gosh Posted October 7, 2003 Share Posted October 7, 2003 When you boot your xp computer one of the first things you see is the XP logo. This resource is in the xp kernel file, ntoskrnl.exe. Some people like to modify this to have there own custom boot logo. The tradional way to integrate a custom kernel is to first cab it (makecab ntoskrnl.exe), then put it in the i386 folder. This works, but it has some limitations. Below is my way of integrating a custom kernel, and the benefits of using my method.First, download my custom kernel file here . As you will notice, i renamed ntoskrnl.exe to oemkrnl.exe.Next, make an $OEM$ folder. Place the $OEM$ folder parallel to i386 folder if youre install locally. Place $OEM$ folder under i386 folder if installing from CD.Under the $OEM$ folder make a folder called $$. In the $$ folder make a folder called System32. In this folder, place oemkrnl.exeNow in cmdlines.txt or the GuiRunOnce section of your unattend file, put this:bootcfg /RAW /A /Kernel=OEMKrnl.exe /ID 1bootcfg /Timeout 0In your unattend file, make sure you have this:[unattended] UnattendMode=FullUnattended OemPreinstall=Yes OemSkipEula=YesSo here's what happens. When you install XP, it copies the $OEM$\$$\System32 folder to %windir%\system32. This places oemkrnl.exe into your system32 folder. Then when setup processes cmdlines.txt or your unattend file, it adds the switch /kernel=oemkrnl.exe to your boot.ini. Now when you boot up, you'll see the custom kernel.So why do all this when you can just put your ntoskrnl.exe into the i386 folder? Several reasons:1 - If you install a windows update that has a newer version of ntosrknl.exe, it'll replace your customized ntoskrnl.exe file. The only fix would be to resource edit the new ntoskrnl.exe. This isn't very practical when you consider there have been at least 4 kernel updates to xp since sp1 was released. Using my method, the custom ntoskrnl.exe is ALWAYS used, even if you do windows update.2 - If you need to install a service pack, all you do is delete the /kernel= part in your boot.ini. If you integrated a custom ntoskrnl.exe file, you would have to use the switch -o to install a service pack. My method is more service pack friendly.Note: Over time i have found a bug with bootcfg. If you are dual booting, it sometimes edits the wrong line in the boot.ini. I firmly feel that this is a bug in bootcfg, not my coding.Also, bootcfg.exe is only included in xp pro, but you could probably use it in xp home. (bootcfg.exe is different from the bootcfg command in recovery console)-gosh Link to comment Share on other sites More sharing options...
demlak Posted October 7, 2003 Share Posted October 7, 2003 1 - If you install a windows update that has a newer version of ntosrknl.exe, it'll replace your customized ntoskrnl.exe file. The only fix would be to resource edit the new ntoskrnl.exe. This isn't very practical when you consider there have been at least 4 kernel updates to xp since sp1 was released. Using my method, the custom ntoskrnl.exe is ALWAYS used, even if you do windows update.don´t u think, that there is a reason for replacing the kernel file by hotfix/SP? the file is replaced because of security/fix issues.. so please don´t tell the community to ignore those fixes. maybe it´s uncomfortable to resource edit the file after each patch/fix.. but that´s better then an unsecure/unfixed system! Link to comment Share on other sites More sharing options...
DMX Posted October 7, 2003 Share Posted October 7, 2003 thanks a lot for the guide i have tried sometime ago to do this but by copying ntsokrnl.exe with the hel of a cmd file and it didn't work. also to initiallise the boot timeout to zero(i know it sounds stupid) i copied with a batch file an edited boot.ini file Link to comment Share on other sites More sharing options...
neophyte Posted October 7, 2003 Share Posted October 7, 2003 Doesn't the $OEM$ folder get placed in the root of the distribution source when using a CD?I've tried it as a sub folder of i386, but it just doesn't work. Link to comment Share on other sites More sharing options...
gosh Posted October 7, 2003 Author Share Posted October 7, 2003 To demlak:As you see, i don't delete the original ntoskrnl.exe. When you install a security fix, it updates ntoskrnl.exe fine. Any security issue with ntoskrnl.exe is going to be a local security issue. In other words, the only way someone is going to hack you with a security hole in ntoskrnl.exe is by having physical access to your computer. No one can hack you over the internet using a security hole in ntoskrnl.exe. I've used a custom ntoskrnl.exe for about a year and never been hacked.My post is like any post on this site, if you don't like it don't do it. My method does not let people get hacked, like i said you need physical access to a computer to hack someone with ntoskrnl.exe. And let's face it, if someone has physical access to your computer they already have you.To DMX:The method i described works. The install i have at home uses a custom boot logo.To neophyte:I don't remember off hand where it goes. Just copy the $OEM$ folder to the root of cd and under i386.-gosh Link to comment Share on other sites More sharing options...
demlak Posted October 7, 2003 Share Posted October 7, 2003 should i laugh or not?1. who cares if u delete the ntoskrnl or not? if it´s updated or not? your SYSTEM do NOT care, because u said your system to NOT USE this file. so this file is unnecessary/not in use. which logicaly means, you are using an outdated file, with security holes. if these holes wide enough to hack the system is not part of my knowledge, but there is definitly a file in use which should be updated.2. if u haven´t been hacked, congrats.. 3. My post is like any post on this site, if you don't like it don't do ityour right.. that´s like the world works.. like the internet works.. everyone is free and can do what he wants.. BUT, when u say tips to newbies without needed security info,then please accept a correction/adding of the info.sorry, my english is very bad.. i don´t know, if i was able to tell detailed enough what i meant Link to comment Share on other sites More sharing options...
gosh Posted October 7, 2003 Author Share Posted October 7, 2003 Why don't you blow a nonissue into a big deal? Go out and take a walk or something, r-e-l-a-x. As far as i can see, you're the only one who has a problem with my method.-gosh Link to comment Share on other sites More sharing options...
edg21 Posted October 8, 2003 Share Posted October 8, 2003 Doesn't the $OEM$ folder get placed in the root of the distribution source when using a CD?I've tried it as a sub folder of i386, but it just doesn't work.Yes, you place it in the root of the cd. Link to comment Share on other sites More sharing options...
demlak Posted October 8, 2003 Share Posted October 8, 2003 Why don't you blow a nonissue into a big deal? Go out and take a walk or something, r-e-l-a-x. As far as i can see, you're the only one who has a problem with my method.i don´t have a problem with your method.. but i have a problem when people tell newbies tips, without telling security issues on these tips.. like u did.sorry, i don´t want to offend you, i just want that the newbies see, that this method is a security risk and that thi should be also said by you. Link to comment Share on other sites More sharing options...
Paul 365 Posted October 9, 2003 Share Posted October 9, 2003 There is another issue to this.If you are using a cpu with HyperThreading, setup builds a different kernel than the default one.If you replace it using this method and you have a HyperThreading cpu your computer will not start on the reboot after the guirunonce section has customized the boot process.Please note that this is only a working theory based on the following.I have a unattended cd that uses this exact method to replace the kernel and have used it 100's of times. When I built my first PC with a HyperThreading cpu it refused to start after the above method had been done.After spending a few minutes checking I found the ntoskrnl to be different than the one I had modified. I did a few compares with "blind Compare" to confirm this and then removed the offending command from the boot.ini and it booted up fine.If anyone can offer any more info on this I would be grateful Link to comment Share on other sites More sharing options...
Klaassh Posted October 9, 2003 Share Posted October 9, 2003 If you are using a cpu with HyperThreading, setup builds a different kernel than the default one.If anyone can offer any more info on this I would be gratefulTherre are actually 4 versions of the kernelntoskrnl.exeUniprocessor x86 architecture systems with 4 GB of physical memory or less.ntkrnlpa.exeUniprocessor x86 architecture systems with PAE support.ntkrnlmp.exeMultiprocessor x86 architecture systems with 4 GB of physical memory or less.ntkrpamp.exeMultiprocessor x86 architecture systems with PAE support. Link to comment Share on other sites More sharing options...
Paul 365 Posted October 9, 2003 Share Posted October 9, 2003 Thanks Klaassh.Does it switch to the PAE supported version if you go above 4GB ? (not that most of us have to worry about thet ) Link to comment Share on other sites More sharing options...
Klaassh Posted October 9, 2003 Share Posted October 9, 2003 Thanks Klaassh.Does it switch to the PAE supported version if you go above 4GB ? (not that most of us have to worry about thet )Not got 4gig to test with, but I would say it would be automatic like the multiprocessor one is in our case (hyperthreaded anyway) Link to comment Share on other sites More sharing options...
demlak Posted October 10, 2003 Share Posted October 10, 2003 btw, if u turn on logging on some resource editors, or use the scripting function of resource hacker, you are able to reproduce your hacks in a few seconds on new files.. as i told several times, take a look at this and this site if u are interested in resource hacking/editing,..maybee this was half-offtopic =) Link to comment Share on other sites More sharing options...
b0r3d Posted October 16, 2003 Share Posted October 16, 2003 @goshI seem to have nothing but problems when using your method listed above. Perhaps im just retarted or possibly slightly mentally handicapped, but i tried it, and it simply doesnt work.When i add these lines to the GUIRunOnce section of my winnt.sif file:bootcfg /RAW /A /Kernel=OEMKrnl.exe /ID 1bootcfg /Timeout 0The CD wont boot, telling me there is an error on these two lines.If i rem these two lines out, it boots fine.Your suggestions on the matter would be appreciated. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now