楼主大大能分享一下制作心得吗? |
感谢分享 |
本帖最后由 martin313 于 2024-9-21 15:17 编辑 纠正一个错误观念,PE维护,网络功能也是必须的,并不是维护版PE就不需要网络功能!!! http://bbs.wuyou.net/forum.php?mod=viewthread&tid=439445 |
本帖最后由 martin313 于 2024-9-18 11:17 编辑 2024中秋假期,解决了winpe的一个历史遗留问题即双用户PE切换的问题,解决了英文版pe不能正常启用bitlocker的问题 巨硬真是坑爹啊,bitlocker在简体中文版与繁体中文版是好好的,到了英文版就死活不行 后来发现就是因为缺一个注册表导致的,大海捞针似的的定位,搞了3个小时 幸亏有Sergei Strelec英文PE,作为样本(比较分析测试),不然不知从何下手去解决Bitlocker问题 截至2024年9月18日,折腾 WinPE 正式宣告完美结束!!! |
本帖最后由 martin313 于 2024-9-16 09:25 编辑 在斗鱼的PE制作方案里,Software基本上是全的,所以下面的就不能再全部复制,不然会导致PE的System用户账户地址异常: rem call RegCopy "HKLM\Software\Microsoft\Windows\CurrentVersion" rem call RegCopy "HKLM\Software\Microsoft\Windows NT\CurrentVersion" rem call RegCopy "HKLM\Software\Classes\AppID" rem call RegCopy "HKLM\Software\Classes\CLSID" rem call RegCopy "HKLM\Software\Classes\Interface" 正在全新制作Win11_22000.3197的双用户PE |
纠正一个错误观念,PE维护,网络功能也是必须的,并不是维护版PE就不需要网络功能!!! |
注册表可进一步减少为如下: call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRT" call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRTProxy" call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4d36e97d-e325-11ce-bfc1-08002be10318}" call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4E815EE1-20F8-41EF-8CFF-3C283F02D722}" call RegCopy "HKLM\System\DriverDatabase\DriverInfFiles\WindowsTrustedRTProxy.inf" call RegCopy "HKLM\System\ControlSet001\Services\BDESVC" call RegCopy "HKLM\System\ControlSet001\Services\Netlogon" call RegCopy "HKLM\System\ControlSet001\Services\ProfSvc" call RegCopy "HKLM\System\ControlSet001\Services\seclogon" call RegCopy "HKLM\System\ControlSet001\Services\UserManager" |
本帖最后由 martin313 于 2024-9-15 13:35 编辑 至此,我所关心关注的有关PE的所有问题,全部解决了,剩下点点小瑕疵就忽略了! |
本帖最后由 martin313 于 2024-9-15 21:48 编辑 最近测试这个自制的双用户PE,发现不仅仅存在Administrator系统文件夹打不开的问题,还存在A用户下,Bitlocker无法正常使用的问题。于是今天下决心解决,经过与论坛win10全能版的注册表对比,一番折腾后,总算彻底解决!方法如下: 一、补充文件 WindowsTrustedRT.sys WindowsTrustedRTProxy.inf WindowsTrustedRTProxy.sys 二、补充注册表(其中有些注册表是多余的,不管那么多了,胡子眉毛一把抓,反正不算多) call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRT" call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRTProxy" call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4d36e97d-e325-11ce-bfc1-08002be10318}" call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4E815EE1-20F8-41EF-8CFF-3C283F02D722}" call RegCopy "HKLM\System\DriverDatabase\DriverInfFiles\WindowsTrustedRTProxy.inf" call RegCopy "HKLM\System\ControlSet001\Services\ahcache" call RegCopy "HKLM\System\ControlSet001\Services\AWEAlloc" call RegCopy "HKLM\System\ControlSet001\Services\BDESVC" call RegCopy "HKLM\System\ControlSet001\Services\Beep" call RegCopy "HKLM\System\ControlSet001\Services\Browser" call RegCopy "HKLM\System\ControlSet001\Services\camsvc" call RegCopy "HKLM\System\ControlSet001\Services\CertPropSvc" call RegCopy "HKLM\System\ControlSet001\Services\CompositeBus" call RegCopy "HKLM\System\ControlSet001\Services\DisplayEnhancementService" call RegCopy "HKLM\System\ControlSet001\Services\Dnscache" call RegCopy "HKLM\System\ControlSet001\Services\dot3svc" call RegCopy "HKLM\System\ControlSet001\Services\Eaphost" call RegCopy "HKLM\System\ControlSet001\Services\EventLog" call RegCopy "HKLM\System\ControlSet001\Services\EventSystem" call RegCopy "HKLM\System\ControlSet001\Services\fdPHost" call RegCopy "HKLM\System\ControlSet001\Services\FDResPub" call RegCopy "HKLM\System\ControlSet001\Services\FontCache" call RegCopy "HKLM\System\ControlSet001\Services\FrameServer" call RegCopy "HKLM\System\ControlSet001\Services\gpsvc" call RegCopy "HKLM\System\ControlSet001\Services\HfcDisableService" call RegCopy "HKLM\System\ControlSet001\Services\hidspi" call RegCopy "HKLM\System\ControlSet001\Services\HTTP" call RegCopy "HKLM\System\ControlSet001\Services\iaStorAC" call RegCopy "HKLM\System\ControlSet001\Services\iaStorAfs" call RegCopy "HKLM\System\ControlSet001\Services\iaStorAfsService" call RegCopy "HKLM\System\ControlSet001\Services\intelpep" call RegCopy "HKLM\System\ControlSet001\Services\IpFilterDriver" call RegCopy "HKLM\System\ControlSet001\Services\iphlpsvc" call RegCopy "HKLM\System\ControlSet001\Services\IPNAT" call RegCopy "HKLM\System\ControlSet001\Services\KeyIso" call RegCopy "HKLM\System\ControlSet001\Services\LanmanServer" call RegCopy "HKLM\System\ControlSet001\Services\LanmanWorkstation" call RegCopy "HKLM\System\ControlSet001\Services\lltdio" call RegCopy "HKLM\System\ControlSet001\Services\LPDSVC" call RegCopy "HKLM\System\ControlSet001\Services\monitor" call RegCopy "HKLM\System\ControlSet001\Services\mpssvc" call RegCopy "HKLM\System\ControlSet001\Services\MRxDAV" call RegCopy "HKLM\System\ControlSet001\Services\mrxsmb10" call RegCopy "HKLM\System\ControlSet001\Services\MsBridge" call RegCopy "HKLM\System\ControlSet001\Services\mshidumdf" call RegCopy "HKLM\System\ControlSet001\Services\MSiSCSI" call RegCopy "HKLM\System\ControlSet001\Services\MSKSSRV" call RegCopy "HKLM\System\ControlSet001\Services\MsLldp" call RegCopy "HKLM\System\ControlSet001\Services\MSPCLOCK" call RegCopy "HKLM\System\ControlSet001\Services\MSPQM" call RegCopy "HKLM\System\ControlSet001\Services\MSTEE" call RegCopy "HKLM\System\ControlSet001\Services\NcdAutoSetup" call RegCopy "HKLM\System\ControlSet001\Services\NdisCap" call RegCopy "HKLM\System\ControlSet001\Services\NdisImPlatform" call RegCopy "HKLM\System\ControlSet001\Services\NdisImPlatformMp" call RegCopy "HKLM\System\ControlSet001\Services\NdisVirtualBus" call RegCopy "HKLM\System\ControlSet001\Services\Netlogon" call RegCopy "HKLM\System\ControlSet001\Services\npsvctrig" call RegCopy "HKLM\System\ControlSet001\Services\PolicyAgent" call RegCopy "HKLM\System\ControlSet001\Services\ProfSvc" call RegCopy "HKLM\System\ControlSet001\Services\Ramdisk" call RegCopy "HKLM\System\ControlSet001\Services\RasAuto" call RegCopy "HKLM\System\ControlSet001\Services\RasMan" call RegCopy "HKLM\System\ControlSet001\Services\rdpbus" call RegCopy "HKLM\System\ControlSet001\Services\RDPDR" call RegCopy "HKLM\System\ControlSet001\Services\RDPNP" call RegCopy "HKLM\System\ControlSet001\Services\RDPUDD" call RegCopy "HKLM\System\ControlSet001\Services\RdpVideoMiniport" call RegCopy "HKLM\System\ControlSet001\Services\RemoteAccess" call RegCopy "HKLM\System\ControlSet001\Services\rspndr" call RegCopy "HKLM\System\ControlSet001\Services\RstMwService" call RegCopy "HKLM\System\ControlSet001\Services\seclogon" call RegCopy "HKLM\System\ControlSet001\Services\SENS" call RegCopy "HKLM\System\ControlSet001\Services\SessionEnv" call RegCopy "HKLM\System\ControlSet001\Services\SharedAccess" call RegCopy "HKLM\System\ControlSet001\Services\ShellHWDetection" call RegCopy "HKLM\System\ControlSet001\Services\smbdirect" call RegCopy "HKLM\System\ControlSet001\Services\Spooler" call RegCopy "HKLM\System\ControlSet001\Services\SSDPSRV" call RegCopy "HKLM\System\ControlSet001\Services\SstpSvc" call RegCopy "HKLM\System\ControlSet001\Services\stisvc" call RegCopy "HKLM\System\ControlSet001\Services\swprv" call RegCopy "HKLM\System\ControlSet001\Services\TsUsbGD" call RegCopy "HKLM\System\ControlSet001\Services\tsusbhub" call RegCopy "HKLM\System\ControlSet001\Services\tunnel" call RegCopy "HKLM\System\ControlSet001\Services\UcmCx0101" call RegCopy "HKLM\System\ControlSet001\Services\UcmTcpciCx0101" call RegCopy "HKLM\System\ControlSet001\Services\UcmUcsiAcpiClient" call RegCopy "HKLM\System\ControlSet001\Services\UcmUcsiCx0101" call RegCopy "HKLM\System\ControlSet001\Services\UmRdpService" call RegCopy "HKLM\System\ControlSet001\Services\upnphost" call RegCopy "HKLM\System\ControlSet001\Services\usbaudio2" call RegCopy "HKLM\System\ControlSet001\Services\usbcir" call RegCopy "HKLM\System\ControlSet001\Services\usbehci" call RegCopy "HKLM\System\ControlSet001\Services\usbprint" call RegCopy "HKLM\System\ControlSet001\Services\UserManager" call RegCopy "HKLM\System\ControlSet001\Services\vmbus" call RegCopy "HKLM\System\ControlSet001\Services\W32Time" call RegCopy "HKLM\System\ControlSet001\Services\wcncsvc" call RegCopy "HKLM\System\ControlSet001\Services\WdmCompanionFilter" call RegCopy "HKLM\System\ControlSet001\Services\WebClient" call RegCopy "HKLM\System\ControlSet001\Services\WerSvc" call RegCopy "HKLM\System\ControlSet001\Services\Winsock" call RegCopy "HKLM\System\ControlSet001\Services\WinSock2" call RegCopy "HKLM\System\ControlSet001\Services\WlanSvc" call RegCopy "HKLM\System\ControlSet001\Services\wmiApSrv" call RegCopy "HKLM\System\ControlSet001\Services\WMPNetworkSvc" call RegCopy "HKLM\System\ControlSet001\Services\WudfPf" call RegCopy "HKLM\System\ControlSet001\Services\WUDFWpdFs" |
2010hook 发表于 2023-11-5 21:02 怎么补? |
学习了 |
学习学习 |
smine 发表于 2023-11-4 20:25 请教老大,PE下运行VBS脚本文件的话,补充以下文件,是否足够: "Program Files"\"Common Files"\System\ado\msado15.dll Windows\System32\vbscript.dll Windows\System32\zh-CN\vbscript.dll.mui |
2010hook 发表于 2023-11-5 21:02 这个正常系统里,也是没有属性的 |
我想起来了,是缺少用户变量注册表值! |
smine 发表于 2023-11-4 20:25 这2天还碰到一个奇怪的事情,制作PE相同的方案,简体中文版可以实现system与admin双用户任意切换,但繁体中文版与英文版PE,死活不行,文件列表都几乎一样,也就是语言包的文件夹名称不一样,zh-cn、zh-tw、en-us的区别,咋就不行,很是奇怪!!! 启动到system都正常,但繁体版与英文版切换到admin就进不了桌面,黑屏显示,鼠标一直闪! |
smine 发表于 2023-11-4 20:25 哦 谢谢 那只能暂时搁置 |
martin313 发表于 2023-11-4 16:20 你这个快捷方式的目标很奇怪,暂时没有好办法 |
谢谢 快捷键文件也上传了:https://www.123pan.com/s/jKNSVv-FPutv.html |
我晚上看看 |
选择创建快捷方式,把创建好的快捷方式文件发出来 |
本帖最后由 martin313 于 2023-11-3 20:00 编辑 用以下方法,也不行: 用管理员取得administrator文件夹的所有权 新建记事本文件输入以下内容 并把文件后缀改成 .reg 然后双击 确定 Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\runas] @="管理员取得所有权" "NoWorkingDirectory"=""[HKEY_CLASSES_ROOT\*\shell\runas\command] @="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F" "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"[HKEY_CLASSES_ROOT\exefile\shell\runas2] @="管理员取得所有权" |
Powered by Discuz! X3.3
© 2001-2017 Comsenz Inc.