Jump to content











Photo

Custom WinPe build using Microsoft tools only


Best Answer misty , 29 July 2022 - 05:22 AM

@Eli1
File and registry dependencies changed - I think with Windows 10 version 1904.

I updated my Mini-WinFE project approximately two months ago and used code in ChrisR's Win10XPE and homes32's PhoenixPE (both available via GitHub) to trace the dependencies. Unfortunately I've not had time to update the steps to add manually. I don't have access to my notes at the moment and will check tomorrow when I have access to my laptop.

Misty Go to the full post


  • Please log in to reply
19 replies to this topic

#1 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 29 July 2022 - 01:33 AM

Hello everyone. 

I’ve been looking at this site for a few days since it seems to be a launching point to other sites (in terms of links) and it also seems that there’s a great group of knowledgeable people here who try to solve problems that no one else wants to solve. 
So thank you for spending your time in pursuing these tasks !
I also enjoy spending time solving interesting problems and have been doing it for 25 years so I understand the drive that you all have.
 
I have been reading a lot about adding 32 bit support to 64 bit winpe and I saw the page of Misty who explained in detail how to do all the steps manually but also referring to Win10PESE project. 
Thank you Misty for putting all that together in your site. 
 
After following your guide I have a few questions. 
First of all my 32 Bit apps don’t open but I’m getting close because before I was getting side-by-side errors, but now those have disappeared after importing all the side by side registry keys, and are just replaced with this non descriptive error below:

14-AA00-D5-4-A4-A-456-D-807-A-F33009916-
 

I am also trying to do this work using Microsoft tools only since I would like to avoid any third party tools for company use. 
I am currently using Windows 11 for the build which I get from Microsoft volume licensing center.

 

At this point I have two questions and if anyone here could help me it would be greatly appreciated. 
 

1) The first question is : What programs do you all use to find the dependencies of files and specific registry settings?

 

2) The other question is: Can someone check my steps below in case I’m missing anything?

 

Here are all my steps described in high-level only;

 

- Using latest windows adk.

- Using latest Win11 iso from Microsoft 

- Mounted win 11 install.wim and got all the files from necessary directories as explained here : http://mistyprojects...W64_WinPE10.htm

- Exported all registry keys from install.wim at the following locations:

HKLM Classes CLSID Wow6432node

Hklm Microsoft Windows current version | side by side

hklm Microsoft Windows current version | smi 

hklm wow6432node

- unload reg hive and unmount install.wim

- mount winpe boot.wim file from adk which is actually a winRE.wim and I’m using that as base because it has Wi-Fi and the Rejuvenation feature.

- copy all files in respective folders

- copy all reg files in respective locations

- delete hklm wow6432node Microsoft active setup | installedcomponents key.

- unmount hive and unmount the wim saving changes. 
 

When I start winpe and click on a 32 bit executable I get the error in the screenshot above. 
 

What am I missing here?

Thank you very much. 

 

 



#2 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 29 July 2022 - 05:22 AM   Best Answer

@Eli1
File and registry dependencies changed - I think with Windows 10 version 1904.

I updated my Mini-WinFE project approximately two months ago and used code in ChrisR's Win10XPE and homes32's PhoenixPE (both available via GitHub) to trace the dependencies. Unfortunately I've not had time to update the steps to add manually. I don't have access to my notes at the moment and will check tomorrow when I have access to my laptop.

Misty
  • Eli1 likes this

#3 peterparker111

peterparker111
  • Members
  • 1 posts
  • Location:Pakistan
  •  
    Pakistan

Posted 29 July 2022 - 07:06 AM

I am having the similar problem :( Let me know if you find a solution!



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 July 2022 - 07:07 AM

Generic answer to the question about tools traditionally used to trace dependencies.

 

(not necessarily still working or working fully in 10, let alone 11):

Dependency walker:

https://www.dependencywalker.com/

now rewritten as "dependencies":

https://github.com/lucasg/Dependencies

 

Tools from Sysinternals, Regmon/Filemon, now "unified" as Procmon:

https://sysinternais.com/

https://docs.microso...wnloads/procmon

 

Also, this thingy here, Spystudio:

https://www.nektra.c...io-api-monitor/

 

:duff:

Wonko


  • Tokener and Eli1 like this

#5 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 29 July 2022 - 02:22 PM

Thank you for your response @misty. I saw the page here https://github.com/M...main_WinBuilder and I noticed that several more files are now needed. So I will take a look at your scripts and update my project and report back. 
 

If you have time at some point to update your site, that would be greatly appreciated too. 
Thanks again. 
 

 

@wonko thank you for the links. I am aware of dependency walker but didn’t know of the others. I’d like to discuss this into more detail after I hopefully resolve the issues with my current build adding 32 bit support. 
 

Thank you for your responses. 



#6 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 30 July 2022 - 01:06 PM

I've had a look through the scripts in Mini-WinFE and have hopefully traced the file and registry dependencies for syswow64 support in Windows 10 builds 1903 to 21H2, and Windows 11 21H2. 
 
File dependencies - 
https://github.com/M...iles.10.new.txt
 
Potential .mui file dependencies (may not all be required) - 
https://github.com/M....10.new.mui.txt
 
Export the following registry entries from the SOFTWARE hive in install.wim -
\Classes\Wow6432Node (e.g. as Classes_Wow6432Node.reg)
\Wow6432Node (e.g. as Wow6432Node.reg)
 
Replace references to C:\ in the exported .reg files with X:\. I know that the brief is to use MS tools only, however using gsar.exe - 
gsar.exe -o -i -sC:x00:::x00\ -rX:x00:::x00\ Classes_Wow6432Node.reg
gsar.exe -o -i -sC:x00:::x00\ -rX:x00:::x00\ Wow6432Node.reg
 
Looking at my notes, there may also be references to D:\ that need to be replaced with X:\
gsar.exe -o -i -sD:x00:::x00\ -rX:x00:::x00\ Classes_Wow6432Node.reg
gsar.exe -o -i -sD:x00:::x00\ -rX:x00:::x00\ Wow6432Node.reg
Import these edited .reg files to the WinPE SOFTWARE hive.

Delete following key in the mounted WinPE SOFTWARE hive -
Wow6432Node\Microsoft\Active Setup\Installed Components"

The following keys will also need to be copied from the SOFTWARE hive in install.wim to the WinPE SOFTWARE hive -
\Classes\Wow6432Node\CLSID 
\Classes\Wow6432Node\Interface
\Classes\Wow6432Node\DirectShow
\Classes\Wow6432Node\Media Type
\Classes\Wow6432Node\MediaFoundation 
\Microsoft\Windows\CurrentVersion\SideBySide\Winners 
\Microsoft\Windows\CurrentVersion\SMI

Example using reg.exe, with install.wim SOFTWARE hive mounted as HKLM\_InstallWim_SOFTWARE and WinPE SOFTWARE hive mounted as HKLM\_WinPE_SOFTWARE, to copy \Classes\Wow6432Node\DirectShow key -
reg.exe copy HKLM\_InstallWim_SOFTWARE\Classes\Wow6432Node\DirectShow HKLM\_WinPE_SOFTWARE\Classes\Wow6432Node\DirectShow /s /f
:cheers:

misty
  • Tokener and Eli1 like this

#7 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 30 July 2022 - 02:10 PM

Success !

 

Following my exact steps as before but updating all the new files that needed to be copied thanks to Misty, I am now able to run 32 bit apps in 64 PE.

This is wonderful. Why Microsoft doesn’t do this by default it beyond me. Probably money. 
Thanks Misty !

 

 

Before I ask a few more questions about dependencies, could someone point me to a guide or a script where the Administrator account is used for login in winpe? This is needed for the notoriously difficult teamviewer which doesn’t run onto System account in winpe. 
 

 

Thank you very much !



#8 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 02 August 2022 - 11:12 PM

So I found another program for remote control called AeroAdmin which works perfectly.

 

I’d still like to understand how to create another user profile instead of using system account though. 
 

But I’ve been leaving that aside for because for the past few days I’ve been dealing with an issue with dialog boxes and I’ve also been using dependency walker .

 

The “File open” or “File save” dialog box works fine with some programs but not with others. 
‘Any tips as to what dlls are needed to make this work?

 

Ive been looking at fixes in this site as well as Misty’s page but no success so far. 
 

This leads me back to dependency walker. Like, how would you go about figuring out how the File Dialog box works using dependency walker?



#9 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 03 August 2022 - 07:05 PM

So here’s what I’ve been able to find in regards to Open, or Save as, dialog boxes. 
I’ve been able to pin it down to Shellstyle.dll.

 

When the shellstyle.dll does not exist in System32 in WinPe (this is by default) then some programs will show a dialog box normally. 
But some others won’t. This is probably because other programs require the presence of shellstyle.dll in System32 but other program don’t .

This is how the dialog box looks when there is no shellstyle.dll file in System32:

 

A95-DBA10-767-D-4778-9-FE1-AFA9-B3-E5-EB

 

As you can see everything looks good, but it doesn’t work for all programs. 
 

Now, the moment I manually add a shellstyle.dll even in the same session into RAM, then the dialog box will work for ALL programs but it’s broken. 
This is how it looks: 

A94-B53-A9-1271-49-F2-AA22-8743-E4931-B3

 

As you can see here, the functionality is broken and you can’t browse anymore. 
 

I have no idea what’s causing this and I’m running out of clues to go after since shellstyle.dll has NO dependencies when loaded in Dependency Walker.  

 

 



#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 August 2022 - 10:46 AM

Maybe (or maybe not) you can "trace" in Dependency Walker, it could be an on-the-fly reference of sorts.

 

About WinPE and users, I don't think anything has changed since:

 

https://msfn.org/boa...-administrator/

 

Maybe it could be possible to write a dedicated program that creates a "fake" Administrator account, but really cannot say.

 

:duff:

Wonko


  • Eli1 likes this

#11 alacran

alacran

    Platinum Member

  • .script developer
  • 2710 posts
  •  
    Mexico

Posted 05 August 2022 - 01:39 AM

About WinPE and users, I don't think anything has changed since:

 

https://msfn.org/boa...-administrator/

:duff:

Wonko

 

You are wrong my friend, things have changed, and have changed A LOT.

 

If booting from a Win10XPE, first thing I see in the screen is a Message asking if I want to boot as ADMIN, by the way only way to make TeamViewer run from a PE.

 

Then if the answer is YES the ADMIN account is created on the fly and the user is ADMIN.

 

If no answer in 5 seconds or the answer is NO, then the PE boots as Trusted Installer (TI), (even if the name that appears is System), having all privileges of (TI), we avoid all those new artificial (safety) restrictions to edit certain sections of a remote Registry, or to off-line open files or folders that were created by a different user, etc.

 

So this PE doesn't have the limited access of System, it has the higher access that can be got wich is TI.

 

 

@ Eli1

 

Download Win10XPE Project from Github and make a build, boot from it to taste it, and latter if you want, you can annalize the scripts and that could help you find the way to implement what you want.

 

alacran


  • Eli1 likes this

#12 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 05 August 2022 - 11:06 AM

Thanks Alacran. I will definitely check it out and see if I can figure out the work done in that project. 
The user session thing is a bit on the back burner for now because I’m trying to figure out the problems with these dialog boxes.

Maybe there’s an answer for that in the PE project too.



#13 alacran

alacran

    Platinum Member

  • .script developer
  • 2710 posts
  •  
    Mexico

Posted 06 August 2022 - 01:15 AM

Just remember to select the option shown on attached picture.

 

By the way thaks for your comment:

 

I found another program for remote control called AeroAdmin which works perfectly.

 

AeroAdmin Page.

 

The program seems good,  and it's portable and very small, only 2.98 MB, but the free version only has basic features, and it doesn't allow to transfer files.

 

alacran

Attached Files



#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 August 2022 - 07:18 AM

You are wrong my friend, things have changed, and have changed A LOT.

 

If booting from a Win10XPE, first thing you see in the screen is a Message asking if you want to boot as ADMIN, by the way only way to make TeamViewer run from a PE.

 

Then if you answer YES the AMIN account is created on the fly and the user is ADMIN.

 

If no answer in 5 seconds or the answer is NO, then the PE boots as Trusted Installer (TI), (even if the name that appears is System), having all privileges of (TI), we avoid all those new artificial (safety) restrictions to edit certain sections of a remote Registry, or to off-line open files or folders that were created by a different user, etc.

 

So this PE doesn't have the limited access of System, it has the higher access that can be got wich is TI.

 

 

I see, thanks.

 

From what I can understand the project re-adds the whole winlogon subsytem, very clever :).

 

There is (that I can find) very little documentation/discussion on this feature, I guess that the files here:

https://github.com/s...gures/x-Account

 

or however the script in the "main" Win10XPE project needs to be analyzed to get the list of needed files and replicate the behaviour on Eli1's particular build.

 

:duff:

Wonko



#15 alacran

alacran

    Platinum Member

  • .script developer
  • 2710 posts
  •  
    Mexico

Posted 06 August 2022 - 09:46 AM

Good finding Wonko.

 

I collected all info extracting it from the Win10XPE Scripts, and started trying to add the ADMIN account to the PE LARGE version builded using wimb's project Make_WinPE, back on March 2022, but I had a hard disk failure and lost all I was done, and latter just forgot about this subject.

 

The info I collected is attached to the following quoted post:

 

From this post: http://reboot.pro/in...e=5#entry220980

 

On the other hand the LARGE (Explorer) version is not yet capable to run TeamViewerPortable, that only runs from Admin account.

 

So far we have a WIM file running Explorer, next and final requirement is make this WIM capable to optionally boot as Admin, to satisfy the requirement from TeamViewerPortable.

 

I was able to collect all info from Win10XPE and it's attached in following file:

 

Attached Admin.7z   Password = alacran

 

I will start making some test, and let you know the results ASAP.

 

alacran

Attached Files zip.gif  Admin.7z   192.27KB

 

 

But I think something else is required, because I wasn't able to make it work.

 

And yes I'm agree, I think I missed something in the Build Core Script of the project.

 

alacran


  • Eli1 likes this

#16 ibrodux

ibrodux
  • Members
  • 4 posts
  •  
    Poland

Posted 18 August 2022 - 08:39 AM

Hi everyone :)
Based on all the tutorials from @Misty (thanks!)
I managed to create a properly working WinRE with 32bit applications however I have one problem, because I wanted to implement additionally a tool from MSF from the MDOP package, more specifically it is about DaRT and the remote recovery function that allows you to remotely connect to computers.
1. when using pure WinPE + packages with ADK + DaRT, the tool works fine and starts - no support for 32bit applications, which I need.
2. after modification and deployment of running 32bit applications, DaRT services are no longer active, when trying to run RemoteRecovery.exe nothing happens, so my second most important function does not work :(.
Perhaps someone of you had such a case ?
Please help me to solve this problem.
 
Thanks in advance !


#17 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 25 August 2022 - 10:15 AM

 

Hi everyone :)
Based on all the tutorials from @Misty (thanks!)
I managed to create a properly working WinRE with 32bit applications however I have one problem, because I wanted to implement additionally a tool from MSF from the MDOP package, more specifically it is about DaRT and the remote recovery function that allows you to remotely connect to computers.
1. when using pure WinPE + packages with ADK + DaRT, the tool works fine and starts - no support for 32bit applications, which I need.
2. after modification and deployment of running 32bit applications, DaRT services are no longer active, when trying to run RemoteRecovery.exe nothing happens, so my second most important function does not work :(.
Perhaps someone of you had such a case ?
Please help me to solve this problem.
 
Thanks in advance !

 

I can help you with this.

How are you building Dart? Using the wizard? If you are then that’s your problem.

Let me know the details when you’re around and we can talk hopefully when I remember to come back here again.



#18 ibrodux

ibrodux
  • Members
  • 4 posts
  •  
    Poland

Posted 07 September 2022 - 04:47 PM

I can help you with this.

How are you building Dart? Using the wizard? If you are then that’s your problem.

Let me know the details when you’re around and we can talk hopefully when I remember to come back here again.

Hi,
 
Sorry it's been so long since I replied but I've been on vacation.
 
I tried both creating an image with wizard but also adding DaRT itself to my modified image. 
Unfortunately I failed in both cases :(


#19 Eli1

Eli1
  • Members
  • 9 posts
  •  
    United States

Posted 11 September 2022 - 12:41 AM

 

Hi,
 
Sorry it's been so long since I replied but I've been on vacation.
 
I tried both creating an image with wizard but also adding DaRT itself to my modified image. 
Unfortunately I failed in both cases :(

 

Okay.

How are you adding the dart tools manually without the wizard?



#20 ibrodux

ibrodux
  • Members
  • 4 posts
  •  
    Poland

Posted 11 September 2022 - 07:43 PM

Okay.

How are you adding the dart tools manually without the wizard?

DISM .cab or extract the Toolsx64.cab and put it directly into the image






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users