#ro0ted #OpNewblood What the Blackhat’s don’t want you to know: Resource Hacker
It’s been awhile. I have been very busy. Let’s continue in What the Blackhat’s don’t want you to know series. Today we will go over a simple tool called Resources Hacker. As many people know it changes resources in an .exe hence the name Resources Hacker. We will show what exactly can be achieved with it. Most people think it can just edit the cursor or how the GUI looks in a program but it can also make a timed trial go away, it can remove nag screens. This is vital because you are going to want to edit malware when analyzing it when conducting various tests.- https://twitter.com/ro0ted/
Resource Hacker +
Go a head n’ install it. For this example I will use a program no one cares about. Winrar.
After installation right click the program and click Open with Resources Hacker.
Now you got a screen with a layout on the left side of program.
Everything listed in this panel is editable. Not all programs will load in resource hacker due to proper packing….
Let’s go to the Dialog Module>Reminder.
Okay there’s a few options here. Let’s go over a couple things you can do.
You can edit the 40 day trial period to 300 days if you wanted.
Now to add to that we can hide this dialog. Top of the screen you should hide dialog. Click that.
Now something to remember in the future for Res Hacker. If there’s a dialog, there’s a string; meaning there’s a string that usually matches up with the nag screen. Go to the strings module and click 80>1033.
What we see here is a string that tells the code to make the nag screen pop up. We can remove that. After removing it click Compile Script.
Just to be safe it’s a good idea to review all strings/dialogs/all modules for more warning signs you might want to edit and/or remove like this:
Now go to the top and click File>Save As>Example.exe
You can even put crackedrar.exe
No nag screen. Easy as 1 2 3.
(Visited 935 times, 1 visits today)
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.