By ro0ted | April 26, 2015 - 16:05 | Posted in /b/ | 4 Comments
#ro0ted #OpNewblood What the blackhats dont want you to know: Finding Nag Screens & Removing them

So this is about finding nag screens & removing them. –


Load the target which is Winrar in Olly:





We are going to go to the call stack click K in your menu box:


Your call stack window will appear:


Nothing to work with, do you know why?
Because I am using a 64bit machine.
So lets open Winrar in Resource Hacker:


Click the dialog module:


Click the first module under the dialog tree section called ABOUTRARDIALOG:


Resource Hacker shows us the pertinent data to this dialog, including the caption (what appears in the title of the window), buttons associated with this dialog, and it’s various settings. It also opens a window showing us exactly what the dialog will look like, in this case the About dialog. After clicking through a bunch of them, you will come across the one we want:


Go back to Olly and Search for All Reference Text Strings:


Right click>Search Text: REMINDER:


We find it right away:


Double click it and we come here:


Now you can do this many ways but the easiest way changing the window to NOP which you can do here or in all intermodular calls.


Right click Analysis>Analyze Code:


Press play:


No nag screen. This isn’t about cracking just removing nag screens.





(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file


Unpacking & Crypting there is a difference

Covert Debugging whitepaper from

Manually Unpacking with Ollydbg

Manually Unpacking Part 2

Manually Unpacking 101

ASM Injecting

ASM Injecting Part 2

ASM Injecting Part 3: Crypt your malicious file

Reversing Trials

Adding Your Menu

ASM Injecting Part 4

ASM Injecting Part 5

Finding Nag Screens & Removing them +


(Visited 714 times, 1 visits today)

  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.