|
Post by schizo on Apr 4, 2012 11:09:03 GMT -5
So I was recently introduced to Windows PEs. I think it would be sweet to put fireBwall in them. The thing is, we need to install the Winpkfilter drivers first, then put the fireBwall files in place. I think this will just require the ndisrd.sys driver. I would confirm this, but I need to grab a new version of Windows 7.
|
|
aeolis
New Member
Resident PE Expert
Posts: 18
|
Post by aeolis on Apr 4, 2012 12:35:09 GMT -5
|
|
|
Post by schizo on Apr 4, 2012 18:37:27 GMT -5
I'm making a script for fireBwall 0.3.10.0 Should I make a separate script for the drivers required?
|
|
aeolis
New Member
Resident PE Expert
Posts: 18
|
Post by aeolis on Apr 5, 2012 8:05:36 GMT -5
Dear schizo,
There is no need to make a separate script for drivers. Are you writing a script to integrate fireBwall into Win7PE_SE project? Are you using WinBuilder version 82? If yes you can attach any files you want to the script and automate its extraction during building process.
I was going to write a script for that. I was only waiting to fireBwall run ok in the PE environment to write the script. But as you are already doing that I may just help you if you want.
Best regards,
Aeolis
|
|
|
Post by schizo on Apr 5, 2012 10:09:10 GMT -5
I had figured the easiest way to get it working was with a script, but I'm having trouble getting the drivers to install. The PE driver scripts seem to want to keep the driver available for if a device matching comes along, but that's not how NDIS hooking drivers work. They get added to the network stack, and I've been trying to figure out how to get it to install the driver the correct way via a script.
|
|
aeolis
New Member
Resident PE Expert
Posts: 18
|
Post by aeolis on Apr 6, 2012 7:37:36 GMT -5
Dear schizo,
The driver integration script integrate in the Win&PE_SE project is not designed to do this driver integration you are trying to do. It's designed to integrate hardware drivers like monitor, chipset, USB 3.0 etc. drivers into PE.
The script you are trying to do do is supposed to be done using a clean PE build and a tool named Regshot 2.0. You must install fireBwall using its default installer inside your PE. You have to to make a system snapshot before and after fireBwall installation using Regshot. This way you will know which files and registry entries were added and implement them into you script.
Best regards,
Aeolis
P.S.: I am doing it right know just let me finish it. If you can give me a list of the necessary files and Registry entries and their locations it would my job really faster.
|
|
|
Post by schizo on Apr 6, 2012 13:09:18 GMT -5
fireBwall itself(not the driver) just need the files in Program FIles/firebwall and one registry entry that makes it run on start up. I'm still trying to figure out all the things required for the driver, I extracted the files I'm using now, but Regshot seems like it will do this much better.
|
|
aeolis
New Member
Resident PE Expert
Posts: 18
|
Post by aeolis on Apr 6, 2012 13:09:23 GMT -5
Dear schizo,
I really need your help filtering fireBwall Registry entries. Attached to this post is the RAW version 1 of fireBwall for PE. It works on my Windows 7 x86 PE build, but I think there are unneeded Registry entries there. Please, check it out.
I really need your help with the registry entries because there are specific entries for my system regarding Internet adapters. These entries must be generic or there is no reason to keep this job because PE scripts must be generic to suit every system.
The x64 part is a WIP, let's just fix the x86 part first, shall we?
Best regards,
Aeolis
|
|
|
Post by schizo on Apr 6, 2012 13:46:52 GMT -5
What's a WIP? I'm testing the version you sent me right now on Win 7 x86, we'll see whats variable and whats static after that, then we can fix up any registry entries we need to fix.
|
|
aeolis
New Member
Resident PE Expert
Posts: 18
|
Post by aeolis on Apr 6, 2012 13:48:15 GMT -5
Dear schizo,
WIP is a acronym for Work in Progress. I am glad you are checking on it.
Best regards,
Aeolis
P.S.: Remember to put the files (fireBwall.exe, FirewallModule.dll, ndisapi.dll and ndisrd.sys) inside the folder on source folder box.
|
|
|
Post by schizo on Apr 6, 2012 14:05:15 GMT -5
In the Workbench/Common/firebwall.exe folder right? We'll have to make that more clear later on, or we could even include the files into the script, and just put one out for each new version.
|
|
|
Post by schizo on Apr 6, 2012 15:44:22 GMT -5
Ok, so I figured out what we need to do(because your version actually made my PE think it had no adapters meaning the net stack was borked. For each reg key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\*\ServiceName, we need to set to set the System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318\000(number in star)\Linkage,FilterList,"(Service name we grabbed)-{5CB(...whats already in the reg add) I'm not entirely sure how we are going to do this, since I'm pretty sure those keys are dynamic for each adapter and all that. But I think we can change it on then fly, so might be able to make an application to run on start up that will fix the stack.
|
|
|
Post by schizo on Apr 6, 2012 16:08:18 GMT -5
Looks like removing some of the registry key add calls lets Windows generate it. Still working on getting WMI out of a conflicted state, I figure its just a question of letting Windows fill the values itself.
|
|
aeolis
New Member
Resident PE Expert
Posts: 18
|
Post by aeolis on Apr 7, 2012 7:23:46 GMT -5
Dear Brian,
I am glad you made progress on the subject. Yes, the files must be placed inside the "Source Folder" box address (just click "Open Folder" Button and put the files inside. And yes again the files can be easily attached to the script and their extraction can be automated I have done this several times on other scripts. I didn't do this right now because we (I think I can say we, can't I?) are focused on solving the registry problem first.
Yes we could make a batch files (.bat, .cmd even .vbs script) to be run on start up and fix the entries, but I am not a professional on that subject.
Please, just let me know when you have news.
Best regards,
Aeolis
|
|
|
Post by schizo on Apr 7, 2012 15:52:53 GMT -5
We might have deeper issues than just the registry. Have you actually got fireBwall to show adapters in a PE? It may require more parts of the original Windows image. One thing we should look at is what it takes to install winpcap in a PE, because it installs about the same way. Winpcap is for wireshark and stuff like that.
|
|