JPE Registry questions

[ThatGuyOverThere]

First off I have to say that this is a pretty frickin sweet program. It's an absolutely essential tool to the portable apps world. I extend my most heartfelt thanks to all who have shaped this program into it's current form!

Now, I have a few weights on my mind but before I get into that I must explain that I know next to nothing about the registry and how it works, and JPE for that matter. I've been playing with this app for a few days testing things here and there. I've used two programs to monitor registry activity API Guard, and Regshot.

I've been playing with a game called netgame which can be found here. I've used crownixx's JPE AutoWizard to create a portable version of the program. When I check the changes with Regshot it shows three registry keys edited.

• HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed
  HKU\S-1-5-21-469896794-1978212859-1848903544-2673\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU
  HKU\S-1-5-21-469896794-1978212859-1848903544-2673\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\wvzzle\Qrfxgbc\chmmyrf\argtnzr_cbegnoyr.rkr

If I run the non-portable version of the game through API Guard only the first registry entry is shown as changed.

• HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed

I've tried adding these keys to the [RegistryIngore] [RegistryExclude] [RegistryInclude] and no change happens. The same keys show up.

Is there something I'm doing wrong?

And just for clarification sake as I understand it, and this may be incorrect, the purpose of JPE is to make non-portable applications become usable without trace on any PC (portable).

Thanks!

[redllar]

Hey there.

First off, you don't really need to run that app from JPE. It's not doing anything that needs to be portablized.

Second, that extra registry key you got is due to the shells running of the portable application. The "user assist" key is one of the places where the shell stores tracking info and one of the things it tracks is app execution. It encrypts the key with a method that's easily deciphered. When I deciphered the string you provided I found that it was "UEME_RUNPATHUEME_RUNPATH:C:\Documents and Settings\jimmyr\Desktop\puzzles\netgame_portable.exe". As you can see, the shell is basically telling itself that it ran the portable launcher for you. That's why you didn't see it when running the game straight away. Anyway, it's nothing that JPE can prevent because it's already been entered into the registry before the JPE runtime has a chance to execute.

And just for clarification sake as I understand it, and this may be incorrect, the purpose of JPE is to make non-portable applications become usable without trace on any PC (portable).

Well... The purpose of JPE is to portablize an app, which normally is taken as being able to take the entirety of the app (dlls, settings, user data, etc.) to another user account, or another device, or another machine, and have it run the same as it did from the first computer/user account/drive. What you're talking about is what we refer to as stealthy. But that's impossible for JPE to do since, as your case proves, it can't prevent all registry entries from occuring, i.e., running without trace on any PC. It also has some other limitations due to the method used to prevent the "traces" as well as some limitations due to it being designed to run under restricted user accounts.

[ThatGuyOverThere]

I very much appreciate your quick response.

So those entries are being made outside of JPE? That would explain it.

Thanks!