Letters Answers to Your Questions
Getting Started with Windows PE
After reading Wes Miller’s article "Getting Started with Windows PE" in the September 2006 issue of TechNet Magazine, I created a menu with the HTML for Applications (HTA)-based wizard. I have several questions regarding getting the menu to work with Windows® PE 2.0.
Here are your questions and Wes’s answers to each:
How do I know if the optional software components HTA and Windows Script Host (WSH) are running from my ISO file?
If you installed optional components in your ISO file according to the instructions provided by the documentation, they should work. I’ve heard of two common scenarios where they don’t: if you didn’t run peimg /prep to prep the image, or if you didn’t use the /commit parameter with ImageX to actually commit the changes to the Windows PE image when dismounting it.
Do I need to have Windows Management Instrumentation (WMI) installed? The wizard files from the article give me an Internet Explorer® error.
The wizard files should work as long as HTAs are installed; they’re very rudimentary. WMI is not only not required for them, I actually wrote them before you could add WMI to Windows PE.
How should I include OC.bat in my startnet.cmd file?
You don’t need to use OC.bat at all if you’re using Windows PE 2.0—it is required for 1.x only. Windows PE 2.0 allows you to add components without using the shimming that OC.bat did.
Can I use some of Wes’s code in my menu once I’ve got it all working?
Feel free to take any of the code samples and reuse them as you desire, but you may not resell or redistribute them as part of a sample code package. See the licensing agreement on the TechNet Magazine Web site for more details.
Where is Windows PE?
Where can I find the Windows PE Build Tools? Can I download them or do I have to buy them?
The Windows PE Build Tools for Windows Vista™ are part of the Windows Automated Installation Kit (WAIK). You’ll find that download at go.microsoft.com/fwlink/?LinkId=85377.
The WAIK is for the Windows Vista family of operating systems only. For deployment of Windows XP, many similar tools are available in the Business Desktop Deployment Solution Accelerator. However, licensing for Windows PE has changed with Windows Vista. Before (for Windows XP), Windows PE was available only through Software Assurance licensing (see microsoft.com/licensing/sa/benefits/winpe.mspx for more details).
File Server Resource Manager
Will the File Server Resource Manager package be made available publicly for download to use on the original release of Windows Server® 2003? Or is this package only compatible with the R2 release?
The File Server Resource Manager is a feature of Windows Server 2003 R2. Due to dependencies in that version, there are no plans to make it available for prior releases at this time.
Inside the Kernel
After reading Mark Russinovich’s article "Inside the Windows Vista Kernel: Part 3", I have two questions. First, I notice that Process Explorer shows where exe or DLL files are randomly located on each boot session. Is it possible that malware could use the same mechanism to determine the location of code it wanted to exploit? Second, if there are 256 positions where randomization can start (if I understand the article correctly), what’s to prevent malware "brute force" probing if the target code stays static for the session.
Mark has answers to all your questions:
Process Explorer demonstrates a chicken-and-egg situation: the malware can’t figure out where the DLLs are because it can’t figure out where the API is located that returns that information. Malware "brute force" probing is not a reliable injection method, because if the malware guesses wrong it most likely crashes the app it’s trying to infect. At the minimum, randomization will slow a virus’s spread. In the best case, it will prevent the malware from infecting a system.
Got something to say? Don’t be shy! We love to hear from our readers. E-mail us at firstname.lastname@example.org.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.