Two years later (update)

A new version of TortoiseCVS is available. Since I have largely parted with CVS, I just noticed now. Well, the issue reported in 2008 and closed as fixed is still not fixed. The respective piece of code looks exactly the same, though at a different address within the executable:

sub_40F200      proc near
  mov     eax, [ecx]
  push    0               ; lParam
  push    0A220h          ; wParam
  push    111h            ; Msg
  push    eax             ; hWnd
  call    ds:PostMessageW
  retn    4
sub_40F200      endp

… and it still gets called and causes the same annoyance it always did. Of course only few people seem to ever part with Windows Explorer, which is why the problem is so ridiculous and not a real problem anyway. Still, here’s the patch to this non-existent problem.

Since the new function takes one parameter (although it doesn’t use it) we need to remove 4 bytes from the stack for the 32bit version.

We change the function to be:

nullsub_93      proc near
  retn    4
nullsub_93      endp

But unlike older versions, this one actually requires to patch several places, because the call to PostMessageW in question has been inlined in several other places. 😕

#INPUT :  d35647a23b2435db0a77e54861e0571b
#OUTPUT:  e23fcd25e35bdc6152eefc11fc73f440
0000E600: 8B C2
0000E601: 01 04
0000E602: 6A 00
00011E03: 74 EB
00011E33: 74 EB
0002046B: 74 EB
000234AB: 74 EB
00023545: 8B EB
00023546: 0E 13
00024F0C: 74 EB
00027796: 74 EB
0002C8CC: 74 EB
0002F3E6: 74 EB
00031D38: 74 EB
00032A7C: 74 EB
00032AE3: 74 EB
00034086: 74 EB
00034ED6: 8B EB
00034ED7: 44 17
00036A8A: 74 EB

This time I leave it to the reader to patch the file themselves with a proper hex editor. I can recommend hte and frhed and hexplorer, even though there are other free ones and good commercial ones. Alternately copy above text into a text file and use my little diffit tool to apply the patch to your TortoiseAct.exe.

Have fun,

// Oliver

PS: If you look at the source code you will notice that someone apparently worked on the fix, but it was effectively commented out using the #if 1 #else method.
PPS: If you can’t understand the above file format without explanation, it’s:
offset: original patched

This entry was posted in C/C++, EN, Programming, Reversing, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *