The SandmanGeneral AnalysisSat Nov 7 20:52:09 1998 Greetings Jeff,Hi everyone,Unlike in the previous project on System Notebook, I will be playing a more active part this time around and will be adding some of my own observations in the hope that it will provide some extra support to the postings already made. A little guidance will go a long way rather than let you persue dead ends that has little learning values.By not using Softice at this point will allow us to fully explore avenues that present themselves from the data we are collecting which otherwise might have been lost to us.Remember System Notebook?, after examing this program more closer than we normaly would have, we found that it didn't need any patching to the code in order to get it fully registered, in fact, a simple entry added to the Registry File was all that was required..:)Again, some good input from Jeff, who has brought to light something of interest about the way .ini files are created and used.This program uses uninsman.ini to hold it's default settings, which we can change within the program itself. Now, if we run this program without it having access uninsman.ini then it will still run as normal using it's in-built default values, which it does anyway when we run this program for the FIRST time.When we close Uninstal Manager it will use the system function WriteprivateProfileString (if a 16 bit program) or WritePrivateProfileStringA (if a 32 bit program) and attempt to 'save' these default settings to the uninsman.ini file. Should the .ini file NOT be found it will automatically create this file and make the nessasary entries within it, as Jeff found out. The .ini file is a dead duck (hint).Has anyone noticed what kind of 'serial' number this program expects the User to enter? Alpha-numeric or a plain number?. If you type in a number that is too high you'll get an error message, which then tells you that the serial number MUST be within the ranges of an 'INTEGER'.Anyone noticed a 'lack' of clues in W32Dasm's String Data Resources like REGISTRATION NAME or UN, or COMPANYNAME etc which might also be referenced in the output of REGMON or FILEMON?. Arn't these the 'normal' type entries used by programs to display the registered User's details when they register a program?.I'll be honest here, had I not bothered to take the time to examine this program as you are all doing, I too would have missed some pretty interesting stuff concerning this program. Take it from me, take your time on THIS project and you will definatly learn about cracking that no tut could EVER teach you. Kind regardsThe SandmanAddtional Input by jeff , Sun Nov 8 04:12