Sign in to follow this  
Followers 0
rezz

Detect Safe Mode and Create Restore Point

6 posts in this topic

I have created a malware removal script and part of that script includes creating a restore point.

The following works fine for the RP creation in Normal mode:

_CREATERESTOREPOINT("Technician Start Restore Point")
EndIf
Next
Func _CREATERESTOREPOINT($SRESTOREPOINTNAME)
    Local $OBJSYSTEMRESTORE
    $OBJSYSTEMRESTORE = ObjGet("winmgmts:{impersonationLevel=impersonate}!root/default:SystemRestore")
    If Not $OBJSYSTEMRESTORE.createrestorepoint($SRESTOREPOINTNAME, 12, 100) = 0 Then SetError(1)
EndFunc   ;==>_CREATERESTOREPOINT

In safe mode when system restore service is not running an error is generated. In order to get around this I am trying to use this:

;Detect BootupState and if Normal Boot then Create Restore Point
;"Fail-safe boot" or "Fail-safe with network boot" or "Normal Boot"
$objWMIService = ObjGet("winmgmts:\\.\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem")
For $objItem In $colItems
  IF $objItem.BootupState = "Normal Boot" Then

This appeared to work when testing in normal mode and switching 'Normal Boot' for 'Fail-Safe Boot'.

No RP is created if 'Fail Safe' is inserted in the code in Normal mode.

Running the entire code snippet alone in Safe Mode gives no error:

;Detect BootupState and if Normal Boot then Create Restore Point
;"Fail-safe boot" or "Fail-safe with network boot" or "Normal Boot"
$objWMIService = ObjGet("winmgmts:\\.\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem")
For $objItem In $colItems
  IF $objItem.BootupState = "Normal Boot" Then
_CREATERESTOREPOINT("Technician Start Restore Point")
EndIf
Next
Func _CREATERESTOREPOINT($SRESTOREPOINTNAME)
    Local $OBJSYSTEMRESTORE
    $OBJSYSTEMRESTORE = ObjGet("winmgmts:{impersonationLevel=impersonate}!root/default:SystemRestore")
    If Not $OBJSYSTEMRESTORE.createrestorepoint($SRESTOREPOINTNAME, 12, 100) = 0 Then SetError(1)
EndFunc   ;==>_CREATERESTOREPOINT

However, I am getting an error in Safe Mode when the script hits the code.

If Not
$OBJSYSTEMRESTORE.createrestorepoint($SRESTOREPOINTNAME, 12, 100) = 0 Then SetError (1)
If Not
$OBJSYSTEMRESTORE.createrestorepoint($RESTOREPOINTNAME, 12, 
100)^ERROR
Error: The requested action with this object has failed.

Any ideas on what is wrong or how I can have the restore point creation work when in normal mode but not run when the PC is in safe mode?

Share this post


Link to post
Share on other sites



Is SRService running in safe mode?

;)

No. That is part of the problem.

I found out that the script runs ok in XP for normal mode and safe mode.

The problem is occurring with Win 7 in SM now.

That is why I am trying to detect bootstate and prevent this part of the script from running when the PC is in SM.

Share this post


Link to post
Share on other sites

Yeeessss! That works in Win 7. No errors with my script now.

Thank you very much.

I changed the code to suit my script and not use the message box:

If Not _SafeMode() Then
_CREATERESTOREPOINT("Technician Finish Restore Point")
EndIf

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0