MistyPE is a minimalist 32 or 64-bit Windows Preinstallation Environment (WinPE)/Windows Forensic Environment (WinFE) with a GUI shell (BBLean - based on BlackBox for Windows). WinPE was originally developed as a DOS replacement - for system deployment, backup, restore and recovery (see here for an overview).

The MistyPE project can be used to create WinPE (version 2.x/3.x/4.0/5.x/10.x) in a matter of minutes from Windows installation media - a DVD, local folder, network share or mounted disc image. Whilst there is also an option to collect the necessary file dependencies from the host operating system (or an offline operating system) a mounted .iso file is recommended. RTM versions of Windows are also recommended. The Windows Automated Installation Kit (WAIK) or Assessment and Deployment Kit (ADK) is not required, however it is possible to use a WAIK/ADK build if optional components (packages) are required.

This project can be used to build MistyPE from the following 32 and 64-bit installation media -

The above versions of Windows have been tested and confirmed to be working. It may also be possible to use Windows Server 2008\2012 sources.

The build process has been tested on the following operating systems -

There are also reports of the build process working on Windows XP and 2003.

MistyPE has been designed as a modular system. Whilst it is theoretically possible to add any program that runs on a full version of Windows, all file dependencies and registry settings will need to be traced and manually added.

I have done my best to account for any errors that might occur during the build process and have scripted the project to provide information and warnings so that the end user can decide whether or not to continue - or to identify potential errors. I recommend that you use the majority of settings from the download initially (adding SysWoW64 support and changing keyboard/language as required) - providing that a valid source is selected the project should work.

Build times will vary depending on a range of factors including source files, hardware, and whether a cache with Windows files and programs already exists. In a recent test, using 64-bit Windows 10.0.14393 source files and the INJECT build method with an existing Cache, the project build time with all programs and SysWoW64 included in the build was under 3 minutes. 32-bit builds are significantly faster.

Document date - 20th January 2018