WinPE with SystemRoot on C:\ (or anything)

[joakim]

Maybe it's old news and I've missed it, in which case forget about my post.

Anyways, I noticed that you can specify from which drive to run your winpe from by tweaking the registry. At a minimum this is required;

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WinPE]
"InstRootDrive"=dword:00000043

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE]
"InstRoot"="C:\\"

And a few more would be required to change since some paths that are hardcoded by default. But the rest is only needed for every component to work completely. This is only tested on version 3.0 of WinPE.

Then I took it a bit further and tried to "dual boot" Windows 7 and WinPE 3.0 from the same systemroot (ie from C:\). By patching winload.exe you can load alternative system hive, so that you have 2 different ones to choose from. Then run both systems from the same SOFTWARE hive, by adding the above mentioned code to the software hive. This way the WinPE will not write anything to the local registry hives, as changes are never written back to disk. Now sadly I didn't boot fully, but at least it did not bsod, crash or reboot. It just silently froze with nice text on screen saying; "Setup is starting services", roughly at about where winint.exe would be launched. This was just for the test, and I'm sure people know better than trying this on a real system.

Joakim

[Kullenen_Ask]

i did not understand any what you talk about. it this a wim that boot? or you try to boot windows install as winpe? is it boots to ram? how can it will not write hives anything?

Edited January 3, 2011 by Kullenen_Ask

[joakim]

i did not understand any what you talk about. it this a wim that boot? or you try to boot windows install as winpe? is it boots to ram? how can it will not write hives anything?

The registry tweak to specify systemroot in winpe works inpedependent of the medium that it comes from.

The second part about the 2 merged systems was just another test I did. For that you need both the systems on the same medium. In my case for the test, I just did a plain flat boot from HDD, ie no wim. Of course in vmware.

Joakim

[Kullenen_Ask]

what is the bsod, crash or reboot? i spend lots of time on it and know a few reasons. wim in your hands has all the windows 7 hives that the problematic keys removed and all C: changed to X: If do not change it will be same like you do.

be sure to remove or disable all prefetch, readyboost,hybernation.

As i understand your winload lets you select windows 7 system.hiv and winpe system.hiv. When you select winpe it use normal windows 7 software.hiv. and winpe system.hiv to boot?

Edited January 3, 2011 by Kullenen_Ask

[joakim]

what is the bsod, crash or reboot? i spend lots of time on it and know a few reasons. wim in your hands has all the windows 7 hives that the problematic keys removed and all C: changed to X: If do not change it will be same like you do.

be sure to remove or disable all prefetch, readyboost,hybernation

Like I said it did not bsod, crash or reboot. It just froze with the text I mentioned. The test was to boot both systems with the same SOFTWARE hive, but 2 different SYSTEM hives. Also tried patching the kernel to load alternative software hive, but that crashed with bsod 0xc000021a.

Joakim

Edited January 3, 2011 by joakim

[Kullenen_Ask]

Normally your system.hiv should have X: locations. Did you changed all that to C: locations too? Did you removed fbwf services (as i understand you do not load to ram). I think also you added winpe specific files???

Try to rename or remove "oobe,panther" folders from your windows. as it already working system you will not loose anything i think.

Edited January 3, 2011 by Kullenen_Ask

[joakim]

Normally your system.hiv should have X: locations. Did you changed all that to C: locations too? Did you removed fbwf services (as i understand you do not load to ram). I think also you added winpe specific files???

Try to rename or remove "oobe,panther" folders from your windows. as it already working system you will not loose anything i think.

Yes WinPE can easily be run from C:\. Do not need to remove fbwf. Just added 2 (I think) missing drivers. Can give it another try later on by removing those folders and the files you mentioned.

Edited January 3, 2011 by joakim

[Kullenen_Ask]

If it can successfull pass that phase and you can see mouse cursor without bsod (if all services start) and it freeze there. It means it need security,sam hives of winpe. Need change windows 7 ones with winpe ones. I do not think winload or explorer.exe will care your registry entries without wpeutil, wpeshell,wininit files.

Edited January 3, 2011 by Kullenen_Ask

[joakim]

Ok so I managed to boot both systems into C:\ with almost the same sources. Had to replace the SAM and SECURITY hives with the PE ones. But with the same SOFTWARE hive. Possibly it could be easier to make the config folder of WinPE point to something different and hardlink the SOFTWARE hive back into the default/original. Cool, but maybe not very useful. Interesting to see that the differences don't necessarily are that big..

Joakim

[Kullenen_Ask]

I forgot where was the winload.exe patching manuals of you for to use different hives in same wim. Probably they were at sanbarrow joakim section. It was surprising for me that to see differences very small. Also system.hiv difference is not so much big. I do not have much knowledge about hardlinks but also i didn't see any problem in normal windows and winpe file structure because of hardlinks. And what is first impression about if it booted as winpe with all software.hiv and all files of a normal setup? What works and what not?

[joakim]

Yes I made a winload patcher that I posted at the sanbarrow forum. It works good for this job. Actually the best thing would be to use the original non-PE SYSTEM hive for WinPE, which contains system services and more. I tried tweaking that in almost any imaginable way, but did not completely boot. It just froze with a black screen after all boot drivers where loaded. Then only using the SAM and SECURITY hives from WinPE would be the goal.

1 tip when working with hives like that. Sometimes it's easier to export separate parts from the original hive into reg files. Unload the original and load up a new empty hive where you can import all the reg files. This way you don't have to fight with permissions, which can be a pain in the back, and you can delete anything you want.

Joakim

[Kullenen_Ask]

Actually the best thing would be to use the original non-PE SYSTEM hive for WinPE, which contains system services and more. I tried tweaking that in almost any imaginable way, but did not completely boot. It just froze with a black screen after all boot drivers where loaded.

If it is possible (i know how much it is difficult because i need to change lots of stuff sometimes) can you write what did you change at non-PE SYSTEM hive. For me only [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services] can be enough too. Because i couldn't achive it too start all services. I disabled almost all services that can be problematic with to change start-up type. Always blue-screen. I know the problem is there because it can boot with other services stuff.

It just froze with a black screen after all boot drivers where loaded

Try to clean everything under [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Audit].

1 tip when working with hives like that. Sometimes it's easier to export separate parts from the original hive into reg files. Unload the original and load up a new empty hive where you can import all the reg files. This way you don't have to fight with permissions, which can be a pain in the back, and you can delete anything you want.

Yes. There is 2 way to make such a system. First is to export all hives as reg file and after import to a empty hive and clean all permissions. Second way is to use all hives without loosing permissions. If deleting is problem, you can delete keys with special registry softwares. Forexample deleting something from ENUM key is very difficult. I use "Registrar Registry Manager". There are advantages and disadvantages of both ways.