May. 07, 2014, 05:32 PM
Over the years I've hacked into Proxo's guts with various disassemblers and debuggers as a result of some kind of annoyance. I've been using Proxomitron forever, and without it I wouldn't be enjoying my job as much as I do.
I teach in a Korean high school situated in Indonesia, where I control a computer lab. For three years my lab had 20 computers, and this year I moved to one with 35. The current lab has a dedicated 10 Gb link. On a typically busy day I've got a maximum of 20 students in there, hammering the connection with Youtube, Twitch and HD K-soaps for between 10 and 40 minutes solid. The worst was when my lab was used with one day of warning for a paid on-line TOEFL mock test, which involves massive amounts of audio going both ways, using Java in Internet Explorer.
I have been using this combination of patches all this time, and Proxo has yet to fail me. It is a champ, and a testament to Scott's brilliance.
Currently it's running on Server 2003 (original lab, re-purposed for the middle school), and Server 2008. For a 'remote' proxy I use a secondary one called Proxy+. Also ancient and discontinued, it has an extremely good caching technology and supports https and socks 4/5. Oh and it's a mail server, too.
Anyway! To give back to the community, here are my patches.
Changelog:
2014-05-08 : Initial Post
2014-05-11 : Added 'SSL Certificate CN Always Matches', Deprecated 'Bypass SSL Certificate Error'
2014-05-11 : Added 'Font Adjustments'
2014-05-12 : Added Note #3 to 'Font Adjustments'
2014-05-12 : Added Monospaced Message Log to 'Font Adjustments'
2014-05-12 : Added Note to 'For Reference: RWIN Patch', briefly explaining what it does.
All are for Naoko 4.5j (June release). Yes, you can apply them to any such copy, whether or not they've had a GUI patch[1]. The first column is the offset, the second is the changed byte, and the third is the original byte:
ADDRESS: NEW OLD
SSL Certificate CN Always Matches
Note: Rename or delete your certs.pem file in order to use this. Otherwise you'll need to use the deprecated patch below.
DEPRECATED: Bypass SSL Certificate Error
Note: With high load, using 1 as the return value can lead to a crashed SSL library. I'm experimenting with using 3 to reduce the likelihood. So far so good.
Bypass Texture Errors: "Failed to load texture bitmap"
Bypass Exception Errors: "ProxomiTron Application Error. Exception [%08X] raised in..."
Bypass Texture Errors: "Proxomitron Application Error. ** WARNING **\nAn unauthorized access at"
Also in the message log, so it's redundant.
Font Adjustments
Note 1: This example dictates the font size used in the Web Page Filter Editor's EDIT controls. I use Andale Mono size 7 for the main dialog, and this value matches that size. Converting point sizes isn't easy: it depends on the desktop DPI, amongst other things, and pos/neg values have different meanings. Just experiment going up and down, is my suggestion.
For further information, look up "CreateFontA" using your search engine of choice and refer to this assembler tutorial.
Note 2: There are two locations in the binary where there is a font name referenced:
The Web Page Edit example uses the second one, originally Courier New. All other calls use the other, originally MS Sans Serif. You can replace them with any other font, provided the font name is the same as or shorter than the original. If it is shorter, replace any excess characters from the original with 0x00 - NOT 0x20, which is space - to 'null-terminate' the string. The locations are as follows:
Note 3: I've found that replacing 'F8' with '0D' (a positive value) is a perfect match for Tahoma 8. It also works with Segoe UI, and I'm assuming many others. '0C' works well with the Message log - slightly smaller than normal, and still within my own comfort zone for visibility. Besides, I only look out for certain colors flashing by, not specific phrases.
At offset 00011FBB you will find this PUSH statement:
This is the Message Log. Change 6804884200 to 688C8D4200 to get use the other font, if you prefer monospace.
For Reference: RWIN Patch
Note: As a point of interest, this mod changes the length/size of the location where the RWIN value REALLY is, thereby negating it. 32768 in hex is 0x8000... 4 bytes long, hence the '04'.
For Reference: Multiple Instances Patch
Enjoy!
[1]: FYI. For all this time I've been using Henk's ProxoPatcher 3.6, modified to suit my own tastes. Recently I investigated the alternatives - I really liked MizzMona's and tried it out... only to have glitches and flickering in the editor windows.
It turns out that this is the result of adding a Manifest to Proxomitron's resources. Adding a Manifest tells Windows that it's okay to apply newer visual styles that came with COMCTL32 version 6... unfortunately, this new method is partially incompatible with version 5 and below when programmers use OWNERDRAW methods and make their own subroutines to handle window messages. Removing the Manifest fixes the problem, but then the GUI patch gets all fugly.
I teach in a Korean high school situated in Indonesia, where I control a computer lab. For three years my lab had 20 computers, and this year I moved to one with 35. The current lab has a dedicated 10 Gb link. On a typically busy day I've got a maximum of 20 students in there, hammering the connection with Youtube, Twitch and HD K-soaps for between 10 and 40 minutes solid. The worst was when my lab was used with one day of warning for a paid on-line TOEFL mock test, which involves massive amounts of audio going both ways, using Java in Internet Explorer.
I have been using this combination of patches all this time, and Proxo has yet to fail me. It is a champ, and a testament to Scott's brilliance.
Currently it's running on Server 2003 (original lab, re-purposed for the middle school), and Server 2008. For a 'remote' proxy I use a secondary one called Proxy+. Also ancient and discontinued, it has an extremely good caching technology and supports https and socks 4/5. Oh and it's a mail server, too.
Anyway! To give back to the community, here are my patches.
Changelog:
2014-05-08 : Initial Post
2014-05-11 : Added 'SSL Certificate CN Always Matches', Deprecated 'Bypass SSL Certificate Error'
2014-05-11 : Added 'Font Adjustments'
2014-05-12 : Added Note #3 to 'Font Adjustments'
2014-05-12 : Added Monospaced Message Log to 'Font Adjustments'
2014-05-12 : Added Note to 'For Reference: RWIN Patch', briefly explaining what it does.
All are for Naoko 4.5j (June release). Yes, you can apply them to any such copy, whether or not they've had a GUI patch[1]. The first column is the offset, the second is the changed byte, and the third is the original byte:
ADDRESS: NEW OLD
SSL Certificate CN Always Matches
Note: Rename or delete your certs.pem file in order to use this. Otherwise you'll need to use the deprecated patch below.
Code:
0000ECA7: EB 75 jnz short loc_40F8C1 // SSL Certificate CN Always Matches, JMPS/EB.
Original:
.0040F88F: FF15B4614200 call _strnicmp ;MSVCRT
.0040F895: 83C40C add esp,00C ;"?"
.0040F898: BF01000000 mov edi,000000001
.0040F89D: 85C0 test eax,eax
.0040F89F: 7404 je .00040F8A5
.0040F8A1: 8B7C2410 mov edi,[esp][10]
.0040F8A5: 85FF test edi,edi
.0040F8A7: 7518 jne .00040F8C1 <<< THIS. Turn into JMPS with EB.
.0040F8A9: 8B5E04 mov ebx,[esi][04]
.0040F8AC: 83C614 add esi,014 ;"¶"
.0040F8AF: 43 inc ebx
.0040F8B0: 68C89B4200 push 000429BC8
.0040F8B5: 895EF0 mov [esi][-10],ebx
.0040F8B8: 56 push esi
.0040F8B9: E8D270FFFF call .000406990
DEPRECATED: Bypass SSL Certificate Error
Note: With high load, using 1 as the return value can lead to a crashed SSL library. I'm experimenting with using 3 to reduce the likelihood. So far so good.
Code:
Part 1: "Should Proxo ask? NO."
0000F35D: 90 7F jg short loc_40FF69
0000F35E: 90 0A
Part 2: "Always respond with this answer."
0000F360: 03 01
1: Allow (Original Value)
2: Deny
3: Allow Session
Original:
.0040FF5B: 85C0 test eax,eax
.0040FF5D: 7F0A jg .00040FF69 --
.0040FF5F: B801000000 mov eax,000000001
.0040FF64: 5F pop edi
.0040FF65: 83C450 add esp,050 ;"P"
.0040FF68: C3 retn
Modified:
.0040FF5B: 85C0 test eax,eax
.0040FF5D: 90 nop
.0040FF5E: 90 nop
.0040FF5F: B803000000 mov eax,000000003
.0040FF64: 5F pop edi
.0040FF65: 83C450 add esp,050 ;"P"
.0040FF68: C3 retn
Bypass Texture Errors: "Failed to load texture bitmap"
Code:
Part 1:
000016D8: EB 75 jnz short loc_402342 > EB/JMP.
Part 2:
00001744: 33 B8 mov eax, 1 -> XOR EAX, EAX, NOP NOP NOP
00001745: C0 01 Cancels out texture loading problems. Can't do anything about it, so I don't want to know.
00001746: 90 00
00001747: 90 00
00001748: 90 00
Bypass Exception Errors: "ProxomiTron Application Error. Exception [%08X] raised in..."
Code:
00009450: C3 8B Immediate RETN.
00009451: 90 44
00009452: 90 24
00009453: 90 08
Bypass Texture Errors: "Proxomitron Application Error. ** WARNING **\nAn unauthorized access at"
Also in the message log, so it's redundant.
Code:
0001DE6A: EB 68 Change a PUSH command to a JMPS command.
0001DE6B: 15 30
0001DE6C: 90 20
0001DE6D: 90 01
0001DE6E: 90 00
.0041EA6A: 6830200100 push 000012030 << Jump from HERE
.0041EA6F: 68A8804200 push 0004280A8 ;'ProxomiTron App
.0041EA74: 6840C64200 push 00042C640
.0041EA79: 6A00 push 000
.0041EA7B: FF1594624200 call MessageBoxA ;USER32
.0041EA81: C744241801000000 mov d,[esp][18],000000001 << to HERE
Font Adjustments
Note 1: This example dictates the font size used in the Web Page Filter Editor's EDIT controls. I use Andale Mono size 7 for the main dialog, and this value matches that size. Converting point sizes isn't easy: it depends on the desktop DPI, amongst other things, and pos/neg values have different meanings. Just experiment going up and down, is my suggestion.
Code:
0000A9B0: F7 F4 Andale Mono // Web Editor, F7 = Font pt 7
Original:
.0040B58B: 688C8D4200 push 000428D8C ;'Andale Mono'
.0040B590: 6A00 push 000
.0040B592: 6A00 push 000
.0040B594: 8B742458 mov esi,[esp][58]
.0040B598: 6A00 push 000
.0040B59A: 6A00 push 000
.0040B59C: 6A00 push 000
.0040B59E: 6A00 push 000 <<< STRIKEOUT, UNTESTED
.0040B5A0: 6A00 push 000 <<< UNDERLINE, UNTESTED
.0040B5A2: 6A00 push 000 <<< ITALIC, UNTESTED
.0040B5A4: 6890010000 push 000000190 <<< WEIGHT, UNTESTED
.0040B5A9: 6A00 push 000 <<< ORIENTATION, UNTESTED
.0040B5AB: 6A00 push 000 <<< ESCAPEMENT, UNTESTED
.0040B5AD: 6A00 push 000 <<< WIDTH, UNTESTED
.0040B5AF: 6AF4 push 0F4 <<< HEIGHT, THIS EXAMPLE
.0040B5B1: 893E mov [esi],edi
.0040B5B3: FF1554604200 call CreateFontA ;GDI32
.0040B5B9: 8B1DEC624200 mov ebx,GetDlgItem ;USER32
.0040B5BF: 68F9030000 push 0000003F9 ---? (2)
.0040B5C4: 57 push edi
.0040B5C5: 894624 mov [esi][24],eax
For further information, look up "CreateFontA" using your search engine of choice and refer to this assembler tutorial.
Note 2: There are two locations in the binary where there is a font name referenced:
Code:
.004287F0: 43 4C 4F 43-4B 24 00 00-41 55 58 00-43 4F 4E 00 CLOCK$ AUX CON
.00428800: 4E 55 4C 00-4D 53 20 53-61 6E 73 20-53 65 72 69 NUL MS Sans Seri <<<
.00428810: 66 00 00 00-26 41 64 76-61 6E 63 65-64 20 50 72 f &Advanced Pr
.00428D70: 68 64 3E 26-6C 74 3B 4D-61 74 63 68-3A 20 00 00 hd><Match:
.00428D80: 55 52 4C 20-4D 61 74 63-68 00 00 00-43 6F 75 72 URL Match Cour <<<
.00428D90: 69 65 72 20-4E 65 77 00-57 65 62 20-50 61 67 65 ier New Web Page
The Web Page Edit example uses the second one, originally Courier New. All other calls use the other, originally MS Sans Serif. You can replace them with any other font, provided the font name is the same as or shorter than the original. If it is shorter, replace any excess characters from the original with 0x00 - NOT 0x20, which is space - to 'null-terminate' the string. The locations are as follows:
Code:
00006780: 00 F8 MS Sans Serif // Unknown
0000A9B0: 00 F4 Courier New // Web Editor, F7 = Font pt 7
0000B92C: 00 F8 MS Sans Serif // Web Filter List, Unchecked / Normal
0000B952: 00 F8 MS Sans Serif // Web Filter List, Checked / Bold
00011FE9: 00 F8 MS Sans Serif // Message Log
0001875C: 00 F8 MS Sans Serif // Header Filter List, Unchecked / Normal
00018782: 00 F8 MS Sans Serif // Header Filter List, Checked / Bold
Note 3: I've found that replacing 'F8' with '0D' (a positive value) is a perfect match for Tahoma 8. It also works with Segoe UI, and I'm assuming many others. '0C' works well with the Message log - slightly smaller than normal, and still within my own comfort zone for visibility. Besides, I only look out for certain colors flashing by, not specific phrases.
At offset 00011FBB you will find this PUSH statement:
Code:
.00412BAF: 8B542420 mov edx,[esp][20]
.00412BB3: 8B442428 mov eax,[esp][28]
.00412BB7: 8B5C2418 mov ebx,[esp][18]
.00412BBB: 6804884200 push 000428804 ;'Tahoma'
.00412BC0: 6A00 push 000
.00412BC2: 6A00 push 000
.00412BC4: 6A00 push 000
Code:
.00412BBB: 688C8D4200 push 000428D8C ;'Andale Mono'
For Reference: RWIN Patch
Note: As a point of interest, this mod changes the length/size of the location where the RWIN value REALLY is, thereby negating it. 32768 in hex is 0x8000... 4 bytes long, hence the '04'.
Code:
0000D581: 00 04
.0040E180: 6A04 push 004 <<< THIS
.0040E182: 8D55E4 lea edx,[ebp][-1C]
.0040E185: 52 push edx
.0040E186: 6802100000 push 000001002 ---↑ (4)
.0040E18B: 68FFFF0000 push 00000FFFF ---↓ (5)
.0040E190: 8B4604 mov eax,[esi][04]
.0040E193: 8B08 mov ecx,[eax]
.0040E195: 51 push ecx
.0040E196: FF1508644200 call WSOCK32.21 ;WSOCK32
For Reference: Multiple Instances Patch
Code:
00012DCB: EB 74
.004139C1: FF1534624200 call FindWindowA ;USER32
.004139C7: 8BF0 mov esi,eax
.004139C9: 3BF3 cmp esi,ebx
.004139CB: 7431 je .0004139FE <<< THIS, change to JMPS (EB)
.004139CD: 56 push esi
.004139CE: FF15B4624200 call IsIconic ;USER32
.004139D4: 85C0 test eax,eax
.004139D6: 7409 je .0004139E1
.004139D8: 6A09 push 009
.004139DA: 56 push esi
.004139DB: FF15B8624200 call ShowWindow ;USER32
Enjoy!
[1]: FYI. For all this time I've been using Henk's ProxoPatcher 3.6, modified to suit my own tastes. Recently I investigated the alternatives - I really liked MizzMona's and tried it out... only to have glitches and flickering in the editor windows.
It turns out that this is the result of adding a Manifest to Proxomitron's resources. Adding a Manifest tells Windows that it's okay to apply newer visual styles that came with COMCTL32 version 6... unfortunately, this new method is partially incompatible with version 5 and below when programmers use OWNERDRAW methods and make their own subroutines to handle window messages. Removing the Manifest fixes the problem, but then the GUI patch gets all fugly.