hello guys

i was trying to crack a certain shareware.i found the serial , and then i registered the program . i wanted to reverse-engineer the program again,and so i uninstalled the program ,and removed everything from the registry belonging to the program.
i installed the program again,but the program says it is registered.
i want to ask where has the program has stored the registration entities.how can i unregister the program again?
i was under the impression that the program would hav stored the registration entities in the registry.it seems i was wrong.
After we register a certain software, where does the software stores the registration info?
i cant name the program but it is the first target in Potassium Tutorial no 2.

Haha, how interesting, an "uncrack request".

Anyway, use the normal techniques to track which files and registry locations are accessed, and I'm sure you'll find the offending ones.

Try using filemon and regmon to check what reg keys and files it access, and if they are suspicious.
hxxp://www.sysinternals.com

There are a couple other places to look - in your documents and settings folder and in the windows - and/or windows/system32 folder - the later is the more likely place sometimes as obvious as a "your shareware.ini" file, if you have a utility like 010 editor that does a true "find in files" search, do a search for your serial number - the windows "find in files" doesn't really work well. Also search the registry for your old seial number - sometimes progs will use settings in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.

SiGiNT

It boils down to this: The demo authors leave tracks on your computer about registration and date of installation that are not erased when you uninstall the pack, hidden from obvious places like the program folder or the program registry keys. Sometimes they put them in secret registry keys and even in hidden raw sectors in your hard drive. Otherwise it would be trivial to defeat an expired demo by uninstall-reinstall routine.

A strategy to trap this behavoir is to install the program on a clean computer or a clean virtual machine, UNDER A INSTALL MONITOR (several available on the net) it will list all the files and keys written by the program. Then uninstall under the same monitor and look for the list of files and keys left behind.
that's where the money is.

Of course some deep protections and rootkits are immune to this approach.

morals of the story:

Consider doing the RCE activities inside virtual machines (Available for free now), then you have an endless source of virgin systems to experiment.

Always Install new apps under the supervision of an install monitor, so you can keep track of all the crap that is being written into your HD.

What you learn in a virtual machine can be seamlessly applied to your Main system.

very nice

Kayaker,

010 is excellent for searching directories and for finding strings, hex combo's and other searchable stuff, has an excellent checksum utility,but it's kinda like RDG vs PEiD - RDG works a little better but my goto tool is PEiD - in the case of hex editors it's WinHEX - PS: 010 is easy to --- well ---errrr - uh- you know

SiGiNT