13,582
edits
Undefishin (talk | contribs) No edit summary |
Undefishin (talk | contribs) No edit summary |
||
==== Characteristics of a bootleg, particularly... ====
===== The tools used to make a bootleg =====
To confirm if a bootleg was made with nLite or not, look for:
*
: <code>; Generated by nLite 1.3</code>
: <code>; Generated by nLite 1.4.9.1</code>
: <code>; Generated by nLite 1.4.9.3</code>
** The version number may be different - there have been cases where bootlegs were made with really old versions going back to 1.0 or even beta versions of nLite. You should include this version number in the "This ISO was made using ..." portion if possible. Ditto for all the other tools with visible version numbers.
* Any last session files on the CD root, THIS GOES FOR ALL OTHER PROGRAMS BY DINO NUHAGIC OR ANYTHING BASED ON IT LISTED HERE.
* Any files named <code>nlite.inf</code> and all INF files for the keywords "nLite", including comments (usually at EOF) in <code>I386</code>
* The line <code>"rundll32 advpack.dll,LaunchINFSection nLite.inf,U"</code> in the file <code>cmdlines.txt</code> in the folder <code>$OEM$</code>. This will also confirm the existence of <code>nLite.inf</code> in <code>I386</code>, which is the file that holds the component tweaks done by nLite according to the user.
To confirm if a bootleg was made with
* Lastsession.ini on the CD root
* Autounattend.xml on the CD root, if it has this string <code><!--This answer file generated by RT Seven Lite--></code> or not.
* <code>HKEY_LOCAL_MACHINE\Software\RT 7 Lite</code> in the install image's registry data. You can either load it offline on your computer or look for it using the bootleg itself.
* fppset.inf in the WINDOWS directory, and RTSLCS.dll in the System32 directory (both in the install image)
To confirm if a bootleg was made with NTLite or not, look for:
* Any "Auto-saved session" files, NTLite.log or YYYY-MM-DD_HH-MM-XM.ini files on the CD root.
* <code>HKEY_LOCAL_MACHINE\Software\NTLite</code>
To confirm if a bootleg was made with Windows Unattended CD Creator or not, look for:
* A file named <code>settings.txt</code> in the CD root, and if it contains a comment with the keywords "Windows Unattended CD Creator" as the first line of the file.
* A file named <code>RunOnceEx.js</code> or the entry <code>wucdcreator="wscript.exe %systemroot%\RunOnceEx.js"</code> or similar in <code>WINNT.SIF</code>. This is the most used feature of Windows Unattended CD Creator, its software post-installer.
To confirm if a bootleg was made with VistaPE or not, look
* A file named <code>VISTAPE.CD</code> in the CD root
* ''For autoruns made with StartCD:'' Click the program's icon at the top left of the program window, or right click the program in the tasklist, and click "About"
* Check the file's version information
* Search for strings in the binary itself. It may lead you to extra clues such as version information which
* You
To confirm the program used to modify the bootleg's ISO / what software was used to make the ISO:
* If you use the program PowerISO, open the ISO image you desire, go to Tools > View / Edit sector data..., then view the LBAs 16-18. There you will find:
: CDImage (sometimes a sign that the ISO was created manually)
: Markers for e.g. UltraISO, Nero, etc.
|