Crack WinRAR to ad pop-up window

WinRAR Ads pop up every time you start , After analysis, I found that it was easy to go to advertising ….. For technical exchange only , Do not use it to crack propagation ~

1. The goal is ：32 position WinRAR Go to the advertising pop-up window , A single file ko

2.OD Load find window related API Call found CreateWindowEx Call to , All down

3.F9 Run to record which call is responsible for creating the advertisement pop-up .
The record discovery window class is named SysListView32 Of call After calling, the main window appears
The window class name is RarHtmlClassName Of call After calling, the advertisement window will appear , After careful analysis, it is found that the window class name is RarHtmlClassName Of call The nearby codes are related to the advertising window , So you can find the code that calls this function directly , Call this function NOP transfer

4. test , The advertising window has become a blank window , Explain that there are related window creation call It's not solved , Continue the above tracking and find
The window class name is RarReminder Related calls to , After analyzing the nearby code, it is found that the same function as above is responsible for reading the string value in the resource file , Get the advertisement address after decoding , After careful analysis, it is found that the timer should be set to access this function every once in a while . The starting address of this function is 00DB4A00（ This system is enabled ASLR）

5. So in WinRAR Search for all commands in (call 00DB4A00) obtain

6. All NOP transfer ！ Get it done , Super easy ,64 I won't say more about you ~