Post Reply 
Hex Patches 4U!
May. 07, 2014, 05:32 PM (This post was last modified: May. 18, 2014 07:45 PM by Stone-D.)
Post: #1
Hex Patches 4U!
Over the years I've hacked into Proxo's guts with various disassemblers and debuggers as a result of some kind of annoyance. I've been using Proxomitron forever, and without it I wouldn't be enjoying my job as much as I do.

I teach in a Korean high school situated in Indonesia, where I control a computer lab. For three years my lab had 20 computers, and this year I moved to one with 35. The current lab has a dedicated 10 Gb link. On a typically busy day I've got a maximum of 20 students in there, hammering the connection with Youtube, Twitch and HD K-soaps for between 10 and 40 minutes solid. The worst was when my lab was used with one day of warning for a paid on-line TOEFL mock test, which involves massive amounts of audio going both ways, using Java in Internet Explorer.

I have been using this combination of patches all this time, and Proxo has yet to fail me. It is a champ, and a testament to Scott's brilliance.

Currently it's running on Server 2003 (original lab, re-purposed for the middle school), and Server 2008. For a 'remote' proxy I use a secondary one called Proxy+. Also ancient and discontinued, it has an extremely good caching technology and supports https and socks 4/5. Oh and it's a mail server, too.

Anyway! To give back to the community, here are my patches.

Changelog:
2014-05-08 : Initial Post
2014-05-11 : Added 'SSL Certificate CN Always Matches', Deprecated 'Bypass SSL Certificate Error'
2014-05-11 : Added 'Font Adjustments'
2014-05-12 : Added Note #3 to 'Font Adjustments'
2014-05-12 : Added Monospaced Message Log to 'Font Adjustments'
2014-05-12 : Added Note to 'For Reference: RWIN Patch', briefly explaining what it does.


All are for Naoko 4.5j (June release). Yes, you can apply them to any such copy, whether or not they've had a GUI patch[1]. The first column is the offset, the second is the changed byte, and the third is the original byte:

ADDRESS: NEW OLD


SSL Certificate CN Always Matches
Note: Rename or delete your certs.pem file in order to use this. Otherwise you'll need to use the deprecated patch below.
Code:
0000ECA7: EB 75       jnz     short loc_40F8C1  // SSL Certificate CN Always Matches, JMPS/EB.

Original:
.0040F88F: FF15B4614200                 call        _strnicmp ;MSVCRT
.0040F895: 83C40C                       add         esp,00C ;"?"
.0040F898: BF01000000                   mov         edi,000000001
.0040F89D: 85C0                         test        eax,eax
.0040F89F: 7404                         je         .00040F8A5
.0040F8A1: 8B7C2410                     mov         edi,[esp][10]
.0040F8A5: 85FF                         test        edi,edi
.0040F8A7: 7518                         jne        .00040F8C1   <<< THIS. Turn into JMPS with EB.
.0040F8A9: 8B5E04                       mov         ebx,[esi][04]
.0040F8AC: 83C614                       add         esi,014 ;"¶"
.0040F8AF: 43                           inc         ebx
.0040F8B0: 68C89B4200                   push        000429BC8
.0040F8B5: 895EF0                       mov         [esi][-10],ebx
.0040F8B8: 56                           push        esi
.0040F8B9: E8D270FFFF                   call       .000406990


DEPRECATED: Bypass SSL Certificate Error
Note: With high load, using 1 as the return value can lead to a crashed SSL library. I'm experimenting with using 3 to reduce the likelihood. So far so good.
Code:
Part 1: "Should Proxo ask? NO."
0000F35D: 90 7F   jg short loc_40FF69
0000F35E: 90 0A

Part 2: "Always respond with this answer."
0000F360: 03 01
1: Allow (Original Value)
2: Deny
3: Allow Session

Original:
.0040FF5B: 85C0                         test        eax,eax
.0040FF5D: 7F0A                         jg         .00040FF69  --
.0040FF5F: B801000000                   mov         eax,000000001
.0040FF64: 5F                           pop         edi
.0040FF65: 83C450                       add         esp,050 ;"P"
.0040FF68: C3                           retn

Modified:
.0040FF5B: 85C0                         test        eax,eax
.0040FF5D: 90                           nop
.0040FF5E: 90                           nop
.0040FF5F: B803000000                   mov         eax,000000003
.0040FF64: 5F                           pop         edi
.0040FF65: 83C450                       add         esp,050 ;"P"
.0040FF68: C3                           retn


Bypass Texture Errors: "Failed to load texture bitmap"
Code:
Part 1:
000016D8: EB 75 jnz short loc_402342 > EB/JMP.
Part 2:
00001744: 33 B8 mov eax, 1 -> XOR EAX, EAX, NOP NOP NOP
00001745: C0 01 Cancels out texture loading problems. Can't do anything about it, so I don't want to know.
00001746: 90 00
00001747: 90 00
00001748: 90 00


Bypass Exception Errors: "ProxomiTron Application Error. Exception [%08X] raised in..."
Code:
00009450: C3 8B Immediate RETN.
00009451: 90 44
00009452: 90 24
00009453: 90 08


Bypass Texture Errors: "Proxomitron Application Error. ** WARNING **\nAn unauthorized access at"
Also in the message log, so it's redundant.
Code:
0001DE6A: EB 68 Change a PUSH command to a JMPS command.
0001DE6B: 15 30
0001DE6C: 90 20
0001DE6D: 90 01
0001DE6E: 90 00

.0041EA6A: 6830200100                   push        000012030     << Jump from HERE
.0041EA6F: 68A8804200                   push        0004280A8 ;'ProxomiTron App
.0041EA74: 6840C64200                   push        00042C640
.0041EA79: 6A00                         push        000
.0041EA7B: FF1594624200                 call        MessageBoxA ;USER32
.0041EA81: C744241801000000             mov         d,[esp][18],000000001    << to HERE


Font Adjustments
Note 1: This example dictates the font size used in the Web Page Filter Editor's EDIT controls. I use Andale Mono size 7 for the main dialog, and this value matches that size. Converting point sizes isn't easy: it depends on the desktop DPI, amongst other things, and pos/neg values have different meanings. Just experiment going up and down, is my suggestion.
Code:
0000A9B0: F7 F4 Andale Mono // Web Editor, F7 = Font pt 7

Original:
.0040B58B: 688C8D4200                   push        000428D8C ;'Andale Mono'
.0040B590: 6A00                         push        000
.0040B592: 6A00                         push        000
.0040B594: 8B742458                     mov         esi,[esp][58]
.0040B598: 6A00                         push        000
.0040B59A: 6A00                         push        000
.0040B59C: 6A00                         push        000
.0040B59E: 6A00                         push        000       <<< STRIKEOUT, UNTESTED
.0040B5A0: 6A00                         push        000       <<< UNDERLINE, UNTESTED
.0040B5A2: 6A00                         push        000       <<< ITALIC, UNTESTED
.0040B5A4: 6890010000                   push        000000190 <<< WEIGHT, UNTESTED
.0040B5A9: 6A00                         push        000       <<< ORIENTATION, UNTESTED
.0040B5AB: 6A00                         push        000       <<< ESCAPEMENT, UNTESTED
.0040B5AD: 6A00                         push        000       <<< WIDTH, UNTESTED
.0040B5AF: 6AF4                         push        0F4       <<< HEIGHT, THIS EXAMPLE
.0040B5B1: 893E                         mov         [esi],edi
.0040B5B3: FF1554604200                 call        CreateFontA ;GDI32
.0040B5B9: 8B1DEC624200                 mov         ebx,GetDlgItem ;USER32
.0040B5BF: 68F9030000                   push        0000003F9  ---? (2)
.0040B5C4: 57                           push        edi
.0040B5C5: 894624                       mov         [esi][24],eax

For further information, look up "CreateFontA" using your search engine of choice and refer to this assembler tutorial.

Note 2: There are two locations in the binary where there is a font name referenced:

Code:
.004287F0:  43 4C 4F 43-4B 24 00 00-41 55 58 00-43 4F 4E 00  CLOCK$  AUX CON
.00428800:  4E 55 4C 00-4D 53 20 53-61 6E 73 20-53 65 72 69  NUL MS Sans Seri   <<<
.00428810:  66 00 00 00-26 41 64 76-61 6E 63 65-64 20 50 72  f   &Advanced Pr

.00428D70:  68 64 3E 26-6C 74 3B 4D-61 74 63 68-3A 20 00 00  hd>&lt;Match:
.00428D80:  55 52 4C 20-4D 61 74 63-68 00 00 00-43 6F 75 72  URL Match   Cour   <<<
.00428D90:  69 65 72 20-4E 65 77 00-57 65 62 20-50 61 67 65  ier New Web Page

The Web Page Edit example uses the second one, originally Courier New. All other calls use the other, originally MS Sans Serif. You can replace them with any other font, provided the font name is the same as or shorter than the original. If it is shorter, replace any excess characters from the original with 0x00 - NOT 0x20, which is space - to 'null-terminate' the string. The locations are as follows:

Code:
00006780: 00 F8 MS Sans Serif // Unknown
0000A9B0: 00 F4 Courier New // Web Editor, F7 = Font pt 7
0000B92C: 00 F8 MS Sans Serif // Web Filter List, Unchecked / Normal
0000B952: 00 F8 MS Sans Serif // Web Filter List, Checked / Bold
00011FE9: 00 F8 MS Sans Serif // Message Log
0001875C: 00 F8 MS Sans Serif // Header Filter List, Unchecked / Normal
00018782: 00 F8 MS Sans Serif // Header Filter List, Checked / Bold

Note 3: I've found that replacing 'F8' with '0D' (a positive value) is a perfect match for Tahoma 8. It also works with Segoe UI, and I'm assuming many others. '0C' works well with the Message log - slightly smaller than normal, and still within my own comfort zone for visibility. Besides, I only look out for certain colors flashing by, not specific phrases.

At offset 00011FBB you will find this PUSH statement:
Code:
.00412BAF: 8B542420                     mov         edx,[esp][20]
.00412BB3: 8B442428                     mov         eax,[esp][28]
.00412BB7: 8B5C2418                     mov         ebx,[esp][18]
.00412BBB: 6804884200                   push        000428804 ;'Tahoma'
.00412BC0: 6A00                         push        000
.00412BC2: 6A00                         push        000
.00412BC4: 6A00                         push        000
This is the Message Log. Change 6804884200 to 688C8D4200 to get use the other font, if you prefer monospace.

Code:
.00412BBB: 688C8D4200                   push        000428D8C ;'Andale Mono'


For Reference: RWIN Patch
Note: As a point of interest, this mod changes the length/size of the location where the RWIN value REALLY is, thereby negating it. 32768 in hex is 0x8000... 4 bytes long, hence the '04'.
Code:
0000D581: 00 04

.0040E180: 6A04                         push        004   <<< THIS
.0040E182: 8D55E4                       lea         edx,[ebp][-1C]
.0040E185: 52                           push        edx
.0040E186: 6802100000                   push        000001002  ---↑ (4)
.0040E18B: 68FFFF0000                   push        00000FFFF  ---↓ (5)
.0040E190: 8B4604                       mov         eax,[esi][04]
.0040E193: 8B08                         mov         ecx,[eax]
.0040E195: 51                           push        ecx
.0040E196: FF1508644200                 call        WSOCK32.21 ;WSOCK32


For Reference: Multiple Instances Patch
Code:
00012DCB: EB 74

.004139C1: FF1534624200                 call        FindWindowA ;USER32
.004139C7: 8BF0                         mov         esi,eax
.004139C9: 3BF3                         cmp         esi,ebx
.004139CB: 7431                         je         .0004139FE   <<< THIS, change to JMPS (EB)
.004139CD: 56                           push        esi
.004139CE: FF15B4624200                 call        IsIconic ;USER32
.004139D4: 85C0                         test        eax,eax
.004139D6: 7409                         je         .0004139E1
.004139D8: 6A09                         push        009
.004139DA: 56                           push        esi
.004139DB: FF15B8624200                 call        ShowWindow ;USER32


Enjoy!


[1]: FYI. For all this time I've been using Henk's ProxoPatcher 3.6, modified to suit my own tastes. Recently I investigated the alternatives - I really liked MizzMona's and tried it out... only to have glitches and flickering in the editor windows.

It turns out that this is the result of adding a Manifest to Proxomitron's resources. Adding a Manifest tells Windows that it's okay to apply newer visual styles that came with COMCTL32 version 6... unfortunately, this new method is partially incompatible with version 5 and below when programmers use OWNERDRAW methods and make their own subroutines to handle window messages. Removing the Manifest fixes the problem, but then the GUI patch gets all fugly.
Add Thank You Quote this message in a reply
[-] The following 4 users say Thank You to Stone-D for this post:
ProxRocks, defconnect, Kye-U, Styx
Post Reply 


Messages In This Thread
Hex Patches 4U! - Stone-D - May. 07, 2014 05:32 PM
RE: Hex Patches 4U! - JJoe - May. 08, 2014, 02:22 AM
RE: Hex Patches 4U! - ProxRocks - May. 08, 2014, 03:23 AM
RE: Hex Patches 4U! - Stone-D - May. 08, 2014, 03:38 AM
RE: Hex Patches 4U! - ProxRocks - May. 08, 2014, 04:05 AM
RE: Hex Patches 4U! - Stone-D - May. 08, 2014, 05:49 AM
RE: Hex Patches 4U! - Stone-D - May. 08, 2014, 05:17 PM
RE: Hex Patches 4U! - ProxRocks - May. 09, 2014, 12:30 AM
RE: Hex Patches 4U! - Stone-D - May. 09, 2014, 02:43 AM
RE: Hex Patches 4U! - JJoe - May. 09, 2014, 04:03 AM
RE: Hex Patches 4U! - Stone-D - May. 09, 2014, 05:35 AM
RE: Hex Patches 4U! - JJoe - May. 09, 2014, 03:04 PM
RE: Hex Patches 4U! - Stone-D - May. 09, 2014, 03:46 PM
RE: Hex Patches 4U! - Oddysey - May. 09, 2014, 08:30 PM
RE: Hex Patches 4U! - Stone-D - May. 10, 2014, 03:12 PM
RE: Hex Patches 4U! - Oddysey - May. 10, 2014, 05:33 PM
RE: Hex Patches 4U! - ProxRocks - May. 10, 2014, 08:40 PM
RE: Hex Patches 4U! - Stone-D - May. 11, 2014, 06:15 AM
RE: Hex Patches 4U! - Stone-D - May. 11, 2014, 07:27 AM
RE: Hex Patches 4U! - Styx - May. 17, 2014, 03:35 PM
RE: Hex Patches 4U! - JJoe - May. 18, 2014, 12:02 AM
RE: Hex Patches 4U! - Stone-D - May. 18, 2014, 04:33 AM
RE: Hex Patches 4U! - Styx - May. 18, 2014, 07:40 PM
RE: Hex Patches 4U! - Stone-D - May. 18, 2014, 07:50 PM
RE: Hex Patches 4U! - Styx - May. 28, 2014, 12:27 AM
RE: Hex Patches 4U! - Stone-D - May. 28, 2014, 02:33 AM
RE: Hex Patches 4U! - GunGunGun - Jan. 28, 2015, 03:43 AM
RE: Hex Patches 4U! - JJoe - Jan. 28, 2015, 04:03 AM
RE: Hex Patches 4U! - ProxRocks - Jan. 28, 2015, 11:47 AM
RE: Hex Patches 4U! - GunGunGun - Jan. 29, 2015, 02:45 AM
RE: Hex Patches 4U! - JJoe - Jan. 29, 2015, 03:48 AM
RE: Hex Patches 4U! - herbalist - Jan. 28, 2015, 05:49 PM
RE: Hex Patches 4U! - herbalist - Jan. 28, 2015, 05:53 PM
RE: Hex Patches 4U! - JJoe - Jan. 29, 2015, 03:35 AM
RE: Hex Patches 4U! - herbalist - Jan. 29, 2015, 04:31 AM
RE: Hex Patches 4U! - ProxRocks - Jan. 29, 2015, 10:08 AM
RE: Hex Patches 4U! - JJoe - Jan. 29, 2015, 03:08 PM
RE: Hex Patches 4U! - GunGunGun - Jan. 29, 2015, 11:58 AM
RE: Hex Patches 4U! - GunGunGun - Jan. 29, 2015, 03:25 PM
RE: Hex Patches 4U! - JJoe - Jan. 29, 2015, 07:03 PM
RE: Hex Patches 4U! - GunGunGun - Jan. 30, 2015, 03:28 AM
RE: Hex Patches 4U! - JJoe - Jan. 30, 2015, 03:55 AM
RE: Hex Patches 4U! - GunGunGun - Jan. 30, 2015, 05:52 AM
RE: Hex Patches 4U! - JJoe - Jan. 30, 2015, 03:14 PM

Forum Jump: