Cracking WinRAR Tutorial

This tutorial will show you how to remove the 40 days
trial timer for WinRAR 3.71 (using the method shown in
this tutorial, you may also try to crack newer versions
of winrar, but for now I will just use version 3.71) and
create a patch for it.

Download this which includes the following for what you need:
  • WinRAR 3.71 Trial Version
  • Disassembler: HDASM (Hacker's Disassembler)
  • Hex Editor: HIEW (Hacker's View)
  • Patch Creator: dUP (diablo2oo2's Universal Patcher)

First open the wrar371 setup file to install WinRAR. Now open WinRAR, and
as you can see, there is the notice that comes up that says that you have
40 days to evaluate WinRAR then you have to buy it.

First before doing anything, make a copy/backup of WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe".
Now we will disassemble WinRAR. So open HDASM and through here, load
the copy of WinRAR.exe that you created, don't worry about the settings
for disassembling; just stick with the default and click Disassemble. Once
loaded, we will look at the dialog box references of this program; the one
that we will try to find is called (by window title) "Please purchase WinRAR
license" (the dialog we see when we open WinRAR). To see this list of
dialogs, click 'D' on the toolbar. Now search for the dialog by typing in the
search bar "Please purchase WinRAR license". Of course, you don't have to
type the whole thing: once you have typed 'Please pur' it will index to the
only possible item for what we are searching for. When indexed you will see
the ID keyword next to it which in this case is "REMINDER". Now we can
take this ID and search for it in the disassembly. Exit the dialog references
box and click 'S' (for search string references) on the toolbar and search for
"REMINDER" w/out the quote. Double click on the result and it will bring to
the offset address 0043FF47, please make a note of this address.

At this address the instruction is 'push 004A8AA0', if you go to the
004A8AA0 address in the file (with a hex editor) you will see that all the hex
bytes [up until the hex 00 (null termination)] spell out 'REMINDER' in ascii.
And remember that this is an ID for the trial reminder dialog box. on the
second to next instruction you will see a call to USER32.DialogBoxParamA
external library to show and execute the functions of the trial reminder box
that was pushed to the stack for one of the arguments.

Now that we know the address of where this dialog comes in we can modify
it to take it out by replacing the instruction 'push 004A8AA0' with 'nop''s so
when the library call is executed it will return nothing since the ID of the
dialog template is not specified. A hex editor is required for the raw
modification of files. So we shall exit HDASM and drag and drop WinRAR.exe
into HIEW to load the hex dump and disassembly of WinRAR into HIEW
(HIEW32.exe). Now after you have loaded WinRAR into HIEW press F4
(mode) and select decode, press F5 (goto address) and enter '.0043FF47'
to go to the address of the REMINDER dialog setup. Once at this address,
press F3 to edit, and type 90 five times to replace 'push 0004A8AA0' with
'nop {newline} nop {newline} nop {newline} nop {newline} nop', nop means
No Operation it will perform no instruction; it's just a byte to take up file

Press F9 to update.

Finally we have a cracked version copy of WinRAR! Optionally we can make
a patcher for this so when you re-install the trial of winrar 3.71 again, you
can just open the patcher in the same directory and winrar will be modified
again for the crack, instead of going through what we just did all over
again. This patch will be made with dUP.

Before starting, we should have our patched cracked version of WinRAR.exe
(which we just made) and the original WinRAR.exe file that is not cracked.

First to make a winrar crack patch open dUP and select New Project.
From here just enter patch info to show to the user before they execute
the patch. After saving, click Add and select [offset patch]. Edit the offset
patch data by double-clicking [Offset Patch] in the listbox. The file that we
want this program to patch is WinRAR.exe, so browse and select the original
WinRAR.exe file for the Target File. And instead of entering the offset, the
original byte, and the patched byte, we will just compare the orignal
WinRAR.exe file to the cracked WinRAR.exe. Do this by going to the
Compare Files groupbox and enter the orignal winrar and our patched winrar
for the appropriate fields and click Compare. Now that the file knows what
to patch we can save this, click save.

Finally, click Create Patch.
The patcher file will be created in your specified directory, after refreshing
that directory you should see it. Congrats on creating your WinRAR 3.71
Patch Crack! As said earlier, after you install the trial of winrar 3.71 just
open the patch within the same folder as WinRAR.exe and patch it.