UBCD4Win Forums: pcuser - Viewing Profile

Jump to content

pcuser's Profile User Rating: *****

Reputation: 8 Neutral
Moderator & Development
Active Posts:
3156 (1.41 per day)
Most Active In:
General Questions (1503 posts)
20-November 04
Profile Views:
Last Active:
User is offlineToday, 12:36 AM
Icon   pcuser has not set their status

Topics I've Started

  1. Ezpcfix V2.0

    Posted 11 Sep 2010

    It's been long overdue but worth the wait. I've spent ALOT of time on this new release but it's still not quite ready for release. Although it has the same name as previous versions, this new beast was built completely from scratch from the ground up with alot of thought and effort put into the actual framework that the program was built on. Here's some of the new features:

    Complete Vista/Windows7 and 64-bit support, including Wow6432Node registry redirection.

    EzPcFix now starts in "Local" mode which means that it shows locations from the currently running windows installation but at the same time automatically finds your "Remote" windows installations and lists them for you to choose from. When you select a remote windows installation, it automatically finds all users and their home directories and special directories for them such as cookies, temp, history... This also includes support for Roaming and Low-integrity locations.

    One of the most usefull features of this new framework is that it maps all drive letters as they are when booted to the remote windows installation. This means that if you've changed your D: drive to Z: in windows, It'll usually still be assigned to D: when booted to UBCD4Win. EzPcFix ignores the current drive letter assignments and treats it as Z: and does this for all drives and drive letters.

    Another nice feature of this new framework is that it loads all remote environment path variables (and also maps the drive letters) and uses them throughout the program. This means that if you have a file called Virus.exe without a path specified and an environment path variable called "Z:\MalwareFolder" , EzPcFix will find the file at D:\MalwareFolder\ Virus.exe (assuming that your Z: drive is currently assigned to D: in UBCD4Win).

    EzPcFix now has the ability to add items to a Red list (known bad items) and a Green list (known good items) which makes it really easy to see where problem areas are because you can tell it to hide all Green listed items, automatically select all Red listed items as well as a few other options.

    OK, the framework is really exciting but now on to the really good stuff. Here's a list of locations that are currently implemented and tested as of right now:


    Browser Helper Objects
    IE Toolbars
    URL Search Hooks
    Policies\Explorer\ {Run}
    Windows NT\CurrentVersion\ Windows\{Run}
    Windows NT\CurrentVersion\ Windows\{Load}
    Proxy Settings
    DNS Settings
    Windows\Tasks\*. job files
    StartMenu Run
    Winsock2 / LSP Entries
    IE Extensions
    Active Setup\Installed Components
    File Associations (.exe, .com, .cmd, .bat, .txt)
    Misc. Files (hosts, wininit.ini, autoexec.bat, config.sys, windowsupdate log, bootlog, windows\debug\mrt. log)
    Restricted Policies (disabled regedit, task manager, display control panel applet, display settings page, display background page, display appearance page, display screensaver page, DisallowRun, LowRiskFileTypes, NoFolderOptions, Internet Options)

    Here's a list of restricted policy internet options that it currently scans for:


    •Accessibility - disables all options under Accessibility
    •GeneralTab - removes General tab
    •SecurityTab - removes Security tab
    •ContentTab - removes Content tab
    •ConnectionsTab - removes Connections tab
    •ProgramsTab - removes Programs tab
    •PrivacyTab - removes Privacy tab
    •AdvancedTab - removes Advanced tab
    •CertifPers - prevents changing Personal Certificate options
    •CertifSite - prevents changing Site Certificate options
    •CertifPub - prevents changing Publisher Certificate options
    •SecChangeSettings - prevents changing Security Levels for the Internet Zone
    •SecAddSites - prevents adding Sites to any zone
    •Privacy Settings - prevents changs to privacy settings
    •FormSuggest - disables AutoComplete for forms
    •FormSuggest Passwords - prevents Prompt me to save password from being displayed
    •Connwiz Admin Lock - disables the Internet Connection Wizard
    •Settings - prevents any changes to Temporary Internet Files
    •ResetWebSettings - disables the Reset web Setting button

    •Advanced - Prevent changes to advanced settings
    •Autoconfig - Prevent changes to Automatic Configuration
    •Cache - Prevent changes to temporary file settings
    •CalendarContact - Prevent changes to calender and contacts
    •Certificates - Prevent changes to security certificates
    •Check_If_Default - Prevent changes to default browser check
    •Colors - Prevent Color changes
    •Connection Settings - Prevent changes to connection settings
    e•Connection Wizard - Disable the Connection Wizard
    •Fonts - Disable font changes
    •History - Disable changes to History settings
    •HomePage - Disable changes to Home Page settings
    •Languages - Disable Language changes
    •Links - Disable Links changes
    •Messaging - Disable Messaging changes
    •Profiles - Disable changes to Profiles
    •Proxy - Disable changes to Proxy settings
    •Ratings - Disable Ratings changes
    •Wallet - Disable changes to Wallet settings

    Here's a list of locations that I plan on implementing and testing before an official release:


    Downloaded Program Files
    IE SearchScopes
    Trusted/Restricted Sites

    As you can see, I'm almost there but I've honestly been starting to get a little burned out from working on this thing by myself everyday for several months now and felt that it was time to share my progress. Let me know if you can think of any other locations that aren't covered yet.

    Oh and BTW, anyone that hits the paypal link in my signature will get a current copy emailed to them ;)

    It can be any amount but the more it is, the more it helps me justify the time I've spent on this to my wife!

    *EDIT - Here's a current list of members that have donated to EzPcFix and would like a current copy emailed to them when significant changes have been made:

    The Piney
  2. I Hit The Powerball !

    Posted 26 Feb 2010

    Unfortunately, not a single one of the other numbers matched...

    Oh well, I guess the $3 paid for the ticket atleast.
  3. Chat Anyone?

    Posted 25 Feb 2010

    We have a new chat feature available at http://www.burrowssolutions. com/forum

    Register with the same username you have here so we know who we're chatting with!

    BTW. Other fun new things will be added to that forum in the near future so make sure you add it to your favorites and check back often ;)
  4. FixOEM

    Posted 20 Feb 2010

    This is a new utility that's meant to replace the current method of downloading and installing SubInACL, then downloading DellFix.cmd and copying both files to your source files i386 directory and running the program, then sometimes manually having to edit DellFix.inf to add missing drivers.

    1. Download and unzip FixOEM.zip to your plugins folder (or a subdirectory in the plugins folder).
    2. Run UBCD4WinBuilder.exe and click the Plugins button.
    3. Highlight FixOEM (the very top plugin) and click Config.

    Note *** You'll have to reboot your computer or manually unload the HKEY_USERS\PEBuilder* registry hives before getting a successfull build if your last build failed with errors similar to this:


    DeleteFile()" C:\UBCD4WIN\BARTPE\ I386\SYSTEMS32\CONFIG\ petmphive" failed
    DeleteFile()"C:\ UBCD4WIN\BARTPE\I386\ SYSTEMS32\CONFIG\ setuphiv" failed

    There are three ways that FixOEM.exe can find your source files:

    1. FixOEM.exe first checks to see if a valid source path was passed as a command line parameter, for example "FixOEM C:\XPCD"
    2. If a valid source path was not specified then it reads the text from the currently running builder.
    3. If the builder isn't running or the source path is invalid then it attempts to read input.inf for a valid source path.

    If a valid source path cannot be found at all then the program displays an error message and exits.

    FixOEM requires administrator privileges to run and since UBCD4WinBuilder also requires admin priviliges, they are inherited from the builder when using the Config method from the plugins screen. If you run FixOEM as a standalone program then either right click and choose Run As Administrator or run it from the same directory that FixOEM.exe.manifest is in when running on Vista/Win7. FixOEM.exe.manifest is already included in the plugin.

    FixOEM will not work correctly if you use it on source files that have already been modified by other DellFix methods so delete your existing source files and copy the contents of your XP cd to your hard drive again.

    I've never had a "real world" need for the dell fix stuff and only wrote this software to help make life easier for others so please do your part and help me by reporting success or failure with FixOEM.
  5. Drive Letter Assignments

    Posted 28 Dec 2009

    Thinking out loud...

    When you install windows or boot PE (BartPE/UBCD4Win), a default drive letter assignment scheme is used as stated HERE


    1. Assign the drive letter A: to the first floppy disk drive (drive 0), and B: to the second floppy disk drive (drive 1).
    2. Assign a drive letter, beginning with C: to the first active primary partition recognised upon the first physical hard disk.
    3. Assign subsequent drive letters to the first primary partition upon each successive physical hard disk drive.
    4. Assign subsequent drive letters to every recognised logical partition, beginning with the first hard drive and proceeding through successive physical hard disk drives.
    5. Assign subsequent drive letters to any RAM Disk.
    6. Assign subsequent drive letters to any additional floppy or optical disc drives.

    NOTE* UBCD4Win statically assigns B: to the ram drive and X: to the boot drive.

    So this means that drive letter assignments will always be the same when booted to PE/UBCD4Win as they are when booted to windows, right? Wrong! Except for the system/boot volume, windows lets you reassign drive letters as you wish. This means that the Q: drive in windows could be the D: drive in PE/UBCD4Win. This can lead to lots of confusion when there's several drives/partitions that are mapped differently from PE/UBCD4Win then they are from within windows.

    Here's how to map drive letters from PE/UBCD4Win to how they are when booted from within windows.

    The first thing to know is that drive letter assignments are stored in the registry at HKEY_LOCAL_MACHINE\SYSTEM\ MountedDevices\DosDevices\ ?:

    Here's a screenshot of mine:
    Posted Image

    To make a long story short, you can load the SYSTEM hive from your windows install and compare MountedDevices\DosDevices\ ?: to MountedDevices\DosDevices\ ?: from PE/UBCD4Win.

    Here's how to do that (this assumes that your windows installation is drive C: from PE):

    While booted to PE/UBCD4Win, open regedit and click on HKEY_LOCAL_MACHINE then File -> Load Hive. Navigate to C:\Windows\System32\ Config and select SYSTEM then OK. It'll ask you what to name it, call it SYSTEM_ON_C

    Your system hive from windows is now loaded in the registry at HKEY_LOCAL_MACHINE\SYSTEM_ON_C and you can compare HKEY_LOCAL_MACHINE\SYSTEM\ MountedDevices\DosDevices\ C: to HKEY_LOCAL_MACHINE\SYSTEM_ON_C\ MountedDevices\DosDevices\ C: and so on... Don't forget to click on SYSTEM_ON_C then File -> Unload Hive when you're finished.

    For those interested in what the 12 bytes of binary data for \DosDevices\?: are, read on...


    The first 4 bytes are the disk signature and the last 8 bytes are the starting offset for the partition. Look at \DosDevices\C: from my screenshot above, the first 4 bytes are "fb ed 03 00". If I open TinyHexer and click File -> Disk -> Open Drive and select \\.\PhysicalDrive0, I can see the 4 byte disk signature starting at offset 0x1B8. See the screenshot below:
    Posted Image

    The last 8 bytes are the offset to the starting sector of the partition which is "00 fc 50 a0 12 00 00 00" for \DosDevices\C: from my Regedit screenshot above. These values are stored in little-endian format so they become "00 00 00 12 a0 50 fc 00".

    1. Open up Calculator
    2. Click: View -> Scientific
    3. Select: Hex
    4. Type: "00 00 00 12 a0 50 fc 00"
    5. Select: Dec which gives us 79,999,073,280
    6. Divide this number by 512 (sector size) which gives us 156,248,190
    7. Click on Hex again and we end up with 950287E ("09 50 28 7E")

    You can see from the screenshot below that C: is the third partition on my drive by comparing that value to the 4 bytes starting at offset 0x01E6 ("7E 28 50 09"):
    Posted Image

    Are we having fun yet? Let's keep it going and figure out the total length of my C: drive by looking at my partition table from the screenshot above...

    The total length of the partition is stored in the next four bytes of the partition table following the starting sector which are the 4 bytes highlighted above. In my case, it's "BD 3C F8 0D" which is also stored in little-endian format so it becomes "0D F8 3C BD". Open Calc again and select Hex then enter "0D F8 3C BD" and click Dec to see a value of 234372285. Divide this number by 2048 and you'll see that my C: partition is 114,439MB (114GB).

My Information

Member Title:
Project Programmer
36 years old
September 24, 1974

Contact Information

Click here to e-mail me
Website URL:
Website URL  http://ezpcfix.net