RunScanner 2.0.0.0 ( includes x86 / x64 verisons )

http://wb.paraglidernc.com/Scripts/Runscanner2.script

Has both x86 and x64 versions.

X64 version requires 64 bit versions of vista or later. Currently does not support injection of the redirection dll into windows services.

7z files containing program / dlls will be downloaded and extracted during the project build or when the download button on the script is clicked.

Details:

http://wb.paraglidernc.com/Scripts/Runscanner2.htm

Well, that is very good news, congratulations on the new release!
 

Great, good news 
Finally you managed to do it without the MS detours package and the tiny $10000 license fee 

I would personally attached runscanner2.0.0.0.7z, it is light enough, to avoid downloaded at build time,
but Versions.ini to get your latest version is well too.

In Main_Both section, this should be enough

Code: [Select]

Run,%ScriptFile%,ExtractFiles,%Target_Sys%
Run,%ScriptFile%,CreateShortcuts,#$pSystemRoot#$p\System32
Run,%ScriptFile%,ExtractFiles,%Target_Prog%\%ProgramFolder%
//Run,%ScriptFile%,CreateShortcuts,%PE_Programs%\%ProgramFolder%
If,ExistSection,%projectdir%\script.project,VariablesWimPack,Run,%ScriptFile%,WIMPackExcludeList

However, I wonder if it would not be good to have both 32/64 bits versions available in x64 PE !?
If,%SourceArch%,Equal,x64,If,%TargetWOW64%,Equal,x86,...

Great, good news 
Finally you managed to do it without the MS detours package and the tiny $10000 license fee 

Chris wrote all,
Thanks Paraglider   

I would personally attached runscanner2.0.0.0.7z, it is light enough, to avoid downloaded at build time,
but Versions.ini to get your latest version is well too.

me too,

I combined all ideas (known from other plugins) to RunScanner 2 plugin and updated to v3 on servers.
ps: update Macro Library v42r148

at the bottom, there is "Use Packed" and "Use Downloaded" ("Use Packed" selected default)

When "Use Downloaded" selected with "Updated Latest" enabled, version.ini check during process, following paraglider's plugin design.

Also buttons 

Also updated a set of things with %OsFamily% , x86 - x64 etc.

Hopefully all combine Paraglider's plugin design and other things.


*
On special cases
ex: Arch,x64|x86 plugins where x86 also can be added optionally
I use this logic and update on plugins during updates.

Code: [Select]

If,Not,%SourceArch%,Equal,x86,Begin
If,%TargetWOW64%,Equal,x86,Begin
...
End
End

which to me fits better to ms logic + avoiding double if .


*

However, I wonder if it would not be good to have both 32/64 bits versions available in x64 PE !?

I follow paraglider's design to fit 32 to 32, 64 to 64  .... (+ NT5 32 to 64-wow64)
 as far as I know there is no 32bit application that use runscanner directly,
  still if there is such requirement, one day on a topic - post , we can follow easily.

On a Windows 10 laptop, with "Remote Regedit" (Win8.1SE x86 and x64) after selecting C:\Windows i get:


fuwi

What is the file version of c:\windows\system32\ntdll.dll?

c:\windows\system32\config has to contain: SYSTEM, DEFAULT, SOFTWARE, SAM, SECURITY registry hives files.

Please verify the files from within win8.1 pe se.

Think its a file permission problem with win8.1 pe se. I could not get the file version of ntdll.dll even with explorer. If I switch to win 10 pe se then it works fine.

Think its a file permission problem with win8.1 pe se. I could not get the file version of ntdll.dll even with explorer. If I switch to win 10 pe se then it works fine.

Copy ntdll.dll elsewhere (ex: %Temp%) and try to get file version.

Well this is what I did on plugin via Macro Library when we could not get ntdll.dll and dism.exe version from host.

You can't copy the file either.

Maybe related,
Win81SE uses admin login,
Win10PESE have admin login feature,
and probably same trouble may happen on a "Portable WinX" with an Admin login ???

so maybe you need something like nircmd do,
http://www.nirsoft.net/utils/nircmd.html
nircmd.exe elevatecmd runassystem

Maybe you or fuwi can test to "nircmd.exe elevatecmd runassystem" with runscanner ??




*
with nircmd.exe there are some troubles, as far as I remember recently:
It can not work on system user (no fallback to regular execute if login is system)
It can not use parameters.

I guess both can be workarounded, It would be nice without workaround, I had informed Nir Sofer....

for now to workaround, I use 2 shortcuts on another plugin, see \Apps\File Tasks\"Total Commander" plugin.

If above works with nircmd,
If you can add runscanner feature to run as system on a non system login, it would be best solution I guess.

Tried with runassystem / run as TrustedInstaller. Tried RawCopy. Cannot access any files in win10 system32 from win8.1 pe se. Win10 pe se works fine.

Really bad... 

But there must exist a method for copying files from Win10 System32 in Win8.1PESE.
Diskimagers are able to do this. Personally i use Macrium Reflect Free in Win8.1PESE without problems.

fuwi

Hi paraglider,

Thanks for version two of this great tool 
Just wonder what hooking engine do you use for x64?


About problems with file access.

Win81.SE (Amin login) should have read only access
Win8.1 PE SE should have not problem at all.

But cause you mention Windows 10, could it be that the new system compression is set on these files.
If so than the WofADK driver is missing.
I think we should add it to the older SE projects.

I use Deviare In-Process : http://www.nektra.com/products/deviare-api-hook-windows/deviare-in-process/ for hooking api.

But cause you mention Windows 10, could it be that the new system compression is set on these files.
If so than the WofADK driver is missing.
I think we should add it to the older SE projects.

Today i made a test with Win7PESE on my Win 10 Laptop.
Same problems with accessing files in c:\Windows\system32, like in Win8.1PESE.
It seems, all microsoft files in c:\Windows\* are affected, third party files are not.
And all projects < Win10PESE are affected.

So what is this WofADK driver? Is there a WinBuilder plugin for it?

fuwi

WofADK.sys is a driver that comes with latest ADK.
It is equal to the wof.sys driver of Windows 10 and allow Windows 7 and 8.x to handle WIMBoot and CompactOS backed files.

There is no plugin, yet. But it's really simple to add.

copy wofadk.sys to your PE's system32\drivers folder
apply the following registry file

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\PE-SYS\ControlSet001\services\WofAdk]
"DebugFlags"=dword:00000000
"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
"Discription"="WofAdk Mini-Filter Driver"
"DisplayName"="WofAdk"
"ErrorControl"=dword:00000001
"Group"="FSFilter Compression"
"AutoAttach"=dword:00000001
"Start"=dword:00000000
"SupportedFeatures"=dword:00000003
"Tag"=dword:00000002
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\PE-SYS\ControlSet001\services\WofAdk\Instances]
"DefaultInstance"="WofAdk Instance"

[HKEY_LOCAL_MACHINE\PE-SYS\ControlSet001\services\WofAdk\Instances\WofAdk Instance]
"Altitude"="40730"
"Flags"=dword:00000000

Thanks. That worked for me on both winh8.1 pe x86 / x64. I created this script:

Code: [Select]

[Main]
Title=WofAdk
Type=script
Selected=True
Level=5
Author=Paraglider
Credits=Paraglider

[Variables]

[Process]
Arch,x86|x64

Run,%ScriptFile%,SourceDisksFiles
Run,%ScriptFile%,SetupReg.AddReg

[SetupReg.AddReg]
Echo,"Updating System Registry"
RegHiveLoad,Tmp_System,%RegSystem%
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","DebugFlags","0"
RegWrite,HKLM,0x7,"Tmp_System\ControlSet001\services\WofAdk","DependOnService","FltMgr"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk","Discription","WofAdk Mini-Filter Driver"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk","DisplayName","WofAdk"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","ErrorControl","1"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk","Group","FSFilter Compression"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","AutoAttach","1"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","Start","0"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","SupportedFeatures","3"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","Tag","2"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk","Type","2"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk\Instances","DefaultInstance","WofAdk Instance"
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\WofAdk\Instances\WofAdk Instance","Altitude","40730"
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\WofAdk\Instances\WofAdk Instance","Flags","0"
RegHiveUnload,Tmp_System


[SourceDisksFiles]
Echo,"Copying files.."
FileCopy,%ScriptDir%\%SourceArch%\wofadk.sys,%target_sys%\Drivers

Create folders x86 / x64 in the script directory and copy x86 / x64 wofadk.sys from w10 adk to those subfolders.

So everything's working now? That's more good news! 

JFX: thanks for providing the solution, Paraglider: thanks for the scripts!