Hide a message box via assembly
One really old program of mine has a message box of an error which keeps being displayed and I need to get rid of it. I've lost the source so I'm using assembly now:
The section with the assembly and message box looks like
Cmp, ebx 4F6h
Jl short loc 10000dec
Push 30h
Push offset caption ; error ...
Push offset detailsitspast08
Push 0
Call ds: messageboxa
How can I modify this so it doesn't display the message box?
IDA is fine, but you'll need a hex-editor as well, such as Hex Workshop or XVI32. Here's how you can do it:
In IDA, focus the text cursor in the first line you want to replace, push 30h. Look at the left part of the statusbar below the disassembly window. You should see two hex addresses - the physical and the virtual. Take note of the physical one. Now focus on the first instruction after call ds:MessageBoxA. Again take note of the physical address.
Open the executable in the hex editor (make a backup first!), and navigate to the first physical address. Make sure you're overwriting the bytes rather than inserting them, and keep writing the 0x90 value until you reach the second address. Don't overwrite it.
Save this changed file under a different name, open it in another instance of IDA (if you overwrite the original file, IDA will not be able to open the new one side by side), navigate to the virtual address, and check that all the bytes have been replaced correctly. That's it.
Hint: if you go to IDA's Options > General and set Number of opcode bytes to a non-zero value, such as 10, you will see the bytes making up each instruction on the left. You can count these to make sure you replaced the right number of bytes. (Or you can just subtract start address from end address, obviously).
Here's an example screenshot (the application in the shot is of course different, but the gist is the same):
Before:
After:
