Hello there fellow reversers,
I'm a programmer and I have some experience in encryption but merely non in reversing. so bear with me...
I came across a software I want to reverse engineer.
The thing is that, when you install the software it generates a unique ID specific to the computer. what I is to find how this ID is generated.
I have no idea where to start. can I place a breakpoint on the ID I know it'll generate for my machine?
The software is a .NET form application, is it possible to decompile it (it should be ...). is it likely that the installer is also a .NET application?

Thanks,
Le-Fay.

Few people seem to use totally home-grown installers these days. Usually it's some version of Installshield, Wise, etc. If you can determine which type it is, you can probably find a lot of specific information here just by searching on the installer system's name.

But in more direct answer to your question, whether it's .NET or not, you should be able to decompile/debug it like any other program. If you know roughly when the installer generates the ID, there's lots of ways you could break near the generation routine with a debugger and try to analyze what it does. For example, maybe when it's done generating the ID, it displays it in a dialogue box. Try breaking on the dialogue box and then follow the call stack up. Of course, a good decompiler can be even more helpful sometimes with regards to that kind of analysis.

Hi TBone, thank you for the quick reply.
The installer is some version of Installshield as you said.
The ID isn't displayed on the screen but I have a reason to believe it is saved on a file named "LIC.DAT" encrypted in some way.
As for debugging I have access to SoftIce, can you give me a hint as for what kind of break point will be a good idea?

If you installed VS .NET,You can find an internal decompiler in the SDK of VS .NET directory.
I don't use it too much,But perhaps be a help.

sincerely yours

Use a disassembler, then try to find "LIC.DAT" in the dead-list. Or use CreateFileA/_lopen as breakpoint. Some progs use GetVolumeInformationA to get the disk volume serial to generate the computer IDs, some use "CPUID" instruction, some use the BIOS strings in Windows registry.