refactor: no disabled GUI, uninstall refactoring

README.md

@@ -97,6 +97,7 @@ If you have a solid security monitoring that logs all process executions, you co
 - 1.2 BETA - Signature Updater
 - 1.3 BETA - In-Memory YARA Scanning of invoking parent process
 - 1.4 BETA - Full x86 support, moved static strings to YARA rules to avoid AV detections, Log of accepted executions, .NET Framework setup in installer
+- 1.4.2 BETA - Exit code fix (pass through of exit code returned by the intercepted program), intercept taskkill.exe
 
 ## Installation
 
@@ -225,7 +226,7 @@ Run `raccine.exe` and watch the parent process tree die (screenshot of v0.1)
 
 ## GUI
 
-Available with version 1. Can be disabled by an installer option or manually via Registry patches.
+Available and required since version 1.
 
 ![GUI](https://raw.githubusercontent.com/Neo23x0/Raccine/main/images/raccine-gui1.png)
 

install-raccine.bat

@@ -65,7 +65,7 @@ ECHO ...........................................................................
 :::
 for /f "delims=: tokens=*" %%A in ('findstr /b ::: "%~f0"') do @echo(%%A
 ECHO   A Simple Ransomware and Emotet Vaccine
-ECHO   Installer by Florian Roth, October 2020  
+ECHO   Installer by Florian Roth, March 2021  
 ECHO.                       
 ECHO ------------------------------------------------------------------------------
 ECHO   WARNING! Raccine could break your backup solution 
@@ -74,7 +74,7 @@ ECHO.
 ECHO   1 - Install Raccine for all possible methods
 ECHO   2 - Install Raccine for all possible methods (simulation mode, logging only)
 ECHO   3 - Install Raccine interception for less often used executables only (soft)
-ECHO   4 - Disable GUI elements (alert window, settings tray icon)
+ECHO.
 ECHO   5 - Disable automatic rule updates
 ECHo   6 - Run Windows Hardening Script
 ECHO   U - Uninstall Raccine
@@ -92,7 +92,6 @@ SET /P M=" Select an option and then press ENTER: "
 IF %M%==1 GOTO FULL
 IF %M%==2 GOTO FULL_SIMU
 IF %M%==3 GOTO SOFT
-IF %M%==4 GOTO DISABLEGUI
 IF %M%==5 GOTO DISABLEUPDATES
 IF %M%==6 GOTO HARDENING
 IF %M%==U GOTO UNINSTALL
@@ -103,6 +102,11 @@ GOTO MENU
 
 :: Installer actions
 
+:UNINSTALL
+CALL :UNINSTALL_TASKS
+TIMEOUT /t 30
+GOTO MENU
+
 :: Actions to run in all modes
 :INSTALL
 ECHO.
@@ -118,10 +122,6 @@ IF ERRORLEVEL 1 (
     ECHO Installing .NET Framework ...
     start /wait preqeq\NDP462-KB3151800-x86-x64-AllOS-ENU.exe /q /norestart
 )
-:: Cleanup existing elements
-TASKKILL /F /IM Raccine.exe
-TASKKILL /F /IM RaccineSettings.exe
-TASKKILL /F /IM RaccineRulesSync.exe
 :: Raccine GUI Elements
 ECHO Creating data directory "%ProgramFiles%\Raccine" ...
 MKDIR "%ProgramFiles%\Raccine"
@@ -168,6 +168,7 @@ GOTO MENU
 
 :: Full
 :FULL
+CALL :UNINSTALL_TASKS
 ECHO.
 :: Registry Patches
 ECHO Installing Registry patches ...
@@ -189,6 +190,7 @@ GOTO INSTALL
 
 :: Simulation Mode
 :FULL_SIMU
+CALL :UNINSTALL_TASKS
 ECHO.
 :: Registry Patches
 ECHO Installing Registry patches ...
@@ -209,7 +211,8 @@ REG.EXE ADD HKLM\Software\Raccine /v LogOnly /t REG_DWORD /d 1 /F
 GOTO INSTALL
 
 :: Soft
-:SOFT 
+:SOFT
+CALL :UNINSTALL_TASKS
 ECHO.
 :: Registry Patches
 ECHO Installing Registry patches ...
@@ -225,21 +228,6 @@ REGEDIT.EXE /S reg-patches\raccine-reg-patch-diskshadow.reg
 REG.EXE ADD HKLM\Software\Raccine /v LogOnly /t REG_DWORD /d 0 /F
 GOTO INSTALL
 
-:: Disable GUI Elements
-:DISABLEGUI 
-ECHO.
-ECHO Disabling the GUI elements ...
-ECHO.
-REG.EXE ADD HKLM\Software\Raccine /v ShowGui /t REG_DWORD /d 1 /F
-TASKKILL /F /IM RaccineSettings.exe
-REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F
-IF '%errorlevel%' NEQ '0' (
-    ECHO Something went wrong. Sorry.
-    GOTO MENU
-)
-TIMEOUT /t 30
-GOTO MENU
-
 :: Disable Updates
 :DISABLEUPDATES 
 ECHO.
@@ -267,7 +255,7 @@ TIMEOUT /t 30
 GOTO MENU
 
 :: Uninstall
-:UNINSTALL
+:UNINSTALL_TASKS
 ECHO.
 ECHO Uninstalling Registry patches ...
 REGEDIT.EXE /S reg-patches\raccine-reg-patch-uninstall.reg
@@ -292,8 +280,7 @@ REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray
 SCHTASKS /DELETE /TN "Raccine Rules Updater" /F
 :: in case of automation, directly got to EOF
 IF NOT "%SELECTED_OPTION%"=="" GOTO EOF
-TIMEOUT /t 30
-GOTO MENU
+EXIT /B
 
 :EOF
 EXIT /B %ERRORLEVEL%

source/Raccine/Version.h

@@ -1,16 +1,16 @@
 #ifndef VERSIONINFO_H
 #define VERSIONINFO_H
 
-#define VER_FILEVERSION             1,4,1,0
-#define VER_FILEVERSION_STR         "1.4.1.0 BETA\0"
+#define VER_FILEVERSION             1,4,2,0
+#define VER_FILEVERSION_STR         "1.4.2.0 BETA\0"
 
-#define VER_PRODUCTVERSION          1,4,1,0
-#define VER_PRODUCTVERSION_STR      "1.4.1.0\0"
+#define VER_PRODUCTVERSION          1,4,2,0
+#define VER_PRODUCTVERSION_STR      "1.4.2.0\0"
 
 #define VER_COMPANYNAME_STR         "Raccine"
 #define VER_FILEDESCRIPTION_STR     "A Simple Ransomware Vaccine - see https://github.com/Neo23x0/Raccine"
 #define VER_INTERNALNAME_STR        "Raccine"
-#define VER_LEGALCOPYRIGHT_STR      "Copyright 2020"
+#define VER_LEGALCOPYRIGHT_STR      "Copyright 2021"
 #define VER_LEGALTRADEMARKS1_STR    "All Rights Reserved"
 #define VER_LEGALTRADEMARKS2_STR    VER_LEGALTRADEMARKS1_STR
 #define VER_ORIGINALFILENAME_STR    "Raccine.exe"