Internet Explorer has been hit by legal problems some time ago, and all users should pay the consequences by useless before clicking on "dynamic" objects to activate them. With the browser version 6 this situation could temporarily settled to not install updates, but with IE7 it is impossible right?
For quite some time that users of Internet Explorer began to give us has uncomfortable that you could be having to click on all dynamic objects in web pages. Although many don't realize, probably performed a thousand useless clicks on boxes similar to the following:
For those who have the browser in English the message is "Click to activate and use this control", but the nuisance is similar.
Non-Microsoft legal problems with that of activation of ActiveX objects that the other browsers that do not use internally IE engine enjoys traditional comfort of not having to activate the controls. Another problem that generates the need for that "activation" is provoking a sometimes unstable running in Internet Explorer, for example when we have multiple pages in different tabs and the framework of "Click..." stays blinking as we try to switch between tabs causing some instability to navigate.
Personally I must admit that before Internet Explorer 7 used quite Mozilla Firefox and even a portable version of Opera. Currently and mainly by a silly comfort returned to use IE as your primary browser and to tell the truth I am incredibly pleased with the latest version of this browser, clear, except for the small detail has already mentioned.
Apparently Microsoft has no intention (or may not) solve the legal problems)case EOLAS) short-term and the greatest example is the implementation of the activation in your browser, since the end of the version 6 permanently embedded in the libraries, embedded in a security update to the new version 7 browser base.
The browser of the Redmond giant's help says:
Why is it necessary to activate controls in web pages I visit?
Microsoft has made changes to the way that Internet Explorer handles some of the contents of the web pages. When Internet Explorer encounters a page with ActiveX controls, can ask you to approve (activate) those controls so that they can be used.
When moving the mouse over the control, appears a note that asks the user to click on it to activate the control. Occasionally, the control displays a dialog box until the page is displayed. As soon as you click OK, the page will load normally.
When you have activated the control, it will function as expected. You will need to activate the control each time you update or visit that web site.
Solutions or the solutions?
Many times it hits the course taking things. For example with email spam or SPAM where incredible efforts to create filters Bayesian, captchas, and entirely defensive technologies, forehead to well educate users or strongly attacking this waste generators are placed.
The "official" site of the solution:
It documents how to activate controls using active code to develop a site.
The most popular solution:
The main solution problem is that in my case this page you are reading is generated with a set of rules that translate the document to HTML, where labels are represented in HTML format, but SWFobject requires a unique identifier for each flash object, so it would have to rewrite my document parser to go to generating these identifiers for each object flash on each page (and do not use a sort of template replaced by) matching based on regular expressions, as happens at present)
A4 Flash Easy Coder:
The more generic solution
The major problem with this solution is that for a complex page and with multiple flash objects, the user sees for a moment the objects without activation, also in situations so it can paralyze the page for a moment at the beginning.
The real solution
After reviewing these previous solutions the reader can realize from unfortunately is completely powerless against the millions of pages that are not updated regularly, or those where the webmaster thinks even implement an appropriate solution to activate objects on your site.
The truth is that with these solutions a Navigator has the unique possibility to click on the boxes by activating the controls, because such solutions are to apply exclusively when developing site, not to navigate them.
The solution I found goes much further and will enable those objects internally without anymore we see not the slightest hint of that activation.
Get to work, looking for the message
In "search and destroy" missions, the first step is to find the string "Click here to activate and use this control", "Click to activate and use this control" or as appropriate.
Those who started to read my articles at the end of the year 2005 will notice that this search engine simplifies the task of finding resources using logic and checking dependencies using the command console (tasklist m) and other tricks.
After a few minutes we found the container of the phrase:
I miss or not?, what will be the reason for the extension of the file Mshtml.dll.MUI?, What does it mean MUI?
Someone who has Treaty installing a language pack for Windows must know the answer or have any signs of it:
MUI stands for Multilingual User Interface, i.e. user interface MultiLanguage (IUM).
To that already guessed at where work continues.
Within Microsoft HTML Viewer
Above find a resource located inside of Mshtml.dll.MUI. If that file is the location, then the code will be consequently within the library from Microsoft, Microsoft HTML Viewer or for friends HTML Viewer, simply Mshtml.dll.
How the resources of the file are loaded MUI here is not very important, but what is interesting is the reference to the action seen above:
Accordingly, we will seek that PUSH HEX (2352) or literally PUSH 930. Close any Internet Explorer browser window, to support the library and deleting Windows backups It maintains of protected system files automatically, it is the ideal way to get started.
To search for PUSH 930, open the file in OllyDbg:
We are going to the literal matching the command and came to the following area:
Well see excellent tracks which gives us the disassembly, clearly that routine of six lines ending in LoadStringW load the resource that we previously. Up to the Windows API documentation corroborates the theory:
With the difference that LoadStringW It is the UNICODE version of the documented command)LoadString).
Modifying the activation
Since we are the sector where the "tooltip" is added with the text on the need to click to activate the intuition it quickly says that we upload:
A little further up is the beginning of the subroutine. This routine is clearly which manages the object activation (this activation is not only the 'click to activate' because it takes a message to those objects, with or without the infamous user click).
Rinsing, What do we really want to achieve?
This routine just isolate does the following:
-Prepare the required activation of the dynamic elements (ActiveX) as the pages flash animations, activation that gives them the starting point to start.
-Creates and manages the box and the message that asks us to click to activate the control.
-When the user clicks, finally performs the activation that had previously prepared and left in suspension while waiting for that click "approve".
Wouldn't it be ideal to remove the second step and directly activate the dynamic as in yesteryear objects?
Following the execution of the routine a little, I realize that there are only two conditional jumps climbing and other lower, which will inevitably cause the departure or return of that chunk of code:
Carefully review the previous image, look on the basis it is a SWITCH and would someone noticed the? CASE from that SWITCH?
On the structure SWITCH / CASE
To understand the explanation, this structure must be understood. The structure SWITCH / CASE allows to represent large number of conditions as it would happen with a list of IF/ELSE and actually OllyDbg plays only a list of conditional jumps where is van made slight changes to the code between these jumps as a SWITCH / CASE.
As reference is to note that the IF/ELSE structure on the left is equivalent to the structure SWITCH / CASE right:
In this routine, the execution starts at the top and ends with the return at the end, so it is very important to find jumps that may cause cycles.
Then if the routine does everything I said above and Additionally there are only 2 conditional jumps, climbing, clearly those two jumps are the only ones that can produce a time (click) that stand Naturally the activation.
What I mean when I refer to the leaps that rise or fall is if continuing execution in a code on or under them, according to memory addresses. But when a jump is conditional, there are possibilities that this execution flow of fork.
As already understood what makes the structure SWITCH / CASE, let's find the first SWITCH of the routine:
Whereas there are two jumps on the SWITCH, I will use one of them to try to skip unwanted instructions. Reviewing the conditional jump that is right about the SWITCH, I discovered that just redirects to a CASE within the same SWITCH. However the jump above takes us much further down, remember that we must not omit all the routine, because you have to activate the object of all forms (skip all would have been much simpler by adding a RETURN to top).
I will change the conditional jump by one unconditional:
OllyDbg automatically adds the NOP instruction down the conditional jump not to alter the original structure of the library. Copy these changes to the executable:
and finally the library we keep replacing the original and, as always, by omitting the following message from Windows:
The browser starts correctly, but the library behaves strangely. Does not display the framework or the cursor "hand" to activate the dynamic objects, but in any case requires us to click on the object to activate it and the message "Click to activate and use this control" also appears:
This reflects just a small step in the search for an effective solution. Close the browser and go back to work on the library.
The final thrust
This section of the procedure was updated on 09/03/2007
What to do now is to simulate a click from the user when the routine attempt to charge the "tooltip" which States related to 'Click' here to activate and use this control:
In the image above you can see "PUSH 930" Fund and above, highlighter, lines that I added. OllyDbg automatically adds the NOP instruction down the conditional jump not to alter the original structure of the library. But where to jump?
Jumping exactly to the CASE 201 of our SWITCH, in the direction 7EB0D5B8. So to simulate the first event of the click of the mouse, marked as WM_LBUTTONDOWN, in our language is like "button left button pressed".
But attention!, the event is "pressured" but NEVER He points out that "dropped", i.e. If a user presses a button with the mouse and then regret taking this action, you can easily move the pointer and release off button to not carry out any action (try clicking on the button to refresh this page in your browser).
What I will do then is let to flow to simulate also release the button, then press it, jumping to WM_LBUTTONUP:
For the most incredulous, I'll show you that that the jump address corresponds to the event which I said:
But, why we change the first jump in the previous point to remove the activation box if we finally simularíamos the click?
Maybe because when a debug (monitoring of implementation) of the library is done, one can give account of various calls that receives the routine that we customize. An example of a problem that can lead to not delete the box that says activation is to refresh the page, the mouse pointer is over an object need activation and the library would try to draw the box before forcibly activating the object.
Of course that this can be solved by more hops forced to the section that simulates the clicking, but that would be part of another possible solution.
Finally and as we did previously, return to save the changes and to replace the library.
To better understand what you just did, to see the changes made to the MSHTML.dll library, especially the segments of code and its amendments (including the effects of these changes can be tested independently):
Remove the box of object activation
After pressing the mouse, the code assumes it dropped
This change is in reference to the passage between the events designated as WM_LBUTTONDOWN and WM_LBUTTONUP, without requiring a second user action. I.e. the user can activate a control by pressing on it, without having to release the button.
Simulate the press of the button
Here we simulate a WM_LBUTTONDOWN, which subsequently leads to WM_LBUTTONUP as we saw with the previous modification. The jump occurs before the message on activation of the control, PUSH HEX (2352), which is equivalent to the sequence 6830090000 where 68 is the PUSH and the rest 00000930 (Little Endian) can be uploaded.
The funny thing is the burden of the message about activation is carried out at the time that you move the pointer over the object, i.e., can be summarized as that activation is now automatic when we move the mouse and not when you click on each item.
The ideal solution, ready
The need to click pleasantly disappears and all dynamic objects such as flash animations appear correctly.
I can say almost with certainty that, until the time of this publication, my solution is unique in the world.
Task for the House
Never my idea is not to give everything in tray, but leaving much of the work and research opportunities to the reader (would be pretty easy to make a patch that applies all these changes) so if you look at point 5 of this document, there are several messages that need an analysis:
For example the following:
This message is displayed in a "msgbox" when the page required to run an ActiveX at the beginning. Unlike that you noticed this article, this message appears rarely and I've personally seen it about two times in my life. However it can also be "cancelled" and in a rather simple way.
-Search PUSH 934 for the message concerning the ActiveX loading at the beginning
-Notice that the message is also written in English within the library
Well, I have very little to add conclusion apart from remind you to always keep a backup of the files that changed and hopefully make it clear that on issues of software almost all the annoying or repetitive has solution.