Jump to content











Photo

Applications

applications portable script

  • Please log in to reply
43 replies to this topic

#1 llewis

llewis

    Newbie

  • Members
  • 19 posts
  • Location:Silent Hill
  • Interests:Lots of stuff.
  •  
    United States

Posted 12 September 2013 - 10:01 PM

Hello, I already posted this in the Hello World forum, but now I know that I should post in here! I'm super new to this building WinPE environments. I am currently trying to figure out how to build a WinFE kit for my job. I figured out how to put the wp.script in and I can get it to boot to an environment. So I'm pretty stoked that I figured that much out.
However, I cannot for the life of me figure out adding applications. I have tried YouTube video tutorials, internet tutorials I have even been ghosting this site for awhile before signing up today.

 

I have tried to create a script which was a disaster since I'm sort of guesstimating on what I am supposed to do, where I am  supposed to put it after I create a script or even if I am creating the script correctly. I have looked at the script "walkthrough" on this site that was very informative, but alas I still can't get it to work.

When I tried to do the P-Start apps when I booted the program nothing worked that was in there. For instance, I downloaded FTK Imager Lite 3.1.1 which in theory should run without installation. So I placed the folder in the PStart folder (C:\WinBuilder\Projects\Win7PESE\Apps\Portable\Pstart) and also followed a YouTube video (outube.com/watch?v=Dy27R34MDkE ) step by step but I still cannot get it to work. It pops up saying it can't run, sometimes it says it can't find some .dll file even though those files are in the folder I put in originally. (Does that make sense?) :(

 

The last thing I tried to place on there was a Move Mouse.exe for when the examiners need to walk away from the computer and the target computer has a password protected screen saver. I followed the directions and still received an error. The dreaded: the application was unable to start correctly  (0x0000135) that I seem to be getting a lot recently.

 

So, with everyone saying that it super quick and easy to make a WinFE kit, I feel like I am making it harder than it needs to be. Is there a tutorial that I am missing that will help explain how to make scripts that is updated? (There was a script video on YouTube but that didn't work for me either.) :fool:

 

If anyone can help me I would greatly appreciate it. Even though I will probably pop back on here and ask a million more questions until I can get this down!

Thank you for your time!



#2 RoyM

RoyM

    Frequent Member

  • .script developer
  • 420 posts
  • Interests:"Booting and Owning".
  •  
    United States

Posted 13 September 2013 - 02:12 AM

Well! Good Job at navigating yourself to this sub-forum.
Hello llewis and welcome to Reboot
 
Here is  FTK Imager v3.1.0.1514 script
to be used with Winbuilder Pre 2013
 
 
Also looks like something interesting might be happening here, so stay tuned.
 
 
If you could be more specific with your requirements and the software you are using, 
you would get much more assistance, 
maybe even post your script so the experts may take a look at it.
 
Regards RoyM


#3 llewis

llewis

    Newbie

  • Members
  • 19 posts
  • Location:Silent Hill
  • Interests:Lots of stuff.
  •  
    United States

Posted 13 September 2013 - 04:08 PM

Hi! Thank you for responding. I have tried to use the WinFE_Win7pe_SEx64x68 but when I start the build it fails. As little as I know about programming and scripts when I went to look at the URL defined here: %FTKImagerURL%=http://accessdata.co...eleases/imager/ - it states "The resource you are looking for has been moved or updated!"

 

Also, for a script I tried to write I'll put up the Move Mouse thing I did:

 

[main]
Title=Move Mouse
Description=Move Mouse Program
Selected=True
Level=5
Version=1

[variables]
%ProgramTitle%=Move Mouse
%ProgramEXE%=Move Mouse.exe
%ProgramFolder%=Move Mouse

[process]
Add_Shortcut
unpack

[EncodedFolders]
Folder

[EncodedFile-Folder-Move Mouse.exe]
lines=46
--encoded stuff on down--

I left the encoded out because it would have taken a lot of room but if you need it to see what I'm doing wrong please let me know!! Even after I figure out how to create a script successfully, where do I place the script after it's built? :confused1:



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 September 2013 - 08:44 AM

Good. (which means "bad", but this way you learn something new).
 
You have just been bitten by the futility of making things "automated" and "easy", hard-linking to internet addresses that are not under control of the developer and that (and normally will, thanks to the senseless approach of most site admins disappear/cahamge location/address).
The .script evidently expect to download a file (or open a web page) that simply does not exist anymore:
http://www.accessdat...eleases/imager/
The nice .script by RoyM was released in 2011:
http://reboot.pro/fi...creleasescript/
 
Now you have two choices:

  • passively wait hoping that RoyM (or someone else) will update the .script
  • actively find the actual current url (and file name) and modify the .script accordingly
In this particular case, unless I am mistaken, AccessData is asking to be given an e-mail address and personal data in order to allow the download.
So you will better download separately the tool and modify the .script removing the "download" part.
 
:cheers:
Wonko
  • llewis likes this

#5 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 14 September 2013 - 10:11 AM

There is a ready to use FTK Imager 3.1.3.2 script (all files inside the script) here:

http://winbuilder.bu...s/FTKImager.zip

Tested and working in win7pe, should work in win8pe & win7fe too…


  • llewis likes this

#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 September 2013 - 11:27 AM

There is a ready to use FTK Imager 3.1.3.2 script (all files inside the script) here:
http://winbuilder.bu...s/FTKImager.zip
Tested and working in win7pe, should work in win8pe & win7fe too…


Very likely (please read as "certainly") constituting "redistribution of non-redistributable files" of course :frusty:.

This is the third, strongly discouraged by me - personally - way, if you cannot have something because the Author won't give it to you without something in exchange (to me providing the Author with my personal data is much more costly that actually paying some money) you take it (and give it to all your friends).
The real solution in this cases is obviously to get a good FREE imaging software (there are many) and leave FTK imager alone, OR accept to comply with the Author's will/request.

:cheers:
Wonko

#7 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 14 September 2013 - 01:16 PM

Very likely (please read as "certainly") constituting "redistribution of non-redistributable files" of course


Wonko

 

Of course!

B) 



#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 September 2013 - 01:22 PM

Of course!

B) 

Yep, starting (hopefully :)) a career in digital forensics by "cheating" is not however and IMNSHO the best possible choice :whistling:.

 

 

:cheers:

Wonko



#9 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 14 September 2013 - 01:48 PM

Yep, starting (hopefully :)) a career in digital forensics by "cheating" is not however and IMNSHO the best possible choice :whistling:.

 

Wonko

 

I like "cheating". 

B)



#10 RoyM

RoyM

    Frequent Member

  • .script developer
  • 420 posts
  • Interests:"Booting and Owning".
  •  
    United States

Posted 14 September 2013 - 07:40 PM

So do as Mr Wonko suggested in post #4 above and then download the file manualy.
that is if you want to give up your e-mail address and/or register on the
site so that you may download the file.
 
No need to edit the script unless the download filename has changed,
if so, edit this line to reflect the new download filename.
  %DownloadEXE%="AccessData_FTK_Imager_3-1-0.exe"   
 
WinFE_Win7pe_SEx64x68.script allows alternate file location for the download.
after you have manualy downloaded the file, navigate to the file using 
Copy AccessData_FTK_Imager_3-1-0.exe from Here: button.
and the script will do the rest once the download file is located.
 
 
I will see about updating the script accordingly
and/or contacting the authors for support.
 
Regards RoyM

  • llewis likes this

#11 llewis

llewis

    Newbie

  • Members
  • 19 posts
  • Location:Silent Hill
  • Interests:Lots of stuff.
  •  
    United States

Posted 16 September 2013 - 09:41 PM

I just got FTK to work after all the suggestions... I'm so excited right now I can barely breath. Thank you guys so much for the help!

This will not be my last post because I'm still having a million other things I get confused about or screw up. But I have FTK and that was my biggest hurdle there for awhile. THANK YOU!

:cheerleader: :1st: :bounce8: :good: :clap:



#12 llewis

llewis

    Newbie

  • Members
  • 19 posts
  • Location:Silent Hill
  • Interests:Lots of stuff.
  •  
    United States

Posted 19 September 2013 - 03:18 PM

Alright, I'm back again to bug.

I am trying to get a couple of .exe files onto this WinFE. Yet, I feel like I am missing something with both script making and/or PStart. If I want to put just a Encase Forensic Imager in there, I can't get it to work.

I've done the PStart where you navigate to the folder, scan for .exe and other things of the sort and I still can't get it to work.

The two I'm having issues with is Encase Forensic Imager and Move Mouse.



#13 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 19 September 2013 - 04:20 PM

@llewis

Have you tried using a file manager to browse to the programs? This will make sure the executables are where they're supposed to be before you start worrying about menu entries (assuming that's what you are using Pstart for).

 

A file manager is essentially a program launcher. Once you have verified that the programs are running fine, then you can worry about adding them to Pstart. This approach also has the added advantage of not needing to put the programs in the actual wim file - saving memory and boot times. That's assuming the program is portable.

 

Regards,

 

Misty



#14 llewis

llewis

    Newbie

  • Members
  • 19 posts
  • Location:Silent Hill
  • Interests:Lots of stuff.
  •  
    United States

Posted 19 September 2013 - 07:41 PM

I still can't get it to work properly. If I could stay away from P-Start that would be good, but I will do what I need.

 

Making a script though, how do I successfully do that? I guess I'm not quiet grasping the concept like I think I should be.



#15 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 19 September 2013 - 09:06 PM

I'd personally avoid making a script until you get it working in WinPE - perhaps using a File Manager as suggested just to see if you can get whichever program you are working on actually started in WinPE. Once you are able to identify which program files are needed, any registry settings, and then any dependencies - then worry about a project script. There is no point automating something (at build via a project script) that isn't working anyway.
 
I hadn't read through the thread properly earlier when I posted. Now I've had the chance to read it I'm curious about why you need to add Move Mouse.exe to WinPE -

The last thing I tried to place on there was a Move Mouse.exe for when the examiners need to walk away from the computer and the target computer has a password protected screen saver. I followed the directions and still received an error. The dreaded: the application was unable to start correctly  (0x0000135) that I seem to be getting a lot recently.


When you are running WinPE the target system will be offline and any screen saver protection on it will therefore be irrelevant. I honestly haven't got a clue what Move Mouse.exe does. If it's something that needs to be installed to an offline system via WinPE then there are ways to do this - however the program itself still wouldn't need to run in WinPE. Hope this makes sense.

Regards,

Misty

#16 llewis

llewis

    Newbie

  • Members
  • 19 posts
  • Location:Silent Hill
  • Interests:Lots of stuff.
  •  
    United States

Posted 19 September 2013 - 09:53 PM

I am happy you pointed that out actually. It made me go back and think about it, I'm dumb, - I actually don't need it on the WinPE environment I was just getting overly jumpy apparently with all the programs I have listed that are wanted on there and something else... It can go with something completely different. :heh: Way to go me. :frusty:

 

Do you have a file manager you would personally suggest? Thank you for all your help by the way.


Edited by llewis, 19 September 2013 - 09:54 PM.


#17 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 19 September 2013 - 10:16 PM

Do you have a file manager you would personally suggest?

Depends on whether you are using a 32 or 64-bit WinPE. If it's a 32-bit system then I've been a big fan of a43 (see here - http://www.a43filemanager.com/) since being introduced to it in BartPE. The same author (Mr B. Miller) also has a 64-bit File Manager that he designed for personal use in WinPE environments. It's available from the same site - read the text for the link. His WinPE file managers can probably be used as a lightweight WinPE shell - the 64-bit one I'm currently testing prompts to check whether you are sure you want to end the session - something that would effectively shutdown WinPE if the program was running as a shell.

Regards,

Misty

P.s. When I first discovered WinPE (BartPE based) I tried to cram on every application I could get my hands on. With the benefit of hindsight I'm not sure 5 different pieces of CD burning software were really necessary! Never did burn a bloody disk in a PE anyway - but I (hopefully) could have done if I'd wanted or needed to :loleverybody:



#18 bshavers

bshavers

    Frequent Member

  • Developer
  • 140 posts
  •  
    United States

Posted 19 September 2013 - 11:27 PM

After building a heck of a lot of WinFEs, I've come to the point where it works better to have as little 'in' the ISO as possible for a few reasons. 

 

1)  The lighter the build, the faster it can be built

2)  The fewer apps on it, the less problems during the build or getting the apps to play nice with each other or even run at all

3)   The more apps on it, the more likely needing to rebuild the WinFE multiple times to update individual apps (like when FTK imager is updated on Tuesday and X-Ways updates on Friday, etc...), and...

4)   All you really need is write protection for a "P"E to be a "F"E.  At most, I only have an imaging program (FOSS) in the build.

 

For all the forensic apps, I use either a CD/DVD or flashdrive or external storage drive, depending if I have extra USB ports on the system.  I run everything from the non-WinFE device.  This makes it easier to update indvidiual programs without having to rebuild the WinFE, plus, I have tons of drivers on the storage device that I can install on the fly when needed, rather than stuff the WinFE full of drivers.

 

On the FTK Imager install requirement, Accessdata requires that you accept the EULA for an install.  Once installed on your computer, just copy the program folder to your storage device (since you already would have accepted the EULA). 

 

My storage device usually looks something like;

/forensic apps/encase

/forensic apps/ftkimager

/forensic apps/xways

/forensic apps/small tools

/apps/notetaking

/apps/screencapture

/apps/videocapture

/drivers

and anything else I may need at the time of use



#19 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 20 September 2013 - 08:31 AM

Alright, I'm back again to bug.

I am trying to get a couple of .exe files onto this WinFE. Yet, I feel like I am missing something with both script making and/or PStart. If I want to put just a Encase Forensic Imager in there, I can't get it to work.

I've done the PStart where you navigate to the folder, scan for .exe and other things of the sort and I still can't get it to work.

The two I'm having issues with is Encase Forensic Imager and Move Mouse.

 

There is a script for Encase here:

http://winbuilder.bu...s/encase.script



#20 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 September 2013 - 10:24 AM

Yep :),

that is the typical behaviour (no offence whatever intended :)) of someone going near a "custom" PE for the first times.

You try to recreate a "full" system, cramming in the PE each and every app you have ever used, it is a kind of inebriation.

 

A "smarter" way to build a PE is to have two voulmes in it, one containing the "core" and another one (usually an image mounted through a filedisk driver) containing the (portable) apps.

This has the same advantage of being smallish, fast at building and fast at booting while keeping the possibility of having a larger choice of tools.

 

Then, everyone has his/her own choices, as an example the only File Manager I ever use is 7-zip (which besides being the nice compression utility we all know, doubles as an almost orthodox (dual pane) file manager).

 

For the record, there is an implied futility :ph34r: in running a 64 bit WinPE (unless you prefer to have something that is larger, works on less machines, and runs less programs, unless you add to it the 32 bit subsystem, which will make it further grow in size):

http://reboot.pro/to...drive/?p=151030

 

So, besides being c00l and 733t, there is not much point in making one,  if not as an experiment.

 

:cheers:
Wonko



#21 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 20 September 2013 - 11:17 AM

@Wonko
 

For the record, there is an implied futility :ph34r: in running a 64 bit WinPE (unless you prefer to have something that is larger, works on less machines, and runs less programs, unless you add to it the 32 bit subsystem, which will make it further grow in size):
http://reboot.pro/to...drive/?p=151030
 
So, besides being c00l and 733t, there is not much point in making one, if not as an experiment.

 
 
I agree for the most part with this statement. However there are two scenarios when a 64-bit PE is very useful -
  • If the sources for compiling a 32-bit WinPE are not available
  • Installing 64-bit Windows Vista/7/8/8.1 (and probably 2008/2012) - via setup.exe
In terms of programs - my current philosophy is "less is more"
 
Regards,
 
Misty

#22 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 September 2013 - 11:39 AM

Yep :), but here we are talking of building a particular kind of WInPE, a WinFE.

 

You have the choice of basing it on a 32 bit system or on a 64 bit System.

 

If you don't have the sources for 32 bit, go and buy a license and media for them.

 

AFAICT, *any* machine, with *any* amount of RAM (I would say 512 Mb or more) can boot a 32 bit WinFE, only a small subset will be able to also boot a 64 bit WinFE, which even when booted, does NOT offer *any* advantage over the 32 bit version for the specific Forensic use, but only slower loading and less choice of apps working in the environment.

 

And NO, you don't want to install a Windows OS from setup.exe running inside a WinFE.

 

:cheers:

Wonko



#23 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 20 September 2013 - 12:23 PM

In terms of running a 32-bit WinPE you are preaching to the converted. I don't see any harm however in experimenting with 64-bit - it's pretty easy to have menu options in the BCD store for multiple WinPE/WinFE's.
 

And NO, you don't want to install a Windows OS from setup.exe running inside a WinFE.

Fair point. I'd momentarily forgotten this was the forensic forum. Oops! Blame sleep deprivation.
 
BTW, I might not want to - but I could. :P



#24 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 September 2013 - 01:18 PM

BTW, I might not want to - but I could. :P

Not on an offline target :w00t: (which is what the WinFE is designed to do) only after manually overriding the WinFE settings and actually mounting the target.
And installing through setup.exe is something that may be useful when a PC doesn't boot from DVD or USB (which usually prevents to load even a WinFE, I smell a CATCH22 here.

Oww, come on :):

Spoiler



:cheers:
Wonko



#25 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 20 September 2013 - 01:25 PM

And installing through setup.exe is something that may be useful when a PC doesn't boot from DVD or USB (which usually prevents to load even a WinFE, I smell a CATCH22 here.

 

Two WinPE's (x86 and x64) on a USB stick - numerous Windows Installation iso files (Windows Vista/7/8/8.1) - ImDisk to mount the one required - run setup.exe from mounted disk image - job done!

 

Also allows me to install Windows XP (using Winnt32.exe).

 

BTW, great picture.







Also tagged with one or more of these keywords: applications, portable, script

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users