SmokinXP

Downloaded RAID_Slipstreamer_v5.3_Build_080626.exe from link on page 1. Ran "C:\Temp\xp-unattended-intel-s5000pal\RAID_Slipstreamer_v5.3_Build_080626.exe "RAID Slipstreamer x86 v5.0 Build 071116.exe" /install /source C:\Temp\xp-unattended-intel-s5000pal /os 2003 /quick" Avast v4.8 with VPS version 081017-1 detects Win32: Trojan-gen {Other} in ..\%userprofile%\Temp\...\fart.exe See attached jpg Tried download again, same result! Where can I find a non-infected version? Is this a false positive? Any other suggestions? EDIT: Same deal with RAID_Slipstreamer_v5.2_Build_080104.exe ....

Some time ago I saw a post with a link to a page by gosh on how Longhorn PE loads (or at least how he thought it did). Unfortunately by the time I checked out the link it was pretty well gone. So I figured I'd post some details about how WinPE boots. Hope this help people configure their own PE's. P.S. None of this is my own work, I just compiled and formatted it. SmokinXP.. Order of Operations in Windows PE The boot process of Windows PE is as follows: 1. The boot sector on the particular media is loaded. Control is passed to Setupldr. 2. Setupldr runs Ntdetect.com, which extracts basic system configuration information and stores it in HKLM\HARDWARE\DESCRIPTION. 3. Setupldr then loads the appropriate HAL, loads the System registry hive, and loads necessary boot drivers using Winpeoem.sif. After it finishes loading, it prepares the environment to execute the kernel, Ntoskrnl.exe. Note o If you start Windows PE from read-only media such as a CD, Windows PE stores the registry hives in memory so that applications can write to the registry. Any changes made to the registry by the applications do not persist across different Windows PE sessions. 4. Ntoskrnl.exe is executed and finishes the environment setup. Control is passed to the Session Manager (SMSS). 5. SMSS loads the rest of the registry, configures the environment to run the Win32 subsystem (Win32k.sys) and its various processes. SMSS then loads the Winlogon process to create the user session and starts the services and the rest of the non-essential device drivers and the security subsystem (LSASS). 6. Windows PE loads the Command Prompt (Cmd.exe) process and executes Startnet.cmd. 7. When Startnet.cmd finishes, the command prompt is displayed. Windows PE boot is complete. Interactive Shell Components The Startnet.cmd batch file launches the networking processes and any custom routines that you might include. The commands in the default Startnet.cmd file are: regsvr32 /s netcfgx.dll factory -minint netcfg -v -winpe net start dhcp net start nla a:\floppy.cmd Command descriptions: • Regsvr32 /s netcfgx.dll: Registers the necessary helper function DLL to allow the networking components to be installed. Without this command, Factory mode will be unable to install the network card and Netcfg will fail to load the networking components. • Factory -minint: Starts factory.exe in -minint mode. Factory.exe locates the Winbom.ini file, creates a computername for the Windows PE session if the name is not specified in the Winbom.ini, use Plug and Play to detect and install the network card drivers, and processes the Winbom.ini file. • Netcfg -v -winpe: Installs Tcpip, Netbios and the Msclient for the Windows PE session. • Net start dhcp: Starts the DHCP client. • Net start nla: Starts the Network Location Awareness service. • a:\floppy.cmd: Floppy.cmd is an optional sample file which you can remove from Startnet.cmd. It can contain any commands normally run at a command prompt, such as starting applications or opening additional command windows that run scripts. For more information on the specific functionality of these commands, see below: • The syntax of the Factory tool is: factory {-minint | -winpe} -minint Uses Plug and Play to install the network interface card (NIC). -winpe Locates a Winbom.ini file and processes these sections in this order: [WinPE.Net] [DiskConfig] [OEMRunOnce] [OEMRun] [WinPE], except for the Restart entry [updateSystem] Restart entry in [WinPE] • The Netcfg Command-Line Options: netcfg [-v] [-winpe] [-l path_to_component_inf] [-c {c | p | s}] [-i component_id] -v Specifies verbose mode. -winpe Installs TCP/IP, NetBIOS, and the Client for Microsoft Networks (MSClient) when running in the Windows Preinstallation Environment (Windows PE). -l path_to_component_inf Specifies the complete path of the .inf file. -c Specifies the class of the component to install. Valid options are c, p, and s. c Client p Protocol s Service component_id Specifies the component ID of the networking component to install from the .inf file. The syntax of additional Netcfg options: netcfg [-s {a | n}] [{-b | -q | -u} component_id] -s Specifies the type of the component to display; valid options are a and n. a Displays network adapters. n Displays network components. -b Displays the binding paths that contain the specified component_id. -q Queries if a particular component, specified by component_id, is installed. -u Uninstalls a particular component, specified by component_id. component_id Specifies the component ID of the relevant component. When you start a computer using Windows PE, you run the command factory -winpe, which processes these sections in Winbom.ini in this order: • [WinPE.Net] contains entries for controlling the settings that WinPE uses to connect to a network. Eg: [WinPE.Net] Gateway = 123.45.6.789 [ip address or blank] IPConfig = DHCP [ip address or DHCP] StartNet = Yes [Yes or No] SubnetMask = 255.255.255.0 [ignored unless ipconfig is set] • [DiskConfig] contains entries for configuring and partitioning one or more physical hard disks when the Factory tool runs in WinPE. • [OEMRunOnce] contains entries for controlling external applications and command shell scripts when the Sysprep -factory command runs. • [OEMRun] enables you to control how and when external applications and command shell scripts run when auditing the computer in the factory environment, using the Sysprep -factory command. • [WinPE], except for the Restart entry contains entries for identifying the configuration set and Windows operating system that you install. Unless you run the factory -winpe command, Setup ignores all entries in this section. • [updateSystem] contains entries, called directives, for performing registry or file system updates. • Restart entry in [WinPE] Specifies the behaviour after the factory -winpe command finishes. The settings in Winbom.ini provide a wide range of preinstallation tasks. To perform tasks beyond the scope of Winbom.ini, create batch files either to replace or supplement Winbom.ini. With Windows PE running, you can use Winbom.ini or your own batch files in order to: • Copy a test harness to the destination computer and run hardware diagnostics. • Run programs, such as a utility to partition and format the drives. • Establish network connectivity with the NET USE command, and change directories to the location of the preinstalled images. • Start the unattended Setup from a network source.

Thanks for the snappy (quick) answer. Let me get this right... The RunOnceEx.Inf file is called from the %WinDir% is it not. That enumerates (on my PC) to C:\Windows. OR Does it get called from the installation CD?

I've been trying to work out how to copy the I386 folder from the install CD during unattended install. I Have tried using RunOnceEx with the following: HKLM,"%RunOnceEx%\install20",1,,"%11%\CMD.exe /C Xcopy %CDROM%\I386\*.* %24%\Install\I386 /S /V /C /F /H /Exclude:%11%\NoCopy.lst" I have a batch file (called at "install15") that enumerates %CDROM% but it won't parse to the next line (as above) when called in RunOnceEx. I had only one success and that was calling a batch from RunOnceEx, but it worked once and once only. Copy of my RunOnceEx.inf attached. ANY pointers greatly appreciated!!! kim@mitc.com.au RUNONCEEX.INF RUNONCEEX.INF

Dudes, some things I have noticed in this thread: 1. Have you checked out using a compressed boot floppy? DOS Network Boot Floppy 2. By using "Set" variables you use up environment space which (by the sound of things) is at a premium anyway. You are better off making direct calls to the winnt.exe and supplying the variables manually. While you may have to create slightly different setup floppies for different nic's it does save on environment space. 3. Creating a RAM drive using the Windows 98 EBD method does count back from Z: drive. In the SETRAMD.BAT file try setting the CDROM variable to something midway through the alphabet; say M. Have you tried stepping through the SETRAMD.BAT to see how it works? To step through a batch file type COMMAND /? from a DOS prompt to get the switches (I think it's something like command /y /c batchfile.bat). 4. I can't agree more about using SMARTDRV.EXE I would call it a neccesity. If you need the switches try typing SMARTDRV /?. Personally I use LH SMARTDRV.EXE /X 5. The Switches for EMM386.EXE I use are NOEMS ie: DEVICE=EMM386.EXE NOEMS I have followed this thread all the way through and I'm wondering if you have got what you need yet? Are you done?

Hey I know this is totally old hat but I have many clients in the Hospitality industry (Hotels, Motels etc) that I support who still run Windows 95. I'm hoping someone out there will have a "working" inf file for installing Windows 95 in unattended mode. I have used the Batch Setup tool from the Win95 CD but I can't seem to get the format of the inf file 100% correct. The problem areas are: - Correct format for the ProductID field - [Network] section. Below is my inf file: [batchSetup] Version=2.3 (32-bit) SaveDate=04/21/04 [setup] Express=1 EBD=0 ChangeDir=0 OptionalComponents=1 Network=1 System=0 CCP=0 CleanBoot=0 Display=0 PenWinWarning=0 InstallType=3 DevicePath=1 TimeZone="Taipei" Uninstall=0 VRC=0 NoPrompt2Boot=1 ProductID=0123456789 [system] DisplChar=8,640,480 [NameAndOrg] Name="VMUser" Org="VMCompany" Display=0 [Network] ComputerName="VM95" Workgroup="VMWorkgroup" Description="VMComputer" Display=0 PrimaryLogon=VREDIR Clients=VREDIR Protocols=MSTCP IgnoreDetectedNetCards=1 ValidateNetCardResources=0 HDBoot=1 RPLSetup=0 WorkstationSetup=1 DisplayWorkstationSetup=0 Security=SHARE Services=VSERVER [MSTCP] DHCP=1 DNS=0 WINS=DHCP Hostname=VM95 [VREDIR] LogonDomain="VMWorkgroup" ValidatedLogon=0 [VSERVER] LMAnnounce=1 MaintainServerList=0 [OptionalComponents] "Accessibility Options"=0 "Briefcase"=0 "Calculator"=0 "Character Map"=0 "Clipboard Viewer"=0 "Desktop Wallpaper"=0 "DMI Mgmt Service Layer"=0 "Document Templates"=1 "Games"=0 "Imaging"=1 "Mouse Pointers"=0 "Net Watcher"=0 "Object Packager"=0 "Online User's Guide"=0 "Paint"=1 "Quick View"=0 "System Mgmt Infrastructure"=0 "System Monitor"=0 "System Resource Meter"=0 "TWAIN 1.6"=0 "Windows 95 Tour"=0 "WordPad"=1 "Dial-Up Networking"=0 "Direct Cable Connection"=0 "HyperTerminal"=0 "Microsoft NetMeeting"=0 "Phone Dialer"=0 "Backup"=0 "Defrag"=0 "Disk compression tools"=1 "Microsoft Fax Services"=0 "Microsoft Fax Viewer"=0 "Audio Compression"=0 "CD Player"=0 "Media Player"=0 "Multimedia Sound Schemes"=0 "Sample Sounds"=0 "Sound Recorder"=0 "Video Compression"=1 "Volume Control"=0 "Additional Screen Savers"=0 "Flying Windows"=0 "OpenGL Screen Savers"=0 "The Microsoft Network"=0 "Internet Mail Services"=0 "Windows Messaging"=0 "Microsoft Mail Services"=0 [Printers] Any help or comments appreciated. Auto2.inf Auto2.inf