Compatibility issue with Bart's PE Builder

[nameless]

I am running PG 3.050 and Bart's PE Builder 3.0.33 with WinXP Pro SP-2.

When building the BartPE ISO file, the builder executable (pebuilder.exe) fails to unload the temporary registry hive (petmphive). This occurs even if all permissions are granted to pebuilder.exe.

Enabling learning mode is of no benefit, and no PG alerts occur in any case, which is strange. The exact error thrown by the builder is:

Code:

Error: closeHive failed: RegUnLoadKey (key="PEBuilder.exe-C:/bartpe/petmphive") returned error 0: Access is denied.

Additionally, other errors occur, including this one:

Code:

Error: addFromInf failed: RegSetValueEx "AppInit_DLLs" returned error 2: The system cannot find the file specified. Line=1327 Key="Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows" Value="AppInit_DLLs"

In short, the only way to get successful builds when running pebuilder.exe is to totally disable PG protection before running pebuilder.exe. Also, if the petmphive hive is stuck open, you will have to unload it manually.

[nick s]

Quote:

Originally Posted by nameless

I am running PG 3.050 and Bart's PE Builder 3.0.33 with WinXP Pro SP-2.

When building the BartPE ISO file, the builder executable (pebuilder.exe) fails to unload the temporary registry hive (petmphive). This occurs even if all permissions are granted to pebuilder.exe.

Enabling learning mode is of no benefit, and no PG alerts occur in any case, which is strange. The exact error thrown by the builder is:

Code:

Error: closeHive failed: RegUnLoadKey (key="PEBuilder.exe-C:/bartpe/petmphive") returned error 0: Access is denied.

Additionally, other errors occur, including this one:

Code:

Error: addFromInf failed: RegSetValueEx "AppInit_DLLs" returned error 2: The system cannot find the file specified. Line=1327 Key="Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows" Value="AppInit_DLLs"

In short, the only way to get successful builds when running pebuilder.exe is to totally disable PG protection before running pebuilder.exe. Also, if the petmphive hive is stuck open, you will have to unload it manually.

Hi nameless,

Another way of getting around those issues (I've had similar errors with or without PG) is to boot into Safe Mode, login as Administrator, and then build the ISO.

Nick

[nameless]

Thanks, but that's not an option for me. I run dozens of PE builds a day, and I need to use Virtual PC at the same time (to test the builds), and also get other work done.

And I was hoping that DCS could take a look at the issue too, which was my main point.

I've build BartPE ISO files hundreds of times before, and this has never happened. And having PG enabled or disabled makes the difference every time. So on my system, this issue seems definitively linked to PG.

[Jason_DiamondCS]

ProcessGuard is protecting various parts of the registry as it needs to. These protections are only disabled when protection is disabled. There is nothing you can really do because those protections are in place to ensure the integrity of ProcessGuard.

The appinit_dlls one is due to one of your global protection options (Block Registry DLL injection), so you can remove that one if you want.