I have a VB5 app which kills Regmon on start and crashes my W98 when ran with SmartCheck. I tried PGC's patch on Regmon but it didn't work.

I've searched thru the disassembled string references hoping to find any path/file name/file extention/VxD reference to SmartCheck/Regmon but failed to find one.

Is there a known method/tool against SmartCheck detection?

Thanks.

Have you tried WinExpose Registry from h**p://www.shetef.com

This was the registry monitor I used before upgrading to XP,
but the blasted thing won't run under it now, even XP's compatability option fails to run it

DrA.

As for regmon detection, the only tricks that I've run across were searches for its class name among open processes. More than likely pgc's patch just changed the class name to something else. Try searching for 'filemonclass' in a hex editor and changing it to something else. I think that's what it was anyways.

For smartcheck detection, you can use the same technique. There might be more techniques for avoiding smartcheck detection but I don't tackle too many vb apps/crackmes so I really couldn't say.

Thanks for your replies.

Taking a closer look, I've found a reference to SIWVID among the strings. I think it is the display driver of Sice. However, the proggy works in absolute harmony with Sice even without the aid of Icedump. Thanks Sice I got my reg number but I'm confused. Why to put that check there if it does nothing at all?