What I describe here is how to manually change the boot animation, the four lighting balls that turn into the Windows flag. I will also explain in detail how to modify nearly everything until after animation is finished playing.
Before we start I can say that it is also possible to switch to a static boot image by patching the kernel. Just do the same thing you did on nt 5.x. Replace the first bitmap in the kernels resources.
To change the animation there are several things to remember. Unless you want to patch bootmgr and winload.exe, you must configure TESTSIGNING on in the BCD. It is possible to do this without TESTSIGNING, but we will get to the details later on. And the hacks work equally fine on x86 as on x64!
Unless you want to read about the details, you can go straight to user thaimins's (Jeff) excellent application that will do it all for you and supporting both 32 and 64-bit; http://www.coderforlife.com/projects/win7boot/ and here's also a link to a good collection of animations on a german forum; http://www.deskmodder.de/phpBB3/view...?f=220&t=13363
1. Now the animated bitmap, activity.bmp, is loacted inside a wim in bootres.dll. We will first need to extract the wim, so we open the dll in resource hacker and export the resource named RCData. The wim can then be mounted with lots of tools, like 7zip and gimagex. Inside there is activity.bmp found. I will not make this a tutorial about animation, so for the sake easyness we just open the file in paint.exe and see that there are a numerous bmp's stacked over each other;
2. When the animation work is done, we must pack the bmp into a wim again. Preferrably use gimagex and fill out information anf boxes like in this image;
3. Now we must replace the resource named RCData inside bootres.dll with the wim we just created. Use resource hacker like this;
5. Update the checksum of bootres.dll as found in the PE header. (I have made a custom one myself but cannot find it..). Therefore use the PE-editor or any similar tool to correct the checksum.
6. Now we can sign the file with a test certificate. It is important to erase any previous pointers to the table, as descibed in point 4, otherwise you likely will not be able to sign the file.
After successful signing, the properties will hopefully look like this;
7. This step is only necessary if you are going the testsigning route. Add it with a command like this (adjust the path and guid);
8. Works on both 32-bit and 64-bit! Good luck. 
This is how one of my tests went;
And for historical purposes I will keep as evidence my first (and by far the lamest ever) modded animation;
Some more technical details:
Removing watermark when TESTSIGNING is configured.
Regarding the "Test Mode" watermark in lower right corner, it can be removed by zero out string id no 738 in user32.dll.mui, update checksum, and rebuild mui cache.
http://deepxw.blogspot.com/2008/12/r...-20081210.html
BOOTMGR
Is composed of a 16-bit stub and a 32-bit executable (bootmgr.exe). Inside the 32-bit executable the ere is an xsl resource with lots of stuff that can be tweaked. After Vista the 32-bit part was compressed, which means you must decompress it before you can analyze the pe file. This way more code can fit into 512 Kb. Thaimin made this great tool, bmzip that will compress/recompress bootmgr; http://www.coderforlife.com/projects.../extras/#bmzip. It is also possible to boot with uncompressed bootmgr.exe (pre Vista). For that to happen you must grab bootmgr.exe and delete some of the unneeded stuff in the xsl resource (like network/multicast and certain error messages), as well as the embedded digital certificate. Then attach the 16-bit stub from Vista SP0 that could handle uncompressed bootmgr.exe.
Without TESTSIGNING
This is divided in 2 parts. There are many ways to achieve this, but I mention only what is strictly necessary.
The first is about bootmgr only. At VA 421EC5 change 7416 to 9090. That will deactivate the signature validation inside bootmgr. If you don't do this then you must set TESTSIGNING on for {bootmgr}. Optionally you can deactivate the checksum as well. If so then change EB08 to 7403 at 0x105E in the stub. If not then NOINTEGRITYCHECKS must set on for {bootmgr}. But if checksum is corrcted in bootmgr.exe after modification then this last step is not required.
The second is about winload.exe and handles all other files after bootmgr during the boot. It is basically the same hack as for bootmgr. At VA 429612 change 7416 to 9090. Now winload.exe and all files loaded later, doesn't have to be signed by a test certificate. Just make sure you just have some dummy values for the Certificate Table in the Data Directories.
If you want to completely deactivate all checksums, so that you can boot with bad checksum in all files after bootmgr, we must patch winload.exe in 3 places;
Translate from va to raw offset;
Alternative TESTSIGNING method
Yet another way to solve the TESTSIGNING issue. We boot by configuring TESTSIGNING on in bcd. Now the intersting part is that we can patch the kernel so that when code integrity (ci.dll) is initialized, it will continue booting like as if TESTSIGNING was not set in the bcd. I've verified this because the watermark was not put on the desktop, at the same time as TESTSIGNING was shown in the registry under the key SystemStartOptions. I really don't recommend messing with the kernel, so you might want to stick with the other working solutions already posted. For those that like testing this, here is the patch located in the function SepInitializeCodeIntegrity. Change both conditional jumps to a jump short instruction (jmps);
This way the kernel will always continue booting the system without testsigning, regardless of what you put in the bcd. The nice thing is you can have testsigning for the first part of the boot process, and choose to finalize the booting without testsigning. When testing kernels it could be a good thing to specify your custom kernel in the bcd with the kernel parameter (like "KERNEL mykernel.exe").
Now TESTSIGNING gets deactivated after the animation is played.
Modifying the text shown when animation is played can be done by hacking winload.exe:
1. To change the text "Starting Windows" you can open a resource editor and edit the "Message Table". Go for the last string.
2. To change the text "� Microsoft Corporation" at the bottom, you can search and replace the hex signature;
0000000000A90020004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E 000000
I found that the easiest way to remove both the copyright message and startup text is to set font size to 0. Replace the "B" with "0", and you will only have the animation present in the centre of the screen;
Placing the startup text at the very top of page can be done by replacing 20B with 000;
Changing the font size of the startup text is done here;
Changing "12" with "86" will create a huge text that will cover over the copyright message like this;
To change colour for copyright text look here;
and replace 7F7F7FFF with FF00FF00 to get purple coloured text.
And to change the startup text colour we must inject some of our own code. This is what I did to create light green coloured startup text:
old code
new code
old code
new code
So the actual color code are stored at va 00467206 or raw offset 0x64A06.
Animation parameters:
Some animation parameters can also be tweaked (thanks to AlexYM). As the actual animation is played by the kernel we must patch it to modify these values.
The relevant function is ResFwpGetProgressIndicatorAnimation and this how it looks like in IDA for ntkrnlpa.exe;
Explanation after converting from hex to decimal:
So I made another stupid animation hack that is more annoying than elegant. Setting framerate to 78 (4e) and the number of first looping frames to 57 (39) will let you see the crystal balls start flying and when they are done (before they melt together) it will start over again. Really annoying to look at, especially when this repeates itself 19 times!
Modifying the coordinates of the animation can be testing while debugging in windbg with this script;
More kernel stuff: Distorted resoltion hack
I have done some tests and believe it is impossible to set screen resolution correctly to 800x600 and get animation at the same time. However I noticed it is possible to boot with 1024x768 and then force the kernel into believing the resolution is something different (must be smaller though, else it will crash) right before it will play the animation. With forced 800x600 it will look like flimmering stretched over the screen like this;
With 768x512 it looks like this;
To test this in windbg you can issue this command;
That is for 768x512 since 300h in decimal = 768 and 200h in decimal = 512. So the animation is played, but with a very distorted look. And sure funny for testing in virtual machines.
Patching the kernel (ntoskrnl.exe) on disk in a similar way translates into;
About BOOTMGR.XSL/OSLOADER.XSL
These are found inside bootmgr and winload.exe, and will influence on how things are displayed on screen when booting with different setups. It is basically a bunch of different frames, like for instance the menu presented when the BCD content is displayed. Thaimin explained the colour codes quite well;
This is the last page shown by bootmgr (after the boot menu), right before winload.exe takes over;
The first page shown by winload.exe is;
You can tweak background and text like this (just another lame example);
The actual page shown when the animation is played is this;
You can thus modify nearly everything in these frames.
Lately full image background has been solved (by thaimin) in winload.exe. A bitmap is added as rcdata 1 resource, and a new function was written to handle it. Proof;
Link to the documentation created by thaimin; http://www.coderforlife.com/projects...mage-notes.zip
Adding driver printing on top of bitmap
This last hack is currently not implemented in thaimins app. By following the next instructions you should be able to achieve something like this;
What we do is modify winload.exe's handling of the SOS switch. We can modify the code slightly inside OslDisplayInitialize (this is necessary), by changing this
to something invalid like
and basically deactivate the standard graphics handling if SOS switch is on. Specifically, it is the loaderblock passed on to the kernel that informs the kernel that SOS is not on, and thus allows for the animation to be played.
We need to make a jump to some custom code at 4014e0. This is inside OslpMain and necessary for the bitmap to replace the background xsl template. Original code;
changed to;
and the custom code was placed right behind thaimins bitmapdrawing function;
Now and instead of having the whole screen covered with driver printings, we must reduce the size of the template that is displayed too. Here's my minimal "osload-sos" template;
As you may see, it's the height that will specify the number of lines displayed of driver printing.
Joakim Schicht
Note:
All disassemblies are based on x86 version 6.1.7600.16385. There's almost no difference in 32-bit vs 64-bit binaries. Some parts may change in future versions, but should not be too hard to figure out.
Link to thaimin's excellent tool that will do it all for you; http://www.coderforlife.com/projects/win7boot/ And supporting both x86/x64 architectures! Some bugs are currently in the tool but I believe he will create a major update, hopefully in December.
Before we start I can say that it is also possible to switch to a static boot image by patching the kernel. Just do the same thing you did on nt 5.x. Replace the first bitmap in the kernels resources.
To change the animation there are several things to remember. Unless you want to patch bootmgr and winload.exe, you must configure TESTSIGNING on in the BCD. It is possible to do this without TESTSIGNING, but we will get to the details later on. And the hacks work equally fine on x86 as on x64!
Unless you want to read about the details, you can go straight to user thaimins's (Jeff) excellent application that will do it all for you and supporting both 32 and 64-bit; http://www.coderforlife.com/projects/win7boot/ and here's also a link to a good collection of animations on a german forum; http://www.deskmodder.de/phpBB3/view...?f=220&t=13363
1. Now the animated bitmap, activity.bmp, is loacted inside a wim in bootres.dll. We will first need to extract the wim, so we open the dll in resource hacker and export the resource named RCData. The wim can then be mounted with lots of tools, like 7zip and gimagex. Inside there is activity.bmp found. I will not make this a tutorial about animation, so for the sake easyness we just open the file in paint.exe and see that there are a numerous bmp's stacked over each other;
I know nothing about animations so I just modify the bitmaps like a retard would do.
2. When the animation work is done, we must pack the bmp into a wim again. Preferrably use gimagex and fill out information anf boxes like in this image;
Notice the name, the compression (max) and the boot flag. You better create a new wim instead of reusing the old one. That way the size is much smaller.
3. Now we must replace the resource named RCData inside bootres.dll with the wim we just created. Use resource hacker like this;
4. Now we need to clean the pe header for the (old) pointer to the previous Certificate Table that we now have removed/invalidated. Fire up bootres.dll in a hex editor and fill 8 bytes of 00's at offset 0x150 (representing the offset and size respectively for the Certificate Table. Actually this can vary so better check 0x3c for the location PE header and then move another 0x98 from the PE header location, and you will land on the right place. Like this;
Or you may grab a PE-editor to do the work for you.
5. Update the checksum of bootres.dll as found in the PE header. (I have made a custom one myself but cannot find it..). Therefore use the PE-editor or any similar tool to correct the checksum.
6. Now we can sign the file with a test certificate. It is important to erase any previous pointers to the table, as descibed in point 4, otherwise you likely will not be able to sign the file.
After successful signing, the properties will hopefully look like this;
Do not bother with the timestamping. It will not make any difference really.
7. This step is only necessary if you are going the testsigning route. Add it with a command like this (adjust the path and guid);
Code:
bcdedit /store v:\boot\bcd /set GUID testsigning on
This is how one of my tests went;
And for historical purposes I will keep as evidence my first (and by far the lamest ever) modded animation;
Some more technical details:
Removing watermark when TESTSIGNING is configured.
Regarding the "Test Mode" watermark in lower right corner, it can be removed by zero out string id no 738 in user32.dll.mui, update checksum, and rebuild mui cache.
http://deepxw.blogspot.com/2008/12/r...-20081210.html
BOOTMGR
Is composed of a 16-bit stub and a 32-bit executable (bootmgr.exe). Inside the 32-bit executable the ere is an xsl resource with lots of stuff that can be tweaked. After Vista the 32-bit part was compressed, which means you must decompress it before you can analyze the pe file. This way more code can fit into 512 Kb. Thaimin made this great tool, bmzip that will compress/recompress bootmgr; http://www.coderforlife.com/projects.../extras/#bmzip. It is also possible to boot with uncompressed bootmgr.exe (pre Vista). For that to happen you must grab bootmgr.exe and delete some of the unneeded stuff in the xsl resource (like network/multicast and certain error messages), as well as the embedded digital certificate. Then attach the 16-bit stub from Vista SP0 that could handle uncompressed bootmgr.exe.
Without TESTSIGNING
This is divided in 2 parts. There are many ways to achieve this, but I mention only what is strictly necessary.
The first is about bootmgr only. At VA 421EC5 change 7416 to 9090. That will deactivate the signature validation inside bootmgr. If you don't do this then you must set TESTSIGNING on for {bootmgr}. Optionally you can deactivate the checksum as well. If so then change EB08 to 7403 at 0x105E in the stub. If not then NOINTEGRITYCHECKS must set on for {bootmgr}. But if checksum is corrcted in bootmgr.exe after modification then this last step is not required.
The second is about winload.exe and handles all other files after bootmgr during the boot. It is basically the same hack as for bootmgr. At VA 429612 change 7416 to 9090. Now winload.exe and all files loaded later, doesn't have to be signed by a test certificate. Just make sure you just have some dummy values for the Certificate Table in the Data Directories.
If you want to completely deactivate all checksums, so that you can boot with bad checksum in all files after bootmgr, we must patch winload.exe in 3 places;
Code:
at VA 428DC5 change 7418 to EB18 at VA 428DE3 change 0F8400010000 to 909090909090 at VA 428DF6 change 0F871CFDFFFF to 909090909090
Code:
va 429612 = raw offset 28a12 va 428dc5 = raw offset 281c5 va 428de3 = raw offset 281e3 va 428df6 = raw offset 281f6
Yet another way to solve the TESTSIGNING issue. We boot by configuring TESTSIGNING on in bcd. Now the intersting part is that we can patch the kernel so that when code integrity (ci.dll) is initialized, it will continue booting like as if TESTSIGNING was not set in the bcd. I've verified this because the watermark was not put on the desktop, at the same time as TESTSIGNING was shown in the registry under the key SystemStartOptions. I really don't recommend messing with the kernel, so you might want to stick with the other working solutions already posted. For those that like testing this, here is the patch located in the function SepInitializeCodeIntegrity. Change both conditional jumps to a jump short instruction (jmps);
Code:
PAGE:00572D42 call _SepIsOptionPresent@8 ; SepIsOptionPresent(x,x) PAGE:00572D47 test eax, eax PAGE:00572D49 jz short loc_572D4D Change 7402 -> eb02.
Code:
PAGE:00572D5A call _SepIsOptionPresent@8 ; SepIsOptionPresent(x,x) PAGE:00572D5F test eax, eax PAGE:00572D61 mov eax, ds:_KeLoaderBlock PAGE:00572D66 jz short loc_572D6B Change 7403 -> eb03.
Now TESTSIGNING gets deactivated after the animation is played.
Modifying the text shown when animation is played can be done by hacking winload.exe:
1. To change the text "Starting Windows" you can open a resource editor and edit the "Message Table". Go for the last string.
2. To change the text "� Microsoft Corporation" at the bottom, you can search and replace the hex signature;
0000000000A90020004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E 000000
I found that the easiest way to remove both the copyright message and startup text is to set font size to 0. Replace the "B" with "0", and you will only have the animation present in the centre of the screen;
Code:
00443852 C745E40B000000 mov dword ptr [ebp-1Ch],0000000Bh
Code:
004437FE C745F40B020000 mov dword ptr [ebp-0Ch],0000020Bh
Code:
004439A6 C7432412000000 mov dword ptr [ebx+24h],00000012h
To change colour for copyright text look here;
Code:
0044384B C745DC7F7F7FFF mov dword ptr [ebp-24h],FF7F7F7Fh
And to change the startup text colour we must inject some of our own code. This is what I did to create light green coloured startup text:
old code
Code:
offset machine code assembler .text:0044399C 832100 and dword ptr [ecx], 0 .text:0044399F 834B1CFF or dword ptr [ebx+1Ch], 0FFFFFFFFh
Code:
offset machine code assembler .text:0044399C E85F380200 call sub_467200 .text:004439A1 90 nop .text:004439A2 90 nop
Code:
offset machine code assembler .rdata:00467200 00 db 0 .rdata:00467201 00 db 0 .rdata:00467202 00 db 0 .rdata:00467203 00 db 0 .rdata:00467204 00 db 0 .rdata:00467205 00 db 0 .rdata:00467206 00 db 0 .rdata:00467207 00 db 0 .rdata:00467208 00 db 0 .rdata:00467209 00 db 0 .rdata:0046720A 00 db 0 .rdata:0046720B 00 db 0 .rdata:0046720C 00 db 0
Code:
offset machine code assembler .rdata:00467200 832100 and dword ptr [ecx], 0 .rdata:00467203 C7431C00FF00FF mov dword ptr [ebx+1Ch], 0FF00FF00h .rdata:0046720A C20400 retn 4
Animation parameters:
Some animation parameters can also be tweaked (thanks to AlexYM). As the actual animation is played by the kernel we must patch it to modify these values.
The relevant function is ResFwpGetProgressIndicatorAnimation and this how it looks like in IDA for ntkrnlpa.exe;
Code:
PAGEBGFX:00748C97 mov eax, 0C8h PAGEBGFX:00748C9C lea edi, [esi+0Ch] PAGEBGFX:00748C9F mov dword ptr [esi], 1 PAGEBGFX:00748CA5 mov dword ptr [esi+4], 19Ch PAGEBGFX:00748CAC mov dword ptr [esi+8], 11Ch PAGEBGFX:00748CB3 mov [esi+10h], eax PAGEBGFX:00748CB6 mov [edi], eax PAGEBGFX:00748CB8 mov dword ptr [esi+18h], 0Fh PAGEBGFX:00748CBF mov dword ptr [esi+1Ch], 69h PAGEBGFX:00748CC6 mov dword ptr [esi+24h], 3Ch
Code:
At 00748C97 we find the frame's width and height as C8 = 200. At 00748CA5 we find the x position of the frame as 19C = 412. At 00748CAC we find the y position of the frame as 11C = 284. At 00748CB8 we find the framerate (per sec) as 0F = 15. At 00748CBF we find the total number of frames as 69 = 105. At 00748CC6 we find the number of first unlooping frames as 3C = 60
Modifying the coordinates of the animation can be testing while debugging in windbg with this script;
Code:
$$ $$ ================================================================== $$ Script to move animation to different coordinates $$ Made for version 6.1.7600.16385 $$ Will also work for SP1 when symbols are available. $$ $$ usage from within a running debug session; $$><kernel.txt $$ usage from commandline when launching windbg; -c "$$><kernel.txt" $$ $$ by Joakim $$ $$ ================================================================== $$ bp nt!ResFwpGetProgressIndicatorAnimation+0x2D g $$ Original machinecode c746049c010000 $$ 9c01 is little endian of 19ch which in decimal is 412 and $$ specifies the x position (from left) eb eip c7 46 04 50 00 00 00 p $$ Original machinecode c746081c010000 $$ 1c01 is little endian of 11ch which in decimal is 284 and $$ specifies the y position (from top) eb eip c7 46 08 50 00 00 00 g $$ ================================================================== $$ Animation now played in the upper left of your screen. $$ ==================================================================
I have done some tests and believe it is impossible to set screen resolution correctly to 800x600 and get animation at the same time. However I noticed it is possible to boot with 1024x768 and then force the kernel into believing the resolution is something different (must be smaller though, else it will crash) right before it will play the animation. With forced 800x600 it will look like flimmering stretched over the screen like this;
With 768x512 it looks like this;
To test this in windbg you can issue this command;
Code:
bp nt!BgpGetResolution "eb nt!BgInternal+0x8 00 03 00 00 00 02 00 00 00 03 00 00"
Patching the kernel (ntoskrnl.exe) on disk in a similar way translates into;
Code:
0073D61E 00030000 dd 00000300h 0073D622 90 nop 90h 0073D623 8B0D1ED67300 mov ecx,[L0073D61E] 0073D629 8908 mov [eax],ecx 0073D62B 8B0D3ED67300 mov ecx,[L0073D63E] 0073D631 894804 mov [eax+04h],ecx 0073D634 8B0D1ED67300 mov ecx,[L0073D61E] 0073D63A 894808 mov [eax+08h],ecx 0073D63D C3 retn 0073D63E 00020000 dd 00000200h
These are found inside bootmgr and winload.exe, and will influence on how things are displayed on screen when booting with different setups. It is basically a bunch of different frames, like for instance the menu presented when the BCD content is displayed. Thaimin explained the colour codes quite well;
Code:
RGBI 15 White RGXI 14 Yellow RXBI 13 Magenta RXXI 12 Red XGBI 11 Cyan XGXI 10 Green XXBI 9 Blue XXXI 8 Dark Grey RGBX 7 Light Grey RGXX 6 Brown RXBX 5 Dark Magenta RXXX 4 Dark Red XGBX 3 Dark Cyan XGXX 2 Dark Green XXBX 1 Dark Blue XXXX 0 Black
Code:
<xsl:template match="bootmgr-end-menu"> <osxml:text-mode-ui> <body background-color="RGBX" foreground-color="XXXX"> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <p pad-left="25">FYI This is next page after boot menu (bootmgr)</p> <br/> <br/> <p pad-left="22">You can put some text here if you want..</p> </body> </osxml:text-mode-ui>
Code:
<xsl:template match="osload-main"> <osxml:text-mode-ui> </osxml:text-mode-ui> </xsl:template>
Code:
<xsl:template match="osload-main"> <osxml:text-mode-ui> <body background-color="RGBI" foreground-color="XXXX"> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <p pad-left="25">FYI This is the first page by winload.exe</p> <br/> <br/> <p pad-left="22">You can put some text here if you want..</p> </body> </osxml:text-mode-ui> </xsl:template>
Code:
<xsl:template match="osload-graphics"> <osxml:text-mode-ui> <body foreground-color="XXXX" background-color="RGBX"> <br/> <p pad-left="25">This is the animation page</p> <textarea width="29" height="24"/><textarea name="status"/> </body> </osxml:text-mode-ui> </xsl:template>
Lately full image background has been solved (by thaimin) in winload.exe. A bitmap is added as rcdata 1 resource, and a new function was written to handle it. Proof;
Link to the documentation created by thaimin; http://www.coderforlife.com/projects...mage-notes.zip
Adding driver printing on top of bitmap
This last hack is currently not implemented in thaimins app. By following the next instructions you should be able to achieve something like this;
What we do is modify winload.exe's handling of the SOS switch. We can modify the code slightly inside OslDisplayInitialize (this is necessary), by changing this
Code:
.text:004061A6 push 26000091h (68 91 00 00 26)
Code:
.text:004061A6 push 99999999h (68 99 99 99 99)
We need to make a jump to some custom code at 4014e0. This is inside OslpMain and necessary for the bitmap to replace the background xsl template. Original code;
Code:
.text:004014E0 lea eax, [ebp+arg_0] (8D 45 08) .text:004014E3 push eax (50) .text:004014E4 push ebx (53)
Code:
.text:004014E0 jmp loc_4573B7 (E9 D2 5E 05 00)
Code:
.text:004573B7 call sub_457370 (new bitmap function) .text:004573BC call sub_443823 (copyright) .text:004573C1 lea eax, [ebp+arg_0] .text:004573C4 push eax .text:004573C5 push ebx .text:004573C6 jmp loc_4014E5 (back to OslpMain to load SYSTEM hive)
Code:
<xsl:template match="osload-sos"> <osxml:text-mode-ui> <body background-color="RXBI" foreground-color="XXXX"> <p pad-left="8" pad-right="8"> <textarea name="file-info" scroll="true" width="68" height="1"/> </p> </body> </osxml:text-mode-ui> </xsl:template>
Joakim Schicht
Note:
All disassemblies are based on x86 version 6.1.7600.16385. There's almost no difference in 32-bit vs 64-bit binaries. Some parts may change in future versions, but should not be too hard to figure out.
Link to thaimin's excellent tool that will do it all for you; http://www.coderforlife.com/projects/win7boot/ And supporting both x86/x64 architectures! Some bugs are currently in the tool but I believe he will create a major update, hopefully in December.
AWESOME! Thanks so much. I am glad that this has been figured out and that any assistance I provided may have helped. The trick with cleaning up the old table is nice! I was just signing over it (it allowed me, but stuff still wasn't working).
Thanks!
Oh, and also a PE Checksum updater is available from: Coder for Life - Projects - Win 7 Customizer Tools
Source code available.
Thanks!
Oh, and also a PE Checksum updater is available from: Coder for Life - Projects - Win 7 Customizer Tools
Source code available.
�� Quote: Originally Posted by thaimin 
AWESOME! Thanks so much. I am glad that this has been figured out and that any assistance I provided may have helped. The trick with cleaning up the old table is nice! I was just signing over it (it allowed me, but stuff still wasn't working).
Joakim
i wonder if i actually helped?
i hope so
will they fix this by SP1?
T_T
i hope so
will they fix this by SP1?
T_T
all of this hex editor stuff is really confusing about jumping to certain offsets
ive used hex editors before and i know my way around
i olny added 2 bytes to the original activity.bmp
do you know a good X64 pe editor to automatically do all this?
OFF TOPIC
mods, you should STICKY this!
ive used hex editors before and i know my way around
i olny added 2 bytes to the original activity.bmp
do you know a good X64 pe editor to automatically do all this?
OFF TOPIC
mods, you should STICKY this!
So if you had some animators then you could release some
alternative bootres.dll's?
i got stuck on the signing when i was trying my hand at
cracking the Bootres and had to rein-install my Win7 -
but animation i can do!!
Also - do you need to BCD if you have a 32 bit win7?
alternative bootres.dll's?
i got stuck on the signing when i was trying my hand at
cracking the Bootres and had to rein-install my Win7 -
but animation i can do!!
Also - do you need to BCD if you have a 32 bit win7?
@taimin
It would still be nice if you wanted to publish the tool you talked about earler on, the automatic signer.
@marcusj0015
The way I described is the hard way, the way you must do if you do not have a great pe-editor. If you have for example PE Explorer, which is one of the best, you will definetely have the features included, and there is no need to use a hex editor. I have never used a x64 based pe editor, so I don't know.
@WaxyChicken
I will not distribute a ready made bootres.dll. Re-installing sounds a little bit overkill.. Try it out in virtual machine first - always! The bcd store must also be adjusted on x86 architecture, otherwise a major security bug is present.
@all
Adding an animation to bootres.dll will likely slow down the boot process, so I would actually advise against it. The stupid animation in the first post must not be implemented on any machine that a person who is sensitive to epileptic seizures are operating..
Joakim
It would still be nice if you wanted to publish the tool you talked about earler on, the automatic signer.
@marcusj0015
The way I described is the hard way, the way you must do if you do not have a great pe-editor. If you have for example PE Explorer, which is one of the best, you will definetely have the features included, and there is no need to use a hex editor. I have never used a x64 based pe editor, so I don't know.
@WaxyChicken
I will not distribute a ready made bootres.dll. Re-installing sounds a little bit overkill.. Try it out in virtual machine first - always! The bcd store must also be adjusted on x86 architecture, otherwise a major security bug is present.
@all
Adding an animation to bootres.dll will likely slow down the boot process, so I would actually advise against it. The stupid animation in the first post must not be implemented on any machine that a person who is sensitive to epileptic seizures are operating..
Joakim
LOL Jaokim
will suffer epelicyec siezures
LMAO
will suffer epelicyec siezures
LMAO
ok this is annoying me you didnt start the project all you did was talk alot in the other thread and you come over here and act like you were the person that figured all of this shit out.then you shit on all the people that had hope for this to be even partitally understandable theres not even x64 support! how about we all just pull this thread until we have a program that can actually handle all of thisfrom one program WITH AN INTERFACE!!!!!seriously this isnt even half baked and your releasing iti say we pull it and write a program to handle all of the aspects of bootres modding
i removed start up video,cuz it makes boot up slower...
I am sorry if I mislead any of you in believing this is a really easy mod. It is not! At least if you don't have a good basic knowledge of pe structure, commandline programs and booting in general. It is clearly stated in the first post what architecture it has been verified on. And in the seventh post I also advise against it, because it just adds to the boot time.
If you want to wait for someone to code a program that does it all in one for, I seriously think you will have to wait for some time. It is not be that hard to code a gui that depends on other programs to do the partial real work, but an AIO - no.
As always, with what I do, consider it as researching notes, and nothing more. Unless you believe it and are ready for experimental mode..
Joakim
If you want to wait for someone to code a program that does it all in one for, I seriously think you will have to wait for some time. It is not be that hard to code a gui that depends on other programs to do the partial real work, but an AIO - no.
As always, with what I do, consider it as researching notes, and nothing more. Unless you believe it and are ready for experimental mode..
Joakim
More info for those that have not already given up;
To change the text below the animation like "Starting Windows" and "� Microsoft Corporation", we must modify winload.exe. It does not have a certificate so only remember to update its checksum when finished.
1. To change the text "Starting Windows" you can open a resource editor and edit the "Message Table". Go for the last string;
2. To change the text "� Microsoft Corporation" at the bottom, you can search and replace the hex signature; In my english winload.exe version 6.1.7600.16385 it was located at offset 0x6e0e8;
3. If successful it may look like this;
Joakim
To change the text below the animation like "Starting Windows" and "� Microsoft Corporation", we must modify winload.exe. It does not have a certificate so only remember to update its checksum when finished.
1. To change the text "Starting Windows" you can open a resource editor and edit the "Message Table". Go for the last string;
2. To change the text "� Microsoft Corporation" at the bottom, you can search and replace the hex signature;
Code:
0000000000A90020004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000
3. If successful it may look like this;
Joakim
A few things. In 64-bit Windows winload.exe is digitally signed so you can't do the above text mod without lots of trouble that hasn't been exactly solved yet.
Also, changing the animation should not add to the boot time at all since an animation would already be playing!
The only thing I can think of that is making it slower is that the original WIM used a special compression method that doesn't seem to be available with wimgapi.dll or any other WIM editor. You could switch to XPRESS (fast) compression instead of LZW (maximum). This means that decompression may be a bit faster with a trade off of needing to read more bytes from the hard drive...
Anyways, I am working on an all-in-one program. So far it covers your steps 1-5 (with one exception...). Next is getting security working!
Also, changing the animation should not add to the boot time at all since an animation would already be playing!
The only thing I can think of that is making it slower is that the original WIM used a special compression method that doesn't seem to be available with wimgapi.dll or any other WIM editor. You could switch to XPRESS (fast) compression instead of LZW (maximum). This means that decompression may be a bit faster with a trade off of needing to read more bytes from the hard drive...
Anyways, I am working on an all-in-one program. So far it covers your steps 1-5 (with one exception...). Next is getting security working!
Are you suggesting "testsigning on" does not solve that on x64? I have no x64 machine at hand so I cannot verify..
Joakim
Joakim
I am simply stating that it has a certificate which must either be removed or replaced.
You actually don't have to remove the old certificate. Just remove the pointer to it in the certificate table.
Could you run a quick x64 test to see if winload.exe will load fine with a bogus certificate and "testsigning on"? If that's not working, then there is no easy way for x64 (ref patchguard).
Joakim
Could you run a quick x64 test to see if winload.exe will load fine with a bogus certificate and "testsigning on"? If that's not working, then there is no easy way for x64 (ref patchguard).
Joakim
i am sorry about my outburst yesterday
i didnt feel it was ready for release because it is still a big mess
its aawesome we got more info
thanks for that
i will attempt it again
i didnt feel it was ready for release because it is still a big mess
its aawesome we got more info
thanks for that
i will attempt it again
An easy way to make a animation bmp:
1. Download Infanview
2. Install it obviously :P
3. Open it
4. Go to image menu and click on 'Create Panorama Image'
5. Click the radio button 'verticle'
6. Select images, press 'create image'
7. go image menu again and go to 'resize/resample'
8. change resolution in pixels to 200x21000
9. save image as bmp with name activity
Hope that helps.
1. Download Infanview
2. Install it obviously :P
3. Open it
4. Go to image menu and click on 'Create Panorama Image'
5. Click the radio button 'verticle'
6. Select images, press 'create image'
7. go image menu again and go to 'resize/resample'
8. change resolution in pixels to 200x21000
9. save image as bmp with name activity
Hope that helps.
That is a great tip vlex26. I am now able to create my own animation with the use of Animation Shop and IrfanView. Started out with a few 200x200 bmp's. It looks great, at least compared to the crap I posted earlier. He he.
Joakim
Joakim
Some more info;
It appears that more than 105 frames also works. It does not mean I recommend that, I just say it is possible. First I tried 110 and then 181. Both tests ok.
But I trust MS when they say they really put an effort into optimizing this part..
Joakim
It appears that more than 105 frames also works. It does not mean I recommend that, I just say it is possible. First I tried 110 and then 181. Both tests ok.
But I trust MS when they say they really put an effort into optimizing this part..
Joakim
I also tried with 300x300 in size and it worked. Well by worked I mean did not crash. The animation got kind of screwed by it.. For either size, having less than 105 frames will crash the system.
Btw, I there is interest I can also give some details on how to change background and text colour for different stages as served by both bootmgr and winload.exe, plus some other tweaks for bootmenu and text stuff in very early boot phaze (before kernel takes over).
Joakim
Btw, I there is interest I can also give some details on how to change background and text colour for different stages as served by both bootmgr and winload.exe, plus some other tweaks for bootmenu and text stuff in very early boot phaze (before kernel takes over).
Joakim
From the MSDN (http://msdn.microsoft.com/en-us/libr...S.85%29.aspx):
So testsigning should work with x64 as long as the files are actually signed, it just allows any certificate.
However, it is looking like I would rather not use test-signing due to the watermark. It sounds like that as long as the files are signed with a certificate in the trusted root certificate authority then it should be good. It is kinda easy to do that. However when I tried doing that, another Windows protection system was activated and it found a backup of the real winload.exe and bootres.dll and replaced the modified ones with the backups...
Quote:
When the BCDEdit option for test-signing is enabled, Windows does the following:
- Displays a watermark with the text "Test Mode" in all four corners of the desktop, to remind users the system has test-signing enabled.Note Starting with Windows 7, Windows displays this watermark only in the lower left-hand corner of the desktop.
However, it is looking like I would rather not use test-signing due to the watermark. It sounds like that as long as the files are signed with a certificate in the trusted root certificate authority then it should be good. It is kinda easy to do that. However when I tried doing that, another Windows protection system was activated and it found a backup of the real winload.exe and bootres.dll and replaced the modified ones with the backups...
Thanks for finding out everything with the frames. I will modify my program to support 105 or more frames.
Quick question: when more than 105 frames are used, do the extra frames get displayed? Or are they just ignored?
If they are actually used, then how does it handle looping? The original animation is 7 seconds long (15 fps) and has the last 3 seconds loop. With more frames, do the first 4 seconds play normal and the last x seconds loop? Or is it that the first x seconds play steady and the last 3 loop?
If they are actually used, then how does it handle looping? The original animation is 7 seconds long (15 fps) and has the last 3 seconds loop. With more frames, do the first 4 seconds play normal and the last x seconds loop? Or is it that the first x seconds play steady and the last 3 loop?
Okay, I have completed the first alpha of my program. It can be found at http://www.coderforlife.com/projects...ot-updater.zip It is 1.4 MB and includes a 'modified' version of activity.bmp and a folder filled with that file broken into 105 frames.
This version has a very simple GUI and completes steps 1-5 and 7 of your guide in the first post (so just not step 6: the signing step...). I have not tested the resulting bootres.dll but have examined it and it looks good.
Some additional features besides just going through those steps automatically:
This version has a very simple GUI and completes steps 1-5 and 7 of your guide in the first post (so just not step 6: the signing step...). I have not tested the resulting bootres.dll but have examined it and it looks good.
Some additional features besides just going through those steps automatically:
- It can take a folder containing either an activity.bmp OR a folder filled with >=105 frames as BMP, PNG, GIF, or TIFF (they all must be the same format).
- It automatically backs up bootres.dll
- No need for imagex, gimagex, or any other WIM program
- Checks files to make sure that there are enough frames and that you are editing and actual bootres.dll
- Updates timestamps on activity.bmp, within the WIM itself, and bootres.dll to match the expected values
- Makes some minor adjustments to activity.bmp so that it is consistent with the original (the original BMP is not exactly the same as a BMP that comes out of MS Paint or other programs)
- Certificate table pointing clearing is done properly for either x86 or x86_64 files.
- Fully supports x86 or x86_64 versions and auto-detects how to handle the file
- Add in signing
- Make it so timestamps are not predefined but are grabbed from the actual files (currently only bootres.dll is done properly, activity.bmp and WIM timestamps are hard-coded)
- Add in winload.exe text modifications
- Add command-line support
- Check if >105 frames should be allowed
- Remove testsigning stuff if a different way is found
I can give you exact answer later on in regards to +105 frames.
About the watermark:
Maybe we can also patch the dll with it inside?
Apart from that I think we are stuck in two different worlds, x86 vs x64. I cannot even open the archive on my x86 platform, as it appears with an unknown format..
Joakim
About the watermark:
Maybe we can also patch the dll with it inside?
Apart from that I think we are stuck in two different worlds, x86 vs x64. I cannot even open the archive on my x86 platform, as it appears with an unknown format..
Joakim
I used a special compression method on the ZIP file to reduce its size (using 7zip). I guess Windows 7 doesn't support LZMA ZIP files (it opened fine on Windows Vista...). I have re-compressed it with the standard ZIP format. So please re-download and try it. The file is now 1.9MB.
It seems like the 106th frame and onwards are ignored, so no need to add a movie..
Regarding the "Test Mode" watermark in lower right corner, it can be removed by zero out string id no 738 in user32.dll.mui, update checksum, and rebuild mui cache.
For a complete guide and working utility to automate the whole process, look here;
TCP-Z, Best TCP/IP Patch: Remove Watermark, V0.8, Build 20090509
Then no traces are left of "Test Mode" and we can add our custom animation within the 200x200x105 limitation..
Joakim
Regarding the "Test Mode" watermark in lower right corner, it can be removed by zero out string id no 738 in user32.dll.mui, update checksum, and rebuild mui cache.
For a complete guide and working utility to automate the whole process, look here;
TCP-Z, Best TCP/IP Patch: Remove Watermark, V0.8, Build 20090509
Then no traces are left of "Test Mode" and we can add our custom animation within the 200x200x105 limitation..
Joakim
Thaimin you program dosent work
each time i launch it it stops working and checks for a solution
i have the Windows 7 OPK installed
maybe thats the problem
running Windows 7 Ultimate RTM x86
each time i launch it it stops working and checks for a solution
i have the Windows 7 OPK installed
maybe thats the problem
running Windows 7 Ultimate RTM x86
So, my 'development' computer is running Windows Vista and it works fine there. I just sent it over to a Win 7 machine and it does crash right away. That is very odd. I will have to look into it.
On the plus side, once I get it running on Windows 7, it now supports editing the text in winload.exe and signing! A bunch of other improvements as well, but it doesn't mean much if it won't run on Win 7...
On the plus side, once I get it running on Windows 7, it now supports editing the text in winload.exe and signing! A bunch of other improvements as well, but it doesn't mean much if it won't run on Win 7...
Thaimin,
do you have a new build of your tool?
cuzz you just said you got it running?
do you have a new build of your tool?
cuzz you just said you got it running?
Okay, I have now fixed my program to work with Windows 7. The problem was BCDEdit changed part of its output format...
I have also now compiled versions for 32 and 64 bit machines.
I have started a page for the project at Coder for Life - Projects - Win 7 Boot Updater
Everything can be downloaded there.
Please test and tell me any more problems and bugs you find.
The new features in this version (alpha 2) are winload.exe text modifications and digital signing.
I have also now compiled versions for 32 and 64 bit machines.
I have started a page for the project at Coder for Life - Projects - Win 7 Boot Updater
Everything can be downloaded there.
Please test and tell me any more problems and bugs you find.
The new features in this version (alpha 2) are winload.exe text modifications and digital signing.
Wow is all that stuff yours? Impressive!! I need to check out your site.
Joakim
Joakim
Yes, it's all mine. My coolest project isn't even up there because I am never completely satisfied with it and am constantly working on it. In fact, all the utilities were written for that project, including wanting to change the boot animation.
I am building a DVR, but I am completely customizing it. I have even built my own case, made my own hardware, and more!
I am building a DVR, but I am completely customizing it. I have even built my own case, made my own hardware, and more!
thaimin, the program is not able to change anything on the boot animation on this machine, but does set the OS in to "Test Mode".
I get this results when running it:
Failed to update animation: Failed to save the updated bootres
Failed to update text: Failed to update the copyright text, this is likely due to noe being able to find the original '� Microsoft Corporation'
Running 64bit.
I get this results when running it:
Failed to update animation: Failed to save the updated bootres
Failed to update text: Failed to update the copyright text, this is likely due to noe being able to find the original '� Microsoft Corporation'
Running 64bit.
Okay, I have found the problem. It is because of the TrustedInstaller ownership of winload.exe and bootres.dll that I forgot about. On my computer I didn't notice because I have been tinkering with those files so much I had made myself owner and given myself full privileges on those files.
I will make my program automatically fix the privileges.
I will make my program automatically fix the privileges.
Sorry thaimin your Programm just stops working when i try to start it.
I open it and i get that Windows "The programm is stuck" screen.
So theres no way doing that with 64 bit?
I open it and i get that Windows "The programm is stuck" screen.
So theres no way doing that with 64 bit?
There was a slight issue with that, I have fixed it in my working copy. There is no problem with 64-bit, there is a problem with all Windows installations that have not been tweaked. I am currently working on solving that problem as well.
And no need to be sorry. Right now I know there are many of bugs with it. And I need people to test it and tell me these problems. Even if you did get the program to run successfully, I offer no guarantee that it will stick after you reboot. That's why I am calling it "alpha" (not even "beta").
And no need to be sorry. Right now I know there are many of bugs with it. And I need people to test it and tell me these problems. Even if you did get the program to run successfully, I offer no guarantee that it will stick after you reboot. That's why I am calling it "alpha" (not even "beta").
I definetly need to go sleep now.
1:19 here and i googled all night how to change the boot screen including many fails.
I hope you can keep me up to date.
1:19 here and i googled all night how to change the boot screen including many fails.
I hope you can keep me up to date.
First, thanks Thaimin for all your help and all your app goodness
second i noticed on your site that you link to the Vista WAIK
i think you should remove that link because of Imagex being replaced by DISM in windows 7 i think it would only cause problems
i havent tested it but i think its best to just stick with Win 7 AIK
and considering the Vista WAIK is alot smaller, people will be inclined to download that one
so just to make sure people dont think you mislead them and to be sure everything works you should only link to the Win 7 AIK
just a suggestion
second i noticed on your site that you link to the Vista WAIK
i think you should remove that link because of Imagex being replaced by DISM in windows 7 i think it would only cause problems
i havent tested it but i think its best to just stick with Win 7 AIK
and considering the Vista WAIK is alot smaller, people will be inclined to download that one
so just to make sure people dont think you mislead them and to be sure everything works you should only link to the Win 7 AIK
just a suggestion
I have actually already thought about this. I have updated the website on my local machine, and will commit once I fix this stupid security problem (getting very close).
I found out that Windows 7 comes with wimgapi.dll which is all that I need, so actually I completely removed that section (you will see in the updated version).
I found out that Windows 7 comes with wimgapi.dll which is all that I need, so actually I completely removed that section (you will see in the updated version).
Hope ya get it soon :P
Really waiting for it but since i can't work on the bootscreen now the Taskbar gets a new skin
Really waiting for it but since i can't work on the bootscreen now the Taskbar gets a new skin
im wrapping up my theme its almost complete al im doing is editing the required files incluiding bootres.dll
so yeah
its called Cloud7 im BumbleBritches57 on DeviantArt
i hope to have it wrapped up in a couple days
so yeah
its called Cloud7 im BumbleBritches57 on DeviantArt
i hope to have it wrapped up in a couple days
---------------------------
Windows 7 Boot Update Results
---------------------------
Failed to update animation: Failed to correct the header of activity.bmp
Failed to update text: Failed to update the copyright text, this is likely due to not being able to find the original '� Microsoft Corporation'
Successfully enabled test-signing!
---------------------------
OK
---------------------------
the last part is funny
"but testsigning worked!"
thats hilarious
oh and the select activity.bmp
would be better if it was the dialog box that can open files and not only folders
and the wording is a little long.
Windows 7 Boot Update Results
---------------------------
Failed to update animation: Failed to correct the header of activity.bmp
Failed to update text: Failed to update the copyright text, this is likely due to not being able to find the original '� Microsoft Corporation'
Successfully enabled test-signing!
---------------------------
OK
---------------------------
the last part is funny
"but testsigning worked!"
thats hilarious
oh and the select activity.bmp
would be better if it was the dialog box that can open files and not only folders
and the wording is a little long.
Here's my contribution. I get this error when the program gets finished. Running the 64bit version on Win7 Enterprise x64.
Thank you all for your input!
I have released "Alpha 4". Here are some notes:
I have fixed the security / TrustedInstaller issue (so you don't manually have to take ownership of bootres.dll and winload.exe). This may fix the error "Failed to update the copyright text, this is likely due to not being able to find the original '� Microsoft Corporation'".
Ascor: I think I have fixed the 'stuck' issue (if it was the same one I had that would come and go if I restarted the computer, there was a bug in a Microsoft library that I had to work around).
marcusj0015: The "Failed to correct the header of activity.bmp" error is an odd one. I never expected to see it. I have added some additional error handling where it is produced so that you can tell me more information.
fritz: I am also getting the "The file was successfully updated, however it failed to be self-signed" error for bootres.dll but I used to not be. I am trying to fix this issue now.
Major note: (at least on x64) this is not working. As soon as I reboot, recovery mode is activated and winload.exe is replaced with the original. However, bootres.dll is sticking but since the new one is not signed it falls back on the Vista bootup. So I need to find the bootres.dll signing problem and how to update the system to think that the new winload.exe is the correct one (I think something with winsxs).
marcusj0015: Thanks for your input on the actual design of everything from the website to the program! About the animation selection dialog: all of these thoughts crossed my mind when I was designing it, however I went the way I did for a couple reasons, although I am not against switching:
I have released "Alpha 4". Here are some notes:
I have fixed the security / TrustedInstaller issue (so you don't manually have to take ownership of bootres.dll and winload.exe). This may fix the error "Failed to update the copyright text, this is likely due to not being able to find the original '� Microsoft Corporation'".
Ascor: I think I have fixed the 'stuck' issue (if it was the same one I had that would come and go if I restarted the computer, there was a bug in a Microsoft library that I had to work around).
marcusj0015: The "Failed to correct the header of activity.bmp" error is an odd one. I never expected to see it. I have added some additional error handling where it is produced so that you can tell me more information.
fritz: I am also getting the "The file was successfully updated, however it failed to be self-signed" error for bootres.dll but I used to not be. I am trying to fix this issue now.
Major note: (at least on x64) this is not working. As soon as I reboot, recovery mode is activated and winload.exe is replaced with the original. However, bootres.dll is sticking but since the new one is not signed it falls back on the Vista bootup. So I need to find the bootres.dll signing problem and how to update the system to think that the new winload.exe is the correct one (I think something with winsxs).
marcusj0015: Thanks for your input on the actual design of everything from the website to the program! About the animation selection dialog: all of these thoughts crossed my mind when I was designing it, however I went the way I did for a couple reasons, although I am not against switching:
- I figured most people would be using many individual frames and not one long already made activity.bmp, thus selecting a folder made sense
- Using a folder made sense from the program side because I pass that folder directly to my WIM system where it captures that folder directly (don't worry, it filters out everything that isn't activity.bmp).
- The wording is long because I wanted people to know the exact requirements for an acceptable folder (if you can think of a better way to word it I am all ears!).
yeah im having the same issues as fritz. i revered engineered ur app and ttrying to figure out a fix.
joking :P im not that talented. i wish tho but if u need help. jst PM me.
�� Quote: Originally Posted by thaimin Major note: (at least on x64) this is not working. As soon as I reboot, recovery mode is activated and winload.exe is replaced with the original. However, bootres.dll is sticking but since the new one is not signed it falls back on the Vista bootup. So I need to find the bootres.dll signing problem and how to update the system to think that the new winload.exe is the correct one (I think something with winsxs).
This the exact same thing that happens to me after restarting.
it still fails to start.
Okay. Does anything happen at all? Or does no window or anything show up? Do you get any error messages? Can you go to a command window and try:
start /w "" Win7BootUpdater
You are running this on Win 7 Ultimate 64? Can you check the Event Log in Computer Management to see if there are any relevant messages?
start /w "" Win7BootUpdater
You are running this on Win 7 Ultimate 64? Can you check the Event Log in Computer Management to see if there are any relevant messages?
thaimin,
about your "MAJOR NOTE"
i agree that it is probably in the WinSxS folder
my suggestion
replace every instance of Bootres.dll and winload.exe on the entire harddrive
DO NOT MAKE IT HARD LINKS
to the direct folder
becaue if microsoft updates the bootres.dll and winload (which i think they WILL DO) then it wont work
i dont know any programming
all i know is system file HACKING AKA Restorator
but you need to somehow search the hdd for all copys of winload.exe and bootres.dll read the version information and select the latset version to edit then edit each different version the same way
so that the latest version is installed and hacked and that way if there is a bug or something windows will choose a second version of bootres to install and all wil be good
basically use the latest version and update each individual copy so that there is the most flexability in versioning
do you get what im saying? i feel like i worded it incorrectly
about your "MAJOR NOTE"
i agree that it is probably in the WinSxS folder
my suggestion
replace every instance of Bootres.dll and winload.exe on the entire harddrive
DO NOT MAKE IT HARD LINKS
to the direct folder
becaue if microsoft updates the bootres.dll and winload (which i think they WILL DO) then it wont work
i dont know any programming
all i know is system file HACKING AKA Restorator
but you need to somehow search the hdd for all copys of winload.exe and bootres.dll read the version information and select the latset version to edit then edit each different version the same way
so that the latest version is installed and hacked and that way if there is a bug or something windows will choose a second version of bootres to install and all wil be good
basically use the latest version and update each individual copy so that there is the most flexability in versioning
do you get what im saying? i feel like i worded it incorrectly
sorry for the double post
heres my suggestion for the wording (can you make the folder select thing for the animation.bmp bigger that will help with the wording)
Select the folder that contains your animation it must be a full activity.bmp or 105 frames in PNG, BMP, GIF or TIF ((only 1 f becaue in photoshop anyway it saves it as .tif to reduce confusion)) (each 200x200px)
---------------------------
---------------------------
Error correcting anim header: System.UnauthorizedAccessException: Access to the path 'C:\Users\Family\Desktop\SystemFiles\Bootres\activity.bmp' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Win7BootUpdater.Animation.CorrectHeader(String path)
Access to the path 'C:\Users\Family\Desktop\SystemFiles\Bootres\activity.bmp' is denied.
mscorlib
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Win7BootUpdater.Animation.CorrectHeader(String path)
---------------------------
OK
---------------------------
DIALOG BOX 2
---------------------------
Windows 7 Boot Update Results
---------------------------
Failed to update animation: Failed to correct the header of activity.bmp
Successfully updated text!
Successfully enabled test-signing!
---------------------------
OK
---------------------------
heres my suggestion for the wording (can you make the folder select thing for the animation.bmp bigger that will help with the wording)
Select the folder that contains your animation it must be a full activity.bmp or 105 frames in PNG, BMP, GIF or TIF ((only 1 f becaue in photoshop anyway it saves it as .tif to reduce confusion)) (each 200x200px)
---------------------------
---------------------------
Error correcting anim header: System.UnauthorizedAccessException: Access to the path 'C:\Users\Family\Desktop\SystemFiles\Bootres\activity.bmp' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Win7BootUpdater.Animation.CorrectHeader(String path)
Access to the path 'C:\Users\Family\Desktop\SystemFiles\Bootres\activity.bmp' is denied.
mscorlib
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Win7BootUpdater.Animation.CorrectHeader(String path)
---------------------------
OK
---------------------------
DIALOG BOX 2
---------------------------
Windows 7 Boot Update Results
---------------------------
Failed to update animation: Failed to correct the header of activity.bmp
Successfully updated text!
Successfully enabled test-signing!
---------------------------
OK
---------------------------
In a command shell it works.
I'll try modify something.
I don't get the command shell.
Can you explain a bit more how to modify?
I'll try modify something.
I don't get the command shell.
Can you explain a bit more how to modify?
marcusj0015 #1: Yeah, that does make sense. I have noticed some weird things with winsxs though. I think during my last examination winload.exe was actually a hard link into winsxs... I made a program for finding all the hard links to a file
marcusj0015 #2: I have updated the text in my local copy. I have also got a real Vista/7 style folder selection window (it was a bit of a bitch since my GUI is all .NET and .NET makes it difficult to let you make one, so I had to wrap the native version...)
marcusj0015 #3: That error is saying that the program doesn't have write access to activity.bmp. This made me realize that WIM files save the security of a file so I should probably change the security of activity.bmp to match so that no issues arise during boot up (I bet it's not expecting to not be able to use the file...). Does it make sense that the program cannot write to the file?
Ascor: Here is an example:
start /w "" Win7BootUpdater /Animation "c:\path\to\animation\folder" /Text "Windows 7 is Starting Up!" "Copyleft Microsoft" /TestSign
Also, its odd that the command line is working but the GUI isn't... everyone else seems to get the GUI just fine.
What do you get if you run the command "bcdedit /enum OSLOADER"?
marcusj0015 #2: I have updated the text in my local copy. I have also got a real Vista/7 style folder selection window (it was a bit of a bitch since my GUI is all .NET and .NET makes it difficult to let you make one, so I had to wrap the native version...)
marcusj0015 #3: That error is saying that the program doesn't have write access to activity.bmp. This made me realize that WIM files save the security of a file so I should probably change the security of activity.bmp to match so that no issues arise during boot up (I bet it's not expecting to not be able to use the file...). Does it make sense that the program cannot write to the file?
Ascor: Here is an example:
start /w "" Win7BootUpdater /Animation "c:\path\to\animation\folder" /Text "Windows 7 is Starting Up!" "Copyleft Microsoft" /TestSign
Also, its odd that the command line is working but the GUI isn't... everyone else seems to get the GUI just fine.
What do you get if you run the command "bcdedit /enum OSLOADER"?
Couldn't find the command.
Argh screw that
misspelled
I hope ya can read it.
Argh screw that
misspelled
I hope ya can read it.
yes it does make sense that it wouldnt be able to write to the file
i took ownership of the entire folder and i unchecked the read only attribute for the entire folder and it still dosent work
im making a win7 image and i would really like it if testsigning would be preset for what ever copy of win7 its copyed too so its portable
only copy the files and they work is what im talking about
YES you should change the security of the file so that it dosent mess up
thats a good idea
does anyone have any ideas of how to NOT need test signing?
that might fix the x64 problems too
~EDIT~
could you somehow modify the actual file that the bcd is stored in and just copy that to basically make it portable?
i took ownership of the entire folder and i unchecked the read only attribute for the entire folder and it still dosent work
im making a win7 image and i would really like it if testsigning would be preset for what ever copy of win7 its copyed too so its portable
only copy the files and they work is what im talking about
YES you should change the security of the file so that it dosent mess up
thats a good idea
does anyone have any ideas of how to NOT need test signing?
that might fix the x64 problems too
~EDIT~
could you somehow modify the actual file that the bcd is stored in and just copy that to basically make it portable?
�� Quote: Originally Posted by marcusj0015 thaimin,
about your "MAJOR NOTE"
i agree that it is probably in the WinSxS folder
my suggestion
replace every instance of Bootres.dll and winload.exe on the entire harddrive
DO NOT MAKE IT HARD LINKS
to the direct folder
becaue if microsoft updates the bootres.dll and winload (which i think they WILL DO) then it wont work
about your "MAJOR NOTE"
i agree that it is probably in the WinSxS folder
my suggestion
replace every instance of Bootres.dll and winload.exe on the entire harddrive
DO NOT MAKE IT HARD LINKS
to the direct folder
becaue if microsoft updates the bootres.dll and winload (which i think they WILL DO) then it wont work
ok and everything works?
if they were to issue an update for winload.ee OR bootres.dll and these registry is setup like GREG S has said then would it be able to update or how would it work
GREG S,
does microsoft update Win Mail for win7?
i dont think so
i think it was removed but you prolly know more about that than i do
i have copyed out files from the WinSxS folder edited saved it to the DESKTOP and copyed it back so SFC dosent undo my mods i can confirm that it works
IT DOES REQUIRE ADMIN RIGHTS THOUGH
if they were to issue an update for winload.ee OR bootres.dll and these registry is setup like GREG S has said then would it be able to update or how would it work
GREG S,
does microsoft update Win Mail for win7?
i dont think so
i think it was removed but you prolly know more about that than i do
i have copyed out files from the WinSxS folder edited saved it to the DESKTOP and copyed it back so SFC dosent undo my mods i can confirm that it works
IT DOES REQUIRE ADMIN RIGHTS THOUGH
I have updated to alpha 5. Mostly bug fixes. I have not addressed the bootres.dll signing issue or winload.exe replacement.
Ascor: I fixed the problem, which was due to your Windows being in a different language. I am now language-independent (I believe).
marcusj0015 #1: You are going to hate one thing about the new animation selection dialog, but I am working on that
marcusj0015 #2: I have added some security management code to working with activity.bmp, try it out!
marcusj0015 #3: You cannot edit the BCD pre-installation (since the installation creates it). But truthfully testsigning isn't doing anything for amd64 right now... So hopefully we won't need it at all. On the other hand you will need my CA certificate installed pre-installation. I made a tool for this, check out the webpage.
Greg S: I knew winsxs was managed in the registry! Thanks for pointing this out. I will be testing this shortly.
Ascor: I fixed the problem, which was due to your Windows being in a different language. I am now language-independent (I believe).
marcusj0015 #1: You are going to hate one thing about the new animation selection dialog, but I am working on that
marcusj0015 #2: I have added some security management code to working with activity.bmp, try it out!
marcusj0015 #3: You cannot edit the BCD pre-installation (since the installation creates it). But truthfully testsigning isn't doing anything for amd64 right now... So hopefully we won't need it at all. On the other hand you will need my CA certificate installed pre-installation. I made a tool for this, check out the webpage.
Greg S: I knew winsxs was managed in the registry! Thanks for pointing this out. I will be testing this shortly.
�� Quote: Originally Posted by marcusj0015 ok and everything works?
if they were to issue an update for winload.ee OR bootres.dll and these registry is setup like GREG S has said then would it be able to update or how would it work
if they were to issue an update for winload.ee OR bootres.dll and these registry is setup like GREG S has said then would it be able to update or how would it work
�� Quote: Originally Posted by marcusj0015 GREG S,
does microsoft update Win Mail for win7?
i dont think so
i think it was removed but you prolly know more about that than i do
�� Quote: Originally Posted by marcusj0015 i have copyed out files from the WinSxS folder edited saved it to the DESKTOP and copyed it back so SFC dosent undo my mods i can confirm that it works
IT DOES REQUIRE ADMIN RIGHTS THOUGH
IT DOES REQUIRE ADMIN RIGHTS THOUGH
I have uploaded alpha 6, it successfully signs bootres.dll (moral of the story: the built-in Windows resource updating functions SUCK, and I kinda knew this before but at least before when they didn't work they would generate an error...)
So I did some exploring and I found that winload.exe is heavily hard-linked, the following files are all actually just links to the same file:
Windows\System32\winload.exe
Windows\System32\boot\winload.exe
Windows\winsxs\...b..vironment-os-loader...\winload.exe
Windows\winsxs\...b..environment-windows...\winload.exe
So winsxs isn't a backup at all. It is the files themselves (at least for bootres and winload). On that note, I noticed that after doing some stuff with Windows\System32\winload.exe the winsxs version also became corrupted. Good thing that my program auto-creates backups and I could restore in Windows Recovery Environment (the auto-recovery was no longer able to restore the file).
Regardless, I have written code to search and delete for the appropriate entries in the SideBySide\Winner registry, so I will start testing that soon.
So I did some exploring and I found that winload.exe is heavily hard-linked, the following files are all actually just links to the same file:
Windows\System32\winload.exe
Windows\System32\boot\winload.exe
Windows\winsxs\...b..vironment-os-loader...\winload.exe
Windows\winsxs\...b..environment-windows...\winload.exe
So winsxs isn't a backup at all. It is the files themselves (at least for bootres and winload). On that note, I noticed that after doing some stuff with Windows\System32\winload.exe the winsxs version also became corrupted. Good thing that my program auto-creates backups and I could restore in Windows Recovery Environment (the auto-recovery was no longer able to restore the file).
Regardless, I have written code to search and delete for the appropriate entries in the SideBySide\Winner registry, so I will start testing that soon.
Hi,
i just got the following message: "... however it was not signed because the CA could not be installed.".
Maybe because i didn't install the certificate from your website? But its offline since the first time i tried to download it 3 hours ago.
Regards from germany, David
-- Thank you
i just got the following message: "... however it was not signed because the CA could not be installed.".
Maybe because i didn't install the certificate from your website? But its offline since the first time i tried to download it 3 hours ago.
Regards from germany, David
-- Thank you
�� Quote: Originally Posted by thaimin Regardless, I have written code to search and delete for the appropriate entries in the SideBySide\Winner registry, so I will start testing that soon.
�� Quote: Originally Posted by thaimin So I did some exploring and I found that winload.exe is heavily hard-linked, the following files are all actually just links to the same file:
Windows\winsxs\...b..vironment-os-loader...\winload.exe
Windows\winsxs\...b..environment-windows...\winload.exe
Windows\winsxs\...b..vironment-os-loader...\winload.exe
Windows\winsxs\...b..environment-windows...\winload.exe
M46935: Oops! The certificate is uploaded, but you don't need it. I have fixed the install CA problem (I recently changed it and since I already had the certificate installed the error never came up).
Greg S: Great! I will get to this, but not right at this moment.
Greg S: Great! I will get to this, but not right at this moment.
"The file was successfully updated, however it failed to be self-signed"
exited with error code 84
I already installed the certificate is this a problem?
exited with error code 84
I already installed the certificate is this a problem?
Same here
it says could not be self signed.
i installed the certificate (altough it failed without your programm [too many options]) and rebooted.
CRASH.
needed to fix it manually
it says could not be self signed.
i installed the certificate (altough it failed without your programm [too many options]) and rebooted.
CRASH.
needed to fix it manually
Taimin,
you have a tool for everything!
thats awesome
you have a tool for everything!
thats awesome
greg s
what you do is goto the WinSxS folder and search for what ever file your working on and goto the folder that contains it (all folders if theres multiple there usually are)
copy it to the dekstop mod it and copy it back to the same folder your good
and repeat for a nessicary files
what you do is goto the WinSxS folder and search for what ever file your working on and goto the folder that contains it (all folders if theres multiple there usually are)
copy it to the dekstop mod it and copy it back to the same folder your good
and repeat for a nessicary files
Thaimin,
your app is reporting complete success ill test it in a sec
im gonna try again because i forgot to update the (copyright symbol) microsoft corp
to (copyright symbol) BumbleBritches57
your app is reporting complete success ill test it in a sec
im gonna try again because i forgot to update the (copyright symbol) microsoft corp
to (copyright symbol) BumbleBritches57
�� Quote: Originally Posted by marcusj0015 greg s
what you do is goto the WinSxS folder and search for what ever file your working on and goto the folder that contains it (all folders if theres multiple there usually are)
copy it to the dekstop mod it and copy it back to the same folder your good
and repeat for a nessicary files
what you do is goto the WinSxS folder and search for what ever file your working on and goto the folder that contains it (all folders if theres multiple there usually are)
copy it to the dekstop mod it and copy it back to the same folder your good
and repeat for a nessicary files
Quote:
In practice, nearly every file in the WinSxS directory is a �hard link� to the physical files elsewhere on the system�meaning that the files are not actually in this directory. For instance in the WinSxS there might be a file called advapi32.dll that takes up >700K however what�s being reported is a hard link to the actual file that lives in the Windows\System32, and it will be counted twice (or more) when simply looking at the individual directories from Windows Explorer.
Some more stuff for the curious..
The first page shown by winload.exe is;
You can tweak background and text like this;
The actual page with the animation on is this;
As you can see when changing the background to grey, the individual elements of the page gets visible;
Explanation of the colours;
For those wanting to look into tweaking earler in the boot process than winload.exe, look into bootmgr. There is also an xsl resource found thas well. The last page by bootmgr and right before winload.exe takes over;
This one is of course tweaked, but just search for the template name. Actually to achieve this on Windows 7 you must do a little bit of work. You must take the pxe version of bootmgr (bootmgr.exe) and attach the 16-bit stub found on the vista sp0 version of bootmgr. Then you must trim the size of the xsl resource (just delete some unneeded entries). Reason is the total size can not exceed 512 Kb. For earlier versions of bootmgr this is not necessary.
As you may have noticed by now (and especially after investigating the xsl resource) all the different stages in the early boot process have their own "page" which of course is tweakable. I have just mentioned the ones relevant for a normal flat boot. The other ones are easily identified by their template name.
@thaimin
I have added a link to your page in the first post.
Joakim
The first page shown by winload.exe is;
Code:
<xsl:template match="osload-main"> <osxml:text-mode-ui> </osxml:text-mode-ui> </xsl:template>
Code:
<xsl:template match="osload-main"> <osxml:text-mode-ui> <body background-color="RGBI" foreground-color="XXXX"> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <p pad-left="25">FYI This is the first page by winload.exe</p> <br/> <br/> <p pad-left="22">You can put some text here if you want..</p> </body> </osxml:text-mode-ui> </xsl:template>
Code:
<xsl:template match="osload-graphics"> <osxml:text-mode-ui> <body foreground-color="XXXX" background-color="RGBX"> <br/> <p pad-left="25">This is the animation page</p> <textarea width="29" height="24"/><textarea name="status"/> </body> </osxml:text-mode-ui> </xsl:template>
Explanation of the colours;
Code:
XXXX=black RGBI=white RGBX=grey RGBY=blue
Code:
<xsl:template match="bootmgr-end-menu"> <osxml:text-mode-ui> <body background-color="RGBX" foreground-color="XXXX"> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <p pad-left="25">FYI This is next page after boot menu (bootmgr)</p> <br/> <br/> <p pad-left="22">You can put some text here if you want..</p> </body> </osxml:text-mode-ui> </xsl:template>
As you may have noticed by now (and especially after investigating the xsl resource) all the different stages in the early boot process have their own "page" which of course is tweakable. I have just mentioned the ones relevant for a normal flat boot. The other ones are easily identified by their template name.
@thaimin
I have added a link to your page in the first post.
Joakim
Greg S
mostly beause im working with shell32 or imageres or something that gets updated often
i really dont know but i always have
just try it
idk how it works in theory but in practice it works great!
nothing has crashed on me everything works fine
maybe becasue i only work one 1 file at a time
and beaseu depending on version it isnt needed
they DO PUT OLD VERSIONS IN THE WinSxS FOLDER incase something happens
idk how it works but i always have
mostly beause im working with shell32 or imageres or something that gets updated often
i really dont know but i always have
just try it
idk how it works in theory but in practice it works great!
nothing has crashed on me everything works fine
maybe becasue i only work one 1 file at a time
and beaseu depending on version it isnt needed
they DO PUT OLD VERSIONS IN THE WinSxS FOLDER incase something happens
idk how it works but i always have
So I haven't worked on the program today, but I will get to testing the registry stuff eventually (I did get a VM Windows 7 setup today so I can test).
Joakim:
Wow, I was hoping the boot would be modifiable like that but I didn't except it to be. That's amazing! The positioning and what not seems a bit weird, and I don't see the animation or copyright element. Also, are there any more colors (like RGBZ)? I really want to integrate an editor for that into a program, or at least allow an import or some basic settings. It is really nice that it is a resource (instead of like the copyright) because that makes it incredibly easier to edit and more reliable.
But that isn't going to come until x86_64 is working with the animation and text.
Thanks for adding the link. Quick question though, have you tested my program on Win 7 x86? Does it work as expected? It seems that everyone else here is using 64-bit and it isn't working (bootres.dll forces Vista-style boot up and winload.exe is replaced by the recovery environment).
If you could, please keep testing new a different cool things for when the 64-bit version is working. One idea is changing the font (it is located in the hex of winload.exe, search for "\fonts\" in UNICODE). They list four fonts: meiryo.ttc, malgun.ttf, msyh.ttf, and msjh.ttf
If you need a hex editor, my favorite is XVI32: Freeware Hex Editor XVI32 Make sure to go to Tools->Options->Shortcut Link and click Create.
Thanks!
Joakim:
Wow, I was hoping the boot would be modifiable like that but I didn't except it to be. That's amazing! The positioning and what not seems a bit weird, and I don't see the animation or copyright element. Also, are there any more colors (like RGBZ)? I really want to integrate an editor for that into a program, or at least allow an import or some basic settings. It is really nice that it is a resource (instead of like the copyright) because that makes it incredibly easier to edit and more reliable.
But that isn't going to come until x86_64 is working with the animation and text.
Thanks for adding the link. Quick question though, have you tested my program on Win 7 x86? Does it work as expected? It seems that everyone else here is using 64-bit and it isn't working (bootres.dll forces Vista-style boot up and winload.exe is replaced by the recovery environment).
If you could, please keep testing new a different cool things for when the 64-bit version is working. One idea is changing the font (it is located in the hex of winload.exe, search for "\fonts\" in UNICODE). They list four fonts: meiryo.ttc, malgun.ttf, msyh.ttf, and msjh.ttf
If you need a hex editor, my favorite is XVI32: Freeware Hex Editor XVI32 Make sure to go to Tools->Options->Shortcut Link and click Create.
Thanks!
Sorry for another post, but I finally went back and read some of the other posts.
Greg / Marcus:
The whole idea of a hard link is really confusing. But let me try to clarify.
So EVERY 'file' is a hard link. At least every file on NTFS filesystems (and most *nix filesystems, just not FAT32...). When you make a "hard link" you are just making an additional hard link to the same file information. A hard link points to file information, and the file information DOES NOT INCLUDE a path. The hard link does that.
So winsxs is not filled with "psuedo" files. The files in winsxs are simply the same exact files that are in Windows\System32 or elsewhere. If you edit winload.exe in Windows\System32 or in winsxs both 'files' will become modified. It is impossible to tell if the 'file' in Windows\System32 or winsxs is the original hard link, and it doesn't matter.
Hope that helps. If not, I can try again.
Greg / Marcus:
The whole idea of a hard link is really confusing. But let me try to clarify.
So EVERY 'file' is a hard link. At least every file on NTFS filesystems (and most *nix filesystems, just not FAT32...). When you make a "hard link" you are just making an additional hard link to the same file information. A hard link points to file information, and the file information DOES NOT INCLUDE a path. The hard link does that.
So winsxs is not filled with "psuedo" files. The files in winsxs are simply the same exact files that are in Windows\System32 or elsewhere. If you edit winload.exe in Windows\System32 or in winsxs both 'files' will become modified. It is impossible to tell if the 'file' in Windows\System32 or winsxs is the original hard link, and it doesn't matter.
Hope that helps. If not, I can try again.
Unfortunately I have not tested your tool yet. But I now have a test environment also in 64 bit, so I will soon. I will report back.
Joakim
Joakim
Well, we know it fails in x86_64, so the purpose of testing there would be finding a way to make it work. On the other hand I haven't heard any reports of it working or not working in x86, and I tried to make it do your exact set of instructions, although it does some other stuff as well.
And another post because I finally got a page back:
�� Quote: Originally Posted by marcusj0015 Thanks! I am a programmer. I see a need, and I come up with a solution. I made that program explicitly for this reason. I plan on using this in an installable WIM as well so I needed to find a solution.
ascor / M46935: Because it is working for others, and not you two, we just have to find out what you two have in common.
Are you both using German Windows 7? I know ascor is.
Are you both running Windows 7 'N' Edition?
I see you are both running Ultimate, but different architecture (x86 / x86_64)
I have made a slightly modified version that will report more detailed information, please test it out and tell me what errors you get.
�� Quote: Originally Posted by marcusj0015 Taimin,
you have a tool for everything!
thats awesome
you have a tool for everything!
thats awesome
ascor / M46935: Because it is working for others, and not you two, we just have to find out what you two have in common.
Are you both using German Windows 7? I know ascor is.
Are you both running Windows 7 'N' Edition?
I see you are both running Ultimate, but different architecture (x86 / x86_64)
I have made a slightly modified version that will report more detailed information, please test it out and tell me what errors you get.
Text changed succesfully.
Failed to enable test-signing, failed to enable test-signing.
And i also have a weird
"Testmode
Windows 7
Build 7600"
in the lower right at my screen -.-
Failed to enable test-signing, failed to enable test-signing.
And i also have a weird
"Testmode
Windows 7
Build 7600"
in the lower right at my screen -.-
Thaimin,
i AM in x86 right now
im making my image im testing the bootres and winload on another x86 partition and as soon as it works ill try to add it to the image WITHOUT TURNING ON TESTSIGNING and check if it works
that reminds me
can you include a reg hack or something that when test signing is activated it dosent look any different
AKA you wont see the test signing and the windows version on the bottom right of the screen
ok about the post where i said i would check it out and it looked like it worked
well
it failed
windows recovery AKA built in WinRE.wim
couldnt fix it
HAHAHA
so i had to manually replace the files to default
i think its beasue there were two backup files
i think the names were bootres backup.dll and bootres backup 2.dll same for winload.exe
(i restored the originals a couple hours ago)
so yeah i think the multiple backups was the problem
ill check
do you automatically install the certifiacte to the certifacte you were talking about a while ago thaimin?
or are we sapposed to right click and so forth to manually install it
BTW Thaimin,
if it is a language problem for the other guys
that reminds me of my theme i made a couple weeks ago
it just hated any language NOT en-US
i AM in x86 right now
im making my image im testing the bootres and winload on another x86 partition and as soon as it works ill try to add it to the image WITHOUT TURNING ON TESTSIGNING and check if it works
that reminds me
can you include a reg hack or something that when test signing is activated it dosent look any different
AKA you wont see the test signing and the windows version on the bottom right of the screen
ok about the post where i said i would check it out and it looked like it worked
well
it failed
windows recovery AKA built in WinRE.wim
couldnt fix it
HAHAHA
so i had to manually replace the files to default
i think its beasue there were two backup files
i think the names were bootres backup.dll and bootres backup 2.dll same for winload.exe
(i restored the originals a couple hours ago)
so yeah i think the multiple backups was the problem
ill check
do you automatically install the certifiacte to the certifacte you were talking about a while ago thaimin?
or are we sapposed to right click and so forth to manually install it
BTW Thaimin,
if it is a language problem for the other guys
that reminds me of my theme i made a couple weeks ago
it just hated any language NOT en-US
Ascor,
thats the way the program works it *Has* to do that right now
ask Thaimin for more info though
thats the way the program works it *Has* to do that right now
ask Thaimin for more info though
Thaimin,
i was purusing around your site
andi seen you have an app for unblocking files
i seen something yesterday whilei was looking for something simualr for my windows 7 Image
go to group policy editor, User Config, Admin Templates, Win Componets, Atach Manager,
Do Not Perserve Zone Information, Set To Enabled
i used this same method and IT DOES WORK
you can use group policy to not block files at all
hope it helps
i was purusing around your site
andi seen you have an app for unblocking files
i seen something yesterday whilei was looking for something simualr for my windows 7 Image
go to group policy editor, User Config, Admin Templates, Win Componets, Atach Manager,
Do Not Perserve Zone Information, Set To Enabled
i used this same method and IT DOES WORK
you can use group policy to not block files at all
hope it helps
I'm using Windows 7 Ultimate x86 (Intel P4), in english, too.
Alpha 6b now says: Sucessfully updated animation and enabled test signing,
but its the same like before, W7 just loads vista boot screen instead.
I also tried this group policy setting bout it didnt help.
Alpha 6b now says: Sucessfully updated animation and enabled test signing,
but its the same like before, W7 just loads vista boot screen instead.
I also tried this group policy setting bout it didnt help.
does anyone know how to modify the installation ui?
not like the icoons but like the actual sliding bars and all of the awesome stuff thats not images?
how do i do that
i think i need to find a team!
dont worry i have been juggling about 6 or seven projects since i revived the last thread
not like the icoons but like the actual sliding bars and all of the awesome stuff thats not images?
how do i do that
i think i need to find a team!
dont worry i have been juggling about 6 or seven projects since i revived the last thread
I'm getting a little closer. It successfully signs everything changes text and animation and sets test signing but I still get sent to the recovery on restart.
2 things:
[just made changes on bootres.dll and testsign...]
One of the problems (on my pc) could have been that the certificate was in the wrong folder (i think), in my reg it was unter Third-party root..... instead of Trusted Root ....
So i moved it and tried once again with the original bootres.dll.
Since the cert is in this folder im always getting TIMESTAMP CREATION ERRORS (with the gui).
So i searched and found and tried sign_pe (signer.exe) and any PFX certificate (also installed in trusted root..):
# The following certificate was selected:
# Issued to: Joakim
# Issued by: Joakims Certificate Authority
# Expires: 01.01.2040 01:59:59
# SHA1 hash: 4DFBEB8EF11658CBF6CF7F98F08267DAF265A339
#
#Done Adding Additional Store#
#Attempting to sign: bootres.dll
#Successfully signed and timestamped: bootres.dll
#
#Number of files successfully Signed: 1
If i try to boot with this dll now, W7 LOADS the new screen, but in the last moment before the animation loads/begins it swiches back to the vista loading bar.
[just made changes on bootres.dll and testsign...]
One of the problems (on my pc) could have been that the certificate was in the wrong folder (i think), in my reg it was unter Third-party root..... instead of Trusted Root ....
So i moved it and tried once again with the original bootres.dll.
Since the cert is in this folder im always getting TIMESTAMP CREATION ERRORS (with the gui).
So i searched and found and tried sign_pe (signer.exe) and any PFX certificate (also installed in trusted root..):
# The following certificate was selected:
# Issued to: Joakim
# Issued by: Joakims Certificate Authority
# Expires: 01.01.2040 01:59:59
# SHA1 hash: 4DFBEB8EF11658CBF6CF7F98F08267DAF265A339
#
#Done Adding Additional Store#
#Attempting to sign: bootres.dll
#Successfully signed and timestamped: bootres.dll
#
#Number of files successfully Signed: 1
If i try to boot with this dll now, W7 LOADS the new screen, but in the last moment before the animation loads/begins it swiches back to the vista loading bar.
Ascor: I found the reason it says test-signing failed even though it worked (it was another localization issue, but I fixed it, next time I update it shouldn't have the failure message). The "Testmode" message is because test-signing is enabled. It is supposed to help but doesn't seem to for x86_64...
marcusj0015 #1: Instead of using the hack that joakim found for removing the testsigning message I would prefer to find a method that doesn't use testsigning at all... esp since testsigning doesn't seem to help for x86_64...
marcusj0015 #2: I do automatically install the certificate. The backups are my creation. I make them every time you run the program (and if I detect an error I automatically restore it). WinRE knows nothing about the backups I make.
marcusj0015 #3: That utility was mainly because I found out about alternative streams in a single file and wanted to see if I could manipulate them, turns out I can! Thanks for the group policy tip, I am doing it right now.
Everyone: The unblocking / group policy thing has NOTHING to do with the boot animation, it was a side topic
M46935 #1: Did you install it manually? On my computers it always goes to the "Trusted Root Certificate Authority". Instead of moving it, trying deleting it and letting the program re-install it. Please tell me if it continues to go to the third-party root. And timestamp creation errors is odd (I noticed the other night that the timestamp service I am using went down for a couple hours (its hosted by verisign.com) so maybe it was just down, although joakim's script using the same service...).
M46935 #2: So it is not working in x86 either... joakim can you verify? And also, can you figure out why my program is different than your method (like look at the resulting files for differences)?
So, here are my ideas:
marcusj0015 #1: Instead of using the hack that joakim found for removing the testsigning message I would prefer to find a method that doesn't use testsigning at all... esp since testsigning doesn't seem to help for x86_64...
marcusj0015 #2: I do automatically install the certificate. The backups are my creation. I make them every time you run the program (and if I detect an error I automatically restore it). WinRE knows nothing about the backups I make.
marcusj0015 #3: That utility was mainly because I found out about alternative streams in a single file and wanted to see if I could manipulate them, turns out I can! Thanks for the group policy tip, I am doing it right now.
Everyone: The unblocking / group policy thing has NOTHING to do with the boot animation, it was a side topic
M46935 #1: Did you install it manually? On my computers it always goes to the "Trusted Root Certificate Authority". Instead of moving it, trying deleting it and letting the program re-install it. Please tell me if it continues to go to the third-party root. And timestamp creation errors is odd (I noticed the other night that the timestamp service I am using went down for a couple hours (its hosted by verisign.com) so maybe it was just down, although joakim's script using the same service...).
M46935 #2: So it is not working in x86 either... joakim can you verify? And also, can you figure out why my program is different than your method (like look at the resulting files for differences)?
So, here are my ideas:
- For now let's focus on bootres / animation. It is not replaced by WinRE, we just need to figure out how to make it recognized by winload.exe
- Looking at the original bootres (and winload), their certificates have an additional "Enhanced Key Usage" that includes "Windows System Component Verification". It seems that could be a critical item.
the Group Policy is for unblocking files taht you download
not for bootres
sorry
Thaimin,
that does sound critical.
how do you add that to the bootres and winload?
i will verify later im busy right now
not for bootres
sorry
Thaimin,
that does sound critical.
how do you add that to the bootres and winload?
i will verify later im busy right now
�� Quote: Originally Posted by thaimin And timestamp creation errors is odd (I noticed the other night that the timestamp service I am using went down for a couple hours (its hosted by verisign.com) so maybe it was just down, although joakim's script using the same service...).
�� Quote: Originally Posted by thaimin M46935 #2: So it is not working in x86 either... joakim can you verify? And also, can you figure out why my program is different than your method (like look at the resulting files for differences)?
�� Quote: Originally Posted by thaimin - Looking at the original bootres (and winload), their certificates have an additional "Enhanced Key Usage" that includes "Windows System Component Verification". It seems that could be a critical item.
Joakim
I have checked "Windows System Component Verification". I have made it so my program applies that attribute to the signed files (not uploaded yet, but soon). And it doesn't help...
Okay, so version Alpha 7 is up:
- Major changes to the Certificate Authority and Certificate, it uses a completely new CA and certificate, which it auto-installs (along with a CRL)
- I was hopeful that this was going to help, but it doesn't. It is at least a more official looking certificate...
- Fixed localization issue with enabling test-signing (as reported by Ascor)
- Progress bar actually shows progress now (in GUI and Command Line)
I have tested removing the winsxs registry keys for winload.exe and bootres.dll and neither has an effect (and allowing bootres.dll to show or prevent WinRE from activating and replacing winload.exe)
On another note, can someone send me the 32-bit winload.exe?
On another note, can someone send me the 32-bit winload.exe?
the time stamping might be the issue
all Windows 7 RTM AKA not updated since RTM files are all from 7/13/09
and x64 is 7/14/09
maybe you should make it keep the original timestamping?
Thaimin,
do you also patch the Winload.exe and Bootres.dll in the WoW64 Folder?
that is an entire Windows 7 except its full of only the x86 versions
for x86 app compadibility
all Windows 7 RTM AKA not updated since RTM files are all from 7/13/09
and x64 is 7/14/09
maybe you should make it keep the original timestamping?
Thaimin,
do you also patch the Winload.exe and Bootres.dll in the WoW64 Folder?
that is an entire Windows 7 except its full of only the x86 versions
for x86 app compadibility
You cannot change the timestamp of the signing, its a security feature built into timestamping.
However if Windows files are basing it off timestamping they would be screwed when they had to update..
(This is all digital signature timestamping, if you are talking about creation / modification / accessed times I do update those to the originals because I can).
However if Windows files are basing it off timestamping they would be screwed when they had to update..
(This is all digital signature timestamping, if you are talking about creation / modification / accessed times I do update those to the originals because I can).
im packiging the bootres and winload files for you just one sec
BTW
Microsoft DID update winload.exe to 6.1.7600.16411 at least for x86
Bootres.dll is still the original RTM version
im also including the .Mui files just incase there needed and you can test them also
it was compressed with 7-Zip 9.15 Beta
heres the link
http://********************/?d=E88QR6F3
i was talking about the creation times
maybe the conflicting digital sign time and creation / modified time are messing it up
im taking blind shots in the dark when it comes to signing and creation times
BTW
Microsoft DID update winload.exe to 6.1.7600.16411 at least for x86
Bootres.dll is still the original RTM version
im also including the .Mui files just incase there needed and you can test them also
it was compressed with 7-Zip 9.15 Beta
heres the link
http://********************/?d=E88QR6F3
i was talking about the creation times
maybe the conflicting digital sign time and creation / modified time are messing it up
im taking blind shots in the dark when it comes to signing and creation times
I did look at the times and they are being properly applied, except that they are NOT applied to the backup, so if you restore to the original the times will then be in the present again... I'll make a fix for this as well. The timestamp on the digital certificate should be completely independent of the creation/modification times.
Thanks for the files!
Thanks for the files!
did you figure out what was wrong with the WinRE thing?
for updateing the Text you need to edit the .MUI's aswell
there stored in Windows/System32/en-US For English USA
And Windows/System32/Boot/en-US For English USA
i just looked at Winload.exe.mui x86 in the message table it says Starting Windows
and WinResume needs to be updated for it to match the boot text
for updateing the Text you need to edit the .MUI's aswell
there stored in Windows/System32/en-US For English USA
And Windows/System32/Boot/en-US For English USA
i just looked at Winload.exe.mui x86 in the message table it says Starting Windows
and WinResume needs to be updated for it to match the boot text
@thaimin: Dont know what put the cert in that folder, my fault i think.
yes thats what i did, deleted it and let the program install it new.
The Alpha 7 now works on my pc like signer.exe (as well),
only two things are now that Windows still denies to load the custom animation and switches back to old bs, and that the GUI (just always used it) isnt able to sign the bootres.dll in windows folder, i have to sign it somwhere else and then move it there.
yes thats what i did, deleted it and let the program install it new.
The Alpha 7 now works on my pc like signer.exe (as well),
only two things are now that Windows still denies to load the custom animation and switches back to old bs, and that the GUI (just always used it) isnt able to sign the bootres.dll in windows folder, i have to sign it somwhere else and then move it there.
Text modification = Recovery Environment
Boot animation modification = Vista bootscreen
Boot animation modification = Vista bootscreen
@thaimin
I just tested your tool (alpha 7) for the first time, and I must say you have done a good work!
The problem with your tool is that you forgot to set the boot flag to the wim. I tested this in x86. Everything else seems to work fine though.
As my x64 test environment is also up now, I could run some more tests. I successfully booted with my own animation (or actually your grey win 7 animation) by doing it "by hand", following the exact steps as outlined in the first post. It was also signed with the stuff posted in post 1.
Note that timestamping the certificate is not necessary, and neither is adding the certificate to the local store (no matter what architecture).
Testsigning is still necessary to set in bcd, however the ugly watermark can be removed by following the instructions as posted earler.
I therefore suggest that you remove or rephrase this error message;
My tests only covered the animation and not the string replacement in winload.exe. That's for next time.
But all in all, amazingly nice tool.
Joakim
I just tested your tool (alpha 7) for the first time, and I must say you have done a good work!
The problem with your tool is that you forgot to set the boot flag to the wim. I tested this in x86. Everything else seems to work fine though.
As my x64 test environment is also up now, I could run some more tests. I successfully booted with my own animation (or actually your grey win 7 animation) by doing it "by hand", following the exact steps as outlined in the first post. It was also signed with the stuff posted in post 1.
Note that timestamping the certificate is not necessary, and neither is adding the certificate to the local store (no matter what architecture).
Testsigning is still necessary to set in bcd, however the ugly watermark can be removed by following the instructions as posted earler.
I therefore suggest that you remove or rephrase this error message;
Code:
Windows 7 Boot Update Results Failed to update animation: The file was successfully updated however it failed to be self-signed
But all in all, amazingly nice tool.
Joakim
I was able string replace winload.exe in x64 as well, just like in x86. I have not tested your tool on winload.exe yet. But it should not be any difficult. Just modify winload.exe, update checksum and sign it with something. My test environment is Windows 7 (7600) x64 Ultimate, english. Running in vmware workstation.
Joakim
Joakim
@marcusj0015: I still have no idea what is triggering WinRE, but yes the test needs to be updated in the MUI as well. Maybe if it's only replaced in the MUI then it won't trigger WinRE and use the text? I will have find the current language (not hard) and update the MUI. This will not fix the copyright text from triggering WinRE though. Also, winresume will be after we get all this other stuff hashed out. And also, the winload.exe in boot and in System32 are simply hard links to the same file (check out FindLinks from my utilities).
@M46935: The signing problem is still odd. Can my program sign bootres.dll if it isn't in the System32 folder? I just tried a clean installation of Win 7 Pro x64 en-us and it signed fine.
@joakim #1: Thanks for finding this. It's so stupid, when I was first coding my WIM stuff I had it in there because you had it checked, and then I was like, I don't remember that being bootable, so I removed it... stupid 1 line of code!!!! WIMSetBootImage(hWim, 1)
@joakim #2: Yes, this error is a bit misleading, I will fix it in a future version.
@joakim #3: My program causes WinRE to replace winload.exe file on next boot. winload.exe is just modified, signed, and then testsigning is enabled... so something is up. Using Win 7 Pro x64 en-us.
@everyone: Alpha 8 is up. Using joakim's wonderful find of the missing boot flag, bootres.dll update now works with testsigning!
I still hope to find a non-testsigning method (although will give up eventually and just add the testsigning hack suggestion from joakim).
Also, winload.exe is not working still (gets replaced by WinRE).
@M46935: The signing problem is still odd. Can my program sign bootres.dll if it isn't in the System32 folder? I just tried a clean installation of Win 7 Pro x64 en-us and it signed fine.
@joakim #1: Thanks for finding this. It's so stupid, when I was first coding my WIM stuff I had it in there because you had it checked, and then I was like, I don't remember that being bootable, so I removed it... stupid 1 line of code!!!! WIMSetBootImage(hWim, 1)
@joakim #2: Yes, this error is a bit misleading, I will fix it in a future version.
@joakim #3: My program causes WinRE to replace winload.exe file on next boot. winload.exe is just modified, signed, and then testsigning is enabled... so something is up. Using Win 7 Pro x64 en-us.
@everyone: Alpha 8 is up. Using joakim's wonderful find of the missing boot flag, bootres.dll update now works with testsigning!
I still hope to find a non-testsigning method (although will give up eventually and just add the testsigning hack suggestion from joakim).
Also, winload.exe is not working still (gets replaced by WinRE).
More on colors for OSLOADER.XSL:
The following chart is how colors in the RGBI form could be used:
RGBI 15 White
RGXI 14 Yellow
RXBI 13 Magenta
RXXI 12 Red
XGBI 11 Cyan
XGXI 10 Green
XXBI 9 Blue
XXXI 8 Dark Grey
RGBX 7 Light Grey
RGXX 6 Brown
RXBX 5 Dark Magenta
RXXX 4 Dark Red
XGBX 3 Dark Cyan
XGXX 2 Dark Green
XXBX 1 Dark Blue
XXXX 0 Black
I have no idea where the RGBY comes in as also blue... but since XXBX also works for blue, the pattern can be used.
The pattern is X for none of that color, or the letter R, G, or B for that color. I specifies intensity (having I makes it light, X is dark). See Color Graphics Adapter - Wikipedia, the free encyclopedia for more information (and the specific hex values of these colors).
Oh, and the reason the copyright segment doesn't have a block in the XML is because it is drawn manually onto the screen. It may be (eventually) possible to change it's position / colors.
The following chart is how colors in the RGBI form could be used:
RGBI 15 White
RGXI 14 Yellow
RXBI 13 Magenta
RXXI 12 Red
XGBI 11 Cyan
XGXI 10 Green
XXBI 9 Blue
XXXI 8 Dark Grey
RGBX 7 Light Grey
RGXX 6 Brown
RXBX 5 Dark Magenta
RXXX 4 Dark Red
XGBX 3 Dark Cyan
XGXX 2 Dark Green
XXBX 1 Dark Blue
XXXX 0 Black
I have no idea where the RGBY comes in as also blue... but since XXBX also works for blue, the pattern can be used.
The pattern is X for none of that color, or the letter R, G, or B for that color. I specifies intensity (having I makes it light, X is dark). See Color Graphics Adapter - Wikipedia, the free encyclopedia for more information (and the specific hex values of these colors).
Oh, and the reason the copyright segment doesn't have a block in the XML is because it is drawn manually onto the screen. It may be (eventually) possible to change it's position / colors.
what do you mean it is drawn manually on the screen?
like its not text or even an image but its a bunch of code that is ran like a mini app?
like its not text or even an image but its a bunch of code that is ran like a mini app?
No, it is text, but everything else that is drawn is within the osloader.xsl thing the joakim was talking about. Copyright however is drawn always, at the same hard-coded location, in the same colors, regardless of whats in osloader.xsl.
�� Quote: Originally Posted by thaimin @joakim #3: My program causes WinRE to replace winload.exe file on next boot. winload.exe is just modified, signed, and then testsigning is enabled... so something is up. Using Win 7 Pro x64 en-us.
I will check out if the colour suggestions work in bootmgr and winload.exe.
Joakim
From what i've figured out (or at least how it works on my computer with Win7 Ultimate x86). testsigning regime is loaded through at least three stages. To let usage of modified and re-signed bootmgr.exe.mui and winload.exe (but not winload.exe.mui) - testsigning should be applied to boot manager's store, like this:
bcdedit.exe /set {bootmgr} testsigning on .
To let usage of modified winload.exe.mui, bootres.dll and other files, loaded directly by winload.exe, testsigning should be applied to osloader's store:
bcdedit.exe /set {current} testsigning on
or instead of {current} you may type {default} or just nothing if you're in this current os.
After this stage winload redirects testsigning parameter to kernel, which applies it to other system files and drivers and eventually puts watermark on desktop. To prevent testsigning from applying to kernel, you may slightly modify winload.exe (since you modify it for Copyright string anyway) - find inside this word: /TESTSIGNING, and replace it in hex editor with anything senseless like /BESTSIGNING or even /ABRAKADABRA. Hope this helps to solve watermark issue by alternative way.
Also you can still use even unsigned winload.exe, applying "bcdedit.exe /set nointegritychecks on". but this parameter doesn't help any other modded file, for them only testsigning will work.
bcdedit.exe /set {bootmgr} testsigning on .
To let usage of modified winload.exe.mui, bootres.dll and other files, loaded directly by winload.exe, testsigning should be applied to osloader's store:
bcdedit.exe /set {current} testsigning on
or instead of {current} you may type {default} or just nothing if you're in this current os.
After this stage winload redirects testsigning parameter to kernel, which applies it to other system files and drivers and eventually puts watermark on desktop. To prevent testsigning from applying to kernel, you may slightly modify winload.exe (since you modify it for Copyright string anyway) - find inside this word: /TESTSIGNING, and replace it in hex editor with anything senseless like /BESTSIGNING or even /ABRAKADABRA. Hope this helps to solve watermark issue by alternative way.
Also you can still use even unsigned winload.exe, applying "bcdedit.exe /set nointegritychecks on". but this parameter doesn't help any other modded file, for them only testsigning will work.
@AlexYM
It is not so easy to remove testsigning. The paramter nointegritychecks only looks for the pe checksum.
@thaimin
Did you remember to rebuild the mui cache after your modifications? Btw, did you modify winload.exe.mui or winload.exe? I just modified winload.exe.
Joakim
It is not so easy to remove testsigning. The paramter nointegritychecks only looks for the pe checksum.
@thaimin
Did you remember to rebuild the mui cache after your modifications? Btw, did you modify winload.exe.mui or winload.exe? I just modified winload.exe.
Joakim
@thaimin
The colour codes you posted works great!
Here is a rather colourful booting of Windows 7 (including modded animation of course);
Here's where I posted the rest of the details;
sanbarrow.com ~ View topic - Peering inside ntldr, setupldr & bootmgr: What can we do
What more can we do about this?
Joakim
The colour codes you posted works great!
Here is a rather colourful booting of Windows 7 (including modded animation of course);
Here's where I posted the rest of the details;
sanbarrow.com ~ View topic - Peering inside ntldr, setupldr & bootmgr: What can we do
What more can we do about this?
Joakim
@AlexYM I will have to try bcdedit.exe /set {bootmgr} testsigning on
@joakim I didn't know the MUI cache needed rebuilding, however I don't modify winload.exe.mui (yet), just winload.exe
@joakim Awesome that the color works! It is so colorful! I renamed the colors in my previous post to be most suiting (the light colors looked normal and the dark colors definately look dark)
Wondering what else can be done? Well, my next post will have some insights into that.
@joakim I didn't know the MUI cache needed rebuilding, however I don't modify winload.exe.mui (yet), just winload.exe
@joakim Awesome that the color works! It is so colorful! I renamed the colors in my previous post to be most suiting (the light colors looked normal and the dark colors definately look dark)
Wondering what else can be done? Well, my next post will have some insights into that.
Some more information on OSLOADER.XSL.
Following entities are allowed: & ' " > <
Following tags are available for inside <osxml:text-mode-ui><body> (at least, maybe in other places as well).
This is simply a listing I acquired from mining winload.exe and I don't know the details about these. Also, I believe when the default for an int its -1, it ends up computing some value for it.
And then a bunch are handled specially by the "browser"
Keys: ENTER, SPACE, ESC, TAB, BACKSPACE, OEMKEY, F1-F12, ANY, PGUP, PGDN, HOME, END, DEL, or probably any single typable character
Now, go play with that! There's a bunch of new stuff in there I think. Like apparently you can make tables with <osxml:row> and <td>
Following entities are allowed: & ' " > <
Following tags are available for inside <osxml:text-mode-ui><body> (at least, maybe in other places as well).
This is simply a listing I acquired from mining winload.exe and I don't know the details about these. Also, I believe when the default for an int its -1, it ends up computing some value for it.
- <p>
- pad-left (int, default 0)
- pad-right (int, default 0)
- indent (int?, default 0, copies pad-right?)
- <br>
- <b> (equivalent: <bold>, <em>, <strong>)
- <font>
- foreground-color (color)
- background-color (color)
- <form>
- name
- [active special and can't be set in XSL]
- <select> (internally called menu)
- name
- right-justify (boolean, default false)
- noindent (boolean, default false)
- minsize (int, default -1)
- active-color (color)
- normal-color (color)
- tip-target (the text of the option that is selected)
- <separator>
- <option>
- selected (boolean, default false)
- carat (boolean, default false)
- value
- tip (the displayed text)
- <input>
- name
- size (int, default -1)
- maxlen (int, defaults to size or 32 if size is negative)
- type (textarea [default], password, noedit, numeric)
- default
- border-color (color)
- text-color (color)
- background-color (color)
- [value can be set with osxml:update, use default to set it in XSL]
- <textarea>
- name
- width (int, default -1)
- height (int, default 1)
- scroll (boolean, default false, only available when height is not provided
- [value can be set with osxml:update and cannot be set in XSL]
- <meter> (a progress bar)
- name
- size (int, default -1)
- value (int, <= 100, default 0)
- full-color (color)
- blank-color (color)
- full-char (int, <= 0xFFFF, default 108 (l))
- blank-char (int, <= 0xFFFF, default 32 (space))
- [value can be set with osxml:update]
And then a bunch are handled specially by the "browser"
- <osxml:update>
- disable-time (boolean, default false)
- control (the name of the object to change the value of)
- value (the new value)
- <osxml:text-mode-ui>
- <head>
- <title> or <footer> (internally called InfoBar)
- color (colorcolor)
- <timer>
- initial (int, default -1)
- control
- <meta>
- event (required to be TIMEOUT if used)
- key (one of the keys (see below), required if event is not used)
- action (required)
- <title> or <footer> (internally called InfoBar)
- <body>
- foreground-color(color)
- background-color(color)
- inverse-color (color)
- See above for tags
- <head>
- <osxml:text>
- <osxml:row>
- dims
- <td>
- <osxml:newline>
Keys: ENTER, SPACE, ESC, TAB, BACKSPACE, OEMKEY, F1-F12, ANY, PGUP, PGDN, HOME, END, DEL, or probably any single typable character
Now, go play with that! There's a bunch of new stuff in there I think. Like apparently you can make tables with <osxml:row> and <td>
sorry for not posting in a while,
school started
and im completely confused about all this xsl modding
school started
and im completely confused about all this xsl modding
It is kinda like HTML, but more basic, less functional, and has more quirks (like those colors).
The only reason I have been talking about it is because I have been mining into winload.exe and that information has been significantly easier to understand then anything dealing with bootres...
The only reason I have been talking about it is because I have been mining into winload.exe and that information has been significantly easier to understand then anything dealing with bootres...
Yes I was aware of all those "possibilities". They all (at least most of them) seem to exist also in bootmgr. I have tried some of them earlier without much luck. After all, we are not interpreting the code with a web browser..
Do you know what blank-color, full-color, active-color, normal-color and inverse-color is? What about full-char and blank-char?
Anyway, I think we should be able to create more interesting boot menus than the default format..
Joakim
Do you know what blank-color, full-color, active-color, normal-color and inverse-color is? What about full-char and blank-char?
Anyway, I think we should be able to create more interesting boot menus than the default format..
Joakim
I assume that the meter is drawn using full-char / full-color for the parts of the bar that are done and blank-char / blank-color for the bar that isn't yet done.
For example, a progress bar with l as full and . as blank is at 25%:
[ll......]
I assume active-color is the color of the selected item in the menu, and normal-color is the color for unselected items. I don't know if this is foreground or background though.
Inverse-color did pique my curiosity and I have no idea what it does.
For example, a progress bar with l as full and . as blank is at 25%:
[ll......]
I assume active-color is the color of the selected item in the menu, and normal-color is the color for unselected items. I don't know if this is foreground or background though.
Inverse-color did pique my curiosity and I have no idea what it does.
Hmm, I'll look into some parts of bootmgr. Specifically, the menu selection and the progress bar for wim mounting. We'll see how it goes..
I suppose we could inject some stupid ascii artwork into the empty frames.
Joakim
I suppose we could inject some stupid ascii artwork into the empty frames.
Joakim
that actually would be pretty awesome
sorry guys im not much of a programmer im more opf an artist
so if you need any pictures then ill try
ive only done photoshop though not ascii so that should be fun
sorry guys im not much of a programmer im more opf an artist
so if you need any pictures then ill try
ive only done photoshop though not ascii so that should be fun
I have some sad news.
After mining my way through winload I found out that bootres.dll is loaded VERY early in the process. The SYSTEM registry hive is not even loaded (and don't even think that the SOFTWARE hive where the certificate is stored is loaded...). In fact the code-integrity in winload.exe is all checked against the catalogs in "System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\" and "System32\CodeIntegrity\driver.stl". But guess what, when bootres.dll is loaded, those haven't even been initialized yet! So it uses a built-in list of acceptable root certificates:
Microsoft Authenticode(tm) Root Authority
Microsoft Root Authority
Microsoft Root Certificate Authority
Microsoft Code Verification Root
Microsoft Digital Media Authority 2005
So now there are two ways this could go.
After mining my way through winload I found out that bootres.dll is loaded VERY early in the process. The SYSTEM registry hive is not even loaded (and don't even think that the SOFTWARE hive where the certificate is stored is loaded...). In fact the code-integrity in winload.exe is all checked against the catalogs in "System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\" and "System32\CodeIntegrity\driver.stl". But guess what, when bootres.dll is loaded, those haven't even been initialized yet! So it uses a built-in list of acceptable root certificates:
Microsoft Authenticode(tm) Root Authority
Microsoft Root Authority
Microsoft Root Certificate Authority
Microsoft Code Verification Root
Microsoft Digital Media Authority 2005
So now there are two ways this could go.
- Stay with test signing and modify user32.dll.mui so that you can't visibly see it.
- Pro:
- We know it will work, and it wouldn't be hard.
- Less modification of winload.exe in case it is replaced.
- Con:
- Requires test signing (security hole AND you can't make a clean install of Windows with test signing enabled (that is a big one for me))
- Modifies another file.
- Pro:
- Since the certificates that are checked (for ALL files, before it looks at catalogs) are located within the binary, they could be theoretically replaced in the binary with whatever certificate we wanted. Both bootmgr and winload would need to have the certificate (I have not checked how bootmgr checks winload yet, but I am guessing it is similar).
- Pro:
- Much more slick
- Only boot files are modified
- Does not require test signing (can pre-install it)
- Con:
- We have to replace a certificate (instead of adding one) (theoretically possible to add (Vista has 8), but that would be amazingly difficult)
- The certificate we replace needs to be at least as large as my root, although they use a modified version and it might drop a bunch of my file size
- May not work...
- Pro:
well then how do we add to the certificate store in the file instead of replaceing it?
I am certainly willing to at least try to patch a bogus certificate through winload.exe.
Even though it's still a security hole, it's a smaller one than compared to testsigning.
One thing though. Are you really sure that bootres.dll is loaded before winload.exe? Or maybe you meant the call against the certificate catalog was not yet done, when bootres.dll gets loaded by winload...
Joakim
Even though it's still a security hole, it's a smaller one than compared to testsigning.
One thing though. Are you really sure that bootres.dll is loaded before winload.exe? Or maybe you meant the call against the certificate catalog was not yet done, when bootres.dll gets loaded by winload...
Joakim
@thaimin
Have you tried changing "/TESTSIGNING" string inside winload.exe? For me (in x86 OS) it works just fine, I mean - with testsigning on, modified bootres.dll loads fine, and there's no watermark on desktop after boot.
Have you tried changing "/TESTSIGNING" string inside winload.exe? For me (in x86 OS) it works just fine, I mean - with testsigning on, modified bootres.dll loads fine, and there's no watermark on desktop after boot.
[removed all that certificate / embedding stuff that is no longer necessary]
@joakim
How do you get the bootmgr.exe? All I can find is the bootmgr which seems to be compressed or something weird. Isn't the real bootmgr.exe on the 200MB 'hidden' partition?
@AlexYM
I did try adding test-signing to {bootmgr} and that worked great! I haven't tried your method of disabling test-signing yet. Although I am still hopeful there is a non-testsigning method.
@joakim
How do you get the bootmgr.exe? All I can find is the bootmgr which seems to be compressed or something weird. Isn't the real bootmgr.exe on the 200MB 'hidden' partition?
@AlexYM
I did try adding test-signing to {bootmgr} and that worked great! I haven't tried your method of disabling test-signing yet. Although I am still hopeful there is a non-testsigning method.
BOOTMGR is usually located on the 100 Mb partition. It is build of 2 parts. The 16-bit stub and the exe attached at the end of the stub. BOOTMGR is compressed in someway unknown to me. What I know is you can use bootmgr.exe (the pxe version) and attach an older 16-bit stub (from vista sp0) that handles its larger size. However you will still need to reduce the size of the embedded xsl so that total size (including the stub) is below 512 Kb. This pxe version that now is able to local boot, is not compressed and is more easy to read.
When disassembling it, preferrably cut off the stub first.
Or just grab an older version of bootmgr that is not compressed at all (cannot vhd boot though).
Joakim
When disassembling it, preferrably cut off the stub first.
Or just grab an older version of bootmgr that is not compressed at all (cannot vhd boot though).
Joakim
Actually, forget all that stupid stuff about certificates.
There is a MUCH easier way that I just tested and works!
This is still not 100% complete, but is getting there.
Find all instances of 68 70 08 00 00 in winload.exe (there are 3) and replace them with 68 40 08 00 00. Now bootres.dll doesn't need any signing at all! One of those is for bootres.dll, one is for bootres.dll.mui, and the third I am a bit unsure about...
Note 1: This is untested in 64-bit, but should be C7 44 24 40 70 08 00 00 to C7 44 24 40 30 08 00 00. There are only two (bootres.dll and bootres.dll.mui, but not the unsure one...)
Note 2: winload.exe still needs to be signed (and bootmgr testsigning needs to be enabled)! So run my program on winload after you do the edits so it gets re-signed and then run bcdedit /set {bootmgr} testsigning on
Note 3: I hope that unknown one doesn't hurt anything at the moment, but it doesn't seem to. I will work on clarifying which ones do what.
DO NOT DO THIS ON A LIVE SYSTEM AT THE MOMENT. It may totally f your system... (although it didn't for me, I just don't want to be responsible).
So this is awesome! No security holes (since it ONLY enables bootres.dll and bootres.dll.mui to be unsigned). However, it still requires testsigning for the bootmgr. So hopefully a trick like this works for bootmgr as well, and just letting winload.exe through (a bit bigger of a security hole...).
There is a MUCH easier way that I just tested and works!
This is still not 100% complete, but is getting there.
Find all instances of 68 70 08 00 00 in winload.exe (there are 3) and replace them with 68 40 08 00 00. Now bootres.dll doesn't need any signing at all! One of those is for bootres.dll, one is for bootres.dll.mui, and the third I am a bit unsure about...
Note 1: This is untested in 64-bit, but should be C7 44 24 40 70 08 00 00 to C7 44 24 40 30 08 00 00. There are only two (bootres.dll and bootres.dll.mui, but not the unsure one...)
Note 2: winload.exe still needs to be signed (and bootmgr testsigning needs to be enabled)! So run my program on winload after you do the edits so it gets re-signed and then run bcdedit /set {bootmgr} testsigning on
Note 3: I hope that unknown one doesn't hurt anything at the moment, but it doesn't seem to. I will work on clarifying which ones do what.
DO NOT DO THIS ON A LIVE SYSTEM AT THE MOMENT. It may totally f your system... (although it didn't for me, I just don't want to be responsible).
So this is awesome! No security holes (since it ONLY enables bootres.dll and bootres.dll.mui to be unsigned). However, it still requires testsigning for the bootmgr. So hopefully a trick like this works for bootmgr as well, and just letting winload.exe through (a bit bigger of a security hole...).
@thaimin
That is an awesome find, allowing insigned bootres.dll to load!
To allow the same for winload.exe, you can try instead of "bcdedit /set {bootmgr} testsigning on" another option:
bcdedit.exe /set nointegritychecks on
(it works solely for unsigned winload.exe, not for unsigned winload.exe.mui).
May be the third mentioned sequence of bytes in winload.exe is for it's own mui file?
And to allow unsigned bootmgr.exe.mui (in case we want to modify boot menu appearance and look) - apply the same to bootmgr store:
bcdedit.exe /set {bootmgr} nointegritychecks on
.
That is an awesome find, allowing insigned bootres.dll to load!
To allow the same for winload.exe, you can try instead of "bcdedit /set {bootmgr} testsigning on" another option:
bcdedit.exe /set nointegritychecks on
(it works solely for unsigned winload.exe, not for unsigned winload.exe.mui).
May be the third mentioned sequence of bytes in winload.exe is for it's own mui file?
And to allow unsigned bootmgr.exe.mui (in case we want to modify boot menu appearance and look) - apply the same to bootmgr store:
bcdedit.exe /set {bootmgr} nointegritychecks on
.
The unsure one is most likely the unloading of bootres.dll in case of graphics failure. To allow winload.exe.mui to be used unsigned I believe you need to switch the following (there is only one of them):
6A 30 58 53 0D 01 05 00 00 -> 6A 00 58 53 0D 01 05 00 00
I have not tested it at all, and it will be different on 64-bit, I believe:
83 E0 30 0D 01 05 00 00 -> 83 E0 00 0D 01 05 00 00
@AlemYM
So we can easily re-sign winload.exe and then use bcdedit /set {bootmgr} testsigning on. You get no test-signing warning as you pointed out earlier since {current} is not in testsigning mode.
However, as I have said a couple of times, I do not want to rely on testsigning at all. It cannot be setup pre-install.
6A 30 58 53 0D 01 05 00 00 -> 6A 00 58 53 0D 01 05 00 00
I have not tested it at all, and it will be different on 64-bit, I believe:
83 E0 30 0D 01 05 00 00 -> 83 E0 00 0D 01 05 00 00
@AlemYM
So we can easily re-sign winload.exe and then use bcdedit /set {bootmgr} testsigning on. You get no test-signing warning as you pointed out earlier since {current} is not in testsigning mode.
However, as I have said a couple of times, I do not want to rely on testsigning at all. It cannot be setup pre-install.
Some more little hacks (untested)
So before I talked about how the copyright was fixed, well I found out that you can adjust it at least a little bit.
The easy ones:
Remember that the boot up screen is 1024 x 768 and 32bpp in Windows 7 (so you can use alpha for the foreground color).
The harder ones:
The x position, height, and background color can be MAX 0xFF (255). I believe you should keep the height 0 to let it calculate the proper height.
Changing the width will be difficult. It grabs a global variable that has the current screen width stored in it. You can however change it to point to any address that has the value you want it in the file (but convert the address to a memory address).
Now if you set it so x+width or y+height goes off the screen it will fail to draw. If it fails to draw then it also will not draw the "Starting Windows" message from the message table (during osload-main or osload-graphics).
So if we just change the y-position to 0xFFFF (way off the screen) then we don't have to bother changing the copyright notice OR the message table. Just the XSL, and we can make it say whatever we want. The downside is the Starting Windows is nicer and larger text...
So before I talked about how the copyright was fixed, well I found out that you can adjust it at least a little bit.
The easy ones:
Code:
C7 45 F8 CE 02 00 00 89 45 E8 C7 45 DC 7F 7F 7F FF y pos: [ 718 ] ** ** ** fg color:[R G B A] ** required to properly set width
The harder ones:
Code:
A1 A8 37 49 00 83 65 F4 00 83 65 EC 00 [scrn wdth] x pos: [0] height: [0]
Changing the width will be difficult. It grabs a global variable that has the current screen width stored in it. You can however change it to point to any address that has the value you want it in the file (but convert the address to a memory address).
Now if you set it so x+width or y+height goes off the screen it will fail to draw. If it fails to draw then it also will not draw the "Starting Windows" message from the message table (during osload-main or osload-graphics).
So if we just change the y-position to 0xFFFF (way off the screen) then we don't have to bother changing the copyright notice OR the message table. Just the XSL, and we can make it say whatever we want. The downside is the Starting Windows is nicer and larger text...
@thaimin
It would be great if you''ll manage to find where definitions are located for animation "film" - width/height (200pxl), position on screen, number of frames, etc...
It would be great if you''ll manage to find where definitions are located for animation "film" - width/height (200pxl), position on screen, number of frames, etc...
I know I have been posting a lot, and posting really long messages, but please bear with me. I am trying to get all the thoughts out of my head and written somewhere.
I have performed some tests.
I tested the winload.exe.mui hack and it does make it so no signature was required for the MUI.
I tested the copyright message stuff. Moving copyright off screen does indeed make it not draw and forces "Starting Windows" to not draw as well. Changing the foreground color works (did not test alpha though). Changing the background color failed however (its possible that it is only changing the alpha and not red channel which doesn't work). I did not test width or x positioning (since you need to change width to change x and width would be complicated to change).
I also tested some other new things as well:
So, now that these two messages are so changeable, we can display 0, 1, or 2 messages with the following properties:
@joakim
Since the MUI resources for winload.exe are loaded before the registry is loaded, there is no MUI cache involved (the MUI cache is in the registry). However, I am having problems settings the values in winload.exe. They don't show up. If I change winload.exe.mui however it does work (which is really easy now since it doesn't need a signature). My program is not MUI-aware so it could be that whatever program you have edits the right file automatically.
@AlexYM
I have been looking for how to move / resize / whatever the animation, however I have not had any luck so far. I am still looking though.
@everyone
There have been a lot of really important developments recently but I don't have the time to put them all into the program yet. You will have to wait just a bit to get a program. For my own reference, this is what needs to be added/changed:
Anything else you would want to change?
I have performed some tests.
I tested the winload.exe.mui hack and it does make it so no signature was required for the MUI.
I tested the copyright message stuff. Moving copyright off screen does indeed make it not draw and forces "Starting Windows" to not draw as well. Changing the foreground color works (did not test alpha though). Changing the background color failed however (its possible that it is only changing the alpha and not red channel which doesn't work). I did not test width or x positioning (since you need to change width to change x and width would be complicated to change).
I also tested some other new things as well:
- Set copyright font size: C7 45 E4 0B 00 00 00 -> C7 45 E4 XX XX XX XX (currently 11 (0x0B))
- Move startup message vertically: C7 45 F4 0B 02 00 00 -> C7 45 F4 XX XX XX XX (currently 523 (0x20B))
- Set startup message font size: C7 43 24 12 00 00 00 -> C7 43 24 XX XX XX XX (currently 18 (0x12))
- The font for both of them can be replaced like so:
- Find the font for your locale in winload.exe (it is a Unicode string)
- zh-TW zh-CHT zh-HK zh-Hant: \fonts\msjh.ttf (Han (Traditional))
- zh-CN zh-CHS zh-Hans: \fonts\msyh.ttf (Han (Simplified))
- ko: \fonts\malgun.ttf (Korean)
- ja: \fonts\meiryo.ttc (Japanese)
- everyone else: \fonts\segoeui.ttf
- Replace it with the desired font (if your font name is longer than the one already there you must rename you font, easy way is to copy it and rename it boot.ttf which is as short as the shortest one there)
- Note: I do not think this will change the text-mode-ui text!
- Find the font for your locale in winload.exe (it is a Unicode string)
So, now that these two messages are so changeable, we can display 0, 1, or 2 messages with the following properties:
- Both messages:
- Can move vertically
- Can change font size
- Fixed background color
- Change the font (the changed font applies to both)
- Message 1 (utilizing original copyright message):
- Text color can change
- Limited to 23 characters
- Must display if message 2 displays
- Message 2 (utilizing original startup message):
- Fixed text color
- Any number of characters long
@joakim
Since the MUI resources for winload.exe are loaded before the registry is loaded, there is no MUI cache involved (the MUI cache is in the registry). However, I am having problems settings the values in winload.exe. They don't show up. If I change winload.exe.mui however it does work (which is really easy now since it doesn't need a signature). My program is not MUI-aware so it could be that whatever program you have edits the right file automatically.
@AlexYM
I have been looking for how to move / resize / whatever the animation, however I have not had any luck so far. I am still looking though.
@everyone
There have been a lot of really important developments recently but I don't have the time to put them all into the program yet. You will have to wait just a bit to get a program. For my own reference, this is what needs to be added/changed:
- Change testsigning to only sign {bootmgr}
- Add the hacks that allow bootres.dll, bootres.dll.mui, and winload.exe.mui to load with no/invalid signatures
- Edit message table in winload.exe.mui instead of (or in addition to) winload.exe.
- Add options to:
- Have 0, 1, or 2 messages
- Move message vertically
- Change message font
- Change message font sizes
- Change message 1 text color
Anything else you would want to change?
Would it be possible to increase/change the total amount of frames drawn for the animation and the amount of frames looped?
I tried using more than 105 frames but it just cut off the additional ones and looped the last few secods.
I tried using more than 105 frames but it just cut off the additional ones and looped the last few secods.
I must say you have a done some extensive detailed work here. Impressive!
For my own part, I have sort of given up the task of circumventing testsigning. I also did not find anything interesting to put into bootmgr/winload.exe, besides what's already described.
I thought that maybe it could work to inject a footer into the animation page, and thus place it on top of the lower MS signature. But the footer gets placed right below it, sadly. That said, you can of course tweak that footer with text/colors.
Regarding my own winload.exe tweaks, I always modify winload.exe directly, never touched a mui so far.
thaimin, do you know how to specify font size in the xsl?
Joakim
For my own part, I have sort of given up the task of circumventing testsigning. I also did not find anything interesting to put into bootmgr/winload.exe, besides what's already described.
I thought that maybe it could work to inject a footer into the animation page, and thus place it on top of the lower MS signature. But the footer gets placed right below it, sadly. That said, you can of course tweak that footer with text/colors.
Regarding my own winload.exe tweaks, I always modify winload.exe directly, never touched a mui so far.
thaimin, do you know how to specify font size in the xsl?
Joakim
New hacks!
Change background color of both messages (tested, and alpha doesn't seem to work):
Change alignment of both messages (untested):
C7 43 30 03 00 00 00 -> C7 43 30 XX 00 00 00
Where: XX = 03 for center, 05 for left, and 09 for right
@joakim
You cannot change the font size in the XSL. Everything in the XSL is rendered as part of the "text-mode-ui", a.k.a. a console. It is a fixed width and fixed size font. They give you bold by having an alternate font. The message boxes are simply drawn right on top of that.
Now some sad news about the animation. It turns out that the animation is not handled by winload.exe at all! In fact winload.exe never draws any of the animation! Winload leaves the screen sitting with the two message boxes (starting windows and copyright), it then passes control off to the kernel (ntoskrnl.exe). The kernel then renders the animation without touching the rest of the screen (so that the messages stay there). I believe winload does physically load the activity.bmp into RAM, however it just leaves it there for the kernel to use.
So what does this mean? Well, I am not going to go into editing the kernel (that would be opening too many holes). This means that the animation is fixed in its location, size, frame rate, and pattern (3 seconds straight, 4 seconds loop).
@Seagate, this means no increasing the number of frames.
This also means that I am almost done with my adventures in winload land. The only things left I would like to accomplish are changing the "Starting Windows" text color and allowing the copyright message to be any length.
So its into bootmgr land! Time to see if I can disable checking for winload and then testsigning will be completely done for!
Change background color of both messages (tested, and alpha doesn't seem to work):
Code:
B8 00 00 00 FF R G B A
C7 43 30 03 00 00 00 -> C7 43 30 XX 00 00 00
Where: XX = 03 for center, 05 for left, and 09 for right
@joakim
You cannot change the font size in the XSL. Everything in the XSL is rendered as part of the "text-mode-ui", a.k.a. a console. It is a fixed width and fixed size font. They give you bold by having an alternate font. The message boxes are simply drawn right on top of that.
Now some sad news about the animation. It turns out that the animation is not handled by winload.exe at all! In fact winload.exe never draws any of the animation! Winload leaves the screen sitting with the two message boxes (starting windows and copyright), it then passes control off to the kernel (ntoskrnl.exe). The kernel then renders the animation without touching the rest of the screen (so that the messages stay there). I believe winload does physically load the activity.bmp into RAM, however it just leaves it there for the kernel to use.
So what does this mean? Well, I am not going to go into editing the kernel (that would be opening too many holes). This means that the animation is fixed in its location, size, frame rate, and pattern (3 seconds straight, 4 seconds loop).
@Seagate, this means no increasing the number of frames.
This also means that I am almost done with my adventures in winload land. The only things left I would like to accomplish are changing the "Starting Windows" text color and allowing the copyright message to be any length.
So its into bootmgr land! Time to see if I can disable checking for winload and then testsigning will be completely done for!
so wait with the .XSL can we increase the FPS to at least 23?
it flickers and looks like its having trouble drawing it sometimes
so faster FPS would be good
it flickers and looks like its having trouble drawing it sometimes
so faster FPS would be good
No, you cannot change the FPS. Nothing about the animation except the pictures can be changed.
Thaimin,
does this mean we Wont ever have Custom Animation?
i agree with you on the Kernel hacking way to many possible implacations not even counting the massive glaring security holes that would come with it
does this mean we Wont ever have Custom Animation?
i agree with you on the Kernel hacking way to many possible implacations not even counting the massive glaring security holes that would come with it
I think you misunderstood. We can change the picture that makes the animation but nothing else about the animation.
oh ok
is everything working with the Copyright Microsoft corp working and the animation mod working?
or are you still looking into it?
is there anyway i could help?
is everything working with the Copyright Microsoft corp working and the animation mod working?
or are you still looking into it?
is there anyway i could help?
Everything works great except the need to have no testsigning for bootmgr. I am working on that right now.
awesome!!!
what about the .MUI's
do you need to edit those for the text?
what about the .MUI's
do you need to edit those for the text?
Yes, but they are standard PE files. They act just like an EXE but it only have resources and no code. I can use the library I have already made to open them, edit them, and save them.
ok thats awesome
if you need anything just ask and ill try to help
if you need anything just ask and ill try to help
I am not sure how to disable the integrity check of winload.exe within bootmgr, but there is a trick. Use an older version of bootmgr (for example longhorn version from 2005 works great on Windows 7 (and on a side note I might add that this particular version seemed to pxe boot way faster than the later version too)). If you reboot virtual machines over and over again, it might be a timesaver to not have to update the checksum every time you modify something in winload.exe..
Now I don't really have breaking news, I just tested some of the stuff you (thaimin) already have posted, and want to confirm some of it. I found that the easiest way to remove both the copyright message and startup text is to set font size to 0. Replace the "B" with "0", and you will only have the animation present in the centre of the screen;
Placing the startup text at the very top of page can be done by replacing 20B with 000;
Changing the font size of the startup text is done here;
Changing "12" with "86" will create a huge text that will cover over the copyright message like this;
Joakim
Now I don't really have breaking news, I just tested some of the stuff you (thaimin) already have posted, and want to confirm some of it. I found that the easiest way to remove both the copyright message and startup text is to set font size to 0. Replace the "B" with "0", and you will only have the animation present in the centre of the screen;
Code:
00443852 C745E40B000000 mov dword ptr [ebp-1Ch],0000000Bh
Code:
004437FE C745F40B020000 mov dword ptr [ebp-0Ch],0000020Bh
Code:
004439A6 C7432412000000 mov dword ptr [ebx+24h],00000012h
Joakim
Joakim,
is there any way to increase the birghtness of the Copyright and increasing the text size of both copyright and starting windows?
is there any way to increase the birghtness of the Copyright and increasing the text size of both copyright and starting windows?
The Text could basically Cover the entire Image or am i wrong?
BTW:
Does anyone know where those Flashing BMP's for Icons are?
The Yellow one.
I found a few in Aero.msstyles but i am missing some.
BTW:
Does anyone know where those Flashing BMP's for Icons are?
The Yellow one.
I found a few in Aero.msstyles but i am missing some.
@marcusj0015
"birghtness of the Copyright"? It is pure white, that is as bright as things get. Sadly I have not been able to change the color of the startup text.
The text size for both the copyright and the starting windows messages are independently controllable (default to size 11 and 18).
@Ascor
The order of drawing is copyright, start message, animation. This means that the animation will be on top of the startup message.
"birghtness of the Copyright"? It is pure white, that is as bright as things get. Sadly I have not been able to change the color of the startup text.
The text size for both the copyright and the starting windows messages are independently controllable (default to size 11 and 18).
@Ascor
The order of drawing is copyright, start message, animation. This means that the animation will be on top of the startup message.
I have some updates. I have found out the basics of how to decompress the Windows 7 bootmgr (located at C:\Windows\boot\PCAT\bootmgr).
The file contains 3 parts: a boot loader stub that the BIOS loads and 2 PE files. The 1st is just a version resource. The second is a compressed PE file that contains all of the heavy duty booting stuff (including hopefully the magically code to turn off the security for winload).
I have made a little program available from Coder for Life - Projects - Windows 7 Boot Updater - Bootmgr Decompress that can decompress the second PE file. There are minimal instructions on that page.
Please note that the decompression is not 100% accurate, but very close. It is good enough to see all the resources and whatnot. I also have no re-compressor at the moment.
One day we may have to also consider supporting EFI. There is a separate bootmgr and winload for that.
The file contains 3 parts: a boot loader stub that the BIOS loads and 2 PE files. The 1st is just a version resource. The second is a compressed PE file that contains all of the heavy duty booting stuff (including hopefully the magically code to turn off the security for winload).
I have made a little program available from Coder for Life - Projects - Windows 7 Boot Updater - Bootmgr Decompress that can decompress the second PE file. There are minimal instructions on that page.
Please note that the decompression is not 100% accurate, but very close. It is good enough to see all the resources and whatnot. I also have no re-compressor at the moment.
One day we may have to also consider supporting EFI. There is a separate bootmgr and winload for that.
thaimin, you don't know how to change the copyright color?? I just followed you instructions and could change it here;
To get purple text replace 7F7F7FFF with FF00FF00. Can't remember what I did for yellow.
@Ascor
Do you really want text on the entire screen? I think it fails when the text is placed in the area where the animation is. But you could for a test try to place it at the top and increase the size dramatically.
Joakim
Code:
0044384B C745DC7F7F7FFF mov dword ptr [ebp-24h],FF7F7F7Fh
@Ascor
Do you really want text on the entire screen? I think it fails when the text is placed in the area where the animation is. But you could for a test try to place it at the top and increase the size dramatically.
Joakim
@joakim
Oops, I meant startup text color cannot be changed. Yellow would be FFFF00XX (the alpha is apparently ignored)
@Ascor/joakim
As I said, you can put the text where the animation will be but the animation will cover up whatever is behind it. So you'll see something like Start[ANIMATION]dows.
Oops, I meant startup text color cannot be changed. Yellow would be FFFF00XX (the alpha is apparently ignored)
@Ascor/joakim
As I said, you can put the text where the animation will be but the animation will cover up whatever is behind it. So you'll see something like Start[ANIMATION]dows.
Would you mind elaborating on the details of the compression. I mean how the 2 pe's are interlaced or whatever they are.
Either way, re-compression is not necessary at all.
Joakim
Either way, re-compression is not necessary at all.
Joakim
The two PE's are completely independent (at least to the best of my knowledge). The first one has nothing of importance in it.
Re-compression will be necessary. When un-compressed the image is 511.06KB on its own which means that with the stub and other PE file it is well over 512KB total.
The compression method is a variant of LZNT1 (which is a variant of LZSS). If you understand LZSS you will understand the compression used here quite easily. It is a bit different (the sliding window has a sliding size and resets every 4096 uncompressed bytes). The remaining problem is that there are an additional 2 bytes at the start of every 4096 uncompressed bytes (in the very beginning these are 0xCA and 0xBB). I don't know what to do with these two bytes so I just drop them. I thought they were a checksum, but I have tried about 10 different checksums and none of them match. If you can figure out how 0xCA and 0xBB relate to the first 4096 uncompressed bytes that would be awesome!
Re-compression will be necessary. When un-compressed the image is 511.06KB on its own which means that with the stub and other PE file it is well over 512KB total.
The compression method is a variant of LZNT1 (which is a variant of LZSS). If you understand LZSS you will understand the compression used here quite easily. It is a bit different (the sliding window has a sliding size and resets every 4096 uncompressed bytes). The remaining problem is that there are an additional 2 bytes at the start of every 4096 uncompressed bytes (in the very beginning these are 0xCA and 0xBB). I don't know what to do with these two bytes so I just drop them. I thought they were a checksum, but I have tried about 10 different checksums and none of them match. If you can figure out how 0xCA and 0xBB relate to the first 4096 uncompressed bytes that would be awesome!
I know next to nothing about LZNT1/LZSS so I'm probably not gonna be of any help with those bytes.
As a temporary workaround, until re-compression is solved, you could just trim the size of the embedded xsl. Then total size should get below the limit.
Joakim
As a temporary workaround, until re-compression is solved, you could just trim the size of the embedded xsl. Then total size should get below the limit.
Joakim
I was just curios IF we could do that
@Ascor
I will try it and report back.
Anyways, I just discovered and also at the same time got a little bit confused, that winload.exe don't have to be signed (even though it is signed) on 64-bit. Can anybody else confirm this, in case my test environment is completely screwed..?
bootmgr (embedded exe) still have to be signed on 64-bit though.
@thaimin
I would guess that this could be patched in the 16-bit stub. What do you think?
Joakim
I will try it and report back.
Anyways, I just discovered and also at the same time got a little bit confused, that winload.exe don't have to be signed (even though it is signed) on 64-bit. Can anybody else confirm this, in case my test environment is completely screwed..?
bootmgr (embedded exe) still have to be signed on 64-bit though.
@thaimin
I would guess that this could be patched in the 16-bit stub. What do you think?
Joakim
As foreseen by thaimin, the startup text cannot be drawn across the whole screen.
@joakim
On Windows 7 64-bit winload.exe must be signed OR integ checks must be off (according to Alex). If not WinRE is booted and the modified winload.exe is replaced. If you have neither of those, your computer is special.
For sake of clarity, from now I will call the stub "bootmgr" and the PE file "bootmgr.exe"
I have found the code to patch in the Windows 7 bootmgr.exe:
80 7D 0B 00 74 04 33 F6 EB 03 6A 30 5E -> 80 7D 0B 00 74 04 33 F6 EB 03 6A 00 5E
I have not tested yet. The stub probably assumes that bootmgr.exe is compressed so to use the everything from Windows 7 then I will need to re-compress...
Maybe bootmgr can be patched to allow bootmgr.exe to be unsigned. However, my tools are only for 32 and 64 bit programs... do you have a 16-bit disassembler that you would recommend?
On Windows 7 64-bit winload.exe must be signed OR integ checks must be off (according to Alex). If not WinRE is booted and the modified winload.exe is replaced. If you have neither of those, your computer is special.
For sake of clarity, from now I will call the stub "bootmgr" and the PE file "bootmgr.exe"
I have found the code to patch in the Windows 7 bootmgr.exe:
80 7D 0B 00 74 04 33 F6 EB 03 6A 30 5E -> 80 7D 0B 00 74 04 33 F6 EB 03 6A 00 5E
I have not tested yet. The stub probably assumes that bootmgr.exe is compressed so to use the everything from Windows 7 then I will need to re-compress...
Maybe bootmgr can be patched to allow bootmgr.exe to be unsigned. However, my tools are only for 32 and 64 bit programs... do you have a 16-bit disassembler that you would recommend?
For 16-bit use ndisasm.exe inside;
http://www.nasm.us/pub/nasm/releaseb...9rc7-win32.zip
http://www.nasm.us/pub/nasm/releaseb...9rc7-win32.zip
What I meant was that if NOINTEGRITYCHECKS and TESTSIGNING is on, then winload.exe don't have to have valid bogus certificate. In my case, the pointer to it in the pe header is pointing to an invalid certificate. Could it be that NOINTEGRITYCHECKS only checks the pe header and not the actual certificate??
Anyways, this is not very useful, so don't waste time on it.
Anyways, this is not very useful, so don't waste time on it.
�� Quote: Originally Posted by thaimin I have found the code to patch in the Windows 7 bootmgr.exe:
80 7D 0B 00 74 04 33 F6 EB 03 6A 30 5E -> 80 7D 0B 00 74 04 33 F6 EB 03 6A 00 5E
80 7D 0B 00 74 04 33 F6 EB 03 6A 30 5E -> 80 7D 0B 00 74 04 33 F6 EB 03 6A 00 5E
It runs fine on 32-bit, as it will without it too. However in 64-bit it is barking about non signed file it cannot verify signature on. So the stub detects the environment and choose whether to run signature check depending on 32-bit vs 64-bit. If you can find the check in the stub, then great.
To reduce possible confusion maybe we should refer to the files as;
Code:
bootmgr (stub + osloader.exe) stub or bootmgr.bin (16-bit header of bootmgr) osloader.exe (embedded exe in bootmgr) bootmgr.exe (pxe version)
@joakim
That patch is supposed to allow winload.exe to be used without TESTSIGNING or NOINTEGRITYCHECKS on bootmgr. That patch is only for the 32-bit version of the bootmgr found in c:\Windows\Boot\PCAT. It is probably different on 64-bit. I haven't dove into the stub yet.
I have figured out what 3 of the nibbles of the mystery 2 bytes are (they are the size of the next compressed fragment) and the last nibble is always 0xB, so that is solved. It didn't effect my decompression at all. The question I still have is if the compression algorithm asks for data that doesn't exist (it does do this...) then what do I fill it with? One site suggested 0x20, but that didn't help... I have also started working on a compressor.
osloader.exe is bad name. winload.exe official name is osloader.exe (check its VERSION_INFO in a resource editor), and in the files they call it osloader. My guess is that it is only winload.exe when they distribute it...
I would be up for
bootmgr (stub + osloader.exe)
stub (16-bit header of bootmgr)
bootmgr.exe (embedded exe in bootmgr)
pxe bootmgr.exe (pxe version) (I am biased here cause it is my goal to use only files that the user would have and not add anything, so I do not want to add/replace a new boot manager)
That patch is supposed to allow winload.exe to be used without TESTSIGNING or NOINTEGRITYCHECKS on bootmgr. That patch is only for the 32-bit version of the bootmgr found in c:\Windows\Boot\PCAT. It is probably different on 64-bit. I haven't dove into the stub yet.
I have figured out what 3 of the nibbles of the mystery 2 bytes are (they are the size of the next compressed fragment) and the last nibble is always 0xB, so that is solved. It didn't effect my decompression at all. The question I still have is if the compression algorithm asks for data that doesn't exist (it does do this...) then what do I fill it with? One site suggested 0x20, but that didn't help... I have also started working on a compressor.
osloader.exe is bad name. winload.exe official name is osloader.exe (check its VERSION_INFO in a resource editor), and in the files they call it osloader. My guess is that it is only winload.exe when they distribute it...
I would be up for
bootmgr (stub + osloader.exe)
stub (16-bit header of bootmgr)
bootmgr.exe (embedded exe in bootmgr)
pxe bootmgr.exe (pxe version) (I am biased here cause it is my goal to use only files that the user would have and not add anything, so I do not want to add/replace a new boot manager)
Oops, I forgot for a second that we are dealing with nt6 and not nt5.. Names are fine as you suggest.
I think the patch for signature checking in bootmgr must be done within bootmgr.exe itself and not the stub, since the stub only calculates basic checksum of bootmgr.exe.
Yes, it is for bootmgr.exe (now that we have terminology!). And for 32-bit only.
It is really nice to know that the stub only does checksum!
It is really nice to know that the stub only does checksum!
Bingo, I just found it. It is just about patching a conditional jump. Just tested on 64-bit. Does not need to have bootmgr.exe signed with test certificate either.
Modify;
Joakim
Modify;
Code:
74165768f8964600 > 75165768f8964600
Awesome! Is that for the built-in Windows 7 one?
My re-compression is going well. The benefit of having the Windows 7 is that it is compressed, you can add a ton of stuff to the XSL!
I also have to translate all my hacks from 32-bit into 64-bit...
My re-compression is going well. The benefit of having the Windows 7 is that it is compressed, you can add a ton of stuff to the XSL!
I also have to translate all my hacks from 32-bit into 64-bit...
There is only 1 bootmgr for Windows 7, regardless of 32-bit/64-bit. Since I have not been able manually decompile the compressed bootmgr, I patched the pxe bootmgr.exe and attached the stub from vista sp0 (that handles uncompressed bootmgr.exe).
But the code should be the same inside the embedded bootmgr.exe.
But the code should be the same inside the embedded bootmgr.exe.
The checksum calculation in the stub can probably be disabled by the changing 7403 with EB08 at offset 0x105E
Joakim
Joakim
Just confirming that both these hacks works. In my 64-bit test environment I can boot with a bootmgr where certificate is invalidated and checksum is bad.
Joakim
Joakim
Awesome on all counts!
I still need to find out the 64-bit equivalents of my winload.exe hacks, and to redo the program.
I still need to find out the 64-bit equivalents of my winload.exe hacks, and to redo the program.
I have successfully created a re-compressor. I have combined them into one tool:
Coder for Life - Projects - Windows 7 Boot Updater - Bootmgr Zip
I would like to note that the decompressor is still losing a few bytes (~60 bytes from a 511.06 KB file, it just sets them to 0 because I don't know what to use). The compressor works very good, and decompressing the re-compressed file is perfect. My compression is not as good as the original, but just barely worse (1.5 KB larger out of a 344 KB file)!
So this is definitely good enough to begin testing things with, and I hope to find how to handle those pesky 60 bytes!
Coder for Life - Projects - Windows 7 Boot Updater - Bootmgr Zip
I would like to note that the decompressor is still losing a few bytes (~60 bytes from a 511.06 KB file, it just sets them to 0 because I don't know what to use). The compressor works very good, and decompressing the re-compressed file is perfect. My compression is not as good as the original, but just barely worse (1.5 KB larger out of a 344 KB file)!
So this is definitely good enough to begin testing things with, and I hope to find how to handle those pesky 60 bytes!
Actually, it struck me right after writing that how I could find the problem! Some of the missing bytes were in the resources section, where there are plenty of easy to understand strings and I found out what it was doing wrong!
It now works PERFECTLY. The checksum and digital certificate of the resulting "bootmgr.exe" file verify. So there it is! You can now use Windows 7 bootmgr fully!
(My compression is still a little worse than there's, but it doesn't matter, since its compressed we have 150 KB extra space!)
It now works PERFECTLY. The checksum and digital certificate of the resulting "bootmgr.exe" file verify. So there it is! You can now use Windows 7 bootmgr fully!
(My compression is still a little worse than there's, but it doesn't matter, since its compressed we have 150 KB extra space!)
Amazing work. Digital signature still valid after decompress! I just noticed the pxe bootmgr.exe is the exact same as the embedded bootmgr.exe. Ha ha, I thought they were different. So all offsets are still the same as the ones I've been working with lately.. Lets scrap the notion of a pxe bootmgr.exe. There is just 1 such.
And now you can use it compressed! More bootmgr.xsl fun! However there may be a hard limit that the bootmgr.exe file cannot be more than 512 KB. It seems odd to me that uncompressed it is 511.06 KB like they had a limit. However you could remove the certificate and version information for an extra 8 KB of space.
Looking at the "bootmgr.exe" it actually calls itself bootmgr.dll within its Export data directory but bootmgr.exe within its version information. The other little PE file (the one not compressed and that has almost nothing) is also called bootmgr.exe in its version information.
Anywho. I need to take a break from this for a bit (a couple days). When I come back I will make the GUI.
Looking at the "bootmgr.exe" it actually calls itself bootmgr.dll within its Export data directory but bootmgr.exe within its version information. The other little PE file (the one not compressed and that has almost nothing) is also called bootmgr.exe in its version information.
Anywho. I need to take a break from this for a bit (a couple days). When I come back I will make the GUI.
You can also remove the embedded mui and the network related stuff from the xls and save another 4 Kb.
Did you find any working patch for the checksum on winload.exe (in bootmgr.exe)?
Did you find any working patch for the checksum on winload.exe (in bootmgr.exe)?
i feel ya on that Thaimin,
i took a break from that so i could edit the icons in imageres
theres over 200 icons and at least 10 different sizes of the same image in each icon so after my editing i have to save a shit ton of versions and then compile it and replace it
its tedious
plus i have to go over each and every dll and exe for icons or dialogm boxes or text strings to capitralize everything in windows
ive been working on this for about 3 weeks im probably 0.01 percent done
the good news is when im done and my files gget updated all i have to do is extract everything and batch replace everything
i took a break from that so i could edit the icons in imageres
theres over 200 icons and at least 10 different sizes of the same image in each icon so after my editing i have to save a shit ton of versions and then compile it and replace it
its tedious
plus i have to go over each and every dll and exe for icons or dialogm boxes or text strings to capitralize everything in windows
ive been working on this for about 3 weeks im probably 0.01 percent done
the good news is when im done and my files gget updated all i have to do is extract everything and batch replace everything
�� Quote: Originally Posted by marcusj0015 plus i have to go over each and every dll and exe for icons or dialogm boxes or text strings to capitralize everything in windows
ive been working on this for about 3 weeks im probably 0.01 percent done
the good news is when im done and my files gget updated all i have to do is extract everything and batch replace everything
�� Quote: Originally Posted by AlexYM And then Service Pack 1 goes out with nearly all dll's and exe's to be updated, and you'll have to do all the job all over again...
Another mention, Adobe Flash has an Export Movie option that can save as a sequence of images (I would recommend PNG due to high quality / small size). The sequence is compatible with my program, so that is a nice way to make a nice animation. Just make sure you set Flash to use 200x200 frames and 15 fps.
thaimin,
i think i will check out your tool sounds very good
i know that im crazy trying to repace every resource iin the Whole Windows 7 OS
but idk
i get annoyed by the little things
AlexYM,
like i said all i have to do is extract everything and click one botton and all my custom resources are updated again
so not any where as big of a job as it is now
i think i will check out your tool sounds very good
i know that im crazy trying to repace every resource iin the Whole Windows 7 OS
but idk
i get annoyed by the little things
AlexYM,
like i said all i have to do is extract everything and click one botton and all my custom resources are updated again
so not any where as big of a job as it is now
I did work on the new GUI a bit. It cannot actually do anything with your files, but it's an impressive GUI. It has a complete preview of the boot animation. Please test it out and tell me what you think.
http://www.coderforlife.com/projects/win7boot/GUI.exe
Some notes about the new GUI:
http://www.coderforlife.com/projects/win7boot/GUI.exe
Some notes about the new GUI:
- The file is much larger (~2.5MB) (the GUI builder for MS Visual Studio adds tons of extra stuff, the final version will hopefully be smaller). However it does include a compressed version of the default animation which weighs in at 1.2MB so it won't get any smaller than that).
- The GUI is nearly complete, pending any changes you guys think should be added.
- Everything you can change within the GUI itself I plan to have available in the next version.
- You can now save / load a "boot skin". The boot skin packs the animation and fonts used into it so it is completely portable (Note: current embedded fonts are not loaded from the boot skin).
- The animation selection is incredibly more lenient. You can select any image to be a static image (and it won't care if it's not 200x200). For selecting an animation folder it still prefers an activity.bmp, but if that is not found then it takes the first 200 images of all formats (and if there is less then it just fills in with black) and does the same scaling as for static images.
- It is assumed that most people will just modify the standard winload / bootres / bootmgr so I have moved this to a separate window. The boot skin files will not include this information.
- The command line (once remade) will only be able to apply a boot skin that has been saved with the GUI. It will have options for setting the winload / bootres / bootmgr files to apply to.
- Three options are currently disabled: background color, text color 2, and text length is maxed at 23 for text 1. I plan to have these eventually but not in the first new version.
I will certainly give feedback it, but will be away for a few days now. You have done lots of interesting work!!
that is amazing thaimin,
does the GUI.exe replace win7 boot updater?
i really like the preview
and that IS a very beautiful gui
its ****ing awesome
if it would only actually apply it!
but still very cool
i espically love the Preview!
does the GUI.exe replace win7 boot updater?
i really like the preview
and that IS a very beautiful gui
its ****ing awesome
if it would only actually apply it!
but still very cool
i espically love the Preview!
Glad you like it!
The GUI will be the new GUI for the old program. So yes, it will replace the old one. I have decided that the GUI is essentially complete accept I am going to add a fullscreen view so you can see how it will really look during bootup (and add the advanced screen with file locations and a restore button and enable embedded fonts).
I need to program all the hacks in and them it will be working. But I won't really have time for about a week.
The GUI will be the new GUI for the old program. So yes, it will replace the old one. I have decided that the GUI is essentially complete accept I am going to add a fullscreen view so you can see how it will really look during bootup (and add the advanced screen with file locations and a restore button and enable embedded fonts).
I need to program all the hacks in and them it will be working. But I won't really have time for about a week.
First of all sorry for my bad English.
Thank you thaimin the excellent program that created
I wanted to know if there is a way to put the boot screen changed into the ISO my windows 7 that I'm changing to see the screens new during the initial setup from DVD.
Thanks for your patience , but I am just a beginner
Thank you thaimin the excellent program that created
I wanted to know if there is a way to put the boot screen changed into the ISO my windows 7 that I'm changing to see the screens new during the initial setup from DVD.
Thanks for your patience , but I am just a beginner
im obvisouly not Thaimin
but he said that yes you can do that a few pages ago when i asked becaue that is one of his goals also
but he said that yes you can do that a few pages ago when i asked becaue that is one of his goals also
To clarify, with the current version you cannot (because it requires testsigning which cannot be setup until after installation). The new version (in about a week) will hopefully be able to (pending testing, but with joakim's testing so far it seems that yes, it will work).
Ok, i took a break and came in late on this thread.
i have Win7 Ultima 32 bit (x86)
what do i need to do before using this tool?
will it prevent me from booting? (30% chance? )
From what i'm reading you've been doing amazing stuff Thaimin. Keep it up!
i have Win7 Ultima 32 bit (x86)
what do i need to do before using this tool?
will it prevent me from booting? (30% chance? )
From what i'm reading you've been doing amazing stuff Thaimin. Keep it up!
You haven't come in too late. As soon as I make this new version I will want plenty of people testing it before I go to beta / release.
I would personally recommend waiting a week for the new version. If you use the currently version you will need to do an extra command line: bcdedit /set {bootmgr} testsigning on. It has a very low chance of preventing you from booting (and it makes backups automatically so you can restore in WinRE.
I would personally recommend waiting a week for the new version. If you use the currently version you will need to do an extra command line: bcdedit /set {bootmgr} testsigning on. It has a very low chance of preventing you from booting (and it makes backups automatically so you can restore in WinRE.
OK, waiting patiently. Thanks
Thaimin,
im gonna download your gui again and look at its shinyness
seriously it looks VERY professional
like something microsoft would release
if they were into hacking themselfs and just general awesomeness of course
if at all possible you should a font size thing in your app also
im gonna download your gui again and look at its shinyness
seriously it looks VERY professional
like something microsoft would release
if they were into hacking themselfs and just general awesomeness of course
if at all possible you should a font size thing in your app also
@marcus
I just uploaded a new version that has a fullscreen preview. What did you mean be "if at all possible you should a font size thing in your app also" ? Which font size? You can change the size of each message (this is really "Text Size", should I rename it?)
(There are also a bunch of other minor changes such as adding the advanced dialog, even though it doesn't actually check the files, improving the playback of the preview, making it so embedded fonts can work (although untested), and adding a progress bar dialog (although it is never shown at the moment). I have now made every dialog / UI that I need to make, so it is time to make it do something).
I just uploaded a new version that has a fullscreen preview. What did you mean be "if at all possible you should a font size thing in your app also" ? Which font size? You can change the size of each message (this is really "Text Size", should I rename it?)
(There are also a bunch of other minor changes such as adding the advanced dialog, even though it doesn't actually check the files, improving the playback of the preview, making it so embedded fonts can work (although untested), and adding a progress bar dialog (although it is never shown at the moment). I have now made every dialog / UI that I need to make, so it is time to make it do something).
im sorry i cant speel for shit so try to navigate around the road blocks and ill try to type better
i did mean font size
i would go and change it
because it ALWAYS says font for every windows app ive ever seen
sorry im having like a blonde week
thats awesome!
well it looks fantastic time to make this bitch do some work!
i did mean font size
i would go and change it
because it ALWAYS says font for every windows app ive ever seen
sorry im having like a blonde week
thats awesome!
well it looks fantastic time to make this bitch do some work!
one bug i did notice with GUI.exe
if you click the preview (dont ask why i clicked it idk i just did
it says the frame that is being displayed
which is awesome
but if you go to another app with it running (i know im lazy)
it continues displaying the current frame under the cursor
if you click the preview (dont ask why i clicked it idk i just did
it says the frame that is being displayed
which is awesome
but if you go to another app with it running (i know im lazy)
it continues displaying the current frame under the cursor
sorry for all the posts
i noticed in your Advanced Options section, that you automatically locate the BootMGR
what about the BootMGR that is on the 100MB partition Win7 automatically installs?
ill do some pokin around and get back to you
this installation dosent have it but ima reinstall
my partitions get trrashed with junk pretty quickly!
i noticed in your Advanced Options section, that you automatically locate the BootMGR
what about the BootMGR that is on the 100MB partition Win7 automatically installs?
ill do some pokin around and get back to you
this installation dosent have it but ima reinstall
my partitions get trrashed with junk pretty quickly!
i have Windows 7 Ultimate 64bit should i hack the boot manually, or will it be supported under your release next week?
yes Thaimin also wants x64 support
that reminds me
Thaimin,
how is the whole EFI thing?
did you find out if macs use a bios app that is loaded in EFI
and basically boot the same way most PC's do or how does it work and are you gonna include it or whats up with it?
that reminds me
Thaimin,
how is the whole EFI thing?
did you find out if macs use a bios app that is loaded in EFI
and basically boot the same way most PC's do or how does it work and are you gonna include it or whats up with it?
Someone asked earlier if it is possible to do the same mods on the DVD. Answer is yes, but you will of course need to inject the modified into boot.wim for this to work, as well as configuring testsigning in the BCD on the DVD. Works equally fine during regular setup as with winpe (as in recovery). Remember that just because you configure testsigning on the setup source, doesn't mean you will install Windows 7 with testsigning on...
Joakim
Joakim
Joakim,
@Thaimin already said that he has found a way around the test signing but going through bootmgr and disabling that
so all you need to do is use Thaimin's tool for boot vid hacking and patch ypour local files then copy them to a DVD of the same architecture of the modded files
you can do the same for WinRE
@Thaimin already said that he has found a way around the test signing but going through bootmgr and disabling that
so all you need to do is use Thaimin's tool for boot vid hacking and patch ypour local files then copy them to a DVD of the same architecture of the modded files
you can do the same for WinRE
Since I'm not able to do this, maybe thaimin would describe the details to circumvent testsigning then...
Joakim
Joakim
Joakim,
Thaimin said he was gonna take a break
or maybe he is doing some more coding idk
but yeah there is the info you requested in the link i just posted
Thaimin said he was gonna take a break
or maybe he is doing some more coding idk
but yeah there is the info you requested in the link i just posted
Không có nhận xét nào:
Đăng nhận xét