Path: ...!feed.opticnetworks.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Paul Newsgroups: alt.comp.os.windows-10 Subject: KB5034441 WinRE.wim and emergency boot, security fix, failure to install Date: Sun, 9 Jun 2024 23:47:37 -0400 Organization: A noiseless patient Spider Lines: 136 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Date: Mon, 10 Jun 2024 05:47:39 +0200 (CEST) Injection-Info: dont-email.me; posting-host="241b68d0e506f9ab10829f0f7c69e275"; logging-data="160297"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+RUrD0Qbko7UfyhllbR0WZwXu1iTZQAe4=" User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802) Cancel-Lock: sha1:ri9F0yK7qwevliSIOs/zCV2cQ8Y= X-Mozilla-News-Host: news://news.eternal-september.org:119 Content-Language: en-US Bytes: 6187 [Note: The following is not a "recipe class" description. It's to help you attempt to hack your ReagentC back to working.] I managed to get my Optiplex 780 fixed. (MSDOS partitioned disk, no UEFI, legacy BIOS) By fiddling with it, I had seemed to break the reagentc thing altogether :-) By clever work, it was disabled, and I could not find the files... anywhere. Now, we know the OS handles those three or so files with care, but the situation is, there are a million places it can hide the files. I discovered a new place. It's in a hidden "Temporary" folder next to WindowsRE folder. And that *might* be how a partition which is large enough, refuses to take a fix. The Temporary folder, is where I found my ~450MB or so "lost" WinRE.wim. That used up 450MB of my 1GB partition, leaving 550MB for '4441 to use. ******* The interesting part of my adventure, is the solving of the "pushing on a piece of string". Previously, I could not figure out how humans were supposed to "drive" the process. For example, if you reagentc /disable , it would "place the files in a safe place". If you checked reagentc /info and all the fields were zero, as near as I can figure, that is bad. Enabling reagentc again, it is likely consulting the files in the safe place, finding they are valid, and using them to copy back to the partition used before. But there did not seem to be any way for a human to "prime" the process from scratch. The first ingredient was this. I could not use this at first, because it did not seem to be a complete story. REAGENTC.EXE /setreimage /path R:\Recovery\WindowsRE /logpath C:\Temp\Reagent.log Where does the drive letter R: come from ? Like this. It's assigned to the hidden NTFS partition, to make it "visible enough" for the command to work. Administrator: [Note: This info is for an MSDOS partitioned disk, and legacy boot] diskpart list disk select disk 0 list partition select partition 3 # The hidden partition with type 0x27 and the label "System Reserved", 1GB in size assign letter=R # Makes the partition visible for some parts of the OS to see... That letter is removed on a reboot, so you don't have to worry about it being a permanent (and incorrect) fixture. Where the pieces fell together, is I found an article on Tenforums, which said to copy the WinRE.wim and ReAgent.xml from the Windows10 installer DVD. In "sources", is the large (3.5GB+) install.wim file. Opening that in 7ZIP, folder 6 is the Windows 10 Pro folder. And there is a 450MB WinRE.wim in there. The magic part about the ReAgent.xml file next to it, is the file is armed with PBR ("PushButtonReset"). That means, when our mystery software reads that file, it says "Oh, you're new here, and you want me to bless your WinRE.wim ?". So on drive R:, I have the "usual things" R: Recovery WindowsRE WinRE.wim # from DVD ReAgent.xml # PushButtonReset version of the control file, also from DVD. Now, if you execute the command, and then check the log ( reagentc /disable ) REAGENTC.EXE /setreimage /path R:\Recovery\WindowsRE /logpath C:\Temp\Reagent.log The Reagent.log file says "staged" as a result of the command. At this point, nothing has been blessed. The OS simply makes a note of the materials. However, when you do reagentc /enable now the staged materials are used to update the BCD file with the identifier of the new WinRE.wim setup, including the physical address it likes instead of the letter R: . It was never going to like the letter R:, but by using R:, the software translates this for us, into a partition number and so on. Some unclear issues, are how the folders are supposed to be set up. In Powershell, you type "cmd" to switch to Command Prompt, as only that shell recognizes the commands properly. R: Recovery WindowsRE <=== You've put the WinRE.wim and the Reagent.xml in here already, now you can "shut the door on them" cd /d R: md Recovery cd Recovery md WindowsRE attrib -h -s WindowsRE # Make the folder System and Hidden, at the same time cd .. attrib -h -s Recovery # Normally, when you do dir hidden things are not listed. If you do dir /ah then the hidden items should be listed. So now you can see what I was doing, to set up my disk drive, and put a brand new, empty 1GB, 0x27 partition, on the machine. To make the partition in the first place, there's likely some way to do it entirely with "diskpart". But what I did was: disk management, create the partition, format it NTFS. Now the partition is 0x07 type. Using PTEDIT32.exe as administrator, you can change the partition field by typing 0x27 over top. Save. On the next reboot, the partition is hidden NTFS type. And then, using the "letter R: " recipe, you can make stuff in it, change attributes and so on. [Picture] https://i.postimg.cc/Fz6X4Ljh/W10-DELL-reagentc-legacy-boot.gif Paul