Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    United States

Everything posted by MrJinje

  1. I wrote this a week or three ago, the packages tabpage is basically an install_wim_tweak gui. It does wildcards, unhides single packages, pre-populated drop-down list, etc. All credits to Lite8 / Aviv00 for the original idea back in 2008 that everyone has since stolen.
  2. if you were in powershell, you could call the garbage collector to release those handles after unload the hive. [System.GC]::Collect()http://jrich523.wordpress.com/2012/03/06/powershell-loading-and-unloading-registry-hives/
  3. If the user is logged out when it runs, you'll need to additionally mount the ntuser.dat file because the SID path is only available while a user is actually logged on.
  4. Not sure, maybe someone with that type of hardware can report back. EDIT: Can verify it works in a VM with a non-loaded A: drive floppy disk. I see an A: in explorer, when I click on it, it says please insert a disk or some such. When I run the script no errors.
  5. Here is my take on the alphabet loop from powershell. 65..90 | Foreach {$tag = "Sources\Install.wim";$drive = [char]$_+':'; $test = $drive + '\' + $tag; If (Test-Path $test){write-warning $drive}}
  6. Maybe if you hold your breath I will release FreeLite™
  7. Easy method write the value to a registry key or temp file, then program your second script where to look.
  8. Does the EULA have a binding arbitration clause ?
  9. Here is an Official™ kludge for readers who cannot wait. Rename attachment to .ps1 and it will do the rest. Side effect, the %TEMP% setting no longer reverts to %APPDATA% upon open. NTLite_Starter_Tool.ps1.txt
  10. 1) No they are not duplicated. 2) Yes of course. Here is a powershell snip that prints out net use commands for proof of concept. $MAPS = Get-Item HKCU:\Network\*ForEach ($MAP in $MAPS) { $KEY = ($MAP).name $UNC = (Get-ItemProperty -Path "registry::$KEY" -Name "RemotePath").RemotePath $LETTER = Split-Path -Path $KEY -Leaf Write-Host "Net Use "$LETTER": "`"$UNC`" Write-Host "Net Use "$LETTER": /DELETE /YES"}
  11. The top key is a letter and the value "RemotePath" is the path. Those two values are all you need. Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Network][HKEY_CURRENT_USER\Network\Z]"RemotePath"="\\\\vmware-host\\Shared Folders"So from a programming stand point, just loop through HKCU\Network, look for top level keys (which are single letters), and read it's RemotePath value. Use the net mapping API as it will perform faster than "Net Use". ad infinitum OnLoad event. A second loop removes them during the OnClose event. That setting Andre mentions requires a reboot before it takes effect, re-mapping of pre-existing drives on the fly does not. The effect is instantaneous. Very easy to do. No need to make permanent settings on every machine. Net Use Z: \\vmware-host\Shared FoldersEDIT: I read the article you linked, it seems they back up my story, but for different reasons.
  12. Test box is a Windows 8.1 x86 inside vmware. Opened NTLite after installation, attempted to browse. Did not see the mapped Z: drive which is mapping to shared folder on host machine. I manually mapped the drive via net use command in elevated cmd.exe window and NTLite could see the drive.
  13. On every machine I plug this into ? Last I checked, it's $249 for the USB corporate version. Imagine some of my clients won't like me introducing another 24/7 security risk to their domains. Why not a loop routine during the onopen and onclose events. Temporary mapping, only for the duration of NTLite, un-map them afterwords, leaving no trace.
  14. I lose access to mapped drives when browsing for DVD folders via the Add Button. Can you remap network drives from the current session into the elevated session during open ?
  15. Threw that p/invoke inside an add-type so you might not need an external.exe for this trick. Add-Type -Language CSharp -TypeDefinition @"using System;using System.Runtime.InteropServices; namespace FejesJoco{ public class Program { [DllImport("shell32.dll", EntryPoint = "#262", CharSet = CharSet.Unicode, PreserveSig = false)] public static extern void SetUserTile(string username, int whatever, string picpath); [STAThread] public static void Main(string[] args) { SetUserTile(args[0], 0, args[1]); } }}"@[FejesJoco.Program]::Main("Maxxpsoft" "%systemdrive%\Install\Maxxpsoft.jpg")
  16. I'm pretty sure people will use it regardless the name. Seriously, I used the first two versions (nlite and vlite) even though you spelled 'light' wrong both times. Maybe you could call it Huge Windows Disk Phixer or HWDP for short, probably be pretty popular with the euro crowd.
  17. Here is a more interesting read on the subject. http://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/ EDIT: https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
  18. I guess you could run powershell from the registry as base64 gzip encoded blobs via system.io.memorystream. Maybe throw some encryption on top of that, rename the key with unicode characters and we have a powershell only version of this hack. or am I missing something, is javascript really needed ?
  19. In theory Nuhi could compile the entire thing as a DLL and p/invoke a front-end using Metro. Not saying he should, just that it's possible. Who else wants a full-screen version that runs in the background at a swipe.
  20. Let's be real and drop all this 'lite' nonsense. Just call it what it is. Nuhi's Coaster Creator for Windows.

  • Create New...