Topic: MicroWinpeBuilder to adapt its own Winpe : tutorial or 'under the hood'?  (Read 12285 times)

0 Members and 1 Guest are viewing this topic.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
Thanks much vvurat. I'm glad to read your message. I'll complete the PDF when I would understand everything. Bing translate sometimes changes the meaning of the sentences.

A word on microWinpeBuilder: most importantly, this is the PDF. Although comments in scripts that I have not had the time to integrate PDF
The scripts have a unique mission, illustrate the obtained knowledge and facilitate the start-up of WinPe.
A few words about the scripts:
-2 scripts to build a WinPe
-a big environment construction, installed ADK and Install.wim unzipped
-several scripts launched at startup of WinPe: therefore DotNet is mandatory. With audio, and the size of boot. WIM is 600 MB!
-a VM and a 'flat' WinPe are very suited to the investigation around WinPe

PowerShell is the only scripting language I know. It is not very complicated to learn. It allows to make visible all let not a compiled C++ program see no sources.
Writing a script is very fast. Execution is slow.
But in a pedagogical purpose, volume and speed are not important.

When it succeeded in implementing its WinPe with scripts, you can incorporate changes directly into the keys when possible, write its own C++ or other programs.
If you change of method of construction, so context, it gets different behaviours and different interactions. Lockups and errors do not appear in the same locations. It is therefore possible that the behavior of "your" WinPe is not the same as the behavior of "my" WinPe.

In what follows, to reduce the size of sentence, I call "MicroWinpe" WinPe built with the MicroWinpeBuilder context PS scripts.

A few responses:
WindowsTrustedRT: JFX found that this driver is mandatory for DMW. and in my context, "MicroWinpe" does not start without this driver. And I can't find the link.
Themes service: hostwallpaper.exe displays an image. But with the native desktop to explore, we must delete this file and use the theme service to make the image appear on the desktop.
Dllhost: https://msdn.microsoft.com/en-us/library/ms695225(v=vs.85).aspx
APPID: https://msdn.microsoft.com/en-us/library/ms678477(v=vs.85).aspx
Security in COM: https://msdn.microsoft.com/en-us/library/ms693319(v=vs.85).aspx
IEFull64: please, see reply 42 and 43
GpSvc and TrustedInstaller: it is to keep the memory of information that seems important. If I change 2 in 3 and not say anything, information is lost.
For autologin gpsvc and profsvc: gpsvc applies the "GPO local" if they exist. ProfSvc is used by UserInit to construct the directory's profile
UserSignedIn: it depends on the hive used default. I use the winpe file and this value is absent.
BITS: it's like a smart ftp. Need a special server. Windows enterprise has one. BITS not ser to nothing except to learn how to add a component in WinPe.
Bcdedit:
https://msdn.microsoft.com/en-us/windows/hardware/commercialize/manufacture/desktop/bcdedit-command-line-options
https://TechNet.Microsoft.com/en-us/library/cc709667(v=WS.10).aspx
https://msdn.Microsoft.com/en-us/library/Windows/hardware/dn653287(v=vs.85).aspx
".. .full ram booting Os..": is it Ramos proppose in previous versions of WinPeSe on this site?

I put long to write because I have a long time to translate. Sorry.

Kind regards

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
Why it is called MicroWinpeBuilder if it is 600Mb? It should be very prowerfull that i have never seen Wf.msc,Eventviever, .Net and other stuff you mention fully works on a PE.

WindowsTrustedRT: JFX found that this driver is mandatory for DMW. and in my context, "MicroWinpe" does not start without this driver. And I can't find the link.

If he said he should know something, but winpe can boot without it and i have not seen any problem.

Themes service: hostwallpaper.exe displays an image. But with the native desktop to explore, we must delete this file and use the theme service to make the image appear on the desktop.

I do not put wallpaperhost.exe too. Have not seen any problem. When it is winpe you can easy show wallpaper with

[HKEY_LOCAL_MACHINE\DEFAULT\Control Panel\Desktop]
"Wallpaper"="%SystemRoot%\\Web\\Wallpaper\\Windows\\img0.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows NT\CurrentVersion\WinPE]
"CustomBackground"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
  00,6f,00,74,00,25,00,5c,00,77,00,65,00,62,00,5c,00,77,00,61,00,6c,00,6c,00,\
  70,00,61,00,70,00,65,00,72,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,5c,00,69,00,6d,00,67,00,30,00,2e,00,6a,00,70,00,67,00,00,00

Also use "PECMD.EXE LOGO %WinDir%\Web\Wallpaper\Windows\img0.jpg" any of them should work. No need 3 of them but i use all. 

UserSignedIn: it depends on the hive used default. I use the winpe file and this value is absent.

Maybe because i used install.wim hive i have not fell it is absent.

".. .full ram booting Os..": is it Ramos proppose in previous versions of WinPeSe on this site?

Yes it is. There is a very small diffence with WinPE and real system.
SystemSetupInProgress=0    =>   Is a real operating system. If the system can boot with this key.
SystemSetupInProgress=1    =>   WinPE

Normally for to have more features people changes that key to 1 for a specific feature and restore back as you mentionel in your pdf.

Windows 7, Windows 8 and Windows 8.1 easly can be modified to boot winpe or ramos. But windows 10 have not discovered yet i think.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
At the biggining, i compare my scripts in PS to the program WinpeBuilder size = 800ko
MicroWinpeBuilder because it's a small thing in front of the tool WinPeBuilder. I don't refere to the size of winpe but to the complexe tool winpeBuilder.
WinPe is not a goal for me. I want to collect information on how winpebuilder.exe get it

My mistake : i want to say WindowsTrusted not WindowsTrustedRt. I beg your pardon. Sorry JFX. I modify my PDF !!!!!!!!!!
Second mistake : i verify a next time, WindowsTrustedRt is mandatory in my contexte ( like JFX said ) and WindowsTrustedRtProxy is useless.

for wallpaper, i think i undestand you : in my context, i use the desktop from explorer.exe, not from pecmd.exe witch is not an MS program ( my rule 1 in PDF ). And if i don't use this desktop explorer.exe, winpe display a wallpaper. But in explorer display the desktop, it can't display an image without DWM. Have you time to try and modify ...\winlog\shell = explorer.exe ?

For RamOS, i read this in 2013  and i keep it that i translate from chinese:
http://bbs.wuyou.net/forum.php?mod=viewthread&tid=316491&extra=&page=1
Log on as an Administrator. But many of the programs are running, nothing of practical value, only to experience it.
Generating method of the registry needed to the RamOS: (for x86 and x64 only in Chinese version tried)
Registry has involved SAM, SECURITY, SOFTWARE, SYSTEM. All from the installation file install.wim in the achieved and processed.
1. the SAM and SECURITY:
SECURITY registry does not need to be addressed, but it should be supporting and SAM.
SAM Administrator user is disabled by default, and modify the registry, it will enable it.
2. SOFTWARE registry:
C:\, D:\ replace all X:\
Delete all X:\$windows.~bt\ and Interactive User (this step does not know if needed)
3. the SYSTEM registry:
A. delete the following services, mainly to avoid missing file cannot start.
        ControlSet001\Services\PEAUTH
         ControlSet001\Services\hwpolicy
         ControlSet001\Services\rdyboost
         ControlSet001\Services\WdBoot
         ControlSet001\Services\WdFilter
         ControlSet001\Services\storflt
         ControlSet001\Services\WFPLWFS
         ##=== Delete Services : start=1 ===
         ControlSet001\Services\npsvctrig
         ControlSet001\Services\Beep
         ControlSet001\Services\CSC
         ControlSet001\Services\dam
         ControlSet001\Services\NetBIOS
         ControlSet001\Services\Psched
         ControlSet001\Services\discache
         ControlSet001\Services\Wanarpv6
B. replace C:\, D:\ X:\
C. all Setup the following key value is set to 0
OOBEInProgress=0
SystemSetupInProgress=0
SetupType=0
SetupPhase=0
D. import the WIM format the drive needed to start PE and driver files:
FBWF.reg,Ramdisk.reg, WimFsf.reg

RamOS and Wim format method should be the same, step a bit more, don't know if there are any omissions.
These changes just to be able to start some personal changes are not included.

Friend8179 method:
Delete rdyboost while {71a27cdd-812a-11d0-bec7-08002be2092f}\LowerFilters or does not recognize the disk.
Method to delete the LowerFilters in the rdyboost.

I tried to describe it here in february 2013 : http://reboot.pro/topic/17870-winpe4-et-explorer-pour-débutant-comme-moi/page-2
I think i try after this in winter. In summer, i try to go far from my PC.

bests regards
« Last Edit: May 08, 2016, 06:48:05 AM by noelBlanc, Reason: WindowsTrustedRt is mandatory »

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
Have you time to try and modify ...\winlog\shell = explorer.exe ?

My shell is already explorer.exe. But can try to remove pecmd.exe part and test but i am sure wallpaper will stay in its place because it is a winpe and microsoft allow to use a custom wallpaper in winpe like winre.jpg and winpe.jpg also in the absence of wallpaperhost.exe.

All procedure is right. This procedure is used on install.wim. If you install windows and use installed windows to make winpe teorically you will have a user booting winpe and you can use metro with right configuration. This can be tested on RAMOS capable windows editions. I have not interested to try.

Will read that topic with google translate too. Thanks for link.


noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
hello,
I see many people have downloaded MicroWinpeBuilder, pdf and scripts. So i organize a challenge   :w00t: :

In the contexte of MicroWinpeBuilder ( looks like context of WinPeSe ), who can describe the wallpaper displaying on the desktop of explorer ?

My idea but it is possible that i'm wrong :
context : DWM active !
- winpeShl.exe launchs wallpaperhost.exe if it exist. And this last program displays the wallpaper readed in the key khcu\...\desktop\wallpaper
- when explorer installs the desktop for the user, there is a conflic i can't explain And the screen is black.
So, in MicroWinpeBuilder, i delete wallpaperhost.exe from the image "boot.wim". And reboot.
- WinpeShl.exe can display a wallpaper if the key "..\winpe\customBackground" exist. If not, it display a black screen before explorer comes.
- when explorer installs the desktop for the user, it looks at in ...\temes\aero\... and displays the wallpaper.

Your goal : found the good sequence  and reply to the question :
- Themes service  is it really usefull ?



vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
Upload a prepared winpe.iso and send links to me by personal message. I will check and tell you what is wrong. I have finished building PE %95. And i can say everything is possible also under System account.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
hello vvurat,
Perhaps i'm wrong but it seems that in your profile your mail is hidden and i can't send a mp...

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
You probably forgot to delete "Interactive User" values from SOFTWARE\Classes. It result a black background in explorer shell.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
MicrowinpeBuilder works fine and display correctly wallpaper.
But, with the challenge, i hope somebody can explain the interaction of different programs : winpeshl.exe and explorer.exe.
These two programs display an image but seek in differents place. And they not use the same resources API system : explorer use DWM.
About your profil, i didn't see the line above the mail for the MP ( in fact i see but not read ! ). Now i can send you a MP.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
hello,

I complete the translation of  PDF version 2.1 with some corrections and a presentation of the scripts which illustre the knowledge.

first is french (45 pages), after English (45 pages) translate with bing/translator

hope can be help ... and comprehensible.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
bonjour,

mstsc from Winpe to Windows10 is ok now.

- Without NLA : disabled on Windows 10

and

- With NLA : it need  the following keys and files

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig
Security Packages Reg_Multi_Sz kerberos, msv1_0, wdigest, schannel, tspkg <<<<
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders = credssp.dll

new files : tspkg.dll, credsp.dll

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
- With NLA : it need  the following keys and files

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig
Security Packages Reg_Multi_Sz kerberos, msv1_0, wdigest, schannel, tspkg <<<<
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders = credssp.dll

new files : tspkg.dll, credsp.dll

I think you succeded. Good work.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
thank you vvurat for the help about Mstsc and NLA.

netsh trace is too complex and not complet. So i try Wireshark 64 and win10pcap : it works on winpe 64 !

Nevertheless the wn10pcap install fails on my VHD with error: this is not a local drive.
then I install the driver with drvload and it's ok.

PDF V 2.2 : update Mstsc
« Last Edit: May 09, 2016, 11:22:22 AM by noelBlanc »

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
I demand some explanation for following if you mind.

Quote
write-host -ForegroundColor yellow "Enregistrement WMI pour netadapter"
regsvr32.exe /s storagewmi.dll
X:\Windows\system32\wbem\mofcomp.exe X:\Windows\system32\wbem\NetAdapterCim.mof

I have some problem with network adapter properties. Without start NetSetupSvc it does not show network adapter properties. NetSetupSvc can not be set to automatic. I suspect from wmi. What theese lines do and what is the result if you do not get them work?

Quote
# pour enrichir le log : Suivi détaillé, Système
auditpol.exe /set /Category:'{6997984C-797A-11D9-BED3-505054503030}' /success:enable /failure:enable
auditpol.exe /set /Category:'{69979848-797A-11D9-BED3-505054503030}' /success:enable /failure:enable
# bsod de winpe avec la ligne ci-dessous : Accès aux objets
#auditpol.exe /set /Category:'{6997984A-797A-11D9-BED3-505054503030}' /success:enable /failure:enable

What above lines do?

Quote
start-service PLA
$cible = 'HKLM:\System\CurrentcontrolSet\Services\PLA\Configuration'
$aclBase = get-acl $cible

How did you decided pla service acls needs to be fixed. I have not seen any acl problem on pla yet. I see acl problems on winsocks2, dhcp, dnscache,mpssvc. Does pla service need for pe?

Why "X:\sources" folder full with that files.?

Clean some cursor, media,winsxs files and gain space.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
Hello vvurat

For the four points:

1. "regsvr32.exe /s storagewmi.dll
X:\Windows\system32\wbem\mofcomp.exe X:\Windows\system32\wbem\NetAdapterCim.mof"

in order to use the commands Get-NetAdapterAdvancedProperty, Get-NetAdapter, etc, need to register a COM (interface PS and WMI ante?) object and save objects WMI (MOF)
At the beginning of the project, I used these commands to list the Wifi card. Currently, I use directly the API Wifi (codeplex) which do not exploit WMI.
And over versions, I cleared my list the files storagewmi.dll, NetAdapterCim.mof...
I'll fix in the next version.

2 - auditpol.exe is a console mode program that is equivalent to secpol.msc. It allows to view and edit local strategies.
The commands used in the script to enrich the event 'security' log.

3 - Sevice PLA is used by "netsh trace stop" in the collection of information.
I noted this in a commentary on the "traitement.ps1" script:
# the pla service creates an acl on the key configuration at startup: startup fails
# After this boot failure, modifying the acl to give total control to 'everyone'
# and it restarts the PLA service

4 - Why "X:\sources" folder with that full files.?
I use the boot.wim file produced by the ADK (copype.cmd). The addition of all the packages proposed by Ms is then made with the DISM commands.
This generated boot.wim file actually contains these files in the directory 'sources'. I do not know why ADK files.

Thank you for the help !
« Last Edit: May 10, 2016, 01:23:42 AM by noelBlanc »

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
Only adk setup package can copy such files but there is no setup.exe in wim. Files looks randomly copied. If you use adk for to create wim probably you add setup package with dism. Do you need that package?

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
A variable in the script contains the list of packages to add with DISM.
I have all registered them. I had no criterion to sort and eliminate unnecessary package.

Unlike winbuilder, the GUI script has very few optional elements. The idea is that this is the user who modifies the script for his need.

I remove this package from my list in the next version.

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
PDF V2.3: how to add WireShark and Win10Pcap in winpe after it starts.

may be someone can find this usefeull.

This allowed me to play with ORCA. I do not know if this format will still be useful in a few years. I've never found a description of the sequence of actions.

I will test various changes to Mstsc and NLA before filing a new version of build scripts

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 42
I have problem with

1-)NetSetupSvc and related network adapter properties page empty. NetSetupSvc starts but stop again. Adapter properties only shows when NetSetupSvc is working. When NetsetupSvc set to Automatic system changes its start value to manuel again. I have try to change its start to "2" automatic in offline boot.wim. Also have try to run it at boot with no luck. (Your PE does not have such problem.)
2-)Starting Rasman service
3-)Desktop right click "Graphic Properties" and "Personalize" gives error. It is a general problem and maybe solved by changing CLSID open value under Classes key
4-)Try to run Wwansvc gives bluescreen and crashes system.

If you work and succed any of them please inform me too :)

noelBlanc

  • Jr. Chef
  • **
  • Date Registered: Dec 2013
  • Posts: 86
hello

We can change the wallpaper when WinPe is active. We need to modify the file ThemeCpl.dll. Not to complex !

The tool ResourcesHacker to manipulate resources, explore and modify (big green compilation button) and save changes  here :
 http://www.angusj.com/resourcehacker/

The only resource to edit: « UIFILE/1001 ».
The two strings of text to modify:

Before
ShellExecute = "ms - settings:personalization - background"
After
shellexecute="%windir%\\system32\\control.exe" shellexecuteparams =" /name Microsoft.Personalization/pageWallpaper /page pageWallpaper"

And

Before
ShellExecute = "ms - settings:personalization - colors"
After
shellexecute="%windir%\\system32\\control.exe" shellexecuteparams =" /name Microsoft.Personalization/pageColorization /page  pageColorization"

for the test :
- boot winpe
- from the network (or usb key or ...) copy the new file themecpl.dll in system32
- add your directory ( which contains your file jpg ) under the root x:\fleurs
- right clic under desktop
- select personalization
- click desktop Wallpaper
- clic "browse..."
- select x:\fleurs
- in the combobox, select the new entry "fleurs"
- change your wallpaper
idem for task bar color.

a little more explanation in the PDF V2.4
« Last Edit: May 19, 2016, 03:55:59 AM by noelBlanc, Reason: wrong strings "after" because wrong cut/paste »

 

Powered by EzPortal