Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

  • Country

    United States

About fdv

Contact Methods

  • Website URL

Profile Information

  • OS
    Windows 7 x64

Recent Profile Visitors

3,678 profile views

fdv's Achievements



  1. Hi all, I had some problems with my hosting provider Sunday night. I had to move my site last night and haven't set it all back up again. So if you're trying to read pages or download files they won't be there for a night or two. Sorry for any disruption caused. BTW the advice not to upgrade to IE8 is because IE8 has extra files in its install. When an upgrade is performed on an existing install, there are no issues, but using HFSLIP plus my fileset plus IE8 results in problems due to TXTSETUP and IE.INF because they were never structured to handle the extra IE8 files. HFSLIP may report a success but the install might not work since the problem is that some of these extra files might get copied fine but they don't get registered as they should. As a result you run the risk of booting up for the first time and seeing no explorer. At one point I was working on separating IE.INF into IE6.INF and IE8.INF but never finished the work.
  2. I hope to help matters by chiming in. Maybe. Caps, you're going to get a LOT more mileage out of going to SP3. I mean, there's no way around the fact that your OS will be a lot less buggy. I made that edit to the DLL years and years ago and I forget what routine I changed... God I can't even remember the decompiler I used on SP2's dll to find out the sequence. if you want to do this, it's best to move to SP3, and if you are worried about Microsoft hard-coding themselves into the OS and overriding the HOSTS file, then edit dnsapi.dll to your liking. You'll block your own ability to reach microsoft.com for downloading updates if you do it wrong (you can always put them on a USB from another system) but the bottom line is that you will solve your problem, you'll be happier, you won't need to ask this anymore, you won't be fooling with a "dead" service pack anymore... there are only benefits. There is no solid reason not to switch, my friend. But even if you choose not to, it's been too long and I can't help, I don't have the tools anymore or the time to spare to do the same thing for SP1a.
  3. Anyone interested in INF format? You can mount the WIM and apply this and have 7 "remember" the settings I suppose. The line for directory contents is this: HKCR,"Folder\Shell\List Contents to text file\command",,,"%11%\cmd.exe /C DIR ""%1"" /B /O /S>""%1""""_contents list.txt""" It makes a printable file. My INF below adds a few useful items I use all the time in 7 like using the contig utility for defragging and remember those instructions all over the 'net to make a "god mode" icon on the desktop? That's in here too but I call it 'expanded control panel' (you'll see what I mean). Edit it as you will.... [version] Signature="$Windows NT$" [DefaultInstall] AddReg = ContextMenu [ContextMenu] ; Add "command-prompt-here" functionality when right-clicking a directory HKCR,"Drive\Shell\Command Prompt Here\command",,,"%11%\cmd.exe /k cd ""%1""" HKCR,"Directory\Shell\Command Prompt Here\command",,,"%11%\cmd.exe /k cd ""%1""" ; HKCR,"*\shell\runas",,,"Take Ownership" HKCR,"*\shell\runas","NoWorkingDirectory",,"" HKCR,"*\shell\runas\command",,,"cmd.exe /c takeown /f ""%1"" && icacls ""%1"" /grant administrators:F" HKCR,"*\shell\runas\command","IsolatedCommand",,"cmd.exe /c takeown /f ""%1"" && icacls ""%1"" /grant administrators:F" HKCR,"Directory\shell\runas",,,"Take Ownership" HKCR,"Directory\shell\runas","NoWorkingDirectory",,"" HKCR,"Directory\shell\runas\command",,,"cmd.exe /c takeown /f ""%1"" /r /d y && icacls ""%1"" /grant administrators:F /t" HKCR,"Directory\shell\runas\command","IsolatedCommand",,"cmd.exe /c takeown /f ""%1"" /r /d y && icacls ""%1"" /grant administrators:F /t" ; add advanced system properties to mycomp HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\AdvSysProp",,0x00020000,"Advanced System Properties" HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\AdvSysProp\command",,0x00020000,"control sysdm.cpl" ; add device manager to mycomp HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Devices",,0x00020000,"Device Manager" HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Devices","SuppressionPolicy",0x00010001,3c,00,00,40 HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Devices\command",,0x00020000,"%windir%\system32\mmc.exe /s %SystemRoot%\system32\devmgmt.msc /s" ; add the mega-control panel on mycomp HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\ExpCPL",,0x00020000,"Expanded Control Panel" HKCR,"CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\ExpCPL\command",,0x00020000,"%windir%\explorer.exe shell:::{ED7BA470-8E54-465E-825C-99712043E01C}" ; unused alternate for the exact same thing ;HKLM,"SOFTWARE\Classes\CLSID\{20d04fe0-3aea-1069-a2d8-08002b30309d}\shell\Expanded Control Panel\command",,,"%windir%\explorer.exe shell:::{ED7BA470-8E54-465E-825C-99712043E01C}" HKCR,"Folder\Shell\List Contents to text file\command",,,"%11%\cmd.exe /C DIR ""%1"" /B /O /S>""%1""""_contents list.txt""" ; contig HKCU,"Software\Sysinternals\C","EulaAccepted",0x00010001,01,00,00,00 HKCR,"Directory\shell\contig","",0x00020000,"Defrag Folder with Contig" HKCR,"Directory\shell\contig\command","",0x00020000,"%windir%\system32\contig.exe ""%L\*.*"" -v -s"
  4. How to. Hi all, this is inspired from a thread a while back. I recently needed to run some utils including Process Explorer while elevated and decided to finally put up a quick how-to on running Explorer while impersonating TI. Maybe it might be useful to some folks. Much credit to Joakim and the guys in that thread!
  5. In truth I always stuck the LBA in SYSSETUP.INF. From my version in my fileset: [infs.Always] syssetup.inf,SpecialInstall [specialInstall] AddReg = Special.Addreg [special.Addreg] HKLM,"SYSTEM\CurrentControlSet\Services\Atapi\Parameters","EnableBigLba",0x10001,01,00,00,00 ; enable large block addressing This way the LBA is accomplished neatly and immediately. I posted otherwise because I'd forgotten and this forced me to check!! Sorry about my misleading post above
  6. Ahhh! Okay, now I get you... catalogs. Since you are replacing a lot of binaries in a SP (of your own making) and not installing the CAT files that come with each hotfix, you might as well delete all of the listed CATs except the first two, NT5INF and NT5. That's how I did what I did and it worked. IIRC SP4.CAT can go too. FYI, I know you know this but for other people reading, if you wanted to make an unofficial SP where each file actually passed a signature verification, you would need to copy all of the CAT files in each hotfix and list them ALL under [ProductCatalogsToInstall]. I honestly forget what happens when you install no CATs at all. My hacked SETUPAPI.DLL turns off all signature checking and I use that in conjunction with the SFC.DLL hack. You can get both in my fileset. Since they are MSFT binaries permission is not mine to give, but if you wanted to use the ones from my fileset, I personally have no problem with that. Some part of me thinks that even with all of this you might still get a problem with a different WINTRUST. Worth checking into if it eliminates your error.
  7. To expand on my advice and clear something up, ALL of the HIVE* INF files execute during text setup. They all build the registry which is assembled prior to GUI. You do not need to add to SETUPREG.HIV. (Editing that file is a mess anyway). Look at the HIVE files in my fileset... look at all of the system tweaks I add (use Winmerge to compare). You can make a LOT of changes to the OS by editing these files edit: this is not 100% correct, see my post below about using SYSSETUP.INF for LBA, I misremembered what was in my own file
  8. tomasz86, I am not clear on the error you get with wintrust.dll, I did not see a specific description or screenshot of it. This dll is involved with digital certificates on a running OS, it is not involved with setup. To expand more on what acus said, do a global replace in both TXTSETUP and LAYOUT of ,_x, to ,, (comma underscore x comma ---> comma comma) Hacking SFC is handy but doesn't relate to wintrust. This may be handy for you, it is buried in my site edit: by "This dll is involved with digital certificates on a running OS, it is not involved with setup" I mean there is nothing you can do during setup to suppress errors from this dll later. An error thrown because of this means another dll that windows is attempting to verify is failing verification. So strictly speaking, another dll might be the actual problem.
  9. fdv

    Slipstreaming NT4 SP6a

    You don't need to re-apply SP6a. Wendy completed the INF. PM me for more detail.
  10. http://www.vorck.com/windows/hotfixes_2003.html Updated for Sept. Haven't gotten to June but I did link the June ISO. Rulman as usual if you want to check my list I will make any notes you want to add if I missed something or got something wrong.
  11. fdv

    FDV's website

    Hi all, I was applying for some jobs at some places that are a bit "uptight" and instead of taking time to edit out swear words from my material, I just took them down during the application process. It will all be going back up shortly.
  12. Okay. For those of you just tuning in, Joakim has actually managed to do what several folks including myself had said was not possible -- open a CMD prompt with TrustedInstaller permissions. Life happens fast, and so did this thread. Here's how to do it in one post. Thanks to all of you who contributed your wisdom. Like CoffeeFiend I'm also kind of lost as to how we managed to get here ------------ How to open a CMD prompt with TrustedInstaller permissions Install PSList - http://technet.microsoft.com/en-us/sysinternals/bb896682 or Install Procexp - http://technet.microsoft.com/en-us/sysinternals/bb896653 Install Session0Injectors from Payload Execution Tools v.2 - http://reboot.pro/files/file/171-payload-execution-tools/ Install netcat - http://www.securityfocus.com/tools/139 You must do the next part fairly quickly, because once you start the TrustedInstaller service, it's not going to run all day... it stays running for a short while and stops. Run services.msc Scroll to Windows Modules Installer Right click, select 'start' Open a command prompt and type pslist trustedinstaller and get the PID or launch ProcExp and get the PID Let's call that number '4321' (of course it will be different on your system) Let's also pick a port to run netcat on -- say '6789' "Now run netcat as a daemon serving cmd.exe for you on port 6789 by typing the following" Session0Cmd 4321 "nc -l -p 6789 -d -e cmd" (By the way, that -l is the letter l not the digit one. If your system is 64 bit Windows, you'll use Session0Cmd_x64 here)) If you got an error about an invalid PID, it means that the TrustedInstaller service stopped again. Go restart it. (When you do it will have yet another PID). "Now netcat is running as a daemon and serving cmd.exe for you on port 6789. To connect to it and obtain the actual TI-privileged cmd, open a cmd window and use this command" nc localhost 6789 Thanks again to Joakim for this bit of cleverness! (I'm sure you'll all let me know if I need to make edits...)
  13. a journey to dethrone the TrustedInstaller service Yeah... I should get back to what this thread was really about shouldn't I Thanks for the tip on padding out a SID's string. I need to stop being distracted and get back on track. But first lots of sleep as usual. I made notes, not in front of me, and only got where I got because of your solid recommendation on a good decompiler
  14. The problem I have with this schema is that -80- signifies that TI is a service. It runs in isolated session 0. An interacive logon is going to be -21- and a group is -32- (I think -- it's what I read here? But yet 32 is print operator? Confused ) In other words, Admins group is SID S-1-5-32-544 but TI is S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 Wow, I started wanting to shut off digital signature checking in Win7 and I got SERIOUSLY sidetracked Anyway, you saw my other msg but other folks mightn't've. What I think the only real possibility is, is to open the list of files that reference the TI SID and change it to the admin group, and then pad out the extra spaces in the binary with 90's (noop). TI then "becomes" an actual user, AND TI still continues to run as a service because the EXE is still running (i.e. the service is running). I don't feel like trying it right now, but I might get to it at some point. Edit: more on point, I have had a look in the DLLs... there is some very naughty stuff you can do that I shall shut up about, but a curiosity was seeing a call to LAYOUT.INF. Huh?! I thought Win 7 was "redone"!

  • Create New...