#ro0ted #OpNewblood What the blackhats dont want you to know: Finding Nag Screens & Removing them
So this is about finding nag screens & removing them. – https://twitter.com/ro0ted/
Load the target which is Winrar in Olly:
We are going to go to the call stack click K in your menu box:
Your call stack window will appear:
Nothing to work with, do you know why?
Because I am using a 64bit machine.
So lets open Winrar in Resource Hacker:
Click the dialog module:
Click the first module under the dialog tree section called ABOUTRARDIALOG:
Resource Hacker shows us the pertinent data to this dialog, including the caption (what appears in the title of the window), buttons associated with this dialog, and it’s various settings. It also opens a window showing us exactly what the dialog will look like, in this case the About dialog. After clicking through a bunch of them, you will come across the one we want:
Go back to Olly and Search for All Reference Text Strings:
Right click>Search Text: REMINDER:
We find it right away:
Double click it and we come here:
Now you can do this many ways but the easiest way changing the window to NOP which you can do here or in all intermodular calls.
Right click Analysis>Analyze Code:
No nag screen. This isn’t about cracking just removing nag screens.
Finding Nag Screens & Removing them +
(Visited 714 times, 1 visits today)
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.