Adding Microsoft Standalone System Sweeper to a custom USB drive is no more difficult than creating the initial USB stick. The most complicated part is keeping track of the BCD descriptions; it is far easier to get it right the first time, than have to go back and change it.  Although updating the descriptions is not difficult. 

First download the Microsoft Standalone System Sweeper files for both x86 and x64 – https://connect.microsoft.com/systemsweeper is the beta page, which will change eventually.  I ran both executables and created ISOs.  Next, I mounted those ISO with Virutal clone drive and copied the contents to a working directory, such as c:tempMSSS_x64.  After both ISOs have been copied to a working directory, some files will need to be copied into the main bootable image. 

First, we’ll need to copy boot.wim into our destination image sources directory and rename the file. 

copy c:tempmsss_x64sourcesboot.wim c:tempusbsourcesmsss_x64.wim copy c:tempmsss_x86sourcesboot.wim c:tempusbsourcesmsss_x86.wim

We’ll also need to copy FilesList64.dll, mpam-fex64.exe from the x64 source, and FilesList32.dll, and mpam-fe.exe from the x86 source.  Just put these in the root of the working directory.  Also copy etfsboot_XP.com from the x86 boot directory into the USB boot directory.

Usbroot

Example of my Sources directory – Note this usb stick also has a Windows PE x86, Windows Recovery Environment x86 and x64 already added from a previous build.  It also hosts many of the tools I use often, and a Windows 7 x64 WIM file for random deployment situations.

Sourceswim

Now that all of our files are in place, we will need to update the BCD store to boot the new System Sweeper images.

First make a copy of the default BCD entry and take note of the GUID

bcdedit /store bcd /copy {default} /d "MSSS x86"

bcdedit /store bcd /copy {default} /d "MSSS x64"

Createnewbcdstore

From here, the BCD settings for each new entry must be updated with the path to the MSSS images.  I did this with the following script, since I’m lazy. 

bcdedit /store c:shareWaikusb_pe_workingbootbcd /set {967afa23-91d8-11e0-aea5-005056c00008} device ramdisk=[boot]sourcesmsss_x64.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
bcdedit /store c:shareWaikusb_pe_workingbootbcd /set {967afa23-91d8-11e0-aea5-005056c00008} osdevice ramdisk=[boot]sourcesmsss_x64.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}

bcdedit /store c:shareWaikusb_pe_workingbootbcd /set {d36d8608-91d8-11e0-aea5-005056c00008} device ramdisk=[boot]sourcesmsss_x86.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}
bcdedit /store c:shareWaikusb_pe_workingbootbcd /set {d36d8608-91d8-11e0-aea5-005056c00008} osdevice ramdisk=[boot]sourcesmsss_x86.wim,{7619dcc8-fafe-11d9-b411-000476eba25f}

While I was using Find and Replace to update the GUIDs, I failed to notice, the descriptions pointed to the wrong MSSS images.  So after testing to make sure it worked, I had to go back and rename the BCD entries.

bcdedit /store bcd  /set {d36d8608-91d8-11e0-aea5-005056c00008} description "MSSS x86"

bcdedit /store bcd /set {967afa23-91d8-11e0-aea5-005056c00008} description "MSSS x64"

You’ll need to use diskpart from here to set the partition on the USB drive to active, then copy the files over. 

Manual Updates can retrieved from the Microsoft Malware Protection Center, if you don’t want to get the updates everytime it boots. 

Advertisements