Kullenen_Ask Posted January 3, 2011 Posted January 3, 2011 (edited) I found this source code when i was surfing in a chineese forum. Maybe it can be usefull for add/change something. To make a loader. We can run more services and load much drivers with custom WinPeShl.exe. I do not have coding knowledge. Ideas wellcome.WinPeShl.exe,WpeInit.exe,WpeUtil.Dll:------------------------------------------------------------------------------------------------------------WinPeShl.exe: wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nShowCmd){ if ( QueryRegValue(HKEY_LOCAL_MACHINE, L"SOFTWARE\\microsoft\\windows nt\\currentversion\\WinPE", L"ShellLogPath") ) CreateLogFile( );else CreateLogFile(L"winpeshl.log");Message("Windows PE Shell beginning execution"); SetCursors(); InitSys(); LoadExec(L"%SystemRoot%\\system32\\winpeshl.ini")}InitSys(){ LoadLocalFonts(); QueryRegValue(HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinPE", L"CustomBackground") ) SystemParametersInfoW(); WpeInstallServicePrivileges(); WpeInstallServicesSecurityTemplate(); hObject = CreateEventW((LPSECURITY_ATTRIBUTES)v9, 1, v9, L"Global\\EVENT_WINPE_REMSTOR"); hHandle = CreateThread((LPSECURITY_ATTRIBUTES)v9, v9, StartAddress, (LPVOID)v9, v9, &ThreadId); result = (void *)QueryRegValue01( HKEY_LOCAL_MACHINE, L"SYSTEM\\CurrentControlSet\\Control\\WMI\\Autologger\\WinPEFileTrace", L"Start"); if ( result ) { v30 = v9; sub_1006847(67108864, L"Profiling is enabled; initializing run-time profiler.", ST18_4_0); result = CreateThread((LPSECURITY_ATTRIBUTES)v9, v9, SerializeAppProfile, (LPVOID)v9, v9, &v30); dword_100B040 = (int)result; }}-----------------------------------------------------------------------------------------------------------------------WpeInit.exe:int wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nShowCmd){ if ( lpCmdLine ) UnattendFindFileFromCmdLine(); else { wttime = GetTickCount(); WpeWaitForRemovableStorage(); Waitime = GetTickCount() - wttime; hLogFile = XLOG(L"wpeinit.log"); if (UnattendFindAnswerFile()){//Checkit; } else WriteLog(hLogFile,"No unattend file was found; WPEINIT is using default settings to initialize WinPE" ); if ( Waitime ) WriteLog(hLogFile, "Spent Waitime%ums initializing removable media before unattend search" ); } result = WpeActuateUnattendSettings(); //CleanUpreturn result;}-----------------------------------------------------------------------------------------------------------------------WpeUtil.Dll:WpeActuateUnattendSettings(){ UnattendDisplay(); UnattendCompterName(); UnattendPageFile(); UnattendOC(); UnattendNet(); UnattendFireWall(); UnattendRunSynchronous(); UnattendRunASyncs(); UnattendRestart();}UnattendNet(){ if(NetNotEnable == WpeQueryNetworkStatus() MyInitNetWork();}MyInitNetWork(){WpeInitializeNetworkComponents();WpeInitializeNetworkDrivers();}WpeInitializeNetworkComponents(){ Install MS_MSCLIENT Install MS_NETBIOS Install MS_SMB Install MS_TCPIP6 Install MS_TCPIP StartService dhcp StartService lmhosts StartService ikeext StartService mpssvc//lanmanStation...}WpeInitializeNetworkDrivers(){ WpeInitializeDriversOfClass();}WpeInitializeDriversOfClass(int a1, int a2){//EnumDevice then DiInstallDevice();} Edited January 3, 2011 by Kullenen_Ask
joakim Posted January 3, 2011 Posted January 3, 2011 They have disassembled the files in IDA. Then loaded the pdb files with debugging information (symbols). And finally exported c-like code with the hex-rays plugin.Joakim
ludo Posted January 3, 2011 Posted January 3, 2011 Hello Vvurat & Joakim Vvurat, can you give your chineses source ?This wpeinit can also to be use in the goal to use original shutdown button startmenu (pecmd can...) ?
Kullenen_Ask Posted January 4, 2011 Author Posted January 4, 2011 (edited) http://bbs.wuyou.com/redirect.php?fid=39&tid=116948&goto=nextoldsetProbably it works like tracking if the user clicked on shutdown button or not. It works same way with the ReBootTrace.exe,ReBoot.dll dll that i shared in my topic. If you read pecmd manual you can see that. There is source code of ReBootTrace.exe,ReBoot.dll in my topic if not deleted. If you want to use shutdown button, autologin as administrator rights user. You will have that functionality without using a third-party software. Edited January 4, 2011 by Kullenen_Ask
ludo Posted January 4, 2011 Posted January 4, 2011 (edited) Thanks VvuratBut where is the download link in this post, for test ...Or Joakim, can you assemble this source code ? Edited January 4, 2011 by ludo
Kullenen_Ask Posted January 4, 2011 Author Posted January 4, 2011 there is no download link. it is for to show how it works. maybe it is not full, i do not know c++
Kullenen_Ask Posted January 4, 2011 Author Posted January 4, 2011 (edited) can you compile us a loader from theese source codes? with our desires? the main problem is absence of a good loader. i could not like any off the loaders around. Edited January 4, 2011 by Kullenen_Ask
joakim Posted January 5, 2011 Posted January 5, 2011 What's wrong with the original winpeshl.exe?Don't expect me to write a loader as I have no idea.. Sources for most bootfiles pm'ed.Joakim
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now