Company : RARsoft
Protection Info : protection method is kinda easy n shit, like it uses REMINDER scans. so we can just bypass it by telling the program to jump over the reminder after 40 days winRAR v2.71 will say "Please Register" window, and that window will appear every time you are opening WinRAR so like we have to take that nagg screen off again i`ll tell the program to jump over the part.now load up W32Dasm ans search for "Please Register" you should see this: 011 - ControlID:006D, Control
Class:"BUTTON" Control Text:"&No" winrar was easy to crack cuz it only goes over the rutine check once like other programs it doesn`t check for byte size and doesn`t repeat the check over to make sure everything is okay so now search again for "REMINDER" and now you will see this code... :00401506 833DC0CC460000
cmp dword ptr [0046CCC0], 00000000 so the :00401526 83F828 cmp eax, 00000028 code tells it if its over 40 days then jump to reminder
* Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00401529(C) | :0040152F C6057430460001 mov byte ptr [00463074], 01 :00401536 6A00 push 00000000 :00401538 68A8BA4000 push 0040BAA8 :0040153D 8B1524B94600 mov edx, dword ptr [0046B924] :00401543 52 push edx * Possible StringData Ref from Data Obj ->"REMINDER"
|
:00401544 68E73B4600 push 00463BE7
:00401549 8B0D20CC4600 mov ecx, dword ptr [0046CC20]
:0040154F 51 push ecx
Well, to crack this so will we only need to change the fisrt jump from JNE to JMP, and JMP have the opcode "EB" and JNE have the opcode "75" open WinRAR.exe in you hex editor and search for "46 00 00 75 46 8D 3D 74 30" and change it to "46 00 00 EB 46 8D 3D 74 30" save and run hell yah power to da devil no more nag. hehe notice one more bomb to fuck, at the title it still says "WinRAR (evaluation copy) " < no checks and balances on this exe as if they wanted us to crack it > so to change that search for "evaluation copy" in W32Dasm
* Possible StringData Ref from Data Obj ->"%s - WinRAR"
|
:0041BA01 68DD5F4600 push 00465FDD
:0041BA06 8D9500FEFFFF lea edx, dword ptr [ebp+FFFFFE00]
:0041BA0C 52 push edx
:0041BA0D E8820B0400 call 0045C594
:0041BA12 83C40C add esp, 0000000C
:0041BA15 803DCC6C460000 cmp byte ptr [00466CCC], 00
:0041BA1C 752E jne 0041BA4C |fuck|
* Possible Reference to String Resource ID=00873: "evaluation copy"
|
:0041BA1E 6869030000 push 00000369
:0041BA23 E894C6FEFF call 004080BC
:0041BA28 50 push eax
-------------------- k so fuck if u make that line make a jump to jump 1, program will crash =0) The jump at location 41B1C, Change JNE to JMP
| e-mail: Admin@eminem1.zzn.com | ||