Jump to content











Photo
- - - - -

OpenWith.exe now working in WinPE 10


  • Please log in to reply
6 replies to this topic

#1 spleenharvester

spleenharvester

    Member

  • Members
  • 92 posts
  •  
    United Kingdom

Posted 22 June 2016 - 02:43 PM

I have got OpenWith.exe working in WinPE 10, build 10.0.586.122, both 32-bit and 64-bit.

 

Only thing I haven't got working is the icons displayed next to the 'Open with' programs - I will update when I figure this out. The program itself works fine.

 

Registry dependencies

 

The below CLSID keys and their subkeys are accessed by a functional OpenWith.exe. Note that not all of these may be necessary - these are just the 'hits' I identified during analysis. I have added the necessary keys to a .reg file here (configured for HKLM\software) - http://www.mediafire...55/OpenWith.reg

 

NOTE: I had to deploy the above from startnet.cmd. For some reason I couldn't add it during image build (some kind of odd permissions bug?)

 

All the other keys were already in my base image.

 

{00020424-0000-0000-C000-000000000046}
{0DEC7D0C-BD63-4759-AA64-ADEFD70DCF9A}
{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
{2155FEE3-2419-4373-B102-6843707EB41F}
{228826AF-02E1-4226-A9E0-99A855E455A6}
{4DB26476-6787-4046-B836-E8412A9E8A27}
{54E211B6-3650-4F75-8334-FA359598E1C5}
{603D3800-BD81-11D0-A3A5-00C04FD706EC}
{66742402-F9B9-11D1-A202-0000F81FEDEE}
{6E29FABF-9977-42D1-8D0E-CA7E61AD87E6}
{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}
{83D6F579-4A45-439F-994E-7EC23C46B13E}
{83E94DBF-7F97-46B0-A6F0-360FE982BF83}
{94B23D4D-1040-4C4B-9081-85D8D6FA36C4}
{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}
{A2C25004-96F4-4D49-B38E-6A52BE7E2F51}
{B196B286-BAB4-101A-B69C-00AA00341D07}
{B77B1CBF-E827-44A9-A33A-6CCFEEAA142A}
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}
{D25D8842-8884-4A4A-B321-091314379BDD}
{E44E9428-BDBC-4987-A099-40DC8FD255E7}
{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}
 
DLL dependencies
 
I had to add the following:
 
\system32\OpenWith.exe and its MUI
\system32\twinapi.appcore.dll and its MUI
\system32\windows.ui.immersive.dll and its MUI
 
A number of other modules are loaded, but all of these were present in my base image.

Edited by spleenharvester, 22 June 2016 - 03:40 PM.


#2 spleenharvester

spleenharvester

    Member

  • Members
  • 92 posts
  •  
    United Kingdom

Posted 22 June 2016 - 07:49 PM

Found another 7 CLSIDs necessary to make the "Look for another app on this PC" option work reliably. Again, not all may be needed, these were just the hits I identified as missing.

 

{056440FD-8568-48e7-A632-72157243B55B}

{c206f324-bb45-4765-93ff-3bca7306ff2e}

{08d5bfbf-fbca-4322-9f70-ca9f66f8ed6a}

{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE} <--This appears to be most important

{934D4698-6A59-48f8-9F29-9FB30670320E}

{7efc002a-071f-4ce7-b265-f4b4263d2fd2}

{AE054212-3535-4430-83ED-D501AA6680E6}

 

Reg file here, configured for HKCR\CLSID: http://www.mediafire...i/OpenWith3.reg

 

Another is accessed - {812F944A-C5C8-4CD9-B0A6-B3DA802F228D} - but does not appear to be relevant to anything that I can see.


Edited by spleenharvester, 22 June 2016 - 08:13 PM.


#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 23 June 2016 - 08:31 AM

Once said that I have NO idea what (the heck) is OpenWith.exe, nor how it will be useful to have it in a PE :w00t:, you have a duplicate in what you posted:

{F324E4F9-8496-40b2-1FF-9617C1C9AFFE}

 

I simply hate GUID's, particularly if they are provided without an explanation/reference.

Should it be useful, I found most of them in the list here https://www.viathink.../guid_analysis/ :

MSFT {00020424-0000-0000-C000-000000000046} PSOAInterface
RFCRND {056440FD-8568-48e7-A632-72157243B55B} Explorer Navigation Bar
RFCRND {08d5bfbf-fbca-4322-9f70-ca9f66f8ed6a} CommonLayoutModifier
RFCRND {0dec7d0c-bd63-4759-aa64-adefd70dcf9a} ????
RFCRND {1f486a52-3cb1-48fd-8f50-b8dc300d9f9d} Memory Mapped Cache Mgr
RFCTIM {20D04FE0-3AEA-1069-A2D8-08002B30309D} Computer
RFCRND {2155fee3-2419-4373-b102-6843707eb41f} Local Icon Cache
???? {228826AF-02E1-4226-A9E0-99A855E455A6} ????
RFCRND {4db26476-6787-4046-b836-e8412a9e8a27} Shared Bitmap Object
RFCRND {54E211B6-3650-4F75-8334-FA359598E1C5} ????
RFCTIM {603D3800-BD81-11d0-A3A5-00C04FD706EC} Background Task Scheduler
RFCTIM {66742402-F9B9-11D1-A202-0000F81FEDEE} ????
RFCRND {6e29fabf-9977-42d1-8d0e-ca7e61ad87e6} UIAutomation Registrar Class
RFCRND {76765b11-3f95-4af2-ac9d-ea55d8994f1a} Property System Both Class Factory
RFCRND {7efc002a-071f-4ce7-b265-f4b4263d2fd2} Local Thumbnail Cache
RFCRND {812F944A-C5C8-4CD9-B0A6-B3DA802F228D} UIAnimationTransitionLibrary2
RFCRND {83d6f579-4a45-439f-994e-7ec23c46b13e} ????
RFCRND {83E94DBF-7F97-46B0-A6F0-360FE982BF83} CLSID_TileElementFactory
RFCRND {934D4698-6A59-48f8-9F29-9FB30670320E} Structured Query Helper Class
RFCRND {94B23D4D-1040-4C4B-9081-85D8D6FA36C4} ImmersiveOpenWithUI
RFCRND {9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917} ShellItem Shell Namespace helper
???? {A2C25004-96F4-4D49-B38E-6A52BE7E2F51} ????
RFCRND {AE054212-3535-4430-83ED-D501AA6680E6} Shell Name Space ListView
RFCTIM {B196B286-BAB4-101A-B69C-00AA00341D07} PSFactoryBuffer
RFCRND {b77b1cbf-e827-44a9-a33a-6ccfeeaa142a} ShellItemArray Shell Namespace helper
RFCRND {c206f324-bb45-4765-93ff-3bca7306ff2e} CommonLayoutDefinition
???? {C2F03A33-21F5-47FA-B4BB-156362A2F239} ????
RFCRND {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} PSFactoryBuffer
RFCRND {D25D8842-8884-4A4A-B321-091314379BDD} UIAnimationManager2
RFCRND {e44e9428-bdbc-4987-a099-40dc8fd255e7} Execute Unknown
RFCRND {F324E4F9-8496-40b2-A1FF-9617C1C9AFFE} Sync root manager

You could try running the GUID tools in the above, maybe some more info can be extracted from your system:

https://www.viathink.../GUID-Tools.zip

 

As you stated, it is very possible that some of them are not "really-really needed". :unsure:

 

:duff:

Wonko

 


  • Brito likes this

#4 spleenharvester

spleenharvester

    Member

  • Members
  • 92 posts
  •  
    United Kingdom

Posted 24 June 2016 - 06:22 PM

Once said that I have NO idea what (the heck) is OpenWith.exe, nor how it will be useful to have it in a PE :w00t:, you have a duplicate in what you posted:

{F324E4F9-8496-40b2-1FF-9617C1C9AFFE}

 

I simply hate GUID's, particularly if they are provided without an explanation/reference.

Should it be useful, I found most of them in the list here https://www.viathink.../guid_analysis/ :

MSFT {00020424-0000-0000-C000-000000000046} PSOAInterface
RFCRND {056440FD-8568-48e7-A632-72157243B55B} Explorer Navigation Bar
RFCRND {08d5bfbf-fbca-4322-9f70-ca9f66f8ed6a} CommonLayoutModifier
RFCRND {0dec7d0c-bd63-4759-aa64-adefd70dcf9a} ????
RFCRND {1f486a52-3cb1-48fd-8f50-b8dc300d9f9d} Memory Mapped Cache Mgr
RFCTIM {20D04FE0-3AEA-1069-A2D8-08002B30309D} Computer
RFCRND {2155fee3-2419-4373-b102-6843707eb41f} Local Icon Cache
???? {228826AF-02E1-4226-A9E0-99A855E455A6} ????
RFCRND {4db26476-6787-4046-b836-e8412a9e8a27} Shared Bitmap Object
RFCRND {54E211B6-3650-4F75-8334-FA359598E1C5} ????
RFCTIM {603D3800-BD81-11d0-A3A5-00C04FD706EC} Background Task Scheduler
RFCTIM {66742402-F9B9-11D1-A202-0000F81FEDEE} ????
RFCRND {6e29fabf-9977-42d1-8d0e-ca7e61ad87e6} UIAutomation Registrar Class
RFCRND {76765b11-3f95-4af2-ac9d-ea55d8994f1a} Property System Both Class Factory
RFCRND {7efc002a-071f-4ce7-b265-f4b4263d2fd2} Local Thumbnail Cache
RFCRND {812F944A-C5C8-4CD9-B0A6-B3DA802F228D} UIAnimationTransitionLibrary2
RFCRND {83d6f579-4a45-439f-994e-7ec23c46b13e} ????
RFCRND {83E94DBF-7F97-46B0-A6F0-360FE982BF83} CLSID_TileElementFactory
RFCRND {934D4698-6A59-48f8-9F29-9FB30670320E} Structured Query Helper Class
RFCRND {94B23D4D-1040-4C4B-9081-85D8D6FA36C4} ImmersiveOpenWithUI
RFCRND {9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917} ShellItem Shell Namespace helper
???? {A2C25004-96F4-4D49-B38E-6A52BE7E2F51} ????
RFCRND {AE054212-3535-4430-83ED-D501AA6680E6} Shell Name Space ListView
RFCTIM {B196B286-BAB4-101A-B69C-00AA00341D07} PSFactoryBuffer
RFCRND {b77b1cbf-e827-44a9-a33a-6ccfeeaa142a} ShellItemArray Shell Namespace helper
RFCRND {c206f324-bb45-4765-93ff-3bca7306ff2e} CommonLayoutDefinition
???? {C2F03A33-21F5-47FA-B4BB-156362A2F239} ????
RFCRND {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} PSFactoryBuffer
RFCRND {D25D8842-8884-4A4A-B321-091314379BDD} UIAnimationManager2
RFCRND {e44e9428-bdbc-4987-a099-40dc8fd255e7} Execute Unknown
RFCRND {F324E4F9-8496-40b2-A1FF-9617C1C9AFFE} Sync root manager

You could try running the GUID tools in the above, maybe some more info can be extracted from your system:

https://www.viathink.../GUID-Tools.zip

 

As you stated, it is very possible that some of them are not "really-really needed". :unsure:

 

:duff:

Wonko

 

Cheers for the reply, not sure how that key escaped my notice the second time, it was flagged as NOT_FOUND in process monitor for some reason. Openwith.exe as you may now know is responsible for the "Open with..." box in Windows 10 (and possibly 8?), and judging by other posts on here has been a real pain in the ass to pin down.

 

None of the GUIDs make any sense to me either, haha. I never pay much attention to them though since I see keys come up that are essential for apps to work that from the description don't seem like they would even be related. 

 

The way I'm tracking stuff down right now is exporting the whole of HKCR, HKCU, HKLM and HKU, "PE-ifying" them, then adding entire hives to verify that it's a registry issue and find a starting point. Then I try to narrow down by subkey (eg in CLSIDs) as far as possible. Then I look in ProcMon and sort results by that subkey under NOT_FOUND. There's probably a more logical way of doing it but it seems to be going well thus far!

 

~s



#5 spleenharvester

spleenharvester

    Member

  • Members
  • 92 posts
  •  
    United Kingdom

Posted 24 June 2016 - 09:17 PM

The key at HKCR\applications\iexplore.exe and its subkeys are important for the "Look for another app on this PC" option to work reliably on some filetypes. Regkey as usual here: http://www.mediafire...th-IExplore.reg

 

AFAIK all working 100% now apart from the icons



#6 spleenharvester

spleenharvester

    Member

  • Members
  • 92 posts
  •  
    United Kingdom

Posted 25 June 2016 - 12:36 AM

To get icons working:

 

1) Copy in \system32\thumbcache.dll (apparently I am a dumbass, I spent an hour tearing my hair out over registry analysis without thinking of looking at file dependencies, whoops)

 

2) For usual background colour, you need the regkeys at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent reg file here http://www.mediafire...KCUexplorer.reg

 

I believe that concludes this thread. Cheers :-)



#7 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 25 June 2016 - 08:55 AM

Next time (maybe useful, maybe not) you may try something *similar* to this approach (for registered .dll's):
http://reboot.pro/to...e-9#entry154017

 

:duff:

Wonko






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users