Jump to content











Photo
- - - - -

BOOTMGR Recompiler


  • Please log in to reply
3 replies to this topic

#1 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 20 May 2012 - 08:55 PM

Posted Image

File Name: BOOTMGR Recompiler
File Submitter: joakim
File Submitted: 20 May 2012
File Category: Boot tools

BOOTMGR Recompiler
This tool takes bootmgr.exe and creates bootmgr ready for booting. You can choose between compression method LZNT1 and XpressHuffman. You can also choose which library to use for the compression, either MSCompression.dll an excellent library by Jeffrey Bush, or the Windows shipped ntdll.dll. Note that ntdll.dll supports LZNT1 on any Windows version, whereas XpressHuffman support is only present on ntdll.dll on Windows 8. You can however copy ntdll.dll from Windows 8 and to XP/Vista etc (to same directory as this tool), to overcome this. The MSCompression.dll library supports both methods, and is included in this download. But currently I had some issues with the 32-bit compiled version of this library, so the option on x86 arch OS is to use ntdll.dll. The tool also performs some basic PE testing, and for instance optionally corrects the PE checksum if found incorrect. It does not matter which version of bootmgr.exe you choose or compression method. All generated bootmgr combinations should work fine. The XpressHuffman compressed ones, are much smaller in size than the LZNT1 ones, because of better compression ratio.

Structure of BOOTMGR
1. 16-bit stub with code to unpack, evaluate and execute the compressed part. About 2x KB.
2. A 16 byte section with some information that the 16-bit stub evaluates.
3. A tiny 8192 byte PE image, with unknown function. It's content is not evaluated.
4. The compressed 32-bit executable bootmgr.exe

The 16 byte section contains these values:
byte 1-4: a signature.
byte 5-8: the compressed size of bootmgr.exe.
byte 9-12: the uncompressed size of bootmgr.exe.
byte 13-16: the relative offset to the compressed data calculated from the start of this section (ie the signature).

More detailed information connected to this topic that you may find useful:
http://reboot.pro/16824/
http://reboot.pro/fi...ls-bootmgrntfs/
http://www.sevenforu...indows-7-a.html

MSCompression
https://github.com/c...ife/ms-compress
The included program is a frontend for the library, and strictly not used with the above application. I just included it, since the library is included, in case someone needed it. It's a commandline compressor/decompressor supporting. The library supports these compression methods;

COMPRESSION_NONE = 0

COMPRESSION_LZX = 1

COMPRESSION_LZNT1 = 2

COMPRESSION_XPRESS = 3

COMPRESSION_XPRESS_HUFF = 4


The MSCompression library has a slightly better compression ratio than ntdll.dll when using XpressHuffman.

Click here to download this file
  • Nuno Brito and pscEx like this

#2 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 21 May 2012 - 01:45 PM

Sorry, joakim. But what is the intended purpose of your tool?
Is it just a technology demonstration or does it have a real worl application as well?

:cheers:

#3 Icecube

Icecube

    Gold Member

  • Team Reboot
  • 1062 posts
  •  
    Belgium

Posted 21 May 2012 - 03:00 PM

Sorry, joakim. But what is the intended purpose of your tool?
Is it just a technology demonstration or does it have a real worl application as well?

:cheers:

I guess you can now easily modify BootMGR (e.g. change some strings to BCD store) and rebuild the modified version.
  • Nuno Brito likes this

#4 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 21 May 2012 - 06:47 PM

I thought about including a "what for" or "why bother" section in the documentation, but decided not to. Lets just say that if you are not sure you need this tool, then you definetely don't need it.

In short, the tool will aid you when you found out that you for whatever reason needed to modify bootmgr. String manipulation is one example. Displaying bitmaps or logos is another. Or you simply just want to tweak and customize it because you can and have nothing better to do. And so on.. :)

For those that by accident ended up here, and are not familiar with PE editors and hex editors, you may not waste your time here, and leave right away.
  • pscEx likes this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users