tinyapps.org / blog


Automatically prompt for elevated permissions when running a batch script #

Add the script below to the beginning of your batch scripts to automatically request elevated permissions when run. It was written by Matt, who credits for inspiration a post by NIronwolf, which credits OpenELEC, who apparently does not host the original script any longer (this may be it: create_installstick.bat). As Winhelponline points out, simply add your instructions under the "START" label.
::::::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights V2
::::::::::::::::::::::::::::::::::::::::::::
@echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================

:init
setlocal DisableDelayedExpansion
set "batchPath=%~0"
for %%k in (%0) do set batchName=%%~nk
set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
setlocal EnableDelayedExpansion

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
ECHO args = "ELEV " >> "%vbsGetPrivileges%"
ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
ECHO args = args ^& strArg ^& " "  >> "%vbsGetPrivileges%"
ECHO Next >> "%vbsGetPrivileges%"
ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
"%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*
exit /B

:gotPrivileges
setlocal & pushd .
cd /d %~dp0
if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul  &  shift /1)

::::::::::::::::::::::::::::
::START
::::::::::::::::::::::::::::
REM Run shell as admin (example) - put here code as you like
ECHO %batchName% Arguments: %1 %2 %3 %4 %5 %6 %7 %8 %9
cmd /k

/windows | Sep 04, 2016

Recover Windows product key from BIOS / UEFI #

while booted via Windows installation media, then determine which version of Windows corresponds to the recovered key:
  1. Boot via Windows installation media (DVD, USB flash drive, etc)

  2. When the "Windows Setup" window appears, press Shift + F10 to open a command prompt

  3. Launch one of these tools from the command prompt to retrieve product key from BIOS / UEFI:

    1. Windows OEM Product Key Tool 1.1 - Purpose-built app; simply returns the product key

    2. FirmwareTablesView - Displays list of firmware tables; look for "MSDM" under Signature column or "Microsoft Software Licensing Table" under Description column

    3. RWEverything - Digs deep for a plethora of hardware details; head to ACPI > MSDM > Data.

  4. To identify which version of Windows the recovered product key corresponds to:

    1. Ultimate PID Checker - Works with product keys from XP through 8 (not 8.1); runs inside the Windows installation environment

    2. ShowKeyPlus - Works with product keys from Windows 7 through 10; does not run inside the Windows installation environment

For OEM computers still shipping with Windows 7 or 8.1 (slated to end on October 31, 2016), the firmware-embedded product key likely differs from the product key on the hard drive. Recover the latter with ProduKey.

For more information on embedded product keys, see Windows 10 Embedded Product Key Tool and Where is my Windows product key, and how can I tell that my Windows installation is genuine?

/windows | Sep 04, 2016

Booting Dell Venue 10 Pro 5055 from USB device #

  1. With the Venue turned off, hold the volume button down.
  2. Turn on the Venue
  3. When the BIOS / UEFI screen appears, let go of the volume button
  4. Tap "Boot" > "Secure Boot" > "Disabled"
  5. Tap "File Browser Add Boot Option" > select .efi file on a bootable FAT32-formatted device (e.g., tap "USB: DataTraveler 2.0" > "Select Media File" menu appears > tap "efi" > "boot" > "bootia32.efi") > "Input File Name" menu appears > enter desired name (e.g., "USBFlash") > tap Return > Ok
  6. Change "Boot Option Priorities" if desired, or simply reboot while holding the volume button up for the "Boot Options" menu.

Sources:

/windows | Sep 04, 2016

Windows 7 install error: "A required CD/DVD drive device driver is missing" #

While attempting to install Windows 7 on a Dell Optiplex 3040 Micro, the following error appeared:

A required CD/DVD drive device driver is missing. If you have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.

Note: If the Windows installation media is in the CD/DVD drive, you can safely remove it for this step.

Browse | OK | Cancel

(As it turns out, the problem is caused by a missing USB 3.0 driver, so installing via USB floppy, CD/DVD, flash drive, etc was not possible.)

Browsing for a driver on the virtual X: drive returned:

No device drivers were found. Make sure that the installation media contains the correct drivers, and then click OK.

Reports online did not sound promising, e.g.: 'No device drivers were found' error when installing windows 7 on new computer "FINAL EDIT - If you're here for answers, while nothing here worked for me, that doesn't mean it won't work for you, so I suggest you try everything here if you can. What I ended up doing is giving up on windows 7 and instead installed windows 10.").

Coming up with a working solution took more time than anyone else should ever have to invest in this issue again. Here's what worked for me:

  1. Format a USB drive as NTFS. If necessary, use diskpart.exe:

    1. list disk

    2. select disk x, where x is the number assigned to your USB drive

    3. clean

    4. create partition primary

    5. select partition 1

    6. active

    7. format fs=ntfs quick

    8. assign

    9. exit

  2. Copy files and folders from Windows 7 ISO or DVD to USB drive

  3. Download Intel(R) USB 3.0 eXtensible Host Controller Driver and extract contents

  4. Download, install, and run NTLite

  5. Click "Add" > "Image folder" > select drive letter of USB drive (E: in the example that follows) > click "Select Folder"

  6. Under "Operating systems | install.wim", right click the version of Windows that corresponds to your license and then click "Load":

  7. Once loading has completed, click "Drivers" in the left-hand column:

  8. Click "Add" > "Folder with multiple drivers" > browse to the folder containing extracted driver(s) > click "Select Folder"

  9. Click "Apply" in left-hand column > click green "Process" button at top left > "Yes"

  10. When processing is complete, click "Source" in the left-hand column to return to the main window

  11. Repeat steps 6 through 10 for the two entries under "Boot/Setup | boot.wim" (in the screenshots above, they are "Microsoft Windows PE (x86)" and "Windows 7 Setup")

  12. If desired, make an ISO image of the USB drive (for burning to DVD-R, etc) by right clicking E: under "Image history" and then clicking "Create ISO"

  13. The USB drive or ISO image can now be used to install Windows 7 on the affected computer (see below for a list of all affected Dell models)

Notes

Updates

  • Latest Intel, AMD chips will only run Windows 10 ... and Linux, BSD, OS X - "One example of Microsoft holding back support is the xHCI USB controller in sixth-generation Skylake and seventh-generation Kaby Lake: Windows 7 doesn't support that USB hardware, so installing the operating system from a USB stick using those chips is tricky. Intel provides xHCI drivers for Windows 7 once it's up and running."

  • How to Install Windows 7 with only USB 3.0 Ports outlines a similar process using dism, but assumes a preexisting USB-based Windows 7 installer.

  • /windows | Aug 21, 2016

    Stop ransomware process and dump memory to extract key #

    Anti Ransom v3 "creates a random decoy folder with many useless random documents (Excel, PDF) and then it monitors the folder waiting for changes. When a change is detected, AntiRansom tries to identify which process is the responsible of such change and then stops it and dump the memory process (hopefully the key or password that is being used by the ransomware is inside)".

    /windows | Jul 09, 2016

    Extract passwords and more from memory #

    mimikittenz "is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes".

    Basic usage:

    1. Run Windows PowerShell as administrator
    2. cd to directory containing Invoke-mimikittenz.ps1 (e.g., Downloads)
    3. PS C:\Users\user\Downloads> Set-ExecutionPolicy RemoteSigned
    4. PS C:\Users\user\Downloads> Import-Module $pwd\Invoke-mimikittenz.ps1
    5. PS C:\Users\user\Downloads> Invoke-mimikittenz

    Sample result:

    PatternName       PatternMatch
    -----------       ------------
    Gmail             &Email=tinyapps@gmail.com&Passwd=PASSWORD_IN_PLAINTEXT&Persiste...
    

    See also:

    /windows | Jul 08, 2016

    Cloning a failing hard drive to a smaller drive #

    Faced with a rapidly-worsening hard drive (and after backing up critical data), I hoped to clone the Windows install to a smaller drive (the only one on hand). Kanguru's Mobile Clone HD One-To-One Duplicator (KCLONE-1HD-MBC) has gotten me out of similar binds before, but cloning to smaller drives is not currently supported.

    Here are the boot discs I tried in order and their results (for a similar list, see Windows won't boot (or boots only once) after SSD upgrade):
    1. Paragon Drive Copy 15 Professional - crashed
    2. Acronis True Image 2016 - crashed
    3. HDClone 6.1.5 Advanced Edition - produced a non-working clone with missing partitions
    4. Image for Windows 2.99-00 - produced a working clone!
    I was happily surprised astounded that my version 2 license from 2008 was still valid for the current version (2.99-00), which was released as recently as February 25, 2016. Many thanks to TeraByte for a great product and the super-long term support!

    /windows | Jun 16, 2016

    Check Windows for spurious certs #

    In light of malware and OEM CA shenanigans ("Who’s your Verisign?" - Malware faking digital signatures, Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish), be sure to check certificates regularly, especially immediately following acquisition or malware cleanup.

    While you could comb through Certificate Manager (certmgr.msc), Sigcheck from Sysinternals speeds things up considerably. The following example is from a system with Superfish and Fiddler certs installed:
    C:\>sigcheck.exe -tuv *
    
    Sigcheck v2.51 - File version and signature viewer
    Copyright (C) 2004-2016 Mark Russinovich
    Sysinternals - www.sysinternals.com
    
    Listing valid certificates not rooted to the Microsoft Certificate Trust List:
    
    User\MY:
       DO_NOT_TRUST_FiddlerRoot
            Cert Status:    Valid
            Valid Usage:    Server Auth
            Cert Issuer:    DO_NOT_TRUST_FiddlerRoot
            Serial Number:  99 77 7A 3E 64 63 19 9C 4D 6D 66 75 10 EF 0E B6
            Thumbprint:     31745D49A0C3386A1387A755217FD5C9701A9607
            Algorithm:      sha256RSA
            Valid from:     12:00 AM 6/14/2015
            Valid to:       11:59 PM 6/13/2026
    User\Root:
       DO_NOT_TRUST_FiddlerRoot
            Cert Status:    Valid
            Valid Usage:    Server Auth
            Cert Issuer:    DO_NOT_TRUST_FiddlerRoot
            Serial Number:  99 77 7A 3E 64 63 19 9C 4D 6D 66 75 10 EF 0E B6
            Thumbprint:     31745D49A0C3386A1387A755217FD5C9701A9607
            Algorithm:      sha256RSA
            Valid from:     12:00 AM 6/14/2015
            Valid to:       11:59 PM 6/13/2026
       Superfish, Inc.
            Cert Status:    Valid
            Valid Usage:    All
            Cert Issuer:    Superfish, Inc.
            Serial Number:  00 D2 FC 13 87 A9 44 DC E7
            Thumbprint:     C864484869D41D2B0D32319C5A62F9315AAF2CBD
            Algorithm:      sha1RSA
            Valid from:     6:25 AM 5/12/2014
            Valid to:       6:25 AM 5/7/2034
       DO_NOT_TRUST_FiddlerRoot
            Cert Status:    Valid
            Valid Usage:    Server Auth
            Cert Issuer:    DO_NOT_TRUST_FiddlerRoot
            Serial Number:  99 77 7A 3E 64 63 19 9C 4D 6D 66 75 10 EF 0E B6
            Thumbprint:     31745D49A0C3386A1387A755217FD5C9701A9607
            Algorithm:      sha256RSA
            Valid from:     12:00 AM 6/14/2015
            Valid to:       11:59 PM 6/13/2026
    
    From the documentation:
     -t[u][v] Dump contents of specified certificate store ('*' for all stores).
              Specify -tu to query the user store (machine store is the default).
              Append '-v' to have Sigcheck download the trusted Microsoft
              root certificate list and only output valid certificates not rooted to
              a certificate on that list. If the site is not accessible,
              authrootstl.cab or authroot.stl in the current directory are
              used instead, if present.
    

    /windows | Jun 14, 2016

    Block a specific program from accessing the Internet #

    1. Open Windows Firewall with Advanced Security (wf.msc)
    2. Click "Outbound Rules"
    3. Click "New Rule…​"
    4. Click "Program" > "Next"
    5. Click "This program path" > "Browse" > select program to block > "Next"
    6. Click "Block the connection" > "Next"
    7. Leave Domain, Private, and Public checked > "Next"
    8. Type desired name for rule and click "Finish"
    If that seems too tedious, check out OneClickFirewall. It adds a context menu item to "Block Internet Access" and another to "Restore Internet Access", leveraging outbound rules in Windows Firewall with Advanced Security.

    /windows | Jun 04, 2016

    Tiny Unix Tools for Windows #

    These tools have been littered around the blog for years; this is an attempt to put them all in one place. In order of appearance:

    UPDATE:

    /windows | Jun 04, 2016


    Subscribe or visit the archives