Failing to unzip files into system32

Hi There,

Has anybody got any success on unziping files into system32?

I used the following two examples to do it:

https://bigfix.me/fixlet/details/6092

https://bigfix.me/fixlet/details/3827

By manually running unzip under an administrator-level cmd, it doesn’t do anything, and if you do -o to replace, it just deletes the files that were already there.

and the extract + move ain’t helping much.

Any ideas?

Thanks!

Not something I’ve ever done, but first thoughts:

Is this on 32- or 64-bit? If 64 bit are you sure your are targeting System32 and not SysWOW64 (the Bigfix agent is 32-bit)?

Doing a move into OS folders is dangerous - a move will take the permissions of the source file with it whereas copy will create a new file with permissions inherited from the folder. Again, 32-bit redirection needs to be allowed for.

Hey,

Thanks for the answer, yes its x64, and yes I tried targeting directly “C:\Windows\System32”,

I also added into the fixlet the 32-bit redirection because of not only the files but also trying to insert registry entries (tried 4 variations of inserting registry data with no luck, regadd, .reg file, building the reg in the fixlet, sending the file with the wizard).

I’m going nuts over this :stuck_out_tongue:

A couple of demo scripts:

File:
//
// Create a file and copy it to System folder
delete __Createfile
createfile until End_Of_File
Test file - 32 bit copy
{now}
End_Of_File
delete c:\temp\myTestFile.txt
copy __Createfile c:\temp\myTestFile.txt
parameter “myFilePath32”="{pathname of system folder & “\myTestFile.txt”}“
delete {parameter “myFilePath32”}
copy c:\temp\myTestFile.txt {parameter “myFilePath32”}
//
// and now create another file and also copy it to the system folder but
// with redirection disabled
delete __Createfile
createfile until End_Of_File
Test file - 64 bit copy
{now}
End_Of_File
delete c:\temp\myTestFile.txt
copy __Createfile c:\temp\myTestFile.txt
action uses wow64 redirection {not x64 of operating system}
parameter “myFilePath64”=”{pathname of system folder & “\myTestFile.txt”}"
delete {parameter “myFilePath64”}
copy c:\temp\myTestFile.txt {parameter “myFilePath64”}
//

Registry:
regset “[HKEY_LOCAL_MACHINE\SOFTWARE\myTesting\Demo1]” “myValue32”="32 bit registry"
regset64 “[HKEY_LOCAL_MACHINE\SOFTWARE\myTesting\Demo1]” “myValue64”=“64 bit registry”

Test Results:
D:>type c:\windows\System32\myTestFile.txt
Test file - 64 bit copy
Wed, 20 Dec 2017 12:16:44 +0000

D:\>type c:\windows\SysWOW64\myTestFile.txt
Test file - 32 bit copy
Wed, 20 Dec 2017 12:16:44 +0000

D:\>reg query hklm\software\mytesting /s /reg:64

HKEY_LOCAL_MACHINE\software\mytesting\Demo1
    myValue64    REG_SZ    64 bit registry


D:\>reg query hklm\software\mytesting /s /reg:32

HKEY_LOCAL_MACHINE\software\mytesting\Demo1
    myValue32    REG_SZ    32 bit registry

Thanks! that helped understand a little bit more on how to handle files through a fixlet :slight_smile:

I ended up doing the following, and for now it works:

created the reg files through the wizard, just for the code and the upload.

created an archive with the files with the bfarchive tool and uploaded it into the custom repo.

this is the fixlet code i did:


action uses wow64 redirection false

prefetch regfile.tmp sha1:xxxxxxxxxxxxxxxxxxxx size:349 http://bigfixserver:52311/Uploads/xxxxxxxxxxxxxxxxxxxx/regfile.tmp

prefetch bfarchivefile sha1:xxxxxxxxxxxxxxxxxxxx size:682578 https://bigfixserver:52311/bfarchivefile

extract bfarchivefile

move “__Download\file1.dll” "{location of system folder & “\system32\file1.dll”}"
move “__Download\file2.dll” “{location of system folder & “\system32\file2.dll”}”

extract regfile.tmp

waithidden regedit /s “{pathname of client folder of current site & “__Download\regfile.reg”}”


Not very nice since the “move” commands include more than 30 files, but i tried doing this that i saw in an example and didn’t work:

extract bfarchivefile “{location of system folder & “\system32”}”

Thought abot doing it with a script file, but too complex just for a few files (although if the files change, a script should be a more agnostic approach)

Too bad fixlets still do not allow wildcards, that would be a game changer,

still, gets the job done :smiley:

Thanks :smile: