Saturday, 28 November 2015

E2B v1.75BetaH available with Windows Server 2016 support + bugfixes

In E2B v1.75BetaH I have added a new \_ISO\WINDOWS\SVR2016 folder for the upcoming Server 2016 release. It uses the 'Win8 install' grub4dos batch file and so allows you to specify a Product Key or XML file in the same way as for Win8 ISOs.

Please test it out and feed back any comments (steve at easy2boot dot com), as I intend to make this the new v1.75 release version soon.

Monday, 23 November 2015

Trouble with Windows 10 Threshold 2 ISOs and E2B?

A few weeks ago I downloaded an MSDN Windows 10 Threshold 2 preview of Enterprise and found that when the blue console (LOADISO) window ran (booting from a Removable E2B USB drive and using the .ISO file), ImDisk did not mount the ISO as drive Y:. This was repeatable but only that ISO gave a problem.

I reported this issue to Olof (the author of ImDisk), but a few days later when I tried to reproduce the problem I found that it worked OK and could not reproduce the problem!

A few days ago, an E2B user reported to me that he had MSDN and Retail versions of the latest Win10 Threshold 2 released ISOs and had encountered the same problem with all the new ISOs (older ISOs worked OK) using E2B v1.74.

I suspected that perhaps a different version of WinPE was being used in his ISOs (maybe because they were MSDN versions?) and updated ImDisk on E2B (v.1.75BetaC).

However, the same user then reported that the ISOs were now magically working with E2B v1.74 when he retested them!  A clear case of Deja Vu!

If you find a similar issue, please comment on this blog or contact me. There is something weird going on, but I am not sure where?

Friday, 20 November 2015

MPI Tool Kit 0.056 available for Windows 10 Threshold 2 systems

0.056 is the same as 0.055 but has the new version of ImDisk.
If you are using Windows 10 Threshold 2, you will need to download this and run .\ImDisk\imdiskinst.exe to install the new version of ImDisk to make the MakePartImage scripts work again.

Tuesday, 17 November 2015

New ImDisk version for new Windows 10 release now available

Olof has released a new version of ImDisk.

I will update the MPI Tool Kit in a day or so. Meanwhile you can install the new ImDisk and then check that MPI works on the new 'Threshold 2' version of Windows 10.

Saturday, 14 November 2015

MakePartImage problems with Windows 10?

If you are using Windows 10 and now suddenly find that you get an error when running MakePartImage (MPI) and cannot create .imgPTN files any more, it is probably because Windows Update has updated you to the latest version of Windows 10!

The original Win10 version is 10240, but the new (large) update called Threshold 2 is Version 1511 Build 10586. You can check your version by using the [Windows+R] key chord and run WinVer.exe.

You can update to the new version or download an ISO from here. Microsoft will soon enable the auto-update to Threshold 2 on all systems.

Olof is working on a new version of ImDisk to fix this issue and I will release a new version of the MPI Tool Kit when the new ImDisk becomes available.

Update: New ImDisk version for Win10 1511 from Olof here.

Friday, 13 November 2015

Easy2Boot v1.75 Beta B available

  • .imgPTN files now supported in all \_ISO\WINDOWS\xxxx folders (except XP)
  • new .isoBF file extension supported (permanently patches an ISO to remove the bootfix.bin file and so suppress the 'Press a key to boot from CD\DVD' message)
  • new .vhdgrldr file extension supported (boots a vhd file which uses a grub4dos menu or PBR boot code)
For info on the two new file extensions, see this page.

The main change is that if you have converted a Windows Install ISO to a .imgPTN file, you can now add these to the \_ISO\WINDOWS\xxxx folders and they will be listed in the appropriate Windows sub-menu alongside any ISOs you may also have present. You do not need to have any Windows Install .ISO files present if you don't use them.

The only exception is that XP Install .imgPTN files are not supported and so should not be added to the \_ISO\WINDOWS\XP folder (they will not be listed in the Windows Install menu). If you have any XP Install .imgPTN files, you should add them to a 'normal' menu folder - e.g. \_ISO\MAINMENU or \_ISO\WIN.

You can use a .txt file for .imgPTN menu entries in these folder in the same way as you can for normal folders.

You can now place your .imgPTN Windows Install files in the \_ISO\WINDOWS folders as well as .ISO files

Saturday, 7 November 2015

Add Win-UFO (Ultimate Forensic Outflow) to your toolkit

The Win-UFO download is a single .exe file which asks you which location to install to when you first run it. Actually it does NOT install anything to Windows, it merely extracts files to the designated location. There is a PDF manual file to download and which I suggest you study first before using Win-UFO and some YouTube videos.
 Win-UFO is now associated with CAINE.

Friday, 6 November 2015

E2B v1.74 released (fixes the firadisk.cmd copy bug with XP ISO installs)

It seems I made a typo in the grub4dos batch file \_ISO\e2b\grub\DPMS\DPMS2.g4b in E2B v1.73 which means that when you try to install from an XP ISO, you will get a 'cannot copy firadisk.cmd' error reported at the start of the file-copy phase in text-mode Setup and need to 'Skip' the file.
This is fixed in v1.74.
Thanks to watsupson for reporting it!

Thursday, 5 November 2015

Windows Defender is deleting SWITCH_E2B.exe!

BEWARE: The latest definitions update for Windows Defender seems to think SWITCH_E2B.exe is a malicious file and promptly deletes it!
VirusTotal does not find any problems with it and, of course, it is not malicious!
You may find that this file has suddenly disappeared, now you know why!
Thanks to Steven L for pointing this out!

New Gandalf WinPE, XP SP3 install ISO and Dream Boot CD 2015

This post covers:

  • New Gandalf Windows 10 64-bit WinPE ISO
  • Windows XP 'Gold 2016' install ISO
  • Dream Boot CD 2015 (DLCD) ISO

Monday, 2 November 2015

FYI - new Kaspersky Ransomware decryptor software

Kaspersky have recovered the full list of over 14,000 encryption keys used by the criminals responsible for CoinVault and Bitcryptor ransomware. They have now updated their decryptor utility to include all of these keys. This means that if a system has been encrypted and held to ransom using this type of encryption, you should now be able to decrypt your drive! The 'How-to' guide is here.

However, it apparently does not work against CryptoWall 3.0 ransomware.