Category Archives: Software Hacking

ワーウ!てめえぇぇぇぇ~ wowTemee 1.1.0 Public Release

wowTemee 1.1.0
support for WoW Patch Downloader version up to 3.2.2a
支援魔獸世界更新下載程式至版本編號 3.2.2a
http://mifan.infor.org/lab/wowTemee-1.1.0.exe

.

wowTemee stands for WoW TorrEnt MEtafile Extractor, which can extract .torrent metafile from an official World of Warcraft patch downloader program. We all know that the downloader is a tiny and simple BitTorrent client with lack of many features, say network traffic control, comparing with other common BT clients. This bothers many users, including me, because we just don’t have enough large bandwidth to upload data unlimitedly. By combining wowTemee and any common BT client (I personally recommend µTorrent) you can download and manage the officially released .torrent metafiles with your favorite BT client. This also ensures security since you don’t have to worry about getting virii or spyware by downloading patch programs from others’ .torrent metafiles.

wowTemee 是「WoW TorrEnt MEtafile Extractor」的縮寫,它能夠幫你從魔獸世界的官方「更新下載程式」(注意不是更新程式,而是用來下載更新程式的程式)當中抽取出一個 .torrent 檔案,其中的內容就是要被下載來進行主程式更新的更新程式。我們都知道這個更新下載程式本身是一個功能極為簡單的 BT 下載程式,其中缺乏了很多必要的功能,像是網路流量與同時連線數量的限制。這實在是對包含我在內的使用者們感到困擾,因為我們家裡沒有夠好的網路可以那樣提供無限制的上傳頻寬;在下載更新程式的同時,所有其他需要網路的事情幾乎都無法做了。所以如果把 wowTemee 和任何當今流行的 BT 客戶端(我個人推薦 µTorrent)程式搭配在一起使用,你就可以享受這些 BT 客戶端程式帶來給你的方便下載功能,同時又能確保你所使用來下載的 .torrent 檔是官方提供的版本,而不需要像以往一樣擔心因為使用了不明人士的 .torrent 檔案而抓到了帶有木馬或病毒的魔獸世界更新程式。

Notes on Windows Live Messenger 8.5

Last time in “Windows Live Messenger 8.5 is Resurrected” I mentioned about that I removed the limit of single process per user session on a Windows system as well as the update-reminding balloons. This time I am going to tell you how the WLM originally works on such both things and you will find that there no difficulty to patch them yourself.

1. Constraint on the number of WLM process

This is done by trying to create an event object with invoking the CreateEvent() API function using a constant event name. In our case of WLM 8.5, it is MSNMSGR. If you use tools to probe opened handles in a WLM process, you may find some thing like Figure.1. According to the MSDN document, if you try to create a named event that already exists, CreateEvent() will return the handle to the already-created event object, and a subsequent GetLastError() invocation returns ERROR_ALREADY_EXISTS. So during WLM’s initialization, it tries to create a named event object and check the return value from GetLastError(): if the value indicates an existed object, the process signals it and terminated itself.

opened handles
Figure.1

To present this flow in a more detailed perspective, I made the following pseudo code:

HANDLE hEvent = CreateEvent(NULL, true, NULL, "MSNMSGR");
if (hEvent == NULL) {
    goto OnError;
}
else if (GetLastError() == ERROR_ALREADY_EXISTS) {
    // we do this to notify the existing WLM process
    // to pop up its main window
    SetEvent(hEvent);

    goto ExitProcess;
}

// do some subsequent initialization
....

2. Retrieval of current version number from server

After the identity authentication passed, the WLM client send its current version information to the server by posting a VER message in the microsoft defined protocol (it is a plain text format). The server then respond a CVR message with the latest stable version number of client software and perhaps a URL to the new client download, depending on the information sent by the client earlier. If the server response contains a URL, then it means that the client side is recommended to upgrade its program, and an annoying balloon will come out. This portion of code is merely some string comparison, which parses the server response.

DWORD dwHead = *((DWORD*)szMsg);
switch (dwHead) {
    case 0x20524556:  // VER
        ...
        break;
    case 0x20525643:  // CVR
        ...
        break;
    ...
}

A fast but somewhat brute method to disable this behavior is to break the pattern used to be matched by parser. We only need to modify the string CVR in the executable image to anything else, so the program will not be able to recognize the latest client version and URL to download it. This does work and for now no side effects have been found by me, since the information provided with a CVR message will not be used ever after.

Windows Live Messenger 8.5 is Resurrected

Since the new version, or the so-called stable release, of Windows Live Messenger (build 14.0.8064.0206) was available for downloads, many of my friends have been complaining about its inconvenience brought by the yet modified UI design and its instability. In fact, most of them didn’t intended to apply the update, but the ANNOYING update balloon just kept popping up and said, “I will keep poking you until you install my new update, mate!”

As always fighting for the freedom of humankind, I can not tolerate this kind of rude behavior. So I yet modified the binary of Window Live Messenger 8.5, yes I did that again, to get rid of this foolish balloon. Because I have little time to rewrite Purifier recently, I can only upload the patched binaries for you, which are the same files I am using now.

http://cmlab.csie.ntu.edu.tw/~mifan/download/Messenger.rar

Version: 8.5.1302.1008
Language: Taiwanese

  1. Ad banners and texts are removed as Purifier has already done for you
  2. Support for multi-account logins is added (you will need to run a Messenger process for each account)
  3. No update-reminding balloons anymore

Note: some reported that the packed binaries didn’t work on a clean system.

Viva Capitalism! 枇杷資本主義!

After downloading an open source project licensed with GPL, it costs you a whole weekend setting up and having all configuration done, and finally being online on service. Others then come and use your network bandwidth, CPU, and memory resources for free, and some even try to hack your service. You paid the bills to electricity company and ISP for your system and look what you got in return: …… I can hardly name one, maybe the “respects” from free users?

So why not have your service GET PAID?
Read More »

KKwoman38 開發裏話

下載網址:
http://www.debug.tw/decode/kkwoman38.html

KKwoman38 是 KKWoman3 的正宗傳人,大家可以把舊的丟掉了
主要的修改有:

1. 完整支援 Windows Vista 作業系統
2. 自動備份檔案
3. 增加修改 history.dat 檔案內容當中的 bbs:// 網址,這是我第一次 reverse file format
4. 修正了很多 bug,從讀寫檔案到取得系統資訊的 API 都有

說實在的我不期望現在還有誰在用 KKman,不過 KKWoman3 是我成為微軟走狗的開始,因此很多 Windows API 在當時都還用得不熟,code 醜到不行 bug 又一堆。趁著 Purifier 推出的時候,我拿了很多這幾年學到的東西改造了這部舊作,算是對自己也是對那些長久以來一直支持我的人的一個交代。喔對了 KKwoman38 比起前作會多改 kkman.exe 一個 byte,不過如果你之前用 KKWoman3 已經很久的話其實一點差別都沒有,不需要重新抓這個來跑。