By default, WindowsApps are stored in C:\Program Files\WindowsApps, which is one of the most heavily defended folders in Windows. Modifying files inside it is not possible, even under WinRE/PE.
The only way I’ve found to tamper with it is by using the following script:
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
public static class MyKernel32
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode)]
public static extern bool MoveFileEx(
String lpExistingFileName,
String lpNewFileName,
uint dwFlags);
}
"@
[MyKernel32]::MoveFileEx("C:\Temp\metadata.vhdx", "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2304.40000.10.0_x64__8wekyb3d8bbwe\metadata.vhdx", 5)
[MyKernel32]::MoveFileEx("C:\Temp\userdata.vhdx", "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2304.40000.10.0_x64__8wekyb3d8bbwe\userdata.vhdx", 5)
[MyKernel32]::MoveFileEx("C:\Temp\product.vhdx", "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2304.40000.10.0_x64__8wekyb3d8bbwe\product.vhdx", 5)
[MyKernel32]::MoveFileEx("C:\Temp\system.vhdx", "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2304.40000.10.0_x64__8wekyb3d8bbwe\system.vhdx", 5)
[MyKernel32]::MoveFileEx("C:\Temp\system_ext.vhdx", "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2304.40000.10.0_x64__8wekyb3d8bbwe\system_ext.vhdx", 5)
[MyKernel32]::MoveFileEx("C:\Temp\vendor.vhdx", "C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2304.40000.10.0_x64__8wekyb3d8bbwe\vendor.vhdx", 5)Run this script as an administrator. It will replace six files inside the WSA package with six files located under C:\Temp
Once you reboot, if the files under C:\Temp are gone, it means the operation was successful.