Is inspecting file structure and changes to the system registry considered reverse-engineering?

Question

Disassembling/decompiling is usually considered reverse engineering. What if I don't decompile the executables but only observe the changes to the computer - what registry changes the program installer made, what files it copied and what system calls are done when the program is running (using something like Process Monitor) in order to understand how the program is designed? Is that legally considered reverse-engineering?

Answer 1

I am not an expert, but I'd be very surprised if it is. It's your system after all, and you're just observing what effects the program has on it. You're not trying to look inside the executable; you're looking from the outside, which I think is the critical difference.

After all, if this was an issue then looking at the process list on an OS would be classed as similar, because you can see what processes are being created by a program...

Answer 2

Technically, I would say yes, since the purpose of reverse engineering is to obtain knowledge of how an already existing system works, and disassembling/decompiling is just one of the ways of achieving that.

Legally, I would say not, for the same reasons as dtsazza points.

Answer 3

I suspect that the intent and end result is the most important consideration. If you went into a room with no communication with the outside world, and, say, figured out how to circumvent DRM in a country where such circumvention is illegal, but you never actually disseminated this knowledge or removed DRM from material, then there'd be no reason for you to come to anyone's attention.

If, on the other hand, you found out - purely by accident - that a DRM scheme had a gaping hole and you took advantage of that hole, by disseminating information about it or removing DRM from material, you may be subject to legal trouble under anti-reverse engineering statutes even if though you never actually tried to reverse engineer something.