@RBCC
No method of integrating a modified bootscreen into an install disk works.
@AlexCeed
As claysoft65 said, you can set the animation to something like a pure black screen. If you use my program, you can set it to a 1px by 1px transparent image. Since the animation is compressed, and solid color images compress much better than complicated images, using a solid color animation will greatly reduce it's size. The normal bootres.dll is like 2.5MB if I remember correctly. Using a solid color animation should reduce that to at most a few hundred kilobytes.
No method of integrating a modified bootscreen into an install disk works.
@AlexCeed
As claysoft65 said, you can set the animation to something like a pure black screen. If you use my program, you can set it to a 1px by 1px transparent image. Since the animation is compressed, and solid color images compress much better than complicated images, using a solid color animation will greatly reduce it's size. The normal bootres.dll is like 2.5MB if I remember correctly. Using a solid color animation should reduce that to at most a few hundred kilobytes.
Is modifying a file and copying a file back into the image integration? I tried tried it once as part of of the install.wim file and it didn't work. John
I tried it by copying them to the ISO and it didn't work. If I can figure out if I were to replace the files with the $OEM$ Folders and if that will work! Then I will let you know. I got a email from Thaimin and he said it has to do with security measures in Windows 7. John
Some bad news here: looks like bootmgr from Windows 8 build 6.2.7989 uses another internal compression, at least thaimin's bmzip utility appears to be "frustrated" by it's compressed part...
bootmgr7989.zip
bootmgr7989.zip
@AlexYM
I just looked into it, and yes, it is very different. I can't even find the proper "MZ" for the compressed program. I assume the compressed part starts at the offset #88B0, but there is no "MZ" near there, so it is not at all the same type of compression. It looks like it uses a static dictionary instead of (or in addition to) a dynamic dictionary like the previous version did.
It is likely that they are reusing one of their other compression technologies. I will check out if it uses one of the WIM compression formats (LZX or XPRESS). I have already written decompressors for those. Both use a static dictionary.
I just looked into it, and yes, it is very different. I can't even find the proper "MZ" for the compressed program. I assume the compressed part starts at the offset #88B0, but there is no "MZ" near there, so it is not at all the same type of compression. It looks like it uses a static dictionary instead of (or in addition to) a dynamic dictionary like the previous version did.
It is likely that they are reusing one of their other compression technologies. I will check out if it uses one of the WIM compression formats (LZX or XPRESS). I have already written decompressors for those. Both use a static dictionary.
I was using index 2! John
@AlexYM
I finally had some time and looked at the compression in Windows 8 bootmgr. It is compressed with "XPRESS" used in the WIM format. That compression is described at http://msdn.microsoft.com/en-us/library/dd644740(PROT.13).aspx however they only really describe decompression and not how to compress, although I think I can eventually come up with something after studying the algorithm. Additionally the psuedo-code they provide is quite slow so I need to come up with a faster system. One other road-block at the moment is determining the decompressed size before decompression starts. In the WIM format this is supplied for you, but I don't know where it is in the bootmgr file (yet).
I finally had some time and looked at the compression in Windows 8 bootmgr. It is compressed with "XPRESS" used in the WIM format. That compression is described at http://msdn.microsoft.com/en-us/library/dd644740(PROT.13).aspx however they only really describe decompression and not how to compress, although I think I can eventually come up with something after studying the algorithm. Additionally the psuedo-code they provide is quite slow so I need to come up with a faster system. One other road-block at the moment is determining the decompressed size before decompression starts. In the WIM format this is supplied for you, but I don't know where it is in the bootmgr file (yet).
@thaimin
That's very interesting, chances are they won't change compession method in later builds again. If this can be of any help, uncompressed bootmgr.exe can be located as usual inside winre.wim in PXE subfolder and it's size is 564104 bytes for build 7989, i think it should be coded in bootmgr's stub as reversed hex 88 9b 08, so i just looked there purely empirically it maybe right at stub's end - at offset 68a8.
That's very interesting, chances are they won't change compession method in later builds again. If this can be of any help, uncompressed bootmgr.exe can be located as usual inside winre.wim in PXE subfolder and it's size is 564104 bytes for build 7989, i think it should be coded in bootmgr's stub as reversed hex 88 9b 08, so i just looked there purely empirically it maybe right at stub's end - at offset 68a8.
Ok, thanks to this post 
�� Quote: Originally Posted by joakim 
I finally found the values. ntoskrnl.exe from my Win7 x64 has instead of I want to modify the animation position. Can I hex ntoskrnl.exe or do I have to use IDA?
@thaimin: what method does your program use to allow the modified files?
What I really need to know is after I use Win7BootUpdater, then modify ntoskrnl.exe, what do I need to do to allow the modified ntoskrnl ?
�� Quote: Originally Posted by joakim Just sharing my first windbg script ever...
Code:
C7 42 04 9C 01 00 00 C7 42 08 1C 01 00 00
Code:
C7 46 04 9C 01 00 00 C7 46 08 1C 01 00 00
@thaimin: what method does your program use to allow the modified files?
What I really need to know is after I use Win7BootUpdater, then modify ntoskrnl.exe, what do I need to do to allow the modified ntoskrnl ?
Why don't you all use the software for this job? It's very reliable and has restore functions, you can determine the files manually if you want.
Coder for Life - Project - Windows 7 Boot Updater
Coder for Life - Project - Windows 7 Boot Updater
�� Quote: Originally Posted by speedgamer01 Why don't you all use the software for this job? It's very reliable and has restore functions, you can determine the files manually if you want.
Coder for Life - Project - Windows 7 Boot Updater
Coder for Life - Project - Windows 7 Boot Updater
@selyb The values I modify only pertain to other boot files (boot drivers, winload, required MUIs). Ntoskrnl is a completely different beast. Besides being checked by winload it probably also checks itself, continuously (patch guard). Thus the only way is probably to just use testsigning and then you can patch a file to remove the watermark.
I don't use IDA to modify any of the files, only to investigate. I use a hexeditor to do modifications.
I don't use IDA to modify any of the files, only to investigate. I use a hexeditor to do modifications.
So Thaimin, have you been working on this lately? Like, changing the size of the animation 
?
? �� Quote: Originally Posted by Cooperdale So Thaimin, have you been working on this lately? Like, changing the size of the animation ?
? AlexYM successfully changed the size and location of the animation, however it requires modifying ntoskrnl which would open your computer up to all sorts of malicious stuff. I was working on a method of doing it in-memory to reduce security risks. However I haven't had time for this recently.
How about working on a unattended installation or Reverse Integration? John
�� Quote: Originally Posted by RBCC How about working on a unattended installation or Reverse Integration? John
�� Quote: Originally Posted by thaimin AlexYM successfully changed the size and location of the animation, however it requires modifying ntoskrnl which would open your computer up to all sorts of malicious stuff. I was working on a method of doing it in-memory to reduce security risks. However I haven't had time for this recently.
I'm glad there are still people thinking about this. I was wondering if movie duration would be tweakable somehow too?
@Cooperdale
One day it will hopefully be. Along with position, framerate, loop point, and size (if that was actually successful).
@RBCC / @niceguy
I haven't figured this out yet either.
One day it will hopefully be. Along with position, framerate, loop point, and size (if that was actually successful).
@RBCC / @niceguy
I haven't figured this out yet either.
�� Quote: Originally Posted by joakim �� Quote: Originally Posted by thaimin AlexYM successfully changed the size and location of the animation, however it requires modifying ntoskrnl which would open your computer up to all sorts of malicious stuff. I was working on a method of doing it in-memory to reduce security risks. However I haven't had time for this recently.
After some digging in my profile I think it was initially described here on page 25 in post #245 and #248.
In different ntoskrnl builds offset changes, but the function code remains the same, so newer locations should be easy to find. Width and height of a frame are tied in this function, but thaimin described in post #776 the modded function to separate them. And yes, back then i "played" quite a bit (on x86) with resized activity.bmp and accordingly modded ntoskrnl, and it all worked smoothly as long as values matched, just have to admit that increasing filesize of activity.bmp even twice increases the load-time of animation dramatically. Thus, if you'd like to keep this time in reasonable limits and make animation frame significantly wider (like 400x400), you may need to decrease the number of frames then.
@AlexYM - Thanks for doing the digging!
wow I just happened to stumble into this thread and on this program! nice work man!! is there and chance you could get this program to work with .AVI files as I have a few I would love to use for my start up screen! but im not sure if theres a way to properly convert them with out destroying the original files (I already have them backed up incase) but I think it would be nice to have the ability of using AVI files!
cool ill give it a try, i would prefer to use 100% free programs also but ill see if i can get this downloaded thanks!
thanks! SUPER is free, and it uses the ffmpeg libraries (open source) and DirectX to do the conversion. I'm sure there are other interfaces for ffmpeg that are completely open source, and if you find one, please tell me since the SUPER interface is actually pretty terrible and the website even worse.
�� Quote: Originally Posted by AlexYM @joakim
After some digging in my profile I think it was initially described here on page 25 in post #245 and #248.
In different ntoskrnl builds offset changes, but the function code remains the same, so newer locations should be easy to find. Width and height of a frame are tied in this function, but thaimin described in post #776 the modded function to separate them. And yes, back then i "played" quite a bit (on x86) with resized activity.bmp and accordingly modded ntoskrnl, and it all worked smoothly as long as values matched, just have to admit that increasing filesize of activity.bmp even twice increases the load-time of animation dramatically. Thus, if you'd like to keep this time in reasonable limits and make animation frame significantly wider (like 400x400), you may need to decrease the number of frames then.
After some digging in my profile I think it was initially described here on page 25 in post #245 and #248.
In different ntoskrnl builds offset changes, but the function code remains the same, so newer locations should be easy to find. Width and height of a frame are tied in this function, but thaimin described in post #776 the modded function to separate them. And yes, back then i "played" quite a bit (on x86) with resized activity.bmp and accordingly modded ntoskrnl, and it all worked smoothly as long as values matched, just have to admit that increasing filesize of activity.bmp even twice increases the load-time of animation dramatically. Thus, if you'd like to keep this time in reasonable limits and make animation frame significantly wider (like 400x400), you may need to decrease the number of frames then.
@joakim
I thought you were trying (and failed) to change the screen resolution.
@Jaime74656
I have made a simple batch file script that uses ffmpeg to convert any video file format it supports (which is nearly all) to a series of PNGs. It forces the output to conform to the necessary standards (15fps, 200x200 frames, and max 105 frames). You can download it from:
http://www.coderforlife.com/projects...ras/#video2png
I thought you were trying (and failed) to change the screen resolution.
@Jaime74656
I have made a simple batch file script that uses ffmpeg to convert any video file format it supports (which is nearly all) to a series of PNGs. It forces the output to conform to the necessary standards (15fps, 200x200 frames, and max 105 frames). You can download it from:
http://www.coderforlife.com/projects...ras/#video2png
heres the link to super download that i found after some sifting through the horrid site...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
Did anybody locate where the actual animation is stored in Windows 8 (Dev Preview)? I had a look yesterday and failed at identifying it. Well, I found bootres.dll, but it now only contains a few regular bmp's, so it must be stored elsewhere. I also opened up winload.exe and ntoskrnl.exe, but failed (without trying too hard) to find the relevant code..
Edit:
Forget about it. I was only looking inside boot.wim.. It is still where it's supposed to be.
Edit:
Forget about it. I was only looking inside boot.wim.. It is still where it's supposed to be.
Hi, it doesn't work for me, when i activate it, select a file and apply: nothing changes!!
I use a french version of W7!!
I use a french version of W7!!
�� Quote: Originally Posted by Jaime74656 heres the link to super download that i found after some sifting through the horrid site...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
Does Windows 7 Pro have all the security around the bootscreen that Ultimate has? Can the OSXML be converted into XML ? Where did Thiamin get his info? hacking? John
I just made my own compressor / decompressor for BOOTMGR; LZNT1 Tools (compression in bootmgr and ntfs) - reboot.pro and downloadable from; LZNT1_Tools.zip It uses winapi and works perfect both ways. Windows 8 up until 6.2.7955.0 are verified working. After that compression method changed, but I believe support for it is found in the same winapi (on that particular OS though). Sources included in download.
@thaimin
Do you plan on releasing your sources too? And have you looked at the latest Windows 8 version?
@thaimin
Do you plan on releasing your sources too? And have you looked at the latest Windows 8 version?
Hi All! Apparently I stopped receiving emails about new posts...
@joakim - Funny thing about the compression. I just decided to write up LZNT1, LZX, Xpress (Lz), and Xpress Huffman compressors and decompressors and release the source (see Coder for Life - Microsoft Compression Formats for a summary of research I did).
The LZNT1 one is almost exactly what I have in bmzip, which provides that exact same compression ratio as RtlCompressBuffer but adds a single extra null byte as required by Windows 7 bootmgr - so no improvement from Winapi. BTW, my implementation is at least 25x as fast at compression but half as fast at decompression (working on that).
The Windows 8 bootmgr uses Xpress Huffman. I have a decompressor for this already, and am working on a compressor. Windows 8 does indeed include a Xpress compressor with RtlCompressBuffer however the decompressor always fails in v6.2.8102.0 x86 (even if I use RtlCompressBuffer then RtlDecompressBuffer).
Current status of compressors:
LZNT1: 50x faster than Winapi with identical compression ratio
LZX: No compressor yet
Xpress (LZ): No compressor yet
Xpress Huffman: Much slower than Winapi but comparable compression ratio (sometimes better, sometimes worse)
Current status of decompressors:
LZNT1: Half as fast as Winapi
LZX: Works, but no Winapi to test against
Xpress (LZ): Works almost as fast as Winapi
Xpress Huffman: Much slower than Winapi
I am thinking of releasing the source for the next version of my entire program. However it would be difficult for others to look at since it is written in C, C++, C++/CLR, C# and asm.
@joakim - Funny thing about the compression. I just decided to write up LZNT1, LZX, Xpress (Lz), and Xpress Huffman compressors and decompressors and release the source (see Coder for Life - Microsoft Compression Formats for a summary of research I did).
The LZNT1 one is almost exactly what I have in bmzip, which provides that exact same compression ratio as RtlCompressBuffer but adds a single extra null byte as required by Windows 7 bootmgr - so no improvement from Winapi. BTW, my implementation is at least 25x as fast at compression but half as fast at decompression (working on that).
The Windows 8 bootmgr uses Xpress Huffman. I have a decompressor for this already, and am working on a compressor. Windows 8 does indeed include a Xpress compressor with RtlCompressBuffer however the decompressor always fails in v6.2.8102.0 x86 (even if I use RtlCompressBuffer then RtlDecompressBuffer).
Current status of compressors:
LZNT1: 50x faster than Winapi with identical compression ratio
LZX: No compressor yet
Xpress (LZ): No compressor yet
Xpress Huffman: Much slower than Winapi but comparable compression ratio (sometimes better, sometimes worse)
Current status of decompressors:
LZNT1: Half as fast as Winapi
LZX: Works, but no Winapi to test against
Xpress (LZ): Works almost as fast as Winapi
Xpress Huffman: Much slower than Winapi
I am thinking of releasing the source for the next version of my entire program. However it would be difficult for others to look at since it is written in C, C++, C++/CLR, C# and asm.
Also, I am almost ready to release an online animation sharing system.
Sounds very good. I'll have another look at the latest Windows 8 version and try something, hopefully this afternoon.
@thaimin
Do you happen to know the values for COMPRESSION_FORMAT_XPRESS and COMPRESSION_FORMAT_XPRESS_HUFF?
Do you happen to know the values for COMPRESSION_FORMAT_XPRESS and COMPRESSION_FORMAT_XPRESS_HUFF?
@joakim - Yes I do! Found through IDA (although it ended up being obvious...).
#define COMPRESSION_FORMAT_XPRESS 0x0003
#define COMPRESSION_FORMAT_XPRESS_HUFF 0x0004
Both accept COMPRESSION_ENGINE_STANDARD or COMPRESSION_ENGINE_MAXIMUM as well (haven't tried COMPRESSION_ENGINE_HIBER since the MSDN says that doesn't work).
You need to use RtlDecompressBufferEx() with XPRESS_HUFF (and maybe XPRESS, I am now using the Ex version always). The workspace buffer I use is the maximum of both values for both engines given by RtlGetCompressionWorkSpaceSize.
#define COMPRESSION_FORMAT_XPRESS 0x0003
#define COMPRESSION_FORMAT_XPRESS_HUFF 0x0004
Both accept COMPRESSION_ENGINE_STANDARD or COMPRESSION_ENGINE_MAXIMUM as well (haven't tried COMPRESSION_ENGINE_HIBER since the MSDN says that doesn't work).
You need to use RtlDecompressBufferEx() with XPRESS_HUFF (and maybe XPRESS, I am now using the Ex version always). The workspace buffer I use is the maximum of both values for both engines given by RtlGetCompressionWorkSpaceSize.
OK, but I'm stuck now and will continue tomorrow night. FYI, I just noticed you can also use lznt1 on the newest Windows 8 if using this stub; LZNT1_big_stub.zip
Hmm, the 0x0003 seems mentioned here; http://undocumented.ntinternals.net/...essBuffer.html although with a different name.
Hmm, the 0x0003 seems mentioned here; http://undocumented.ntinternals.net/...essBuffer.html although with a different name.
Yes, LZNT1 is #2 and is still around (NTFS still uses it among other things).
To load these functions I just use the header file at the end of this post (I stripped comments, but close enough) along with the "load_rtl_compression" function called from main. You can then use the functions normally even though they are dynamically loaded.
To load these functions I just use the header file at the end of this post (I stripped comments, but close enough) along with the "load_rtl_compression" function called from main. You can then use the functions normally even though they are dynamically loaded.
Code:
static bool load_rtl_compression() { #ifdef _WIN64 // compiling for win-64 HMODULE ntdll = LoadLibraryW(L"ntdll-8-64.dll"); #else HMODULE ntdll = LoadLibraryW(L"ntdll-8-32.dll");
Không có nhận xét nào:
Đăng nhận xét