How to recover the File-Based Write Filter files from the WAIK

The File-Based Write Filter (FBWF) files allow you to build a bootable Windows XP or Vista disk that appears writable. This allows you to build a BartPE or Winbuilder boot disk that you can add drivers to at run time. The changes you make will be written to RAM, rather than to the disk itself, and will be lost on reboot. This is great for adding NIC drivers for your specific system at run time.

You can find several plugins for FBWF (like here), but the files are not included because they are Microsoft files. They are freely available, but it is somewhat tricky to retrieve them. Here is how to do so:

Tools you will need:
ISOBuster

1. First, download the Windows Automated Installation Kit (WAIK). This is a DVD ISO image that is just under 1 GB in size.
2. Install and run ISOBuster. Using the File > Open Image File command, open the image file that you downloaded in Step 1. Note that this file has an extension of ".img", so you may need to change the image selector in ISOBuster to All files.
   
3. In the root of the image, select the files WAIKX86.MSI and WINPE.CAB. Extract these files from the image, either by dragging them out of the ISOBuster folder to your local hard drive or by selecting them and then choosing File > Selected Objects > Extract Objects. For this exercise I will extract them to C:\Temp.
   Note: I chose the file WAIKX86.MSI because it matches my architecture. If you are on a 64-bit system, choose the appropriate "WAIK*.MSI" files instead. In each case, you will also need the WINPE.CAB file.
   
4. Run the following command at a command prompt:
   
   C:\> msiexec /a C:\Temp\WAIKX86.MSI TARGETDIR=C:\Temp\WAIK /qb
   
   This will extract all the files from the WAIK into the directory C:\Temp\WAIK.
5. Open the folder C:\Temp\WAIK\Tools\<architecture>. For most people, <architecture> is "x86".
6. Right-click the file "wimfltr.inf" and choose Install. This is necessary for the WIM mount later on to succeed.
   
7. Create the directory C:\Temp\winpe. Then run the following command:
   
   C:\> C:\Temp\WAIK\Tools\x86\imagex.exe /mount C:\Temp\WAIK\Tools\PETools\x86\winpe.wim 1 C:\Temp\winpe
   
   This will open the contents of the winpe.wim file in the directory C:\Temp\winpe.
8. Now you can find the FBWF files in the following locations:
   
   C:\Temp\winpe\Windows\System32\fbwflib.dll
   C:\Temp\winpe\Windows\System32\fltLib.dll
   C:\Temp\winpe\Windows\System32\drivers\fbwf.sys
   C:\Temp\winpe\Windows\System32\drivers\fltMgr.sys
   
   Copy them to a location outside of C:\Temp\winpe.
9. Once you have the files, unmount the winpe.wim file with this command:
   
   C:\>C:\Temp\WAIK\Tools\x86\imagex.exe /unmount C:\Temp\winpe
   
   
10. You can then uninstall the filter you installed earlier by running this command:
    
    C:\>rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 132 C:\Temp\WAIK\Tools\x86\wimfltr.inf