    
                        CRACKING NAGZ USING EXESCOPE
 
                                 Find it 3


       In this little tutorial i will show u how 2 crack nags with this awesome tool
called exescope...a  complex executable/dll ressource manipulator.

       Of course if the target executable is packed,u must first unpack it...of course,
exescope will not help u much when u r dealing with proggies compiled in visual basic.

       This is a very easy method of cracking nagz , but it will not always work....

       We will use exescope 6.0, get it from www.protools.cjb.net

       I will show u how to kill the nag of a proggie called Find It 3 
(www.http://www.skylarkutilities.com/)

       We start find_it.exe,a ugly nag pops...sigh...it's timed..the continue button
will activate after "only" 10 seconds...while the nag is there,try to use the file menu... 
and it works! this is very good for us, now we could modify that nag a little
with exescope.
But this method won't work if u cannot use the proggie while the nag is there.

       Open find_it.exe in exescope,then click on ressource/dialog...now we will see
all the dialogs that find it uses...and with a preview!....take a look at this one:
"1012"...this is our nag!...now let's edit the nag a little...enter in the x and y fields
some big values (eg 9999),and in width and height 0...now save your work and run 
find_it.exe...wow! no more nag...this was 2 easy! but u still have the time limit...

i won't talk about killing time limits now...there are many proggies out there that u can
crack with exescope...i mean only the nag...(eg ultra edit 6.30,Mp3 Dj and many more).

       Now what  we will do if we can't use the proggie while the nag is there...
Well,u could use exescope and a hexeditor,but again,it will not work all the time...

U should do like this: load the target's exe in exescope (or some suspicious dll of
that proggie wich could create the nag),click on ressource,then look for stupid 
names like tformnag,nagdialog...let's assume that u found tformnag...click on it,
now u will see down left (corner) the offset of the nag (offset=xxxxxx) and the lenght...
Now open your hexeditor,go to that offset and finish the nag...now u could look for some
f8's around there and replace them with 90,or simply blindly nop some code (but 
not to much,4-5 bytes will do...and of course at the right offset)...in many cases
the proggie will show some error (message box) like "invalid xxxxx" or "cannot create xxx"
then u press ok and the proggie loads...then u just kill the messagebox with
softice (very easy)...and the proggie will run without nag.

       Well,hope my little tip will be usefull to someone...and sorry for my bad
english.
       See you in my next tutorial...
       
by +DzA kRAker

TNT!Crackers: http://kickme.to/tnt
              http://warez.at/tnt