Reinstall / Repair Windows automatically without formatting the disk.

This project aims to export the user’s configuration from a Windows installation to another. Everything will be transferred, except for the installed programs. It's a kind of upgrading from a version of Windows to another, but with the difference that after taking the users configurations and the drivers from the old Windows installation,the first one is deleted. This is to prevent the virus being transferred, which might happen during the classic upgrade. I want to do something like this: You put on the USB stick the necessary script files. The script offers to re-install Windows 32 or 64 bit. Depending on the user's choice, it makes a backup of the drivers taking them from the old installation and it saves them inside a specific folder. Then it asks which version of Windows you re-install and it starts the unattended installation. The last part of the script transfers the user’s configurations from the old to the new installation. All combinations from 32 to 64-bit Windows are supported.

Marietto
You shoud use CODEBOX tags when posting longish snippets of code
since some browsers have problems with copying an pasting, it would be advisable to also add a .zip containing the actual scripts

Is this "Windows 7" ONLY, right?


Wonko

no,it supports Windows XP (x86 and x64) ,Windows Vista (x86 and x64) and Windows 7 (x86 and x64).

To run the second part of the script,you have to create the Windows PE 3.0 image file and you have to put inside it these files / folders :

in C:\Program Files\

2XClient
FireFoxPortable
FreeCommanderPortable
PeaZipPortable
PidginPortable
VIPRERESCUE

in c:\Windows\System32

shutdown.exe (because it seems that Windows PE 3.0 doesn't have it)

and you have to modify the file startnet.bat located on the C:\Windows\System32 folder of the Windows PE 3.0 image file,like this :

startnet.bat

[codebox]wpeinit fase2.bat[/codebox] This is the way I used some time ago to build the Windows PE 3.0 image file :

a) imagex /mountrw c:\winpe\winpe.wim 1 c:\winpe\mount

b) xcopy "c:\Program Files\Windows AIK\Tools\Servicing" c:\winpe\mount\Windows /s

c) xcopy "c:\Program Files\Windows AIK\Tools\x86" c:\winpe\mount\Windows /s /y

d) imagex /unmount c:\winpe\mount /commit

e) copy c:\winpe\winpe.wim c:\winpe\ISO\sources\boot.wim /y

f) oscdimg -n -bc:\winpe\etfsboot.com c:\winpe\ISO c:\winpe\winpe.iso

no,it supports Windows XP (x86 and x64) ,Windows Vista (x86 and x64) and Windows 7 (x86 and x64).

What I meant was that you need the Windows 7 WAIK to build the PE 3.x, I don't know if such a PE can be built from other OS.

I am not sure to fully understand the use of this and on which OS, could you detail a bit the "theory of operatrion"?


Wonko

I used Windows PE 3.0,but we can use something else (BartPE ?). The theory behind it is that,at least here where I live,in Italy,there are a lot of people who asks me to reinstall Windows because it is very infected and damaged and it's very hard do make it work correcly again without a reinstallation. The idea is to try to disinfect it using an Antivirus that works while Windows is offline and in the meanwhile,to offer the most important tools to allow them to continue using the computer. And when the user is ready,he can choose to reinstall a "fresh" copy of Windows by importing configuration and settings from the old installation. This way,for me, could be better than a common upgrade,because :

1) you can't make a direct upgrade from :

xp/32 xp/64
xp/32 vista/64
xp/32 7/32
xp/32 7/64
xp/64 7/64
vista/32 vista/64
vista/32 7/64
7/32 7/64

2) If you upgrade Windows to a newer version,it may inherit the problems of the old installation.
3) Users sometime want to use a new installed copy of Windows,instead to have a working copy of Windows fixed and/or disinfected by viruses.
4) Users sometime want to reinstall applications from the beginning.

To try it,make this folder structure in your C:\ drive:

C:\reinstallazione :

Boot_Files :

Boot_Windows.0 : boot.ini
Boot_Windows_XP : boot.ini

grldr ; grldr.mbr ; menu.lst ; NTDETECT.COM ; ntldr

boot.ini inside Boot_Windows.0 :

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP" /noexecute=optin /fastdetect
C:\grldr="Windows PE"

boot.ini inside Boot_Windows_XP :

[boot loader]
timeout=30
default= C:\grldr
[operating systems]
C:\grldr="Windows PE"
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /noexecute=optin /fastdetect /usepmtimer


devcon :

i386 : devcon.exe
x64 : devcon.exe (64 bit)

firadisk_driver_0.0.1.18 :

amd64 : firadi64.cat ; firadi64.sys ; firadisk.cat ; firadisk.inf ; firadisk.sys ; txtsetup.oem
x86 : firadi64.cat ; firadi64.sys ; firadisk.cat ; firadisk.inf ; firadisk.sys ; txtsetup.oem

USMT folder taken from Windows 7 WAIK

Tags :

empty

os_name.txt : an empty file
drive_name.txt : an empty file

fase0.bat
fase1.bat
fase2.bat (inject it inside the Windows PE 3.0 image file,inside \windows\system32 folder)
fase3.bat
fase4.bat

I found a way to load unsigned drivers in Windows XP. It is a proof of concept C Code which can turn the "Driver Signing" Setting on or off at will. I'm not experienced at all about C,so please someone can compile this code ? Thanks.

[codebox]#include <windows.h> #include <wincrypt.h> #include <stdio.h> #define HP_HASHVALUE HP_HASHVAL /* This program turns the Driver signing Policy On/Off for Windows XP */ * Written by Stefan &#96;Sec&#96; Zehl <sec@xxxxxx>, 15.11.2004 * * Thanks to sysinternals.com for regmon and apispy * to msdn.microsoft.com for windows reference * to cygwin for their environment */ void MyHandleError(char *s){ printf("Error: %s, number %x\n.",s,(unsigned int)GetLastError()); exit(1); } //-------------------------------------------------------------------- int main(void){ HCRYPTPROV hCryptProv; HCRYPTHASH hHash; BYTE data[16]; DWORD len; DWORD seed; HKEY hkey; BYTE onoff=0; // This is the On/Off toggle char input[4]; int x; // HKLM\System\WPA\PnP\seed if(RegOpenKeyEx( HKEY_LOCAL_MACHINE, "System\\WPA\\PnP", 0, KEY_READ, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegQueryValueEx( hkey, "seed", NULL, NULL, (BYTE*)&seed, &len )==ERROR_SUCCESS){ printf("RegQueryValue sucess\n"); }else{ printf("RegQueryValue failure\n"); }; if(hkey) RegCloseKey(hkey); printf("Seed=%x\n",(unsigned int)seed); printf("Hello, World\n"); if(CryptAcquireContext( &hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { printf("CryptAcquireContext complete. \n"); } else { MyHandleError("Acquisition of context failed."); } //-------------------------------------------------------------------- // Create a hash object. if(CryptCreateHash( hCryptProv, CALG_MD5, 0, 0, &hHash)) { printf("An empty hash object has been created. \n"); } else { MyHandleError("Error during CryptBeginHash!\n"); } //-------------------------------------------------------------------- // Compute the cryptographic hash on the data. input[0]=0; input[1]=onoff; // This is the Value! input[2]=0; input[3]=0; if(CryptHashData( hHash, input, sizeof(input), 0)) { printf("The data has been hashed. \n"); } else { MyHandleError("Error during CPHashData!\n"); } //-------------------------------------------------------------------- if(CryptHashData( hHash, (BYTE*)&seed, sizeof(seed), 0)) { printf("The data has been hashed. \n"); } else { MyHandleError("Error during CPHashData!\n"); } //-------------------------------------------------------------------- len=sizeof(data); if( CryptGetHashParam( hHash, HP_HASHVALUE, data, &len, 0)) { printf("The hash has been retrieved. \n"); } else { MyHandleError("Error during CPGetHashParam!\n"); } //-------------------------------------------------------------------- // Clean up. // Destroy the hash object. if(hHash) { if(!(CryptDestroyHash(hHash))) MyHandleError("Error during CryptDestroyHash"); } // Release the CSP. if(hCryptProv) { if(!(CryptReleaseContext(hCryptProv,0))) MyHandleError("Error during CryptReleaseContext"); } printf("Hash: "); for(x=0;x<sizeof(data);x++){ printf("%x ",data[x]); }; printf("\nCreate md5 hash completed without error. \n"); //-------------------------------------------------------------------- // HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\PrivateHash if(RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Setup", 0, KEY_WRITE, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegSetValueEx( hkey, "PrivateHash", 0, REG_BINARY, data, sizeof(data) )==ERROR_SUCCESS){ printf("RegSetValueEx sucess\n"); }else{ printf("RegSetValueEx failure\n"); }; if(hkey) RegCloseKey(hkey); //-------------------------------------------------------------------- // HKLM\Software\Microsoft\Driver Signing\Policy if(RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\Microsoft\\Driver Signing", 0, KEY_WRITE, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegSetValueEx( hkey, "Policy", 0, REG_BINARY, &onoff, 1 )==ERROR_SUCCESS){ printf("RegSetValueEx sucess\n"); }else{ printf("RegSetValueEx failure\n"); }; if(hkey) RegCloseKey(hkey); //-------------------------------------------------------------------- // HKLM\Software\Microsoft\Driver Signing\Policy if(RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Driver Signing", 0, KEY_WRITE, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegSetValueEx( hkey, "Policy", 0, REG_BINARY, &onoff,
1
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);

exit(0);
}[/codebox]

See my post here: http://www.boot-land...amp;#entry27510

Regards,
Galapo.

with Windows XP Home 32 bit and Windows Pro 64 bit worked very well. Anyway this is what happened when I tried to turn off the driver signing in Windows XP Home 32 bit :

Z:\C\q\Driver_Signing_Policy\DriverSigning>driversigning-off
RegOpenKey sucess
RegQueryValue sucess
Seed=5edf8d9b
Hello, World
CryptAcquireContext complete.
An empty hash object has been created.
The data has been hashed.
The data has been hashed.
The hash has been retrieved.
Hash: 4c 12 57 ae 74 7d dc 51 81 16 b8 17 31 6b b2 b1
Create md5 hash completed without error.
RegOpenKey sucess
RegSetValueEx sucess
RegOpenKey failure
RegSetValueEx failure
RegOpenKey sucess
RegSetValueEx sucess

Now I want to find a way to turn off the driver signing on Windows Vista / 7 using a softer way than this :

bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON

because every time I do it, Windows becomes unregistered. That's very bad.

hello marietto

your script seems fine for educational purpose

in a real life we consider every windows files as compromised included driver files

so its fully forbidden to use installed driver files in a fresh install

cheers

rog

in a real life we consider every windows files as compromised included driver files

Just out of curiosity , "WHO" are the "we"?

so its fully forbidden to use installed driver files in a fresh install

..and obviously forbidden by "WHOM"?


Wonko

This is an interesting thought and you're completely right.

How can we assure that the imported drivers are safe?

If no solution seems to be available at this moment, don't worry as I'm sure that we will find a way.

@wonko

hello man

you can consider "we" as data security worker

you may know the infector best dream is to survive their infection from a hd format

since now, the only way found is let an infector system on every data storage device found
something like autorun.inf
on some more advanced sheme, they use ads on NTFS fs to hide their files

anyway, taking old "compromissed" files to install drivers in a fresh install (probably before the AV install --lolz) is the best way found to get a malware survive after hd format

@nuno
sure you are sensible to infection sheme

cheers

rog

@rog :

this is the reason why I've spent a lot of time to find some antivirus able to run while Windows is offline,because I think that can be effective.

@nuno
sure you are sensible to infection sheme

I'm actually working on this matter as we speak.

@rog
Then, maybe it is more an "advice" or "suggestion", issued by one among the numerous "data security workers" , than an actual "prohibition" (which is issued by order or Law).
i.e.:
http://www.thefreedi...y.com/suggested
vs:
http://www.thefreedi...y.com/forbidden


@Marietto
In passing by, maybe you could give a name to your project, instead of:

set of batch scripts that will help you reinstall windows on a given machine and restore the settings and drivers from the older install.

which looks "strange" on the board listing of threads...


Wonko

I've updated / rewritten the script. Now it supports migration settings (not drivers settings) from :

windows 7 32 bit to windows 7 32 bit
windows 7 64 bit to windows 7 64 bit
windows vista 32 bit to windows 7 32 bit
windows vista 32 bit to windows vista 32 bit
windows vista 64 bit to windows 7 64 bit
windows vista 64 bit to windows vista 64 bit
windows xp 32 bit to windows 7 32 bit
windows xp 32 bit to windows vista 32 bit
windows xp 32 bit to windows xp 32 bit
windows xp 64 bit to windows 7 64 bit
windows xp 64 bit to windows vista 64 bit
windows xp 64 bit to windows xp 64 bit

the drivers migration is not supported yet. I'm working on this step,anyone can help.