rezz Posted August 15, 2010 Share Posted August 15, 2010 I have created a malware removal script and part of that script includes creating a restore point. The following works fine for the RP creation in Normal mode: _CREATERESTOREPOINT("Technician Start Restore Point") EndIf Next Func _CREATERESTOREPOINT($SRESTOREPOINTNAME) Local $OBJSYSTEMRESTORE $OBJSYSTEMRESTORE = ObjGet("winmgmts:{impersonationLevel=impersonate}!root/default:SystemRestore") If Not $OBJSYSTEMRESTORE.createrestorepoint($SRESTOREPOINTNAME, 12, 100) = 0 Then SetError(1) EndFunc ;==>_CREATERESTOREPOINT In safe mode when system restore service is not running an error is generated. In order to get around this I am trying to use this: ;Detect BootupState and if Normal Boot then Create Restore Point ;"Fail-safe boot" or "Fail-safe with network boot" or "Normal Boot" $objWMIService = ObjGet("winmgmts:\\.\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem") For $objItem In $colItems IF $objItem.BootupState = "Normal Boot" Then This appeared to work when testing in normal mode and switching 'Normal Boot' for 'Fail-Safe Boot'. No RP is created if 'Fail Safe' is inserted in the code in Normal mode. Running the entire code snippet alone in Safe Mode gives no error: ;Detect BootupState and if Normal Boot then Create Restore Point ;"Fail-safe boot" or "Fail-safe with network boot" or "Normal Boot" $objWMIService = ObjGet("winmgmts:\\.\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem") For $objItem In $colItems IF $objItem.BootupState = "Normal Boot" Then _CREATERESTOREPOINT("Technician Start Restore Point") EndIf Next Func _CREATERESTOREPOINT($SRESTOREPOINTNAME) Local $OBJSYSTEMRESTORE $OBJSYSTEMRESTORE = ObjGet("winmgmts:{impersonationLevel=impersonate}!root/default:SystemRestore") If Not $OBJSYSTEMRESTORE.createrestorepoint($SRESTOREPOINTNAME, 12, 100) = 0 Then SetError(1) EndFunc ;==>_CREATERESTOREPOINT However, I am getting an error in Safe Mode when the script hits the code. If Not $OBJSYSTEMRESTORE.createrestorepoint($SRESTOREPOINTNAME, 12, 100) = 0 Then SetError (1) If Not $OBJSYSTEMRESTORE.createrestorepoint($RESTOREPOINTNAME, 12, 100)^ERROR Error: The requested action with this object has failed. Any ideas on what is wrong or how I can have the restore point creation work when in normal mode but not run when the PC is in safe mode? Link to comment Share on other sites More sharing options...
PsaltyDS Posted August 16, 2010 Share Posted August 16, 2010 Is SRService running in safe mode? Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
rezz Posted August 16, 2010 Author Share Posted August 16, 2010 Is SRService running in safe mode?No. That is part of the problem. I found out that the script runs ok in XP for normal mode and safe mode.The problem is occurring with Win 7 in SM now.That is why I am trying to detect bootstate and prevent this part of the script from running when the PC is in SM. Link to comment Share on other sites More sharing options...
spudw2k Posted August 16, 2010 Share Posted August 16, 2010 (edited) Does this work? Spoiler https://msdn.microsoft.com/en-us/library/windows/desktop/ms724385(v=vs.85).aspx https://www.autoitscript.com/wiki/Snippets_(_Windows_OS_)#IsSafeMode.28.29 Edited March 31, 2017 by spudw2k nss 1 Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
rezz Posted August 18, 2010 Author Share Posted August 18, 2010 Thanks Spudw2K. I believe that is going to work fine. Testing now to be sure. Does this work? http://support.microsoft.com/kb/291664If _SafeMode() Then msgbox(0,"Safemode Detected","You are in Safe Mode") Func _SafeMode() $Flag = DllCall("user32.dll","int","GetSystemMetrics","long",67) Return $Flag[0] EndFunc Link to comment Share on other sites More sharing options...
rezz Posted August 18, 2010 Author Share Posted August 18, 2010 Yeeessss! That works in Win 7. No errors with my script now. Thank you very much. I changed the code to suit my script and not use the message box: If Not _SafeMode() Then _CREATERESTOREPOINT("Technician Finish Restore Point") EndIf Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now