-
Mar 19th, 2017, 09:38 AM
#1
Thread Starter
Fanatic Member
correct way to retrieve prefetch path?
which is the correct standard way to retrieve the prefetch folder path, which works from XP and up?
Question 2: Only .pf file format seems to be well documented by forensics reasons, anyone know what uses/info has the other files type in that folder and or subfolder?.
NOTES: what exactly I needs to do is to erase any track of a file executed in the past, so I know which .PF file to erase, but curious if others files there will track it aswell. Just to know. No, no, I am not in the viruses/hacking thing.
What happens, I have an utility to do login automation in management games clients like steam/Origin/battlenet, etc., it works ok, but as it can type/screenshot window client area, clicking, etc., this little app gets in trouble with anti-cheats flagging it, it sucks, it damage my honour, which they thinks it is a cheat, but is not, it is not as fast as to do real time cheating.
So, I already try to set it in a separate EXE, and that it is executed ONLY when needed, but it was flagged by the mere existence in the HDD.
Then I try to change the file extension, but it was flagged again, why? because anticheat check prefetchs looking for "just before executions", so it is not only what is in RAM, but in HDD.
So I want to hide it in two ways.
1) run it in a non related directory.
2) uncrypt it just before run, and then delete it as soon it is done.
3) erasing track in prefetch, because it will flag "weird file" and get a human inspection to check the computer from the game manufacturer (yes it happened me TWICE and get 2 of my licenses BANNED).
Last edited by flyguille; Mar 19th, 2017 at 09:55 AM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|