Originally published in:
W2Knews[tm] Electronic Newsletter
Vol. 6, #59 - Aug 6, 2001 - Issue #294
Published by sunbelt-software.com since 1996 - ISSN: 1527-3407
How Do I Modify The W2K Startup Logo?
Tired of gazing at that boring W2K-logo when booting? Here's a way
to change that to your company logo or other even more fun things.
This is also at the same time a tutorial about the W2K file protection
system. When I saw that one of our Techs had done this, I asked him
to write it up so here you go:
In order to modify the W2K startup logo you have to be aware of a
few things up front:
#1. The logo is a 16 color (not bit) bitmap that is 640 by 480 in
size. It is built into the ntoskrnl.exe.
#2. W2k file protection will *not* let you just modify this file
and place it in the system32 directory, it will be overwritten
shortly thereafter with the original.
Knowing this you'll need a tool to pull apart the ntoskrnl.exe and
replace the bitmap. I'm using a tool called "Resource Hacker".
This is available here:
It's a fairly simple program, just extract the files to a directory
and run the exe. Once it's open, do a "File/Open" and select your
ntoskrnl.exe. This is located in X:\winnt\sytem32.
You'll get 3 main folders, Bitmap is the one we want to work with.
If you are on W2k Pro, it's under the directory "1" and is called
"1033". If you run W2k Server, it's under "4" and is also called
"1033". You'll see the current boot time logo.
Now you can do "Action/Replace Bitmap". Select the bitmap you have
created to replace the old bitmap. Or, you could export the bitmap,
modify it, then import it back in. It is very important that you
do not deviate from 640x480 w/ 16 colors. Here is a nice gallery
of already created images that could be downloaded and quickly
converted to 16 color bmps:
In the Replace Bitmap browser once you have selected the new bitmap
you'll need to select the bitmap number in the bottom right that
you wish to replace. "1" for Pro and "4" for Server (or Adv Server).
Now you need to do a "File/Save As" and save the file somewhere on
your drive. Do *NOT* save it in the same directory or it will be
quickly snarfed up by Windows File Protection.
For the next step we'll need a tool that can open .CAB files as
well as create them. I used WinAce:
Now you'll need to open the latest service pack .cab file that you
have in your system. This file is located in X:\winnt\driver cache\i386
and will be called something like SP1.cab or SP2.cab. Extract the
contents of the most current one to a directory. Now take your
modified ntoskrnl.exe and drop it in that directory, it will
overwrite the existing one.
Re-compress the all the files back into a .CAB and overwrite the
original SP1.cab or SP2.cab (Back up the original first just in case).
Then drop your modified ntoskrnl.exe into X:\winnt\system32\dllcache
and X:\winnt\system32, in that order. This way Windows file protection
has nowhere to get the original ntoskrnl.exe and leaves well enough
alone. At this point, you can reboot.
You hose your system, it's not my fault... I've done it about 20 times
on different systems and haven't had a problem yet. Special thanks to
www.littlewhitedog.com and their forums for supplying much of the
information in this report.
Greg Kras MCP+I MCSE
Sunbelt Software Technical Services Manager