# Run program automatically upon safe mode reboot



## gotrootdude (Feb 19, 2003)

Here's the problem. Without installing as a service, how can I get the compiled script to run automatically when the machine reboots into safe mode with command prompt? Which startup locations does safe mode with command prompt allow to run?
I know, it's probably pretty simple. But, I'm a bit sick of googling.

This is for a anti-virus/anti-spyware/anti-malware tool/macro/script I'm creating.

This is the general idea and flowchart, the order may change a bit: The main script will be compiled as a exe.

1: Write to the registry to make the next boot safe mode:

```
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Cmd.exe"
```
3. Shutdown and reboot using the cmd: SHUTDOWN -r -t 01
To allow command prompt only.

4. Start the windows installer service: using SafeMSI

5. Autorun a script which will mirror scripts from a ftp site using wget for windows into a temp directory. The tool will then create a txt file of the newly moved script files using the command dir > dir.txt , This it will use to create a chain of scripts/macros to run one after another, The scripts will use a command line bittorent client, and wget for windows to download other tools. Then the scripts will automate the installers, grab updates, and scan with them.

6. The tool will add a entry to the run-once registry key to start the last part of the tool when the machine reboots.

7. The tool will then add to the registry to make the next boot in normal mode: 

```
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
```
8. The tool will automate a registry cleaner, then compact the registry.

9. The tool will run sysinternals pagedefrag and set it to defragment at next boot.

10. The last script will automatically start, and start a defrag utility. Then it will automatically install a shortcut to a ftp site to download updates to the tool, it will open notepad and display a message/logfile and remove all leftover scripts and any other traces of itself and any programs it installed.

The purpose of this tool is that it will allow for one anti-virus/anti-spyware/anti-malware repository to be set up containing scripts to download-install-run-remove other antispyware/anti-malware programs made by others. The main script will only be for my shop customers use for now. At least until I can work out bugs and security issues.  It will be totally switchless and completely unattended.


----------



## gotrootdude (Feb 19, 2003)

Got it.

The answer was to use a freeware application to set the compiled script as a service, then using regmon find the keys that changed and create a reg file to enter the specific info into the registry under the HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot subkeys. The interesting thing is that I can use one reg script to remove the keys and then rewrite them with another, that way I delete any virus that will run as a service at safe mode, I fix safe boot if a virus has deleted those keys, I get my auto-run protection in safe mode, and I may be able to prevent some root kits from activating so it's easier to detect and remove them. 

The necessary info was found here: http://didierstevens.wordpress.com/2007/03/26/playing-with-safe-mode/


----------



## Mosaic1 (Aug 17, 2001)

Changing the shell under winlogon doesn't make you boot to safe mode. You end up back at normal Windows, but instead of the explorer shell loading, cmd loads.

Boot.ini is what will and can control your next boot. But to edit that can cause a boot loop so I don't suggest it for auto booting into safe. A copy of the default OS can be placed there with the correct switches. Then the default can be set to this OS. BUT you need to keep the menu available and set the default long enough so that if there's a problem getting into safe mode, the boot menu appears with a choice for the user to get back to regular windows. And then you would change the default back when finished. 

Never use MSconfig to force Safe mode. Just add a new choice to the menu. This keeps options open. I had written a script to add a safe mode boot option for the default OS to boot.ini. It worked on a few systems but I never handed it out.


----------

