Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How to change boot animation in Windows 7

16 Oct 2010   #261
joakim

ubuntu
 
 

I just got to test on 64-bit and I think I found how to load unsigned winload.exe without testsigning on 64-bit. Actually nothing new. Just use the same patch as I posted earlier on page 21 (about the 2 nops that you mentioned not understanding (including myself)). That patch thus works for deactivation of signature check for both bootmgr.exe and winload.exe. Hopefully I did not miss anything obvious, as has happened before..

So we can now load unsigned bootmgr(.exe), winload.exe and bootres.dll, without testsigning or nointegritychecks configured. Did not check with ntoskrnl.exe yet.

Joakim


My System SpecsSystem Spec
.
16 Oct 2010   #262
joakim

ubuntu
 
 

After some more digging, I'm getting a little tired of all this, but have found some more information to share.

Here is yet another way to disable signature check in bootmgr. Locate this;
Code:
.text:00421151                 call    _ImgpValidateImageHash@24
and change E8160B0000 -> b800000000, which will overwrite the call with a "mov eax, 0" instruction. It will just tell the caller that the hash in bootmgr.exe is fine.

To load winload.exe with bad checksum change this jz instruction to a jmps, 7418 -> eb18.
Code:
.text:004216A3                 jz      short loc_4216BD
For some strange reason, when booting winload.exe with bad checksum, winpe will revert to vista style, while a regular install will boot with fine animation (usually its the other way around).

And to make the signature checker of winload.exe happy we can also patch like we did already for bootmgr's selfcheck;
Code:
.text:0042179A                 call    _ImgpValidateImageHash@24
changing E8CD040000 -> b800000000, which will overwrite the call with a "mov eax, 0" instruction. Again, we just return the message that hash in winload.exe is good.

And yet another way to load bootres.dll (and more) unsigned by patching winload.exe here;
Code:
.text:0042960B                 call    _BlBdDebuggerEnabled@0
By changing E889FDFDFF -> 909090b001, we effectively spoof debug mode, and thus disable any signature checking. The code now becomes 3 nops and a "mov al, 1" instruction.

This was verified on 32-bit binaries of version 6.1.7600.16385, but from tests done the last 2 days, this should also work similarly on 64-bit. I just haven't had the time to locate the corresponding addresses for x64 yet.

Now the function ImgpValidateImageHash inside bootmgr is not used anymore and can be filled by new stuff.

@thaimin
What function did you want to try and draw an image with in bootmgr?

Joakim
My System SpecsSystem Spec
17 Oct 2010   #263
AlexYM

Windows 7 Ultimate x32
 
 

@thaimin
For some reason i can't decompress SP1 bootmgr with bmzip tool, neither Beta nor RC Escrow versions. Version 7601.17104 is here:
bootmgr7601.17104.zip
My System SpecsSystem Spec
.

17 Oct 2010   #264
joakim

ubuntu
 
 

More checksum stuff. To completely disable all checksum verifications during bootup, we must patch winload.exe in 3 different places;

1. Change this to a jmps instruction by changing 7418 -> eb18;
Code:
.text:00428DC5                 jz      short loc_428DDF
2. Then replace this conditional jump with 6 nops by changing 0f8400010000 -> 909090909090;
Code:
.text:00428DE3                 jz      loc_428EE9
3. Lastly also replace this conditional jump with 6 nops by changing 0f871cfdffff -> 909090909090;
Code:
.text:00428DF6                 ja      loc_428B18
With this patch I was able to boot with bad checksum in bootres.dll, hal.dll, ci.dll, bootvid.dll and ntoskrnl.exe (and possibly more). Tested on 32-bit version 6.1.7600.16385.

@AlexYM
You can find the decompressed bootmgr on your dvd in"Windows\Boot\PXE\bootmgr.exe" inside the wim. They are identical.

Joakim
My System SpecsSystem Spec
17 Oct 2010   #265
lastot069

Windows 7 Ultimate x64
 
 

I have been following this closely for some time now, and it sounds like it may actually happen soon. I thank everyone involved in this and am very glad this will be openly available for everyone's use. Customizing your computer is like decorating your room, it should be your right.
My System SpecsSystem Spec
18 Oct 2010   #266
cvalbinda

Windows 7 Ultimate 32 bit
 
 

Pretty amazing of you guys working on this program. Will follow closely on this thread for updates. and oh, just a suggestion a stick or two and a cup of coffee is 1 good way of unwinding. Good luck to all.
My System SpecsSystem Spec
19 Oct 2010   #267
marcusj0015

Windows 7 Ultimate x64
 
 

guys is there anytrhing i can do to help? anything at all

i feel like a let down evon though i revived the original thread and got this project started i feel responsible to help get it done
My System SpecsSystem Spec
19 Oct 2010   #268
joakim

ubuntu
 
 

@marcusj0015
Do you want to create a few different test animations? I would like to test with kernel patches for animations of different size and length. For instance with higher resolution, like 250x250 and 300x300, and some with less/more frames, like 50 or 150. If you can do this, it will speed up my researching.

I don't care about how lame the actual animation is, I just need something to test with. And as you might have noticed, I am not very good with animations..

Joakim
My System SpecsSystem Spec
19 Oct 2010   #269
marcusj0015

Windows 7 Ultimate x64
 
 

ok ill try

it might take a few days
My System SpecsSystem Spec
20 Oct 2010   #270
joakim

ubuntu
 
 

Yet another way to solve the TESTSIGNING issue. We boot by configuring TESTSIGNING on in bcd. Now the intersting part is that we can patch the kernel so that when code integrity (ci.dll) is initialized, it will continue booting like as if TESTSIGNING was not set in the bcd. I've verified this because the watermark was not put on the desktop, at the same time as TESTSIGNING was shown in the registry under the key SystemStartOptions. I really don't recommend messing with the kernel, so you might want to stick with the other working solutions already posted. For those that like testing this, here is the patch located in the function SepInitializeCodeIntegrity. Change both conditional jumps to a jump short instruction (jmps);
Code:
PAGE:00572D42                 call    _SepIsOptionPresent@8 ; SepIsOptionPresent(x,x)
PAGE:00572D47                 test    eax, eax
PAGE:00572D49                 jz      short loc_572D4D
Change 7402 -> eb02.

Code:
PAGE:00572D5A                 call    _SepIsOptionPresent@8 ; SepIsOptionPresent(x,x)
PAGE:00572D5F                 test    eax, eax
PAGE:00572D61                 mov     eax, ds:_KeLoaderBlock
PAGE:00572D66                 jz      short loc_572D6B
Change 7403 -> eb03.

This way the kernel will always continue booting the system without testsigning, regardless of what you put in the bcd. The nice thing is you can have testsigning for the first part of the boot process, and choose to finalize the booting without testsigning. When testing kernels it could be a good thing to specify your custom kernel in the bcd with the kernel parameter (like "KERNEL mykernel.exe").

Now TESTSIGNING gets deactivated after the animation is played.

Joakim
My System SpecsSystem Spec
Reply

 How to change boot animation in Windows 7




Thread Tools




Similar help and support threads
Thread Forum
How di I change boot animation and text?
Hey! So I have been wanting to change my boot/startup logo from the default windows logo with "starting windows" and Microsoft text. So after many google attempts i have stumbled upon an application, BootUpdater. This program supposedly can easily change the windows animations and is exactly...
Customization
How do I change windows7 boot animation when resolution 800X600
Hello , I already know change windows7 boot animation need access bootres.dll and winload.exe.mui. But if resolution below 1024X768 it seem different. Can anybody teach me which file need be change, Thank you a lot! Ps. I know my English is terrible , I hope it can be understood.
Customization
Boot screen Animation Change?
I don't know if this one can be done. I know how to turn off the ding sound it makes when my computer boots up but does anyone know how to change the boot screen animation? I would like to put one of my own animations on there instead of the windows logo popping up from 4 little lights.
Customization
Windows 7 Home premium 64bit won't boot, just plays boot animation
My Windows 7 has stopped booting after a restart, the system would just endlessly play the boot animation and not boot properly... system restore won't work, startup repair won't work, chdsk and sfc won't work. I have yet to try and see whether a Registry fix works. Windows loads the WRE VERY...
BSOD Help and Support
How to change the boot screen animation?
Has anyone figured out how to change the boot animation? John
Customization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:40.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App