Jump to content

MSRA in WinPE


Eagle710

Recommended Posts

  • 2 weeks later...

  • 2 weeks later...

I was going to take one last swing at this. I know for a fact that you need the following two files but am not sure if anyone can assist me an further with a tool that can help determine what is needed files or regedits.

msra.exe

msra.exe.mui

Link to comment
Share on other sites

When I test to see if an app can work with WinPE, I do the following. First, put your app (and the MUI if you like) in System32 in the WIM. Then boot into the WIM and then run Depends on the app. It will tell you what files are missing that it needs. If you need to know registry settings, you can run Process Monitor and add the msra.exe into the Process Filter and see what Registry keys its looking for.

Link to comment
Share on other sites

When I test to see if an app can work with WinPE, I do the following. First, put your app (and the MUI if you like) in System32 in the WIM. Then boot into the WIM and then run Depends on the app. It will tell you what files are missing that it needs. If you need to know registry settings, you can run Process Monitor and add the msra.exe into the Process Filter and see what Registry keys its looking for.

I assume you mean Dependency Walker?

Link to comment
Share on other sites

When I test to see if an app can work with WinPE, I do the following. First, put your app (and the MUI if you like) in System32 in the WIM. Then boot into the WIM and then run Depends on the app. It will tell you what files are missing that it needs. If you need to know registry settings, you can run Process Monitor and add the msra.exe into the Process Filter and see what Registry keys its looking for.

I assume you mean Dependency Walker?

Yes, it has multiple names. :)

Link to comment
Share on other sites

Tripredacus,

When using Process Monitor to look at the registry it appears that some entries dont appear but yet ProMon picks them up. Is this something I should create manually if I can notice them?

If you look at the picture below. It indicates that the RegOpenKey, RegQueryValue and RegCloseKey.... does that mean it opens that registry. It looks for the value and if not there it adds it then closes the key?

post-217779-1264180460_thumb.jpg

Edited by Eagle710
Link to comment
Share on other sites

Yes, as we know, there is no Internet Explorer in the PE, so some of these things it won't find. Your screenshot reads like this:

1. MSRA was able to open the FEATURE_ZONE_ELEVATION key in the registry.

2. MSRA was not able to find a value called msra.exe

3. MSRA was not able to find a value called *

4. MSRA closed the FEATURE_ZONE_ELEVATION key.

OK so now know that MSRA wants to do something with that key. What that is, we do not know at this point. However, it may not do anything. I do not know what FEATURE_ZONE_ELEVATION is for, but maybe you can research that. It may be like Image Execution Options, in which is a registry key that contains a list of programs that are not allowed to open. So it may be perfectly fine for it not be able to find that key after all.

So what you need to do next is run this app on a real OS and watch it with ProcMon. Then find where MSRA looks for that key in the real OS and see what it does. It may well be that in Windows, that key isn't there either.

To sum up, getting a NAME NOT FOUND message in ProcMon doesn't mean there is a problem. It may be perfectly normal behaviour.

Link to comment
Share on other sites

That one's easy - Technet. And no, you don't need it as this is not a WebBrowser Control application, thus the value would do nothing (this is for bypassing IE restrictions in a WBC app). Why not save all events from procmon into it's PML file format, zip that up, and upload it somewhere we can have a look at it?

Link to comment
Share on other sites

Yes, as we know, there is no Internet Explorer in the PE, so some of these things it won't find. Your screenshot reads like this:

1. MSRA was able to open the FEATURE_ZONE_ELEVATION key in the registry.

2. MSRA was not able to find a value called msra.exe

3. MSRA was not able to find a value called *

4. MSRA closed the FEATURE_ZONE_ELEVATION key.

OK so now know that MSRA wants to do something with that key. What that is, we do not know at this point. However, it may not do anything. I do not know what FEATURE_ZONE_ELEVATION is for, but maybe you can research that. It may be like Image Execution Options, in which is a registry key that contains a list of programs that are not allowed to open. So it may be perfectly fine for it not be able to find that key after all.

So what you need to do next is run this app on a real OS and watch it with ProcMon. Then find where MSRA looks for that key in the real OS and see what it does. It may well be that in Windows, that key isn't there either.

To sum up, getting a NAME NOT FOUND message in ProcMon doesn't mean there is a problem. It may be perfectly normal behaviour.

So I ran MSRA.exe on a regular (vista) image and than ran ProcMon and filtered by the process MSRA.exe for regedits . So how do I know that there is to be something in a value or not using ProcMON? Would i just launch MSRA and look through all the regedits in the procmon log comparing them to the current registry.

Edited by Eagle710
Link to comment
Share on other sites

If ProcMon reads a registry key, it will do a Read (or open and read) of a key and have a Success. If it does a write, it will be the same. If it can't find something, you'll get the NAME NOT FOUND error.

I agree, it can be tricky doing it this way and there may be other programs that will better show what a program is doing with the registry besides ProcMon.

Link to comment
Share on other sites

APIs come from .dlls on the system - you'd probably have to port the entire Windows Help subsystem to WinPE to get the Desktop Helper APIs, as they're a part of Windows Help.

I think you might be better off looking at something a bit more portable, unless you want to see this through via trial and error.

Link to comment
Share on other sites

Are you trying to create a help request so that someone with XP or better can remote into your Windows PE (for a PXE-based or BareMetal solution ??). If yes, then check out PCAnywhere ThinHost

873281-17.jpg

This would only work if the systems were on the same network? And it doesnt appear to have a built-in function for creating some kind of help file similar to Remote Assistance.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...