Results 1 to 4 of 4

Thread: finding a preconstructed dialog

  1. #1
    Longbow
    Guest

    finding a preconstructed dialog

    I'm trying to crack ******11 (just remove the nag window) and came up with a few problems. No normal window creation methods occur when the window is shown. I was looking for anything that might be suspicious in Olly and I though, if the Dialog was allready stored in the program's exe, so a normal memory reference will do the job. I used resource hacker and saw the dialog box was allready defined in the exe.
    Now is there any way to see the where exactly in the file the dialog is located? I mean is there any progy that will do the job?
    TY
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Very general suggestions.

    -Use an API spy utility, try to track which APIs are invoked when the nag is displayed.

    -Think of LoadResource kind of APIs

    http://www.woodmann.com/forum/showthread.php?t=9401&highlight=trace

  3. #3
    Quote Originally Posted by Longbow View Post
    Now is there any way to see the where exactly in the file the dialog is located? I mean is there any progy that will do the job?
    A hex editor and the PE File Format Reference

    One of the crude, but often working methods of eliminating nag screens altogether is to just delete the resource dialog of it. Otherwise you should search the disassembly listing for the dialog's resource ID to find where it is loaded and used, and figure out a way to detour the execution flow around it.

  4. #4
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    If you disassemble the soft, (assuming it's not Delphi), with w32dasm you should be able to find the dialog associated with a chunk of code - w32dasm associates resource dialogs with the coda that invokes them, Ida doesn't, it also can be as simple as a push xxx where xxx=the hex equivalent of the resource number ResHacker identifies it with, some times I'll do a run trace over - set a breakpoint in the last call in the run trace then run the prog to the breakpoint, do a trace over again from there - then the same again, until you find a point that has a conditional jump over the routine that calls it.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

Similar Threads

  1. nopping a dialog window thing
    By are in forum The Newbie Forum
    Replies: 0
    Last Post: November 20th, 2008, 23:03
  2. Cracking a trial - Time Up dialog text is not in stringdata
    By nog_lorp in forum The Newbie Forum
    Replies: 12
    Last Post: April 9th, 2005, 16:13
  3. how can the register dialog be shown ?
    By UnderCover in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: October 1st, 2001, 01:10
  4. Registering an app with no register dialog
    By SirLeechaLot in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: January 25th, 2001, 16:09
  5. Screensaver password dialog
    By NoRToN in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: November 7th, 2000, 22:53

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •