Internal set => WindowsAdk.imagePath圆4 = value WindowsAdk.imagePath圆4 = Path.Combine(WindowsAdk.AdkPath, "Assessment and Deployment Kit\\Windows Preinstallation Environment\\amd64\\en-us") Internal set => WindowsAdk.oscdImagePathx86 = value WindowsAdk.oscdImagePathx86 = Path.Combine(WindowsAdk.AdkPath, "Assessment and Deployment Kit\\Deployment Tools\\x86\\Oscdimg") Internal set => WindowsAdk.oscdImagePath圆4 = value WindowsAdk.oscdImagePath圆4 = Path.Combine(WindowsAdk.AdkPath, "Assessment and Deployment Kit\\Deployment Tools\\amd64\\Oscdimg") Internal set => WindowsAdk.bootFilesPathx86 = value WindowsAdk.bootFilesPathx86 = Path.Combine(WindowsAdk.AdkPath, "Assessment and Deployment Kit\\Windows Preinstallation Environment\\x86\\Media") Internal set => WindowsAdk.bootFilesPath圆4 = value WindowsAdk.bootFilesPath圆4 = Path.Combine(WindowsAdk.AdkPath, "Assessment and Deployment Kit\\Windows Preinstallation Environment\\amd64\\Media") Public static bool IsValidAdkPath() => Directory.Exists(WindowsAdk.BootFilesPath圆4) & Directory.Exists(WindowsAdk.BootFilesPathx86) & Directory.Exists(WindowsAdk.OscdImagePath圆4) & Directory.Exists(WindowsAdk.OscdImagePathx86) & Directory.Exists(WindowsAdk.ImagePath圆4) & Directory.Exists(WindowsAdk.ImagePathx86) & Directory.Exists(WindowsAdk.OptionalComponentPath圆4) & Directory.Exists(WindowsAdk.OptionalComponentPathx86) Internal set => WindowsAdk.adkPath = value WindowsAdk.adkPath = registryKey.GetValue("KitsRoot10", (object) null) as string RegistryKey registryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registr圓2).OpenSubKey("SOFTWARE\\Microsoft\\Windows Kits\\Installed Roots") String str = Path.Combine(Environment.GetFolderPath(86), "Windows Kits\\10\\") Private static string optionalComponentPathx86 Private static string optionalComponentPath圆4 Assembly location: D:\reverse\SetupCommonDLLCmp2\ NET decompiler a class .CustomActions with the following code: Using 7-zip was able to extract the files from the DLL so we could analyze them: We can see this extracts a number of files, which are deleted straight after being created. Rundll32.exe “C:\WINDOWS\SYSTEM32\SetupCommonDLLCmp2.dll”,zzzzInvokeManagedCustomActionOutOfProc SfxCA_5457953 7 !.DetectAdk When we run this while monitoring with Process Monitor we can see it triggers creating a process with the following command line: Public static extern uint MsiCloseHandle(IntPtr -TypeDefinition $code Public static extern uint DetectAdk(IntPtr hMsiHandle) Public static extern IntPtr MsiCreateRecord(uint cParams) Typically these will be a DLL or a Script.Īs this is a 32-bit DLL we can test calling this custom action with 32-bit PowerShell In Binary view we can extract this item by clicking the and Write Binary to Filename to save the item to disk. In Custom Action we can see DetectAdk action We could just remove the condition, however was curious how the check actually ocurred… Opening the installation MSI in Orca we can set a condition that will prevent the DaRTRecoveryImage feature from installing. We can check with ORCA how the ADK installation check is occurring. We could look for components not found either through Windows Installer logging, or ProcMon, but here want to demonstrate some ways to analyze how the installer is making the checks. Suspected the issue was a specific version is required, but the download link in the setup is a dead link and just takes you to a generic Microsoft page. However, the latest Windows ADK + Windows PE ADK component has been installed. It should prompt for your FOG username/password.Trying to create a DART recovery image, got the message during the installation from Microsoft Desktop Optimization Pack 2015 running installer from \DaRT\DaRT 10\Installers\en-us\圆4\MSDart100.msi You should have an Advanced Menu option towards the bottom. Change ‘Menu Show with:’ to ‘Advanced Options’. Go to FOG Configuration -> iPXE Menu CustomizationĬlick on fog.advanced. Item dart7 Microsoft Diagnostics and Recovery Toolset (DaRT7)Ĭhoose -default return -timeout 15000 target & goto $ Scroll all the way down and click the ‘Advanced configuration options’ to expand the menu. Next go to the web side of your FOG server. The inside of your folder should look like this: You’ll also want to download and extract wimboot and place those files inside the DaRT folder. Copy everything to /var/www/html/DaRT7 on your folder. Next you’ll need to either mount, burn, or extract the files inside the. So if you’re running something else the directions may be different.Īt this point I assume you’ve downloaded and installed DaRT and opened the ‘DaRT Recovery Image’ tool and created a custom. My FOG server is running on Ubuntu with apache2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |