You are on page 1of 3

How to change Win2k Boot Logo:-

Author: Tabish Ali Rizvi (tab_here@hotmail.com)


Nick:- Neo

Disclaimer:
-----------
I will not accept any responsibility for ANY data loss if you attempt this
procedure on your own. This information is for educational and informational
purposes only! Use at your own risk!

Tools Required:
---------------
1."Resourse Hacker".( You can get it from astalavista.com)
2. Any "Image Editor"

Process:
--------
Process is divided in 13 steps. Simply follow the steps and change yr Win2k
boot logo as you want.

Step 1.
Make a copy of C:\WINNT\SYSTEM32\NTOSKRNL.EXE called KERNEL01.EXE and place
it in the C:\WINNT\SYSTEM32\ folder.

Step 2.
Get the "Resource Hacker",once you got it, then launch "ResHacker.exe".

Step 3.
Click "File", then "Open" (after launching the Reshakcer), and browse to
the C:\WinNT\System32\ directory. Open the file we just created in
the first step called KERNEL01.EXE

Step 4.
On the left-hand side of the screen, double-click on the word "Bitmap" and
then the number "1". Click the icon that reads "1033" and you should see the
Windows 2000 bootlogo on the right side of the screen.
Now Minimize the ResHacker and make yr own new image.

Step 5.
Using any image editor, create a Bitmap image that is 640 x 480 using 16
colors.I've found the easiest way to create an image is to take a copy the current
image and open it with Photoshop and then edit the top portion. Set the "mode" to
"indexed colors" and set the number of colors to 16. Save the file as a BMP file
with RLE Compression enabled and you're all set.

(Important! Do not deviate from 640x480 and 16 colors or your results may vary!
I've tried it with more colors, and all you'll see is a black screen during the
boot sequesnce, in place of the boot logo.)

Step 6.
Once you have created the image, save it somewhere on your drive taking note
of its location.

Step 7.
Within Resource Hacker, click on "Action", then "Replace Bitmap" and a new
window will pop-up at this point. Then click on the "Open file with new bitmap"
button and browse to the 16-color image you just created. It should look similar
to the prevoius picture on the right.

Step 8.
Once you have selected the file, click on the "Replace" button and you
should return to the "root" of Resource Hacker. Just for the hell of it, make sure
your change took effect.

Step 9.
Once everything looks good, click "File" then "Save".

Step 10.
Time for a quick recap of what we've done so far. We've made a copy of our
NTOSKRNL.EXE file and placed it in the C:\WINNT\SYSTEM32\ folder. The copy was
named KERNEL01.EXE and was opened using Resource Hacker. The bitmap resource image
for the boot logo was replaced with our own customized version, and the file was
saved.

Step 11.
Conceptually, the next step is to "tell Win2K to use the new KERNEL01.EXE
file when it boots, instead of it's normal NTOSKRNL.EXE file". We are going to do
this by modifying the BOOT.INI file which is located in the root of your C: drive.
The file is marked hidden and read-only by default so the first thing we should do
is turn off the read-only attribute. Do this by right clicking on the boot.ini
file and then clicking on properties. Uncheck the read-only box and click OK to
apply changes.

NOTE:- if you cannot find your boot.ini file, you probably have Windows Explorer
setup so that it cannot view hidden files. Correct this by

clicking on Tools and then Folder Options. Go to the View Tab and toggle the radio
button to Show Hidden Files and Folders.
Uncheck This Box: Hide protected Operating System files

Step 12.
We're now ready to open the BOOT.INI file and modify its contents. I've
listed below what my current BOOT.INI file looked like before any changes were
made to it. Yours should be somewhat similar.

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional"
/fastdetect

The line we're concerned with is the one under [operating systems] - this is the
line that NTLDR parses to determine the location of the operating system boot
partition. Make a copy of this line and paste is below the existing one. You
should also take a minute and make sure the timeout=X line under the [boot loader]
section has a value other than zero. This is the number of seconds that the boot
menu will be displayed, before it accepts the default value and continues. The
default value will be whatever is listed first under the [operating system]
section.
[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional"
/fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional"
/fastdetect

Modify the line directly below the [operating systems] heading, adding the
following switch to the end: /KERNEL=KERNEL01.EXE (KERNEL01.EXE is the name of the
file we modified in the previous steps) By doing this, we are telling NTLDR that
we want to boot our system using the specified Kernel file, instead of the default
NTOSKRNL file that is used when the /kernel= option does not exist. You should
also change the description on this line from "Microsoft Windows 2000
Professional" to something like "Microsoft Windows 2000 Hacked Logo" so you know
which option is which. Your boot.ini file should now look like this:

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Hacked Logo"
/fastdetect /kernel=kernel01.exe
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional"
/fastdetect

Before we save this file and move to the dreaded Step 13, let's recap what we've
done here just to make sure everything is right. We've opened up the boot.ini in
edit mode (with read-only turned off) and have made the following changes: the
timeout value is greater than zero, the default operating system line was copied
and modified to include the /kernel switch pointing to the modified file from the
previous steps. The original default operating system line was not changed in any
way, it was just "bumped down" a spot to make room for our new kernel file.

Step 13.
There really isn't much to Step 13, just reboot your system. You should be
prompted with a menu for a period of 3 seconds asking you which boot option you
would like: "The Hacked Logo" or the "Professional Boring" version. It should
default to "The Hacked Logo" version after those 3 seconds have expired, since it
resides at the top of the list. However should something go amuck and you've
totally screwed up your "Hacked Logo" kernel file by using a 16-bit color bitmap
image, instead of a 16 color image, you can still boot your system up using the
original kernel file by choosing the second option on the menu. That's why is was
so important to not make any changes to that line.

Now Enjoyed the Hack Logo.

Author: Tabish Ali Rizvi (tab_here@hotmail.com)


Nick:- Neo