A test of the "I think I broke Power Shadow...."

Discussion in 'sandboxing & virtualization' started by Peter2150, Jun 14, 2007.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    I was curious to test what Horus37 said happened to him. I am a bit curious why he never responded to my question of where I can find this software, but...

    I simulated the situation with Acronis True Image. It's secure zone is a hidden partition just lilke the partition on my ThinkPad so it's a reasonable test. Also I tested with ReturnIL as opposed to Powershadow, as both are similar products but I feel Returnil is more promising just because of support. Also note the c: drive was a 20G drive one partition of 19.9g and 7 mg left over.

    First Rollback. The initial install of ATI was a non event. THen I went for the secure zone. Acronis sets it up and then reboots and builds the secure zone at the same point in the boot that chkdsk would run. All seemed okay although the secure zone activation wouldn't. Then I looked at the Disk Map.
    Hmm, it showed just one full partition like I started with but only 10.1 gig. Hmm clearly something went wrong. Also trying to boot between Rollback snapshot was not good. Boot and mbr errors, although I did get into other snapshots. Finally I rolled back into the snapshot I started with, which got rid of Acronis in its entirety. Boot problems were gone, and looking at the disk map, I had my single 19.9g partition back. Although doing this made a mess of stuff Rollback recovered nicely.

    Returnil. My first effort was a duh exercise. I turned on the protection and installed ATI, and rebooted as it called for. Yep a good laugh, as Returnil did exactly as promised. Second time I installed ATI and rebooted and then turn on Returnil protection. Then I ran the Setup and activate the Secure zone wizard. Of course it needs a reboot and I did so. Never saw ATI go thru the partition stuff. When I was back in windows it was just like I started. Nothing happened. THis suggests it would have survived the HP thing.

    Horus if you are out there, where can I get the HP program.

    Pete
     
  2. glentrino2duo

    glentrino2duo Registered Member

    Joined:
    May 8, 2006
    Posts:
    310
    Got across this website and remembered this thread.

    since you cannot download HP Backup and Recovery Manager officially from HP, the above link might help.. :)
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi Pete, thanks for the test. Which version of PS did you use? I'm asking because 2.8.2 is suppose to protect the MBR like RVS does. I'm not sure if the MBR has anything to do with it or not.

    I want to add that I really like RVS and I'm glad they are continually working to improve it and the support from Mike has been top notch. Returnil seems committed to making a great program even better.

    Cheers, innerpeace
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Wondered here as well, seeing you did ask him in several posts for the download link which he seemingly ignored or maybe just missed it.

    I tried to instigate a ghost image with ng2003 from within PS mode and it went through the motions to reboot into dos but it just booted straight back to windows.

    Have updated to Vista now with ng2003 and ps being incompatible so using Returnil which seems to be working fine.

    Yet to decide on another image app but will probably go for Paragon.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Hi Innerpeace.

    To tell the honest truth, I don't remember. Someone sent me a link, so I suspect it was 2.6.

    Pete
     
  6. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    I know this is off-topic but I'm still wondering about the Horus saga; did he ever manage to 'nuke' the hidden partition?
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    I honestly don't know. Do a thread search.
     
  8. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    To Peter2150 I have a test for you if you interested. Use PS 2.82 in full shadow mode or Returnil which ever you want, turn on the protection. Next use Sector Editor v1.05 by Julie Lau, Then do a sector fill for the whole drive or partition make sure the tool is not in read only mode and see what happens. :D be sure you got backups and you can recover. Just a thought imagine code ever gets past your HIPS and malware that has ability like this tool ever runs kiss your data good bye, thank goodness for back ups and recovery software.
     
  9. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Hi Peter, I reread all the threads relating to the Horus story the other night. He doesn't tell us how he got on or if his attempts at removing the hidden partition were successful and I for one would like to know.
     
    Last edited: Jul 6, 2007
  10. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    No I felt it was not necessary to try to undo the hidden partition area created since the change was permanent on my system using PS 2.6 which does not protect the MBR. I haven't tried this with V 2.8 nor returnil since I haven't been able to get into the HP website deep enough to get the software program again. Although I have an HP evidently the software is for the business line and your computer must NOW pass a scan test to make sure your computer is an HP and the model that goes with this software. Someone must have complained to HP besides me and now they are being restrictive with their software. I was looking for an updated version of some of my software and found that some of the software on the business line of their PC's seemed to have a more up to date version so that is how I found the previous software. Now you can't just go browsing around their website with first passing their scan test to prove your computer is an hp and a model that goes with the software they offer. Regardless, knowing that v 2.6 does not protect the MBR is enough concern for me now. Returnil does but they have issues with defragging now that they need to figure out before I'd consider using it. Flinchlock also found that a low level disk editor also is able to bypass powershadow. Granted these programs are fairly big and obvious unlike software that tries to act like malware. In the end I had to rebuild my system. I didn't want the HPA on my system.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Does the editor work in windows, and do you have a link. I'll give it a play in my VM machine, which is a perfect simulation.

    Pete
     
  12. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
  13. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks, if you didn't have to swap the language files, it was probably 2.6.

    innerpeace
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
  15. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    Actually Peter2150 its a low level tool that will make changes and it dont matter if you in a virtual enviornment it has access to the actual HD welll in your case it would be the virtual file acting as a partition maybe but best be careful with it
    though I'm not sure how the tool is going to act in a VM.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    I can't find the editor so it's a mute point. The VM virtual machine disk act exactly like a real disk, which makes them great for testing this stuff. Best part is you can take a snapshot, destroy the disk, and the revert back to the snapshot and all is fine. Wonderful for testing and watching the affects of certain actions before trying them on the real disk.

    Pete
     
  17. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    the link appears to be working again. Peter2150 if you want i can upload the program to rapidshare and post the link in the forum or pm it to you (if you still want to test it). i wonder how deepfreeze and sandboxie would fare vs this test. any users here with test machines and use these apps? i'm gonna email the geswall people the program so they can test it vs geswall.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Sure I'd be interested. I'd PM it as opposed to posting.

    Pete
     
  19. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    kk i sent you the pm with the link. if anyone else wants it for testing purposes tell me i'll pm it to you too.
     
Loading...
Thread Status:
Not open for further replies.