The author of  Winwatch says:-

If you use Windows, sometimes you will get this error message "Out of  memory" or "Insufficient memory" even you have 16 MB memory or more.  "Out ofmemory" or "Insufficient memory" doesn't mean your system memory is used up, instead it just warn you of out of some Windows resources(for instance, fixed memory ,GDI or USER resource). Even Windows uses virtual memory to expand memory space, but there are still limits of some resources used by Windows OS. Windows programs stiil need to use fixed memory or conventional memory(below 1MB). For example, if you use Windows for Workgroup may need 300-400KB fixed memory without loading any drivers or applications.
WinWatch also provides some test tools which you can do some experiments yourself. You can let WinWatch(use "Stress" of "Fixed Memory") to eat up the fixed memory below 1MB, then launch some "memory-hungry" apps like MS Word, Excel, or some Multimedia apps. No surprise, you'll get "Out of memory" or "Insufficient memory" error message."
 

About this protection system

This program uses a nag screen shown each time you run this program, counting-down 10-0 informing you that you need to register this utility after 30 days. After counting is
done, You get the Register, Quit and the Evaluate bottons.
When first runing it creates a Watch222.ini file in the directory where Winwatch were installed in, with this details :

[Register]
Resource=AUQ]S_V
Register Number=TQWUPTU]X[[T  (<-- you cann't reg with this key !!)

The last 2 entries will be added on successful registration.

Lets go to have a closer look at this protection routine.
 

The Essay

Try to register with fake code, we will get the "Your registration is not correct!. This
reminder will come up again". OHHH.. This is the worst Nag screen i ever saw, we need to get ridd of it !!

At this point, i was creating a dead list with W32sadm, and i notice that there is no
"String Data References", is it a VB prog ?

This program using the 16 bit function GETDLGITEMTEXT to "read" the input.
Run Winwatch,  fill any Code you like.

1. When you've done this fire up Softice by pressing CTL-D.
2. Type: bpx getdlgitemtext then x to leave Softice.
3. Click on the 'OK' button.
4. Softice now breaks at the beginning of the 1st System Function GetdlgitemText.
5. press x  two times
    Press 'F11'

   We are in VBRUN300.DLL  code !!!!  It is a VB3 program !!!

If you've read Razzia's essay about "cracking all vb programs", i'll give here only the basic things we need to do before we can go on..

You need to have this line in your "winice.dat" file :
Make sure you have a backup of the file before edit it !!

EXP=c:\windows\system\vbrun300.dll
AF5="^s 0 l ffffffff 8b,ca,f3,a6,74,01,9f,92,8d,5e,08,e8,0e,06;"
(i'm using the ALT+F5, cause it was un-useble for me untill now - AF5="CLS;")

The first line is to let you break in SI in the VB3 code.
The second is to save you a lot of hand-writing while searching the right code we're
looking for, which is :

: 8BCA       mov cx, dx
: F3A6       repz cmpsb
: 7401       je 8CB6
: 9F         lahf
: 92         xchg ax,dx
: 8D5E08     lea bx, [bp+08]
: E80E06     call 92CB

So, after doing that, re-boot your computer to make SI to use this changes, rerun Winwatch, and follow the steps above untill you are again in VBRUN300.DLL code.

Press the keys "alt+F5" together, SoftIc is looking in the VBRUN300 for the code,
and you get the "Pattern found at xxxx:yyyyyyyy".
Type u xxxx:yyyyyyyy" with the location and offset it was. pay attention that this location will be different on any other computer. At the top of the code window there is the instructions that our search was about.
We want to break on this lines when the program gets here, so, type this :
bpx xxxx:yyyyyyyy with the location that you've got from the search, and type x to leave. SI breaks here :

: 8BCA       mov cx, dx ;<-- we are here !!
: F3A6       repz cmpsb ;<- here the strings in ds:si and es:di
: 7401       je 8CB6    ; are being compared
: 9F         lahf
: 92         xchg ax,dx
: 8D5E08     lea bx, [bp+08]
: E80E06     call 92CB

Press F10 once, Do a 'ed es:di' and you will see the text being compared to the code
that you entered, but as i notice,it's not the original ascii code, it's get somehow encrypted, and i can't say what is the real code, at this point keep press the F10 until you land on the je 8CB6    <no jump> type bc * to delete the prev bpx's and then type "r fl z" to change the value of the "zero flag" , and to force SI to proceed the jump, and press x to leave SI.

We did it !! we get the "thank you for register" window.

Job done.
 

The Patches

 
Nothing needed

REMEMBER, i'm doing my cracks as a hobby and challenge, so please, if you like
this utility and want to keep using it, support the author and pay for it.
 
 

Final Notes

I was trying to remove the register entry in the "ini" file, and try it again, but i've got the "pattern not found", untill i re-boot the computer.....

Try to use the key that in the "ini" file can't be done, and i couln't tell how to "see" the real one in the VB code.
Can someone try to break this babe to get the real code and post his essay about it ? I'll put it beside the one i've wrote !!!
 

My thanks and gratitude goes to:-
 
The Sandman for all what he is doing for us, newbies.
 
Rhayader for helping me with Reverse Code Engineering and
useful tips

Razzia for giving me the basic knolege of how to start with VB programs