Sunday, December 14, 2008

Custom Win PE Boot Disk Building: Step Two – PGP Injection

First please review the prior links in this series.

The goal is to produce a WinPE 2.0 boot disk, that has PGP WDE driver support, and brings in a shell that is notches more sophisticated than the standard CMD window normally offered by WinPE 2.0. Oh yeah, and that works on Dell Optiplex 745/755 USB keyboards.

Note: I always do my PE/PGP/VistaPE building under an Administrator level permissions account, and all folders have security settings (and contained objects) set with full permissions for both “Administrator” and “Everyone”.  That seems to work with the least amount of headaches on both XP Professional and Vista systems.  Your mileage may vary.

PGP Prep-Work

Let’s lay the groundwork.

From Step One, we now have created the following folder (and contents) on the root of our C: drive:

c:\winpe_x86

Now let’s create two new folders on the root of C: that we will use for our PGP processing.

First create the following folder:

c:\WDE

Second create the following folder “PGP”

c:\PGP

Done?  Great!

Get the PGP Driver Files

You will need to have access to a PGP WDE Windows encrypted system for this next part.  That should be pretty easy because I’m assuming only system admins who support such configured systems would be taking the time and effort to do all this work in the first place!

Our systems use XP Professional, and my primary building is done on a XP Pro system as well.  However, Vista could also be used.  Regardless, go to that system and the files should be able to be found as follows:

c:\Program Files\PGP Corporation\PGP Desktop\pgpbootb.bin

c:\Program Files\PGP Corporation\PGP Desktop\pgpbootg.bin

c:\Program Files\PGP Corporation\PGP Desktop\PGPwde.exe

c:\Program Files\PGP Corporation\PGP Desktop\Stage1  (note “Stage1” is the filename with no extension)

c:\Windows\system32\PGPsdk.dll

c:\Windows\system32\PGPsdknl.dll

c:\Windows\system32\PGPwd.dll

c:\Windows\system32\drivers\PGPwded.sys

Copy each one of these files and place them into the C:\WDE folder.

Easy!

PGP PE Tools

Hop over to PGP Knowledgebase Answer ID 807 and scroll down to the “PGP Desktop PGP PE Tools” section.

You will need to download the appropriate ZIP file according to the version of PGP WDE you have deployed across your environment.  Be sure to pick the right one!

Download the ZIP file to your system.  I’m going to be using PGPpe990.zip

Now unpack, unpack, unpack the contents to the c:\PGP folder.

Note: that threw me off for a bit at first. See for some reason, the two files you need – pgppe.exe and pgpstart.exe are in a zip file, inside a zip file, inside a zip file.  So you will have to keep unzipping and unzipping, and unzipping until you can finally get at the two files inside.  Unless your ZIP program allows you to drill down inside them all and directly extract them.  Don’t give up, they really are in there!

When you are all done, you should now have the following files/folder:

c:\PGP\pgppe.exe

c:\PGP\pgpstart.exe

PGP PE File Injection

Now comes the fun part!

Open a command-prompt window. (Note: On Vista systems you must run the CMD window as Administrator-level.)

Browse to the c:\PGP folder

Run the following command:

Pgppe /winpe c:\winpe_x86\ c:\wde

It should only take a few moments and then if all goes well you will see the following return:

image

I actually ran a Process Monitor capture session on this some time back.  There’s a lot of activity going on behind the scenes. It basically mounts the winpe.wim file in a writeable mode, copies the special PGP files out of the folder we tucked them into their proper locations within the wim file, adds a number of registry keys, then dismounts the wim, saving the changes.  They packed a lot of activity into those command-line actions.

Do the winpe.wim / boot.wim file flip-flop

Last step in this stage is that we need to replace the winpe.wim file which will be our ultimate boot PE 2.0 wim with our now PGP WDE driver-injected winpe.wim version.

Open Windows Explorer and browse to the c:\winpe_x86 folder.

Copy the winpe.wim file there.  (This is the one we modified in the previous step.)

Browse deeper into the c:\winpe_x86\ISO\sources folder and paste it next to the boot.wim file already there.

Now move the boot.wim file in there out to the c:\winpe_x86 folder for safe-keeping.  It really is just a differently-named copy of the original winpe.wim file, pre-PGP driver injection.

Now go back into the c:\winpe_x86\ISO\sources folder and rename your updated winpe.wim file to “boot.wim”

You should note that the file size is now larger in the PGP-modified wim file version than the original.  That’s a good sign.

Hurray!  We are now done with this stage!

Pretty easy wasn’t it?

For Early Quitters

At this stage, if all you wanted was to have a plain-Jane WinPE 2.0 boot CD, all you would need to do are the following following steps:

Go to the Start menu and under All Programs find the Microsoft Windows AIK folder and launch Windows PE Tools Command Prompt, or open a command prompt and type

cd c:\program files\Windows AIK\Tools\PETools.

Then, type

oscdimg -n -bc:\winpe_x86\etfsboot.com c:\winpe_x86\ISO c:\winpe_x86\winpe_x86.iso

(again, all one line)

An ISO file will be created inside the c:\winpe_86 folder.

With the ISO image file created, you can now burn the image file to CD.

However, while this will fit the bill, we have higher aspirations for our boot-cd.  Stay tuned!

Additional Notes:

More information on injecting PGP WDE drivers into WinPE 1.0, WinPE 2.0, Vista upgrade installations of pre-encrypted PGP WDE systems, and use with the XP Recovery Console can be found in this PGP Document:

Windows Preinstallation Environment & BartPE Tools – PGP Knowledgebase Answer ID 807

It also contains the CLI commands you will need to actually manually couple the user’s passphrase in with the pgpwde software you have added to the boot disk.

I’ll share them later in the process, but if you are curious check out the PDF file on that page.

Also, if you look carefully thought their PGP WinPE 2.0 building section, you will see that I’ve modified my commands/locations just a bit from the ones they recommend.  My method seems to keep things a bit more ordered, IMHO.

Next up?

Building a VistaPE base file set to work with.

--Claus V.

2 comments:

Anonymous said...

Dude .. you rock!!! Thanks

Anonymous said...

hi,

did you try with Win PE 3.0 ?