IPB

Welcome Guest ( Log In | Register )

Recommended
BootDisk.com

Active Users

2 Pages V   1 2 >  
Reply to this topicStart new topic
Sysinternals Suite, A work in progress
JonF
post Sep 28 2008, 01:11 PM
Post #1


Advanced Member
***

Group: Advanced user
Posts: 389
Thank(s): 46
Joined: 7-January 07
From: Boston, MA
Member No.: 2,319


United States


I'm going to post this here because some may find it useful and/or figure out why a few things aren't working. IMHO it's not yet ready for the download area.

The Sysinternals Suite contains all the Sysinternals utilities except for a few that are not useful in debugging, such as the BSOD screen saver. This script automatically downloads the entire suite, then deletes several command-line utilities that are not useful in a PE environment. There are checkboxes for installing or not installing each program in your build. There are checkboxes for adding desktop or quick launch shortcuts for Process Explorer and Process Monitor. It includes Runscanner 1.0.0.22, only installed if you choose Autoruns.

To re-download the suite just delete %scriptdir%\Sysinternals_Suite.

File Monitor, Registry Monitor, Port Monitor require about 1 MB of writable %temp% space. They refuse to run in VistaPE but aren't useful there because Process Monitor does their job and does it much better. So, even if you select these three programs in a VistaPE build, they will not be installed.

Disk Monitor starts but does nothing. This doesn't bother me much since I've never figured out how to get useful information out of Disk Monitor.

Autoruns crashes in VistaPE.

Process Monitor now runs in LiveXP, requiring about 1 MB writable %temp% space! Thanks dera, and thanks to Lancelot for interface improvements and a few operation tweaks. Added the Filters registry key in version 3 of the script.

Sysinternals Suite.script version 3, 3 October 2008.
Go to the top of the page
 
+Quote Post
Lancelot
post Sep 28 2008, 06:43 PM
Post #2


Bug Catcher
***

Group: Advanced user
Posts: 675
Thank(s): 48
Joined: 8-May 08
Member No.: 15,072


Turkey


(IMG:../forums/style_emoticons/default/thumbup.gif)

it was in my to do list too (IMG:../forums/style_emoticons/default/smile.gif) after Nuno's advice to use http://live.sysinternals.com/ and your advice of using http://download.sysinternals.com/Files/ProcessMonitor.zip and http://download.sysinternals.com/Files/ProcessExplorer.zip

here are some supports for your devolopement:
in my first trial, script couldnt download and gave lots of warning in log file (file couldnt deleted, etc)
second trial downloaded successfully, and no problem
Taking lines from HDM8.script
why not put a warning if download couldnt archive?
with some other modifications sth like:

CODE
WebGet,"http://download.sysinternals.com/Files/SysinternalsSuite.zip","%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip"
If,NotExistFile,"%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip",Run,%ScriptFile%,ExitMessage1

[ExitMessage1]
Message,"Install file 'SysinternalsSuite.zip' could not be downloaded",Error


also why delete downloaded file?
FileDelete,%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip
wouldnt be nicer to make it remain as source?, or maybe someone like to use it for another purpose!

At least i can do a cosmetic (interface) support i guess
Here is interface section after i made fixes
CODE
[Interface]
pCheckBox2="Run from ram (boot.wim) (VistaPE only)",1,3,7,7,213,18,False
pTextBox1="Start Menu folder:",1,0,282,24,220,21,System\Sysinternals
pCheckBox3=Include,1,3,125,63,56,18,True
pCheckBox4="Create Desktop shortcut",1,3,187,64,138,18,True
pCheckBox5="Create Quick Launch shortcut",1,3,329,64,162,18,False
pBevel1=pBevel1,1,12,5,55,498,29
pTextLabel="Process Explorer",1,1,15,64,112,18,8,Bold
pCheckBox6=Include,1,3,125,95,56,18,True
pCheckBox7="Create Desktop shortcut",1,3,187,95,138,18,True
pCheckBox8="Create Quick Launch shortcut",1,3,330,95,162,18,False
pBevel2=pBevel1,1,12,5,90,498,27
pTextLabe2="Process Monitor",1,1,15,95,112,18,8,Bold
pCheckBox9="Active Directory Explorer",1,3,30,144,150,18,True
pCheckBox36=Autoruns,1,3,30,164,120,18,True
pCheckBox10=CacheSet,1,3,30,184,120,18,True
pCheckBox11="Disk Monitor",1,3,200,144,120,18,True
pCheckBox12=DiskView,1,3,200,164,120,18,True
pCheckBox13="File Monitor",1,3,200,184,120,18,True
pCheckBox27="Port Monitor",1,3,365,144,120,16,True
pCheckBox14="Registry Monitor",1,3,365,164,120,18,True
pCheckBox28="TCP View",1,3,365,184,120,18,True
pTextBox2="Other GUI Applications",1,1,13,127,230,18,8,Bold
pBevel3=pBevel3,1,12,5,123,496,81
pTextBox3="Command Line Applications",1,1,13,215,230,18,8,Bold
pBevel4=pBevel4,1,12,5,209,496,168
pCheckBox15=Contig,1,3,30,232,120,18,True
pCheckBox16=Coreinfo,1,3,30,252,120,18,True
pCheckBox17="Disk Extent Runner",1,3,30,272,120,18,True
pCheckBox18="Disk Usage",1,3,30,292,120,18,True
pCheckBox19="EFS Dumper",1,3,30,312,120,17,True
pCheckBox20=Handle,1,3,30,332,120,18,True
pCheckBox21=Hex2Dec,1,3,30,352,120,18,True
pCheckBox22="LDM Dump",1,3,200,232,120,18,True
pCheckBox23="List DLLs",1,3,200,252,120,18,True
pCheckBox24="NTFS Info",1,3,200,272,120,18,True
pCheckBox25="Physical Memory",1,3,200,292,120,18,True
pCheckBox26="Pipe List",1,3,200,312,120,18,True
pCheckBox29="Process Kill",1,3,200,332,120,18,True
pCheckBox30="Process List",1,3,365,232,120,18,True
pCheckBox31="Process Services",1,3,365,252,120,18,True
pCheckBox32="Process Suspend",1,3,365,272,120,18,True
pCheckBox33="Secure Delete",1,3,365,292,120,18,True
pCheckBox34=Strings,1,3,365,312,120,18,True
pCheckBox35=Sync,1,3,365,332,120,18,True

before: http://img211.imageshack.us/img211/7171/beforecu5.png
afterfix: http://img211.imageshack.us/img211/8418/aftertx5.png
i hope you like it

QUOTE
Process Monitor starts in LiveXP but then pops up a dialog saying that XP SP2 is required

this didnt happen with my trial, i open Process Monitor and left it about 10 minutes (i was on the phone (IMG:../forums/style_emoticons/default/smile.gif) ) no such popup came.


Thanks a lot Jonf for starting this development (IMG:../forums/style_emoticons/default/biggrin.gif)
Go to the top of the page
 
+Quote Post
dera
post Sep 28 2008, 07:51 PM
Post #3


Advanced Member
***

Group: Members
Posts: 173
Thank(s): 22
Joined: 17-January 07
Member No.: 2,603


Hungary


Thanks for this nice script!
QUOTE (JonF @ Sep 28 2008, 01:11 PM) *
Process Monitor starts in LiveXP but then pops up a dialog saying that XP SP2 is required.
I noticed in LiveXP this message "Process Monitor requires Windows XP SP2 or higher"
doesn't come up if FBWF used,
so supposing it is somehow related to the 'FltMgr' services
I tried to add this service to my build - based on the corresponding lines from the CreateISO.script
including the line:
IniWrite,"%target_win%\TXTSETUP.SIF","BusExtenders.Load","fltmgr","fltmgr.sys"
but still noticed Procmon.exe needs to be placed in a writable folder
(At first I tried to copy Procmon.exe to my ramdrive
starting from here there is no such error message, Pocess Monitor starts fine
and after it for the second time tried to start from the original locatin 'X:\Program Files\Sysinternals_Suite' which is not writable
and starngely now Procmon starts without problem.
I also have success adding 'FltMgr' services + using the BootSDI method)
Go to the top of the page
 
+Quote Post
JonF
post Sep 28 2008, 09:08 PM
Post #4


Advanced Member
***

Group: Advanced user
Posts: 389
Thank(s): 46
Joined: 7-January 07
From: Boston, MA
Member No.: 2,319


United States


QUOTE (Lancelot @ Sep 28 2008, 02:43 PM) *
in my first trial, script couldnt download and gave lots of warning in log file (file couldnt deleted, etc)
second trial downloaded successfully, and no problem

I hae no idea why that happened.

QUOTE
Taking lines from HDM8.script
why not put a warning if download couldnt archive?
with some other modifications sth like:

CODE
WebGet,"http://download.sysinternals.com/Files/SysinternalsSuite.zip","%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip"
If,NotExistFile,"%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip",Run,%ScriptFile%,ExitMessage1

[ExitMessage1]
Message,"Install file 'SysinternalsSuite.zip' could not be downloaded",Error

I'm not sure whether I like that or not ... I will have to think about it.

QUOTE
also why delete downloaded file?
FileDelete,%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip
wouldnt be nicer to make it remain as source?, or maybe someone like to use it for another purpose!

I remember when a 30 MB disk was huge, but needed constant maintenance to keep enough space open. I have to delete unneeded files! I can't help it. (IMG:../forums/style_emoticons/default/biggrin.gif)

QUOTE
At least i can do a cosmetic (interface) support i guess
Here is interface section after i made fixes

Thanks! I was not aware that some people have a gray background. My background is white so I don't see the oversize boxes.

QUOTE
this didnt happen with my trial, i open Process Monitor and left it about 10 minutes (i was on the phone (IMG:../forums/style_emoticons/default/smile.gif) ) no such popup came.

Was it logging events to the window?
Go to the top of the page
 
+Quote Post
JonF
post Sep 28 2008, 09:14 PM
Post #5


Advanced Member
***

Group: Advanced user
Posts: 389
Thank(s): 46
Joined: 7-January 07
From: Boston, MA
Member No.: 2,319


United States


QUOTE (dera @ Sep 28 2008, 03:51 PM) *
Thanks for this nice script!
I noticed in LiveXP this message "Process Monitor requires Windows XP SP2 or higher"
doesn't come up if FBWF used,
so supposing it is somehow related to the 'FltMgr' services
I tried to add this service to my build - based on the corresponding lines from the CreateISO.script
including the line:
IniWrite,"%target_win%\TXTSETUP.SIF","BusExtenders.Load","fltmgr","fltmgr.sys"
but still noticed Procmon.exe needs to be placed in a writable folder
(At first I tried to copy Procmon.exe to my ramdrive
starting from here there is no such error message, Pocess Monitor starts fine
and after it for the second time tried to start from the original locatin 'X:\Program Files\Sysinternals_Suite' which is not writable
and starngely now Procmon starts without problem.
I also have success adding 'FltMgr' services + using the BootSDI method)

Now that is very interesting. It gives me some ideas ...

Thanks!
Go to the top of the page
 
+Quote Post
Lancelot
post Sep 28 2008, 11:12 PM
Post #6


Bug Catcher
***

Group: Advanced user
Posts: 675
Thank(s): 48
Joined: 8-May 08
Member No.: 15,072


Turkey


**
QUOTE
I hae no idea why that happened.
...
I'm not sure whether I like that or not ... I will have to think about it.

i hope you add this option, in some situations one may not have internet option (or in my case download didnt suceed first time) or maybe cant connect, so when script selected and build made without files, there will be only a warning on log which describes the situation

**
sorry, i get error now, my mistake, i mixed process exp - process mon in mind (IMG:../forums/style_emoticons/default/frusty.gif) (IMG:../forums/style_emoticons/default/smile.gif)
for forgiveness (IMG:../forums/style_emoticons/default/rolleyes.gif)
here is sth i write that can help for development so it will fix for cases that an error seen i guess (after dera's adding or using fbwf).
CODE
FileCreateBlank,%Target_Prog%\%ProgramFolder%\Procmon_temp.cmd
TXTAddLine,%Target_Prog%\%ProgramFolder%\Procmon_temp.cmd,"copy#$s/y#$sProcmon.exe#$s#$pTemp#$p",APPEND
TXTAddLine,%Target_Prog%\%ProgramFolder%\Procmon_temp.cmd,"start#$s#$pTemp#$p\Procmon.exe",APPEND
Add_Shortcut,Desktop,,"%PE_Programs%\%ProgramFolder%\Procmon_temp.cmd","Process Monitor_Cmd",,,"%PE_Programs%\%ProgramFolder%\Procmon.exe",1

only i dont know how to create a shortcut with option= 'Run: "Minimized"' (or i forgot) , so for now you see a black cmd screen for a second before process mon starts (IMG:../forums/style_emoticons/default/smile.gif) .

an idea
if this only happens with process mon, maybe putting a warning with a textbox on gui saying "Process Monitor requires FBWF or BootSDI" maybe enough?

**
QUOTE
I remember when a 30 MB disk was huge, but needed constant maintenance to keep enough space open. I have to delete unneeded files! I can't help it.

i know your feelings very well (IMG:../forums/style_emoticons/default/smile.gif) with same feeling you have, i have a feeling of "i have to go back (IMG:../forums/style_emoticons/default/merc.gif) to begining if needed" feeling i cant help after lots of experience (IMG:../forums/style_emoticons/default/smart.gif)
Here is a midway if you agree:

[Interface]
....
pCheckBox60="Delete SysinternalsSuite.zip after download",1,3,15,380,280,18,False

and changed line
FileDelete,%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip
to
If,%pCheckBox60%,Equal,True,FileDelete,%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip

**
QUOTE
Thanks! I was not aware that some people have a gray background. My background is white so I don't see the oversize boxes.

well, main problem was the "scroll bar" of left and right (bottom) and 2 boxes at the top where text didnt fit well. As i start a fix for them, i continue to do the rest (IMG:../forums/style_emoticons/default/cool.gif)
besides
i advice gray background, good for eyes, and some bonus benefits ex: when using word, winbuilder etc.. I use classic theme with gray background since win98 (IMG:../forums/style_emoticons/default/smile.gif)
ps: not default gray, if you want to give a try, use the gray taken from pictures i sent
Go to the top of the page
 
+Quote Post
JonF
post Sep 29 2008, 12:54 AM
Post #7


Advanced Member
***

Group: Advanced user
Posts: 389
Thank(s): 46
Joined: 7-January 07
From: Boston, MA
Member No.: 2,319


United States


QUOTE (Lancelot @ Sep 28 2008, 07:12 PM) *
i hope you add this option, in some situations one may not have internet option (or in my case download didnt suceed first time) or maybe cant connect, so when script selected and build made without files, there will be only a warning on log which describes the situation

I think it does make sense ... I will add something along that line.

QUOTE
here is sth i write that can help for development so it will fix for cases that an error seen i guess (after dera's adding or using fbwf).
CODE
FileCreateBlank,%Target_Prog%\%ProgramFolder%\Procmon_temp.cmd
TXTAddLine,%Target_Prog%\%ProgramFolder%\Procmon_temp.cmd,"copy#$s/y#$sProcmon.exe#$s#$pTemp#$p",APPEND
TXTAddLine,%Target_Prog%\%ProgramFolder%\Procmon_temp.cmd,"start#$s#$pTemp#$p\Procmon.exe",APPEND
Add_Shortcut,Desktop,,"%PE_Programs%\%ProgramFolder%\Procmon_temp.cmd","Process Monitor_Cmd",,,"%PE_Programs%\%ProgramFolder%\Procmon.exe",1

only i dont know how to create a shortcut with option= 'Run: "Minimized"' (or i forgot) , so for now you see a black cmd screen for a second before process mon starts (IMG:../forums/style_emoticons/default/smile.gif) .

Well, in this case you can do:

Add_Shortcut,StartMenu,%pTextBox1%,%PE_Programs%\%ProgramFolder%\RunTool.exe,Process Monitor,,Procmon,%PE_Programs%\%ProgramFolder%\Procmon.exe

"Runtool procmon" checks if it is in a writable folder. If not, it copies procmon.* to %temp%, runs procmon.exe, and then deletes %temp%\procmon.*. I put the source code in an attachment in the script.

QUOTE
i know your feelings very well (IMG:../forums/style_emoticons/default/smile.gif) with same feeling you have, i have a feeling of "i have to go back (IMG:../forums/style_emoticons/default/merc.gif) to begining if needed" feeling i cant help after lots of experience (IMG:../forums/style_emoticons/default/smart.gif)
Here is a midway if you agree:

[Interface]
....
pCheckBox60="Delete SysinternalsSuite.zip after download",1,3,15,380,280,18,False

and changed line
FileDelete,%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip
to
If,%pCheckBox60%,Equal,True,FileDelete,%ScriptDir%\%ProgramFolder%\SysinternalsSuite.zip

Yes, I was coming to the same idea.
Go to the top of the page
 
+Quote Post
The Following 1 Users Say Thank You to JonF For This Useful Post:
Lancelot
JonF
post Sep 30 2008, 11:36 AM
Post #8


Advanced Member
***

Group: Advanced user
Posts: 389
Thank(s): 46
Joined: 7-January 07
From: Boston, MA
Member No.: 2,319


United States


QUOTE (dera @ Sep 28 2008, 03:51 PM) *
Thanks for this nice script!
I noticed in LiveXP this message "Process Monitor requires Windows XP SP2 or higher"
doesn't come up if FBWF used,
so supposing it is somehow related to the 'FltMgr' services
I tried to add this service to my build - based on the corresponding lines from the CreateISO.script
including the line:
IniWrite,"%target_win%\TXTSETUP.SIF","BusExtenders.Load","fltmgr","fltmgr.sys"

Hum. I'm not getting any luck starting fltmgr.sys without FBWF. "net start fltmgr" gives the "the service name is invalid". Any hints?
Go to the top of the page
 
+Quote Post
dera
post Sep 30 2008, 01:20 PM
Post #9


Advanced Member
***

Group: Members
Posts: 173
Thank(s): 22
Joined: 17-January 07
Member No.: 2,603


Hungary


I use WB075 beta5
and the LiveXP project what currently available on the 'livexp.boot-land.net' server
and modified and added exactly this:
CODE
// Process Monitor
If,%pCheckBox6%,Equal,True,Begin
FileCopy,%ScriptDir%\%ProgramFolder%\procmon.*,%Target_Prog%\%ProgramFolder%
Add_Shortcut,StartMenu,%pTextBox1%,%PE_Programs%\%ProgramFolder%\RunTool.exe,Process Monitor,,Procmon,%PE_Programs%\%ProgramFolder%\Procmon.exe
If,%pCheckBox7%,Equal,True,Add_Shortcut,Desktop,,%PE_Programs%\%ProgramFolder%\RunTool.exe,Process Monitor,,Procmon,%PE_Programs%\%ProgramFolder%\Procmon.exe
If,%pCheckBox8%,Equal,True,Add_Shortcut,QuickLaunch,,%PE_Programs%\%ProgramFolder%\RunTool.exe,Process Monitor,,Procmon,%PE_Programs%\%ProgramFolder%\Procmon.exe
If,%Project_Type%,NotEqual,VistaPE,Run,%ScriptFile%,add_fltmgr
End

[add_fltmgr]
require_file,fltlib.dll
require_file,drivers\fltmgr.sys
Hive_Load,HKLM
reg_add,0x4,"%reg%\ControlSet001\Services\FltMgr","Type","2"
reg_add,0x4,"%reg%\ControlSet001\Services\FltMgr","Start","0"
reg_add,0x4,"%reg%\ControlSet001\Services\FltMgr","ErrorControl","1"
reg_add,0x4,"%reg%\ControlSet001\Services\FltMgr","Tag","4"
reg_add,0x2,"%reg%\ControlSet001\Services\FltMgr","ImagePath","system32\DRIVERS\fltmgr.sys"
reg_add,0x1,"%reg%\ControlSet001\Services\FltMgr","DisplayName","FltMgr"
reg_add,0x1,"%reg%\ControlSet001\Services\FltMgr","Group","FSFilter Infrastructure"
reg_add,0x1,"%reg%\ControlSet001\Services\FltMgr","Description","File System Filter Manager Driver"
reg_add,0x4,"%reg%\ControlSet001\Services\FltMgr","AttachWhenLoaded","0"
reg_add,0x1,"%reg%\ControlSet001\Services\FltMgr\Enum","0","Root\LEGACY_FLTMGR\0000"
reg_add,0x4,"%reg%\ControlSet001\Services\FltMgr\Enum","Count","1"
reg_add,0x4,"%reg%\ControlSet001\Services\FltMgr\Enum","NextInstance","1"
reg_add,0x4,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR","NextInstance","1"
reg_add,0x1,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR\0000","Service","FltMgr"
reg_add,0x4,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR\0000","Legacy","1"
reg_add,0x4,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR\0000","ConfigFlags","0"
reg_add,0x1,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR\0000","Class","LegacyDriver"
reg_add,0x1,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
reg_add,0x1,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR\0000","DeviceDesc","FltMgr"
reg_add,0x1,"%reg%\ControlSet001\Enum\Root\LEGACY_FLTMGR\0000\Control","ActiveService","FltMgr"
Hive_Unload,HKLM
If,NotExistSection,"%target_win%\TXTSETUP.SIF","BusExtenders.Load",IniAddSection,"%target_win%\TXTSETUP.SIF","BusExtenders.Load"
IniWrite,"%target_win%\TXTSETUP.SIF","BusExtenders.Load","fltmgr","fltmgr.sys"
if this line not added:
IniWrite,"%target_win%\TXTSETUP.SIF","BusExtenders.Load","fltmgr","fltmgr.sys"
I had to start manually with 'net start fltmgr'

EDIT:
or also possible to use this line:
IniWrite,"%target_win%\TXTSETUP.SIF","FileSystems.Load","fltmgr","fltmgr.sys"
Go to the top of the page
 
+Quote Post
The Following 1 Users Say Thank You to dera For This Useful Post:
Lancelot
JonF
post Sep 30 2008, 09:57 PM
Post #10


Advanced Member
***

Group: Advanced user
Posts: 389
Thank(s): 46
Joined: 7-January 07
From: Boston, MA
Member No.: 2,319


United States


QUOTE (dera @ Sep 30 2008, 09:20 AM) *
I use WB075 beta5
and the LiveXP project what currently available on the 'livexp.boot-land.net' server
and modified and added exactly this:

Geat! Now it works! And it does allow running from the original read-only location after running once from a writable location.

If I try to run it from the original location first, it pops up a message saying that administrative privileges are required.

The link in the first message now points to version 2, with dera's way of running Process Monitor and Lancelots various improvements incorporated.
Go to the top of the page
 
+Quote Post
« Next Oldest · Development · Next Newest »
 

2 Pages V   1 2 >
Fast ReplyReply to this topicStart new topic
3 User(s) are reading this topic (3 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

RSS Lo-Fi Version Time is now: 12th October 2008 - 09:04 AM

W3C XHTML • © 2008 Boot Land • All rights reserved • W3C CSS