Thanks for noticing, so in theory it will work after the first reboot! I can just put it in C:\Trial\IR7\IR7.bat but will be glad to put your slui.exe/sppsvc KF in my IR7.vbs or startup folder which ever works best but look forward to getting rid of my Hybrid3 task which currently is dealing with slui.exe So I'm wondering if I put my IR7.vbs which silently runs IR7.bat into the startup folder will everything run sooner than if by my Hybrid2 task? So my IR7.vbs will be doing three things in this order: 1. Run IR7.bat 2. Slui.exe 3. sppsvc.exe Thanks
I might have just received some new info on the askvg popup I was testing MD's DISM autoIR7install for RW on a modern faster computer and that popup was present, so opened up task manager and saw both slui/sppsvc and ended slui.exe and that popup immediately closed... I also put the askvg popup code into my IR7.bat and it didn't write so I think just the slui/sppsvc .vbs will be fine when your finished with it Thanks MJ
Try this, re-wrote it as a one-liner so you can echo echo >> filename.vbs. It detects sppsvc or slui events and reacts accordingly.
Cool but it will go into my IR7.vbs Here is what is there now: Code: CreateObject("Wscript.Shell").Run "C:\Trial\IR7\IR7.bat",0,True Question: Do I rename the part in green to IR7.bat? Code: strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "KungFuSlui.vbs",0,false: I will be putting this into the startup folder for testing with RWTE Here is the write I have for IR7.vbs Code: echo CreateObject("Wscript.Shell").Run "%systemdrive%\Trial\IR7\IR7.bat",0,True >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\IR7.vbs echo strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "KungFuSlui.vbs",0,false >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\IR7.vbs slui.exe/sppsvc.exe
Yep, rename the part in green to "IR7.vbs" Looking at this, it will run the IR7.bat every single time kung-fu event is triggered. Is that what you intended or do you only want the IR7.bat to run once at startup.
I want the usual IR7.bat to be run by IR7.vbs once at start up like it normally does I want to be able to add the code for FungFu to my IR7.vbs as to take care of the slui/sppsvc stuff So my IR7.vbs has this and I want to add the KF code to it and put it in startup folder Code: CreateObject("Wscript.Shell").Run "C:\Trial\IR7\IR7.bat",0,True Can I put both these things in IR7.vbs like above code?
You'd need two different VBS files for that. One that starts the ir7.bat and quits the other is just the kung-fu which will repeat multiple times through-out the day. Here is a custom event log entry so people can determine how 'strong' my kung-fu really is. Code: jshell.Run "cmd /c start /b powershell -command ""write-eventlog System -source 'Microsoft-Windows-Kernel-General' -eventid 666 -message 'This is my Kung-Fu and it is strong!'""",0,true: Code: strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "cmd /c start /b powershell -command ""write-eventlog System -source 'Microsoft-Windows-Kernel-General' -eventid 666 -message 'This is my Kung-Fu and it is strong!'""",0,true:jshell.Run "KungFuSlui.vbs",0,false: Easter egg, when you go into eventvwr.msc, you'll see event ID 7034, which keeps track of how many times the Kung Fu has run.
I'll leave my IR7.vbs as it is I do this write but it doesn't write correctly Code: echo strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "KungFuSlui.vbs",0,false: >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
Yeah, got the same error yesterday when I tried. It is the double quotes. Not sure how to properly escape them (tried \" and ^") for cmd > vbs and failed, but when I remove them (ctrl H replace with ' single quotes) then encapsulate the whole thing in double quotes it echo's correctly into the output file. (but VBS then errors because it does not respect the single quotes). Might have been easier to just do it the hard way with 8-10 echo commands, just need separate the rows at the : colons and it should work.
Yes it creates the .vbs just with nothing in it... How bout this... Code: echo strComputer = "." >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbsecho strComputer & "\root\cimv2") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo Set objEventObject = objEventSource.NextEvent() >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo set jshell = createobject("WScript.Shell") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo jshell.Run "net stop sppsvc",0,true >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo jshell.Run "KungFuSlui.vbs",0,false >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo strComputer = "." >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo strComputer & "\root\cimv2") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe'") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo Set objEventObject = objEventSource.NextEvent() >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo set jshell = createobject("WScript.Shell") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo jshell.Run "taskkill /f /im slui.exe",0,true >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo jshell.Run "KungFuSlui.vbs",0,false >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs It writes this: Code: strComputer = "." Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'") Set objEventObject = objEventSource.NextEvent() set jshell = createobject("WScript.Shell") jshell.Run "net stop sppsvc",0,true jshell.Run "KungFuSlui.vbs",0,false strComputer = "." strComputer Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe'") Set objEventObject = objEventSource.NextEvent() set jshell = createobject("WScript.Shell") jshell.Run "taskkill /f /im slui.exe",0,true and creates other file called in startup folder Code: KungFuSlui.vbsecho Also noticed that when I put my IR7.vbs that is suppose to run my IR7.bat in startup folder that is doesn't run IR7.bat
Not want to include rogue files do I, hmm he he, only one batch need I do Wish we knew how these 3 files are connected The random piracy permissions popup that when I close slui.exe it closes (Two birds one stone) And connection between sppsvc and slui.exe What is this... I really want to implement this soon so I'm willing to test when code is ready Since the IR7.vbs does not run IR7.bat in startup folder I'll keep in C:\Trial\IR7 After we nail this popup/piracy stuff then I'll only have DISM to work on then after that I'm Final I'll keep in mind WPA delete inside windows but basically Rearm concept for W7/2013 is done
@MJ I think for RW using just the slui.exe will do fine as it closes both the activation/piracy messages that users experience with my rearm concept I don't think it's necessary to use the sppsvc.exe stuff Maybe I'll just stick with my Hybrid3 task since I only need it to run a startup if user gets one of those two popups?!
Kung Fu 2.0 Got it to work from the command line. Needed some base64 encryption to avoid using any special characters that cmd.exe could accidentally parse. (avoiding that double quotes issue we had last time) Works from echo >> KungFu.bat. Code: echo start /b powershell.exe -nologo -WindowStyle Hidden -sta -command "$KungFu = 'H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOUu9Z5m3atNUqbVar5nIaftlmzdu3RVmO83d5evc8vVsstB0+uUXbcl1Iy984+d2yaZl+ln6et9vH9Nv2y6ydpx/V+UXRtPX1o0ff/r1Of5/f/6vXp69e/76vt3e372/v7Xx0+Lut8npRNE1RLendj17k7VVVv01f5/VlMc0/Gn30bF2WJ9WyrauS/sJvWbHM67PlPK+LdpR+OfnpfNrqnx+NCES1xHvHZVldEfxsOs2b5tW6zAn+i/xqW15IX183bb4Yv86na3rxenzM7abS0/iVYn3s3vYwBdSSXm3d11teR3f4+/RnaBTvQQqQ8DdOzs7Tra2Lq0WRXhXLe3u//6quADbdPi/KNq/Tj17KB2dPP/vdXp49/Yh6afISA5pWi0W2nJVEnTtj7490e1m1i6ydztOPv13MZvny4zu/cfKLab5Ovvzii+MXT0H3VXWV180819mlV8rqokq3v1ssZ9XV6/aaCCAvp9vPCvrjo/ST9KM/4CP8+N0W12fLy2qatUSa8RfXJ9L3+Gl+XiwLfGja/sbJ9y6rYvb97ynxX+XnQB2vHTdNvpiU199/9Oh5lc2+W7Tzl1ndFln5IlvkWx9/UUzrqqnO2/FPFs06K59kTTH9+M7h96JfjM+WRKyMQRPE1xjY1kdmwB+NdogC+bui/Y2TXyJkB39fzQvMY1uv8zvyyS92AvC7/cQ6r69BKiX3t9Lzulqkv//vXyybNltO85M6ZwqcXubLlmavnRfLdJeg5nVOslNf5MSl0jQtmiz9WCZY5/PjFDPxJmg2xtCpy4+NlH2cfvmq0yY9e32cfvxdD9QNoKxwf/xRKN6/GyN+BUYhPgtkhaYzu8gX9PXY/crNv6vNhTwxgAQpgDy+yor2WVW/yN8JiC0ltnl+TrSX3/KK9EG+nQM3EgJVFOl2U61rorfjRBWOZvv3yutlXm5/npNeysqPU3m3mKWffvppur2g2SWSpR+/mRcNzXy6uE5/r/XyYvvZOiUxSYsWH5JeqJYXv+vHggpz5f8DWLimhMkFAAA=';$data = [System.Convert]::FromBase64String($KungFu);$ms = New-Object System.IO.MemoryStream;$ms.Write($data, 0, $data.Length);$ms.Seek(0,0) | Out-Null;$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Decompress);$sr = New-Object System.IO.StreamReader($cs);$t = $sr.readtoend();Invoke-Expression $t;" > C:\KungFu.bat # How exactly does a KungFu.Bat do all this stuff on-the-fly Spoiler
That is some crazy code MJ You said you included base64 encryption but what about 32 users? Thanks for the hard work