Hi,

I was kind of wondering has any one try making a liveCD on windows with all the RE tools loaded?. I am aware about the licensing issue with windows, I just wondering if it is possible to do one, not for public distribution of course.

"all the RE tools" would not fit on a single CD.

Is there an easy and stable way to make a "Windows live CD" in the first place? In that case how?

Why use a liveCD and not a VM?

A good question delta. i think the advantage against a vm is that you dont not need the overhead of a vm and also problems with vm detections are avoided. in my opinion a live cd would be a nice thing. maybe even a live dvd to store all the needed tools.

i'm not sure whether there is another possibility than barts windows cd, but would be great if they are other possibilities.

regards,

OHPen

Maybe not all the tools but just the essentials: Ollydbg or/and IDAPro, PEID, and whatever else can be fit. But the point is if a live cd runing a Windows OS can be done, and if it can, how is done.

I remember reading somewhere something about loading windows OS into a 2GB SD card to boot up from. However, this was using an windows installation CD and was stripping it to just the essentials. But how you go about adding additional pgms, I guess I need to read how LiveCDs are created and try to see if it is possible.

You could make a windows image file (.wim) and then make it disk image (.sdi) to load it from ram (or make it directly disk image or keep the .wim file).
I haven't tried with Windows XP but with WinPE 2.0 size of created .wim is about 120mb, there is alot of space left if you make it a bootable cd or even more for dvd.
You can even make it to boot from network, if so size limitation is lifted because this way you can mount a share with all the tools you need.

Look into this site http://www.ubcd4win.com/

You can load every tool you please into the CD/DVD as long as it does not need a lot of registry installation keys to run (copy and run programs). But be aware that those live CD OS are rather slow, inefficient and unstable. They crash often and should be used as an emergency repair tool. One thing I have not clear is: What would be the advantage of doing RCE in this environment versus the "normal" install? Reversing malware??

The biggest advantage that I see for a Live CD is that it would allow to reverse anywhere anytime.

It would be simpler than remote debugging from a laptop or installing all the tools from a usb stick.

DVL is distributed in a Live VM and is very stable.

TiGa

I think so BartPE has already a nice graphical user interface, and there is posible the expansion of it with all the tools you need.
Of course you use a bootable DVD

I think I suggested something similar a long time ago, but using a virtual machine image. With a live-cd you still have driver considerations etc, with a VMWare/VirtualPC image you just have one giant file to move around

Silver has a point, nowaday, a virtual image may work (vmdk), principally with the use of virtual player which you can download for free. You should be able to use it on any platform without having to worry about drivers or hardware compatibility. I'll try this during the weekend.