Reinstall / Repair Windows automatically without formatting the disk.
#1
Posted 29 May 2010 - 05:11 PM
#2
Posted 29 May 2010 - 05:52 PM
You shoud use CODEBOX tags when posting longish snippets of code
since some browsers have problems with copying an pasting, it would be advisable to also add a .zip containing the actual scripts
Is this "Windows 7" ONLY, right?
Wonko
#3
Posted 29 May 2010 - 06:21 PM
#4
Posted 30 May 2010 - 06:20 AM
in C:\Program Files\
2XClient
FireFoxPortable
FreeCommanderPortable
PeaZipPortable
PidginPortable
VIPRERESCUE
in c:\Windows\System32
shutdown.exe (because it seems that Windows PE 3.0 doesn't have it)
and you have to modify the file startnet.bat located on the C:\Windows\System32 folder of the Windows PE 3.0 image file,like this :
startnet.bat
[codebox]wpeinit fase2.bat[/codebox] This is the way I used some time ago to build the Windows PE 3.0 image file :
a) imagex /mountrw c:\winpe\winpe.wim 1 c:\winpe\mount
b) xcopy "c:\Program Files\Windows AIK\Tools\Servicing" c:\winpe\mount\Windows /s
c) xcopy "c:\Program Files\Windows AIK\Tools\x86" c:\winpe\mount\Windows /s /y
d) imagex /unmount c:\winpe\mount /commit
e) copy c:\winpe\winpe.wim c:\winpe\ISO\sources\boot.wim /y
f) oscdimg -n -bc:\winpe\etfsboot.com c:\winpe\ISO c:\winpe\winpe.iso
#5
Posted 30 May 2010 - 08:22 AM
no,it supports Windows XP (x86 and x64) ,Windows Vista (x86 and x64) and Windows 7 (x86 and x64).
What I meant was that you need the Windows 7 WAIK to build the PE 3.x, I don't know if such a PE can be built from other OS.
I am not sure to fully understand the use of this and on which OS, could you detail a bit the "theory of operatrion"?
Wonko
#6
Posted 30 May 2010 - 08:54 AM
1) you can't make a direct upgrade from :
xp/32 xp/64
xp/32 vista/64
xp/32 7/32
xp/32 7/64
xp/64 7/64
vista/32 vista/64
vista/32 7/64
7/32 7/64
2) If you upgrade Windows to a newer version,it may inherit the problems of the old installation.
3) Users sometime want to use a new installed copy of Windows,instead to have a working copy of Windows fixed and/or disinfected by viruses.
4) Users sometime want to reinstall applications from the beginning.
#7
Posted 30 May 2010 - 10:47 AM
C:\reinstallazione :
Boot_Files :
Boot_Windows.0 : boot.ini
Boot_Windows_XP : boot.ini
grldr ; grldr.mbr ; menu.lst ; NTDETECT.COM ; ntldr
boot.ini inside Boot_Windows.0 :
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP" /noexecute=optin /fastdetect
C:\grldr="Windows PE"
boot.ini inside Boot_Windows_XP :
[boot loader]
timeout=30
default= C:\grldr
[operating systems]
C:\grldr="Windows PE"
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP" /noexecute=optin /fastdetect /usepmtimer
devcon :
i386 : devcon.exe
x64 : devcon.exe (64 bit)
firadisk_driver_0.0.1.18 :
amd64 : firadi64.cat ; firadi64.sys ; firadisk.cat ; firadisk.inf ; firadisk.sys ; txtsetup.oem
x86 : firadi64.cat ; firadi64.sys ; firadisk.cat ; firadisk.inf ; firadisk.sys ; txtsetup.oem
USMT folder taken from Windows 7 WAIK
Tags :
empty
os_name.txt : an empty file
drive_name.txt : an empty file
fase0.bat
fase1.bat
fase2.bat (inject it inside the Windows PE 3.0 image file,inside \windows\system32 folder)
fase3.bat
fase4.bat
#8
Posted 31 May 2010 - 07:23 AM
[codebox]#include <windows.h> #include <wincrypt.h> #include <stdio.h> #define HP_HASHVALUE HP_HASHVAL /* This program turns the Driver signing Policy On/Off for Windows XP */ * Written by Stefan `Sec` Zehl <sec@xxxxxx>, 15.11.2004 * * Thanks to sysinternals.com for regmon and apispy * to msdn.microsoft.com for windows reference * to cygwin for their environment */ void MyHandleError(char *s){ printf("Error: %s, number %x\n.",s,(unsigned int)GetLastError()); exit(1); } //-------------------------------------------------------------------- int main(void){ HCRYPTPROV hCryptProv; HCRYPTHASH hHash; BYTE data[16]; DWORD len; DWORD seed; HKEY hkey; BYTE onoff=0; // This is the On/Off toggle char input[4]; int x; // HKLM\System\WPA\PnP\seed if(RegOpenKeyEx( HKEY_LOCAL_MACHINE, "System\\WPA\\PnP", 0, KEY_READ, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegQueryValueEx( hkey, "seed", NULL, NULL, (BYTE*)&seed, &len )==ERROR_SUCCESS){ printf("RegQueryValue sucess\n"); }else{ printf("RegQueryValue failure\n"); }; if(hkey) RegCloseKey(hkey); printf("Seed=%x\n",(unsigned int)seed); printf("Hello, World\n"); if(CryptAcquireContext( &hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { printf("CryptAcquireContext complete. \n"); } else { MyHandleError("Acquisition of context failed."); } //-------------------------------------------------------------------- // Create a hash object. if(CryptCreateHash( hCryptProv, CALG_MD5, 0, 0, &hHash)) { printf("An empty hash object has been created. \n"); } else { MyHandleError("Error during CryptBeginHash!\n"); } //-------------------------------------------------------------------- // Compute the cryptographic hash on the data. input[0]=0; input[1]=onoff; // This is the Value! input[2]=0; input[3]=0; if(CryptHashData( hHash, input, sizeof(input), 0)) { printf("The data has been hashed. \n"); } else { MyHandleError("Error during CPHashData!\n"); } //-------------------------------------------------------------------- if(CryptHashData( hHash, (BYTE*)&seed, sizeof(seed), 0)) { printf("The data has been hashed. \n"); } else { MyHandleError("Error during CPHashData!\n"); } //-------------------------------------------------------------------- len=sizeof(data); if( CryptGetHashParam( hHash, HP_HASHVALUE, data, &len, 0)) { printf("The hash has been retrieved. \n"); } else { MyHandleError("Error during CPGetHashParam!\n"); } //-------------------------------------------------------------------- // Clean up. // Destroy the hash object. if(hHash) { if(!(CryptDestroyHash(hHash))) MyHandleError("Error during CryptDestroyHash"); } // Release the CSP. if(hCryptProv) { if(!(CryptReleaseContext(hCryptProv,0))) MyHandleError("Error during CryptReleaseContext"); } printf("Hash: "); for(x=0;x<sizeof(data);x++){ printf("%x ",data[x]); }; printf("\nCreate md5 hash completed without error. \n"); //-------------------------------------------------------------------- // HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\PrivateHash if(RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Setup", 0, KEY_WRITE, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegSetValueEx( hkey, "PrivateHash", 0, REG_BINARY, data, sizeof(data) )==ERROR_SUCCESS){ printf("RegSetValueEx sucess\n"); }else{ printf("RegSetValueEx failure\n"); }; if(hkey) RegCloseKey(hkey); //-------------------------------------------------------------------- // HKLM\Software\Microsoft\Driver Signing\Policy if(RegOpenKeyEx( HKEY_CURRENT_USER, "Software\\Microsoft\\Driver Signing", 0, KEY_WRITE, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegSetValueEx( hkey, "Policy", 0, REG_BINARY, &onoff, 1 )==ERROR_SUCCESS){ printf("RegSetValueEx sucess\n"); }else{ printf("RegSetValueEx failure\n"); }; if(hkey) RegCloseKey(hkey); //-------------------------------------------------------------------- // HKLM\Software\Microsoft\Driver Signing\Policy if(RegOpenKeyEx( HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Driver Signing", 0, KEY_WRITE, &hkey )==ERROR_SUCCESS){ printf("RegOpenKey sucess\n"); }else{ printf("RegOpenKey failure\n"); }; len=sizeof(seed); if(RegSetValueEx( hkey, "Policy", 0, REG_BINARY, &onoff,
1
)==ERROR_SUCCESS){
printf("RegSetValueEx sucess\n");
}else{
printf("RegSetValueEx failure\n");
};
if(hkey)
RegCloseKey(hkey);
exit(0);
}[/codebox]
#9
Posted 31 May 2010 - 08:04 AM
#10
Posted 31 May 2010 - 09:42 AM
Z:\C\q\Driver_Signing_Policy\DriverSigning>driversigning-off
RegOpenKey sucess
RegQueryValue sucess
Seed=5edf8d9b
Hello, World
CryptAcquireContext complete.
An empty hash object has been created.
The data has been hashed.
The data has been hashed.
The hash has been retrieved.
Hash: 4c 12 57 ae 74 7d dc 51 81 16 b8 17 31 6b b2 b1
Create md5 hash completed without error.
RegOpenKey sucess
RegSetValueEx sucess
RegOpenKey failure
RegSetValueEx failure
RegOpenKey sucess
RegSetValueEx sucess
Now I want to find a way to turn off the driver signing on Windows Vista / 7 using a softer way than this :
bcdedit -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON
because every time I do it, Windows becomes unregistered. That's very bad.
#11
Posted 31 May 2010 - 01:28 PM
your script seems fine for educational purpose
in a real life we consider every windows files as compromised included driver files
so its fully forbidden to use installed driver files in a fresh install
cheers
rog
#12
Posted 31 May 2010 - 02:19 PM
Just out of curiosity , "WHO" are the "we"?in a real life we consider every windows files as compromised included driver files
..and obviously forbidden by "WHOM"?so its fully forbidden to use installed driver files in a fresh install
Wonko
#13
Posted 31 May 2010 - 02:20 PM
How can we assure that the imported drivers are safe?
If no solution seems to be available at this moment, don't worry as I'm sure that we will find a way.
#14
Posted 01 June 2010 - 02:38 PM
hello man
you can consider "we" as data security worker
you may know the infector best dream is to survive their infection from a hd format
since now, the only way found is let an infector system on every data storage device found
something like autorun.inf
on some more advanced sheme, they use ads on NTFS fs to hide their files
anyway, taking old "compromissed" files to install drivers in a fresh install (probably before the AV install --lolz) is the best way found to get a malware survive after hd format
@nuno
sure you are sensible to infection sheme
cheers
rog
#15
Posted 01 June 2010 - 04:19 PM
this is the reason why I've spent a lot of time to find some antivirus able to run while Windows is offline,because I think that can be effective.
#16
Posted 01 June 2010 - 04:51 PM
@nuno
sure you are sensible to infection sheme
I'm actually working on this matter as we speak.
#17
Posted 01 June 2010 - 05:00 PM
Then, maybe it is more an "advice" or "suggestion", issued by one among the numerous "data security workers" , than an actual "prohibition" (which is issued by order or Law).
i.e.:
http://www.thefreedi...y.com/suggested
vs:
http://www.thefreedi...y.com/forbidden
@Marietto
In passing by, maybe you could give a name to your project, instead of:
which looks "strange" on the board listing of threads...set of batch scripts that will help you reinstall windows on a given machine and restore the settings and drivers from the older install.
Wonko
#18
Posted 29 June 2010 - 04:39 PM
windows 7 32 bit to windows 7 32 bit
windows 7 64 bit to windows 7 64 bit
windows vista 32 bit to windows 7 32 bit
windows vista 32 bit to windows vista 32 bit
windows vista 64 bit to windows 7 64 bit
windows vista 64 bit to windows vista 64 bit
windows xp 32 bit to windows 7 32 bit
windows xp 32 bit to windows vista 32 bit
windows xp 32 bit to windows xp 32 bit
windows xp 64 bit to windows 7 64 bit
windows xp 64 bit to windows vista 64 bit
windows xp 64 bit to windows xp 64 bit
the drivers migration is not supported yet. I'm working on this step,anyone can help.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users