Solution for multibooting Win XP/2k3 64-Bit, Win2k3 SP1, WinPE 2004

**geitonaki** · October 17, 2005

You can now modify setupldr.bin of the follwing windows:

Windows Server 2003 SP1
Windows XP Professional x64 Edition
Windows Server 2003 x64 Edition
Windows PE 2005

The setupldr.bin of the above versions is the same and has a checksum check built-in so when you try to modify it you get:

"NTLDR is corrupt. The system cannot boot."

In order to crack it:

open it with your favorite hex editor
goto hex address: 0x2060
change "74 03" to "EB 1A"
save it

I also uploaded it for your convenience at:

File is now attached so people don't have to wait for a download ~ Alanoll

Now you can replace:

all occurrences of "i386", "I386" to "ABCD" (where ABCD is anything you want - 4 characters long)
"\amd64", "\AMD64" to "\EFGHI" and
"amd64\", "AMD64\" to "EFGHI\" (where EFGHI is anything you want - 5 characters long)

Do not replace all occurrences of "amd64" since some of them refer to a section of txtsetup.sif

In order to find what files need to be copied to the directories ABCD and EFGHI open command prompt, go to the directory you have txtsetup.sif and enter:

type TXTSETUP.SIF | findstr /r ",_[1-9] ,[1-9]_"

and copy the files listed there from I386 to ABCD and AMD64 to EFGHI.

For anyone curious, open the setupldr.bin with hiew, goto the above hex address and see the surrounding assembly code.

cracked_SETUPLDR_1_.BIN.zip

Edited January 28, 2006 by prathapml

**amd64lover** · October 17, 2005

GREAT JOB!!!... one quick thing, when i go to the cmd prompt and typed in the above command, it lists all the files, but it starts with 'H'... since there are so many, i dont know what files are needed that start with a letter before 'H'.... could you post a .txt file with the needed files? thanks

**geitonaki** · October 17, 2005

You can save the output like below:

type TXTSETUP.SIF | findstr /r ",_[1-9] ,[1-9]_" > c:\out.txt

**Jazkal** · October 17, 2005

Do not replace all occurrences of "amd64" since some of them refer to a section of txtsetup.sif

Can someone tell me how to determine which one is which?

Or is it just the standalone "amd64" entries that reference the txtsetup.sif? (meaning no preceeding or trailing "\")

Edited October 17, 2005 by Jazkal

**amd64lover** · October 17, 2005

replace these, "\AMD64" & "AMD64\" & "\amd64" & "amd64\" (without the "" marks)

Edited October 17, 2005 by amd64lover

**Nakatomi2010** · October 17, 2005

ksecdd.sys   = 1,,,,,,_6,4,0,0,,1,4
ntdll.dll	= 1,,,,,,_7,2,0,0,,1,2
kbdus.dll	= 1,,,,,,_7,2,0,0,,1,2
drvmain.sdb  = 1,,,,,,_3,60,0,0
kbddv.dll	= 1,,,,,,_5,2,0,0,,1,2
kbdes.dll	= 1,,,,,,_5,2,0,0,,1,2
kbdgae.dll   = 1,,,,,,_5,2,0,0,,1,2
kbdgr1.dll   = 1,,,,,,_5,2,0,0,,1,2
kbdit142.dll = 1,,,,,,_5,2,0,0,,1,2
kbdusl.dll   = 1,,,,,,_5,2,0,0,,1,2
kbdusr.dll   = 1,,,,,,_5,2,0,0,,1,2
kbdusx.dll   = 1,,,,,,_5,2,0,0,,1,2
ntfs.sys	 = 1,,,,,,_6,4,0,0,,1,4
setupreg.hiv = 1,,,,,,_3,,3
spcmdcon.sys = 1,,,,,,_7,,3,3,,1,1
biosinfo.inf = 1,,,,,,_1,20,0,0,,1,1
wkbddv.dll=55,,,,,,_5,82,0,0,kbddv.dll,1,2
wkbdes.dll=55,,,,,,_5,82,0,0,kbdes.dll,1,2
wkbdgae.dll=55,,,,,,_5,82,0,0,kbdgae.dll,1,2
wkbdgr1.dll=55,,,,,,_5,82,0,0,kbdgr1.dll,1,2
wkbdit142.dll=55,,,,,,_5,82,0,0,kbdit142.dll,1,2
wkbdus.dll=55,,,,,,_7,82,0,0,kbdus.dll,1,2
wkbdusl.dll=55,,,,,,_5,82,0,0,kbdusl.dll,1,2
wkbdusr.dll=55,,,,,,_5,82,0,0,kbdusr.dll,1,2
wkbdusx.dll=55,,,,,,_5,82,0,0,kbdusx.dll,1,2
wntdll.dll=55,,,,,,_7,82,0,0,ntdll.dll,1,2
biosinfo.inf = 1,,,,,,_1,20,0,0,,1,1
ntdetect.com = 1,,,,,,_1,1,3,,,1,1
biosinfo.inf = 1,,,,,,_1,20,0,0,,1,1
wkbddv.dll=55,,,,,,_5,82,0,0,kbddv.dll,1,2
wkbdes.dll=55,,,,,,_5,82,0,0,kbdes.dll,1,2
wkbdgae.dll=55,,,,,,_5,82,0,0,kbdgae.dll,1,2
wkbdgr1.dll=55,,,,,,_5,82,0,0,kbdgr1.dll,1,2
wkbdit142.dll=55,,,,,,_5,82,0,0,kbdit142.dll,1,2
wkbdus.dll=55,,,,,,_7,82,0,0,kbdus.dll,1,2
wkbdusl.dll=55,,,,,,_5,82,0,0,kbdusl.dll,1,2
wkbdusr.dll=55,,,,,,_5,82,0,0,kbdusr.dll,1,2
wkbdusx.dll=55,,,,,,_5,82,0,0,kbdusx.dll,1,2
wntdll.dll=55,,,,,,_7,82,0,0,ntdll.dll,1,2

This is the output.... Though it doesn't say which filesgo into which directory...

**Incroyable HULK** · October 17, 2005

I guess we can use GOSH's method to obtain our BOOT folder... I did that a while ago and I got the following files from $WIN_NT$.~BT

<DIR>          system32
1394bus.sy_
acpi.sy_
acpiec.sy_
adpu160m.sy_
adpu320.sy_
aic78u2.sy_
aic78xx.sy_
aliide.sy_
amdide.sy_
arc.sy_
atapi.sy_
biosinfo.inf
BOOTSECT.DAT
bootvid.dl_
cdfs.sy_
cdrom.sy_
classpnp.sy_
cmdide.sy_
c_1252.nl_
c_437.nl_
dac960nt.sy_
disk.sy_
disk101
disk102
disk103
disk104
dmboot.sy_
dmio.sy_
dmload.sy_
dpti2o.sy_
drvmain.sdb
fastfat.sy_
fdc.sy_
flpydisk.sy_
ftdisk.sy_
hal.dl_
hidclass.sy_
hidparse.sy_
hidusb.sy_
i2omgmt.sy_
i2omp.sy_
i8042prt.sy_
iirsp.sy_
intelide.sy_
isapnp.sy_
kbdclass.sy_
kbdhid.sy_
kbdus.dll
kd1394.dl_
kdcom.dl_
ksecdd.sys
l_intl.nl_
migrate.inf
mountmgr.sy_
mraid35x.sy_
ntdetect.com
ntfs.sys
ntkrnlmp.ex_
ohci1394.sy_
oprghdlr.sy_
partmgr.sy_
pci.sy_
pciide.sy_
pciidex.sy_
pcmcia.sy_
ramdisk.sy_
sbp2port.sy_
scsiport.sy_
serenum.sy_
serial.sy_
setupdd.sy_
setupldr.bin
setupreg.hiv
sfloppy.sy_
spcmdcon.sys
spddlang.sy_
storport.sy_
symc810.sy_
symc8xx.sy_
symmpi.sy_
sym_hi.sy_
sym_u3.sy_
toside.sy_
txtsetup.sif
ultra.sy_
usbccgp.sy_
usbd.sy_
usbehci.sy_
usbhub.sy_
usbohci.sy_
usbport.sy_
usbstor.sy_
usbuhci.sy_
vga.sy_
vgaoem.fo_
viaide.sy_
videoprt.sy_
volsnap.sy_
watchdog.sy_
wd.sy_
winnt.sif
wmilib.sy_

102 File(s)      7,213,922 bytes

Edited January 28, 2006 by prathapml

**geitonaki** · October 17, 2005

Do not replace all occurrences of "amd64" since some of them refer to a section of txtsetup.sif
Can someone tell me how to determine which one is which?
Or is it just the standalone "amd64" entries that reference the txtsetup.sif? (meaning no preceeding or trailing "\")

Exactly what you said!

**Nakatomi2010** · October 17, 2005

I guess we can use GOSH's method to obtain our BOOT folder... I did that a while ago and I got the following files from $WIN_NT$.~BT
*snip*

But which files go into which directory? We technically need 2 BT's now.... Don't we, or am I not grasping something...?

Edited October 17, 2005 by Nakatomi2010

**geitonaki** · October 17, 2005

This is the output.... Though it doesn't say which filesgo into which directory...

The outpout you posted isn't complete. Each file goes to the respective directory from where you will find it. If you find it in I386 then copy it to ABCD, if you find it in AMD64 copy it to EFGHI.

I will post later if I have time a batch file that I have created which automatically creates the boot folders and modifies the necessary files.

**Nakatomi2010** · October 17, 2005

How do I get the complete listing?

**amd64lover** · October 17, 2005

go to a command prompt and navigate to the directory where the txtsetup.sif file is and copy/paste the following.... 'type TXTSETUP.SIF | findstr /r ",_[1-9] ,[1-9]_" > c:\out.txt' (geitonaki stated this on the first page)

**Nakatomi2010** · October 17, 2005

Nevermind, I must've typed it wrong the first time...

Edited October 17, 2005 by Nakatomi2010

**amd64lover** · October 17, 2005

open the file 'c:\out.txt'... itll have the complete list in there

**Nakatomi2010** · October 17, 2005

Well, hopefully this utterly and totally simplistic .bat file I made works...

I basically put 'copy' infront of everything and '<Directory here> behind everything, changing MOST, but not all, os the last characters to _... I matched it against a BT I got from a previous install.... And the out.txt file I got...

VERY simplistic batch file...

Edited October 17, 2005 by Nakatomi2010

Sign In

Solution for multibooting Win XP/2k3 64-Bit, Win2k3 SP1, WinPE 2004

Recommended Posts

geitonaki

amd64lover

geitonaki

Jazkal

amd64lover

Nakatomi2010

Incroyable HULK

geitonaki

Nakatomi2010

geitonaki

Nakatomi2010

amd64lover

Nakatomi2010

amd64lover

Nakatomi2010

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Activity

Browse