Are you looking to create some sort of service removal tool or something? Why go through all this effort?
He wants to build a tool to port SKU specific packages to others that can be installed through DISM. 100 has said that he designed a messy script for this job but its still unpublished.
This would be perfect if a package like NFS client can be taken form the Enterprise version and transferred to the Pro Version.. this is the only thing is preventing me from installing the Pro version..
This is maybe a stupid suggestion, but maybe poking around in the Dart installer files (in hex?) you can find a few tricks. I know if you select something like "add setup files" it will also add the other necessary files\dependencies. It will also remove unnecessary packages, so maybe that part will help. Good luck anyways. I'm sure there is essentially no documentation on the matter.
As far as I can tell, it's only files in subdirectories of %SystemRoot%\WinSxS that are subject to this 'compression'. Catalogue files are stored in %SystemRoot%\Servicing\Packages, with an identical name to the .mum file - that was the update.cat before the package was installed (usually - keep in mind .mum files can reference other .mum files). You're on the right track. Look for <assemblyidentity> tags inside the .mum file, mentally convert them to 'assembly ID' format (described in my earlier reply), and hunt for a .manifest and/or subdirectory of %SystemRoot%\WinSxS that matches. Of course it isn't there. New version of Windows := new version of dedup := new assembly hashes. However, I was under the impression that .manifest/.mum files did pop the hash value somewhere in the <assemblyidentity> tag. Clearly I was wrong, and you now have a mission on your hands. Perhaps the hash value can be parsed out of the catalogue file in some way? No, you can't. Thanks Microsoft. By a folder below %SystemRoot%\WinSxS that (approximately) matches the .manifest file name. WinSxS doesn't specify individual files - it specifies by entire assemblies. An assembly can contain a single file, though. Hope my rambling helps.
CAT file is MS-signed file, that can't be changed. In this file (some other files checksums are stored), so they can't be changed too. So I was interested if: -only MUM file is hashed inside CAT -MUM and manifests are hashed inside CAT -MUM, manifests and all files from packages (EXEs, DLLs, etc.) are hashed inside CAT If only MUM is hashed there, we could use manifests from W2012 R1 server and edit them with version 6.3.9600... and possible other things... Yes, this is only identification of package files (EXE, DLLs, etc.) and Manifests I have found. However it also means, that we can't find manifest names (WHICH DOESN'T INSTALL FILES) anywhere else and if there is duplicity like: Code: amd64_microsoft-windows-d..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_en-us_c3deac3b462c9b36.manifest amd64_microsoft-windows-d..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_en-us_c70917f1ec898248.manifest amd64_microsoft-windows-d..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_en-us_c85a87fc113bd964.manifest amd64_microsoft-windows-d..oyment-languagepack_31bf3856ad364e35_6.3.9600.16384_en-us_e92b480435f1159f.manifest we can't to find out, which manifest is right without its depacking. Also we can't add them all, it will produce errors.
Alas, I'm pretty sure all files in the package are hashed in the catalogue file. Precisely. The first step is still to figure out this new encryption/compression method MS are using - at which point, all (well, most ) of our problems will be solved.
So SuerBubble can you please share me your script? I don't mind if it's ugly cause I'm not using it for production stuff anywas, just experimentaml. Then I can first try to get it working with Windows 7 for the time being, untill the compression is sorted out.
Stannieman, IIRC there is a Windows 8.0 update KB2821895 servicing stack update that claims to change the compression on winsxs folder stuff as well. It probably wouldn't affect old files unless you run a: dism /online /cleanup-image /startcomponentcleanup If it has a similar effect on the manifest files, it might be a good start for reversing the compression
SuerBubble? As in a homophone of sewer bubble? I shouldn't give you anything after a typo like that. But yes, I'll be happy to post it here as soon as I find it (I recently reformatted my laptop's hard disk). THANKYOU THANKYOU murphy78! Now we have a clue - I avoided attaching OllyDbg and tracing through because I would have had to hook the entire servicing stack... but a single .DLL (or small list of .DLLs) is much less work!
Yep, until we will find, that this "compression" is RSA encrypted file, which will take three trillions years by brute force decrypt... :/
If it's encrypted the decryption key has to be on the system, otherwise it's useless the files are even there. EDIT: I'm currently doing some other things :converting my deduped volume with windows isos to xdelta files cause I find dedum highly unpractical when other computers must be able to read the volume. It's also easier to make backups in the cloud. When I'm done I'll look deeper into this compression/encryption.
They have upgraded the 8.0 servicing stack thing that compresses winsxs folder. Old one was 2821895. New one is 2871777. If you are looking into reversing the strange compression in the winsxs folder i'd start with looking at those two...