By ro0ted | April 26, 2015 - 16:05 | Posted in /b/ | 4 Comments
#ro0ted #OpNewblood What the blackhats dont want you to know: Finding Nag Screens & Removing them

So this is about finding nag screens & removing them. – https://twitter.com/ro0ted/

 

Load the target which is Winrar in Olly:

 

 

0Untitled

 

We are going to go to the call stack click K in your menu box:

Untitled

Your call stack window will appear:

Untitled

Nothing to work with, do you know why?
Because I am using a 64bit machine.
So lets open Winrar in Resource Hacker:

Untitled

Click the dialog module:

Untitled

Click the first module under the dialog tree section called ABOUTRARDIALOG:

Untitled

Resource Hacker shows us the pertinent data to this dialog, including the caption (what appears in the title of the window), buttons associated with this dialog, and it’s various settings. It also opens a window showing us exactly what the dialog will look like, in this case the About dialog. After clicking through a bunch of them, you will come across the one we want:

Untitled

Go back to Olly and Search for All Reference Text Strings:

Untitled

Right click>Search Text: REMINDER:

Untitled

We find it right away:

Untitled

Double click it and we come here:

Untitled

Now you can do this many ways but the easiest way changing the window to NOP which you can do here or in all intermodular calls.

Untitled

Right click Analysis>Analyze Code:

Untitled

Press play:

Untitled

No nag screen. This isn’t about cracking just removing nag screens.

ro0ted

 


 

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file

IDA PRO Book

Unpacking & Crypting there is a difference

Covert Debugging whitepaper from blackhat.com

Manually Unpacking with Ollydbg

Manually Unpacking Part 2

Manually Unpacking 101

ASM Injecting

ASM Injecting Part 2

ASM Injecting Part 3: Crypt your malicious file

Reversing Trials

Adding Your Menu

ASM Injecting Part 4

ASM Injecting Part 5

Finding Nag Screens & Removing them +

 

(Visited 714 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.