home       moa       vmx       vmdk       links        about         donate        forum        downloads  


 

getting started : MOA-2.4.1 for USB



Watch setup tutorial
------------------------------------------------------------------
Create the boot-images

Create the boot-images for forensic use   
------------------------------------------------------------------
Get practice 1
- using cheatcodes
Get practice 2 - using "moa-is-at-home.tag"
Get practice 3 - load on demand
Get practice 4 - low RAM conditions
Get practice 5 - automated tasks
Get practice 6
- automated interactive tasks
------------------------------------------------------------------
Settle down :
  select a portable device
1. boot : create personal encrypted environment
2. boot : add Workstation 6.5.2
3. boot : add Workstation 6.0.5 optional
4. boot : add VirtualBox optional
5. boot : add esx-tools
------------------------------------------------------------------
Customise it - theory
Customize it - the configuration files
------------------------------------------------------------------

some advanced lessons - work in progress
Coldclone with vmware-vdiskmanager
In-place_P2V
use a ESXi-VM to access VMFS
schedule tasks across several reboots
------------------------------------------------------------------

Overview:

in this howto we basically create two files : bandit.img and moa24.tc

First is required as it is used to boot the core-system.
Second one is optional - if you do not have it MOA will boot with minimal defaults. It is important to understand that this two files are independant.
They do not need to be stored in the same place.

The first file , the bandit.img is created by the MOA-setup-routine.
You can use it to boot from CD, USB, local disk or network.
You usually only edit it to add drivers.

The second - much larger file moa24.tc contains your personal encrypted workspace including the VMware application and your programs and VMs.
You can use it where ever it is stored - it really does not matter
For convenience sake this howto assumes you have it on a USB-device.

 

Workstation 6.5.2 / 6.0.5 selectable at boot-time
Virtualbox

VI-client for ESX 3.5u4
Powershell
ViToolkit
RemoteCli
Virtual Disk Developement Kit

Starwind iSCSI
NFS-server



Create the boot-images


This step must be done by an administrator of a 32 bit Windows like XP or 2003. If you must use Vista use "run as" administrator

Create a dir on a drive with NTFS without spaces in the name.
Download and add this two files : X13-05665.img and moa241-setup.exe
Run the setup once and follow instructions. For latest instructions look here
Here is a video tutorial
When the first stage of the setup is done - close the setup and relaunch it. Then run
menu > postprocessing > infcache
menu > postprocessing > create standard iso
menu > postprocessing > ram-image bandit
menu > postprocessing > ram-image max

You should now have 3 iso-files in the directory iso-out.
You will need all of them ...

standard iso

with this Iso/CD you can boot your system on hosts/VMs with very little RAM. Lowest constellation known to work in a VM was 64 MB.

bandit-iso

this ISO/CD should be used to boot VMs or when ever booting from USB is slow/ not wanted / not possible.
Actually this ISO/CD loads a file named BANDIT.IMG into RAM. Once it is loaded into RAM Windows continues booting from "virtual harddisk" mounted as X: This virtual harddisk is writeable. When Windows has finished booting the ISO/CD is no longer needed and you can eject it. As the system loads into RAM anyway it also does not really matter if you have booted from CD or USB.
When you boot from a USB-stick or a USB-disk or from a local hardisk you also use this BANDIT.IMG

max-iso

this ISO/CD should be used for development work - this variant has a lot of free space in the Windows-directory so you can install large apps more easily. The drawback is that you need about 500 MB of RAM for the system alone.

 top 

Create the boot-images for forensic use


This step must be done by an administrator of a 32 bit Windows like XP or 2003. If you must use Vista use "run as" administrator

Create a new directory - copy all zip files and the moa241-setup.exe from first directory into it and run the setup again.
Tthis time say YES when asked for about the forensic build.
When the first stage of the setup is done - close the setup and relaunch it. Then run
menu > postprocessing > infcache
menu > postprocessing > create standard iso
menu > postprocessing > ram-image bandit
rename the output isos so that you can tell them from the regular ones.

 top 

 

 

Get practice 1

using cheatcodes


Boot the MOA-bandit.iso inside a virtual machine
At boot-time you have a configurable time-window when you can set boot-parameters.
Like with Linux-LiveCDs this is called the cheatcode-prompt.

It is highly recommended that you get used to this to get best results.
Test the created Iso-files inside VMs with varying the amount of RAM.

(this is latest state as of moa.exe version 2.4-036)


cheatcode action
reboot shutdown now
halt shutdown now
cmd open a cmd - back to prompt when exit
regedit open regedit - back to prompt when done
help display helptext - back to prompt when done
shell run diskmanagement, regedit and cmd - back to prompt when done
create ramfile creates a ramfile - back to prompt when done
   
ramfile mounts a vmdk and goes to stage2
tc mounts a truecrypt-container and goes to stage2
disk opens diskmanagement and expects that you mount a partition to R: then goes to stage 2
   
minimal creates a ramdisk and sets the size to 16 Mb and goes to stage2
mini creates a ramdisk and sets the size to 32 mb and goes to stage2
safe creates a ramdisk and sets the size to 64 mb and goes to stage2
tiny creates a ramdisk and sets the size to RAM / 5 and goes to stage2
lean creates a ramdisk and sets the size to RAM / 4 and goes to stage2
big creates a ramdisk and sets the size to RAM /3 and goes to stage2
splendid creates a ramdisk and sets the size to RAM / 2 and goes to stage2
   
remount automated use of cheatcode disk - do not use manually
tc_auto automated use of cheatcode tc - do not use manually
vmdk_auto automated use of cheatcode ramfile - do not use manually
   
invalid input display helptext - back to prompt when done
   
   
 top 

Get practice 2

using the "moa-is-at-home.tag
"

 

Try this once:
Boot the MOA-bandit.iso inside a virtual machine and add a disk.
Format that disk with NTFS
Create a blank file named "moa-is-at-home.tag" in the root of the disk and reboot.
Notice what happens.
Put some file on the desktop - a shortcut or whatever ...
Reboot
Notice what happens.
Delete the tag-file and reboot.
Notice what happens.

 

 top 

Get practice 3

load on demand

 

Try this once:
Use the same constellation from last lesson. Set the tag-file so that you boot into your persistant home.
Download a small firewall named "ghostwall" from here
Then move that file to the directory R:\_sfx_
Click the cmd-icon on the desktop and run
R:\_sfx_\ ghostwall_setup.exe /silent
Next test your new firewall - try the "block all" button ...
Ok - now lets make a nice shortcut on the desktop - (right click on desktop > create new shortcut)
Point the shortcut to R:\_sfx_\ ghostwall_setup.exe and add the parameter /silent
Give the desktop shortcut a nice name like "start firewall"
Reboot
Try your new desktop-icon


 top 

Get practice 4

low RAM conditions

 

Try this once:
Use the same constellation from last lesson. Set the tag-file so that you boot into your persistant home.
Set the memory for the virtual machine to 128 MB.
Use the MOA-std.iso and boot into default cheatcode.
MOA should boot into explorer and everything should work normally.
Notice that no ramdrive is used.
Next remove the "moa-is-at-home.tag" and reboot with default cheatcode.
Notice that this time a ramdrive is used and the system maybe unstable.

Now reduce the RAM of the virtual machine to 96 MB.
Very likely MOA will fail during boot. The system is unusable - so reboot again.
This time use cheatcode "shell"

Now reduce the RAM of the virtual machine 64 MB.
This time use cheatcode "cmd"

Just for fun try the same lesson with the MOA_bandit.iso

 top 

Get practice 5

automated tasks

 

Try this once:
Use the same constellation from last lesson. Set the tag-file so that you boot into your persistant home.
This assumes you still have the file R:\_sfx_\ ghostwall_setup.exe

Browse to the directory R:\bin with explorer and create a new file named "lastbatch.cmd"
Open it and type this 3 lines



echo off
R:\_sfx_\ghostwall_setup.exe /silent
exit


save the file and reboot

 top 

Get practice 6

automated interactive tasks

 

Try this once:
Use the same constellation from last lesson. Set the tag-file so that you boot into your persistant home.


Browse to the directory R:\bin with explorer and create a new file named "interactive.cmd"
Open it and type this 2 lines



ipconfig /all
pause


save the file and reboot

 top 

 

Advanced 1 - coldclone with vmware-vdiskmanager

video

 

the video was created with MOA 2.2 - early version - the basics still apply
you need to have any version of Workstation in your build

work in progress

 top 

Advanced 2 - in-place P2V

old video


work in progress

 top 

Advanced 3- using an ESX-VM to access VMFS

video


you need current MOA with esx-tools-016
you need Workstation 6.5.2
you need a ESX-VM

work in progress

 top 

 

 

 

 

Which device to use ???

Get a USB device

See the next table to see how you combine this two "modules" bandit.img and moa24.tc
The boots from column shows where the bandit.img is booted from
The personal files column shows where the personal files inside the truecrypt-container moa24.tc are stored
The RAM column shows how much RAM is at least required to boot this constellation
The Performance column shows some benchmarks taken on a HP-notebook.
Don't look at absolute values here - just compare the times.
Your mileage will vary depending on the machine you boot and the speed of your USB-device

 top 

USB1 USB 2 384 boot-time : 10:30
start WS 6.5.2 : 0:15
start esx-tools : 0:18
start Vi-client : 0:45
responsivity : bad
10 / 4

 

some hosts only boot with USB 1 speed

- if your machine does so too - better boot from CD to safe time

USB2 USB 2 384 boot-time : 3:30
start WS 6.5.2 : 0:15
start esx-tools : 0:18
start Vi-client : 0:45
responsivity : bad
10 / 4

 

this is the cheapest way to get started - bad performance

USB 2 USB 2 384 boot-time : 2:30
start WS 6.5.2 : 0:10
start esx-tools : 0:12
start Vi-client : 0:09
responsivity : ok

 

20 / 8

middle-class usb-stick

USB 2 USB 2 384 boot-time : 3:00
start WS 6.5.2 : 0:06
start esx-tools : 0:09
start Vi-client : 0:10
responsivity : ok
250 / 4



are you paranoid

- then this is the option for you

USB 2 USB 2 384 boot-time : 2:20
start WS 6.5.2 : 0:05
start esx-tools : 0:08
start Vi-client : 0:06
responsivity : good
75 / 32

 

fastest stick I have ever seen

USB 2 USB 2 384 boot-time : 2:07
start WS 6.5.2 : 0:04
start esx-tools : 0:07
start Vi-client : 0:06
responsivity : very good
110 / 32



best performance
( when booting from USB is wanted)
this is a 32 GB SSD-disk in an USB-enclosure

USB2 USB 2 384 boot-time : 2:15
start WS 6.5.2 : 0:04
start esx-tools : 0:07
start Vi-client : 0:07
responsivity : good
70 / 160

good performance - large storage capacity for the money

CD
or
USB
USB 2
/
eSATA
96
/
384
boot-time : depends
start WS 6.5.2 : 0:04
start esx-tools : 0:07
start Vi-client : 0:07
responsivity : good
70 / 160


needs 96  MB to boot from MOA-std CD
needs 384 MB to boot from MOA-bandit CD
needs 384 MB to boot from USB

using a very large USB-disk is very convenient for P2V

TFTP
iSCSI
or
USB
USB 2
/
eSATA
384 boot-time : depends
start WS 6.5.2 : 0:04
start esx-tools : 0:07
start Vi-client : 0:07
responsivity : good
70 / 160

 

requires a DHDCP / TFTP server in the local network
clever solution if you work most of the times in your own network

CD --- 96
/
384
   

old-fashioned

anyway it is recommended to create a standard ISO with Converter for P2V use

 

             
SATA SATA 384 boot-time : 1:40
start WS 6.5.2 : 0:03
start esx-tools : 0:06
start Vi-client : 0:03
responsivity : very good
110 / 32

just for comparison ...
fastest constellation
only possible if installing to a local harddisk is allowed - like with a notebook dedicated to MOA

 top 

for the next five boots you need a machine with at least 768 MB RAM and the MOA24-max CD


in the next 5 boots you will create your personal Workspace

prepare environment


After booting call truecrypt-format from the startmenu.



specify a path for the Container -name the file moa24.tc and put it into the root of ANY local disk



accept default encryption


set the size of the container - for this sample build take 2.5 Gb or more



set the password



make sure you select NTFS as filesystem



after a while the volume is ready



call "truecrypt" from the startmenu and mount the new container to the letter Q:



with explorer copy the contents of X:\moahome to Q: so that it looks like this




On every subsequent boot MOA will find this container and mount it instead of a RAMdrive - this means that from next boot on all changes to R: will be persistant.


In case you want to install Workstation 6.5.2 next
open Q:\bin\moa.ini and make sure you have this line

start_vmware=no

When done - reboot.
During next boot you should see that MOA auto selects the cheatcode "tc_auto"


 top 

Download VMware-workstation-6.5.2-156735.exe

Install Workstation 6.5.2 to R:\vm\ws652. Be patient - this takes a long time.
Sometimes the installer does not find vmnetbridge.dll - in this case just point it to the directory R:\vm\ws652
After installation do not allow reboot and run this batch or copy the files manually.


copy /Y X:\i386\SYSTEM32\DRIVERS\hcmon.sys "R:\vm\ws652\hcmon.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\VMkbd.sys "R:\vm\ws652\VMkbd.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnet.sys "R:\vm\ws652\vmnet.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnetadapter.sys "R:\vm\ws652\vmnetadapter.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnetbridge.sys "R:\vm\ws652\vmnetbridge.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnetuserif.sys "R:\vm\ws652\vmnetuserif.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmx86.sys "R:\vm\ws652\vmx86.sys"
copy /Y X:\i386\SYSTEM32\vmnat.exe "R:\vm\ws652\vmnat.exe"
copy /Y X:\i386\SYSTEM32\vmnc.dll "R:\vm\ws652\vmnc.dll"
copy /Y X:\i386\SYSTEM32\vmnetbridge.dll "R:\vm\ws652\vmnetbridge.dll"
copy /Y X:\i386\SYSTEM32\vmnetdhcp.exe "R:\vm\ws652\vmnetdhcp.exe"
copy /Y X:\i386\SYSTEM32\vnetinst.dll "R:\vm\ws652\vnetinst.dll"
copy /Y X:\i386\SYSTEM32\vnetlib.dll "R:\vm\ws652\vnetlib.dll"



In case you want to install Workstation 6.0.5 next
open R:\bin\moa.ini and make sure you have this line

start_vmware=no

When done - reboot.
During next boot you should see that MOA auto selects the cheatcode "tc_auto"

 

 top 

3. boot - install Workstation 6.0.5


Download VMware-workstation-6.0.5-109488.exe

Install Workstation 6.0.5 to R:\vm\ws605. Be patient - this takes a long time.
Sometimes the installer does not find vmnetbridge.dll - in this case just point it to the directory R:\vm\ws605
After installation do not allow reboot and run this batch or copy the files manually.


copy /Y X:\i386\SYSTEM32\DRIVERS\hcmon.sys "R:\vm\ws605\hcmon.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\VMkbd.sys "R:\vm\ws605\VMkbd.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnet.sys "R:\vm\ws605\vmnet.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnetadapter.sys "R:\vm\ws605\vmnetadapter.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnetbridge.sys "R:\vm\ws605\vmnetbridge.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmnetuserif.sys "R:\vm\ws605\vmnetuserif.sys"
copy /Y X:\i386\SYSTEM32\DRIVERS\vmx86.sys "R:\vm\ws605\vmx86.sys"
copy /Y X:\i386\SYSTEM32\vmnat.exe "R:\vm\ws605\vmnat.exe"
copy /Y X:\i386\SYSTEM32\vmnc.dll "R:\vm\ws605\vmnc.dll"
copy /Y X:\i386\SYSTEM32\vmnetbridge.dll "R:\vm\ws605\vmnetbridge.dll"
copy /Y X:\i386\SYSTEM32\vmnetdhcp.exe "R:\vm\ws605\vmnetdhcp.exe"
copy /Y X:\i386\SYSTEM32\vnetinst.dll "R:\vm\ws605\vnetinst.dll"
copy /Y X:\i386\SYSTEM32\vnetlib.dll "R:\vm\ws605\vnetlib.dll"

 

 

 top 

Download VirtualBox-2.1.4-42893-Win_x86.msi

and install it to R:\vm\virtualbox - no other steps required

 top 

create a directory R:\_sfx_ and download this files into it:

virtualbox-lodr.exe
starwind-lodr.exe
nfsd-lodr.exe
esx-tools-016.exe

Next create a directory named R:\src - to safe disk space in the container
this can be a junction point to a directory on any local disk.

the following list of files is only needed once - that is why it is recommended to
store them all in a directory on a local disk instead of inside the container.


VMware-Vim4PS-1.0.0-113525.exe
VMware-vix-disklib-e.x.p-99191.i386.exe
VMware-VIRemoteCLI-3.5.0-104314.exe
VMware-converter-3.0.3-89816.exe
VMware-VMvisor-InstallerCD-3.5.0_Update_4-153875.i386.iso

WindowsServer2003-KB926139-v2-x86-ENU.exe

VMware-viclient.exe - connect to a local ESX and download from the webpage

No matter where you actually store this files - your directory R:\src should now have at least this files


If you got everything run R:\_sfx_\esx-tools-016.exe (without parameter)
Follow instructions.
When finished you should now have two new wim-files and several new directories.
add2vm-016.wim
add2win-016.wim
Put them into R:\_sfx_
You do not need those wims in regular use - only when you plan to create a CD-only build.

You will notice a directory R:\add2win.
Keep it and do not mess with it.
It contains the files needed to run dotnet2.

The new directory R:\programs\vmware contains all the VMware apps you just installed like ViClient and Converter.
Keep it and do not rename anything in here.

In case you want to run Workstation on any further boot
open R:\bin\moa.ini and make sure you have this line

start_vmware=yes

When done - reboot.



 top 


Customize it - theory




Next table lists the MOA bootup-procedure and shows how the single steps can be influenced
Red text references a line in the MOA-configuration file moa.ini
Some actions are triggered when a special named file exists.
Some actions require user-input - like ask for a file or path.

 

action

 

configuration

load image into RAM

read WINNT.SIF and load specified image into RAM

detection of mass-storage

depends on the driver-package you added

mount volumes

if HKLM\SYSTEM\ControlSet001\Services\MountMgr\NoAutoMount = 1

start peloader.exe

if HKLM\SYSTEM\Setup\CmdLine = PELOADER.EXE *

start moa.exe

if HKLM\SYSTEM\Setup\CmdLine = PELOADER.EXE Systemroot%\system32\shell\moa.exe

set moa-ini-path

if exist X:\i386\system32\shell\moa.ini set moa-ini-path = X:\i386\system32\shell

firstbatch

if exist X:\i386\system32\shell\firstbatch.cmd               (needs moa2.4-037.exe)

check if this is really MOA

read HKLM\SOFTWARE\sanbarrow\allow_start

read early config

read start_kiosk=  in X:\i386\system32\shell\moa.ini
read moa_timeout=in X:\i386\system32\shell\moa.ini

read default_cheatcode= in X:\i386\system32\shell\moa.ini

switch to kiosk-mode

if start_kiosk=yes in X:\i386\system32\shell\moa.ini hide moa.exe-gui

preset default cheatcode

use default_cheatcode= and preset cheatcode-prompt

scan local disks for
personal workspace

if found moa24.tc - preset cheatcode-prompt with tc_auto
if found moa24.vmdk - preset cheatcode-prompt with vmdk_auto
if found moa-is-at-home.tag - preset cheatcode-prompt with remount

cheatcode-prompt

wait moa_timeout=5000 milliseconds - then set current value for default_cheatcode=

decide next steps


if default_cheatcode=invalid   back to prompt
if default_cheatcode=           back to prompt
if default-cheatcode=halt       shutdown
if default_cheatcode=reboot   reboot
if default_cheatcode=cmd      open a cmd - back to prompt when done
if default_cheatcode=x          open explorer - back to prompt when done
if default_cheatcode=regedit  run regedit - back to prompt when done
if default_cheatcode=shell     run diskmanagement, regedit and cmd - back to prompt
if default_cheatcode=help      display help - back to prompt when done

mount something to R:


if default-cheatcode=vmdk_auto    mount moa24.vmdk to R:\
if default_cheatcode=remount       mount volume with moa-is-at-home.tag to R:\
if default_cheatcode=minimal   create , format and mount a 16 MB ramdisk to R:\
if default_cheatcode=mini        create , format and mount a 16 MB ramdisk to R:\
if default_cheatcode=safe        create , format and mount a 16 MB ramdisk to R:\
if default_cheatcode=tiny         create , format and mount a RAM/5 ramdisk to R:\
if default_cheatcode=lean        create , format and mount a RAM/4 ramdisk to R:\
if default_cheatcode=big          create , format and mount a RAM/3 ramdisk to R:\
if default_cheatcode=splendid  create , format and mount a RAM/2 ramdisk to R:\
if default_cheatcode=tc_auto    ask for password and mount moa24.tc to R:\

if default_cheatcode=tc           ask for password and mount any truecrypt-container to R:\
if default_cheatcode=ramfile   ask for a virtual diskand mount it to R:\
if default_cheatcode=disk       change the driveletter of one of the detected volumes to R:\

 

detect drivetype of R:\

if drivetype R:\ = ramdisk populate R:\ with contents of X:\moahome\
if drivetype R:\ = fixed create essential directories if they do not exist

set new path to moa.ini

if start_kiosk=no and if exists R:\bin\moa.ini set moa-ini-path = R:\bin

start explorer

if start_explorer=early start explorer

earlybatch

if start_earlybatch=yes run moa-ini-path\lastbatch.cmd

register dlls and ocx

 

early mount

if mount_tdrive=early mount R:\_sfx_tdrive.cmd to driveletter T:\
if wim1_mount=early read wim1_path= and mount named file to R:\vm\vmware

if wim2_mount=early read wim2_path= and mount named file to R:\vm\converter

prenetworkbatch

if start_prenetworkbatch=yes run moa-ini-path\prenetworkbatch.cmd

loading VMware stage 1 plan B

if start_vmware=yes and if not exist r:\vm\vmware\vmplayer.exe - select a directory

loading VMware stage 1 plan C

if start_vmware=yes and if not existr:\vm\vmware\vmplayer.exe - select a wim

loading VMware stage 1 plan A

if start_vmware=yes and exist r:\vm\vmware\vmplayer.exe

VMware version detection

if start_vmware=yes get version r:\vm\vmware\vmplayer.exe

inject VMware network drivers

if start_vmware=yes and version is known inject network drivers

plug and play detection

if exist hwpnp.cmd execute it - else run hwpnp.exe with default parameters

load network

read vmnet1_name= and read vmnet1_IP= and set IP for virtual adapter 1
read vmnet8_name= and read vmnet8_IP= and set IP for virtual adapter 8
read moa_hostname= and set hostname
read moa_workgroup= and set Workgroup-name

loading VMware stage 2

if start_vmware=yes and version is known load it

start services

if start_eventlog=yes start EventLog
if start_sshd=yes start Secure Shell Server
if start_audiosrv=yes start HDaudbus service

if start_msi=yes start MSI-service

late mount

if mount_tdrive=late mount R:\_sfx_tdrive.cmd to driveletter T:\
if mount_udrive=late mount R:\_sfx_tdrive.cmd to driveletter U:\
if mount_vdrive=late mount R:\_sfx_tdrive.cmd to driveletter V:\

start wireless support

if start_wireless=yes

latebatch

if start_latebatch=yes run moa-ini-path\latebatch.cmd

lastbatch

if exists R:\bin\lastbatch.cmd

interactive batch

if exist R:\bin\interactivebatch.cmd

restart explorer

if process explorer exists kill it and restart it

start explorer

if start_explorer=yes

startup Converter ColdClone mode

if start_converter=yes

startup sequence finished

if start_kiosk=no activate buttons in moa.exe

 top 

Customize it - the configuration files


MOA uses two fixed driveletters X:\ and R:\

X:\ is the static boot-image
R:\ is the writeable truecrypt-container

X:\ is available early at boot
R:\ is not available before you decided what R:\ is actually going to be - that means after cheatcode-prompt

X:\ has very limited free space
R:\ has no serious size limitations

X:\ must be used for pre cheatcode configurations
R:\ for everything after cheatcode prompt

So MOA has early config in X:\i386\system32\shell and late config in R:\bin.

No matter which path is actually used the important files are

moa.ini
earlybatch.cmd
prenetworkbatch.cmd
hwpnp.cmd
latebatch.cmd
lastbatch.cmd
interactivebatch.cmd




moa.ini   earlybatch.cmd   prenetworkbatch.cmd   hwpnp.cmd   latebatch.cmd   lastbatch.cmd   interactivebatch.cmd


 

configuration - moa.ini



[BOOT]
defaultCheatCode=lean
defaultRAMdriveSize=8
moahome_ramsize=16

start_sshd=yes
start_vmdks=no
start_vmware=yes
start_vgasafe=yes
start_audiosrv=yes
start_eventlog=yes
start_msi=yes
moa_timeout=5000
start_explorer=yes
start_debug=no
start_kiosk=no
start_KioskVM=no
start_vcr4moa=yes

start_earlybatch=yes
start_latebatch=no
start_prenetworkbatch=no

[NETWORK]
default_NetMode=

vmnet1_IP=192.168.52.1
vmnet1_name=VMware Network Adapter VMnet1
vmnet8_IP=192.168.132.1
vmnet8_name=VMware Network Adapter VMnet8
moa_hostname=moa
moa_workgroup=workgroup

[AUTOMOUNT]
mount_tdrive=no
mount_udrive=no
mount_vdrive=no

wim1_mount=no
wim1_path=r:\_sfx_\ws602ripped.wim


 

file = moa.ini
initial path = X:\i386\system32\shell
optional path = R:\bin


Optional path will be used if R:\bin\moa.ini exists and if start_kiosk=no

this is the main configuration file

the sample to the left is a reasonable configuration for this build

make sure you enable loading of VMware for regular use

   top 

configuration - earlybatch.cmd


echo off
del /f /s /q r:\temp\*.*
rmdir /s /q r:\temp
md r:\temp

del r:\home\moon\desktop\starwind.lnk
del r:\home\moon\desktop\player.lnk
del r:\home\moon\desktop\workstation.lnk
del r:\home\moon\desktop\nfsd.lnk
del r:\home\moon\desktop\virtualbox.lnk
del r:\home\moon\desktop\viclient.lnk
del r:\home\moon\desktop\fastscp.lnk
del r:\home\moon\desktop\vmx.lnk
del r:\home\moon\desktop\zenmap.lnk
del r:\home\moon\desktop\powershell.lnk
del r:\home\moon\desktop\vitoolkit.lnk
del r:\home\moon\desktop\vmware-cmd.lnk
del "r:\home\moon\desktop\nfs server.lnk"

rmdir /s /q "R:\programs\StarWind Software\StarWind"
rmdir /s /q "R:\programs\nfsd"
exit

file = earlybatch.cmd
path = active moa.ini directory
will be executed if present AND if enabled in moa.ini

this batch can be used to clean up from last run.
It is recommended to clean up temp and directories
like the starwind program dir. This makes the unattended install later easier.

It can also be used to remove desktop icons


This batch MUST exit cleanly

   top 

configuration - prenetworkbatch.cmd

echo off
...
inject drivers into X:\i386\...
mount wims, vmdks, containers
...
exit

file =prenetworkbatch.cmd
path = active moa.ini directory
will be executed if present AND if enabled in moa.ini


use this for tasks that must be done before
hardware plug'n'play and loading of VMware Workstation or VMplayer
This batch MUST exit cleanly

   top 

configuration - hwpnp.cmd

HWPnp.exe -all +PCI\CC_03 +PCI\CC_04 +HDAUDIO +ACPI\GENUINEINTEL +ACPI\AuthenticAMD_-_x86_Family_15 +ACPI\ACPI0003 +ACPI\PNP0C0A /cid /p /log+

file =hwpnp.cmd
path = R:\bin
will be executed if present


this example - all in one line - prevents loading drivers for any other Nics than the ones from VMware - MOA does not use any external network - only the internal network shared with VMs is active

use this file in case you have issues with some special machines - documentation for hwpnp.exe by Paraglider is available on his site - see

general rule of thump:
rough hardware detection = fast boot
indepth detection = long boot

per default MOA tries to use a good compromise between boot-time and detection

This batch MUST exit cleanly

   top 

configuration - latebatch.cmd

echo off
...
put your custom commands here
...
exit

file = latebatch.cmd
path = active moa.ini directory
will be executed if present AND if enabled in moa.ini



use this batch to run your custom apps in kiosk-mode
This batch MUST exit cleanly

   top 

configuration - lastbatch.cmd

echo off
rem r:\programs\nmap\zenmap-lodr.exe
rem R:\vm\virtualbox\virtualbox-lodr.exe
rem r:\_sfx_\starwind-lodr.exe
rem r:\_sfx_\nfsd-lodr.exe
rem start r:\_sfx_\esx-tools-016.exe run
exit

file = lastbatch.cmd
path = R:\bin
will be executed if present


in this file you can automate loading of the listed apps for convenience sake - to speed up boot-time keep it short.

Iin kiosk-mode use this to reboot or shutdown


This batch MUST exit cleanly

   top 

configuration - interactivebatch.cmd

ipfonfig /all
pause



file = interactivebatch.cmd
path = R:\bin
will be executed if present


if you want to run interactive custom commands put them here

 top 

Maybe you don't want to enter a password during boot or are not satisfied with the size-limitations of a container
You can then dedicate a complete USB-disk for your personal workspace.
To do this - mount the container you already created and copy all of its content into the root of a blank USB-disk.
To use it - enter cheatcode disk at cheatcodeprompt - this will popup diskmanagement.
You should now find your USB-disk and assign driveletter R:
When done close diskmanagement and MOA continues booting - using your files on the USB-disk.

For a non-interactive bootup - just put a tag-file named moa-is-at-home.tag into the root of your disk.
To prevent automatic use just remove or rename the tag-file again.

At boot-time MOA searchs for this tag - when it is present on any local disk MOA presets the cheatcode remount
So if you see the cheatcode remount in the cheatcode-prompt this means your local disk is alreadsy detected and ready to be used.

 top 

The MOA-plugins

moa-24-*-system.inf

contains all entries for [SetupReg.AddReg] After boot this becomes HKEY_LOCAL_MACHINE\SYSTEM
The name of the hive is "...pebuilder\bartpe\i386\system32\setupreg.hiv"

moa-24-*-software.inf
contains all entries for [Software.AddReg] execpt the classes-section. After boot this becomes HKEY_LOCAL_MACHINE\SOFTWARE
The name of the hive is "...pebuilder\bartpe\i386\system32\config\software"


moa-24-*-classes.inf
contains only entries for [Software.AddReg] classes-section. After boot this becomes HKEY_LOCAL_MACHINE\SOFTWARE\Classes
The name of the hive is "...pebuilder\bartpe\i386\system32\config\software"


moa-24-*-default.inf
contains all entries for [Default.AddReg] After boot this becomes HKEY_CURRENT_USER
The name of the hive is "...pebuilder\bartpe\i386\system32\config\default"

moa-24-*-sanbarrow.inf
sets moa.exe boot-options and copies moa.exe, essential cmds and ini-files


moa-24-*-files-windows.inf
this essential plugin copies the files needed for the explorer shell - this files are taken from the windows-source.
It also copies all MOA-required files like vdk.exe or imdisk ...
After build this files are in "...pebuilder\bartpe\I386"
After boot this files are in "X:\i386"

moa-24-*-files-moahome.inf
this plugin is only required for CD-only builds - though you should not disable it in most cases
After build this files are in "...pebuilder\bartpe\moahome"
After boot this files will be used to populate the ramdisk - in case one is used

moa-24*-z-dont-mount-anything.inf
this optional plugin disables the automatic mounting of local volumes

moa-24*-z-multiprocessor.inf
this optional plugin enables SMP-support - don't use it for P2V-builds if you need a wide compatibilty with old machines

moa-24*-wmi.inf
this optional plugin enables WMI-support - this plugin requires to be used with the hostname MOA.
Don't use this plugin if you must change the hostname

 top 

how to add your apps

this is a short overview only - in many cases it is as easy as "just install it"
Then reboot and see if it still works.
If not - go to Plan B - if it still does not work go to Plan C and so on.

Tactic

Instructions Example
Plan A just install it once portable Apps - simple apps
Plan B silently install it on demand Starwind, NFSD, VMX-explorer
recommended for apps that install drivers
Plan C check if a LODR-pack exists -
if yes use a LODR-pack on demand
Dotnet, ViClient, VirtualBox
Plan D install once - use regshot and create a patch - use that to load on demand Autoit, 7zip, DreamWeaver ...
apps that use file-associations or need licenses
Plan E install once - use Installrite and create a patch - use that to load on demand Java, various runtimes, more complex programs
     
not recommended create a plugin  
 top 

 

 

   home       moa       vmx       vmdk       links        about         donate        forum        downloads