C:\Users\Nieylana\Desktop\RCE\Vent Tutorial\Vent 12.swf
Build terminated by user
Created at: Sun Dec 23 14:07:31 2007
Flash player required: v6.0 or above
Size: 2537 KB
Total frames in main movie: 9440
Playback frame rate: 20
Approximate playback time: 472 seconds

Annotated text transcript:

This tutorial is not going to show how to crack Ventrilo, Ventrilo is a free Application. What I am going to show today is how to change this app so that when you click on the close button in the top right corner it will minimize it to the system tray like most programs will allow you to do. Ventrilo only allows this to happen with the Minimize button, we want both of them to do it. 

In order to follow this tutorial you must have Ventrilo 3.0.1 installed and you must have the 'Minimize to System Tray' option enabled under the Settings --> Misc tab.

In this tutorial I will show you how to gain the information you need from the app, and then program your own code into to make it do what we want. This code will only work with the "Minimze" option enabled. At the end of the tutorial I will show a screenshot of the code cave I fixed later to allow it to work either way.

This is not meant to be a beginner's tutorial, thus I will not explain every little thing. Especially when it comes to the Code Caving.

Enjoy!
Not packed/protected
When a window is destroyed a call to SendMessageA usually if not always occurs. So we're going to BP all calls to SendMessageA
Now we're going to run the Program, and obviously we're goin to encounter many BPs before the program actually starts to run, just remove all of the BPs we encounter...we don't need them. I'm going to run...and then alternate between F2 (remove BP) and F9 until we encounter no more BPs
Now that it's running, open it up and see what other BPs we encounter
We moved the mouse over the form, and got this BP...not the one we need, remove it and run again
Click here, and see what we can find...
All of that stuff we just scrolled past, appears to be setting/checking the status of all the controls on the form. I haven't investigated this because it's not required for what we need. Simply scroll dow to the RET so we can see what called this.
BP and run till BP.
Now that we're here, we're going to step until the Ventrilo Dialog dissapears.
No more Vent window...
I'm going to open up Notepad, this will prove easier for us to keep track of all the notes we need.
Let's set a BP here, finish running the App's closing routine...and re-run it and see what we can do to prevent it from closing.
Ignore this BP...just F9 to keep running
Press F7 to step into the call.
Step to the next Call, then step into this one.
This is the routine for Closing the DialogBox.
Let's see what this API call to EndDialog accompishes.
We need to note down this line.
Move the Origin to here and see if this prevents Vent from shutting down.
Let's run and see if it worked.
Ventrilo is still running... looks like it worked.
Note down this line also as a way to bypass the closing down.
Now that we've found the Close Down Procedure, we need to find the Minimize to System Tray Procedure as well.
Let's see exactly what this API call does
This is the beginning of the Procedure, BP it then save this line in our notes as well.
Let's run, bring it back from the system tray, and minimize again to break here.
This F020 will be important later, if you look at the line of code bellow it checks to see if EAX == F020 if not it bypasses the Adding to the System Tray routine. We'll see why this check is here later.
Let's note down that when we click the "-" button that EAX == F020
Run again
Run again here too
Let's try clicking the "x" button and see if it breaks anywhere it didn't before.
Look at that... EAX == F060

Note this one down as well
Prevent Vent from closing down like was shown earlier.
Click here
Now we'll also need to know how to bypass this Minimize procedure. So we can still have a way to exit the program. You'll see how later.
Step with F8 to follow the jump
Now that we have all the information we need, time to find a code cave to write our stuff in.
Looks like there aren't any code caves in the program that we can use. This is going to prove a problem because we have to have a pretty good sized code cave to accompish our goal. Luckily we have another tool.
Forgot to close Olly
We're going to create a new section with this one, that way it's easily found from the Memory Map ;)
That should be more than enough but better to be safe than sorry right?
That's an awfully big code cave no? We should be able to accomplish what we need to here.
The next part will be to actually write the code cave.
