Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - bob.omb

Pages: [1] 2
1
Run from CD = Run from Y:\ programs folder and does not load into WIM or RAM during boot (this is obvious)

Run from RAM = Add to WIM and load into RAM during boot

Run from Normal?? = What does this do? Why 3rd option?

P.S. I learned a lot about PE searching for this answer but not the answer to this

2
New updated version released Nov 20th 2017

This tool makes finding dependencies easy. Among other things =)

X64dbg:
https://x64dbg.com/#start

Additional Plugins:
https://github.com/x64dbg/x64dbg/wiki/Plugins

3
Is it possible to have driver storage location on Y: instead of inside WIM for Driver Integration plugin? Driver integration is very useful but not so much when WIM is used for location.  It gets big very fast.  Posting in here instead of plugin page because this is part of basic Win10PESE project.  Does this make sense or no? If needed I can try and add option myself but thought better to ask first in case there is already one in place I'm missing.

4
Win10PE SE HomePage / Moving "Programs" folder for CD programs
« on: November 19, 2017, 04:20:46 PM »
Is this easily possible, to add a subfolder for better compatibility with multi-boot usb drives? e.g. Instead of -  Programs\  - it would be -  aio\Programs

Also can PeCMDext.ini be moved into the same aio\


5
Plugins / EasyMBR2GPT - Batch GUI
« on: November 19, 2017, 03:34:44 PM »
EasyMBR2GPT is a plugin that adds MBR2GPT.EXE and a CMD GUI for Win10PESE v1703 or higher.


Lists all available disks
Includes appropriate warnings
Validates Disk
Converts Disk
Includes error checking and reporting during the verification process
Includes additional error checking and reporting during the conversion process
Logs are produced on the desktop


Plugin allows viewing and editing of CMD GUI source
Plugin allows shortcuts to be created


6
Plugins / Double Driver Plugin - Crashing
« on: November 18, 2017, 12:01:17 PM »
Double driver plugin is great.  Works perfectly when backing up to folders.  When backing up to self extracting executable DoubleDriver crashes.

My build is Win10PESE v1709

7
Research and questions / PC Innounp - Extract option
« on: November 11, 2017, 10:37:26 AM »
Is there an extract option currently in PC Innounp for provide files?  I see it in other plugins but cannot find the option.  This would be useful for plugin creation.  Right now I am using "Test" button then "Open Test Dir" - Before- plugin creation to view extracted files so I have to keep going between the plugin and PC innounp.  Current Malwarebytes plugin on servers has this option..

8
Research and questions / PENetwork.ini VS Autorun.cmd
« on: November 10, 2017, 05:51:26 PM »
Which of these runs last? I know everyone prefers PENetwork.ini but I actually prefer to use cmd vs ini (in my build it seems as if autorun.cmd's last line executes after PENetwork is loaded).    At first I was modifying "Original Display Drivers" plugin because it is the last to edit the autorun during build and appends at EOF.  Because exact and secure overwrites these files I have changed my "Additional Registry" plugin to "Additional Registry and Autorun" plugin. 

I guess my real question is, if it is Autorun.. Can we add a plugin for this to Final_Y\Additional XXXX either a section that's commented out by default to Addl Registry or its own plugin? Only the below 5 lines would need to be added to any plugin after the Drivers\ section of build.

Code: [Select]
If,ExistFile,%target_sys%\autorun.cmd,Begin
  TXTDelLine,%target_sys%\autorun.cmd,exit
  TXTAddLine,%Target_Sys%\autorun.cmd,"Whatever you want to add to EOF goes here inside these quotes",Append
  TXTAddLine,%target_sys%\autorun.cmd,exit,Append
End

9
So frustrating  :mad: ..... I ran the Malwarebytes 3.3 installer in my PE build, downloaded straight from the site, ---> it ran and installed perfectly <--- performed an update, ran a scan... Started building an Innounp plugin for everyone (Which is way easier than it previously used to be because Malwarebytes now only packages dllname,1.dll and dllname,2.dll - only 32bit and 64bit versions, no more 5/6 diff DLL's for each ver of windows.. Also only 1 .sys file into sys32\drivers instead of 3-4 drivers identified as well...) Went to bed thinking I was going to share it with all of you this morning... Tried to run the installer again to grab the reg keys and  :sad: :sad: :sad: It won't run and is throwing an error...NO CHANGE IN BUILD. The only thing I was playing with were dependencies for another application from inside the same build, tried retracing ->EXACT<- steps no luck. Driving me crazy for the past 24hrs.  Anyone able to get the installer to run to grab the reg keys from within a 10PESE build to generate the correct keys?

ila_rendered

The error is supposedly caused by a certificate error that normally can be fixed with certmgr.msc by deleting untrusted certificates.  Something similar is happening here I have no idea how it ran before  :huh: The applications I was using were password reset applications im not sure if that would reset the untrusted certificates or pave way for installation but I will keep testing in the meantime.

10
Win10PE SE HomePage / Heidoc Windows ISO Downloader in 10PESE
« on: November 05, 2017, 10:30:35 PM »
Anyone tried to get this working yet? It obviously doesn't run out of the box with 10PESE (Requires IE for downloading?) Has anyone gotten close?

11
Plugins / FileShredder Plugin
« on: October 31, 2017, 12:08:20 AM »
Fileshredder is freeware.  Able to make files irrecoverable on demand.

Plugin attached. (Maybe providefile better?)

Source:
http://www.fileshredder.org/

12
Development and code snippets / Problem Step Recorder
« on: October 29, 2017, 01:44:36 PM »
This is a very useful tool built into windows that can easily be used to create walkthroughs for anything(Especially how to use PE or Win10PESE Project).  I am making stupid mistakes somewhere trying to get this working.

I am adding variables:
Code: [Select]
%psrsrc32%=%InstallSRC%\Windows\System32
%psrsrcWow%=%InstallSRC%\Windows\SysWOW64
%psrtrg32%=%TargetDir%\Windows\System32
%psrtrgWow%=%TargetDir%\Windows\SysWOW64

And copying files:
Code: [Select]
FileCopy,%psrsrc32%\psr.exe,%psrtrg32%\
FileCopy,%psrsrcWow%\psr.exe,%psrtrgWow%\

And Dependancies:
Code: [Select]
Require_FileQ,uireng.dll
Require_FileQ,aepic.dll
Require_FileQ,msdrm.dll

Can anyone confirm this should work? I am having issues.

**EDIT

It was stupid.  I forgot to copy the psr.exe.mui from en-US\

13
Inside normal 10PESE build, I check the option in Copy Files Plugin to include WinRE and "Include files to refresh this PC", i boot build, i Open start menu and go to windows system, Select >System Recovery, Screen turns blue as if System Recovery is loading and then nothing happens.. Win10PESE1709 (Taskbar remains)

14
Plugins / Acrylic Wifi Home - Plugin Error on 1709
« on: October 23, 2017, 12:31:07 PM »
Plugin crashes on build 1709.  Seems like a nice utility.  I am looking into this but any help is appreciated.

15
Win10PE SE HomePage / Error copying UK keyboard into build
« on: October 23, 2017, 12:20:00 PM »
Keyboard is set to "Import from Host OS", English us is primary, and English uk is secondary - are active on host OS.  (I tried having more than this at once but this is simplest way to troubleshoot just the two at first) Build gives warnings that keyboard did not appear to be a standard keyboard and was ignored.  also tried English uk extended

Trying to use Keyboard Switcher Plugin (AppsGS\System Tools) to CTRL-TAB between keyboards, and cannot seem to get the keyboard layouts to import correctly.(Stays on US)  Is there a manual way to do this I think that would be better?  Must I have languages installed to have keyboard layouts be switchable?   Is this a 1709 issue?

16
THIS IS TO UNLOCK A MACHINE THAT WAS MALICOUSLY LOCKED WITH SYSKEY ONLY --- IT IS --> NOT <-- TO BE USED IF YOU USE SYSKEY ON PURPOSE AND FORGOT YOUR PASSWORD

This is so simple I really shouldn't be making this post -or- calling this a "Tool" BUT too many people do not know how to recover from syskey without 3rd party applications!  This process can only easily be done from bootable media, so this is actually the perfect place to provide a 1-click fix for general public.

This is really just a batch file.  It does the SUPER simple task of restoring the host machines registry to previous backup from the system32\config\RegBack folder.  Current 5 main registry hives get renamed to .OLD and the RegBack versions get copied into the system32\config\ folder.

This has proven useful countless times when scammers have used Syskey to lock unsuspecting users machines.

This is the first level of repair you should try for this type of attack.  If this doesn't work the scammer most likely was very clever and damaged\deleted your RegBack folder. 9 times out of 10 they do not.  If this is the case, you will need 3rd party tool like Passcape Reset Windows Password boot disc to make a more advanced attempt at recovery.

----> THE HOST MACHINE DRIVE LETTER MUST BE SET AS C: FOR THIS TO WORK <---- This is HARDCODED, If anyone wants to modify this using variables to make it universal or improve on it please do and post for all. (i.e. %systemdrive% type of variables etc etc) I originally compiled this into an EXE but it won't run correctly in the PE environment (probably choice issue but doesn't matter batch works fine) so at this time it is being left as a CMD file to ensure proper function. This was made for my build and works so I am finished with my modifications for now.

There is NO error checking - Use at your own risk - Make sure you have an idea of what the tool is doing and how it works, and how it can be reversed, before using..

Source, CMD, and Plugin Below----

Source:
Code: [Select]
@ECHO OFF
MODE CON COLS=44 LINES=30
IF EXIST C:\Windows\System32\Config\RegBack\ ( GOTO START ) ELSE ( GOTO ABORT2 )
:START
CLS
TITLE Syskey Recovery Tool v1.0
ECHO --------------------------------------------
ECHO                 ! WARNING !
ECHO --------------------------------------------
ECHO.
ECHO This tool will make changes to the registry
ECHO located on the current C:\
ECHO.
ECHO IF YOU DO NOT NEED THIS TOOL AND YOU USE IT
ECHO IT COULD CAUSE YOUR SYSTEM TO CRASH. NEVER
ECHO USE THIS TOOL UNLESS YOUR SYSTEM WAS LOCKED
ECHO WITH SYSKEY BY SOMEONE OTHER THAN YOU. THE
ECHO CHANGES MADE BY THIS TOOL ARE EASILY
ECHO REVERSIBLE, BUT THE TOOL SHOULD STILL BE
ECHO USED WITH CAUTION..
ECHO.
ECHO DEFAULT, SAM, SECURITY, SOFTWARE, and SYSTEM
ECHO registry hives will be renamed to *.OLD
ECHO.
ECHO The registry state before Syskey lock will
ECHO then be restored.
ECHO.
ECHO Note: If there are any problems after using
ECHO this tool, simply delete the restored files,
ECHO and delete the *.OLD extension off of the
ECHO originals in C:\Windows\System32\Config
ECHO.
ECHO --------------------------------------------
ECHO.
CHOICE /M "Are you sure you want to continue?"
IF %ERRORLEVEL%==1 GOTO UNLOCKSYSKEY
IF %ERRORLEVEL%==2 GOTO ABORT
:ABORT
CLS
ECHO.
ECHO Operation cancelled. No Changes were made.
ECHO The tool will now exit.
ECHO.
ECHO.
PAUSE
EXIT
:ABORT2
CLS
ECHO.
ECHO HIVE backups are not present!! Either they
ECHO were removed or the system drive is not
ECHO mounted as C:\ with WinPE
ECHO
ECHO The tool cannot continue and will now close!
ECHO.
ECHO.
PAUSE
EXIT
:UNLOCKSYSKEY
CLS
ECHO.
C:
CD\Windows\system32\config
ECHO Moving Syskey Locked Registry...
REN DEFAULT DEFAULT.OLD
REN SAM SAM.OLD
REN SECURITY SECURITY.OLD
REN SOFTWARE SOFTWARE.OLD
REN SYSTEM SYSTEM.OLD
ECHO.
ECHO Restoring Previous Registry...
ECHO.
CD RegBack
COPY DEFAULT ..\DEFAULT
COPY SAM ..\SAM
COPY SECURITY ..\SECURITY
COPY SOFTWARE ..\SOFTWARE
COPY SYSTEM ..\SYSTEM
ECHO.
ECHO.
ECHO Syskey Recovery Complete! The program will
ECHO now exit.
ECHO.
PAUSE
EXIT


17
Plugins / Teamviewer 12 plugin
« on: October 21, 2017, 10:31:59 AM »
Updated plugin to version 12

https://mega.nz/#!oyxAkTRZ!YKt82CMaLuxJnvwRSZg33g0bQzkkWX00emATme6xpHM

New plugin:

Faster remote connections (now uses hardware acceleration to speed up connections)
More reliable and faster file transfers
A few other features not needed in PE but can also be used.  Check their site for more details.

18
Plugins / NTPW Edit 0.7 - New Version Available
« on: October 20, 2017, 02:45:47 PM »
I saw this in another thread here, can't find it now, I think it was ChrisR announcing 0.7 has been released.  Any chance we can get this updated on server when someone has time please?

19
Tried to update earlier when server was down for a few minutes (502 error) and exact and secure failed because the connection was down.  Now I am getting the attached error, tried manually navigating to file and it doesn't exist.  Is something wrong with my builder or the server?

Code: [Select]
WebGet -  [http://gena.cwcodes.net/Projects/Tools/Gena/x86/AU3381.exe] to directory: [%BaseDir%\Projects\Tools\Win10PESE\x86\AU3381.exe] HTTP/1.1 404 Not Found

ila_rendered
* log_20171015_194500_blupdate.7z (18.97 kB - downloaded 27 times.)
***EDIT

Luckily I have a backup and this issue was worked around, but it is localized to my builder that couldn't connect to the server. Is that easy fix or should I just delete that builder?

20
For those who wish to have Administrator account auto-login (without the command window), replace your SwitchToAdmin.ini with the attached file.

It is a combination of exact(current as of 1709 -10/15/17),  SwitchToAdmin.ini, and SwitchToAdminPrepare.ini, and it bypasses SwitchToAdmin.cmd

Shortcut, Text-on-Top, and username,options will still function as usual, but countdown options will no longer work because it will automitaclly log in!  :wink:  I would love for this to be an option (checkbox) for LogonAsAdmin plugin but until then we can use this.  :great:

Shown in codebox and attached as 7z:
Code: [Select]
////////////////////////////////////////
//   Switch to Administrator Auto  //
////////////////////////////////////////

LOGS %WinDir%\System32\SwitchToAdmin.log

CALL OSInit
CALL PreShell
CALL workgroup
CALL RenameAdmin
CALL Registry
CALL Services
// KillExplorer only for Shortcuts, explorer is not loaded with Auto-Logon
//CALL KillExplorer
CALL OpenSystemMenucmd
CALL Disconnect

////////////////////////////////////////////////////////////////////////////////////////////////
_SUB OSInit

LOGO %WinDir%\web\wallpaper\Windows\img0.jpg
TEXT System configuration, Please Wait...#0xFFFFFF L59 T39 $20*
// TIPS  System configuration, Please Wait..,,1,#1

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB PreShell

// Mount media USB, ISO to drive Y: Hide Wait
EXEC !=%WinDir%\system32\MountPEmedia.exe

// Fix display screen problems and Show Desktop. Run it once before changing the screen resolution or load a graphic driver.
EXEC %SystemRoot%\system32\FixScreen.exe

//DEVI %WinDir%\inf\xxxxx.inf

// Install external drivers, load external program
LOAD Y:\PecmdExt.ini
INIT IU,3000

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB workgroup

// Join a workgroup WORKGROUP, use startnet.exe from PENetwork, to get some network support.
// We must first join the working group, otherwise Administrator can not log in
TIPS  Switch to administrator, set up workgroup......,,1,#1
EXEC != startnet.exe -wg WORKGROUP

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB RenameAdmin

// EXEC  = Wait, @background, ! Hide. ex: EXEC =WaitNoHide.cmd, EXEC @!=WaitHide.cmd, EXEC NoWaitNoHide.cmd, EXEC @!NoWaitHide.cmd
// Rename localized Administrator account to Admin
EXEC != secedit.exe /configure /db %WinDir%\security\database\unattend.sdb /cfg %WinDir%\security\templates\unattend.inf /log %WinDir%\security\logs\unattend.log

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB Registry

// Disable sihost.exe to speed up the logon. Already done at build time
//REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\EnableSIHostIntegration=#0

// Administrator user logs automatically
TIPS  Switch to an administrator, set up automatic login......,,1,#1
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon=#1
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName=Administrator
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword=""
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName=WORKGROUP

// GUEST do not need to use the login screen
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\Guest=#0

// Launch Pecmd SwitchToAdminLogon.ini after logon as As Admin
REGI HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Init=PECMD.EXE Main %WinDir%\System32\SwitchToAdminLogon.ini

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB Services

TIPS  Start the service to switch to administrator, ......,,1,#1
EXEC !=sc start gpsvc
EXEC !=sc start ProfSvc
EXEC !=sc start seclogon
EXEC !=sc start ShellHWDetection

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB KillExplorer

//TIPS  Switch to Administrator, disconnect current user......,,1,#1

// Existing current users and automatically switch to Administrator with log enabled, it will automatically execute Pecmd admin.ini
// Kill explorer is not necessary for Auto-Logon but required for Switch to Admin shortcuts
KILL Explorer
KILL *Explorer

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB OpenSystemMenucmd

// Auto-Login
EXEC !=PECMD.EXE Main %WinDir%\System32\SwitchToAdminLogon.ini

_END
////////////////////////////////////////////////////////////////////////////////////////////////
_SUB Disconnect

EXEC !%WinDir%\System32\tsdiscon.exe

_END
////////////////////////////////////////////////////////////////////////////////////////////////


Pages: [1] 2
Powered by EzPortal