Jump to content











Photo
- - - - -

ProductPolicy viewer


  • Please log in to reply
31 replies to this topic

#1 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 18 July 2015 - 03:53 PM

Hi,

 

Following a discussion started here, I am releasing this Product Policy viewer.

It can read both an online and offline registry.

It will parse the following key : SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy.

 

What is good for?

Check enabled/disabled features on your windows (depending on which version you  have).

 

UH3CSP8.png

 

I am asking the modos over here if adding a write feature to this tool would be considered as encouraging illegal activities.

Note that I did not check yet is writing to an offline registry is actually an option.

 

Regards,

Erwan

 

 

 

 

Attached Files



#2 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 20 November 2015 - 08:24 PM

Not sure how useful this can be but...I added an "edit" feature.

Only offline (system) hives are supported for now, an only dword/string type (not binary).

 

Will probably add online hives support later as well as binary types.

 

In theory, with this tool, one should be able to change the policies (i.e features) of a windows operating system such as Native VHD Boot, etc ...

 

6YPckWq.png

Attached Files


  • vvurat and 红毛樱木 like this

#3 ljycslg

ljycslg

    Newbie

  • Members
  • 26 posts
  •  
    China

Posted 21 November 2015 - 02:01 AM

where to download productpolicy editor 0.3?


Edited by ljycslg, 21 November 2015 - 02:32 AM.


#4 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 21 November 2015 - 10:11 AM

where to download productpolicy editor 0.3?

 

stupid me... had forgotten to attach the file to the post.

job done !

 

Edit : uploaded a tool (here) to save the system registry hive to be able to perform tests with the edit feature of ProductPoplicy Editor.


  • sebus likes this

#5 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 22 November 2015 - 07:53 PM

Tested the following 

 

1-save system hive
2-edit one product policy against the system hive offline from previous step
3-replace online system hive with edited offline system hive in previous step
4-reboot
5-check edited producted policy in online hive
 
The product policy is changed after a reboot but it seems it reverts back to previous state after a few mns.
 
To be continued...


#6 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 22 November 2015 - 08:53 PM

stopping or disable the "software protection" service will prevent policies to revert back.

 

sc stop sppsvc or sc config sppsvc start= disabled.



#7 Marcus

Marcus
  • Members
  • 2 posts
  •  
    Ukraine

Posted 23 November 2015 - 09:32 AM

stopping or disable the "software protection" service will prevent policies to revert back.

 

sc stop sppsvc or sc config sppsvc start= disabled.

Hey Erwan!

Thanks for this tool! Great job!  :thumbsup: 

 

Do you happen to know whether there is a way to make "software protection" to recognize these changes?

Perhaps there is a storage of approved settings for validation of current settings?



#8 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 23 November 2015 - 10:01 AM

Hey Erwan!

Thanks for this tool! Great job!  :thumbsup: 

 

Do you happen to know whether there is a way to make "software protection" to recognize these changes?

Perhaps there is a storage of approved settings for validation of current settings?

 

Hi Marcus,

 

I am not sure this is possible.

I have read/seen about a tokens.dat behind the scene.

I have read you can regenerate it but I dont believe it is regenerared from registry but rather from a 3rd source file...

 

Note that we are on the edge here : one is not supposed to permanently change these settings (since under license).

This is purely for R&D purpose and changing these settings temporarily may lead to interesting scenarios already.

Remember that the actual discussion (around native vhd boot) started here.

 

Regards,

Erwan



#9 Marcus

Marcus
  • Members
  • 2 posts
  •  
    Ukraine

Posted 23 November 2015 - 03:27 PM

Got it!  :fine:

Thanks!



#10 sebus

sebus

    Frequent Member

  • Advanced user
  • 305 posts

Posted 29 December 2015 - 09:59 AM

Isn't this very similar to this



#11 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 29 December 2015 - 11:19 AM

Isn't this very similar to this

 

Yes you are right, it is similar !

Thanks for the pointer.

 

Did not check the full thread yet : not sure it works offline.

 

And the objective is probably different ...



#12 agni

agni

    Frequent Member

  • Tutorial Writer
  • 254 posts
  • Location:Bengaluru (Bangalore)
  •  
    India

Posted 02 January 2017 - 04:16 PM

Thanks for the excellent tool. What prevents your tool from editing an online registry hive ?

The sppsvc service runs as NT AUTHORITY\NETWORK SERVICE, I am thinking if we run your tool as NT AUTHORITY\NETWORK SERVICE, it should be able to modify the online registry hive?



#13 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 02 January 2017 - 05:26 PM

Thanks for the excellent tool. What prevents your tool from editing an online registry hive ?

The sppsvc service runs as NT AUTHORITY\NETWORK SERVICE, I am thinking if we run your tool as NT AUTHORITY\NETWORK SERVICE, it should be able to modify the online registry hive?

 

It would be easy enough I believe (i vaguely remember that I had already initiated that piece of code).

If the code is run as admin, I am not even sure I need to run under another security context.



#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13435 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 02 January 2017 - 05:41 PM

But what would be the use?

A GUI tool can be very useful when doing experiments, and in this case to "decode" the key, but if you want to change some values/keys and you already know which ones and how to change them, why wouldn't Regedit or Reg.exe do (or erwan's offline Registry thingy if the offline is needed)?

 

:duff:

Wonko



#15 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 02 January 2017 - 06:02 PM

The key to write/update is not straightforward and if I recall correctly you need to do some bit shifting and/or map to complex types (as opposed to simple string/word etc types).

Not friendly/easy via regedit.

 

Something that a few lines of codes would handle very easily.



#16 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 02 January 2017 - 06:10 PM

checked my code.

 

it goes as is (rather easy actually except that you need to deal with custom types).

 

It is a binary value.

 

First come a header (20 bytes) then a series of values (16 bytes+sizeof(name) each).

 

TProductPolicyHeader = packed record
    cbSize: DWORD;
    cbDataSize: DWORD;
    cbEndMarker: DWORD;
    Unknown1: DWORD;
    Unknown2: DWORD;
  end;
 
  TProductPolicyValue = packed record
    cbSize: Word;
    cbName: Word;
    SlDatatype: Word;
    cbData: Word;
    Unknown1: DWORD;
    Unknown2: DWORD;
  end;
 
search for Kernel-NativeVHDBOOT, skip 2 bytes (word)=datatype, and there should be your value (2 bytes).


#17 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13435 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 02 January 2017 - 06:51 PM

I meant another thing (but I am probably too blunt or direct).

Take the whole key:

SYSTEM\CurrentControlSet\Control\ProductOptions\ProductPolicy

export it in a reg file (or save the output of reg.exe)

Now change the specific bit (or byte or whatever) Agni is interested in.

export again in a reg file. (or save the output of reg.exe)

Reset the value as it was before.

 

Can Regedit or Reg.exe change it again ?

 

It is either yes or no, if it is yes a GUI tool makes little sense (while - a command line one would be useful - but unneeded) if it is no, then definitely the GUI tool would be needed (and still a command line version would be more useful in practice).

 

:duff:

Wonko



#18 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 02 January 2017 - 07:05 PM

answer is yes you can.

 

this is how i was going to proceed as well : dump it, parses it, modify it, restore it.



#19 agni

agni

    Frequent Member

  • Tutorial Writer
  • 254 posts
  • Location:Bengaluru (Bangalore)
  •  
    India

Posted 03 January 2017 - 12:48 PM

I also noticed that after using your tool, the size of the system.bak is less than the original system file.

Does your tool do some kind of compression ?



#20 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 03 January 2017 - 01:30 PM

I also noticed that after using your tool, the size of the system.bak is less than the original system file.

Does your tool do some kind of compression ?

 

Hi Agni,

 

No compression but it uses a different library (still a microsoft one thus) so the size may vary.

It could be that it skips the "junk" like unused entries which you may find in a windows hive.

 

I dont think you have to be concerned by this.

 

Regards,

Erwan



#21 agni

agni

    Frequent Member

  • Tutorial Writer
  • 254 posts
  • Location:Bengaluru (Bangalore)
  •  
    India

Posted 04 January 2017 - 01:28 PM

Thanks erwan. I have successfully used your tool to boot a Win 32 bit from a 3900 MB VHD on a computer with 8GB of RAM.I was able to modify Kernel-WindowsMaxMemAllowedx86 and Kernel-MaxPhysicalPage to 16384 (from 4096 ) , which enabled the OS to see the remaining RAM that was not used by Grub4dos to load into RAM.
 
The other advantage of this could be that we no longer need to disable Software Protection service as this would be a RAMDISK and any changes reverted by sppsvc service to the product policy would not be persisted. ( I am yet to test and confirm this, but should work in theory).

 

More details here

http://reboot.pro/to...e-4#entry201388



#22 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 January 2017 - 02:28 PM

Thanks for this feedback.

 

There actually a lot of windows features which you can turn on : vhdboot, supported memory, concurrent terminal services, etc ... the list is rather long.

However, lets remember that this is "discussable" from a licence point of view.

To get all these extra features, one should normally upgrade to a higher/more expansive windows versions.

 

Good point about sppsvc and RAM disks !

 

Another trick (for non RAM disks) could be to use a logoff script to reapply what ever features you wish to play it.


  • Nuno Brito likes this

#23 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13435 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 January 2017 - 03:15 PM

However, lets remember that this is "discussable" from a licence point of view.

To get all these extra features, one should normally upgrade to a higher/more expansive windows versions.

Actually there is nothing to "discuss", it's pretty much binary On/Off or 0/1, if you (or the Law in the country you live) believe in the validity of the Eula, this is breaking it.

 

To be more "fine" and taking a "moral" view at the matter, there is a not-so-slight difference between this and (example) the XP 32 bit PAE patches:

1) in the case of more than 4 Gb on XP Microsoft made them available initially, then abruptly removed the possibility (without telling you) and told you that it was not possible.

2) in this case (or in the case of Windows 7 Starter edition 2 Gb limit) Microsoft is saying that the limitation is tied to the licensing model/version and that by acquiring a "better" license you can overcome this artificial limitation

 

:duff:

Wonko



#24 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10440 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 04 January 2017 - 04:20 PM

These are very good news. I always thought that the 4Gb limitation was hardware related.

 

:cheers:



#25 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13435 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 January 2017 - 04:38 PM

These are very good news. I always thought that the 4Gb limitation was hardware related.

 

:cheers:

Maybe you are confusing it with this other kind of issue:
http://reboot.pro/to...2bit-35gb-25gb/

 

:duff:

Wonko






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users