jeff.sadowski

Member
  • Content count

    74
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jeff.sadowski

  • Birthday 08/02/1974

Contact Methods

  • Website URL
    http://
  1. This doesn't come with a version you can slipstream. You need txtsetup.oem, WinVBlk.INF and, wvblk32.sys to be able to slipstream it with nlite. To be able to network boot you need it slip streamed.
  2. Correct it is an installer. Advantages of the method I discussed here are as follows: with my method you can use gpxelinux to do this from a network share with very few differences. If someone wants more instructions on this I'd be glad to give them. I originally used winvblock with bartpe to create a network bootable bartpe. I never could get the grub method working. Nor could I really figure grub out. I was going to mess with it. I think my iso I created might even work with that method without needing to try loading the floppy disk image. (Is that what you where saying?) I also corrected my other post I accidentally put -s as a syslinux option bad idea that took forever to load an image.
  3. Complete Steps to create a USB bootable XP intsaller Note: this method requires enough Ram to run the setup and store a CD image in RAM. Get a windows XP cd. Download nlite http://www.nliteos.com/download.html Howto get winvblock goto http://reboot.pro on the upper right it says register register for an account on reboot.pro after finishing registering make sure you can login then goto http://reboot.pro/8168/ it then says to go to his recent post it it will have a link to download winvblock if your not logged into reboot.pro it will ask you to, to download the driver. uncompress winvblock edit the txtsetup.oem remove all empty lines as per the rest of this thread. resave after deleting the empty lines. Run nlite install. It will ask for windows xp source use the XP cd that you have. It will ask where you want to put it select where you want the files on your computer. When you get to "Task Select" Select Drivers and bootable ISO When you get to the "Bootable ISO" screen select "Make ISO" Now you should have an ISO image that MEMDISK can use. Download a zip file for syslinux from here https://www.kernel.org/pub/linux/utils/boot/syslinux/ 5.01 worked on some systems however I had more luck with 4.06 on others Unzip syslinux to a directory. open a command prompt (as Admin on Windows Vista and above) and cd to that directory. then under win32 or win64 depending on if you have a 64 bit windows or 32 bit. Carefully use syslinux to make your USB drive bootable. Notes: You have to have a fat32 partition on your USB drive for syslinux to work. syslinux -i -m -a <drive letter of USB>: This will create put info at the beginning of the partition needed for syslinux. copy the iso for windows to the USB stick copy the memdisk (no file extension) file to the USB stick note: memdisk can be found in the memdisk directory from syslinux create a file named syslinux.cfg the contents of mine are as follows default xp_install timeout 100 label xp_install kernel memdisk initrd xp.iso APPEND iso
  4. Thank you so much I will give this a try and let you know how it works. Worked like a champ!!! The new Winvblock had a different TXTSETUP.OEM I deleted the blank lines and it worked fine. I now have a working USB XP installer. :-)
  5. Thank you so much I will give this a try and let you know how it works.
  6. I installed nlite version 1.4.9.1. Maybe I need to downgrade net 2.0 I have net 2.0 SP2 installed. I see that it recommends net 2.0 SP1 I haven't used nlite for such a long time maybe I am doing something wrong. The first time when it asked for the "Windows Installation" a gave it my virtual drive of my xp pro sp2. Next it asked to "Select where to save the CD installation files for modification." I picked c:\nlite (a newly created directory) I clicked next on the Presets options. Selected Drivers and Bootable ISO from the Task Selection then next. On the Drivers window I select Insert->single driver When I select Winvblk.inf it gives the following message: Unhandled exception has occured in you application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately. Length cannot be less than zero. Parameter name: length. Details See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text ************** System.ArgumentOutOfRangeException: Length cannot be less than zero. Parameter name: length at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy) at .#..ctor(String ) at ..(String ) at ..(String ) at ..01(Object , EventArgs ) at System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e) at System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e) at System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e) at System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e) at System.Windows.Forms.ToolStripItem.FireEventInteractive(EventArgs e, ToolStripItemEventType met) at System.Windows.Forms.ToolStripItem.FireEvent(EventArgs e, ToolStripItemEventType met) at System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea) at System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea) at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ScrollableControl.WndProc(Message& m) at System.Windows.Forms.ToolStrip.WndProc(Message& m) at System.Windows.Forms.ToolStripDropDown.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) ************** Loaded Assemblies ************** mscorlib Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5456 (Win7SP1GDR.050727-5400) CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll ---------------------------------------- nLite Assembly Version: 1.4.9.1 Win32 Version: 1.4.9.1 CodeBase: file:///C:/Program%20Files/nLite/nLite.exe ---------------------------------------- System Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5456 (Win7SP1GDR.050727-5400) CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll ---------------------------------------- nLite Assembly Version: 1.4.9.1 Win32 Version: 1.4.9.1 CodeBase: file:///C:/Program%20Files/nLite/nLite.exe ---------------------------------------- System.Windows.Forms Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5460 (Win7SP1GDR.050727-5400) CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll ---------------------------------------- System.Drawing Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5462 (Win7SP1GDR.050727-5400) CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll ---------------------------------------- nlgw Assembly Version: 1.1.0.0 Win32 Version: 1.4.9.1 CodeBase: file:///C:/Program%20Files/nLite/nLite.exe ---------------------------------------- MCDBNET2 Assembly Version: 1.32.0.0 Win32 Version: 1.32.0.1302 CodeBase: file:///C:/Program%20Files/nLite/MCDBNET2.DLL ---------------------------------------- msvcm80 Assembly Version: 8.0.50727.6195 Win32 Version: 8.00.50727.6195 CodeBase: file:///C:/Windows/WinSxS/x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a/msvcm80.dll ---------------------------------------- CabLib Assembly Version: 9.7.0.0 Win32 Version: 9.7 CodeBase: file:///C:/Program%20Files/nLite/CabLib.DLL ---------------------------------------- msvcm90 Assembly Version: 9.0.30729.1 Win32 Version: 9.00.30729.1 CodeBase: file:///C:/Program%20Files/nLite/msvcm90.DLL ---------------------------------------- ************** JIT Debugging ************** To enable just-in-time (JIT) debugging, the .config file for this application or computer (machine.config) must have the jitDebugging value set in the system.windows.forms section. The application must also be compiled with debugging enabled. For example: <configuration> <system.windows.forms jitDebugging="true" /> </configuration> When JIT debugging is enabled, any unhandled exception will be sent to the JIT debugger registered on the computer rather than be handled by this dialog box. I downloaded winvblock version WinVBlock_0.0.1.8.zip from http://reboot.pro/8168/ just yesterday
  7. At my house I have both ipv4 and ipv6 working. My ISP only provided ipv4. I used Hurricane Electric (a free service) to tunnel ipv6 through. I setup radvd to advertise my ipv6 rout-able address space and my windows and linux boxes all acquired ipv6 addresses and worked with no configuration other than my server. Hurricane Electric has great documentation on setting up tunnels from all operating systems. As for radvd there might be something similar in windows if you don't care to setup an linux router. Tricks I had to learn where setting my mtu on my tunnel interface to 1472 as my isp uses ethernet over atm. setting up ip6tables was a bit scary as well. But now I have both protocal stacks and can view ipv6 only sites. ipv6 also has some speedup capabilities noticeable with large files (have yet to use this). Also setting the firefox browser to allow ipv6 was also unexpected. Go to "about:config" search for ipv6 the option should be "disable ipv6 browsing" turn it off.
  8. I have been looking all over and can't seem to find any answers about this. I have vpn users that I would like to give permissions to add routes from their vpn but no matter what I have tried it fails to work without running the vpn as administrator. 1.) I am against running it as administrator all the time as this defeats the point of UAC. 2.) I don't want my vpn users to have to click allow when they start the vpn application each time(this is just dumb there must be a way to grant users certain permissions without granting them all permissions). 3.) turning off UAC is not acceptable as this was the whole point of vista and 7. 4.) I am also against having the routes be static. Didn't Microsoft leave some sort of way for vpn's to add routes as a normal user? What do I need to do? I added the vpn users to the "Network Configuration Operators" group but this seems to have no effect. I tried re-logging in and restarting but nothing it doesn't appear to have changed anything. What is this group for if not for allowing adding of routes? the vpn has 2 different options for adding routes there should be some way to allow a user in a group to access at least one of these methods. with "C:\WINDOWS\system32\route.exe ADD 192.168.29.0 MASK 255.255.255.0 192.168.16.1" I get "The requested operation requires elevation." (I don't want to run as admin is there some way of allowing a group the user is assigned to, to add routes) With the system call CreateIpForwardEntry in the IPAPI I get "Access is denied. [status=5 if_index=26]" Where do I find out what status 5 and if_index 26 mean? Is there some exclusion somewhere if a user is part of administrators do I need to do something else? I could create 2 accounts per user one that isn't an admin on their machine if that would help. Have them use the non admin account for work and the admin account if they need to install something.
  9. Yes, I'm asking to find the offical place to download MBRCheck? And if someone can verify the md5sum or sha1sum of the latest version of MBRCheck or at least the version I downloaded. How would someone know if it was intercepted and replaced with a version that does infect the BIOS and reports its version with the infected MBR as something else. If I had an author of said program and his signed hash for said program I could verify my download. Forums I see to post stuff to Announcements,General Discussion,Introduce Yourself!,Windows 7,Windows Vista,Windows XP,Windows NT4/2000/2003,Windows Server 2008 / Server 2008 R2,Windows 95/98/98SE/ME,Microsoft Office 97-2010,Microsoft Beta Discussion I didn't realize it scrolled down more and that is all the topics I saw. I guess it belongs in Software hangout? I was going to mention some of those to the author if I knew who I could report to. Hence where is the official site? I found what syslinux's was. I could also get grubs It does have some blacklisted MBR's to check for. If I could find a list of the blacklisted MBR's I'd like that. Many of the OEM's from bigger corporations are white listed. There doesn't appear to be all that many different MBR's I myself look forward to the day when MBR is past and EFI finally takes hold. False Positives for Blacklisted is highly unlikely and with only 440 bytes I'd say nearly imposable to create a false positive with an sha1 hash. It declares an unverified hash of MBR's with an unknown signature. Most people only using windows are going to have an MBR from One of the big manufactures or a clean install of windows. There aren't that many different languages that you couldn't list all the versions of windows MBR hash codes. Thanks for the quick link to TweakUI I mostly agreed but you don't think you should check on your MBR from time to time to see that no program has messed with it for a malicious reason. Especially on a windows only machine.
  10. I recently installed openvpn on my server and one client. I wanted to setup a script to install the rest of the clients the part that is difficult is renaming the Network connection. Is there a tool that will list the network connections and their drivers? either as command line tools or Something that has a similar output to |driver|------------------------------------------------|networkconnection| |Realtek PCIe GBE Family Controller--------|Local Area Connection| |TAP-Win32 Adapter V9|------------------------|Local Area Connection 2| I want to create some sort of script be it batch or cscript to find the connection with the driver TAP-Win32 Adapter V9 and rename it from its current name to tap0901 I didn't find any tools but with some registry hacking I created the following script to modify the name of the network device to what is in my client.ovpn configuration file setlocal EnableDelayedExpansion set "networkfile=%HOMEDRIVE%%HOMEPATH%\networks.reg" set "driversfile=%HOMEDRIVE%%HOMEPATH%\nodes.txt" set "openvpncfg=%ProgramFiles%\OpenVPN\config\client.ovpn" regedit.exe /e "%networkfile%" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} type "%networkfile%" | findstr "NetCfgInstanceId DriverDesc" > "%driversfile%" del "%networkfile%" set "node=" FOR /F "tokens=1,2 delims==" %%A IN ('type "%driversfile%"') DO ( set "lastnode=!node!" set "node=%%B" set "test=%%A" if [!test!] == ["DriverDesc"] ( if [!node!] == ["TAP-Win32 Adapter V9"] ( set "TAPINTERFACE=!lastnode:~1,-1!" ) ) ) type "%openvpncfg%" | findstr dev-node > "%driversfile%" FOR /F "tokens=1,2" %%A IN ('type "%driversfile%"') DO ( if [%%A] == [dev-node] ( set "nodename=%%B" ) ) del "%driversfile%" echo Windows Registry Editor Version 5.00 > "%networkfile%" echo. >> "%networkfile%" echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%TAPINTERFACE% \Connection] >> "%networkfile%" echo "Name"="%nodename%" >> "%networkfile%" regedit.exe /s "%networkfile%" del "%networkfile%"
  11. For the most part I trust Microsoft and some other major software providers like Adobe and Apple stuff but have recently started to run into issues. Example: I can no longer find tweakui on Microsoft site. I know its just a registry editor but it makes it so much easier to do some of the tasks I need to do like autologin. I wanted to know about how I go about verifying the program I am downloading and that it is from whom it says its from. I know tweakui pops up that it is a microsoft signed program but others are not so obvious. And thats only after I try and run it. Example: I had been reading about malware being in the Master Boot Record and wanted to explore how I would verify that my MBR was infected or not. I found word of mbrcheck.exe and downloaded this program. It seems good but how do I know mbrcheck.exe is not infecting me? I'm doubting it is infected because it says my MBR was written from Dell when I was expecting it to say something about microsoft written mbr meaning it gave a lot of information that was more correct than I was expecting. I was hoping I could read somewhere on the net to look at the MBR in more detail without any third party program. I am good with linux commands and was hoping there was a way to verify the MBR using dd to copy just the MBR and verify what was in the MBR that way. I didn't find anything about patterns to match good or bad so I went with mbrcheck.exe I only see a version number for mbrcheck.exe I don't see any contact info or company info I have no clue as to where its from or if it itself hasn't been infected. In linux we have checksums and if a developer is smart they have a pgp signed statement stating the md5 checksum and maybe sha1 checksum. Thus you have the persons pgp public key to verify and you know overtime that some of these can be trusted. At that point you can trust the md5sum and then verify the executable with that. I see nothing like this in the windows world and it scares the bejesus out of me. A.) I'd like to know the official site for mbrcheck.exe if anyone can help? B.) I'd like to know how to verify I have an uninfected binary. MBRCheck.exe version 1.2.3 has -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 md5sum cb2d120a4b72422a8141192831b1f500 *mbrcheck.exe sha1sum 4f384c8d798dd0ee6c7ff12046db64e6cc05ccf0 *mbrcheck.exe -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAk5VYOMACgkQ59JpGAdkjyUjFACgj3tS2pi7p0dYD4Kneg3lO6by g80AnjVaLnogvS+jVUTTJGl2jG6Nvr8u =Vr+I -----END PGP SIGNATURE----- my signature is from my jeff.sadowski at gmail.com pgp key. if someone can verify that please. Thanks. also some other information as I was trying to figure out what mbrcheck.exe was doing to check things I figured out using cygwin and dd that it is comparing an sha1 hash of the first 440 bytes of the disk in cygwin I did a dd if=/dev/sda of=test.raw bs=440 count=1 sha1sum.exe test.raw to get the same sha1 hash that was displayed Also FYI mbrcheck claims sha1 ae3e0a945d44c8ea304a19a8f50f69065c34344b is a Dell Inspiron MBR code if that helps anyone out.
  12. Fine I'll use another option maybe 1023 or some other if this one is taken as well. As far as I know only up to 249 is the highest option that is even listed without adding your own. Doesn't matter my question wasn't about WPAD or ISA I just want to know how to pull in this option into windows. I want to know how to run the DhcpRequestParams from vbscript. Can this be done. It looks like I do need to run DhcpRequestParams. Or can I compile windows system calls from gnu tools.
  13. On my windows server I added my own option. I added an option 252 and called it start-script; it is a string option and I gave it a UNC path to a script that I want my xp machines to run. I know how to use gpo's to pass startup scripts but I wanted a server managed way to pass options to xp machines that will be running from cd. To test I am using a regular xp machine and trying to get it to see my new option. I tried following the instructions here http://support.microsoft.com/kb/312468 I added the 252 key under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCP\Parameters\Options I added the DWORD KeyType and found elsewhere that the KeyType 0x1 is for strings So I set KeyType to 0x1 I created a REG_SZ RegLocation and gave it a registry path system\currentcontrolset\services\tcpip\parameters\start-script then I created that string in the registry I then tried rebooting but HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\start-script didn't have the UNC path that I was passing from my dhcp server. Reading further down on http://support.microsoft.com/kb/312468 I think I may need to compile code to have it read that option? I am not opposed to creating a small program to get that option but didn't understand what exactly I needed to do. If I can do this all with dos scripting I'd perfer to. I understand batch scripting best of windows scripting. but if I need to use cscript I understand that as well. I understand C code well but I'm not sure I'd be able to compile what I wanted given I only have gnu tools to compile it. I'm not looking for another way to do this. I am looking for how to use my own dhcp options in windows.
  14. Using cygwin I compiled dhcpd using instructions from here http://www.angelfire.com/linux/skip/dhcp/ that didn't quite work right. I got it working make sure you have the following installed in cygwin diff gcc-core gcc-g++ make patchutils modify step 4 because "make install" does not work properly I had to do as follows after step 3 I did cd ./work.cygwin/server make install cd ../../ modify step 6 because vi is hard to use and isn't there by default /cygdrive/c/Program\ Files/Windows\ NT/Accessories/wordpad.exe c:\\cygwin\\etc\\dhcpd.conf dhcpd -t modify step 8 because eth1 is not a windows node name. I created a batch script to get the node names I named this nodename.bat pick the node name that goes with ethernet card you know has the address you want to send dhcp out on C:\nodename.bat {00483384-F5A0-4A61-8735-DB61F1D34BED} "Local Area Connection" {F56A0B21-4092-4D9C-944E-870CDD103222} "Local Area Connection 2" Press any key to continue . . . ipconfig says that "Local Area Connection" has the ip I want to send dhcp out on so I use dhcpd -d {00483384-F5A0-4A61-8735-DB61F1D34BED} and there you go. I remember for some other thing a while back having to get the network node name and having to open regedit going to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\ and searching through each to find what your network card was. I don't remember what for but this script would have made it much easier. It took me a while writing it because I wanted it windows 7 compatible.
  15. Rebooting fixed it although I have no idea why it started.