Quote:
Originally posted by wassim_
as I can see from the link to RCE, it was discussed there with no solution, the question is still the same...
|
?
All what you know ist there!?
------------------------------------------------------
Download -> Regmon / Filemon!
hxxp://www.sysinternals.com/ntw2k/source/regmon.shtm
hxxp://www.sysinternals.com/ntw2k/source/filemon.shtm
BUT you must Patched this Tools or Armadillo would check this and HIDE interesting from your eyes.
Example what must deleted:
[HKEY_CLASSES_ROOT\CLSID\{ED86CA99-271F-13D1-B2E4-0060975B8649}
[HKEY_LOCAL_MACHINE\SOFTWARE\Licenses]
[HKEY_LOCAL_MACHINE\SOFTWARE\The Silicon Realms Toolworks\Armadillo]
In your TEMP Directory (all) -> ?.tmp
---------------------------------------------------------
---------------------------------------------------------
thanks Viper.. this is the right info. i was looking for. btw the CLSID key might be different for each winOS or for differents target i just confirmed.. maybe is hardware ID based? anyway i'm tring to find a generic way about how this work....
deleting:
[HKEY_LOCAL_MACHINE\Software\Licenses]
[HKEY_CURRENT_USER\Software\Licenses]
[HKEY_LOCAL_MACHINE\Software\The Silicon Realms Toolworks]
[HKEY_CURRENT_USER\Software\The Silicon Realms Toolworks]
and the CLSID key that regmonitor shows right after the License.. one...
HKEY_CLASSES_ROOT\CLSID\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
the deleting all *.*.tmp files from the TEMP dir. and done!
------------------------------------------------------------------------------------
Tschau
Viper Zx