Results 1 to 34 of 34

Thread: [RESOLVED] Increase number of undos in VBIDE

Threaded View

  1. Feb 16th, 2018, 01:22 PM #11
    cw2k
    cw2k is offline
    New Member
    Join Date
    Mar 2013
    Posts
    5

    Re: [RESOLVED] Increase number of undos in VBIDE

    Yes we can.
    I just extended the available undo steps from 20 to 23.
    Probably to what it was originally intended.

    Or that's an other M$ joke a-la:
    640 K ought to be enough for anybody.

    Anyway let's take it as a challenge and debug that bug.


    Wow I can't believe it that *** ba*** at Microf*** harded that value.

    So were's
    The long part
    #1 go into VBA6.dll.EbGetRedoText and follow next call after call EbMode - I'll name that IsUndo
    1a inside IsUndo follow first two conditional Branches 'Jnz'
    1b you'll get to some location where there is push 1;pop eax; jmp back
    1c from there about 9 command below there is <83FB 14> cmp ebx,14; <0F87 xx> ja [far above]
    ->patch that 0x14 (20 as Decimal) to what you like
    Code:
    0009D9B1    83FB 14         CMP     EBX, 14
0009D9B4    0F87 43C1FCFF   JA      00069AFD
0009D9BA    8B4D 0C         MOV     ECX, [EBP+C]

    #2 Now the allocation part - without that patch the previous will just crash at more that 20 entries...
    2a well right at IsUndo there is some MOV EAX, [...] at +14 UndoObject +18 RedoObject at some objects I set a hardware breakpoint on write to get to the location that set's these values.
    Alternatively you can search for Command 'ADD EDI, 19' which seem to be pretty unique to located the same function I got in with the hwbp on write. hardware breakpoint on write. Search for const '0DEB9' should also lead you to there. I just labeled that function 'Store Undo'.
    2b find references to Store Undo. Here there are 5. Check them all for their parameters. That last has as Arg5 some 'PUSH 14' that the second patch target.
    Code:
    0012B304    6A 14           PUSH    14
0012B306    50              PUSH    EAX
0012B307    6A 00           PUSH    0
    Change that 14 to the same value you patch in at patch #1.

    That's it.
    Tools: Ollydbg or X64dbg or IDA.
    If you're lucky and got also version 6.0.9782 of vba6.dll you may also just use some hexeditor slam in the offset from above and hope the bytes there are same and so suitable for the two patches.

    ...and the short one
     https://player.vimeo.com/video/256087873
    This f** Vimeo tells me i'm a spammer - well anyway I think you'll get it even without the video.

    So here's a Dup2 Patch that will do these two patches:
    http://www.mediafire.com/file/s99dob...s_to_128_1.zip
    Attached Files Attached Files
    Last edited by cw2k; Apr 11th, 2018 at 03:29 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width