WinPWL 3 by Aaron Klotz
Visit the official WinPWL site!
http://www2.memlane.com/aklotz/winpwl.html
==========================================

I don't want anything for this program, but if you distribute it, please ensure that this file
accompanies WinPWL3.exe in the archive. This program is freeware, and therefore is not subject
to a fee of any kind. This program is unsupported and is provided "as is" - use at your own risk!

DISCLAIMER: By using this program the user agrees that any legal trouble they may get into for
using this software to obtain unauthorized access to passwords is their responsibility. The
author of this program assumes no responsibility for such activities. This software was not
intended for obtaining passwords that the user is not supposed to have access to. It was only
designed for recovering forgotten passwords or for technicians/administrators.

Feedback
========

I would really appreciate it if you would drop me a line telling me what operating system you
are running and how WinPWL worked on the computer you ran it on. Did it perform as expected?
I would like to know. Drop me a line at winpwl@hotmail.com. No suggestions for future versions
please, as I doubt there will be any.

Using WinPWL 3
==============

Pretty straightforward stuff. At the top of the WinPWL window you will see the username and
password for the currently logged on user. The listbox contains a list of all the passwords
stored in the PWL file for that user. Each entry contains the password type, the resource it
is associated with, the username (if applicable), and the password itself.

The Copy button allows you to copy either the currently selected password or all the passwords
to the clipboard so that you can paste them into another application.

Clicking the Refresh button will update the password list to reflect any changes you have made.

To add a new password resource, click the Add button. Choose the correct tab depending on the
type of password you plan to add to the list. Simply fill out the property page with the
information it requires, click OK, and the password will be added to the PWL file. For the
Other Entries tab, you will need to know what it is asking for. The resource is the name of the
server the password is for. Naming conventions depend on the type of network. Enter the
resource, the password, and the password type. The type must be between the numbers 1 and 254.
Here are the most common types:

 1 - NT Domain
 2 - NT Server
 3 - Shared Drive
 4 - MAPI
 6 - Dial-up Networking or CryptoAPI Key
18 - NetWare Server
19 - WWW resource (Internet Explorer)

The Edit button will only allow you to change the password for an existing resource. It will
not let you rename the resource or change the type. To do this, you will need to add a new
resource. It will also forbid you from editing CryptoAPI entries, since editing the key could
really screw things up. Please try to understand that editing the passwords in the PWL file
only affects the cache on that machine. For example, if you change somebody's PWL password for a
NetWare server, their password for access to the server stays the same, but their workstation
trys to log them on with the password you have changed it to, so they will not be able to log
on with that new password unless it gets changed on the server side of things as well.

Clicking the Remove button deletes the selected password from the PWL file. For some reason, this
will not work properly with type 19 resources saved by Internet Explorer, although it will work
for type 19 entries that the user adds. I may do some research on this one if I have time, but
probably not. If any programmers out there has the function declarations for MSPWL32.DLL's
exports, I may be able to work something out. I just don't have the time to figure them out
myself. Sorry for any inconvenience, but hey, this program is for free, so don't complain!

Clicking the System Pwd... button allows you to change the system logon password.

Clicking the Filter... button allows you to specify a type. When filtering is enabled, WinPWL
will only display password entries for that given type.

Version History
===============

3    - Abandoned the old code base and rewrote the entire program from scratch! Contains a
       brand new, simplified interface, with more features, including the ability to view
       and edit NetWare passwords, and the ability to view and change the system password
       (when the target system is left unattended). A filter option has been added so that
       only passwords of a particular type can be displayed, and customized add and edit
       dialog boxes allow for easier entry of passwords. My new linked-list manager greatly
       improves memory management over the previous versions of WinPWL.

       Why did I just call this version 3, as opposed to version 3.00?

       Because I don't plan on revising it any further. WinPWL 3 has become the most powerful
       PWL file viewer available, and I don't see any reason to spend my limited time expanding
       its capabilities any further. I don't plan on writing a full-fledged cracker, because
       with 128-bit encryption protecting most PWL files, the only way to get in is either if
       the user does it for you (like this version) or by using a brute-force or dictionary
       attack. There's lots of other programs out there that can handle that sort of thing, it
       makes no sense to me to add another one to the pile. A new release is highly unlikely
       unless a bug (and I mean a SERIOUS bug) gives me a good enough reason to revise it...
       Mind you, with this new, relatively untested code base, you just never can tell! ;-)

2.03 - Better interpretation of PWL file's contents, including CryptoAPI keys and IE site
       passwords. Username is now displayed in uppercase, since the PWL file is encrypted
       using an uppercase form of the username. About box now allows user to disagree with
       disclaimer, which then aborts the program.

2.02 - Improved icons, added about box. Fixed the system menu. Changed the startup code so
       that WinPWL tries to log you in before it dumps the passwords. This should prevent
       the "user not logged in" error messages that previous versions displayed. WinPWL now
       displays the current username. Memory use has been changed.

2.01 - Removed some debugging stuff that I forgot to take out of version 2.00! Oops!

2.00 - Added features for adding, editing, and removing passwords from PWL files.

1.01 - In response to dschneid's complaints I added an icon. Fixed missing DLL bug.
       Had to static link the runtime library, because I couldn't avoid using it!

1.00 - Initial release - Allows inspection of passwords in PWL files and the ability to
       copy them to the clipboard.

Aaron Klotz
