Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - noelBlanc

Pages: [1]
1
( See the end of this first post for the files to download)

The tutorial will come may be after this learning.

Like many beginners, I want to understand how one can modify a Winpe10 (boot.wim) and adapt it to its needs or the desire.
And mainly adds native Windows desktop (explorer.exe).

Understanding requires to investigate in the heart of Winpe with tools like "procmon, procexp", etc. And above all it requires a method of investigation.
But for me it is not easy to describe a method of investigation.
Also, not really knowing describe a method, I have recorded information which seem to me essential to start the investigation on a given point.
As of the beginning of writing, I realized that it needed a starting point, that is to say a minimum body of knowledge.
And this so do not write all the details lose sight of the whole.

During the investigation and the collection, should introduce changes into the boot.wim file to validate assumptions.
Then put in place a tool to reproduce the generation of this inhospitable Winpe.

But the investigation does not necessarily the good result the first time. Should be many changes to achieve a result.
And of many flashbacks and multiple injections.

I quickly realized that needed a simple and modifiable tool quickly.
At the end, the rudimentary tool will contain all of the identified changed data.

In addition, I adopt the following principles:
-This tool will only use the programs available in the host Win10 system or the ADK.
-It requires the installation of the ADK and Assembly of the Win10Entreprise Evaluation version to download install.wim file.

Regarding the essential information, I grouped them into a pdf file.. They are necessarily incomplete. And in french for the moment.

I can try to translate them into English if I have feedback that leads me.http://theoven.org//Smileys/IPB/wink.gif

Concerning the minimum knowledge, it would be possible to detail a day.

Concerning the script injection, it is written in powershell. I have added a simplistic GUI. To look pretty.
This script is not an end, it is a way, assistance. Each to appropriate it. Or use other means.
The part "processing" of the script will always be evolving as it allows to memorize the discoveries.
Each therefore make his additions on the basis of the progress of its own discoveries.
The initial script contains what I have implemented so far thanks in part to WinPeSe.
Development issues have made me lose sight of compartmentalized and rigorous scripts WinPeSe structure which served as me a reference
So my scripts are not "pretty".

It is quite clear that my purpose is different from that of Win10PeSe.
My goal is to understand how it happens to be able to make available to everyone a product like WinPeSe.
This script MicroWinpeBuider is only a tool to facilitate the injection of data and not to lose the findings resulting from its own investigation.

The minimum information to know:
-modify BCD with bcdedit.exe.
-use ICSB to Mount/unmount an image (boot.wim for example)
-load/unload a hive with regedit
-modify the ACLs for a key in a hive with regedit
-write a small script in powershell
-create a vhd with diskmgr.msc (at worst with diskpart)
-generate a BCD to start a VM with a 'flat' winpe

You can read the pdf then think to add a feature.

Note: further enrich the part 'method'.
Translated with bing.translator
----------------------------------------------

MicroWinpeBuilder pour adapter son propre Winpe : tutorial ou "under the hood" ?

Le tutorial viendra peut être après cet apprentissage.

Comme de nombreux débutants, je souhaite comprendre comment on peut modifier un Winpe10 (boot.wim) et l'adapter à son besoin ou à son envie.
Et principalement comment ajouter le bureau natif de Windows (explorer.exe).

Comprendre nécessite d'investiguer au coeur de Winpe avec des outils comme "procmon, procexp", etc. Et surtout cela demande une méthode d'investigation.
Mais pour moi ce n'est pas facile de décrire une méthode d'investigation.
Aussi, ne sachant pas vraiment décrire une méthode, j'ai consigné les informations qui me semblent essentielles pour démarrer l'investigation dans Winpe.
Car dés le début de la rédaction, je me suis aperçu qu'il fallait un point de départ, c'est à dire un ensemble de connaissances minimum.
Et cela afin de ne pas écrire tous les détails faisant perdre de vue l'ensemble.

Pendant l'investigation et la collecte, il faut introduire les modifications dans le fichier boot.wim pour valider les hypothèses.
Puis mettre en place un outil pour reproduire la génération de ce Winpe adpaté.

Mais l'investigation ne donne pas forcément le bon résultat du premier coup. Il faut faire de nombreuses modifications pour arriver à un résultat.
Et de nombreux retours en arrière et de nombreuses injections.

J'ai vite compris qu'il fallait un outil simple et modifiable rapidement.
A la fin, l'outil rudimentaire contiendra l'ensemble des données modifiées identifiées.

De plus, j'adopte les principes suivants :
- cet outil utilisera uniquement les programmes disponibles dans le système hôte Win10 ou dans l'ADK.
- il nécessite l'installation de l'ADK et le montage du fichier install.wim  de la version Win10Entreprise Evaluation à télécharger.

Concernant les informations essentielles, je les ai regroupées dans un fichier pdf. Elles sont forcément incomplètes. Et en français pour l'instant.
Je peux tenter de les traduire en anglais si j'ai des retours qui m'y incitent.

Concernant les connaissances minimales, il serait possible de les détailler un jour.

Concernant le script d'injection, il est écrit en powershell. J'ai rajouté une ihm simpliste. Pour faire joli.
Ce script n'est pas une fin, c'est un moyen, une aide. A chacun de se l'approprier. Ou d'utiliser une autre moyen.
La partie "traitement" du script sera toujours en évolution puisqu'elle permet de mémoriser les découvertes.
A chacun donc de faire ses ajouts en fonction de l'avancée de ses propres découvertes.
Le script initial contient ce que j'ai mis en oeuvre à ce jour grâce en partie à WinPeSe.
Les problèmes de mise au point m'ont fait perdre de vue la structure cloisonnée et rigoureuse des scripts de WinPeSe qui me servait de référence.
Donc mes scripts ne sont pas "jolis".

Il est bien évident que mon but est différent de celui de Win10PeSe.
Mon but est de comprendre comment on arrive à pouvoir mettre à disposition de chacun un produit comme WinPeSe .
Ce script MicroWinpeBuider n'est qu'un outil pour faciliter l'injection des données et ne pas perdre les découvertes résultant de sa propre investigation.

Les informations minimales à connaître :
- modifier le BCD avec bcdedit.exe.
- utiliser DSIM pour monter/démonter une image (boot.wim par exemple)
- charger/décharger une ruche avec regedit
- modifier les ACL d'une clé dans une ruche avec regedit
- écrire un petit script en powershell
- créer un vhd avec diskmgr.msc ( au pire avec diskpart )
- générer un BCD pour démarrer une VM avec un winpe "flat"

A vous de lire le pdf puis de réfléchir pour ajouter une fonctionnalité.

Note : il faut encore enrichir la partie "méthode".

version V2 (2016.02.05...) too old: automatic language detection added
version V3 (2016-02-18-microWinpeBuilder.7z) : connect/deconnect Wifi in PS, ***** get WOW64 with a PS script ! ******  and correct many bugs !!!
version V4 (2016-02-24-microWinpeBuilder.7z) : Gui in English (translate with bing.translator), wow64 even whith software from winpe, messagebox in the foreground
version V5  (2016-02-29-microWinpeBuilder.7z) : Gui with 'form resizing', scripts PS to modify fbwf.sys for scratchSpace greater than 512 Mo
version V6  (2016-04-23-microWinpeBuilder.7z) : session administrator, BITS, WinRm, a piece of IE
-----------the end for build 10586-------
version V7 ( V7-build14393-MicroWinpeBuilder_V7.7z ) : first work for adaptation to build 14393, explorer OK, session adm nearly OK, but many NOK...
version V8 (2016-10-07-microWinpeBuilder-14393.7z) : many bug in script traitements.ps1,  explorer, session adm, Wow64, modif themecpl, mstsc = ok; wmp and other ...=NOK
version V8 (2016-10-31-microWinpeBuilder-14393.7z) : first try for printer over the LAN
version V9 (2016-11-04-microWinpeBuilder-14393.7z) : printer USB ( adm and system) and network ( adm )
version V10 (2016-11-30-microWinpeBuilder-14393.7z) : printer PDF/XPS automatically started

version V11 (2016-12-14-microWinpeBuilder-14393.7z) : add mciSendString for play audio file, WMP can read MP3  (pb adm and vhd see post 79)

PDF V2 translate in English with bing/translator
PDF V2.1 45pages in french 45 pages in English, corrections, etc.
PDF V2.2 update for Mstsc with NLA
PDF V2.3: how to add WireShark and Win10Pcap in winpe after it starts. Orca or 7Z? you can choice !
PDF V2.4: modify themecpl.dll to modify wallpaper ( and color task bar ) : not too complex
PDF V2.5: printer USB ans network
PDF V2.6: printer PDF and XPS, scanner
PDF V2.7: note for mciSendString
PDF V2.8: add "winpe in a VHD" ( simple and yet... ) : pb adm and vhd see  "Reply #105"
PDF V2.9: update vhd and session adm ( correct some translations )

2
Hello
I started with winbuilder.

I downloaded an iso image from Win10. I already mounted it to a directory.
how can i say to winbuilder to use this source for win10 files ?
I have also already mounted a boot.wim image. And here too, I can't say to winbuilder  to use the files in this directory.
I validated the checkbox "use your extracted wim floders...". I've filled in the field "Extracted bootWim..." and "Extracted InstalWim".
I click on "save/get info Wim". I get the error "can not detect Windows 10 source".

Please, can you explain me how to do.
Merci

3
Win10PE SE HomePage / DWM build 10586 : error when construct with adk
« on: January 15, 2016, 03:56:58 AM »
Hello
My goal is to understand how you manage to overcome the rocks encountered in the production of winpe10SE.
Also I am trying to build a small winpe with a PS script ( not winbuilder ).
Searching for useful, file, key elements, is already a great success for me with tools like depends and procmon.
A couple months ago, I have build a winpe 10 build with adk 10240 10240 adding DWM and coremessaging.
For that I had read the script yy_theme.script because I couldn't find that it lacked coremesaging.http://theoven.org//Smileys/IPB/thumbsup.gif
And this winpe build 10240 works very well.
I am currently building a winpe 10 build 10586 with adk 10586. Only DWM doesn't work for me.
The reading of the script reports the addition of the WindowsTrustedRT driver.
I added it but without success. Winpeshl launches. Then a MessageBox displays regularly "failed to initialize the connection process".
I re-read the script of winPE10SE but I do not see what Miss me.

Thanks for giving me an idea because it is not easy to investigate since I can't intervene on the error.

(with bin.translator because English is so diffcult for me)

4
Win10PE SE HomePage / a question about CoreMessagingRegistrar
« on: November 26, 2015, 11:20:32 AM »
hello,
I know that my approach may seem stupid because winbuilder built a winpe that works.
I also know that my background is not usual.
But I try to understand the implementation of the CoreMessagingRegistrar service.
To do this, I read the yy_theme.script of winpe10SE winbuilder script.
I also read the scripts dealing with files and the registry.
And to properly isolate the components needed, I don't use winbuilder but the ADK for win10 builkd 10240.
In a first version, I does not install the file dwm.exe.
I modify the system hive to "install" the CoreMessagingRegistrar service.
And I delete the values FailureActions and FailureActionsOnNonCrashFailures of this service.
I start winpe. The Strartnet.cmd file contains only the launch of a CMD.
The command net start shows that the CoreMessagingRegistrar service has not started.
I run procmon64. Then "net start CoreMessagingRegistrar".
And I see that svchost.exe loads well CoreMessaging.dll.
The "loadimage" is visible with procmon.
But a few lines of trace further, so very very quickly, one sees the "processexit" svchost.
Procmon information "stack" provide no information.
There is no register reading or no reading file.
The presence of DWM.exe seems not mandatory for starting this service.
Because if I deposit files "dwm *. *" in boot.wim, while winpe is loaded crashes. In my opinion this is normal since the service has failed.
what object is missing it? What type of object?
If you know a necessary element to start the CoreMessagingRegistrar service or if you have an idea for me to find a solution, thank you in advance.

Pages: [1]
Powered by EzPortal