GRLDR without bootinst.exe

Discussion in 'Windows 7' started by xinso, Sep 12, 2009.

  1. loveht

    loveht MDL Novice

    May 4, 2010
    2
    0
    0
    good idea, i'd like to downloader it. thanks.
     
  2. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
    Any chance you have this "bootmgr-checksum-bypass" patch for windows 7 sp1? I am using the x86 version.
     
  3. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    I don't think anyone ever bothered. If you have skills, I would go to the earlier post where he labels the hex bits he flipped, open up the old winsetup.dll from SP0 disk with IDA, find out the name of the function he patched, then jump to that named function in the new winsetup.dll and see if the patch can still be applied.

    I guess first though, I would check and see if they aint identical files, cause if they are, you might be able to just use the old hacked one. Report back.

    Or just use the Windows 7 SP0 DVD, but instead replace the SP0 install.wim with your new SP1. Old hack should work that way.

    Lastly you can always partition your drive manually before you install, then you don't have to worry about any of this.
     
  4. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
    Well, i took the sp0 winsetup.dll file searched the function by name, and applied the same patch to the sp1 winsetup.dll
    The patch is the same 74 48 -> EB 29, offset D632B. Testing it now.
     
  5. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
    Its working! Thank you for pointing me to the right direction.
     
  6. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #46 Mr Jinje, Sep 25, 2013
    Last edited: Sep 25, 2013
    That's awesome. Please confirm the md5 or sha1 on your modded file. and what was the name of the function you patched.
     
  7. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
    The function name was BfsServiceBootFilesEx, i have changed a shot jump instruction to an unconditional one:
    jz short loc_270F6B62 -> jmp short loc_270F6B43
    I have no idea what is the m5 or sha1 checksum of the file, but i can tell you this: i took the file from the SP1 ultimate media refresh disk (from msdn source).
     
  8. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
    I did the same for the 64 bit version, SP1 winsetup.dll from media refresh disc.
    Offset 105782, 74 79 -> EB 2E.
     
  9. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #49 Mr Jinje, Sep 27, 2013
    Last edited by a moderator: Apr 20, 2017
  10. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
    Perhaps. I stayed on windows 7, so i have no clue about 8/8.1. Haven't even tried them yet. Later on i will try them for sure, but i would like to finish this first be4 i do.

    About the Win 7 x64 version: this patch i posted earlier only bypasses the bootmgr check in winsetup.dll. Do u have an idea how to deal with UEFI based systems? I am using this patch with an original bootmgr injected with SLIC 2.1 and it works. I am thinking about the same for the UEFI boot code, however, i do not possess such system, so testing - for me - is impossible.
     
  11. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
  12. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
  13. coleoptere2007

    coleoptere2007 MDL Guru

    Apr 8, 2008
    3,313
    1,938
    120
    #53 coleoptere2007, Sep 28, 2013
    Last edited: Sep 28, 2013
    Please post in the good section !
    It's not a way to ask a question :vertag: , however you should see in Bios if you can Enable Virtualization Technology to avoid this problem ;)
     
  14. mkaracsony

    mkaracsony MDL Novice

    Jul 30, 2009
    35
    6
    0
    I have tested the 64 bit version, and it works:
    64 bit.jpg