Hi all ! I'm try to kill a nag ! I'm tried to BP on every msgbox, getdlgbx thingy but failed ! Using Ollydbg View Window, I realized that the nag is not a msgbox or anything like that, but DefWindowProcA thingy. And the nag box name is TRegBenefitsForm , something to associate with Handle and ClassProc. When I trace /Follow the TReg bla..bla..bla... the code is

OFFSET Call
OFFSET Bla
OFFSET Bla..
OFFSET Bla..
OFFSET Bla..bla

OFFSET Push EBP **** I've brought here by Olly!
OFFSET Bla..bla..
bla....

When I scroll up I found something like :

TEST something,something
JNZ Bla..bla

But when I change the Uncd. Jump code. nothing is happen. The Nag is stil out there.

My Questions are :

Do I have to scroll up further and find another jump that will jump to the PUSH EBP offset ?

Or I have to follow the first CALL above the PUSH EBP, as there are a lot of CALL before PUSH EBP ?

Or do I have to post the 'sensored' code snippet here ?

Please Help !

Read more about Borland's Bastardly Blubber-Bloated Window Wrappers - more commonly known as the Borland Delphi Runtime Library.

in b4 JMI.

And grab yourself a copy of DeDe, it can help reverse delphi programs, which this may possibly be.

I had something similar and ended up being a CALL to the PUSH EBP at the beginning of the program. So trying looking for something like that, it may help.

If helps, a few time ago I wrote a tutorial about these types of nags:

Cracking CaptureNPrint 6.6.6.17
http://arteam.accessroot.com/tutorials.html?fid=41