I would like to know where I could find good resources/documentation on configuring a new Windows10 installation using Powershell scripts. I know bash but I'm completely new to Powershell.
When I search google, all I can find about automatically configuring Windows relates to Windows Deployment Services. But I don't have and don't want a Windows Server and simply running a few scripts after each installation is sufficient for me.
I found a few scripts that solve some of the things I want to do:
https://github.com/FlatlanderWoman/winCleaner
https://github.com/hahndorf/Set-Privacy
But for everything else, when I look into the TechNet Library I find it very hard to find anything useful. And when I do find something, it looks outdated:
https://technet.microsoft.com/en-us/library/hh852115.aspx
The problem is: I known the GUI-way of configuring everything I want, but I don't know how to find the corresponding commandlets to do the same with Powershell.
Is there some kind of event listener I could use to find the Cmdlets? Or does anyone have some resources/documentation to recommend? Is the TechNet Library really the established way to find these commands?
Thank you.
Unfortunately PowerShell was only really implemented in Windows 7 (yes I know it was available for XP but not preinstalled) and even then it was kind of like an addon rather than part of the core OS. Windows 8 and 10 have further improved functionality but still for the most part do not use it for their own settings and functions as most home users would have no use for it.
However there is nearly always a way to do whatever you need to, I have a script that configures servers from scratch, renaming the server, installing requisite software and features, copying files, configuring VSS, right down to putting the Computer icon on the desktop. You just have to make a list of everything you want to do, then Google each one.
For example: https://www.google.co.uk/search?q=powershell+put+computer+on+desktop - at time of writing the first result is a TechNet script pointing at a registry key. Tidy as necessary, whack into your build script and move on to the next item.
As of yet there's nothing I've found I've been unable to do with PowerShell, but the vast majority of it has not been directly with cmdlets. There's a lot of registry tweaking and command line stuff like msiexec or schtasks, some COM objects and an awkward Type I had to create and use to set the DNS suffix.
Overall I think it's still easier to do all this in PowerShell than any other scripting language and it's more flexible than premade tools, not because it has so much functionality built-in but because it can access .NET and COM which gives you broad access to all the half-baked stuff MS have wedged in over the years.
My company does Linux embedded systems using Freescale PowerPC processors.
Some years back I wrote an internal HowTo on how to use Dan Kegel's crosstool to set up a cross compiler environment for our product. I hadn't touched it since then but I recently tried it and found it doesn't work. The scripts look for files on redhat.com's ftp server that are currently not there.
The latest cross tool script is the one I am using, version 0.43.
So before I roll up my sleeves and see if I can fix it myself, I am wondering if someone has already done this. Does anyone here know Kegel well enough to contact him and ask if he is planning to do an update? (My guess is not. He works at Google now.)
Alternatively, is there a better GNU cross tool builder than Kegel's cross tool? It might be easier to switch over than to update the old one.
As it turns out Mr. Kegel was kind enough to respond to my e-mail. It turns out his original scripts have been picked up by an open-source group that calls it crosstool-ng. They did an amazing amount of work on this and the tool now uses a curses-based menu system to select the options for the cross development to generate.
You can search for file names directly in Google (try '<filename> site:ftp.redhat.com' or something similar), and often results will yield revised links to the files. If that is the problem, it should just be a case of cut and paste. Alternately, I would recommend downloading the files locally, modifying the script to see them there and then bundling them with the script.
Kegel left Google for a startup. His resume is at http://www.kegel.com/resume.html . Have you tried emailing him? He might just respond.
Mac has applescript 'built in' and I've found its pretty nice to work with for automating stuff.
What's the best windows equivalent?
Maybe PowerShell -- but it's really much more powerful than applescript. VBA only exists within specific applications that supply it, such as Excel, not stand-alone.
VBScript and JScript are standard Windows Script Host languages. See Microsoft Windows Script Technologies.
I discovered python when I moved to a PC and was looking for something to do all the kind of stuff I'd usually do with applescript. As someone who learned most of my programming skills using applescript it came pretty easily to me. Best thing is that you can use it on any platform.
BTW applescript has been around a lot longer than OSX.
Powershell is the program to learn if you want to automate stuff in windows. Microsoft is deprecating vbscript, which is part of Windows Script Host, and pushing Powershell as the modern replacement for vbscript. For example, Microsoft is creating more and more APIs for Powershell. On the other hand, vbscript bears a great similarity to vba, which is the default program for automating Word, Excel and Outlook.
Just for completeness, there is also the rather dated AutoHotkey. Originally designed to provide system-wide hotkeys to automate things, it can also be used as a general automation tool.
However, I cannot recommend it. The syntax is horrible and obscure, and that's the reason they are currently doing a complete haulover for version 2.
A friend of mine downloaded some malware from Facebook, and I'm curious to see what it does without infecting myself. I know that you can't really decompile an .exe, but can I at least view it in Assembly or attach a debugger?
Edit to say it is not a .NET executable, no CLI header.
With a debugger you can step through the program assembly interactively.
With a disassembler, you can view the program assembly in more detail.
With a decompiler, you can turn a program back into partial source code, assuming you know what it was written in (which you can find out with free tools such as PEiD - if the program is packed, you'll have to unpack it first OR Detect-it-Easy if you can't find PEiD anywhere. DIE has a strong developer community on github currently).
Debuggers:
OllyDbg, free, a fine 32-bit debugger, for which you can find numerous user-made plugins and scripts to make it all the more useful.
WinDbg, free, a quite capable debugger by Microsoft. WinDbg is especially useful for looking at the Windows internals, since it knows more about the data structures than other debuggers.
SoftICE, SICE to friends. Commercial and development stopped in 2006. SoftICE is kind of a hardcore tool that runs beneath the operating system (and halts the whole system when invoked). SoftICE is still used by many professionals, although might be hard to obtain and might not work on some hardware (or software - namely, it will not work on Vista or NVIDIA gfx cards).
Disassemblers:
IDA Pro(commercial) - top of the line disassembler/debugger. Used by most professionals, like malware analysts etc. Costs quite a few bucks though (there exists free version, but it is quite quite limited)
W32Dasm(free) - a bit dated but gets the job done. I believe W32Dasm is abandonware these days, and there are numerous user-created hacks to add some very useful functionality. You'll have to look around to find the best version.
Decompilers:
Visual Basic: VB Decompiler, commercial, produces somewhat identifiable bytecode.
Delphi: DeDe, free, produces good quality source code.
C: HexRays, commercial, a plugin for IDA Pro by the same company. Produces great results but costs a big buck, and won't be sold to just anyone (or so I hear).
.NET(C#): dotPeek, free, decompiles .NET 1.0-4.5 assemblies to C#. Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files.
Some related tools that might come handy in whatever it is you're doing are resource editors such as ResourceHacker (free) and a good hex editor such as Hex Workshop (commercial).
Additionally, if you are doing malware analysis (or use SICE), I wholeheartedly suggest running everything inside a virtual machine, namely VMware Workstation. In the case of SICE, it will protect your actual system from BSODs, and in the case of malware, it will protect your actual system from the target program. You can read about malware analysis with VMware here.
Personally, I roll with Olly, WinDbg & W32Dasm, and some smaller utility tools.
Also, remember that disassembling or even debugging other people's software is usually against the EULA in the very least :)
psoul's excellent post answers to your question so I won't replicate his good work, but I feel it'd help to explain why this is at once a perfectly valid but also terribly silly question. After all, this is a place to learn, right?
Modern computer programs are produced through a series of conversions, starting with the input of a human-readable body of text instructions (called "source code") and ending with a computer-readable body of instructions (called alternatively "binary" or "machine code").
The way that a computer runs a set of machine code instructions is ultimately very simple. Each action a processor can take (e.g., read from memory, add two values) is represented by a numeric code. If I told you that the number 1 meant scream and the number 2 meant giggle, and then held up cards with either 1 or 2 on them expecting you to scream or giggle accordingly, I would be using what is essentially the same system a computer uses to operate.
A binary file is just a set of those codes (usually call "op codes") and the information ("arguments") that the op codes act on.
Now, assembly language is a computer language where each command word in the language represents exactly one op-code on the processor. There is a direct 1:1 translation between an assembly language command and a processor op-code. This is why coding assembly for an x386 processor is different than coding assembly for an ARM processor.
Disassembly is simply this: a program reads through the binary (the machine code), replacing the op-codes with their equivalent assembly language commands, and outputs the result as a text file. It's important to understand this; if your computer can read the binary, then you can read the binary too, either manually with an op-code table in your hand (ick) or through a disassembler.
Disassemblers have some new tricks and all, but it's important to understand that a disassembler is ultimately a search and replace mechanism. Which is why any EULA which forbids it is ultimately blowing hot air. You can't at once permit the computer reading the program data and also forbid the computer reading the program data.
(Don't get me wrong, there have been attempts to do so. They work as well as DRM on song files.)
However, there are caveats to the disassembly approach. Variable names are non-existent; such a thing doesn't exist to your CPU. Library calls are confusing as hell and often require disassembling further binaries. And assembly is hard as hell to read in the best of conditions.
Most professional programmers can't sit and read assembly language without getting a headache. For an amateur it's just not going to happen.
Anyway, this is a somewhat glossed-over explanation, but I hope it helps. Everyone can feel free to correct any misstatements on my part; it's been a while. ;)
Good news. IDA Pro is actually free for its older versions now:
http://www.hex-rays.com/idapro/idadownfreeware.htm
x64dbg is a good and open source debugger that is actively maintained.
Any decent debugger can do this. Try OllyDbg. (edit: which has a great disassembler that even decodes the parameters to WinAPI calls!)
If you are just trying to figure out what a malware does, it might be much easier to run it under something like the free tool Process Monitor which will report whenever it tries to access the filesystem, registry, ports, etc...
Also, using a virtual machine like the free VMWare server is very helpful for this kind of work. You can make a "clean" image, and then just go back to that every time you run the malware.
I'd say in 2019 (and even more so in 2022), Ghidra (https://ghidra-sre.org/) is worth checking out. It's open source (and free), and has phenomenal code analysis capabilities, including the ability to decompile all the way back to fairly readable C code.
Sure, have a look at IDA Pro. They offer an eval version so you can try it out.
You may get some information viewing it in assembly, but I think the easiest thing to do is fire up a virtual machine and see what it does. Make sure you have no open shares or anything like that that it can jump through though ;)
Boomerang may also be worth checking out.
I can't believe nobody said nothing about Immunity Debugger, yet.
Immunity Debugger is a powerful tool to write exploits, analyze malware, and reverse engineer binary files. It was initially based on Ollydbg 1.0 source code, but with names resoution bug fixed. It has a well supported Python API for easy extensibility, so you can write your python scripts to help you out on the analysis.
Also, there's a good one Peter from Corelan team wrote called mona.py, excelent tool btw.
If you want to run the program to see what it does without infecting your computer, use with a virtual machine like VMWare or Microsoft VPC, or a program that can sandbox the program like SandboxIE
You can use dotPeek, very good for decompile exe file. It is free.
https://www.jetbrains.com/decompiler/
What you want is a type of software called a "Disassembler".
Quick google yields this: Link
If you have no time, submit the malware to cwsandbox:
http://www.cwsandbox.org/
http://jon.oberheide.org/blog/2008/01/15/detecting-and-evading-cwsandbox/
HTH
The explorer suite can do what you want.
I have a bunch of files that I need to be able to transport and install quickly. My current method for doing so is moving a flash drive with a readme file of where stuff goes whenever I need to move stuff, which is rather inelegant and cumbersome.
My idea for a solution would be to write up a quick script to move files around that I could just click on. I've done some bash scripting before but batch scripting is a little odd to me. Does anyone have a good online reference guide I could use?
An alternative soulution I could accept would be a program that makes an installer for you, though I'm a bit against that as I would lose a lot of control. However, I'd be alright with it if it was extremely simple,
Sounds like robocopy tool is exactly what you need.
Very powerful replication command-line tool.
MS TechNet reference,
Wikipedia article about robocopy,
Full command switch guide,
Batch scripting guide.
I like to use VBscript for this kind of thing. The VBS engine is on every recent windows machine and the language is a little more like real programming than a batch script.
Also, if your installer grows to require WMI functions too, this becomes a piece of cake.