Most active commenters
  • naikrovek(4)
  • maccard(3)

←back to thread

Windows recovery environment and bootable USB creator in 200kb

(github.com)
195 points _ol1s | 24 comments | 27 Jul 24 02:09 UTC | HN request time: 0.94s | source | bottom
1. torphedo ◴[27 Jul 24 03:45 UTC] No.41084297[source]
Wow, this is the largest batchfile I've ever seen! And I thought my 200-ish line one from high school was pushing it. Honestly huge respect for having the dedication to go this far with batch. I knew about the pseudo-function-calling features and a little bit of the weird syntax, but just skimming there's a lot of stuff in here I haven't seen before. Usually people saying "X in Y KiB" are doing some crazy linker shenanigans, so this was refreshing.

Also, "Windows To Go" and "Windows To Stay" are really funny feature names.

replies(4): >>41084376 #>>41084508 #>>41084695 #>>41085137 #
2. Firehawke ◴[27 Jul 24 04:04 UTC] No.41084376[source]
Not to get TOO far off topic, but you just reminded me of the 300+ line batch file I was using for my BBS back in the early 90s. Lots of errorlevel checks to handle door transitions, Fidonet, etc.

You could get some ridiculously complicated batch files if you really needed the added functionality.

replies(1): >>41087147 #
3. ◴[27 Jul 24 04:45 UTC] No.41084508[source]
4. Mogzol ◴[27 Jul 24 05:52 UTC] No.41084695[source]
Speaking of large batch files, if anyone has ever softmodded a Wii, there is a good chance you used ModMii, which is by far the largest batch program I've seen. The main script [1] is a batch file that clocks in at over a megabyte. I used to be pretty into the Wii modding scene and remember talking with the author of that script about random batch things a few times. I can't imagine maintaining a file that big.

[1] https://github.com/modmii/modmii.github.io/blob/master/Suppo...

replies(4): >>41084989 #>>41085606 #>>41085711 #>>41089905 #
5. nyanpasu64 ◴[27 Jul 24 07:24 UTC] No.41084989[source]
It's sad that so many projects simply stopped updating a decade or more ago... the first 90% of work is building a USB loader and the second 90% is maintaining it, and neither the author nor I want to figure it out. I read online that SNEEK lets you screenshot games... it doesn't work (wrong filesystem? neek2o and sneek have a different feature set?). Also god all those Exception (DSI) and learning a decade later they were segfaults... yummy memory-unsafe embedded programming.

I found that ModMii leaked some global variables from a (failed) SNEEK install to a system menu mod('s help file), and being written in Batch certainly explains things...

6. Kwpolska ◴[27 Jul 24 08:03 UTC] No.41085137[source]
"Windows To Go" is the official name for a former Windows feature.

Writing a Batch script of any length, let alone 3085 lines, is completely insane with PowerShell being part of the default install.

replies(1): >>41085268 #
7. maccard ◴[27 Jul 24 08:41 UTC] No.41085268[source]
I write tools for video game studios occasionally. You can’t double click a ps1 script and have it run, and you need to change the execution policy for powershell scripts to run. Those two hurdles for non technical people mean that we still write batch scripts
replies(1): >>41085333 #
8. TiredOfLife ◴[27 Jul 24 08:58 UTC] No.41085333{3}[source]
But you can run .ps1 from .bat that you doubleclick.
replies(2): >>41085615 #>>41087080 #
9. sllabres ◴[27 Jul 24 10:25 UTC] No.41085606[source]
I once knew a (very old) old accounting system that had to work around a 64kB limit and therefor used a programmatically generated set of many hundreds batch files batch files calling each other (not containing the program logic of course). But each of them was less than 100 lines long.

But 27 kLOC for the WII thing or 3 kLOC for the recovery tool which even looks a bit more convoluted then the WII thing sounds interesting to maintain. On the other hand, if it works, no dependencies no 200 MB binary blob.

10. kachapopopow ◴[27 Jul 24 10:27 UTC] No.41085615{4}[source]
That still has the same issue. Powershell will refuse to run scripts that are not signed by default.
replies(2): >>41086096 #>>41087878 #
11. sunaookami ◴[27 Jul 24 10:54 UTC] No.41085711[source]
Don't forget that it even has a GUI made with Wizard's Apprentice which is created and controlled by a similar large batch file: https://github.com/modmii/modmii.github.io/blob/master/Suppo... :D
12. andy81 ◴[27 Jul 24 12:19 UTC] No.41086096{5}[source]
You can use the -ExecutionPolicy argument to get around that.

It's not a security boundary, just something to stop users accidentally opening an email attachment like they will with bat/vbs.

replies(1): >>41087551 #
13. maccard ◴[27 Jul 24 15:11 UTC] No.41087080{4}[source]
If you are writing a bat wrapper, you might as well write the wrapper in c# at that point (which I do for anything that requires a condition or a loop)
replies(1): >>41087865 #
14. efdee ◴[27 Jul 24 15:22 UTC] No.41087147[source]
Wow, unexpected trip down memory lane. Thanks.

Press ESC twice for nostalgia.

15. ffsm8 ◴[27 Jul 24 16:23 UTC] No.41087551{6}[source]
Which is pointless if it's only for powershell.... But hey, security theater is kinda the MO of Microsoft if you think about rotating password policies which have a maximum password length etc
16. naikrovek ◴[27 Jul 24 17:01 UTC] No.41087865{5}[source]
The threshold you’ve chosen is crazy low, for me.

A condition or a loop? You’re writing everything in C# then. Everything worth writing, anyway.

replies(1): >>41089726 #
17. naikrovek ◴[27 Jul 24 17:02 UTC] No.41087878{5}[source]
Sign the powershell script. It’s not that large of a hurdle to get a code signing cert, though it certainly isn’t trivial.
replies(2): >>41089436 #>>41098794 #
18. lll-o-lll ◴[27 Jul 24 21:23 UTC] No.41089436{6}[source]
Code signing certs must have the key HSM’d these days. It’s a big hurdle.
19. maccard ◴[27 Jul 24 22:17 UTC] No.41089726{6}[source]
Pretty much, yep. The batch file is just for pre providing arguments and checking awkward error codes from robocopy
20. torphedo ◴[27 Jul 24 22:51 UTC] No.41089905[source]
21k loc, one file... dear god. that trumps it all, for sure. and wow, the repo is still getting active commits.
21. gloosx ◴[29 Jul 24 08:20 UTC] No.41098794{6}[source]
You have to go through a humilating process to get it as well as pay few hundred $$$ to one of MS street vendors.
replies(1): >>41100134 #
22. naikrovek ◴[29 Jul 24 13:02 UTC] No.41100134{7}[source]
you have to prove who you are, yes. I don't know what you mean in the 2nd half of the sentence.
replies(1): >>41159530 #
23. gloosx ◴[05 Aug 24 09:40 UTC] No.41159530{8}[source]
lemme explain quickly: you have to prove a lot of different things on paper, not just who you are; in reality this is just a money-milking side-hustle business for Microsoft. The process I had to go through had many different steps but in the end it all just relied on a blind trust between me and vetting team from the first step.
replies(1): >>41161069 #
24. naikrovek ◴[05 Aug 24 13:13 UTC] No.41161069{9}[source]
lemme respond quickly: code signing certs are in use by many more than just microsoft. if i want a code signing cert from digicert, microsoft doesn't get any money, digicert does. i can use it for more than just powershell scripts, of course, i can sign anything. they are useful things to have. getting them is a pain in the ass, yes, but it's supposed to be. they want to filter out identity impersonators and do everything they can to issue a cert to a person that is who they say they are. that's the whole point of the cert, so that's why you must show all of that proof.