WinPE as a stateless harness for Windows driver testing and fuzzing
What if you need to do very low-level testing involving the very guts of Windows NT, but don't need most of the userland that sits on top? In fact, what if that userland only slows you down and complicates the work you're trying to do?
The solution is Windows PE (Windows Preinstallation Environment). It is an official, stripped-down environment distributed with every Windows ISO image. It runs entirely in RAM, requires as little as 512 MB of memory, and lacks support for DirectX, the PowerShell subsystem, or the standard graphical shell (Explorer). Booting by default with NT AUTHORITY\\SYSTEM privileges makes it an ideal test harness for both of these tasks.
The following analysis focuses on the low-level mechanisms of WinPE, as well as BCD and QEMU modifications that allow transforming this system into an ultra-fast, idempotent testing environment.
Piotr Bednarski
Now, the kind of work Bednarski does isn't the most common of tasks, but I've often wondered just how far you can get by bolting on whatever WinPE will allow you to. There were various unofficial third-party tools that built Windows live CDs based on WinPE, but I think most of those have died out by now. If you look hard enough, you can also find some other utilities people made for WinPE, including even some rudimentary web browsers. Regarding web browsers, modern efforts seem to run into issues.
WinPE is not really meant for any advanced functionality, but I really do wonder how capable you can make it without turning it into regular Windows.