Change Boot Logo/Screen?

[RBCC]

buy your digital signature from tucows for $75

 

[lamdacore]

Hello,

Very insightful thread. Very Helpful.

I must admit though, I was forced to register on this forum as I was completely bemused at some users flaming others posts (yes, I'm aware I'm being a hypocrit here) but y'know, c'mon, you came here asking for assistance, then when the assistance was given in a complex way or it wasn't just a double click here, copy and paste there - with a nice shiny GUI, it was thrown back at the author who was giving the assistance. Seriously. If you're not that confident about getting elbow deep in your OS then quite simply, don't change it (or buy a m*cbook) Alternatively just be patient and wait for the "hackers" to come up with a "tweaking for dummies" guide. Untill then, be grateful.

Sorry for ranting on my first post, but it just annoys me when n00bs don't appreciate the complexity of "real" tweaking....

Anyway, on a more positive note, thank you for the guide so far, albeit I've been unsuccessful in tweaking the boot logo thus far. Keep up the good work

 

[RBCC]

How do I make sure that Windows 7 boots with the vista bootscreen? And can I change that boot logo? John

 

[lamdacore]

As previous people have mentioned, I don't think its possible to change the boot screen to anything other than the "no gui boot" setting in msconfig.

To get the Vista boot screen, I'm not sure, but from what I've gathered, its possible, however changing this again to a custom boot screen, it doesn't seem possible yet due to the digital signatures required.

 

[windowsapple]

OMG I found a loophole! To change your WIndows 7 Bootscreen, Apply Duck tape over the screen while it boots. Nuff Said.

JKJKJKJKJKJK

still working on it lol.

 

[windowsapple]

Getting There... O_O

I've hit something! Sorta. Kinda. Maybe.

Use Res-hacker with admin rights, the files have been located.

c:/windows/system32/boot/ (Contains the exe files)

and also

c:/windows/system32/boot/en-US/ (Contains the MUI files)

They say the owner of those files is

S-1-5-21-1707938003-3620065225-122919045-1000

Anyone know who/what that is??

Anyway, I'm going to keep on trying. Stay tuned.

 

[bMcSkY]

Found It!

The Way You Change The Text Is Easy But A Very Long Process It Requires Alot Of System Files To Be Changed About 20 or so (Don't You Just Love Microsoft) I Will Post List Later And Intructions ASAP.

 

[RBCC]

What is used to run the code?

 

[marcusj0015]

GUYS I FOUND HOW TO FIX THE PROBLEM!!!!!!!!!!!!!!!!!!!!!!!!!

if you open the resulting bootres.dll in 7-zip you will see a new section called [data-1] if you open the file in notepad you get this

 @   0‚4 *†H†÷
‚%0‚!10 + 0h
+‚7 Z0X03
+‚70%   ¢€ < < < O b s o l e t e > > >0!0 + ³óùs¯3¥ì™rшðq×9m ‚ 0‚»0‚£ 
aÊi     0
*†H†÷
0w10 UUS10U
Washington10URedmond10U
Microsoft Corporation1!0UMicrosoft Time-Stamp PCA0
070605220321Z
120605221321Z0¤10 UUS10U
Washington10URedmond10U
Microsoft Corporation1'0%UnCipher DSE ESN:A5B0-CDE0-DC941%0#UMicrosoft Time-Stamp Service0‚"0
*†H†÷
‚ 0‚
‚ ¯øZö4±¢Ž¬Ïüð­%
q»_[·;7A$ê#Å®¬™Àܦ#ðÊ©302j/š!B &Y›PéWq‹gë—ès‹x±˜@F£Z( ÚÅN‹© T‘1œÿĐ•E€(q€Ë¬8gaìÂ_°?Ñ*÷2os=|n˜6š†î 8îìOU3Fz@Ü¥õÒ#†]+3O$H“±´~Ïß3¿Õ[Æ/óæ„·N“˜¼ ë\iÅÈÈÒÄ<° 㲜ù¡ ÜÕõm|213²Y›þÊ]"NºðgÉKý}×T]Iõ« ~Òe´qèL}Æ”½…‘mPZé £‚0‚0Už¨tÁBîÍ=½éÖî'°Ç54g0U#0€#4øÙRFp
í@ûvû³+°Ã5³0TUM0K0I G E†Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X+L0J0H+0†<[URL="http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0U%0"]http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0U%0[/URL]
+0UÿÀ0
*†H†÷
‚ g¥ß(QÜHƒýÆeù]úfª²§V¢H¾2¬m—OD»»ôçâ}Åt Ö†ó‘ÀÐщ^b‹úh÷eÏæS©ßt!­Œ´¦ÊC“ÉkáJ²íδŠ:÷µÌ¼š{ÏÄ?Ù
,u<’žÏ6bæ™'÷ûqïÿZzaUºº˜‡ëq¬võ膟6gPAxü3¤ÕisÈp#k|£WÈhä[AÁø&ýiI™Ö¯É?¤õœLù
ÒÍK¿}úì;qIþÊâjÚi´“>4þÊì€Iä²tÌ‘ç>N·{õ@d[ÔPÕ9MS;Ô^G‚[ÑZz™.Fpk…
l cu0‚–0‚~ 
aÆÁ     0
*†H†÷
010 UUS10U
Washington10URedmond10U
Microsoft Corporation1+0)U"Microsoft Windows Verifica

which says that the sig is broken

if we could somehow remove this i think it would work

ijust hex edited out the [data-1] "partition" from the dll it still shows up in 7 zip but it has no contents

im about to test it

EDIT

it dosent work

the wim is at the beggining of the dll then the [data-1] table then the certificate if you edit to far it cuts into the certificate breaking it

if you go just far enough to remove the [data-1] table the certificate is relocated into the [data-1] table and the certificate is missing

if we could just remove the [data-1] table

 

[thaimin]

I have been trying to work on this as well and I reproduced many of the things you guys have done all on my own and reached the same digital signature problems. It sounds like someone is working on that part which is great.

I am working on a program to automate the process a bit. I have a program that can take the BMP image they use and break it up into 105 individual frames. The program can also do the reverse and take 105 frames and make them into one long BMP (and then modify it a bit since the real activity.bmp isn't quite a proper BMP). I have some scripts that automate the extraction and updating of the WIM and bootres.DLL. So basically, if I get it better organized, if you have a folder with 105 images then I can automate the process from bootres.dll -> updated bootres.dll. Just need to fix the signature.

Some other problems, maybe you guys can help.

• Currently I use IMAGEX to mount and commit the WIM. This causes problems since IMAGEX cannot get rid of old data so the original BMP is there with the new BMP (the original one is not available, but takes up space in the WIM).
• 7-zip cannot update WIMs at all, how are you guys doing this?
• The new version of 7-zip no longer shows the root directory of WIMs when there is only one mount (this WIM only has one mount: 1). So you cannot see the XML file (which should be fine since my program takes care to make sure the file is all kosher).

Well, I hope that working together we can come up with a viable solution.

 

[thaimin]

One other thing, just some information I have collected from sources about the boot animation:

• 105 frames
• 7 secs long
• 15 frames / sec
• Last 3 seconds loop until loaded
• Each frame is 200x200px, piece together into one BMP 24-bit 200x21000px

Someone should start working on some nice animations the follow these guidelines so that once things work we can test it out. Right now I am testing with a grayscale version of the original.

 

[marcusj0015]

you mount the original wim and commit it to the original wim then export it to a new .wim file and all is good

play with gimagex export tab for a while to see what im talking about

 

[marcusj0015]

does anyone have an unaltered certificate so i can see if the certificate is actually broken or what is going on

can you upload your bmp tool that sounds really promising


is there anyway to increase the fps to at least 18 fps?

do you have any info about the wim settings like is the sompression fast or max or what and any other settings that could be inportant


sorry for the double post

 

[thaimin]

So i was thinking instead of trying to "crack" the Microsoft security, why don't we just try to self-sign winload.exe and bootres.dll? I have signed my own drivers before using my own keys and by adding myself to the trusted list, and they show up as signed and trusted. Microsoft may have put a block against self-signing these files, but maybe not. By self-signing you don't open up any security holes like you would by disabling signature verification since they would need your private key.

 

[marcusj0015]

what apps do you use to sign your own keys into these files?

and where can we get a key?

and how much does it cost?

 

[thaimin]

There are professional services which cost $300-$900 per year that are already trusted. If you make yourself a trusted person, then its free!

You need 3 programs (4 if you are making drivers):

MakeCert which makes the root private certificate and private key
pvk2pfx which combines the two above items into PFX file
SignTool which actually signs the program using the certificate you made above
(for drivers you also need inf2cat because inf files cannot be signed directly)

All of these programs are found in the bin directory of the Windows SDK (which can be downloaded freely at Download details: Microsoft Windows 7 SDK). You may want CertMgr from the SDK.

Looking back at my batch files, this is the basic outline of how to sign a program. It may need some adjusting, but its a good starting point. Pick a value for XXX and keep it the same throughout:

• Do the following once:
  • MakeCert -r -n "CN=My Company Name" -pe -sv XXX.pvk -ss XXXCertStore XXX.cer
  • pvk2pfx -pvk XXX.pvk -pi MyPassword -spc XXX.cer -pfx XXX.pfx -f
• Do the following per computer that is using SignTool (probably only one):
  • Double Click XXX.pfx to install it, let the program pick the store, you will need to enter MyPassword
• Do the following per program, every time you make a change:
  • SignTool sign /ac XXX.cer /s XXXCertStore /n "My Company Name" /t http://timestamp.verisign.com/scripts/timestamp.dll SignedFile.exe
• Do the following once on each target computer (you won't have to do this again if you re-sign the file and only once no matter how many different files you changed):
  • Easy method: certutil -addstore ROOT XXX.cer (note: certutil is in system32 on all Windows machines)
  • Harder method (but doesn't require XXX.cer):
  • Right click "SignedFile.exe", choose "Properties"
  • Click "Digital Signatures" tab
  • Click on the signature then "Details"
  • It will say something is wrong with the signature
  • Click "View Certificate"
  • Click "Install Certificate..."
  • Click "Next >"
  • Some special steps are probably required for this current project:
    • Choose "Place all certificates in the following store" and choose "Browse..."
    • Click "Show physical stores"
    • Choose "Trusted Root Certificate Authorities" -> "Local Computer"
    • Click "Okay"
  • Click "Next >" and "Finish"
  • At the security warning click "Yes"
  • Close all the windows
  • Note: All of the above steps can probably be accomplished with a REG file (look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates before and after adding it)
  • Second Note: To see that it worked, view the signature again (the first three steps, it should say its OK).

So one issue that may come up is that the files are already signed. We will probably have to find a way to remove that signature. Also, even though we are storing this certificate in the Trusted Root CA for the entire computer, who knows if it will work for boot-time programs.

Also, when modifying ANY exe or dll, make sure to update the PE checksum. During verification this is checked before the signature is checked. Your resource modifying tool may do this for you, maybe not. Check out Coder for Life - Projects - Win 7 Customizer Tools

I will try this out later today. I have a machine solely used for testing this kind of stuff.

 

[marcusj0015]

actually i seen something online about how to unsign a dll exe mui and more

[release] UnSigner - remove authenticode signs - xda-developers

how do we become trusted so we can get free certificate and key?

 

[thaimin]

You become trusted by following the steps under "Do the following once on each target computer". You will need to do the first 3 parts first though.

Great with the unsigning! Although, from reading the first couple posts the program doesn't work at the moment, maybe further down in the thread they get it working.

 

[thaimin]

Oh, actually we don't need it. I just tested signing winload.exe and it REPLACES the Microsoft signature. I have not tested booting with the re-signed winload, but at least we know we don't have to remove the signature.

 

[marcusj0015]

that thread is from 2007

it DOES work in windows 7 the certificte is completely removed and its now easier to access the .bmp, 7-Zip actually opens the wim

i will try to resign it and boot

the file is now 2.10 mb it was 2.11 mb and the certificate HAS been Removed

and the TimeStamp is still the original 07/14/2009 at 01:04:32