[工具] 旧版 BIOS Boot Manager 编辑器
此文章由原博客迁移而来。
原文地址:https://blog.betaworld.cn/788
原作者:BetaRookie
以下为本文正文部分。
终于有时间编写了一个旧版 BIOS Boot Manager 编辑器。在旧版 BIOS Boot Manager 变得太大而无法装入 640kb 的初始内存后,Microsoft 开始压缩它,如果您出于任何原因想修改它,那会很烦人。
压缩并不是最糟糕的事情。一个压缩的 Boot Manager 可以分为 4 个部分 – 16 位加载程序、数据位置结构、PE stub 和压缩的数据。有一些工具可以帮助您重新压缩数据,但它们都无法纠正 PE stub 的 PE 校验和。这意味着即使您重新压缩修改后的 Boot Manager,Windows 安装程序也会拒绝安装它,因为它没有有效的校验和。
这是我的 Boot Manager 编辑器,它允许您提取和替换 16 位加载程序、PE stub 和实际的 Boot Manager 可执行文件,您还可以用它从头开始创建一个压缩的 Boot Manager。
Windows 8 之前的 Boot Manager 使用 LZNT1 压缩,Windows 8 之后的 Boot Manager 使用 Xpress Huffman 压缩。您可以更改压缩格式,但也需要更改 16 位加载程序,因为它是在内存中解压缩 Boot Manager 可执行文件的。
当您保存编辑过的 Boot Manager 时,它会自动为您更正 PE stub 的 PE 校验和。使用此工具,您现在可以轻松地修补 flightsigned Windows 10 版本,以在传统 BIOS 模式下引导 – 修补提取的 bootmgr.exe,与修补 bootmgr.efi 的方法相同,然后使用编辑器将原始可执行文件替换为修补后的可执行文件。
此工具目前仍在 WIP 中,因此如果您遇到错误,请确保将其报告给我。顺便说一句,它只能在 Windows 8+ 上(正确)运行,因为 Windows 7 没有所有所需的 API。
Finally got the time to write a legacy BIOS Boot Manager editor. Microsoft started compressing legacy BIOS Boot Managers after it got too big to fit into the 640kb of initial memory, and it’s quite annoying if you want to modify it for whatever reason.
The compression isn’t the worst thing. A compressed Boot Manager can be split into 4 sections – 16-bit loader, data location structure, PE stub and compressed buffer. There are tools out there to help you to recompress the buffer, but none of them can correct the PE checksum of the PE stub. This means even if you recompress your modified Boot Manager, Windows Setup will refuse to install it because it does not have a valid checksum.
So here is my Boot Manager editor, it allows you to extract and replace the 16-bit loader, the PE stub and the actual Boot Manager executable, and you can also create a compressed Boot Manager from scratch with it.
Pre-Windows 8 Boot Managers used LZNT1 compression, and post-Windows 8 Boot Managers use Xpress Huffman compression. You can change the compression format, but you’ll also need to change the 16-bit loader since it is what decompresses the Boot Manager executable in memory.
When you save the edited Boot Manager, it’ll automatically correct the PE checksum of the PE stub for you. With this tool you can now easily patch flightsigned Windows 10 builds to boot in legacy BIOS mode – patch the extracted bootmgr.exe in the same way as you patch bootmgr.efi, and then use the editor to replace the original executable with your patched executable.
This tool is currently still WIP, so if you encounter bugs make sure you report them to me. It will only run (correctly) on Windows 8+ by the way, because Windows 7 does not have all the APIs required.