Uncategorized – Page 3

Strarc : A console backup/archive tool

Juin 172018

Been playing with the excellent strarc from Olof.

The basics first:
-to backup a drive/folder to an archive: strarc.exe -cd:C:\ Z:\winxpsp3.sa
-to restore a drive/folder from an archive : strarc.exe -xd:C:\ Z:\winxpsp3.sa

Then, one can backup all files from one logical drive to another (on XP) in one go with this command : strarc.exe -crjd:c:\ | strarc.exe -xd:d:\.
Note the r parameter which will take care of loaded registry hives.
Ideally, rather than backuping a « hot » logical disk (i.e in used), you would use a Volume shadow copy as source (see a discussion here).

Dont forget that when you decide to backup files (i.e not a full physical disk), you need to take care of the MBR on the target disk (hint : grub4dos) and ensure that registry hives are included.

You can also perform such a backup over the network:
-On the « server / host A » side : nc -v -l -p 9000 -e « strarc -cd:x:\my_folder\ »
-On the « client / host B » side : nc 192.168.1.1 9000 > dump.sa (update the IP obviously with your « server » IP).

Host B will connect to host A (listening on port 9000) and dump all received data (from Host A) to dump.sa

Grub4Dos repository

Uncategorized No Responses »

Juin 152018

Because I always have to google when I look for it … here it is.

NativeReg

Uncategorized 2 Responses »

Fév 032018

A native app is an app that will be launched as soon as the kernel initialization is completed.

It will be launched (in user mode) by the session manager (smss.exe) thru the registry key HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute(run at every boot) or HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\setupexecute(run once only).

A native app can only use NT API functions (ntdll.dll) and not the Windows API functions.

Possible usages :
nativereg createkey \Registry\Machine\SYSTEM\Setup key1
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test0 8 REG_RND_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test1 toto REG_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test2 112233AABBCC REG_BINARY
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test3 666 REG_DWORD
nativereg deletevalue \Registry\Machine\SYSTEM\Setup\key1 test1
nativereg deletekey \Registry\Machine\SYSTEM\Setup\key1

The tool is 32 bits (a 64 bits may come later).
It works on XP and up.

Discussion here.

Regards,
Erwan

Meltdown and Spectre ubuntu update

Uncategorized No Responses »

Jan 082018

If like me you have an old computer and dont want to install the Ubuntu update for Meltdown and Spectre ubuntu update :

sudo vi /etc/default/grub
add nopti to GRUB_CMDLINE_LINUX_DEFAULT (there should be a list of parameters already like « nomdmonddf nomdmonisw nomdmonddf nomdmonisw »)
sudo update-grub
sudo reboot

check that nopti is there with cat /proc/cmdline

Microsoft update for Meltdown & Spectre (KB4056894)

Uncategorized No Responses »

Jan 082018

If you have an old computer like me, you may want to disable latest MS Windows update for Meltdown and Spectre.

To do so:

Download and install PSWindowsUpdate (Windows Update PowerShell Module)
Launch powershell (as local admin)
run Hide-WUUpdate -UpdateID KB4056894

RunAsSys

Uncategorized No Responses »

Mai 062017

Under some specific circumstances, it might be handy to run as system.
RunAsSys will launch a process as the local system account.
This require local admin rights.

Download it here.

VMDK to RAW converter

Uncategorized No Responses »

Déc 282016

Been a while since last article.

A quick one to post a tool I have been using lately to quickly convert VMDK to raw disks.
Indeed it is sometimes easier/quicker to install an operating system in a virtual environement but afterwards you may want to convert the vmware disk (vmdk) to a raw disk so that you can write it to another physical media (usb, hard drive, etc).

Thanks to libvmdk, a library written by Joachim Metz, it is easy to write a quick graphical frontend that will read a vmdk and write it back to a raw image.

VMDK2RAW can be downloaded here.

Erwan

Apply a diff patch under windows

Uncategorized No Responses »

Juil 212014

Can be handy under windows : TortoiseSVNDiff.

Ext2/3/4 Filesystem under Windows

Uncategorized No Responses »

Juil 142014

For years I have been using Ext2fsd to read (and possibly write) ext2 (or ext3 / ext4) filesystem.
I would usually mount the image with ImDisk.

Today I stumbled upon a nice little (and free) utility from diskinternals : Linux Reader.
The tool can mount the image or read an existing logical drive.

ImgMount goes command line

Uncategorized No Responses »

Mai 042014

A few months ago I wrote an article about Olof’s Arsenal driver.

Now is time for a command line version of ImgMount GUI named ImgMountCMD.
Exe is about 50 kb and can do as much as the GUI version.
Moreover, both the GUI and the command line version have been tested in WinPE and work fine including installing the driver.

Discuss/download it here.

The syntax for the command line is the following :

ImgMountCMD file add path ImgMountCMD file new path size(MB) ImgMountCMD file shm name ImgMountCMD file remove id ImgMountCMD vm add path ImgMountCMD vm new size(MB) ImgMountCMD vm remove id ImgMountCMD pm add path ImgMountCMD pm new size(MB) ImgMountCMD pm remove id ImgMountCMD list ImgMountCMD removall ImgMountCMD driver check ImgMountCMD driver install driver.inf ImgMountCMD driver remove

Older Entries Newer Entries