PhoX's NAG removal CrackMe

Acid_Cool_178
presents he's

#5 Tutorial

Athour Information

E-mail	acid_cool_178@hotmail.com
Age	17
Web Page	http://acidcool.cjb.net/
Member in	Hellforge	Flying Horse Cracking Force
Groups Web Page	Hellforge Login	FHCF Login

Program Infromation

Name	PhoX's NAG removal CrackMe
	Crackme1.exe
Athour	PhoX
Where to Downlaod	The Crackme Website
Tools used	W32Dasm Hiew		Downlaod At
			1. Programmer Tool's
			2. Player Tools
Size	8KB
What kind of a program	Crackme		Shareware

Skill	Easy	Not so easy	Hard	X-pert

Information about the protection

This protection got a NAG when you are starting the program.

Before we start

Well, another NAG for me :) I Just Love NAG's now.

Task1 <-- Removing The NAG
Task2 <-- Removing The NAG woth SoftIce
Task3 <-- Fun

The Process

Task1
well, i did open the crackme1.exe in W32Dasm and founded this string at "String Data References" Plz register this crackme..
U bet we will register this crackme.
Dubbleclick on the string and you will see this code.

* Possible StringData Ref from Data Obj ->"Plz registrate this CrackMe..."
|
:00401013 688D204000 push 0040208D                 <-- U land here
:00401018 FF3548204000 push dword ptr [00402048]
* Reference To: USER32.MessageBoxA, Ord:0000h    <-- Wath, MessaxeBoxa ?
|
:0040101E E8DA010000 Call 004011FD                 <-- Calling NAG, Calling NAG, Calling NAG
:00401023 C7050020400003400000 mov dword ptr [00402000], 00004003
:0040102D C705042040003D114000 mov dword ptr [00402004], 0040113D

:0040101E are calling the ang and we have to remove that call by NOP'ing it. Take a look in W32Dasm's statusbar and there you can see this @Offset 0000061E.
Open crackme1.exe in Hiew and press enter two times so you can see ASM code. GoTo (F5) 61E and Edit (F3) the code. Nop the call by pressing 90 5 times and Update the file (F9) and Exit (F10 or Esc) Run The Crackme And the NAG are gone.

Task2
Open SoftIce by pressing CTRL+D and type BPX MessageBoxA and exit SoftIce by pressing CTRL+D. Now, start the crackme and SoftIce poups up and now you must clear all breaikpoints by pressing BC *. Now you will see a Call!User32MessageBoxa somewher in the code. But a breakpoint at thet location and exit SoftIce by pressing CTRL+D and start The crackme. BANG, SoftIve poups up and you are standing at the Call!User32MessagaBoxA.
Type this

A	Enter
NOP	Enter
NOP	Enter
NOP	Enter
NOP	Enter
NOP	Enter
Enter

And the NAG didn't apperar :)

Task3
When you are running the program and a NAG are comming up, you clock on OK and another window comes up with a button with this caption "About". when you are clickking on that button then a messagebox will apperar. Lets Remove that function but the button wil be there. So open crackme1.exe in W32Dasm and goto "String Data References" and i founded this string About

* Possible StringData Ref from Data Obj ->"About"
|
:0040117C 681A214000 push 0040211A <-- Nop here
* Possible StringData Ref from Data Obj ->"CrackMe 1.0"
|
:00401181 6820214000 push 00402120
:00401186 FF3548204000 push dword ptr [00402048]
* Reference To: USER32.MessageBoxA, Ord:0000h
|
:0040118C E86C000000 Call 004011FD <-- Or Nop here

As you can see so have we tho choices :) Bon apetitt ;) I wont tell you HOW TO now anymore.

Now, When you hace clickked OK buttin on the NAG and a new window will appera. Lets remove that window :) I founded this string. PhoX's Crackme 1.0

* Possible StringData Ref from Data Obj ->"PhoX's CrackMe 1.0"
|
:004010C1 6850204000 push 00402050 <-- Nop here
* Possible StringData Ref from Data Obj ->"ASMClass"
|
:004010C6 6863204000 push 00402063
:004010CB 6A00 push 00000000
* Reference To: USER32.CreateWindowExA, Ord:0000h
|
:004010CD E807010000 Call 004011D9 <-- Or Nop here
:004010D2 A348204000 mov dword ptr [00402048], eax
:004010D7 6A00 push 00000000

Ending

Wel, now we have removed another ANG with Patching and SoftIce.

Greetings

LaZaRuS, Wajid, Borna Janes, ManKind, Eddie Van Camper, ACiD BuRN, KoRnFLeX, Eternal_Bliss and all the other i have forgotten