$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
29 Feb // php the_time('Y') ?>
The Windows 8 Consumer Preview is downloaded as a Web Installer called Windows8-ConsumerPreview-setup.exe.
On my system the Web Installer crashed while checking Application Compatibility:
I clicked the Debug option and launched the Visual Studio debugger:
Websetup crashed in Wica.dll (Windows Install Compability Advisor) because eax is null (smells like a bug), so I wanted to do some more analysis. Wica.dll comes bundled with the Web Setup and is extracted along with the other bundled files into the temp folder (in my case %temp%\1fd52b5b-2609-4156-ac02-49dca27a0a8d\WebSetupExpanded).
In the WebSetupExpanded folder is an executable called WebSetup.exe but when we launch it directly we get an error:
I figured we needed the pass some argument on the commandline to run it directly, so I loaded Websetup.exe in Ida Pro. Websetup parses it’s commandline in an internal function called ConX::Setup::Web::CWebSetupCommandLineInfo::ParseParam
In the screenshots we can see that the following commandline arguments are being checked:
So let’s see what they do:
/main is required to start without showing the launch error.
/late shows a dialog to enter the product id:
/showerr shows a dialog indicating your PC doesn’t meet system requirements:
/elevate and /silent are meant to be used together with the other switches.
So in order to run the WebSetup from the debugger I needed the /main argument.
Very nicely: Because I ran the debugger I noticed that Websetup outputs debug info:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | Debugged application message: Info [ConX::Compatibility::Wica::RunScanner] device scan finished. Debugged application message: Info [ConX::Compatibility::Wica::ImportPreviousScan] Previous system report not present; assuming first run. Unloaded C:\Windows\SysWOW64\slc.dll Unloaded C:\Windows\SysWOW64\sppc.dll Debugged application message: Info [ConX::Compatibility::Wica::RunScanner] Starting application scan - WicaInventory.exe /apps /fast /ext "exe,sys" /output "C:\Users\rweijnen\AppData\Local\Microsoft\WebSetup\Panther\WICA_Programs_REMKOLAPTOP.xml" /log "C:\Users\rweijnen\AppData\Local\Microsoft\WebSetup\Panther" "c:\Users\rweijnen\AppData\Local\Temp\1fd52b5b-2609-4156-ac02-49dca27a0a8d\WebSetupExpanded" 630000: loaded Debugged application message: Info SkuGetEditionOfferInfo: Filter Attribute Name [ Standard ] Value [ 1 ] Debugged application message: Info GetOffers Query Structure Debugged application message: Info Include physical media [ Yes ] Debugged application message: Info Host OS License State [ Genuine ] Debugged application message: Info Host OS Architecture [ 64Bit ] Debugged application message: Info Host OS Language [ 1033 ] Debugged application message: Info Host OS Edition [ Ultimate ] Debugged application message: Info Host OS Version [ 6.1.7601 ] Debugged application message: Info Host Edition Type: [ COMPLETE ] Debugged application message: Info Offer Edition [ (null) ] Debugged application message: Info User UI Language [ 1033 ] Unloaded Debugged application message: Info [ConX::Compatibility::Wica::RunScanner] Started application scan. Debugged application message: Info Number of Offers returned [ 1 ] Debugged application message: Info PRERELEASE offer index [ 0 ] Debugged application message: Info Product ID [ WN7-00114_64Bit ] BackupMedia ID [ ] Debugged application message: Info GetOffers succeeded! Debugged application message: Info Getting Ready for the PreRelease flow Debugged application message: Info ConX::Setup::Web::COnlineStore::SelectOffer: [ WN7-00114_64Bit ] Debugged application message: Info ConX::Setup::Web::COnlineStore::StartCheckoutInternal |
From this debug output I could see that is calls WicaInventory.exe and writes a log file and an XML file into %AppData”%\Local\Microsoft\WebSetup\Panther\”.
Interesting to see what’s in there.
But finally we get to the point where it crashes:
[ConX::Compatibility::Wica::GetDeviceList] Loading list of devices.
The instruction at 0xFEE49A8 referenced memory at 0x0. The memory could not be read -> 00000000 (exc.code c0000005, tid 8668)
From the disassembly we can see it’s a bug, at function start is the instruction xor edi, edi (after which edi is 0) after that follows and [ebp+var_240] which makes that variable 0 (var_240 equals ebp (the stack pointer) – 240h which you saw in the Visual Studio debugger screenshot):
3 Responses for "Undocumented commandline switches for Windows 8 CP"
interesting!
[…] free hardware/software inventory tool Author: Remko 1 Mar Yesterday I wrote about the Windows 8 CP WebSetup installer and told you that the Application Compatibility check creates a few XML files in the folder […]
Do you know how to uninstall the window 8 web setup program??
Leave a reply