'ghost'에 해당되는 글 2건

  1. 2009.07.22 고스트 복원 사용흔적(GHOST -FingerPrint) 제거
  2. 2009.02.25 A TFTPD32 server as RIS Server
2009. 7. 22. 10:24

고스트 복원 사용흔적(GHOST -FingerPrint) 제거

고스트(GHOST)로 백업후 복구(복원)을 하면 사용흔적(Fingerprint)이 남게 됩니다.

흔적을 확인하는 방법은 C:\>ghost -finger 입니다.

 

==================================================================================

C:\WINDOWS\Desktop>ghost -finger 
 
Norton Ghost 2003 Copyright (C) 1998-2003 Symantec Corp. All rights reserved. 
 
Disk  Last Norton Ghost Action    Date     Time   Clone-ID
------------------------------------------------------------
  1   File to Partition          04-26-2004  20:46  408d5eb8 
 
*** End of diagnostics ***
 
C:\WINDOWS\Desktop>

==================================================================================

 

하지만 사용흔적을 안남기는 옵션을 시만텍에서는 숨겨두었습니다. 바로 fnf 옵션입니다. 사용방법은 ghost -fnf 로 사용하시면 됩니다.

 

2003 버전이 후 지원된다고 합니다(기업용은 8.0 부터)

고스트를 사용해 백업을 할때는 상관없지만 복원시에는 부트 섹터에 고스트 특유의 코드가 남습니다.

라이센스 기간이 만료되었거나 비정품을 사용하는곳은 불법소프트웨어 감사가 오면 바로 그자리에서 간단한 명령어로 고스트흔적를 검사할 수 있습니다. (ghost.exe -finger)

 

이 프로그램의 목적은 섹터의 고스트 코드를 흔적을 지우는 유틸입니다.

 

32bit 버젼(Xpdel.bat) (xp,vista 둘다 사용가능)

64bit 버젼(62del.bat) (vista 전용이라고 봐도 무방)

62.bin (요넘안에 코드가 먼지는 모르지만 고스트 섹터 코드위에 62.bin 코드를 덮어 씌워서

           고스트 작업의 흔적을 지워버립니다.)

MBRWIZ.EXE (xp.vista에서 구동하는 어플리케이션)

MBRWIZ62.EXE (62bit Vista 전용 에플리케이션 ,XP 상에서 사용불가)

MBRWIZD.EXE (Win98 or DOS 모드에서 작용되는 어플리케이션 ,XP상에서 사용불가)


 

XP 에서 사용한다고 가정하에 진행되는 설치법입니다.

 

Bat 파일로 만들어 놨기때문에 일일이 명령어를 타이핑할 필요가 없습니다.

그냥 Xpdel.bat파일을 더블클릭!! 하시면 아래과 같이 CMD창이 열립니다.

아주 간단합니다.


Ghost 명령어중 에서 특정 옵션으로 위와 같은 기능을 가진 명령어가 있지만
여기선 생략하도록 하겠습니다. 보안에 민감한 분은 꼭! 소장할 가치가 있는 툴이라고 볼수 있겠습니다.


Trackback 0 Comment 0
2009. 2. 25. 13:33

A TFTPD32 server as RIS Server

This page was last updated on September 21, 2006
Written by R.Collewijn
German version written by MAK

Introduction

In this short manual I descript a way to use the tftpd32 server option to create a RIS server and PXE (Preboot eXecution Environment) network boot options. I use for this PXE solution a notebook (I’m not always in the some network environment) with a GB network interface card (NIC). I use GB switch for multi cast ghosting.

With this configuration and an ISO of 322MB it’s possible to load/start a Windows XP Preinstalled Environment within 2:15 minutes flat (this include the ISO copy over the network 1:10 minutes). Because everything is running from memory the whole configuration (starting/loading programs) extremely fast

I use the following boot loader configurations;

  • MS-DOS loader for a Symantic Ghost Cast server.
  • Windows XPE Preinstalled Environment loader.
  • Windows XP Unattended installation.
  • Windows XP Lite Unattended Installation.
  • Windows 2003 Unattended installation.

In this short manual I describe only the “Windows XPE Preinstalled Environment loader” option. I have write for the other option only a Dutch version.

Requirements

  • TFTPD32 This is also a DHCP server and you get it for free from tftpd32
  • PXELINUX boot loader from SYSLINUX by H. Peter Anvin
  • PE-Builder ISO build based on Windows 2003 with Service Pack 1 (SP1).

I use for this example an ISO file of 322MB. Majority of the hardware that we are using has a memory of 512MB. If I using the following calculation you can determine the amount of your ISO file.

Internal memory – memory required by AutoRamResizer – space for self-extracting (RAR) plugins.

So in my case 512MB – 128MB – 64MB = 320MB

NOTE insurer your self that the configuration file of AutoRamResizer is proper configured with the MB after the amount of memory (see example).

AutoRamResizer.exe -l 64mb -h 128mb -f 32mb

The following programs are included in this ISO;

  • BgInfo
  • Bios View
  • Boson Tools (IP Calc, Cisco Password Descrypter, Super Ping...)
  • DirSize
  • EasyRecovery (runs from ram as self-extracting (RAR) plugin)
  • ERD Commander 2003
  • FolderSize
  • FreshDiagnose
  • HD_Speed
  • IP-Tools
  • Mass Storage Drivers
  • NirSoft - Asterisk Logger v1.00
  • Office PE - XPE
  • Passware Kit Enterprise 6.1
  • Partition Magic v8.01 (runs from ram as self-extracting (RAR) plugin)
  • Sysinternals PsTools v2.1
  • Registry Editor PE v0.9c
  • Sala's Password Renew 1.1 Beta
  • XP Support Tools
  • Sysinternals Utilities v2.0
  • Total Commander (include following totalcmd plugins)
    • Environment Variables 
    • Events NT
    • Registry
    • Services
    • Startup Guard
    • TConsole
    • Imagine Image/Animation Viewer for Windows
    • LinkInfo
    • MEDIA Show`
    • NFO View
    • xBaseView Universal Database Viewer (and Editor)

Installation en configuration TFTPD32

Copy the file from the “tftpd32.xxx.zip” file into a directory/folder (in this case i use the C:\Project\TFTP folder) and start the program. Configured the DHCP server and TFTP server as follow.

 

Installation en configuration PXELINUX

Create in the root the TFTPD32 a new folder with the name “pxelinux.cfg” and create in this new directory a PXELINUX configuration "default" file with the following lines.

default example

DEFAULT      menu.c32
PROMPT       0
NOESCAPE     0
ALLOWOPTIONS 0
TIMEOUT      60


MENU TITLE PXE Boot menu by R.Collewijn


# Windows XPE Loader
LABEL XPE
  MENU       LABEL Windows XP^E Preinstalled Environment
  KERNEL     startrom.0


# MS-DOS Loader for GHOST Cast Server
LABEL GHOST
  MENU       DEFAULT
  MENU       LABEL ^Ghost Cast (Image) server
  KERNEL     ghost/MEMDISK
  APPEND     initrd=ghost/floppy.img vga=1


# Windows XP Lite Loader
LABEL XPE
  MENU       LABEL Windows ^XP Lite Unattended Installation
  KERNEL     MEMDISK


Etc…

Copy the following file from your “syslinux-x.xx.zip” into the root of your TFTPD32 server.

  • syslinux-3.11.zip\com32\modules\menu.c32
  • syslinux-3.11.zip\pxelinux.0

Installation en configuration PE-Builder

Copy the following file from your Windows 2003 SP1 source into the root (C:\Projects\TFTP) of the TFTP server

  • Ntdetect.com
  • Setupldr.ex_
  • Startrom.n1_

Expand the files with the underscore in the extension as follow;

Expand –r Setupldr.ex_
Expand –r Startrom.n1_

After you expand the underscore files you can delete the original ones. Rename also the Setupldr.exe into ntldr (without extension) and Startrom.n12 into Startrom.0. Create also a new file with the name winnt.sif in the root of the TFTP server folder. This new file has the following lines in it

winnt.sif example

[SetupData]
BootDevice = "ramdisk(0)"
BootPath = "\i386\System32\"
OsLoadOptions = "/noguiboot /fastdetect /minint /rdexportascd /rdpath=<file name>.iso"

And at least, but the most imported one; copy your PE-Builder ISO file into the root of the FTFP server. Keeps the file name length (ISO) max 11 = 8+3 chars (level 1) a longer ISO filename can cause some problems.

Create Ghost boot floppy image

On many request, I have added a short manual how to “Create a Ghost boot floppy image” that you can also run from the TFTPD/RIS configuration. You can build a base floppy image on almost every version of Ghost, but on this moment I use the following version and settings (very straight forward)




After you have created the two boot floppies, you create an image file with the following modifications.

  • Create with WINImage (or other image program, but I preference and use in this short manual WINImage) an empty image file.

  • Copy the following Windows System files from a boot floppy (I have used a Windows XP boot floppy) into the root of this empty WINImage file.
COMMAND.COM
EMM386.EXE
HIMEM.SYS
IO.SYS
MSDOS.SYS
  • Copy the following Ghost file en folders from the created Ghost Boot Disk Wizard into the WINImage file
GHOST\                Folder inclusive sub folders
NET\                  Folder inclusive sub folders
COMP.DAT
DEVICE.COM
MOUSE.COM
START.BAT 
  • Change the following files and copy this files into the WINImage file

AUTOEXEC.BAT

@echo off
Path A:\;A:\Ghost;A:\Net;
Prompt $p$g


Set TZ=GHO-01:00
Set DirCmd=/a/o:gn


call \net\doit.bat
netbind.com
Lh Mouse.Com
Echo Loading...
Ghost.Exe -fni -sure

 

CONFIG.SYS

Dos=High,Umb,Auto
Device=Himem.Sys /NumHandles=128 /TestMem:Off
Device=Emm386.Exe Noems
buffers=40
files=80


Device=\net\pcidet.dos
Device=\net\protman.dos /I:\net
Device=\net\dis_pkt.dos
LastDrive = Z
  • Update the NDIS drivers within the NET folder (A Broadcom NIC is very critical with new hardware).
  • If you have changed the NDIS driver you must also update the following rules from the comp.dat file.

COMP.DAT

0003             Number of supported NICs 
\net\card0\$
\net\card1\$
\net\card2\$    
0003             Number of devices
14E4 1644 0001 : Broadcom NetXtreme B57XX Chipset                   $
14E4 1645 0001 : Broadcom NetXtreme B57XX Chipset                   $
14E4 1646 0001 : Broadcom NetXtreme B57XX Chipset                   $ 

First segment (14E4)        Vendor information
Second segment (1644)    Device information
Third  segment (0001)      Folder where the driver is stored.

See also the following short manual from me textmode drivers

  • Ensure your self the the boot sector of the WinImage file has the following properties en save the file.





http://www.collewijn.info/xpe/page/tftpd_ris.php


Trackback 1 Comment 0