Code: .text:10011740 aWindlp_state_x: ; DATA XREF: sub_100434CE+46o .text:10011740 unicode 0, <windlp.state.xml>,0 .text:10011762 align 4 .text:10011764 aWindlp_stateOl: ; DATA XREF: sub_100434CE+73o .text:10011764 unicode 0, <windlp.state-old.xml>,0 .text:1001178E align 10h .text:10011790 aWindlp: ; DATA XREF: sub_100434CE+98o .text:10011790 ; sub_100436A9:loc_100436D5o .text:10011790 unicode 0, <WINDLP>,0 windpl.dll generates windlp.state.xml and windlp.state-old.xml into Panther directory.
I don't think that "install.esd" is encrypted - it's only compressed. For example take a regular "install.wim" and rename it to "source.wim". Then you can use these two commands: Dism /Export-Image /SourceImageFile:"source.wim" /SourceIndex:1 /DestinationImageFile:"install.esd" /compress:recovery Dism /Export-Image /SourceImageFile:"source.wim" /SourceIndex:1 /DestinationImageFile:"install.wim" /compress:maximum If you have a bootable USB-Stick you can substitute in "source" folder "install.wim" or "install.esd" - will both boot and install. I haven't checked if parameter "/compress:recovery" or "/compress:maximum" are necessary.
It's encrypted. I don't have the 8.1 rollup esd's (no retail key), but i made an esd out of the rtm, started the install like normal. When it reboots the first time, i re-booted into the WinPE, erased the $BT folders and erased everything from the root except config.sys and autoexec.bat, and then captured it to a wim. I then replaced the esd with the install.wim and it installed fine. I wonder if someone tried the exact same procedure with 2 different rollup esds the hash of the captured wim would be the same. Probably not, but at the very least you will have a wim you can edit.
This is the way I would do it. So it's a good way . But the hash wouldn't be the same: e.g. log-files time/date stamps and so on. Afaik your PKEY is included witihin the ESD. Some interessting part is that only boot.wim and install.esd have the current-timestamp. So i guess boot.wim is also some kind of generated but I at least don't understand why, maybe there is some hint as the boot files comes as a WIM. (compare boot.wim vs. install.esd download)
I don't think so - and makes no sense. You can build your own All-in-one "install.wim" by using the dism command several times. In the same way you can build your own All-in-one "install.esd" by using the dism command several times. And it makes no sense to include always the same product key in all different versions (Core, Pro, WMC, Enterprise).
In the wim i captured, the only files i noticed that had a different timestamp (besides the files i originally said i deleted) were \Windows\Panther (delete the whole directory) and \Windows\Prefetch (delete the whole directory). After that, i tried the install again and it worked. As far as i can tell (based on the timestamps) its the esd with all the newly created files deleted, thus an un-encrypted esd. Once again, i'm using the RTM to test, but in the rollup esds i don't see why any files would be different besides the encryption part that i am essentially deleting the files for once un-encrypted. I just grabbed a torrent of the Retail x64 rollup someone grabbed from the store, so i will tinker some more.
I believe he is referring to .esd downloaded from microsoft that requires a valid key entered before you can download. That was one of my suspicions early on. Anyone know for sure ?
Yes, indeed I was talking about the Download with KEY and MS DL Programm. I think someone mentioned it with the included key some months/years ago, but I never checked on that.
My guess was each .esd is tagged so when one finally does leak, they'll know what retail key it was associated with. So we might need a method to generalize/remove the data from an .esd after we figure out how to decompress/decrypt (semantics).
No it's not, generated install.esd or (self-made from install.wim) is just compressed also the generated install.esd is not tied to produck key i used doownloaded store upgrade install.esd (windows 8 pro was activated), then i use it to clean install, added ei.cfg, and the installation goes well and i got unactivated windows 8.1 pro with generic retail key.
if it is not encrypted then you could just extract it using dism or 7zip (as 7zip supports wim format)
It could be algorithm M$ using to compress file that 7zip can't understand... But DISM know(algorithm) how to use it to create (install)esd....
So you are saying dism can extract content from the .esd transferred online (I have no idea about it, I am asking you)?
or maybe we just don't know the command to do so. It must be something easy because boot.wim can install these .esd so whatever it is it is in boot.wim.