I think I broke powershadow. Software loaded and survived reboot.

Discussion in 'sandboxing & virtualization' started by Horus37, Jun 11, 2007.

Thread Status:
Not open for further replies.
  1. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    1. My issue is not that FDISR can't do certain things, it's that it's not well known that it can't do certain things to help you recover.

    So far let's see... Um, don't mess with the MBR or partition table, don't intall a hidden partition, don't intall a kernal driver that self updates, don't install another application like it such as rollback into it, don't flash the bios, don't um, what else? Where's the list?


    2. Erik said that when he restores an image he gets popups about new hardware found etc. I think it might be ATI specific maybe as I have posted on the ATI forums about this and they reported that they also get popups when restoring an ATI image. If that's the case there is something in my bios that detected a change and that means something go through powershadow. I suppose if I flashed the bios while shadowed I'd expect permanent changes but this software wasn't even installed fully. So my guess is it did something during the install to the bios that is irreversible. Lesson learned. I don't think it had anything to do with me backing out the install. I think it had something to do with the install. Once you flash the bios, a faulty uninstall of a flash utility won't matter. However what is not known that they don't tell you is that during this install, REGARDLESS if you reboot or not, the bios gets changed permanently during the install perhaps. That is the million dollar question and why I was contacting HP.


    3. That part..." FDISR IS NOT SECURITY SOFTWARE. It is designed to recover from things that corrupt the system like bad software installs, that almost never touch the MBR or Partition table" - especially that last part (that never touch the MBR or Partition table) should be an asterisk on the website that sells FDISR or bootback.



    4. I don't keep saying Powershadow installed a hidden partition. I know that the HP software did what it was designed to do. I'm stating that powershadow didn't stop the creation of a hiddnen partiton and can't reverse it when that happens and that is a problem. According to their website they guarantee no problems. Im just trying to figure out how come this kind of change is not reversable. Looks like a bios change during software install which you can't stop but I'm contacting HP about this to get clarification about what happens during the install process that is irreversible to the bios. The way powershadow works is BEFORE the the reboot. It doesn't operate like FDISR freeze. The changes are undone BEFORE the reboot takes place when you come out of shadow mode. At least that's my understanding of it. One curious thing I keep coming back to is if I install and then uninstall something while in shadow mode will that force it to get reinstalled when coming out of a shadow mode or would it matter? In my case it might have reinstalled what I uninstalled maybe. Probably not but.... Why don't more brave souls try to this software and see what it does to their system. Surely in a VM this wouldn't have negative consequences right?
     
    Last edited: Jun 13, 2007
  2. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    FWIW...

    I have used GHOST 2003 (99.99% of the time I just use the DOS GHOST.EXE file/program instead of the starting from the GUI while Windows is running) and mostly image a partition as opposed to the whole disk.

    I ALWAYS (100%) get a message about needing a reboot for new hardware/driver (whatever the messages is).

    I assume that GHOST is setting a bit someplace that says to rescan for new hardware.

    I have NEVER, NEVER, NEVER for 97 more times, had a problem.

    Please see this post https://www.wilderssecurity.com/showthread.php?t=177197 about the HDDerase DOS program.

    http://cmrr.ucsd.edu/Hughes/HDDEraseReadMe.txt
    MIke
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Norton Ghost 2003 here as well and I always restore from Windows and have never had a "found new hardware/restart" prompt.

    Could this be because I partition the drive before making any images?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Interesting question. Might be an interesting VM exercise.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hidden partitions should be that hard to find. When I imaged my new Thinkpad tablet, Shadowprotect saw both partitions and imaged them both. I could also restore both of them. Not really difficult.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Horus

    Where did you find the link to download the HP recovery manager.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I mean it may exist as a ghost volume.In the pic below only my current hooked up HD with three partitions show as a dark grey in device manager.

    All the other lighter coloured volumes (ghosts) are from different partitioned slave drives that I have had hooked up at one stage.
    Storage volumes.jpg
     
  8. idle.newbie

    idle.newbie Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    10
    http://hddguru.com/content/en/software/2005.10.02-MHDD/ MHDD, another DOS based freeware for low-level HDD diagnostics, "MHDD /EnablePrimary /DisableBIOS" in DOS prompt and use NHPA command to uncut the HPA.

    I guess HPA =/= hidden partition, HPA reduce the HDD size, seems a little bit like physically smaller HDD. Besides, the last partition/extents should be resized to a smaller size. Both may cause windows detect a new hardware/volume.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi Peter, I agree with you but do u know what is in my mind? Actualy I expect such software to protect MBR, PBR, Partition table etc. Any instant recvery software with such a feature will protect against malware like KillDisk, BootKits etc( remember PowerShadow surviving KillDisk virus!).
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    HI Aigle

    For all we know, Powershadow may have protected the MBR, which may ultimately have created the mess. This HP software(which I can't find) has to create the partition, and write stuff to that partition, then it has to be rebooted. What does it do on the reboot. Also we have established there probably is a bug in the microsoft routine that reads the partition table, so it probably returned and error and then who knows what happened.

    Bottom line is installing a program that needs to modify the MBR and partition table while shadowed is an invitation to the disaster that occurred.

    If anyone can provide a link to this HP software I'd like it. I have searched and I can't find it. Hmm

    Pete
     
  11. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Hmmnn,I did send HP a link to this thread and asked for a tech to respond a coupla days ago.

    Also asked if their backup modifies any part of the system with no user input or prompt but haven't received a reply as yet.

    "If" I get a personal reply will post it.
     
  13. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    This site seems to be available: ("http://h20331.www2.hp.com/Hpsub/cache/312352-0-0-225-121.html") copy/paste, or link below:

    http://h20331.www2.hp.com/Hpsub/cache/312352-0-0-225-121.html

    Also (from the above HP WebPage):

    Related links
    » HP Backup and Recovery Manager datasheet (.pdf, 149K)
    » HP CMS Document and demo library
    » HP Backup and Recovery Manager Flash demo

    I have been pleased with HP Printers and HP's Support, never tried their Computers,
    but my Dell came with a (small) Partition containing just a pre-boot Hardware Testing (DOS) Program,
    newer Dells also have a Restore (to factory load) Partition.

    Dell provides a method to copy from and delete this Partition, but HP's method of also protecting (storing) your Personal Data seems to be a step beyond, in utility.

    I also use the Roxio/Symantec Go-Back 'restore' which needed up to a 6GB 'free area' to install on C:\ drive, it specifically protects "C:\ drive" only.

    It provides a simple method to return, following a test of a program, if you want something saved, you copy that to another Drive (or Partition).
    _____________________________________________________________________________________________________

    BTW: I would advise avoiding ANY attempt at BIOS Flash from Windows (use the 'boot from floppy method' for best safety) but doing it from within something like PS would just about guarantee you a doorstop. Most BIOS 'chips' are surface mount (no socket) and a 'flash-gone-wrong' can only be fixed by a MotherBoard Replacement.
    _____________________________________________________________________________________________________

    Any MalWare that could 'Flash your BIOS' or Create a 'protected' Partition without your 'approval' could well mean the end of your system or a non-removable 'resident' malware, but then a "Tin Whisker" could do that for you with no internet connection required:)
     
    Last edited: Jun 14, 2007
  14. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I talked to an HP tech support person and they must make like 8 dollars an hour as they are not very technical for free. Basically they state that the full install and reboot will enable you to access an area in the software that allows you to do an uninstall of the partition and that it's not really vendor specific as I've found 2 free programs that will get rid of the partition if one did exist which i can't find. So it's possible the bios got changed but the partition didn't get fully implemented or was botched etc. and the full partition does not show up because it's a corrupted partition. Whatever the case the computer registered a change that's like a bios flash maybe. I'm not sure why the change is irreversible. I would tend to think that the smart thing to do is to fully install the program again, reboot, bootup the GUI and run the uninstall utility and see what happens. You can't run the uninstall utility until you reboot and fully install the software. That's why I didn't see the uninstall section before I rebooted innitially I think. The free tech support people were very short with answers. So unless i want to pay for the next step I might just download the software again and do a normal install and see what happens. However I don't think this partition is proprietaryas I said before. I have found many programs that erase HPA/DCO's for free. However I'm wondering if this is the same area that the computer stores info about bad disk sectors etc and if that got erased and then got written over gain without not knowing it was a bad sector well then that might be another area to explore. However I'm not sure. I"ll talk to their free tech support again and see what I can pull out of them. I'm investigating a link between this and the ext usb hdd, a link to a bad sector that got erased the last time I zero'd my drive and got rewritten as a good sector but is really bad, a link to a corrupt hard drive firmware data area,,,etc. Just don't know what the program changed during the install as their tech support doesn't want to go too indepth for free.
    Hopefully I won't have to wipe my cmos or pull the button battery out of this thing.
     
    Last edited: Jun 14, 2007
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Two things.

    1) What do you think HP techsupport is going to do with this link. They won't have a clue what powershadow does, and I'll bet the just say the problem is with powershadow.

    2) "if" you get a reply please don't post it, unless you specifically asked them if you could and it contains their permission. Otherwise that posting would be a TOS violation and will be pulled. You should be able to give us an idea of their response in your own words.

    Pete
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Horus

    You still don't say where you downloaded the software from. I doubt the bios was affected. You probably screwed the disk with the reboot from the shadow mode of PS.

    Tell me where you got this software. I can't find any link on the HP site for a download.

    Pete
     
  17. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    The links above (same as post #38 ) work fine, except the Flash Demo http://h10010.www1.hp.com/wwpc/pscmisc/vac/us/en/sm/IM/hp_backup_1001.htm as did the link from first page of this thread.

    I don't know if there could be any software protection or recovery from a BIOS or Firmware corruption that is applied beyond the Operating System.

    Horus seems to have confirmed the fact that it is possible to damage your system in spite of PowerShadow :cool:
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yeah, all those links work, but they aren't for downloading software. I'd like to download the software.

    As to damaging the system in spite of Powershadow. I don't buy it in the sense you are saying it. No software can prevent damage if you do something you shouldn't. Installing something like he did while in shadow mode just guarantee's trouble.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Actually this whole thread does leave me unsure about Power Shadow for one reason. Where are they? They should be interested in this even if it isn't there softwares fault. This is the concern that keeps me away from this software.

    Pete
     
  20. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    My thoghts on Powershadow is it's very similiar to shadow protect. Also when it BSOD on my sytem tech support just said maybe it's because I have RAID and they didn't even want to investigate further. So support a little lacking in my opinion. Also there is better software to be had to do similar things. Just my opinion though.

    Thanks,

    Chris
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    ReturnIL has the same problem with Raid, but they are looking into it.
     
  22. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    I like Power Shadow but support is almost non-existent. You can E mail them and get a response. The forum doesn't help.
     
  23. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    After hearing everyones' experience with PS, I would like to add my own experience of a bad mishap. I blame myself and not PS, I was messing around with disk editor, and not knowing exactly how the program worked I trashed my system while in full shadow mode. I'll take a guess and say that PS is good at protecting system files and settings, however not against tools that would alter the partition(s) or hard disk data as viewed by disk editor & sector editor as I found out the hard way. I remeber pressing something in the hard disk & or sector editor editor and it filled my entire hard drive with 1 & 0 s' I closed the editor and everything was ok until I rebooted. Then my harddrive seemed to be gone nothing was being read as existing upon boot. So I had to use PM and redo my partition C D then used my ghost image and restored C in under 40 sec then after OS rebooted, plug in the external and drag and drop my programs installs and data into D. All is well. That was a learning experience for me. :)
     
    Last edited: Jun 14, 2007
  24. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    917
    I am not sure this is the proper thread to post this in...and maybe you are all already aware of it anyway; if so I apologize. In the Powershadow forum the administrator reported that [GLOW="green"]Powershadow 2.6 does not protect the MBR but that 2.82 does.[/GLOW]

    Does anyone know if this is true and if so did any one ever determine if it is still possible to activate 2.82? I am thinking of switching to 2.82, if I can figure out how to install and then apply the english language files.

    http://powershadow.freeforums.org/viewtopic.php?t=70&sid=0d123facaf949088e66afd8469f26cb9
     
  25. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    I think I remember somebody posted about 2.8.2 protecting the MBR. I believe Mike is going to test it sometime after his vacation.

    I not sure you can get it free anymore. I think June 11th was the cut-off date. You could give it a shot. All it needed was a name and e-mail address. Even a fake one would work. See this thread for more details. Post 10 has a link to the conversion files. https://www.wilderssecurity.com/showthread.php?t=172533&highlight=powershadow 2.8.2
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.