Edited by boulcat, 18 September 2014 - 11:56 AM.
PEPassPass
#1
Posted 16 September 2014 - 06:05 PM
#2
Posted 16 September 2014 - 06:52 PM
Nice.
A couple questions:
- Is there any reason (checking for a PE or *whatever*) why if run on my "normal" full XP OS it doesn't see any drive?
- Since you did not release the source code (which is BTW well within your exclusive sphere of decisions) wouldn't it be a good idea to provide a "simple" external file, like a .ini (or similar) with .dll version and corresponding patches? (this way the tool might be upgradable by *anyone*)
Wonko
P.S. / Edit: The topic has been split from the main PassPass thread, where you can read about "how it all began", starting from here:
http://reboot.pro/topic/18588-passpass-bypass-the-password/page-11#entry187346
#3
Posted 16 September 2014 - 07:01 PM
A couple questions:
- Is there any reason (checking for a PE or *whatever*) why if run on my "normal" full XP OS it doesn't see any drive?
- Since you did not release the source code (which is BTW well within your exclusive sphere of decisions) wouldn't it be a good idea to provide a "simple" external file, like a .ini (or similar) with .dll version and corresponding patches? (this way the tool might be upgradable by *anyone*)
I already requested boulcat to release the source. Also, to start off a new thread/hosting it on his blog/ uploading to 'Downloads' section is a better idea to keep it manageable across versions.
#4
Posted 16 September 2014 - 07:22 PM
I already requested boulcat to release the source.
Which is good , as I didn't.
Wonko
#5
Posted 16 September 2014 - 08:11 PM
Nice.
- Is there any reason (checking for a PE or *whatever*) why if run on my "normal" full XP OS it doesn't see any drive?
$aDrives = DriveGetDrive("FIXED") For $i = 1 To UBound($aDrives) - 1 If DriveStatus($aDrives[$i]) = 'READY' Then If FileExists($aDrives[$i] & "\Windows\System32\msv1_0.dll") Then ; <=====
I already requested boulcat to release the source. Also, to start off a new thread/hosting it on his blog/ uploading to 'Downloads' section is a better idea to keep it manageable across versions.
#6
Posted 16 September 2014 - 08:45 PM
it should be better for XP, 2000 by testing 32 or 64 bit OS with winlogon.exe and not wininit.exe
PEPassPass_v1.0.1.7z (see first post for latest version)
#7
Posted 16 September 2014 - 10:08 PM
- devdevadev likes this
#8
Posted 17 September 2014 - 10:46 AM
Well, it doesn't really make much sense having it "self-patching", i.e. patching from the running system itself.
Care to explain when/how this could be useful?
Usually, when you need to access/patch a file which is in use (or locked, etc.) the best strategy is to NOT patch it, but rather patch the "underlying" disk backing, through direct disk access, *like*:
http://reboot.pro/to...s-now-possible/
but cannot say how this would result.
As a side note, Joakim already made a "spin-off" of PassPass, operating in memory:
http://reboot.pro/to...9-passpasslive/
but it is more a PoC than anything with an actual use
Wonko
#9
Posted 17 September 2014 - 10:58 AM
Well, it doesn't really make much sense having it "self-patching", i.e. patching from the running system itself.
Yes, I'm agree, it was just to explain that it doesn't work on running system. I will not go further.
I think to use it on WinPE for UEFI system, only and to use the original PassPass for Bios computer.
Does your OS(s) is now seen from your XP ?
#10
Posted 17 September 2014 - 11:01 AM
Does your OS(s) is now seen from your XP ?
Yep.
BTW (as a side note), this:
If FileExists($aDrives[$i] & "\Windows\System32\msv1_0.dll") Then
is not really-really the "right way" to find an installed Windows system.
Wonko
#11
Posted 17 September 2014 - 11:13 AM
#12
Posted 17 September 2014 - 11:48 AM
If FileExists($aDrives[$i] & "\Windows\System32\msv1_0.dll") Thenis not really-really the "right way" to find an installed Windows system.
#13
Posted 17 September 2014 - 12:01 PM
Well the "Windows" name is NOT hardcoded.
What the original PassPass does (not so casually ) is to find a folder named "System32" containing a msv1_0.dll in *any* folder in root of a drive (which is hardcoded).
As soon as you acknowledge this post, I will split the PassPassPE related posts to a new thread.
Wonko
#14
Posted 17 September 2014 - 12:46 PM
#15
Posted 17 September 2014 - 12:55 PM
Have you seen many users PC with Windows installed in a different folder ?
Well, I for one do not use "Windows".
The default (JFYI) became "Windows" only with XP, as Windows 2000 still used the the "previous" default of "WinNT".
If you want me to say that say 98.73% of recent Windows NT systems are installed to "Windows", it's OK , still your tool won't work with the remaining 1.27% .
Wonko
#16
Posted 17 September 2014 - 01:09 PM
Have you seen many users PC with Windows installed in a different folder ?
The idea is to make it as generic as possible. May be there are users who use same partition for multiple installation of Windows. Can you please adopt the approach as Wonko pointed out?
Well the "Windows" name is NOT hardcoded.
What the original PassPass does (not so casually ) is to find a folder named "System32" containing a msv1_0.dll in *any* folder in root of a drive (which is hardcoded).
#17
Posted 17 September 2014 - 01:31 PM
Thanks for splitting
Does anyone has a solution for the 1,17 % How ?
To keep the script hosted in only one place and have it next to Grub4Dos PassPass, I saw with Holmes.Sherlock to share it on his PassPass blog soon.
It is easier to manage across versions
Edited by boulcat, 17 September 2014 - 01:32 PM.
#18
Posted 17 September 2014 - 01:48 PM
A windows NT systems needs to have in a directory in ROOT of the volume, which can be named *whatever*, a subdirectory named "System32" (and nothing else) and inside it there is a file msv1_0.dll (which is our "intended target").
I can draw you a map :
\-
|- something
|- something else
|- *whatever*
|- *whatever*\-
|-System32
|-System32\-
|-msv1_0.dll
|-yet something else
Of course this gives way to possibly detect multiple instances (of which some may reveal being "false positives") of Windows NT installs.
Wonko
#19
Posted 17 September 2014 - 01:51 PM
I think following configuration may also be 0.1% of remaining 1.27% ?
C:\bootmgr
C:\boot\bcd (Boot entries for C:\Win8.1Pro_x86.vhdx, C:Win8.1Ent_x64.vhdx )
C:\BOOTNXT
C:\Win8.1Pro_x86.vhdx
C:\Win8.1Ent_x64.vhdx
C:\install.wim (x86-x64 AIO 'install.wim' )
Is it not ?
Will 'PEPassPass' also work for above configuration ? I have doubt....
Regards....
#20
Posted 17 September 2014 - 01:51 PM
Can I have access to the first post to change the presentation and the link to v1.0.3. The current link is dead.
Edit:
I can draw you a map :
To browse folders on each fixed and ready partitions and search for System32\msv1_0.dll, why not, but not right now,
Holmes can do it too, if he wishes and if he has a little free time, more than me.
Edited by boulcat, 17 September 2014 - 02:02 PM.
#21
Posted 17 September 2014 - 01:57 PM
Can I have access to the first post to change the presentation and the link to v1.0.3. The current link is dead.
For that I believe you need to ask Nuno, as you have not enough posts to have that privilege automatically (I seem to remember it is set to 50 posts).
The checking method was inspired by the way the good ol' recovery console connects to the installed systems (just for the record):
http://www.911cd.net...ndpost&p=141854
@devdevadev
No.
The 100% taken as base for faking the data is represented by "normal", "flat" installs.
Wonko
- devdevadev likes this
#22
Posted 17 September 2014 - 02:16 PM
faking ?
OK.......
But what if Normal or flat Windows Installation is WIMBooted by 'ZipMagic DoubleSpace' ?
Will 'PEPassPass' still patch msv1_0.dll ?
Regards
#23
Posted 17 September 2014 - 02:20 PM
@boulcat
Versions of PEPassPass are scattered everywhere in this thread. Whenever you release a new revision, please attach it to the original post. It'll be easier to keep track of.
#24
Posted 17 September 2014 - 02:30 PM
Versions of PEPassPass are scattered everywhere in this thread. Whenever you release a new revision, please attach it to the original post. It'll be easier to keep track of.
Yep, I'd like to do and remove the old links, if Nuno can grant me the rights on 1st post. I will ask him.
#25
Posted 17 September 2014 - 02:30 PM
But what if Normal or flat Windows Installation is WIMBooted by 'ZipMagic DoubleSpace' ?
Will 'PEPassPass' still patch msv1_0.dll ?
NO, as it is NOT "normal" and not even "flat" it is "wimbooted" (and the "by ZipMagic DoubleSpace" has very little to do with it, it is simply a tool that makes easier to create a wimboot setup).
It is CLEARLY outside the scope of PassPass AND of PEPassPass, like any number of different possible setups which are NOT "normal" and "flat".
@Holmes.Sherlock
boulcat has not (yet) the possibility to do that.
And version are NOT scattered everywhere, they are in the same, exact order (date/time) they were posted.
Additionally boulcat (wisely) gave a version number to them.
I understand how actually READing a thread is a lot of work, but people that should actually use something like this can usually spend a few minutes to do that and get latest version.
I know that this won' t happen for a large majority of morons inexperienced users, but life is tough for everyone.
I made a specific experiment on this, JFYI:
http://reboot.pro/to...alpha/?p=106991
http://reboot.pro/to...-alpha-release/
Wonko
2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users