Topic: MicroWinpeBuilder to adapt its own Winpe : tutorial or 'under the hood'?  (Read 29907 times)

0 Members and 1 Guest are viewing this topic.

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 121
hello GoodNPlenty,
Merci pour ce retour. Thank you for your return. It's very helpfull for me.

I have not yet tested with WinPeSe and I do not know if WinPeSe loads the network before or after you open the adm session. And surprise: no need for bootexecute for Wow64 in the adm session.

I'm going to finalise soon the MicroWinPeBuilder script to mount the network after the opening of the session adm; But it is necessary that I modify the GUI to offer the choice "session adm" or "normal session".

I have not yet found BITS Server to complete the test. Client BITS seems to work with session adm !

I've also just tested 'internet Explorer'. What I get to do for now:

get a rudimentary window with 'MSN' after various amendments. The necessary context for my test: wow64 because IE 64-bit launches IE 32-bit addressing LCIE (https://blogs.msdn.microsoft.com/ie/2008/03/11/ie8-and-loosely-coupled-ie-lcie/)

IE 64 launches IE32 ( /scodef:... )  for the LCIE by consulting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main key

x86AppPath = C:\Program Files (x 86) \Internet Explorer\IEXPLORE. EXE

Therefore, copy IE32bits

And by replacing this value by IE64, we get to see a window 'MSN' playing with the task bar
Not really finish.
If someone want to try and help me...tell me.
« Last Edit: April 14, 2016, 01:54:57 AM by noelBlanc, Reason: no need for bootexecute for Wow64 »

ChrisR

  • Win7PE SE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 2915
Salut Noel,
J'ai pas eu le temps de jouer avec ton outil mais tu semble bien progresser dans tes ajouts.
what is the interest of BITS in PE?

For the administrator session in 10SE,  the network is loaded after login as Admin. It is not loaded in the system session
There are a few problems otherwise, in addition to the delay.

on x64, since v10 Internet Explorer run in a hybrid-mode and both versions are required.
It does not seem possible to get separate versions.
with adll dependencies in addition, he is rather heavy for my tast.

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 121
Bonjour ChrisR,
For BITS, only the pleasure to make sure it works.
Same thing with Wsman/WinRm, more difficult but it works in the two directions.

For IE in Winpe64bits, i use only IE 64 bits, not version 32bits : i modifiy x86appPath to point to IE 64 bits version.
Only the process "iexplore.exe Scodef:Pid" displays a window ( see LCIE link ) .
After launching the first time ie64, the cpu is very busy. I kill "IE" without the param "scodef". See IE64bits-1.png
After launching the second time ie64,  IE displays only one window. See IE64bits-2.png
I kown it's not actually a good solution. It's only for searching.
And i am searching .... for a long time i suppose !

It is necessary always to question what appears to acquit and not be satisfied with the current state of knowledge

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 121
hi,

For IE, i found this on the net :
http://blog.httpwatch.com/2009/04/07/seven-things-you-should-known-about-ie-8/
"TabProcGrowth=0 is a registry edit that will disable the Loosely-Coupled IE (LCIE) function in Internet Explorer 8. Essentially what this means is that all tabs in Internet Explorer will be handled by one process of iexplore.exe. This also means that Protected Mode will be Off and that if one of your tabs crash, Internet Explorer will crash."

And display IE 64 "scodef" is now OK.
But Ie is still not OK.

A step to the Graal ?

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 121
hello,

Version V6 (2016-04-23-microWinpeBuilder.7z) : Session adminstrator, BITS, WinRm, a piece IE

Only session adm can be selected in the GUI. All other parameters, like name computer, password of adm, are in the script. Modify it if you need.
Perhaps later i put these param in the GUI.

do not forget, this is an educational objective

Please, give me some feedback, interesting useful useless, stupid ...pdf in french must be translate ...

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
When i was searching for some stuff i found your project page by luck. I guess there is not much interest about it for now but with some work and interest maybe you can improve it. I am not good at powershell so probably will not use your builder. At least i wish i could read the pdf file in English. Is there a hope it can be translated to English?

Why do you spend so much effort to crack fbwf size limit? Do not you know about windows embedded fbwf file. It can support at least a few GB's and used in all pebuilder projects.

If you have so good reversing, coding skills using it in right ways can be more usefull.

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 789
Well, I think vvurat is a bit harsh ("do something more useful"  :wink:) but I also agree to a certain point.

I think it's just very ironic that noelBlanc seems to be a brilliant (powershell-) programmer, but because it is quite a complicated topic, needs (and, luckily: wants) to explain what he's doing, but then lacks the English language skills to share it with us. In the beginning, I thought I might have a go at translating, but I must confess I only understand 50% of his French, and only 10% of his Powershell  :embarrassed:

On the other hand, it's still a very interesting topic, and I hope he continues his work here at TheOven, maybe one day we'll need his support for the WinPESE projects as well!

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
I hope he continue also. %50 of my aim to write here is to give him encourage to continue. Because the topic that forwarded me to here there was an example of disappointment that someone complains nobody helps him in theoven.org. http://xxxxx.pro/topic/20970-adding-syswow64-to-win10pe/#entry197718 I thought maybe i can do something and give some interest to good stuff. I never mean "do something more useful" because something is not usefull for me can be very usefull for others too. Maybe i just wanted to say "I also want to use some stuff coded finded by you" with the help of his work spent on other things then powershell.

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 121
Thanks for the feedback.
No need to worry to have. Everyone goes in the same direction: sharing information! And the critics are not necessarily negative. They make me move forward.
@Atari800xl : Thank you for explaining my incompetence in English and my desire to share information. It's true, I write an English only with bing/translator
@vvurat : Thank you for your interest in the translation. I will try soon but I have not yet finished my reflection on the netsh network traces. Change a driver, as everything I do here, is only an educational objective. Everyone can use without understanding. But anyone who wants to understand how the team WinpeSe built winpe10 can't find any information. And there are 2 different things: the first, edit winbuilder scripts (which is impossible for me) and the second, know what change bring, how find it yourself. It is this last point that excites me and I want to share. I try to tell how one edit boot.wim without additional program. And how to make its own changes by modifying the scripts that are open. Then do not write program with invisible to the user code. Write code readable in all scripts: no risk of viruses. Regarding FWBF, I do not know "embedded fbwf file" (link?), it is also an educational objective. Searching of decompiler, usage, location of the code to edit: 1 day (from memory). The pedagogical interest resides in the code signing (several days) and modification of the BCD.

This weekend will be rainy, I use bing.translator, but I won't be able to know if the translation will be understandable
Thanks again for the feedback.

PS:
One more word about fwbf.sys: knowing that few people would be interested, I wrote a non-robust script
Must be run twice by changing lines to two passages (by modifying the carcteres "#" at the beginning of lines)
As I did not have back on this point, I have not done better.
« Last Edit: April 27, 2016, 03:09:26 AM by noelBlanc »

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
Fbwf files that i collected from chineese forums. Also winpese should have contains it but i could not find.

Usage: I will explain from FBWF_WES8.7z

http://www.mediafire.com/download/mtgutbrhm3nv6o1/fbwf.zip

1-Import reg file fbwf.reg
2-Select and copy desired ram's cfg file to under x:\windows directory
Example (I want 768MB Ram drive): Rename  fbwf-768.cfg -> fbwf.cfg and copy under X:\windows folder
3-Copy fbwflib.dll under X:\windows\system32 folder
4-Copy fwbf.sys under X:\windows\system32\drivers folder.
5-If you want you can copy other files too. I have not used them. Maybe they need configuration of fbwf

Files maybe be changed by years. You can grab same regs files from current winpese

noelBlanc SAId:But anyone who wants to understand how the team WinpeSe built winpe10 can't find any information

I also want to ask about this to ChrisR. When he read this lines can he answer to me. I thought to ask by personal message but maybe can ask here too. He can answer by personal message also. At last time we talked there was some secret stuff for to keep winpese different from other tools. This secrets continues or not after many years? Can we ask internal usage of some tools or maybe you can explain by personal message to me :) It is also questionable that how you can keep secrets when %98 of the codes are readable and public. It could just get me loose time when investigating or use another tools. But if you explain it can help other people that wants to make their own PE's. ChrisR can make a new topic about usage of that important stuffs.

Forexample if we were asked to exlain how to integrate fwbf to winpe is this secret or not? :)
I asked this because i explained it so it is not secret anymore :D I do not want to expose anything without the permission of winpese authors.
« Last Edit: April 27, 2016, 04:03:43 AM by vvurat »

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
http://www.mediafire.com/download/mtgutbrhm3nv6o1/fbwf.zip

please delete this comment as it is useless i can modify my posts now.
« Last Edit: April 27, 2016, 04:04:33 AM by vvurat »

Atari800xl

  • Code Baker
  • Sr. Chef
  • ****
  • Date Registered: Feb 2013
  • Posts: 789
Interesting stuff, thanks for your contributions. I just don't think we can expect ChrisR to take the trouble to explain everything he does. It would take too much time, not only explaining (remember, he's not a native "English speaker" either), but also all the [newbie] questions/ bickering/ complaining etc that would bring about (yes, from me as well).
I think we all can agree we have to be thankful that ChrisR (and Lancelot, JFX, and others) has kept these PESE project going in the first place. I'm sure he will answer most questions we have (as he is a Genuine Nice Guy [TM]), but I also think it would be too much to ask of him to write full FAQ's/ Howto's/ etc.
So once again, please keep up your great new project, noelBlanc, including the HowTo's, I'm sure in time we will all fully understand exactly what is going on "under the hood" of our magical little USB thumb drives!
 :thumbsup:
« Last Edit: April 27, 2016, 04:11:58 AM by Atari800xl »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7520
noelBlanc SAId:But anyone who wants to understand how the team WinpeSe built winpe10 can't find any information

I guess bad english:

My goal is to understand how it happens to be able to make available to everyone a product like WinPeSe.

and all done without any information !!!! Come on  :wink:


All information is written inside open source plugins, and on a working open source project.
 1) one reads to figure out -> LiveSystemPro - Kare
 2) one builds project and figure out -> MicroWinpeBuilder - noelBlanc
 3) one do not read and have disappointment complaining !!!!! ---------> lazy !!!


- exactly what is going on "under the hood" -
on a open source project with open source plugins !!!!! how can anything be "under the hood"

It is also questionable that how you can keep secrets when %98 of the codes are readable and public.
As you are aware we do not keep secrets,
 as you should notice by now after years, people who write stupid things on posts are only hiding their laziness.

  * So we do not respond to lazy people who only knows writing disappointment or complains on topic posts (a kind of post game)
    ----> This amazingly keep things secret  :lol: can you believe it  :lol: :lol: no no, it is only secret to 3) kind of people written above, and so far we like to keep that way.

  * And we do not need to respond to clever people since they already can read and use already provided open source info (like you), and do not post unnecessary things to topics.



ps:
what is going on "under the hood" --> or what "magic" is only being able to continue developing projects, which becomes better and bigger in time.
 To me, Lonely Cowboy kind of development better suits application development....

Anyway, see you.....

:turtle:


edit:
topic continued here following vvurat request
http://theoven.org/index.php?topic=1751.0
« Last Edit: April 27, 2016, 08:17:07 AM by Lancelot »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7520
We should close this conversation in here because we are lots of out of topic. Maybe our posts should moved to a general discussion free topic.
Done
http://theoven.org/index.php?topic=1751.0

:turtle:

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 121
Wwwwwaaaaaoooouuuuuh

I do not understand what is alleged against me, or even if someone criticizes me some thing. But the automatic translation of some posts (now displaced) me surprise, to say the least..

It is true that I said that I can't find any information on what is happening under the hood of winpese:

-I'm not complaining

-the English barrier deprive me a large part of information. For example, to understand how run winbuilder with an iso, I put more than a week and I was discouraged more than once before you see a result. I am unable to run it a second time and know what plug-ins will be downloaded or updated updated.

-I repeat: I am not complaining do not know use winbuilder.

What I did:

-I compared the results of my own research on winpe for many years with winpese. The main difference was "ProductPolicy": the key to the Enigma for me!

-I read some winpese scripts to learn the language. I read intensely two scripts: to understand how to implement wow64 and log on to administrator.

In passing, with microwinpebuilder, I noticed that 'bootexecute' is unnecessary with microwinpebuilder and with the version build 10586. I remember the discussion on the Chinese site around that point.

-for some autoit scripts, it is true that I used procmon. And I do not know where to find the sources.

-I repeat: I am not complaining

-I have read various posts on this site with links on Chinese sites (not easy to translate with bing). These Chinese sites dealt with DWM and different variants of SETWOW64.


Some questions in the forum demonstrate that novices like me are asking questions about how it works and how it is built.
And many people do not want to use an external program (this was the case when I worked in a large company).

This is to share my curiosity and the result of my own research (old and new, bit, WinRM, IEFull64 for example) and my readings ( scripts winpese, MS and other sites) I wrote the pdf and PS scripts (with the purpose to hide nothing).

And I understand that the team may not all documented, especially for novices like me.


Thanks atari800xl. You understand me perfectly and you remains my best counsel ( avocat de justice en français ).

I continue with the translation of the pdf as I forward not on the IEFull64 point. The main menu is not displayed. Navigation is difficult without address bar. The process IE scodef with MSN offers a "search" edit but this is not practical.


PS: I use bing/translator and if a word sounds nasty, I'm sorry. Be sure that it is not my will.

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
You are PERFECTLY express everything. If you want to learn anything you can ask at least to me. I am able to capable to build all winpe from zero without using any tools. Just explaining everything is boring and difficult. At least i can show you the right way

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7520
Nothing alleged against you noelBlanc  :thumbsup:

On public forums, there are sometimes very quick and small tornadoes.

My goal is to understand how it happens to be able to make available to everyone a product like WinPeSe.
It is already available to everyone a product WinPESE, freely to be downloaded and used.  :thumbsup:

Your goal is doing same or similar with an automation without winbuilder, we understand you work on this.

Some questions in the forum demonstrate that novices like me are asking questions about how it works and how it is built.
I can assure they are not novices like you. :thumbsup: :wink: :wink:

1) They only post and complain :thumbdown: lazy people
2) You work on what you are after,
and share result with a reproducable builder instructions with public via post script pdf etc.  :thumbsup: :thumbsup::thumbsup:

I feel your project does not satify vvurat,
 and vvurat asking things about WinPESE on current topic !
 about a novice fake complain ! by also quoting your words !
   quick and small tornadoes, tornado now on other topic  :great:


And I understand that the team may not all documented, especially for novices like me.
only %0.1
In past people disrespectfully duplicate SE projects by changing name and acting as they did everything.

Some others are very rudely ask how things works, and we respond them read open source plugins and figure out themselves.

JFX post summarize story
Our goal is to give people an easy way to create a WinPE, not to teach them how.


I may guess, in passing time with your hard working, you will add more and more features and share to public.  :great:

Good luck.

(this was the case when I worked in a large company).
Since you are not working anymore it would be easy to reply,
 I wonder which company it is and which position you were working?  :thumbsup:

:turtle:
« Last Edit: April 27, 2016, 02:02:38 PM by Lancelot »

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 121
hello,

I change the text in the pdf. I tried to give it a more user-friendly structure.

I left in the early part in french because it is my source for bing/translator.
I haven't started the translation of the comments of the scripts or the upgrade text in English.

I hope that this document becomes legible and understandable by the greatest number.

Knowledge grows when we share information.
« Last Edit: May 03, 2016, 04:26:36 AM by noelBlanc, Reason: error when upload pdf for the first time »

APT

  • Chef
  • ***
  • Date Registered: Nov 2012
  • Posts: 123
many thanks for sharing your work, could you please resubmit your pdf as it seems to be 0Kb and doesn't open

weird, it seems ok now
« Last Edit: May 03, 2016, 04:29:41 AM by APT »

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
"DWM" requires the CoreMessagingRegistrar service for build 10240 and also the driver
WindowsTrustedRT for build 10586 (see Win10PeSe).


I disable WindowsTrustedRT in 10586 and have not seen any problem yet. What problems it result to disable it?

Software\Microsoft\Windows\CurrentVersion\Explorer\UserSignedIn=1 avoid the delay before the
appearance of icons in the task bar


Have not seen such a problem too.

Without the 'Themes' service, I have not managed to display a background image to screen. This
service requires DWM.


What means without? Without service registry keys or without the service working? Unstarted Themes service does not result background image not to display.

DWM\ColorPrevalence = 1

I am not sure aout this key also. I have seen it chineese builds. Do not know the reason.

Bypass this security, to modify the "runas" values in the 'APPID' key for COM objects (all preferably).

I am very interested in this subject. As i have not look winpes last a few years the last thing i remember is JFX discovery about deleting all "Interactive User" keys. I have seen some PE's have not deleted. Some of them deleted all keys. I am traditionally deleting. I am also discovered that procmon looks APPID registry keys. Especially sometimes i result very slow opening of control panel. I am investigated that dllhost.exe is having problem on user permission when running control panel GUID. I copied permission from another key but it does not solved the issue. What is the detail of APPID keys? There is no information in pdf.

Most important discovery in my side is to delete what you see in following photo. It's reason can be because run as keys in deeper keys gives permissions to which user can open. If somebody can explain what changes should be done in classes registry in windows 10 i will be glad to hear.

Also my other opinion is there is something different in windows 10 registry then other previous operating system registries.



For controlling security of running apps windows 10 added APPIDSVC to early lauch. So I thought deleting that and making APPID and APPIDSVC service start values to 4 maybe get rid of Classes values not to be used but it does not help. Deleting APPID or enabling them does not change anything.



Wpeinit hangs 5 minutes at startup of winpe
"The 'policymanager.dll' key was present but the key software\micros...\policymanager ' was
absent.


Thank you very much about this knowledge. I also want to learn if policymanager.dll needs in PE?and why? I want also share what i found. One of this files makes winpe stuck at black screen at boot. I have not made one more boot attempt which one is responsible.
Windows\System32\ism32k.dll       (Probably this one. Related to xbox i think maybe used from 10240 or need to delete)
Windows\SysWOW64\imm32.dll


Starting the service 'coremessagingregistrar' failed
it lacked the key 'software\micros...\securitymanager '.


Good info

The sound did not work and the notification icon at the bottom right displayed 'no speakers '.
an ACL prohibited access to the key "...\MmDevices\Audio\Render\...\properties" to the
accounts used by the AudioSrv service.


Some good info i know from past but i forgot. Also i was deleting some requiredprivilidges stuff from audiosrv. Maybe windows 10 does not need it to delete. I have not had any problems about it yet.

Cannot move icons on the desktop
It came from the software\microsoft\ole key that did not contain the DragAndDrop-related
information. The new load failed due to the Acl of the key.


I have that problem in my operating system :). Have not had such problem in Winpe yet but usefull to know.

Creation of impossible shortcut on the desktop
it lacked the "appwiz.cpl" and "osbaseln.dll" files as well as their ".mui.


Right click on the wallpaper «display, personnalization» launches nothing: requires the slot 32-
bit system


It is not related to 32bit subsystem. I could not find which file is responsible yet. Investigating. I can change control.exe or other files from older operaing systems for to get it work. My idea is like that in worst condition.

network with netsh trace: ndiscap.sys starts, the ETL file is generated but not the CAB file

The most strange stuff i have seen in winpe. I have seen some etl files generated. Is it means Eventviewer can work i do not know.

The new graphical user interface called 'Metro' seems impossible to implement in Winpe.

Metro needs login as user. System and Administrator boot will not be enough. I do not want to call it impossible yet. There are good stuff i discovered.

«x:\windows\syswow64\dllhost.dll» loading then quickly unloaded. This is the 32-bit version of
'dllhost'.


syswow64\dllhost.dll have not see called yet.

A Chinese developer wrote the software «SetWow64.exe». This software is taken up by the WinPeSe
team.


If has knowledge about author of source code i want to learn. I am just crious about to learn everything.

To explore the system objects: 'winobj.exe'
Need to download it from the ' technet/sysinternals' site. It is 32-bit only. Therefore, you cannot use it
with a normal 64-bit WinPe.
It is also for this gap that I wrote the PS script.


Why need that? How will it be usefull in developing PE? Will download and look.

The 'MonSetWow64.PS1' script

Thanks for that. Can be usefull to learn how SetWow64.exe works. Will look at that too.

'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ProductOptions\ProductPolicy'

It is hearth of a PE but does not needs to investigate so much. Just copy and use from someone working winpe. I do not know where is the source of it. Should be from a terminal server. Mayeb somebody installs a datacenter sever with all functionality and set it up as a terminal server and cpy that key i guess. As i remember a tool that can enable and disable all stuff from product policy key.

http://www.remkoweijnen.nl/blog/2010/06/15/having-fun-with-windows-licensing/

IEFull64 : NOK

I did not understand what this topic is related and for.

Login with the administrator account.

I know how to make it happen but i do not know the process backwards. I am only interested in autologin as administrator. Not booting to system and changing the user with cmd files. I have not got the needed file list yet.

It must absolutely stop and change the "start = disabled" configuration of two services Gpsvc TrustedInstaller.
Since the session 'system', we disconnects the console of this session with "tsdiscon.exe"


Someone should tell me why. Why need to disable. As i see  they change gpsvc from autostart to start 3 to 2 . After that get try to get gpsvc to run with pecmd srv gpsvc. It looks very strange and stupid to me. If you want to get it run why do you change its value to 2 to 3. For autologin gpsvc and profsvc and others needs to be run as i know. If somebody explain this to me i will give very valuable information to him privately.

Also
[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="0"
and related other keys can be added offline to software hiv. Why chineese add them with pecmd.exe after boot. Are they get deleted at boot?


The absence of the 'hkcu\...\explorer\UserSignedIn' key introduces a delay of almost one minute after
the display of 'Preparation '.... ».


Is this a new information or it is already used in winpese or in your stuff? Now my winpe opens very slow but it should be related to another issues. It is also a very valuable information for me. Previously late opening of andministrator session was related to unstarted schedule and profsvc services.

service 'SENS' I put in place for BITS introduced a further delay of two minutes. Winlogon
sends notifications to various programs and waits for their response. In my case, the 'SENS'
service did not work properly.


There is no SENS service in winpe. So probably winpese does not have it. Main structure of winpe builds are getting rid all unneeded services. This is some stuff i do not know too. Probably they deleting dependency keys and only want needed ones to work for using less system resources. When i work on one service it is like working on a spider home. All services dependent to each other and need to solve all. So i have to add more and more files. I have problem with SENS and Eventlog dervice. Eventlog service gets my winpe boot very slowly. I have to figure out with files related to it. Sens service is arranged as autostart but it does not.

Winlogon notifications are visible in this key must be changed:
"... \ControlSet001\Control\Winlogon\Notifications\Components\"


This is the main part of my valuable information that you exposed it and get valueless. Good stuff too.

Deactivation of the graphical part of logonUI

I had this when working on PE and very surprised to see a command panel logonui. It was interesting stuff.

The event log
Don't forget to add the key '... \services\eventlog\applications' and '... \services\eventlog\system'.
'Eventlog.msc' displays of the logs. To do this, it must implement the following sequence:
• stop the eventlog service
• Rename the key MiniNt
• restart the eventlog service
Oddly, it happens that the events are more registered.


Eventviewer works under winpe? It is very surprising to hear too. Good info

To do this, launch "WF.msc". Then, click on 'properties' (a small link under the
latest profile), and activate the log.


WF.msc also works? As i remember it was need .Netframework to be installed. You should have at least 600mb big winpe.

Trace Procmon shows that the Winrm service does not launch the program "wsmprovhost.exe".
I modify the following key in the Winpe machine:
hklm\system\setup\SystemSetupInProgress = 0
Then I raise the "invoke-command" from the machine services10.


WSman was running ok on previous operating system PE's. Maybe service dll file can be pacthed with an hex editor.

BITS: operational only with the Adm session

Bits needs for downloading windows updates on background. I do not know why you need it.


MSTSC and Termservice: non-operational


Termservice works ok. I say that about starting not about functionality. I have not had so much progress yet. First i have to solve admin login for to get termservice to work. MSTSC should be avoided. I do not know why need in PE and used but uses big amount of system resources.

trace the loading of drivers when you start Winpe
Modify Bcd thus:
Bcdedit/store...\boot.bcd/set {default} bootlog Yes
The x:\windows\NtBtLog.txt file contains the list of drivers loaded and unloaded. But without
explanation. It is sometimes a beginning of track.


Very good information that i do not know.

And end of my words. It is a GREAT tutorial with the knowledge you can not find anywhere. It is good the see it is translated to English and i am aware from it. Because i did not interested in French and find it valueable before you share it is English. If you do not translate and share probably i will never be aware of such important stuff.

I HAVE TO try your project and learn at least how to use powershell very basics. I get very excited already. With this knowledge there should be good results. I WANT untranslated parts to be translated too. Please.

If it were coded with other stuff more easy than powershell i could be glad to help to improve it. Anyway i will follow to learn.

And i want to thank people that write. It is very out of topic but anyway it is in my mind.
http://gena.cwcodes.net/Projects/Gena/Apps/System%20Tools/Debug/Sysinternals_Process_Monitor.script

And the last end again. I succeded to boot all windows services+winpe services alltogether in a winpe. It does not means all services works. I just succeded to keep them inside wim. Also in previous operating systems i was using most of the services at least %90 but could not get documented and lost this fame to spstar. Now i have it and chineese do not know yet.

What it can result? It can be maybe result in full ram booting operating system. So maybe user booting to ram can be possible and this can be result a working metro on ram. I have try only once without success. Anyway i see a hope. I have seen such operating system previously. I have connected remotely. It was build with a person i have never seen him on forum and never heard of name again. I do not like big WinPE's and do not see them valueable. At 285MB everything that can need works smooth. Maybe user login can increase this stuff a few mbs.
« Last Edit: May 04, 2016, 11:00:50 AM by vvurat »

 

Powered by EzPortal