Posts posted by nonspin
-
-
Using the "Downloads" from inside of your WinToolkit application to access - let's say ISO's,
-> in an unregistered state -> ad.fly redirection is enabled.
Once you have registered your copy of WinToolkit - those ad.fly redirects go away.
However, ad.fly is just a 5 second advertising placeholder (watch the countdown at the top-right of your page).
Once it hits "0" - you can proceed to the initial target.
This is common practice and has nothing to do with malware or infected code.
-
SecureBoot and all the CSM functionality doesn't have any effect on Win 7.
Also UEFI-Boot doesn't work on any other than FAT32.
UEFI doesn't do anything to your Boot-functionality
(other than forcing it into FAT32) and it does not
magically turn your USB into a magic carpet.
Therefore - rethink your approach and opt for compatibility
-
Posted ·
Edited by nonspin
http://www.wincert.net/tips
has no index or 301 redirect set - therefore ends in 404Everything below is fine:
http://www.wincert.net/tips/microsoft-windows -
-
Congratulations © KEiGHT! But there still seems to be some figuring out needed, since the original format of the date is MM/DD/YYYY, from looking at the images from abbodi1406, and the format you ended up with in the image above is DD.MM.YYYY, unless that is the format you always see and it is dependent on some local date setting of your machine? Just curious and trying to get it perfect.
Cheers and Regards
The original format is <Highpart> & <Lowpart>
From there - w32time - will convert it to whatever Location/Region is set.
Each Location/Region has a defaul Format according to the Language.
for example:
Location: UK
Default Format: English (United Kingdom)
Short Date: dd/MM/yyyy
Location: JP
Default Format: Japanese (Japan)
Short Date: yyyy/MM/dd
-
-
-
-
Edited by nonspin
You could skip all the tasks converting times. Simply copy whatever is inside <LASTMODIFICATIONTIME> and replace it with whatever is inside <CREATIONTIME>
for example:
copy the part in red to notedpad
<LASTMODIFICATIONTIME>
<HIGHPART>0x01CF83B1</HIGHPART><LOWPART>0xE5F87098</LOWPART>
</LASTMODIFICATIONTIME>
paste it to:
<CREATIONTIME><HIGHPART>0x01CF83B1</HIGHPART><LOWPART>0xE5F87098</LOWPART>
</CREATIONTIME>
This would also reflect the REAL time it was modified and not the value you have generated
-
Edited by nonspin
Had a look into wimlib ? I think it's an alternative worth considering.
-
Edited by nonspin
you mean Date/Time to Integer8?
(remove .txt from attached file)
Usage (from CMD)
cscript DateToInteger8.vbs "06/09/2014 10:30:00 PM"
result:
Integer8 value: 130468194000000000 (decimal output)
-> use calc.exe (programmer mode) to convert to hex (QWORD)
-> 1CF842195DB5400
highpart:01CF8421
lowpart:95DB5400
validation: w32tm /ntte 0x1CF842195DB5400
151004 20:30:00.0000000 - 6/9/2014 10:30:00 PM
-
-
Highpart/Lowpart explanation:
Highpart: Date
Lowpart: Time
convert/verify: w32tm
example:
<CREATIONTIME><HIGHPART>0x01CB88D1</HIGHPART><LOWPART>0xDB7CCA61</LOWPART></CREATIONTIME>
syntax: w32tm /ntte 0xHIGHPARTLOWPART
Open DOS-Box: (Win+R) CMD
w32tm /ntte 0x01CB88D1DB7CCA61
149707 16:42:02.2122081 - 11/20/2010 6:42:02 PM
-
-
-
Edited by nonspin
In that case, why don't you include the ImageSource date in the title (Operating System) ?
.. Or better yet, in the description field displaying after you hightlight the item.
It's also the most promising to actually being editable since the extraction and modifying of the dates isn't that easy.
Then you would have both types of information visible and not confuse anyone - including yourself.
Editing the modification date to something only you know the means to isn't of much help or value.
In a perfect world, you would edit the resources of setup and display both items - date created and date modified.
-
-
The 7z-SFX compression strength is not relevant - it's the self-test verification and a present encryption.
Most authors use "protect SFX (with password)" to prevent manual unpacking .. Now, it would use the password
as an encryption key .. Makes sense, right ?
Upon execution it would first decrypt large chunks in your RAM and verify the contents ...
-
Edited by nonspin
Try Attribute Changer -> http://www.petges.lu/home/
If doesn't work this way, you have to edit the PE_Header or the .xml entry<LASTMODIFICATIONTIME><HIGHPART>0x01CF6C3D</HIGHPART><LOWPART>0x3FF13CBB</LOWPART></LASTMODIFICATIONTIME>
example:
0x538A7B10 = June, 1st 2014 01:00:00 AM
-
-
Edited by nonspin
And as I stated before there is no way that running executable would be able to delete itself in normal conditions, as file would be in use.
There are plenty of ways to so:
- On execution WinToolkit.exe you would spawn one addional process hooking ExitProcess for example
waiting for the correct trigger and then deleting the file .. i could come up with at least 5 more ways..
, but i'm pretty sure it unpacks somewhere into 2 or more files and just waits for the child process to close it and dekete the file
before executing the actual Wintoolkit.exe ... upload the file to VT and post the report
... or send me link to the file via PM and i'll analyse it and tell you exactly what it does and what it may have done to your system
-
-
Posted ·
Edited by nonspin
Fill form by selecting (target) .exe
Almost all fields <info> can be retrieved from the application/executable easily.
It would speed up creation significantly.
Creator could be automatically set to %USERNAME%
-
Something is still not right, though.
I did a very simple integration job to narrow down the problem
job: W7x64 ENT + USB3
- en_windows_7_enterprise_with_sp1_x64_dvd_u_677651 (untouched)
- Intel® USB 3.0 eXtensible Host Controller: 1.0.10.255
- Asmedia_USB3_V11430_XPWin7 (official ASUS)
No errors during integration.
Asus Maximus-V Gene
Test1: Booting from Intel USB3
- Shows "CD/DVD Driver missing" aftrer LanguageSelection
- Selecting "Browse" shows all HDD's and X:Boot (boot.wim)
- The actual USB3 Drive is NOT present
FAILED!Test2: Booting from ASMedia USB3
- same as above
FAILED!
Test3: Booting from Intel USB (normal non USB3)
- SUCCESS, but:
In Windows7 -> DeviceManager
the Interl-USB3 shows as "Unknown Device" even after pluggin a device to wake it up.
Now, applying the very same Drivers, which WTK has "successfully" integrated the USB Hub wakes up.
-> Manual Driver Installion via Device Manager (.inf)
I suspect, that WTK separates the "Intel® USB 3.0 eXtensible Host Controller"
from "Intel® USB 3.0 Root Hub" and stores one part in the boot.win - the other in install.wim.
That's the only logical explanation i can come up with.
Microsoft .NET Framework 4.8 for Windows 7
in Win Toolkit Addons
I'll make it short:
DO NOT TOUCH THIS ADDON.
Why? For example, have look into "NDP461-KB3154529-x86-x64.reg"
This is just one sloppy piece which is capable of cross-contermining systems.
The .reg contains ABSOLUTE PATHs, "C:\windows\". Now what will happen if
you setup windows on D: -- next to your current one ?.
How long will it take to screw up BOTH systems, because trying to clean the
setup on D:\ also screws with c:\
Now what are the odds, since the author couldn't be bothered to use %windir%,
that everything else is as sloppy ?
I'll advice everyone to setup chocolatey at at startup batching everything
crucial - like "choco inst powershell" would deal with everything:
removing wMF4, insfalling WMF5, DOTNET4.5 and Powershell 5..