1. We are not accepting any new account registrations at this time - watch out for announcements on Discord.

[solved] who can write a cleaner with given information

Discussion in 'REQ > Others' started by Holunderbeere, Feb 12, 2019.

  1. Holunderbeere

    Holunderbeere Registered User

    Joined:
    Jan 26, 2018
    Messages:
    395
    Likes Received:
    1,422
    As reported here https://www.board4all.biz/threads/solved-coder-reverser-help-needed.750243/ normal uninstalling with Revo Uninstaller or Total Uninstaller leaf the key in the system. A helpful user in a other forum found the reason

    Code:
    C:\Documents and Settings\John Doe\Application Data\Light Developer
    delete the "InstallFlag" file
    and ...
    regedit.
    [HKEY_USERS\S-1-5-21-596416313-346948869-1116582277-1000\Software\Stepok\Light Developer]
    "InstallFlag"=hex:77 xx xx xx
    delete InstallFlag reg binary.
    note ... on 64 bit systems there may be another entry's for Light Developer "InstallFlag".
    
    this reverts registered Stepok Recomposit Pro to trial.
    I tested it in a Win 7 x64 and it was working there on the same way.

    starting on this point
    [​IMG]

    deleting this file
    [​IMG]

    and this key
    [​IMG]

    which results
    [​IMG]
    and my question is now, who is able to write a cleaner that works on x86 and x64 systems with this given information?
     
  2. Holunderbeere

    Holunderbeere Registered User

    Joined:
    Jan 26, 2018
    Messages:
    395
    Likes Received:
    1,422
    solved by myself
     
    Rekkio and Markat like this.
  3. Rekkio

    Rekkio Registered User Reverser

    Joined:
    Jul 29, 2018
    Messages:
    67
    Likes Received:
    555
    A better way to do this is to make a Portable with e.g. Turbo Studio and set Isolation these registry keys & folders to Hide so you don't even have to delete them, since Cameyo / Turbo Studio / etc will always report them as not existing, even after the app recreates them.

    You don't even really need to make a Portable, just make a 'Loader' that loads the main exe & child processes into the virtual container.
     
  4. Holunderbeere

    Holunderbeere Registered User

    Joined:
    Jan 26, 2018
    Messages:
    395
    Likes Received:
    1,422
    [​IMG] [​IMG]
    1. a Portable would not be a solution because the PS Plugins
    2. I never created a Loader and do not understand the way suggested by you right now = wold need time to understand / learn
    3. The Cleaner was created already and working fine
    Nevertheless I will try to understand your suggestion and realize it (knowing how something can be realized could be helpful in the future)
     
    Rekkio likes this.
  5. Rekkio

    Rekkio Registered User Reverser

    Joined:
    Jul 29, 2018
    Messages:
    67
    Likes Received:
    555

    Here a proof of concept of what a Turbo Studio / other 'Loader' does:
    Hidden Content:
    [HIDDEN CONTENT]
    It's not a Portable and does not include any application files, it just references the application's .exe file in the @APPDIR@ (current) directory and runs it in an environment where the trial data never exists (Isolation set to Hide).

    It also spawns child processes in the virtual environment incase the application has other child processes so they get intercepted as well.
    I also added analytics blocking by redirecting DNS & blocked phone home domains in the Network tab of Turbo Studio.

    If you place this file in the same directory as Recomposit.exe and run it instead of Recomposit you won't have to delete the trial data anymore.

    A Sandbox folder will also be created in the same directory so you probably need to set appropriate NTFS permissions on the application folder if it's in Program Files or run the Loader as Administrator to allow creating the Sandbox.

    Otherwise if you don't want to run as Administrator / set NTFS permissions you can also change the Sandbox, Cache & Stub paths in the Turbo Configuration (.xappl, Turbo Studio) to a directory without admin rights.
     
    hs111, hhecVB, ontryit and 5 others like this.
  6. JonArbuckle

    JonArbuckle is a Trusted Warez PosterJonArbuckle the orange cat Staff Member Super Moderator DEV Guild Reverser

    Joined:
    Aug 12, 2017
    Messages:
    1,155
    Likes Received:
    9,578
    removing a reg key can easily be done with a simple bat or cmd file

    reg delete regpathtodelete /f
     
  7. Ma

    Marskey Registered User

    Joined:
    Apr 3, 2019
    Messages:
    12
    Likes Received:
    21
    wrote a simple cmd, take it if someone need it.

    Code:
    del "%appdata%\light developer\InstallFlag"
    reg delete "HKCU\Software\Stepok\Light Developer" /v InstallFlag /f
     
    Last edited by a moderator: Apr 12, 2019