Host info - Offline System Info
#1
Posted 30 July 2011 - 04:05 PM
I am nearing completion of my First Win7PE build and I just wanted to know if there already exists a script/app that returns Host OS info like Windows Version, edition, build number, service pack numbers, ect.. in one application? I am currently working on an application that does this by using runscanner to extract the information from the Host registry. But it would save me some work if it already exists. I know some programs display some of the info but I would like one that shows it all.
Wayne
#2
Posted 30 July 2011 - 04:52 PM
You can link his scripts into the Win7PESE project - and there are a LOT of them to choose from!...
Great set of scripts!
#3
Posted 30 July 2011 - 10:32 PM
#4
Posted 30 July 2011 - 11:46 PM
You mean you want to get the information from the machines OTHER OS off of hard disk, and not the currently running OS (which is the PE)...Which may or may not even be the real OS if they have multiple disks/partitions, etc.Thank you sbaeder, I am having trouble getting the script to work in my build. When I execute SIW I get err26. I did go to their web page and downloaded the standalone version but when I run it from my build on a windows xp machine it still shows the OS information from the windows 7 PE OS. What I'm looking for is something that will show the Host machines OS information. Am I just doing something wrong?
AFAIK - I haven't seen anything like this...Maybe someone else has...possibly the "forensic" analysis folks...(or here is an opportunity for you to write/contribute)...
Scott
#5
Posted 30 July 2011 - 11:51 PM
Yes, the script should be updated to use the SA version! Pretty simple to do - I'll fix and post updateThank you sbaeder, I am having trouble getting the script to work in my build. When I execute SIW I get err26.
#6
Posted 31 July 2011 - 01:18 PM
#7
Posted 31 July 2011 - 03:55 PM
http://reboot.pro/14504/
The mentioned SIW and SIV:
http://rh-software.com/
are mostly hardware related, the nirsoft tools are more generally software related.
You could combine the approach by DarkPhoenix using only the ones that you need and addin SIV (which if I recall correctly as a somewhat "better" command line control )
Wonko
#8
Posted 31 July 2011 - 04:22 PM
In BB 7PE there is a SIW 2010 script avalable......
#9
Posted 31 July 2011 - 06:43 PM
If you could find a working link, pls ....
I hope this helps
In BB 7PE there is a SIW 2010 script avalable......
#11
Posted 31 July 2011 - 07:49 PM
#12
Posted 01 August 2011 - 01:26 AM
I have read the links you have posted and have working scripts for SIV and SIW but still question if any of these utilities can be used to gather (what I refer to as HOST system OS) operating system information from the system that is installed (not running) on the hard drive under a PE environment? By Information I refer to OS type: XP ect edition: Pro/home ect, Build number, service packs ect. I have run SIV and SIW with runscanner with mixed results. Some information is displayed that references the HOST system OS and some of the info shows the PE environment. None of the programs tried so far show the edition of the HOST system OS IE: home/pro/ultimate. In short I am not concerned with gathering hardware information or information from the PE environment. Only information from the system that is installed but not running from the c:\windows location. My reason for this is to correctly repair an operating system you should know what operating system you are attempting to repair. A small utility that would let you know this information as soon as you enter the PE environment would seem of great benefit. If something like this could be done then the next step would be to integrate it into a program like BGINFO to show the info as soon as the PE system starts.
Its very possible the links you have provided do this and I am incorrectly implementing it into my build. any help would be very appreciated.
The program I have been working on uses these registry keys to gather information and is able to retrieve the following info on the HOST system OS via runscanner.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentVersion Windows version number 5.1/6.1 ect..
ProductName Windows 7/Windows XP ect..
EditionID Ultimate/Home but only works with Vista and above
CurrentBuildNumber 7600/2600 ect..
CSDVersion Service Pack 3 ect..
SystemRoot c:\windows
RegisteredOwner name
RegisteredOrganization organization
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName
Computer Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
PROCESSOR_ARCHITECTURE AMD64 or x86 32 or 64 bit
Unfortunately there is not a key EditionID for anything below Vista.
Also I would like to get additional info like the product key/passwords/user accounts.
any further information or help would be greatly appreciated.
If a program of this nature does not exist I will attempt to finish mine. I founds some source code that allows for the decoding of the product key similar to produkey.
Thanks
Wayne
#13
Posted 01 August 2011 - 01:32 AM
Thanks
Wayne
#14
Posted 01 August 2011 - 05:49 AM
Very handy indeed, thanks for info on Updated version of Autoruns.Here is a review of a utility, Sysinternal's autoruns, that may or may not provide the information you are looking for. It scans an offline-system's registry, and is a very handy utility.
Autoruns and Dead Computer Forensics
To scan the offline registry, start the program from the PE, go to File -> "Analyze Offline System..."; in the dialogue, enter the system root of the offline system
@waynescheffler
NirSoft ProduKey allows to Select Source and gives keys of offline Windows, as you know.
#15
Posted 01 August 2011 - 08:02 AM
"Right clicking" on program icon and choosing ”Run with Runscanner” is another way.To scan the offline registry, start the program from the PE, go to File -> "Analyze Offline System..."; in the dialogue, enter the system root of the offline system (as seen from the perspective of the PE), which could be "c:\windows", but more likely "d:\windows" for Vista/Win7 (the first partition, "c:\", is usually something else hidden in Vista/Win7), and enter a User profile like "d:\users\john".
Regards
Doing the above with “SIW” (System Information for Windows) will provide info about
keys, autostarts, OS, installed programs, drivers and a lot more.
Homepage:
http://www.gtopala.com/
Script for SIW (2011.7.7.0) is here:
http://al-jo.zxq.net/Siw7.7z
Attached Files
#16
Posted 01 August 2011 - 12:20 PM
The correction to the topic Title is appreciated. I think I confused allot of people by using the word Host. My thought was the Host machine's operating system. as the machine is actually the host of all operating systems I can see where this can cause confusion. the Offline operating system is far more descriptive and accurate.
I agree 100% autoruns is a great program. I have used it for years on all of my rescue disks. but to the best of my knowledge it only provides information on startups and services. I currently have it set to run with runscanner and it works beautifully. Is there some way of using it to get system information like system type/edition/build that I am unaware of?
Wonko the sane
I was able to uncompress the tools in darkPhoenix's project and I looked at what program he was using in the bat file to get system information (systeminfo.exe) after many attempts last night I was able to get it to execute with runscanner but the results were the information from the PE system and not the offline system. My guess is systeminfo uses Windows Management Instrumentation (WMI)to get its system info which is not effected by runscanner.
#17
Posted 01 August 2011 - 12:57 PM
#18
Posted 01 August 2011 - 01:35 PM
http://www.nirsoft.n...key_viewer.html
with the appropriate switches?
Like:
/regfile [Software Registry File] /ExtractEdition [0 | 1] Specifies whether to extact the Windows edition information.
If you expect that a single tool will be able to do everything you need, it is UNlikely.
Wonko
#19
Posted 01 August 2011 - 02:41 PM
But Produkey (without switches) and SIV32 does show editions…
Attached Files
#20
Posted 01 August 2011 - 04:21 PM
The approach of DarkPhoeniX is giving all but needs to be implemented for PE environment.Look here:
http://reboot.pro/14504/
The mentioned SIW and SIV:
http://rh-software.com/
are mostly hardware related, the nirsoft tools are more generally software related.
You could combine the approach by DarkPhoenix using only the ones that you need and addin SIV (which if I recall correctly as a somewhat "better" command line control )
Wonko
That should be possible quite well ....
#21
Posted 01 August 2011 - 04:43 PM
Sure it is possible.The approach of DarkPhoeniX is giving all but needs to be implemented for PE environment.
That should be possible quite well ....
All DarkPhoenix did was to write a small (and nice ) batch to call the needed apps.
It is a matter of deleting the unneeded ones and/or change the parameters given to the needed ones.
Like changing:
%SUBecho% -log "Dumping --- Product Keys" "%comp%\ProduKey.exe" /shtml %Directory%/html/Product_Keys.htmlintended for "online" use to the appropriate command for offline one (or - when applicable - use runscanner).
From what waynescheffler originally asked, there is not a need for *all* but just for *some* or *a few*.
Wonko
#22
Posted 01 August 2011 - 06:49 PM
Found another interesting fresh diagnostic software:
http://www.freshdevices.com/
It shows installed OS editions and almost everything else
worth to knowing about an "offline" system!
Script (tested in win7pe) is here:
http://al-jo.99k.org/fdiag.7z
Attached Files
- mmseng likes this
#23
Posted 01 August 2011 - 10:49 PM
Yep never really "expected" 1 program to have all the info but we can always wish lol Hey al_jo the picture ed3.jpg has all the info I need. Is that info from the offline system in SIV? How do I get to that dialog?
I have SIV running with runscanner I will poke around in there more and see if I can find that.
I think I will still continue working on a solution/program to gather all the offline information that is obtainable and put it in one program. If I get it working I will post it here for you all to try if you are interested.
I will also try out freshdiagnose. Thanks al-jo
Thanks again everyone for the help.
#24
Posted 01 August 2011 - 11:02 PM
Thanks
Wayne
#25
Posted 01 August 2011 - 11:06 PM
Hi.Hey al_jo the picture ed3.jpg has all the info I need. Is that info from the offline system in SIV? How do I get to that dialog?
I have SIV running with runscanner I will poke around in there more and see if I can find that.
The ed3.jpg is not from SIV, it's from produkey1.52
If you don't have the script for that tiny app, I can provide a link here later on...
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users