« previous next »
Pages: 1 ... 27 28 [29] 30 31 ... 81

Topic: Win10XPE Project General Discussions  (Read 107254 times)

Re: Win10XPE Project General Discussions
« Reply #560 on: January 17, 2019, 09:14:13 PM »

James

  • Grand Chef
  • *****
  • Location: USA
  • Date Registered: Dec 2017
  • Posts: 2272
Yes the check is needed - to set plugin to use x64 program version and settings..
Otherwise x86 would be the default program settings..

Quote
If yes. Even though you get a warning does it still process the script and add it.
I assume you referring to WOWSupport warning...

If app is x86/x64 the WOWsupport warning can be removed...
if app x86 only then on x64 build WOWSupport would be required and thus the warning..

Did you have such a case with a recent plugin???
« Last Edit: January 17, 2019, 09:20:18 PM by James »
Re: Win10XPE Project General Discussions
« Reply #561 on: January 17, 2019, 09:43:57 PM »

cretino

  • Chef
  • ***
  • Date Registered: Jan 2018
  • Posts: 240
hi James

Quote
If anyone else can also confirm USB/RAM results...
Test works with RAM Option ,with a disadvantage:
if your win10XPE is 32BIT and your Host OS iS 64BIT  it will stop with this error:

Code: [Select]
the media you're attemping to run is 32-bit operating system and isnt compatible with the 64-bit operating system on this pc ... erroe code : 0x8004cc06

edit

tested with MacBook Pro pc it give this error:
Code: [Select]
This app can't be started.
Error: Unable to detect a Windows system drive. This could be due to missing drivers, an encrypted drive, or a corrupted Windows installation.
Error Code: 0x8004cc01

« Last Edit: January 17, 2019, 10:15:28 PM by cretino »
Re: Win10XPE Project General Discussions
« Reply #562 on: January 17, 2019, 11:49:56 PM »

James

  • Grand Chef
  • *****
  • Location: USA
  • Date Registered: Dec 2017
  • Posts: 2272
Another Disadvantage I found while testing - is x64 Version does not list the x86 OS on Host...
Windows Defender Offline is clearly meant to be triggered by Host OS to Scan That Host OS..
When Windows Defender is launched from within PE it looks for installed Windows Versions
and then WDO Uses The Definition Files from that selected windows version to complete the scan..

Here Is Version 002
Removed "Run From USB" Option
Added "Prefer x86 Program Files On x64 WinPE Build"
MS Windows Defender Offline

Please Provide Additional Feedback..
« Last Edit: January 18, 2019, 02:51:00 AM by James, Reason: link posted for attachment »
Re: Win10XPE Project General Discussions
« Reply #563 on: January 21, 2019, 09:21:56 AM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
I found this script not sure where. is it possible that we can get event log working in PE?
Code: [Select]
[main]
Title=Event Log
Description=Windows Event Log
Selected=False
Level=5
Version=1
NoWarning=False
Author=lqbweb
Download_Level=2
Type=CodeCheckerPlugin

[variables]
// Run,%ScriptFile%,Add_Registry

[Process]
FileCreateBlank,%GTarget%\windows\system32\startEventLogger.cmd,NOWARN
TXTaddLine,%GTarget%\windows\system32\startEventLogger.cmd,"@echo off",Append
TXTaddLine,%GTarget%\windows\system32\startEventLogger.cmd,"reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT /f",Append
TXTaddLine,%GTarget%\windows\system32\startEventLogger.cmd,"net start eventlog",Append
TXTaddLine,%GTarget%\windows\system32\startEventLogger.cmd,"powershell -command #$qStart-Sleep -s 2#$q ",Append
TXTaddLine,%GTarget%\windows\system32\startEventLogger.cmd,"reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT",Append
If,EXISTFILE,%GTarget%\windows\system32\start.cmd,Else,FileCreateBlank,%GTarget%\windows\system32\start.cmd,NOWARN
TXTaddLine,%GTarget%\windows\system32\start.cmd,"call startEventLogger.cmd",Append
DirMake,%GTarget%\windows\system32\winevt\Logs
\Windows\System32\"eventvwr.msc"
RegHiveLoad,Tmp_Software,%RegSoftware%
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},Type,"Microsoft.EventViewer.SnapIn.EventViewerSnapIn, EventViewer, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},ApplicationBase,C:\Windows\system32\
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},NameString,"Event Viewer"
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},Description,"Displays monitoring and troubleshooting messages from windows and other programs."
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},ModuleName,EventViewer.dll
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},AssemblyName,EventViewer
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},RuntimeVersion,v2.0.40607
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},FxVersion,2.0.0.2
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},HelpTopic,C:\Windows\Help\eventviewer.chm
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},LinkedHelpTopics,C:\Windows\Help\eventviewer.chm
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},About,{00000000-0000-0000-0000-000000000000}
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},NameStringIndirect,"@C:\Windows\system32\miguiresource.dll,-101"
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},DescriptionStringIndirect,"@C:\Windows\system32\miguiresource.dll,-102"
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},ProviderStringIndirect,"@C:\Windows\system32\miguiresource.dll,-103"
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},VersionStringIndirect,"@C:\Windows\system32\miguiresource.dll,-104"
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},IconIndirect,"@C:\Windows\system32\miguiresource.dll,-500"
RegWrite,HKLM,0x4,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},FolderBitmapsColorMask,16711935
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},LargeFolderBitmapIndirect,"@C:\Windows\system32\miguiresource.dll,-501"
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},SmallFolderBitmapIndirect,"@C:\Windows\system32\miguiresource.dll,-502"
RegWrite,HKLM,0x2,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510},SmallSelectedFolderBitmapIndirect,"@C:\Windows\system32\miguiresource.dll,-503"
RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\NodeTypes\{33F2C345-BF11-41b6-90DA-4FB4963EA4E2},,"Classic Viewer Root Node"
If,%version%,Smaller,80,RegWrite,HKLM,0x1,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\Standalone
Else,RegWrite,HKLM,0x0,Tmp_Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\Standalone
RegHiveUnLoad,Tmp_Software
RegHiveLoad,Tmp_System,%RegSystem%
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog,ServiceDll,#$pSystemRoot#$p\System32\wevtsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog,ServiceMain,ServiceMain
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog,PlugPlayServiceType,3
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog,ServiceDllUnloadOnStop,1
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog,DisplayName,"@#$pSystemRoot#$p\system32\wevtsvc.dll,-200"
RegWrite,HKLM,0x7,Tmp_System\ControlSet001\Services\eventlog,DependOnService
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog,Group,"Event Log"
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog,ImagePath,"#$pSystemRoot#$p\System32\svchost.exe -k LocalServiceNetworkRestricted"
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog,Description,"@#$pSystemRoot#$p\system32\wevtsvc.dll,-201"
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog,ObjectName,"NT AUTHORITY\LocalService"
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog,ErrorControl,1
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog,Start,3
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog,Type,32
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog,ServiceSidType,1
RegWrite,HKLM,0x7,Tmp_System\ControlSet001\services\eventlog,RequiredPrivileges,SeChangeNotifyPrivilege,SeImpersonatePrivilege
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog,FailureActionsOnNonCrashFailures,1
RegWrite,HKLM,0x3,Tmp_System\ControlSet001\services\eventlog,FailureActions,80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application,DisplayNameFile,#$pSystemRoot#$p\system32\wevtapi.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application,DisplayNameID,256
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application,PrimaryModule,Application
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application,File,#$pSystemRoot#$p\system32\winevt\Logs\Application.evtx
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application,MaxSize,20971520
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application,Retention,0
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application,RestrictGuestAccess,1
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\.NET Runtime",TypesSupported,7
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\eventlog\Application\.NET Runtime",EventMessageFile,X:\Windows\system32\mscoree.dll
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\.NET Runtime Optimization Service",TypesSupported,7
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\eventlog\Application\.NET Runtime Optimization Service",EventMessageFile,X:\Windows\system32\mscoree.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Application,CategoryCount,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Application,CategoryMessageFile,#$pSystemRoot#$p\system32\wevtapi.dll
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Application Error",EventMessageFile,#$pSystemRoot#$p\System32\wer.dll
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\Application Error",TypesSupported,7
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Application Error",CategoryMessageFile,#$pSystemRoot#$p\System32\wer.dll
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\Application Error",CategoryCount,1
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\CertCli,ProviderGuid,{98BF1CD3-583E-4926-95EE-A61BF3F46470}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\CertEnroll,ProviderGuid,{54164045-7C50-4905-963F-E5BC1EEF0CCA}
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Chkdsk,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Chkdsk,EventMessageFile,#$pSystemRoot#$p\System32\ulib.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\COM,providerGuid,{bf406804-6afa-46e7-8a48-6c357e1d6d61}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\COM+,providerGuid,{0f177893-4a9c-4709-b921-f432d67f43d5}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Customer Experience Improvement Program",providerGuid,{A402FE09-DA6E-45F2-82AF-3CB37170EE0C}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Desktop Window Manager",EventMessageFile,#$pSystemRoot#$p\system32\dwm.exe
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\Desktop Window Manager",TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\EventSystem,providerGuid,{899daace-4868-4295-afcd-9eb8fb497561}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Group Policy",EventMessageFile,#$pSystemRoot#$p\System32\gpapi.dll
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\Group Policy",TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\LoadPerf,ProviderGuid,{122EE297-BB47-41AE-B265-1CA8D1886D40}
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure,ProviderGuid,{5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure,EventMessageFile,#$pSystemRoot#$p\system32\apphelp.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-AxInstallService,ProviderGuid,{dab3b18c-3c0f-43e8-80b1-e44bc0dad901}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-AxInstallService,EventMessageFile,#$pSystemRoot#$p\System32\AxInstSv.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-CAPI2,ProviderGuid,{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-CAPI2,EventMessageFile,#$pSystemRoot#$p\System32\crypt32.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli,ProviderGuid,{98bf1cd3-583e-4926-95ee-a61bf3f46470}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli,EventMessageFile,#$pSystemRoot#$p\system32\certcli.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-Crypto-RNG,providerGuid,{54d5ac20-e14f-4fda-92da-ebf7556ff176}
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-Defrag,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-Defrag,EventMessageFile,#$psystemroot#$p\system32\defragsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-DirectShow-Core,ProviderGuid,{968f313b-097f-4e09-9cdd-bc62692d138b}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-DirectShow-Core,EventMessageFile,#$pSystemRoot#$p\system32\quartz.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-DirectShow-KernelSupport,ProviderGuid,{3cc2d4af-da5e-4ed4-bcbe-3cf995940483}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-DirectShow-KernelSupport,EventMessageFile,ksproxy.ax
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-EapHost,ProviderGuid,{6eb8db94-fe96-443f-a366-5fe0cee7fb1c}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-EapHost,EventMessageFile,#$psystemroot#$p\system32\eapsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-EventCollector,ProviderGuid,{b977cf02-76f6-df84-cc1a-6a4b232322b6}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-EventCollector,EventMessageFile,#$pSystemRoot#$p\system32\wecsvc.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-propsys,ProviderGuid,{9485FA1E-23CD-49A1-84E3-11D8BC550CB7}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-propsys,EventMessageFile,#$pSystemRoot#$p\system32\propsys.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-propsys,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-RestartManager,ProviderGuid,{0888e5ef-9b98-4695-979d-e92ce4247224}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-RestartManager,EventMessageFile,#$pSystemRoot#$p\System32\RstrtMgr.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-RPC-Events,ProviderGuid,{f4aed7c7-a898-4627-b053-44a7caa12fcd}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-RPC-Events,EventMessageFile,#$pSystemRoot#$p\system32\rpcrt4.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies,ProviderGuid,{7d29d58a-931a-40ac-8743-48c733045548}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies,EventMessageFile,#$pSystemRoot#$p\system32\advapi32.dll
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-User Profiles General",ProviderGuid,{db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-User Profiles General",EventMessageFile,#$pSystemRoot#$p\System32\userenv.dll
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-User Profiles Service",ProviderGuid,{89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-User Profiles Service",EventMessageFile,#$pSystemRoot#$p\System32\profsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-WBioSrvc,providerGuid,{A0E3D8EA-C34F-4419-A1DB-90435B8B21D0}
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-Winsrv,ProviderGuid,{9d55b53d-449b-4824-a637-24f9d69aa02f}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Microsoft-Windows-Winsrv,EventMessageFile,#$pSystemRoot#$p\system32\winsrv.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\MSDTC,providerGuid,{719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\MSDTC 2",providerGuid,{5D9E0020-3761-4f36-90C8-38CE6511BD12}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\MSDTC Client",providerGuid,{7A67066E-193F-4D3A-82D3-322FEE5259DE}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\MSDTC Client 2",providerGuid,{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\MsiInstaller,EventMessageFile,X:\Windows\system32\msimsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\MsiInstaller,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\PDH,ProviderGuid,{04D66358-C4A1-419B-8023-23B73902DE2C}
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Process Exit Monitor",providerGuid,{FD771D53-8492-4057-8E35-8C02813AF49B}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Profsvc,EventMessageFile,#$pSystemRoot#$p\System32\profsvc.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Profsvc,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Profsvc,ProviderGuid,{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\RasClient,EventMessageFile,#$pSystemRoot#$p\System32\mprmsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\RasClient,TypesSupported,31
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\SceCli,EventMessageFile,#$pSystemRoot#$p\System32\scecli.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\SceCli,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\SceSrv,EventMessageFile,#$pSystemRoot#$p\System32\scesrv.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\SceSrv,TypesSupported,7
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\SecurityCenter,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\SecurityCenter,EventMessageFile,#$pSystemRoot#$p\System32\wscsvc.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\SideBySide,EventMessageFile,#$pSystemRoot#$p\System32\sxs.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\SideBySide,TypesSupported,7
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Standard TCP/IP Port",ProviderGuid,{CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Userenv,EventMessageFile,#$pSystemRoot#$p\System32\userenv.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Userenv,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Userenv,ProviderGuid,{DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\VBRuntime,EventMessageFile,X:\Windows\system32\msvbvm60.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\VBRuntime,TypesSupported,4
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\vmtools,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\vmtools,EventMessageFile,"X:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Application\Windows Error Reporting",EventMessageFile,#$pSystemRoot#$p\System32\wer.dll
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\Windows Error Reporting",TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Wininit,EventMessageFile,#$pSystemRoot#$p\System32\wininit.exe
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Wininit,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Wininit,providerGuid,{206f6dea-d3c5-4d10-bc72-989f03c8b84b}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Winlogon,EventMessageFile,#$pSystemRoot#$p\System32\winlogon.exe
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Winlogon,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Winlogon,providerGuid,{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\WinMgmt,ProviderGuid,{1edeee53-0afe-4609-b846-d8c0b2075b1f}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\Wlclntfy,EventMessageFile,#$pSystemRoot#$p\System32\winlogon.exe
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\Wlclntfy,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Application\Wlclntfy,providerGuid,{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Application\WMI.NET Provider Extension",TypesSupported,7
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\eventlog\Application\WMI.NET Provider Extension",EventMessageFile,X:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Application\WSH,EventMessageFile,#$pSystemRoot#$p\System32\wshext.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Application\WSH,TypesSupported,31
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\HardwareEvents,DisplayNameFile,#$pSystemRoot#$p\system32\wecsvc.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\HardwareEvents,DisplayNameID,256
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\HardwareEvents,File,#$psystemroot#$p\system32\winevt\logs\HardwareEvents.evtx
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\HardwareEvents,MaxSize,20971520
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\HardwareEvents,Retention,0
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\eventlog\Internet Explorer",CustomSD,O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW)
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Security,DisplayNameFile,#$pSystemRoot#$p\system32\wevtapi.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security,DisplayNameID,257
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security,Isolation,2
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Security,PrimaryModule,Security
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Security,File,#$pSystemRoot#$p\System32\winevt\Logs\Security.evtx
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security,MaxSize,20971520
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security,Retention,0
RegWrite,HKLM,0x3,Tmp_System\ControlSet001\services\eventlog\Security,Security,01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,44,00,00,00,02,00,30,00,02,00,00,00,02,40,14,00,72,01,0d,00,01,01,00,00,00,00,00,01,00,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security,RestrictGuestAccess,1
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\Security\Microsoft-Windows-Eventlog,ProviderGuid,{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Security\Microsoft-Windows-Eventlog,EventMessageFile,#$pSystemRoot#$p\System32\wevtsvc.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security,CategoryCount,9
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Security\Security,CategoryMessageFile,#$pSystemRoot#$p\System32\MsAuditE.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Security\Security,EventMessageFile,#$pSystemRoot#$p\System32\MsAuditE.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\Security\Security,ParameterMessageFile,#$pSystemRoot#$p\System32\MsObjs.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security,TypesSupported,28
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Channel,5120
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Desktop,6672
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Device,4352
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Directory,4368
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Event,4384
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,EventPair,4400
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,File,4416
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,IoCompletion,4864
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Job,5136
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Key,4432
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,KeyedEvent,5696
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,MailSlot,4416
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Mutant,4448
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,NamedPipe,4416
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Port,4464
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Process,4480
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Profile,4496
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Section,4512
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Semaphore,4528
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,SymbolicLink,4544
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Thread,4560
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Timer,4576
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Token,4592
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,Type,4608
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,WaitablePort,4464
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,"ALPC Port",4464
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,WindowStation,6656
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\Security\Security\ObjectNames,"WMI Namespace",16896
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\Security\Security Account Manager",ParameterMessageFile,#$pSystemRoot#$p\System32\MsObjs.dll
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Security\Security Account Manager\ObjectNames",SAM_ALIAS,5424
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Security\Security Account Manager\ObjectNames",SAM_DOMAIN,5392
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Security\Security Account Manager\ObjectNames",SAM_GROUP,5408
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Security\Security Account Manager\ObjectNames",SAM_SERVER,5376
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\Security\Security Account Manager\ObjectNames",SAM_USER,5440
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System,DisplayNameFile,#$pSystemRoot#$p\system32\wevtapi.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System,DisplayNameID,258
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System,PrimaryModule,System
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System,File,#$pSystemRoot#$p\system32\winevt\Logs\System.evtx
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System,MaxSize,20971520
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System,Retention,0
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System,RestrictGuestAccess,1
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\ACPI,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\Drivers\acpi.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\ACPI,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\adp94xx,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\adp94xx,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\adpahci,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\adpahci,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\adpu320,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\adpu320,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\AeLookupSvc,EventMessageFile,#$pSystemRoot#$p\System32\aelupsvc.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\AeLookupSvc,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\aic78xx,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\aic78xx,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\AmdK8,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\amdk8.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\AmdK8,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\AmdPPM,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\amdppm.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\AmdPPM,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\amdsata,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\amdsata,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\amdsbs,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\amdsbs,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\amdxata,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\amdxata,TypesSupported,7
RegWrite,HKLM,0x2,"Tmp_System\ControlSet001\services\eventlog\System\Application Popup",EventMessageFile,#$pSystemRoot#$p\System32\ntdll.dll
RegWrite,HKLM,0x4,"Tmp_System\ControlSet001\services\eventlog\System\Application Popup",TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\arc,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\arc,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\arcsas,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\arcsas,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\AsyncMac,EventMessageFile,#$pSystemRoot#$p\System32\mprmsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\AsyncMac,TypesSupported,31
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\atapi,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\atapi,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\b06bdrv,eventmessagefile,#$pSystemRoot#$p\System32\iologmsg.dll;#$pSystemRoot#$p\System32\drivers\bxvbdx.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\b06bdrv,typessupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\beep,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\beep,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Bowser,EventMessageFile,#$psystemroot#$p\system32\netevent.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Bowser,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Browser,EventMessageFile,#$psystemroot#$p\system32\netevent.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Browser,TypesSupported,7
If,%version%,Smaller,80,RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\BthEnum
Else,RegWrite,HKLM,0x0,Tmp_System\ControlSet001\services\eventlog\System\BthEnum
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\BugCheck,providerGuid,{ABCE23E7-DE45-4366-8631-84FA6C525952}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\cdrom,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\cdrom,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\DCOM,providerGuid,{1B562E86-B7AA-4131-BADC-B6F3A001407E}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\DfsSvc,ProviderGuid,{7DA4FE0E-FD42-4708-9AA5-89B77A224885}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcp,providerGuid,{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcp,EventMessageFile,#$pSystemRoot#$p\System32\dhcpcore.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcp,ParameterMessageFile,#$pSystemRoot#$p\System32\kernel32.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcpv6,providerGuid,{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcpv6,EventMessageFile,#$pSystemRoot#$p\system32\dhcpcore6.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcpv6,ParameterMessageFile,#$pSystemRoot#$p\system32\kernelbase.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcp_QEC,EventMessageFile,#$pSystemroot#$p\System32\dhcpqec.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcp_QEC,ParameterMessageFile,#$pSystemroot#$p\System32\dhcpqec.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Dhcp_QEC,TypesSupported,31
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dhcp_QEC,providerGuid,{F6DA35CE-D312-41C8-9828-5A2E173C91B6}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\disk,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\disk,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Display,EventMessageFile,#$pSystemRoot#$p\System32\DispCI.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Display,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dnsapi,ParameterMessageFile,#$pSystemroot#$p\system32\kernel32.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dnsapi,EventMessageFile,#$pSystemroot#$p\system32\netevent.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Dnsapi,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dnscache,ParameterMessageFile,#$pSystemroot#$p\system32\kernel32.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Dnscache,EventMessageFile,#$pSystemroot#$p\system32\netevent.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Dnscache,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\E1G60,EventMessageFile,#$pSystemRoot#$p\System32\netevent.dll;#$pSystemRoot#$p\System32\drivers\E1G60I32.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\E1G60,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\ebdrv,eventmessagefile,#$pSystemRoot#$p\System32\iologmsg.dll;#$pSystemRoot#$p\System32\drivers\evbdx.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\ebdrv,typessupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\elxstor,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\elxstor,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\eventlog,EventMessageFile,#$pSystemRoot#$p\System32\netevent.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\eventlog,TypesSupported,7
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\exFAT,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\exFAT,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\FltMgr,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\FltMgr,EventMessageFile,#$pSystemRoot#$p\System32\drivers\fltmgr.sys;#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\fvevol,ProviderGuid,{651DF93B-5053-4D1E-94C5-F6E6D25908D0}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\HpSAMD,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\HpSAMD,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Http,ProviderGuid,{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\i8042prt,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\i8042prt.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\i8042prt,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\iaStorV,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\iaStorV.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\iaStorV,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\iirsp,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\iirsp,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\intelppm,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\intelppm.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\intelppm,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\IPMGM,providerGuid,{29D13147-1C2E-48EC-9994-E29DFE496EB3}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\IPMGM,EventMessageFile,#$pSystemRoot#$p\System32\rtm.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\IPMGM,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\IPMIDRV,EventMessageFile,#$pSystemRoot#$p\System32\drivers\ipmidrv.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\IPMIDRV,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\IPNATHLP,providerGuid,{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\IPRouterManager,providerGuid,{F2C628AE-D26C-4352-9C45-74754E1E2F9F}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\IPRouterManager,EventMessageFile,#$pSystemRoot#$p\System32\mprmsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\IPRouterManager,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\isapnp,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\isapnp.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\isapnp,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\iScsiPrt,EventMessageFile,#$pSystemRoot#$p\System32\iscsilog.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\iScsiPrt,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\kbdclass,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\kbdclass.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\kbdclass,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\kbdhid,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\kbdhid.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\kbdhid,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Kerberos,EventMessageFile,#$pSystemRoot#$p\System32\kerberos.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Kerberos,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Kerberos,ProviderGuid,{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\lltdio,EventMessageFile,#$pSystemRoot#$p\System32\netevent.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\lltdio,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\LmHosts,EventMessageFile,#$pSystemRoot#$p\System32\netevent.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\LmHosts,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\LsaSrv,ProviderGuid,{199fe037-2b82-40a9-82ac-e1d46c792b99}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\LsaSrv,EventMessageFile,#$pwindir#$p\System32\lsasrv.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\LSI_FC,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\LSI_FC,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\LSI_SAS,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\LSI_SAS,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\LSI_SAS2,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\LSI_SAS2,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\LSI_SCSI,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\LSI_SCSI,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\LSM,EventMessageFile,#$pSystemRoot#$p\system32\lsm.exe
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\LSM,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\LSM,providerGuid,{5d896912-022d-40aa-a3a8-4fa5515c76d7}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\megasas,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\megasas,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\MegaSR,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\MegaSR,TypesSupported,7
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DfsSvc,ProviderGuid,{7da4fe0e-fd42-4708-9aa5-89b77a224885}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DfsSvc,EventMessageFile,#$pSystemRoot#$p\system32\netevent.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Dhcp-Client,ProviderGuid,{15a7a4f8-0072-4eab-abad-f98a4d666aed}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Dhcp-Client,EventMessageFile,#$pSystemRoot#$p\system32\dhcpcore.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client,ProviderGuid,{f6da35ce-d312-41c8-9828-5a2e173c91b6}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client,EventMessageFile,#$pSystemroot#$p\system32\dhcpqec.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DHCPv6-Client,ProviderGuid,{6a1f2b00-6a90-4c38-95a5-5cab3b056778}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DHCPv6-Client,EventMessageFile,#$psystemroot#$p\system32\dhcpcore6.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Diagnostics-Networking,ProviderGuid,{36c23e18-0e66-11d9-bbeb-505054503030}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Diagnostics-Networking,EventMessageFile,#$pwindir#$p\system32\netdiagfx.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Directory-Services-SAM,ProviderGuid,{0d4fdc09-8c27-494a-bda0-505e4fd8adae}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Directory-Services-SAM,EventMessageFile,#$pSystemRoot#$p\System32\samsrv.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DiskDiagnostic,ProviderGuid,{e670a5a2-ce74-4ab4-9347-61b815319f4c}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DiskDiagnostic,EventMessageFile,#$pwindir#$p\system32\dfdts.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DNS-Client,ProviderGuid,{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DNS-Client,EventMessageFile,#$pSystemRoot#$p\system32\dnsapi.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode,ProviderGuid,{2e35aaeb-857f-4beb-a418-2e6c0e54d988}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode,EventMessageFile,#$pSystemRoot#$p\system32\WUDFPlatform.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv,ProviderGuid,{bd2d1dae-d678-4e10-9667-21cba2aa70c3}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv,EventMessageFile,#$pSystemRoot#$p\System32\EhStorAuthn.exe
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-EventCollector,ProviderGuid,{b977cf02-76f6-df84-cc1a-6a4b232322b6}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-EventCollector,EventMessageFile,#$pSystemRoot#$p\system32\wecsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Eventlog,ProviderGuid,{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Eventlog,EventMessageFile,#$pSystemRoot#$p\System32\wevtsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap,ProviderGuid,{6b93bf66-a922-4c11-a617-cf60d95c133d}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap,EventMessageFile,#$pSystemRoot#$p\system32\fthsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-FilterManager,ProviderGuid,{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-FilterManager,EventMessageFile,#$pSystemRoot#$p\system32\drivers\fltmgr.sys
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Firewall,ProviderGuid,{e595f735-b42a-494b-afcd-b68666945cd3}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Firewall,EventMessageFile,#$pSystemRoot#$p\system32\mpssvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-FMS,ProviderGuid,{dea07764-0790-44de-b9c4-49677b17174f}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-FMS,EventMessageFile,#$pSystemRoot#$p\system32\fms.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-FunctionDiscoveryHost,ProviderGuid,{538cbbad-4877-4eb2-b26e-7caee8f0f8cb}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-FunctionDiscoveryHost,EventMessageFile,#$pSystemRoot#$p\system32\fdphost.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-GroupPolicy,ProviderGuid,{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-GroupPolicy,EventMessageFile,#$psystemroot#$p\system32\gpsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-HAL,ProviderGuid,{63d1e632-95cc-4443-9312-af927761d52a}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-HAL,EventMessageFile,#$psystemroot#$p\system32\microsoft-windows-hal-events.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-HttpEvent,ProviderGuid,{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-HttpEvent,EventMessageFile,#$pSystemRoot#$p\system32\drivers\HTTP.SYS
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-IPBusEnum,ProviderGuid,{cd032e15-15ad-4da4-afc6-03bf83516195}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-IPBusEnum,EventMessageFile,#$psystemroot#$p\system32\ipbusenum.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Iphlpsvc,ProviderGuid,{66a5c15c-4f8e-4044-bf6e-71d896038977}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Iphlpsvc,EventMessageFile,#$pwindir#$p\system32\iphlpsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Boot,ProviderGuid,{15ca44ff-4d7a-4baa-bba5-0998955e531e}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Boot,EventMessageFile,#$pSystemRoot#$p\system32\advapi32.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-General,ProviderGuid,{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-General,EventMessageFile,#$pSystemRoot#$p\system32\advapi32.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-PnP,ProviderGuid,{9c205a39-1250-487d-abd7-e831c6290539}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-PnP,EventMessageFile,#$pSystemRoot#$p\system32\advapi32.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Power,ProviderGuid,{331c3b3a-2005-44c2-ac5e-77220c37d6b4}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Power,EventMessageFile,#$psystemroot#$p\system32\microsoft-windows-kernel-power-events.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Processor-Power,ProviderGuid,{0f67e49f-fe51-4e9f-b490-6f2948cc6027}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Processor-Power,EventMessageFile,#$psystemroot#$p\system32\microsoft-windows-kernel-processor-power-events.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Tm,ProviderGuid,{4cec9c95-a65f-4591-b5c4-30100e51d870}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-Tm,EventMessageFile,#$pSystemRoot#$p\system32\ktmw32.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-WHEA,ProviderGuid,{7b563579-53c8-44e7-8236-0f87b9fe6594}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Kernel-WHEA,EventMessageFile,#$pSystemRoot#$p\system32\PSHED.DLL
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-LanguagePackSetup,ProviderGuid,{7237fff9-a08a-4804-9c79-4a8704b70b87}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-LanguagePackSetup,EventMessageFile,#$pSystemRoot#$p\system32\lpksetup.exe
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results,ProviderGuid,{5f92bc59-248f-4111-86a9-e393e12c6139}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results,EventMessageFile,#$pSystemRoot#$p\System32\relpost.exe
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule,ProviderGuid,{73e9c9de-a148-41f7-b1db-4da051fdc327}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule,EventMessageFile,#$pSystemRoot#$p\System32\mdsched.exe
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Power-Troubleshooter,ProviderGuid,{cdc05e28-c449-49c6-b9d2-88cf761644df}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Power-Troubleshooter,EventMessageFile,#$psystemroot#$p\system32\pots.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-RasSstp,ProviderGuid,{6c260f2c-049a-43d8-bf4d-d350a4e6611a}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-RasSstp,EventMessageFile,#$pSystemRoot#$p\System32\sstpsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Recovery,ProviderGuid,{9e95e4d0-4cb4-4b5d-a936-c972d7d08d90}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Recovery,EventMessageFile,#$pSystemRoot#$p\system32\recovery.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Resource-Exhaustion-Detector,ProviderGuid,{9988748e-c2e8-4054-85f6-0c3e1cad2470}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Resource-Exhaustion-Detector,EventMessageFile,#$pSystemRoot#$p\system32\radardt.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-ResourcePublication,ProviderGuid,{74c2135f-cc76-45c3-879a-ef3bb1eeaf86}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-ResourcePublication,EventMessageFile,#$pSystemRoot#$p\system32\fdrespub.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-SCPNP,ProviderGuid,{9f650c63-9409-453c-a652-83d7185a2e83}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-SCPNP,EventMessageFile,#$pSystemRoot#$p\system32\certprop.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Servicing,EventMessageFile,#$pSystemRoot#$p\servicing\cbsmsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Servicing,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Servicing,ProviderGuid,{bd12f3b8-fc40-4a61-a307-b7a013a069c1}
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-StartupRepair,ProviderGuid,{c914f0df-835a-4a22-8c70-732c9a80c634}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-StartupRepair,EventMessageFile,#$pSystemRoot#$p\System32\reagent.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Subsys-SMSS,ProviderGuid,{43e63da5-41d1-4fbf-aded-1bbed98fdd1d}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Subsys-SMSS,EventMessageFile,#$pwindir#$p\system32\csrsrv.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TaskScheduler,ProviderGuid,{de7b24ea-73c8-4a09-985d-5bdadcfa9017}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TaskScheduler,EventMessageFile,#$pSystemRoot#$p\system32\schedsvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TBS,ProviderGuid,{51480c1a-90aa-416e-98fd-4c11f735349b}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TBS,EventMessageFile,#$pSystemRoot#$p\system32\tbssvc.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager,ProviderGuid,{5d896912-022d-40aa-a3a8-4fa5515c76d7}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager,EventMessageFile,#$pSystemRoot#$p\system32\lsm.exe
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager,ProviderGuid,{c76baa63-ae81-421c-b425-340b4b24157f}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager,EventMessageFile,#$pSystemRoot#$p\system32\termsrv.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Time-Service,ProviderGuid,{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Time-Service,EventMessageFile,#$pSystemRoot#$p\system32\w32time.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TPM-WMI,ProviderGuid,{7d5387b0-cbe0-11da-a94d-0800200c9a66}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-TPM-WMI,EventMessageFile,#$pSystemRoot#$p\system32\wbem\Win32_Tpm.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-UserPnp,ProviderGuid,{96f4a050-7e31-453c-88be-9634f4e02139}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-UserPnp,EventMessageFile,#$pSystemRoot#$p\system32\umpnpmgr.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-WHEA-Logger,ProviderGuid,{c26c4f3c-3f66-4e99-8f8a-39405cfed220}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-WHEA-Logger,EventMessageFile,#$psystemroot#$p\system32\whealogr.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-WindowsUpdateClient,ProviderGuid,{945a8954-c147-4acd-923f-40c45405a658}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-WindowsUpdateClient,EventMessageFile,#$psystemroot#$p\system32\wuaueng.dll
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Wininit,ProviderGuid,{206f6dea-d3c5-4d10-bc72-989f03c8b84b}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Wininit,EventMessageFile,#$pSystemRoot#$p\system32\wininit.exe
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Winlogon,ProviderGuid,{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-Winlogon,EventMessageFile,#$pSystemRoot#$p\system32\winlogon.exe
RegWrite,HKLM,0x1,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-WLAN-AutoConfig,ProviderGuid,{9580d7dd-0379-4658-9870-d5be7d52d6de}
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\Microsoft-Windows-WLAN-AutoConfig,EventMessageFile,#$pwindir#$p\system32\wlansvc.dll
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\mouclass,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\mouclass.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\mouclass,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\mouhid,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\mouhid.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\mouhid,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\mpio,EventMessageFile,#$pSystemRoot#$p\System32\IoLogMsg.dll;#$pSystemRoot#$p\System32\drivers\mpio.sys
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\mpio,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\mrxsmb,EventMessageFile,#$psystemroot#$p\system32\netevent.dll;#$psystemroot#$p\system32\iologmsg.dll
RegWrite,HKLM,0x4,Tmp_System\ControlSet001\services\eventlog\System\mrxsmb,TypesSupported,7
RegWrite,HKLM,0x2,Tmp_System\ControlSet001\services\eventlog\System\mrxsmb,ParameterMessageFile,#$pSystemRoot#$p\System32\kernel32.dll
RegWrite,HKLM,0x1,"Tmp_System\ControlSet001\services\eventlog\System\MSDTC Gateway",EventMessageFile,X:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
RegWrite,HKLM,0x1,"Tmp_Sys
« Last Edit: January 21, 2019, 01:54:16 PM by Bigbadmoshe »
Re: Win10XPE Project General Discussions
« Reply #564 on: January 21, 2019, 12:07:26 PM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Is it possible to do something like this?

Iniread,%ScriptDir%\MyPlugins\Apps\File Tasks\Q-Dir_XPE.Script,%Q-Dir%
If,%Q-Dir%,Equal,True, Begin
FileCopy,%GCustom%\Q-Dir\*.*,%Target_Prog%\Q-Dir
End
Re: Win10XPE Project General Discussions
« Reply #565 on: January 21, 2019, 01:00:46 PM »

James

  • Grand Chef
  • *****
  • Location: USA
  • Date Registered: Dec 2017
  • Posts: 2272
It appears that is all registry setting.
Would also assume there are going to be a lot of missing files...
and your suggested check for Qdir is not valid either..
Re: Win10XPE Project General Discussions
« Reply #566 on: January 21, 2019, 01:56:10 PM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Quote from: James on January 21, 2019, 01:00:46 PM
It appears that is all registry setting.
Would also assume there are going to be a lot of missing files...
and your suggested check for Qdir is not valid either..

Found a better way to check thanks.
Re: Win10XPE Project General Discussions
« Reply #567 on: January 22, 2019, 02:24:22 PM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
I am not sure why but even after replacing the files i get this message on auto build.

If i do pack and build iso it works fine.

[Warning] Wimlib Packing boot.wim image file return : 47
  [EchoExtended,"Error: boot.wim image file was not properly packaged.",Warn,,MessageError,,Halt]
Re: Win10XPE Project General Discussions
« Reply #568 on: January 22, 2019, 02:50:40 PM »

ChrisR

  • Moderator, XPE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 3494
I didn't encounter this error yet!
Error 47 corresponds to WIMLIB_ERR_OPEN or Failed to open a file.
Don't know, maybe try pausing in "Create ISO", just before capturing boot.wim

Code: [Select]
Wait,3
Echo,"Packing boot.wim image file, Be patient..."
//ShellExecute,Open,%GTools%\wimlib-imagex.exe,"capture #$q%GTarget%#$q #$q%GISO%\sources\boot.wim#$q #$q%ImageName%#$q #$q%ImageName%#$q --boot --flags=9 --compress=LZX --verbose"
If,%CompressMax_CheckBox%,Equal,True,ShellExecute,Open,cmd.exe,"/C Echo Packing boot.wim image file, Be patient...&Echo.&wimlib-imagex.exe capture #$q%GTarget%#$q #$q%GISO%\sources\boot.wim#$q #$q%ImageName%#$q #$q%ImageName%#$q --boot --flags=9 --compress=LZX --verbose",%GTools%
Else,ShellExecute,Open,cmd.exe,"/C Echo Packing boot.wim image file, Be patient...&Echo.&wimlib-imagex.exe capture #$q%GTarget%#$q #$q%GISO%\sources\boot.wim#$q #$q%ImageName%#$q #$q%ImageName%#$q --boot --flags=9 --compress=XPRESS --verbose",%GTools%
If,%ExitCode%,.....
Re: Win10XPE Project General Discussions
« Reply #569 on: January 23, 2019, 08:17:58 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 10350
Quote from: ChrisR on January 22, 2019, 02:50:40 PM
I didn't encounter this error yet!
neither do I.

On XPE case it seems 47 happens when packing
On SE case it seems 47 happens when extracting.
http://TheOven.org/index.php?topic=2708.0
http://TheOven.org/index.php?topic=2645.0

Is there a wimlib-imagex.exe errorlevel list ?
« Last Edit: January 23, 2019, 08:23:20 AM by Lancelot »
Re: Win10XPE Project General Discussions
« Reply #570 on: January 23, 2019, 01:11:58 PM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Quote from: Lancelot on January 23, 2019, 08:17:58 AM
Quote from: ChrisR on January 22, 2019, 02:50:40 PM
I didn't encounter this error yet!
neither do I.

On XPE case it seems 47 happens when packing
On SE case it seems 47 happens when extracting.
http://TheOven.org/index.php?topic=2708.0
http://TheOven.org/index.php?topic=2645.0

Is there a wimlib-imagex.exe errorlevel list ?

Code: [Select]
Wimlib Packing boot.wim image file return : 47
  [EchoExtended,"Error: boot.wim image file was not properly packaged.",Warn,,MessageError,,Halt]
 Run - Processing section: [MEchoExtended] From file: [%BaseDir%\Projects\Win10XPE\Macro.script]
 [Parameter] with parameters: [Error: boot.wim image file was not properly packaged.],[Warn],[],[MessageError],[],[Halt]
  [If,#3-,Equal,-,Set,#3,1]
 [Success] IF - [-] is equal to: [-] evaluated string: [If,#3-,Equal,-,Set,#3,1]
  [Set,#3,1]
 [Success] SetVar - Sucessfuly changed the value of [#3] to: [1]
  [If,#2-,Equal,-,Loop,%API%,MEchoExtended_Echo_Loop,1,#3,#1,#2,#3,#4,#5,#6,#7,#8,#9]
 [Ignore] IF - [warn-] is not equal to: [-] evaluated string: [If,#2-,Equal,-,Loop,%API%,MEchoExtended_Echo_Loop,1,#3,#1,#2,#3,#4,#5,#6,#7,#8,#9]
  [Else,Loop,%API%,MEchoExtended_Echo_LoopWarn,1,#3,#1,#2,#3,#4,#5,#6,#7,#8,#9]
 [Success] ELSE - executing command: [Loop,%API%,MEchoExtended_Echo_LoopWarn,1,#3,#1,#2,#3,#4,#5,#6,#7,#8,#9]
  [Loop,%API%,MEchoExtended_Echo_LoopWarn,1,#3,#1,#2,#3,#4,#5,#6,#7,#8,#9]
 Loop - Processing section: [MEchoExtended_Echo_LoopWarn] From file: [%BaseDir%\Projects\Win10XPE\Macro.script]
 [Parameter] with parameters: [1],[1],[Error: boot.wim image file was not properly packaged.],[Warn],[1],[MessageError],[],[Halt]
 Iteration - Processing section: [MEchoExtended_Echo_LoopWarn] in file: [%BaseDir%\Projects\Win10XPE\Macro.script]
       [Parameter] with parameters: [1] [Error: boot.wim image file was not properly packaged.],[Warn],[1],[MessageError],[],[Halt]
        [Echo,#1,#2]
      [Warning] Error: boot.wim image file was not properly packaged.
 Iteration - Processed section [MEchoExtended_Echo_LoopWarn] in file: [%BaseDir%\Projects\Win10XPE\Macro.script]
Error: boot.wim image file was not properly packaged.
 Run - Processed section [MEchoExtended] in file: [%BaseDir%\Projects\Win10XPE\Macro.script]
  [End]
  [//-]
  [Run,%ScriptFile%,CreateISO]
 Run - Processing section: [CreateISO] From file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
  [Echo,"Create ISO"]
  [If,Not,ExistFile,%GISO%\sources\boot.wim,EchoExtended,"boot.wim image was not found in ISO\sources source folder.#$x#$xThe project must be built beforehand.",Warn,,Message,,Halt]
  [StrFormat,SPLIT,%FallBackLanguage%,|,0,%NbLang%]
  [//-]
  [If,%IsoRoot_CheckBox%,Equal,True,Run,%ScriptFile%,IsoRootAdd]
  [If,Not,ExistFile,%GISO%\CDUsb.y,Begin]
  [FileCreateBlank,%GISO%\CDUsb.y]
  [TXTAddLine,%GISO%\CDUsb.y,"Flag File to mount CD/USB on drive Y:",Append]
  [End]
  [//-]
  [Run,%ScriptFile%,CheckISOBootFiles]
 Run - Processing section: [CheckISOBootFiles] From file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
  [Set,%ISOBootFilesOK%,Yes]
  [If,Not,ExistDir,%GISO%\boot,Set,%ISOBootFilesOK%,No]
  [If,Not,ExistDir,%GISO%\efi,Set,%ISOBootFilesOK%,No]
  [If,%ISOBootFilesOK%,Equal,Yes,Begin]
[Warning] Reference to undefined variable: [%ISOBootFilesOK%]
  [// In case of change of PressAnyKey_CheckBox]
  [If,%PressAnyKey_CheckBox%,Equal,True,Begin]
  [If,Not,ExistFile,%GISO%\boot\bootfix.bin,Set,%ISOBootFilesOK%,No]
  [End]
  [Else,Begin]
  [If,ExistFile,%GISO%\boot\bootfix.bin,Begin]
  [FileDelete,%GISO%\boot\bootfix.bin]
  [If,ExistFile,%GISO%\efi\microsoft\boot\efisys.bin,FileDelete,%GISO%\efi\microsoft\boot\efisys.bin]
  [End]
  [End]
  [If,Not,ExistFile,%GISO%\BOOTMGR,Set,%ISOBootFilesOK%,No]
  [If,Not,ExistFile,%GISO%\bootmgr.efi,Set,%ISOBootFilesOK%,No]
  [If,Not,ExistFile,%GISO%\boot\BCD,Set,%ISOBootFilesOK%,No]
  [If,Not,ExistFile,%GISO%\boot\boot.sdi,Set,%ISOBootFilesOK%,No]
  [If,Not,ExistFile,%GISO%\boot\etfsboot.com,Set,%ISOBootFilesOK%,No]
  [If,Not,ExistFile,%GISO%\efi\microsoft\boot\BCD,Set,%ISOBootFilesOK%,No]
  [If,Not,ExistFile,%GISO%\efi\microsoft\boot\efisys.bin,Set,%ISOBootFilesOK%,No]
  [If,%Architecture%,Equal,x64,Begin]
  [If,Not,ExistFile,%GISO%\efi\boot\bootx64.efi,Set,%ISOBootFilesOK%,No]
  [End]
  [Else,Begin]
  [If,Not,ExistFile,%GISO%\efi\boot\bootia32.efi,Set,%ISOBootFilesOK%,No]
  [End]
  [End]
 Run - Processed section [CheckISOBootFiles] in file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
  [If,%ISOBootFilesOK%,Equal,No,Begin]
[Warning] Reference to undefined variable: [%ISOBootFilesOK%]
  [Run,%ScriptFile%,CheckTargetBootFiles]
 Run - Processing section: [CheckTargetBootFiles] From file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
  [Set,%TargetBootFilesOK%,Yes]
  [If,Not,ExistDir,%GTarget_Win%\Boot,Set,%TargetBootFilesOK%,No]
  [If,%TargetBootFilesOK%,Equal,Yes,Begin]
[Warning] Reference to undefined variable: [%TargetBootFilesOK%]
  [If,Not,ExistFile,%GTarget_Win%\Boot\PCAT\bootmgr,Set,%TargetBootFilesOK%,No]
  [If,Not,ExistFile,%GTarget_Win%\Boot\EFI\bootmgr.efi,Set,%TargetBootFilesOK%,No]
  [If,Not,ExistFile,%GTarget_Win%\Boot\DVD\PCAT\bcd,Set,%TargetBootFilesOK%,No]
  [If,Not,ExistFile,%GTarget_Win%\Boot\DVD\PCAT\boot.sdi,Set,%TargetBootFilesOK%,No]
  [If,Not,ExistFile,%GTarget_Win%\Boot\DVD\PCAT\etfsboot.com,Set,%TargetBootFilesOK%,No]
  [If,Not,ExistFile,%GTarget_Win%\Boot\DVD\EFI\bcd,Set,%TargetBootFilesOK%,No]
  [//If,Not,ExistFile,%GTarget_Win%\Boot\DVD\EFI\en-US\efisys.bin,%TargetBootFilesOK%,No]
  [If,Not,ExistFile,%GTarget_Win%\Boot\EFI\bootmgfw.efi,Set,%TargetBootFilesOK%,No]
  [End]
 Run - Processed section [CheckTargetBootFiles] in file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
  [If,%TargetBootFilesOK%,Equal,Yes,Run,%ScriptFile%,CopyBootFiles,%GTarget%]
[Warning] Reference to undefined variable: [%TargetBootFilesOK%]
  [Else,Run,%ScriptFile%,ExtractBootFiles]
  [End]
  [If,%Bcdedit_CheckBox%,Equal,True,Run,%ScriptFile%,BcdMenu]
  [//-]
  [FileDeleteQ,%ISOFileName%]
 Run - Processing section: [MFileDeleteQ] From file: [%BaseDir%\Projects\Win10XPE\Macro.script]
 [Parameter] with parameters: [%BaseDir%\Win10XPE_x64.ISO]
  [If,Not,#1-,Equal,-,Begin]
  [System,ErrorOff]
  [If,ExistFile,#1,FileDelete,#1]
  [If,ExistFile,#1,Shellexecute,Hide,cmd.exe,"/C del /q /f #$q#1#$q&del /q /f /A:R /A:H /A:S /A:A #$q#1#$q"]
  [If,ExistFile,#1,Begin]
  [Set,%answer%,No]
  [If,Question,"The file could not be deleted.#$x#$x#1#$x#$xThe file is maybe opened ?#$xRetry ?",Set,%answer%,Yes]
  [If,%answer%,Equal,Yes,Begin]
[Warning] Reference to undefined variable: [%answer%]
  [System,ErrorOff]
  [If,ExistFile,#1,FileDelete,#1]
  [If,ExistFile,#1,Shellexecute,Hide,cmd.exe,"/C del /q /f #$q#1#$q&del /q /f /A:R /A:H /A:S /A:A #$q#1#$q"]
  [If,ExistFile,#1,EchoExtended,"Error: The file could not be deleted. #$x#$x#1#$x#$x The file is maybe opened ?#$xExit",Warn,,MessageError,,Halt]
  [End]
  [Else,EchoExtended,"Error: The file could not be deleted. #$x#$x#1#$x#$x The file is maybe opened ?#$xExit",Warn,,MessageError,,Halt]
  [End]
  [End]
  [Else,EchoExtended,"Error: FileDeleteQ - missing parameter: File",Warn,,MessageError,,Halt]
 Run - Processed section [MFileDeleteQ] in file: [%BaseDir%\Projects\Win10XPE\Macro.script]
  [Run,%ScriptFile%,MakeISO]
 Run - Processing section: [MakeISO] From file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
  [Retrieve,FolderSize,%GISO%,%SizeFolder%]
  [StrFormat,BYTES,%SizeFolder%]
  [echo,"Creating ISO: [%ISOFileName%] Folder size: %SizeFolder%"]
[Warning] Reference to undefined variable: [Creating ISO: [%BaseDir%\Win10XPE_x64.ISO] Folder size: %SizeFolder%]
  [//ShellExecute,Open,%GTools%\mkisofs.exe,"-iso-level 4 -udf -r -force-uppercase -duplicates-once -volid #$q%ProjectName%_%Architecture%#$q -hide boot.catalog -hide-udf boot.catalog -b #$qboot/etfsboot.com#$q -no-emul-boot -boot-load-size 8 -eltorito-platform efi -no-emul-boot -b #$qefi/microsoft/boot/efisys.bin#$q -o #$q%ISOFileName%#$q #$q%GISO%#$q",%GTools%]
  [ShellExecute,Open,cmd.exe,"/C Echo Creating ISO: [%ISOFileName%] Folder size: %SizeFolder%, Be patient...&Echo.&mkisofs.exe -iso-level 4 -udf -r -force-uppercase -duplicates-once -volid #$q%ProjectName%_%Architecture%#$q -hide boot.catalog -hide-udf boot.catalog -b #$qboot/etfsboot.com#$q -no-emul-boot -boot-load-size 8 -eltorito-platform efi -no-emul-boot -b #$qefi/microsoft/boot/efisys.bin#$q -o #$q%ISOFileName%#$q #$q%GISO%#$q",%GTools%]
[Warning] Reference to undefined variable: [/C Echo Creating ISO: [%BaseDir%\Win10XPE_x64.ISO] Folder size: %SizeFolder%, Be patient...&Echo.&mkisofs.exe -iso-level 4 -udf -r -force-uppercase -duplicates-once -volid #$qWin10XPE_x64#$q -hide boot.catalog -hide-udf boot.catalog -b #$qboot/etfsboot.com#$q -no-emul-boot -boot-load-size 8 -eltorito-platform efi -no-emul-boot -b #$qefi/microsoft/boot/efisys.bin#$q -o #$q%BaseDir%\Win10XPE_x64.ISO#$q #$q%BaseDir%\ISO_x64#$q]
  [If,%ExitCode%,Equal,0,Echo,"mkisofs make ISO return : %ExitCode%"]
  [Else,Echo,"mkisofs make ISO return : %ExitCode%",Warn]
  [Wait,1]
  [If,ExistFile,%ISOFileName%,Begin]
  [Retrieve,FileSize,%ISOFileName%,%SizeISO%]
  [StrFormat,BYTES,%SizeISO%]
  [Echo,"ISO build size: %SizeISO%"]
[Warning] Reference to undefined variable: [ISO build size: %SizeISO%]
  [End]
 Run - Processed section [MakeISO] in file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
 Run - Processed section [CreateISO] in file: [%BaseDir%\Projects\Win10XPE\CreateISO.script]
Re: Win10XPE Project General Discussions
« Reply #571 on: January 23, 2019, 01:17:39 PM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
MiniTool Partition Wizard 11 is out.

Playing with it and there are changes. @James maybe this will help :)

I was able to get it to launch fine. And i added this "DirCopy,%Sapp%\diskspd,%Tapp%"

Code: [Select]
[Filesx86]
Echo,"Copying %ScriptTitle% Program Files..."
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,dbghelp,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,efs,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,idriver,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,ikernel,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,libcurl,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,libeay32,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,msvcp120,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,msvcr120,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,partitionwizard,1.exe
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,partitionwizard.exe,1.mfh
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,pas,1.cnf
//Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Pas2,1.dll
//Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,PASServer,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Charts,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Core,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Gui,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Network,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Widgets,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,RawObject,1.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,ssleay32,1.dll
If,ExistFile,%Sapp%\qt_de.qm,FileCopy,%Sapp%\qt_de.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qt_de,2.qm
If,ExistFile,%Sapp%\qt_en#$c1.qm,FileCopy,%Sapp%\qt_en#$c1.qm,%Tapp%\qt_en.qm
If,ExistFile,%Sapp%\qt_ja.qm,FileCopy,%Sapp%\qt_ja.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qt_ja,2.qm
If,ExistFile,%Sapp%\qtbase_de.qm,FileCopy,%Sapp%\qtbase_de.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qtbase_de,2.qm
If,ExistFile,%Sapp%\qtbase_ja.qm,FileCopy,%Sapp%\qtbase_ja.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qtbase_ja,2.qm
Run,%ScriptFile%,CopyR,%Sapp%\imageformats,%Tapp%\imageformats,qgif,1.dll
Run,%ScriptFile%,CopyR,%Sapp%\platforms,%Tapp%\platforms,qwindows,1.dll
//FileCopy,%Sapp%\pw.chm,%Tapp%
//FileCopy,%Sapp%\pw_de.chm,%Tapp%
//FileCopy,%Sapp%\pw_ja.chm,%Tapp%
//FileCopy,%Sapp%\pw_de.qm,%Tapp%
//FileCopy,%Sapp%\pw_ja.qm,%Tapp%
FileDelete,%Sapp%\x86\wim*.*
DirCopy,%Sapp%\x86,%Tapp%

Code: [Select]
[Filesx64]
Echo,"Copying %ScriptTitle% Program Files..."
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,dbghelp,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,efs,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,idriver,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,ikernel,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,libcurl,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,libeay32,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,msvcp120,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,msvcr120,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,partitionwizard,2.exe
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,partitionwizard.exe,2.mfh
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,pas,2.cnf
//Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Pas2,2.dll
//Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,PASServer,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Charts,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Core,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Gui,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Network,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,Qt5Widgets,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,RawObject,2.dll
Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,ssleay32,2.dll
If,ExistFile,%Sapp%\qt_de.qm,FileCopy,%Sapp%\qt_de.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qt_de,3.qm
If,ExistFile,%Sapp%\qt_en#$c2.qm,FileCopy,%Sapp%\qt_en#$c2.qm,%Tapp%\qt_en.qm
If,ExistFile,%Sapp%\qt_ja.qm,FileCopy,%Sapp%\qt_ja.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qt_ja,3.qm
If,ExistFile,%Sapp%\qtbase_de.qm,FileCopy,%Sapp%\qtbase_de.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qtbase_de,3.qm
If,ExistFile,%Sapp%\qtbase_ja.qm,FileCopy,%Sapp%\qtbase_ja.qm,%Tapp%
Else,Run,%ScriptFile%,CopyR,%Sapp%,%Tapp%,qtbase_ja,3.qm
Run,%ScriptFile%,CopyR,%Sapp%\imageformats,%Tapp%\imageformats,qgif,2.dll
Run,%ScriptFile%,CopyR,%Sapp%\platforms,%Tapp%\platforms,qwindows,2.dll
//FileCopy,%Sapp%\pw.chm,%Tapp%
//FileCopy,%Sapp%\pw_de.chm,%Tapp%
//FileCopy,%Sapp%\pw_de.qm,%Tapp%
//FileCopy,%Sapp%\pw_ja.chm,%Tapp%
//FileCopy,%Sapp%\pw_ja.qm,%Tapp%
FileDelete,%Sapp%\x64\wim*.*
DirCopy,%Sapp%\x64,%Tapp%

Re: Win10XPE Project General Discussions
« Reply #572 on: January 23, 2019, 01:27:51 PM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Another quick tip.

Remove startup folder for admin
Code: [Select]
EXEC !%WinDir%\System32\attrib.exe +s +h "X:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
Re: Win10XPE Project General Discussions
« Reply #573 on: January 23, 2019, 05:30:23 PM »

James

  • Grand Chef
  • *****
  • Location: USA
  • Date Registered: Dec 2017
  • Posts: 2272
Quote
MiniTool Partition Wizard 11 is out.
Playing with it and there are changes. @James maybe this will help :)

Thanks For The MiniTool Partition Wizard 11 Upgrade Notice...

Although I found a LOT more file revisions to MiniTool Partition Wizard 11.. Then Suggested..
Re: Win10XPE Project General Discussions
« Reply #574 on: January 23, 2019, 05:44:16 PM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Awaiting your release.  :grin:
Re: Win10XPE Project General Discussions
« Reply #575 on: January 24, 2019, 06:07:26 AM »

radospy

  • Apprentice
  • *
  • Date Registered: Jan 2019
  • Posts: 8
I've built a Win10XPE using Windows 10 1809 x64 media. Everything but the Backupper application works great. When launching Backupper, I get the following error:

ila_rendered

Looking in the path indicated in the screenshot, I cannot don't see the vcomp.dll file.

There were no errors during the build process.

Has anyone else ran into this issue? How do I go about fixing this?
Re: Win10XPE Project General Discussions
« Reply #576 on: January 24, 2019, 06:25:48 AM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Small request.

Can we get winxshell to be more customized for xpe? Meaning instead of messing with manual editing can there be more options like the additional tab under core?
Re: Win10XPE Project General Discussions
« Reply #577 on: January 24, 2019, 06:35:21 AM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Quote
About %CDdrive%=X:(Y:)
%CDdrive% seems to be very little used. let me know for what need you use.
for now I have not added, if needed, it can be done easily with:
Code: [Select]
StrFormat,LEFT,%PE_Programs%,2,%CDDrive%

I am interested in messing around with this in xpe. I made a post about my issues with it and actually getting it to work with both e2b and aioboot.

Can you help me out with trying to get this to work with xpe?
Re: Win10XPE Project General Discussions
« Reply #578 on: January 24, 2019, 06:35:54 AM »

Bigbadmoshe

  • Chef
  • ***
  • Location: Israel
  • Date Registered: Dec 2017
  • Posts: 444
Quote from: radospy on January 24, 2019, 06:07:26 AM
I've built a Win10XPE using Windows 10 1809 x64 media. Everything but the Backupper application works great. When launching Backupper, I get the following error:

(Attachment Link)

Looking in the path indicated in the screenshot, I cannot don't see the vcomp.dll file.

There were no errors during the build process.

Has anyone else ran into this issue? How do I go about fixing this?

Have you tried manually copying the file in pe itself?
Re: Win10XPE Project General Discussions
« Reply #579 on: January 24, 2019, 10:14:56 AM »

ChrisR

  • Moderator, XPE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 3494
Quote from: radospy on January 24, 2019, 06:07:26 AM
When launching Backupper, I get the following error:
Looking in the path indicated in the screenshot, I cannot don't see the vcomp.dll file.
Yes, Thanks, the plugin was made for Backupper v4.6.0 and there are some changes in v4.6.1
including vcomp.dll that becomes vcomp,2.dll for the 64-bit version

ila_rendered

I made the corrections but I don't have time to test right now.
Use the little "u" button to update the container file then play it. Let me know
* AOMEI Backupper_XPE.Script (50.39 kB - downloaded 35 times.)
« Last Edit: January 24, 2019, 10:16:29 AM by ChrisR »
Pages: 1 ... 27 28 [29] 30 31 ... 81
« previous next »
 
Powered by EzPortal