============================START============================
External Proc Output: ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\VMWare, Inc.
Core REG_SZ VMware Workstation
Executing: [reg, query, "HKLM\SOFTWARE\VMware, Inc.\VMware Workstation", /v, InstallPath]
External Proc Output: ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Workstation
InstallPath REG_SZ C:\Programme\VMware\VMware Workstation\
Executing: [reg, query, "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vmware-mount.exe", /v, Path]
External Proc Output: ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vmware-mount.exe
Path REG_SZ C:\Programme\VMware\VMware DiskMount Utility\
Live View 0.6
Host Operating System: Windows XP
Java Version: 1.6
VMWare Install Type: 0
VMWare Mount Path: C:\Programme\VMware\VMware DiskMount Utility\vmware-mount.exe
Executing: [wmic, /namespace:\\root\cimv2, path, Win32_DiskDrive, get, index, ,InterfaceType]
External Proc Output: Index InterfaceType
0 IDE
1 SCSI
2 USB
Executing: [wmic, /namespace:\\root\cimv2, path, Win32_DiskDrive, get, index, ,model]
External Proc Output: Index Model
0 WDC WD1200JB-00DUA0
1 Promise 2+0 Stripe/RAID0 SCSI Disk Device
2 FUJITSU MHV2120AH USB Device
Executing: [wmic, /namespace:\\root\cimv2, path, Win32_LogicalDisk, where, DeviceID="C:", assoc, /RESULTCLASS:Win32_DiskPartition]
External Proc Output: __PATH
\\MOLLRALF-A01\root\cimv2:Win32_LogicalDisk.DeviceID="C:"
\\MOLLRALF-A01\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0" root\cimv2 MOLLRALF-A01 {"CIM_DiskPartition", "CIM_StorageExtent", "CIM_LogicalDevice", "CIM_LogicalElement", "CIM_ManagedSystemElement"} 34 Win32_DiskPartition.DeviceID="Disk #0, Partition #0" CIM_ManagedSystemElement CIM_DiskPartition Win32_DiskPartition 2 512 TRUE TRUE Datentr„ger Nr. 0, Partition Nr. 0 Win32_DiskPartition Installierbares Dateisystem Disk #0, Partition #0 0 0 Datentr„ger Nr. 0, Partition Nr. 0 40965687 TRUE 20974431744 32256 Win32_ComputerSystem MOLLRALF-A01 Installable File System
Bootable device is index: 0
Executing: [wmic, /namespace:\\root\cimv2, path, Win32_DiskDrive, get, index, ,size]
External Proc Output: Index Size
0 120031511040
1 800171688960
2 120031511040
Device Index: 0
Device Size: 120031511040
Excluded Device Index: 0 because it is the host boot drive
Device Index: 1
Device Size: 800171688960
Skipped \\.\PhysicalDrive1 detected with WMI because it has an invalid MBR
Device Index: 2
Device Size: 120031511040
Skipped \\.\PhysicalDrive2 detected with WMI because it has an invalid MBR
Added \\.\PhysicalDrive3 not detected by WMI to list of physical devices
Error: I/O problem reading physical device: \\.\PhysicalDrive4 Das Gerät ist nicht bereit
Error: I/O problem reading physical device: \\.\PhysicalDrive5 Das Gerät ist nicht bereit
Error: I/O problem reading physical device: \\.\PhysicalDrive6 Das Gerät ist nicht bereit
Error: Could not open physical device: \\.\PhysicalDrive7 \\.\PhysicalDrive7 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive8 \\.\PhysicalDrive8 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive9 \\.\PhysicalDrive9 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive10 \\.\PhysicalDrive10 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive11 \\.\PhysicalDrive11 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive12 \\.\PhysicalDrive12 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive13 \\.\PhysicalDrive13 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive14 \\.\PhysicalDrive14 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive15 \\.\PhysicalDrive15 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive16 \\.\PhysicalDrive16 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive17 \\.\PhysicalDrive17 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive18 \\.\PhysicalDrive18 (Das System kann die angegebene Datei nicht finden)
Error: Could not open physical device: \\.\PhysicalDrive19 \\.\PhysicalDrive19 (Das System kann die angegebene Datei nicht finden)
Physical Disk Info 0: Index: 3 Interface: IDE Model: Hard Disk 3 Size: 4.869333504E9
Ram Size: 256
System Time: 06.09.2007 12:39:16
Guest OS: auto
Is Physical Disk: true
non-numeric or mixed extensions detected
Sorted Input Files [Select Your Image File(s)]
vmrun path: C:\Programme\VMware\VMware Workstation\vmrun.exe
Mount Drive Letter: k
MBR Signature found: almost certainly have an mbr or partition (not garbagefile)
Num Existing Snapshots 0
MBR Info:
33 c0 8e d0 bc 00 7c fb 50 07 50 1f fc be 1b 7c
bf 1b 06 50 57 b9 e5 01 f3 a4 cb bd be 07 b1 04
38 6e 00 7c 09 75 13 83 c5 10 e2 f4 cd 18 8b f5
83 c6 10 49 74 19 38 2c 74 f6 a0 b5 07 b4 07 8b
f0 ac 3c 00 74 fc bb 07 00 b4 0e cd 10 eb f2 88
4e 10 e8 46 00 73 2a fe 46 10 80 7e 04 0b 74 0b
80 7e 04 0c 74 05 a0 b6 07 75 d2 80 46 02 06 83
46 08 06 83 56 0a 00 e8 21 00 73 05 a0 b6 07 eb
bc 81 3e fe 7d 55 aa 74 0b 80 7e 10 00 74 c8 a0
b7 07 eb a9 8b fc 1e 57 8b f5 cb bf 05 00 8a 56
00 b4 08 cd 13 72 23 8a c1 24 3f 98 8a de 8a fc
43 f7 e3 8b d1 86 d6 b1 06 d2 ee 42 f7 e2 39 56
0a 77 23 72 05 39 46 08 73 1c b8 01 02 bb 00 7c
8b 4e 02 8b 56 00 cd 13 73 51 4f 74 4e 32 e4 8a
56 00 cd 13 eb e4 8a 56 00 60 bb aa 55 b4 41 cd
13 72 36 81 fb 55 aa 75 30 f6 c1 01 74 2b 61 60
6a 00 6a 00 ff 76 0a ff 76 08 6a 00 68 00 7c 6a
01 6a 10 b4 42 8b f4 cd 13 61 61 73 0e 4f 74 0b
32 e4 8a 56 00 cd 13 eb d6 61 f9 c3 49 6e 76 61
6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74 61
62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e
67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74
65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61
74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 2c 44 63 5d ec 5d ec 00 00 80 01
01 00 07 fe bf 4f 3f 00 00 00 11 1e 91 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa
Partition 1:
====================
Is Bootable: true
Begin Head: 1
Begin Cylinder: 0
Begin Sector: 1
Partition Type: 0x7
End Head: 254
End Cylinder: 591
End Sector: 63
Relative Sector: 63
Num Sectors: 9510417
Partition 2:
====================
Is Bootable: false
Begin Head: 0
Begin Cylinder: 0
Begin Sector: 0
Partition Type: 0x0
End Head: 0
End Cylinder: 0
End Sector: 0
Relative Sector: 0
Num Sectors: 0
Partition 3:
====================
Is Bootable: false
Begin Head: 0
Begin Cylinder: 0
Begin Sector: 0
Partition Type: 0x0
End Head: 0
End Cylinder: 0
End Sector: 0
Relative Sector: 0
Num Sectors: 0
Partition 4:
====================
Is Bootable: false
Begin Head: 0
Begin Cylinder: 0
Begin Sector: 0
Partition Type: 0x0
End Head: 0
End Cylinder: 0
End Sector: 0
Relative Sector: 0
Num Sectors: 0
Created: E:\VMs\LiveView\Hacking_Case\Hard Disk 3 (5.0 GB).vmx
#Static Values
config.version = "8"
virtualHW.version = "3"
floppy0.present = "FALSE"
displayName="Hard Disk 3 (5.0 GB)"
#Drive Info
ide0:0.present = "TRUE"
ide0:0.fileName = "E:\VMs\LiveView\Hacking_Case\Hard Disk 3 (5.0 GB).vmdk"
ide0:0.deviceType = "disk"
ide0:0.mode = "persistent"
ide1:0.present = "TRUE"
ide1:0.fileName = "auto detect"
ide1:0.deviceType = "cdrom-raw"
#User Specified
memsize="256"
rtc.starttime="1189075156"
snapshot.disabled = "TRUE"
Created: E:\VMs\LiveView\Hacking_Case\Hard Disk 3 (5.0 GB).vmdk
# Disk Descriptor File
version=1
CID=fffffffe
parentCID=ffffffff
createType="fullDevice"
# Extent description
RW 9510480 FLAT "\\.\PhysicalDrive3" 0
RW 9510 ZERO
#DDB - Disk Data Base
ddb.adapterType = "ide"
ddb.geometry.sectors = "63"
ddb.geometry.heads = "254"
ddb.geometry.cylinders = "591"
ddb.virtualHWVersion = "3"
Executing: [C:\Programme\VMware\VMware Workstation\vmrun.exe, snapshot, E:\VMs\LiveView\Hacking_Case\Hard Disk 3 (5.0 GB).vmx, Original1189075186218]
Output: Detected VMWare Workstation Installation
Output: Detected full disk image
Output: Generating vmx file...
Output: Generating vmdk file...
External Proc Output:
Output: Snapshot Created
Executing: [C:\Programme\VMware\VMware DiskMount Utility\vmware-mount.exe, /v:1, k:, E:\VMs\LiveView\Hacking_Case\Hard Disk 3 (5.0 GB)-000001.vmdk]
External Proc Output:
Output: Snapshot Mounted
Executing: [reg, load, HKLM\NEWSOFTWARE, k:\WINDOWS\system32\config\software]
External Proc Output: Der Vorgang wurde erfolgreich ausgeführt.
Output: Software Hive Loaded
Executing: [reg, query, "HKLM\NEWSOFTWARE\Microsoft\Windows NT\CurrentVersion", /v, ProductName]
External Proc Output: ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\NEWSOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName REG_SZ Microsoft Windows XP
Executing: [reg, query, "HKLM\NEWSOFTWARE\Microsoft\Windows NT\CurrentVersion", /v, SystemRoot]
External Proc Output: ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\NEWSOFTWARE\Microsoft\Windows NT\CurrentVersion
SystemRoot REG_SZ C:\WINDOWS
Executing: [reg, unload, HKLM\NEWSOFTWARE]
External Proc Output: Der Vorgang wurde erfolgreich ausgeführt.
Output: Software Hive Unloaded
Added: guestOS="winXPPro" to E:\VMs\LiveView\Hacking_Case\Hard Disk 3 (5.0 GB).vmx
Driver Destination Location: k:\WINDOWS\system32\drivers
Output: Detected Microsoft Windows XP installation on image
Output: Added guest OS to vmx file
Output: Intel IDE Driver Already Exists On The System, Skipping Extraction
Output: Intel IDE Driver Ready
Executing: [reg, load, HKLM\NEWSYSTEM, k:\WINDOWS\system32\config\system]
External Proc Output: Der Vorgang wurde erfolgreich ausgeführt.
Output: System Hive Loaded
Executing: [reg, query, "HKLM\NEWSYSTEM\Select", /v, Current]
External Proc Output: ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\NEWSYSTEM\Select
Current REG_DWORD 0x1
Output: Extracted Current Control Set Value: 1
Executing: [regedit, /s, C:\Programme\Live View\Resources\merge.reg.temp]
External Proc Output:
Output: Critical Device Database Updated
Executing: [reg, unload, HKLM\NEWSYSTEM]
External Proc Output: Der Vorgang wurde erfolgreich ausgeführt.
Output: System Hive Unloaded
Executing: [C:\Programme\VMware\VMware DiskMount Utility\vmware-mount.exe, k:, /d]
External Proc Output:
Output: Snapshot Unmounted
Output: Bootable Partition 1: winXPPro prepared for launch
Output: The VMWare configuration files have been generated in your chosen output directory
User Closed Program Window
Stopped running processes
Executing: [C:\Programme\VMware\VMware DiskMount Utility\vmware-mount.exe, k:, /f]
External Proc Output: The volume was not mounted by VMware-mount. It may be a network driver or
it may have been mounted using another utility. It cannot be dismounted.
Executing: [reg, unload, HKLM\NEWSYSTEM]
External Proc Output:
Error: Error: Falscher Parameter.
Executing: [reg, unload, HKLM\NEWSOFTWARE]
External Proc Output:
Error: Error: Falscher Parameter.
Cleaned Up 