*after looking in 32dasm (disassmble first, i am sure it's easy), we can see acttualy everything.
ok let's crack then;
press the STRhref button, u will see all the text that the ceackMe use.
1.press the "please pay me to register", after u press u will be here:
posible string data blah blah ->"please pay me to register"
xxx:yyyy PUSH 00403040 ;or similar to it ;)
xxx:yyyy PUSH 00000000
scroll up alittle bit till u see this:
xxxx:yyyy cmp eax,0000000
xxxx:40100F 7413 je 00401024 <= jump to the first nag
xxxx:yyyy push 0000000
look at the offset of 40100F 7413 je 00401024 (look down at w32asm) it's: 40Fh (h=hex)
open the hex editor, find the address (40100F), change: 7413 je -> 7513 jne
^ ^
|___________|
first nag killed ;)
2.press the "are you willing to pay me?", u will land here:
xxx:yyyy PUSH 00403089
xxx:yyyy PUSH 00000000
scroll up alittle bit till u see this:
xxxxx:yyyy call 00401052 <= that's call to second nag.
*there is no je to the second nag, and we cant nop or jne on a call, so what we will do is to get back to our first jump 7513 jne (after we changed it ;) )and to change the number 13 > 41
jump 7513 -> jump 7541
^ ^
|____________|
so now it will be like that: xxxx:40100F 7541 jne 00401052 ; remember the call?? change to 41 makes the call to be jump as well ;)
