Jump to content

Solution for multibooting Win XP/2k3 64-Bit, Win2k3 SP1, WinPE 2004


geitonaki

Recommended Posts

You can now modify setupldr.bin of the follwing windows:

  • Windows Server 2003 SP1
  • Windows XP Professional x64 Edition
  • Windows Server 2003 x64 Edition
  • Windows PE 2005

The setupldr.bin of the above versions is the same and has a checksum check built-in so when you try to modify it you get:

"NTLDR is corrupt. The system cannot boot."

In order to crack it:

  1. open it with your favorite hex editor
  2. goto hex address: 0x2060
  3. change "74 03" to "EB 1A"
  4. save it

I also uploaded it for your convenience at:

File is now attached so people don't have to wait for a download ~ Alanoll

Now you can replace:

  1. all occurrences of "i386", "I386" to "ABCD" (where ABCD is anything you want - 4 characters long)
  2. "\amd64", "\AMD64" to "\EFGHI" and
  3. "amd64\", "AMD64\" to "EFGHI\" (where EFGHI is anything you want - 5 characters long)

Do not replace all occurrences of "amd64" since some of them refer to a section of txtsetup.sif

In order to find what files need to be copied to the directories ABCD and EFGHI open command prompt, go to the directory you have txtsetup.sif and enter:

type TXTSETUP.SIF | findstr /r ",_[1-9] ,[1-9]_"

and copy the files listed there from I386 to ABCD and AMD64 to EFGHI.

For anyone curious, open the setupldr.bin with hiew, goto the above hex address and see the surrounding assembly code.

cracked_SETUPLDR_1_.BIN.zip

Edited by prathapml
Link to comment
Share on other sites


GREAT JOB!!!... one quick thing, when i go to the cmd prompt and typed in the above command, it lists all the files, but it starts with 'H'... since there are so many, i dont know what files are needed that start with a letter before 'H'.... could you post a .txt file with the needed files? thanks

Link to comment
Share on other sites

Do not replace all occurrences of "amd64" since some of them refer to a section of txtsetup.sif

Can someone tell me how to determine which one is which?

Or is it just the standalone "amd64" entries that reference the txtsetup.sif? (meaning no preceeding or trailing "\")

Edited by Jazkal
Link to comment
Share on other sites

ksecdd.sys   = 1,,,,,,_6,4,0,0,,1,4
ntdll.dll = 1,,,,,,_7,2,0,0,,1,2
kbdus.dll = 1,,,,,,_7,2,0,0,,1,2
drvmain.sdb = 1,,,,,,_3,60,0,0
kbddv.dll = 1,,,,,,_5,2,0,0,,1,2
kbdes.dll = 1,,,,,,_5,2,0,0,,1,2
kbdgae.dll = 1,,,,,,_5,2,0,0,,1,2
kbdgr1.dll = 1,,,,,,_5,2,0,0,,1,2
kbdit142.dll = 1,,,,,,_5,2,0,0,,1,2
kbdusl.dll = 1,,,,,,_5,2,0,0,,1,2
kbdusr.dll = 1,,,,,,_5,2,0,0,,1,2
kbdusx.dll = 1,,,,,,_5,2,0,0,,1,2
ntfs.sys = 1,,,,,,_6,4,0,0,,1,4
setupreg.hiv = 1,,,,,,_3,,3
spcmdcon.sys = 1,,,,,,_7,,3,3,,1,1
biosinfo.inf = 1,,,,,,_1,20,0,0,,1,1
wkbddv.dll=55,,,,,,_5,82,0,0,kbddv.dll,1,2
wkbdes.dll=55,,,,,,_5,82,0,0,kbdes.dll,1,2
wkbdgae.dll=55,,,,,,_5,82,0,0,kbdgae.dll,1,2
wkbdgr1.dll=55,,,,,,_5,82,0,0,kbdgr1.dll,1,2
wkbdit142.dll=55,,,,,,_5,82,0,0,kbdit142.dll,1,2
wkbdus.dll=55,,,,,,_7,82,0,0,kbdus.dll,1,2
wkbdusl.dll=55,,,,,,_5,82,0,0,kbdusl.dll,1,2
wkbdusr.dll=55,,,,,,_5,82,0,0,kbdusr.dll,1,2
wkbdusx.dll=55,,,,,,_5,82,0,0,kbdusx.dll,1,2
wntdll.dll=55,,,,,,_7,82,0,0,ntdll.dll,1,2
biosinfo.inf = 1,,,,,,_1,20,0,0,,1,1
ntdetect.com = 1,,,,,,_1,1,3,,,1,1
biosinfo.inf = 1,,,,,,_1,20,0,0,,1,1
wkbddv.dll=55,,,,,,_5,82,0,0,kbddv.dll,1,2
wkbdes.dll=55,,,,,,_5,82,0,0,kbdes.dll,1,2
wkbdgae.dll=55,,,,,,_5,82,0,0,kbdgae.dll,1,2
wkbdgr1.dll=55,,,,,,_5,82,0,0,kbdgr1.dll,1,2
wkbdit142.dll=55,,,,,,_5,82,0,0,kbdit142.dll,1,2
wkbdus.dll=55,,,,,,_7,82,0,0,kbdus.dll,1,2
wkbdusl.dll=55,,,,,,_5,82,0,0,kbdusl.dll,1,2
wkbdusr.dll=55,,,,,,_5,82,0,0,kbdusr.dll,1,2
wkbdusx.dll=55,,,,,,_5,82,0,0,kbdusx.dll,1,2
wntdll.dll=55,,,,,,_7,82,0,0,ntdll.dll,1,2

This is the output.... Though it doesn't say which filesgo into which directory...

Link to comment
Share on other sites

I guess we can use GOSH's method to obtain our BOOT folder... I did that a while ago and I got the following files from $WIN_NT$.~BT

<DIR>          system32
1394bus.sy_
acpi.sy_
acpiec.sy_
adpu160m.sy_
adpu320.sy_
aic78u2.sy_
aic78xx.sy_
aliide.sy_
amdide.sy_
arc.sy_
atapi.sy_
biosinfo.inf
BOOTSECT.DAT
bootvid.dl_
cdfs.sy_
cdrom.sy_
classpnp.sy_
cmdide.sy_
c_1252.nl_
c_437.nl_
dac960nt.sy_
disk.sy_
disk101
disk102
disk103
disk104
dmboot.sy_
dmio.sy_
dmload.sy_
dpti2o.sy_
drvmain.sdb
fastfat.sy_
fdc.sy_
flpydisk.sy_
ftdisk.sy_
hal.dl_
hidclass.sy_
hidparse.sy_
hidusb.sy_
i2omgmt.sy_
i2omp.sy_
i8042prt.sy_
iirsp.sy_
intelide.sy_
isapnp.sy_
kbdclass.sy_
kbdhid.sy_
kbdus.dll
kd1394.dl_
kdcom.dl_
ksecdd.sys
l_intl.nl_
migrate.inf
mountmgr.sy_
mraid35x.sy_
ntdetect.com
ntfs.sys
ntkrnlmp.ex_
ohci1394.sy_
oprghdlr.sy_
partmgr.sy_
pci.sy_
pciide.sy_
pciidex.sy_
pcmcia.sy_
ramdisk.sy_
sbp2port.sy_
scsiport.sy_
serenum.sy_
serial.sy_
setupdd.sy_
setupldr.bin
setupreg.hiv
sfloppy.sy_
spcmdcon.sys
spddlang.sy_
storport.sy_
symc810.sy_
symc8xx.sy_
symmpi.sy_
sym_hi.sy_
sym_u3.sy_
toside.sy_
txtsetup.sif
ultra.sy_
usbccgp.sy_
usbd.sy_
usbehci.sy_
usbhub.sy_
usbohci.sy_
usbport.sy_
usbstor.sy_
usbuhci.sy_
vga.sy_
vgaoem.fo_
viaide.sy_
videoprt.sy_
volsnap.sy_
watchdog.sy_
wd.sy_
winnt.sif
wmilib.sy_

102 File(s) 7,213,922 bytes

Edited by prathapml
Link to comment
Share on other sites

Do not replace all occurrences of "amd64" since some of them refer to a section of txtsetup.sif

Can someone tell me how to determine which one is which?

Or is it just the standalone "amd64" entries that reference the txtsetup.sif? (meaning no preceeding or trailing "\")

Exactly what you said!

Link to comment
Share on other sites

I guess we can use GOSH's method to obtain our BOOT folder... I did that a while ago and I got the following files from $WIN_NT$.~BT
*snip*

But which files go into which directory? We technically need 2 BT's now.... Don't we, or am I not grasping something...?

Edited by Nakatomi2010
Link to comment
Share on other sites

This is the output.... Though it doesn't say which filesgo into which directory...

The outpout you posted isn't complete. Each file goes to the respective directory from where you will find it. If you find it in I386 then copy it to ABCD, if you find it in AMD64 copy it to EFGHI.

I will post later if I have time a batch file that I have created which automatically creates the boot folders and modifies the necessary files.

Link to comment
Share on other sites

Well, hopefully this utterly and totally simplistic .bat file I made works...

I basically put 'copy' infront of everything and '<Directory here> behind everything, changing MOST, but not all, os the last characters to _... I matched it against a BT I got from a previous install.... And the out.txt file I got...

VERY simplistic batch file...

Edited by Nakatomi2010
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...