|12 Aug 2010||#132|
My understanding of the boot process:
1 - boot Bootmgr is the boot image.
it uses bootmgr.exe.mui for proper language.
bootmgr checks for checksum and digital signature on files such as WinLoad.exe and BootRes.dll and then uses bootmgr.exe.mui to display the errors in the proper language.
2 - bootmgr writes to bootstat.dat to record if there was a successful boot, what progress was made during boot ( "windows did not start up previously, do you want safe mode?" etc... is recorded in it for the next time you start your PC)
3 - it then passes on to winload.exe to actually load windows and records in bootsect.dat that it passed on to WinLoad.exe
if i'm correct in this, then what needs to be done is:
1 - replace bootmgr with a boot image file that doesn't check certs.
2 - replace bootsect.dat with a "i checked certs and passed on to winload" log.
3 - patch/replace winload.exe to load a custom bootres.dll (2nd check for cert in winload?)
4 - patch/replace bootres.dll with the new one for boot animation
5 - keep a process in the background - new process ensures that when MS Update replaces bootmgr with new cert checks the custom bootmgr is restored before next boot.
there still isn't a lot of info on the net concerning the win7 boot file process so alot of this is assumptions. but the theory may be sound.
PS: unsure where the grldr file comes in on all of this.
what i'm basing this theory on:
*bootmgr is a boot image file.
*bootmgr has several replacements in windows update temp files (updating cert checks that way?)
*bootmgr.exe.mui (the language file for bootmgr) contains such strings as:
#9018, "The file is possibly corrupt. Its header checksum does not match the computed checksum."
#9019, "Windows cannot verify the digital signature for this file."
*Winload.exe calls bootres.dll
a possible way to go get around the cert checks:
1 - use BCDEdit to:
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON
copy the new bootmgr after the edit.
copy the bootsect.dat before rebooting (to keep the "do checks" log in tact)
2 - customize your winload.exe and your bootres.dll (keep backups) for custom boot screen.
3 - wright a background process to replace the bootmgr image with your edited one and copy the bootsect.dat backup back to bootsect.dat
A - before every reboot
B - after every windows update
C - after the bootmgr is edited by any other process
after any boot menu edits the process will have to be redone to save the new boot menu with the DISABLE_INTEGRITY_CHECKS and TESTSIGNING flags and still keep the new boot menu.
thoughts on this?
is anyone able to decompile the Bootmgr image file for verification of this theory?
Also - i only have a retail win7 32bit ultimate edition to draw theories on.
|My System Specs|
|14 Aug 2010||#138|
i dont have any links but here is a easy way of finding the command line parameters
copy all files from my windows 7 SDK archive to %HomeDrive%
click the start menu the type cmd tap control-shift-enter click yes (if UAC is enabled)
then type CD %HomeDrive%
then makecert.exe /?
and so on for all the files
i just uploaded them for your convience there are no viruses or any of that bullshit
|My System Specs|
|18 Aug 2010||#139|
Hey, long time no post. My laptop was broke for the last week, and I have been busy.
Anyways, I have a few comments on things said here. I am fairly certain winload.exe does integrity checks. At least with the RC versions of Windows 7 it was the only thing that did the integrity checks. It even did the check on itself. Now with a retail version maybe bootmgr is doing it, or maybe now they are both doing it. I know that the methods for disabling winload.exe's integrity checks no longer works in retail versions.
About the certificate signing. It is easily amenable to a GUI with some minor exceptions.
First, given the tools marcusj posted, you can do most of the signing process automated. You would need 3 pieces of information: a dummy name, a name for the certificate file, and a password. Also, many of these "command line tools" use dialog boxes for the password entries. You will need to use the SendInput function (part of the Win API) to simulate typing into them.
I have re-worked the self-signing commands to make them more straight-forward hopefully, and amendable to automation.
To Make a Self-Signing Certificate Authority (only need to do this once, and I recommend only doing it once, otherwise you'll get annoyed later on)
Note: Maybe the program can save some registry values to know it has already made a self-signing certificate authority and store where it saves the pvk and cer files
makecert -r -n "CN=Dummy Name" -pe -ss CA -sr LocalMachine -a sha1 -sky signature -sv NameCA.pvk NameCA.cer
(type: password, tab, password, enter, password, enter)
certutil -f -addstore Root Name.cer
To Make a Self-Signing Certificate (only need to do this once, but it doesn't hurt to do it more than once)
Note: You can delete the NameCA.cer, NameCA.pvk, Name.pvk, and Name.cer after this step as long as you save the Name.pfx file. That file is all you need to sign unlimited documents after this step.
makecert -pe -n "CN=Dummy Name" -a sha1 -ic NameCA.cer -iv NameCA.pvk -sv Name.pvk Name.cer
(type: password, tab, password, enter, password, enter, password, enter)
pvk2pfx -pvk Name.pvk -pi PASSWORD -spc Name.cer -pfx Name.pfx -f
Sign Program (needs to be done every time the program changes)
signtool sign /v /f Name.pfx /p PASSWORD /t http://timestamp.verisign.com/scripts/timestamp.dll PROGRAM.EXE
Note: This is only necessary on other computers that plan to use programs signed with your certificate. If you do this all on one computer, you don't need this. Also, I haven't bothered to find an automated way to do this (unless you saved NameCA.cer).
See the post I made earlier: Change Boot Logo/Screen?
So if you make a program (I may make a program this weekend) it should probably ask you to either pick a certificate PFX that you already made or make a new one. If you are using a new one, you ask for a name, file name, a password, and a program to sign. If it's reusing another PFX you just need the password and program to sign. Then you use the commands, simulating typing as necessary, and you have signed a program!
|My System Specs|
|Thread Tools||Search this Thread|
|Similar help and support threads|
Boot freeze with black screen with lower Windows 7 Ultimate logo
Hi, i`m axl and i`m quite desperate about the actual situation of my only windows installation. i hope that someone here can help understand the problem because i`ve been working hours trying almost every single fix with every single combination i could find on internet. pc specs: notebook hp...
MSI Radeon 7850 won't boot past Windows Logo screen
Hello, My first time ever posting in a forum regarding help with a PC. I apologize if I ramble off too much. My Specs: Moba: ASrock Z77 Extreme 4 CPU:Interl i5-2500k @3.30 PSU: ZT 650W GPU: Radeon 7850
i see just a black screen after samsung boot logo
Hello there, just a similar question, thought maybe i will get any kind of help here. Situation is pretty obvious: i have got a Samsung Nb, model is NP355E5C, with windows 8 on board. Though it were simply to just erase it, i mean format partition and install windows 7 os. So what i have done:...
Windows 7 logo stuck at boot loading screen graphics card SLI ?
Hi guys. iv just encountered a weird problem with my graphics card. im currently running 2x 9800GT in sli mode. now the issue im getting is when i boot my computer and when the windows 7 logo appears, it will load for abit then freeze or go black screen. now funny thing is my actually...
How to change windows logo on logon screen?
Can't Boot Windows 7 - Stuck At Win Logo Screen
Can't even boot in safe mode or the repair mode or from the Windows installation disk.....always gets stuck at the Windows logo screen where it says "Windows Starting". When trying to boot normal, I get the "reboot and select proper boot device or insert boot media in selected boot device"...
|BSOD Help and Support|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 16:11.