Creating Malwarebytes 3 plugin - Development

it looks like the mbamswissarmy is copied to the sdk folder inside the program folder but it needs to be im the system32\drivers folder AS WELL. Along with another driver or two possibly misplaced or missing altogether.. Malwarebytes will install and run but when it tries to load after a boot it always errors, we have file placement or registry wrong somewhere

One reason I feel like its file placement is that its obvious things aren't all where they're supposed to be if you look at a regular install side by side... the ones I noticed most issues are Malwarebytes*\SDK folder and System32\Drivers....

I have the paid version on my host its hard to compare files and keys because there are extra drivers etc for the active protection...

If you run the MBAM3 installer while in PE, it works....
just takes a few seconds to run the MBAM3 Setup file

If you run the MBAM3 installer while in PE, it works....
just takes a few seconds to run the MBAM3 Setup file

I don't think it's the installer that's the issue. It's just plain running the program. I personally wouldn't see the need of having the installer to install it while in the PE, I just want the script to run MalwareBytes as if it was installed, which is what most of the scripts do. But, as bob.omb said, it's stuck on a certain error that he's trying to figure out...

You're right, the installer is not the issue....
So, while you figure out the script, I'll just use the installer to solve the problem.
The nice thing about advice is you do not have to follow it..

James,

  Thank you for your workaround, without it we wouldn't be able to run Malwarebytes3 at all.. It is a good temp solution, if it could be made to silently run during boot better, but even better would be if we could get a plugin working and I'm sure you would agree.  We could use the installer for every program in PE....but we don't...because its annoying...

So I'd like to optimistically hope that someone who is also interested in getting this plugin working will contribute, I know James did look at this plugin and so have others and we have all thrown our hands up at it to this point... But I'm sure its possible...

** I did have one question,  how are you able to get around the B:\ issue with the installer without any changes?  The RamDrive (B:\) causes an issue for me unless I run the installer within the first 20seconds of boot or so

You're right, the installer is not the issue....
So, while you figure out the script, I'll just use the installer to solve the problem.
The nice thing about advice is you do not have to follow it..

I apologize if I misunderstood your previous post or if I came off as rude as that's definitely not what I intended. I was just making a statement of fact is all, but I know that we all appreciate any feedback and help you can give, regardless if it's for the script or installer or anything.  :)

Plugin is 99% complete 

x86 and x64 compatible

Malwarebytes 3 Plugin v7:  MB3-Consumer-3-v7.7z (294.23 kB - downloaded 51 times.)

The only problem is that the default scan gives 4 false positives for the basic build.  I need help with this if anyone has time.

(4 separate detections come from only 2 files total)
1) BroadcastEnvChange.exe
2.)BoradcastEnvChange.exe \Run Reg Key
3.) HideRun.exe
4.) HideRun.exe  (without a path)

*Also testing for updates

All located on the X:\  -- I have been trying unsuccessfully to add X:\ and Y:\ as permanent exceptions..    Once that can be accomplished or these 2 false positive files getting unflagged somehow the plugin will be perfect 

Hi Bob.Omb

I see hiderun.exe x86 more than 10 years now only 1 AV see as virus
https://www.virustotal.com/#/file/22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f/detection

hiderun.exe x64 still more than %50 do not see as virus
https://www.virustotal.com/#/file/85d2c8771aa90f2a92645a9bea70e1a86a0e439f0711dcbea75a056b747c3958/detection

slow progress for AV softwares.

and I see one of old hiderun x86 page closed a while ago (the one we use), I suspect because of AV reports....

**
Maybe we can ask Galapo recompile hiderun.exe x64 with more info on Version:
Current:
Version: 1.1.0.0
Description: hides console window of started program
Copyright: Compiled by Galapo

In addition:
Contact: http://theoven.org/index.php?topic=2040.0


**
Same recompile for BroadcastEnvChang adding Contact link

****
Hopefully, Add a contact to both will make them "none virus" for a while....



Edit:
Galapo, if possible do not use "Original File name" on compile. 

Ok, attached are the x64 re-compiles of the two programs. Hopefully this fixes the issue for a while.

Regards,
Galapo.

Hi Galapo

Ok, attached are the x64 re-compiles of the two programs. Hopefully this fixes the issue for a while.

thanks cobber 

You are the man Galapo I will let you know status after testing..   

It works perfect with the recompiled files 0 detections from within PE

Thanks for testing and reporting back. Good to hear!

Files uploaded to project servers, use Update (Exact and Secure) 

Thanks Galapo.

Can we have a broadcastenv topic around
http://theoven.org/index.php?board=18.0
which we can give reference too.

+
also update to broadcastenv x86 will be good too. just checked with virustotal

Attached is the re-compile of the x86 version.

Regards,
Galapo.

Attached is the re-compile of the x86 version.

Regards,
Galapo.

Thank you very much for carrying broadcast in x86. Waiting also for the x86 version of hiderun 

Great work.

Waiting also for the x86 version of hiderun 

Sure, here you go. I'd personally use the original version, which I simply cannot match in getting mine to compile as small. 

Regards,
Galapo.

In the scheme of things overall - a few KB- not a big matter..

Bob you have a lot of time invested to get this one...
But You never gave up...
Great Job...
 

Waiting also for the x86 version of hiderun 

Sure, here you go. I'd personally use the original version, which I simply cannot match in getting mine to compile as small. 

Regards,
Galapo.

For my part, weight is not a problem. Thank you so much for sharing it.