老外出了新的WIN8 BOOTMGR解压工具，有谁试一下 - 无忧启动论坛

In Windows 8 many things changed, including bootmgr. Previously, bootmgr was compressed with lznt1, but is now compressed withXpress Huffman. I have previously described how to modify the Windows 7 and previous versions:http://reboot.pro/fi...ls-bootmgrntfs/
For the new compression I made a separate program;http://www.mediafire...3d3jb8a9f13dytr(outdated)
Update version 2, 20.05.12: A program to recompile bootmgr.exe into bootmgr, ready for booting:http://reboot.pro/fi...mgr-recompiler/or[url=http://www.mediafire...d9pyrn578bvxbww]http://www.mediafire...d9pyrn578bvxbww[/url]
It uses RtlCompressBuffer and RtlGetCompressionWorkSpaceSize in ntdll.dll. The parameters are supplied through an inputbox, and is the CompressionFormatAndEngine bitmask. It can be supplied in decimal or in hex (prefixed with 0x). Obviously, you must run the attached program in Windows 8, unless you just want compression with LZNT1. Explanation of the possible valid parameters:
COMPRESSION_FORMAT_NONE=0x0000 COMPRESSION_FORMAT_DEFAULT=0x0001 COMPRESSION_FORMAT_LZNT1=0x0002 COMPRESSION_FORMAT_XPRESS=0x0003 COMPRESSION_FORMAT_XPRESS_HUFF=0x0004 COMPRESSION_ENGINE_STANDARD=0x0000 COMPRESSION_ENGINE_MAXIMUM=0x0100
So to compress with Xpress Huffman supply either 260 or 0x104.
Basic structure of bootmgr:
1.16-bit stubwithcode to unpack,evaluateandexecute the compressed part.About2xKB. 2.A16bytesectionwithsome information that the16-bit stub evaluates 3.A tiny8192bytePE image,withunknownfunction.It's content is not evaluated. 4. The compressed 32-bit executable bootmgr.exe
This is in accordance with previous versions, but with the main difference being the compression engine used on the 32-bit executable. Another small difference is the small section right before the tiny PE image. Take a look at this image:

BOOTMGR Recompiler
This tool takes bootmgr.exe and creates bootmgr ready for booting. You can choose between compression method LZNT1 and XpressHuffman. You can also choose which library to use for the compression, either MSCompression.dll an excellent library by Jeffrey Bush, or the Windows shipped ntdll.dll. Note that ntdll.dll supports LZNT1 on any Windows version, whereas XpressHuffman support is only present on ntdll.dll on Windows 8. You can however copy ntdll.dll from Windows 8 and to XP/Vista etc (to same directory as this tool), to overcome this. The MSCompression.dll library supports both methods, and is included in this download. But currently I had some issues with the 32-bit compiled version of this library, so the option on x86 arch OS is to use ntdll.dll. The tool also performs some basic PE testing, and for instance optionally corrects the PE checksum if found incorrect. It does not matter which version of bootmgr.exe you choose or compression method. All generated bootmgr combinations should work fine. The XpressHuffman compressed ones, are much smaller in size than the LZNT1 ones, because of better compression ratio.

Structure of BOOTMGR
1. 16-bit stub with code to unpack, evaluate and execute the compressed part. About 2x KB.
2. A 16 byte section with some information that the 16-bit stub evaluates.
3. A tiny 8192 byte PE image, with unknown function. It's content is not evaluated.
4. The compressed 32-bit executable bootmgr.exe

The 16 byte sectioncontains these values:
byte 1-4: a signature.
byte 5-8: the compressed size of bootmgr.exe.
byte 9-12: the uncompressed size of bootmgr.exe.
byte 13-16: the relative offset to the compressed data calculated from the start of this section (ie the signature).

More detailed information connected to this topic that you may find useful:
http://reboot.pro/16824/
http://reboot.pro/fi...ls-bootmgrntfs/
http://www.sevenforu...indows-7-a.html

MSCompression
https://github.com/c...ife/ms-compress
The included program is a frontend for the library, and strictly not used with the above application. I just included it, since the library is included, in case someone needed it. It's a commandline compressor/decompressor supporting. The library supports these compression methods;
COMPRESSION_NONE=0 COMPRESSION_LZX=1 COMPRESSION_LZNT1=2 COMPRESSION_XPRESS=3 COMPRESSION_XPRESS_HUFF=4
The MSCompression library has a slightly better compression ratio than ntdll.dll when using XpressHuffman