correct way to retrieve prefetch path?-VBForums
Results 1 to 4 of 4

Thread: correct way to retrieve prefetch path?

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Jan 2013
    Posts
    402

    correct way to retrieve prefetch path?

    which is the correct standard way to retrieve the prefetch folder path, which works from XP and up?



    Question 2: Only .pf file format seems to be well documented by forensics reasons, anyone know what uses/info has the other files type in that folder and or subfolder?.


    NOTES: what exactly I needs to do is to erase any track of a file executed in the past, so I know which .PF file to erase, but curious if others files there will track it aswell. Just to know. No, no, I am not in the viruses/hacking thing.

    What happens, I have an utility to do login automation in management games clients like steam/Origin/battlenet, etc., it works ok, but as it can type/screenshot window client area, clicking, etc., this little app gets in trouble with anti-cheats flagging it, it sucks, it damage my honour, which they thinks it is a cheat, but is not, it is not as fast as to do real time cheating.

    So, I already try to set it in a separate EXE, and that it is executed ONLY when needed, but it was flagged by the mere existence in the HDD.

    Then I try to change the file extension, but it was flagged again, why? because anticheat check prefetchs looking for "just before executions", so it is not only what is in RAM, but in HDD.

    So I want to hide it in two ways.

    1) run it in a non related directory.
    2) uncrypt it just before run, and then delete it as soon it is done.
    3) erasing track in prefetch, because it will flag "weird file" and get a human inspection to check the computer from the game manufacturer (yes it happened me TWICE and get 2 of my licenses BANNED).
    Last edited by flyguille; Mar 19th, 2017 at 09:55 AM.

  2. #2

    Thread Starter
    Hyperactive Member
    Join Date
    Jan 2013
    Posts
    402

    Re: correct way to retrieve prefetch path?

    I was trying SHGetSpecialFolderPath, but seems not be a CSIDL for prefetch.

    any other idea?

  3. #3
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    30,540

    Re: correct way to retrieve prefetch path?

    If it's against the rules of the program, then it is against the AUP of this site. Do not discuss this subject further on this forum.

    EDIT: After a discussion with flyguille about this subject, I feel pretty comfortable that it is not, in fact, a violation of the rules of this site, and is not used for any kind of malicious software or malicious intent. Therefore, I've reopened the thread.
    Last edited by Shaggy Hiker; Mar 20th, 2017 at 10:25 AM.
    My usual boring signature: Nothing

  4. #4
    Fanatic Member
    Join Date
    Dec 2008
    Posts
    993

    Re: correct way to retrieve prefetch path?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width

Survey posted by VBForums.