<HTML>
<HEAD>

   <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
   <META NAME="GENERATOR" CONTENT="Mozilla/4.04 [en] (Win95; I) [Netscape]">
   <META NAME="Author" CONTENT="The Sandman">
   <META NAME="Classification" CONTENT="Reverse Code Engineering">
   <META NAME="Description" CONTENT="Step by step guide to cracking Trash Manager a Win 3.1 program.">
   <META NAME="KeyWords" CONTENT="Trash Manager">
   <TITLE>TRASH MANAGER V2.0a</TITLE>
</HEAD>
<BODY TEXT="#001010" BGCOLOR="#C0C0C0" LINK="#FF0000" VLINK="#000099" ALINK="#FFFF00">
&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" 22" >
<TR BGCOLOR="#FFFFFF">
<TD>
<CENTER><B><FONT FACE="Arial,Helvetica">April 1998</FONT></B></CENTER>
</TD>

<TD WIDTH="100%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>"TRASH MANAGER V2.0a"</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">(Simple Conditional Jump Protection)</FONT></CENTER>
</TD>

<TD WIDTH="40%">
<CENTER><B><FONT FACE="Arial,Helvetica">Win'95 PROGRAM</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080">Win'95 Code
Reversing</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080">&nbsp;</FONT></FONT></CENTER>
</TD>
</TR>

<TR BGCOLOR="#FFFF99">
<TD>
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#890000">&nbsp;</FONT></FONT></CENTER>
</TD>

<TD>
<CENTER><FONT FACE="Arial,Helvetica">by <FONT SIZE=+3>The Sandman&nbsp;</FONT></FONT></CENTER>
</TD>

<TD VALIGN=CENTER WIDTH="40%"><FONT FACE="Arial,Helvetica">&nbsp;</FONT></TD>
</TR>

<TR BGCOLOR="#999900">
<TD WIDTH="50%">
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>

<TD>
<CENTER><FONT FACE="Arial,Helvetica">Code Reversing For Beginners&nbsp;</FONT></CENTER>
</TD>

<TD>
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>
</TR>

<TR BGCOLOR="#C0C0C0">
<TD></TD>

<TD ALIGN=LEFT>
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><B><FONT FACE="Arial,Helvetica">Program Details</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Name:</B> Trashman.EXE</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Type:</B> File Utility</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Location:</B>&nbsp; <A HREF="http://www.proweb.co.uk/~greenway/Trashman.zip">Here</A></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Size: </B>58K&nbsp;</FONT></CENTER>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT></TD>

<TD></TD>
</TR>

<TR BGCOLOR="#C0C0C0">
<TD WIDTH="50%"></TD>

<TD><FONT FACE="Arial,Helvetica"><B>&nbsp;</B>&nbsp;</FONT>&nbsp;
<CENTER><B><FONT FACE="Arial,Helvetica">Other Tools Required:</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><A HREF="http://www.numega.com">Softice</A></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">Any Hex-Editor</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>

<TD></TD>
</TR>

<TR>
<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT COLOR="#0000FF">Rating</FONT></FONT></B></CENTER>
</TD>

<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1><FONT COLOR="#0000FF">Easy
( X )&nbsp; Medium (&nbsp;&nbsp;&nbsp; )&nbsp; Hard (&nbsp;&nbsp;&nbsp;
)&nbsp; Pro (&nbsp;&nbsp;&nbsp; )</FONT>&nbsp;</FONT></FONT></B></CENTER>
</TD>

<TD WIDTH="40%" BGCOLOR="#999900"><B><FONT FACE="Arial,Helvetica">There
is a crack, a crack in everything. That's how the light gets in.</FONT></B></TD>
</TR>
</TABLE>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT>&nbsp;
<HR></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>Trash Manager V2.0a</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>( Simple Conditional
Jump Protection )</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#0B7FC1">Written by The
Sandman</FONT></FONT></CENTER>
<FONT FACE="Arial Black">&nbsp;</FONT>
<BR>&nbsp;
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Introduction</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">This program is a basic file delete/move/rename
utility originally for Window's&nbsp; 3.1 but works ok in Win'95.&nbsp;
It was created in 1993 by Tembit Software and&nbsp; published by CheckBox
Software Inc. While this is a utility your never going to use it's still
worth downloading if only to practice and learn from it's simple, yet well
documented use of Assembler.</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#3333FF"><FONT SIZE=+2>About this protection system</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">Registration is via selecting the File
drop-down menu then selecting the Register option.</FONT>

<P><FONT FACE="Arial,Helvetica">On selecting the Register option your asked
to provide:-</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Registration Name:</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Validation Code::</FONT>

<P><FONT FACE="Arial,Helvetica">Both input boxes seem to accept unlimited
number of characters for both the Registration Name and Validation Code..
The actual registration key is created from the Registration name you type
in, however, using this crack will make the program use any sequence of
numbers/letters you choose to use.</FONT>

<P><FONT FACE="Arial,Helvetica">This program is not compacted or encrypted
in anyway.</FONT>

<P><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The Essay</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">Start up Trash Manager and immediately
select the <B>File</B> menu and then the <B>Registration</B> option. You
should now be in the Registration screen, so now type in a name of your
choice, doesn't matter what you use.&nbsp; Now type in any sequence of
numbers/letters in the Validation box.</FONT>

<P><FONT FACE="Arial,Helvetica">At this point I decided to use the function
<B><FONT COLOR="#000099">Hmemcpy</FONT></B>&nbsp; for Softice to break
on so press <B>Ctrl-D</B> and type <B>BPX Hmemcpy</B>.</FONT>

<P><FONT FACE="Arial,Helvetica"><FONT SIZE=-1><B><FONT COLOR="#000099">Hmemcpy</FONT></B>
<FONT COLOR="#990000">is a standard function found in the KERNEL ( a windows
system file ) that is used by programs to copy strings from one memory
location to another, it is often used to build up strings typed in by the
User so that further processing can be carried out on them.&nbsp; In this
example we will use it when the program is in the process of creating a
dialog box that will tell us if we are successful or not in registering
Trash Manager.</FONT></FONT></FONT>

<P><FONT FACE="Arial,Helvetica">OK, now exit Softice by typing <B>X</B>
so that we return back to Trash Manager.</FONT>

<P><FONT FACE="Arial,Helvetica">Now click on the Register button and wham,
we break into the the Hmemcpy routine, but since we are now in the Kernel
Code we want get out of here so that we can examine the Trash Manager code,
so now now press the F12 key <B><U>8 times</U></B> which will take us to
just after where the Hmemcpy command was issued in the Trash Manager code.</FONT>
<BR>&nbsp;
<BR>&nbsp;
<CENTER><TABLE BORDER COLS=2 WIDTH="95%" >
<TR>
<TD><FONT FACE="Arial,Helvetica">:0001.465C 682C01</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.465F 8D46B0</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4662 16</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4663 50</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4664 6A50</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4666 9A78460000</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.466B 56</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.466C 682D01</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.466F 8D8660FF</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4673 16</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4674 50</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4675 6A50</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4677 9AFFFF0000&nbsp;</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.467C 8D46B0</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.467F 16&nbsp;</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4680 50</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4681 9AEB370000</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4686 0BC0&nbsp;</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4688 7503</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.468A E9AD00</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.468D 8D8660FF</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4691 50</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4692 8D46B0</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4695 50</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4696 E809F3</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.4699 83C404</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.469C 0BC0</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.469E 7503</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">:0001.46A0 E99700</FONT></TD>

<TD><FONT FACE="Arial,Helvetica">push 012C</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">lea ax, [bp-50]</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ss</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ax</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push 0050</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">call USER.GETDLGITEMTEXT</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push si&nbsp;&nbsp; ;<FONT COLOR="#990000">We
land here from Hmemcpy</FONT></FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push 012D</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">lea ax, [bp+FF60]</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ss</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ax</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push 0050</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">call USER.GETDLGITEMTEXT</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">lea ax, [bp-50]</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ss</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ax</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">call KERNEL.LSTRLEN</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">or ax, ax</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">&nbsp;jne 468D</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">jmp 473A</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">lea ax, [bp+FF60]</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ax</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">lea ax, [bp-50]</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">push ax</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">call 39A2</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">add sp, 0004</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">or ax, ax</FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">&nbsp;jne 46A3&nbsp; ;<FONT COLOR="#990000">Register
Good Guy</FONT></FONT>&nbsp;
<BR><FONT FACE="Arial,Helvetica">&nbsp;jmp 473A ; <FONT COLOR="#990000">Tell
them Registration failed</FONT></FONT></TD>
</TR>
</TABLE></CENTER>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">In order to find out which jump/call did
what I ran Softice one instruction at a time for quite from this point
onwards for a while in order to get my bearings, I also noted down which
jump instructions never seemed to get called and which did, I was assuming
that the ones that never seemed to get used were perhaps the ones dealing
with the actual registering of the correct key registration.&nbsp; Since
this was the start of Registration process I simply followed the program's
flow (ignoring calls to any of the system routines since they won't reveal
the magical Jump on condition instructions that determines if the validation
key we entered was the right one or not. After a few times of Softice breaking
on Hmemcpy and back tracking to the main Trash manager code I noticed that
the instruction at:</FONT>

<P><FONT FACE="Arial,Helvetica">:0001.469E 7503&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
jne 46A3&nbsp; ;<FONT COLOR="#990000">Register Good Guy</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT COLOR="#333333">didn't get used
so when I got to this point I typed in the following instruction into Softice:</FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#333333"><B>r eip=46a3</B>&nbsp;
which told Softice to 'forget' what it was doing and begin execution from
this point in the Trash manager's code, ignoring any other instructions
it passed over.</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT COLOR="#990000"><FONT SIZE=-1><B>R</B>
is softice's FLAG REGISTER command, it allows us to pre-load any of the
PC's internal flags with what-ever value we wish,&nbsp; This is a very
powerful command, and it's use by newbies should be limited until we understand
this facility much better. The register I used was the <B>EIP</B> register,
this register holds the address in memory where the computer will next
execute and altering it's value without care and attention can bring about
all manner of crashes to your program.&nbsp; So when we landed at:</FONT></FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#990000"><FONT SIZE=-1>:0001.469E
7503&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; jne 46A3&nbsp; ;Register
Good Guy</FONT></FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT SIZE=-1><FONT COLOR="#990000">by
changing the EIP register to 46A3 I was in fact telling Softice to ignore
the JNE condition and treat it as a straight forward JUMP to memory location
46A3.&nbsp; There is of course, other ways to go about this which does
not involve tampering with the PC's register flags, I could have changed
the jne 46A3 instruction to jmp 46A3 but if this jump proved fruitless
then I would then have to locate this instruction and change it back to
it's original instruction before proceeding onto checking the next jump
on condition instruction in the Trash Manager's code..&nbsp; In some programs
there could be many jne or jnz instructions and changing them all individually
to straight forward jp's would take a very long time</FONT><FONT COLOR="#333333">.</FONT></FONT></FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">Once you have 'set' the EIP register with
the value of 46A3 follow this with X and bingo!, you will see that Trash
Manager has accepted our name and validation code, it's now registered
to you..:)</FONT>

<P><FONT FACE="Arial,Helvetica">Because this program is a Win 3.1 program
it creates a TRASHMAN.INI file at:-</FONT>

<P><FONT FACE="Arial,Helvetica">C:\WINDOWS\TRASHMAN.INI</FONT>

<P><FONT FACE="Arial,Helvetica">My ini file looks like this:-</FONT>

<P><B><FONT FACE="Arial,Helvetica">[Tembit_TrashMan]</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">Usage=8</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">WinX=320</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">WinY=240</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">WinWX=226</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">WinWY=168</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">RegName=The Sandman</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">RegCode=7777777</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">X_Pos=580</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">Y_Pos=420</FONT></B>

<P><FONT FACE="Arial,Helvetica">The trashman.ini file also holds our 'Usage
count' for the number of times we use this program.&nbsp; If you want to
un-register this program simply delete&nbsp; the two lines that begin with:</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><B><FONT FACE="Arial,Helvetica">RegName=The Sandman</FONT></B>
<BR><B><FONT FACE="Arial,Helvetica">RegCode=7777777</FONT></B>

<P><FONT FACE="Arial,Helvetica">If you<B> </B>try and enter a different
name or regcode into these lines instead of letting the program do it then
it will detect this and treat it as not being registered, just as if these
two lines never existed.</FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#333333">Job Done.....</FONT></FONT>
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The 'Crack'</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">Using a hex-editor</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><B><FONT FACE="Courier New,Courier">SEARCH FOR THE BYTES: 83C4040BC07503E9</FONT></B>
<BR><B><FONT FACE="Courier New,Courier">THEN REPLACE WITH&nbsp;&nbsp; :
83C4040BC0<FONT COLOR="#990000">EB</FONT>03E9</FONT></B>
<BR>&nbsp;

<P><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">Final Notes</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"><FONT COLOR="#333333">&nbsp;</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT COLOR="#333333">This is a good example
for practicing our reverse engineering techniques on since the code is
straight forward and offers us many ways to crack it. We could have used
the function </FONT><FONT COLOR="#990000">LSTRCMP</FONT><FONT COLOR="#333333">
to get into our Registration routine but I tend to favour the </FONT><FONT COLOR="#990000">HMEMCPY</FONT><FONT COLOR="#333333">
function better.</FONT></FONT>

<P><FONT FACE="Arial,Helvetica"><FONT COLOR="#333333">Since the code is
relatively small we could even have perhaps cracked it using a 'Dead Listing'
created by WIN32DASM since the Trash Manager's code is so well documented
and the routine names within it literally tell us where to go!.</FONT></FONT>
<BR>&nbsp;

<P><FONT FACE="Arial,Helvetica">My thanks and gratitude goes to:</FONT>

<P><FONT FACE="Arial,Helvetica">Fravia+ for providing possibly the greatest
source of Reverse Engineering</FONT>
<BR><FONT FACE="Arial,Helvetica">knowledge on the Web.</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">+ORC for showing me the light at the end
of the tunnel.</FONT>

<P>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Ob Duh</FONT></FONT>&nbsp;</CENTER>
</TD>
</TR>
</TABLE>
<I><FONT FACE="Arial,Helvetica">&nbsp;</FONT></I>
<BR><I><FONT FACE="Arial,Helvetica">Do I really have to remind you all
that by buying and NOT stealing the software you use will ensure that these
software houses will continue to&nbsp; produce even *better* software for
us to use and more importantly, to continue offering even more challenges
to breaking their often weak protection systems.</FONT></I>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><I><FONT FACE="Arial,Helvetica">If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.</FONT></I>
<BR>&nbsp;
<BR>
<HR SIZE=3 WIDTH="100%">
<CENTER>&nbsp;</CENTER>

<CENTER>&nbsp;</CENTER>

<CENTER><TABLE BORDER=2 >
<TR>
<TD>&nbsp;<B><A HREF="Es7.html">Next</A></B>&nbsp;</TD>

<TD>&nbsp;<B><A HREF="sandman.html">Return to Essay Index</A></B>&nbsp;</TD>

<TD>&nbsp;<B><A HREF="Es5.html">Previous</A></B>&nbsp;</TD>
</TR>
</TABLE></CENTER>

<CENTER><B><FONT SIZE=+1>&nbsp;</FONT></B></CENTER>

<HR SIZE=3 WIDTH="100%">
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Essay by:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<A HREF="mailto:The Sandman<greenway@proweb.co.uk>">The Sandman</A></FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Page Created: 10th May 1998</FONT></FONT>
<BR><SCRIPT LANGUAGE="JavaScript">
<!--- hide script from old browsers
update= new Date(document.lastModified)
document.writeln("<FONT SIZE=-1>Last Updated: <EM>" + update.toLocaleString(update) + "</EM></FONT><BR>")
// end hiding --->
</SCRIPT>

</BODY>
</HTML>
