Jump to content











Photo
- - - - -

Host info - Offline System Info


  • Please log in to reply
32 replies to this topic

#1 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 30 July 2011 - 04:05 PM

Hi All

I am nearing completion of my First Win7PE build and I just wanted to know if there already exists a script/app that returns Host OS info like Windows Version, edition, build number, service pack numbers, ect.. in one application? I am currently working on an application that does this by using runscanner to extract the information from the Host registry. But it would save me some work if it already exists. I know some programs display some of the info but I would like one that shows it all.

Wayne

#2 sbaeder

sbaeder

    Gold Member

  • .script developer
  • 1335 posts
  • Location:usa - massachusettes
  •  
    United States

Posted 30 July 2011 - 04:52 PM

I like SIW - http://www.gtopala.com/ The one I use was written by Skybeam - see this post and while the download link is hard to find, it is at the bottom of the first post in small text...

You can link his scripts into the Win7PESE project - and there are a LOT of them to choose from!...

Great set of scripts!

#3 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 30 July 2011 - 10:32 PM

Thank you sbaeder, I am having trouble getting the script to work in my build. When I execute SIW I get err26. I did go to their web page and downloaded the standalone version but when I run it from my build on a windows xp machine it still shows the OS information from the windows 7 PE OS. What I'm looking for is something that will show the Host machines OS information. Am I just doing something wrong?

#4 sbaeder

sbaeder

    Gold Member

  • .script developer
  • 1335 posts
  • Location:usa - massachusettes
  •  
    United States

Posted 30 July 2011 - 11:46 PM

Thank you sbaeder, I am having trouble getting the script to work in my build. When I execute SIW I get err26. I did go to their web page and downloaded the standalone version but when I run it from my build on a windows xp machine it still shows the OS information from the windows 7 PE OS. What I'm looking for is something that will show the Host machines OS information. Am I just doing something wrong?

You mean you want to get the information from the machines OTHER OS off of hard disk, and not the currently running OS (which is the PE)...Which may or may not even be the real OS if they have multiple disks/partitions, etc.

AFAIK - I haven't seen anything like this...Maybe someone else has...possibly the "forensic" analysis folks...(or here is an opportunity for you to write/contribute)...

Scott

#5 sbaeder

sbaeder

    Gold Member

  • .script developer
  • 1335 posts
  • Location:usa - massachusettes
  •  
    United States

Posted 30 July 2011 - 11:51 PM

Thank you sbaeder, I am having trouble getting the script to work in my build. When I execute SIW I get err26.

Yes, the script should be updated to use the SA version! Pretty simple to do - I'll fix and post update

#6 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 31 July 2011 - 01:18 PM

Thanks All. It would be cool if SIW were able to get this information(OS info from the operating system on the hard drive). I am writing a program that retrieves allot of the info from the registry hives on the hard drive via runscanner and also taps the kernel32.dll for additional info. The only thing that's coming up blank is the edition type for XP IE pro or home. for vista and 7 it displays correctly. Edition information is critical if you have a machine that needs an over the top reinstall because we all know some of the MS stickers do not match whats installed lol.

#7 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13752 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 31 July 2011 - 03:55 PM

Look here:
http://reboot.pro/14504/

The mentioned SIW and SIV:
http://rh-software.com/
are mostly hardware related, the nirsoft tools are more generally software related.
You could combine the approach by DarkPhoenix using only the ones that you need and addin SIV (which if I recall correctly as a somewhat "better" command line control :happy_dance:)

:smiling9:
Wonko

#8 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 31 July 2011 - 04:22 PM

I hope this helps

In BB 7PE there is a SIW 2010 script avalable......

#9 Michael*

Michael*

    Frequent Member

  • Advanced user
  • 210 posts
  •  
    United States

Posted 31 July 2011 - 06:43 PM

That may be so, but their download link http://archiv.to/GET/FILE4C46806645CCE came up with a naked girl :happy_dance:
If you could find a working link, pls ....

I hope this helps

In BB 7PE there is a SIW 2010 script avalable......



#10 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 31 July 2011 - 07:20 PM

Latest SIV (4.22) script is here:
http://al-jo.zxq.net/SIV32X.7z
:happy_dance:

#11 Michael*

Michael*

    Frequent Member

  • Advanced user
  • 210 posts
  •  
    United States

Posted 31 July 2011 - 07:49 PM

Thanks for the update!

Latest SIV (4.22) script is here:
http://al-jo.zxq.net/SIV32X.7z
:happy_dance:



#12 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 August 2011 - 01:26 AM

Thank you all
I have read the links you have posted and have working scripts for SIV and SIW but still question if any of these utilities can be used to gather (what I refer to as HOST system OS) operating system information from the system that is installed (not running) on the hard drive under a PE environment? By Information I refer to OS type: XP ect edition: Pro/home ect, Build number, service packs ect. I have run SIV and SIW with runscanner with mixed results. Some information is displayed that references the HOST system OS and some of the info shows the PE environment. None of the programs tried so far show the edition of the HOST system OS IE: home/pro/ultimate. In short I am not concerned with gathering hardware information or information from the PE environment. Only information from the system that is installed but not running from the c:\windows location. My reason for this is to correctly repair an operating system you should know what operating system you are attempting to repair. A small utility that would let you know this information as soon as you enter the PE environment would seem of great benefit. If something like this could be done then the next step would be to integrate it into a program like BGINFO to show the info as soon as the PE system starts.

Its very possible the links you have provided do this and I am incorrectly implementing it into my build. any help would be very appreciated.

The program I have been working on uses these registry keys to gather information and is able to retrieve the following info on the HOST system OS via runscanner.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentVersion Windows version number 5.1/6.1 ect..
ProductName Windows 7/Windows XP ect..
EditionID Ultimate/Home but only works with Vista and above
CurrentBuildNumber 7600/2600 ect..
CSDVersion Service Pack 3 ect..
SystemRoot c:\windows
RegisteredOwner name
RegisteredOrganization organization

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName
Computer Name

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
PROCESSOR_ARCHITECTURE AMD64 or x86 32 or 64 bit

Unfortunately there is not a key EditionID for anything below Vista.
Also I would like to get additional info like the product key/passwords/user accounts.
any further information or help would be greatly appreciated.
If a program of this nature does not exist I will attempt to finish mine. I founds some source code that allows for the decoding of the product key similar to produkey.

Thanks
Wayne

#13 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 August 2011 - 01:32 AM

Wonko the Sane thank you for pointing me to darkPhoenix's project. I will try some of his tools with runscanner to see if the desired result can be achieved.

Thanks
Wayne

#14 wimb

wimb

    Gold Member

  • Developer
  • 2281 posts
  •  
    Netherlands

Posted 01 August 2011 - 05:49 AM

Here is a review of a utility, Sysinternal's autoruns, that may or may not provide the information you are looking for. It scans an offline-system's registry, and is a very handy utility.

Autoruns and Dead Computer Forensics

To scan the offline registry, start the program from the PE, go to File -> "Analyze Offline System..."; in the dialogue, enter the system root of the offline system

Very handy indeed, thanks for info on Updated version of Autoruns.

@waynescheffler
NirSoft ProduKey allows to Select Source and gives keys of offline Windows, as you know.

:happy_dance:

#15 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 01 August 2011 - 08:02 AM

To scan the offline registry, start the program from the PE, go to File -> "Analyze Offline System..."; in the dialogue, enter the system root of the offline system (as seen from the perspective of the PE), which could be "c:\windows", but more likely "d:\windows" for Vista/Win7 (the first partition, "c:\", is usually something else hidden in Vista/Win7), and enter a User profile like "d:\users\john".

Regards

"Right clicking" on program icon and choosing ”Run with Runscanner” is another way.

Doing the above with “SIW” (System Information for Windows) will provide info about
keys, autostarts, OS, installed programs, drivers and a lot more.
Homepage:
http://www.gtopala.com/
Script for SIW (2011.7.7.0) is here:
http://al-jo.zxq.net/Siw7.7z

:happy_dance:

Attached Files

  • Attached File  run.jpg   41.1KB   11 downloads
  • Attached File  run2.jpg   35.34KB   15 downloads
  • Attached File  run3.jpg   77.54KB   14 downloads


#16 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 August 2011 - 12:20 PM

Thank you allanf
The correction to the topic Title is appreciated. I think I confused allot of people by using the word Host. My thought was the Host machine's operating system. as the machine is actually the host of all operating systems I can see where this can cause confusion. the Offline operating system is far more descriptive and accurate.

I agree 100% autoruns is a great program. I have used it for years on all of my rescue disks. but to the best of my knowledge it only provides information on startups and services. I currently have it set to run with runscanner and it works beautifully. Is there some way of using it to get system information like system type/edition/build that I am unaware of?

Wonko the sane
I was able to uncompress the tools in darkPhoenix's project and I looked at what program he was using in the bat file to get system information (systeminfo.exe) after many attempts last night I was able to get it to execute with runscanner but the results were the information from the PE system and not the offline system. My guess is systeminfo uses Windows Management Instrumentation (WMI)to get its system info which is not effected by runscanner.

#17 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 August 2011 - 12:57 PM

So far SIW Via runscanner has provided the best information on the offline system but it is very mixed. some of the information is from PE other is from the offline system. I still have not found anything that provides edition information. IE: home/professional/ultimate from the offline system. Posted ImagePosted Image

#18 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13752 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 01 August 2011 - 01:35 PM

Have you checked this:
http://www.nirsoft.n...key_viewer.html
with the appropriate switches?

Like:
/regfile [Software Registry File]

/ExtractEdition [0 | 1] 	Specifies whether to extact the Windows edition information.

If you expect that a single tool will be able to do everything you need, it is UNlikely. :whistling:

;)
Wonko

#19 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 01 August 2011 - 02:41 PM

Agree with Wonko this time: ”You can’t always get what you want” in one application.
But Produkey (without switches) and SIV32 does show editions…
:whistling:

Attached Files

  • Attached File  ed1.jpg   96.8KB   19 downloads
  • Attached File  ed3.jpg   62.38KB   17 downloads


#20 wimb

wimb

    Gold Member

  • Developer
  • 2281 posts
  •  
    Netherlands

Posted 01 August 2011 - 04:21 PM

Look here:
http://reboot.pro/14504/

The mentioned SIW and SIV:
http://rh-software.com/
are mostly hardware related, the nirsoft tools are more generally software related.
You could combine the approach by DarkPhoenix using only the ones that you need and addin SIV (which if I recall correctly as a somewhat "better" command line control :whistling:)

;)
Wonko

The approach of DarkPhoeniX is giving all but needs to be implemented for PE environment.
That should be possible quite well ....

:)

#21 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13752 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 01 August 2011 - 04:43 PM

The approach of DarkPhoeniX is giving all but needs to be implemented for PE environment.
That should be possible quite well ....

Sure it is possible.
All DarkPhoenix did was to write a small (and nice :whistling:) batch to call the needed apps.
It is a matter of deleting the unneeded ones and/or change the parameters given to the needed ones.
Like changing:
%SUBecho% -log "Dumping --- Product Keys"

"%comp%\ProduKey.exe" /shtml %Directory%/html/Product_Keys.html
intended for "online" use to the appropriate command for offline one (or - when applicable - use runscanner).

From what waynescheffler originally asked, there is not a need for *all* but just for *some* or *a few*.

;)
Wonko

#22 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 01 August 2011 - 06:49 PM

Found another interesting fresh diagnostic software:
http://www.freshdevices.com/
It shows installed OS editions and almost everything else
worth to knowing about an "offline" system!
Script (tested in win7pe) is here:
http://al-jo.99k.org/fdiag.7z

:whistling:

Attached Files

  • Attached File  os1.jpg   88.79KB   16 downloads
  • Attached File  os2.jpg   107.45KB   23 downloads

  • mmseng likes this

#23 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 August 2011 - 10:49 PM

Thanks All
Yep never really "expected" 1 program to have all the info but we can always wish lol :cheers: Hey al_jo the picture ed3.jpg has all the info I need. Is that info from the offline system in SIV? How do I get to that dialog?
I have SIV running with runscanner I will poke around in there more and see if I can find that.

I think I will still continue working on a solution/program to gather all the offline information that is obtainable and put it in one program. If I get it working I will post it here for you all to try if you are interested.

I will also try out freshdiagnose. Thanks al-jo

Thanks again everyone for the help.

#24 waynescheffler

waynescheffler

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 August 2011 - 11:02 PM

Hey Al-jo I figured out the picture ed3.jpg. properties on xp in produkey. Mine does not show the edition tho.. only Windows XP. and shows the wrong computer name. I probably just need to update my produkey.

Thanks
Wayne

#25 al_jo

al_jo

    Gold Member

  • Members
  • 1218 posts
  • Location:Tellus

Posted 01 August 2011 - 11:06 PM

Hey al_jo the picture ed3.jpg has all the info I need. Is that info from the offline system in SIV? How do I get to that dialog?
I have SIV running with runscanner I will poke around in there more and see if I can find that.

Hi.
The ed3.jpg is not from SIV, it's from produkey1.52
If you don't have the script for that tiny app, I can provide a link here later on...
:cheers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users