Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: x64 resource editor that edits x64 system files, such as ntoskrnl.exe

24 Apr 2015   #1
puraki

Windows 7 Professional x64
 
 
x64 resource editor that edits x64 system files, such as ntoskrnl.exe

I have been trying to modify Win7 64-bit ntoskrnl.exe, but every time I do it, my computer starts up with Automatic Repair.

First, I enabled the Windows Vista boot screen in Windows 7: [Fun Tip] Enable Windows Vista Boot Screen in Windows 7 - AskVG

Second, I got the Windows logo of the ntoskrnl.exe file from a Windows Embedded POSReady 2009 Eval ISO: https://www.microsoft.com/en-us/down....aspx?id=11196

Third, I opened Resource Hacker Resource Hacker and replaced Bitmap > 5 > 1033 with my Windows logo from WEP2009.

Fourth, I booted from a WinPE USB flash drive, made a backup copy of my ntoskrnl.exe file, and copied my modified ntoskrnl.exe to system32.

Afterward, Win7 was booting into Automatic Repair.

I also noticed that the modified ntoskrnl.exe and SysWOW64's ntoskrnl.exe was smaller than the original 64-bit ntoskrnl.exe.

I tried XN Resource Editor, Resource Tuner, ResEdit, Restorator, and Explorer Suite. They kept corrupting ntoskrnl.exe and Win7 continued booting into Automatic Repair.

Is there any 64-bit resource editor that successfully edits 64-bit system files, like ntoskrnl.exe?


My System SpecsSystem Spec
.
25 Apr 2015   #2
Alejandro85

Windows 7 Ultimate x64
 
 

I don't think it's a matter of corruption. I've used at least Resource Hacker to edit system 64 bits dlls and it's certainly capable of doing so.

The thing is probably messing with a signed file. Modifying the contents of such a file will make the digital signature invalid, as it wouldn't match the contents of the original signed file (that's the primary reason to sign a file, prevent corruption). As the kernel is loaded early in the boot process, and the bootloader verifies the signature, it detects a modified kernel and aborts the boot to prevent damage, suggesting startup repair to fix the affected files.

No editor can modify such files without breaking the digital signature, as it depends on the file contents. It would require re-signing the kernel with the new contents, and for that it would require to have the Microsoft private key, which is obviously MS-only.
My System SpecsSystem Spec
25 Apr 2015   #3
Berton

Windows 7 Ultimate 64-bit, Windows 8.1 64-bit, Mac OS X 10.10, Linux Mint 17, Windows 10 Pro TP
 
 

Another issue with altering files such as ntoskrnl.exe is that the original programmer/publisher will consider it as 'reverse engineering' and one would run afoul of the licensing of the program.
Ntoskrnl.exeIf - Wikipedia, the free encyclopedia

If wanting to customize or experiment with an Operating System it'd be best to get an Open Source OS such as a version of Linux.
My System SpecsSystem Spec
.

25 Apr 2015   #4
puraki

Windows 7 Professional x64
 
 
Solution

Thanks, Alejandro85!

I found the solution:

First, I ran Command Prompt as an administrator and typed in "bcdedit -set TESTSIGNING ON" to enable test mode.

Second, I used Resource Tuner to edit the boot screen.

Third, I got Driver Signature Enforcement Overrider: Driver Signature Enforcement Overrider Downloads and signed my modified ntoskrnl.exe with the test signature.

Fourth, I booted from the WinPE 4 USB flash drive and replaced the old ntoskrnl.exe with my modified one.

My boot screen appeared on startup!
My System SpecsSystem Spec
Reply

 x64 resource editor that edits x64 system files, such as ntoskrnl.exe




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Resource Protection Corrupt Files, Cannot Fix
Last night I had gotten rid of around 5 rootkits there were giving me quite the headache — namely in the form of Error Code 5. That was fixed. Now, however, when I tried to open Task Manager this came up "Windows cannot find 'c:\Windows\System32\taskmgr.exe' Make sure you've type the name...
General Discussion
SugarSync Excess Resource Files
I once had SugarSync installed, I removed it, but now each time my computer boots into windows, I get this annoying Resources not loaded error. I contacted SugarSync, no one has responded back, I suppose there software is not the culprit when the error clearly shows the SugarSync logo. Do you...
Software
How do i install Resource Editor 32 bit ?
Hello... I am new in this form , and i like this form :D I have a problem with ( Resource Editor 32 bit ), because when i downloaded from internet , the (Setup) file doesn't with it , and when i use it , the message appear and written ( Not Responding ) , so how do i install it correctly....
Installation & Setup
Tagging FLAC files - any decent TAG editor for W7
Hi all Ripping CD's to FLAC is no problem using WINAMP on W7 but on the rare (very rare) occasions when I can't find the track / album data on GRACENOTE / FREEDB is there any way to tag the tracks manually with some sort of "Tag editor" -- I "Think" Flac can handle ID3 - but unlike most here...
Music, Pictures & Video
notepad files run as registry editor
When I click on a txt file it keep pop up with Registry Editor. How do I stop this from happening so when I click on a txt file it open up notepad. The only way I am able to open it in notepad is by right click and hitting edit.
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:41.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App