WEBVTT 1 00:00.830 --> 00:01.430 Welcome back. 2 00:01.460 --> 00:02.540 Now we are going to kill, 3 00:02.540 --> 00:03.740 we're going to kill the third nag. 4 00:03.770 --> 00:05.960 This nag here, we are going to kill this one. 5 00:05.960 --> 00:14.480 So remove this one and rename your second patch back to the original file name. 6 00:15.260 --> 00:20.150 Make a copy first and then rename it back to the original file name. 7 00:21.230 --> 00:22.970 So now let's reload, 8 00:22.970 --> 00:29.180 get back our database and make sure you click Debug, Advanced, Hide Debugger. 9 00:29.540 --> 00:31.220 And then you run. 10 00:32.690 --> 00:33.800 Here's our main screen. 11 00:33.980 --> 00:39.380 So now we're going to search for this nag, this one. 12 00:39.380 --> 00:42.080 So we do another string search. 13 00:44.320 --> 00:53.350 Search For, Current Module, String References and look for "further" or the string phrase someone and you 14 00:53.350 --> 00:54.250 got two hits. 15 00:54.340 --> 00:57.820 So you click on the first one and this is our first hit. 16 00:59.240 --> 01:06.200 And I scroll up and I put a comment here to indicate this is the start of the function for the third nag. 17 01:06.380 --> 01:08.630 Now we want to know who called this third nag. 18 01:08.840 --> 01:14.060 So we right-click this and then Find References to This Address. 19 01:14.060 --> 01:16.190 And we find that this is the caller. 20 01:16.190 --> 01:17.330 So we double-click this. 21 01:17.330 --> 01:18.440 And yes, here. 22 01:19.480 --> 01:20.050 All right. 23 01:21.340 --> 01:21.760 This, 24 01:21.760 --> 01:23.830 this is the caller for the third nag. 25 01:24.460 --> 01:26.290 And then you can see there's a jump. 26 01:26.290 --> 01:30.520 That means we can actually bypass this call for the nag. 27 01:31.120 --> 01:36.940 Now an easier way to do it is to instead of bypassing it, we just jump straight to the exit function 28 01:36.940 --> 01:38.800 that will terminate the program. 29 01:39.220 --> 01:41.260 So how do we do that? 30 01:41.260 --> 01:48.310 We look for an exit function in this program, but I put a comment there to mark the spot so that I 31 01:48.310 --> 01:54.880 will come back here later and assemble the jump to the exit function that will bypass the nag and also 32 01:54.880 --> 01:55.810 exit the program. 33 01:56.260 --> 02:03.550 So let's do an intermodular call to search for the exit function that we can use. 34 02:03.550 --> 02:04.600 Right-click here. 35 02:05.290 --> 02:12.700 Search For, Search For, Current Module, Intermodular Call and then filter exit. 36 02:13.240 --> 02:15.340 And we have an exit function here. 37 02:15.400 --> 02:18.190 Double-click on that and copy this address. 38 02:18.550 --> 02:23.710 This exit function that we can use, right-click, Copy Address. 39 02:24.310 --> 02:27.670 And then your address will be different from mine. 40 02:27.670 --> 02:30.700 So just follow what you see for your case. 41 02:31.750 --> 02:35.020 Now we go back to our comment where we mark the spot. 42 02:36.590 --> 02:39.740 And now we are going to assemble a jump to the exit function. 43 02:41.610 --> 02:48.690 So press spacebar and then delete all this address and paste your exit function there. 44 02:49.840 --> 02:56.620 Right-click, copy and paste your exit function there. 45 02:56.950 --> 03:01.030 If you click on Keep Size, it will be bigger by four bytes, but that is OK. 46 03:01.030 --> 03:01.960 So uncheck this. 47 03:02.500 --> 03:04.480 It doesn't matter if it's bigger by four bytes. 48 03:04.480 --> 03:06.640 Let it override all this because we don't care. 49 03:06.640 --> 03:07.600 We're not going to use this. 50 03:07.630 --> 03:14.350 We are going to jump straight to the exit function in order to bypass this, as well as to exit the 51 03:14.350 --> 03:15.490 program in one go. 52 03:15.520 --> 03:17.080 Killing two birds with one stone. 53 03:17.440 --> 03:18.580 So we close this. 54 03:18.580 --> 03:21.850 Now we already assembled the, click 55 03:21.850 --> 03:22.630 OK. 56 03:24.560 --> 03:25.760 To assemble it. 57 03:28.240 --> 03:29.080 Sorry. 58 03:29.110 --> 03:31.450 Um, I think we did a mistake. 59 03:32.200 --> 03:33.430 It should be jump. 60 03:34.900 --> 03:35.740 It should be jump. 61 03:35.740 --> 03:37.810 That means it should be JMP, not J-. 62 03:38.770 --> 03:39.070 Sorry. 63 03:39.070 --> 03:41.380 It should be JMP like that. 64 03:41.830 --> 03:42.130 All right. 65 03:42.130 --> 03:43.090 Click OK. 66 03:45.040 --> 03:46.720 OK, so we have done that. 67 03:46.720 --> 03:47.890 So now we can patch. 68 03:49.000 --> 03:53.110 And click Patch and we'll call it Revamped Three. 69 03:55.300 --> 03:56.170 Dash three. 70 03:57.070 --> 03:57.850 Click Save. 71 03:58.660 --> 03:59.230 OK. 72 03:59.230 --> 04:01.120 And now we can close everything. 73 04:01.450 --> 04:04.000 Make sure the Process Hacker is running. 74 04:04.000 --> 04:11.140 And then we'll go back and we will run our program, patch three. 75 04:11.320 --> 04:12.730 And you can see it's running. 76 04:12.730 --> 04:15.760 Patch three is running and wait for main window to show. 77 04:16.810 --> 04:21.970 In a few seconds, you should be able to see the main window and that's your main window. When you click 78 04:21.970 --> 04:24.700 OK, look what happens. 79 04:24.700 --> 04:27.610 The program quits and the third nag is not shown. 80 04:27.610 --> 04:34.270 So we have successfully killed all the three nags and also successfully quit the program when you close 81 04:34.270 --> 04:34.600 it. 82 04:34.900 --> 04:36.040 So let's try again. 83 04:36.040 --> 04:39.070 Make sure it works. OK. 84 04:39.220 --> 04:40.030 Patch is running. 85 04:40.090 --> 04:41.920 Patch two, patch two is running. 86 04:42.220 --> 04:45.910 After a few seconds, you should be able to see your main window. 87 04:47.080 --> 04:47.650 There you go. 88 04:47.650 --> 04:48.220 Your main window. 89 04:48.220 --> 04:50.980 When you click OK, it should, it should quit the program. 90 04:51.880 --> 04:56.620 And true enough, you can see the program quits instead of showing your nag three. 91 04:56.620 --> 04:59.920 So with that, we have successfully completed this project. 92 04:59.920 --> 05:02.590 Thank you for watching.