Quote:
Originally Posted by niculaita
open soft, open megadumper for net apps, dump files, or upload exe. If dongle or card are used we can not help you too much without them
|
Booth tools are available for download...
The good one but also with the newer version of protection can be run without a license, but then the best functions are not available.
The other one can be run for free although with a often appearing annoying nag screen and its by far not as good as the first one.
Hence if possible I would like to get a look inside the first one, the second one is kind of plan B.
There are a couple thinks I want to find out:
One is as mentioned; the lists of files and reg keys for each component which can be removed. (these are the most interesting part I think, booth tools have slightly different collections of components, hence they probably have been manually generated at some point in time)
The other thing is that some of the lists are generated from the mounted installation image, here I would like to know hot to load those oneself (although at least for some I have somewhat an idea how its done).
Things like the Provisioned apps can be enumerated and also removed using dism commands.
I assume the list of drivers to be removed is also generated on the fly, most likely just parsing the all the *.inf files.
But things like telemetry, error reporting, smart screen, windows defender or Cotana a.k.a. windows search can not be removed this way, instead one need to know which files and registry entries to remove by hand.
The hard way to find out those info's would be to run the tools always with only one option selected and then diff the resulting installation images, even though that could be automatized it would probably take forever.
So I take it as a good opportunity to learn some reverse engineering. Haven't expected though booth tools to be equipped with anti debugging techniques though. Well... more opportunity to learn something new I guess.
David X.