I'm trying to crack ******11 (just remove the nag window) and came up with a few problems. No normal window creation methods occur when the window is shown. I was looking for anything that might be suspicious in Olly and I though, if the Dialog was allready stored in the program's exe, so a normal memory reference will do the job. I used resource hacker and saw the dialog box was allready defined in the exe.
Now is there any way to see the where exactly in the file the dialog is located? I mean is there any progy that will do the job?
TY

Very general suggestions.

-Use an API spy utility, try to track which APIs are invoked when the nag is displayed.

-Think of LoadResource kind of APIs

http://www.woodmann.com/forum/showthread.php?t=9401&highlight=trace

A hex editor and the PE File Format Reference

One of the crude, but often working methods of eliminating nag screens altogether is to just delete the resource dialog of it. Otherwise you should search the disassembly listing for the dialog's resource ID to find where it is loaded and used, and figure out a way to detour the execution flow around it.

If you disassemble the soft, (assuming it's not Delphi), with w32dasm you should be able to find the dialog associated with a chunk of code - w32dasm associates resource dialogs with the coda that invokes them, Ida doesn't, it also can be as simple as a push xxx where xxx=the hex equivalent of the resource number ResHacker identifies it with, some times I'll do a run trace over - set a breakpoint in the last call in the run trace then run the prog to the breakpoint, do a trace over again from there - then the same again, until you find a point that has a conditional jump over the routine that calls it.

SiGiNT