MBR(bootsect.exe /NT60) -> \bootmgr MBR(bootinst.exe /NT60) -> \grldr -> \bootmgr MBR(bootsect.exe /NT60) -> \bootmgr (original grldr) -> \Boot\bm (original bootmgr) 1. takeown /F %%A\bootmgr icacls %%A\bootmgr /grant administrators:F 2. attrib %%A\bootmgr -s -r -h 3. ren %%A\bootmgr bm 4. cut&paste %%A\bm %%A\Boot\ 5. Copy bootmgr (from attachment) %%A\ /y P.S. 1. %%A = System partition 2. attachment bootmgr in Step 5 is actually GRLDR (with ACER OA2.1 SLIC)
The one reason I still use bootinst is because it's easy for the user to fix it themselves if they need to. Having to explain how to rename a file back to what it was and delete the existing one via command prompt is sometimes just asking too much of the user. Another reason is that if MS do decide to put out an update that disables/deletes the GRLDR with injected SLIC then the user still has bootmgr to fall back on, but via this method they don't
When I placed a hacked bootmgr in my WIM, I renamed my original to bootmgr.bak and leave both in PCAT folder inside the WIM Windows\Boot\PCAT\bootmgr Windows\Boot\PCAT\bootmgr.bak I assume Windows\Boot\PCAT\bm When I install the hacked bootmgr gets moved directly to the Root of the system partition, while the other unknown files in the folder (bootmgr.bak) get placed into to Boot folder R:\bootmgr R:\Boot\bootmgr.bak I assume R:\Boot\bm The Windows installer will copy to the correct place without any additional effort. No time to test it out. Maybe someone else cares too.
the bootmgr this guy has posted is grldr edited to chainload the renamed bootmgr file if the renamed bootmgr file is in boot then you will have to edit grldr to chainload boot\bm or you will have the dreaded blinking cursor hang after post.
Yeah, I know, and if someone downloads his file, the method I described should work just fine. It will not work with a regular GRLDR renamed to bootmgr, unless they make a few small changes in Hex (mostly changing bootmgr to boot\bm or any other 7 letter string they like). The hack to GRLDR is the same as the hack to bootsect.exe, basically just a pointer rename. Xinso, what did windows do when you installed ? Did the backup bootmgr in the WinSXS folder overwrite your GRLDR bootmgr from the PCAT folder ? Did the bm file get copied to the R:\Boot\ folder ?
my bad I didnt even read his whole post, I thought he left bm at the root of the drive, Im testing now, cert in oem folder, key set with dism, bm and renamed edited grldr in pcat. failed I dont think it liked me messing with PCAT maybe permissions
Nonon - are you using the take ownership reg file or using some other elevated command line. I know that microsoft specifically does not allow accounts in the adminisrators group access to these files (for our own good they says) Xinso, I had to replace bootmgr in both the PCAT folder and this WinSXS folder before mine way worked. Maybe is simple fix. Code: C:\Mount\Windows\winsxs\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_6.1.7600.16385_none_c30008a71484187b
That is odd, I cannot make it do that. Copied your bootmgr into PCAT folder and left the machine alone. When I came back and checked that WinSXS folder and it still had the original bootmgr file. What about the other files in the PCAT folder (memtest.exe, en-us folder), did they get copied over or was the hidden drive completely blank. Still, even if it cannot be slipped into a DVD, the manual method works, right ?
there is some kind of check taking place, I have tried padding grldr out to the same size as bootmgr, but no luck.
I got this to work by bypassing the bootmgr checksum you will need to edit winsetup.dll in both "dvd root"\sources and and boot.wim\sources with a hexeditor EDIT: just tested windows is activated without any loader install bs.
If anyone can get GRLDR at the root of the system volume durring setup, I have the mod to make setup install the bootcode. I did this from memory check it before making the dvd bootcode mod modding winsetup.dll to also copy GRLDR to the same place as bootmgr might be beyond my skill level.
to make this method as stealthy as posible I have created a GRLDR file that is the same size as bootmgr, and has the same creation and modification times as bootmgr. without any extra files at the root of the system volume, bootcode not modified and the phonie bootmgr with the same size, acl's, owner, creation, modification and access times as a real bootmgr, this method might escape detection.