Jump to content











Photo
- - - - -

Bootmgr Offset Question


  • Please log in to reply
47 replies to this topic

#1 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 24 December 2011 - 06:37 PM

I use this offset and the bootmgr is from Windows 7 SP0 WAIK

##03.Windows 7 x32 Setup

iftitle [find --set-root --devices=h /laddsbootusb.tag && call set Win7x32=%@root^%] 03.Windows 7 SP1 x32 Setup From %Win7x32%nNovember 2011.

password --md5 $1$A$hzYlFap3SLNNQ/tA7c3.S.

find --set-root --devices=h /laddsbootusb.tag

echo Installing Windows 7 x32 From %Win7x32%

map --mem %Win7x32%/BOOTMGR (rd)

write --offset=0x105E (rd)+1 xEBx08

write --offset=0x54696 (rd)+1 2

chainloader (rd)+1

root ()

Has anyone found the offset values from Windows 7 SP1 WAIK bootmgr?

write --offset=0x105E (rd)+1 xEBx08
write --offset=0x54696 (rd)+1 2


#2 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 25 December 2011 - 01:19 AM

Wonko the Sane,

You must not like me anymore? You haven't posted on any of my question post lately. I need your grumpy help! :)


Well don't really need the help because the bootmgr I have now works fine. Just wondering if the new bootmgr had an offset

#3 cdob

cdob

    Gold Member

  • Expert
  • 1455 posts

Posted 25 December 2011 - 08:06 PM

Has anyone found the offset values from Windows 7 SP1 WAIK bootmgr?

Use offset 0x105E and 0x54735.

title Windows 7 SP1 setup \\boot\\bc2

#based on JFX http://sanbarrow.com/phpBB2/viewtopic.php?t=1807

#Bcdedit.exe /store \boot\bc2 /set {bootmgr} nointegritychecks 1

set bootmgr=/boot/bootmgr.7_1

find --set-root --devices=h %bootmgr%

map --mem %bootmgr% (rd)

#Windows 7 SP1

write --offset=0x105E (rd)+1 \xEB\x08

#\boot\bc2

write --offset=0x54735 (rd)+1 2

chainloader (rd)+1

root ()

  • laddanator likes this

#4 steve6375

steve6375

    Platinum Member

  • Developer
  • 7283 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 25 December 2011 - 08:23 PM

That post seems to be for SP0 not SP1 - is integrated Win 7 SP1 the same then?

#5 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 25 December 2011 - 08:30 PM

Use offset 0x105E and 0x54735.

title Windows 7 SP1 setup bootbc2

#based on JFX http://sanbarrow.com/phpBB2/viewtopic.php?t=1807

#Bcdedit.exe /store bootbc2 /set {bootmgr} nointegritychecks 1

set bootmgr=/boot/bootmgr.7_1

find --set-root --devices=h %bootmgr%

map --mem %bootmgr% (rd)

#Windows 7 SP1

write --offset=0x105E (rd)+1 xEBx08

#bootbc2

write --offset=0x54735 (rd)+1 2

chainloader (rd)+1

root ()


Thanks! I am going to give this a try right now. :)

#6 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 25 December 2011 - 08:45 PM

Ok, confirmed. I used the bootmgr from the WAIK supplement for Windows 7 SP1 and the offsets 0x105E and 0x54735. work perfect. Thanks, cdob! :good:

#7 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 25 December 2011 - 09:04 PM

Its interesting, what are you trying to accomplish? :)

#8 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 25 December 2011 - 09:16 PM

Its interesting, what are you trying to accomplish? :)


I am multi booting Vista, Win 7 and 8 from the same bootmgr and same USB Drive by changing the offsets on the fly instead of using bootmgr1....bootmgr2....bootmgr4....bootmgr6... as described here

http://sites.google....and-server-2008

and I was using the Win 7 SP0 Winpe bootmgr. I always like to use the newest bootmgr and I couldn't figure out the offsets for The Windows 7 SP1 Winpe bootmgr

I followed this guide loosely but great guide none the less. I changed my path names...folder names and wim names.....edit mysetup.cmd and so on but this guide was a great stepping stone

#9 cdob

cdob

    Gold Member

  • Expert
  • 1455 posts

Posted 25 December 2011 - 11:29 PM

That post seems to be for SP0 not SP1 - is integrated Win 7 SP1 the same then?

Was about SP1: recognice 0x54696 NEQ 0x54735

Ok, confirmed.

Next step: automatic Windows 7 detection.
That's Windows 7 gold and SP1 (alpha and beta excluded)

title Windows 7 setup \\boot\\bc2

#set configfile \boot\bc2

#based on JFX http://sanbarrow.com/phpBB2/viewtopic.php?t=1807

#Bcdedit.exe /store \boot\bc2 /set {bootmgr} nointegritychecks 1

#use a non default directory at USB drive

set bootmgr=/boot/bootmgr

find --set-root --devices=h %bootmgr%

map --mem %bootmgr% (rd)

write --offset=0x105E (rd)+1 \xEB\x08

#Windows 7 gold 0x54696 - Windows 7 SP1 0x54735

cat --hex --skip=0x54696 --length=1 --locate=D (rd)+1 && set offset=0x54696

cat --hex --skip=0x54735 --length=1 --locate=D (rd)+1 && set offset=0x54735

write --offset=%offset% (rd)+1 2

chainloader (rd)+1

root ()

  • laddanator likes this

#10 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 26 December 2011 - 01:33 AM

Next step: automatic Windows 7 detection.


I like the sound of it, just not sure what it means. :dubbio:

Ok, looking back I guess you mean the bootmgr? The offset=0x54696 is Win7 SP0 and offset=0x54735 is Win 7SP1?

#11 steve6375

steve6375

    Platinum Member

  • Developer
  • 7283 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 26 December 2011 - 08:59 AM

You could automate this for all versions of bootmgr (Vista,7,2k8) using the same method too... nice!

#12 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 26 December 2011 - 01:53 PM

Yup....worked perfect for me. Tested this last night. Kinda didn't get it at first but I with it now. Great post and thanks, cdob. Best forum ever! :clap:

#13 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15334 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 26 December 2011 - 02:11 PM

Wonko the Sane,

You must not like me anymore? You haven't posted on any of my question post lately. I need your grumpy help! :)


I think this must be the top. :w00t:

Accused of provoking senseless whining :ph34r: by omission. :frusty:

Why don't you use a Thin7pc VHD image instead?
(I know nothing about those, but according to some other member they are the solution to everything :dubbio:)


:cheers:
Wonko
  • laddanator likes this

#14 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 26 December 2011 - 02:49 PM

Yup....worked perfect for me.

Hey, could you explain in detail for less experienced readers, how the last menu works differently from the previous one? I like the approach in general though... :thumbsup:

#15 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 26 December 2011 - 04:07 PM

I think this must be the top. ../public/style_emoticons/default/w00t.gif

Accused of provoking senseless whining ../public/style_emoticons/default/scared9.gif by omission. ../public/style_emoticons/default/frusty.gif

Why don't you use a Thin7pc VHD image instead?
(I know nothing about those, but according to some other member they are the solution to everything ../public/style_emoticons/default/dubbio.gif)


?


Hey, could you explain in detail for less experienced readers, how the last menu works differently from the previous one? I like the approach in general though...


In my testing and now remember I said my testing, cdob may have a better explanation but didn't matter if I used 7 SP0 or 7 SP1 bootmgr, the auto detection script that cdob posted did and will detect which bootmgr you using and will offset to that bootmgr. What this does is allow you to have Vista, Windows 7 (both versions) and Windows 8 if you perfect on the root of the same USB drive for install and the boot.wim(files are added to each new boot.wim) and bcd(paths are changed in each new bcd) are renamed to boot1.wim(7 x64) boot2.wim(7x32) boot4.wim(Vista) boot6.wim(Win8in my case )....bc1(7 x64) bc2(7x32) bc4(Vista) bc6(Win 8 in my case). What the offset does is because bootmgr paths are hard coded...the offset changes the path to match the proper boot.wim and bcd. I am not the best at putting this into words as why I posted the link but in plain text...the script just changes the proper offset no matter the bootmgr version you use.

#16 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 26 December 2011 - 04:34 PM

Thanks,

Would be interesting to see your detail report on final disk setup, or may be you can write a Tutorial on installing & booting (?) various Windows versions from a USB Thumb by a single Bootmgr. You explain things sufficiently clear IMHO.

When it comes to the booting part, may I assume, a similar approach can be used to boot natively different Win versions from VHDs by a single Bootmgr from an empty USB Thumb? Is offset value the only significant difference btw them?

#17 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15334 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 26 December 2011 - 04:40 PM

?

Sometimes Wonko doesn't post because he has nothing he finds useful or appropriate to say, or more simply he doesn't fancy to reply.
You shouldn't whine :ph34r: because he didn't reply to you.

Accused of provoking senseless whining :ph34r: by omission. :frusty:


Since you started whining about NOT getting the attention that in your (perverted) mind Wonko should dedicate to you, Wonko (in his own perverted mind), still having not anything useful to say, posted something pretty much unuseful:

Why don't you use a Thin7pc VHD image instead?
(I know nothing about those, but according to some other member they are the solution to everything :dubbio:)


:cheers:
Wonko

#18 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 26 December 2011 - 05:22 PM

Is offset value the only significant difference btw them?


Not entirely. Each bcd has to be modded:

Changebcd.cmd

@echo off

cls

echo %cd%

pushd %cd%

dir /b bootbc*.

echo.

Echo Change BCD store to load sourcesbootX.wim



SET /P NN=Enter BCD number :



if not exist bootbc%NN% goto :NOFILE



bcdedit /store bootbc%NN% /set {bootmgr} nointegritychecks YES

bcdedit /store bootbc%NN% /create {ramdiskoptions} /d "Ramdisk options"

bcdedit /store bootbc%NN% /set {ramdiskoptions} ramdisksdidevice boot

bcdedit /store bootbc%NN% /set {ramdiskoptions} ramdisksdipath Bootboot.sdi

bcdedit /store bootbc%NN% /set {default} device ramdisk=[boot]sourcesboot%NN%.wim,{ramdiskoptions}

bcdedit /store bootbc%NN% /set {default} osdevice ramdisk=[boot]sourcesboot%NN%.wim,{ramdiskoptions}



echo OK - BC%NN% will now load sourcesboot%NN%.wim



goto :EOF



:NOFILE



echo ERROR - cannot find  bootbc%NN%

You have to mount each boot.wim and add two files to the system32(startup.cmd and winpeshl.ini)in each mount boot wim

startup.cmd

@echo off

color 9f

SET DD=Windows7x32

for %%I in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%I:%DD%install.wim set DVDdrive=%%I:

If NOT "%DVDDrive%"=="" echo Found Install.wim at %DVDdrive%%DD%install.wim

IF "%DVDdrive%"=="" (

echo ERROR - COULD NOT FIND INSTALL.WIM in %DD% folder!

pause

pause

goto :EOF

)





if exist %DVDdrive%%DD%unattend.xml SET UN=/unattend:%DVDdrive%%DD%unattend.xml

if exist %DVDdrive%%DD%OEMnul SET OEM=/m:%DVDdrive%%DD%OEM



REM look for whole sources folder copied over

If exist %DVDdrive%%DD%setup.exe  (

%DVDdrive%

REM setup will use its path to find the install.wim

%DVDdrive%%DD%setup.exe %OEM% %UN%



goto :RBT

)



if not exist X:Setup.exe goto :BAD

REM if not then just call setup in root of boot.wim

X:setup.exe /installfrom:%DVDdrive%%DD%install.wim  %OEM% %UN%

goto :RBT





:BAD

dir X: /b

echo Cannot find X:Setup.exe !

@echo Press a key to reboot now...

pause



:RBT

wpeutil reboot

pause

commit and unmount and change this to boot2.wim. This is just an example. I would love to write a Tutorial but I didn't make all the scripts, just made improvements that work for me...will be glad to share what I know. Where would I post a tutorial?

Wonko, you kinda spoiled me. From day one of me here, you have posted on all my stuff so when you made no grumpy appearance, I figured I wasn't smart enough for you to grace me with your cold and grumpy words! :loleverybody:

#19 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 26 December 2011 - 05:33 PM

Since its about Windows Install and Boot, the best place IMHO would be here. From reading your threads, you know a lot more on the subject than an average forum Joe. :) Just reference the authors, when posting their code, but its better to add it to your Tutorial anyway, because otherwise the code might be offered in other places at times in unrelated context.

#20 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 26 December 2011 - 05:39 PM

Reading your threads, you know a lot more on the subject than an average forum Joe



Thanks, sambul61. Trust me I know allot more in my head than I can put into words sometimes. For the last two months, 13 hours a day I have been writing scripts...some I hope members here would be impressed with but not sure how to make them relevant in forum form. I am going to put some stuff together along with a write up on this topics and I will include cdob post as well.

#21 cdob

cdob

    Gold Member

  • Expert
  • 1455 posts

Posted 26 December 2011 - 08:54 PM

You could automate this for all versions of bootmgr (Vista,7,2k8) using the same method too...

The same method requires a setting for each different bootmgr.
A generic approach would be nice.

Next trial, use search replace:
title Windows 7 setup \\boot\\bc1 - search replace

#set configfile \boot\bc1

#based on JFX [url="http://sanbarrow.com/phpBB2/viewtopic.php?t=1807"]http://sanbarrow.com...opic.php?t=1807[/url]

#Bcdedit.exe /store \boot\bc1 /set {bootmgr} nointegritychecks 1

#use a non default directory at USB drive

set bootmgr=/boot/bootmgr

#set BCD_last_char=1



find --set-root --devices=h %bootmgr%

map --mem %bootmgr% (rd)

#

cat --locate="\x74\x03\xE9\x08\x00\x39\x56" --replace="\xEB\x08\xE9\x08\x00\x39\x56" (rd)+1



debug off

#flag at 0x60000 - 0 to do - other done

write 0x60000 0



#Vista SP0 bootmgr contains a unicode string \Boot\BCD, search '\BCD\x00'

checkrange 0 read 0x60000 && cat --locate="\\\x00B\x00C\x00D\x00\x00" --replace="\\\x00B\x00C\x001\x00\x00" (rd)+1 && write 0x60000 1

checkrange 1 read 0x60000 && echo Vista SP0



#Windows 7 SP0 and SP1 : search \x28\x43\x00\x44

#cat --locate="\x28\x43\x00\x44" --replace="\x28\x43\x00%BCD_last_char%" (rd)+1 && write 0x60000 2

checkrange 0 read 0x60000 && cat --locate="\x28\x43\x00D" --replace="\x28\x43\x001" (rd)+1 && write 0x60000 2

checkrange 2 read 0x60000 && echo Windows 7 SP0 or SP1



#Vista SP1, Vista SP1, Windows 7 RC Build 7100 : search \x43\x00\x44\x00

checkrange 0 read 0x60000 && cat --locate="\x43\x00\x44\x00" --replace="\x43\x001\x00" (rd)+1 && write 0x60000 3

checkrange 3 read 0x60000 && echo Vista SP1, Vista SP1, Windows 7 RC Build 7100





chainloader (rd)+1

root ()

boot

There is a generic string '74 03 E9 08 00 39 56' at all bootmgr.
I's appears once at different bootmgr files.
Unfortunately there is no generic search string for BCD file

How to use %BCD_last_char% at search replace?

At second glance:
a search and replace at \x74\x03 and a different fixed offset BC? may be nicer.

#22 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 26 December 2011 - 09:06 PM

#set BCD_last_char=1


Wouldn't you need to set the numeric value for each numeric boot.wim? The bcd at this point doesn't know you have changed the boot.wim to say boot4.wim(which I use for Vista 32bit).

I have all my boot.wim in the same source folders on the root of my USB as follows:

boot1.wim Win 7x64

boot2.wim Win 7x32 or x86 to be political correct

boot4.wim Vista x86

boot6.wim Win 8

all the BCD in the boot folder on the root of my USB drive as follows:

bc1 Win 7x64

bc2 Win 7x86

bc4 Vistax86

bc6 Win 8

so the set BCD_last_char=1 would have to be set for each as in

set BCD_last_char=1

set BCD_last_char=2

set BCD_last_char=4

set BCD_last_char=6

does that look right?

How to use %BCD_last_char% at search replace?


I have an idea....let me play around with this. I will post ya or na in a few

#23 cdob

cdob

    Gold Member

  • Expert
  • 1455 posts

Posted 26 December 2011 - 11:02 PM

Wouldn't you need to set the numeric value for each numeric boot.wim? The bcd at this point doesn't know you have changed the boot.wim to say boot4.wim(which I use for Vista 32bit).

That's another case. I'm at file bootmgr so far.


I have all my boot.wim in the same source folders on the root of my USB as follows:

boot1.wim Win 7x64

boot2.wim Win 7x32 or x86 to be political correct

boot4.wim Vista x86

boot6.wim Win 8

all the BCD in the boot folder on the root of my USB drive as follows:

bc1 Win 7x64

bc2 Win 7x86

bc4 Vistax86

bc6 Win 8

Actually I'm using one \boot\bcd file myself. Several renamed boot?.wim are launched.


Do you like to get headache? :)
grub4dos co author chenall adjusted grub4dos source code and builded a sophisticated boot environment.
\boot\bcd is edited on the fly.
http://chenall.net/post/ntboot/

#24 laddanator

laddanator

    Frequent Member

  • Advanced user
  • 337 posts
  • Location:Virginia
  • Interests:Writing code and getting stuff to work when no one else can! Wrote a Windows Vista, 7, and 8 legal activation tool in VBscript and compiled it to exe. First project of this undertaking. Working on an AIO legal activation tool that includes XP.
  •  
    United States

Posted 27 December 2011 - 12:05 AM

Actually I'm using one bootbcd file myself. Several renamed boot?.wim are launched.


I use my regular bcd to load my three different version of DaRT 7.0 and 6.5.(in one menu) for recovery so having the bc1..2...4...6 ain't so bad. I would to figure this out anyway. I can't read Chines and my Google translator isn't working



Ok, finally got the NTBOOT and NTBOOT_DPMS downloaded and I figured out that the DPMS is for ISO installs but I miss the part where the bcd is edit on the fly. I booted the NTBOOT.ISO from grub4dos and went through each choice and didn't see the bcd thing?

#25 cdob

cdob

    Gold Member

  • Expert
  • 1455 posts

Posted 27 December 2011 - 12:05 PM

I can't read Chines and my Google translator isn't working

Me too, that's the difficult part.

I miss the part where the bcd is edit on the fly.

The file NTBOOT-2011-12-14.iso\NTBOOT is a archiv.
7-zip expand this to NTBOOT.BAT. There is a section :NT6.HDD calling :NT6_BOOT.
No, I can't explain details. Hopefully another member can explain details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users