Change Boot Logo/Screen?

[thaimin]

See Coder for Life - Projects - Win 7 Customizer Tools

Its a utility I made for just that purpose.

 

[marcusj0015]

ok so do i have to actually copy the bits in a hex editor?

or can i do the whole wim then renameto bin then replace in the dll?

 

[thaimin]

Copy what bits? Using resource hacker or similar program will properly add in the bytes for you. Many resource editors will update the checksum automatically. You can run the program I linked to anyways. It will update the checksum if necessary or tell you that it is already up to date. You don't need a hex editor...

 

[0tolerance]

how do you update the crc???

i was thinking about doing the same thing with the animation but i didnt try it becaue you cant replace that my bits at once and not **** up the crc

I dun remember now......it's been awhile since I have messed with any of the animation hacks

 

[0tolerance]

Copy what bits? Using resource hacker or similar program will properly add in the bytes for you. Many resource editors will update the checksum automatically. You can run the program I linked to anyways. It will update the checksum if necessary or tell you that it is already up to date. You don't need a hex editor...

I tried the edit using Resource Hacker and once I saved it, the file signature was gone.....

 

[marcusj0015]

same here

but its very strange i have 1 copy of windows 7 and two boot options the the same win 7 and one boots up the flag and the other dosent


i asked aout the hex editor becasue you said you had success with a hex editor

 

[thaimin]

Okay. PE files (EXE, DLL, SYS, etc) have two forms of security. The first is a checksum that every PE file has, although it is only checked on important ones. This is typically updated automatically with the resource editor, or can be done with the utility PEChecksum on my webpage. The second is a digital signature that is only put on code that really needs to be secured, such as winload.exe. This is the one you are probably having a problem with. To 'update' this you would need the original private key used to sign it (which Microsoft isn't going to give you) or you can sign it yourself like I listed before.

So if during the boot it says that the checksum is wrong, use PEChecksum.
If it says the digital signature is wrong, you need to re-sign the file.

I think I was talking about using the hex editor like they said on that site you found for disabling all signature checks. I successfully found all the values I needed to change, but it didn't work and Windows still complained about the file.

but its very strange i have 1 copy of windows 7 and two boot options the the same win 7 and one boots up the flag and the other dosent

Do you have two winloads? Like one osload and one winload? That is what that webpage (the one you linked to before) told you to do. They told you to make two options so you wouldn't brick your computer. Sadly, their method only works for beta and RC Windows 7, not release Windows 7.

You shouldn't need a hex editor for anything unless you are really planning to muck around in Windows binaries. Then I would recommend IDA Pro with Hexrays. It isn't really a hex editor, it is a de-compiler and dis-assembler, allowing to see the code (possibly) that was written to create the file. Microsoft has however heavily obfuscated their code, and especially winload.exe. That's the reason no one has cracked the release version of Windows yet.

 

[marcusj0015]

ok well im gonna reinstall becasue theres a lot of clutter and ill continue with this after that

what files do i need from the Windows 7 SDK to sign files?

id rather not have the whole SDK

 

[thaimin]

From the Windows SDK you need: MakeCert, pvk2pfx, and SignTool. I also recommend grabbing CertMgr.exe while you are at it. The whole SDK is awfully big for just signing.

 

[WaxyChicken]

Keep us updated.
Several of us quiet ones are watching progress on this.

 

[marcusj0015]

.

 

[WaxyChicken]

My understanding of the boot process:
1 - boot Bootmgr is the boot image.
it uses bootmgr.exe.mui for proper language.
bootmgr checks for checksum and digital signature on files such as WinLoad.exe and BootRes.dll and then uses bootmgr.exe.mui to display the errors in the proper language.

2 - bootmgr writes to bootstat.dat to record if there was a successful boot, what progress was made during boot ( "windows did not start up previously, do you want safe mode?" etc... is recorded in it for the next time you start your PC)

3 - it then passes on to winload.exe to actually load windows and records in bootsect.dat that it passed on to WinLoad.exe

if i'm correct in this, then what needs to be done is:
1 - replace bootmgr with a boot image file that doesn't check certs.
2 - replace bootsect.dat with a "i checked certs and passed on to winload" log.
3 - patch/replace winload.exe to load a custom bootres.dll (2nd check for cert in winload?)
4 - patch/replace bootres.dll with the new one for boot animation
5 - keep a process in the background - new process ensures that when MS Update replaces bootmgr with new cert checks the custom bootmgr is restored before next boot.

there still isn't a lot of info on the net concerning the win7 boot file process so alot of this is assumptions. but the theory may be sound.
PS: unsure where the grldr file comes in on all of this.

what i'm basing this theory on:
*bootmgr is a boot image file.

*bootmgr has several replacements in windows update temp files (updating cert checks that way?)

*bootmgr.exe.mui (the language file for bootmgr) contains such strings as:
#9018, "The file is possibly corrupt. Its header checksum does not match the computed checksum."
#9019, "Windows cannot verify the digital signature for this file."

*Winload.exe calls bootres.dll

a possible way to go get around the cert checks:
1 - use BCDEdit to:
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON

copy the new bootmgr after the edit.
copy the bootsect.dat before rebooting (to keep the "do checks" log in tact)

2 - customize your winload.exe and your bootres.dll (keep backups) for custom boot screen.

3 - wright a background process to replace the bootmgr image with your edited one and copy the bootsect.dat backup back to bootsect.dat
A - before every reboot
B - after every windows update
C - after the bootmgr is edited by any other process

after any boot menu edits the process will have to be redone to save the new boot menu with the DISABLE_INTEGRITY_CHECKS and TESTSIGNING flags and still keep the new boot menu.

thoughts on this?
is anyone able to decompile the Bootmgr image file for verification of this theory?
Also - i only have a retail win7 32bit ultimate edition to draw theories on.

 

[marcusj0015]

sounds awesome keep up the good work im gonna start Heavy work on this in about an hour or two

 

[DaBlueCaboose]

I await with bated breath the fruits of this endeavor.

 

[marcusj0015]

check this out

Download TekCERT 1.0 Free - Easy to use, self signed certificate generator - Softpedia

 

[marcusj0015]

im starting to get tired of all this signing and all that

btw tha you should make a gui tool for all this stuff it would make it a billion times better

 

[WaxyChicken]

is signing a command line function?
if so then post up so links on how to do it.
I can do a GUI in VB or something.

 

[marcusj0015]

i dont have any links but here is a easy way of finding the command line parameters

copy all files from my windows 7 SDK archive to %HomeDrive%

click the start menu the type cmd tap control-shift-enter click yes (if UAC is enabled)

then type CD %HomeDrive%

then makecert.exe /?

and so on for all the files

i just uploaded them for your convience there are no viruses or any of that bullshit

Link

 

[thaimin]

Hey, long time no post. My laptop was broke for the last week, and I have been busy.

Anyways, I have a few comments on things said here. I am fairly certain winload.exe does integrity checks. At least with the RC versions of Windows 7 it was the only thing that did the integrity checks. It even did the check on itself. Now with a retail version maybe bootmgr is doing it, or maybe now they are both doing it. I know that the methods for disabling winload.exe's integrity checks no longer works in retail versions.

About the certificate signing. It is easily amenable to a GUI with some minor exceptions.

First, given the tools marcusj posted, you can do most of the signing process automated. You would need 3 pieces of information: a dummy name, a name for the certificate file, and a password. Also, many of these "command line tools" use dialog boxes for the password entries. You will need to use the SendInput function (part of the Win API) to simulate typing into them.

I have re-worked the self-signing commands to make them more straight-forward hopefully, and amendable to automation.

To Make a Self-Signing Certificate Authority (only need to do this once, and I recommend only doing it once, otherwise you'll get annoyed later on)
Note: Maybe the program can save some registry values to know it has already made a self-signing certificate authority and store where it saves the pvk and cer files

makecert -r -n "CN=Dummy Name" -pe -ss CA -sr LocalMachine -a sha1 -sky signature -sv NameCA.pvk NameCA.cer

(type: password, tab, password, enter, password, enter)

certutil -f -addstore Root Name.cer


To Make a Self-Signing Certificate (only need to do this once, but it doesn't hurt to do it more than once)
Note: You can delete the NameCA.cer, NameCA.pvk, Name.pvk, and Name.cer after this step as long as you save the Name.pfx file. That file is all you need to sign unlimited documents after this step.

makecert -pe -n "CN=Dummy Name" -a sha1 -ic NameCA.cer -iv NameCA.pvk -sv Name.pvk Name.cer

(type: password, tab, password, enter, password, enter, password, enter)

pvk2pfx -pvk Name.pvk -pi PASSWORD -spc Name.cer -pfx Name.pfx -f


Sign Program (needs to be done every time the program changes)

signtool sign /v /f Name.pfx /p PASSWORD /t http://timestamp.verisign.com/scripts/timestamp.dll PROGRAM.EXE


Install Certificate
Note: This is only necessary on other computers that plan to use programs signed with your certificate. If you do this all on one computer, you don't need this. Also, I haven't bothered to find an automated way to do this (unless you saved NameCA.cer).

See the post I made earlier: http://www.sevenforums.com/customization/11930-change-boot-logo-screen-10.html#post877293


So if you make a program (I may make a program this weekend) it should probably ask you to either pick a certificate PFX that you already made or make a new one. If you are using a new one, you ask for a name, file name, a password, and a program to sign. If it's reusing another PFX you just need the password and program to sign. Then you use the commands, simulating typing as necessary, and you have signed a program!

 

[marcusj0015]

awesome man sweet

how do we find out whitch executabole program is doing the checks and how its is being done?