The Oven

Plugin World => General Plugins => Plugins => Topic started by: paraglider on February 15, 2016, 12:26:46 AM

Title: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 15, 2016, 12:26:46 AM
http://wb.paraglidernc.com/Scripts/Runscanner2.script (http://wb.paraglidernc.com/Scripts/Runscanner2.script)

Has both x86 and x64 versions.

X64 version requires 64 bit versions of vista or later. Currently does not support injection of the redirection dll into windows services.

7z files containing program / dlls will be downloaded and extracted during the project build or when the download button on the script is clicked.

Details:

http://wb.paraglidernc.com/Scripts/Runscanner2.htm (http://wb.paraglidernc.com/Scripts/Runscanner2.htm)
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: Atari800xl on February 15, 2016, 08:01:45 AM
Well, that is very good news, congratulations on the new release!
 :thumbsup:
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: ChrisR on February 15, 2016, 04:14:17 PM
Great, good news  :thumbsup:
Finally you managed to do it without the MS detours package and the tiny $10000 license fee  :cool:

I would personally attached runscanner2.0.0.0.7z, it is light enough, to avoid downloaded at build time,
but Versions.ini to get your latest version is well too.

In Main_Both section, this should be enough
Code: [Select]
Run,%ScriptFile%,ExtractFiles,%Target_Sys%
Run,%ScriptFile%,CreateShortcuts,#$pSystemRoot#$p\System32
Run,%ScriptFile%,ExtractFiles,%Target_Prog%\%ProgramFolder%
//Run,%ScriptFile%,CreateShortcuts,%PE_Programs%\%ProgramFolder%
If,ExistSection,%projectdir%\script.project,VariablesWimPack,Run,%ScriptFile%,WIMPackExcludeList

However, I wonder if it would not be good to have both 32/64 bits versions available in x64 PE !?
If,%SourceArch%,Equal,x64,If,%TargetWOW64%,Equal,x86,...
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: Lancelot on February 15, 2016, 08:32:31 PM
Quote from: ChrisR on February 15, 2016, 04:14:17 PM
Great, good news  :thumbsup:
Finally you managed to do it without the MS detours package and the tiny $10000 license fee  :cool:
Chris wrote all,
Thanks Paraglider  :thumbsup: :thumbsup: :thumbsup:  :clap: :cheerleader: :magic:


Quote from: ChrisR on February 15, 2016, 04:14:17 PM
I would personally attached runscanner2.0.0.0.7z, it is light enough, to avoid downloaded at build time,
but Versions.ini to get your latest version is well too.
me too,

I combined all ideas (known from other plugins) to RunScanner 2 plugin and updated to v3 on servers.
ps: update Macro Library v42r148

at the bottom, there is "Use Packed" and "Use Downloaded" ("Use Packed" selected default)

When "Use Downloaded" selected with "Updated Latest" enabled, version.ini check during process, following paraglider's plugin design.

Also buttons  :wink:

Also updated a set of things with %OsFamily% , x86 - x64 etc.

Hopefully all combine Paraglider's plugin design and other things.


*
On special cases
ex: Arch,x64|x86 plugins where x86 also can be added optionally
I use this logic and update on plugins during updates.
Code: [Select]
If,Not,%SourceArch%,Equal,x86,Begin
If,%TargetWOW64%,Equal,x86,Begin
...
End
End
which to me fits better to ms logic + avoiding double if .


*
Quote from: ChrisR on February 15, 2016, 04:14:17 PM
However, I wonder if it would not be good to have both 32/64 bits versions available in x64 PE !?
I follow paraglider's design to fit 32 to 32, 64 to 64  .... (+ NT5 32 to 64-wow64)
 as far as I know there is no 32bit application that use runscanner directly,
  still if there is such requirement, one day on a topic - post , we can follow easily. :great:


:turtle:
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: fuwi on February 21, 2016, 03:10:02 PM
On a Windows 10 laptop, with "Remote Regedit" (Win8.1SE x86 and x64) after selecting C:\Windows i get:
[attach=1]

fuwi
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 21, 2016, 09:03:09 PM
What is the file version of c:\windows\system32\ntdll.dll?
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 21, 2016, 09:15:56 PM
c:\windows\system32\config has to contain: SYSTEM, DEFAULT, SOFTWARE, SAM, SECURITY registry hives files.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 21, 2016, 09:17:43 PM
Please verify the files from within win8.1 pe se.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 21, 2016, 10:48:53 PM
Think its a file permission problem with win8.1 pe se. I could not get the file version of ntdll.dll even with explorer. If I switch to win 10 pe se then it works fine.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: Lancelot on February 22, 2016, 08:19:00 AM
Quote from: paraglider on February 21, 2016, 10:48:53 PM
Think its a file permission problem with win8.1 pe se. I could not get the file version of ntdll.dll even with explorer. If I switch to win 10 pe se then it works fine.
Copy ntdll.dll elsewhere (ex: %Temp%) and try to get file version.

Well this is what I did on plugin via Macro Library when we could not get ntdll.dll and dism.exe version from host.

:turtle:
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 22, 2016, 12:33:23 PM
You can't copy the file either.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: Lancelot on February 22, 2016, 01:25:21 PM
Maybe related,
Win81SE uses admin login,
Win10PESE have admin login feature,
and probably same trouble may happen on a "Portable WinX" with an Admin login ???

so maybe you need something like nircmd do,
http://www.nirsoft.net/utils/nircmd.html
nircmd.exe elevatecmd runassystem

Maybe you or fuwi can test to "nircmd.exe elevatecmd runassystem" with runscanner ??




*
with nircmd.exe there are some troubles, as far as I remember recently:
It can not work on system user (no fallback to regular execute if login is system)
It can not use parameters.

I guess both can be workarounded, It would be nice without workaround, I had informed Nir Sofer....

for now to workaround, I use 2 shortcuts on another plugin, see \Apps\File Tasks\"Total Commander" plugin.

If above works with nircmd,
If you can add runscanner feature to run as system on a non system login, it would be best solution I guess.

:turtle:
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 23, 2016, 12:59:40 PM
Tried with runassystem / run as TrustedInstaller. Tried RawCopy. Cannot access any files in win10 system32 from win8.1 pe se. Win10 pe se works fine.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: fuwi on February 24, 2016, 02:22:03 PM
Really bad...  :wacko:

But there must exist a method for copying files from Win10 System32 in Win8.1PESE.
Diskimagers are able to do this. Personally i use Macrium Reflect Free in Win8.1PESE without problems.

fuwi
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: was_JFX on February 25, 2016, 12:46:24 PM
Hi paraglider,

Thanks for version two of this great tool  :great:
Just wonder what hooking engine do you use for x64?


About problems with file access.

Win81.SE (Amin login) should have read only access
Win8.1 PE SE should have not problem at all.

But cause you mention Windows 10, could it be that the new system compression is set on these files.
If so than the WofADK driver is missing.
I think we should add it to the older SE projects.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 26, 2016, 04:00:25 AM
I use Deviare In-Process : http://www.nektra.com/products/deviare-api-hook-windows/deviare-in-process/ (http://www.nektra.com/products/deviare-api-hook-windows/deviare-in-process/) for hooking api.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: fuwi on February 26, 2016, 02:05:02 PM
Quote from: JFX on February 25, 2016, 12:46:24 PM
But cause you mention Windows 10, could it be that the new system compression is set on these files.
If so than the WofADK driver is missing.
I think we should add it to the older SE projects.

Today i made a test with Win7PESE on my Win 10 Laptop.
Same problems with accessing files in c:\Windows\system32, like in Win8.1PESE.
It seems, all microsoft files in c:\Windows\* are affected, third party files are not.
And all projects < Win10PESE are affected.

So what is this WofADK driver? Is there a WinBuilder plugin for it?

fuwi






Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: was_JFX on February 26, 2016, 05:38:01 PM
WofADK.sys is a driver that comes with latest ADK.
It is equal to the wof.sys driver of Windows 10 and allow Windows 7 and 8.x to handle WIMBoot and CompactOS backed files.

There is no plugin, yet. But it's really simple to add.

copy wofadk.sys to your PE's system32\drivers folder
apply the following registry file

Code: [Select]
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\PE-SYS\ControlSet001\services\WofAdk]
"DebugFlags"=dword:00000000
"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
"Discription"="WofAdk Mini-Filter Driver"
"DisplayName"="WofAdk"
"ErrorControl"=dword:00000001
"Group"="FSFilter Compression"
"AutoAttach"=dword:00000001
"Start"=dword:00000000
"SupportedFeatures"=dword:00000003
"Tag"=dword:00000002
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\PE-SYS\ControlSet001\services\WofAdk\Instances]
"DefaultInstance"="WofAdk Instance"

[HKEY_LOCAL_MACHINE\PE-SYS\ControlSet001\services\WofAdk\Instances\WofAdk Instance]
"Altitude"="40730"
"Flags"=dword:00000000
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 26, 2016, 11:00:49 PM
Thanks. That worked for me on both winh8.1 pe x86 / x64. I created this script:

Code: [Select]
[Main]
Title=WofAdk
Type=script
Selected=True
Level=5
Author=Paraglider
Credits=Paraglider

[Variables]

[Process]
Arch,x86|x64

Run,%ScriptFile%,SourceDisksFiles
Run,%ScriptFile%,SetupReg.AddReg

[SetupReg.AddReg]
Echo,"Updating System Registry"
RegHiveLoad,Tmp_System,%RegSystem%
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","DebugFlags","0"
RegWrite,HKLM,0x7,"Tmp_System\ControlSet001\services\WofAdk","DependOnService","FltMgr"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk","Discription","WofAdk Mini-Filter Driver"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk","DisplayName","WofAdk"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","ErrorControl","1"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk","Group","FSFilter Compression"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","AutoAttach","1"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","Start","0"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","SupportedFeatures","3"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","Tag","2"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","Type","2"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk\Instances","DefaultInstance","WofAdk Instance"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk\Instances\WofAdk Instance","Altitude","40730"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk\Instances\WofAdk Instance","Flags","0"
RegHiveUnload,Tmp_System


[SourceDisksFiles]
Echo,"Copying files.."
FileCopy,%ScriptDir%\%SourceArch%\wofadk.sys,%target_sys%\Drivers



Create folders x86 / x64 in the script directory and copy x86 / x64 wofadk.sys from w10 adk to those subfolders.
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: Atari800xl on February 27, 2016, 06:16:07 AM
So everything's working now? That's more good news!  :thumbsup:

JFX: thanks for providing the solution, Paraglider: thanks for the scripts!
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: Lancelot on February 27, 2016, 06:29:47 AM
Hi Paraglider,

+ Arch,x86|x64 wrong (above driver plugin is architecture independent),
edit: more correct osfamily os dependent, besides no need such lines here.  :wink:

Since you are regular user around:
+ you already aware, use plugin naming, it cause chain follow others (see chain follow example Atari800xl above )
+ avoid using bad old bartpe habit of providing files on %ScriptDir% , this cause recent unknown winbuilder trouble on your mbam topic, it cause more troubles, and also chain follow by other users (see chain follow example Atari800xl above )

+ Use RegCPE, above codebox have unnecessary quotes, we fixed on RegCPE years ago, and RegCPE open source ..
I cleaned %99 unnecessary quotes on plugins manually, such examples like above cause chain follow of other users using unnecessary quotes......

* You should already aware all above, summary hopefully helps, from your profession you should understand more clearly than newbies ....

:turtle:
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: paraglider on February 27, 2016, 01:02:56 PM
my instructions only specified x86 / x64 drivers so arch command is required.

ScriptDir is the best place for associated files as it makes the plugin self contained.

It is a bug in your download function that it is not able to download files to ScriptDir.

Don't understand your comment about plugin naming.

I will fix my conversion program to not put in the quotes.

Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: Lancelot on February 27, 2016, 02:32:37 PM
Quote from: paraglider on February 27, 2016, 01:02:56 PM
my instructions only specified x86 / x64 drivers so arch command is required.
adding driver to a build only related to source architecture since ms makes rest registry same for all windows architectures.... practically no need such check... anyway....

Quote from: paraglider on February 27, 2016, 01:02:56 PM
ScriptDir is the best place for associated files as it makes the plugin self contained.
no it is not, as written on your mbam topic, and it does not make the plugin self contained, plugin contains nothing like your mbam plugin contains nothing.

as written on mbam topic, this cause mess on various areas which you should already know !
 or maybe you simply ignore all past troubles (known habit of old users) since we cleaned up all scriptdir provide on plugins which cause no reports of failures on scriptdir usages on topics.......

Quote from: paraglider on February 27, 2016, 01:02:56 PM
It is a bug in your download function that it is not able to download files to ScriptDir.
It seems to be more bug of winbuilder, yet another bug of using scriptdir like from past, if not let me know.
 To me It is quite waste of time to investigate already knowing some related bugs of winbuilder and not used troublemaker scriptdir to provide files on any plugin.

Quote from: paraglider on February 27, 2016, 01:02:56 PM
Don't understand your comment about plugin naming.
one of example:
http://theoven.org/index.php?topic=676.msg19477#msg19477
you marking topics read for years on current forum, already around on theoven.org for years, writing under plugin section..... !!!

well it is one of things that will not work on home made plugins in future....

Quote from: paraglider on February 27, 2016, 01:02:56 PM
I will fix my conversion program to not put in the quotes.
It is your time to waste.
RegCPE written so nicely no need to change since years,
 either use RegCPE or duplicate all RegCPE open source codes to your conversion program to fix it.

ps: Other BlueLife utilities can be found here ex: http://www.sordum.org/8478/reg-converter-v1-0/

*
also there is "Create New Empty Plugin" available , PC Packed also have small e button
Call,CreatePlugin
http://theoven.org/index.php?topic=45.0

which tidy up plugin organizations, maybe you have another program ! than simply duplicate and follow updates with your free time.

****
back to my work, simply follow paraglider, all organizations have quite good logic behind to get projects sustainable. Even you can not understand logic there is simple fact, Self proof they are still alive, compared to other bad habit projects and organizations.....


:turtle:
Title: Re: RunScanner 2.0.0.0 ( includes x86 / x64 verisons )
Post by: ChrisR on February 28, 2016, 12:05:46 AM
Good finding JFX for the compressed files of Windows 10 Compact which requires wofadk.sys :thumbsup:
Compact: https://msdn.microsoft.com/en-us/library/windows/hardware/dn949267(v=vs.85).aspx

I added wofadk driver in all SE projects. Due to  lack of time I have not tested until the end.
Drivers are downloaded in Retrieve Tools with Getwaiktools and copied in tools folder.
Then, to get it in a basic building, it is copied in Copy Files plugin with the registry written in Shell & Config.