display the box.

a. Load up Netscape (assuming you have SoftIce loaded). Pick a page with
a Javascript MessageBox, like the one on reverser+'s home page.

b. Bpx messageboxa, BEFORE you visit the site

c. Load the page into Netscape

d. You will land in SoftIce, in the messageboxa code. Here's where the
crack starts.

e. P RET once and look at the code. There is nothing really interesting,
so p ret a few times until you come to the following code:

mov ebx, [eax + 4c]
call display&check

add esp, 08 <- you are here
mov ebx,
eax jmp checkresult

checkresult:
mov eax, [edi]
test eax, eax
jz user_cancel

f. Now, bpx on the address before the call. Reload the page in Netscape.

g. You are back in SoftIce. Press F10 once, and assemble this where the call is:

xor eax, eax
xor eax, eax
inc ax

Note the use of the inc ax instead of inc eax, it does the same thing in this case and uses one more byte.

h. Press F5 to leave SoftIce and.... no more messagebox! The page loads as if you had pressed Ok.

i. It's not over yet. This only works in memory until you patch it (for obvious reasons). So, patch it :)


That's all from me, I hope this knowledge is put to good use! :)
+YOSHi yoshi@ij.net
*EoF*
Enjoy
(c) +YOSHi, 1997. All rights reversed.
You are deep inside reverser's page of reverse engineering, choose your way out:

Back to project 5
homepage links redanonymity +ORC students' essays tools cocktails
academy database antismut search_forms mail_fravia
is reverse engineering legal?