SysInternals tools suite requires you to accept an EULA for every tool used for the first time.  This can be very annoying, especially when running a command on a remote comuter with psexec - the program hangs, waiting for a non-existent user to click Accept.

Fortunately, there is a solution.   Fire up your trusted python, install the pefile library and execute the following script from SysInternals directory:

	"""
	Removes EULA dialog from SysInternals suite tools
	"""
	from glob import glob
	from array import array
	import re, os
	import pefile
	def find_import(pe, name):
	regex = re.compile(name + "(A|W)?")
	for entry in pe.DIRECTORY_ENTRY_IMPORT:
	for imp in entry.imports:
	if imp.name and regex.match(imp.name):
	return imp
	OK = 0
	DONT_KNOW = 1
	NO_EULA = 2
	def method_bypass_dialog(pe):
	img = pe.get_memory_mapped_image()
	#Find the call to DialogBoxIndirectParam
	imp = find_import(pe, "DialogBoxIndirectParam")
	if not imp:
	return NO_EULA
	asm = '\xff\x15' # CALL
	asm += array('i', [imp.address]).tostring()
	pos = img.find(asm)
	if pos == -1:
	return NO_EULA
	if img.count(asm) > 1:
	return DONT_KNOW # More than one dialog -- not encountered so far (Dec '09)
	# Replace CALL DialogBoxIndirectParam() with the following code:
	# 83C4 14 ADD ESP,14 ' fix stack
	# B0 01 MOV AL,1 ' Make EAX != 0 (0 is Decline)
	# 90 NOP
	replacement = '\x83\xc4\x14' + '\xb0\x01' + '\x90'
	assert len(replacement) == len(asm)
	pe.set_bytes_at_rva(pos, replacement)
	return OK
	def main():
	if "psexec.exe" not in os.listdir('.'):
	print "You must run this script from SysInternals directory."
	return
	exes = glob("*.exe")
	for exe in exes:
	pe = pefile.PE(exe)
	print exe + ": ",
	res = method_bypass_dialog(pe)
	print ["OK", "Don't Know", "No Eula !"][res]
	if res == OK:
	pe.write(filename="noeula_" + exe)
	main()

view raw BypassEula.py hosted with ❤ by GitHub