Here we will try to remove a nag screen. The term nag screen essentially refers to a screen or banner which is displayed when a particular tool/ program runs. This usually comes at the start of the program with some message. In this tutorial I will show one such example.
The application we are looking at is a third party Calculator.
When we open the application we see a Nag screen for a brief period. Our aim would be to remove this nag screen for appearing when we run the program
The nag screen is sort of a dialog box, so it makes sense if we say that its part or a component of the program. So it makes sense if we think that somewhere in the code the author would be instruction the program to display this dialog box, or in other words, "Push" this dialog box on the screen. This is a important thing to remember regarding this program.
Now there are tools which show different parts or components of a program, to help us understand the program in a better way. One such tool which we will be using is ResourceHacker.
Open the executable in Resource Hacker and we can see different parts of the program.
The component of our interest here is the 'Dialog'. Expand it and we can see Dialog Boxes which make the program.
As you can see, clicking on each Dialog entry shows the corresponding code and the output which enables us to see how the dialog looks in the program. Now where is that pesky nag screen ....
Aha!!! here it is. Note that this Dialog has a number 105. This is the decimal representation for this dialog box. The Hex equivalent would be 69. So essentially we are looking for something like "PUSH 69" in the code for the program. So lets find it.
Open the program in our favorite Disassembler, Olly Debug
Right click and search for 'Command' and enter PUSH 69
Once you see where the nag screen is being pushed onto the screen, we can simply out NOP statements there. NOP essentially means No Operation so the processor is idle at these instructions. So no push, no nag screen.
Now save the changes made
Once saved, try running the executable. Much to our joy, we don't see any nag screen now.
So there you have it, a nag free Calculator program =).
So the key learnings from this tutorial would be:
The application we are looking at is a third party Calculator.
The nag screen is sort of a dialog box, so it makes sense if we say that its part or a component of the program. So it makes sense if we think that somewhere in the code the author would be instruction the program to display this dialog box, or in other words, "Push" this dialog box on the screen. This is a important thing to remember regarding this program.
Now there are tools which show different parts or components of a program, to help us understand the program in a better way. One such tool which we will be using is ResourceHacker.
Open the executable in Resource Hacker and we can see different parts of the program.
The component of our interest here is the 'Dialog'. Expand it and we can see Dialog Boxes which make the program.
Aha!!! here it is. Note that this Dialog has a number 105. This is the decimal representation for this dialog box. The Hex equivalent would be 69. So essentially we are looking for something like "PUSH 69" in the code for the program. So lets find it.
Open the program in our favorite Disassembler, Olly Debug
Right click and search for 'Command' and enter PUSH 69
Once you see where the nag screen is being pushed onto the screen, we can simply out NOP statements there. NOP essentially means No Operation so the processor is idle at these instructions. So no push, no nag screen.
Now save the changes made
Once saved, try running the executable. Much to our joy, we don't see any nag screen now.
So there you have it, a nag free Calculator program =).
So the key learnings from this tutorial would be:
- Examining a program and identifying a particular part or component which we want to remove
- Calculating and locating the probable code responsible for the nag
- Finally removing it so that it is not a nag anymore
No comments:
Post a Comment