|
|
之前迷离大大的修改方法:http://bbs.wuyou.net/forum.php?mod=viewthread&tid=211314&extra=page%3D1
====================我是分割线============================================
刚才跟迷离大大在QQ里问了一下对于PRE-M3 6.2.7955.0以后的BOOTMGR怎么破解,他说老外已经有新的工具了,但是不知道怎么用。
下面附上迷离大大的说明图片
老外论坛的地址:
http://reboot.pro/files/file/188-bootmgr-recompiler/
帖子:http://reboot.pro/16824/、
附上一部分帖子内容:
In Windows 8 many things changed, including bootmgr. Previously, bootmgr was compressed with lznt1, but is now compressed withXpress Huffman. I have previously described how to modify the Windows 7 and previous versions:http://reboot.pro/fi...ls-bootmgrntfs/
For the new compression I made a separate program;http://www.mediafire...3d3jb8a9f13dytr(outdated)
Update version 2, 20.05.12: A program to recompile bootmgr.exe into bootmgr, ready for booting:http://reboot.pro/fi...mgr-recompiler/or[url=http://www.mediafire...d9pyrn578bvxbww]http://www.mediafire...d9pyrn578bvxbww[/url]
It uses RtlCompressBuffer and RtlGetCompressionWorkSpaceSize in ntdll.dll. The parameters are supplied through an inputbox, and is the CompressionFormatAndEngine bitmask. It can be supplied in decimal or in hex (prefixed with 0x). Obviously, you must run the attached program in Windows 8, unless you just want compression with LZNT1. Explanation of the possible valid parameters:
COMPRESSION_FORMAT_NONE=0x0000 COMPRESSION_FORMAT_DEFAULT=0x0001 COMPRESSION_FORMAT_LZNT1=0x0002 COMPRESSION_FORMAT_XPRESS=0x0003 COMPRESSION_FORMAT_XPRESS_HUFF=0x0004 COMPRESSION_ENGINE_STANDARD=0x0000 COMPRESSION_ENGINE_MAXIMUM=0x0100
So to compress with Xpress Huffman supply either 260 or 0x104.
Basic structure of bootmgr:
1.16-bit stubwithcode to unpack,evaluateandexecute the compressed part.About2xKB. 2.A16bytesectionwithsome information that the16-bit stub evaluates 3.A tiny8192bytePE image,withunknownfunction.It's content is not evaluated. 4. The compressed 32-bit executable bootmgr.exe
This is in accordance with previous versions, but with the main difference being the compression engine used on the 32-bit executable. Another small difference is the small section right before the tiny PE image. Take a look at this image:
工具的一部分图片:
这个好像是工具说明:
BOOTMGR Recompiler
This tool takes bootmgr.exe and creates bootmgr ready for booting. You can choose between compression method LZNT1 and XpressHuffman. You can also choose which library to use for the compression, either MSCompression.dll an excellent library by Jeffrey Bush, or the Windows shipped ntdll.dll. Note that ntdll.dll supports LZNT1 on any Windows version, whereas XpressHuffman support is only present on ntdll.dll on Windows 8. You can however copy ntdll.dll from Windows 8 and to XP/Vista etc (to same directory as this tool), to overcome this. The MSCompression.dll library supports both methods, and is included in this download. But currently I had some issues with the 32-bit compiled version of this library, so the option on x86 arch OS is to use ntdll.dll. The tool also performs some basic PE testing, and for instance optionally corrects the PE checksum if found incorrect. It does not matter which version of bootmgr.exe you choose or compression method. All generated bootmgr combinations should work fine. The XpressHuffman compressed ones, are much smaller in size than the LZNT1 ones, because of better compression ratio.
Structure of BOOTMGR
1. 16-bit stub with code to unpack, evaluate and execute the compressed part. About 2x KB.
2. A 16 byte section with some information that the 16-bit stub evaluates.
3. A tiny 8192 byte PE image, with unknown function. It's content is not evaluated.
4. The compressed 32-bit executable bootmgr.exe
The 16 byte sectioncontains these values:
byte 1-4: a signature.
byte 5-8: the compressed size of bootmgr.exe.
byte 9-12: the uncompressed size of bootmgr.exe.
byte 13-16: the relative offset to the compressed data calculated from the start of this section (ie the signature).
More detailed information connected to this topic that you may find useful:
http://reboot.pro/16824/
http://reboot.pro/fi...ls-bootmgrntfs/
http://www.sevenforu...indows-7-a.html
MSCompression
https://github.com/c...ife/ms-compress
The included program is a frontend for the library, and strictly not used with the above application. I just included it, since the library is included, in case someone needed it. It's a commandline compressor/decompressor supporting. The library supports these compression methods;
COMPRESSION_NONE=0 COMPRESSION_LZX=1 COMPRESSION_LZNT1=2 COMPRESSION_XPRESS=3 COMPRESSION_XPRESS_HUFF=4
The MSCompression library has a slightly better compression ratio than ntdll.dll when using XpressHuffman
由于迷离大大很忙,所以有可能他没有时间发破解修改的方法
再次附上地址。。。
http://reboot.pro/files/file/188-bootmgr-recompiler/
http://reboot.pro/16824/
有能力的去搞定吧。。我这里没WIN8
更新下,迷离大大说这段到底是怎么修改的:
- At VA 401263 change these 6 bytes:
- 0f8862020000 -> 909090909090
- At VA 42935e change these 2 bytes:
- 7415 -> eb15
[ 本帖最后由 一只猴子 于 2012-8-8 23:03 编辑 ] |
|
[复制链接]
IP卡
狗仔卡
发表于 2012-8-8 22:42:35
收藏
支持
反对
提升卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
楼主
