STEP 1: open w32dasm and load the crackme. now go to the string data reference (the button next to the print button) and double click on the line that says "NAG NAG".
now scroll down a bit to this line:
:00401034 E807000000 Call 00401040
this command is calling the nag screen
when the line is highlighted look at the status bar, and look at the @offset number,
write it down without the h (h means hex) it should be 00000434
now copy the file, paste it and rename it to "cracked" (not necessary, but recommanded).
STEP 2: now u can exit w32dasm, we dont need it anymore ;).
open Hiew and load the file(the renamed one). now u see some shit on the screen and can't understand it, right? so press F4 and choose "hex". now we can understand something, good ;) press F5 and now enter the offset of the call u wrote down from w32dasm, press enter and u are at the adress of the call ;)
before i'll continue i want to explain something:
every 2 numbers means 1 byte so lets say we see this: 1122334455 those are 10 numbers, which means 5 bytes...if u understand this u may continue...
so our call is E807000000, how much byte? u right! 5 bytes! a nop(No Operation) command will cancel the call, which means that our nag screen won't come up, so we need to nop the whole call. a nop command is 90, and we need to nop five bytes, so we will change E807000000 to 9090909090. how do we do it? press F3 and now type 5 times 90. now save by pressing F9 and exit by pressing F10.
open your cracked file, and what do u say? the nag doesn't appear? thats great!!! u racked a very easy crackme, happy? now go on to harder ones!!!
