MakeIso will create an ISO from a source folder.
Supports multi-boot iso : x86 and EFI.
Support ISO9660, UDF, Joliet or any combination of these 3 filesystems.
Supports isolinux (checksum will be taken care of).
Tested successfully with Grub4Dos.
Mkiso is native (no external dependencies), standalone, built in on windows builtin imapi2.
MkIso is also part of CloneDisk.
Questions, feedback, requests welcome here.
Download here.
Regards,
Erwan
Updated version following up on this article : added netcat support
Download from here
RAW can be :
-A logical drive in the form of \\.\X:
-A physical drive in the form of \\.\physicaldriveX
-A volume in the form of \\?\Volume{e26e7b15-122a-11e7-82bf-806e6f6e6963}
-A volume shadow copy in the form of \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1
-A disk image file in the form of c:\temp\disk.img
DEVIO or NETCAT will be IP:PORT (ex: 127.0.0.1:9000)
NETCAT command line:
Use nc to backup incoming datas to a file (i.e RAW to NETCAT) -> nc.exe -v -n -l -p 9000 > c:\temp\disk.img
Use nc to restore datas from a file (i.e NETCAT to RAW) -> nc -l -v -p 9000 < c:\temp\disk.img
Download Netcat here.
DEVIO (RAW to DEVIO or DEVIO TO RAW) command line:
A logical drive -> devio 9000 \\.\X:
A physical drive -> devio 9000 \\.\PhysicalDriveX
A physical drive and a partition (starting a 1) -> devio 9000 \\.\PhysicalDriveX 1
A file (must exist and sized according to your needs) -> devio 9000 c:\temp\disk.img 0 0
Read only mode : devio -r 9000 \\physiscaldrive0 1
A native app is an app that will be launched as soon as the kernel initialization is completed.
It will be launched (in user mode) by the session manager (smss.exe) thru the registry key HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute(run at every boot) or HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\setupexecute(run once only).
A native app can only use NT API functions (ntdll.dll) and not the Windows API functions.
Possible usages :
nativereg createkey \Registry\Machine\SYSTEM\Setup key1
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test0 8 REG_RND_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test1 toto REG_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test2 112233AABBCC REG_BINARY
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test3 666 REG_DWORD
nativereg deletevalue \Registry\Machine\SYSTEM\Setup\key1 test1
nativereg deletekey \Registry\Machine\SYSTEM\Setup\key1
The tool is 32 bits (a 64 bits may come later).
It works on XP and up.
Discussion here.
Regards,
Erwan
Comprehensive guide for Tiny PXE Server here.
Million thanks to Misty on reboot.pro.
From an offline SAM hive (could be from winpe), run the below command, reboot and log in with a blank password.
CAREFULL : make a backup of your hive first !
OfflineReg-win32 "c:\windows\system32\config\SAM" sam\domains\account\users\000003e8 setvaluebyteat v 0 160
OfflineReg-win32 "c:\windows\system32\config\SAM" sam\domains\account\users\000003e8 setvaluebyteat v 0 172
See here for more details about setvaluebyteat details.
000003e8 is my custom local admin account.
000001f4 would be the default windows account.
0xA0 (160) and 0xAC (170) are the offset for the LM and NTLM hash lengths: setting this to 0 effectively set the password to blank.
Use the below command line to enum accounts in your SAM db.
OfflineReg-win32 "c:\windows\system32\config\SAM" SAM\Domains\Account\Users enumkeys
Comprehensive guide for OfflineReg here.
Many thanks to the Misty on reboot.pro
Lots of additions, changes, bug fixes, etc made to OfflineReg.
Discussion here.
Donwload here.
Command line
OfflineReg v1.0.3 by Erwan.L - https://erwan.labalec.fr/ - erwan2212@gmail.fr
Main Usage : OfflineReg hivepath keypath verb argument(s)
Example : OfflineReg "c:\temp\system" a_key_path getvalue a_value_name
Example : OfflineReg "c:\temp\system" a_key_path getvaluebyteat a_value_name offset
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_sz_value a_new_value
Example : OfflineReg "c:\temp\system" a_key_path setvalue " " a_new_value -> will set default key
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_dword_value a_dword_value 4
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_qword_value a_qword_value 11
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_binary_value 0a,0b,0c,0d,0e,0f 3
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_binary_value "0a 0b 0c 0d 0e 0f" 3
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_multi_sz_value "blah blah blah" 7
Example : OfflineReg "c:\temp\system" a_key_path setvalue a_reg_expand_sz_value "blah blah blah" 2
Example : OfflineReg "c:\temp\system" a_key_path setvaluebyteat a_reg_binary_value a_byte_value offset
Example : OfflineReg "c:\temp\system" a_key_path deletevalue a_value
Example : OfflineReg "c:\temp\system" a_key_path deletekey a_key
Example : OfflineReg "c:\temp\system" a_key_path deletekey
Example : OfflineReg "c:\temp\system" a_key_path deletekeys
Example : OfflineReg "c:\temp\system" a_key_path createkey a_key
Example : OfflineReg "c:\temp\system" a_key_path createkey
Example : OfflineReg "c:\temp\system" " " createkey a_key -> will create a key under root
Example : OfflineReg "c:\temp\system" a_key_path enumkeys
Example : OfflineReg "c:\temp\system" " " enumkeys -> will enum keys under root
Example : OfflineReg "c:\temp\system" a_key_path enumkeysR
Example : OfflineReg "c:\temp\system" a_key_path enumvalues
Example : OfflineReg "c:\temp\system" a_key_path enumvaluesall
Example : OfflineReg "c:\temp\system" a_key_path create
Example : OfflineReg "c:\temp\system" " " create
Example : OfflineReg "c:\temp\system" " " import commands.reg
Example : OfflineReg "c:\temp\system" " " run commands.txt
Sharing a iPXE script (using wimboot) I am using these days along with Tiny PXE Server to boot winpe over the network on multiple platform : pcbios i386, pcbios x86_64, efi i386, efi x86_64.
Tiny PXE Server is serving by default pcbios ipxe.pxe and also, depending on the client architecture, serving the matching ipxe efi version.
See below my config.ini and a custom wimboot.ipxe script.
Discuss it here.
[dhcp]
proxydhcp=1
httpd=1
bind=1
root=\files
filename=ipxe.pxe
altfilename=wimboot.ipxe
[arch]
00006=ipxe-i386.efi
00007=ipxe-x86_64.efi
00009=ipxe-x86_64.efi
#!ipxe
#more about wimboot tips and tricks : http://ipxe.org/wimboot
set boot-url http://${dhcp-server}
#note : we are not going to use cpuid/arch
cpuid --ext 29 && set arch x64 || set arch x86
echo ${arch}
echo ${platform}_${buildarch}
goto ${platform}_${buildarch} || goto unknown
:pcbios_x86_64
kernel ${boot-url}/wimboot
initrd ${boot-url}/BOOTMGR.EXE bootmgr.exe
initrd ${boot-url}/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x64/BOOT.WIM BOOT.WIM
boot
:pcbios_i386
kernel ${boot-url}/wimboot
initrd ${boot-url}/BOOTMGR.EXE bootmgr.exe
initrd ${boot-url}/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x86/BOOT.WIM BOOT.WIM
boot
:efi_x86_64
kernel ${boot-url}/wimboot
initrd ${boot-url}/bootx64.efi bootx64.efi
initrd ${boot-url}/EFI/MICROSOFT/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x64/BOOT.WIM BOOT.WIM
boot
:efi_i386
kernel ${boot-url}/wimboot.i386
initrd ${boot-url}/bootia32.efi bootia32.efi
initrd ${boot-url}/EFI/MICROSOFT/BOOT/BCD BCD
initrd ${boot-url}/BOOT/BOOT.SDI BOOT.SDI
initrd ${boot-url}/SOURCES/x86/BOOT.WIM BOOT.WIM
boot
:unknown
echo Unknown platform ${platform}_${buildarch}
If like me you have an old computer and dont want to install the Ubuntu update for Meltdown and Spectre ubuntu update :
check that nopti is there with cat /proc/cmdline
If you have an old computer like me, you may want to disable latest MS Windows update for Meltdown and Spectre.
To do so: