Topic: MicroWinpeBuilder to adapt its own Winpe : tutorial or 'under the hood'?  (Read 34753 times)

0 Members and 1 Guest are viewing this topic.

Re: MicroWinpeBuilder to adapt its own Winpe : tutorial or 'under the hood'?
« Reply #160 on: February 05, 2018, 01:30:10 PM »

vvurat

  • Jr. Chef
  • **
  • Date Registered: Aug 2011
  • Posts: 51
When you put all the files in the wim and get most services working it will be difficult to track termservice. Because all the files,services,reg read write values will be huge to track in procmon. Need to keep it simple and functional. Probably procmon will not be usefull at the end of process because you will end up a point that procmon will not show any missing files but there will be a few files missing. Also it will be usefull to keep procmon working at the start of remote desktop connection. It shows good info about connection state and missing files.

Re: MicroWinpeBuilder to adapt its own Winpe : tutorial or 'under the hood'?
« Reply #161 on: February 05, 2018, 02:51:55 PM »

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 139
Hi vvurat,
Happy to read you.
Yes, more bigger is the number of running processes, more is difficult the investigation. Procmon brings filters. And many hours in the procmon's traces gives me some facility. For exemple, the end of loading the dll before the main of process starts is given by the load of "imm32.dll". And so on for different indices.
And yes, sometime i use procmon to trace the boot (i wrote some words of this in my pdf).
For termservice, it's more simple because i disable it before boot. The advantage of Flat is that you can modify the system hive "directly" because it's the only one that os doesn't kept open (in V1709 i'm sure) and reboot. Update is really easy. No Wim to mount/unmount !
And i'm sure all needed modification are in system hive because i swapp only this hive for it works ( system-from-winpe and system-from-w10-after-installation. And yes i use in the two tests the software hive that came after installation, so a few modifications are possible from software hive from install.wim in ISO). Perhpas too long and incomprehensible.
As i said before, the "full-flat" environment (i suppose it's like ramos in a Chinese site) give me the base of "all" features which are possible to added in winpe "normal" without difficulties. And because port 3389 is open in "full-flat", i think it's possible to get in winpe normal. It was the case with "schedule".
And it's because i want to understand how the wrapper "https :// github.com/stascorp/rdpwrap/" was "invented" that i look in termsrv with its "native" trace. It's a good plate-form to play for me.
Have you try to construct a "full-flat" ( or that else name because i don't understand the term ramos which recovered many notions when i search in web) ?
I put a text file with the very very few number of modifications in post1. And yes, it's too long to install w10.
Bonsoir

Re: MicroWinpeBuilder to adapt its own Winpe : tutorial or 'under the hood'?
« Reply #162 on: February 15, 2018, 12:08:17 PM »

noelBlanc

  • Chef
  • ***
  • Date Registered: Dec 2013
  • Posts: 139
Hi,
It took me a very long time to find a method to identify the missing item in WinPE for ETW/ETL traces to work.
In my microwinpebuilder environment, "logman start" seemed to loop or wait indefinitely.
I do not describe the investigation phase but I learned a lot.

The key. ..\control\WMI taken on a normal W10 and copied into my WinPE solves my problem. I don't know what's useful inside. It'll be for later.

So I can use ETW traces and ETL files as long as I know which setting to activate. I will continue with traces of TermService and later to "explore"

 

Powered by EzPortal