Live disk

Do you know of a feature that UVK should have? Post it here!
Charger440
Posts: 1528
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Live disk

Post by Charger440 »

Fred

I had a messed up pc today and I booted from a live disk. The tools in uvk wanted to tell me my live system was fine (duh! ) :) I think it could be nice to have the option to tell uvk which partition we want to work from in cases like this. What's your thoughts?

Jim
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Fred
Site Admin
Posts: 2322
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Live disk

Post by Fred »

Hi Jim.

To make UVK work from an offline drive is possible, but it would require modifying the whole application. I would have to make UVK load the registry hives of offline system, and get the information from them. Also, command related fixes would no longer work. (rundll32, regsvr32, netsh, etc). All the fixes would have to work directly with the offline registry and file system.

I guess the only way out would be to make a UVK based application to work with offline drives, but it would still take a very long time to build.

It is scheduled to be done in the future, but I can't tell when I will start, given the number of projects I'm working on...
The only thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Charger440
Posts: 1528
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Re: Live disk

Post by Charger440 »

No worries Fred. I knew it would take some work when I posted that and I knew there was a chance you would not do it. But as long as its "on a burner" even if it's a back burner I'm happy :) Actually I. Would have been OK if you just said no but your cool like that ;)

Jim
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Brink
Posts: 280
Joined: Thu Jun 12, 2014 3:36 pm

Re: Live disk

Post by Brink »

+1 as I would use this version as well.
manwdaplan
Posts: 2
Joined: Tue Feb 24, 2015 12:39 am

Re: Live disk

Post by manwdaplan »

I would paid for a extra for a live USB or CD with your software on it. Maybe with Windows PE or something. Treat it as a separate product.
Brink
Posts: 280
Joined: Thu Jun 12, 2014 3:36 pm

+1 on "Would pay extra for this version"

Post by Brink »

May even help cover development costs on portable windows PE version. ;)
wmmiller
Posts: 1097
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Live disk

Post by wmmiller »

I find this interesting and would like to check it out if it happens, but personally I prefer to work on windows when it’s in a running state. I often kill the internet connection if needed, but I like windows to be booted up and have anything that’s going to start up or run to be running. Other than using a boot disk to delete passwords, delete stubborn files, kill the FBI type locks, Acronis and work with partitions I haven’t used one for a long time. That being said, I do have a USB stick with several bootable ISO’s on it. :)

Bill

Gosh! I didn’t mean to be a thread killer. :P
Play stupid games….win stupid prizes
Brink
Posts: 280
Joined: Thu Jun 12, 2014 3:36 pm

Re: Live disk

Post by Brink »

Is there anything in the works for this?
Brink
Posts: 280
Joined: Thu Jun 12, 2014 3:36 pm

Re: Live disk

Post by Brink »

Fred,

It wouldn't seem (to the layman) that it wouldn't be such a big deal that it would require a rewrite. Couldn't you just put a "Connect to remote system" button in the options section? The button would open a dialog that allows the user to choose the harddisk/partition where the windows installation lives. Then when the user clicks ok, the environment variables for UVK are set to be relevant to that instead of %system root%.

I know that there are way more environment variables than just %system root% but the point would be to "hard code" them based on user input that was set by the dialog. An I know it's easy for me to sit back and ask for things, But this would be useful beyond measure if UVK could do it.

Thanks for considering. :|
Fred
Site Admin
Posts: 2322
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Live disk

Post by Fred »

Brink, I wish it were that easy. And if it was that easy, don't you think I would already have done it?

An application like UVK makes many calls to the system's DLL functions, and even commands. Those would no longer work, because the system we want to analyze is not the one we're running in.

It's quite easy to change environment variables, but there's much more to it.
The only thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Brink
Posts: 280
Joined: Thu Jun 12, 2014 3:36 pm

Re: Live disk

Post by Brink »

We in that case we will just have to be thankful for what you have given us to work with. (Which I am)
Charger440
Posts: 1528
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Re: Live disk

Post by Charger440 »

Brink

For instance, %programFiles% would point to your live Disk(which we know is clean) and would therefore tell you all is good (which we know it's not). One way around this would something like:

Code: Select all

If($RemoteMachine)
   %Programfiles% = $RemoteMachine
Endif
Which does not look that hard but Fred would have to do this for the entire system. He could streamline that and make it better but either way he has to modify the code through out the entire program to make that work.
It is doable and he can do it but it's a lot of work even on the minimalist side.

Another example would be reading an writing the registry. The API/Framework controls he would be using would reference data from the Hives on the live disk. This again is not where the data we want is. He can make it work but essentially he has to write own version of an offline registry editor unless he can find a premade one that he can command line switch edit the registry with. This method I don't imagine would be calming to ones nerves if it was done that way though.

I just asked if could make an app that changes 4 things in an offline registry and I am not sure how much trouble that would be. Can you imagine doing it for the whole program?

On the plus side Fred has not said he wont do it. So there is still hope for the future...........
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Fred
Site Admin
Posts: 2322
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Live disk

Post by Fred »

I actually said I will do it. But I have to finish the projects I'm working on first.
The only thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Charger440
Posts: 1528
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Re: Live disk

Post by Charger440 »

Fred

Hey that's a bonus :)

This is a big undertaking and I'm not sure the benefit to doing it would be very high so I'm cool with it if it takes you a while. To be honest with you there are prolly only some features I would ever even use anyway.

Maybe when you do get at some point you could make a limited Live disk version? That would cut way down on your work and I really don't think a lot of features would get used from a live disk anyway..
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Fred
Site Admin
Posts: 2322
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Live disk

Post by Fred »

The live disk version is going to be definitely limited. Some features wont make sense to be present, such as the Process manager or the modules manager, because there will be no process running in the offline system.
The only thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Charger440
Posts: 1528
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Re: Live disk

Post by Charger440 »

I was kinda thinking clean up the registry, startup stuff and maybe clean out the App data folder. Is there anything else that would really be useful on a live disk?
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Fred
Site Admin
Posts: 2322
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Live disk

Post by Fred »

Of course. Much more. Services and drivers, programs - check for malware and give option to delete.

Some fixes could still be executed, such as reset permissions, browsers, policies, run offline sfc scan, fix browser hijacks, and many other fixes, but the need to be adjusted.
The only thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Charger440
Posts: 1528
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Re: Live disk

Post by Charger440 »

Offline SFC would be good, I would just have to wait and see what you think we need. You're usually pretty well right on how to do things.. I have faith in you :)
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Brink
Posts: 280
Joined: Thu Jun 12, 2014 3:36 pm

Re: Live disk

Post by Brink »

Bump. I just thought that since this thread was almost three years old it may have been forgotten. Just wanted to let you know that some of us still hope for an offline version. :)
Fred
Site Admin
Posts: 2322
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Live disk

Post by Fred »

Hey Brink. I'm already working on a new tool that can be executed from a live disk and can work with an offline system. It will be a different tool, though. You can think of it as an advanced, more dynamic version of UVK.

Development is slow because we still need to keep the actual programs up to date, ensuring all their functionality is working.
The only thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Post Reply