| Deutsch English Français Italiano |
|
<v45t0r$4sh9$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!feed.opticnetworks.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Paul <nospam@needed.invalid>
Newsgroups: alt.comp.os.windows-10
Subject: KB5034441 WinRE.wim and emergency boot, security fix, failure to
install
Date: Sun, 9 Jun 2024 23:47:37 -0400
Organization: A noiseless patient Spider
Lines: 136
Message-ID: <v45t0r$4sh9$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 10 Jun 2024 05:47:39 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="241b68d0e506f9ab10829f0f7c69e275";
logging-data="160297"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+RUrD0Qbko7UfyhllbR0WZwXu1iTZQAe4="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:ri9F0yK7qwevliSIOs/zCV2cQ8Y=
X-Mozilla-News-Host: news://news.eternal-september.org:119
Content-Language: en-US
Bytes: 6187
[Note: The following is not a "recipe class" description.
It's to help you attempt to hack your ReagentC back to working.]
I managed to get my Optiplex 780 fixed. (MSDOS partitioned disk, no UEFI, legacy BIOS)
By fiddling with it, I had seemed to break the reagentc
thing altogether :-) By clever work, it was disabled, and
I could not find the files... anywhere. Now, we know
the OS handles those three or so files with care, but the
situation is, there are a million places it can hide the
files.
I discovered a new place. It's in a hidden "Temporary" folder
next to WindowsRE folder. And that *might* be how a partition
which is large enough, refuses to take a fix. The Temporary folder,
is where I found my ~450MB or so "lost" WinRE.wim. That used up
450MB of my 1GB partition, leaving 550MB for '4441 to use.
*******
The interesting part of my adventure, is the solving of the
"pushing on a piece of string". Previously, I could not figure
out how humans were supposed to "drive" the process. For example,
if you reagentc /disable , it would "place the files in a safe
place". If you checked reagentc /info and all the fields were
zero, as near as I can figure, that is bad. Enabling reagentc again,
it is likely consulting the files in the safe place, finding they
are valid, and using them to copy back to the partition used before.
But there did not seem to be any way for a human to "prime" the
process from scratch.
The first ingredient was this. I could not use this at first,
because it did not seem to be a complete story.
REAGENTC.EXE /setreimage /path R:\Recovery\WindowsRE /logpath C:\Temp\Reagent.log
Where does the drive letter R: come from ? Like this. It's assigned to the
hidden NTFS partition, to make it "visible enough" for the command to work.
Administrator: [Note: This info is for an MSDOS partitioned disk, and legacy boot]
diskpart
list disk
select disk 0
list partition
select partition 3 # The hidden partition with type 0x27 and the label "System Reserved", 1GB in size
assign letter=R # Makes the partition visible for some parts of the OS to see...
That letter is removed on a reboot, so you don't have to worry about
it being a permanent (and incorrect) fixture.
Where the pieces fell together, is I found an article on Tenforums,
which said to copy the WinRE.wim and ReAgent.xml from the Windows10
installer DVD. In "sources", is the large (3.5GB+) install.wim file.
Opening that in 7ZIP, folder 6 is the Windows 10 Pro folder. And
there is a 450MB WinRE.wim in there.
The magic part about the ReAgent.xml file next to it, is the
file is armed with PBR ("PushButtonReset"). That means, when our
mystery software reads that file, it says "Oh, you're new here, and
you want me to bless your WinRE.wim ?".
So on drive R:, I have the "usual things"
R:
Recovery
WindowsRE
WinRE.wim # from DVD
ReAgent.xml # PushButtonReset version of the control file, also from DVD.
Now, if you execute the command, and then check the log
( reagentc /disable )
REAGENTC.EXE /setreimage /path R:\Recovery\WindowsRE /logpath C:\Temp\Reagent.log
The Reagent.log file says "staged" as a result of the command. At this point,
nothing has been blessed. The OS simply makes a note of the materials.
However, when you do
reagentc /enable
now the staged materials are used to update the BCD file with the
identifier of the new WinRE.wim setup, including the physical address
it likes instead of the letter R: . It was never going to like the
letter R:, but by using R:, the software translates this for us,
into a partition number and so on.
Some unclear issues, are how the folders are supposed to be set up.
In Powershell, you type "cmd" to switch to Command Prompt, as only
that shell recognizes the commands properly.
R:
Recovery
WindowsRE <=== You've put the WinRE.wim and the Reagent.xml in here already,
now you can "shut the door on them"
cd /d R:
md Recovery
cd Recovery
md WindowsRE
attrib -h -s WindowsRE # Make the folder System and Hidden, at the same time
cd ..
attrib -h -s Recovery #
Normally, when you do
dir
hidden things are not listed.
If you do
dir /ah
then the hidden items should be listed.
So now you can see what I was doing, to set up my disk drive,
and put a brand new, empty 1GB, 0x27 partition, on the machine.
To make the partition in the first place, there's likely some way
to do it entirely with "diskpart". But what I did was:
disk management, create the partition, format it NTFS. Now
the partition is 0x07 type. Using PTEDIT32.exe as administrator,
you can change the partition field by typing 0x27 over top. Save.
On the next reboot, the partition is hidden NTFS type. And then,
using the "letter R: " recipe, you can make stuff in it, change
attributes and so on.
[Picture]
https://i.postimg.cc/Fz6X4Ljh/W10-DELL-reagentc-legacy-boot.gif
Paul