Hello dear guest!

Boot Land is a community driven pc software site established since 2006 and focused on recovery/backup boot disks, research of Microsoft Windows 2000/XP/2003/Vista/7 install/deployment/lease/antivirus/antispam tools, customizing Microsoft Windows PE administration systems and even learning how to recover computer data from disaster situations!

How about joining our boot disk community? So do it. Life's short!

  - You get free access to our newsletter with all the interesting buzz about boot disks
  - We share publicity revenue with everyone who wishes to participate at the forums
  - Publicity is never, never, never displayed to members (along with many other cool things)
http://boot-land.net/register


2 Pages V   1 2 >  
Reply to this topic
 Unblock files from the cmd-line
post Apr 1 2009, 04:18 PM
Post #1
allanf
Gold Member   *****
Group: .script developer

  Joined: 5-June 07
Posts: 1,116
Thank(s): 73


Hi,

javascript (recursive)
http://blogs.msdn.com/gblock/archive/2006/...ie.aspx#8474015

vb script (recursive)
http://www.governmentsecurity.org/forum/in...showtopic=31445

batch (individual files)
http://www.robvanderwoude.com/amb_filestreams.php

direct cmd-line (syntax?)
http://forum.soft32.com/windows/unblock-fi...pict307142.html

sysinternals streams.exe
http://technet.microsoft.com/en-us/sysinte...s/bb897440.aspx


Warning: Unblocking files willy-nilly is not recommended.

However, it may be useful in certain situations.

Regards smile.gif


--------------------
Reminding lancelot: You know what a "bugie" is.
It's not a bug; it's that green thing hanging out of your snotty nose.
... :rofl: ...


2 user(s) said "Thank you!" to allanf for this fantastic post:
amalux, Nuno Brito
+Quote Post
post Apr 1 2009, 07:26 PM
Post #2
was_jaclaz
Finder   ******
Group: Advanced user

  Joined: 14-July 06 From: Gone in the mist

Posts: 7,226
Thank(s): 561


Italy


Well, not entirely accurate. wink.gif

about this:
QUOTE
batch (individual files)
http://www.robvanderwoude.com/amb_filestreams.php


from "normal" batch (CMD.EXE) you cannot delete streams if not through the use of STREAMS.EXE.

The example by Mark Stang, when it says that "del test" deletes all three created streams is not entirely accurate, as it deletes the 3 created streams AND DELETES the "test" file!

Streams.exe "streams -d test" will delete the three streams AND KEEPS the "test" file.

NOT the same effect. happy22.gif

The UnBlock.bat batch file by Rob replaces the "wrong" value ZoneId=3 with a "safe one ZoneId=1, but the stream is still there.

about this:
QUOTE
direct cmd-line (syntax?)
http://forum.soft32.com/windows/unblock-fi...pict307142.html


it is very possible that 4NT (as opposed to CMD.EXE) has these capabilities. smile.gif

cheers.gif

jaclaz



--------------------

Light Blue Ribbon Campaign for Freedom of Skin

But ... then, why?
+Quote Post
post Apr 1 2009, 07:48 PM
Post #3
dog
Frequent Member   ***
Group: Advanced user

  Joined: 18-July 06
Posts: 143
Thank(s): 16


Unblocking meaning removing Alternate Data Streams smile.gif
Why not willy-nilly? IE / FF only apply ADS to files you download, so if you only download files you want...
I'm using this with bart/FF3.06 at the mo:
CODE
[Software.AddReg]
0x4, "Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3","1806", 0x00000000
[Default.AddReg]
0x4, "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3","1806", 0x00000000
+Quote Post
post Apr 2 2009, 12:46 AM
Post #4
allanf
Gold Member   *****
Group: .script developer

  Joined: 5-June 07
Posts: 1,116
Thank(s): 73


QUOTE (jaclaz @ Apr 2 2009, 05:26 AM) *
Well, not entirely accurate. wink.gif

Did anywhere I mention 'delete'? ... happy22.gif ... biggrin.gif ...

I think Rob van der Woude is being very conservative (cautious) in his approach.

QUOTE
I admit I have been hesitant about publishing this batch file...


Resetting the value to "1" seems to have the same effect as deleting the stream.

Interesting that files extracted from a downloaded .zip using XP SP2's unzip wizard did not have the zone.identifier like the parent .zip file.

I have used that method to customize my WinPE 2.1 - unzipping directly to the mounted image. Now I have discovered that this unzip loop-hole has been 'repaired' with Win7 beta (possibly Vista too), and found that, when building on Win7 beta, virtually all the customization .exe files in the image of my WinPE are now being blocked. ... mad.gif ...

In WinPE, there is no nice, user-friendly pop-up to say what's going on. Depending on how the file is executed - shortcut, cmd-line, filemanager, etc - there can be a weird error message, or simply nothing.

Any chance of a recursive batch to run at boot-up of WinPE targeting WinPE's 'customized %SystemDrive%\Program Files'? Files can stay blocked on the host, but they all need to be unblocked in WinPE.

So far, tested only in Virtual PC. Apparently the blocking is also disabled if the files are transferred to a non-NTFS. I assume this work-around may not apply when the files are actually contained in a .wim image on a non-NTFS, such as CD, and then loaded into RAM. Still blocked?

QUOTE (dog @ Apr 2 2009, 05:48 AM) *
Unblocking meaning removing Alternate Data Streams smile.gif
Why not willy-nilly? IE / FF only apply ADS to files you download, so if you only download files you want...

Yes. I wondered that too. Just restating a disclaimer from the links. I thought willy-nilly should be OK, especially when I read that it is problem feature when downloading files with IE only. You say it is now a problem feature of Firefox too. ... rolleyes.gif ...

Thanks smile.gif

Edited to make clearer (hopefully).


--------------------
Reminding lancelot: You know what a "bugie" is.
It's not a bug; it's that green thing hanging out of your snotty nose.
... :rofl: ...
+Quote Post
post Apr 2 2009, 09:12 AM
Post #5
allanf
Gold Member   *****
Group: .script developer

  Joined: 5-June 07
Posts: 1,116
Thank(s): 73


A little bit more info (from what I can gather).

The javascript and the vb script replace the stream with a blank. The stream still exists, but the file is unblocked.

The batch rewrites the stream with the ZoneID=1, unblocking the file that way.

AFAIK, apart from streams.exe, the only thing that can actually delete the stream is a 'FOR' statement on a cmd-line or in a batch. 'DEL' (delete) on its own does not seem to be able to find the stream.

Regards smile.gif


--------------------
Reminding lancelot: You know what a "bugie" is.
It's not a bug; it's that green thing hanging out of your snotty nose.
... :rofl: ...
+Quote Post
post Apr 2 2009, 09:29 AM
Post #6
was_jaclaz
Finder   ******
Group: Advanced user

  Joined: 14-July 06 From: Gone in the mist

Posts: 7,226
Thank(s): 561


Italy


QUOTE (allanf @ Apr 2 2009, 11:12 AM) *
AFAIK, apart from streams.exe, the only thing that can actually delete the stream is a 'FOR' statement on a cmd-line or in a batch. 'DEL' (delete) on its own does not seem to be able to find the stream.


As said, NO. sad.gif

Not under CMD.EXE, you need a command interpreter that "knows" about streams.

Or post a snippet of code that works....happy22.gif

jaclaz


--------------------

Light Blue Ribbon Campaign for Freedom of Skin

But ... then, why?
+Quote Post
post Apr 2 2009, 11:17 AM
Post #7
allanf
Gold Member   *****
Group: .script developer

  Joined: 5-June 07
Posts: 1,116
Thank(s): 73


QUOTE (jaclaz @ Apr 2 2009, 08:29 PM) *
As said, NO. sad.gif

Not under CMD.EXE, you need a command interpreter that "knows" about streams.

Or post a snippet of code that works....happy22.gif

jaclaz


'MORE < whatever.exe:zone.identyifier' knows all about streams, outputing:

QUOTE
[ZoneTransfer]
ZoneID key=3


I thought I had deleted a stream while trying to adapt that 4NT command. Now I think about it, it was entering the effective commands from Rob's batch that did the trick.

Sorry 'bout that. ... smile.gif ...

Have you got a snippet so that I can determine whether or not FOR is actually aware of the streams?

CODE
FOR %F IN (*.exe:Zone.Identifier) DO DEL %F

... doesn't generate an error! It just doesn't do anything AFAICT ... biggrin.gif ...

Nevermind. I can unblock all the files with the vb script. Was hoping for something with a few less bells and whistles.

Thanks smile.gif


--------------------
Reminding lancelot: You know what a "bugie" is.
It's not a bug; it's that green thing hanging out of your snotty nose.
... :rofl: ...
+Quote Post
post Apr 2 2009, 12:26 PM
Post #8
dog
Frequent Member   ***
Group: Advanced user

  Joined: 18-July 06
Posts: 143
Thank(s): 16


ADS is an NTFS feature, so copying these files to CDFS or FAT and then back would remove any streams.
But if you're wanting something to run on PE2.1 users' downloads, I guess a script is friendlier than altering their zone settings smile.gif
+Quote Post
post Apr 2 2009, 04:43 PM
Post #9
was_jaclaz
Finder   ******
Group: Advanced user

  Joined: 14-July 06 From: Gone in the mist

Posts: 7,226
Thank(s): 561


Italy


It would be interesting to find other command interpreters, like the Commercial 4NT, as documented in the referenced thread, that have "access" to streams:
http://www.petri.co.il/alternative-command...for-windows.htm

http://squirrelsh.sourceforge.net/

http://www.winone.com.au/
(also Commercial)

I doubt however that "unix derived" shells like tcsh or zsh may have this features. dubbio.gif

Maybe the Free TCCLE (from the same makers of 4NT) has this feature? unsure.gif:
http://www.jpsoft.com/tccledes.htm

jaclaz


--------------------

Light Blue Ribbon Campaign for Freedom of Skin

But ... then, why?
+Quote Post
post Apr 3 2009, 02:35 AM
Post #10
allanf
Gold Member   *****
Group: .script developer

  Joined: 5-June 07
Posts: 1,116
Thank(s): 73


QUOTE (dog @ Apr 2 2009, 10:26 PM) *
ADS is an NTFS feature, so copying these files to CDFS or FAT and then back would remove any streams.
But if you're wanting something to run on PE2.1 users' downloads, I guess a script is friendlier than altering their zone settings smile.gif


Yeah. Winbuilder is a powerful thing. IMO, it wouldn't be right to fool around with any type of security settings on a host PC, even for files downloaded under instructions from a winbuilder script.

So, the task is to perform the unblocking only on files in the booted WinPE. Hell. Can do almost anything to WinPE as long as there's no interference with the offline OS on the host. Next time WinPE boots, it's always back to square one. That's what I like about it.

The registry changes posted earlier might be the simplest solution. A call to reg in startnet.cmd. I haven't really looked at it yet... side-tracked with cmd commands - trying to write a single line for startnet.cmd to recurse through "x:\program files" replacing the zone.identifier data with blanks. Not sure if all files need to be unblocked. So far as my testing goes, it seems that only the .exe files need unblocking for a program to work.

The javascript and vb script work OK but I like to write the script files on-the-fly in winbuilder with FileCreateBlank... TxtAddLine... etc. They're too cumbersome for a job that simply needs to be done with a minimum of fuss - no questions asked. Bang! - unblock the lot as quickly as possible.


Apparently, in Vista, a new switch was introduced for DIR.
QUOTE
/R Display alternate data streams of the file


It works in Win7 beta, but not in WinPE 2.1 (from WAIK 1.1 released for Vista SP1).


Regards smile.gif


--------------------
Reminding lancelot: You know what a "bugie" is.
It's not a bug; it's that green thing hanging out of your snotty nose.
... :rofl: ...
+Quote Post

2 Pages V   1 2 >
Reply to this topic
1 User(s) are reading this topic ()



Collapse

  Topic Replies Topic Starter Views Last Action
No New Posts Topic has attachmentsThe USB-Stick Benchmark Thread
5 MedEvil 227 8th June 2010 - 10:44 PM
Last post by: MedEvil
No new The mistery of Windows 7 install required CD/DVD
booted through grub4dos .iso mapping
18 was_jaclaz 5,956 26th May 2010 - 01:36 PM
Last post by: steve6375
No new the usb perfect key
creating a multiboot usb with lots of cool tools
32 cragunkurtis25 3,290 25th May 2010 - 04:26 PM
Last post by: florin91
No New Posts the senior is a beginner in beginning
1 allhigh 298 1st May 2010 - 02:39 PM
Last post by: Nuno Brito
No New Posts The Dating Forum
Here's something you don't see very often do you?
3 Nuno Brito 561 2nd April 2010 - 03:08 AM
Last post by: Nuno Brito





    

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum