Replace the theme under normal Windows I believe everyone will, but the use of the desktop theme in PE should not have seen it. Let's take a look at the next steps.
First look at the principle: Winlogon startup after initialization of some global variables, detection hkey_local_machinesystemsetup under the systemsetupinprogress is zero, if it is normal to start, if 1, When the system service Samss is started, tell it not to manage the SAM database, start some of the necessary services, such as Services,lsass, and then start hkey_local_machinesystemsetup the program specified by CmdLine, waiting for the program to end , reboot or shutdown. If systemsetupinprogress = 1, then invoke MSgina.DLL login XP after initializing the system service. MSgina.Dll calls SHsvcs.Dll to generate a themesstartevent system-level event when initialized, the code is as follows:
#define Themewatchforstart_ordinal 1
#define Themewaitforserviceready_ordinal 2
typedef DWORD (_stdcall *pfn_themewaitforserviceready) (DWORD dwtimeout);
typedef BOOL (_stdcall *pfn_themewatchforstart) (void);
Hmodule Hshsvcs = LoadLibrary (_t ("Shsvcs.dll"));
if (Hshsvcs!= NULL)
{
Pfn_themewaitforserviceready pfthemewait
= (Pfn_themewaitforserviceready) GetProcAddress (Hshsvcs, (LPCSTR) themewaitforserviceready_ordinal);
Pfn_themewatchforstart Pfthemewatch
= (Pfn_themewatchforstart) GetProcAddress (Hshsvcs, (LPCSTR) themewatchforstart_ordinal);
if (pfthemewait!= NULL &&
Pfthemewatch!= NULL)
{
Pfthemewait (1000);
Pfthemewatch ();
}
CloseHandle (Hshsvcs);
}
The classmate said: "The systemsetupinprogress directly to the 0 can not get!"
Lsass told you: "Blocked!
I told you: "We can change the Winlogon, let it start Msgina or directly call Shsvcs on the line." ”
The Themesstartevent incident is out, how?
That's because there's another guy messing around: SXS. Dll. He would use the Fusionpareweinossetupmode function to determine whether the systemsetupinprogress was zero when the system asked it to call the specified DLL, and if 1, it would tell the system: "My what ... Let's have a rest later. ”
However, to achieve themes, the system needs it to find the right ComCtl32.Dll.
You can modify it, but where is the appropriate DLL?
This concept is introduced from the GAC of the Microsoft. NET Framework. Whenever an application requires an appropriate DLL, the system invokes SXS.Dll in the%systemroot%winsxs
folder, and when there are multiple identical files, it looks at c:windowswinsxsmanifests to invoke the corresponding file in the C:windowswinsxspolicies rule.
———————————————————————————————————————————————————
Hands on:
1. Enabling themes requires the following files: Modified version of the Winlogon call Msgina.Dll or directly modify Minlogon (XPE feathure Pack 2007 has this file), Winlogon,msgina.dll, Shsvcs.dll,activeds.dll,,uxtheme.dll,themeui.dll,sxs.dllc:windowswinsxsmanifests (corresponding SP3) in the folder
X86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.cat
X86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.manifest
c:windowswinsxspoliciesx86_policy.6.0.microsoft.windows.common-controls_6595b64144ccf1df_x-ww_5ddad775
folder under the
6.0.2600.5512.cat
6.0.2600.5512.Policy
C:windowswinsxsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
folder under the
Comctl32.dll
There are some Windows folder System32 under the file, study it yourself. (Find a file dependency with the Depends tool)
2, modify the document. (All SP3 files for example) use UltraEdit to open the file, Winlogon.exe find af46ffff85c07512, change the last 12 to 27, find
56e8151d000056 FF7614E8FC, modified to 56e8151d000056 e8bc91ffff (see, only modify the last five digits); Open SXS.Dll Find 530079007300740065006d005300650074007500700049006e00500072006f00670072006500 can see S.E.T.U.P.I.N.P.R.O.G.R.E.S.S's The word, change the last s to T, that is, 73 to 74.
Modify the registry of PE, under Systemsetup, systemsetupinprogress a new REG_DWORD value Systemsetupinprogrest, set to 0. Pay special attention to modifying the systemsetupinprogress in Services.exe as Systemsetupinprogrest.
The XPE hard disk version based on BartPE was also tested because XPE was able to re-enter the SAS sequence with its own pegina.dll, so the theme could not be enabled.
———————————————————————————————————————————————————
Upload a modified Minlogon, and remember to modify the registry. Yes, the most important thing is to remember to add your own theme files, which are usually under the Windowsresources folder. Passed a compressed, is with my heart such as water PE do (hhh333 is also good, but his is SP2, testing inconvenient), I upload a streamlined file Is_ file, can directly replace my heart like water inside the Winpe.is_
1, modified registry, added a number of key values, such as the DX8 game support;
2, modified to support dual-core, theoretically can be in P4 above the single core to start;
3, automatic detection of hardware, installation drive. (Must have the appropriate INF and driver files)
Today uploaded a own use of the IMG format of the kernel, according to the webmaster research to make the theme automatically open. It added the VC2005 runtime, built-in NV display driver, with the external DX9 can play the new game now.
There is a small problem, the wallpaper can not be automatically loaded because Windows only recognized BMP format pictures, JPG format to convert to BMP. Convert the wallpaper you need into BMP, and then modify the wallpaper path under Hkey_current_usercontrol paneldesktop to point to your own picture.