[esgaroth]

I have been experimenting with making a WinPE 4 and I am trying to get explorer.exe to run. I know windows 8 has not been finalized and things might change in the final version but I just wanted to experiment with it a bit and see if I can get it to work.

So far I can run explorer from the command window and it starts but the desktop and taskbar are not working correctly. Both the desktop and taskbar are blank. I can right click on the taskbar and start task manager but no icons are created on the task bar to show running programs. I can right click on the desktop and select create new folder but nothing appears on the desktop. A new folder is created at X:\windows\system32\config\systemprofile\desktop, its just not visible on the desktop.
I can also right click and select personalize and the control panel will open.

Here is what I have done so far to get explorer working:

After mounting the winpe.wim,
I used dependancy walker to get a list of all files needed by explorer.exe. Copied all of these files into the mounted wim without overwriting any existing files.

Copied folders:
Windows\en-us
System32\en-us
System32\migration
Windows\Branding
WinSxS\common-controls
WinSxS\gdiplus

All .cpl, .exe, and .msc files from system32.

I have exported from the install.wim registry hives:
Software\Classes
Software\Microsoft\Windows\CurrentVersion\Explorer
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Software\Microsoft\Internet Explorer
Default\Software\Microsoft\Windows\CurrentVersion\Explorer

Set System\ControlSet001\Control\ProductOptions\ProductSuite=Terminal Server

I have also tried importing the entire Software key from install.wim.
I have replaced all “C:\” with “X:\” and all “43,00,3a,00,5c,00” with “58,00,3a,00,5c,00”
Removed all references to "RunAs"="Interactive User"
I also tried copying all dll files from install.wim system32 without overwriting anything.

These are about the steps that have worked for passed versions of windows so I don't know yet what might be different for windows 8.
Any other files I should add? Services maybe? Any registry changes I should make?

[Kullenen_Ask]

it is a known problem and as far as i know there is no known solution for that and metro. will wait and see somebody to patch somethings.

[Tripredacus]

Something like this?
http://www.msfn.org/...-for-windows-8/

[esgaroth]

Windows 7 explorer in pe4 looks interesting, I might try that.
Kullenen, I have read through your winpe 3.0 thread and it has been very helpfull, do you have any suspicion of what might be missing? I'm sure I will probably have to wait for someone more knowledgeable than I to figure this out, but I may try a bit more nonetheless.
I have noticed that comparing logs from procmon that explorer behaves differently. Under PE explorer starts loading registry settings first then starts loading files. In windows explorer checks a bunch of files first before checking the same registry settings. Also under PE explorer keeps looking in X:\Windows for dll files before it finds them in System32. In windows explorer always looks in System32 first. I doubt this matters as the files are eventually loaded in either case.

[Kullenen_Ask]

I am quite sure not a missing registry or file problem. probably 1-)"productoptions" registry 2-) walpaperhost.exe 3-) explorer.exe or 4-)Minint string in a file or registry needs to be patched. Just my opinion.

[esgaroth]

Since most of the classic theme and shell code has been removed from windows 8; I wonder if this is just a matter of getting themes and the desktop window manager running in PE. I have gotten the theme service to run, but the desktop window manager is no longer a service as it was in windows 7. dwm.exe is spawned by winlogon.exe during startup. If I add dwm.exe to my wim file with no other changes then it boots to a black screen with no command prompt. So winlogon.exe must be automatically starting dwm.exe if it exists. I don't know if the black screen is the system locking up or if it just isn't able to display anything properly.
I tried copying dwm.exe after booting the PE and running it manually, but it just exits after a couple of seconds.

I have found that the taskbar and desktop are at least somewhat usable. If you right click the desktop and select refresh then the icons will show up. I can also right click on the task bar and add toolbars. The toolbar shortcuts function properly.
Running applications still do not show on the taskbar,

[esgaroth]

Looks like the problem definitely has to do with the HKLM\System\Setup\SystemSetupInProgress registry key. Setting it to 1 in a normal windows environment reproduces the problems with explorer.

Looks like both dwm.exe and explorer.exe check the value of SystemSetupInProgress when starting up. I tried patching the string in the exe but it looks like both dwm.exe and explorer.exe get that value from some other loaded dll or exe.

So its starting to look like Microsoft may have deliberately prevented explorer from running in winpe this time around.

[Kullenen_Ask]

reproduces the problems with explorer? how? example?

[esgaroth]

Yes, like I explained in the first post. The taskbar is visible but open applications do not show up there. The desktop is also blank, no icons are shown.
Here is a screenshot of what happens to a normal windows 8 rtm install if SystemSetupInProgress is set to 1. Very similar to how the taskbar behaves in winpe 4.0.

[Tripredacus]

esgaroth, on 15 August 2012 - 02:53 PM, said:

Looks like both dwm.exe and explorer.exe check the value of SystemSetupInProgress when starting up. I tried patching the string in the exe but it looks like both dwm.exe and explorer.exe get that value from some other loaded dll or exe.

This should be the same even with Vista or Windows 7. I imagine this is why if you deploy Windows to Audit Mode, aero is disabled. But maybe this change you are seeing is because Aero is not in Windows 8 anymore.

[esgaroth]

Tripredacus, on 16 August 2012 - 08:33 AM, said:

This should be the same even with Vista or Windows 7. I imagine this is why if you deploy Windows to Audit Mode, aero is disabled. But maybe this change you are seeing is because Aero is not in Windows 8 anymore.

Thats what I thought about dwm.exe not working in PE. I thought that maybe dwm.exe would have to be loaded with the windows 8 theme working in order for explorer to work since there is no other theme to fall back on. But in the last screenshot the theme is working so dwm.exe must be running yet explorer still does not work correctly.
If I try to run task manager or any other exe I get "The device is not ready." So I can't check to see what is running and what is not.

[esgaroth]

I started working on this again recently and was able to make a small bit of progress. I can get dwm to run in pe. Only required the direct3d/directdraw registry keys from HKLM/Software/Microsoft.
Taskbar still does not work though. With dwm running windows now have the windows 8 theme to them. The folder view and task manager don't have the new windows 8 skins though so something still isnt loading.

[ChrisQuestionMark]

Have you managed to get the file copy-progress part of explorer working?
With Win PE3 (Win7) it was as easy as copying shellstyle.dll, but there is more to it with this version.
I would be content using a 3rd party file manager on my WinPE build, but I really would like Win8's file copy handling.

[Meyer]

Have you tried to copy the DLL's "twinui.dll" and "twinapi.dll" to WinPE? They are the most important for Windows 8 UI (Metro) work.

Sorry if my english is bad ... I am brazillian...

[ChrisQuestionMark]

Thanks for the suggestion Meyer, but even with twinui.dll and twinapi.dll there is no copy progress window.

[Meyer]

ChrisQuestionMark, on 04 December 2012 - 07:11 AM, said:

Thanks for the suggestion Meyer, but even with twinui.dll and twinapi.dll there is no copy progress window.

The immersive shell (Metro) works now?
Have you tried to import "HKCR\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" and "HKCR\Software\Classes" keys from Windows 8 to "system" account in WinPE?
Try copying "C:\Program Files\WindowsApps" to WinPE. (you need to take ownership from the folder to copy it). Copy "C:\Windows\ImmersiveControlPanel" to WinPE too.

[Meyer]

I got Task Manager and IE10 to work:

http://imageshack.us...0andtaskmgr.png

http://imageshack.us.../2725/ie10k.png

http://imageshack.us...58/taskmgrh.png

For IE10, I only copied IE folder to WIM. But, when I close the IE, it try to initialize "inetcpl.cpl". I need to copy it.
And for task manager, I copied "taskmgr.exe" and your MUI, and the "LaunchTM.exe". But the "Processes" tab shows no item. This is probably due to the fact that Immersive Shell not be running.

And I found something very interesting: If you run EXPLORER.EXE in the system account in Win8 RTM , we have the same problem with taskbar.

[esgaroth]

Hello Meyer, How did you get taskmanager to use the new windows 8 layout? As you can see from my screen shots it will only run with the old layout. Do you have a list of files and or registry keys that you have copied so far?
And for the taskbar problem, maybe a comparison of running services and processes when explorer is run from the system user account as opposed to a normal user account would give us a clue.

[Meyer]

esgaroth, on 09 December 2012 - 11:59 PM, said:

Hello Meyer, How did you get taskmanager to use the new windows 8 layout? As you can see from my screen shots it will only run with the old layout. Do you have a list of files and or registry keys that you have copied so far?
And for the taskbar problem, maybe a comparison of running services and processes when explorer is run from the system user account as opposed to a normal user account would give us a clue.

I overwrited all files in copy:
\windows\system32\windows.*.dll
\windows\system32\en-us\windows.*.dll.mui
\windows\system32\taskmgr.exe
\windows\system32\en-us\taskmgr.exe.mui
\windows\system32\launchtm.exe

Maybe the two first lines is not needed.

Look at services list in WinPE:

http://img641.images...manservices.png

And list services from System account of Win8 RTM:

Quote

NOME_DO_SERVI€O: AeLookupSvc
NOME_PARA_EXIBI€ÇO: Experiˆncia com Aplicativo
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Appinfo
NOME_PARA_EXIBI€ÇO: Informa‡äes sobre Aplicativos
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: AudioEndpointBuilder
NOME_PARA_EXIBI€ÇO: Construtor de Pontos de Extremidade de µudio do Windows
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Audiosrv
NOME_PARA_EXIBI€ÇO: µudio do Windows
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: BFE
NOME_PARA_EXIBI€ÇO: Mecanismo de Filtragem B sica
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: BrokerInfrastructure
NOME_PARA_EXIBI€ÇO: Servi‡o de Infraestrutura de Tarefas de Segundo Plano
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Browser
NOME_PARA_EXIBIۂO: Pesquisador de Computadores
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: CryptSvc
NOME_PARA_EXIBI€ÇO: Servi‡os de criptografia
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: DcomLaunch
NOME_PARA_EXIBIۂO: Inicializador do Processo de Servidor DCOM
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: DeviceAssociationService
NOME_PARA_EXIBI€ÇO: Servi‡o de Associa‡Æo de Dispositivo
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Dhcp
NOME_PARA_EXIBIۂO: Cliente DHCP
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Dnscache
NOME_PARA_EXIBIۂO: Cliente DNS
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: DPS
NOME_PARA_EXIBI€ÇO: Servi‡o de Pol¡tica de Diagn¢stico
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: EventLog
NOME_PARA_EXIBIۂO: Log de Eventos do Windows
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: EventSystem
NOME_PARA_EXIBIۂO: COM+ evento do sistema
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: fdPHost
NOME_PARA_EXIBI€ÇO: Host de Provedor da Descoberta de Fun‡Æo
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: FDResPub
NOME_PARA_EXIBI€ÇO: Publica‡Æo de Recursos de Descoberta de Fun‡Æo
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: FontCache
NOME_PARA_EXIBI€ÇO: Servi‡o de Cache de Fontes do Windows
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: gpsvc
NOME_PARA_EXIBI€ÇO: Cliente da Pol¡tica de Grupo
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: hidserv
NOME_PARA_EXIBIۂO: Acesso a Dispositivo de Interface Humana
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: HomeGroupListener
NOME_PARA_EXIBI€ÇO: Escuta do Grupo Dom‚stico
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: HomeGroupProvider
NOME_PARA_EXIBI€ÇO: Provedor do Grupo Dom‚stico
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: iphlpsvc
NOME_PARA_EXIBIۂO: Auxiliar de IP
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: KeyIso
NOME_PARA_EXIBIۂO: Isolamento de Chave CNG
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: LanmanServer
NOME_PARA_EXIBIۂO: Server
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: LanmanWorkstation
NOME_PARA_EXIBI€ÇO: Esta‡Æo de trabalho
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: lmhosts
NOME_PARA_EXIBIۂO: Auxiliar NetBIOS TCP/IP
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: LSM
NOME_PARA_EXIBI€ÇO: Gerenciador de SessÆo Local
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: MMCSS
NOME_PARA_EXIBI€ÇO: Agendador de Classes de Multim¡dia
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: MpsSvc
NOME_PARA_EXIBIۂO: Firewall do Windows
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: NcdAutoSetup
NOME_PARA_EXIBI€ÇO: Instala‡Æo Autom tica de Dispositivos Conectados … Rede
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: netprofm
NOME_PARA_EXIBI€ÇO: Servi‡o da Lista de Redes
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: NlaSvc
NOME_PARA_EXIBIۂO: Reconhecimento de Locais de Rede
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: nsi
NOME_PARA_EXIBI€ÇO: Servi‡o de Interface de Reposit¢rio de Rede
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: p2pimsvc
NOME_PARA_EXIBIۂO: Gerenciador de Identidades de Rede de Par
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: p2psvc
NOME_PARA_EXIBIۂO: Agrupamento de Rede de Par
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: PcaSvc
NOME_PARA_EXIBI€ÇO: Servi‡o Auxiliar de Compatibilidade de Programas
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: PlugPlay
NOME_PARA_EXIBIۂO: Plug and Play
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: PNRPsvc
NOME_PARA_EXIBIۂO: Protocolo PNRP
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Power
NOME_PARA_EXIBIۂO: Energia
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: ProfSvc
NOME_PARA_EXIBI€ÇO: Servi‡o de Perfil de Usu rio
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: PSEXESVC
NOME_PARA_EXIBIۂO: PsExec
TIPO : 10 WIN32_OWN_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: RpcEptMapper
NOME_PARA_EXIBIۂO: Mapeador de Ponto de Extremidade RPC
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: RpcSs
NOME_PARA_EXIBIۂO: RPC (Chamada de Procedimento Remoto)
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: SamSs
NOME_PARA_EXIBI€ÇO: Gerente de Contas de Seguran‡a
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Schedule
NOME_PARA_EXIBIۂO: Agendador de Tarefas
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: SENS
NOME_PARA_EXIBI€ÇO: Servi‡o de Notifica‡Æo de Eventos do Sistema
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: ShellHWDetection
NOME_PARA_EXIBI€ÇO: Detec‡Æo do hardware do shell
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Spooler
NOME_PARA_EXIBI€ÇO: Spooler de ImpressÆo
TIPO : 110 WIN32_OWN_PROCESS (interactive)
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: SSDPSRV
NOME_PARA_EXIBIۂO: Descoberta SSDP
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: SysMain
NOME_PARA_EXIBIۂO: Superfetch
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: SystemEventsBroker
NOME_PARA_EXIBIۂO: Agente de Eventos do Sistema
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Themes
NOME_PARA_EXIBIۂO: Temas
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: TimeBroker
NOME_PARA_EXIBIۂO: Agente de Tempo
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: TOSHIBA Bluetooth Service
NOME_PARA_EXIBIۂO: TOSHIBA Bluetooth Service
TIPO : 10 WIN32_OWN_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: TrkWks
NOME_PARA_EXIBI€ÇO: Cliente de rastreamento de link distribu¡do
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: VIAKaraokeService
NOME_PARA_EXIBIۂO: VIA Karaoke digital mixer Service
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Wcmsvc
NOME_PARA_EXIBI€ÇO: Gerenciador de Conexäes do Windows
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: WdiServiceHost
NOME_PARA_EXIBI€ÇO: Host do Servi‡o de Diagn¢stico
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: WdiSystemHost
NOME_PARA_EXIBI€ÇO: Host do Sistema de Diagn¢sticos
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: WinDefend
NOME_PARA_EXIBI€ÇO: Servi‡o Windows Defender
TIPO : 10 WIN32_OWN_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: WinHttpAutoProxySvc
NOME_PARA_EXIBI€ÇO: Servi‡o de Descoberta Autom tica de Proxy da Web do WinHTTP
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: Winmgmt
NOME_PARA_EXIBI€ÇO: Testador de instrumenta‡Æo de gerenciam. do Windows
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: WPDBusEnum
NOME_PARA_EXIBI€ÇO: Servi‡o Enumerador de Dispositivos Port teis
TIPO : 20 WIN32_SHARE_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

NOME_DO_SERVI€O: WSearch
NOME_PARA_EXIBIۂO: Windows Search
TIPO : 10 WIN32_OWN_PROCESS
ESTADO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CàDIGO_DE_SAÖDA_DO_WIN32 : 0 (0x0)
CàDIGO_DE_SAÖDA_DO_SERVI€O : 0 (0x0)
PONTO_DE_VERIFICAۂO : 0x0
AGUARDAR_DICA : 0x0

I will make a list of user account services soon...

[esgaroth]

I tried copying all of the files you suggested but it didn't make a difference. What about registry?
There are many more services running in pe but they would not show in the task manager at first. I am not sure which files I copied to get it to show the full list.