Cheers thaimin, I will continue to trial and error it. Let me know if ya want me to send some screenshots, etc. also could you point me in the right direction of which mui contains install billboard text(ie. windows is copying blah. I can't remember which file it was..argh..been to long..
@thaimin
I am pretty sure that shaunp and i are working on the same thing
But i did notice that in your reply below,
That you made mention
Are you going to share this once completed or will it be commercial use only?
cheers
xxrazor
I am pretty sure that shaunp and i are working on the same thing
Quote:
@shaunp
Howdy, I was just hoping someone could give some advice, I'm trying to replace the Boot ani. and boot text. This is is fine using the Winupdate7 tools. So I have successfully replaced the winload.exe, winload.xxx.mui etc on the Windows 7 DVD and this works fine.
Iam trying to replace the winload(s) bootres.dll etc in the Wim's so that upon first boot (after first reboot) will display the Modded Boot Ani(pic). So far i have discovered that replaceing all of the winload.exe, .mui, bootres.dll etc all works fine until first(just after completing first stage of setup) reboot then displays the Old "Windows could not verify digital certificate crap", "error 00000xf <- not right".
Now i gather this is because of the the patched or modded bootmgr. So i have also tried to replace this with the patched version(in the install.wim) all goes well in the install until first reboot complains about can't prepare drive.
So is there anyway to get around replacing the files in the install.wim (and Boot.wim) and get this to work. Or should i run a script to run the Winupdate7cmd. I would very much prefer to not have to install VC libs and .net 4.
Howdy, I was just hoping someone could give some advice, I'm trying to replace the Boot ani. and boot text. This is is fine using the Winupdate7 tools. So I have successfully replaced the winload.exe, winload.xxx.mui etc on the Windows 7 DVD and this works fine.
Iam trying to replace the winload(s) bootres.dll etc in the Wim's so that upon first boot (after first reboot) will display the Modded Boot Ani(pic). So far i have discovered that replaceing all of the winload.exe, .mui, bootres.dll etc all works fine until first(just after completing first stage of setup) reboot then displays the Old "Windows could not verify digital certificate crap", "error 00000xf <- not right".
Now i gather this is because of the the patched or modded bootmgr. So i have also tried to replace this with the patched version(in the install.wim) all goes well in the install until first reboot complains about can't prepare drive.
So is there anyway to get around replacing the files in the install.wim (and Boot.wim) and get this to work. Or should i run a script to run the Winupdate7cmd. I would very much prefer to not have to install VC libs and .net 4.
Quote:
@shaunp
I am working on this problem. You have given some very detailed information and it will hopefully help me. I plan to have these integrated into the boot.wim / install.wim eventually for my own purposes.
I am working on this problem. You have given some very detailed information and it will hopefully help me. I plan to have these integrated into the boot.wim / install.wim eventually for my own purposes.
Quote:
integrated into the boot.wim / install.wim eventually for my own purposes
cheers
xxrazor
@xxrazor
I will share it, however it hasn't been the top of my list so I haven't worked on it yet.
@shaunp
Sorry, I haven't modified the text ever, so I don't know.
I will share it, however it hasn't been the top of my list so I haven't worked on it yet.
@shaunp
Sorry, I haven't modified the text ever, so I don't know.
@thaimin
Thats cool, so you know there are many modded OS's with sp1 on there way, adding Boot Animation to this would be a great addition.
�� Quote: Originally Posted by shaunp 
@shaunp ,the info you are looking for can be found HERE and much more on Modding your OS.
cheers
xxrazor
Thats cool, so you know there are many modded OS's with sp1 on there way, adding Boot Animation to this would be a great addition.
�� Quote: Originally Posted by shaunp Cheers thaimin, I will continue to trial and error it. Let me know if ya want me to send some screenshots, etc. also could you point me in the right direction of which mui contains install billboard text(ie. windows is copying blah. I can't remember which file it was..argh..been to long..
cheers
xxrazor
Software TIP 
I have found a little tool for Vertical BMP AniTuner 2.0.0 ---> AniTuner - Animated Cursor Software: Create, Convert ANI Cursors
I have found a little tool for Vertical BMP AniTuner 2.0.0 ---> AniTuner - Animated Cursor Software: Create, Convert ANI Cursors
�� Quote: Originally Posted by thaimin NTOSKRNL changes:
- However changing NTOSKRNL is much more 'risky'. However, I had the idea that some fancy stuff could be done to patch it in-memory from winload.exe
- I have done something similar with my expstart program which patches Explorer.exe in memory and doesn't invalidate the Microsoft certificate.
- This case is definitely more complicated, but it is just an idea
- However changing NTOSKRNL is much more 'risky'. However, I had the idea that some fancy stuff could be done to patch it in-memory from winload.exe
It didn't work when I :
(1) Copyied the files that boot updater uses to a partition and a directory in that partition. ie K:\bootfile.
(2) Then I used bootupdater on those files with my animation. Which it created backup files.
(3) used gimagex to mount the install.wim file, and replaced (by copying) the files that bootupdater created (which are the files that non backup files).
(4)then i unmounted install.wim with read/write and commit changes checked.
(5) then I create an iso with vlite ( because I used it originally to copy the windows 7 setup files.
(6) tested it with VMWare and got the picture I have enclosed.
Where did I go wrong?
Where should I have copyied the bootmgr file? Is this in the install.wim file?
John
(1) Copyied the files that boot updater uses to a partition and a directory in that partition. ie K:\bootfile.
(2) Then I used bootupdater on those files with my animation. Which it created backup files.
(3) used gimagex to mount the install.wim file, and replaced (by copying) the files that bootupdater created (which are the files that non backup files).
(4)then i unmounted install.wim with read/write and commit changes checked.
(5) then I create an iso with vlite ( because I used it originally to copy the windows 7 setup files.
(6) tested it with VMWare and got the picture I have enclosed.
Where did I go wrong?
Where should I have copyied the bootmgr file? Is this in the install.wim file?
John
how did you guys get this to work?
@RBCC, get what to work?
Thaimin's boot updater?
download the app for your archeticture, if you have x86 download x86 if x64 download x64
then right click the app and click properties > click unblock > click Apply.
right click the boot updater and click Run As Admin.
then do what you want.
Thaimin's boot updater?
download the app for your archeticture, if you have x86 download x86 if x64 download x64
then right click the app and click properties > click unblock > click Apply.
right click the boot updater and click Run As Admin.
then do what you want.
helpppp!!!got a problem i updated to sp1 lately as of a couple days and noticed after a reboot my beutiful custom boot is gone!!!!...now i tried the new alpha 10 and it sez something about not being able to change the security of my bootmgr.exe ....huh?...-,-'...helpppp!!!!!!
btw im on x64 and yes i installed the framework 4 and the libraries too and yes i downloaded the x64 version and havent had any probs with it before the sp1 ....-,-'..
btw im on x64 and yes i installed the framework 4 and the libraries too and yes i downloaded the x64 version and havent had any probs with it before the sp1 ....-,-'..
@sexus
You are in a pickle of a situation. Apparently some of the files you modified were not changed when you updated to SP1. It should say exactly what file it is having a problem with in the first line. Find that file manually, delete it, and change the name of the backup file to the original file (don't actually delete until the backup is in place and working).
You are in a pickle of a situation. Apparently some of the files you modified were not changed when you updated to SP1. It should say exactly what file it is having a problem with in the first line. Find that file manually, delete it, and change the name of the backup file to the original file (don't actually delete until the backup is in place and working).
no you dont understand i clicked on my animation file clicked on appy and it was almost finished till this damn popup cam up telling me about the file not being able to be changed because of bootmgr.exe safety....huh
Actually I completely understand.
What is the first line of the error message? I can help you from there.
What is the first line of the error message? I can help you from there.
ok one sec let me repeat the applying..lol
it says in the program when i try to apply it : there was a problem updating the files. failed to disable bootmgr.exe security, this is likely due to using a modified version of bootmgr.....
weird
weird
Okay, the bootmgr your computer is using is probably already modified. What does the bootmgr option same under "Options"?
update : it says on hidden system drive
Okay, here is what you need to do:
Note to others: This is NOT the standard restore procedure. The standard procedure is to use "Restore Backups" from the "Options" menu. You only need to do the above if you used the Boot Updater, then installed SP1, then need to restore. In this case if you restore backups from within the program it will revert some files to pre-SP1.
- Download my hidden system drive opener (http://www.coderforlife.com/projects...denSystemDrive) and use it to open the hidden drive
- Then show all hidden and system files (http://www.bleepingcomputer.com/tuto...torial151.html)
- You should now see a file name "bootmgr" and one named "bootmgr - Backup"
- Move "bootmgr" somewhere (like you desktop) and delete it from the hidden partition
- Rename "bootmgr - Backup" to "bootmgr"
- Restart and hope it all works now.
- C:\Windows\System32\bootres - Backup.dll
- C:\Windows\System32\winload - Backup.exe
- C:\Windows\System32\winresume - Backup.exe
- C:\Windows\System32\LOCALE\winload - Backup.exe.mui
- C:\Windows\System32\LOCALE\winresume - Backup.exe.mui
Note to others: This is NOT the standard restore procedure. The standard procedure is to use "Restore Backups" from the "Options" menu. You only need to do the above if you used the Boot Updater, then installed SP1, then need to restore. In this case if you restore backups from within the program it will revert some files to pre-SP1.
well we got a prob i cant delete the bootmgr.exe it says open in another program , help
btw it shows bootmgr.exe backups 16 of em and one file named bootsect.ixe.file.bak and all of em has the same date and time...hmmmmm
btw it shows bootmgr.exe backups 16 of em and one file named bootsect.ixe.file.bak and all of em has the same date and time...hmmmmm
16 backups! You must have run my program a lot. It's supposed to cleanup a bit, but I guess not completely... The times are all the same since my program copies the times when it makes the backups. Bootsect.ixe.file.bak is a file used by the system, don't touch that. Use the first backup, not 2 through 16.
The file is not in use, however Windows Explorer is confused. The file is heavily locked down by TrustedInstaller. Deleting it becomes a bi tricky since the file is on the hidden partition so using takeown / calcs like most online methods state is difficult. The easiest way is to probably download my xdel program (http://www.coderforlife.com/projects/utilities/#xdel) and click and drag the bootmgr file onto the program.
The file is not in use, however Windows Explorer is confused. The file is heavily locked down by TrustedInstaller. Deleting it becomes a bi tricky since the file is on the hidden partition so using takeown / calcs like most online methods state is difficult. The easiest way is to probably download my xdel program (http://www.coderforlife.com/projects/utilities/#xdel) and click and drag the bootmgr file onto the program.
ok will do give me a sec here...
not working still there
-,-'
btw theres as follows in the folder:
bootmgr, bootmgr backup 2, bootmgr backup 3, bootmgr backup 4, bootmgr backup 5, bootmgr backup 6 , bootmgr backup 8, bootmgr backup 9, bootmgr backup 10, bootmgr backup 11, bootmgr backup 12, bootmgr backup 13, bootmgr backup 14 , bootmgr backup 15 , bootmgr 16, and of course the bootsect.ixe.bak....weird theres no nr.7 or nr.1...hmmm very strange.....
-,-'
btw theres as follows in the folder:
bootmgr, bootmgr backup 2, bootmgr backup 3, bootmgr backup 4, bootmgr backup 5, bootmgr backup 6 , bootmgr backup 8, bootmgr backup 9, bootmgr backup 10, bootmgr backup 11, bootmgr backup 12, bootmgr backup 13, bootmgr backup 14 , bootmgr backup 15 , bootmgr 16, and of course the bootsect.ixe.bak....weird theres no nr.7 or nr.1...hmmm very strange.....
Hi joakim and thaimin
i'm back and now ready to help you with translating your tool to german (it's been wished a lot since alpha 7/8)
do you already opened a lib who we can start uploading boot animations?
i'm back and now ready to help you with translating your tool to german (it's been wished a lot since alpha 7/8)
do you already opened a lib who we can start uploading boot animations?
@sexus
The #1 (actually no number) and #7 may be completely hidden (make sure protected system files are being shown). If you have a #7, that is what you should use to restore as bootmgr. Look up guides on deleting files owned by TrustedInstaller. The only methods that won't work are command line methods. You can do it through the file properties.
@win7expert
moinmoin has already provided a translation, however if you want to check over the translation see Coder for Life - Project - Windows 7 Boot Updater: Translation
It will be available soon, I will be releasing a minor update soon, which will include German and Russian, and many other smallish updates (faster, some bugs fixed, ...).
The #1 (actually no number) and #7 may be completely hidden (make sure protected system files are being shown). If you have a #7, that is what you should use to restore as bootmgr. Look up guides on deleting files owned by TrustedInstaller. The only methods that won't work are command line methods. You can do it through the file properties.
@win7expert
moinmoin has already provided a translation, however if you want to check over the translation see Coder for Life - Project - Windows 7 Boot Updater: Translation
It will be available soon, I will be releasing a minor update soon, which will include German and Russian, and many other smallish updates (faster, some bugs fixed, ...).
Has anyone work out how to increase the frame size, i want to keep the images 200x200, but i want to double the amount of frames, instead of 105, i want 300. Yes this would make the vertical image big in MB and longer.
cheers
xxrazor
cheers
xxrazor
ok ill give it a try bro hope it works....
nope still no 7 or bootmgr backup without number to see
@xxrazor
I believe AlexYM figured this out, but it requires editing NTOSKRNL.
@sexus
Well, then "bootmgr backup 2" is the one you want to restore. You still need to work on deleting and renaming the other files.
I believe AlexYM figured this out, but it requires editing NTOSKRNL.
@sexus
Well, then "bootmgr backup 2" is the one you want to restore. You still need to work on deleting and renaming the other files.
yep im about to check how to actually delete em except for nr.2....hmmmmm
ok just deleted all,except renamed bootmgr to bootmgr original and made bootmgr backup 2 into bootmgr ...thanks to a google search on trusted installer deactivation..now up to restart and rerun the app hope it works...-.-'..
update: not working same now i only have one bootmgr file and the .ixe or whatchamacallit file and i run the bootupdater nothing still the same security error shit ....ever since i updated to sp1...damn..-.-'..
just restarted now it got a nr.2 bootmgr backup file...lol...mindboggling indeed
update: not working same now i only have one bootmgr file and the .ixe or whatchamacallit file and i run the bootupdater nothing still the same security error shit ....ever since i updated to sp1...damn..-.-'..
just restarted now it got a nr.2 bootmgr backup file...lol...mindboggling indeed
cant there be a simple winbootupdater made that doesnt give two sacks about bootmgr.exe security like simply overwrite ...would be tons appreciated
Thanks Thaiman:
I'm gone sorry to bother you!
Most of my questions are follow-up questions!
If I had a $50,000 I'd hire you but right now I don't have it.
John
I'm gone sorry to bother you!
Most of my questions are follow-up questions!
If I had a $50,000 I'd hire you but right now I don't have it.
John
I am using Reverse Integration to integrate sp 1 into Windows 7. can I use boot updater on the integration partition and then manually put the files back into the original DVD and will the boot animation that I created work on the new install?
John
John
dude, do yourself a favor and download the official Windows 7 SP1 ISO, hell if you have to torent it, but make sure the hashes match the official hashes
this will save you ALOT of time and effort.
this will save you ALOT of time and effort.
@sexus
The problem is that the bootmgr "security" it is talking about is the security the bootmgr imposes on winload.exe and it must be removed to allow winload.exe to be modified. However there is a way around it. In the "Options" menu select a different bootmgr, you can select C:\Windows\Boot\PCAT\bootmgr. That file is a copy of the original that isn't used. And, by the way, it is "bootmgr" not "bootmgr.exe"
The problem is that the bootmgr "security" it is talking about is the security the bootmgr imposes on winload.exe and it must be removed to allow winload.exe to be modified. However there is a way around it. In the "Options" menu select a different bootmgr, you can select C:\Windows\Boot\PCAT\bootmgr. That file is a copy of the original that isn't used. And, by the way, it is "bootmgr" not "bootmgr.exe"
@marcusj0015:
they do,
I was wondering if I was to use the boot updater to modify the boot screen on the partition of the reverse integrated and copied that boot folder to the copied partition?
I have a partition that I have installed my sp1 integrated windows 7
Ihave another partition that I have a copied WIndows 7 source
where I take out the install.wim file and copy the new install.wim file from the integrated install.wim to the source files.
Then copy the boot.wim files likewise!
John
they do,
I was wondering if I was to use the boot updater to modify the boot screen on the partition of the reverse integrated and copied that boot folder to the copied partition?
I have a partition that I have installed my sp1 integrated windows 7
Ihave another partition that I have a copied WIndows 7 source
where I take out the install.wim file and copy the new install.wim file from the integrated install.wim to the source files.
Then copy the boot.wim files likewise!
John
xD...sorry for not being mr. perfect thaimin and btw thanks will try asap ...damn we ought to get this workin ...huzahh!!!...here goes nothing..
update: it worked id be damned shouldve said so in the first place ....hell yeah !!!!
btw cant wait to see what updates are to come to our beloved bootupdater ...perhaps background pictures instead of plain black ...lol...rock on !!!!
update: it worked id be damned shouldve said so in the first place ....hell yeah !!!!
btw cant wait to see what updates are to come to our beloved bootupdater ...perhaps background pictures instead of plain black ...lol...rock on !!!!
@sexus
That's what I have been saying , is that we should get this **damn** thing running with the background but I have been told to fork over money or keep quiet!
John
That's what I have been saying , is that we should get this **damn** thing running with the background but I have been told to fork over money or keep quiet!
John
@RBCC
I am working on it. However your persistence to remind me that you want it every other day is EXTREMELY annoying. Reminding my every other day does not make me go faster or make it more of a priority. So far you haven't contributed a single thing, you just bitch that it isn't up to your standards and isn't being made fast enough. The only time someone gets to talk that way to me is if they are hiring me. I am just trying to put it into perspective, you are treating me as your employee, not someone who is just making a program for fun that you get to use for free. Everyone else is GRATEFUL for the progress that I have made, and their grievances are stated once, not continuously.
I am working on it. However your persistence to remind me that you want it every other day is EXTREMELY annoying. Reminding my every other day does not make me go faster or make it more of a priority. So far you haven't contributed a single thing, you just bitch that it isn't up to your standards and isn't being made fast enough. The only time someone gets to talk that way to me is if they are hiring me. I am just trying to put it into perspective, you are treating me as your employee, not someone who is just making a program for fun that you get to use for free. Everyone else is GRATEFUL for the progress that I have made, and their grievances are stated once, not continuously.
well, i havent gotten that far in my image, but there are two methods, you could pre patch the files, easiest method, or you could patch them while Windwos is being installed. with a script and using Thaimin's command line switches, and a premade bootskin
@RBCC, i agree with thaimin, either STFU, or join in programming,
granted Thaimin even allows you access to HIS source code, which i doubt.
we get that you are having problems, you have stated your ideas, you know NOTHING about programming, scripting or anything of the sort, it is NOT easy, thaimin how many lines of code you got?
10-20 THOUSAND?
yeah, its diffucult
so STFU, or get banned, i personally am tired of your whining and bitching, bitch once more and the ban hammer is gonna have a few words with you.
and personally, i'm getting tired of the damn n00bs coming in here demanding info, when they won't even read the first page, we need to get this thread locked down, to only the essential people.
i, personally think backgrounds is a moot point, who cares about a single static image, when we have full blown ****ing animation?
and hell why dont you have one single frame duplicated for each frame of the boot animation?
its an optical illusion, that makes it appear as only one image, but its not, then you dont have to throw away the whole core of windows 7 that handles booting/resuming
we treat the programmers well around here, there doing the hard work for you, be apprecitiave
granted Thaimin even allows you access to HIS source code, which i doubt.
we get that you are having problems, you have stated your ideas, you know NOTHING about programming, scripting or anything of the sort, it is NOT easy, thaimin how many lines of code you got?
10-20 THOUSAND?
yeah, its diffucult
so STFU, or get banned, i personally am tired of your whining and bitching, bitch once more and the ban hammer is gonna have a few words with you.
and personally, i'm getting tired of the damn n00bs coming in here demanding info, when they won't even read the first page, we need to get this thread locked down, to only the essential people.
i, personally think backgrounds is a moot point, who cares about a single static image, when we have full blown ****ing animation?
and hell why dont you have one single frame duplicated for each frame of the boot animation?
its an optical illusion, that makes it appear as only one image, but its not, then you dont have to throw away the whole core of windows 7 that handles booting/resuming
we treat the programmers well around here, there doing the hard work for you, be apprecitiave
xD....rbcc you joker you!!!...xD....yeah i can imagine being pestered every other day about it thaimin but see it as a avid fan ...xD...thou i gotta admit id love to see it done too...huzahhh!!!
p.s: marcusj cut the guy some slack yall heres talking a long time lurker and fresh member as of late and i always been on this forum for a long time and i see all this hard work done...so we all know its not easy and sure as hell know how fn mindboggling coding can be so try going easy on the noobs ...xD...btw love the sevenforums ...rock on !!!!
p.s: marcusj cut the guy some slack yall heres talking a long time lurker and fresh member as of late and i always been on this forum for a long time and i see all this hard work done...so we all know its not easy and sure as hell know how fn mindboggling coding can be so try going easy on the noobs ...xD...btw love the sevenforums ...rock on !!!!
I like what you have so far, but I am researching the KPP and ways to circumvent it. I just started this, I am sorry I realize your job takes a lot of time. Just wondering at what point are you? I maybe taking testing a little seriously. But its the only I know.
As far as treating you as a employee I am sorry that you feel that way. We are all excited about this, and wish it would get done day before yesterday!
JTM
As far as treating you as a employee I am sorry that you feel that way. We are all excited about this, and wish it would get done day before yesterday!
JTM
@marcusj0015
Very good guess!
I just counted the lines (with a program I made quite some time ago). It is currently at 22414 lines (18774 not including empty lines and comments). This included:
The project takes up 335MB on my computer, not including the 4 virtual machines I use to test, their hard drives (~50GB), and ISOs of the installation media (~20GB). So overall about 75GB, not including the numerous backups I am using now.
I have had to teach myself many things I had never used before this project:
@marcusj0015
I will not be releasing my core source code. However I am making the core available as a DLL so others can make interfaces as they see fit.
The background is actually really cool. It takes up the entire screen, allows you to essentially add any text in any font you want to the boot up screen around the animation. I must say that its fairly impressive booting up and having a full image with the middle of it animating. I sure designers can do a great job at making the viewer not even realize that only the center 200x200 animate.
I find that many of the people who have been posting have legitimate problems. @sexus for instance has a very strange issue. However I wish once he had our guidance I wouldn't have had to help on how to delete those files.
Very good guess!
I just counted the lines (with a program I made quite some time ago). It is currently at 22414 lines (18774 not including empty lines and comments). This included:
- .h: C/C++ headers
- .c: C code
- .cpp: C++ code
- .cs: C# code
- .resx: managed resource files that I have typed myself, using the resource editor I couldn't do some things
- .rc: (Unmanged) resource files that I have typed myself (as above)
- .manifest: had to make these myself do make sure certain things happend
- .xml: my patch description and the documentation I have typed up
- .xsd: for describing the bs7 file format
- .bat: my compiling scripts
The project takes up 335MB on my computer, not including the 4 virtual machines I use to test, their hard drives (~50GB), and ISOs of the installation media (~20GB). So overall about 75GB, not including the numerous backups I am using now.
I have had to teach myself many things I had never used before this project:
- x86 assembly (and translated many things to machine code BY HAND for the patches)
- x86-64 assembly (in fact it has many differences from x86 and I am struggling a lot with this right now)
- C#
- XML Schema (W3C)
- An understanding of the entire boot sequence
- How to use WinDBG to debug the boot process
- How to use IDA
- Flash (re-teach, I did use it about 6 years ago with ActionScript 1, now using ActionScript 3)
@marcusj0015
I will not be releasing my core source code. However I am making the core available as a DLL so others can make interfaces as they see fit.
The background is actually really cool. It takes up the entire screen, allows you to essentially add any text in any font you want to the boot up screen around the animation. I must say that its fairly impressive booting up and having a full image with the middle of it animating. I sure designers can do a great job at making the viewer not even realize that only the center 200x200 animate.
I find that many of the people who have been posting have legitimate problems. @sexus for instance has a very strange issue. However I wish once he had our guidance I wouldn't have had to help on how to delete those files.
exactly!!!! thaimin thats what i was thinking as he wrote it ...i was like wtf!!...surely as i myself knew its not just making the background whatever pic you want but adding a background all while running youre animation file ...damn bring it!!!...
p.s thaimin if you wouldve told me about the other bootmgr file it wouldve been no prob at all thou you never said it untill like 10 posts and tries of applying my new bootscreen...lol...i posted that already like 6 posts up ...xD..but ill rewrite it just for you ...peace
p.s thaimin if you wouldve told me about the other bootmgr file it wouldve been no prob at all thou you never said it untill like 10 posts and tries of applying my new bootscreen...lol...i posted that already like 6 posts up ...xD..but ill rewrite it just for you ...peace
Preview of full backgroung image with modded animation on top (in the middle);
I'm sure thaimin is working hard enough on it, so don't ask when the functionality comes. It will come!!
@thaimin
Do you mind if I update the first post with technical details on how it works?
I'm sure thaimin is working hard enough on it, so don't ask when the functionality comes. It will come!!
@thaimin
Do you mind if I update the first post with technical details on how it works?
@joakim
You can post the details. The main reason I wasn't sharing them was they were not quite finalized, and they are daunting. Writing a function from scratch in assembly with no real prior knowledge in assembly is a lot to take in!
@everyone
On that note, I have now completed my first successful test of the background image on 64-bit. I was struggling with it for a good portion of the last week. 64-bit functions are even trickier. I did use NASM for a bunch of it, but still knowing where all my pointers are, where the need to be when I call a function (64-bit function calls use shadow space and other confusing stuff). In addition, the 64-bit winload does not have a nice "BgpGxDrawBitmapImage" function, instead you have to call 3 different functions, all with not necessarily intuitive arguments.
@joakim (and anyone else interested)
All notes that I have about the background image can be downloaded at http://www.coderforlife.com/projects...mage-notes.zip. This includes 32-bit, 64-bit, winload, and winresume stuff. Note that I started leaving stuff out as I developed a system within my Win 7 Boot Updater to handle some situations. For example, my program automatically clears any entries in the reloc table that need to be cleared and it takes an absolute address for the function calls and converts them into relative addresses. In fact, I have not done a 64-bit file by hand, my program did it for me.
@everyone
I have done preliminary tests with using my program to apply on 32-bit and 64-bit, without SP1. I have not tested any resume stuff. I have, however, found all the hacks necessary for everything besides 64-bit SP1.
I believe I will be able to release in a week, and the following changes have already been made:
You can post the details. The main reason I wasn't sharing them was they were not quite finalized, and they are daunting. Writing a function from scratch in assembly with no real prior knowledge in assembly is a lot to take in!
@everyone
On that note, I have now completed my first successful test of the background image on 64-bit. I was struggling with it for a good portion of the last week. 64-bit functions are even trickier. I did use NASM for a bunch of it, but still knowing where all my pointers are, where the need to be when I call a function (64-bit function calls use shadow space and other confusing stuff). In addition, the 64-bit winload does not have a nice "BgpGxDrawBitmapImage" function, instead you have to call 3 different functions, all with not necessarily intuitive arguments.
@joakim (and anyone else interested)
All notes that I have about the background image can be downloaded at http://www.coderforlife.com/projects...mage-notes.zip. This includes 32-bit, 64-bit, winload, and winresume stuff. Note that I started leaving stuff out as I developed a system within my Win 7 Boot Updater to handle some situations. For example, my program automatically clears any entries in the reloc table that need to be cleared and it takes an absolute address for the function calls and converts them into relative addresses. In fact, I have not done a 64-bit file by hand, my program did it for me.
@everyone
I have done preliminary tests with using my program to apply on 32-bit and 64-bit, without SP1. I have not tested any resume stuff. I have, however, found all the hacks necessary for everything besides 64-bit SP1.
I believe I will be able to release in a week, and the following changes have already been made:
- Program can run in different languages and the language can be changed at run-time
Includes translations for German, Russian, and Italian - Reverted it to use only .NET Framework 2.0 and not require MS Visual C 2010 library.
- Much faster startup and checking of bootres.dll
- Can now create a standalone installer
- Improved transparency support
- Improved update checking
- Slightly improved backup system
- Smarter default winload and winresume paths using BCD data
- Numerous other minor changes and fixes
The link http://www.coderforlife.com/projects...mage-notes.zip does not work.
Problem fixed. It thought you were hot-linking the files, but those should be hot-linked!
Nothing advanced but if you wondered if it was possible to boot with different image backgrounds and different animations on the same system, you can do so by having several sets of winload.exe and bootres.dll. The point is you can specify which winload.exe to use by configuring the "path" in your BCD. For instance you may have an entry that among other things says;
and another that specifies;
Now to specify a different bootres.dll you must change 1 unicode string (bootres.dll) inside winload.exe/3d_back.exe and replace it with the one you want to load.
Code:
path \WINDOWS\system32\winload.exe
Code:
path \WINDOWS\system32\3d_back.exe
@joakim
I am subvertly using that technique now. When changing the the resume animation differently than the loading animation, I change that string and create "bootrs2.dll". Another trick you can do is add the animation to bootres.dll.mui and change the locale of the boot entry (which only effects the booting message languages, not the Windows language).
In the next version my program by default selects the winload etc files based on BCD data and doesnt assume they are the normal ones.
I am subvertly using that technique now. When changing the the resume animation differently than the loading animation, I change that string and create "bootrs2.dll". Another trick you can do is add the animation to bootres.dll.mui and change the locale of the boot entry (which only effects the booting message languages, not the Windows language).
In the next version my program by default selects the winload etc files based on BCD data and doesnt assume they are the normal ones.
Ok, must admit I haven't used your program in a while now..
I'm sure you already know this too, but having several animations inside bootres.dll also works fine. Obviously name them differently and the string (activity.bmp) in winload will determine which one to pass along to the kernel. I just tried with 3 different ones in the same file, and worked fine. However I never manged to use several wims in RCDATA (like 1,2,3 etc). As I just recently got back into debugging, you can tell me if there's anything specific you want me to look at regarding bootmgr, winload, kernel etc.
Btw, the link still don't work.
I'm sure you already know this too, but having several animations inside bootres.dll also works fine. Obviously name them differently and the string (activity.bmp) in winload will determine which one to pass along to the kernel. I just tried with 3 different ones in the same file, and worked fine. However I never manged to use several wims in RCDATA (like 1,2,3 etc). As I just recently got back into debugging, you can tell me if there's anything specific you want me to look at regarding bootmgr, winload, kernel etc.
Btw, the link still don't work.
Hi, guys! I'm glad thaimin's project is developing so well, just read a few last posts and this came to mind: you may put the wim resource with animation bmp right in winload.exe and edit that unicode string to point to winload.exe itself, although it'd be more proper to edit code somehow so that there wouldn't be a need to load it second time as it is already loaded, sorry "load winload" sounds funny, huh? Thaimin, it's great you managed to implement background image code, it reminded me that Vista's winload can do this from wim resourse, and i think Vista's winresume does just what we want - animation over a static image (with all pictures also in wim resource), so looking in their code might be of some help probably if it is even needed now...
thaimin:
Excellent work on the background, hope it fills the whole screen. Can hardly wait to see it. Then I'll leave this forum.
RBCC
Excellent work on the background, hope it fills the whole screen. Can hardly wait to see it. Then I'll leave this forum.
RBCC
@joakim
Its okay! You can actually do it yourself, although as things are becoming more advanced, it will be harder and harder to do it by hand (as I said a couple of posts ago, my program now does so many things automatically when patching, its so much more convenient - like remembering to clear the .reloc table entries and calculating relative offsets).
I just tried to get the file again, and it didn't work! I fixed another issue on my server, and it seems to work now. A lot of this has to do with the fact that I now use a content management system and it likes to take over URLs.
@AlexYM
I don't know how far you read back, but awhile ago I had this idea of patching ntoskrnl in memory (instead of on disk) to adjust the X/Y position, frame rate, size, etc of the animation. I haven't done any research to see if it would even be possible, but its an idea. The in memory change would keep the digital signature and all security in place. I have done something similar with my expstart program which modifies explorer.exe in memory, making it keep its signature and then (if you have UAC enabled) not causing these nasty warnings when you copy/move stuff.
@RBCC
It does cover the entire screen. It is a 1024x768 image, which is the resolution at that point. Look at joakim's movie using it (which was done in a VM, I presume, which is why it takes so long for the animation to come up). You don't need to leave the forum, just don't 'bug' (me/others) as much.
Its okay! You can actually do it yourself, although as things are becoming more advanced, it will be harder and harder to do it by hand (as I said a couple of posts ago, my program now does so many things automatically when patching, its so much more convenient - like remembering to clear the .reloc table entries and calculating relative offsets).
I just tried to get the file again, and it didn't work! I fixed another issue on my server, and it seems to work now. A lot of this has to do with the fact that I now use a content management system and it likes to take over URLs.
@AlexYM
I don't know how far you read back, but awhile ago I had this idea of patching ntoskrnl in memory (instead of on disk) to adjust the X/Y position, frame rate, size, etc of the animation. I haven't done any research to see if it would even be possible, but its an idea. The in memory change would keep the digital signature and all security in place. I have done something similar with my expstart program which modifies explorer.exe in memory, making it keep its signature and then (if you have UAC enabled) not causing these nasty warnings when you copy/move stuff.
@RBCC
It does cover the entire screen. It is a 1024x768 image, which is the resolution at that point. Look at joakim's movie using it (which was done in a VM, I presume, which is why it takes so long for the animation to come up). You don't need to leave the forum, just don't 'bug' (me/others) as much.
It seems kind of funny I have been around computers for 34 years and I am a noob, because I never learned how to program. I mostly set them up and was a consultant! John
Just sharing my first windbg script ever. This one was made to move the animation to a different coordinate, without actually patching the kernel. It is done in memory by the debugger. Script name kernel.txt;
Code:
$$ $$ ================================================================== $$ Script to move animation to different coordinates $$ Made for version 6.1.7600.16385 $$ Will also work for SP1 when symbols are available. $$ $$ usage from within a running debug session; $$><kernel.txt $$ usage from commandline when launching windbg; -c "$$><kernel.txt" $$ $$ by Joakim $$ $$ ================================================================== $$ bp nt!ResFwpGetProgressIndicatorAnimation+0x2D g $$ Original machinecode c746049c010000 $$ 9c01 is little endian of 19ch which in decimal is 412 and $$ specifies the x position (from left) eb eip c7 46 04 50 00 00 00 p $$ Original machinecode c746081c010000 $$ 1c01 is little endian of 11ch which in decimal is 284 and $$ specifies the y position (from top) eb eip c7 46 08 50 00 00 00 g $$ ================================================================== $$ Animation now played in the upper left of your screen. $$ ==================================================================
@joakim
Nice! Now we just need to convert that into something that doesn't require bootdebug or an external machine running windbg...
Nice! Now we just need to convert that into something that doesn't require bootdebug or an external machine running windbg...
It was only meant like "hey I just realized windbg could take scripts".
That said, it is worth mentioned to those that don't do debugging yet, that some tests are a lot easier to perform in windbg. For instance the colour of the startup text needs code injected and execution redirected to test through an on-disk patch, which takes you a little bit of time to create. Instead you can just launch a vm in windbg and issue these 2 commands;
Now substitute the colour code "ff 00 ff 00" to test something different and launch again.
@thaimin
Have you implemented background colour for the copyright and/or startup text? If no, then look at va 00443A17. Again some stupid windbg cmds;
Next challenge would be to create a different colour for two messages..
Also, the alignment of the messages can be adjusted at va 0044382B. Test this command in windbg;
Funny enough, when you increase the value to say 900 the message disappears partly on the right, and reappears on the left side.
Now to only adjust the alignment of the signature look at va 0044386C. In windbg I did a;
All code for 32-bit. Tested on 6.1.7600.16385 but should also work on SP1 when symbols are available.
Anybody knows why scripts don't work when debugging winload.exe?
That said, it is worth mentioned to those that don't do debugging yet, that some tests are a lot easier to perform in windbg. For instance the colour of the startup text needs code injected and execution redirected to test through an on-disk patch, which takes you a little bit of time to create. Instead you can just launch a vm in windbg and issue these 2 commands;
Code:
bp winload!BgpTxtCreateRegion+0xa5 "eb ebx+1c ff 00 ff 00;g" g
@thaimin
Have you implemented background colour for the copyright and/or startup text? If no, then look at va 00443A17. Again some stupid windbg cmds;
Code:
bp winload!BgpTxtCreateRegion+0x119 "eb eip b8 ff 00 ff 00;g" g
Also, the alignment of the messages can be adjusted at va 0044382B. Test this command in windbg;
Code:
bp winload!BgpDrawCopyright+0x8 "eb 5ac7a8 50 00;g" g
Now to only adjust the alignment of the signature look at va 0044386C. In windbg I did a;
Code:
bp winload!BgpDrawCopyright+0x49 "eb ebp-18 00 02;g" g
Anybody knows why scripts don't work when debugging winload.exe?
@joakim
My program currently can change the background color of the messages (however they need to be the same color). The program can currently set the color of both message texts separately though. I knew about alignment, but didn't bother adding it into the program. My assumption was that once the person could make a full-screen background the whole text thing would be nearly obsolete (my reasoning for font changing as well). In the full-screen background you will be able to write any text, in any font, anywhere. The ONLY thing that is lost is the easy to translate method of one of the messages.
My program currently can change the background color of the messages (however they need to be the same color). The program can currently set the color of both message texts separately though. I knew about alignment, but didn't bother adding it into the program. My assumption was that once the person could make a full-screen background the whole text thing would be nearly obsolete (my reasoning for font changing as well). In the full-screen background you will be able to write any text, in any font, anywhere. The ONLY thing that is lost is the easy to translate method of one of the messages.
Sounds good.
It would however, be cool if the SOS switch could be written with transparency on top of a background image. I'll see what I can find..
It would however, be cool if the SOS switch could be written with transparency on top of a background image. I'll see what I can find..
Hello all,
I am using Reverse Integration to install sp1 in Windows 7 x64 Ultimate using these instructions:
(instructions are for vista but they work in 7)
If I customize my bootscreen with bootupdater, on the customized Windows 7, and then copy them over to the windows 7 source will they work if I put them in boot.wim?
John
I am using Reverse Integration to install sp1 in Windows 7 x64 Ultimate using these instructions:
HTML Code:
http://www.techrepublic.com/blog/window-on-windows/use-reverse-integration-to-slipstream-windows-vista-sp1-and-sp2/1249
If I customize my bootscreen with bootupdater, on the customized Windows 7, and then copy them over to the windows 7 source will they work if I put them in boot.wim?
John
I have not tried it myself, but I guess you will be facing a mui cache issue on the new system then (can not verify). Why don't you just try and report back? If it did not work, then you know which files to replace back to the fresh build.
@RBCC, no one is sayin you have to leve the forum, just try to read the thread and if its a bug fix, make sure to use the latest version, and respectfully post the bug report, the thing that really nnoyed me, because i havent done coding like Thaimin, or debug stuff like joakim, but i was the one that really started looking into how to get this to work, but what annoyed me, waas your attitude about how no one is working fast enough/ implementing the features you want.
@RBCC, personally i would download Microsft, prepatched SP1 iso of windows 7, then integrate why you need, that way you mke sure there isn;t any pre sp1 junk or anything else nasty in your image, thats the methon i'm using,
BTW, you should wait for IE9 final, i think its confirmed that there realising it march 14th aka in 3 days
@RBCC, it's not the non programmer that make you a n00b, its that you presumably havent really dug into the core of windows, and modified, or even studied windows.
BTW, you should wait for IE9 final, i think its confirmed that there realising it march 14th aka in 3 days
@RBCC, it's not the non programmer that make you a n00b, its that you presumably havent really dug into the core of windows, and modified, or even studied windows.
@Thaimin, have you checked out al the winlod/winresume, and bootmgr switches/APIs? there might be n esy way to change the frmerate, without having to install some debug app, if theres UIFILE's in any of the files you mod, tel me about them, i'm making a windows 7 theme, so the UIFILE's are right up my alley
@Thaimin, about the background nd easy to tansate text, you could just presumably, make a background and use the text region for text, with no text in the background, i'm sure you have thought of that though.
@Thaimin, about the background nd easy to tansate text, you could just presumably, make a background and use the text region for text, with no text in the background, i'm sure you have thought of that though.
Not exactly what I wanted but worth a post anyway. It is possible to boot with the SOS on (drivers loaded are printed to screen), and have the animation played on top of the print afterwords. The print can also be moved to the title and/or footer, or have it present in title, body and footer at the same time. 
Or remove body, and keep title/footer with animation in middle.
But what I actually was trying to, was having the driver print (with SOS switch) on top of the background image. No luck so far.
@thaimin
I'll look at bootmgr.exe.mui for possible extra resources added. Thanks.
Or remove body, and keep title/footer with animation in middle. But what I actually was trying to, was having the driver print (with SOS switch) on top of the background image. No luck so far.
@thaimin
I'll look at bootmgr.exe.mui for possible extra resources added. Thanks.
@marcujs0015
There are no "switches" or "APIs" for anything related to the animation. It is all hardcoded, and most things are in ntoskrnl. And it isn't just installing a debug app, to debug the boot process you need an external machine to do the debugging (in my case I use the host to the virtual machine, but if the modified system is not in a VM you need another computer connected with serial, usb, or firewire). However, we hope to find a method that does the same thing the debuggers do, just without the debugger. Essentially modify ntoskrnl in memory from winload.exe instead of an external computer. This is all beyond what is covered in any UIFILE.
@marcusj0015
The problem with that is that the text-drawing in winload.exe is it always draws a big box behind the text which would disrupt the image. However the background color of text may support ALPHA channel, so that background box could be transparent. I may look into, or just say that for different languages, use different images...
@joakim
Another idea occurs to me about modifying ntoskrnl in memory. It is probably more code then wold fit at the end of any current section, but a new code section could be added. It is also WAY more code than I ever want to do in my life in assembly. The code could be made as a DLL, specially designed to not have any references to kernel32.dll or any other libraries (set the target as native Win32 which is what winload.exe is), the code then extracted and added to winload.exe. That would be a nice way I think to do this.
There are no "switches" or "APIs" for anything related to the animation. It is all hardcoded, and most things are in ntoskrnl. And it isn't just installing a debug app, to debug the boot process you need an external machine to do the debugging (in my case I use the host to the virtual machine, but if the modified system is not in a VM you need another computer connected with serial, usb, or firewire). However, we hope to find a method that does the same thing the debuggers do, just without the debugger. Essentially modify ntoskrnl in memory from winload.exe instead of an external computer. This is all beyond what is covered in any UIFILE.
@marcusj0015
The problem with that is that the text-drawing in winload.exe is it always draws a big box behind the text which would disrupt the image. However the background color of text may support ALPHA channel, so that background box could be transparent. I may look into, or just say that for different languages, use different images...
@joakim
Another idea occurs to me about modifying ntoskrnl in memory. It is probably more code then wold fit at the end of any current section, but a new code section could be added. It is also WAY more code than I ever want to do in my life in assembly. The code could be made as a DLL, specially designed to not have any references to kernel32.dll or any other libraries (set the target as native Win32 which is what winload.exe is), the code then extracted and added to winload.exe. That would be a nice way I think to do this.
@joakim
More about what I was saying in the last post:
Inside Native Applications
I didn't know I could just make a program and have it run, which is another potential option.
More about what I was saying in the last post:
Inside Native Applications
I didn't know I could just make a program and have it run, which is another potential option.
@thaimin 1
Are you sure it is possible to run native applications before kernel is loaded? I think it is registry functionality inside of ntoskrnl.exe that will evaluate the key HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute and thus make it impossible to put anything there to modify the kernel itself (not at all sure).
If, for some reason we are stuck with assembler code added to winload.exe, then some interesting stuff can be extracted from the source of the stoned bootkit; http://www.stoned-vienna.com/downloa...20complete.zip Actually they use plugins too, like externally loaded executables to handle different parts of the process. Basically it is "just" 63 sectors and a handful of executables put as plugins, that we have to deal with as code.
@thaimin 2
Transparent background is nice. I don't know about this, but is there any alpha channel colour code for transparncy? On the other hand, maybe it could be possible to specify the coordinates for the box drawn, and put it say in the lower part of the screen (just a thought). And then maybe substitute loaded drivers on the screen (when SOS is on in bcd or forced with hardcoding), with some other debug information (even more thoughts).
@thaimin 3
I think it is impossible to put the bcd store as a resource inside bootmgr.exe.mui since the information that the mui is needed is defined in the bcd store itself (not tested yet). But of course should work for anything other as a resource put there.
Are you sure it is possible to run native applications before kernel is loaded? I think it is registry functionality inside of ntoskrnl.exe that will evaluate the key HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute and thus make it impossible to put anything there to modify the kernel itself (not at all sure).
If, for some reason we are stuck with assembler code added to winload.exe, then some interesting stuff can be extracted from the source of the stoned bootkit; http://www.stoned-vienna.com/downloa...20complete.zip Actually they use plugins too, like externally loaded executables to handle different parts of the process. Basically it is "just" 63 sectors and a handful of executables put as plugins, that we have to deal with as code.
@thaimin 2
Transparent background is nice. I don't know about this, but is there any alpha channel colour code for transparncy? On the other hand, maybe it could be possible to specify the coordinates for the box drawn, and put it say in the lower part of the screen (just a thought). And then maybe substitute loaded drivers on the screen (when SOS is on in bcd or forced with hardcoding), with some other debug information (even more thoughts).
@thaimin 3
I think it is impossible to put the bcd store as a resource inside bootmgr.exe.mui since the information that the mui is needed is defined in the bcd store itself (not tested yet). But of course should work for anything other as a resource put there.
@joakim 1
Yes, I realized this a bit after I posted the last one. So there is another level of program type (called subsystem in Windows API language). Here is the list:
I will look at the bootkit.
@joakim 2
There is alpha. The colors are 4 bytes long, RGBA, the last byte is for alpha. We have always been leaving this as 0xFF (255) which is fully opaque. You can't move the box separately from the text. The way drawing works in winload.exe is it creates rectangles and draws those rectangles to the screen. Everything it draws is a rectangle. To draw text, it creates a rectangle with that text. The text must be in a rectangle.
@joakim 3
Makes sense. I didn't really consider that part of it...
Yes, I realized this a bit after I posted the last one. So there is another level of program type (called subsystem in Windows API language). Here is the list:
- BOOT_APPLICATION
Programs during the boot process, including bootmgr.exe and winload.exe (actually a DLL) are this type. Cannot use any external libraries. - NATIVE
Programs that run after ntoskrnl.exe and smss.exe are loaded, but before any other subsystem is loaded. Programs can only use the NTDLL.DLL external library. No file handles are created yet, thus even the system partition can be scanned and defragged. - WINDOWS (WINDOWS_GUI) / CONSOLE (WINDOWS_CUI) / OS2_CUI / POSIX_CUI / WINDOWS_CE_GUI / XBOX
Higher level subsystems, these are programs you normally run. - EFI_APPLICATION / EFI_BOOT_SERVICE_DRIVER / EFI_RUNTIME_DRIVER / EFI_ROM
EFI-related programs. I don't know much about these.
I will look at the bootkit.
@joakim 2
There is alpha. The colors are 4 bytes long, RGBA, the last byte is for alpha. We have always been leaving this as 0xFF (255) which is fully opaque. You can't move the box separately from the text. The way drawing works in winload.exe is it creates rectangles and draws those rectangles to the screen. Everything it draws is a rectangle. To draw text, it creates a rectangle with that text. The text must be in a rectangle.
@joakim 3
Makes sense. I didn't really consider that part of it...
@thaimin 1
Sounds good about the BOOT_APPLICATION.
@thaimin 2
I understand that for the rectangles like the copyright and the startup text. But I can't see where to specify such for the BlXmiWrite function that grabs the colour codes from inside the xsl resource.
Sounds good about the BOOT_APPLICATION.
@thaimin 2
I understand that for the rectangles like the copyright and the startup text. But I can't see where to specify such for the BlXmiWrite function that grabs the colour codes from inside the xsl resource.
@thaimin
About BOOT_APPLICATION just may be an examle - in XP or even Vista the old-style boot animation code and resources (progress bar and background images) are also stored in ntoskrnl, and Stardock's Bootskin installs some kind of a boot-time driver (vidstub.sys if i remember correctly), which apparently substitutes that code in memory... And about patching in memory idea... i think "ultimate solution" could be a boot application run before (or instead of) winload which would patch winload (and then load it) and kernel in memory, leaving all system files physically untouched... would be too complicated to make it though...
About BOOT_APPLICATION just may be an examle - in XP or even Vista the old-style boot animation code and resources (progress bar and background images) are also stored in ntoskrnl, and Stardock's Bootskin installs some kind of a boot-time driver (vidstub.sys if i remember correctly), which apparently substitutes that code in memory... And about patching in memory idea... i think "ultimate solution" could be a boot application run before (or instead of) winload which would patch winload (and then load it) and kernel in memory, leaving all system files physically untouched... would be too complicated to make it though...
can someone show me in the forum where to change the size and position of the animation? which file? John
@AlexYM
I like the theory too, and think it is not impossible to do. Just very complicated.
@thaimin 1
I just did a few funny things. For instance I can draw driver printing (using SOS switch) on top of a background image, so that the image is visible in the background (ie we can have actually to a certain degree decide how big the text box should be, and let the rest of screen be filled by a background image.
@thaimin 2
The background image can also be of any size I think. Just verified with 600x800 and 400x1024, and is drawn perfectly. Can also overwrite the size as given in the edx register right before it's drawn. It will then be displayed, but with messed up pixels. Do you know if we can set the coordinates of where the background image is placed? For instance let the 400x1024 image be on the lower part of the screen..
@thaimin 3
I'm facing some difficulties with return codes. I can return to the correct esp value, but then at at a wrong eip. This is driving me nuts right now. Do you have a tip?
@RBCC
I've previously pointed you to the first post, for the instructions. Regarding the size of the animation, there is no known method of tweaking it (that works).
I like the theory too, and think it is not impossible to do. Just very complicated.
@thaimin 1
I just did a few funny things. For instance I can draw driver printing (using SOS switch) on top of a background image, so that the image is visible in the background (ie we can have actually to a certain degree decide how big the text box should be, and let the rest of screen be filled by a background image.
@thaimin 2
The background image can also be of any size I think. Just verified with 600x800 and 400x1024, and is drawn perfectly. Can also overwrite the size as given in the edx register right before it's drawn. It will then be displayed, but with messed up pixels.
Do you know if we can set the coordinates of where the background image is placed? For instance let the 400x1024 image be on the lower part of the screen..@thaimin 3
I'm facing some difficulties with return codes. I can return to the correct esp value, but then at at a wrong eip. This is driving me nuts right now. Do you have a tip?
@RBCC
I've previously pointed you to the first post, for the instructions. Regarding the size of the animation, there is no known method of tweaking it (that works).
Just showing a cool boot video;
I am tweaking this further and will post details when sorted out. The actual driver printing is located inside a minimal body template. (thaimin: don't bother with my previous question regarding return codes as I was doing a silly mistake).
I am tweaking this further and will post details when sorted out. The actual driver printing is located inside a minimal body template. (thaimin: don't bother with my previous question regarding return codes as I was doing a silly mistake).
@Thaimin,
About the Animation size, is it possible to change the boot screen resolution?
If we could optionally change the resolution to say, 800x600, we could still use the exact same animations, but we would give the impression that the animation was bigger, without breaking anything, and with few code additions
@Joakim,
If you could somehow make the text background in that video transparent, that would be amazing, because I and a lot of theme designers, want constitency above all
About the Animation size, is it possible to change the boot screen resolution?
If we could optionally change the resolution to say, 800x600, we could still use the exact same animations, but we would give the impression that the animation was bigger, without breaking anything, and with few code additions
@Joakim,
If you could somehow make the text background in that video transparent, that would be amazing, because I and a lot of theme designers, want constitency above all
You guys have been busy!
@joakim - "BlXmiWrite function"
So you have to realize that two different drawing processes are going on here at the same time. The system is both in text/console mode and graphical mode. The sos information, and everything in the XSL is drawn in console mode. The background image (not background color), animation, and the two text boxes ("Starting Windows" and "(c) Microsoft Corporation") are drawn in graphical mode.
@marcusj0015 / joakim - "Background Color of Text"
The colors of the text-mode are limited to the colors you will find at http://en.wikipedia.org/wiki/Color_Graphics_Adapter. The background color is a solid color, and cannot be transparent. Even looking within the code at the OsxmlColorParse function, it does not support full colors (only single nibble (4-bit) colors).
@joakim - "Background Image Size / Position"
Yes, the size can be changed, but why? Any empty space is just the background color. And why change the background position? Just design the background image to use the background color. Since the text-mode stuff apparently draws on top of the background image, there is no problem. But technically yes. Look at my documents at these lines (from the 32-bit version):
You would have to substitute the "and ..., 0" for a "mov ..., ##h", and remember to update the jump length if the new opcodes are shorter/longer.
@joakim - Assembly is tricky, ain't it?
@joakim - Cool Video! Maybe I will have to integrate an option for setting the SOS box area in my program... whats the snippet of XML you used for your video?
@AlexYM
Some issues I see, but apparently Stardock got around them. First, how do you get a program to go before winload? Bootmgr checks to see if it is signed by Microsoft. A video driver is an idea, winload loads a basic video driver pretty early on (thus the video driver could modify many things in winload.exe in memory). But then, I don't know the security requirements on that driver, or how to change it from the default. I will look into it.
@joakim - "BlXmiWrite function"
So you have to realize that two different drawing processes are going on here at the same time. The system is both in text/console mode and graphical mode. The sos information, and everything in the XSL is drawn in console mode. The background image (not background color), animation, and the two text boxes ("Starting Windows" and "(c) Microsoft Corporation") are drawn in graphical mode.
@marcusj0015 / joakim - "Background Color of Text"
The colors of the text-mode are limited to the colors you will find at http://en.wikipedia.org/wiki/Color_Graphics_Adapter. The background color is a solid color, and cannot be transparent. Even looking within the code at the OsxmlColorParse function, it does not support full colors (only single nibble (4-bit) colors).
@joakim - "Background Image Size / Position"
Yes, the size can be changed, but why? Any empty space is just the background color. And why change the background position? Just design the background image to use the background color. Since the text-mode stuff apparently draws on top of the background image, there is no problem. But technically yes. Look at my documents at these lines (from the 32-bit version):
Code:
; Set the position to draw at 0, 0 and get a pointer to the �POINT� structure and [ebp+EC], 0 ; 83 65 [EC] [00] and [ebp+F0], 0 ; 83 65 [F0] [00] lea eax, [ebp+EC] ; 8D 45 [EC]
@joakim - Assembly is tricky, ain't it?
@joakim - Cool Video! Maybe I will have to integrate an option for setting the SOS box area in my program... whats the snippet of XML you used for your video?
@AlexYM
Some issues I see, but apparently Stardock got around them. First, how do you get a program to go before winload? Bootmgr checks to see if it is signed by Microsoft. A video driver is an idea, winload loads a basic video driver pretty early on (thus the video driver could modify many things in winload.exe in memory). But then, I don't know the security requirements on that driver, or how to change it from the default. I will look into it.
@Thaimin, you didn't address my question about the resolution change.
maybe using a 800x600 image, would make the screen display at that res?
which would also, fix our netbook bretheren's problem, with the vista boot screen, becasue of too low res display
maybe using a 800x600 image, would make the screen display at that res?
which would also, fix our netbook bretheren's problem, with the vista boot screen, becasue of too low res display
@marcusj0015
I have no idea...
I have no idea...
Do u think it's worth testing? I don't know to test this sort of stuff, so I am at the mercy of you and Joakim
@marcusj0015
Main problem is that x,y position of animation in pixels is still hardcoded in ntoskrnl, thus if you'll want it to be not moved down-right with lower resolution and to keep it centered, you'll still need to modify ntoskrnl. I suppose this is the reason why MS disabled animation on 800x600 resolution mode (this mode can be force-enabled by bcdedit command, btw).
Main problem is that x,y position of animation in pixels is still hardcoded in ntoskrnl, thus if you'll want it to be not moved down-right with lower resolution and to keep it centered, you'll still need to modify ntoskrnl. I suppose this is the reason why MS disabled animation on 800x600 resolution mode (this mode can be force-enabled by bcdedit command, btw).
@marcusj0015
A smaller sized image will not affect the screen resolution, however I suppose the resolution should be able to be forced somehow, by modifying code. Just don't know how right now.
@thaimin
I think a forced SOS printing could be a nice addition. What I did:
1. Create a basic template like;
2. At 004014CC write 90909090909090909090 (x10). This will force a spoofed SOS switch and display the driver printings. It will thus allow for the kernel to play the animation as well since the 26000091 parameter is not brought further to the loaderblock, unless you actually booted with the SOS on in your BCD (can be resolved though, but don't think it's necessary).
3. Next trick is to inject the background image after the first layer (background) of the xml stuff is drawn, so that the driver printing is on top of the image and not the boring xsl drawing. At 004014E0 (right after the call to BlXmiWrite in OslpMain) make a jump to your bitmapdrawing function. Since I also wanted a custom copyright message on top of the bitmap, a added code right after you bitmapdrawing function to first call bitmapdrawing and then the copyrightdrawing, before jumping back into OslpMain. Now the osload-sos template is shown only as specified with width and height in you body. For the sake of the test I also drew a custom startup text on an empty black screen before the background image, but the copyright/startuptext stuff was added after the video was uploaded..
But don't seem to get any transparency with the alpha channel on my copyright. It is like transparency don't work and FF is forced on.
A smaller sized image will not affect the screen resolution, however I suppose the resolution should be able to be forced somehow, by modifying code. Just don't know how right now.
@thaimin
I think a forced SOS printing could be a nice addition. What I did:
1. Create a basic template like;
Code:
<xsl:template match="osload-sos"> <osxml:text-mode-ui> <body background-color="RXBI" foreground-color="XXXX"> <p pad-left="8" pad-right="8"> <textarea name="file-info" scroll="true" width="68" height="1"/> </p> </body> </osxml:text-mode-ui> </xsl:template>
3. Next trick is to inject the background image after the first layer (background) of the xml stuff is drawn, so that the driver printing is on top of the image and not the boring xsl drawing. At 004014E0 (right after the call to BlXmiWrite in OslpMain) make a jump to your bitmapdrawing function. Since I also wanted a custom copyright message on top of the bitmap, a added code right after you bitmapdrawing function to first call bitmapdrawing and then the copyrightdrawing, before jumping back into OslpMain. Now the osload-sos template is shown only as specified with width and height in you body. For the sake of the test I also drew a custom startup text on an empty black screen before the background image, but the copyright/startuptext stuff was added after the video was uploaded..
But don't seem to get any transparency with the alpha channel on my copyright. It is like transparency don't work and FF is forced on.
If the resulution of the animation images went from 200x200 to 100x100 will that make the animation smaller or will it crash?
�� Quote: Originally Posted by RBCC If the resulution of the animation images went from 200x200 to 100x100 will that make the animation smaller or will it crash?
@RBCC,
or you could just make a smaller animation on the standard animation strip, giving the impression the animation is actually smaller, but there would be no hacks nessicary, thaimin wouldnt have to add any more hacks, which would be easier in the long run
or you could just make a smaller animation on the standard animation strip, giving the impression the animation is actually smaller, but there would be no hacks nessicary, thaimin wouldnt have to add any more hacks, which would be easier in the long run
@joakim
I don't know about forced SOS, but make it so that if SOS is also enabled, it looks good. So no step 2, but I will have to reread your step 3 with the code in front of me to think about that more. In any case, not going to be supported for the next version (coming in a few days). Sad to hear about the alpha channel.
@rbcc
If you use my program, it will only save the "proper" animation size, regardless of what you give it. If you were to manually do it, and speculating from joakim's previous work with larger images, you would see four frames in a square for each 'standard' frame. Then at about frame 26 it would probably crash.
@everyone
I know people were having problems with integrating the modified files into install.wim / boot.wim. Well, if you could, I would like you to try out a new tool I made.
The tool allows you to self-sign things, generating a custom certificate for you. It then lets you install this custom certificate into the registry of the to-be-installed computer. I think that the installer just wants those modified files to be signed. If this is true, I will add a cleaner system for this situation, but for now, please test this out.
Download: http://www.coderforlife.com/projects...extras/#signer
To use it:
I don't know about forced SOS, but make it so that if SOS is also enabled, it looks good. So no step 2, but I will have to reread your step 3 with the code in front of me to think about that more. In any case, not going to be supported for the next version (coming in a few days). Sad to hear about the alpha channel.
@rbcc
If you use my program, it will only save the "proper" animation size, regardless of what you give it. If you were to manually do it, and speculating from joakim's previous work with larger images, you would see four frames in a square for each 'standard' frame. Then at about frame 26 it would probably crash.
@everyone
I know people were having problems with integrating the modified files into install.wim / boot.wim. Well, if you could, I would like you to try out a new tool I made.
The tool allows you to self-sign things, generating a custom certificate for you. It then lets you install this custom certificate into the registry of the to-be-installed computer. I think that the installer just wants those modified files to be signed. If this is true, I will add a cleaner system for this situation, but for now, please test this out.
Download: http://www.coderforlife.com/projects...extras/#signer
To use it:
- Download the signer (or signer64 and rename to signer)
- Download the example script and extract it
- Open the example script in Notepad
- Edit the "locale" and "name" in the script (close to the top)
- Set the "root" to the mounted folder of the WIM, or alternatively run the program from the command line with the mounted folder as an argument
- Repeat last step for both boot.wim images and the desired install.wim image
- Each time you should see 5 notifications that it successfully signed the files and 2 notifications that it installed the certificate
besides the books aforementioned, could someone give ideas of any books that could help me get up to speed on this? There is no way to reposition the animation?
Is this doing this:
Set the position to draw at 0, 0 and get a pointer to the �POINT� structure
and [ebp+EC], 0 ; 83 65 [EC] [00]
and [ebp+F0], 0 ; 83 65 [F0] [00]
lea eax, [ebp+EC] ; 8D 45 [EC]
?
Or which file helps in this matter?
JOhn
Is this doing this:
Set the position to draw at 0, 0 and get a pointer to the �POINT� structure
and [ebp+EC], 0 ; 83 65 [EC] [00]
and [ebp+F0], 0 ; 83 65 [F0] [00]
lea eax, [ebp+EC] ; 8D 45 [EC]
?
Or which file helps in this matter?
JOhn
Thaimin you are right. It is much better to not force it on, and let the user choose it in the bootmenu. Instead we can modify the code slightly inside OslDisplayInitialize (this is necessary), by changing this
to something invalid like
But we still need to make a jump to some custom code at 4014e0. Original code;
changed to;
and the custom code was placed right behind your bitmapdrawing function;
@RBCC
I don't know how many times I have to tell you this, but you have to read the first post. There you will find information on how to reposition the animation. The code you refer to is for the coordinates of the bitmap as drawn by winload.exe. You really need to do some studying to understand how reverse engineering works. Besides that you also might want to know the internals of the Windows boot process. Since you have recognized the links you also have a reference for the best book about that. Regarding reverse engineering, you really have to start learning using hex editors, disassemblers, debuggers, pe editors, and assembler. I am not at all a pro, but it still took me quite some time (years). It is simply not done over a weekend. For testing you need to start using virtualization like VMware Workstation or Player, else it will take about forever to test all mods on real hardware. Relevant part of first post;
It is the stuff about x and y position you are asking about. If you have not figured out by now, you will need to modify the kernel, for instance ntoskrnl.exe. Good luck!
Joakim
Code:
.text:004061A6 push 26000091h (68 91 00 00 26)
Code:
.text:004061A6 push 99999999h (68 99 99 99 99)
Code:
.text:004014E0 lea eax, [ebp+arg_0] (8D 45 08) .text:004014E3 push eax (50) .text:004014E4 push ebx (53)
Code:
.text:004014E0 jmp loc_4573B7 (E9 D2 5E 05 00)
Code:
.text:004573B7 call sub_457370 (new bitmap function) .text:004573BC call sub_443823 (copyright) .text:004573C1 lea eax, [ebp+arg_0] .text:004573C4 push eax .text:004573C5 push ebx .text:004573C6 jmp loc_4014E5 (back to OslpMain to load SYSTEM hive)
I don't know how many times I have to tell you this, but you have to read the first post. There you will find information on how to reposition the animation. The code you refer to is for the coordinates of the bitmap as drawn by winload.exe. You really need to do some studying to understand how reverse engineering works. Besides that you also might want to know the internals of the Windows boot process. Since you have recognized the links you also have a reference for the best book about that. Regarding reverse engineering, you really have to start learning using hex editors, disassemblers, debuggers, pe editors, and assembler. I am not at all a pro, but it still took me quite some time (years). It is simply not done over a weekend. For testing you need to start using virtualization like VMware Workstation or Player, else it will take about forever to test all mods on real hardware. Relevant part of first post;
Quote:
Animation parameters:
Some animation parameters can also be tweaked (thanks to AlexYM). As the actual animation is played by the kernel we must patch it to modify these values.
The relevant function is ResFwpGetProgressIndicatorAnimation and this how it looks like in IDA for ntkrnlpa.exe;
Explanation after converting from hex to decimal:
So I made another stupid animation hack that is more annoying than elegant. Setting framerate to 78 (4e) and the number of first looping frames to 57 (39) will let you see the crystal balls start flying and when they are done (before they melt together) it will start over again. Really annoying to look at, especially when this repeates itself 19 times!
Some animation parameters can also be tweaked (thanks to AlexYM). As the actual animation is played by the kernel we must patch it to modify these values.
The relevant function is ResFwpGetProgressIndicatorAnimation and this how it looks like in IDA for ntkrnlpa.exe;
Code:
PAGEBGFX:00748C97 mov eax, 0C8h PAGEBGFX:00748C9C lea edi, [esi+0Ch] PAGEBGFX:00748C9F mov dword ptr [esi], 1 PAGEBGFX:00748CA5 mov dword ptr [esi+4], 19Ch PAGEBGFX:00748CAC mov dword ptr [esi+8], 11Ch PAGEBGFX:00748CB3 mov [esi+10h], eax PAGEBGFX:00748CB6 mov [edi], eax PAGEBGFX:00748CB8 mov dword ptr [esi+18h], 0Fh PAGEBGFX:00748CBF mov dword ptr [esi+1Ch], 69h PAGEBGFX:00748CC6 mov dword ptr [esi+24h], 3Ch
Code:
At 00748C97 we find the frame's width and height as C8 = 200. At 00748CA5 we find the x position of the frame as 19C = 412. At 00748CAC we find the y position of the frame as 11C = 284. At 00748CB8 we find the framerate (per sec) as 0F = 15. At 00748CBF we find the total number of frames as 69 = 105. At 00748CC6 we find the number of first unlooping frames as 3C = 60
Joakim
@joakim
I just noticed something about that code. It may be possible to set width and height independent of each other.
which is essentially
Thus it looks like the width and height could be set separately from one another (although it isn't an easy drop-in replacement anymore).
I just noticed something about that code. It may be possible to set width and height independent of each other.
Code:
mov eax, 0C8h lea edi, [esi+0Ch] ... mov [esi+10h], eax mov [edi], eax ...
Code:
... mov [esi+10h], 0C8h mov [esi+0Ch], 0C8h ...
I have done some tests and believe it is impossible to set screen resolution correctly to 800x600 and get animation at the same time. However I noticed it is possible to boot with 1024x768 and then force the kernel into believing the resolution is something different (must be smaller though, else it will crash) right before it will play the animation. With forced 800x600 it will look like flimmering stretched over the screen like this;
With 768x512 it looks like this;
To test this in windbg you can issue this command;
That is for 768x512 since 300h in decimal = 768 and 200h in decimal = 512.
So the animation is played, but with a very distorted look.
DO NOT TEST THIS HACK ON REAL HARDWARE!!
With 768x512 it looks like this;
To test this in windbg you can issue this command;
Code:
bp nt!BgpGetResolution "eb nt!BgInternal+0x8 00 03 00 00 00 02 00 00 00 03 00 00"
So the animation is played, but with a very distorted look.
DO NOT TEST THIS HACK ON REAL HARDWARE!!
Just tried implementing the stupid hack into a patch. Now the code looks ok in IDA, and should work according to that;
Machine code;
But while booting it seems that the code has modified itself slightly. Inside windbg I find this code at the same location;
Roughly 50% of the code has changed..
Kernel base = 0x82c0f000.
(82f58623-82c0f000)+400000=749623
Code on the next boot (with different kernel base);
Any ideas? Tricks present to fool disassemblers?
Joakim
Code:
PAGEBGFX:00749623 mov ecx, 300h PAGEBGFX:00749628 mov [eax], ecx PAGEBGFX:0074962A mov ecx, 200h PAGEBGFX:0074962F mov [eax+4], ecx PAGEBGFX:00749632 mov ecx, 300h PAGEBGFX:00749637 mov [eax+8], ecx PAGEBGFX:0074963A nop PAGEBGFX:0074963B nop PAGEBGFX:0074963C nop PAGEBGFX:0074963D retn
Code:
B9 00 03 00 00 89 08 B9 00 02 00 00 89 48 04 B9 00 03 00 00 89 48 08 90 90 90 C3
Code:
nt!BgpGetResolution: 82f58623 b90003f080 mov ecx,offset NETIO!NetioAllocateNetBufferMdlAndDataPool+0x34 (80f00300) 82f58628 0b08 or ecx,dword ptr [eax] 82f5862a b9000200f0 mov ecx,0F0000200h 82f5862f 09cb or ebx,ecx 82f58631 04b9 add al,0B9h 82f58633 0003 add byte ptr [ebx],al 82f58635 0000 add byte ptr [eax],al 82f58637 79c9 jns nt!GxpWriteFrameBufferPixels+0xa2 (82f58602) nt!BgpGetResolution+0x14: 82f58639 8a909090c390 mov dl,byte ptr [eax-6F3C6F70h]
Kernel base = 0x82c0f000.
(82f58623-82c0f000)+400000=749623
Code on the next boot (with different kernel base);
Code:
nt!BgpGetResolution: 82f49623 b900030080 mov ecx,80000300h 82f49628 0b08 or ecx,dword ptr [eax] 82f4962a b900020000 mov ecx,200h 82f4962f 09cb or ebx,ecx 82f49631 04b9 add al,0B9h 82f49633 0003 add byte ptr [ebx],al 82f49635 0000 add byte ptr [eax],al 82f49637 89c8 mov eax,ecx 82f49639 8a909090c390 mov dl,byte ptr [eax-6F3C6F70h]
Joakim
One thing that kept getting in my way is the relocations. Look at the relocations table (.reloc) and zero out any that are in the range you are editing. From my experience you can just put "00 00" for any relocation you want to skip, it doesn't matter that the "00 00" is in the middle of a list.
References:
http://msdn.microsoft.com/en-us/magazine/cc301808.aspx - "Base Relocations"
http://msdn.microsoft.com/en-us/library/ms809762.aspx - "PE File Base Relocations"
References:
http://msdn.microsoft.com/en-us/magazine/cc301808.aspx - "Base Relocations"
http://msdn.microsoft.com/en-us/library/ms809762.aspx - "PE File Base Relocations"
Alpha v11 has been released.
Notable new features:
Notable new features:
- Allows changing the background to an image
- Can run in different languages and the language can be changed at run-time, includes translations for German, Russian, and Italian
- Reverted it to use only .NET Framework 2.0 and not require MS Visual C 2010 library - no more errors about missing MCVS100.dll!
- Much faster startup and checking of bootres.dll - marcisj0015, no more 2 minutes to start the program!
- Can now create a standalone installer - no need to create RAR installers!
- Improved transparency support
- Boot skin files are smaller
- Improved update checking
- Slightly improved backup system
- Smarter default winload and winresume paths using BCD data
- Numerous other minor changes and fixes
Danke (THANKS) for germany language !!!
How to translate win7bootupdater to vietnamese language?
I got the code running by changing slightly on it. It had nothing to do with relocations as the code was still following the same order. Have no idea why it now works as it is essentially the same..
Code for ntoskrnl.exe 32-bit version 6.1.7600.16385.
It may only work as a test on a WinPE based system. I tried on a normal system and got stop 0x7b (as expected). So only for the fun of testing it.
@thaimin
Just downloaded and tried alpha 11. Good work!
A few things;
I noticed a misleading error message. Since I'm using a custom made bootmgr your program will not detect it, and that is ok. But first there comes 2 similar boxes saying;
and then a third one with "Unknown error (162)". Even when I revert to original bootmgr the same 3 error messages come. In my testsetup bootmgr is chainloaded by grub4dos. Could it be the device=boot configuration in BCD that messes up? I need to copy a fresh bootmgr to c:\ to get the program to add a static background to winload. Maybe we can have separated functions like;
- disable checks in bootmgr
- disable checks in winload.exe
- only modify background or animation or text or copyright
- allow files to be modified even if bootmgr/winload are already patched for security (ie search for the signature inside the file)
- give the user a listing of all modified files in the last message.
It also does not draw the background image correctly. I see that the bitmap is added to both winload.exe and winload.exe.mui. Necessary to add to the mui file? If I delete the mui, then the background image is drawn though.
Btw, cool with the frame counter following the mouse as you play an animation. And very nice have dotnet 2 back. Overall I'm very impressed by the massive amount of functionality, nice GUI and supported Windows versions.
Joakim
Code:
0073D61E 00030000 dd 00000300h 0073D622 90 nop 90h 0073D623 8B0D1ED67300 mov ecx,[L0073D61E] 0073D629 8908 mov [eax],ecx 0073D62B 8B0D3ED67300 mov ecx,[L0073D63E] 0073D631 894804 mov [eax+04h],ecx 0073D634 8B0D1ED67300 mov ecx,[L0073D61E] 0073D63A 894808 mov [eax+08h],ecx 0073D63D C3 retn 0073D63E 00020000 dd 00000200h
It may only work as a test on a WinPE based system. I tried on a normal system and got stop 0x7b (as expected). So only for the fun of testing it.
@thaimin
Just downloaded and tried alpha 11. Good work!
A few things;I noticed a misleading error message. Since I'm using a custom made bootmgr your program will not detect it, and that is ok. But first there comes 2 similar boxes saying;
Code:
Error While Getting bootmgr Path The bootmgr path in the BCD is invalid
- disable checks in bootmgr
- disable checks in winload.exe
- only modify background or animation or text or copyright
- allow files to be modified even if bootmgr/winload are already patched for security (ie search for the signature inside the file)
- give the user a listing of all modified files in the last message.
It also does not draw the background image correctly. I see that the bitmap is added to both winload.exe and winload.exe.mui. Necessary to add to the mui file? If I delete the mui, then the background image is drawn though.
Btw, cool with the frame counter following the mouse as you play an animation. And very nice have dotnet 2 back. Overall I'm very impressed by the massive amount of functionality, nice GUI and supported Windows versions.
Joakim
@GEORG
And thanks to moinmoin and Tendririan at deskmodder.de who did the translations!
By the way, I just (like 5 minutes ago) updated the program again to include a more complete/correct German translation.
@phucduongqb
See the following page. It has all the instructions (although only in English) and includes a download for the text file to edit.
http://www.coderforlife.com/projects...oot/translate/
And thanks to moinmoin and Tendririan at deskmodder.de who did the translations!
By the way, I just (like 5 minutes ago) updated the program again to include a more complete/correct German translation.
@phucduongqb
See the following page. It has all the instructions (although only in English) and includes a download for the text file to edit.
http://www.coderforlife.com/projects...oot/translate/
@joakim 1
Yeah, it didn't exactly look like it was due to relocations, since the values added weren't equal to the base change, but its the only time I have seen the code change from what IDA shows and what windbg shows.
@joakim 2
It definitely is the device=boot in the BCD. I had no idea what this means, so I didn't implement it properly. So, what does it mean? How can I find out what is the path to the "boot device"?
The only device type my program knows how to handle properly at the moment is "partition". I would like to get the following to work as well: boot, file, ramdisk, qualified partition, and locate ex. Some I don't know how to get a path to (boot and qualified partition) others aren't things I can have normal paths to (file and ramdisk) and locate ex is just confusing.
You could have selected the bootmgr in \Windows\Boot\PCAT\bootmgr... but yes something needs to be done. Many people get confused when the second time they run the program it doesn't work (since I can't modify modified files).
I was trying to make it as simple as possible, but then you get problems like this.
I have been considering these changes though, but haven't thought too much about them until now:
@joakim 3
It also does not draw the background image correctly".
In what way? Can you send / attach a picture of how it is and how it should be?
I see that the bitmap is added to both winload.exe and winload.exe.mui. Necessary to add to the mui file?
I use the same exact function to update the resources in winload.exe and in winload.exe.mui. Necessary for one of the texts and background color, and instead of making a separate function, I just decided it didn't hurt to add it to both.
Btw, cool with the frame counter following the mouse as you play an animation.
Thanks!
And very nice have dotnet 2 back.
The only drawback is that I can't it to compile correctly for .NET 2 and 64-bit (the EXE always comes out corrupted). However the 32-bit EXE works for both 32 and 64 bit Windows, with one minor problem. Open and Save Dialogs cannot select files in System32 on 64-bit Windows. However internally file paths work just fine wherever they are.
Overall I'm very impressed by the massive amount of functionality, nice GUI and supported Windows versions.
Thanks! I know that it isn't perfect, but I'm working on it. And it is the only tool of its kind in the world.
Thanks for all your feedback!
Yeah, it didn't exactly look like it was due to relocations, since the values added weren't equal to the base change, but its the only time I have seen the code change from what IDA shows and what windbg shows.
@joakim 2
It definitely is the device=boot in the BCD. I had no idea what this means, so I didn't implement it properly. So, what does it mean? How can I find out what is the path to the "boot device"?
The only device type my program knows how to handle properly at the moment is "partition". I would like to get the following to work as well: boot, file, ramdisk, qualified partition, and locate ex. Some I don't know how to get a path to (boot and qualified partition) others aren't things I can have normal paths to (file and ramdisk) and locate ex is just confusing.
You could have selected the bootmgr in \Windows\Boot\PCAT\bootmgr... but yes something needs to be done. Many people get confused when the second time they run the program it doesn't work (since I can't modify modified files).
I was trying to make it as simple as possible, but then you get problems like this.
I have been considering these changes though, but haven't thought too much about them until now:
- Mark files in way so that I know it was modified by my program (maybe add something to the version information)
- If the bootmgr file is marked, don't do anything to it
- If the winload.exe file is marked, don't apply security modifications and use special versions of the patches to work with already-modified winload.exe
- Some cases this won't work, I can't always modify a file that has been previously modified (e.g. the copyright string was long last time so I moved it to the end of rdata, and it has some random text now, I won't be able to find it)
- In those cases I can automatically restore the backup and try again
- This has issues if someone updated their boot animation, then applied SP1 (or any other update that changed winload.exe) and tried again. It gets confusing real fast.
@joakim 3
It also does not draw the background image correctly".
In what way? Can you send / attach a picture of how it is and how it should be?
I see that the bitmap is added to both winload.exe and winload.exe.mui. Necessary to add to the mui file?
I use the same exact function to update the resources in winload.exe and in winload.exe.mui. Necessary for one of the texts and background color, and instead of making a separate function, I just decided it didn't hurt to add it to both.
Btw, cool with the frame counter following the mouse as you play an animation.
Thanks!
And very nice have dotnet 2 back.
The only drawback is that I can't it to compile correctly for .NET 2 and 64-bit (the EXE always comes out corrupted). However the 32-bit EXE works for both 32 and 64 bit Windows, with one minor problem. Open and Save Dialogs cannot select files in System32 on 64-bit Windows. However internally file paths work just fine wherever they are.
Overall I'm very impressed by the massive amount of functionality, nice GUI and supported Windows versions.
Thanks! I know that it isn't perfect, but I'm working on it. And it is the only tool of its kind in the world.
Thanks for all your feedback!
Strange as it is, the crazy hack I posted does in fact work for a regular Windows 7 install. As often happens with this sort of stuff, I was using the wrong file (kernel in this case) that produced crashes on non-WinPE. I verified on a SP1 build and it did not complain (but I would still not recommend it though). But still funny to see 5 animations (a little bit distorted) in stead of 1. The point is that the patched function is only read once prior to playing the animation, so it will not affect other things (I think).
I'm just throwing in some research notes here for future reference, and updated in first post whenever something interesting comes along.
Joakim
I'm just throwing in some research notes here for future reference, and updated in first post whenever something interesting comes along.
Joakim
�� Quote: Originally Posted by thaimin It definitely is the device=boot in the BCD. I had no idea what this means, so I didn't implement it properly. So, what does it mean? How can I find out what is the path to the "boot device"?
The only device type my program knows how to handle properly at the moment is "partition". I would like to get the following to work as well: boot, file, ramdisk, qualified partition, and locate ex. Some I don't know how to get a path to (boot and qualified partition) others aren't things I can have normal paths to (file and ramdisk) and locate ex is just confusing.
The only device type my program knows how to handle properly at the moment is "partition". I would like to get the following to work as well: boot, file, ramdisk, qualified partition, and locate ex. Some I don't know how to get a path to (boot and qualified partition) others aren't things I can have normal paths to (file and ramdisk) and locate ex is just confusing.
Regarding the actual BCD entry, you can find the disk signature of the bootable HDD specified in that given entry (when device=boot). But it's purpose is unknown to me, and appears meaningless (for {bootmgr}).
Joakim
�� Quote: Originally Posted by thaimin @joakim "It also does not draw the background image correctly".
In what way? Can you send / attach a picture of how it is and how it should be?
In what way? Can you send / attach a picture of how it is and how it should be?
@joakim
I use the same techniques for bootmgr, winload, and winresume. device=boot has meaning for winload an winresume, along with file and ramdisk, although those are much harder to implement and are probably not worth it. I believe I found out how to find the boot device, if you could check it out for me. In a command line run:
Does the name match what you expect? (should be like C:\ or maybe \\?\Volume{...}\ if it is hidden)
@joakim 2
Let me try to understand your background image problem a bit more. Clean install of Windows 7 SP1 x86 Embedded in a VM. No background image. If you remove the .mui file it does work though? Or was that a different test? You seem to have many interesting things with your MUIs, maybe its just because it is Embedded. For example, you don't need to change your startup text in the MUI, whereas every system I have tested requires this.
The startup text and copyright don't show up in the preview either when you chose background image. My logic here was if you are setting a background image, you will just integrate the text into the image. Do you think this should be changed?
I use the same techniques for bootmgr, winload, and winresume. device=boot has meaning for winload an winresume, along with file and ramdisk, although those are much harder to implement and are probably not worth it. I believe I found out how to find the boot device, if you could check it out for me. In a command line run:
Code:
wmic VOLUME WHERE BootVolume=TRUE GET Name, ID
@joakim 2
Let me try to understand your background image problem a bit more. Clean install of Windows 7 SP1 x86 Embedded in a VM. No background image. If you remove the .mui file it does work though? Or was that a different test? You seem to have many interesting things with your MUIs, maybe its just because it is Embedded. For example, you don't need to change your startup text in the MUI, whereas every system I have tested requires this.
The startup text and copyright don't show up in the preview either when you chose background image. My logic here was if you are setting a background image, you will just integrate the text into the image. Do you think this should be changed?
�� Quote: Originally Posted by thaimin @phucduongqb
See the following page. It has all the instructions (although only in English) and includes a download for the text file to edit.
Coder for Life - Project - Windows 7 Boot Updater: Translation
See the following page. It has all the instructions (although only in English) and includes a download for the text file to edit.
Coder for Life - Project - Windows 7 Boot Updater: Translation
@thaimin 1
The boot device can also be found by examining the mbr for what is marked as active (which I believe that command line essentially does). However it will still be prone to errors, as long as a user is using a different boot manager than bootmgr (like grub4dos/grldr). Because then bootmgr can be on any partition. Therefore I think there is no fool proof method of finding the right bootmgr which is in use. So I think the best you can do is assume that bootmgr is the one used. If it fails, then let the user choose where it is located (should cover for most setups I think). Just to show you how impossible it may be to correctly identify the bootmanager, you can install grub4dos to your hdd and then rename bootmgr to grldr. This way grub4dos's mbr code is loading bootmgr. And nowadays we have numerous different bootmanagers around.
But for the other files it certainly makes sense to evaluate the BCD.
@thaimin 2
I will need to to disassemble and debug the patched winload that alpha 11 generated to see what might be wrong. I'll check.
The boot device can also be found by examining the mbr for what is marked as active (which I believe that command line essentially does). However it will still be prone to errors, as long as a user is using a different boot manager than bootmgr (like grub4dos/grldr). Because then bootmgr can be on any partition. Therefore I think there is no fool proof method of finding the right bootmgr which is in use. So I think the best you can do is assume that bootmgr is the one used. If it fails, then let the user choose where it is located (should cover for most setups I think). Just to show you how impossible it may be to correctly identify the bootmanager, you can install grub4dos to your hdd and then rename bootmgr to grldr. This way grub4dos's mbr code is loading bootmgr. And nowadays we have numerous different bootmanagers around.
But for the other files it certainly makes sense to evaluate the BCD.
@thaimin 2
I will need to to disassemble and debug the patched winload that alpha 11 generated to see what might be wrong. I'll check.
@thaimin
The reason why background image failed was because of 2 errors in your bitmapdrawing function. The 2 functions ResFindDataEntryFromImage and BgpGxDrawBitmapImage have new adresses in SP1 so you just need to correct the destination adress of the 2 calls slightly. On my 32-bit version 6.1.7601.17124 of winload.exe I corrected into this and it worked;
Forget about what I said about the image present in the mui. It does not matter. It was tested on Embedded by the way.
The issue of new adresses in new versions of winload.exe might cause some work every time an update comes. But there is not much we can do about it, else than disassemble each new version and find out.
Joakim
The reason why background image failed was because of 2 errors in your bitmapdrawing function. The 2 functions ResFindDataEntryFromImage and BgpGxDrawBitmapImage have new adresses in SP1 so you just need to correct the destination adress of the 2 calls slightly. On my 32-bit version 6.1.7601.17124 of winload.exe I corrected into this and it worked;
Code:
00457667 call 00426d19 [e8 ad f6 fc ff] and 00457680 call 00444261 [e8 dc cb fe ff]
The issue of new adresses in new versions of winload.exe might cause some work every time an update comes. But there is not much we can do about it, else than disassemble each new version and find out.
Joakim
@phucduongqb
See the email I sent you.
@joakim 1
Well, truthfully, I thought with an invalid BCD path you would get only 1 error message, not continually, and when you select the right file, you should not get any other error messages. I will have to make sure that it only tells you once. If that issue is fixed, I believe you are right, I should have a best guess that works for many people, and then a single warning to others that they need to correct it. And maybe even have an option to not select one at all (and skip that step). I will have to make this whole skipping steps thing (because a file is already modified or the user doesn't want it).
@joakim 2
I do have a patch unique to x86 SP1 function locations, and I do believe it was used. Maybe the embedded files are slightly different? Maybe there are multiple SP1 files with different function locations? I have some files here I can check out, but if you could send me your winload.exe that would be great. Thanks!
See the email I sent you.
@joakim 1
Well, truthfully, I thought with an invalid BCD path you would get only 1 error message, not continually, and when you select the right file, you should not get any other error messages. I will have to make sure that it only tells you once. If that issue is fixed, I believe you are right, I should have a best guess that works for many people, and then a single warning to others that they need to correct it. And maybe even have an option to not select one at all (and skip that step). I will have to make this whole skipping steps thing (because a file is already modified or the user doesn't want it).
@joakim 2
I do have a patch unique to x86 SP1 function locations, and I do believe it was used. Maybe the embedded files are slightly different? Maybe there are multiple SP1 files with different function locations? I have some files here I can check out, but if you could send me your winload.exe that would be great. Thanks!
@thaimin
joakim said his file's version is 6.1.7601.17124 and this is sp1 RC Escrow while the SP1 RTM is 17514...
joakim said his file's version is 6.1.7601.17124 and this is sp1 RC Escrow while the SP1 RTM is 17514...
�� Quote: Originally Posted by AlexYM @thaimin
joakim said his file's version is 6.1.7601.17124 and this is sp1 RC Escrow while the SP1 RTM is 17514...
joakim said his file's version is 6.1.7601.17124 and this is sp1 RC Escrow while the SP1 RTM is 17514...
@AlexYM
Thanks for noticing that!
@joakim
I have updated the patches online. You don't even need to download a new version of the program, it will update itself. I set it to use the SP1 patches if the version is 6.1.7601.16537 or greater. The problem with it complaining about the invalid BCD path won't be fixed automatically though. You'll have to wait for the next version.
By the way, the file you sent me, when loaded in IDA, it doesn't get any symbols loaded. Maybe they removed those symbols since it is the RC version...
Thanks for noticing that!
@joakim
I have updated the patches online. You don't even need to download a new version of the program, it will update itself. I set it to use the SP1 patches if the version is 6.1.7601.16537 or greater. The problem with it complaining about the invalid BCD path won't be fixed automatically though. You'll have to wait for the next version.
By the way, the file you sent me, when loaded in IDA, it doesn't get any symbols loaded. Maybe they removed those symbols since it is the RC version...
@thaimin I took your advice and had ago at signing the wims with your signing script...So I replaced all of the nessc. files (bootres.dll winload.exe etc) in both boot(1,2).wim and also in the install.wim(1234..) ran you script using the x64 version and all went well until first reboot. and this time got the unable to verify 000xxxx48 digital cert..on winload.exe.
Will try again win7x32.
I will not comment on an earlier posting...as at the time of reading was so disappointed at the attitude of some people when it comes to share and share alike...all I can say is that you would be better to offer a slab of beer and a pat on the back, and some thanks that people will share there knowlege (free in 99% of cases) so if it takes time..to arrive..be patient and thankful that it gets done at all.
Well done thaimin on the updater(update)...and all other lines of code....
Will try again win7x32.
I will not comment on an earlier posting...as at the time of reading was so disappointed at the attitude of some people when it comes to share and share alike...all I can say is that you would be better to offer a slab of beer and a pat on the back, and some thanks that people will share there knowlege (free in 99% of cases) so if it takes time..to arrive..be patient and thankful that it gets done at all.
Well done thaimin on the updater(update)...and all other lines of code....
@shaunp
Thanks for trying. I guess this isn't the solution... yet. I have some more ideas, it will take some time though.
Thanks for trying. I guess this isn't the solution... yet. I have some more ideas, it will take some time though.
I noticed something that I'm not sure about, should this be like this? All in all this is a great package. Maybe I am the only one that noticed this. Ok then flog me.
John
John
@RBCC
This is a good thing to bring up. This is productive.
First how did you generate the white box? Why do you think the white box is the right one? You Starting Windows text (and the Windows logo in the version you emailed me) look zoomed in.
This is a good thing to bring up. This is productive.
First how did you generate the white box? Why do you think the white box is the right one? You Starting Windows text (and the Windows logo in the version you emailed me) look zoomed in.
@Thaimin:
The white square is the is the windows flag deleted and the background locked, oops sorry my mistake. But I did to install Windows 7 in VMware and capured the bootscreen. Then I put it into your bootupdater and showed where the flag was and where you placed the animation. If you can move it up there does these mean that this will be a feature of an upcoming version?
John
The white square is the is the windows flag deleted and the background locked, oops sorry my mistake. But I did to install Windows 7 in VMware and capured the bootscreen. Then I put it into your bootupdater and showed where the flag was and where you placed the animation. If you can move it up there does these mean that this will be a feature of an upcoming version?
John
I used photoshop.
The animation is NOT movable at the moment, it requires editing ntoskrnl, and that will take much more work on my part and won't be available for quite some time.
This is what the normal screen looks like:
However, it stretches over the entire screen, regardless of the resolution set in Windows or the recommended resolution reported by the monitor. So widescreens stretch the logo and make it look wider. VMs typically make the window the exact right size. I think you are only seeing the effect of your screen. The first picture you posted is way off. The preview in my program is accurate to within 1 pixel for the animation. The text may be off by many more pixels, and the background color boxes of the text are off by a few more than that. This is only in the preview, not how it applies it.
This is what the normal screen looks like:
However, it stretches over the entire screen, regardless of the resolution set in Windows or the recommended resolution reported by the monitor. So widescreens stretch the logo and make it look wider. VMs typically make the window the exact right size. I think you are only seeing the effect of your screen. The first picture you posted is way off. The preview in my program is accurate to within 1 pixel for the animation. The text may be off by many more pixels, and the background color boxes of the text are off by a few more than that. This is only in the preview, not how it applies it.
@thaimin
Quick question; How do you interpret the values found in the bcd under device/osdevice for partition=mountpoint. I see that 4 bytes which is the disk signature, may change. All other values seems constant, with the exception of another 4 bytes 20-24 bytes before the disk signature, which I cannot figure out. Do you know what these are?
Edit: Never mind, it's taken from MountedDevices key in registry..
Joakim
Quick question; How do you interpret the values found in the bcd under device/osdevice for partition=mountpoint. I see that 4 bytes which is the disk signature, may change. All other values seems constant, with the exception of another 4 bytes 20-24 bytes before the disk signature, which I cannot figure out. Do you know what these are?
Edit: Never mind, it's taken from MountedDevices key in registry..
Joakim
@joakim
To reply anyways, since you may want to use a more "official" method then reading the registry. I have the following method "GetWindowsDevicePath". It uses FindFirstVolume/FindNextVolume to iterate through all the Windows volume names (e.g. "\\?\Volume{43a03f10-1acd-11e0-964d-806e6f6e6963}\"), gets the DOS device name for the volume using QueryDosDevice, and compares that.
The function NicerPath is a helper function I have to convert the long volume path ("\\?\Volume{43a03f10-1acd-11e0-964d-806e6f6e6963}\") to something nicer (e.g. "C:\") using GetVolumePathNamesForVolumeName. For the hidden system drive, the long form is all that is available.
To reply anyways, since you may want to use a more "official" method then reading the registry. I have the following method "GetWindowsDevicePath". It uses FindFirstVolume/FindNextVolume to iterate through all the Windows volume names (e.g. "\\?\Volume{43a03f10-1acd-11e0-964d-806e6f6e6963}\"), gets the DOS device name for the volume using QueryDosDevice, and compares that.
Code:
static string GetWindowsDevicePath(const WCHAR *dos) { HANDLE sh; WCHAR vname[MAX_PATH+1], dname[MAX_PATH+1]; size_t len; string path = nullptr; // Get the first volume (handle is used to iterate) sh = FindFirstVolume(vname, ARRAYSIZE(vname)); if (sh == INVALID_HANDLE_VALUE) return nullptr; // Iterate through all volumes do { // Make sure the volume path is valid len = wcslen(vname); if (len < 5 || wcsncmp(vname, L"\\\\?\\", 4) != 0 || vname[len-1] != L'\\') continue; // Check the device name (which doesn't work with a trailing '\') vname[len-1] = 0; if (QueryDosDeviceW(vname+4, dname, ARRAYSIZE(dname)) && wcscmp(dname, dos) == 0) { vname[len-1] = L'\\'; path = NicerPath(gcnew String(vname)); break; } } while (FindNextVolume(sh, vname, ARRAYSIZE(vname))); FindVolumeClose(sh); return path; } Thanks for the code snippet. The answer to my question about the "mysterious" bytes, translated into human language is: simply the raw starting offset of the partition of target harddisk - given in little endian (ie reversed).
@thaimin:
Ok now I understand, due to security concerns "user free movement" won't be availible am I right? But how the 'LOCKED' position of the flag? I assume your working on it!
Rbcc
Ok now I understand, due to security concerns "user free movement" won't be availible am I right? But how the 'LOCKED' position of the flag? I assume your working on it!
Rbcc
@Thaimin, is there anything you need help with?
or are you done?
or are you done?
I am still working on it, and it will probably never be "done". I am planning on a minor release soon that fixes many small issues.
Already done:
Already done:
- Includes translations for Spanish, Dutch, and Vietnamese
- Improved language support including external translation loading
- Improved BCD device detection and elimination of redundant error messages
- Numerous other minor changes and fixes
- Able to work with already modified files:
- I have solutions to everything except for files that have had the background image added
- Need to test the solutions I have made
- Fixes to the installer which caused it to crash
- Fixed many problems already, lastly I need to fix an issue where uninstalling crashes
After using the program, I get something like "bootmgr image is corrupt. System cannot boot." I checked this thread and it was mentioned in 2010, the problem was about compression size or something. I am not an expert at all, I just wanted to know if I was missing something obvious or if I was wasting my time trying to look for a solution. I'm using Ultimate 32 bits.
Thank you.
EDIT: I'm not looking to fix the corrupted bootmgr per say, as I fixed it easily by repairing with my Windows installation disc. I just want to avoid getting that if I try again (I tried twice already).
Thank you.
EDIT: I'm not looking to fix the corrupted bootmgr per say, as I fixed it easily by repairing with my Windows installation disc. I just want to avoid getting that if I try again (I tried twice already).
Is the animation in the right place on the screen? John
@MadShortCraze
No one has reported this issue since the early versions of the program. Please email me (jeff@coderforlife.com) the bootmgr file after it is modified by the program.
To find the bootmgr file, in my program check its location in the "Options" menu. If it says "On hidden system drive" use the OpenHiddenSystemDrive utility (http://www.coderforlife.com/projects...denSystemDrive) to open the hidden system drive and get it.
@RBCC
An example of something annoying: asking a question that you already asked and received answer for. From a few posts ago I said:
In that same post I mentioned that stretching effects of screen resolution may make it look a little off.
No one has reported this issue since the early versions of the program. Please email me (jeff@coderforlife.com) the bootmgr file after it is modified by the program.
To find the bootmgr file, in my program check its location in the "Options" menu. If it says "On hidden system drive" use the OpenHiddenSystemDrive utility (http://www.coderforlife.com/projects...denSystemDrive) to open the hidden system drive and get it.
@RBCC
An example of something annoying: asking a question that you already asked and received answer for. From a few posts ago I said:
Quote:
The preview in my program is accurate to within 1 pixel for the animation.
can you send me what you have so I can test it?
John
John
hey guys, i just joined the site just so i could tell you how much i appreciate what you have been doing. i have been following you for a while, and testing or backtracking and trying to help, but you are way faster at this than i am lol.
i ran the program and while i did get a large amount of redundant messages, it ran perfectly.
Thanks for all the work you have put into this. if you need any help with any thing, just PM Me
thanks guys!!!
i ran the program and while i did get a large amount of redundant messages, it ran perfectly.
Thanks for all the work you have put into this. if you need any help with any thing, just PM Me
thanks guys!!!
Excuse me can you make a video and post it on youtube please I can't really do things just with Pictures and steps.
When you made the video please send me the link to Please this will really be helpful.
When you made the video please send me the link to Please this will really be helpful.
@HarbingerOfHavok
Thanks! There should be many less redundant messages in the next version.
@100 Percent
Joakim may choose to do that, but unless you really want to understand the fundamentals of how this works, just use my program. There is a link in his post. The program is quite self-explanatory.
Thanks! There should be many less redundant messages in the next version.
@100 Percent
Joakim may choose to do that, but unless you really want to understand the fundamentals of how this works, just use my program. There is a link in his post. The program is quite self-explanatory.
Hi thaimin
Sorry please make update i cant no animation monthly microsoft update new files version 6.1.7601.17514 !!!
Sorry please make update i cant no animation monthly microsoft update new files version 6.1.7601.17514 !!!
that version number is SP1, it's not a recently released update, its the latest Service Pack, which should be supported, when was the last time you installed Windows 7?
how many programs have you installed?
if you installed windows 7 along time ago (3 months+) adn if you install alot of stuff, it's time to reinstall
how many programs have you installed?
if you installed windows 7 along time ago (3 months+) adn if you install alot of stuff, it's time to reinstall
Soory its working fine !!!
Yesterday come 16 updates from Microsoft and reboot PC (I have Win 64 SP1) then original boot animation !!! I have repair winload.exe in the original and have new installed new animation working nice THANKS FOR ALL !!!
Yesterday come 16 updates from Microsoft and reboot PC (I have Win 64 SP1) then original boot animation !!! I have repair winload.exe in the original and have new installed new animation working nice THANKS FOR ALL !!!
One of the updates yesterday (KB2506014) did change winload.exe and winresume.exe for 64-bit versions. The new file version is 6.1.7601.17556.
You shouldn't restore the files! You are basically undoing part of the Windows Update, and other files were changed as well, so they could possibly no longer work together. The thing is to re-apply. Re-applying will be easier with the new version which can work on unmodified and modified files alike.
I will have to see if the new file is needs an update to my patching definitions. It possibly may, since the update is supposed to correct "an issue in driver signing enforcement" which is what my program utilizes a little bit.
References:
http://support.microsoft.com/kb/2506014 - General information about the update
http://www.microsoft.com/technet/sec...y/2506014.mspx - Slightly more technical document
You shouldn't restore the files! You are basically undoing part of the Windows Update, and other files were changed as well, so they could possibly no longer work together. The thing is to re-apply. Re-applying will be easier with the new version which can work on unmodified and modified files alike.
I will have to see if the new file is needs an update to my patching definitions. It possibly may, since the update is supposed to correct "an issue in driver signing enforcement" which is what my program utilizes a little bit.
References:
http://support.microsoft.com/kb/2506014 - General information about the update
http://www.microsoft.com/technet/sec...y/2506014.mspx - Slightly more technical document
Thank you for info this is it i have the old version 6.1.7601.17514 over 6.1.7601.17556 copyed and working fine no problems !!!
Will this work if I apply the update then use bootupdater ? John
For the Microsoft Update, for now the safest method is to just not install KB2506014 for now. I have not found the new patch definitions for them yet.
If you have already done the Windows update without restoring the backups first, this is a "pickle of a situation". You need manually restore the bootmgr backup file. Otherwise even my future version won't be able to work with it.
My next version will be able to modify files that have been modified BY IT. It adds extra information about reverting the file. It however CANNOT modify files that have been modified with the current or previous versions.
The next version is coming soon! All I have left is to find the new patch definitions for KB2506014 and to test everything. The new version has a very cool system for working with already-modified files, along with numerous other fixes (especially for the installer) and a couple of new languages.
If you have already done the Windows update without restoring the backups first, this is a "pickle of a situation". You need manually restore the bootmgr backup file. Otherwise even my future version won't be able to work with it.
My next version will be able to modify files that have been modified BY IT. It adds extra information about reverting the file. It however CANNOT modify files that have been modified with the current or previous versions.
The next version is coming soon! All I have left is to find the new patch definitions for KB2506014 and to test everything. The new version has a very cool system for working with already-modified files, along with numerous other fixes (especially for the installer) and a couple of new languages.
@thaimin
KB2506014 - This patch fixes a problem where you would receive the error message �Error Code FFFFFFFE� when installing Windows updates. 1.8MB - 3.2MB
The second advisory, KB 2506014, hardens Windows against kernel-mode rootkits. This specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family. It is an update available on WU and WSUS, pushed out automatically to customers who have opt-in to Automatic Updates.
Still looking for a better definition, but check this out http://www.microsoft.com/technet/sec...y/2506014.mspx
cheers
xxrazor
KB2506014 - This patch fixes a problem where you would receive the error message �Error Code FFFFFFFE� when installing Windows updates. 1.8MB - 3.2MB
The second advisory, KB 2506014, hardens Windows against kernel-mode rootkits. This specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family. It is an update available on WU and WSUS, pushed out automatically to customers who have opt-in to Automatic Updates.
Still looking for a better definition, but check this out http://www.microsoft.com/technet/sec...y/2506014.mspx
cheers
xxrazor
Big time noobie here so I will just put it out. I am using the win 7 x64 Ultimate edition. I want to change my boot but scared I will screw something up. I am not in test mode or using what they call a virtual machine. Is there a set of instruction,,,,,,,,Boot changing for dummies. Thanks
@thaimin and joakim
A bit off-topic, but this could be quite interesting how things might change in Windows 8... Bootmgr from leaked build 7850 is significantly more "fat", stub was changed and apparently uncompressed bootmgr.exe is no longer limited to 512 KBytes, besides other innovations, in addition to already existed screen resolution modes of 1024x768 and 800x600 it now supports 1024x600 for boot menu's and dialogs, and there're some reports that in this build default win7 bootscreen animation works on displays that have lower max resolution than 1024x768... Same about winload.exe... Being x86 build, it supports efi boot...
BTW, Thaimin, win7 x64 also can use efi boot, so your tool may eventually need to modify winload.efi, winresume.efi and idk what file is used instead of bootmgr in efi boot scenario...there seem to be a few...
A bit off-topic, but this could be quite interesting how things might change in Windows 8... Bootmgr from leaked build 7850 is significantly more "fat", stub was changed and apparently uncompressed bootmgr.exe is no longer limited to 512 KBytes, besides other innovations, in addition to already existed screen resolution modes of 1024x768 and 800x600 it now supports 1024x600 for boot menu's and dialogs, and there're some reports that in this build default win7 bootscreen animation works on displays that have lower max resolution than 1024x768... Same about winload.exe... Being x86 build, it supports efi boot...
BTW, Thaimin, win7 x64 also can use efi boot, so your tool may eventually need to modify winload.efi, winresume.efi and idk what file is used instead of bootmgr in efi boot scenario...there seem to be a few...
i'm pretty sure bootmgr covers EFI as well
EFI boot is different as it doesn't use mbr->bootsector->bootmanager sequence, so bootmanager should be another...
Looks like one of these two:
bootmgfw.efi and/or bootmgr.efi
Looks like one of these two:
bootmgfw.efi and/or bootmgr.efi
i've open the bootmgr.efi file in the root of the windows 7 x64 DVD, and dude, it contains an exe file, and a bunch of resource files, take a look your self, open it with 7-Zip
Have file for you marcusj0015
Trying to upload
@xxrazor
Thanks for the info. I believe everything will be worked out.
@sexus
I gave you the instructions for restoring manually before, but you weren't able to find the appropriate backup to restore. I am sorry that this has been causing you so much trouble.
@armani077
You found my bootskin program, and for the moment that is the safest / easiest method, although it still comes with risk. You made a bootskin, all you have to do is click "Apply".
@marcusj / @AlexYM
EFI files are 32-bit PE-format executable programs (EXEs) that expect to run in protected mode, using the flat memory model and without paging enabled.
@AlexYM
EFI support has been planned, but I have many other things to work on first. And until VirtualBox supports Windows booting using EFI I won't have a good testing environment (it supports EFI fully for Linux and Mac guests but not Windows).
Also, you are right. The boot order for the different setups are:
Thanks for the info. I believe everything will be worked out.
@sexus
I gave you the instructions for restoring manually before, but you weren't able to find the appropriate backup to restore. I am sorry that this has been causing you so much trouble.
@armani077
You found my bootskin program, and for the moment that is the safest / easiest method, although it still comes with risk. You made a bootskin, all you have to do is click "Apply".
@marcusj / @AlexYM
EFI files are 32-bit PE-format executable programs (EXEs) that expect to run in protected mode, using the flat memory model and without paging enabled.
@AlexYM
EFI support has been planned, but I have many other things to work on first. And until VirtualBox supports Windows booting using EFI I won't have a good testing environment (it supports EFI fully for Linux and Mac guests but not Windows).
Also, you are right. The boot order for the different setups are:
- Standard: mbr > bootsector > bootmgr (16-bit) > bootmgr.exe > winload.exe > ntoskrnl.exe
- EFI: efi > bootmgfw.efi > bootmgr.efi > winload.efi > ntoskrnl.exe
- bootsector + bootmgr (16-bit) / bootmgfw.efi
- bootmgr.exe / bootmgr.efi
- winload.exe / winload.efi
- Standard: the \Boot\BCD file on the boot partition (partition with bootmgr)
- EFI: a file in the \EFI\Microsoft\Boot directory on the EFI system partition
Thank you, but its not finished I want a blue flag.
@armani077
None of us are in the 'business' of designing boot skins. This thread is about the methods to change the boot skin and the development of tools to do it.
None of us are in the 'business' of designing boot skins. This thread is about the methods to change the boot skin and the development of tools to do it.
Thaimin, ive stumbled across alot of n00bs that are very confused
They dont know how to get the bmp, you should include a standard bmp with your app, like in the same downlOad
They dont know how to get the bmp, you should include a standard bmp with your app, like in the same downlOad
@marcusj0015
I do have a separate download with both the full activity.bmp and as parts. Including it with the standard download would put a lot of strain on my server bandwidth since most people don't need it. People just need to read 2 lines further down to the other download.
I do have a separate download with both the full activity.bmp and as parts. Including it with the standard download would put a lot of strain on my server bandwidth since most people don't need it. People just need to read 2 lines further down to the other download.
@sexxus
New idea. Try this:
New idea. Try this:
- Remove KB2506014, see http://windows.microsoft.com/en-US/w...move-an-update
- Run Windows 7 Boot Updater
- Choose "Options" > "Restore Backups". Repeat until it says nothing is restored.
- Install KB2506014
Unable to uninstall update
All I want is normal boot image now! I'm not concerned with the custom image I just want the default one with the dots meeting together to create the windows logo. Not the stupid vista basic. Is there any other way, without reinstalling???
All I want is normal boot image now! I'm not concerned with the custom image I just want the default one with the dots meeting together to create the windows logo. Not the stupid vista basic. Is there any other way, without reinstalling???
thaimin, why don't you just compress the app and the animation? into a 7z self extracting archive? it takes up 2.17 megabytes and it includes everything
just a suggestion
just a suggestion
@marcujs0015
I don't mean to sound like I am an asshole, but it's not going to happen...
@sexus / EliteHacker
Interesting. I can uninstall it just fine... Maybe because your files were modified initially it no longer wants to revert to them.
Another thing to try:
I don't mean to sound like I am an asshole, but it's not going to happen...
- Most people don't want to just tweak the Windows flag, they start from scratch
- The program does not require you to use the 'activity.bmp' format, you can use 105 200x200px images - this is explained under "How To Use" on that page
- A very short distance below the Windows 7 Boot Updater download there are two zip file downloads with examples
- Right now the program is super-simple: it requires no extra unzipping, no extracting, no installing
- And the bandwidth issues - this program is downloaded 200-500 times a day from my site, and I have a cheapish server...
@sexus / EliteHacker
Interesting. I can uninstall it just fine... Maybe because your files were modified initially it no longer wants to revert to them.
Another thing to try:
- Save the new files some where (winload.exe and winresume.exe in Windows\System32)
(if you have already run a restore backups, then download them here: http://www.coderforlife.com/temp/x64-SP1-KB2506014.zip) - In Windows 7 Boot Updater, run Restore Backups until it says it didn't restore any files.
- Copy the saved winload.exe and winresume.exe back to Windows\System32
Yeah i wasnt trying to be an asshole either, i think the extract animation in the file menu would be a decent compromise
Is there anything u need help with? U seem kinda stressed
Is it a bandwidth issue?
You should try out uploading your app to skydrive and hotlinking to it
Sky drive is free with a free hotmail account
Is there anything u need help with? U seem kinda stressed
Is it a bandwidth issue?
You should try out uploading your app to skydrive and hotlinking to it
Sky drive is free with a free hotmail account
I am a bit stressed, but it isn't anything you can really help with. My work is getting busy again, and my sister has needed my help redesigning her website...
I have been trying to get the next version out (it has been nearly complete for a couple weeks). All that is left is my testing. I completed my first round of testing (the files when modified look like I expect). I need to complete the second round (actually using the modified files in a VM).
Along with that, I am tired of people having the same problem and not reading answers I have posted or not looking in menus...
I have been trying to get the next version out (it has been nearly complete for a couple weeks). All that is left is my testing. I completed my first round of testing (the files when modified look like I expect). I need to complete the second round (actually using the modified files in a VM).
Along with that, I am tired of people having the same problem and not reading answers I have posted or not looking in menus...
@thaimin
Thank you so much for your help worked like a charm!
Now have a semi-good-looking startup!
Cheers Mate
Thank you so much for your help worked like a charm!
Now have a semi-good-looking startup!
Cheers Mate
Is there a simple way to convert an image into .bs7 so anyone could use Win7BootUpdater.exe.
@marcusj0015
Thanks for the link to the DeviantArt website. Thanks for all your continuous help!
@EliteHacker
Awesome!
@Tanauser
Use the Win7BootUpdater program to create a BS7 file. If you want the image to be the animation, select "Static Image" for the Animation type and it should allow you to select the file you want. If you want it to be the background, change the method to "Complete" and then "Select Background Image". After you are done designing the bootskin, make sure to do "File" > "Save boot skin as..."
Thanks for the link to the DeviantArt website. Thanks for all your continuous help!
@EliteHacker
Awesome!
@Tanauser
Use the Win7BootUpdater program to create a BS7 file. If you want the image to be the animation, select "Static Image" for the Animation type and it should allow you to select the file you want. If you want it to be the background, change the method to "Complete" and then "Select Background Image". After you are done designing the bootskin, make sure to do "File" > "Save boot skin as..."
Hello
I did so
What I need to know before PRESSING the APPLY button ( I already have my OS crashed with this yesterday) = I was lucky to recover ; but I don't give up
- So I made a file with this Static animation ( red Dragon) and the Background as you see
1) Is that correct ?
2) How to recover ?
last time I was very lucky to found a way to boot in safe mod ( pressing keybuttons) >>>> go to System32 and change the winload.exe for the old one ; after Reboot launch Win7BootUpdater.exe and restore Backups.
The Recovering tip that is given upon the site didn't work with my OS ; I just couldn' t a DOS window at boot time
my OS
Windows 7 64 bits Premium ( Dell Alienware)
Thanks for any Tips
I did so
What I need to know before PRESSING the APPLY button ( I already have my OS crashed with this yesterday) = I was lucky to recover ; but I don't give up
- So I made a file with this Static animation ( red Dragon) and the Background as you see
1) Is that correct ?
2) How to recover ?
last time I was very lucky to found a way to boot in safe mod ( pressing keybuttons) >>>> go to System32 and change the winload.exe for the old one ; after Reboot launch Win7BootUpdater.exe and restore Backups.
The Recovering tip that is given upon the site didn't work with my OS ; I just couldn' t a DOS window at boot time
my OS
Windows 7 64 bits Premium ( Dell Alienware)
Thanks for any Tips
First post updated with detailed information on how to implement driver printing on top of the bitmap (with SOS on), as well as distorted resolution hacks for the kernel (plus some windbg tricks).
@joakim
Thanks! I will have to look at those for future versions.
@Tanauser
This may be due to the recent Windows Update which I haven't tested against yet. I will hopefully finish testing today or tomorrow (I started yesterday and found a huge problem and fixed it just now). So just wait. This wasn't yor fault. You seem to have done everything right.
Thanks! I will have to look at those for future versions.
@Tanauser
This may be due to the recent Windows Update which I haven't tested against yet. I will hopefully finish testing today or tomorrow (I started yesterday and found a huge problem and fixed it just now). So just wait. This wasn't yor fault. You seem to have done everything right.
@ Thaimin Program worked great Thank you so much for sharing your work.
@armani077 - you're welcome!
@Thaimin: This is an excellent Program, you're God Like!
John
John
I know that I promised the next version awhile ago, but it has been running into problems. The good news is that I finally had the first successful run in an actual VM! So that hopefully means most of the things are now working, and just need to fix a few remaining things.
I test by doing the following:
I test by doing the following:
- Apply a bootskin that changes the background image
- Restart and do a hibernation/resume and make sure that everything looks good
- Apply a bootskin that uses messages and not the background image, without restoring the backups
- Another restart and hibernation/resume to make sure that everything looks good
- 32-bit:
- RTM: Success
- SP1: Success
- 64-bit:
- RTM: Success
- RTM+KB2506014: Partially tested and looks good
- SP1: Success
- SP1+KB2506014: Success
Good news thanks !!!
What screen resolutions does the program support?
The Windows boot screen is fixed at 1024x768. There is currently absolutely no way to change it. It has nothing to do with my program.
The tests on the latest all look great so I will publish tomorrow.
And it is published. I have decided to make this Beta 1 since it seems to be fairly stable. I added no new features, just fixes and improvements. See the website for more information.
Great thaimin. I will test it immediately.
Hello thaimin
Thanks for x64-SP1-KB2506014.zip in #754 and for the new BETA version i have tested perfect you are the best !!!
Thanks for x64-SP1-KB2506014.zip in #754 and for the new BETA version i have tested perfect you are the best !!!
nice work... sir... am gonna try this again... rework my old abstergo boot logo 
@all - Thanks!
@AlexYM and @joakim
I have been doing some snooping in ntoskrnl.exe with the animation stuff. I may be able to explain some problems that joakim was having. Note: all things are currently looked at in ntoskrnl.exe x86 RTM (v6.1.7600.16385)
The number of frames is hard-coded in a few other places within ResFwpGetProgressIndicatorAnimation:
Also, I think it is possible to change width and height independently. Original code:
New Code:
Only issue here is that the new code is 3 bytes longer. I am sure some solution could be developed though.
@AlexYM and @joakim
I have been doing some snooping in ntoskrnl.exe with the animation stuff. I may be able to explain some problems that joakim was having. Note: all things are currently looked at in ntoskrnl.exe x86 RTM (v6.1.7600.16385)
The number of frames is hard-coded in a few other places within ResFwpGetProgressIndicatorAnimation:
Code:
PAGEBGFX:00748CFD cmp [ebp+index], 69h ; check if index is less than 105 PAGEBGFX:00748D01 jb short loc_748CE4 ; if so, load another frame PAGEBGFX:00748D03 jmp short loc_748D2A ; otherwise we are done
Code:
PAGEBGFX:00748D07 push 69h ; total number of frames to unload ... PAGEBGFX:00748D13 pop edi ; save to edi ... PAGEBGFX:00748D27 dec edi ; decrement number of frames remaining PAGEBGFX:00748D28 jnz short loc_748D14 ; loop if more frames remaining
Code:
00748C97 B8 [C8 00 00 00] mov eax, 0C8h ; width/height 00748C9C 8D 7E [0C] lea edi, [esi+0Ch] 00748C9F C7 06 [01 00 00 00] mov dword ptr [esi], 1 00748CA5 C7 46 [04] [9C 01 00 00] mov dword ptr [esi+4], 19Ch ; X 00748CAC C7 46 [08] [1C 01 00 00] mov dword ptr [esi+8], 11Ch ; Y 00748CB3 89 46 [10] mov [esi+10h], eax ; height 00748CB6 89 07 mov [edi], eax ; width 00748CB8 C7 46 [18] [0F 00 00 00] mov dword ptr [esi+18h], 0Fh ; framerate 00748CBF C7 46 [1C] [69 00 00 00] mov dword ptr [esi+1Ch], 69h ; total frames 00748CC6 C7 46 [24] [3C 00 00 00] mov dword ptr [esi+24h], 3Ch ; loop frame
Code:
00748C97 8D 7E [0C] lea edi, [esi+0Ch] 00748C9A C7 06 [01 00 00 00] mov dword ptr [esi], 1 00748CA0 C7 46 [04] [9C 01 00 00] mov dword ptr [esi+4], 19Ch ; X 00748CA7 C7 46 [08] [1C 01 00 00] mov dword ptr [esi+8], 11Ch ; Y 00748CAE C7 46 [08] [C8 00 00 00] mov dword ptr [esi+10h], C8h ; height 00748CB5 C7 07 [C8 00 00 00] mov dword ptr [edi], C8h ; width 00748CBB C7 46 [18] [0F 00 00 00] mov dword ptr [esi+18h], 0Fh ; framerate 00748CC2 C7 46 [1C] [69 00 00 00] mov dword ptr [esi+1Ch], 69h ; total frames 00748CC9 C7 46 [24] [3C 00 00 00] mov dword ptr [esi+24h], 3Ch ; loop frame
I am not 100% sure but I believe I've tried similar mods without luck. Meaning unsuccessful in regards to resizing of animation. I got several different stop messages. The code chunks look familiar though.. Did you manage to successfully boot with a resize?
Did you manage to successfully boot with a resize? JOAK?M Please
Can you upload the file to your bootres.dll, but it has to be certified, will integrate Windows 7 cd
Can you upload the file to your bootres.dll, but it has to be certified, will integrate Windows 7 cd
Sorry, but you need to carefully read the first post. Then come back here and report in detail what you have done and what happened. Then you may get some help and pointers for your next attempt.
Has anyone managed to change the animation in pre-install? I have tried almost all the methods without any success.
Sign_pe.zip bootres.dll trouble me with the certification file, call file, I told you when I ran the downloaded file, but I like the image in the signer.bat bootres.dll file the certificate does not have the same directory dont need signer.bat? Where did I go wrong I wonder if you would to help me I will be happy to your help.
@alperuzi
It's a little bit hard to understand where you're at. I think it's best for you to go for thaimin's AIO tool; Coder for Life - Project - Windows 7 Boot Updater It is a wonderful app that will do the necessary stuff for you, except creating the actual animation (activity.bmp).
It's a little bit hard to understand where you're at. I think it's best for you to go for thaimin's AIO tool; Coder for Life - Project - Windows 7 Boot Updater It is a wonderful app that will do the necessary stuff for you, except creating the actual animation (activity.bmp).
is there a way reposition the animation? John
I was looking on page 12, and found the write up on colours. But in the line <title color="XXXXRGBX"> what do I put in there for the colour gold? Gold rgb = #CD7F32? and in this line:font foreground-color="RGBI" what is I? IN Background color= "XXXX"?
John
John
@RBCC
About the colors in the osloader.xsl file, see the first post and post #103. As a reminder, all of the things in osloader.xsl are written using a fixed-width system font that you cannot change. These texts are for menus and errors during bootup.
The "Starting Windows" and "(c) Microsoft Corporation" texts are COMPLETELY different. That font can be changed, as I told you in the email (changing the string "\fonts\segoeui.ttf"). Their color is changed in a completely separate way. See the first post. The "Starting Windows" color is especially difficult to change manually.
And your question "is there a way reposition the animation?" has been asked and answered numerous times. If you truly have this bad of a memory and want to know all this, I suggest making yourself a document on your computer, reading the entire thread, and writing down all the important facts and post numbers.
About the colors in the osloader.xsl file, see the first post and post #103. As a reminder, all of the things in osloader.xsl are written using a fixed-width system font that you cannot change. These texts are for menus and errors during bootup.
The "Starting Windows" and "(c) Microsoft Corporation" texts are COMPLETELY different. That font can be changed, as I told you in the email (changing the string "\fonts\segoeui.ttf"). Their color is changed in a completely separate way. See the first post. The "Starting Windows" color is especially difficult to change manually.
And your question "is there a way reposition the animation?" has been asked and answered numerous times. If you truly have this bad of a memory and want to know all this, I suggest making yourself a document on your computer, reading the entire thread, and writing down all the important facts and post numbers.
Here is a website that shows CGA Color codes, Would this work?
http://www.oldskool.org/pc/cgacal/
John
http://www.oldskool.org/pc/cgacal/
John
It looks fine. It's the same as the Wikipedia article I linked to. That website is mostly about the underlying hardware implementation and calibration, way more than you need to know. All you need to know is in post #103. There are 16 possible colors for colors in osloader.xsl. This does not effect the messages you normally see.
Hey there.
I'm trying to integrate my custom boot animation in Win 7 DVD.
I used Boot Updater to change the files and replaced the install.wim ones, but setup fails right in the 1st boot telling me to restart the setup.
So... What I must do? How?
Tks!
I'm trying to integrate my custom boot animation in Win 7 DVD.
I used Boot Updater to change the files and replaced the install.wim ones, but setup fails right in the 1st boot telling me to restart the setup.
So... What I must do? How?
Tks!
No one knows. That is being worked on. The only way at the moment is to apply it AFTER the install.
What about reverse integration? Much like the sp1 way?
No one has succeeded yet. You can try.
�� Quote: Originally Posted by thaimin No one has succeeded yet. You can try.
Does anyone know where i can find PEChecksum that works in Windows 7 SP1 x64 Ultimate??? John
XXXX RGBX Is 1 foreground and 2 background? John
^ ^
| |
1 2
^ ^
| |
1 2
@RBCC
I have a command line version: http://www.coderforlife.com/projects...es/#PEChecksum
Seeing that XXXX is white and RGBX is grey it seems the first one is foreground. You can test this yourself though, and if its reversed, well, then do one more test with it the other way.
I have a command line version: http://www.coderforlife.com/projects...es/#PEChecksum
Seeing that XXXX is white and RGBX is grey it seems the first one is foreground. You can test this yourself though, and if its reversed, well, then do one more test with it the other way.
Hi. I have removed the bootres.dll file and now, windows boots using the vista boot screen. I don't want to have any kind of animation.
Would setting testsigning on help or do I have to remove vista boot screen as well? If it's the last one, where do I find it?
Thank you
Would setting testsigning on help or do I have to remove vista boot screen as well? If it's the last one, where do I find it?
Thank you
I don't think that you can totally remove it, it's hardcoded somewhere...
but i'm pretty sure that you can "cheat it"...
Just use bootres.dll and make a totally Black animation
but i'm pretty sure that you can "cheat it"...
Just use bootres.dll and make a totally Black animation
That's a shame. I really wanted to make my install dvd as small as possible. By removing that I thought maybe I'll gain some more space and kill another slow factor. Thanks for the reply claysoft.
I am using reverse integration to create a SP1 DVD, I would like to use my bootscreen before setup, Upon bootup before setup. Now should I copy the "Patched" files into my image before I make an ISO? Would this work?
John
John
@RBCC
I never tried on a complete setup iso, but I've done most of my tests so far on WinPE (both flatboot and wimboot). So since setup is in fact winpe, I would assume it to work. But as I said I never tried it on a complete setup iso.
Give it a try and report back. Beware of which index in boot.wim you are putting the modified files (usually 2 slightly different ones on a standard setup iso - setup and recovery).
@AlexCeed
I can't remember exactly, but believe this can be done with a patched in winload.exe. I'm too busy now and have not got time to look it up. Sorry.
I never tried on a complete setup iso, but I've done most of my tests so far on WinPE (both flatboot and wimboot). So since setup is in fact winpe, I would assume it to work. But as I said I never tried it on a complete setup iso.
Give it a try and report back. Beware of which index in boot.wim you are putting the modified files (usually 2 slightly different ones on a standard setup iso - setup and recovery).
@AlexCeed
I can't remember exactly, but believe this can be done with a patched in winload.exe. I'm too busy now and have not got time to look it up. Sorry.
@RBCC
No method of integrating a modified bootscreen into an install disk works.
@AlexCeed
As claysoft65 said, you can set the animation to something like a pure black screen. If you use my program, you can set it to a 1px by 1px transparent image. Since the animation is compressed, and solid color images compress much better than complicated images, using a solid color animation will greatly reduce it's size. The normal bootres.dll is like 2.5MB if I remember correctly. Using a solid color animation should reduce that to at most a few hundred kilobytes.
No method of integrating a modified bootscreen into an install disk works.
@AlexCeed
As claysoft65 said, you can set the animation to something like a pure black screen. If you use my program, you can set it to a 1px by 1px transparent image. Since the animation is compressed, and solid color images compress much better than complicated images, using a solid color animation will greatly reduce it's size. The normal bootres.dll is like 2.5MB if I remember correctly. Using a solid color animation should reduce that to at most a few hundred kilobytes.
Is modifying a file and copying a file back into the image integration? I tried tried it once as part of of the install.wim file and it didn't work. John
I tried it by copying them to the ISO and it didn't work. If I can figure out if I were to replace the files with the $OEM$ Folders and if that will work! Then I will let you know. I got a email from Thaimin and he said it has to do with security measures in Windows 7. John
Some bad news here: looks like bootmgr from Windows 8 build 6.2.7989 uses another internal compression, at least thaimin's bmzip utility appears to be "frustrated" by it's compressed part...
bootmgr7989.zip
bootmgr7989.zip
@AlexYM
I just looked into it, and yes, it is very different. I can't even find the proper "MZ" for the compressed program. I assume the compressed part starts at the offset #88B0, but there is no "MZ" near there, so it is not at all the same type of compression. It looks like it uses a static dictionary instead of (or in addition to) a dynamic dictionary like the previous version did.
It is likely that they are reusing one of their other compression technologies. I will check out if it uses one of the WIM compression formats (LZX or XPRESS). I have already written decompressors for those. Both use a static dictionary.
I just looked into it, and yes, it is very different. I can't even find the proper "MZ" for the compressed program. I assume the compressed part starts at the offset #88B0, but there is no "MZ" near there, so it is not at all the same type of compression. It looks like it uses a static dictionary instead of (or in addition to) a dynamic dictionary like the previous version did.
It is likely that they are reusing one of their other compression technologies. I will check out if it uses one of the WIM compression formats (LZX or XPRESS). I have already written decompressors for those. Both use a static dictionary.
I was using index 2! John
@AlexYM
I finally had some time and looked at the compression in Windows 8 bootmgr. It is compressed with "XPRESS" used in the WIM format. That compression is described at http://msdn.microsoft.com/en-us/library/dd644740(PROT.13).aspx however they only really describe decompression and not how to compress, although I think I can eventually come up with something after studying the algorithm. Additionally the psuedo-code they provide is quite slow so I need to come up with a faster system. One other road-block at the moment is determining the decompressed size before decompression starts. In the WIM format this is supplied for you, but I don't know where it is in the bootmgr file (yet).
I finally had some time and looked at the compression in Windows 8 bootmgr. It is compressed with "XPRESS" used in the WIM format. That compression is described at http://msdn.microsoft.com/en-us/library/dd644740(PROT.13).aspx however they only really describe decompression and not how to compress, although I think I can eventually come up with something after studying the algorithm. Additionally the psuedo-code they provide is quite slow so I need to come up with a faster system. One other road-block at the moment is determining the decompressed size before decompression starts. In the WIM format this is supplied for you, but I don't know where it is in the bootmgr file (yet).
@thaimin
That's very interesting, chances are they won't change compession method in later builds again. If this can be of any help, uncompressed bootmgr.exe can be located as usual inside winre.wim in PXE subfolder and it's size is 564104 bytes for build 7989, i think it should be coded in bootmgr's stub as reversed hex 88 9b 08, so i just looked there purely empirically it maybe right at stub's end - at offset 68a8.
That's very interesting, chances are they won't change compession method in later builds again. If this can be of any help, uncompressed bootmgr.exe can be located as usual inside winre.wim in PXE subfolder and it's size is 564104 bytes for build 7989, i think it should be coded in bootmgr's stub as reversed hex 88 9b 08, so i just looked there purely empirically it maybe right at stub's end - at offset 68a8.
Ok, thanks to this post �� Quote: Originally Posted by joakim I finally found the values. ntoskrnl.exe from my Win7 x64 has instead of I want to modify the animation position. Can I hex ntoskrnl.exe or do I have to use IDA?
@thaimin: what method does your program use to allow the modified files?
What I really need to know is after I use Win7BootUpdater, then modify ntoskrnl.exe, what do I need to do to allow the modified ntoskrnl ?
�� Quote: Originally Posted by joakim Just sharing my first windbg script ever...
Code:
C7 42 04 9C 01 00 00 C7 42 08 1C 01 00 00
Code:
C7 46 04 9C 01 00 00 C7 46 08 1C 01 00 00
@thaimin: what method does your program use to allow the modified files?
What I really need to know is after I use Win7BootUpdater, then modify ntoskrnl.exe, what do I need to do to allow the modified ntoskrnl ?
Why don't you all use the software for this job? It's very reliable and has restore functions, you can determine the files manually if you want.
Coder for Life - Project - Windows 7 Boot Updater
Coder for Life - Project - Windows 7 Boot Updater
�� Quote: Originally Posted by speedgamer01 Why don't you all use the software for this job? It's very reliable and has restore functions, you can determine the files manually if you want.
Coder for Life - Project - Windows 7 Boot Updater
Coder for Life - Project - Windows 7 Boot Updater
@selyb The values I modify only pertain to other boot files (boot drivers, winload, required MUIs). Ntoskrnl is a completely different beast. Besides being checked by winload it probably also checks itself, continuously (patch guard). Thus the only way is probably to just use testsigning and then you can patch a file to remove the watermark.
I don't use IDA to modify any of the files, only to investigate. I use a hexeditor to do modifications.
I don't use IDA to modify any of the files, only to investigate. I use a hexeditor to do modifications.
So Thaimin, have you been working on this lately? Like, changing the size of the animation ?
? �� Quote: Originally Posted by Cooperdale So Thaimin, have you been working on this lately? Like, changing the size of the animation ?
? AlexYM successfully changed the size and location of the animation, however it requires modifying ntoskrnl which would open your computer up to all sorts of malicious stuff. I was working on a method of doing it in-memory to reduce security risks. However I haven't had time for this recently.
How about working on a unattended installation or Reverse Integration? John
�� Quote: Originally Posted by RBCC How about working on a unattended installation or Reverse Integration? John
�� Quote: Originally Posted by thaimin AlexYM successfully changed the size and location of the animation, however it requires modifying ntoskrnl which would open your computer up to all sorts of malicious stuff. I was working on a method of doing it in-memory to reduce security risks. However I haven't had time for this recently.
I'm glad there are still people thinking about this. I was wondering if movie duration would be tweakable somehow too?
@Cooperdale
One day it will hopefully be. Along with position, framerate, loop point, and size (if that was actually successful).
@RBCC / @niceguy
I haven't figured this out yet either.
One day it will hopefully be. Along with position, framerate, loop point, and size (if that was actually successful).
@RBCC / @niceguy
I haven't figured this out yet either.
�� Quote: Originally Posted by joakim �� Quote: Originally Posted by thaimin AlexYM successfully changed the size and location of the animation, however it requires modifying ntoskrnl which would open your computer up to all sorts of malicious stuff. I was working on a method of doing it in-memory to reduce security risks. However I haven't had time for this recently.
After some digging in my profile I think it was initially described here on page 25 in post #245 and #248.
In different ntoskrnl builds offset changes, but the function code remains the same, so newer locations should be easy to find. Width and height of a frame are tied in this function, but thaimin described in post #776 the modded function to separate them. And yes, back then i "played" quite a bit (on x86) with resized activity.bmp and accordingly modded ntoskrnl, and it all worked smoothly as long as values matched, just have to admit that increasing filesize of activity.bmp even twice increases the load-time of animation dramatically. Thus, if you'd like to keep this time in reasonable limits and make animation frame significantly wider (like 400x400), you may need to decrease the number of frames then.
@AlexYM - Thanks for doing the digging!
wow I just happened to stumble into this thread and on this program! nice work man!! is there and chance you could get this program to work with .AVI files as I have a few I would love to use for my start up screen! but im not sure if theres a way to properly convert them with out destroying the original files (I already have them backed up incase) but I think it would be nice to have the ability of using AVI files!
cool ill give it a try, i would prefer to use 100% free programs also but ill see if i can get this downloaded thanks!
thanks! SUPER is free, and it uses the ffmpeg libraries (open source) and DirectX to do the conversion. I'm sure there are other interfaces for ffmpeg that are completely open source, and if you find one, please tell me since the SUPER interface is actually pretty terrible and the website even worse.
�� Quote: Originally Posted by AlexYM @joakim
After some digging in my profile I think it was initially described here on page 25 in post #245 and #248.
In different ntoskrnl builds offset changes, but the function code remains the same, so newer locations should be easy to find. Width and height of a frame are tied in this function, but thaimin described in post #776 the modded function to separate them. And yes, back then i "played" quite a bit (on x86) with resized activity.bmp and accordingly modded ntoskrnl, and it all worked smoothly as long as values matched, just have to admit that increasing filesize of activity.bmp even twice increases the load-time of animation dramatically. Thus, if you'd like to keep this time in reasonable limits and make animation frame significantly wider (like 400x400), you may need to decrease the number of frames then.
After some digging in my profile I think it was initially described here on page 25 in post #245 and #248.
In different ntoskrnl builds offset changes, but the function code remains the same, so newer locations should be easy to find. Width and height of a frame are tied in this function, but thaimin described in post #776 the modded function to separate them. And yes, back then i "played" quite a bit (on x86) with resized activity.bmp and accordingly modded ntoskrnl, and it all worked smoothly as long as values matched, just have to admit that increasing filesize of activity.bmp even twice increases the load-time of animation dramatically. Thus, if you'd like to keep this time in reasonable limits and make animation frame significantly wider (like 400x400), you may need to decrease the number of frames then.
@joakim
I thought you were trying (and failed) to change the screen resolution.
@Jaime74656
I have made a simple batch file script that uses ffmpeg to convert any video file format it supports (which is nearly all) to a series of PNGs. It forces the output to conform to the necessary standards (15fps, 200x200 frames, and max 105 frames). You can download it from:
http://www.coderforlife.com/projects...ras/#video2png
I thought you were trying (and failed) to change the screen resolution.
@Jaime74656
I have made a simple batch file script that uses ffmpeg to convert any video file format it supports (which is nearly all) to a series of PNGs. It forces the output to conform to the necessary standards (15fps, 200x200 frames, and max 105 frames). You can download it from:
http://www.coderforlife.com/projects...ras/#video2png
heres the link to super download that i found after some sifting through the horrid site...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
Did anybody locate where the actual animation is stored in Windows 8 (Dev Preview)? I had a look yesterday and failed at identifying it. Well, I found bootres.dll, but it now only contains a few regular bmp's, so it must be stored elsewhere. I also opened up winload.exe and ntoskrnl.exe, but failed (without trying too hard) to find the relevant code..
Edit:
Forget about it. I was only looking inside boot.wim.. It is still where it's supposed to be.
Edit:
Forget about it. I was only looking inside boot.wim.. It is still where it's supposed to be.
Hi, it doesn't work for me, when i activate it, select a file and apply: nothing changes!!
I use a french version of W7!!
I use a french version of W7!!
�� Quote: Originally Posted by Jaime74656 heres the link to super download that i found after some sifting through the horrid site...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
SUPER � videos
www.erightsoft.biz/GetFile.php?SUPERsetup.exe
Edit: ok i am trying to install it, but after I select the language I just get a box that reads "Error: Access Denied" not sure whats going on, but i tried to run it in admin mode and compatibility mode...
Does Windows 7 Pro have all the security around the bootscreen that Ultimate has? Can the OSXML be converted into XML ? Where did Thiamin get his info? hacking? John
I just made my own compressor / decompressor for BOOTMGR; LZNT1 Tools (compression in bootmgr and ntfs) - reboot.pro and downloadable from; LZNT1_Tools.zip It uses winapi and works perfect both ways. Windows 8 up until 6.2.7955.0 are verified working. After that compression method changed, but I believe support for it is found in the same winapi (on that particular OS though). Sources included in download.
@thaimin
Do you plan on releasing your sources too? And have you looked at the latest Windows 8 version?
@thaimin
Do you plan on releasing your sources too? And have you looked at the latest Windows 8 version?
Hi All! Apparently I stopped receiving emails about new posts...
@joakim - Funny thing about the compression. I just decided to write up LZNT1, LZX, Xpress (Lz), and Xpress Huffman compressors and decompressors and release the source (see Coder for Life - Microsoft Compression Formats for a summary of research I did).
The LZNT1 one is almost exactly what I have in bmzip, which provides that exact same compression ratio as RtlCompressBuffer but adds a single extra null byte as required by Windows 7 bootmgr - so no improvement from Winapi. BTW, my implementation is at least 25x as fast at compression but half as fast at decompression (working on that).
The Windows 8 bootmgr uses Xpress Huffman. I have a decompressor for this already, and am working on a compressor. Windows 8 does indeed include a Xpress compressor with RtlCompressBuffer however the decompressor always fails in v6.2.8102.0 x86 (even if I use RtlCompressBuffer then RtlDecompressBuffer).
Current status of compressors:
LZNT1: 50x faster than Winapi with identical compression ratio
LZX: No compressor yet
Xpress (LZ): No compressor yet
Xpress Huffman: Much slower than Winapi but comparable compression ratio (sometimes better, sometimes worse)
Current status of decompressors:
LZNT1: Half as fast as Winapi
LZX: Works, but no Winapi to test against
Xpress (LZ): Works almost as fast as Winapi
Xpress Huffman: Much slower than Winapi
I am thinking of releasing the source for the next version of my entire program. However it would be difficult for others to look at since it is written in C, C++, C++/CLR, C# and asm.
@joakim - Funny thing about the compression. I just decided to write up LZNT1, LZX, Xpress (Lz), and Xpress Huffman compressors and decompressors and release the source (see Coder for Life - Microsoft Compression Formats for a summary of research I did).
The LZNT1 one is almost exactly what I have in bmzip, which provides that exact same compression ratio as RtlCompressBuffer but adds a single extra null byte as required by Windows 7 bootmgr - so no improvement from Winapi. BTW, my implementation is at least 25x as fast at compression but half as fast at decompression (working on that).
The Windows 8 bootmgr uses Xpress Huffman. I have a decompressor for this already, and am working on a compressor. Windows 8 does indeed include a Xpress compressor with RtlCompressBuffer however the decompressor always fails in v6.2.8102.0 x86 (even if I use RtlCompressBuffer then RtlDecompressBuffer).
Current status of compressors:
LZNT1: 50x faster than Winapi with identical compression ratio
LZX: No compressor yet
Xpress (LZ): No compressor yet
Xpress Huffman: Much slower than Winapi but comparable compression ratio (sometimes better, sometimes worse)
Current status of decompressors:
LZNT1: Half as fast as Winapi
LZX: Works, but no Winapi to test against
Xpress (LZ): Works almost as fast as Winapi
Xpress Huffman: Much slower than Winapi
I am thinking of releasing the source for the next version of my entire program. However it would be difficult for others to look at since it is written in C, C++, C++/CLR, C# and asm.
Also, I am almost ready to release an online animation sharing system.
Sounds very good. I'll have another look at the latest Windows 8 version and try something, hopefully this afternoon.
@thaimin
Do you happen to know the values for COMPRESSION_FORMAT_XPRESS and COMPRESSION_FORMAT_XPRESS_HUFF?
Do you happen to know the values for COMPRESSION_FORMAT_XPRESS and COMPRESSION_FORMAT_XPRESS_HUFF?
@joakim - Yes I do! Found through IDA (although it ended up being obvious...).
#define COMPRESSION_FORMAT_XPRESS 0x0003
#define COMPRESSION_FORMAT_XPRESS_HUFF 0x0004
Both accept COMPRESSION_ENGINE_STANDARD or COMPRESSION_ENGINE_MAXIMUM as well (haven't tried COMPRESSION_ENGINE_HIBER since the MSDN says that doesn't work).
You need to use RtlDecompressBufferEx() with XPRESS_HUFF (and maybe XPRESS, I am now using the Ex version always). The workspace buffer I use is the maximum of both values for both engines given by RtlGetCompressionWorkSpaceSize.
#define COMPRESSION_FORMAT_XPRESS 0x0003
#define COMPRESSION_FORMAT_XPRESS_HUFF 0x0004
Both accept COMPRESSION_ENGINE_STANDARD or COMPRESSION_ENGINE_MAXIMUM as well (haven't tried COMPRESSION_ENGINE_HIBER since the MSDN says that doesn't work).
You need to use RtlDecompressBufferEx() with XPRESS_HUFF (and maybe XPRESS, I am now using the Ex version always). The workspace buffer I use is the maximum of both values for both engines given by RtlGetCompressionWorkSpaceSize.
OK, but I'm stuck now and will continue tomorrow night. FYI, I just noticed you can also use lznt1 on the newest Windows 8 if using this stub; LZNT1_big_stub.zip
Hmm, the 0x0003 seems mentioned here; http://undocumented.ntinternals.net/...essBuffer.html although with a different name.
Hmm, the 0x0003 seems mentioned here; http://undocumented.ntinternals.net/...essBuffer.html although with a different name.
Yes, LZNT1 is #2 and is still around (NTFS still uses it among other things).
To load these functions I just use the header file at the end of this post (I stripped comments, but close enough) along with the "load_rtl_compression" function called from main. You can then use the functions normally even though they are dynamically loaded.
To load these functions I just use the header file at the end of this post (I stripped comments, but close enough) along with the "load_rtl_compression" function called from main. You can then use the functions normally even though they are dynamically loaded.
Code:
static bool load_rtl_compression() { #ifdef _WIN64 // compiling for win-64 HMODULE ntdll = LoadLibraryW(L"ntdll-8-64.dll"); #else HMODULE ntdll = LoadLibraryW(L"ntdll-8-32.dll");
Không có nhận xét nào:
Đăng nhận xét